1/* basic.c - basic regression tests 2 * Copyright (C) 2001, 2002, 2003, 2005, 2008, 3 * 2009 Free Software Foundation, Inc. 4 * 5 * This file is part of Libgcrypt. 6 * 7 * Libgcrypt is free software; you can redistribute it and/or modify 8 * it under the terms of the GNU Lesser General Public License as 9 * published by the Free Software Foundation; either version 2.1 of 10 * the License, or (at your option) any later version. 11 * 12 * Libgcrypt is distributed in the hope that it will be useful, 13 * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 * GNU Lesser General Public License for more details. 16 * 17 * You should have received a copy of the GNU Lesser General Public 18 * License along with this program; if not, see <http://www.gnu.org/licenses/>. 19 */ 20 21#ifdef HAVE_CONFIG_H 22#include <config.h> 23#endif 24#include <stdio.h> 25#include <stdlib.h> 26#include <string.h> 27#include <stdarg.h> 28 29#include "../src/gcrypt.h" 30 31#ifndef DIM 32# define DIM(v) (sizeof(v)/sizeof((v)[0])) 33#endif 34 35 36typedef struct test_spec_pubkey_key 37{ 38 const char *secret; 39 const char *public; 40 const char *grip; 41} 42test_spec_pubkey_key_t; 43 44typedef struct test_spec_pubkey 45{ 46 int id; 47 int flags; 48 test_spec_pubkey_key_t key; 49} 50test_spec_pubkey_t; 51 52#define FLAG_CRYPT (1 << 0) 53#define FLAG_SIGN (1 << 1) 54#define FLAG_GRIP (1 << 2) 55 56static int verbose; 57static int error_count; 58static int in_fips_mode; 59static int die_on_error; 60 61static void 62fail (const char *format, ...) 63{ 64 va_list arg_ptr; 65 66 va_start (arg_ptr, format); 67 vfprintf (stderr, format, arg_ptr); 68 va_end (arg_ptr); 69 error_count++; 70 if (die_on_error) 71 exit (1); 72} 73 74static void 75mismatch (const void *expected, size_t expectedlen, 76 const void *computed, size_t computedlen) 77{ 78 const unsigned char *p; 79 80 fprintf (stderr, "expected:"); 81 for (p = expected; expectedlen; p++, expectedlen--) 82 fprintf (stderr, " %02x", *p); 83 fprintf (stderr, "\ncomputed:"); 84 for (p = computed; computedlen; p++, computedlen--) 85 fprintf (stderr, " %02x", *p); 86 fprintf (stderr, "\n"); 87} 88 89 90static void 91die (const char *format, ...) 92{ 93 va_list arg_ptr; 94 95 va_start (arg_ptr, format); 96 vfprintf (stderr, format, arg_ptr); 97 va_end (arg_ptr); 98 exit (1); 99} 100 101#define MAX_DATA_LEN 100 102 103void 104progress_handler (void *cb_data, const char *what, int printchar, 105 int current, int total) 106{ 107 (void)cb_data; 108 (void)what; 109 (void)current; 110 (void)total; 111 112 if (printchar == '\n') 113 fputs ( "<LF>", stdout); 114 else 115 putchar (printchar); 116 fflush (stdout); 117} 118 119static void 120check_cbc_mac_cipher (void) 121{ 122 struct tv 123 { 124 int algo; 125 char key[MAX_DATA_LEN]; 126 unsigned char plaintext[MAX_DATA_LEN]; 127 size_t plaintextlen; 128 char mac[MAX_DATA_LEN]; 129 } 130 tv[] = 131 { 132 { GCRY_CIPHER_AES, 133 "chicken teriyaki", 134 "This is a sample plaintext for CBC MAC of sixtyfour bytes.......", 135 0, "\x23\x8f\x6d\xc7\x53\x6a\x62\x97\x11\xc4\xa5\x16\x43\xea\xb0\xb6" }, 136 { GCRY_CIPHER_3DES, 137 "abcdefghABCDEFGH01234567", 138 "This is a sample plaintext for CBC MAC of sixtyfour bytes.......", 139 0, "\x5c\x11\xf0\x01\x47\xbd\x3d\x3a" }, 140 { GCRY_CIPHER_DES, 141 "abcdefgh", 142 "This is a sample plaintext for CBC MAC of sixtyfour bytes.......", 143 0, "\xfa\x4b\xdf\x9d\xfa\xab\x01\x70" } 144 }; 145 gcry_cipher_hd_t hd; 146 unsigned char out[MAX_DATA_LEN]; 147 int i, blklen, keylen; 148 gcry_error_t err = 0; 149 150 if (verbose) 151 fprintf (stderr, " Starting CBC MAC checks.\n"); 152 153 for (i = 0; i < sizeof (tv) / sizeof (tv[0]); i++) 154 { 155 if (gcry_cipher_test_algo (tv[i].algo) && in_fips_mode) 156 { 157 if (verbose) 158 fprintf (stderr, " algorithm %d not available in fips mode\n", 159 tv[i].algo); 160 continue; 161 } 162 163 err = gcry_cipher_open (&hd, 164 tv[i].algo, 165 GCRY_CIPHER_MODE_CBC, GCRY_CIPHER_CBC_MAC); 166 if (!hd) 167 { 168 fail ("cbc-mac algo %d, gcry_cipher_open failed: %s\n", 169 tv[i].algo, gpg_strerror (err)); 170 return; 171 } 172 173 blklen = gcry_cipher_get_algo_blklen(tv[i].algo); 174 if (!blklen) 175 { 176 fail ("cbc-mac algo %d, gcry_cipher_get_algo_blklen failed\n", 177 tv[i].algo); 178 gcry_cipher_close (hd); 179 return; 180 } 181 182 keylen = gcry_cipher_get_algo_keylen (tv[i].algo); 183 if (!keylen) 184 { 185 fail ("cbc-mac algo %d, gcry_cipher_get_algo_keylen failed\n", 186 tv[i].algo); 187 return; 188 } 189 190 err = gcry_cipher_setkey (hd, tv[i].key, keylen); 191 if (err) 192 { 193 fail ("cbc-mac algo %d, gcry_cipher_setkey failed: %s\n", 194 tv[i].algo, gpg_strerror (err)); 195 gcry_cipher_close (hd); 196 return; 197 } 198 199 err = gcry_cipher_setiv (hd, NULL, 0); 200 if (err) 201 { 202 fail ("cbc-mac algo %d, gcry_cipher_setiv failed: %s\n", 203 tv[i].algo, gpg_strerror (err)); 204 gcry_cipher_close (hd); 205 return; 206 } 207 208 if (verbose) 209 fprintf (stderr, " checking CBC MAC for %s [%i]\n", 210 gcry_cipher_algo_name (tv[i].algo), 211 tv[i].algo); 212 err = gcry_cipher_encrypt (hd, 213 out, blklen, 214 tv[i].plaintext, 215 tv[i].plaintextlen ? 216 tv[i].plaintextlen : 217 strlen ((char*)tv[i].plaintext)); 218 if (err) 219 { 220 fail ("cbc-mac algo %d, gcry_cipher_encrypt failed: %s\n", 221 tv[i].algo, gpg_strerror (err)); 222 gcry_cipher_close (hd); 223 return; 224 } 225 226#if 0 227 { 228 int j; 229 for (j = 0; j < gcry_cipher_get_algo_blklen (tv[i].algo); j++) 230 printf ("\\x%02x", out[j] & 0xFF); 231 printf ("\n"); 232 } 233#endif 234 235 if (memcmp (tv[i].mac, out, blklen)) 236 fail ("cbc-mac algo %d, encrypt mismatch entry %d\n", tv[i].algo, i); 237 238 gcry_cipher_close (hd); 239 } 240 if (verbose) 241 fprintf (stderr, " Completed CBC MAC checks.\n"); 242} 243 244static void 245check_aes128_cbc_cts_cipher (void) 246{ 247 char key[128 / 8] = "chicken teriyaki"; 248 unsigned char plaintext[] = 249 "I would like the General Gau's Chicken, please, and wonton soup."; 250 struct tv 251 { 252 unsigned char out[MAX_DATA_LEN]; 253 int inlen; 254 } tv[] = 255 { 256 { "\xc6\x35\x35\x68\xf2\xbf\x8c\xb4\xd8\xa5\x80\x36\x2d\xa7\xff\x7f" 257 "\x97", 258 17 }, 259 { "\xfc\x00\x78\x3e\x0e\xfd\xb2\xc1\xd4\x45\xd4\xc8\xef\xf7\xed\x22" 260 "\x97\x68\x72\x68\xd6\xec\xcc\xc0\xc0\x7b\x25\xe2\x5e\xcf\xe5", 261 31 }, 262 { "\x39\x31\x25\x23\xa7\x86\x62\xd5\xbe\x7f\xcb\xcc\x98\xeb\xf5\xa8" 263 "\x97\x68\x72\x68\xd6\xec\xcc\xc0\xc0\x7b\x25\xe2\x5e\xcf\xe5\x84", 264 32 }, 265 { "\x97\x68\x72\x68\xd6\xec\xcc\xc0\xc0\x7b\x25\xe2\x5e\xcf\xe5\x84" 266 "\xb3\xff\xfd\x94\x0c\x16\xa1\x8c\x1b\x55\x49\xd2\xf8\x38\x02\x9e" 267 "\x39\x31\x25\x23\xa7\x86\x62\xd5\xbe\x7f\xcb\xcc\x98\xeb\xf5", 268 47 }, 269 { "\x97\x68\x72\x68\xd6\xec\xcc\xc0\xc0\x7b\x25\xe2\x5e\xcf\xe5\x84" 270 "\x9d\xad\x8b\xbb\x96\xc4\xcd\xc0\x3b\xc1\x03\xe1\xa1\x94\xbb\xd8" 271 "\x39\x31\x25\x23\xa7\x86\x62\xd5\xbe\x7f\xcb\xcc\x98\xeb\xf5\xa8", 272 48 }, 273 { "\x97\x68\x72\x68\xd6\xec\xcc\xc0\xc0\x7b\x25\xe2\x5e\xcf\xe5\x84" 274 "\x39\x31\x25\x23\xa7\x86\x62\xd5\xbe\x7f\xcb\xcc\x98\xeb\xf5\xa8" 275 "\x48\x07\xef\xe8\x36\xee\x89\xa5\x26\x73\x0d\xbc\x2f\x7b\xc8\x40" 276 "\x9d\xad\x8b\xbb\x96\xc4\xcd\xc0\x3b\xc1\x03\xe1\xa1\x94\xbb\xd8", 277 64 }, 278 }; 279 gcry_cipher_hd_t hd; 280 unsigned char out[MAX_DATA_LEN]; 281 int i; 282 gcry_error_t err = 0; 283 284 if (verbose) 285 fprintf (stderr, " Starting AES128 CBC CTS checks.\n"); 286 err = gcry_cipher_open (&hd, 287 GCRY_CIPHER_AES, 288 GCRY_CIPHER_MODE_CBC, GCRY_CIPHER_CBC_CTS); 289 if (err) 290 { 291 fail ("aes-cbc-cts, gcry_cipher_open failed: %s\n", gpg_strerror (err)); 292 return; 293 } 294 295 err = gcry_cipher_setkey (hd, key, 128 / 8); 296 if (err) 297 { 298 fail ("aes-cbc-cts, gcry_cipher_setkey failed: %s\n", 299 gpg_strerror (err)); 300 gcry_cipher_close (hd); 301 return; 302 } 303 304 for (i = 0; i < sizeof (tv) / sizeof (tv[0]); i++) 305 { 306 err = gcry_cipher_setiv (hd, NULL, 0); 307 if (err) 308 { 309 fail ("aes-cbc-cts, gcry_cipher_setiv failed: %s\n", 310 gpg_strerror (err)); 311 gcry_cipher_close (hd); 312 return; 313 } 314 315 if (verbose) 316 fprintf (stderr, " checking encryption for length %i\n", tv[i].inlen); 317 err = gcry_cipher_encrypt (hd, out, MAX_DATA_LEN, 318 plaintext, tv[i].inlen); 319 if (err) 320 { 321 fail ("aes-cbc-cts, gcry_cipher_encrypt failed: %s\n", 322 gpg_strerror (err)); 323 gcry_cipher_close (hd); 324 return; 325 } 326 327 if (memcmp (tv[i].out, out, tv[i].inlen)) 328 fail ("aes-cbc-cts, encrypt mismatch entry %d\n", i); 329 330 err = gcry_cipher_setiv (hd, NULL, 0); 331 if (err) 332 { 333 fail ("aes-cbc-cts, gcry_cipher_setiv failed: %s\n", 334 gpg_strerror (err)); 335 gcry_cipher_close (hd); 336 return; 337 } 338 if (verbose) 339 fprintf (stderr, " checking decryption for length %i\n", tv[i].inlen); 340 err = gcry_cipher_decrypt (hd, out, tv[i].inlen, NULL, 0); 341 if (err) 342 { 343 fail ("aes-cbc-cts, gcry_cipher_decrypt failed: %s\n", 344 gpg_strerror (err)); 345 gcry_cipher_close (hd); 346 return; 347 } 348 349 if (memcmp (plaintext, out, tv[i].inlen)) 350 fail ("aes-cbc-cts, decrypt mismatch entry %d\n", i); 351 } 352 353 gcry_cipher_close (hd); 354 if (verbose) 355 fprintf (stderr, " Completed AES128 CBC CTS checks.\n"); 356} 357 358static void 359check_ctr_cipher (void) 360{ 361 struct tv 362 { 363 int algo; 364 char key[MAX_DATA_LEN]; 365 char ctr[MAX_DATA_LEN]; 366 struct data 367 { 368 unsigned char plaintext[MAX_DATA_LEN]; 369 int inlen; 370 char out[MAX_DATA_LEN]; 371 } data[8]; 372 } tv[] = 373 { 374 /* http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf */ 375 { GCRY_CIPHER_AES, 376 "\x2b\x7e\x15\x16\x28\xae\xd2\xa6\xab\xf7\x15\x88\x09\xcf\x4f\x3c", 377 "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff", 378 { { "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96\xe9\x3d\x7e\x11\x73\x93\x17\x2a", 379 16, 380 "\x87\x4d\x61\x91\xb6\x20\xe3\x26\x1b\xef\x68\x64\x99\x0d\xb6\xce" }, 381 { "\xae\x2d\x8a\x57\x1e\x03\xac\x9c\x9e\xb7\x6f\xac\x45\xaf\x8e\x51", 382 16, 383 "\x98\x06\xf6\x6b\x79\x70\xfd\xff\x86\x17\x18\x7b\xb9\xff\xfd\xff" }, 384 { "\x30\xc8\x1c\x46\xa3\x5c\xe4\x11\xe5\xfb\xc1\x19\x1a\x0a\x52\xef", 385 16, 386 "\x5a\xe4\xdf\x3e\xdb\xd5\xd3\x5e\x5b\x4f\x09\x02\x0d\xb0\x3e\xab" }, 387 { "\xf6\x9f\x24\x45\xdf\x4f\x9b\x17\xad\x2b\x41\x7b\xe6\x6c\x37\x10", 388 16, 389 "\x1e\x03\x1d\xda\x2f\xbe\x03\xd1\x79\x21\x70\xa0\xf3\x00\x9c\xee" }, 390 391 { "", 0, "" } 392 } 393 }, 394 { GCRY_CIPHER_AES192, 395 "\x8e\x73\xb0\xf7\xda\x0e\x64\x52\xc8\x10\xf3\x2b" 396 "\x80\x90\x79\xe5\x62\xf8\xea\xd2\x52\x2c\x6b\x7b", 397 "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff", 398 { { "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96\xe9\x3d\x7e\x11\x73\x93\x17\x2a", 399 16, 400 "\x1a\xbc\x93\x24\x17\x52\x1c\xa2\x4f\x2b\x04\x59\xfe\x7e\x6e\x0b" }, 401 { "\xae\x2d\x8a\x57\x1e\x03\xac\x9c\x9e\xb7\x6f\xac\x45\xaf\x8e\x51", 402 16, 403 "\x09\x03\x39\xec\x0a\xa6\xfa\xef\xd5\xcc\xc2\xc6\xf4\xce\x8e\x94" }, 404 { "\x30\xc8\x1c\x46\xa3\x5c\xe4\x11\xe5\xfb\xc1\x19\x1a\x0a\x52\xef", 405 16, 406 "\x1e\x36\xb2\x6b\xd1\xeb\xc6\x70\xd1\xbd\x1d\x66\x56\x20\xab\xf7" }, 407 { "\xf6\x9f\x24\x45\xdf\x4f\x9b\x17\xad\x2b\x41\x7b\xe6\x6c\x37\x10", 408 16, 409 "\x4f\x78\xa7\xf6\xd2\x98\x09\x58\x5a\x97\xda\xec\x58\xc6\xb0\x50" }, 410 { "", 0, "" } 411 } 412 }, 413 { GCRY_CIPHER_AES256, 414 "\x60\x3d\xeb\x10\x15\xca\x71\xbe\x2b\x73\xae\xf0\x85\x7d\x77\x81" 415 "\x1f\x35\x2c\x07\x3b\x61\x08\xd7\x2d\x98\x10\xa3\x09\x14\xdf\xf4", 416 "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff", 417 { { "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96\xe9\x3d\x7e\x11\x73\x93\x17\x2a", 418 16, 419 "\x60\x1e\xc3\x13\x77\x57\x89\xa5\xb7\xa7\xf5\x04\xbb\xf3\xd2\x28" }, 420 { "\xae\x2d\x8a\x57\x1e\x03\xac\x9c\x9e\xb7\x6f\xac\x45\xaf\x8e\x51", 421 16, 422 "\xf4\x43\xe3\xca\x4d\x62\xb5\x9a\xca\x84\xe9\x90\xca\xca\xf5\xc5" }, 423 { "\x30\xc8\x1c\x46\xa3\x5c\xe4\x11\xe5\xfb\xc1\x19\x1a\x0a\x52\xef", 424 16, 425 "\x2b\x09\x30\xda\xa2\x3d\xe9\x4c\xe8\x70\x17\xba\x2d\x84\x98\x8d" }, 426 { "\xf6\x9f\x24\x45\xdf\x4f\x9b\x17\xad\x2b\x41\x7b\xe6\x6c\x37\x10", 427 16, 428 "\xdf\xc9\xc5\x8d\xb6\x7a\xad\xa6\x13\xc2\xdd\x08\x45\x79\x41\xa6" }, 429 { "", 0, "" } 430 } 431 }, 432 /* Some truncation tests. With a truncated second block and 433 also with a single truncated block. */ 434 { GCRY_CIPHER_AES, 435 "\x2b\x7e\x15\x16\x28\xae\xd2\xa6\xab\xf7\x15\x88\x09\xcf\x4f\x3c", 436 "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff", 437 {{"\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96\xe9\x3d\x7e\x11\x73\x93\x17\x2a", 