tests: Fixes for RSA testsuite in FIPS mode

* tests/basic.c (get_keys_new): Generate 2048 bit key.
* tests/benchmark.c (rsa_bench): Skip keys of lengths different
than 2048 and 3072 in FIPS mode.
* tests/keygen.c (check_rsa_keys): Failure if short keys can be
generated in FIPS mode.
(check_dsa_keys): Ditto for DSA keys.
* tests/pubkey.c (check_x931_derived_key): Skip keys < 2048 in FIPS.
--

Thanks to Ludwig Nussel.
Signed-off-by: Vitezslav Cizek <vcizek@suse.com>

Additional changes by wk:
  - Remove printing of "FAIL" in fail() because this is reserved for
    use by the test driver of the Makefile.
  - Move setting of IN_FIPS_MODE after gcry_check_version in keygen.c

Signed-off-by: Werner Koch <wk@gnupg.org>

4 files changed, 108 insertions, 24 deletions

diff --git a/tests/basic.c b/tests/basic.c
index 876ee2ec..63fbcf6b 100644
--- a/tests/basic.c
+++ b/tests/basic.c
@@ -8442,7 +8442,7 @@ get_keys_new (gcry_sexp_t *pkey, gcry_sexp_t *skey)
   if (verbose)
     fprintf (stderr, "  generating RSA key:");
   rc = gcry_sexp_new (&key_spec,
-		      in_fips_mode ? "(genkey (rsa (nbits 4:1024)))"
+		      in_fips_mode ? "(genkey (rsa (nbits 4:2048)))"
                       : "(genkey (rsa (nbits 4:1024)(transient-key)))",
                       0, 1);
   if (rc)
diff --git a/tests/benchmark.c b/tests/benchmark.c
index b6cd7a89..c748dacf 100644
--- a/tests/benchmark.c
+++ b/tests/benchmark.c
@@ -1085,15 +1085,22 @@ rsa_bench (int iterations, int print_header, int no_blinding)
       gcry_sexp_t data;
       gcry_sexp_t sig = NULL;
       int count;
+      unsigned nbits = p_sizes[testno];
 
-      printf ("RSA %3d bit    ", p_sizes[testno]);
+      printf ("RSA %3d bit    ", nbits);
       fflush (stdout);
 
+      if (in_fips_mode && !(nbits == 2048 || nbits == 3072))
+        {
+          puts ("[skipped in fips mode]");
+          continue;
+        }
+
       err = gcry_sexp_build (&key_spec, NULL,
                              gcry_fips_mode_active ()
                              ? "(genkey (RSA (nbits %d)))"
                              : "(genkey (RSA (nbits %d)(transient-key)))",
-                             p_sizes[testno]);
+                             nbits);
       if (err)
         die ("creating S-expression failed: %s\n", gcry_strerror (err));
 
@@ -1101,7 +1108,7 @@ rsa_bench (int iterations, int print_header, int no_blinding)
       err = gcry_pk_genkey (&key_pair, key_spec);
       if (err)
         die ("creating %d bit RSA key failed: %s\n",
-             p_sizes[testno], gcry_strerror (err));
+             nbits, gcry_strerror (err));
 
       pub_key = gcry_sexp_find_token (key_pair, "public-key", 0);
       if (! pub_key)
@@ -1116,8 +1123,8 @@ rsa_bench (int iterations, int print_header, int no_blinding)
       printf ("   %s", elapsed_time (1));
       fflush (stdout);
 
-      x = gcry_mpi_new (p_sizes[testno]);
-      gcry_mpi_randomize (x, p_sizes[testno]-8, GCRY_WEAK_RANDOM);
+      x = gcry_mpi_new (nbits);
+      gcry_mpi_randomize (x, nbits-8, GCRY_WEAK_RANDOM);
       err = gcry_sexp_build (&data, NULL,
                              "(data (flags raw) (value %m))", x);
       gcry_mpi_release (x);
@@ -1155,8 +1162,8 @@ rsa_bench (int iterations, int print_header, int no_blinding)
       if (no_blinding)
         {
           fflush (stdout);
-          x = gcry_mpi_new (p_sizes[testno]);
-          gcry_mpi_randomize (x, p_sizes[testno]-8, GCRY_WEAK_RANDOM);
+          x = gcry_mpi_new (nbits);
+          gcry_mpi_randomize (x, nbits-8, GCRY_WEAK_RANDOM);
           err = gcry_sexp_build (&data, NULL,
                                  "(data (flags no-blinding) (value %m))", x);
           gcry_mpi_release (x);
diff --git a/tests/keygen.c b/tests/keygen.c
index 8b9a1d58..7afa76c1 100644
--- a/tests/keygen.c
+++ b/tests/keygen.c
@@ -40,6 +40,7 @@
 static int verbose;
 static int debug;
 static int error_count;
+static int in_fips_mode;
 
