diff options
author | Werner Koch <wk@gnupg.org> | 2016-03-18 15:11:31 +0100 |
---|---|---|
committer | Werner Koch <wk@gnupg.org> | 2016-03-18 15:26:25 +0100 |
commit | e40939b2141306238cc30a340b867b60fa4dc2a3 (patch) | |
tree | dd967b203a66917decc4166e2be71d287692cd77 /cipher/dsa.c | |
parent | 80e9f95e6f419daa765e4876c858e3e36e808897 (diff) | |
download | libgcrypt-e40939b2141306238cc30a340b867b60fa4dc2a3.tar.gz |
dsa: Make regression tests work.
* cipher/dsa.c (sample_secret_key_1024): Comment out unused constant.
(ogenerate_fips186): Make it work with use-fips183-2 flag.
* cipher/primegen.c (_gcry_generate_fips186_3_prime): Use Emacs
standard comment out format.
* tests/fips186-dsa.c (check_dsa_gen_186_3): New dummy fucntion.
(main): Call it.
(main): Compare against current version.
* tests/pubkey.c (get_dsa_key_fips186_new): Create 2048 bit key.
(get_dsa_key_fips186_with_seed_new): Ditto.
(get_dsa_key_fips186_with_domain_new): Comment out.
(check_run): Do not call that function.
--
Signed-off-by: Werner Koch <wk@gnupg.org>
Diffstat (limited to 'cipher/dsa.c')
-rw-r--r-- | cipher/dsa.c | 30 |
1 files changed, 18 insertions, 12 deletions
diff --git a/cipher/dsa.c b/cipher/dsa.c index 37c1b180..909a8ca2 100644 --- a/cipher/dsa.c +++ b/cipher/dsa.c @@ -66,7 +66,9 @@ static const char *dsa_names[] = }; -/* A sample 1024 bit DSA key used for the selftests. */ +/* A sample 1024 bit DSA key used for the selftests. Not anymore + * used, kept only for reference. */ +#if 0 static const char sample_secret_key_1024[] = "(private-key" " (dsa" @@ -101,6 +103,7 @@ static const char sample_public_key_1024[] = " A1816A724C34F87330FC9E187C5D66897A04535CC2AC9164A7150ABFA8179827" " 6E45831AB811EEE848EBB24D9F5F2883B6E5DDC4C659DEF944DCFD80BF4D0A20" " 42CAA7DC289F0C5A9D155F02D3D551DB741A81695B74D4C8F477F9C7838EB0FB#)))"; +#endif /*0*/ /* 2048 DSA key from RFC 6979 A.2.2 */ static const char sample_public_key_2048[] = @@ -412,7 +415,9 @@ generate_fips186 (DSA_secret_key *sk, unsigned int nbits, unsigned int qbits, /* Check that QBITS and NBITS match the standard. Note that FIPS 186-3 uses N for QBITS and L for NBITS. */ - if (nbits == 2048 && qbits == 224) + if (nbits == 1024 && qbits == 160 && use_fips186_2) + ; /* Allowed in FIPS 186-2 mode. */ + else if (nbits == 2048 && qbits == 224) ; else if (nbits == 2048 && qbits == 256) ; @@ -442,27 +447,28 @@ generate_fips186 (DSA_secret_key *sk, unsigned int nbits, unsigned int qbits, initial_seed.sexp = sexp_find_token (deriveparms, "seed", 0); if (initial_seed.sexp) initial_seed.seed = sexp_nth_data (initial_seed.sexp, 1, - &initial_seed.seedlen); + &initial_seed.seedlen); } if (use_fips186_2) ec = _gcry_generate_fips186_2_prime (nbits, qbits, - initial_seed.seed, - initial_seed.seedlen, - &prime_q, &prime_p, - r_counter, - r_seed, r_seedlen); + initial_seed.seed, + initial_seed.seedlen, + &prime_q, &prime_p, + r_counter, + r_seed, r_seedlen); else ec = _gcry_generate_fips186_3_prime (nbits, qbits, NULL, 0, - &prime_q, &prime_p, - r_counter, - r_seed, r_seedlen, NULL); + &prime_q, &prime_p, + r_counter, + r_seed, r_seedlen, NULL); sexp_release (initial_seed.sexp); if (ec) goto leave; /* Find a generator g (h and e are helpers). - e = (p-1)/q */ + * e = (p-1)/q + */ value_e = mpi_alloc_like (prime_p); mpi_sub_ui (value_e, prime_p, 1); mpi_fdiv_q (value_e, value_e, prime_q ); |