438 16, 439 "\x87\x4d\x61\x91\xb6\x20\xe3\x26\x1b\xef\x68\x64\x99\x0d\xb6\xce" }, 440 {"\xae\x2d\x8a\x57\x1e\x03\xac\x9c\x9e\xb7\x6f\xac\x45\xaf\x8e", 441 15, 442 "\x98\x06\xf6\x6b\x79\x70\xfd\xff\x86\x17\x18\x7b\xb9\xff\xfd" }, 443 {"", 0, "" } 444 } 445 }, 446 { GCRY_CIPHER_AES, 447 "\x2b\x7e\x15\x16\x28\xae\xd2\xa6\xab\xf7\x15\x88\x09\xcf\x4f\x3c", 448 "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff", 449 {{"\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96\xe9\x3d\x7e\x11\x73\x93\x17\x2a", 450 16, 451 "\x87\x4d\x61\x91\xb6\x20\xe3\x26\x1b\xef\x68\x64\x99\x0d\xb6\xce" }, 452 {"\xae", 453 1, 454 "\x98" }, 455 {"", 0, "" } 456 } 457 }, 458 { GCRY_CIPHER_AES, 459 "\x2b\x7e\x15\x16\x28\xae\xd2\xa6\xab\xf7\x15\x88\x09\xcf\x4f\x3c", 460 "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff", 461 {{"\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96\xe9\x3d\x7e\x11\x73\x93\x17", 462 15, 463 "\x87\x4d\x61\x91\xb6\x20\xe3\x26\x1b\xef\x68\x64\x99\x0d\xb6" }, 464 {"", 0, "" } 465 } 466 }, 467 { GCRY_CIPHER_AES, 468 "\x2b\x7e\x15\x16\x28\xae\xd2\xa6\xab\xf7\x15\x88\x09\xcf\x4f\x3c", 469 "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff", 470 {{"\x6b", 471 1, 472 "\x87" }, 473 {"", 0, "" } 474 } 475 }, 476 /* Tests to see whether it works correctly as a stream cipher. */ 477 { GCRY_CIPHER_AES, 478 "\x2b\x7e\x15\x16\x28\xae\xd2\xa6\xab\xf7\x15\x88\x09\xcf\x4f\x3c", 479 "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff", 480 {{"\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96\xe9\x3d\x7e\x11\x73\x93\x17\x2a", 481 16, 482 "\x87\x4d\x61\x91\xb6\x20\xe3\x26\x1b\xef\x68\x64\x99\x0d\xb6\xce" }, 483 {"\xae\x2d\x8a\x57\x1e\x03\xac\x9c\x9e\xb7\x6f\xac\x45\xaf\x8e", 484 15, 485 "\x98\x06\xf6\x6b\x79\x70\xfd\xff\x86\x17\x18\x7b\xb9\xff\xfd" }, 486 {"\x51\x30\xc8\x1c\x46\xa3\x5c\xe4\x11\xe5\xfb\xc1\x19\x1a\x0a\x52\xef", 487 17, 488 "\xff\x5a\xe4\xdf\x3e\xdb\xd5\xd3\x5e\x5b\x4f\x09\x02\x0d\xb0\x3e\xab" }, 489 {"\xf6\x9f\x24\x45\xdf\x4f\x9b\x17\xad\x2b\x41\x7b\xe6\x6c\x37\x10", 490 16, 491 "\x1e\x03\x1d\xda\x2f\xbe\x03\xd1\x79\x21\x70\xa0\xf3\x00\x9c\xee" }, 492 493 { "", 0, "" } 494 } 495 }, 496 { GCRY_CIPHER_AES, 497 "\x2b\x7e\x15\x16\x28\xae\xd2\xa6\xab\xf7\x15\x88\x09\xcf\x4f\x3c", 498 "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff", 499 {{"\x6b", 500 1, 501 "\x87" }, 502 {"\xc1\xbe", 503 2, 504 "\x4d\x61" }, 505 {"\xe2\x2e\x40", 506 3, 507 "\x91\xb6\x20" }, 508 {"\x9f", 509 1, 510 "\xe3" }, 511 {"\x96\xe9\x3d\x7e\x11\x73\x93\x17\x2a", 512 9, 513 "\x26\x1b\xef\x68\x64\x99\x0d\xb6\xce" }, 514 {"\xae\x2d\x8a\x57\x1e\x03\xac\x9c\x9e\xb7\x6f\xac\x45\xaf\x8e", 515 15, 516 "\x98\x06\xf6\x6b\x79\x70\xfd\xff\x86\x17\x18\x7b\xb9\xff\xfd" }, 517 {"\x51\x30\xc8\x1c\x46\xa3\x5c\xe4\x11", 518 9, 519 "\xff\x5a\xe4\xdf\x3e\xdb\xd5\xd3\x5e" }, 520 521 { "", 0, "" } 522 } 523 }, 524#if USE_CAST5 525 /* A selfmade test vector using an 64 bit block cipher. */ 526 { GCRY_CIPHER_CAST5, 527 "\x2b\x7e\x15\x16\x28\xae\xd2\xa6\xab\xf7\x15\x88\x09\xcf\x4f\x3c", 528 "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8", 529 {{"\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96\xe9\x3d\x7e\x11\x73\x93\x17\x2a", 530 16, 531 "\xe8\xa7\xac\x68\xca\xca\xa0\x20\x10\xcb\x1b\xcc\x79\x2c\xc4\x48" }, 532 {"\xae\x2d\x8a\x57\x1e\x03\xac\x9c", 533 8, 534 "\x16\xe8\x72\x77\xb0\x98\x29\x68" }, 535 {"\x9e\xb7\x6f\xac\x45\xaf\x8e\x51", 536 8, 537 "\x9a\xb3\xa8\x03\x3b\xb4\x14\xba" }, 538 {"\xae\x2d\x8a\x57\x1e\x03\xac\x9c\xa1\x00", 539 10, 540 "\x31\x5e\xd3\xfb\x1b\x8d\xd1\xf9\xb0\x83" }, 541 { "", 0, "" } 542 } 543 }, 544#endif /*USE_CAST5*/ 545 { 0, 546 "", 547 "", 548 { 549 {"", 0, "" } 550 } 551 } 552 }; 553 gcry_cipher_hd_t hde, hdd; 554 unsigned char out[MAX_DATA_LEN]; 555 int i, j, keylen, blklen; 556 gcry_error_t err = 0; 557 558 if (verbose) 559 fprintf (stderr, " Starting CTR cipher checks.\n"); 560 for (i = 0; i < sizeof (tv) / sizeof (tv[0]); i++) 561 { 562 if (!tv[i].algo) 563 continue; 564 565 err = gcry_cipher_open (&hde, tv[i].algo, GCRY_CIPHER_MODE_CTR, 0); 566 if (!err) 567 err = gcry_cipher_open (&hdd, tv[i].algo, GCRY_CIPHER_MODE_CTR, 0); 568 if (err) 569 { 570 fail ("aes-ctr, gcry_cipher_open failed: %s\n", gpg_strerror (err)); 571 return; 572 } 573 574 keylen = gcry_cipher_get_algo_keylen(tv[i].algo); 575 if (!keylen) 576 { 577 fail ("aes-ctr, gcry_cipher_get_algo_keylen failed\n"); 578 return; 579 } 580 581 err = gcry_cipher_setkey (hde, tv[i].key, keylen); 582 if (!err) 583 err = gcry_cipher_setkey (hdd, tv[i].key, keylen); 584 if (err) 585 { 586 fail ("aes-ctr, gcry_cipher_setkey failed: %s\n", 587 gpg_strerror (err)); 588 gcry_cipher_close (hde); 589 gcry_cipher_close (hdd); 590 return; 591 } 592 593 blklen = gcry_cipher_get_algo_blklen(tv[i].algo); 594 if (!blklen) 595 { 596 fail ("aes-ctr, gcry_cipher_get_algo_blklen failed\n"); 597 return; 598 } 599 600 err = gcry_cipher_setctr (hde, tv[i].ctr, blklen); 601 if (!err) 602 err = gcry_cipher_setctr (hdd, tv[i].ctr, blklen); 603 if (err) 604 { 605 fail ("aes-ctr, gcry_cipher_setctr failed: %s\n", 606 gpg_strerror (err)); 607 gcry_cipher_close (hde); 608 gcry_cipher_close (hdd); 609 return; 610 } 611 612 if (verbose) 613 fprintf (stderr, " checking CTR mode for %s [%i]\n", 614 gcry_cipher_algo_name (tv[i].algo), 615 tv[i].algo); 616 for (j = 0; tv[i].data[j].inlen; j++) 617 { 618 err = gcry_cipher_encrypt (hde, out, MAX_DATA_LEN, 619 tv[i].data[j].plaintext, 620 tv[i].data[j].inlen == -1 ? 621 strlen ((char*)tv[i].data[j].plaintext) : 622 tv[i].data[j].inlen); 623 if (err) 624 { 625 fail ("aes-ctr, gcry_cipher_encrypt (%d, %d) failed: %s\n", 626 i, j, gpg_strerror (err)); 627 gcry_cipher_close (hde); 628 gcry_cipher_close (hdd); 629 return; 630 } 631 632 if (memcmp (tv[i].data[j].out, out, tv[i].data[j].inlen)) 633 { 634 fail ("aes-ctr, encrypt mismatch entry %d:%d\n", i, j); 635 mismatch (tv[i].data[j].out, tv[i].data[j].inlen, 636 out, tv[i].data[j].inlen); 637 } 638 639 err = gcry_cipher_decrypt (hdd, out, tv[i].data[j].inlen, NULL, 0); 640 if (err) 641 { 642 fail ("aes-ctr, gcry_cipher_decrypt (%d, %d) failed: %s\n", 643 i, j, gpg_strerror (err)); 644 gcry_cipher_close (hde); 645 gcry_cipher_close (hdd); 646 return; 647 } 648 649 if (memcmp (tv[i].data[j].plaintext, out, tv[i].data[j].inlen)) 650 { 651 fail ("aes-ctr, decrypt mismatch entry %d:%d\n", i, j); 652 mismatch (tv[i].data[j].plaintext, tv[i].data[j].inlen, 653 out, tv[i].data[j].inlen); 654 } 655 656 } 657 658 /* Now check that we get valid return codes back for good and 659 bad inputs. */ 660 err = gcry_cipher_encrypt (hde, out, MAX_DATA_LEN, 661 "1234567890123456", 16); 662 if (err) 663 fail ("aes-ctr, encryption failed for valid input"); 664 665 err = gcry_cipher_encrypt (hde, out, 15, 666 "1234567890123456", 16); 667 if (gpg_err_code (err) != GPG_ERR_BUFFER_TOO_SHORT) 668 fail ("aes-ctr, too short output buffer returned wrong error: %s\n", 669 gpg_strerror (err)); 670 671 err = gcry_cipher_encrypt (hde, out, 0, 672 "1234567890123456", 16); 673 if (gpg_err_code (err) != GPG_ERR_BUFFER_TOO_SHORT) 674 fail ("aes-ctr, 0 length output buffer returned wrong error: %s\n", 675 gpg_strerror (err)); 676 677 err = gcry_cipher_encrypt (hde, out, 16, 678 "1234567890123456", 16); 679 if (err) 680 fail ("aes-ctr, correct length output buffer returned error: %s\n", 681 gpg_strerror (err)); 682 683 /* Again, now for decryption. */ 684 err = gcry_cipher_decrypt (hde, out, MAX_DATA_LEN, 685 "1234567890123456", 16); 686 if (err) 687 fail ("aes-ctr, decryption failed for valid input"); 688 689 err = gcry_cipher_decrypt (hde, out, 15, 690 "1234567890123456", 16); 691 if (gpg_err_code (err) != GPG_ERR_BUFFER_TOO_SHORT) 692 fail ("aes-ctr, too short output buffer returned wrong error: %s\n", 693 gpg_strerror (err)); 694 695 err = gcry_cipher_decrypt (hde, out, 0, 696 "1234567890123456", 16); 697 if (gpg_err_code (err) != GPG_ERR_BUFFER_TOO_SHORT) 698 fail ("aes-ctr, 0 length output buffer returned wrong error: %s\n", 699 gpg_strerror (err)); 700 701 err = gcry_cipher_decrypt (hde, out, 16, 702 "1234567890123456", 16); 703 if (err) 704 fail ("aes-ctr, correct length output buffer returned error: %s\n", 705 gpg_strerror (err)); 706 707 gcry_cipher_close (hde); 708 gcry_cipher_close (hdd); 709 } 710 if (verbose) 711 fprintf (stderr, " Completed CTR cipher checks.\n"); 712} 713 714static void 715check_cfb_cipher (void) 716{ 717 struct tv 718 { 719 int algo; 720 char key[MAX_DATA_LEN]; 721 char iv[MAX_DATA_LEN]; 722 struct data 723 { 724 unsigned char plaintext[MAX_DATA_LEN]; 725 int inlen; 726 char out[MAX_DATA_LEN]; 727 } 728 data[MAX_DATA_LEN]; 729 } tv[] = 730 { 731 /* http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf */ 732 { GCRY_CIPHER_AES, 733 "\x2b\x7e\x15\x16\x28\xae\xd2\xa6\xab\xf7\x15\x88\x09\xcf\x4f\x3c", 734 "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f", 735 { { "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96\xe9\x3d\x7e\x11\x73\x93\x17\x2a", 736 16, 737 "\x3b\x3f\xd9\x2e\xb7\x2d\xad\x20\x33\x34\x49\xf8\xe8\x3c\xfb\x4a" }, 738 { "\xae\x2d\x8a\x57\x1e\x03\xac\x9c\x9e\xb7\x6f\xac\x45\xaf\x8e\x51", 739 16, 740 "\xc8\xa6\x45\x37\xa0\xb3\xa9\x3f\xcd\xe3\xcd\xad\x9f\x1c\xe5\x8b"}, 741 { "\x30\xc8\x1c\x46\xa3\x5c\xe4\x11\xe5\xfb\xc1\x19\x1a\x0a\x52\xef", 742 16, 743 "\x26\x75\x1f\x67\xa3\xcb\xb1\x40\xb1\x80\x8c\xf1\x87\xa4\xf4\xdf" }, 744 { "\xf6\x9f\x24\x45\xdf\x4f\x9b\x17\xad\x2b\x41\x7b\xe6\x6c\x37\x10", 745 16, 746 "\xc0\x4b\x05\x35\x7c\x5d\x1c\x0e\xea\xc4\xc6\x6f\x9f\xf7\xf2\xe6" }, 747 } 748 }, 749 { GCRY_CIPHER_AES192, 750 "\x8e\x73\xb0\xf7\xda\x0e\x64\x52\xc8\x10\xf3\x2b" 751 "\x80\x90\x79\xe5\x62\xf8\xea\xd2\x52\x2c\x6b\x7b", 752 "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f", 753 { { "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96\xe9\x3d\x7e\x11\x73\x93\x17\x2a", 754 16, 755 "\xcd\xc8\x0d\x6f\xdd\xf1\x8c\xab\x34\xc2\x59\x09\xc9\x9a\x41\x74" }, 756 { "\xae\x2d\x8a\x57\x1e\x03\xac\x9c\x9e\xb7\x6f\xac\x45\xaf\x8e\x51", 757 16, 758 "\x67\xce\x7f\x7f\x81\x17\x36\x21\x96\x1a\x2b\x70\x17\x1d\x3d\x7a" }, 759 { "\x30\xc8\x1c\x46\xa3\x5c\xe4\x11\xe5\xfb\xc1\x19\x1a\x0a\x52\xef", 760 16, 761 "\x2e\x1e\x8a\x1d\xd5\x9b\x88\xb1\xc8\xe6\x0f\xed\x1e\xfa\xc4\xc9" }, 762 { "\xf6\x9f\x24\x45\xdf\x4f\x9b\x17\xad\x2b\x41\x7b\xe6\x6c\x37\x10", 763 16, 764 "\xc0\x5f\x9f\x9c\xa9\x83\x4f\xa0\x42\xae\x8f\xba\x58\x4b\x09\xff" }, 765 } 766 }, 767 { GCRY_CIPHER_AES256, 768 "\x60\x3d\xeb\x10\x15\xca\x71\xbe\x2b\x73\xae\xf0\x85\x7d\x77\x81" 769 "\x1f\x35\x2c\x07\x3b\x61\x08\xd7\x2d\x98\x10\xa3\x09\x14\xdf\xf4", 770 "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f", 771 { { "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96\xe9\x3d\x7e\x11\x73\x93\x17\x2a", 772 16, 773 "\xdc\x7e\x84\xbf\xda\x79\x16\x4b\x7e\xcd\x84\x86\x98\x5d\x38\x60" }, 774 { "\xae\x2d\x8a\x57\x1e\x03\xac\x9c\x9e\xb7\x6f\xac\x45\xaf\x8e\x51", 775 16, 776 "\x39\xff\xed\x14\x3b\x28\xb1\xc8\x32\x11\x3c\x63\x31\xe5\x40\x7b" }, 777 { "\x30\xc8\x1c\x46\xa3\x5c\xe4\x11\xe5\xfb\xc1\x19\x1a\x0a\x52\xef", 778 16, 779 "\xdf\x10\x13\x24\x15\xe5\x4b\x92\xa1\x3e\xd0\xa8\x26\x7a\xe2\xf9" }, 780 { "\xf6\x9f\x24\x45\xdf\x4f\x9b\x17\xad\x2b\x41\x7b\xe6\x6c\x37\x10", 781 16, 782 "\x75\xa3\x85\x74\x1a\xb9\xce\xf8\x20\x31\x62\x3d\x55\xb1\xe4\x71" } 783 } 784 } 785 }; 786 gcry_cipher_hd_t hde, hdd; 787 unsigned char out[MAX_DATA_LEN]; 788 int i, j, keylen, blklen; 789 gcry_error_t err = 0; 790 791 if (verbose) 792 fprintf (stderr, " Starting CFB checks.