tests: Fix testsuite after the FIPS adjustments.

* tests/benchmark.c (ecc_bench): Avoid not approved curves in FIPS.
* tests/curves.c (check_get_params): Skip Brainpool curves in FIPS.
* tests/keygen.c (check_dsa_keys): Generate 2048 and 3072 bits keys.
(check_ecc_keys): Skip Ed25519 in FIPS mode.
* tests/random.c (main): Don't switch DRBG in FIPS mode.
* tests/t-ed25519.c (main): Ed25519 isn't supported in FIPS mode.
* tests/t-kdf.c (check_openpgp): Skip vectors using md5 in FIPS.
* tests/t-mpi-point.c (context_param): Skip P-192 and Ed25519 in FIPS.
(main): Skip math tests that use P-192 and Ed25519 in FIPS.
--

Fix the testsuite to make it pass after the FIPS adjustmens.
This consists mostly of disabling the tests that use not approved
curves and algorithms as well as increasing the keysizes.

Signed-off-by: Vitezslav Cizek <vcizek@suse.com>

Additional changes by wk:
  - Removed changes already done with commit e40939b.  The original
    patch had these chnages:
      * tests/fips186-dsa.c (main): Merely suggest a future improvement.
      * tests/pubkey.c (get_dsa_key_*new): Increase keysizes.
      (check_run): Skip tests with small domain in FIPS.
      (main): Skip Ed25519 sample key test in FIPS.
    Noet that get_dsa_key_fips186_with_seed_new was not changed from
    1024 to 3072 but to 2048 bit.
  - Return with 77 (skip) from t-ed25519.c in FIPS mode.
  - Some code style changes.

Signed-off-by: Werner Koch <wk@gnupg.org>

8 files changed, 151 insertions, 11 deletions

diff --git a/tests/benchmark.c b/tests/benchmark.c
index c748dacf..1258b81c 100644
--- a/tests/benchmark.c
+++ b/tests/benchmark.c
@@ -1434,6 +1434,12 @@ ecc_bench (int iterations, int print_header)
 
       is_ed25519 = !strcmp (p_sizes[testno], "Ed25519");
       is_gost = !strncmp (p_sizes[testno], "gost", 4);
+
+      /* Only P-{224,256,384,521} are allowed in fips mode */
+      if (gcry_fips_mode_active()
+          && (is_ed25519 || is_gost || !strcmp (p_sizes[testno], "192")))
+         continue;
+
       if (is_ed25519)
         {
           p_size = 256;
diff --git a/tests/curves.c b/tests/curves.c
index bec48e99..2732bbdc 100644
--- a/tests/curves.c
+++ b/tests/curves.c
@@ -171,6 +171,9 @@ check_get_params (void)
 
   gcry_sexp_release (param);
 
+  /* Brainpool curves are not supported in fips mode */
+  if (gcry_fips_mode_active())
+    return;
 
