1/* basic.c - basic regression tests 2 * Copyright (C) 2001, 2002, 2003, 2005, 2008, 3 * 2009 Free Software Foundation, Inc. 4 * 5 * This file is part of Libgcrypt. 6 * 7 * Libgcrypt is free software; you can redistribute it and/or modify 8 * it under the terms of the GNU Lesser General Public License as 9 * published by the Free Software Foundation; either version 2.1 of 10 * the License, or (at your option) any later version. 11 * 12 * Libgcrypt is distributed in the hope that it will be useful, 13 * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 * GNU Lesser General Public License for more details. 16 * 17 * You should have received a copy of the GNU Lesser General Public 18 * License along with this program; if not, see <http://www.gnu.org/licenses/>. 19 */ 20 21#ifdef HAVE_CONFIG_H 22#include <config.h> 23#endif 24#include <stdio.h> 25#include <stdlib.h> 26#include <string.h> 27#include <stdarg.h> 28#include <assert.h> 29 30#include "../src/gcrypt.h" 31 32#ifndef DIM 33# define DIM(v) (sizeof(v)/sizeof((v)[0])) 34#endif 35 36 37typedef struct test_spec_pubkey_key 38{ 39 const char *secret; 40 const char *public; 41 const char *grip; 42} 43test_spec_pubkey_key_t; 44 45typedef struct test_spec_pubkey 46{ 47 int id; 48 int flags; 49 test_spec_pubkey_key_t key; 50} 51test_spec_pubkey_t; 52 53#define FLAG_CRYPT (1 << 0) 54#define FLAG_SIGN (1 << 1) 55#define FLAG_GRIP (1 << 2) 56 57static int verbose; 58static int error_count; 59static int in_fips_mode; 60static int die_on_error; 61 62static void 63fail (const char *format, ...) 64{ 65 va_list arg_ptr; 66 67 va_start (arg_ptr, format); 68 vfprintf (stderr, format, arg_ptr); 69 va_end (arg_ptr); 70 error_count++; 71 if (die_on_error) 72 exit (1); 73} 74 75static void 76mismatch (const void *expected, size_t expectedlen, 77 const void *computed, size_t computedlen) 78{ 79 const unsigned char *p; 80 81 fprintf (stderr, "expected:"); 82 for (p = expected; expectedlen; p++, expectedlen--) 83 fprintf (stderr, " %02x", *p); 84 fprintf (stderr, "\ncomputed:"); 85 for (p = computed; computedlen; p++, computedlen--) 86 fprintf (stderr, " %02x", *p); 87 fprintf (stderr, "\n"); 88} 89 90 91static void 92die (const char *format, ...) 93{ 94 va_list arg_ptr; 95 96 va_start (arg_ptr, format); 97 vfprintf (stderr, format, arg_ptr); 98 va_end (arg_ptr); 99 exit (1); 100} 101 102#define MAX_DATA_LEN 100 103 104void 105progress_handler (void *cb_data, const char *what, int printchar, 106 int current, int total) 107{ 108 (void)cb_data; 109 (void)what; 110 (void)current; 111 (void)total; 112 113 if (printchar == '\n') 114 fputs ( "<LF>", stdout); 115 else 116 putchar (printchar); 117 fflush (stdout); 118} 119 120static void 121check_cbc_mac_cipher (void) 122{ 123 struct tv 124 { 125 int algo; 126 char key[MAX_DATA_LEN]; 127 unsigned char plaintext[MAX_DATA_LEN]; 128 size_t plaintextlen; 129 char mac[MAX_DATA_LEN]; 130 } 131 tv[] = 132 { 133 { GCRY_CIPHER_AES, 134 "chicken teriyaki", 135 "This is a sample plaintext for CBC MAC of sixtyfour bytes.......", 136 0, "\x23\x8f\x6d\xc7\x53\x6a\x62\x97\x11\xc4\xa5\x16\x43\xea\xb0\xb6" }, 137 { GCRY_CIPHER_3DES, 138 "abcdefghABCDEFGH01234567", 139 "This is a sample plaintext for CBC MAC of sixtyfour bytes.......", 140 0, "\x5c\x11\xf0\x01\x47\xbd\x3d\x3a" }, 141 { GCRY_CIPHER_DES, 142 "abcdefgh", 143 "This is a sample plaintext for CBC MAC of sixtyfour bytes.......", 144 0, "\xfa\x4b\xdf\x9d\xfa\xab\x01\x70" } 145 }; 146 gcry_cipher_hd_t hd; 147 unsigned char out[MAX_DATA_LEN]; 148 int i, blklen, keylen; 149 gcry_error_t err = 0; 150 151 if (verbose) 152 fprintf (stderr, " Starting CBC MAC checks.\n"); 153 154 for (i = 0; i < sizeof (tv) / sizeof (tv[0]); i++) 155 { 156 if (gcry_cipher_test_algo (tv[i].algo) && in_fips_mode) 157 { 158 if (verbose) 159 fprintf (stderr, " algorithm %d not available in fips mode\n", 160 tv[i].algo); 161 continue; 162 } 163 164 err = gcry_cipher_open (&hd, 165 tv[i].algo, 166 GCRY_CIPHER_MODE_CBC, GCRY_CIPHER_CBC_MAC); 167 if (!hd) 168 { 169 fail ("cbc-mac algo %d, gcry_cipher_open failed: %s\n", 170 tv[i].algo, gpg_strerror (err)); 171 return; 172 } 173 174 blklen = gcry_cipher_get_algo_blklen(tv[i].algo); 175 if (!blklen) 176 { 177 fail ("cbc-mac algo %d, gcry_cipher_get_algo_blklen failed\n", 178 tv[i].algo); 179 gcry_cipher_close (hd); 180 return; 181 } 182 183 keylen = gcry_cipher_get_algo_keylen (tv[i].algo); 184 if (!keylen) 185 { 186 fail ("cbc-mac algo %d, gcry_cipher_get_algo_keylen failed\n", 187 tv[i].algo); 188 return; 189 } 190 191 err = gcry_cipher_setkey (hd, tv[i].key, keylen); 192 if (err) 193 { 194 fail ("cbc-mac algo %d, gcry_cipher_setkey failed: %s\n", 195 tv[i].algo, gpg_strerror (err)); 196 gcry_cipher_close (hd); 197 return; 198 } 199 200 err = gcry_cipher_setiv (hd, NULL, 0); 201 if (err) 202 { 203 fail ("cbc-mac algo %d, gcry_cipher_setiv failed: %s\n", 204 tv[i].algo, gpg_strerror (err)); 205 gcry_cipher_close (hd); 206 return; 207 } 208 209 if (verbose) 210 fprintf (stderr, " checking CBC MAC for %s [%i]\n", 211 gcry_cipher_algo_name (tv[i].algo), 212 tv[i].algo); 213 err = gcry_cipher_encrypt (hd, 214 out, blklen, 215 tv[i].plaintext, 216 tv[i].plaintextlen ? 217 tv[i].plaintextlen : 218 strlen ((char*)tv[i].plaintext)); 219 if (err) 220 { 221 fail ("cbc-mac algo %d, gcry_cipher_encrypt failed: %s\n", 222 tv[i].algo, gpg_strerror (err)); 223 gcry_cipher_close (hd); 224 return; 225 } 226 227#if 0 228 { 229 int j; 230 for (j = 0; j < gcry_cipher_get_algo_blklen (tv[i].algo); j++) 231 printf ("\\x%02x", out[j] & 0xFF); 232 printf ("\n"); 233 } 234#endif 235 236 if (memcmp (tv[i].mac, out, blklen)) 237 fail ("cbc-mac algo %d, encrypt mismatch entry %d\n", tv[i].algo, i); 238 239 gcry_cipher_close (hd); 240 } 241 if (verbose) 242 fprintf (stderr, " Completed CBC MAC checks.\n"); 243} 244 245static void 246check_aes128_cbc_cts_cipher (void) 247{ 248 char key[128 / 8] = "chicken teriyaki"; 249 unsigned char plaintext[] = 250 "I would like the General Gau's Chicken, please, and wonton soup."; 251 struct tv 252 { 253 unsigned char out[MAX_DATA_LEN]; 254 int inlen; 255 } tv[] = 256 { 257 { "\xc6\x35\x35\x68\xf2\xbf\x8c\xb4\xd8\xa5\x80\x36\x2d\xa7\xff\x7f" 258 "\x97", 259 17 }, 260 { "\xfc\x00\x78\x3e\x0e\xfd\xb2\xc1\xd4\x45\xd4\xc8\xef\xf7\xed\x22" 261 "\x97\x68\x72\x68\xd6\xec\xcc\xc0\xc0\x7b\x25\xe2\x5e\xcf\xe5", 262 31 }, 263 { "\x39\x31\x25\x23\xa7\x86\x62\xd5\xbe\x7f\xcb\xcc\x98\xeb\xf5\xa8" 264 "\x97\x68\x72\x68\xd6\xec\xcc\xc0\xc0\x7b\x25\xe2\x5e\xcf\xe5\x84", 265 32 }, 266 { "\x97\x68\x72\x68\xd6\xec\xcc\xc0\xc0\x7b\x25\xe2\x5e\xcf\xe5\x84" 267 "\xb3\xff\xfd\x94\x0c\x16\xa1\x8c\x1b\x55\x49\xd2\xf8\x38\x02\x9e" 268 "\x39\x31\x25\x23\xa7\x86\x62\xd5\xbe\x7f\xcb\xcc\x98\xeb\xf5", 269 47 }, 270 { "\x97\x68\x72\x68\xd6\xec\xcc\xc0\xc0\x7b\x25\xe2\x5e\xcf\xe5\x84" 271 "\x9d\xad\x8b\xbb\x96\xc4\xcd\xc0\x3b\xc1\x03\xe1\xa1\x94\xbb\xd8" 272 "\x39\x31\x25\x23\xa7\x86\x62\xd5\xbe\x7f\xcb\xcc\x98\xeb\xf5\xa8", 273 48 }, 274 { "\x97\x68\x72\x68\xd6\xec\xcc\xc0\xc0\x7b\x25\xe2\x5e\xcf\xe5\x84" 275 "\x39\x31\x25\x23\xa7\x86\x62\xd5\xbe\x7f\xcb\xcc\x98\xeb\xf5\xa8" 276 "\x48\x07\xef\xe8\x36\xee\x89\xa5\x26\x73\x0d\xbc\x2f\x7b\xc8\x40" 277 "\x9d\xad\x8b\xbb\x96\xc4\xcd\xc0\x3b\xc1\x03\xe1\xa1\x94\xbb\xd8", 278 64 }, 279 }; 280 gcry_cipher_hd_t hd; 281 unsigned char out[MAX_DATA_LEN]; 282 int i; 283 gcry_error_t err = 0; 284 285 if (verbose) 286 fprintf (stderr, " Starting AES128 CBC CTS checks.\n"); 287 err = gcry_cipher_open (&hd, 288 GCRY_CIPHER_AES, 289 GCRY_CIPHER_MODE_CBC, GCRY_CIPHER_CBC_CTS); 290 if (err) 291 { 292 fail ("aes-cbc-cts, gcry_cipher_open failed: %s\n", gpg_strerror (err)); 293 return; 294 } 295 296 err = gcry_cipher_setkey (hd, key, 128 / 8); 297 if (err) 298 { 299 fail ("aes-cbc-cts, gcry_cipher_setkey failed: %s\n", 300 gpg_strerror (err)); 301 gcry_cipher_close (hd); 302 return; 303 } 304 305 for (i = 0; i < sizeof (tv) / sizeof (tv[0]); i++) 306 { 307 err = gcry_cipher_setiv (hd, NULL, 0); 308 if (err) 309 { 310 fail ("aes-cbc-cts, gcry_cipher_setiv failed: %s\n", 311 gpg_strerror (err)); 312 gcry_cipher_close (hd); 313 return; 314 } 315 316 if (verbose) 317 fprintf (stderr, " checking encryption for length %i\n", tv[i].inlen); 318 err = gcry_cipher_encrypt (hd, out, MAX_DATA_LEN, 319 plaintext, tv[i].inlen); 320 if (err) 321 { 322 fail ("aes-cbc-cts, gcry_cipher_encrypt failed: %s\n", 323 gpg_strerror (err)); 324 gcry_cipher_close (hd); 325 return; 326 } 327 328 if (memcmp (tv[i].out, out, tv[i].inlen)) 329 fail ("aes-cbc-cts, encrypt mismatch entry %d\n", i); 330 331 err = gcry_cipher_setiv (hd, NULL, 0); 332 if (err) 333 { 334 fail ("aes-cbc-cts, gcry_cipher_setiv failed: %s\n", 335 gpg_strerror (err)); 336 gcry_cipher_close (hd); 337 return; 338 } 339 if (verbose) 340 fprintf (stderr, " checking decryption for length %i\n", tv[i].inlen); 341 err = gcry_cipher_decrypt (hd, out, tv[i].inlen, NULL, 0); 342 if (err) 343 { 344 fail ("aes-cbc-cts, gcry_cipher_decrypt failed: %s\n", 345 gpg_strerror (err)); 346 gcry_cipher_close (hd); 347 return; 348 } 349 350 if (memcmp (plaintext, out, tv[i].inlen)) 351 fail ("aes-cbc-cts, decrypt mismatch entry %d\n", i); 352 } 353 354 gcry_cipher_close (hd); 355 if (verbose) 356 fprintf (stderr, " Completed AES128 CBC CTS checks.\n"); 357} 358 359static void 360check_ctr_cipher (void) 361{ 362 struct tv 363 { 364 int algo; 365 char key[MAX_DATA_LEN]; 366 char ctr[MAX_DATA_LEN]; 367 struct data 368 { 369 unsigned char plaintext[MAX_DATA_LEN]; 370 int inlen; 371 char out[MAX_DATA_LEN]; 372 } data[8]; 373 } tv[] = 374 { 375 /* http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf */ 376 { GCRY_CIPHER_AES, 377 "\x2b\x7e\x15\x16\x28\xae\xd2\xa6\xab\xf7\x15\x88\x09\xcf\x4f\x3c", 378 "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff", 379 { { "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96\xe9\x3d\x7e\x11\x73\x93\x17\x2a", 380 16, 381 "\x87\x4d\x61\x91\xb6\x20\xe3\x26\x1b\xef\x68\x64\x99\x0d\xb6\xce" }, 382 { "\xae\x2d\x8a\x57\x1e\x03\xac\x9c\x9e\xb7\x6f\xac\x45\xaf\x8e\x51", 383 16, 384 "\x98\x06\xf6\x6b\x79\x70\xfd\xff\x86\x17\x18\x7b\xb9\xff\xfd\xff" }, 385 { "\x30\xc8\x1c\x46\xa3\x5c\xe4\x11\xe5\xfb\xc1\x19\x1a\x0a\x52\xef", 386 16, 387 "\x5a\xe4\xdf\x3e\xdb\xd5\xd3\x5e\x5b\x4f\x09\x02\x0d\xb0\x3e\xab" }, 388 { "\xf6\x9f\x24\x45\xdf\x4f\x9b\x17\xad\x2b\x41\x7b\xe6\x6c\x37\x10", 389 16, 390 "\x1e\x03\x1d\xda\x2f\xbe\x03\xd1\x79\x21\x70\xa0\xf3\x00\x9c\xee" }, 391 392 { "", 0, "" } 393 } 394 }, 395 { GCRY_CIPHER_AES192, 396 "\x8e\x73\xb0\xf7\xda\x0e\x64\x52\xc8\x10\xf3\x2b" 397 "\x80\x90\x79\xe5\x62\xf8\xea\xd2\x52\x2c\x6b\x7b", 398 "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff", 399 { { "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96\xe9\x3d\x7e\x11\x73\x93\x17\x2a", 400 16, 401 "\x1a\xbc\x93\x24\x17\x52\x1c\xa2\x4f\x2b\x04\x59\xfe\x7e\x6e\x0b" }, 402 { "\xae\x2d\x8a\x57\x1e\x03\xac\x9c\x9e\xb7\x6f\xac\x45\xaf\x8e\x51", 403 16, 404 "\x09\x03\x39\xec\x0a\xa6\xfa\xef\xd5\xcc\xc2\xc6\xf4\xce\x8e\x94" }, 405 { "\x30\xc8\x1c\x46\xa3\x5c\xe4\x11\xe5\xfb\xc1\x19\x1a\x0a\x52\xef", 406 16, 407 "\x1e\x36\xb2\x6b\xd1\xeb\xc6\x70\xd1\xbd\x1d\x66\x56\x20\xab\xf7" }, 408 { "\xf6\x9f\x24\x45\xdf\x4f\x9b\x17\xad\x2b\x41\x7b\xe6\x6c\x37\x10", 409 16, 410 "\x4f\x78\xa7\xf6\xd2\x98\x09\x58\x5a\x97\xda\xec\x58\xc6\xb0\x50" }, 411 { "", 0, "" } 412 } 413 }, 414 { GCRY_CIPHER_AES256, 415 "\x60\x3d\xeb\x10\x15\xca\x71\xbe\x2b\x73\xae\xf0\x85\x7d\x77\x81" 416 "\x1f\x35\x2c\x07\x3b\x61\x08\xd7\x2d\x98\x10\xa3\x09\x14\xdf\xf4", 417 "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff", 418 { { "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96\xe9\x3d\x7e\x11\x73\x93\x17\x2a", 419 16, 420 "\x60\x1e\xc3\x13\x77\x57\x89\xa5\xb7\xa7\xf5\x04\xbb\xf3\xd2\x28" }, 421 { "\xae\x2d\x8a\x57\x1e\x03\xac\x9c\x9e\xb7\x6f\xac\x45\xaf\x8e\x51", 422 16, 423 "\xf4\x43\xe3\xca\x4d\x62\xb5\x9a\xca\x84\xe9\x90\xca\xca\xf5\xc5" }, 424 { "\x30\xc8\x1c\x46\xa3\x5c\xe4\x11\xe5\xfb\xc1\x19\x1a\x0a\x52\xef", 425 16, 426 "\x2b\x09\x30\xda\xa2\x3d\xe9\x4c\xe8\x70\x17\xba\x2d\x84\x98\x8d" }, 427 { "\xf6\x9f\x24\x45\xdf\x4f\x9b\x17\xad\x2b\x41\x7b\xe6\x6c\x37\x10", 428 16, 429 "\xdf\xc9\xc5\x8d\xb6\x7a\xad\xa6\x13\xc2\xdd\x08\x45\x79\x41\xa6" }, 430 { "", 0, "" } 431 } 432 }, 433 /* Some truncation tests. With a truncated second block and 434 also with a single truncated block. */ 435 { GCRY_CIPHER_AES, 436 "\x2b\x7e\x15\x16\x28\xae\xd2\xa6\xab\xf7\x15\x88\x09\xcf\x4f\x3c", 437 "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff", 438 {{"\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96\xe9\x3d\x7e\x11\x73\x93\x17\x2a", 439 16, 440 "\x87\x4d\x61\x91\xb6\x20\xe3\x26\x1b\xef\x68\x64\x99\x0d\xb6\xce" }, 441 {"\xae\x2d\x8a\x57\x1e\x03\xac\x9c\x9e\xb7\x6f\xac\x45\xaf\x8e", 442 15, 443 "\x98\x06\xf6\x6b\x79\x70\xfd\xff\x86\x17\x18\x7b\xb9\xff\xfd" }, 