\n"); 793 794 for (i = 0; i < sizeof (tv) / sizeof (tv[0]); i++) 795 { 796 if (verbose) 797 fprintf (stderr, " checking CFB mode for %s [%i]\n", 798 gcry_cipher_algo_name (tv[i].algo), 799 tv[i].algo); 800 err = gcry_cipher_open (&hde, tv[i].algo, GCRY_CIPHER_MODE_CFB, 0); 801 if (!err) 802 err = gcry_cipher_open (&hdd, tv[i].algo, GCRY_CIPHER_MODE_CFB, 0); 803 if (err) 804 { 805 fail ("aes-cfb, gcry_cipher_open failed: %s\n", gpg_strerror (err)); 806 return; 807 } 808 809 keylen = gcry_cipher_get_algo_keylen(tv[i].algo); 810 if (!keylen) 811 { 812 fail ("aes-cfb, gcry_cipher_get_algo_keylen failed\n"); 813 return; 814 } 815 816 err = gcry_cipher_setkey (hde, tv[i].key, keylen); 817 if (!err) 818 err = gcry_cipher_setkey (hdd, tv[i].key, keylen); 819 if (err) 820 { 821 fail ("aes-cfb, gcry_cipher_setkey failed: %s\n", 822 gpg_strerror (err)); 823 gcry_cipher_close (hde); 824 gcry_cipher_close (hdd); 825 return; 826 } 827 828 blklen = gcry_cipher_get_algo_blklen(tv[i].algo); 829 if (!blklen) 830 { 831 fail ("aes-cfb, gcry_cipher_get_algo_blklen failed\n"); 832 return; 833 } 834 835 err = gcry_cipher_setiv (hde, tv[i].iv, blklen); 836 if (!err) 837 err = gcry_cipher_setiv (hdd, tv[i].iv, blklen); 838 if (err) 839 { 840 fail ("aes-cfb, gcry_cipher_setiv failed: %s\n", 841 gpg_strerror (err)); 842 gcry_cipher_close (hde); 843 gcry_cipher_close (hdd); 844 return; 845 } 846 847 for (j = 0; tv[i].data[j].inlen; j++) 848 { 849 err = gcry_cipher_encrypt (hde, out, MAX_DATA_LEN, 850 tv[i].data[j].plaintext, 851 tv[i].data[j].inlen); 852 if (err) 853 { 854 fail ("aes-cfb, gcry_cipher_encrypt (%d, %d) failed: %s\n", 855 i, j, gpg_strerror (err)); 856 gcry_cipher_close (hde); 857 gcry_cipher_close (hdd); 858 return; 859 } 860 861 if (memcmp (tv[i].data[j].out, out, tv[i].data[j].inlen)) { 862 fail ("aes-cfb, encrypt mismatch entry %d:%d\n", i, j); 863 } 864 err = gcry_cipher_decrypt (hdd, out, tv[i].data[j].inlen, NULL, 0); 865 if (err) 866 { 867 fail ("aes-cfb, gcry_cipher_decrypt (%d, %d) failed: %s\n", 868 i, j, gpg_strerror (err)); 869 gcry_cipher_close (hde); 870 gcry_cipher_close (hdd); 871 return; 872 } 873 874 if (memcmp (tv[i].data[j].plaintext, out, tv[i].data[j].inlen)) 875 fail ("aes-cfb, decrypt mismatch entry %d:%d\n", i, j); 876 } 877 878 gcry_cipher_close (hde); 879 gcry_cipher_close (hdd); 880 } 881 if (verbose) 882 fprintf (stderr, " Completed CFB checks.\n"); 883} 884 885static void 886check_ofb_cipher (void) 887{ 888 struct tv 889 { 890 int algo; 891 char key[MAX_DATA_LEN]; 892 char iv[MAX_DATA_LEN]; 893 struct data 894 { 895 unsigned char plaintext[MAX_DATA_LEN]; 896 int inlen; 897 char out[MAX_DATA_LEN]; 898 } 899 data[MAX_DATA_LEN]; 900 } tv[] = 901 { 902 /* http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf */ 903 { GCRY_CIPHER_AES, 904 "\x2b\x7e\x15\x16\x28\xae\xd2\xa6\xab\xf7\x15\x88\x09\xcf\x4f\x3c", 905 "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f", 906 { { "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96\xe9\x3d\x7e\x11\x73\x93\x17\x2a", 907 16, 908 "\x3b\x3f\xd9\x2e\xb7\x2d\xad\x20\x33\x34\x49\xf8\xe8\x3c\xfb\x4a" }, 909 { "\xae\x2d\x8a\x57\x1e\x03\xac\x9c\x9e\xb7\x6f\xac\x45\xaf\x8e\x51", 910 16, 911 "\x77\x89\x50\x8d\x16\x91\x8f\x03\xf5\x3c\x52\xda\xc5\x4e\xd8\x25"}, 912 { "\x30\xc8\x1c\x46\xa3\x5c\xe4\x11\xe5\xfb\xc1\x19\x1a\x0a\x52\xef", 913 16, 914 "\x97\x40\x05\x1e\x9c\x5f\xec\xf6\x43\x44\xf7\xa8\x22\x60\xed\xcc" }, 915 { "\xf6\x9f\x24\x45\xdf\x4f\x9b\x17\xad\x2b\x41\x7b\xe6\x6c\x37\x10", 916 16, 917 "\x30\x4c\x65\x28\xf6\x59\xc7\x78\x66\xa5\x10\xd9\xc1\xd6\xae\x5e" }, 918 } 919 }, 920 { GCRY_CIPHER_AES192, 921 "\x8e\x73\xb0\xf7\xda\x0e\x64\x52\xc8\x10\xf3\x2b" 922 "\x80\x90\x79\xe5\x62\xf8\xea\xd2\x52\x2c\x6b\x7b", 923 "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f", 924 { { "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96\xe9\x3d\x7e\x11\x73\x93\x17\x2a", 925 16, 926 "\xcd\xc8\x0d\x6f\xdd\xf1\x8c\xab\x34\xc2\x59\x09\xc9\x9a\x41\x74" }, 927 { "\xae\x2d\x8a\x57\x1e\x03\xac\x9c\x9e\xb7\x6f\xac\x45\xaf\x8e\x51", 928 16, 929 "\xfc\xc2\x8b\x8d\x4c\x63\x83\x7c\x09\xe8\x17\x00\xc1\x10\x04\x01" }, 930 { "\x30\xc8\x1c\x46\xa3\x5c\xe4\x11\xe5\xfb\xc1\x19\x1a\x0a\x52\xef", 931 16, 932 "\x8d\x9a\x9a\xea\xc0\xf6\x59\x6f\x55\x9c\x6d\x4d\xaf\x59\xa5\xf2" }, 933 { "\xf6\x9f\x24\x45\xdf\x4f\x9b\x17\xad\x2b\x41\x7b\xe6\x6c\x37\x10", 934 16, 935 "\x6d\x9f\x20\x08\x57\xca\x6c\x3e\x9c\xac\x52\x4b\xd9\xac\xc9\x2a" }, 936 } 937 }, 938 { GCRY_CIPHER_AES256, 939 "\x60\x3d\xeb\x10\x15\xca\x71\xbe\x2b\x73\xae\xf0\x85\x7d\x77\x81" 940 "\x1f\x35\x2c\x07\x3b\x61\x08\xd7\x2d\x98\x10\xa3\x09\x14\xdf\xf4", 941 "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f", 942 { { "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96\xe9\x3d\x7e\x11\x73\x93\x17\x2a", 943 16, 944 "\xdc\x7e\x84\xbf\xda\x79\x16\x4b\x7e\xcd\x84\x86\x98\x5d\x38\x60" }, 945 { "\xae\x2d\x8a\x57\x1e\x03\xac\x9c\x9e\xb7\x6f\xac\x45\xaf\x8e\x51", 946 16, 947 "\x4f\xeb\xdc\x67\x40\xd2\x0b\x3a\xc8\x8f\x6a\xd8\x2a\x4f\xb0\x8d" }, 948 { "\x30\xc8\x1c\x46\xa3\x5c\xe4\x11\xe5\xfb\xc1\x19\x1a\x0a\x52\xef", 949 16, 950 "\x71\xab\x47\xa0\x86\xe8\x6e\xed\xf3\x9d\x1c\x5b\xba\x97\xc4\x08" }, 951 { "\xf6\x9f\x24\x45\xdf\x4f\x9b\x17\xad\x2b\x41\x7b\xe6\x6c\x37\x10", 952 16, 953 "\x01\x26\x14\x1d\x67\xf3\x7b\xe8\x53\x8f\x5a\x8b\xe7\x40\xe4\x84" } 954 } 955 } 956 }; 957 gcry_cipher_hd_t hde, hdd; 958 unsigned char out[MAX_DATA_LEN]; 959 int i, j, keylen, blklen; 960 gcry_error_t err = 0; 961 962 if (verbose) 963 fprintf (stderr, " Starting OFB checks.\n"); 964 965 for (i = 0; i < sizeof (tv) / sizeof (tv[0]); i++) 966 { 967 if (verbose) 968 fprintf (stderr, " checking OFB mode for %s [%i]\n", 969 gcry_cipher_algo_name (tv[i].algo), 970 tv[i].algo); 971 err = gcry_cipher_open (&hde, tv[i].algo, GCRY_CIPHER_MODE_OFB, 0); 972 if (!err) 973 err = gcry_cipher_open (&hdd, tv[i].algo, GCRY_CIPHER_MODE_OFB, 0); 974 if (err) 975 { 976 fail ("aes-ofb, gcry_cipher_open failed: %s\n", gpg_strerror (err)); 977 return; 978 } 979 980 keylen = gcry_cipher_get_algo_keylen(tv[i].algo); 981 if (!keylen) 982 { 983 fail ("aes-ofb, gcry_cipher_get_algo_keylen failed\n"); 984 return; 985 } 986 987 err = gcry_cipher_setkey (hde, tv[i].key, keylen); 988 if (!err) 989 err = gcry_cipher_setkey (hdd, tv[i].key, keylen); 990 if (err) 991 { 992 fail ("aes-ofb, gcry_cipher_setkey failed: %s\n", 993 gpg_strerror (err)); 994 gcry_cipher_close (hde); 995 gcry_cipher_close (hdd); 996 return; 997 } 998 999 blklen = gcry_cipher_get_algo_blklen(tv[i].algo); 1000 if (!blklen) 1001 { 1002 fail ("aes-ofb, gcry_cipher_get_algo_blklen failed\n"); 1003 return; 1004 } 1005 1006 err = gcry_cipher_setiv (hde, tv[i].iv, blklen); 1007 if (!err) 1008 err = gcry_cipher_setiv (hdd, tv[i].iv, blklen); 1009 if (err) 1010 { 1011 fail ("aes-ofb, gcry_cipher_setiv failed: %s\n", 1012 gpg_strerror (err)); 1013 gcry_cipher_close (hde); 1014 gcry_cipher_close (hdd); 1015 return; 1016 } 1017 1018 for (j = 0; tv[i].data[j].inlen; j++) 1019 { 1020 err = gcry_cipher_encrypt (hde, out, MAX_DATA_LEN, 1021 tv[i].data[j].plaintext, 1022 tv[i].data[j].inlen); 1023 if (err) 1024 { 1025 fail ("aes-ofb, gcry_cipher_encrypt (%d, %d) failed: %s\n", 1026 i, j, gpg_strerror (err)); 1027 gcry_cipher_close (hde); 1028 gcry_cipher_close (hdd); 1029 return; 1030 } 1031 1032 if (memcmp (tv[i].data[j].out, out, tv[i].data[j].inlen)) 1033 fail ("aes-ofb, encrypt mismatch entry %d:%d\n", i, j); 1034 1035 err = gcry_cipher_decrypt (hdd, out, tv[i].data[j].inlen, NULL, 0); 1036 if (err) 1037 { 1038 fail ("aes-ofb, gcry_cipher_decrypt (%d, %d) failed: %s\n", 1039 i, j, gpg_strerror (err)); 1040 gcry_cipher_close (hde); 1041 gcry_cipher_close (hdd); 1042 return; 1043 } 1044 1045 if (memcmp (tv[i].data[j].plaintext, out, tv[i].data[j].inlen)) 1046 fail ("aes-ofb, decrypt mismatch entry %d:%d\n", i, j); 1047 } 1048 1049 err = gcry_cipher_reset(hde); 1050 if (!err) 1051 err = gcry_cipher_reset(hdd); 1052 if (err) 1053 { 1054 fail ("aes-ofb, gcry_cipher_reset (%d, %d) failed: %s\n", 1055 i, j, gpg_strerror (err)); 1056 gcry_cipher_close (hde); 1057 gcry_cipher_close (hdd); 1058 return; 1059 } 1060 1061 /* gcry_cipher_reset clears the IV */ 1062 err = gcry_cipher_setiv (hde, tv[i].iv, blklen); 1063 if (!err) 1064 err = gcry_cipher_setiv (hdd, tv[i].iv, blklen); 1065 if (err) 1066 { 1067 fail ("aes-ofb, gcry_cipher_setiv failed: %s\n", 1068 gpg_strerror (err)); 1069 gcry_cipher_close (hde); 1070 gcry_cipher_close (hdd); 1071 return; 1072 } 1073 1074 /* this time we encrypt and decrypt one byte at a time */ 1075 for (j = 0; tv[i].data[j].inlen; j++) 1076 { 1077 int byteNum; 1078 for (byteNum = 0; byteNum < tv[i].data[j].inlen; ++byteNum) 1079 { 1080 err = gcry_cipher_encrypt (hde, out+byteNum, 1, 1081 (tv[i].data[j].plaintext) + byteNum, 1082 1); 1083 if (err) 1084 { 1085 fail ("aes-ofb, gcry_cipher_encrypt (%d, %d) failed: %s\n", 1086 i, j, gpg_strerror (err)); 1087 gcry_cipher_close (hde); 1088 gcry_cipher_close (hdd); 1089 return; 1090 } 1091 } 1092 1093 if (memcmp (tv[i].data[j].out, out, tv[i].data[j].inlen)) 1094 fail ("aes-ofb, encrypt mismatch entry %d:%d\n", i, j); 1095 1096 for (byteNum = 0; byteNum < tv[i].data[j].inlen; ++byteNum) 1097 { 1098 err = gcry_cipher_decrypt (hdd, out+byteNum, 1, NULL, 0); 1099 if (err) 1100 { 1101 fail ("aes-ofb, gcry_cipher_decrypt (%d, %d) failed: %s\n", 1102 i, j, gpg_strerror (err)); 1103 gcry_cipher_close (hde); 1104 gcry_cipher_close (hdd); 1105 return; 1106 } 1107 } 1108 1109 if (memcmp (tv[i].data[j].plaintext, out, tv[i].data[j].inlen)) 1110 fail ("aes-ofb, decrypt mismatch entry %d:%d\n", i, j); 1111 } 1112 1113 gcry_cipher_close (hde); 1114 gcry_cipher_close (hdd); 1115 } 1116 if (verbose) 1117 fprintf (stderr, " Completed OFB checks.\n"); 1118} 1119 1120 1121/* Check that our bulk encryption fucntions work properly. */ 1122static void 1123check_bulk_cipher_modes (void) 1124{ 1125 struct 1126 { 1127 int algo; 1128 int mode; 1129 const char *key; 1130 int keylen; 1131 const char *iv; 1132 int ivlen; 1133 char t1_hash[20]; 1134 } tv[] = { 1135 { GCRY_CIPHER_AES, GCRY_CIPHER_MODE_CFB, 1136 "abcdefghijklmnop", 16, 1137 "1234567890123456", 16, 1138/*[0]*/ 1139 { 0x53, 0xda, 0x27, 0x3c, 0x78, 0x3d, 0x54, 0x66, 0x19, 0x63, 1140 0xd7, 0xe6, 0x20, 0x10, 0xcd, 0xc0, 0x5a, 0x0b, 0x06, 0xcc } 1141 }, 1142 { GCRY_CIPHER_AES192, GCRY_CIPHER_MODE_CFB, 1143 "abcdefghijklmnopABCDEFG", 24, 1144 "1234567890123456", 16, 1145/*[1]*/ 1146 { 0xc7, 0xb1, 0xd0, 0x09, 0x95, 0x04, 0x34, 0x61, 0x2b, 0xd9, 1147 0xcb, 0xb3, 0xc7, 0xcb, 0xef, 0xea, 0x16, 0x19, 0x9b, 0x3e } 1148 }, 1149 { GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CFB, 1150 "abcdefghijklmnopABCDEFGHIJKLMNOP", 32, 1151 "1234567890123456", 16, 1152/*[2]*/ 1153 { 0x31, 0xe1, 0x1f, 0x63, 0x65, 0x47, 0x8c, 0x3f, 0x53, 0xdb, 1154 0xd9, 0x4d, 0x91, 0x1d, 0x02, 0x9c, 0x05, 0x25, 0x58, 0x29 } 1155 }, 1156 { GCRY_CIPHER_AES, GCRY_CIPHER_MODE_CBC, 1157 "abcdefghijklmnop", 16, 1158 "1234567890123456", 16, 1159/*[3]*/ 1160 { 0xdc, 0x0c, 0xc2, 0xd9, 0x6b, 0x47, 0xf9, 0xeb, 0x06, 0xb4, 1161 0x2f, 0x6e, 0xec, 0x72, 0xbf, 0x55, 0x26, 0x7f, 0xa9, 0x97 } 1162 }, 1163 { GCRY_CIPHER_AES192, GCRY_CIPHER_MODE_CBC, 1164 "abcdefghijklmnopABCDEFG", 24, 1165 "1234567890123456", 16, 1166/*[4]*/ 1167 { 0x2b, 0x90, 0x9b, 0xe6, 0x40, 0xab, 0x6e, 0xc2, 0xc5, 0xb1, 1168 0x87, 0xf5, 0x43, 0x84, 0x7b, 0x04, 0x06, 0x47, 0xd1, 0x8f } 1169 }, 1170 { GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CBC, 1171 "abcdefghijklmnopABCDEFGHIJKLMNOP", 32, 1172 "1234567890123456", 16, 1173/*[5]*/ 1174 { 0xaa, 0xa8, 0xdf, 0x03, 0xb0, 0xba, 0xc4, 0xe3, 0xc1, 0x02, 1175 0x38, 0x31, 0x8d, 0x86, 0xcb, 0x49, 0x6d, 0xad, 0xae, 0x01 } 1176 }, 1177 { GCRY_CIPHER_AES, GCRY_CIPHER_MODE_OFB, 1178 "abcdefghijklmnop", 16, 1179 "1234567890123456", 16, 1180/*[6]*/ 1181 { 0x65, 0xfe, 0xde, 0x48, 0xd0, 0xa1, 0xa6, 0xf9, 0x24, 0x6b, 1182 0x52, 0x5f, 0x21, 0x8a, 0x6f, 0xc7, 0x70, 0x3b, 0xd8, 0x4a } 1183 }, 1184 { GCRY_CIPHER_AES192, GCRY_CIPHER_MODE_OFB, 1185 "abcdefghijklmnopABCDEFG", 24, 1186 "1234567890123456", 16, 1187/*[7]*/ 1188 { 0x59, 0x5b, 0x02, 0xa2, 0x88, 0xc0, 0xbe, 0x94, 0x43, 0xaa, 1189 0x39, 0xf6, 0xbd, 0xcc, 0x83, 0x99, 0xee, 0x00, 0xa1, 0x91 } 1190 }, 1191 { GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_OFB, 1192 "abcdefghijklmnopABCDEFGHIJKLMNOP", 32, 1193 "1234567890123456", 16, 1194/*[8]*/ 1195 { 0x38, 0x8c, 0xe1, 0xe2, 0xbe, 0x67, 0x60, 0xe8, 0xeb, 0xce, 1196 0xd0, 0xc6, 0xaa, 0xd6, 0xf6, 0x26, 0x15, 0x56, 0xd0, 0x2b } 1197 }, 1198 { GCRY_CIPHER_AES, GCRY_CIPHER_MODE_CTR, 1199 "abcdefghijklmnop", 16, 1200 "1234567890123456", 16, 1201/*[9]*/ 1202 { 0x9a, 0x48, 0x94, 0xd6, 0x50, 0x46, 0x81, 0xdb, 0x68, 0x34, 1203 0x3b, 0xc5, 0x9e, 0x66, 0x94, 0x81, 0x98, 0xa0, 0xf9, 0xff } 1204 }, 1205 { GCRY_CIPHER_AES192, GCRY_CIPHER_MODE_CTR, 1206 "abcdefghijklmnopABCDEFG", 24, 1207 "1234567890123456", 16, 1208/*[10]*/ 1209 { 0x2c, 0x2c, 0xd3, 0x75, 0x81, 0x2a, 0x59, 0x07, 0xeb, 0x08, 1210 0xce, 0x28, 0x4c, 0x0c, 0x6a, 0xa8, 0x8f, 0xa3, 0x98, 0x7e } 1211 }, 1212 { GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CTR, 1213 "abcdefghijklmnopABCDEFGHIJKLMNOP", 32, 1214 "1234567890123456", 16, 1215/*[11]*/ 1216 { 0x64, 0xce, 0x73, 0x03, 0xc7, 0x89, 0x99, 0x1f, 0xf1, 0xce, 1217 0xfe, 0xfb, 0xb9, 0x42, 0x30, 0xdf, 0xbb, 0x68, 0x6f, 0xd3 } 1218 }, 1219 { GCRY_CIPHER_AES, GCRY_CIPHER_MODE_ECB, 1220 "abcdefghijklmnop", 16, 1221 "1234567890123456", 16, 1222/*[12]*/ 1223 { 0x51, 0xae, 0xf5, 0xac, 0x22, 0xa0, 0xba, 0x11, 0xc5, 0xaa, 1224 0xb4, 0x70, 0x99, 0xce, 0x18, 0x08, 0x12, 0x9b, 0xb1, 0xc5 } 1225 }, 1226 { GCRY_CIPHER_AES192, GCRY_CIPHER_MODE_ECB, 1227 "abcdefghijklmnopABCDEFG", 24, 1228 "1234567890123456", 16, 1229/*[13]*/ 1230 { 0x57, 0x91, 0xea, 0x48, 0xd8, 0xbf, 0x9e, 0xc1, 0xae, 0x33, 1231 0xb3, 0xfd, 0xf7, 0x7a, 0xeb, 0x30, 0xb1, 0x62, 0x0d, 0x82 } 1232 }, 1233 { GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_ECB, 1234 "abcdefghijklmnopABCDEFGHIJKLMNOP", 32, 1235 "1234567890123456", 16, 1236/*[14]*/ 1237 { 0x2d, 0x71, 0x54, 0xb9, 0xc5, 0x28, 0x76, 0xff, 0x76, 0xb5, 1238 0x99, 0x37, 0x99, 0x9d, 0xf7, 0x10, 0x6d, 0x86, 0x4f, 0x3f } 1239 } 1240 }; 1241 gcry_cipher_hd_t hde = NULL; 1242 gcry_cipher_hd_t hdd = NULL; 1243 unsigned char *buffer_base, *outbuf_base; /* Allocated buffers. */ 1244 unsigned char *buffer, *outbuf; /* Aligned buffers. */ 1245 size_t buflen; 1246 unsigned char hash[20]; 1247 int i, j, keylen, blklen; 1248 gcry_error_t err = 0; 1249 1250 if (verbose) 1251 fprintf (stderr, "Starting bulk cipher checks.