   param = gcry_pk_get_param (GCRY_PK_ECDSA, sample_key_2_curve);
   if (!param)
diff --git a/tests/keygen.c b/tests/keygen.c
index 7afa76c1..dcb59e48 100644
--- a/tests/keygen.c
+++ b/tests/keygen.c
@@ -329,7 +329,7 @@ check_dsa_keys (void)
       if (rc && !in_fips_mode)
         die ("error generating DSA key: %s\n", gpg_strerror (rc));
       else if (!rc && in_fips_mode)
-        die ("generating 512 bit DSA key must not work!");
+        die ("generating 1024 bit DSA key must not work!");
       if (!i && verbose > 1)
         show_sexp ("1024 bit DSA key:\n", key);
       gcry_sexp_release (key);
@@ -354,6 +354,60 @@ check_dsa_keys (void)
   if (verbose > 1)
     show_sexp ("1536 bit DSA key:\n", key);
   gcry_sexp_release (key);
+
+  if (verbose)
+    show ("creating 3072 bit DSA key\n");
+  rc = gcry_sexp_new (&keyparm,
+                      "(genkey\n"
+                      " (dsa\n"
+                      "  (nbits 4:3072)\n"
+                      "  (qbits 3:256)\n"
+                      " ))", 0, 1);
+  if (rc)
+    die ("error creating S-expression: %s\n", gpg_strerror (rc));
+  rc = gcry_pk_genkey (&key, keyparm);
+  gcry_sexp_release (keyparm);
+  if (rc)
+    die ("error generating DSA key: %s\n", gpg_strerror (rc));
+  if (verbose > 1)
+    show_sexp ("3072 bit DSA key:\n", key);
+  gcry_sexp_release (key);
+
+  if (verbose)
+    show ("creating 2048/256 bit DSA key\n");
+  rc = gcry_sexp_new (&keyparm,
+                      "(genkey\n"
+                      " (dsa\n"
+                      "  (nbits 4:2048)\n"
+                      "  (qbits 3:256)\n"
+                      " ))", 0, 1);
+  if (rc)
+    die ("error creating S-expression: %s\n", gpg_strerror (rc));
+  rc = gcry_pk_genkey (&key, keyparm);
+  gcry_sexp_release (keyparm);
+  if (rc)
+    die ("error generating DSA key: %s\n", gpg_strerror (rc));
+  if (verbose > 1)
+    show_sexp ("2048 bit DSA key:\n", key);
+  gcry_sexp_release (key);
+
+  if (verbose)
+    show ("creating 2048/224 bit DSA key\n");
+  rc = gcry_sexp_new (&keyparm,
+                      "(genkey\n"
+                      " (dsa\n"
+                      "  (nbits 4:2048)\n"
+                      "  (qbits 3:224)\n"
+                      " ))", 0, 1);
+  if (rc)
+    die ("error creating S-expression: %s\n", gpg_strerror (rc));
+  rc = gcry_pk_genkey (&key, keyparm);
+  gcry_sexp_release (keyparm);
+  if (rc)
+    die ("error generating DSA key: %s\n", gpg_strerror (rc));
+  if (verbose > 1)
+    show_sexp ("2048 bit DSA key:\n", key);
+  gcry_sexp_release (key);
 }
 
 
@@ -406,9 +460,14 @@ check_ecc_keys (void)
       if (verbose)
         show ("creating ECC key using curve %s\n", curves[testno]);
       if (!strcmp (curves[testno], "Ed25519"))
-        rc = gcry_sexp_build (&keyparm, NULL,
-                              "(genkey(ecc(curve %s)(flags param eddsa)))",
-                              curves[testno]);
+        {
+          /* Ed25519 isn't allowed in fips mode */
+          if (in_fips_mode)
+            continue;
+          rc = gcry_sexp_build (&keyparm, NULL,
+                                "(genkey(ecc(curve %s)(flags param eddsa)))",
+                                curves[testno]);
+        }
       else
         rc = gcry_sexp_build (&keyparm, NULL,
                               "(genkey(ecc(curve %s)(flags param)))",
@@ -459,6 +518,40 @@ check_ecc_keys (void)
          " (nocomp): %s\n",
          gpg_strerror (rc));
 
+  if (verbose)
+    show ("creating ECC key using curve NIST P-384 for ECDSA\n");
+
+  /* Must be specified as nistp384 (one word), because ecc_generate
+   * uses _gcry_sexp_nth_string which takes the first word of the name
+   * and thus libgcrypt can't find it later in its curves table.  */
+  rc = gcry_sexp_build (&keyparm, NULL, "(genkey(ecc(curve nistp384)))");
+  if (rc)
+    die ("error creating S-expression: %s\n", gpg_strerror (rc));
+  rc = gcry_pk_genkey (&key, keyparm);
+  gcry_sexp_release (keyparm);
+  if (rc)
+    die ("error generating ECC key using curve NIST P-384 for ECDSA: %s\n",
+         gpg_strerror (rc));
+
+  if (verbose > 1)
+    show_sexp ("ECC key:\n", key);
+
+  check_generated_ecc_key (key);
+  gcry_sexp_release (key);
+
+  if (verbose)
+    show ("creating ECC key using curve NIST P-384 for ECDSA (nocomp)\n");
+  rc = gcry_sexp_build (&keyparm, NULL,
+                        "(genkey(ecc(curve nistp384)(flags nocomp)))");
+  if (rc)
+    die ("error creating S-expression: %s\n", gpg_strerror (rc));
+  rc = gcry_pk_genkey (&key, keyparm);
+  gcry_sexp_release (keyparm);
+  if (rc)
+    die ("error generating ECC key using curve NIST P-384 for ECDSA"
+         " (nocomp): %s\n",
+         gpg_strerror (rc));
+
   if (verbose > 1)
     show_sexp ("ECC key:\n", key);
 