444 {"", 0, "" } 445 } 446 }, 447 { GCRY_CIPHER_AES, 448 "\x2b\x7e\x15\x16\x28\xae\xd2\xa6\xab\xf7\x15\x88\x09\xcf\x4f\x3c", 449 "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff", 450 {{"\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96\xe9\x3d\x7e\x11\x73\x93\x17\x2a", 451 16, 452 "\x87\x4d\x61\x91\xb6\x20\xe3\x26\x1b\xef\x68\x64\x99\x0d\xb6\xce" }, 453 {"\xae", 454 1, 455 "\x98" }, 456 {"", 0, "" } 457 } 458 }, 459 { GCRY_CIPHER_AES, 460 "\x2b\x7e\x15\x16\x28\xae\xd2\xa6\xab\xf7\x15\x88\x09\xcf\x4f\x3c", 461 "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff", 462 {{"\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96\xe9\x3d\x7e\x11\x73\x93\x17", 463 15, 464 "\x87\x4d\x61\x91\xb6\x20\xe3\x26\x1b\xef\x68\x64\x99\x0d\xb6" }, 465 {"", 0, "" } 466 } 467 }, 468 { GCRY_CIPHER_AES, 469 "\x2b\x7e\x15\x16\x28\xae\xd2\xa6\xab\xf7\x15\x88\x09\xcf\x4f\x3c", 470 "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff", 471 {{"\x6b", 472 1, 473 "\x87" }, 474 {"", 0, "" } 475 } 476 }, 477 /* Tests to see whether it works correctly as a stream cipher. */ 478 { GCRY_CIPHER_AES, 479 "\x2b\x7e\x15\x16\x28\xae\xd2\xa6\xab\xf7\x15\x88\x09\xcf\x4f\x3c", 480 "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff", 481 {{"\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96\xe9\x3d\x7e\x11\x73\x93\x17\x2a", 482 16, 483 "\x87\x4d\x61\x91\xb6\x20\xe3\x26\x1b\xef\x68\x64\x99\x0d\xb6\xce" }, 484 {"\xae\x2d\x8a\x57\x1e\x03\xac\x9c\x9e\xb7\x6f\xac\x45\xaf\x8e", 485 15, 486 "\x98\x06\xf6\x6b\x79\x70\xfd\xff\x86\x17\x18\x7b\xb9\xff\xfd" }, 487 {"\x51\x30\xc8\x1c\x46\xa3\x5c\xe4\x11\xe5\xfb\xc1\x19\x1a\x0a\x52\xef", 488 17, 489 "\xff\x5a\xe4\xdf\x3e\xdb\xd5\xd3\x5e\x5b\x4f\x09\x02\x0d\xb0\x3e\xab" }, 490 {"\xf6\x9f\x24\x45\xdf\x4f\x9b\x17\xad\x2b\x41\x7b\xe6\x6c\x37\x10", 491 16, 492 "\x1e\x03\x1d\xda\x2f\xbe\x03\xd1\x79\x21\x70\xa0\xf3\x00\x9c\xee" }, 493 494 { "", 0, "" } 495 } 496 }, 497 { GCRY_CIPHER_AES, 498 "\x2b\x7e\x15\x16\x28\xae\xd2\xa6\xab\xf7\x15\x88\x09\xcf\x4f\x3c", 499 "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff", 500 {{"\x6b", 501 1, 502 "\x87" }, 503 {"\xc1\xbe", 504 2, 505 "\x4d\x61" }, 506 {"\xe2\x2e\x40", 507 3, 508 "\x91\xb6\x20" }, 509 {"\x9f", 510 1, 511 "\xe3" }, 512 {"\x96\xe9\x3d\x7e\x11\x73\x93\x17\x2a", 513 9, 514 "\x26\x1b\xef\x68\x64\x99\x0d\xb6\xce" }, 515 {"\xae\x2d\x8a\x57\x1e\x03\xac\x9c\x9e\xb7\x6f\xac\x45\xaf\x8e", 516 15, 517 "\x98\x06\xf6\x6b\x79\x70\xfd\xff\x86\x17\x18\x7b\xb9\xff\xfd" }, 518 {"\x51\x30\xc8\x1c\x46\xa3\x5c\xe4\x11", 519 9, 520 "\xff\x5a\xe4\xdf\x3e\xdb\xd5\xd3\x5e" }, 521 522 { "", 0, "" } 523 } 524 }, 525#if USE_CAST5 526 /* A selfmade test vector using an 64 bit block cipher. */ 527 { GCRY_CIPHER_CAST5, 528 "\x2b\x7e\x15\x16\x28\xae\xd2\xa6\xab\xf7\x15\x88\x09\xcf\x4f\x3c", 529 "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8", 530 {{"\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96\xe9\x3d\x7e\x11\x73\x93\x17\x2a", 531 16, 532 "\xe8\xa7\xac\x68\xca\xca\xa0\x20\x10\xcb\x1b\xcc\x79\x2c\xc4\x48" }, 533 {"\xae\x2d\x8a\x57\x1e\x03\xac\x9c", 534 8, 535 "\x16\xe8\x72\x77\xb0\x98\x29\x68" }, 536 {"\x9e\xb7\x6f\xac\x45\xaf\x8e\x51", 537 8, 538 "\x9a\xb3\xa8\x03\x3b\xb4\x14\xba" }, 539 {"\xae\x2d\x8a\x57\x1e\x03\xac\x9c\xa1\x00", 540 10, 541 "\x31\x5e\xd3\xfb\x1b\x8d\xd1\xf9\xb0\x83" }, 542 { "", 0, "" } 543 } 544 }, 545#endif /*USE_CAST5*/ 546 { 0, 547 "", 548 "", 549 { 550 {"", 0, "" } 551 } 552 } 553 }; 554 gcry_cipher_hd_t hde, hdd; 555 unsigned char out[MAX_DATA_LEN]; 556 int i, j, keylen, blklen; 557 gcry_error_t err = 0; 558 559 if (verbose) 560 fprintf (stderr, " Starting CTR cipher checks.\n"); 561 for (i = 0; i < sizeof (tv) / sizeof (tv[0]); i++) 562 { 563 if (!tv[i].algo) 564 continue; 565 566 err = gcry_cipher_open (&hde, tv[i].algo, GCRY_CIPHER_MODE_CTR, 0); 567 if (!err) 568 err = gcry_cipher_open (&hdd, tv[i].algo, GCRY_CIPHER_MODE_CTR, 0); 569 if (err) 570 { 571 fail ("aes-ctr, gcry_cipher_open failed: %s\n", gpg_strerror (err)); 572 return; 573 } 574 575 keylen = gcry_cipher_get_algo_keylen(tv[i].algo); 576 if (!keylen) 577 { 578 fail ("aes-ctr, gcry_cipher_get_algo_keylen failed\n"); 579 return; 580 } 581 582 err = gcry_cipher_setkey (hde, tv[i].key, keylen); 583 if (!err) 584 err = gcry_cipher_setkey (hdd, tv[i].key, keylen); 585 if (err) 586 { 587 fail ("aes-ctr, gcry_cipher_setkey failed: %s\n", 588 gpg_strerror (err)); 589 gcry_cipher_close (hde); 590 gcry_cipher_close (hdd); 591 return; 592 } 593 594 blklen = gcry_cipher_get_algo_blklen(tv[i].algo); 595 if (!blklen) 596 { 597 fail ("aes-ctr, gcry_cipher_get_algo_blklen failed\n"); 598 return; 599 } 600 601 err = gcry_cipher_setctr (hde, tv[i].ctr, blklen); 602 if (!err) 603 err = gcry_cipher_setctr (hdd, tv[i].ctr, blklen); 604 if (err) 605 { 606 fail ("aes-ctr, gcry_cipher_setctr failed: %s\n", 607 gpg_strerror (err)); 608 gcry_cipher_close (hde); 609 gcry_cipher_close (hdd); 610 return; 611 } 612 613 if (verbose) 614 fprintf (stderr, " checking CTR mode for %s [%i]\n", 615 gcry_cipher_algo_name (tv[i].algo), 616 tv[i].algo); 617 for (j = 0; tv[i].data[j].inlen; j++) 618 { 619 err = gcry_cipher_encrypt (hde, out, MAX_DATA_LEN, 620 tv[i].data[j].plaintext, 621 tv[i].data[j].inlen == -1 ? 622 strlen ((char*)tv[i].data[j].plaintext) : 623 tv[i].data[j].inlen); 624 if (err) 625 { 626 fail ("aes-ctr, gcry_cipher_encrypt (%d, %d) failed: %s\n", 627 i, j, gpg_strerror (err)); 628 gcry_cipher_close (hde); 629 gcry_cipher_close (hdd); 630 return; 631 } 632 633 if (memcmp (tv[i].data[j].out, out, tv[i].data[j].inlen)) 634 { 635 fail ("aes-ctr, encrypt mismatch entry %d:%d\n", i, j); 636 mismatch (tv[i].data[j].out, tv[i].data[j].inlen, 637 out, tv[i].data[j].inlen); 638 } 639 640 err = gcry_cipher_decrypt (hdd, out, tv[i].data[j].inlen, NULL, 0); 641 if (err) 642 { 643 fail ("aes-ctr, gcry_cipher_decrypt (%d, %d) failed: %s\n", 644 i, j, gpg_strerror (err)); 645 gcry_cipher_close (hde); 646 gcry_cipher_close (hdd); 647 return; 648 } 649 650 if (memcmp (tv[i].data[j].plaintext, out, tv[i].data[j].inlen)) 651 { 652 fail ("aes-ctr, decrypt mismatch entry %d:%d\n", i, j); 653 mismatch (tv[i].data[j].plaintext, tv[i].data[j].inlen, 654 out, tv[i].data[j].inlen); 655 } 656 657 } 658 659 /* Now check that we get valid return codes back for good and 660 bad inputs. */ 661 err = gcry_cipher_encrypt (hde, out, MAX_DATA_LEN, 662 "1234567890123456", 16); 663 if (err) 664 fail ("aes-ctr, encryption failed for valid input"); 665 666 err = gcry_cipher_encrypt (hde, out, 15, 667 "1234567890123456", 16); 668 if (gpg_err_code (err) != GPG_ERR_BUFFER_TOO_SHORT) 669 fail ("aes-ctr, too short output buffer returned wrong error: %s\n", 670 gpg_strerror (err)); 671 672 err = gcry_cipher_encrypt (hde, out, 0, 673 "1234567890123456", 16); 674 if (gpg_err_code (err) != GPG_ERR_BUFFER_TOO_SHORT) 675 fail ("aes-ctr, 0 length output buffer returned wrong error: %s\n", 676 gpg_strerror (err)); 677 678 err = gcry_cipher_encrypt (hde, out, 16, 679 "1234567890123456", 16); 680 if (err) 681 fail ("aes-ctr, correct length output buffer returned error: %s\n", 682 gpg_strerror (err)); 683 684 /* Again, now for decryption. */ 685 err = gcry_cipher_decrypt (hde, out, MAX_DATA_LEN, 686 "1234567890123456", 16); 687 if (err) 688 fail ("aes-ctr, decryption failed for valid input"); 689 690 err = gcry_cipher_decrypt (hde, out, 15, 691 "1234567890123456", 16); 692 if (gpg_err_code (err) != GPG_ERR_BUFFER_TOO_SHORT) 693 fail ("aes-ctr, too short output buffer returned wrong error: %s\n", 694 gpg_strerror (err)); 695 696 err = gcry_cipher_decrypt (hde, out, 0, 697 "1234567890123456", 16); 698 if (gpg_err_code (err) != GPG_ERR_BUFFER_TOO_SHORT) 699 fail ("aes-ctr, 0 length output buffer returned wrong error: %s\n", 700 gpg_strerror (err)); 701 702 err = gcry_cipher_decrypt (hde, out, 16, 703 "1234567890123456", 16); 704 if (err) 705 fail ("aes-ctr, correct length output buffer returned error: %s\n", 706 gpg_strerror (err)); 707 708 gcry_cipher_close (hde); 709 gcry_cipher_close (hdd); 710 } 711 if (verbose) 712 fprintf (stderr, " Completed CTR cipher checks.\n"); 713} 714 715static void 716check_cfb_cipher (void) 717{ 718 struct tv 719 { 720 int algo; 721 char key[MAX_DATA_LEN]; 722 char iv[MAX_DATA_LEN]; 723 struct data 724 { 725 unsigned char plaintext[MAX_DATA_LEN]; 726 int inlen; 727 char out[MAX_DATA_LEN]; 728 } 729 data[MAX_DATA_LEN]; 730 } tv[] = 731 { 732 /* http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf */ 733 { GCRY_CIPHER_AES, 734 "\x2b\x7e\x15\x16\x28\xae\xd2\xa6\xab\xf7\x15\x88\x09\xcf\x4f\x3c", 735 "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f", 736 { { "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96\xe9\x3d\x7e\x11\x73\x93\x17\x2a", 737 16, 738 "\x3b\x3f\xd9\x2e\xb7\x2d\xad\x20\x33\x34\x49\xf8\xe8\x3c\xfb\x4a" }, 739 { "\xae\x2d\x8a\x57\x1e\x03\xac\x9c\x9e\xb7\x6f\xac\x45\xaf\x8e\x51", 740 16, 741 "\xc8\xa6\x45\x37\xa0\xb3\xa9\x3f\xcd\xe3\xcd\xad\x9f\x1c\xe5\x8b"}, 742 { "\x30\xc8\x1c\x46\xa3\x5c\xe4\x11\xe5\xfb\xc1\x19\x1a\x0a\x52\xef", 743 16, 744 "\x26\x75\x1f\x67\xa3\xcb\xb1\x40\xb1\x80\x8c\xf1\x87\xa4\xf4\xdf" }, 745 { "\xf6\x9f\x24\x45\xdf\x4f\x9b\x17\xad\x2b\x41\x7b\xe6\x6c\x37\x10", 746 16, 747 "\xc0\x4b\x05\x35\x7c\x5d\x1c\x0e\xea\xc4\xc6\x6f\x9f\xf7\xf2\xe6" }, 748 } 749 }, 750 { GCRY_CIPHER_AES192, 751 "\x8e\x73\xb0\xf7\xda\x0e\x64\x52\xc8\x10\xf3\x2b" 752 "\x80\x90\x79\xe5\x62\xf8\xea\xd2\x52\x2c\x6b\x7b", 753 "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f", 754 { { "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96\xe9\x3d\x7e\x11\x73\x93\x17\x2a", 755 16, 756 "\xcd\xc8\x0d\x6f\xdd\xf1\x8c\xab\x34\xc2\x59\x09\xc9\x9a\x41\x74" }, 757 { "\xae\x2d\x8a\x57\x1e\x03\xac\x9c\x9e\xb7\x6f\xac\x45\xaf\x8e\x51", 758 16, 759 "\x67\xce\x7f\x7f\x81\x17\x36\x21\x96\x1a\x2b\x70\x17\x1d\x3d\x7a" }, 760 { "\x30\xc8\x1c\x46\xa3\x5c\xe4\x11\xe5\xfb\xc1\x19\x1a\x0a\x52\xef", 761 16, 762 "\x2e\x1e\x8a\x1d\xd5\x9b\x88\xb1\xc8\xe6\x0f\xed\x1e\xfa\xc4\xc9" }, 763 { "\xf6\x9f\x24\x45\xdf\x4f\x9b\x17\xad\x2b\x41\x7b\xe6\x6c\x37\x10", 764 16, 765 "\xc0\x5f\x9f\x9c\xa9\x83\x4f\xa0\x42\xae\x8f\xba\x58\x4b\x09\xff" }, 766 } 767 }, 768 { GCRY_CIPHER_AES256, 769 "\x60\x3d\xeb\x10\x15\xca\x71\xbe\x2b\x73\xae\xf0\x85\x7d\x77\x81" 770 "\x1f\x35\x2c\x07\x3b\x61\x08\xd7\x2d\x98\x10\xa3\x09\x14\xdf\xf4", 771 "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f", 772 { { "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96\xe9\x3d\x7e\x11\x73\x93\x17\x2a", 773 16, 774 "\xdc\x7e\x84\xbf\xda\x79\x16\x4b\x7e\xcd\x84\x86\x98\x5d\x38\x60" }, 775 { "\xae\x2d\x8a\x57\x1e\x03\xac\x9c\x9e\xb7\x6f\xac\x45\xaf\x8e\x51", 776 16, 777 "\x39\xff\xed\x14\x3b\x28\xb1\xc8\x32\x11\x3c\x63\x31\xe5\x40\x7b" }, 778 { "\x30\xc8\x1c\x46\xa3\x5c\xe4\x11\xe5\xfb\xc1\x19\x1a\x0a\x52\xef", 779 16, 780 "\xdf\x10\x13\x24\x15\xe5\x4b\x92\xa1\x3e\xd0\xa8\x26\x7a\xe2\xf9" }, 781 { "\xf6\x9f\x24\x45\xdf\x4f\x9b\x17\xad\x2b\x41\x7b\xe6\x6c\x37\x10", 782 16, 783 "\x75\xa3\x85\x74\x1a\xb9\xce\xf8\x20\x31\x62\x3d\x55\xb1\xe4\x71" } 784 } 785 } 786 }; 787 gcry_cipher_hd_t hde, hdd; 788 unsigned char out[MAX_DATA_LEN]; 789 int i, j, keylen, blklen; 790 gcry_error_t err = 0; 791 792 if (verbose) 793 fprintf (stderr, " Starting CFB checks.\n"); 794 795 for (i = 0; i < sizeof (tv) / sizeof (tv[0]); i++) 796 { 797 if (verbose) 798 fprintf (stderr, " checking CFB mode for %s [%i]\n", 799 gcry_cipher_algo_name (tv[i].algo), 800 tv[i].algo); 801 err = gcry_cipher_open (&hde, tv[i].algo, GCRY_CIPHER_MODE_CFB, 0); 802 if (!err) 803 err = gcry_cipher_open (&hdd, tv[i].algo, GCRY_CIPHER_MODE_CFB, 0); 804 if (err) 805 { 806 fail ("aes-cfb, gcry_cipher_open failed: %s\n", gpg_strerror (err)); 807 return; 808 } 809 810 keylen = gcry_cipher_get_algo_keylen(tv[i].algo); 811 if (!keylen) 812 { 813 fail ("aes-cfb, gcry_cipher_get_algo_keylen failed\n"); 814 return; 815 } 816 817 err = gcry_cipher_setkey (hde, tv[i].key, keylen); 818 if (!err) 819 err = gcry_cipher_setkey (hdd, tv[i].key, keylen); 820 if (err) 821 { 822 fail ("aes-cfb, gcry_cipher_setkey failed: %s\n", 823 gpg_strerror (err)); 824 gcry_cipher_close (hde); 825 gcry_cipher_close (hdd); 826 return; 827 } 828 829 blklen = gcry_cipher_get_algo_blklen(tv[i].algo); 830 if (!blklen) 831 { 832 fail ("aes-cfb, gcry_cipher_get_algo_blklen failed\n"); 833 return; 834 } 835 836 err = gcry_cipher_setiv (hde, tv[i].iv, blklen); 837 if (!err) 838 err = gcry_cipher_setiv (hdd, tv[i].iv, blklen); 839 if (err) 840 { 841 fail ("aes-cfb, gcry_cipher_setiv failed: %s\n", 842 gpg_strerror (err)); 843 gcry_cipher_close (hde); 844 gcry_cipher_close (hdd); 845 return; 846 } 847 848 for (j = 0; tv[i].data[j].inlen; j++) 849 { 850 err = gcry_cipher_encrypt (hde, out, MAX_DATA_LEN, 851 tv[i].data[j].plaintext, 852 tv[i].data[j].inlen); 853 if (err) 854 { 855 fail ("aes-cfb, gcry_cipher_encrypt (%d, %d) failed: %s\n", 856 i, j, gpg_strerror (err)); 857 gcry_cipher_close (hde); 858 gcry_cipher_close (hdd); 859 return; 860 } 861 862 if (memcmp (tv[i].data[j].out, out, tv[i].data[j].inlen)) { 863 fail ("aes-cfb, encrypt mismatch entry %d:%d\n", i, j); 864 } 865 err = gcry_cipher_decrypt (hdd, out, tv[i].data[j].inlen, NULL, 0); 866 if (err) 867 { 868 fail ("aes-cfb, gcry_cipher_decrypt (%d, %d) failed: %s\n", 869 i, j, gpg_strerror (err)); 870 gcry_cipher_close (hde); 871 gcry_cipher_close (hdd); 872 return; 873 } 874 875 if (memcmp (tv[i].data[j].plaintext, out, tv[i].data[j].inlen)) 876 fail ("aes-cfb, decrypt mismatch entry %d:%d\n", i, j); 877 } 878 879 gcry_cipher_close (hde); 880 gcry_cipher_close (hdd); 881 } 882 if (verbose) 883 fprintf (stderr, " Completed CFB checks.