\n"); 1252 1253 buflen = 16*100; /* We check a 1600 byte buffer. */ 1254 buffer_base = gcry_xmalloc (buflen+15); 1255 buffer = buffer_base + (16 - ((size_t)buffer_base & 0x0f)); 1256 outbuf_base = gcry_xmalloc (buflen+15); 1257 outbuf = outbuf_base + (16 - ((size_t)outbuf_base & 0x0f)); 1258 1259 1260 for (i = 0; i < DIM (tv); i++) 1261 { 1262 if (verbose) 1263 fprintf (stderr, " checking bulk encryption for %s [%i], mode %d\n", 1264 gcry_cipher_algo_name (tv[i].algo), 1265 tv[i].algo, tv[i].mode); 1266 err = gcry_cipher_open (&hde, tv[i].algo, tv[i].mode, 0); 1267 if (!err) 1268 err = gcry_cipher_open (&hdd, tv[i].algo, tv[i].mode, 0); 1269 if (err) 1270 { 1271 fail ("gcry_cipher_open failed: %s\n", gpg_strerror (err)); 1272 goto leave; 1273 } 1274 1275 keylen = gcry_cipher_get_algo_keylen(tv[i].algo); 1276 if (!keylen) 1277 { 1278 fail ("gcry_cipher_get_algo_keylen failed\n"); 1279 goto leave; 1280 } 1281 1282 err = gcry_cipher_setkey (hde, tv[i].key, tv[i].keylen); 1283 if (!err) 1284 err = gcry_cipher_setkey (hdd, tv[i].key, tv[i].keylen); 1285 if (err) 1286 { 1287 fail ("gcry_cipher_setkey failed: %s\n", gpg_strerror (err)); 1288 goto leave; 1289 } 1290 1291 blklen = gcry_cipher_get_algo_blklen(tv[i].algo); 1292 if (!blklen) 1293 { 1294 fail ("gcry_cipher_get_algo_blklen failed\n"); 1295 goto leave; 1296 } 1297 1298 err = gcry_cipher_setiv (hde, tv[i].iv, tv[i].ivlen); 1299 if (!err) 1300 err = gcry_cipher_setiv (hdd, tv[i].iv, tv[i].ivlen); 1301 if (err) 1302 { 1303 fail ("gcry_cipher_setiv failed: %s\n", gpg_strerror (err)); 1304 goto leave; 1305 } 1306 1307 /* Fill the buffer with our test pattern. */ 1308 for (j=0; j < buflen; j++) 1309 buffer[j] = ((j & 0xff) ^ ((j >> 8) & 0xff)); 1310 1311 err = gcry_cipher_encrypt (hde, outbuf, buflen, buffer, buflen); 1312 if (err) 1313 { 1314 fail ("gcry_cipher_encrypt (algo %d, mode %d) failed: %s\n", 1315 tv[i].algo, tv[i].mode, gpg_strerror (err)); 1316 goto leave; 1317 } 1318 1319 gcry_md_hash_buffer (GCRY_MD_SHA1, hash, outbuf, buflen); 1320#if 0 1321 printf ("/*[%d]*/\n", i); 1322 fputs (" {", stdout); 1323 for (j=0; j < 20; j++) 1324 printf (" 0x%02x%c%s", hash[j], j==19? ' ':',', j == 9? "\n ":""); 1325 puts ("}"); 1326#endif 1327 1328 if (memcmp (hash, tv[i].t1_hash, 20)) 1329 fail ("encrypt mismatch (algo %d, mode %d)\n", 1330 tv[i].algo, tv[i].mode); 1331 1332 err = gcry_cipher_decrypt (hdd, outbuf, buflen, NULL, 0); 1333 if (err) 1334 { 1335 fail ("gcry_cipher_decrypt (algo %d, mode %d) failed: %s\n", 1336 tv[i].algo, tv[i].mode, gpg_strerror (err)); 1337 goto leave; 1338 } 1339 1340 if (memcmp (buffer, outbuf, buflen)) 1341 fail ("decrypt mismatch (algo %d, mode %d)\n", 1342 tv[i].algo, tv[i].mode); 1343 1344 gcry_cipher_close (hde); hde = NULL; 1345 gcry_cipher_close (hdd); hdd = NULL; 1346 } 1347 1348 if (verbose) 1349 fprintf (stderr, "Completed bulk cipher checks.\n"); 1350 leave: 1351 gcry_cipher_close (hde); 1352 gcry_cipher_close (hdd); 1353 gcry_free (buffer_base); 1354 gcry_free (outbuf_base); 1355} 1356 1357 1358 1359static void 1360check_one_cipher (int algo, int mode, int flags) 1361{ 1362 gcry_cipher_hd_t hd; 1363 char key[32]; 1364 unsigned char plain[16], in[16], out[16]; 1365 int keylen; 1366 gcry_error_t err = 0; 1367 1368 memcpy (key, "0123456789abcdef.,;/[]{}-=ABCDEF", 32); 1369 memcpy (plain, "foobar42FOOBAR17", 16); 1370 1371 keylen = gcry_cipher_get_algo_keylen (algo); 1372 if (!keylen) 1373 { 1374 fail ("algo %d, mode %d, gcry_cipher_get_algo_keylen failed\n", 1375 algo, mode); 1376 return; 1377 } 1378 1379 if (keylen < 40 / 8 || keylen > 32) 1380 { 1381 fail ("algo %d, mode %d, keylength problem (%d)\n", algo, mode, keylen); 1382 return; 1383 } 1384 1385 err = gcry_cipher_open (&hd, algo, mode, flags); 1386 if (err) 1387 { 1388 fail ("algo %d, mode %d, gcry_cipher_open failed: %s\n", 1389 algo, mode, gpg_strerror (err)); 1390 return; 1391 } 1392 1393 err = gcry_cipher_setkey (hd, key, keylen); 1394 if (err) 1395 { 1396 fail ("algo %d, mode %d, gcry_cipher_setkey failed: %s\n", 1397 algo, mode, gpg_strerror (err)); 1398 gcry_cipher_close (hd); 1399 return; 1400 } 1401 1402 err = gcry_cipher_encrypt (hd, out, 16, plain, 16); 1403 if (err) 1404 { 1405 fail ("algo %d, mode %d, gcry_cipher_encrypt failed: %s\n", 1406 algo, mode, gpg_strerror (err)); 1407 gcry_cipher_close (hd); 1408 return; 1409 } 1410 1411 gcry_cipher_reset (hd); 1412 1413 err = gcry_cipher_decrypt (hd, in, 16, out, 16); 1414 if (err) 1415 { 1416 fail ("algo %d, mode %d, gcry_cipher_decrypt failed: %s\n", 1417 algo, mode, gpg_strerror (err)); 1418 gcry_cipher_close (hd); 1419 return; 1420 } 1421 1422 if (memcmp (plain, in, 16)) 1423 fail ("algo %d, mode %d, encrypt-decrypt mismatch\n", algo, mode); 1424 1425 /* Again, using in-place encryption. */ 1426 gcry_cipher_reset (hd); 1427 1428 memcpy (out, plain, 16); 1429 err = gcry_cipher_encrypt (hd, out, 16, NULL, 0); 1430 if (err) 1431 { 1432 fail ("algo %d, mode %d, in-place, gcry_cipher_encrypt failed: %s\n", 1433 algo, mode, gpg_strerror (err)); 1434 gcry_cipher_close (hd); 1435 return; 1436 } 1437 1438 gcry_cipher_reset (hd); 1439 1440 err = gcry_cipher_decrypt (hd, out, 16, NULL, 0); 1441 if (err) 1442 { 1443 fail ("algo %d, mode %d, in-place, gcry_cipher_decrypt failed: %s\n", 1444 algo, mode, gpg_strerror (err)); 1445 gcry_cipher_close (hd); 1446 return; 1447 } 1448 1449 if (memcmp (plain, out, 16)) 1450 fail ("algo %d, mode %d, in-place, encrypt-decrypt mismatch\n",algo, mode); 1451 1452 1453 gcry_cipher_close (hd); 1454 1455} 1456 1457 1458static void 1459check_ciphers (void) 1460{ 1461 static int algos[] = { 1462#if USE_BLOWFISH 1463 GCRY_CIPHER_BLOWFISH, 1464#endif 1465#if USE_DES 1466 GCRY_CIPHER_DES, 1467 GCRY_CIPHER_3DES, 1468#endif 1469#if USE_CAST5 1470 GCRY_CIPHER_CAST5, 1471#endif 1472#if USE_AES 1473 GCRY_CIPHER_AES, 1474 GCRY_CIPHER_AES192, 1475 GCRY_CIPHER_AES256, 1476#endif 1477#if USE_TWOFISH 1478 GCRY_CIPHER_TWOFISH, 1479 GCRY_CIPHER_TWOFISH128, 1480#endif 1481#if USE_SERPENT 1482 GCRY_CIPHER_SERPENT128, 1483 GCRY_CIPHER_SERPENT192, 1484 GCRY_CIPHER_SERPENT256, 1485#endif 1486#if USE_RFC2268 1487 GCRY_CIPHER_RFC2268_40, 1488#endif 1489#if USE_SEED 1490 GCRY_CIPHER_SEED, 1491#endif 1492#if USE_CAMELLIA 1493 GCRY_CIPHER_CAMELLIA128, 1494 GCRY_CIPHER_CAMELLIA192, 1495 GCRY_CIPHER_CAMELLIA256, 1496#endif 1497 0 1498 }; 1499 static int algos2[] = { 1500#if USE_ARCFOUR 1501 GCRY_CIPHER_ARCFOUR, 1502#endif 1503 0 1504 }; 1505 int i; 1506 1507 if (verbose) 1508 fprintf (stderr, "Starting Cipher checks.\n"); 1509 for (i = 0; algos[i]; i++) 1510 { 1511 if (gcry_cipher_test_algo (algos[i]) && in_fips_mode) 1512 { 1513 if (verbose) 1514 fprintf (stderr, " algorithm %d not available in fips mode\n", 1515 algos[i]); 1516 continue; 1517 } 1518 if (verbose) 1519 fprintf (stderr, " checking %s [%i]\n", 1520 gcry_cipher_algo_name (algos[i]), 1521 gcry_cipher_map_name (gcry_cipher_algo_name (algos[i]))); 1522 1523 check_one_cipher (algos[i], GCRY_CIPHER_MODE_ECB, 0); 1524 check_one_cipher (algos[i], GCRY_CIPHER_MODE_CFB, 0); 1525 check_one_cipher (algos[i], GCRY_CIPHER_MODE_OFB, 0); 1526 check_one_cipher (algos[i], GCRY_CIPHER_MODE_CBC, 0); 1527 check_one_cipher (algos[i], GCRY_CIPHER_MODE_CBC, GCRY_CIPHER_CBC_CTS); 1528 check_one_cipher (algos[i], GCRY_CIPHER_MODE_CTR, 0); 1529 } 1530 1531 for (i = 0; algos2[i]; i++) 1532 { 1533 if (gcry_cipher_test_algo (algos[i]) && in_fips_mode) 1534 { 1535 if (verbose) 1536 fprintf (stderr, " algorithm %d not available in fips mode\n", 1537 algos[i]); 1538 continue; 1539 } 1540 if (verbose) 1541 fprintf (stderr, " checking `%s'\n", 1542 gcry_cipher_algo_name (algos2[i])); 1543 1544 check_one_cipher (algos2[i], GCRY_CIPHER_MODE_STREAM, 0); 1545 } 1546 /* we have now run all cipher's selftests */ 1547 1548 if (verbose) 1549 fprintf (stderr, "Completed Cipher checks.\n"); 1550 1551 /* TODO: add some extra encryption to test the higher level functions */ 1552} 1553 1554 1555static void 1556check_cipher_modes(void) 1557{ 1558 if (verbose) 1559 fprintf (stderr, "Starting Cipher Mode checks.\n"); 1560 1561 check_aes128_cbc_cts_cipher (); 1562 check_cbc_mac_cipher (); 1563 check_ctr_cipher (); 1564 check_cfb_cipher (); 1565 check_ofb_cipher (); 1566 1567 if (verbose) 1568 fprintf (stderr, "Completed Cipher Mode checks.\n"); 1569} 1570 1571static void 1572check_one_md (int algo, const char *data, int len, const char *expect) 1573{ 1574 gcry_md_hd_t hd, hd2; 1575 unsigned char *p; 1576 int mdlen; 1577 int i; 1578 gcry_error_t err = 0; 1579 1580 err = gcry_md_open (&hd, algo, 0); 1581 if (err) 1582 { 1583 fail ("algo %d, gcry_md_open failed: %s\n", algo, gpg_strerror (err)); 1584 return; 1585 } 1586 1587 mdlen = gcry_md_get_algo_dlen (algo); 1588 if (mdlen < 1 || mdlen > 500) 1589 { 1590 fail ("algo %d, gcry_md_get_algo_dlen failed: %d\n", algo, mdlen); 1591 return; 1592 } 1593 1594 if (*data == '!' && !data[1]) 1595 { /* hash one million times a "a" */ 1596 char aaa[1000]; 1597 1598 /* Write in odd size chunks so that we test the buffering. */ 1599 memset (aaa, 'a', 1000); 1600 for (i = 0; i < 1000; i++) 1601 gcry_md_write (hd, aaa, 1000); 1602 } 1603 else 1604 gcry_md_write (hd, data, len); 1605 1606 err = gcry_md_copy (&hd2, hd); 1607 if (err) 1608 { 1609 fail ("algo %d, gcry_md_copy failed: %s\n", algo, gpg_strerror (err)); 1610 } 1611 1612 gcry_md_close (hd); 1613 1614 p = gcry_md_read (hd2, algo); 1615 1616 if (memcmp (p, expect, mdlen)) 1617 { 1618 printf ("computed: "); 1619 for (i = 0; i < mdlen; i++) 1620 printf ("%02x ", p[i] & 0xFF); 1621 printf ("\nexpected: "); 1622 for (i = 0; i < mdlen; i++) 1623 printf ("%02x ", expect[i] & 0xFF); 1624 printf ("\n"); 1625 1626 fail ("algo %d, digest mismatch\n", algo); 1627 } 1628 1629 gcry_md_close (hd2); 1630} 1631 1632 1633static void 1634check_digests (void) 1635{ 1636 static struct algos 1637 { 1638 int md; 1639 const char *data; 1640 const char *expect; 1641 } algos[] = 1642 { 1643 { GCRY_MD_MD4, "", 1644 "\x31\xD6\xCF\xE0\xD1\x6A\xE9\x31\xB7\x3C\x59\xD7\xE0\xC0\x89\xC0" }, 1645 { GCRY_MD_MD4, "a", 1646 "\xbd\xe5\x2c\xb3\x1d\xe3\x3e\x46\x24\x5e\x05\xfb\xdb\xd6\xfb\x24" }, 1647 { GCRY_MD_MD4, "message digest", 1648 "\xd9\x13\x0a\x81\x64\x54\x9f\xe8\x18\x87\x48\x06\xe1\xc7\x01\x4b" }, 1649 { GCRY_MD_MD5, "", 1650 "\xD4\x1D\x8C\xD9\x8F\x00\xB2\x04\xE9\x80\x09\x98\xEC\xF8\x42\x7E" }, 1651 { GCRY_MD_MD5, "a", 1652 "\x0C\xC1\x75\xB9\xC0\xF1\xB6\xA8\x31\xC3\x99\xE2\x69\x77\x26\x61" }, 1653 { GCRY_MD_MD5, "abc", 1654 "\x90\x01\x50\x98\x3C\xD2\x4F\xB0\xD6\x96\x3F\x7D\x28\xE1\x7F\x72" }, 1655 { GCRY_MD_MD5, "message digest", 1656 "\xF9\x6B\x69\x7D\x7C\xB7\x93\x8D\x52\x5A\x2F\x31\xAA\xF1\x61\xD0" }, 1657 { GCRY_MD_SHA1, "abc", 1658 "\xA9\x99\x3E\x36\x47\x06\x81\x6A\xBA\x3E" 1659 "\x25\x71\x78\x50\xC2\x6C\x9C\xD0\xD8\x9D" }, 1660 { GCRY_MD_SHA1, 1661 "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", 1662 "\x84\x98\x3E\x44\x1C\x3B\xD2\x6E\xBA\xAE" 1663 "\x4A\xA1\xF9\x51\x29\xE5\xE5\x46\x70\xF1" }, 1664 { GCRY_MD_SHA1, "!" /* kludge for "a"*1000000 */ , 1665 "\x34\xAA\x97\x3C\xD4\xC4\xDA\xA4\xF6\x1E" 1666 "\xEB\x2B\xDB\xAD\x27\x31\x65\x34\x01\x6F" }, 1667 /* From RFC3874 */ 1668 { GCRY_MD_SHA224, "abc", 1669 "\x23\x09\x7d\x22\x34\x05\xd8\x22\x86\x42\xa4\x77\xbd\xa2\x55\xb3" 1670 "\x2a\xad\xbc\xe4\xbd\xa0\xb3\xf7\xe3\x6c\x9d\xa7" }, 1671 { GCRY_MD_SHA224, 1672 "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", 1673 "\x75\x38\x8b\x16\x51\x27\x76\xcc\x5d\xba\x5d\xa1\xfd\x89\x01\x50" 1674 "\xb0\xc6\x45\x5c\xb4\xf5\x8b\x19\x52\x52\x25\x25" }, 1675 { GCRY_MD_SHA224, "!", 1676 "\x20\x79\x46\x55\x98\x0c\x91\xd8\xbb\xb4\xc1\xea\x97\x61\x8a\x4b" 1677 "\xf0\x3f\x42\x58\x19\x48\xb2\xee\x4e\xe7\xad\x67" }, 1678 { GCRY_MD_SHA256, "abc", 1679 "\xba\x78\x16\xbf\x8f\x01\xcf\xea\x41\x41\x40\xde\x5d\xae\x22\x23" 1680 "\xb0\x03\x61\xa3\x96\x17\x7a\x9c\xb4\x10\xff\x61\xf2\x00\x15\xad" }, 1681 { GCRY_MD_SHA256, 1682 "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", 1683 "\x24\x8d\x6a\x61\xd2\x06\x38\xb8\xe5\xc0\x26\x93\x0c\x3e\x60\x39" 1684 "\xa3\x3c\xe4\x59\x64\xff\x21\x67\xf6\xec\xed\xd4\x19\xdb\x06\xc1" }, 1685 { GCRY_MD_SHA256, "!", 1686 "\xcd\xc7\x6e\x5c\x99\x14\xfb\x92\x81\xa1\xc7\xe2\x84\xd7\x3e\x67" 1687 "\xf1\x80\x9a\x48\xa4\x97\x20\x0e\x04\x6d\x39\xcc\xc7\x11\x2c\xd0" }, 1688 { GCRY_MD_SHA384, "abc", 1689 "\xcb\x00\x75\x3f\x45\xa3\x5e\x8b\xb5\xa0\x3d\x69\x9a\xc6\x50\x07" 1690 "\x27\x2c\x32\xab\x0e\xde\xd1\x63\x1a\x8b\x60\x5a\x43\xff\x5b\xed" 1691 "\x80\x86\x07\x2b\xa1\xe7\xcc\x23\x58\xba\xec\xa1\x34\xc8\x25\xa7" }, 1692 { GCRY_MD_SHA512, "abc", 1693 "\xDD\xAF\x35\xA1\x93\x61\x7A\xBA\xCC\x41\x73\x49\xAE\x20\x41\x31" 1694 "\x12\xE6\xFA\x4E\x89\xA9\x7E\xA2\x0A\x9E\xEE\xE6\x4B\x55\xD3\x9A" 1695 "\x21\x92\x99\x2A\x27\x4F\xC1\xA8\x36\xBA\x3C\x23\xA3\xFE\xEB\xBD" 1696 "\x45\x4D\x44\x23\x64\x3C\xE8\x0E\x2A\x9A\xC9\x4F\xA5\x4C\xA4\x9F" }, 1697 { GCRY_MD_RMD160, "", 1698 "\x9c\x11\x85\xa5\xc5\xe9\xfc\x54\x61\x28" 1699 "\x08\x97\x7e\xe8\xf5\x48\xb2\x25\x8d\x31" }, 1700 { GCRY_MD_RMD160, "a", 1701 "\x0b\xdc\x9d\x2d\x25\x6b\x3e\xe9\xda\xae" 1702 "\x34\x7b\xe6\xf4\xdc\x83\x5a\x46\x7f\xfe" }, 1703 { GCRY_MD_RMD160, "abc", 1704 "\x8e\xb2\x08\xf7\xe0\x5d\x98\x7a\x9b\x04" 1705 "\x4a\x8e\x98\xc6\xb0\x87\xf1\x5a\x0b\xfc" }, 1706 { GCRY_MD_RMD160, "message digest", 1707 "\x5d\x06\x89\xef\x49\xd2\xfa\xe5\x72\xb8" 1708 "\x81\xb1\x23\xa8\x5f\xfa\x21\x59\x5f\x36" }, 1709 { GCRY_MD_CRC32, "", "\x00\x00\x00\x00" }, 1710 { GCRY_MD_CRC32, "foo", "\x8c\x73\x65\x21" }, 1711 { GCRY_MD_CRC32_RFC1510, "", "\x00\x00\x00\x00" }, 1712 { GCRY_MD_CRC32_RFC1510, "foo", "\x73\x32\xbc\x33" }, 1713 { GCRY_MD_CRC32_RFC1510, "test0123456789", "\xb8\x3e\x88\xd6" }, 1714 { GCRY_MD_CRC32_RFC1510, "MASSACHVSETTS INSTITVTE OF TECHNOLOGY", 1715 "\xe3\x41\x80\xf7" }, 1716#if 0 1717 { GCRY_MD_CRC32_RFC1510, "\x80\x00", "\x3b\x83\x98\x4b" }, 1718 { GCRY_MD_CRC32_RFC1510, "\x00\x08", "\x0e\xdb\x88\x32" }, 1719 { GCRY_MD_CRC32_RFC1510, "\x00\x80", "\xed\xb8\x83\x20" }, 1720#endif 1721 { GCRY_MD_CRC32_RFC1510, "\x80", "\xed\xb8\x83\x20" }, 1722#if 0 1723 { GCRY_MD_CRC32_RFC1510, "\x80\x00\x00\x00", "\xed\x59\xb6\x3b" }, 1724 { GCRY_MD_CRC32_RFC1510, "\x00\x00\x00\x01", "\x77\x07\x30\x96" }, 1725#endif 1726 { GCRY_MD_CRC24_RFC2440, "", "\xb7\x04\xce" }, 1727 { GCRY_MD_CRC24_RFC2440, "foo", "\x4f\xc2\x55" }, 1728 1729 { GCRY_MD_TIGER, "", 1730 "\x24\xF0\x13\x0C\x63\xAC\x93\x32\x16\x16\x6E\x76" 1731 "\xB1\xBB\x92\x5F\xF3\x73\xDE\x2D\x49\x58\x4E\x7A" }, 1732 { GCRY_MD_TIGER, "abc", 1733 "\xF2\x58\xC1\xE8\x84\x14\xAB\x2A\x52\x7A\xB5\x41" 1734 "\xFF\xC5\xB8\xBF\x93\x5F\x7B\x95\x1C\x13\x29\x51" }, 1735 { GCRY_MD_TIGER, "Tiger", 1736 "\x9F\x00\xF5\x99\x07\x23\x00\xDD\x27\x6A\xBB\x38" 1737 "\xC8\xEB\x6D\xEC\x37\x79\x0C\x11\x6F\x9D\x2B\xDF" }, 1738 { GCRY_MD_TIGER, "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefg" 1739 "hijklmnopqrstuvwxyz0123456789+-", 1740 "\x87\xFB\x2A\x90\x83\x85\x1C\xF7\x47\x0D\x2C\xF8" 1741 "\x10\xE6\xDF\x9E\xB5\x86\x44\x50\x34\xA5\xA3\x86" }, 1742 { GCRY_MD_TIGER, "ABCDEFGHIJKLMNOPQRSTUVWXYZ=abcdef" 1743 "ghijklmnopqrstuvwxyz+0123456789", 1744 "\x46\x7D\xB8\x08\x63\xEB\xCE\x48\x8D\xF1\xCD\x12" 1745 "\x61\x65\x5D\xE9\x57\x89\x65\x65\x97\x5F\x91\x97" }, 1746 { GCRY_MD_TIGER, "Tiger - A Fast New Hash Function, " 1747 "by Ross Anderson and Eli Biham", 1748 "\x0C\x41\x0A\x04\x29\x68\x86\x8A\x16\x71\xDA\x5A" 1749 "\x3F\xD2\x9A\x72\x5E\xC1\xE4\x57\xD3\xCD\xB3\x03" }, 1750 { GCRY_MD_TIGER, "Tiger - A Fast New Hash Function, " 1751 "by Ross Anderson and Eli Biham, proceedings of Fa" 1752 "st Software Encryption 3, Cambridge.", 1753 "\xEB\xF5\x91\xD5\xAF\xA6\x55\xCE\x7F\x22\x89\x4F" 1754 "\xF8\x7F\x54\xAC\x89\xC8\x11\xB6\xB0\xDA\x31\x93" }, 1755 { GCRY_MD_TIGER, "Tiger - A Fast New Hash Function, " 1756 "by Ross Anderson and Eli Biham, proceedings of Fa" 1757 "st Software Encryption 3, Cambridge, 1996.", 1758 "\x3D\x9A\xEB\x03\xD1\xBD\x1A\x63\x57\xB2\x77\x4D" 1759 "\xFD\x6D\x5B\x24\xDD\x68\x15\x1D\x50\x39\x74\xFC" }, 1760 { GCRY_MD_TIGER, "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefgh" 1761 "ijklmnopqrstuvwxyz0123456789+-ABCDEFGHIJKLMNOPQRS" 1762 "TUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+-", 1763 "\x00\xB8\x3E\xB4\xE5\x34\x40\xC5\x76\xAC\x6A\xAE" 1764 "\xE0\xA7\x48\x58\x25\xFD\x15\xE7\x0A\x59\xFF\xE4" }, 1765 1766 { GCRY_MD_TIGER1, "", 1767 "\x32\x93\xAC\x63\x0C\x13\xF0\x24\x5F\x92\xBB\xB1" 1768 "\x76\x6E\x16\x16\x7A\x4E\x58\x49\x2D\xDE\x73\xF3" }, 1769 { GCRY_MD_TIGER1, "a", 1770 "\x77\xBE\xFB\xEF\x2E\x7E\xF8\xAB\x2E\xC8\xF9\x3B" 1771 "\xF5\x87\xA7\xFC\x61\x3E\x24\x7F\x5F\x24\x78\x09" }, 1772 { GCRY_MD_TIGER1, "abc", 1773 "\x2A\xAB\x14\x84\xE8\xC1\x58\xF2\xBF\xB8\xC5\xFF" 1774 "\x41\xB5\x7A\x52\x51\x29\x13\x1C\x95\x7B\x5F\x93" }, 1775 { GCRY_MD_TIGER1, "message digest", 1776 "\xD9\x81\xF8\xCB\x78\x20\x1A\x95\x0D\xCF\x30\x48" 1777 "\x75\x1E\x44\x1C\x51\x7F\xCA\x1A\xA5\x5A\x29\xF6" }, 1778 { GCRY_MD_TIGER1, "abcdefghijklmnopqrstuvwxyz", 1779 "\x17\x14\xA4\x72\xEE\xE5\x7D\x30\x04\x04\x12\xBF" 1780 "\xCC\x55\x03\x2A\x0B\x11\x60\x2F\xF3\x7B\xEE\xE9" }, 1781 { GCRY_MD_TIGER1, 1782 "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", 1783 "\x0F\x7B\xF9\xA1\x9B\x9C\x58\xF2\xB7\x61\x0D\xF7" 1784 "\xE8\x4F\x0A\xC3\xA7\x1C\x63\x1E\x7B\x53\xF7\x8E" }, 1785 { GCRY_MD_TIGER1, 1786 "ABCDEFGHIJKLMNOPQRSTUVWXYZ" 1787 "abcdefghijklmnopqrstuvwxyz" "0123456789", 1788 "\x8D\xCE\xA6\x80\xA1\x75\x83\xEE\x50\x2B\xA3\x8A" 1789 "\x3C\x36\x86\x51\x89\x0F\xFB\xCC\xDC\x49\xA8\xCC" }, 1790 { GCRY_MD_TIGER1, 1791 "1234567890" "1234567890" "1234567890" "1234567890" 1792 "1234567890" "1234567890" "1234567890" "1234567890", 1793 "\x1C\x14\x79\x55\x29\xFD\x9F\x20\x7A\x95\x8F\x84" 1794 "\xC5\x2F\x11\xE8\x87\xFA\x0C\xAB\xDF\xD9\x1B\xFD" }, 1795 { GCRY_MD_TIGER1, "!", 1796 "\x6D\xB0\xE2\x72\x9C\xBE\xAD\x93\xD7\x15\xC6\xA7" 1797 "\xD3\x63\x02\xE9\xB3\xCE\xE0\xD2\xBC\x31\x4B\x41" }, 1798 1799 { GCRY_MD_TIGER2, "", 1800 "\x44\x41\xBE\x75\xF6\x01\x87\x73\xC2\x06\xC2\x27" 1801 "\x45\x37\x4B\x92\x4A\xA8\x31\x3F\xEF\x91\x9F\x41" }, 1802 { GCRY_MD_TIGER2, "a", 1803 "\x67\xE6\xAE\x8E\x9E\x96\x89\x99\xF7\x0A\x23\xE7" 1804 "\x2A\xEA\xA9\x25\x1C\xBC\x7C\x78\xA7\x91\x66\x36" }, 1805 { GCRY_MD_TIGER2, "abc", 1806 "\xF6\x8D\x7B\xC5\xAF\x4B\x43\xA0\x6E\x04\x8D\x78" 1807 "\x29\x56\x0D\x4A\x94\x15\x65\x8B\xB0\xB1\xF3\xBF" }, 1808 { GCRY_MD_TIGER2, "message digest", 1809 "\xE2\x94\x19\xA1\xB5\xFA\x25\x9D\xE8\x00\x5E\x7D" 1810 "\xE7\x50\x78\xEA\x81\xA5\x42\xEF\x25\x52\x46\x2D" }, 1811 { GCRY_MD_TIGER2, "abcdefghijklmnopqrstuvwxyz", 1812 "\xF5\xB6\xB6\xA7\x8C\x40\x5C\x85\x47\xE9\x1C\xD8" 1813 "\x62\x4C\xB8\xBE\x83\xFC\x80\x4A\x47\x44\x88\xFD" }, 1814 { GCRY_MD_TIGER2, 1815 "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", 1816 "\xA6\x73\x7F\x39\x97\xE8\xFB\xB6\x3D\x20\xD2\xDF" 1817 "\x88\xF8\x63\x76\xB5\xFE\x2D\x5C\xE3\x66\x46\xA9" }, 1818 { GCRY_MD_TIGER2, 1819 "ABCDEFGHIJKLMNOPQRSTUVWXYZ" 1820 "abcdefghijklmnopqrstuvwxyz" "0123456789", 1821 "\xEA\x9A\xB6\x22\x8C\xEE\x7B\x51\xB7\x75\x44\xFC" 1822 "\xA6\x06\x6C\x8C\xBB\x5B\xBA\xE6\x31\x95\x05\xCD" }, 1823 { GCRY_MD_TIGER2, 1824 "1234567890" "1234567890" "1234567890" "1234567890" 1825 "1234567890" "1234567890" "1234567890" "1234567890", 1826 "\xD8\x52\x78\x11\x53\x29\xEB\xAA\x0E\xEC\x85\xEC" 1827 "\xDC\x53\x96\xFD\xA8\xAA\x3A\x58\x20\x94\x2F\xFF" }, 1828 { GCRY_MD_TIGER2, "!", 1829 "\xE0\x68\x28\x1F\x06\x0F\x55\x16\x28\xCC\x57\x15" 1830 "\xB9\xD0\x22\x67\x96\x91\x4D\x45\xF7\x71\x7C\xF4" }, 1831 1832 { GCRY_MD_WHIRLPOOL, "", 1833 "\x19\xFA\x61\xD7\x55\x22\xA4\x66\x9B\x44\xE3\x9C\x1D\x2E\x17\x26" 1834 "\xC5\x30\x23\x21\x30\xD4\x07\xF8\x9A\xFE\xE0\x96\x49\x97\xF7\xA7" 1835 "\x3E\x83\xBE\x69\x8B\x28\x8F\xEB\xCF\x88\xE3\xE0\x3C\x4F\x07\x57" 1836 "\xEA\x89\x64\xE5\x9B\x63\xD9\x37\x08\xB1\x38\xCC\x42\xA6\x6E\xB3" }, 1837 { GCRY_MD_WHIRLPOOL, "a", 1838 "\x8A\xCA\x26\x02\x79\x2A\xEC\x6F\x11\xA6\x72\x06\x53\x1F\xB7\xD7" 1839 "\xF0\xDF\xF5\x94\x13\x14\x5E\x69\x73\xC4\x50\x01\xD0\x08\x7B\x42" 1840 "\xD1\x1B\xC6\x45\x41\x3A\xEF\xF6\x3A\x42\x39\x1A\x39\x14\x5A\x59" 1841 "\x1A\x92\x20\x0D\x56\x01\x95\xE5\x3B\x47\x85\x84\xFD\xAE\x23\x1A" }, 1842 { GCRY_MD_WHIRLPOOL, "a", 1843 "\x8A\xCA\x26\x02\x79\x2A\xEC\x6F\x11\xA6\x72\x06\x53\x1F\xB7\xD7" 1844 "\xF0\xDF\xF5\x94\x13\x14\x5E\x69\x73\xC4\x50\x01\xD0\x08\x7B\x42" 1845 "\xD1\x1B\xC6\x45\x41\x3A\xEF\xF6\x3A\x42\x39\x1A\x39\x14\x5A\x59" 1846 "\x1A\x92\x20\x0D\x56\x01\x95\xE5\x3B\x47\x85\x84\xFD\xAE\x23\x1A" }, 1847 { GCRY_MD_WHIRLPOOL, 1848 "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", 1849 "\xDC\x37\xE0\x08\xCF\x9E\xE6\x9B\xF1\x1F\x00\xED\x9A\xBA\x26\x90" 1850 "\x1D\xD7\xC2\x8C\xDE\xC0\x66\xCC\x6A\xF4\x2E\x40\xF8\x2F\x3A\x1E" 1851 "\x08\xEB\xA2\x66\x29\x12\x9D\x8F\xB7\xCB\x57\x21\x1B\x92\x81\xA6" 1852 "\x55\x17\xCC\x87\x9D\x7B\x96\x21\x42\xC6\x5F\x5A\x7A\xF0\x14\x67" }, 1853 { GCRY_MD_WHIRLPOOL, 1854 "!", 1855 "\x0C\x99\x00\x5B\xEB\x57\xEF\xF5\x0A\x7C\xF0\x05\x56\x0D\xDF\x5D" 1856 "\x29\x05\x7F\xD8\x6B\x20\xBF\xD6\x2D\xEC\xA0\xF1\xCC\xEA\x4A\xF5" 1857 "\x1F\xC1\x54\x90\xED\xDC\x47\xAF\x32\xBB\x2B\x66\xC3\x4F\xF9\xAD" 1858 "\x8C\x60\x08\xAD\x67\x7F\x77\x12\x69\x53\xB2\x26\xE4\xED\x8B\x01" }, 1859 { 0 }, 1860 }; 1861 int i; 1862 1863 if (verbose) 1864 fprintf (stderr, "Starting hash checks.\n"); 1865 1866 for (i = 0; algos[i].md; i++) 1867 { 1868 if ((gcry_md_test_algo (algos[i].md) || algos[i].md == GCRY_MD_MD5) 1869 && in_fips_mode) 1870 { 1871 if (verbose) 1872 fprintf (stderr, " algorithm %d not available in fips mode\n", 1873 algos[i].md); 1874 continue; 1875 } 1876 if (verbose) 1877 fprintf (stderr, " checking %s [%i] for length %zi\n", 1878 gcry_md_algo_name (algos[i].md), 1879 algos[i].md, 1880 !strcmp (algos[i].data, "!")? 1881 1000000 : strlen(algos[i].data)); 1882 1883 check_one_md (algos[i].md, algos[i].data, strlen (algos[i].data), 1884 algos[i].expect); 1885 } 1886 1887 if (verbose) 1888 fprintf (stderr, "Completed hash checks.\n"); 1889} 1890 1891static void 1892check_one_hmac (int algo, const char *data, int datalen, 1893 const char *key, int keylen, const char *expect) 1894{ 1895 gcry_md_hd_t hd, hd2; 1896 unsigned char *p; 1897 int mdlen; 1898 int i; 1899 gcry_error_t err = 0; 1900 1901 err = gcry_md_open (&hd, algo, GCRY_MD_FLAG_HMAC); 1902 if (err) 1903 { 1904 fail ("algo %d, gcry_md_open failed: %s\n", algo, gpg_strerror (err)); 1905 return; 1906 } 1907 1908 mdlen = gcry_md_get_algo_dlen (algo); 1909 if (mdlen < 1 || mdlen > 500) 1910 { 1911 fail ("algo %d, gcry_md_get_algo_dlen failed: %d\n", algo, mdlen); 1912 return; 1913 } 1914 1915 gcry_md_setkey( hd, key, keylen ); 1916 1917 gcry_md_write (hd, data, datalen); 1918 1919 err = gcry_md_copy (&hd2, hd); 1920 if (err) 1921 { 1922 fail ("algo %d, gcry_md_copy failed: %s\n", algo, gpg_strerror (err)); 1923 } 1924 1925 gcry_md_close (hd); 1926 1927 p = gcry_md_read (hd2, algo); 1928 if (!p) 1929 fail("algo %d, hmac gcry_md_read failed\n", algo); 1930 1931 if (memcmp (p, expect, mdlen)) 1932 { 1933 printf ("computed: "); 1934 for (i = 0; i < mdlen; i++) 1935 printf ("%02x ", p[i] & 0xFF); 1936 printf ("\nexpected: "); 1937 for (i = 0; i < mdlen; i++) 1938 printf ("%02x ", expect[i] & 0xFF); 1939 printf ("\n"); 1940 1941 fail ("algo %d, digest mismatch\n", algo); 1942 } 1943 1944 gcry_md_close (hd2); 1945} 1946 1947static void 1948check_hmac (void) 1949{ 1950 static struct algos 1951 { 1952 int md; 1953 const char *data; 1954 const char *key; 1955 const char *expect; 1956 } algos[] = 1957 { 1958 { GCRY_MD_MD5, "what do ya want for nothing?", "Jefe", 1959 "\x75\x0c\x78\x3e\x6a\xb0\xb5\x03\xea\xa8\x6e\x31\x0a\x5d\xb7\x38" }, 1960 { GCRY_MD_MD5, 1961 "Hi There", 1962 "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b", 1963 "\x92\x94\x72\x7a\x36\x38\xbb\x1c\x13\xf4\x8e\xf8\x15\x8b\xfc\x9d" }, 1964 { GCRY_MD_MD5, 1965 "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd" 1966 "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd" 1967 "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd" 1968 "\xdd\xdd\xdd\xdd\xdd", 1969 "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA", 1970 "\x56\xbe\x34\x52\x1d\x14\x4c\x88\xdb\xb8\xc7\x33\xf0\xe8\xb3\xf6" }, 1971 { GCRY_MD_MD5, 1972 "\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd" 1973 "\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd" 1974 "\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd" 1975 "\xcd\xcd\xcd\xcd\xcd", 1976 "\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" 1977 "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19", 1978 "\x69\x7e\xaf\x0a\xca\x3a\x3a\xea\x3a\x75\x16\x47\x46\xff\xaa\x79" }, 1979 { GCRY_MD_MD5, "Test With Truncation", 1980 "\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c", 1981 "\x56\x46\x1e\xf2\x34\x2e\xdc\x00\xf9\xba\xb9\x95\x69\x0e\xfd\x4c" }, 1982 { GCRY_MD_MD5, "Test Using Larger Than Block-Size Key - Hash Key First", 1983 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 1984 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 1985 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 1986 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 1987 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 1988 "\xaa\xaa\xaa\xaa\xaa", 1989 "\x6b\x1a\xb7\xfe\x4b\xd7\xbf\x8f\x0b\x62\xe6\xce\x61\xb9\xd0\xcd" }, 1990 { GCRY_MD_MD5, 1991 "Test Using Larger Than Block-Size Key and Larger Than One Block-Size Data", 1992 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 1993 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 1994 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 1995 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 1996 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 1997 "\xaa\xaa\xaa\xaa\xaa", 1998 "\x6f\x63\x0f\xad\x67\xcd\xa0\xee\x1f\xb1\xf5\x62\xdb\x3a\xa5\x3e", }, 1999 { GCRY_MD_SHA256, "what do ya want for nothing?", "Jefe", 2000 "\x5b\xdc\xc1\x46\xbf\x60\x75\x4e\x6a\x04\x24\x26\x08\x95\x75\xc7\x5a" 2001 "\x00\x3f\x08\x9d\x27\x39\x83\x9d\xec\x58\xb9\x64\xec\x38\x43" }, 2002 { GCRY_MD_SHA256, 2003 "Hi There", 2004 "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b" 2005 "\x0b\x0b\x0b", 2006 "\xb0\x34\x4c\x61\xd8\xdb\x38\x53\x5c\xa8\xaf\xce\xaf\x0b\xf1\x2b\x88" 2007 "\x1d\xc2\x00\xc9\x83\x3d\xa7\x26\xe9\x37\x6c\x2e\x32\xcf\xf7" }, 2008 { GCRY_MD_SHA256, 2009 "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd" 2010 "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd" 2011 "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd" 2012 "\xdd\xdd\xdd\xdd\xdd", 2013 "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" 2014 "\xAA\xAA\xAA\xAA", 2015 "\x77\x3e\xa9\x1e\x36\x80\x0e\x46\x85\x4d\xb8\xeb\xd0\x91\x81\xa7" 2016 "\x29\x59\x09\x8b\x3e\xf8\xc1\x22\xd9\x63\x55\x14\xce\xd5\x65\xfe" }, 2017 { GCRY_MD_SHA256, 2018 "\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd" 2019 "\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd" 2020 "\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd" 2021 "\xcd\xcd\xcd\xcd\xcd", 2022 "\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" 2023 "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19", 2024 "\x82\x55\x8a\x38\x9a\x44\x3c\x0e\xa4\xcc\x81\x98\x99\xf2\x08" 2025 "\x3a\x85\xf0\xfa\xa3\xe5\x78\xf8\x07\x7a\x2e\x3f\xf4\x67\x29\x66\x5b" }, 2026 { GCRY_MD_SHA256, 2027 "Test Using Larger Than Block-Size Key - Hash Key First", 2028 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2029 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2030 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2031 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2032 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2033 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2034 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2035 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2036 "\xaa\xaa\xaa", 2037 "\x60\xe4\x31\x59\x1e\xe0\xb6\x7f\x0d\x8a\x26\xaa\xcb\xf5\xb7\x7f" 2038 "\x8e\x0b\xc6\x21\x37\x28\xc5\x14\x05\x46\x04\x0f\x0e\xe3\x7f\x54" }, 2039 { GCRY_MD_SHA256, 2040 "This is a test using a larger than block-size key and a larger than block-size data. The key needs to be hashed before being used by the HMAC algorithm.", 2041 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2042 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2043 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2044 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2045 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2046 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2047 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2048 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2049 "\xaa\xaa\xaa", 2050 "\x9b\x09\xff\xa7\x1b\x94\x2f\xcb\x27\x63\x5f\xbc\xd5\xb0\xe9\x44" 2051 "\xbf\xdc\x63\x64\x4f\x07\x13\x93\x8a\x7f\x51\x53\x5c\x3a\x35\xe2" }, 2052 { GCRY_MD_SHA224, "what do ya want for nothing?", "Jefe", 2053 "\xa3\x0e\x01\x09\x8b\xc6\xdb\xbf\x45\x69\x0f\x3a\x7e\x9e\x6d\x0f" 2054 "\x8b\xbe\xa2\xa3\x9e\x61\x48\x00\x8f\xd0\x5e\x44" }, 2055 { GCRY_MD_SHA224, 2056 "Hi There", 2057 "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b" 2058 "\x0b\x0b\x0b", 2059 "\x89\x6f\xb1\x12\x8a\xbb\xdf\x19\x68\x32\x10\x7c\xd4\x9d\xf3\x3f\x47" 2060 "\xb4\xb1\x16\x99\x12\xba\x4f\x53\x68\x4b\x22" }, 2061 { GCRY_MD_SHA224, 2062 "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd" 2063 "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd" 2064 "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd" 2065 "\xdd\xdd\xdd\xdd\xdd", 2066 "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" 2067 "\xAA\xAA\xAA\xAA", 2068 "\x7f\xb3\xcb\x35\x88\xc6\xc1\xf6\xff\xa9\x69\x4d\x7d\x6a\xd2\x64" 2069 "\x93\x65\xb0\xc1\xf6\x5d\x69\xd1\xec\x83\x33\xea" }, 2070 { GCRY_MD_SHA224, 2071 "\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd" 2072 "\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd" 2073 "\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd" 2074 "\xcd\xcd\xcd\xcd\xcd", 2075 "\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" 2076 "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19", 2077 "\x6c\x11\x50\x68\x74\x01\x3c\xac\x6a\x2a\xbc\x1b\xb3\x82\x62" 2078 "\x7c\xec\x6a\x90\xd8\x6e\xfc\x01\x2d\xe7\xaf\xec\x5a" }, 2079 { GCRY_MD_SHA224, 2080 "Test Using Larger Than Block-Size Key - Hash Key First", 2081 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2082 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2083 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2084 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2085 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2086 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2087 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2088 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2089 "\xaa\xaa\xaa", 2090 "\x95\xe9\xa0\xdb\x96\x20\x95\xad\xae\xbe\x9b\x2d\x6f\x0d\xbc\xe2" 2091 "\xd4\x99\xf1\x12\xf2\xd2\xb7\x27\x3f\xa6\x87\x0e" }, 2092 { GCRY_MD_SHA224, 2093 "This is a test using a larger than block-size key and a larger than block-size data. The key needs to be hashed before being used by the HMAC algorithm.", 2094 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2095 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2096 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2097 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2098 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2099 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2100 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2101 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2102 "\xaa\xaa\xaa", 2103 "\x3a\x85\x41\x66\xac\x5d\x9f\x02\x3f\x54\xd5\x17\xd0\xb3\x9d\xbd" 2104 "\x94\x67\x70\xdb\x9c\x2b\x95\xc9\xf6\xf5\x65\xd1" }, 2105 { GCRY_MD_SHA384, "what do ya want for nothing?", "Jefe", 2106 "\xaf\x45\xd2\xe3\x76\x48\x40\x31\x61\x7f\x78\xd2\xb5\x8a\x6b\x1b" 2107 "\x9c\x7e\xf4\x64\xf5\xa0\x1b\x47\xe4\x2e\xc3\x73\x63\x22\x44\x5e" 2108 "\x8e\x22\x40\xca\x5e\x69\xe2\xc7\x8b\x32\x39\xec\xfa\xb2\x16\x49" }, 2109 { GCRY_MD_SHA384, 2110 "Hi There", 2111 "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b" 2112 "\x0b\x0b\x0b", 2113 "\xaf\xd0\x39\x44\xd8\x48\x95\x62\x6b\x08\x25\xf4\xab\x46\x90\x7f\x15" 2114 "\xf9\xda\xdb\xe4\x10\x1e\xc6\x82\xaa\x03\x4c\x7c\xeb\xc5\x9c\xfa\xea" 2115 "\x9e\xa9\x07\x6e\xde\x7f\x4a\xf1\x52\xe8\xb2\xfa\x9c\xb6" }, 2116 { GCRY_MD_SHA384, 2117 "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd" 2118 "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd" 2119 "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd" 2120 "\xdd\xdd\xdd\xdd\xdd", 2121 "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" 2122 "\xAA\xAA\xAA\xAA", 2123 "\x88\x06\x26\x08\xd3\xe6\xad\x8a\x0a\xa2\xac\xe0\x14\xc8\xa8\x6f" 2124 "\x0a\xa6\x35\xd9\x47\xac\x9f\xeb\xe8\x3e\xf4\xe5\x59\x66\x14\x4b" 2125 "\x2a\x5a\xb3\x9d\xc1\x38\x14\xb9\x4e\x3a\xb6\xe1\x01\xa3\x4f\x27" }, 2126 { GCRY_MD_SHA384, 2127 "\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd" 2128 "\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd" 2129 "\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd" 2130 "\xcd\xcd\xcd\xcd\xcd", 2131 "\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" 2132 "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19", 2133 "\x3e\x8a\x69\xb7\x78\x3c\x25\x85\x19\x33\xab\x62\x90\xaf\x6c\xa7" 2134 "\x7a\x99\x81\x48\x08\x50\x00\x9c\xc5\x57\x7c\x6e\x1f\x57\x3b\x4e" 2135 "\x68\x01\xdd\x23\xc4\xa7\xd6\x79\xcc\xf8\xa3\x86\xc6\x74\xcf\xfb" }, 2136 { GCRY_MD_SHA384, 2137 "Test Using Larger Than Block-Size Key - Hash Key First", 2138 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2139 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2140 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2141 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2142 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2143 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2144 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2145 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2146 "\xaa\xaa\xaa", 2147 "\x4e\xce\x08\x44\x85\x81\x3e\x90\x88\xd2\xc6\x3a\x04\x1b\xc5\xb4" 2148 "\x4f\x9e\xf1\x01\x2a\x2b\x58\x8f\x3c\xd1\x1f\x05\x03\x3a\xc4\xc6" 2149 "\x0c\x2e\xf6\xab\x40\x30\xfe\x82\x96\x24\x8d\xf1\x63\xf4\x49\x52" }, 2150 { GCRY_MD_SHA384, 2151 "This is a test using a larger than block-size key and a larger than block-size data. The key needs to be hashed before being used by the HMAC algorithm.", 2152 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2153 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2154 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2155 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2156 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2157 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2158 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2159 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2160 "\xaa\xaa\xaa", 2161 "\x66\x17\x17\x8e\x94\x1f\x02\x0d\x35\x1e\x2f\x25\x4e\x8f\xd3\x2c" 2162 "\x60\x24\x20\xfe\xb0\xb8\xfb\x9a\xdc\xce\xbb\x82\x46\x1e\x99\xc5" 2163 "\xa6\x78\xcc\x31\xe7\x99\x17\x6d\x38\x60\xe6\x11\x0c\x46\x52\x3e" }, 2164 { GCRY_MD_SHA512, "what do ya want for nothing?", "Jefe", 2165 "\x16\x4b\x7a\x7b\xfc\xf8\x19\xe2\xe3\x95\xfb\xe7\x3b\x56\xe0\xa3" 2166 "\x87\xbd\x64\x22\x2e\x83\x1f\xd6\x10\x27\x0c\xd7\xea\x25\x05\x54" 2167 "\x97\x58\xbf\x75\xc0\x5a\x99\x4a\x6d\x03\x4f\x65\xf8\xf0\xe6\xfd" 2168 "\xca\xea\xb1\xa3\x4d\x4a\x6b\x4b\x63\x6e\x07\x0a\x38\xbc\xe7\x37" }, 2169 { GCRY_MD_SHA512, 2170 "Hi There", 2171 "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b" 2172 "\x0b\x0b\x0b", 2173 "\x87\xaa\x7c\xde\xa5\xef\x61\x9d\x4f\xf0\xb4\x24\x1a\x1d\x6c\xb0" 2174 "\x23\x79\xf4\xe2\xce\x4e\xc2\x78\x7a\xd0\xb3\x05\x45\xe1\x7c\xde" 2175 "\xda\xa8\x33\xb7\xd6\xb8\xa7\x02\x03\x8b\x27\x4e\xae\xa3\xf4\xe4" 2176 "\xbe\x9d\x91\x4e\xeb\x61\xf1\x70\x2e\x69\x6c\x20\x3a\x12\x68\x54" }, 2177 { GCRY_MD_SHA512, 2178 "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd" 2179 "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd" 2180 "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd" 2181 "\xdd\xdd\xdd\xdd\xdd", 2182 "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" 2183 "\xAA\xAA\xAA\xAA", 2184 "\xfa\x73\xb0\x08\x9d\x56\xa2\x84\xef\xb0\xf0\x75\x6c\x89\x0b\xe9" 2185 "\xb1\xb5\xdb\xdd\x8e\xe8\x1a\x36\x55\xf8\x3e\x33\xb2\x27\x9d\x39" 2186 "\xbf\x3e\x84\x82\x79\xa7\x22\xc8\x06\xb4\x85\xa4\x7e\x67\xc8\x07" 2187 "\xb9\x46\xa3\x37\xbe\xe8\x94\x26\x74\x27\x88\x59\xe1\x32\x92\xfb" }, 2188 { GCRY_MD_SHA512, 2189 "\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd" 2190 "\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd" 2191 "\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd" 2192 "\xcd\xcd\xcd\xcd\xcd", 2193 "\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" 2194 "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19", 2195 "\xb0\xba\x46\x56\x37\x45\x8c\x69\x90\xe5\xa8\xc5\xf6\x1d\x4a\xf7" 2196 "\xe5\x76\xd9\x7f\xf9\x4b\x87\x2d\xe7\x6f\x80\x50\x36\x1e\xe3\xdb" 2197 "\xa9\x1c\xa5\xc1\x1a\xa2\x5e\xb4\xd6\x79\x27\x5c\xc5\x78\x80\x63" 