 
 static void
@@ -196,11 +197,11 @@ check_rsa_keys (void)
   int rc;
 
   if (verbose)
-    show ("creating 1024 bit RSA key\n");
+    show ("creating 2048 bit RSA key\n");
   rc = gcry_sexp_new (&keyparm,
                       "(genkey\n"
                       " (rsa\n"
-                      "  (nbits 4:1024)\n"
+                      "  (nbits 4:2048)\n"
                       " ))", 0, 1);
   if (rc)
     die ("error creating S-expression: %s\n", gpg_strerror (rc));
@@ -208,9 +209,29 @@ check_rsa_keys (void)
   gcry_sexp_release (keyparm);
   if (rc)
     die ("error generating RSA key: %s\n", gpg_strerror (rc));
-  if (verbose > 1)
-    show_sexp ("1024 bit RSA key:\n", key);
-  check_generated_rsa_key (key, 65537);
+
+  if (verbose)
+    show ("creating 1024 bit RSA key\n");
+  rc = gcry_sexp_new (&keyparm,
+                      "(genkey\n"
+                      " (rsa\n"
+                      "  (nbits 4:1024)\n"
+                      " ))", 0, 1);
+  if (rc)
+    die ("error creating S-expression: %s\n", gpg_strerror (rc));
+  rc = gcry_pk_genkey (&key, keyparm);
+  gcry_sexp_release (keyparm);
+  if (rc && !in_fips_mode)
+    fail ("error generating RSA key: %s\n", gpg_strerror (rc));
+  else if (!rc && in_fips_mode)
+    fail ("generating 1024 bit RSA key must not work!");
+
+  if (!rc)
+    {
+      if (verbose > 1)
+        show_sexp ("1024 bit RSA key:\n", key);
+      check_generated_rsa_key (key, 65537);
+    }
   gcry_sexp_release (key);
 
 
@@ -226,10 +247,13 @@ check_rsa_keys (void)
     die ("error creating S-expression: %s\n", gpg_strerror (rc));
   rc = gcry_pk_genkey (&key, keyparm);
   gcry_sexp_release (keyparm);
-  if (rc)
-    die ("error generating RSA key: %s\n", gpg_strerror (rc));
+  if (rc && !in_fips_mode)
+    fail ("error generating RSA key: %s\n", gpg_strerror (rc));
+  else if (!rc && in_fips_mode)
+    fail ("generating 512 bit RSA key must not work!");
 
-  check_generated_rsa_key (key, 257);
+  if (!rc)
+    check_generated_rsa_key (key, 257);
   gcry_sexp_release (key);
 
   if (verbose)
@@ -244,10 +268,13 @@ check_rsa_keys (void)
     die ("error creating S-expression: %s\n", gpg_strerror (rc));
   rc = gcry_pk_genkey (&key, keyparm);
   gcry_sexp_release (keyparm);
-  if (rc)
-    die ("error generating RSA key: %s\n", gpg_strerror (rc));
+  if (rc && !in_fips_mode)
+    fail ("error generating RSA key: %s\n", gpg_strerror (rc));
+  else if (!rc && in_fips_mode)
+    fail ("generating 512 bit RSA key must not work!");
 
-  check_generated_rsa_key (key, 0); /* We don't expect a constant exponent. */
+  if (!rc)
+    check_generated_rsa_key (key, 0); /* We don't expect a constant exponent. */
   gcry_sexp_release (key);
 }
 