\n"); 884} 885 886static void 887check_ofb_cipher (void) 888{ 889 struct tv 890 { 891 int algo; 892 char key[MAX_DATA_LEN]; 893 char iv[MAX_DATA_LEN]; 894 struct data 895 { 896 unsigned char plaintext[MAX_DATA_LEN]; 897 int inlen; 898 char out[MAX_DATA_LEN]; 899 } 900 data[MAX_DATA_LEN]; 901 } tv[] = 902 { 903 /* http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf */ 904 { GCRY_CIPHER_AES, 905 "\x2b\x7e\x15\x16\x28\xae\xd2\xa6\xab\xf7\x15\x88\x09\xcf\x4f\x3c", 906 "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f", 907 { { "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96\xe9\x3d\x7e\x11\x73\x93\x17\x2a", 908 16, 909 "\x3b\x3f\xd9\x2e\xb7\x2d\xad\x20\x33\x34\x49\xf8\xe8\x3c\xfb\x4a" }, 910 { "\xae\x2d\x8a\x57\x1e\x03\xac\x9c\x9e\xb7\x6f\xac\x45\xaf\x8e\x51", 911 16, 912 "\x77\x89\x50\x8d\x16\x91\x8f\x03\xf5\x3c\x52\xda\xc5\x4e\xd8\x25"}, 913 { "\x30\xc8\x1c\x46\xa3\x5c\xe4\x11\xe5\xfb\xc1\x19\x1a\x0a\x52\xef", 914 16, 915 "\x97\x40\x05\x1e\x9c\x5f\xec\xf6\x43\x44\xf7\xa8\x22\x60\xed\xcc" }, 916 { "\xf6\x9f\x24\x45\xdf\x4f\x9b\x17\xad\x2b\x41\x7b\xe6\x6c\x37\x10", 917 16, 918 "\x30\x4c\x65\x28\xf6\x59\xc7\x78\x66\xa5\x10\xd9\xc1\xd6\xae\x5e" }, 919 } 920 }, 921 { GCRY_CIPHER_AES192, 922 "\x8e\x73\xb0\xf7\xda\x0e\x64\x52\xc8\x10\xf3\x2b" 923 "\x80\x90\x79\xe5\x62\xf8\xea\xd2\x52\x2c\x6b\x7b", 924 "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f", 925 { { "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96\xe9\x3d\x7e\x11\x73\x93\x17\x2a", 926 16, 927 "\xcd\xc8\x0d\x6f\xdd\xf1\x8c\xab\x34\xc2\x59\x09\xc9\x9a\x41\x74" }, 928 { "\xae\x2d\x8a\x57\x1e\x03\xac\x9c\x9e\xb7\x6f\xac\x45\xaf\x8e\x51", 929 16, 930 "\xfc\xc2\x8b\x8d\x4c\x63\x83\x7c\x09\xe8\x17\x00\xc1\x10\x04\x01" }, 931 { "\x30\xc8\x1c\x46\xa3\x5c\xe4\x11\xe5\xfb\xc1\x19\x1a\x0a\x52\xef", 932 16, 933 "\x8d\x9a\x9a\xea\xc0\xf6\x59\x6f\x55\x9c\x6d\x4d\xaf\x59\xa5\xf2" }, 934 { "\xf6\x9f\x24\x45\xdf\x4f\x9b\x17\xad\x2b\x41\x7b\xe6\x6c\x37\x10", 935 16, 936 "\x6d\x9f\x20\x08\x57\xca\x6c\x3e\x9c\xac\x52\x4b\xd9\xac\xc9\x2a" }, 937 } 938 }, 939 { GCRY_CIPHER_AES256, 940 "\x60\x3d\xeb\x10\x15\xca\x71\xbe\x2b\x73\xae\xf0\x85\x7d\x77\x81" 941 "\x1f\x35\x2c\x07\x3b\x61\x08\xd7\x2d\x98\x10\xa3\x09\x14\xdf\xf4", 942 "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f", 943 { { "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96\xe9\x3d\x7e\x11\x73\x93\x17\x2a", 944 16, 945 "\xdc\x7e\x84\xbf\xda\x79\x16\x4b\x7e\xcd\x84\x86\x98\x5d\x38\x60" }, 946 { "\xae\x2d\x8a\x57\x1e\x03\xac\x9c\x9e\xb7\x6f\xac\x45\xaf\x8e\x51", 947 16, 948 "\x4f\xeb\xdc\x67\x40\xd2\x0b\x3a\xc8\x8f\x6a\xd8\x2a\x4f\xb0\x8d" }, 949 { "\x30\xc8\x1c\x46\xa3\x5c\xe4\x11\xe5\xfb\xc1\x19\x1a\x0a\x52\xef", 950 16, 951 "\x71\xab\x47\xa0\x86\xe8\x6e\xed\xf3\x9d\x1c\x5b\xba\x97\xc4\x08" }, 952 { "\xf6\x9f\x24\x45\xdf\x4f\x9b\x17\xad\x2b\x41\x7b\xe6\x6c\x37\x10", 953 16, 954 "\x01\x26\x14\x1d\x67\xf3\x7b\xe8\x53\x8f\x5a\x8b\xe7\x40\xe4\x84" } 955 } 956 } 957 }; 958 gcry_cipher_hd_t hde, hdd; 959 unsigned char out[MAX_DATA_LEN]; 960 int i, j, keylen, blklen; 961 gcry_error_t err = 0; 962 963 if (verbose) 964 fprintf (stderr, " Starting OFB checks.\n"); 965 966 for (i = 0; i < sizeof (tv) / sizeof (tv[0]); i++) 967 { 968 if (verbose) 969 fprintf (stderr, " checking OFB mode for %s [%i]\n", 970 gcry_cipher_algo_name (tv[i].algo), 971 tv[i].algo); 972 err = gcry_cipher_open (&hde, tv[i].algo, GCRY_CIPHER_MODE_OFB, 0); 973 if (!err) 974 err = gcry_cipher_open (&hdd, tv[i].algo, GCRY_CIPHER_MODE_OFB, 0); 975 if (err) 976 { 977 fail ("aes-ofb, gcry_cipher_open failed: %s\n", gpg_strerror (err)); 978 return; 979 } 980 981 keylen = gcry_cipher_get_algo_keylen(tv[i].algo); 982 if (!keylen) 983 { 984 fail ("aes-ofb, gcry_cipher_get_algo_keylen failed\n"); 985 return; 986 } 987 988 err = gcry_cipher_setkey (hde, tv[i].key, keylen); 989 if (!err) 990 err = gcry_cipher_setkey (hdd, tv[i].key, keylen); 991 if (err) 992 { 993 fail ("aes-ofb, gcry_cipher_setkey failed: %s\n", 994 gpg_strerror (err)); 995 gcry_cipher_close (hde); 996 gcry_cipher_close (hdd); 997 return; 998 } 999 1000 blklen = gcry_cipher_get_algo_blklen(tv[i].algo); 1001 if (!blklen) 1002 { 1003 fail ("aes-ofb, gcry_cipher_get_algo_blklen failed\n"); 1004 return; 1005 } 1006 1007 err = gcry_cipher_setiv (hde, tv[i].iv, blklen); 1008 if (!err) 1009 err = gcry_cipher_setiv (hdd, tv[i].iv, blklen); 1010 if (err) 1011 { 1012 fail ("aes-ofb, gcry_cipher_setiv failed: %s\n", 1013 gpg_strerror (err)); 1014 gcry_cipher_close (hde); 1015 gcry_cipher_close (hdd); 1016 return; 1017 } 1018 1019 for (j = 0; tv[i].data[j].inlen; j++) 1020 { 1021 err = gcry_cipher_encrypt (hde, out, MAX_DATA_LEN, 1022 tv[i].data[j].plaintext, 1023 tv[i].data[j].inlen); 1024 if (err) 1025 { 1026 fail ("aes-ofb, gcry_cipher_encrypt (%d, %d) failed: %s\n", 1027 i, j, gpg_strerror (err)); 1028 gcry_cipher_close (hde); 1029 gcry_cipher_close (hdd); 1030 return; 1031 } 1032 1033 if (memcmp (tv[i].data[j].out, out, tv[i].data[j].inlen)) 1034 fail ("aes-ofb, encrypt mismatch entry %d:%d\n", i, j); 1035 1036 err = gcry_cipher_decrypt (hdd, out, tv[i].data[j].inlen, NULL, 0); 1037 if (err) 1038 { 1039 fail ("aes-ofb, gcry_cipher_decrypt (%d, %d) failed: %s\n", 1040 i, j, gpg_strerror (err)); 1041 gcry_cipher_close (hde); 1042 gcry_cipher_close (hdd); 1043 return; 1044 } 1045 1046 if (memcmp (tv[i].data[j].plaintext, out, tv[i].data[j].inlen)) 1047 fail ("aes-ofb, decrypt mismatch entry %d:%d\n", i, j); 1048 } 1049 1050 err = gcry_cipher_reset(hde); 1051 if (!err) 1052 err = gcry_cipher_reset(hdd); 1053 if (err) 1054 { 1055 fail ("aes-ofb, gcry_cipher_reset (%d, %d) failed: %s\n", 1056 i, j, gpg_strerror (err)); 1057 gcry_cipher_close (hde); 1058 gcry_cipher_close (hdd); 1059 return; 1060 } 1061 1062 /* gcry_cipher_reset clears the IV */ 1063 err = gcry_cipher_setiv (hde, tv[i].iv, blklen); 1064 if (!err) 1065 err = gcry_cipher_setiv (hdd, tv[i].iv, blklen); 1066 if (err) 1067 { 1068 fail ("aes-ofb, gcry_cipher_setiv failed: %s\n", 1069 gpg_strerror (err)); 1070 gcry_cipher_close (hde); 1071 gcry_cipher_close (hdd); 1072 return; 1073 } 1074 1075 /* this time we encrypt and decrypt one byte at a time */ 1076 for (j = 0; tv[i].data[j].inlen; j++) 1077 { 1078 int byteNum; 1079 for (byteNum = 0; byteNum < tv[i].data[j].inlen; ++byteNum) 1080 { 1081 err = gcry_cipher_encrypt (hde, out+byteNum, 1, 1082 (tv[i].data[j].plaintext) + byteNum, 1083 1); 1084 if (err) 1085 { 1086 fail ("aes-ofb, gcry_cipher_encrypt (%d, %d) failed: %s\n", 1087 i, j, gpg_strerror (err)); 1088 gcry_cipher_close (hde); 1089 gcry_cipher_close (hdd); 1090 return; 1091 } 1092 } 1093 1094 if (memcmp (tv[i].data[j].out, out, tv[i].data[j].inlen)) 1095 fail ("aes-ofb, encrypt mismatch entry %d:%d\n", i, j); 1096 1097 for (byteNum = 0; byteNum < tv[i].data[j].inlen; ++byteNum) 1098 { 1099 err = gcry_cipher_decrypt (hdd, out+byteNum, 1, NULL, 0); 1100 if (err) 1101 { 1102 fail ("aes-ofb, gcry_cipher_decrypt (%d, %d) failed: %s\n", 1103 i, j, gpg_strerror (err)); 1104 gcry_cipher_close (hde); 1105 gcry_cipher_close (hdd); 1106 return; 1107 } 1108 } 1109 1110 if (memcmp (tv[i].data[j].plaintext, out, tv[i].data[j].inlen)) 1111 fail ("aes-ofb, decrypt mismatch entry %d:%d\n", i, j); 1112 } 1113 1114 gcry_cipher_close (hde); 1115 gcry_cipher_close (hdd); 1116 } 1117 if (verbose) 1118 fprintf (stderr, " Completed OFB checks.\n"); 1119} 1120 1121 1122/* Check that our bulk encryption fucntions work properly. */ 1123static void 1124check_bulk_cipher_modes (void) 1125{ 1126 struct 1127 { 1128 int algo; 1129 int mode; 1130 const char *key; 1131 int keylen; 1132 const char *iv; 1133 int ivlen; 1134 char t1_hash[20]; 1135 } tv[] = { 1136 { GCRY_CIPHER_AES, GCRY_CIPHER_MODE_CFB, 1137 "abcdefghijklmnop", 16, 1138 "1234567890123456", 16, 1139/*[0]*/ 1140 { 0x53, 0xda, 0x27, 0x3c, 0x78, 0x3d, 0x54, 0x66, 0x19, 0x63, 1141 0xd7, 0xe6, 0x20, 0x10, 0xcd, 0xc0, 0x5a, 0x0b, 0x06, 0xcc } 1142 }, 1143 { GCRY_CIPHER_AES192, GCRY_CIPHER_MODE_CFB, 1144 "abcdefghijklmnopABCDEFG", 24, 1145 "1234567890123456", 16, 1146/*[1]*/ 1147 { 0xc7, 0xb1, 0xd0, 0x09, 0x95, 0x04, 0x34, 0x61, 0x2b, 0xd9, 1148 0xcb, 0xb3, 0xc7, 0xcb, 0xef, 0xea, 0x16, 0x19, 0x9b, 0x3e } 1149 }, 1150 { GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CFB, 1151 "abcdefghijklmnopABCDEFGHIJKLMNOP", 32, 1152 "1234567890123456", 16, 1153/*[2]*/ 1154 { 0x31, 0xe1, 0x1f, 0x63, 0x65, 0x47, 0x8c, 0x3f, 0x53, 0xdb, 1155 0xd9, 0x4d, 0x91, 0x1d, 0x02, 0x9c, 0x05, 0x25, 0x58, 0x29 } 1156 }, 1157 { GCRY_CIPHER_AES, GCRY_CIPHER_MODE_CBC, 1158 "abcdefghijklmnop", 16, 1159 "1234567890123456", 16, 1160/*[3]*/ 1161 { 0xdc, 0x0c, 0xc2, 0xd9, 0x6b, 0x47, 0xf9, 0xeb, 0x06, 0xb4, 1162 0x2f, 0x6e, 0xec, 0x72, 0xbf, 0x55, 0x26, 0x7f, 0xa9, 0x97 } 1163 }, 1164 { GCRY_CIPHER_AES192, GCRY_CIPHER_MODE_CBC, 1165 "abcdefghijklmnopABCDEFG", 24, 1166 "1234567890123456", 16, 1167/*[4]*/ 1168 { 0x2b, 0x90, 0x9b, 0xe6, 0x40, 0xab, 0x6e, 0xc2, 0xc5, 0xb1, 1169 0x87, 0xf5, 0x43, 0x84, 0x7b, 0x04, 0x06, 0x47, 0xd1, 0x8f } 1170 }, 1171 { GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CBC, 1172 "abcdefghijklmnopABCDEFGHIJKLMNOP", 32, 1173 "1234567890123456", 16, 1174/*[5]*/ 1175 { 0xaa, 0xa8, 0xdf, 0x03, 0xb0, 0xba, 0xc4, 0xe3, 0xc1, 0x02, 1176 0x38, 0x31, 0x8d, 0x86, 0xcb, 0x49, 0x6d, 0xad, 0xae, 0x01 } 1177 }, 1178 { GCRY_CIPHER_AES, GCRY_CIPHER_MODE_OFB, 1179 "abcdefghijklmnop", 16, 1180 "1234567890123456", 16, 1181/*[6]*/ 1182 { 0x65, 0xfe, 0xde, 0x48, 0xd0, 0xa1, 0xa6, 0xf9, 0x24, 0x6b, 1183 0x52, 0x5f, 0x21, 0x8a, 0x6f, 0xc7, 0x70, 0x3b, 0xd8, 0x4a } 1184 }, 1185 { GCRY_CIPHER_AES192, GCRY_CIPHER_MODE_OFB, 1186 "abcdefghijklmnopABCDEFG", 24, 1187 "1234567890123456", 16, 1188/*[7]*/ 1189 { 0x59, 0x5b, 0x02, 0xa2, 0x88, 0xc0, 0xbe, 0x94, 0x43, 0xaa, 1190 0x39, 0xf6, 0xbd, 0xcc, 0x83, 0x99, 0xee, 0x00, 0xa1, 0x91 } 1191 }, 1192 { GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_OFB, 1193 "abcdefghijklmnopABCDEFGHIJKLMNOP", 32, 1194 "1234567890123456", 16, 1195/*[8]*/ 1196 { 0x38, 0x8c, 0xe1, 0xe2, 0xbe, 0x67, 0x60, 0xe8, 0xeb, 0xce, 1197 0xd0, 0xc6, 0xaa, 0xd6, 0xf6, 0x26, 0x15, 0x56, 0xd0, 0x2b } 1198 }, 1199 { GCRY_CIPHER_AES, GCRY_CIPHER_MODE_CTR, 1200 "abcdefghijklmnop", 16, 1201 "1234567890123456", 16, 1202/*[9]*/ 1203 { 0x9a, 0x48, 0x94, 0xd6, 0x50, 0x46, 0x81, 0xdb, 0x68, 0x34, 1204 0x3b, 0xc5, 0x9e, 0x66, 0x94, 0x81, 0x98, 0xa0, 0xf9, 0xff } 1205 }, 1206 { GCRY_CIPHER_AES192, GCRY_CIPHER_MODE_CTR, 1207 "abcdefghijklmnopABCDEFG", 24, 1208 "1234567890123456", 16, 1209/*[10]*/ 1210 { 0x2c, 0x2c, 0xd3, 0x75, 0x81, 0x2a, 0x59, 0x07, 0xeb, 0x08, 1211 0xce, 0x28, 0x4c, 0x0c, 0x6a, 0xa8, 0x8f, 0xa3, 0x98, 0x7e } 1212 }, 1213 { GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CTR, 1214 "abcdefghijklmnopABCDEFGHIJKLMNOP", 32, 1215 "1234567890123456", 16, 1216/*[11]*/ 1217 { 0x64, 0xce, 0x73, 0x03, 0xc7, 0x89, 0x99, 0x1f, 0xf1, 0xce, 1218 0xfe, 0xfb, 0xb9, 0x42, 0x30, 0xdf, 0xbb, 0x68, 0x6f, 0xd3 } 1219 }, 1220 { GCRY_CIPHER_AES, GCRY_CIPHER_MODE_ECB, 1221 "abcdefghijklmnop", 16, 1222 "1234567890123456", 16, 1223/*[12]*/ 1224 { 0x51, 0xae, 0xf5, 0xac, 0x22, 0xa0, 0xba, 0x11, 0xc5, 0xaa, 1225 0xb4, 0x70, 0x99, 0xce, 0x18, 0x08, 0x12, 0x9b, 0xb1, 0xc5 } 1226 }, 1227 { GCRY_CIPHER_AES192, GCRY_CIPHER_MODE_ECB, 1228 "abcdefghijklmnopABCDEFG", 24, 1229 "1234567890123456", 16, 1230/*[13]*/ 1231 { 0x57, 0x91, 0xea, 0x48, 0xd8, 0xbf, 0x9e, 0xc1, 0xae, 0x33, 1232 0xb3, 0xfd, 0xf7, 0x7a, 0xeb, 0x30, 0xb1, 0x62, 0x0d, 0x82 } 1233 }, 1234 { GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_ECB, 1235 "abcdefghijklmnopABCDEFGHIJKLMNOP", 32, 1236 "1234567890123456", 16, 1237/*[14]*/ 1238 { 0x2d, 0x71, 0x54, 0xb9, 0xc5, 0x28, 0x76, 0xff, 0x76, 0xb5, 1239 0x99, 0x37, 0x99, 0x9d, 0xf7, 0x10, 0x6d, 0x86, 0x4f, 0x3f } 1240 } 1241 }; 1242 gcry_cipher_hd_t hde = NULL; 1243 gcry_cipher_hd_t hdd = NULL; 1244 unsigned char *buffer_base, *outbuf_base; /* Allocated buffers. */ 1245 unsigned char *buffer, *outbuf; /* Aligned buffers. */ 1246 size_t buflen; 1247 unsigned char hash[20]; 1248 int i, j, keylen, blklen; 1249 gcry_error_t err = 0; 1250 1251 if (verbose) 1252 fprintf (stderr, "Starting bulk cipher checks.