2198 "\xa5\xf1\x97\x41\x12\x0c\x4f\x2d\xe2\xad\xeb\xeb\x10\xa2\x98\xdd" }, 2199 { GCRY_MD_SHA512, 2200 "Test Using Larger Than Block-Size Key - Hash Key First", 2201 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2202 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2203 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2204 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2205 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2206 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2207 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2208 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2209 "\xaa\xaa\xaa", 2210 "\x80\xb2\x42\x63\xc7\xc1\xa3\xeb\xb7\x14\x93\xc1\xdd\x7b\xe8\xb4" 2211 "\x9b\x46\xd1\xf4\x1b\x4a\xee\xc1\x12\x1b\x01\x37\x83\xf8\xf3\x52" 2212 "\x6b\x56\xd0\x37\xe0\x5f\x25\x98\xbd\x0f\xd2\x21\x5d\x6a\x1e\x52" 2213 "\x95\xe6\x4f\x73\xf6\x3f\x0a\xec\x8b\x91\x5a\x98\x5d\x78\x65\x98" }, 2214 { GCRY_MD_SHA512, 2215 "This is a test using a larger than block-size key and a larger than block-size data. The key needs to be hashed before being used by the HMAC algorithm.", 2216 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2217 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2218 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2219 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2220 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2221 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2222 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2223 "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" 2224 "\xaa\xaa\xaa", 2225 "\xe3\x7b\x6a\x77\x5d\xc8\x7d\xba\xa4\xdf\xa9\xf9\x6e\x5e\x3f\xfd" 2226 "\xde\xbd\x71\xf8\x86\x72\x89\x86\x5d\xf5\xa3\x2d\x20\xcd\xc9\x44" 2227 "\xb6\x02\x2c\xac\x3c\x49\x82\xb1\x0d\x5e\xeb\x55\xc3\xe4\xde\x15" 2228 "\x13\x46\x76\xfb\x6d\xe0\x44\x60\x65\xc9\x74\x40\xfa\x8c\x6a\x58" }, 2229 { 0 }, 2230 }; 2231 int i; 2232 2233 if (verbose) 2234 fprintf (stderr, "Starting hashed MAC checks.\n"); 2235 2236 for (i = 0; algos[i].md; i++) 2237 { 2238 if ((gcry_md_test_algo (algos[i].md) || algos[i].md == GCRY_MD_MD5) 2239 && in_fips_mode) 2240 { 2241 if (verbose) 2242 fprintf (stderr, " algorithm %d not available in fips mode\n", 2243 algos[i].md); 2244 continue; 2245 } 2246 if (verbose) 2247 fprintf (stderr, 2248 " checking %s [%i] for %zi byte key and %zi byte data\n", 2249 gcry_md_algo_name (algos[i].md), 2250 algos[i].md, 2251 strlen(algos[i].key), strlen(algos[i].data)); 2252 2253 check_one_hmac (algos[i].md, algos[i].data, strlen (algos[i].data), 2254 algos[i].key, strlen(algos[i].key), 2255 algos[i].expect); 2256 } 2257 2258 if (verbose) 2259 fprintf (stderr, "Completed hashed MAC checks.\n"); 2260 } 2261 2262/* Check that the signature SIG matches the hash HASH. PKEY is the 2263 public key used for the verification. BADHASH is a hasvalue which 2264 should; result in a bad signature status. */ 2265static void 2266verify_one_signature (gcry_sexp_t pkey, gcry_sexp_t hash, 2267 gcry_sexp_t badhash, gcry_sexp_t sig) 2268{ 2269 gcry_error_t rc; 2270 2271 rc = gcry_pk_verify (sig, hash, pkey); 2272 if (rc) 2273 fail ("gcry_pk_verify failed: %s\n", gpg_strerror (rc)); 2274 rc = gcry_pk_verify (sig, badhash, pkey); 2275 if (gcry_err_code (rc) != GPG_ERR_BAD_SIGNATURE) 2276 fail ("gcry_pk_verify failed to detect a bad signature: %s\n", 2277 gpg_strerror (rc)); 2278} 2279 2280 2281/* Test the public key sign function using the private ket SKEY. PKEY 2282 is used for verification. */ 2283static void 2284check_pubkey_sign (int n, gcry_sexp_t skey, gcry_sexp_t pkey, int algo) 2285{ 2286 gcry_error_t rc; 2287 gcry_sexp_t sig, badhash, hash; 2288 int dataidx; 2289 static const char baddata[] = 2290 "(data\n (flags pkcs1)\n" 2291 " (hash sha1 #11223344556677889900AABBCCDDEEFF10203041#))\n"; 2292 static struct 2293 { 2294 const char *data; 2295 int algo; 2296 int expected_rc; 2297 } datas[] = 2298 { 2299 { "(data\n (flags pkcs1)\n" 2300 " (hash sha1 #11223344556677889900AABBCCDDEEFF10203040#))\n", 2301 GCRY_PK_RSA, 2302 0 }, 2303 { "(data\n (flags oaep)\n" 2304 " (hash sha1 #11223344556677889900AABBCCDDEEFF10203040#))\n", 2305 0, 2306 GPG_ERR_CONFLICT }, 2307 /* This test is to see whether hash algorithms not hard wired in 2308 pubkey.c are detected: */ 2309 { "(data\n (flags pkcs1)\n" 2310 " (hash oid.1.3.14.3.2.29 " 2311 " #11223344556677889900AABBCCDDEEFF10203040#))\n", 2312 GCRY_PK_RSA, 2313 0 }, 2314 { "(data\n (flags )\n" 2315 " (hash sha1 #11223344556677889900AABBCCDDEEFF10203040#))\n", 2316 0, 2317 GPG_ERR_CONFLICT }, 2318 { "(data\n (flags pkcs1)\n" 2319 " (hash foo #11223344556677889900AABBCCDDEEFF10203040#))\n", 2320 GCRY_PK_RSA, 2321 GPG_ERR_DIGEST_ALGO }, 2322 { "(data\n (flags )\n" " (value #11223344556677889900AA#))\n", 2323 0, 2324 0 }, 2325 { "(data\n (flags )\n" " (value #0090223344556677889900AA#))\n", 2326 0, 2327 0 }, 2328 { "(data\n (flags raw)\n" " (value #11223344556677889900AA#))\n", 2329 0, 2330 0 }, 2331 { "(data\n (flags pkcs1)\n" 2332 " (value #11223344556677889900AA#))\n", 2333 GCRY_PK_RSA, 2334 GPG_ERR_CONFLICT }, 2335 { "(data\n (flags raw foo)\n" 2336 " (value #11223344556677889900AA#))\n", 2337 0, 2338 GPG_ERR_INV_FLAG }, 2339 { "(data\n (flags pss)\n" 2340 " (hash sha1 #11223344556677889900AABBCCDDEEFF10203040#))\n", 2341 GCRY_PK_RSA, 2342 0 }, 2343 { "(data\n (flags pss)\n" 2344 " (hash sha1 #11223344556677889900AABBCCDDEEFF10203040#)\n" 2345 " (random-override #4253647587980912233445566778899019283747#))\n", 2346 GCRY_PK_RSA, 2347 0 }, 2348 { NULL } 2349 }; 2350 2351 (void)n; 2352 2353 rc = gcry_sexp_sscan (&badhash, NULL, baddata, strlen (baddata)); 2354 if (rc) 2355 die ("converting data failed: %s\n", gpg_strerror (rc)); 2356 2357 for (dataidx = 0; datas[dataidx].data; dataidx++) 2358 { 2359 if (datas[dataidx].algo && datas[dataidx].algo != algo) 2360 continue; 2361 2362 if (verbose) 2363 fprintf (stderr, " signature test %d\n", dataidx); 2364 2365 rc = gcry_sexp_sscan (&hash, NULL, datas[dataidx].data, 2366 strlen (datas[dataidx].data)); 2367 if (rc) 2368 die ("converting data failed: %s\n", gpg_strerror (rc)); 2369 2370 rc = gcry_pk_sign (&sig, hash, skey); 2371 if (gcry_err_code (rc) != datas[dataidx].expected_rc) 2372 fail ("gcry_pk_sign failed: %s\n", gpg_strerror (rc)); 2373 2374 if (!rc) 2375 verify_one_signature (pkey, hash, badhash, sig); 2376 2377 gcry_sexp_release (sig); 2378 sig = NULL; 2379 gcry_sexp_release (hash); 2380 hash = NULL; 2381 } 2382 2383 gcry_sexp_release (badhash); 2384} 2385 2386static void 2387check_pubkey_crypt (int n, gcry_sexp_t skey, gcry_sexp_t pkey, int algo) 2388{ 2389 gcry_error_t rc; 2390 gcry_sexp_t plain, ciph, data; 2391 int dataidx; 2392 static struct 2393 { 2394 int algo; /* If not 0 run test only if ALGO matches. */ 2395 const char *data; 2396 const char *hint; 2397 int unpadded; 2398 int encrypt_expected_rc; 2399 int decrypt_expected_rc; 2400 } datas[] = 2401 { 2402 { GCRY_PK_RSA, 2403 "(data\n (flags pkcs1)\n" 2404 " (value #11223344556677889900AA#))\n", 2405 NULL, 2406 0, 2407 0, 2408 0 }, 2409 { GCRY_PK_RSA, 2410 "(data\n (flags pkcs1)\n" 2411 " (value #11223344556677889900AA#))\n", 2412 "(flags pkcs1)", 2413 1, 2414 0, 2415 0 }, 2416 { GCRY_PK_RSA, 2417 "(data\n (flags oaep)\n" 2418 " (value #11223344556677889900AA#))\n", 2419 "(flags oaep)", 2420 1, 2421 0, 2422 0 }, 2423 { GCRY_PK_RSA, 2424 "(data\n (flags oaep)\n (hash-algo sha1)\n" 2425 " (value #11223344556677889900AA#))\n", 2426 "(flags oaep)(hash-algo sha1)", 2427 1, 2428 0, 2429 0 }, 2430 { GCRY_PK_RSA, 2431 "(data\n (flags oaep)\n (hash-algo sha1)\n (label \"test\")\n" 2432 " (value #11223344556677889900AA#))\n", 2433 "(flags oaep)(hash-algo sha1)(label \"test\")", 2434 1, 2435 0, 2436 0 }, 2437 { GCRY_PK_RSA, 2438 "(data\n (flags oaep)\n (hash-algo sha1)\n (label \"test\")\n" 2439 " (value #11223344556677889900AA#)\n" 2440 " (random-override #4253647587980912233445566778899019283747#))\n", 2441 "(flags oaep)(hash-algo sha1)(label \"test\")", 2442 1, 2443 0, 2444 0 }, 2445 { 0, 2446 "(data\n (flags )\n" " (value #11223344556677889900AA#))\n", 2447 NULL, 2448 1, 2449 0, 2450 0 }, 2451 { 0, 2452 "(data\n (flags )\n" " (value #0090223344556677889900AA#))\n", 2453 NULL, 2454 1, 2455 0, 2456 0 }, 2457 { 0, 2458 "(data\n (flags raw)\n" " (value #11223344556677889900AA#))\n", 2459 NULL, 2460 1, 2461 0, 2462 0 }, 2463 { GCRY_PK_RSA, 2464 "(data\n (flags pkcs1)\n" 2465 " (hash sha1 #11223344556677889900AABBCCDDEEFF10203040#))\n", 2466 NULL, 2467 0, 2468 GPG_ERR_CONFLICT, 2469 0}, 2470 { 0, 2471 "(data\n (flags raw foo)\n" 2472 " (hash sha1 #11223344556677889900AABBCCDDEEFF10203040#))\n", 2473 NULL, 2474 0, 2475 GPG_ERR_INV_FLAG, 2476 0}, 2477 { 0, 2478 "(data\n (flags raw)\n" 2479 " (value #11223344556677889900AA#))\n", 2480 "(flags oaep)", 2481 1, 2482 0, 2483 GPG_ERR_ENCODING_PROBLEM }, 2484 { GCRY_PK_RSA, 2485 "(data\n (flags oaep)\n" 2486 " (value #11223344556677889900AA#))\n", 2487 "(flags pkcs1)", 2488 1, 2489 0, 2490 GPG_ERR_ENCODING_PROBLEM }, 2491 { 0, 2492 "(data\n (flags pss)\n" 2493 " (value #11223344556677889900AA#))\n", 2494 NULL, 2495 0, 2496 GPG_ERR_CONFLICT }, 2497 { 0, NULL } 2498 }; 2499 2500 (void)n; 2501 2502 for (dataidx = 0; datas[dataidx].data; dataidx++) 2503 { 2504 if (datas[dataidx].algo && datas[dataidx].algo != algo) 2505 continue; 2506 2507 if (verbose) 2508 fprintf (stderr, " encryption/decryption test %d (algo %d)\n", 2509 dataidx, algo); 2510 2511 rc = gcry_sexp_sscan (&data, NULL, datas[dataidx].data, 2512 strlen (datas[dataidx].data)); 2513 if (rc) 2514 die ("converting data failed: %s\n", gpg_strerror (rc)); 2515 2516 rc = gcry_pk_encrypt (&ciph, data, pkey); 2517 if (gcry_err_code (rc) != datas[dataidx].encrypt_expected_rc) 2518 fail ("gcry_pk_encrypt failed: %s\n", gpg_strerror (rc)); 2519 2520 if (!rc) 2521 { 2522 /* Insert decoding hint to CIPH. */ 2523 if (datas[dataidx].hint) 2524 { 2525 size_t hint_len, len; 2526 char *hint, *buf; 2527 gcry_sexp_t list; 2528 2529 /* Convert decoding hint into canonical sexp. */ 2530 hint_len = gcry_sexp_new (&list, datas[dataidx].hint, 2531 strlen (datas[dataidx].hint), 1); 2532 hint_len = gcry_sexp_sprint (list, GCRYSEXP_FMT_CANON, NULL, 0); 2533 hint = gcry_malloc (hint_len); 2534 if (!hint) 2535 die ("can't allocate memory\n"); 2536 hint_len = gcry_sexp_sprint (list, GCRYSEXP_FMT_CANON, hint, 2537 hint_len); 2538 gcry_sexp_release (list); 2539 2540 /* Convert CIPH into canonical sexp. */ 2541 len = gcry_sexp_sprint (ciph, GCRYSEXP_FMT_CANON, NULL, 0); 2542 buf = gcry_malloc (len + hint_len); 2543 if (!buf) 2544 die ("can't allocate memory\n"); 2545 len = gcry_sexp_sprint (ciph, GCRYSEXP_FMT_CANON, buf, len); 2546 /* assert (!strcmp (buf, "(7:enc-val", 10)); */ 2547 2548 /* Copy decoding hint into CIPH. */ 2549 memmove (buf + 10 + hint_len, buf + 10, len - 10); 2550 memcpy (buf + 10, hint, hint_len); 2551 gcry_free (hint); 2552 gcry_sexp_new (&list, buf, len + hint_len, 1); 2553 gcry_free (buf); 2554 gcry_sexp_release (ciph); 2555 ciph = list; 2556 } 2557 rc = gcry_pk_decrypt (&plain, ciph, skey); 2558 if (gcry_err_code (rc) != datas[dataidx].decrypt_expected_rc) 2559 fail ("gcry_pk_decrypt failed: %s\n", gpg_strerror (rc)); 2560 2561 if (!rc && datas[dataidx].unpadded) 2562 { 2563 gcry_sexp_t p1, p2; 2564 2565 p1 = gcry_sexp_find_token (data, "value", 0); 2566 p2 = gcry_sexp_find_token (plain, "value", 0); 2567 if (p1 && p2) 2568 { 2569 const char *s1, *s2; 2570 size_t n1, n2; 2571 2572 s1 = gcry_sexp_nth_data (p1, 1, &n1); 2573 s2 = gcry_sexp_nth_data (p2, 1, &n2); 2574 if (n1 != n2 || memcmp (s1, s2, n1)) 2575 fail ("gcry_pk_encrypt/gcry_pk_decrypt do not roundtrip\n"); 2576 } 2577 gcry_sexp_release (p1); 2578 gcry_sexp_release (p2); 2579 } 2580 } 2581 2582 gcry_sexp_release (plain); 2583 plain = NULL; 2584 gcry_sexp_release (ciph); 2585 ciph = NULL; 2586 gcry_sexp_release (data); 2587 data = NULL; 2588 } 2589} 2590 2591static void 2592check_pubkey_grip (int n, const unsigned char *grip, 2593 gcry_sexp_t skey, gcry_sexp_t pkey, int algo) 2594{ 2595 unsigned char sgrip[20], pgrip[20]; 2596 2597 (void)algo; 2598 2599 if (!gcry_pk_get_keygrip (skey, sgrip)) 2600 die ("get keygrip for private RSA key failed\n"); 2601 if (!gcry_pk_get_keygrip (pkey, pgrip)) 2602 die ("[%i] get keygrip for public RSA key failed\n", n); 2603 if (memcmp (sgrip, pgrip, 20)) 2604 fail ("[%i] keygrips don't match\n", n); 2605 if (memcmp (sgrip, grip, 20)) 2606 fail ("wrong keygrip for RSA key\n"); 2607} 2608 2609static void 2610do_check_one_pubkey (int n, gcry_sexp_t skey, gcry_sexp_t