@@ -299,8 +326,10 @@ check_dsa_keys (void)
         die ("error creating S-expression: %s\n", gpg_strerror (rc));
       rc = gcry_pk_genkey (&key, keyparm);
       gcry_sexp_release (keyparm);
-      if (rc)
+      if (rc && !in_fips_mode)
         die ("error generating DSA key: %s\n", gpg_strerror (rc));
+      else if (!rc && in_fips_mode)
+        die ("generating 512 bit DSA key must not work!");
       if (!i && verbose > 1)
         show_sexp ("1024 bit DSA key:\n", key);
       gcry_sexp_release (key);
@@ -318,8 +347,10 @@ check_dsa_keys (void)
     die ("error creating S-expression: %s\n", gpg_strerror (rc));
   rc = gcry_pk_genkey (&key, keyparm);
   gcry_sexp_release (keyparm);
-  if (rc)
+  if (rc && !in_fips_mode)
     die ("error generating DSA key: %s\n", gpg_strerror (rc));
+  else if (!rc && in_fips_mode)
+    die ("generating 1536 bit DSA key must not work!");
   if (verbose > 1)
     show_sexp ("1536 bit DSA key:\n", key);
   gcry_sexp_release (key);
@@ -597,6 +628,9 @@ main (int argc, char **argv)
   if (with_progress)
     gcry_set_progress_handler (progress_cb, NULL);
 
+  if ( gcry_fips_mode_active () )
+    in_fips_mode = 1;
+
   if (!argc)
     {
       check_rsa_keys ();
diff --git a/tests/pubkey.c b/tests/pubkey.c
index 62dc0d6b..5ed6ca1e 100644
--- a/tests/pubkey.c
+++ b/tests/pubkey.c
@@ -165,6 +165,33 @@ show_sexp (const char *prefix, gcry_sexp_t a)
   gcry_free (buf);
 }
 
+/* from ../cipher/pubkey-util.c */
+gpg_err_code_t
+_gcry_pk_util_get_nbits (gcry_sexp_t list, unsigned int *r_nbits)
+{
+  char buf[50];
+  const char *s;
+  size_t n;
+
+  *r_nbits = 0;
+
+  list = gcry_sexp_find_token (list, "nbits", 0);
+  if (!list)
+    return 0; /* No NBITS found.  */
+
+  s = gcry_sexp_nth_data (list, 1, &n);
+  if (!s || n >= DIM (buf) - 1 )
+    {
+      /* NBITS given without a cdr.  */
+      gcry_sexp_release (list);
+      return GPG_ERR_INV_OBJ;
+    }
+  memcpy (buf, s, n);
+  buf[n] = 0;
+  *r_nbits = (unsigned int)strtoul (buf, NULL, 0);
+  gcry_sexp_release (list);
+  return 0;
+}
 
 /* Convert STRING consisting of hex characters into its binary
    representation and return it as an allocated buffer. The valid
@@ -906,8 +933,8 @@ check_x931_derived_key (int what)
     }
   };
   gpg_error_t err;
-  gcry_sexp_t key_spec, key, pub_key, sec_key;
-  gcry_mpi_t d_expected, d_have;
+  gcry_sexp_t key_spec = NULL, key = NULL, pub_key = NULL, sec_key = NULL;
+  gcry_mpi_t d_expected = NULL, d_have = NULL;
 
   if (what < 0 && what >= sizeof testtable)
     die ("invalid WHAT value\n");
@@ -916,10 +943,25 @@ check_x931_derived_key (int what)
   if (err)
     die ("error creating S-expression [%d]: %s\n", what, gpg_strerror (err));
 
+  {
+    unsigned nbits;
+    err = _gcry_pk_util_get_nbits(key_spec, &nbits);
+    if (err)
+      die ("nbits not found\n");
+    if (gcry_fips_mode_active() && nbits < 2048)
+      {
+        info("RSA key test with %d bits skipped in fips mode\n", nbits);
+        goto leave;
+      }
+  }
+
   err = gcry_pk_genkey (&key, key_spec);
   gcry_sexp_release (key_spec);
   if (err)
-    die ("error generating RSA key [%d]: %s\n", what, gpg_strerror (err));
+    {
+      fail ("error generating RSA key [%d]: %s\n", what, gpg_strerror (err));
+      goto leave;
+    }
 
   pub_key = gcry_sexp_find_token (key, "public-key", 0);
   if (!pub_key)
@@ -945,6 +987,7 @@ check_x931_derived_key (int what)
       show_sexp (NULL, sec_key);
       die ("parameter d does match expected value [%d]\n", what);
     }
+leave:
   gcry_mpi_release (d_expected);
   gcry_mpi_release (d_have);