\n"); 1253 1254 buflen = 16*100; /* We check a 1600 byte buffer. */ 1255 buffer_base = gcry_xmalloc (buflen+15); 1256 buffer = buffer_base + (16 - ((size_t)buffer_base & 0x0f)); 1257 outbuf_base = gcry_xmalloc (buflen+15); 1258 outbuf = outbuf_base + (16 - ((size_t)outbuf_base & 0x0f)); 1259 1260 1261 for (i = 0; i < DIM (tv); i++) 1262 { 1263 if (verbose) 1264 fprintf (stderr, " checking bulk encryption for %s [%i], mode %d\n", 1265 gcry_cipher_algo_name (tv[i].algo), 1266 tv[i].algo, tv[i].mode); 1267 err = gcry_cipher_open (&hde, tv[i].algo, tv[i].mode, 0); 1268 if (!err) 1269 err = gcry_cipher_open (&hdd, tv[i].algo, tv[i].mode, 0); 1270 if (err) 1271 { 1272 fail ("gcry_cipher_open failed: %s\n", gpg_strerror (err)); 1273 goto leave; 1274 } 1275 1276 keylen = gcry_cipher_get_algo_keylen(tv[i].algo); 1277 if (!keylen) 1278 { 1279 fail ("gcry_cipher_get_algo_keylen failed\n"); 1280 goto leave; 1281 } 1282 1283 err = gcry_cipher_setkey (hde, tv[i].key, tv[i].keylen); 1284 if (!err) 1285 err = gcry_cipher_setkey (hdd, tv[i].key, tv[i].keylen); 1286 if (err) 1287 { 1288 fail ("gcry_cipher_setkey failed: %s\n", gpg_strerror (err)); 1289 goto leave; 1290 } 1291 1292 blklen = gcry_cipher_get_algo_blklen(tv[i].algo); 1293 if (!blklen) 1294 { 1295 fail ("gcry_cipher_get_algo_blklen failed\n"); 1296 goto leave; 1297 } 1298 1299 err = gcry_cipher_setiv (hde, tv[i].iv, tv[i].ivlen); 1300 if (!err) 1301 err = gcry_cipher_setiv (hdd, tv[i].iv, tv[i].ivlen); 1302 if (err) 1303 { 1304 fail ("gcry_cipher_setiv failed: %s\n", gpg_strerror (err)); 1305 goto leave; 1306 } 1307 1308 /* Fill the buffer with our test pattern. */ 1309 for (j=0; j < buflen; j++) 1310 buffer[j] = ((j & 0xff) ^ ((j >> 8) & 0xff)); 1311 1312 err = gcry_cipher_encrypt (hde, outbuf, buflen, buffer, buflen); 1313 if (err) 1314 { 1315 fail ("gcry_cipher_encrypt (algo %d, mode %d) failed: %s\n", 1316 tv[i].algo, tv[i].mode, gpg_strerror (err)); 1317 goto leave; 1318 } 1319 1320 gcry_md_hash_buffer (GCRY_MD_SHA1, hash, outbuf, buflen); 1321#if 0 1322 printf ("/*[%d]*/\n", i); 1323 fputs (" {", stdout); 1324 for (j=0; j < 20; j++) 1325 printf (" 0x%02x%c%s", hash[j], j==19? ' ':',', j == 9? "\n ":""); 1326 puts ("}"); 1327#endif 1328 1329 if (memcmp (hash, tv[i].t1_hash, 20)) 1330 fail ("encrypt mismatch (algo %d, mode %d)\n", 1331 tv[i].algo, tv[i].mode); 1332 1333 err = gcry_cipher_decrypt (hdd, outbuf, buflen, NULL, 0); 1334 if (err) 1335 { 1336 fail ("gcry_cipher_decrypt (algo %d, mode %d) failed: %s\n", 1337 tv[i].algo, tv[i].mode, gpg_strerror (err)); 1338 goto leave; 1339 } 1340 1341 if (memcmp (buffer, outbuf, buflen)) 1342 fail ("decrypt mismatch (algo %d, mode %d)\n", 1343 tv[i].algo, tv[i].mode); 1344 1345 gcry_cipher_close (hde); hde = NULL; 1346 gcry_cipher_close (hdd); hdd = NULL; 1347 } 1348 1349 if (verbose) 1350 fprintf (stderr, "Completed bulk cipher checks.\n"); 1351 leave: 1352 gcry_cipher_close (hde); 1353 gcry_cipher_close (hdd); 1354 gcry_free (buffer_base); 1355 gcry_free (outbuf_base); 1356} 1357 1358 1359/* The core of the cipher check. In addition to the parameters passed 1360 to check_one_cipher it also receives the KEY and the plain data. 1361 PASS is printed with error messages. The function returns 0 on 1362 success. */ 1363static int 1364check_one_cipher_core (int algo, int mode, int flags, 1365 const char *key, size_t nkey, 1366 const unsigned char *plain, size_t nplain, 1367 int bufshift, int pass) 1368{ 1369 gcry_cipher_hd_t hd; 1370 unsigned char in_buffer[17], out_buffer[17]; 1371 unsigned char *in, *out; 1372 int keylen; 1373 gcry_error_t err = 0; 1374 1375 assert (nkey == 32); 1376 assert (nplain == 16); 1377 1378 if (!bufshift) 1379 { 1380 in = in_buffer; 1381 out = out_buffer; 1382 } 1383 else if (bufshift == 1) 1384 { 1385 in = in_buffer+1; 1386 out = out_buffer; 1387 } 1388 else if (bufshift == 2) 1389 { 1390 in = in_buffer+1; 1391 out = out_buffer+1; 1392 } 1393 else 1394 { 1395 in = in_buffer; 1396 out = out_buffer+1; 1397 } 1398 1399 keylen = gcry_cipher_get_algo_keylen (algo); 1400 if (!keylen) 1401 { 1402 fail ("pass %d, algo %d, mode %d, gcry_cipher_get_algo_keylen failed\n", 1403 pass, algo, mode); 1404 return -1; 1405 } 1406 1407 if (keylen < 40 / 8 || keylen > 32) 1408 { 1409 fail ("pass %d, algo %d, mode %d, keylength problem (%d)\n", pass, algo, mode, keylen); 1410 return -1; 1411 } 1412 1413 err = gcry_cipher_open (&hd, algo, mode, flags); 1414 if (err) 1415 { 1416 fail ("pass %d, algo %d, mode %d, gcry_cipher_open failed: %s\n", 1417 pass, algo, mode, gpg_strerror (err)); 1418 return -1; 1419 } 1420 1421 err = gcry_cipher_setkey (hd, key, keylen); 1422 if (err) 1423 { 1424 fail ("pass %d, algo %d, mode %d, gcry_cipher_setkey failed: %s\n", 1425 pass, algo, mode, gpg_strerror (err)); 1426 gcry_cipher_close (hd); 1427 return -1; 1428 } 1429 1430 err = gcry_cipher_encrypt (hd, out, 16, plain, 16); 1431 if (err) 1432 { 1433 fail ("pass %d, algo %d, mode %d, gcry_cipher_encrypt failed: %s\n", 1434 pass, algo, mode, gpg_strerror (err)); 1435 gcry_cipher_close (hd); 1436 return -1; 1437 } 1438 1439 gcry_cipher_reset (hd); 1440 1441 err = gcry_cipher_decrypt (hd, in, 16, out, 16); 1442 if (err) 1443 { 1444 fail ("pass %d, algo %d, mode %d, gcry_cipher_decrypt failed: %s\n", 1445 pass, algo, mode, gpg_strerror (err)); 1446 gcry_cipher_close (hd); 1447 return -1; 1448 } 1449 1450 if (memcmp (plain, in, 16)) 1451 fail ("pass %d, algo %d, mode %d, encrypt-decrypt mismatch\n", 1452 pass, algo, mode); 1453 1454 /* Again, using in-place encryption. */ 1455 gcry_cipher_reset (hd); 1456 1457 memcpy (out, plain, 16); 1458 err = gcry_cipher_encrypt (hd, out, 16, NULL, 0); 1459 if (err) 1460 { 1461 fail ("pass %d, algo %d, mode %d, in-place, gcry_cipher_encrypt failed:" 1462 " %s\n", 1463 pass, algo, mode, gpg_strerror (err)); 1464 gcry_cipher_close (hd); 1465 return -1; 1466 } 1467 1468 gcry_cipher_reset (hd); 1469 1470 err = gcry_cipher_decrypt (hd, out, 16, NULL, 0); 1471 if (err) 1472 { 1473 fail ("pass %d, algo %d, mode %d, in-place, gcry_cipher_decrypt failed:" 1474 " %s\n", 1475 pass, algo, mode, gpg_strerror (err)); 1476 gcry_cipher_close (hd); 1477 return -1; 1478 } 1479 1480 if (memcmp (plain, out, 16)) 1481 fail ("pass %d, algo %d, mode %d, in-place, encrypt-decrypt mismatch\n", 1482 pass, algo, mode); 1483 1484 1485 gcry_cipher_close (hd); 1486 1487 return 0; 1488} 1489 1490 1491 1492static void 1493check_one_cipher (int algo, int mode, int flags) 1494{ 1495 char key[33]; 1496 unsigned char plain[17]; 1497 int bufshift; 1498 1499 for (bufshift=0; bufshift < 4; bufshift++) 1500 { 1501 /* Pass 0: Standard test. */ 1502 memcpy (key, "0123456789abcdef.,;/[]{}-=ABCDEF", 32); 1503 memcpy (plain, "foobar42FOOBAR17", 16); 1504 if (check_one_cipher_core (algo, mode, flags, key, 32, plain, 16, 1505 bufshift, 0+10*bufshift)) 1506 return; 1507 1508 /* Pass 1: Key not aligned. */ 1509 memmove (key+1, key, 32); 1510 if (check_one_cipher_core (algo, mode, flags, key+1, 32, plain, 16, 1511 bufshift, 1+10*bufshift)) 1512 return; 1513 1514 /* Pass 2: Key not aligned and data not aligned. */ 1515 memmove (plain+1, plain, 16); 1516 if (check_one_cipher_core (algo, mode, flags, key+1, 32, plain+1, 16, 1517 bufshift, 2+10*bufshift)) 1518 return; 1519 1520 /* Pass 3: Key aligned and data not aligned. */ 1521 memmove (key, key+1, 32); 1522 if (check_one_cipher_core (algo, mode, flags, key, 32, plain+1, 16, 1523 bufshift, 3+10*bufshift)) 1524 return; 1525 } 1526 1527 return; 1528} 1529 1530 1531 1532static void 1533check_ciphers (void) 1534{ 1535 static int algos[] = { 1536#if USE_BLOWFISH 1537 GCRY_CIPHER_BLOWFISH, 1538#endif 1539#if USE_DES 1540 GCRY_CIPHER_DES, 1541 GCRY_CIPHER_3DES, 1542#endif 1543#if USE_CAST5 1544 GCRY_CIPHER_CAST5, 1545#endif 1546#if USE_AES 1547 GCRY_CIPHER_AES, 1548 GCRY_CIPHER_AES192, 1549 GCRY_CIPHER_AES256, 1550#endif 1551#if USE_TWOFISH 1552 GCRY_CIPHER_TWOFISH, 1553 GCRY_CIPHER_TWOFISH128, 1554#endif 1555#if USE_SERPENT 1556 GCRY_CIPHER_SERPENT128, 1557 GCRY_CIPHER_SERPENT192, 1558 GCRY_CIPHER_SERPENT256, 1559#endif 1560#if USE_RFC2268 1561 GCRY_CIPHER_RFC2268_40, 1562#endif 1563#if USE_SEED 1564 GCRY_CIPHER_SEED, 1565#endif 1566#if USE_CAMELLIA 1567 GCRY_CIPHER_CAMELLIA128, 1568 GCRY_CIPHER_CAMELLIA192, 1569 GCRY_CIPHER_CAMELLIA256, 1570#endif 1571 0 1572 }; 1573 static int algos2[] = { 1574#if USE_ARCFOUR 1575 GCRY_CIPHER_ARCFOUR, 1576#endif 1577 0 1578 }; 1579 int i; 1580 1581 if (verbose) 1582 fprintf (stderr, "Starting Cipher checks.\n"); 1583 for (i = 0; algos[i]; i++) 1584 { 1585 if (gcry_cipher_test_algo (algos[i]) && in_fips_mode) 1586 { 1587 if (verbose) 1588 fprintf (stderr, " algorithm %d not available in fips mode\n", 1589 algos[i]); 1590 continue; 1591 } 1592 if (verbose) 1593 fprintf (stderr, " checking %s [%i]\n", 1594 gcry_cipher_algo_name (algos[i]), 1595 gcry_cipher_map_name (gcry_cipher_algo_name (algos[i]))); 1596 1597 check_one_cipher (algos[i], GCRY_CIPHER_MODE_ECB, 0); 1598 check_one_cipher (algos[i], GCRY_CIPHER_MODE_CFB, 0); 1599 check_one_cipher (algos[i], GCRY_CIPHER_MODE_OFB, 0); 1600 check_one_cipher (algos[i], GCRY_CIPHER_MODE_CBC, 0); 1601 check_one_cipher (algos[i], GCRY_CIPHER_MODE_CBC, GCRY_CIPHER_CBC_CTS); 1602 check_one_cipher (algos[i], GCRY_CIPHER_MODE_CTR, 0); 1603 } 1604 1605 for (i = 0; algos2[i]; i++) 1606 { 1607 if (gcry_cipher_test_algo (algos[i]) && in_fips_mode) 1608 { 1609 if (verbose) 1610 fprintf (stderr, " algorithm %d not available in fips mode\n", 1611 algos[i]); 1612 continue; 1613 } 1614 if (verbose) 1615 fprintf (stderr, " checking `%s'\n", 1616 gcry_cipher_algo_name (algos2[i])); 1617 1618 check_one_cipher (algos2[i], GCRY_CIPHER_MODE_STREAM, 0); 1619 } 1620 /* we have now run all cipher's selftests */ 1621 1622 if (verbose) 1623 fprintf (stderr, "Completed Cipher checks.\n"); 1624 1625 /* TODO: add some extra encryption to test the higher level functions */ 1626} 1627 1628 1629static void 1630check_cipher_modes(void) 1631{ 1632 if (verbose) 1633 fprintf (stderr, "Starting Cipher Mode checks.\n"); 1634 1635 check_aes128_cbc_cts_cipher (); 1636 check_cbc_mac_cipher (); 1637 check_ctr_cipher (); 1638 check_cfb_cipher (); 1639 check_ofb_cipher (); 1640 1641 if (verbose) 1642 fprintf (stderr, "Completed Cipher Mode checks.\n"); 1643} 1644 1645static void 1646check_one_md (int algo, const char *data, int len, const char *expect) 1647{ 1648 gcry_md_hd_t hd, hd2; 1649 unsigned char *p; 1650 int mdlen; 1651 int i; 1652 gcry_error_t err = 0; 1653 1654 err = gcry_md_open (&hd, algo, 0); 1655 if (err) 1656 { 1657 fail ("algo %d, gcry_md_open failed: %s\n", algo, gpg_strerror (err)); 1658 return; 1659 } 1660 1661 mdlen = gcry_md_get_algo_dlen (algo); 1662 if (mdlen < 1 || mdlen > 500) 1663 { 1664 fail ("algo %d, gcry_md_get_algo_dlen failed: %d\n", algo, mdlen); 1665 return; 1666 } 1667 1668 if (*data == '!' && !data[1]) 1669 { /* hash one million times a "a" */ 1670 char aaa[1000]; 1671 1672 /* Write in odd size chunks so that we test the buffering. */ 1673 memset (aaa, 'a', 1000); 1674 for (i = 0; i < 1000; i++) 1675 gcry_md_write (hd, aaa, 1000); 1676 } 1677 else 1678 gcry_md_write (hd, data, len); 1679 1680 err = gcry_md_copy (&hd2, hd); 1681 if (err) 1682 { 1683 fail ("algo %d, gcry_md_copy failed: %s\n", algo, gpg_strerror (err)); 1684 } 1685 1686 gcry_md_close (hd); 1687 1688 p = gcry_md_read (hd2, algo); 1689 1690 if (memcmp (p, expect, mdlen)) 1691 { 1692 printf ("computed: "); 1693 for (i = 0; i < mdlen; i++) 1694 printf ("%02x ", p[i] & 0xFF); 1695 printf ("\nexpected: "); 1696 for (i = 0; i < mdlen; i++) 1697 printf ("%02x ", expect[i] & 0xFF); 1698 printf ("\n"); 1699 1700 fail ("algo %d, digest mismatch\n", algo); 1701 } 1702 1703 gcry_md_close (hd2); 1704} 1705 1706 1707static void 1708check_digests (void) 1709{ 1710 static struct algos 1711 { 1712 int md; 1713 const char *data; 1714 const char *expect; 1715 } algos[] = 1716 { 1717 { GCRY_MD_MD4, "", 1718 "\x31\xD6\xCF\xE0\xD1\x6A\xE9\x31\xB7\x3C\x59\xD7\xE0\xC0\x89\xC0" }, 1719 { GCRY_MD_MD4, "a", 1720 "\xbd\xe5\x2c\xb3\x1d\xe3\x3e\x46\x24\x5e\x05\xfb\xdb\xd6\xfb\x24" }, 1721 { GCRY_MD_MD4, "message digest", 1722 "\xd9\x13\x0a\x81\x64\x54\x9f\xe8\x18\x87\x48\x06\xe1\xc7\x01\x4b" }, 1723 { GCRY_MD_MD5, "", 1724 "\xD4\x1D\x8C\xD9\x8F\x00\xB2\x04\xE9\x80\x09\x98\xEC\xF8\x42\x7E" }, 1725 { GCRY_MD_MD5, "a", 1726 "\x0C\xC1\x75\xB9\xC0\xF1\xB6\xA8\x31\xC3\x99\xE2\x69\x77\x26\x61" }, 1727 { GCRY_MD_MD5, "abc", 1728 "\x90\x01\x50\x98\x3C\xD2\x4F\xB0\xD6\x96\x3F\x7D\x28\xE1\x7F\x72" }, 1729 { GCRY_MD_MD5, "message digest", 1730 "\xF9\x6B\x69\x7D\x7C\xB7\x93\x8D\x52\x5A\x2F\x31\xAA\xF1\x61\xD0" }, 1731 { GCRY_MD_SHA1, "abc", 1732 "\xA9\x99\x3E\x36\x47\x06\x81\x6A\xBA\x3E" 1733 "\x25\x71\x78\x50\xC2\x6C\x9C\xD0\xD8\x9D" }, 1734 { GCRY_MD_SHA1, 1735 "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", 1736 "\x84\x98\x3E\x44\x1C\x3B\xD2\x6E\xBA\xAE" 1737 "\x4A\xA1\xF9\x51\x29\xE5\xE5\x46\x70\xF1" }, 1738 { GCRY_MD_SHA1, "!" /* kludge for "a"*1000000 */ , 1739 "\x34\xAA\x97\x3C\xD4\xC4\xDA\xA4\xF6\x1E" 1740 "\xEB\x2B\xDB\xAD\x27\x31\x65\x34\x01\x6F" }, 1741 /* From RFC3874 */ 1742 { GCRY_MD_SHA224, "abc", 1743 "\x23\x09\x7d\x22\x34\x05\xd8\x22\x86\x42\xa4\x77\xbd\xa2\x55\xb3" 1744 "\x2a\xad\xbc\xe4\xbd\xa0\xb3\xf7\xe3\x6c\x9d\xa7" }, 1745 { GCRY_MD_SHA224, 1746 "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", 1747 "\x75\x38\x8b\x16\x51\x27\x76\xcc\x5d\xba\x5d\xa1\xfd\x89\x01\x50" 1748 "\xb0\xc6\x45\x5c\xb4\xf5\x8b\x19\x52\x52\x25\x25" }, 1749 { GCRY_MD_SHA224, "!", 1750 "\x20\x79\x46\x55\x98\x0c\x91\xd8\xbb\xb4\xc1\xea\x97\x61\x8a\x4b" 1751 "\xf0\x3f\x42\x58\x19\x48\xb2\xee\x4e\xe7\xad\x67" }, 1752 { GCRY_MD_SHA256, "abc", 1753 "\xba\x78\x16\xbf\x8f\x01\xcf\xea\x41\x41\x40\xde\x5d\xae\x22\x23" 1754 "\xb0\x03\x61\xa3\x96\x17\x7a\x9c\xb4\x10\xff\x61\xf2\x00\x15\xad" }, 1755 { GCRY_MD_SHA256, 1756 "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", 1757 "\x24\x8d\x6a\x61\xd2\x06\x38\xb8\xe5\xc0\x26\x93\x0c\x3e\x60\x39" 1758 "\xa3\x3c\xe4\x59\x64\xff\x21\x67\xf6\xec\xed\xd4\x19\xdb\x06\xc1" }, 1759 { GCRY_MD_SHA256, "!", 1760 "\xcd\xc7\x6e\x5c\x99\x14\xfb\x92\x81\xa1\xc7\xe2\x84\xd7\x3e\x67" 1761 "\xf1\x80\x9a\x48\xa4\x97\x20\x0e\x04\x6d\x39\xcc\xc7\x11\x2c\xd0" }, 1762 { GCRY_MD_SHA384, "abc", 1763 "\xcb\x00\x75\x3f\x45\xa3\x5e\x8b\xb5\xa0\x3d\x69\x9a\xc6\x50\x07" 1764 "\x27\x2c\x32\xab\x0e\xde\xd1\x63\x1a\x8b\x60\x5a\x43\xff\x5b\xed" 1765 "\x80\x86\x07\x2b\xa1\xe7\xcc\x23\x58\xba\xec\xa1\x34\xc8\x25\xa7" }, 1766 { GCRY_MD_SHA512, "abc", 1767 "\xDD\xAF\x35\xA1\x93\x61\x7A\xBA\xCC\x41\x73\x49\xAE\x20\x41\x31" 1768 "\x12\xE6\xFA\x4E\x89\xA9\x7E\xA2\x0A\x9E\xEE\xE6\x4B\x55\xD3\x9A" 1769 "\x21\x92\x99\x2A\x27\x4F\xC1\xA8\x36\xBA\x3C\x23\xA3\xFE\xEB\xBD" 1770 "\x45\x4D\x44\x23\x64\x3C\xE8\x0E\x2A\x9A\xC9\x4F\xA5\x4C\xA4\x9F" }, 1771 { GCRY_MD_RMD160, "", 1772 "\x9c\x11\x85\xa5\xc5\xe9\xfc\x54\x61\x28" 1773 "\x08\x97\x7e\xe8\xf5\x48\xb2\x25\x8d\x31" }, 1774 { GCRY_MD_RMD160, "a", 1775 "\x0b\xdc\x9d\x2d\x25\x6b\x3e\xe9\xda\xae" 1776 "\x34\x7b\xe6\xf4\xdc\x83\x5a\x46\x7f\xfe" }, 1777 { GCRY_MD_RMD160, "abc", 1778 "\x8e\xb2\x08\xf7\xe0\x5d\x98\x7a\x9b\x04" 1779 "\x4a\x8e\x98\xc6\xb0\x87\xf1\x5a\x0b\xfc" }, 1780 { GCRY_MD_RMD160, "message digest", 1781 "\x5d\x06\x89\xef\x49\xd2\xfa\xe5\x72\xb8" 1782 "\x81\xb1\x23\xa8\x5f\xfa\x21\x59\x5f\x36" }, 1783 { GCRY_MD_CRC32, "", "\x00\x00\x00\x00" }, 1784 { GCRY_MD_CRC32, "foo", "\x8c\x73\x65\x21" }, 1785 { GCRY_MD_CRC32_RFC1510, "", "\x00\x00\x00\x00" }, 1786 { GCRY_MD_CRC32_RFC1510, "foo", "\x73\x32\xbc\x33" }, 1787 { GCRY_MD_CRC32_RFC1510, "test0123456789", "\xb8\x3e\x88\xd6" }, 1788 { GCRY_MD_CRC32_RFC1510, "MASSACHVSETTS INSTITVTE OF TECHNOLOGY", 1789 "\xe3\x41\x80\xf7" }, 1790#if 0 1791 { GCRY_MD_CRC32_RFC1510, "\x80\x00", "\x3b\x83\x98\x4b" }, 1792 { GCRY_MD_CRC32_RFC1510, "\x00\x08", "\x0e\xdb\x88\x32" }, 1793 { GCRY_MD_CRC32_RFC1510, "\x00\x80", "\xed\xb8\x83\x20" }, 1794#endif 1795 { GCRY_MD_CRC32_RFC1510, "\x80", "\xed\xb8\x83\x20" }, 1796#if 0 1797 { GCRY_MD_CRC32_RFC1510, "\x80\x00\x00\x00", "\xed\x59\xb6\x3b" }, 1798 { GCRY_MD_CRC32_RFC1510, "\x00\x00\x00\x01", "\x77\x07\x30\x96" }, 1799#endif 1800 { GCRY_MD_CRC24_RFC2440, "", "\xb7\x04\xce" }, 1801 { GCRY_MD_CRC24_RFC2440, "foo", "\x4f\xc2\x55" }, 1802 1803 { GCRY_MD_TIGER, "", 1804 "\x24\xF0\x13\x0C\x63\xAC\x93\x32\x16\x16\x6E\x76" 1805 "\xB1\xBB\x92\x5F\xF3\x73\xDE\x2D\x49\x58\x4E\x7A" }, 1806 { GCRY_MD_TIGER, "abc", 1807 "\xF2\x58\xC1\xE8\x84\x14\xAB\x2A\x52\x7A\xB5\x41" 1808 "\xFF\xC5\xB8\xBF\x93\x5F\x7B\x95\x1C\x13\x29\x51" }, 1809 { GCRY_MD_TIGER, "Tiger", 1810 "\x9F\x00\xF5\x99\x07\x23\x00\xDD\x27\x6A\xBB\x38" 1811 "\xC8\xEB\x6D\xEC\x37\x79\x0C\x11\x6F\x9D\x2B\xDF" }, 1812 { GCRY_MD_TIGER, "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefg" 1813 "hijklmnopqrstuvwxyz0123456789+-", 1814 "\x87\xFB\x2A\x90\x83\x85\x1C\xF7\x47\x0D\x2C\xF8" 1815 "\x10\xE6\xDF\x9E\xB5\x86\x44\x50\x34\xA5\xA3\x86" }, 1816 { GCRY_MD_TIGER, "ABCDEFGHIJKLMNOPQRSTUVWXYZ=abcdef" 1817 "ghijklmnopqrstuvwxyz+0123456789", 1818 "\x46\x7D\xB8\x08\x63\xEB\xCE\x48\x8D\xF1\xCD\x12" 1819 "\x61\x65\x5D\xE9\x57\x89\x65\x65\x97\x5F\x91\x97" }, 1820 { GCRY_MD_TIGER, "Tiger - A Fast New Hash Function, " 1821 "by Ross Anderson and Eli Biham", 1822 "\x0C\x41\x0A\x04\x29\x68\x86\x8A\x16\x71\xDA\x5A" 1823 "\x3F\xD2\x9A\x72\x5E\xC1\xE4\x57\xD3\xCD\xB3\x03" }, 1824 { GCRY_MD_TIGER, "Tiger - A Fast New Hash Function, " 1825 "by Ross Anderson and Eli Biham, proceedings of Fa" 1826 "st Software Encryption 3, Cambridge.", 1827 "\xEB\xF5\x91\xD5\xAF\xA6\x55\xCE\x7F\x22\x89\x4F" 1828 "\xF8\x7F\x54\xAC\x89\xC8\x11\xB6\xB0\xDA\x31\x93" }, 1829 { GCRY_MD_TIGER, "Tiger - A Fast New Hash Function, " 1830 "by Ross Anderson and Eli Biham, proceedings of Fa" 1831 "st Software Encryption 3, Cambridge, 1996.", 1832 "\x3D\x9A\xEB\x03\xD1\xBD\x1A\x63\x57\xB2\x77\x4D" 1833 "\xFD\x6D\x5B\x24\xDD\x68\x15\x1D\x50\x39\x74\xFC" }, 1834 { GCRY_MD_TIGER, "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefgh" 1835 "ijklmnopqrstuvwxyz0123456789+-ABCDEFGHIJKLMNOPQRS" 1836 "TUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+-", 1837 "\x00\xB8\x3E\xB4\xE5\x34\x40\xC5\x76\xAC\x6A\xAE" 1838 "\xE0\xA7\x48\x58\x25\xFD\x15\xE7\x0A\x59\xFF\xE4" }, 1839 1840 { GCRY_MD_TIGER1, "", 1841 "\x32\x93\xAC\x63\x0C\x13\xF0\x24\x5F\x92\xBB\xB1" 1842 "\x76\x6E\x16\x16\x7A\x4E\x58\x49\x2D\xDE\x73\xF3" }, 1843 { GCRY_MD_TIGER1, "a", 1844 "\x77\xBE\xFB\xEF\x2E\x7E\xF8\xAB\x2E\xC8\xF9\x3B" 1845 "\xF5\x87\xA7\xFC\x61\x3E\x24\x7F\x5F\x24\x78\x09" }, 1846 { GCRY_MD_TIGER1, "abc", 1847 "\x2A\xAB\x14\x84\xE8\xC1\x58\xF2\xBF\xB8\xC5\xFF" 1848 "\x41\xB5\x7A\x52\x51\x29\x13\x1C\x95\x7B\x5F\x93" }, 1849 { GCRY_MD_TIGER1, "message digest", 1850 "\xD9\x81\xF8\xCB\x78\x20\x1A\x95\x0D\xCF\x30\x48" 1851 "\x75\x1E\x44\x1C\x51\x7F\xCA\x1A\xA5\x5A\x29\xF6" }, 1852 { GCRY_MD_TIGER1, "abcdefghijklmnopqrstuvwxyz", 1853 "\x17\x14\xA4\x72\xEE\xE5\x7D\x30\x04\x04\x12\xBF" 1854 "\xCC\x55\x03\x2A\x0B\x11\x60\x2F\xF3\x7B\xEE\xE9" }, 1855 { GCRY_MD_TIGER1, 1856 "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", 1857 "\x0F\x7B\xF9\xA1\x9B\x9C\x58\xF2\xB7\x61\x0D\xF7" 1858 "\xE8\x4F\x0A\xC3\xA7\x1C\x63\x1E\x7B\x53\xF7\x8E" }, 1859 { GCRY_MD_TIGER1, 1860 "ABCDEFGHIJKLMNOPQRSTUVWXYZ" 1861 "abcdefghijklmnopqrstuvwxyz" "0123456789", 1862 "\x8D\xCE\xA6\x80\xA1\x75\x83\xEE\x50\x2B\xA3\x8A" 1863 "\x3C\x36\x86\x51\x89\x0F\xFB\xCC\xDC\x49\xA8\xCC" }, 1864 { GCRY_MD_TIGER1, 1865 "1234567890" "1234567890" "1234567890" "1234567890" 1866 "1234567890" "1234567890" "1234567890" "1234567890", 1867 "\x1C\x14\x79\x55\x29\xFD\x9F\x20\x7A\x95\x8F\x84" 1868 "\xC5\x2F\x11\xE8\x87\xFA\x0C\xAB\xDF\xD9\x1B\xFD" }, 1869 { GCRY_MD_TIGER1, "!", 1870 "\x6D\xB0\xE2\x72\x9C\xBE\xAD\x93\xD7\x15\xC6\xA7" 1871 "\xD3\x63\x02\xE9\xB3\xCE\xE0\xD2\xBC\x31\x4B\x41" }, 1872 1873 { GCRY_MD_TIGER2, "", 1874 "\x44\x41\xBE\x75\xF6\x01\x87\x73\xC2\x06\xC2\x27" 1875 "\x45\x37\x4B\x92\x4A\xA8\x31\x3F\xEF\x91\x9F\x41" }, 1876 { GCRY_MD_TIGER2, "a", 1877 "\x67\xE6\xAE\x8E\x9E\x96\x89\x99\xF7\x0A\x23\xE7" 1878 "\x2A\xEA\xA9\x25\x1C\xBC\x7C\x78\xA7\x91\x66\x36" }, 1879 { GCRY_MD_TIGER2, "abc", 1880 "\xF6\x8D\x7B\xC5\xAF\x4B\x43\xA0\x6E\x04\x8D\x78" 1881 "\x29\x56\x0D\x4A\x94\x15\x65\x8B\xB0\xB1\xF3\xBF" }, 1882 { GCRY_MD_TIGER2, "message digest", 1883 "\xE2\x94\x19\xA1\xB5\xFA\x25\x9D\xE8\x00\x5E\x7D" 1884 "\xE7\x50\x78\xEA\x81\xA5\x42\xEF\x25\x52\x46\x2D" }, 1885 { GCRY_MD_TIGER2, "abcdefghijklmnopqrstuvwxyz", 1886 "\xF5\xB6\xB6\xA7\x8C\x40\x5C\x85\x47\xE9\x1C\xD8" 1887 "\x62\x4C\xB8\xBE\x83\xFC\x80\x4A\x47\x44\x88\xFD" }, 1888 { GCRY_MD_TIGER2, 1889 "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", 1890 "\xA6\x73\x7F\x39\x97\xE8\xFB\xB6\x3D\x20\xD2\xDF" 1891 "\x88\xF8\x63\x76\xB5\xFE\x2D\x5C\xE3\x66\x46\xA9" }, 1892 { GCRY_MD_TIGER2, 1893 "ABCDEFGHIJKLMNOPQRSTUVWXYZ" 1894 "abcdefghijklmnopqrstuvwxyz" "0123456789", 1895 "\xEA\x9A\xB6\x22\x8C\xEE\x7B\x51\xB7\x75\x44\xFC" 1896 "\xA6\x06\x6C\x8C\xBB\x5B\xBA\xE6\x31\x95\x05\xCD" }, 1897 { GCRY_MD_TIGER2, 1898 "1234567890" "1234567890" "1234567890" "1234567890" 1899 "1234567890" "1234567890" "1234567890" "1234567890", 1900 "\xD8\x52\x78\x11\x53\x29\xEB\xAA\x0E\xEC\x85\xEC" 1901 "\xDC\x53\x96\xFD\xA8\xAA\x3A\x58\x20\x94\x2F\xFF" }, 1902 { GCRY_MD_TIGER2, "!", 1903 "\xE0\x68\x28\x1F\x06\x0F\x55\x16\x28\xCC\x57\x15" 1904 "\xB9\xD0\x22\x67\x96\x91\x4D\x45\xF7\x71\x7C\xF4" }, 1905 1906 { GCRY_MD_WHIRLPOOL, "", 1907 "\x19\xFA\x61\xD7\x55\x22\xA4\x66\x9B\x44\xE3\x9C\x1D\x2E\x17\x26" 1908 "\xC5\x30\x23\x21\x30\xD4\x07\xF8\x9A\xFE\xE0\x96\x49\x97\xF7\xA7" 1909 "\x3E\x83\xBE\x69\x8B\x28\x8F\xEB\xCF\x88\xE3\xE0\x3C\x4F\x07\x57" 1910 "\xEA\x89\x64\xE5\x9B\x63\xD9\x37\x08\xB1\x38\xCC\x42\xA6\x6E\xB3" }, 1911 { GCRY_MD_WHIRLPOOL, "a", 1912 "\x8A\xCA\x26\x02\x79\x2A\xEC\x6F\x11\xA6\x72\x06\x53\x1F\xB7\xD7" 1913 "\xF0\xDF\xF5\x94\x13\x14\x5E\x69\x73\xC4\x50\x01\xD0\x08\x7B\x42" 1914 "\xD1\x1B\xC6\x45\x41\x3A\xEF\xF6\x3A\x42\x39\x1A\x39\x14\x5A\x59" 1915 "\x1A\x92\x20\x0D\x56\x01\x95\xE5\x3B\x47\x85\x84\xFD\xAE\x23\x1A" }, 1916 { GCRY_MD_WHIRLPOOL, "a", 1917 "\x8A\xCA\x26\x02\x79\x2A\xEC\x6F\x11\xA6\x72\x06\x53\x1F\xB7\xD7" 1918 "\xF0\xDF\xF5\x94\x13\x14\x5E\x69\x73\xC4\x50\x01\xD0\x08\x7B\x42" 1919 "\xD1\x1B\xC6\x45\x41\x3A\xEF\xF6\x3A\x42\x39\x1A\x39\x14\x5A\x59" 1920 "\x1A\x92\x20\x0D\x56\x01\x95\xE5\x3B\x47\x85\x84\xFD\xAE\x23\x1A" }, 1921 { GCRY_MD_WHIRLPOOL, 1922 "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", 1923 "\xDC\x37\xE0\x08\xCF\x9E\xE6\x9B\xF1\x1F\x00\xED\x9A\xBA\x26\x90" 1924 "\x1D\xD7\xC2\x8C\xDE\xC0\x66\xCC\x6A\xF4\x2E\x40\xF8\x2F\x3A\x1E" 1925 "\x08\xEB\xA2\x66\x29\x12\x9D\x8F\xB7\xCB\x57\x21\x1B\x92\x81\xA6" 1926 "\x55\x17\xCC\x87\x9D\x7B\x96\x21\x42\xC6\x5F\x5A\x7A\xF0\x14\x67" }, 1927 { GCRY_MD_WHIRLPOOL, 1928 "!", 1929 "\x0C\x99\x00\x5B\xEB\x57\xEF\xF5\x0A\x7C\xF0\x05\x56\x0D\xDF\x5D" 1930 "\x29\x05\x7F\xD8\x6B\x20\xBF\xD6\x2D\xEC\xA0\xF1\xCC\xEA\x4A\xF5" 1931 "\x1F\xC1\x54\x90\xED\xDC\x47\xAF\x32\xBB\x2B\x66\xC3\x4F\xF9\xAD" 1932 "\x8C\x60\x08\xAD\x67\x7F\x77\x12\x69\x53\xB2\x26\xE4\xED\x8B\x01" }, 1933 { 0 }, 1934 }; 1935 int i; 1936 1937 if (verbose) 1938 fprintf (stderr, "Starting hash checks.\n"); 1939 1940 for (i = 0; algos[i].md; i++) 1941 { 1942 if ((gcry_md_test_algo (algos[i].md) || algos[i].md == GCRY_MD_MD5) 1943 && in_fips_mode) 1944 { 1945 if (verbose) 1946 fprintf (stderr, " algorithm %d not available in fips mode\n", 1947 algos[i].md); 1948 continue; 1949 } 1950 if (verbose) 1951 fprintf (stderr, " checking %s [%i] for length %zi\n", 1952 gcry_md_algo_name (algos[i].md), 1953 algos[i].md, 1954 !strcmp (algos[i].data, "!")? 1955 1000000 : strlen(algos[i].data)); 1956 1957 check_one_md (algos[i].md, algos[i].data, strlen (algos[i].data), 1958 algos[i].expect); 1959 } 1960 1961 if (verbose) 1962 fprintf (stderr, "Completed hash checks.