pkey, 2611 const unsigned char *grip, int algo, int flags) 2612{ 2613 if (flags & FLAG_SIGN) 2614 check_pubkey_sign (n, skey, pkey, algo); 2615 if (flags & FLAG_CRYPT) 2616 check_pubkey_crypt (n, skey, pkey, algo); 2617 if (grip && (flags & FLAG_GRIP)) 2618 check_pubkey_grip (n, grip, skey, pkey, algo); 2619} 2620 2621static void 2622check_one_pubkey (int n, test_spec_pubkey_t spec) 2623{ 2624 gcry_error_t err = GPG_ERR_NO_ERROR; 2625 gcry_sexp_t skey, pkey; 2626 2627 err = gcry_sexp_sscan (&skey, NULL, spec.key.secret, 2628 strlen (spec.key.secret)); 2629 if (!err) 2630 err = gcry_sexp_sscan (&pkey, NULL, spec.key.public, 2631 strlen (spec.key.public)); 2632 if (err) 2633 die ("converting sample key failed: %s\n", gpg_strerror (err)); 2634 2635 do_check_one_pubkey (n, skey, pkey, 2636 (const unsigned char*)spec.key.grip, 2637 spec.id, spec.flags); 2638 2639 gcry_sexp_release (skey); 2640 gcry_sexp_release (pkey); 2641} 2642 2643static void 2644get_keys_new (gcry_sexp_t *pkey, gcry_sexp_t *skey) 2645{ 2646 gcry_sexp_t key_spec, key, pub_key, sec_key; 2647 int rc; 2648 if (verbose) 2649 fprintf (stderr, " generating RSA key:"); 2650 rc = gcry_sexp_new (&key_spec, 2651 in_fips_mode ? "(genkey (rsa (nbits 4:1024)))" 2652 : "(genkey (rsa (nbits 4:1024)(transient-key)))", 2653 0, 1); 2654 if (rc) 2655 die ("error creating S-expression: %s\n", gpg_strerror (rc)); 2656 rc = gcry_pk_genkey (&key, key_spec); 2657 gcry_sexp_release (key_spec); 2658 if (rc) 2659 die ("error generating RSA key: %s\n", gpg_strerror (rc)); 2660 2661 pub_key = gcry_sexp_find_token (key, "public-key", 0); 2662 if (! pub_key) 2663 die ("public part missing in key\n"); 2664 2665 sec_key = gcry_sexp_find_token (key, "private-key", 0); 2666 if (! sec_key) 2667 die ("private part missing in key\n"); 2668 2669 gcry_sexp_release (key); 2670 *pkey = pub_key; 2671 *skey = sec_key; 2672} 2673 2674static void 2675check_one_pubkey_new (int n) 2676{ 2677 gcry_sexp_t skey, pkey; 2678 2679 get_keys_new (&pkey, &skey); 2680 do_check_one_pubkey (n, skey, pkey, NULL, 2681 GCRY_PK_RSA, FLAG_SIGN | FLAG_CRYPT); 2682 gcry_sexp_release (pkey); 2683 gcry_sexp_release (skey); 2684} 2685 2686/* Run all tests for the public key functions. */ 2687static void 2688check_pubkey (void) 2689{ 2690 test_spec_pubkey_t pubkeys[] = 2691 { 2692 { 2693 GCRY_PK_RSA, FLAG_CRYPT | FLAG_SIGN, 2694 2695 { "(private-key\n" 2696 " (rsa\n" 2697 " (n #00e0ce96f90b6c9e02f3922beada93fe50a875eac6bcc18bb9a9cf2e84965caa" 2698 " 2d1ff95a7f542465c6c0c19d276e4526ce048868a7a914fd343cc3a87dd74291" 2699 " ffc565506d5bbb25cbac6a0e2dd1f8bcaab0d4a29c2f37c950f363484bf269f7" 2700 " 891440464baf79827e03a36e70b814938eebdc63e964247be75dc58b014b7ea251#)\n" 2701 " (e #010001#)\n" 2702 " (d #046129F2489D71579BE0A75FE029BD6CDB574EBF57EA8A5B0FDA942CAB943B11" 2703 " 7D7BB95E5D28875E0F9FC5FCC06A72F6D502464DABDED78EF6B716177B83D5BD" 2704 " C543DC5D3FED932E59F5897E92E6F58A0F33424106A3B6FA2CBF877510E4AC21" 2705 " C3EE47851E97D12996222AC3566D4CCB0B83D164074ABF7DE655FC2446DA1781#)\n" 2706 " (p #00e861b700e17e8afe6837e7512e35b6ca11d0ae47d8b85161c67baf64377213" 2707 " fe52d772f2035b3ca830af41d8a4120e1c1c70d12cc22f00d28d31dd48a8d424f1#)\n" 2708 " (q #00f7a7ca5367c661f8e62df34f0d05c10c88e5492348dd7bddc942c9a8f369f9" 2709 " 35a07785d2db805215ed786e4285df1658eed3ce84f469b81b50d358407b4ad361#)\n" 2710 " (u #304559a9ead56d2309d203811a641bb1a09626bc8eb36fffa23c968ec5bd891e" 2711 " ebbafc73ae666e01ba7c8990bae06cc2bbe10b75e69fcacb353a6473079d8e9b#)))\n", 2712 2713 "(public-key\n" 2714 " (rsa\n" 2715 " (n #00e0ce96f90b6c9e02f3922beada93fe50a875eac6bcc18bb9a9cf2e84965caa" 2716 " 2d1ff95a7f542465c6c0c19d276e4526ce048868a7a914fd343cc3a87dd74291" 2717 " ffc565506d5bbb25cbac6a0e2dd1f8bcaab0d4a29c2f37c950f363484bf269f7" 2718 " 891440464baf79827e03a36e70b814938eebdc63e964247be75dc58b014b7ea251#)\n" 2719 " (e #010001#)))\n", 2720 2721 "\x32\x10\x0c\x27\x17\x3e\xf6\xe9\xc4\xe9" 2722 "\xa2\x5d\x3d\x69\xf8\x6d\x37\xa4\xf9\x39"} 2723 }, 2724 { 2725 GCRY_PK_DSA, FLAG_SIGN, 2726 2727 { "(private-key\n" 2728 " (DSA\n" 2729 " (p #00AD7C0025BA1A15F775F3F2D673718391D00456978D347B33D7B49E7F32EDAB" 2730 " 96273899DD8B2BB46CD6ECA263FAF04A28903503D59062A8865D2AE8ADFB5191" 2731 " CF36FFB562D0E2F5809801A1F675DAE59698A9E01EFE8D7DCFCA084F4C6F5A44" 2732 " 44D499A06FFAEA5E8EF5E01F2FD20A7B7EF3F6968AFBA1FB8D91F1559D52D8777B#)\n" 2733 " (q #00EB7B5751D25EBBB7BD59D920315FD840E19AEBF9#)\n" 2734 " (g #1574363387FDFD1DDF38F4FBE135BB20C7EE4772FB94C337AF86EA8E49666503" 2735 " AE04B6BE81A2F8DD095311E0217ACA698A11E6C5D33CCDAE71498ED35D13991E" 2736 " B02F09AB40BD8F4C5ED8C75DA779D0AE104BC34C960B002377068AB4B5A1F984" 2737 " 3FBA91F537F1B7CAC4D8DD6D89B0D863AF7025D549F9C765D2FC07EE208F8D15#)\n" 2738 " (y #64B11EF8871BE4AB572AA810D5D3CA11A6CDBC637A8014602C72960DB135BF46" 2739 " A1816A724C34F87330FC9E187C5D66897A04535CC2AC9164A7150ABFA8179827" 2740 " 6E45831AB811EEE848EBB24D9F5F2883B6E5DDC4C659DEF944DCFD80BF4D0A20" 2741 " 42CAA7DC289F0C5A9D155F02D3D551DB741A81695B74D4C8F477F9C7838EB0FB#)\n" 2742 " (x #11D54E4ADBD3034160F2CED4B7CD292A4EBF3EC0#)))\n", 2743 2744 "(public-key\n" 2745 " (DSA\n" 2746 " (p #00AD7C0025BA1A15F775F3F2D673718391D00456978D347B33D7B49E7F32EDAB" 2747 " 96273899DD8B2BB46CD6ECA263FAF04A28903503D59062A8865D2AE8ADFB5191" 2748 " CF36FFB562D0E2F5809801A1F675DAE59698A9E01EFE8D7DCFCA084F4C6F5A44" 2749 " 44D499A06FFAEA5E8EF5E01F2FD20A7B7EF3F6968AFBA1FB8D91F1559D52D8777B#)\n" 2750 " (q #00EB7B5751D25EBBB7BD59D920315FD840E19AEBF9#)\n" 2751 " (g #1574363387FDFD1DDF38F4FBE135BB20C7EE4772FB94C337AF86EA8E49666503" 2752 " AE04B6BE81A2F8DD095311E0217ACA698A11E6C5D33CCDAE71498ED35D13991E" 2753 " B02F09AB40BD8F4C5ED8C75DA779D0AE104BC34C960B002377068AB4B5A1F984" 2754 " 3FBA91F537F1B7CAC4D8DD6D89B0D863AF7025D549F9C765D2FC07EE208F8D15#)\n" 2755 " (y #64B11EF8871BE4AB572AA810D5D3CA11A6CDBC637A8014602C72960DB135BF46" 2756 " A1816A724C34F87330FC9E187C5D66897A04535CC2AC9164A7150ABFA8179827" 2757 " 6E45831AB811EEE848EBB24D9F5F2883B6E5DDC4C659DEF944DCFD80BF4D0A20" 2758 " 42CAA7DC289F0C5A9D155F02D3D551DB741A81695B74D4C8F477F9C7838EB0FB#)))\n", 2759 2760 "\xc6\x39\x83\x1a\x43\xe5\x05\x5d\xc6\xd8" 2761 "\x4a\xa6\xf9\xeb\x23\xbf\xa9\x12\x2d\x5b" } 2762 }, 2763 { 2764 GCRY_PK_ELG, FLAG_SIGN | FLAG_CRYPT, 2765 2766 { "(private-key\n" 2767 " (ELG\n" 2768 " (p #00B93B93386375F06C2D38560F3B9C6D6D7B7506B20C1773F73F8DE56E6CD65D" 2769 " F48DFAAA1E93F57A2789B168362A0F787320499F0B2461D3A4268757A7B27517" 2770 " B7D203654A0CD484DEC6AF60C85FEB84AAC382EAF2047061FE5DAB81A20A0797" 2771 " 6E87359889BAE3B3600ED718BE61D4FC993CC8098A703DD0DC942E965E8F18D2A7#)\n" 2772 " (g #05#)\n" 2773 " (y #72DAB3E83C9F7DD9A931FDECDC6522C0D36A6F0A0FEC955C5AC3C09175BBFF2B" 2774 " E588DB593DC2E420201BEB3AC17536918417C497AC0F8657855380C1FCF11C5B" 2775 " D20DB4BEE9BDF916648DE6D6E419FA446C513AAB81C30CB7B34D6007637BE675" 2776 " 56CE6473E9F9EE9B9FADD275D001563336F2186F424DEC6199A0F758F6A00FF4#)\n" 2777 " (x #03C28900087B38DABF4A0AB98ACEA39BB674D6557096C01D72E31C16BDD32214#)))\n", 2778 2779 "(public-key\n" 2780 " (ELG\n" 2781 " (p #00B93B93386375F06C2D38560F3B9C6D6D7B7506B20C1773F73F8DE56E6CD65D" 2782 " F48DFAAA1E93F57A2789B168362A0F787320499F0B2461D3A4268757A7B27517" 2783 " B7D203654A0CD484DEC6AF60C85FEB84AAC382EAF2047061FE5DAB81A20A0797" 2784 " 6E87359889BAE3B3600ED718BE61D4FC993CC8098A703DD0DC942E965E8F18D2A7#)\n" 2785 " (g #05#)\n" 2786 " (y #72DAB3E83C9F7DD9A931FDECDC6522C0D36A6F0A0FEC955C5AC3C09175BBFF2B" 2787 " E588DB593DC2E420201BEB3AC17536918417C497AC0F8657855380C1FCF11C5B" 2788 " D20DB4BEE9BDF916648DE6D6E419FA446C513AAB81C30CB7B34D6007637BE675" 2789 " 56CE6473E9F9EE9B9FADD275D001563336F2186F424DEC6199A0F758F6A00FF4#)))\n", 2790 2791 "\xa7\x99\x61\xeb\x88\x83\xd2\xf4\x05\xc8" 2792 "\x4f\xba\x06\xf8\x78\x09\xbc\x1e\x20\xe5" } 2793 }, 2794 }; 2795 int i; 2796 if (verbose) 2797 fprintf (stderr, "Starting public key checks.\n"); 2798 for (i = 0; i < sizeof (pubkeys) / sizeof (*pubkeys); i++) 2799 if (pubkeys[i].id) 2800 { 2801 if (gcry_pk_test_algo (pubkeys[i].id) && in_fips_mode) 2802 { 2803 if (verbose) 2804 fprintf (stderr, " algorithm %d not available in fips mode\n", 2805 pubkeys[i].id); 2806 continue; 2807 } 2808 check_one_pubkey (i, pubkeys[i]); 2809 } 2810 if (verbose) 2811 fprintf (stderr, "Completed public key checks.\n"); 2812 2813 if (verbose) 2814 fprintf (stderr, "Starting additional public key checks.\n"); 2815 for (i = 0; i < sizeof (pubkeys) / sizeof (*pubkeys); i++) 2816 if (pubkeys[i].id) 2817 { 2818 if (gcry_pk_test_algo (pubkeys[i].id) && in_fips_mode) 2819 { 2820 if (verbose) 2821 fprintf (stderr, " algorithm %d not available in fips mode\n", 2822 pubkeys[i].id); 2823 continue; 2824 } 2825 check_one_pubkey_new (i); 2826 } 2827 if (verbose) 2828 fprintf (stderr, "Completed additional public key checks.\n"); 2829 2830} 2831 2832int 2833main (int argc, char **argv) 2834{ 2835 gpg_error_t err; 2836 int last_argc = -1; 2837 int debug = 0; 2838 int use_fips = 0; 2839 int selftest_only = 0; 2840 2841 if (argc) 2842 { argc--; argv++; } 2843 2844 while (argc && last_argc != argc ) 2845 { 2846 last_argc = argc; 2847 if (!strcmp (*argv, "--")) 2848 { 2849 argc--; argv++; 2850 break; 2851 } 2852 else if (!strcmp (*argv, "--verbose")) 2853 { 2854 verbose++; 2855 argc--; argv++; 2856 } 2857 else if (!strcmp (*argv, "--debug")) 2858 { 2859 verbose = debug = 1; 2860 argc--; argv++; 2861 } 2862 else if (!strcmp (*argv, "--fips")) 2863 { 2864 use_fips = 1; 2865 argc--; argv++; 2866 } 2867 else if (!strcmp (*argv, "--selftest")) 2868 { 2869 selftest_only = 1; 2870 verbose += 2; 2871 argc--; argv++; 2872 } 2873 else if (!strcmp (*argv, "--die")) 2874 { 2875 die_on_error = 1; 2876 argc--; argv++; 2877 } 2878 } 2879 2880 gcry_control (GCRYCTL_SET_VERBOSITY, (int)verbose); 2881 2882 if (use_fips) 2883 gcry_control (GCRYCTL_FORCE_FIPS_MODE, 0); 2884 2885 /* Check that we test exactly our version - including the patchlevel. */ 2886 if (strcmp (GCRYPT_VERSION, gcry_check_version (NULL))) 2887 die ("version mismatch; pgm=%s, library=%s\n", 2888 GCRYPT_VERSION,gcry_check_version (NULL)); 2889 2890 if ( gcry_fips_mode_active () ) 2891 in_fips_mode = 1; 2892 2893 if (!in_fips_mode) 2894 gcry_control (GCRYCTL_DISABLE_SECMEM, 0); 2895 2896 if (verbose) 2897 gcry_set_progress_handler (progress_handler, NULL); 2898 2899 gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0); 2900 if (debug) 2901 gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1u, 0); 2902 /* No valuable keys are create, so we can speed up our RNG. */ 2903 gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0); 2904 2905 if (!selftest_only) 2906 { 2907 check_ciphers (); 2908 check_cipher_modes (); 2909 check_bulk_cipher_modes (); 2910 check_digests (); 2911 check_hmac (); 2912 check_pubkey (); 2913 } 2914 2915 2916 if (in_fips_mode && !selftest_only) 2917 { 2918 /* If we are in fips mode do some more tests. */ 2919 gcry_md_hd_t md; 2920 2921 /* First trigger a self-test. */ 2922 gcry_control (GCRYCTL_FORCE_FIPS_MODE, 0); 2923 if (!gcry_control (GCRYCTL_OPERATIONAL_P, 0)) 2924 fail ("not in operational state after self-test\n"); 2925 2926 /* Get us into the error state. */ 2927 err = gcry_md_open (&md, GCRY_MD_SHA1, 0); 2928 if (err) 2929 fail ("failed to open SHA-1 hash context: %s\n", gpg_strerror (err)); 2930 else 2931 { 2932 err = gcry_md_enable (md, GCRY_MD_SHA256); 2933 if (err) 2934 fail ("failed to add SHA-256 hash context: %s\n", 2935 gpg_strerror (err)); 2936 else 2937 { 2938 /* gcry_md_get_algo is only defined for a context with 2939 just one digest algorithm. With our setup it should 2940 put the oibrary intoerror state. */ 2941 fputs ("Note: Two lines with error messages follow " 2942 "- this is expected\n", stderr); 2943 gcry_md_get_algo (md); 2944 gcry_md_close (md); 2945 if (gcry_control (GCRYCTL_OPERATIONAL_P, 0)) 2946 fail ("expected error state but still in operational state\n"); 2947 else 2948 { 2949 /* Now run a self-test and to get back into 2950 operational state. */ 2951 gcry_control (GCRYCTL_FORCE_FIPS_MODE, 0); 2952 if (!gcry_control (GCRYCTL_OPERATIONAL_P, 0)) 2953 fail ("did not reach operational after error " 2954 "and self-test\n"); 2955 } 2956 } 2957 } 2958 2959 } 2960 else 2961 { 2962 /* If in standard mode, run selftests. */ 2963 if (gcry_control (GCRYCTL_SELFTEST, 0)) 2964 fail ("running self-test failed\n"); 2965 } 2966 2967 if (verbose) 2968 fprintf (stderr, "\nAll tests completed. Errors: %i\n", error_count); 2969 2970 if (in_fips_mode && !gcry_fips_mode_active ()) 2971 fprintf (stderr, "FIPS mode is not anymore active\n"); 2972 2973 return error_count ? 1 : 0; 2974} 2975