\n"); 1963} 1964 1965static void 1966check_one_hmac (int algo, const char *data, int datalen, 1967 const char *key, int keylen, const char *expect) 1968{ 1969 gcry_md_hd_t hd, hd2; 1970 unsigned char *p; 1971 int mdlen; 1972 int i; 1973 gcry_error_t err = 0; 1974 1975 err = gcry_md_open (&hd, algo, GCRY_MD_FLAG_HMAC); 1976 if (err) 1977 { 1978 fail ("algo %d, gcry_md_open failed: %s\n", algo, gpg_strerror (err)); 1979 return; 1980 } 1981 1982 mdlen = gcry_md_get_algo_dlen (algo); 1983 if (mdlen < 1 || mdlen > 500) 1984 { 1985 fail ("algo %d, gcry_md_get_algo_dlen failed: %d\n", algo, mdlen); 1986 return; 1987 } 1988 1989 gcry_md_setkey( hd, key, keylen ); 1990 1991 gcry_md_write (hd, data, datalen); 1992 1993 err = gcry_md_copy (&hd2, hd); 1994 if (err) 1995 { 1996 fail ("algo %d, gcry_md_copy failed: %s\n", algo, gpg_strerror (err)); 1997 } 1998 1999 gcry_md_close (hd); 2000 2001 p = gcry_md_read (hd2, algo); 2002 if (!p) 2003 fail("algo %d, hmac gcry_md_read failed\n", algo); 2004 2005 if (memcmp (p, expect, mdlen)) 2006 { 2007 printf ("computed: "); 2008 for (i = 0; i < mdlen; i++) 2009 printf ("%02x ", p[i] & 0xFF); 2010 printf ("\nexpected: "); 2011 for (i = 0; i < mdlen; i++) 2012 printf ("%02x ", expect[i] & 0xFF); 2013 printf ("\n"); 2014 2015 fail ("algo %d, digest mismatch\n", algo); 2016 } 2017 2018 gcry_md_close (hd2); 2019} 2020 2021static void 2022check_hmac (void) 2023{ 2024 static struct algos 2025 { 2026 int md; 2027 const char *data; 2028 const char *key; 2029 const char *expect; 2030 } algos[] = 2031 { 2032 { GCRY_MD_MD5, "what do ya want for nothing?", "Jefe", 2033 "\x75\x0c\x78\x3e\x6a\xb0\xb5\x03\xea\xa8\x6e\x31\x0a\x5d\xb7\x38" }, 2034 { GCRY_MD_MD5, 2035 "Hi There", 2036 "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b", 2037 "\x92\x94\x72\x7a\x36\x38\xbb\x1c\x13\xf4\x8e\xf8\x15\x8b\xfc\x9d" }, 2038 { GCRY_MD_MD5, 2039 "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd" 2040 "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd" 2041 "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd" 2042 "\xdd\xdd\xdd\xdd\xdd", 2043 "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA", 2044 "\x56\xbe\x34\x52\x1d\x14\x4c\x88\xdb\xb8\xc7\x33\xf0\xe8\xb3\xf6" }, 2045 { GCRY_MD_MD5, 2046 "\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd" 2047 "\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd" 2048 "\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd" 2049 "\xcd\xcd\xcd\xcd\xcd", 2050 "\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" 2051 "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19", 2052 "\x69\x7e\xaf\x0a\xca\x3a\x3a\xea\x3a\x75\x16\x47\x46\xff\xaa\x79" }, 2053 { GCRY_MD_MD5, "Test With Truncation", 2054 "\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c", 2055 "\x56\x46\x1e\xf2\x34\x2e\xdc\x00\xf9\xba\xb9\x95\x69\x0e\xfd\x4c" }, 2056 { GCRY_MD_MD5, "Test Using Larger Than Block-Size Key - Hash Key First", 2057 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2058 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2059 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2060 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2061 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2062 "\xaa\xaa\xaa\xaa\xaa", 2063 "\x6b\x1a\xb7\xfe\x4b\xd7\xbf\x8f\x0b\x62\xe6\xce\x61\xb9\xd0\xcd" }, 2064 { GCRY_MD_MD5, 2065 "Test Using Larger Than Block-Size Key and Larger Than One Block-Size Data", 2066 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2067 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2068 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2069 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2070 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2071 "\xaa\xaa\xaa\xaa\xaa", 2072 "\x6f\x63\x0f\xad\x67\xcd\xa0\xee\x1f\xb1\xf5\x62\xdb\x3a\xa5\x3e", }, 2073 { GCRY_MD_SHA256, "what do ya want for nothing?", "Jefe", 2074 "\x5b\xdc\xc1\x46\xbf\x60\x75\x4e\x6a\x04\x24\x26\x08\x95\x75\xc7\x5a" 2075 "\x00\x3f\x08\x9d\x27\x39\x83\x9d\xec\x58\xb9\x64\xec\x38\x43" }, 2076 { GCRY_MD_SHA256, 2077 "Hi There", 2078 "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b" 2079 "\x0b\x0b\x0b", 2080 "\xb0\x34\x4c\x61\xd8\xdb\x38\x53\x5c\xa8\xaf\xce\xaf\x0b\xf1\x2b\x88" 2081 "\x1d\xc2\x00\xc9\x83\x3d\xa7\x26\xe9\x37\x6c\x2e\x32\xcf\xf7" }, 2082 { GCRY_MD_SHA256, 2083 "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd" 2084 "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd" 2085 "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd" 2086 "\xdd\xdd\xdd\xdd\xdd", 2087 "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" 2088 "\xAA\xAA\xAA\xAA", 2089 "\x77\x3e\xa9\x1e\x36\x80\x0e\x46\x85\x4d\xb8\xeb\xd0\x91\x81\xa7" 2090 "\x29\x59\x09\x8b\x3e\xf8\xc1\x22\xd9\x63\x55\x14\xce\xd5\x65\xfe" }, 2091 { GCRY_MD_SHA256, 2092 "\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd" 2093 "\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd" 2094 "\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd" 2095 "\xcd\xcd\xcd\xcd\xcd", 2096 "\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" 2097 "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19", 2098 "\x82\x55\x8a\x38\x9a\x44\x3c\x0e\xa4\xcc\x81\x98\x99\xf2\x08" 2099 "\x3a\x85\xf0\xfa\xa3\xe5\x78\xf8\x07\x7a\x2e\x3f\xf4\x67\x29\x66\x5b" }, 2100 { GCRY_MD_SHA256, 2101 "Test Using Larger Than Block-Size Key - Hash Key First", 2102 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2103 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2104 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2105 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2106 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2107 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2108 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2109 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2110 "\xaa\xaa\xaa", 2111 "\x60\xe4\x31\x59\x1e\xe0\xb6\x7f\x0d\x8a\x26\xaa\xcb\xf5\xb7\x7f" 2112 "\x8e\x0b\xc6\x21\x37\x28\xc5\x14\x05\x46\x04\x0f\x0e\xe3\x7f\x54" }, 2113 { GCRY_MD_SHA256, 2114 "This is a test using a larger than block-size key and a larger than block-size data. The key needs to be hashed before being used by the HMAC algorithm.", 2115 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2116 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2117 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2118 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2119 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2120 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2121 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2122 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2123 "\xaa\xaa\xaa", 2124 "\x9b\x09\xff\xa7\x1b\x94\x2f\xcb\x27\x63\x5f\xbc\xd5\xb0\xe9\x44" 2125 "\xbf\xdc\x63\x64\x4f\x07\x13\x93\x8a\x7f\x51\x53\x5c\x3a\x35\xe2" }, 2126 { GCRY_MD_SHA224, "what do ya want for nothing?", "Jefe", 2127 "\xa3\x0e\x01\x09\x8b\xc6\xdb\xbf\x45\x69\x0f\x3a\x7e\x9e\x6d\x0f" 2128 "\x8b\xbe\xa2\xa3\x9e\x61\x48\x00\x8f\xd0\x5e\x44" }, 2129 { GCRY_MD_SHA224, 2130 "Hi There", 2131 "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b" 2132 "\x0b\x0b\x0b", 2133 "\x89\x6f\xb1\x12\x8a\xbb\xdf\x19\x68\x32\x10\x7c\xd4\x9d\xf3\x3f\x47" 2134 "\xb4\xb1\x16\x99\x12\xba\x4f\x53\x68\x4b\x22" }, 2135 { GCRY_MD_SHA224, 2136 "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd" 2137 "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd" 2138 "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd" 2139 "\xdd\xdd\xdd\xdd\xdd", 2140 "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" 2141 "\xAA\xAA\xAA\xAA", 2142 "\x7f\xb3\xcb\x35\x88\xc6\xc1\xf6\xff\xa9\x69\x4d\x7d\x6a\xd2\x64" 2143 "\x93\x65\xb0\xc1\xf6\x5d\x69\xd1\xec\x83\x33\xea" }, 2144 { GCRY_MD_SHA224, 2145 "\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd" 2146 "\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd" 2147 "\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd" 2148 "\xcd\xcd\xcd\xcd\xcd", 2149 "\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" 2150 "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19", 2151 "\x6c\x11\x50\x68\x74\x01\x3c\xac\x6a\x2a\xbc\x1b\xb3\x82\x62" 2152 "\x7c\xec\x6a\x90\xd8\x6e\xfc\x01\x2d\xe7\xaf\xec\x5a" }, 2153 { GCRY_MD_SHA224, 2154 "Test Using Larger Than Block-Size Key - Hash Key First", 2155 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2156 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2157 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2158 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2159 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2160 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2161 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2162 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2163 "\xaa\xaa\xaa", 2164 "\x95\xe9\xa0\xdb\x96\x20\x95\xad\xae\xbe\x9b\x2d\x6f\x0d\xbc\xe2" 2165 "\xd4\x99\xf1\x12\xf2\xd2\xb7\x27\x3f\xa6\x87\x0e" }, 2166 { GCRY_MD_SHA224, 2167 "This is a test using a larger than block-size key and a larger than block-size data. The key needs to be hashed before being used by the HMAC algorithm.", 2168 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2169 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2170 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2171 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2172 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2173 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2174 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2175 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2176 "\xaa\xaa\xaa", 2177 "\x3a\x85\x41\x66\xac\x5d\x9f\x02\x3f\x54\xd5\x17\xd0\xb3\x9d\xbd" 2178 "\x94\x67\x70\xdb\x9c\x2b\x95\xc9\xf6\xf5\x65\xd1" }, 2179 { GCRY_MD_SHA384, "what do ya want for nothing?", "Jefe", 2180 "\xaf\x45\xd2\xe3\x76\x48\x40\x31\x61\x7f\x78\xd2\xb5\x8a\x6b\x1b" 2181 "\x9c\x7e\xf4\x64\xf5\xa0\x1b\x47\xe4\x2e\xc3\x73\x63\x22\x44\x5e" 2182 "\x8e\x22\x40\xca\x5e\x69\xe2\xc7\x8b\x32\x39\xec\xfa\xb2\x16\x49" }, 2183 { GCRY_MD_SHA384, 2184 "Hi There", 2185 "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b" 2186 "\x0b\x0b\x0b", 2187 "\xaf\xd0\x39\x44\xd8\x48\x95\x62\x6b\x08\x25\xf4\xab\x46\x90\x7f\x15" 2188 "\xf9\xda\xdb\xe4\x10\x1e\xc6\x82\xaa\x03\x4c\x7c\xeb\xc5\x9c\xfa\xea" 2189 "\x9e\xa9\x07\x6e\xde\x7f\x4a\xf1\x52\xe8\xb2\xfa\x9c\xb6" }, 2190 { GCRY_MD_SHA384, 2191 "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd" 2192 "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd" 2193 "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd" 2194 "\xdd\xdd\xdd\xdd\xdd", 2195 "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" 2196 "\xAA\xAA\xAA\xAA", 2197 "\x88\x06\x26\x08\xd3\xe6\xad\x8a\x0a\xa2\xac\xe0\x14\xc8\xa8\x6f" 2198 "\x0a\xa6\x35\xd9\x47\xac\x9f\xeb\xe8\x3e\xf4\xe5\x59\x66\x14\x4b" 2199 "\x2a\x5a\xb3\x9d\xc1\x38\x14\xb9\x4e\x3a\xb6\xe1\x01\xa3\x4f\x27" }, 2200 { GCRY_MD_SHA384, 2201 "\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd" 2202 "\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd" 2203 "\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd" 2204 "\xcd\xcd\xcd\xcd\xcd", 2205 "\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" 2206 "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19", 2207 "\x3e\x8a\x69\xb7\x78\x3c\x25\x85\x19\x33\xab\x62\x90\xaf\x6c\xa7" 2208 "\x7a\x99\x81\x48\x08\x50\x00\x9c\xc5\x57\x7c\x6e\x1f\x57\x3b\x4e" 2209 "\x68\x01\xdd\x23\xc4\xa7\xd6\x79\xcc\xf8\xa3\x86\xc6\x74\xcf\xfb" }, 2210 { GCRY_MD_SHA384, 2211 "Test Using Larger Than Block-Size Key - Hash Key First", 2212 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2213 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2214 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2215 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2216 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2217 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2218 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2219 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2220 "\xaa\xaa\xaa", 2221 "\x4e\xce\x08\x44\x85\x81\x3e\x90\x88\xd2\xc6\x3a\x04\x1b\xc5\xb4" 2222 "\x4f\x9e\xf1\x01\x2a\x2b\x58\x8f\x3c\xd1\x1f\x05\x03\x3a\xc4\xc6" 2223 "\x0c\x2e\xf6\xab\x40\x30\xfe\x82\x96\x24\x8d\xf1\x63\xf4\x49\x52" }, 2224 { GCRY_MD_SHA384, 2225 "This is a test using a larger than block-size key and a larger than block-size data. The key needs to be hashed before being used by the HMAC algorithm.", 2226 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2227 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2228 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2229 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2230 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2231 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2232 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2233 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2234 "\xaa\xaa\xaa", 2235 "\x66\x17\x17\x8e\x94\x1f\x02\x0d\x35\x1e\x2f\x25\x4e\x8f\xd3\x2c" 2236 "\x60\x24\x20\xfe\xb0\xb8\xfb\x9a\xdc\xce\xbb\x82\x46\x1e\x99\xc5" 2237 "\xa6\x78\xcc\x31\xe7\x99\x17\x6d\x38\x60\xe6\x11\x0c\x46\x52\x3e" }, 2238 { GCRY_MD_SHA512, "what do ya want for nothing?", "Jefe", 2239 "\x16\x4b\x7a\x7b\xfc\xf8\x19\xe2\xe3\x95\xfb\xe7\x3b\x56\xe0\xa3" 2240 "\x87\xbd\x64\x22\x2e\x83\x1f\xd6\x10\x27\x0c\xd7\xea\x25\x05\x54" 2241 "\x97\x58\xbf\x75\xc0\x5a\x99\x4a\x6d\x03\x4f\x65\xf8\xf0\xe6\xfd" 2242 "\xca\xea\xb1\xa3\x4d\x4a\x6b\x4b\x63\x6e\x07\x0a\x38\xbc\xe7\x37" }, 2243 { GCRY_MD_SHA512, 2244 "Hi There", 2245 "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b" 2246 "\x0b\x0b\x0b", 2247 "\x87\xaa\x7c\xde\xa5\xef\x61\x9d\x4f\xf0\xb4\x24\x1a\x1d\x6c\xb0" 2248 "\x23\x79\xf4\xe2\xce\x4e\xc2\x78\x7a\xd0\xb3\x05\x45\xe1\x7c\xde" 2249 "\xda\xa8\x33\xb7\xd6\xb8\xa7\x02\x03\x8b\x27\x4e\xae\xa3\xf4\xe4" 2250 "\xbe\x9d\x91\x4e\xeb\x61\xf1\x70\x2e\x69\x6c\x20\x3a\x12\x68\x54" }, 2251 { GCRY_MD_SHA512, 2252 "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd" 2253 "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd" 2254 "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd" 2255 "\xdd\xdd\xdd\xdd\xdd", 2256 "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" 2257 "\xAA\xAA\xAA\xAA", 2258 "\xfa\x73\xb0\x08\x9d\x56\xa2\x84\xef\xb0\xf0\x75\x6c\x89\x0b\xe9" 2259 "\xb1\xb5\xdb\xdd\x8e\xe8\x1a\x36\x55\xf8\x3e\x33\xb2\x27\x9d\x39" 2260 "\xbf\x3e\x84\x82\x79\xa7\x22\xc8\x06\xb4\x85\xa4\x7e\x67\xc8\x07" 2261 "\xb9\x46\xa3\x37\xbe\xe8\x94\x26\x74\x27\x88\x59\xe1\x32\x92\xfb" }, 2262 { GCRY_MD_SHA512, 2263 "\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd" 2264 "\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd" 2265 "\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd" 2266 "\xcd\xcd\xcd\xcd\xcd", 2267 "\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" 2268 "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19", 2269 "\xb0\xba\x46\x56\x37\x45\x8c\x69\x90\xe5\xa8\xc5\xf6\x1d\x4a\xf7" 2270 "\xe5\x76\xd9\x7f\xf9\x4b\x87\x2d\xe7\x6f\x80\x50\x36\x1e\xe3\xdb" 2271 "\xa9\x1c\xa5\xc1\x1a\xa2\x5e\xb4\xd6\x79\x27\x5c\xc5\x78\x80\x63" 2272 "\xa5\xf1\x97\x41\x12\x0c\x4f\x2d\xe2\xad\xeb\xeb\x10\xa2\x98\xdd" }, 2273 { GCRY_MD_SHA512, 2274 "Test Using Larger Than Block-Size Key - Hash Key First", 2275 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2276 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2277 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2278 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2279 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2280 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2281 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2282 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2283 "\xaa\xaa\xaa", 2284 "\x80\xb2\x42\x63\xc7\xc1\xa3\xeb\xb7\x14\x93\xc1\xdd\x7b\xe8\xb4" 2285 "\x9b\x46\xd1\xf4\x1b\x4a\xee\xc1\x12\x1b\x01\x37\x83\xf8\xf3\x52" 2286 "\x6b\x56\xd0\x37\xe0\x5f\x25\x98\xbd\x0f\xd2\x21\x5d\x6a\x1e\x52" 2287 "\x95\xe6\x4f\x73\xf6\x3f\x0a\xec\x8b\x91\x5a\x98\x5d\x78\x65\x98" }, 2288 { GCRY_MD_SHA512, 2289 "This is a test using a larger than block-size key and a larger than block-size data. The key needs to be hashed before being used by the HMAC algorithm.", 2290 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2291 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2292 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2293 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2294 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2295 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2296 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2297 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2298 "\xaa\xaa\xaa", 2299 "\xe3\x7b\x6a\x77\x5d\xc8\x7d\xba\xa4\xdf\xa9\xf9\x6e\x5e\x3f\xfd" 2300 "\xde\xbd\x71\xf8\x86\x72\x89\x86\x5d\xf5\xa3\x2d\x20\xcd\xc9\x44" 2301 "\xb6\x02\x2c\xac\x3c\x49\x82\xb1\x0d\x5e\xeb\x55\xc3\xe4\xde\x15" 2302 "\x13\x46\x76\xfb\x6d\xe0\x44\x60\x65\xc9\x74\x40\xfa\x8c\x6a\x58" }, 2303 { 0 }, 2304 }; 2305 int i; 2306 2307 if (verbose) 2308 fprintf (stderr, "Starting hashed MAC checks.\n"); 2309 2310 for (i = 0; algos[i].md; i++) 2311 { 2312 if ((gcry_md_test_algo (algos[i].md) || algos[i].md == GCRY_MD_MD5) 2313 && in_fips_mode) 2314 { 2315 if (verbose) 2316 fprintf (stderr, " algorithm %d not available in fips mode\n", 2317 algos[i].md); 2318 continue; 2319 } 2320 if (verbose) 2321 fprintf (stderr, 2322 " checking %s [%i] for %zi byte key and %zi byte data\n", 2323 gcry_md_algo_name (algos[i].md), 2324 algos[i].md, 2325 strlen(algos[i].key), strlen(algos[i].data)); 2326 2327 check_one_hmac (algos[i].md, algos[i].data, strlen (algos[i].data), 2328 algos[i].key, strlen(algos[i].key), 2329 algos[i].expect); 2330 } 2331 2332 if (verbose) 2333 fprintf (stderr, "Completed hashed MAC checks.\n"); 2334 } 2335 2336/* Check that the signature SIG matches the hash HASH. PKEY is the 2337 public key used for the verification. BADHASH is a hasvalue which 2338 should; result in a bad signature status. */ 2339static void 2340verify_one_signature (gcry_sexp_t pkey, gcry_sexp_t hash, 2341 gcry_sexp_t badhash, gcry_sexp_t sig) 2342{ 2343 gcry_error_t rc; 2344 2345 rc = gcry_pk_verify (sig, hash, pkey); 2346 if (rc) 2347 fail ("gcry_pk_verify failed: %s\n", gpg_strerror (rc)); 2348 rc = gcry_pk_verify (sig, badhash, pkey); 2349 if (gcry_err_code (rc) != GPG_ERR_BAD_SIGNATURE) 2350 fail ("gcry_pk_verify failed to detect a bad signature: %s\n", 2351 gpg_strerror (rc)); 2352} 2353 2354 2355/* Test the public key sign function using the private ket SKEY. PKEY 2356 is used for verification. */ 2357static void 2358check_pubkey_sign (int n, gcry_sexp_t skey, gcry_sexp_t pkey, int algo) 2359{ 2360 gcry_error_t rc; 2361 gcry_sexp_t sig, badhash, hash; 2362 int dataidx; 2363 static const char baddata[] = 2364 "(data\n (flags pkcs1)\n" 2365 " (hash sha1 #11223344556677889900AABBCCDDEEFF10203041#))\n"; 2366 static struct 2367 { 2368 const char *data; 2369 int algo; 2370 int expected_rc; 2371 } datas[] = 2372 { 2373 { "(data\n (flags pkcs1)\n" 2374 " (hash sha1 #11223344556677889900AABBCCDDEEFF10203040#))\n", 2375 GCRY_PK_RSA, 2376 0 }, 2377 { "(data\n (flags oaep)\n" 2378 " (hash sha1 #11223344556677889900AABBCCDDEEFF10203040#))\n", 2379 0, 2380 GPG_ERR_CONFLICT }, 2381 /* This test is to see whether hash algorithms not hard wired in 2382 pubkey.c are detected: */ 2383 { "(data\n (flags pkcs1)\n" 2384 " (hash oid.1.3.14.3.2.29 " 2385 " #11223344556677889900AABBCCDDEEFF10203040#))\n", 2386 GCRY_PK_RSA, 2387 0 }, 2388 { "(data\n (flags )\n" 2389 " (hash sha1 #11223344556677889900AABBCCDDEEFF10203040#))\n", 2390 0, 2391 GPG_ERR_CONFLICT }, 2392 { "(data\n (flags pkcs1)\n" 2393 " (hash foo #11223344556677889900AABBCCDDEEFF10203040#))\n", 2394 GCRY_PK_RSA, 2395 GPG_ERR_DIGEST_ALGO }, 2396 { "(data\n (flags )\n" " (value #11223344556677889900AA#))\n", 2397 0, 2398 0 }, 2399 { "(data\n (flags )\n" " (value #0090223344556677889900AA#))\n", 2400 0, 2401 0 }, 2402 { "(data\n (flags raw)\n" " (value #11223344556677889900AA#))\n", 2403 0, 2404 0 }, 2405 { "(data\n (flags pkcs1)\n" 2406 " (value #11223344556677889900AA#))\n", 2407 GCRY_PK_RSA, 2408 GPG_ERR_CONFLICT }, 2409 { "(data\n (flags raw foo)\n" 2410 " (value #11223344556677889900AA#))\n", 2411 0, 2412 GPG_ERR_INV_FLAG }, 2413 { "(data\n (flags pss)\n" 2414 " (hash sha1 #11223344556677889900AABBCCDDEEFF10203040#))\n", 2415 GCRY_PK_RSA, 2416 0 }, 2417 { "(data\n (flags pss)\n" 2418 " (hash sha1 #11223344556677889900AABBCCDDEEFF10203040#)\n" 2419 " (random-override #4253647587980912233445566778899019283747#))\n", 2420 GCRY_PK_RSA, 2421 0 }, 2422 { NULL } 2423 }; 2424 2425 (void)n; 2426 2427 rc = gcry_sexp_sscan (&badhash, NULL, baddata, strlen (baddata)); 2428 if (rc) 2429 die ("converting data failed: %s\n", gpg_strerror (rc)); 2430 2431 for (dataidx = 0; datas[dataidx].data; dataidx++) 2432 { 2433 if (datas[dataidx].algo && datas[dataidx].algo != algo) 2434 continue; 2435 2436 if (verbose) 2437 fprintf (stderr, " signature test %d\n", dataidx); 2438 2439 rc = gcry_sexp_sscan (&hash, NULL, datas[dataidx].data, 2440 strlen (datas[dataidx].data)); 2441 if (rc) 2442 die ("converting data failed: %s\n", gpg_strerror (rc)); 2443 2444 rc = gcry_pk_sign (&sig, hash, skey); 2445 if (gcry_err_code (rc) != datas[dataidx].expected_rc) 2446 fail ("gcry_pk_sign failed: %s\n", gpg_strerror (rc)); 2447 2448 if (!rc) 2449 verify_one_signature (pkey, hash, badhash, sig); 2450 2451 gcry_sexp_release (sig); 2452 sig = NULL; 2453 gcry_sexp_release (hash); 2454 hash = NULL; 2455 } 2456 2457 gcry_sexp_release (badhash); 2458} 2459 2460static void 2461check_pubkey_crypt (int n, gcry_sexp_t skey, gcry_sexp_t pkey, int algo) 2462{ 2463 gcry_error_t rc; 2464 gcry_sexp_t plain, ciph, data; 2465 int dataidx; 2466 static struct 2467 { 2468 int algo; /* If not 0 run test only if ALGO matches. */ 2469 const char *data; 2470 const char *hint; 2471 int unpadded; 2472 int encrypt_expected_rc; 2473 int decrypt_expected_rc; 2474 } datas[] = 2475 { 2476 { GCRY_PK_RSA, 2477 "(data\n (flags pkcs1)\n" 2478 " (value #11223344556677889900AA#))\n", 2479 NULL, 2480 0, 2481 0, 2482 0 }, 2483 { GCRY_PK_RSA, 2484 "(data\n (flags pkcs1)\n" 2485 " (value #11223344556677889900AA#))\n", 2486 "(flags pkcs1)", 2487 1, 2488 0, 2489 0 }, 2490 { GCRY_PK_RSA, 2491 "(data\n (flags oaep)\n" 2492 " (value #11223344556677889900AA#))\n", 2493 "(flags oaep)", 2494 1, 2495 0, 2496 0 }, 2497 { GCRY_PK_RSA, 2498 "(data\n (flags oaep)\n (hash-algo sha1)\n" 2499 " (value #11223344556677889900AA#))\n", 2500 "(flags oaep)(hash-algo sha1)", 2501 1, 2502 0, 2503 0 }, 2504 { GCRY_PK_RSA, 2505 "(data\n (flags oaep)\n (hash-algo sha1)\n (label \"test\")\n" 2506 " (value #11223344556677889900AA#))\n", 2507 "(flags oaep)(hash-algo sha1)(label \"test\")", 2508 1, 2509 0, 2510 0 }, 2511 { GCRY_PK_RSA, 2512 "(data\n (flags oaep)\n (hash-algo sha1)\n (label \"test\")\n" 2513 " (value #11223344556677889900AA#)\n" 2514 " (random-override #4253647587980912233445566778899019283747#))\n", 2515 "(flags oaep)(hash-algo sha1)(label \"test\")", 2516 1, 2517 0, 2518 0 }, 2519 { 0, 2520 "(data\n (flags )\n" " (value #11223344556677889900AA#))\n", 2521 NULL, 2522 1, 2523 0, 2524 0 }, 2525 { 0, 2526 "(data\n (flags )\n" " (value #0090223344556677889900AA#))\n", 2527 NULL, 2528 1, 2529 0, 2530 0 }, 2531 { 0, 2532 "(data\n (flags raw)\n" " (value #11223344556677889900AA#))\n", 2533 NULL, 2534 1, 2535 0, 2536 0 }, 2537 { GCRY_PK_RSA, 2538 "(data\n (flags pkcs1)\n" 2539 " (hash sha1 #11223344556677889900AABBCCDDEEFF10203040#))\n", 2540 NULL, 2541 0, 2542 GPG_ERR_CONFLICT, 2543 0}, 2544 { 0, 2545 "(data\n (flags raw foo)\n" 2546 " (hash sha1 #11223344556677889900AABBCCDDEEFF10203040#))\n", 2547 NULL, 2548 0, 2549 GPG_ERR_INV_FLAG, 2550 0}, 2551 { 0, 2552 "(data\n (flags raw)\n" 2553 " (value #11223344556677889900AA#))\n", 2554 "(flags oaep)", 2555 1, 2556 0, 2557 GPG_ERR_ENCODING_PROBLEM }, 2558 { GCRY_PK_RSA, 2559 "(data\n (flags oaep)\n" 2560 " (value #11223344556677889900AA#))\n", 2561 "(flags pkcs1)", 2562 1, 2563 0, 2564 GPG_ERR_ENCODING_PROBLEM }, 2565 { 0, 2566 "(data\n (flags pss)\n" 2567 " (value #11223344556677889900AA#))\n", 2568 NULL, 2569 0, 2570 GPG_ERR_CONFLICT }, 2571 { 0, NULL } 2572 }; 2573 2574 (void)n; 2575 2576 for (dataidx = 0; datas[dataidx].data; dataidx++) 2577 { 2578 if (datas[dataidx].algo && datas[dataidx].algo != algo) 2579 continue; 2580 2581 if (verbose) 2582 fprintf (stderr, " encryption/decryption test %d (algo %d)\n", 2583 dataidx, algo); 2584 2585 rc = gcry_sexp_sscan (&data, NULL, datas[dataidx].data, 2586 strlen (datas[dataidx].data)); 2587 if (rc) 2588 die ("converting data failed: %s\n", gpg_strerror (rc)); 2589 2590 rc = gcry_pk_encrypt (&ciph, data, pkey); 2591 if (gcry_err_code (rc) != datas[dataidx].encrypt_expected_rc) 2592 fail ("gcry_pk_encrypt failed: %s\n", gpg_strerror (rc)); 2593 2594 if (!rc) 2595 { 2596 /* Insert decoding hint to CIPH. */ 2597 if (datas[dataidx].hint) 2598 { 2599 size_t hint_len, len; 2600 char *hint, *buf; 2601 gcry_sexp_t list; 2602 2603 /* Convert decoding hint into canonical sexp. */ 2604 hint_len = gcry_sexp_new (&list, datas[dataidx].hint, 2605 strlen (datas[dataidx].hint), 1); 2606 hint_len = gcry_sexp_sprint (list, GCRYSEXP_FMT_CANON, NULL, 0); 2607 hint = gcry_malloc (hint_len); 2608 if (!hint) 2609 die ("can't allocate memory\n"); 2610 hint_len = gcry_sexp_sprint (list, GCRYSEXP_FMT_CANON, hint, 2611 hint_len); 2612 gcry_sexp_release (list); 2613 2614 /* Convert CIPH into canonical sexp. */ 2615 len = gcry_sexp_sprint (ciph, GCRYSEXP_FMT_CANON, NULL, 0); 2616 buf = gcry_malloc (len + hint_len); 2617 if (!buf) 2618 die ("can't allocate memory\n"); 2619 len = gcry_sexp_sprint (ciph, GCRYSEXP_FMT_CANON, buf, len); 2620 /* assert (!strcmp (buf, "(7:enc-val", 10)); */ 2621 2622 /* Copy decoding hint into CIPH. */ 2623 memmove (buf + 10 + hint_len, buf + 10, len - 10); 2624 memcpy (buf + 10, hint, hint_len); 2625 gcry_free (hint); 2626 gcry_sexp_new (&list, buf, len + hint_len, 1); 2627 gcry_free (buf); 2628 gcry_sexp_release (ciph); 2629 ciph = list; 2630 } 2631 rc = gcry_pk_decrypt (&plain, ciph, skey); 2632 if (gcry_err_code (rc) != datas[dataidx].decrypt_expected_rc) 2633 fail ("gcry_pk_decrypt failed: %s\n", gpg_strerror (rc)); 2634 2635 if (!rc && datas[dataidx].unpadded) 2636 { 2637 gcry_sexp_t p1, p2; 2638 2639 p1 = gcry_sexp_find_token (data, "value", 0); 2640 p2 = gcry_sexp_find_token (plain, "value", 0); 2641 if (p1 && p2) 2642 { 2643 const char *s1, *s2; 2644 size_t n1, n2; 2645 2646 s1 = gcry_sexp_nth_data (p1, 1, &n1); 2647 s2 = gcry_sexp_nth_data (p2, 1, &n2); 2648 if (n1 != n2 || memcmp (s1, s2, n1)) 2649 fail ("gcry_pk_encrypt/gcry_pk_decrypt do not roundtrip\n"); 2650 } 2651 gcry_sexp_release (p1); 2652 gcry_sexp_release (p2); 2653 } 2654 } 2655 2656 gcry_sexp_release (plain); 2657 plain = NULL; 2658 gcry_sexp_release (ciph); 2659 ciph = NULL; 2660 gcry_sexp_release (data); 2661 data = NULL; 2662 } 2663} 2664 2665static void 2666check_pubkey_grip (int n, const unsigned char *grip, 2667 gcry_sexp_t skey, gcry_sexp_t pkey, int algo) 2668{ 2669 unsigned char sgrip[20], pgrip[20]; 2670 2671 (void)algo; 2672 2673 if (!gcry_pk_get_keygrip (skey, sgrip)) 2674 die ("get keygrip for private RSA key failed\n"); 2675 if (!gcry_pk_get_keygrip (pkey, pgrip)) 2676 die ("[%i] get keygrip for public RSA key failed\n", n); 2677 if (memcmp (sgrip, pgrip, 20)) 2678 fail ("[%i] keygrips don't match\n", n); 2679 if (memcmp (sgrip, grip, 20)) 2680 fail ("wrong keygrip for RSA key\n"); 2681} 2682 2683static void 2684do_check_one_pubkey (int n, gcry_sexp_t skey, gcry_sexp_t pkey, 2685 const unsigned char *grip, int algo, int flags) 2686{ 2687 if (flags & FLAG_SIGN) 2688 check_pubkey_sign (n, skey, pkey, algo); 2689 if (flags & FLAG_CRYPT) 2690 check_pubkey_crypt (n, skey, pkey, algo); 2691 if (grip && (flags & FLAG_GRIP)) 2692 check_pubkey_grip (n, grip, skey, pkey, algo); 2693} 2694 2695static void 2696check_one_pubkey (int n, test_spec_pubkey_t spec) 2697{ 2698 gcry_error_t err = GPG_ERR_NO_ERROR; 2699 gcry_sexp_t skey, pkey; 2700 2701 err = gcry_sexp_sscan (&skey, NULL, spec.key.secret, 2702 strlen (spec.key.secret)); 2703 if (!err) 2704 err = gcry_sexp_sscan (&pkey, NULL, spec.key.public, 2705 strlen (spec.key.public)); 2706 if (err) 2707 die ("converting sample key failed: %s\n", gpg_strerror (err)); 2708 2709 do_check_one_pubkey (n, skey, pkey, 2710 (const unsigned char*)spec.key.grip, 2711 spec.id, spec.flags); 2712 2713 gcry_sexp_release (skey); 2714 gcry_sexp_release (pkey); 2715} 2716 2717static void 2718get_keys_new (gcry_sexp_t *pkey, gcry_sexp_t *skey) 2719{ 2720 gcry_sexp_t key_spec, key, pub_key, sec_key; 2721 int rc; 2722 if (verbose) 2723 fprintf (stderr, " generating RSA key:"); 2724 rc = gcry_sexp_new (&key_spec, 2725 in_fips_mode ? "(genkey (rsa (nbits 4:1024)))" 2726 : "(genkey (rsa (nbits 4:1024)(transient-key)))", 2727 0, 1); 2728 if (rc) 2729 die ("error creating S-expression: %s\n", gpg_strerror (rc)); 2730 rc = gcry_pk_genkey (&key, key_spec); 2731 gcry_sexp_release (key_spec); 2732 if (rc) 2733 die ("error generating RSA key: %s\n", gpg_strerror (rc)); 2734 2735 pub_key = gcry_sexp_find_token (key, "public-key", 0); 2736 if (! pub_key) 2737 die ("public part missing in key\n"); 2738 2739 sec_key = gcry_sexp_find_token (key, "private-key", 0); 2740 if (! sec_key) 2741 die ("private part missing in key\n"); 2742 2743 gcry_sexp_release (key); 2744 *pkey = pub_key; 2745 *skey = sec_key; 2746} 2747 2748static void 2749check_one_pubkey_new (int n) 2750{ 2751 gcry_sexp_t skey, pkey; 2752 2753 get_keys_new (&pkey, &skey); 2754 do_check_one_pubkey (n, skey, pkey, NULL, 2755 GCRY_PK_RSA, FLAG_SIGN | FLAG_CRYPT); 2756 gcry_sexp_release (pkey); 2757 gcry_sexp_release (skey); 2758} 2759 2760/* Run all tests for the public key functions. */ 2761static void 2762check_pubkey (void) 2763{ 2764 test_spec_pubkey_t pubkeys[] = 2765 { 2766 { 2767 GCRY_PK_RSA, FLAG_CRYPT | FLAG_SIGN, 2768 2769 { "(private-key\n" 2770 " (rsa\n" 2771 " (n #00e0ce96f90b6c9e02f3922beada93fe50a875eac6bcc18bb9a9cf2e84965caa" 2772 " 2d1ff95a7f542465c6c0c19d276e4526ce048868a7a914fd343cc3a87dd74291" 2773 " ffc565506d5bbb25cbac6a0e2dd1f8bcaab0d4a29c2f37c950f363484bf269f7" 2774 " 891440464baf79827e03a36e70b814938eebdc63e964247be75dc58b014b7ea251#)\n" 2775 " (e #010001#)\n" 2776 " (d #046129F2489D71579BE0A75FE029BD6CDB574EBF57EA8A5B0FDA942CAB943B11" 2777 " 7D7BB95E5D28875E0F9FC5FCC06A72F6D502464DABDED78EF6B716177B83D5BD" 2778 " C543DC5D3FED932E59F5897E92E6F58A0F33424106A3B6FA2CBF877510E4AC21" 2779 " C3EE47851E97D12996222AC3566D4CCB0B83D164074ABF7DE655FC2446DA1781#)\n" 2780 " (p #00e861b700e17e8afe6837e7512e35b6ca11d0ae47d8b85161c67baf64377213" 2781 " fe52d772f2035b3ca830af41d8a4120e1c1c70d12cc22f00d28d31dd48a8d424f1#)\n" 2782 " (q #00f7a7ca5367c661f8e62df34f0d05c10c88e5492348dd7bddc942c9a8f369f9" 2783 " 35a07785d2db805215ed786e4285df1658eed3ce84f469b81b50d358407b4ad361#)\n" 2784 " (u #304559a9ead56d2309d203811a641bb1a09626bc8eb36fffa23c968ec5bd891e" 2785 " ebbafc73ae666e01ba7c8990bae06cc2bbe10b75e69fcacb353a6473079d8e9b#)))\n", 2786 2787 "(public-key\n" 2788 " (rsa\n" 2789 " (n #00e0ce96f90b6c9e02f3922beada93fe50a875eac6bcc18bb9a9cf2e84965caa" 2790 " 2d1ff95a7f542465c6c0c19d276e4526ce048868a7a914fd343cc3a87dd74291" 2791 " ffc565506d5bbb25cbac6a0e2dd1f8bcaab0d4a29c2f37c950f363484bf269f7" 2792 " 891440464baf79827e03a36e70b814938eebdc63e964247be75dc58b014b7ea251#)\n" 2793 " (e #010001#)))\n", 2794 2795 "\x32\x10\x0c\x27\x17\x3e\xf6\xe9\xc4\xe9" 2796 "\xa2\x5d\x3d\x69\xf8\x6d\x37\xa4\xf9\x39"} 2797 }, 2798 { 2799 GCRY_PK_DSA, FLAG_SIGN, 2800 2801 { "(private-key\n" 2802 " (DSA\n" 2803 " (p #00AD7C0025BA1A15F775F3F2D673718391D00456978D347B33D7B49E7F32EDAB" 2804 " 96273899DD8B2BB46CD6ECA263FAF04A28903503D59062A8865D2AE8ADFB5191" 2805 " CF36FFB562D0E2F5809801A1F675DAE59698A9E01EFE8D7DCFCA084F4C6F5A44" 2806 " 44D499A06FFAEA5E8EF5E01F2FD20A7B7EF3F6968AFBA1FB8D91F1559D52D8777B#)\n" 2807 " (q #00EB7B5751D25EBBB7BD59D920315FD840E19AEBF9#)\n" 2808 " (g #1574363387FDFD1DDF38F4FBE135BB20C7EE4772FB94C337AF86EA8E49666503" 2809 " AE04B6BE81A2F8DD095311E0217ACA698A11E6C5D33CCDAE71498ED35D13991E" 2810 " B02F09AB40BD8F4C5ED8C75DA779D0AE104BC34C960B002377068AB4B5A1F984" 2811 " 3FBA91F537F1B7CAC4D8DD6D89B0D863AF7025D549F9C765D2FC07EE208F8D15#)\n" 2812 " (y #64B11EF8871BE4AB572AA810D5D3CA11A6CDBC637A8014602C72960DB135BF46" 2813 " A1816A724C34F87330FC9E187C5D66897A04535CC2AC9164A7150ABFA8179827" 2814 " 6E45831AB811EEE848EBB24D9F5F2883B6E5DDC4C659DEF944DCFD80BF4D0A20" 2815 " 42CAA7DC289F0C5A9D155F02D3D551DB741A81695B74D4C8F477F9C7838EB0FB#)\n" 2816 " (x #11D54E4ADBD3034160F2CED4B7CD292A4EBF3EC0#)))\n", 2817 2818 "(public-key\n" 2819 " (DSA\n" 2820 " (p #00AD7C0025BA1A15F775F3F2D673718391D00456978D347B33D7B49E7F32EDAB" 2821 " 96273899DD8B2BB46CD6ECA263FAF04A28903503D59062A8865D2AE8ADFB5191" 2822 " CF36FFB562D0E2F5809801A1F675DAE59698A9E01EFE8D7DCFCA084F4C6F5A44" 2823 " 44D499A06FFAEA5E8EF5E01F2FD20A7B7EF3F6968AFBA1FB8D91F1559D52D8777B#)\n" 2824 " (q #00EB7B5751D25EBBB7BD59D920315FD840E19AEBF9#)\n" 2825 " (g #1574363387FDFD1DDF38F4FBE135BB20C7EE4772FB94C337AF86EA8E49666503" 2826 " AE04B6BE81A2F8DD095311E0217ACA698A11E6C5D33CCDAE71498ED35D13991E" 2827 " B02F09AB40BD8F4C5ED8C75DA779D0AE104BC34C960B002377068AB4B5A1F984" 2828 " 3FBA91F537F1B7CAC4D8DD6D89B0D863AF7025D549F9C765D2FC07EE208F8D15#)\n" 2829 " (y #64B11EF8871BE4AB572AA810D5D3CA11A6CDBC637A8014602C72960DB135BF46" 2830 " A1816A724C34F87330FC9E187C5D66897A04535CC2AC9164A7150ABFA8179827" 2831 " 6E45831AB811EEE848EBB24D9F5F2883B6E5DDC4C659DEF944DCFD80BF4D0A20" 2832 " 42CAA7DC289F0C5A9D155F02D3D551DB741A81695B74D4C8F477F9C7838EB0FB#)))\n", 2833 2834 "\xc6\x39\x83\x1a\x43\xe5\x05\x5d\xc6\xd8" 2835 "\x4a\xa6\xf9\xeb\x23\xbf\xa9\x12\x2d\x5b" } 2836 }, 2837 { 2838 GCRY_PK_ELG, FLAG_SIGN | FLAG_CRYPT, 2839 2840 { "(private-key\n" 2841 " (ELG\n" 2842 " (p #00B93B93386375F06C2D38560F3B9C6D6D7B7506B20C1773F73F8DE56E6CD65D" 2843 " F48DFAAA1E93F57A2789B168362A0F787320499F0B2461D3A4268757A7B27517" 2844 " B7D203654A0CD484DEC6AF60C85FEB84AAC382EAF2047061FE5DAB81A20A0797" 2845 " 6E87359889BAE3B3600ED718BE61D4FC993CC8098A703DD0DC942E965E8F18D2A7#)\n" 2846 " (g #05#)\n" 2847 " (y #72DAB3E83C9F7DD9A931FDECDC6522C0D36A6F0A0FEC955C5AC3C09175BBFF2B" 2848 " E588DB593DC2E420201BEB3AC17536918417C497AC0F8657855380C1FCF11C5B" 2849 " D20DB4BEE9BDF916648DE6D6E419FA446C513AAB81C30CB7B34D6007637BE675" 2850 " 56CE6473E9F9EE9B9FADD275D001563336F2186F424DEC6199A0F758F6A00FF4#)\n" 2851 " (x #03C28900087B38DABF4A0AB98ACEA39BB674D6557096C01D72E31C16BDD32214#)))\n", 2852 2853 "(public-key\n" 2854 " (ELG\n" 2855 " (p #00B93B93386375F06C2D38560F3B9C6D6D7B7506B20C1773F73F8DE56E6CD65D" 2856 " F48DFAAA1E93F57A2789B168362A0F787320499F0B2461D3A4268757A7B27517" 2857 " B7D203654A0CD484DEC6AF60C85FEB84AAC382EAF2047061FE5DAB81A20A0797" 2858 " 6E87359889BAE3B3600ED718BE61D4FC993CC8098A703DD0DC942E965E8F18D2A7#)\n" 2859 " (g #05#)\n" 2860 " (y #72DAB3E83C9F7DD9A931FDECDC6522C0D36A6F0A0FEC955C5AC3C09175BBFF2B" 2861 " E588DB593DC2E420201BEB3AC17536918417C497AC0F8657855380C1FCF11C5B" 2862 " D20DB4BEE9BDF916648DE6D6E419FA446C513AAB81C30CB7B34D6007637BE675" 2863 " 56CE6473E9F9EE9B9FADD275D001563336F2186F424DEC6199A0F758F6A00FF4#)))\n", 2864 2865 "\xa7\x99\x61\xeb\x88\x83\xd2\xf4\x05\xc8" 2866 "\x4f\xba\x06\xf8\x78\x09\xbc\x1e\x20\xe5" } 2867 }, 2868 }; 2869 int i; 2870 if (verbose) 2871 fprintf (stderr, "Starting public key checks.\n"); 2872 for (i = 0; i < sizeof (pubkeys) / sizeof (*pubkeys); i++) 2873 if (pubkeys[i].id) 2874 { 2875 if (gcry_pk_test_algo (pubkeys[i].id) && in_fips_mode) 2876 { 2877 if (verbose) 2878 fprintf (stderr, " algorithm %d not available in fips mode\n", 2879 pubkeys[i].id); 2880 continue; 2881 } 2882 check_one_pubkey (i, pubkeys[i]); 2883 } 2884 if (verbose) 2885 fprintf (stderr, "Completed public key checks.\n"); 2886 2887 if (verbose) 2888 fprintf (stderr, "Starting additional public key checks.\n"); 2889 for (i = 0; i < sizeof (pubkeys) / sizeof (*pubkeys); i++) 2890 if (pubkeys[i].id) 2891 { 2892 if (gcry_pk_test_algo (pubkeys[i].id) && in_fips_mode) 2893 { 2894 if (verbose) 2895 fprintf (stderr, " algorithm %d not available in fips mode\n", 2896 pubkeys[i].id); 2897 continue; 2898 } 2899 check_one_pubkey_new (i); 2900 } 2901 if (verbose) 2902 fprintf (stderr, "Completed additional public key checks.\n"); 2903 2904} 2905 2906int 2907main (int argc, char **argv) 2908{ 2909 gpg_error_t err; 2910 int last_argc = -1; 2911 int debug = 0; 2912 int use_fips = 0; 2913 int selftest_only = 0; 2914 2915 if (argc) 2916 { argc--; argv++; } 2917 2918 while (argc && last_argc != argc ) 2919 { 2920 last_argc = argc; 2921 if (!strcmp (*argv, "--")) 2922 { 2923 argc--; argv++; 2924 break; 2925 } 2926 else if (!strcmp (*argv, "--verbose")) 2927 { 2928 verbose++; 2929 argc--; argv++; 2930 } 2931 else if (!strcmp (*argv, "--debug")) 2932 { 2933 verbose = debug = 1; 2934 argc--; argv++; 2935 } 2936 else if (!strcmp (*argv, "--fips")) 2937 { 2938 use_fips = 1; 2939 argc--; argv++; 2940 } 2941 else if (!strcmp (*argv, "--selftest")) 2942 { 2943 selftest_only = 1; 2944 verbose += 2; 2945 argc--; argv++; 2946 } 2947 else if (!strcmp (*argv, "--die")) 2948 { 2949 die_on_error = 1; 2950 argc--; argv++; 2951 } 2952 } 2953 2954 gcry_control (GCRYCTL_SET_VERBOSITY, (int)verbose); 2955 2956 if (use_fips) 2957 gcry_control (GCRYCTL_FORCE_FIPS_MODE, 0); 2958 2959 /* Check that we test exactly our version - including the patchlevel. */ 2960 if (strcmp (GCRYPT_VERSION, gcry_check_version (NULL))) 2961 die ("version mismatch; pgm=%s, library=%s\n", 2962 GCRYPT_VERSION,gcry_check_version (NULL)); 2963 2964 if ( gcry_fips_mode_active () ) 2965 in_fips_mode = 1; 2966 2967 if (!in_fips_mode) 2968 gcry_control (GCRYCTL_DISABLE_SECMEM, 0); 2969 2970 if (verbose) 2971 gcry_set_progress_handler (progress_handler, NULL); 2972 2973 gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0); 2974 if (debug) 2975 gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1u, 0); 2976 /* No valuable keys are create, so we can speed up our RNG. */ 2977 gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0); 2978 2979 if (!selftest_only) 2980 { 2981 check_ciphers (); 2982 check_cipher_modes (); 2983 check_bulk_cipher_modes (); 2984 check_digests (); 2985 check_hmac (); 2986 check_pubkey (); 2987 } 2988 2989 2990 if (in_fips_mode && !selftest_only) 2991 { 2992 /* If we are in fips mode do some more tests. */ 2993 gcry_md_hd_t md; 2994 2995 /* First trigger a self-test. */ 2996 gcry_control (GCRYCTL_FORCE_FIPS_MODE, 0); 2997 if (!gcry_control (GCRYCTL_OPERATIONAL_P, 0)) 2998 fail ("not in operational state after self-test\n"); 2999 3000 /* Get us into the error state. */ 3001 err = gcry_md_open (&md, GCRY_MD_SHA1, 0); 3002 if (err) 3003 fail ("failed to open SHA-1 hash context: %s\n", gpg_strerror (err)); 3004 else 3005 { 3006 err = gcry_md_enable (md, GCRY_MD_SHA256); 3007 if (err) 3008 fail ("failed to add SHA-256 hash context: %s\n", 3009 gpg_strerror (err)); 3010 else 3011 { 3012 /* gcry_md_get_algo is only defined for a context with 3013 just one digest algorithm. With our setup it should 3014 put the oibrary intoerror state. */ 3015 fputs ("Note: Two lines with error messages follow " 3016 "- this is expected\n", stderr); 3017 gcry_md_get_algo (md); 3018 gcry_md_close (md); 3019 if (gcry_control (GCRYCTL_OPERATIONAL_P, 0)) 3020 fail ("expected error state but still in operational state\n"); 3021 else 3022 { 3023 /* Now run a self-test and to get back into 3024 operational state. */ 3025 gcry_control (GCRYCTL_FORCE_FIPS_MODE, 0); 3026 if (!gcry_control (GCRYCTL_OPERATIONAL_P, 0)) 3027 fail ("did not reach operational after error " 3028 "and self-test\n"); 3029 } 3030 } 3031 } 3032 3033 } 3034 else 3035 { 3036 /* If in standard mode, run selftests. */ 3037 if (gcry_control (GCRYCTL_SELFTEST, 0)) 3038 fail ("running self-test failed\n"); 3039 } 3040 3041 if (verbose) 3042 fprintf (stderr, "\nAll tests completed. Errors: %i\n", error_count); 3043 3044 if (in_fips_mode && !gcry_fips_mode_active ()) 3045 fprintf (stderr, "FIPS mode is not anymore active\n"); 3046 3047 return error_count ? 1 : 0; 3048} 3049