diff --git a/tests/pubkey.c b/tests/pubkey.c
index 5ed6ca1e..b691913b 100644
--- a/tests/pubkey.c
+++ b/tests/pubkey.c
@@ -483,8 +483,8 @@ get_dsa_key_new (gcry_sexp_t *pkey, gcry_sexp_t *skey, int transient_key)
 
   rc = gcry_sexp_new (&key_spec,
                       transient_key
-                      ? "(genkey (dsa (nbits 4:1024)(transient-key)))"
-                      : "(genkey (dsa (nbits 4:1024)))",
+                      ? "(genkey (dsa (nbits 4:2048)(transient-key)))"
+                      : "(genkey (dsa (nbits 4:2048)))",
                       0, 1);
   if (rc)
     die ("error creating S-expression: %s\n", gcry_strerror (rc));
@@ -1243,7 +1243,8 @@ main (int argc, char **argv)
     check_x931_derived_key (i);
 
   check_ecc_sample_key ();
-  check_ed25519ecdsa_sample_key ();
+  if (!gcry_fips_mode_active ())
+    check_ed25519ecdsa_sample_key ();
 
   return !!error_count;
 }
diff --git a/tests/random.c b/tests/random.c
index 2a4b698b..3c087265 100644
--- a/tests/random.c
+++ b/tests/random.c
@@ -647,7 +647,11 @@ main (int argc, char **argv)
 #endif
 
   if (early_rng)
-    check_early_rng_type_switching ();
+    {
+      /* Don't switch RNG in fips mode. */
+      if (!gcry_fips_mode_active())
+        check_early_rng_type_switching ();
+    }
 
   gcry_control (GCRYCTL_DISABLE_SECMEM, 0);
   if (!gcry_check_version (GCRYPT_VERSION))
@@ -670,7 +674,10 @@ main (int argc, char **argv)
      to its high requirement for entropy.  */
   if (!getenv ("GCRYPT_IN_REGRESSION_TEST"))
     check_drbg_reinit ();
-  check_rng_type_switching ();
+
+  /* Don't switch RNG in fips mode.  */
+  if (!gcry_fips_mode_active())
+    check_rng_type_switching ();
 
   if (!in_recursion)
     run_all_rng_tests (program);
diff --git a/tests/t-ed25519.c b/tests/t-ed25519.c
index 38e154de..d63c145d 100644
--- a/tests/t-ed25519.c
+++ b/tests/t-ed25519.c
@@ -548,6 +548,10 @@ main (int argc, char **argv)
   gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0);
   gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
 
+  /* Ed25519 isn't supported in fips mode */
+  if (gcry_fips_mode_active())
+    return 77;
+
   start_timer ();
   check_ed25519 (fname);
   stop_timer ();
diff --git a/tests/t-kdf.c b/tests/t-kdf.c
index 18c83575..bf31c830 100644
--- a/tests/t-kdf.c
+++ b/tests/t-kdf.c
@@ -888,6 +888,10 @@ check_openpgp (void)
     {
       if (tv[tvidx].disabled)
         continue;
+      /* MD5 isn't supported in fips mode */
+      if (gcry_fips_mode_active()
+          && tv[tvidx].hashalgo == GCRY_MD_MD5)
+        continue;
       if (verbose)
         fprintf (stderr, "checking S2K test vector %d\n", tvidx);
       assert (tv[tvidx].dklen <= sizeof outbuf);
diff --git a/tests/t-mpi-point.c b/tests/t-mpi-point.c
index d72cd27f..55c6b666 100644
--- a/tests/t-mpi-point.c
+++ b/tests/t-mpi-point.c
@@ -540,6 +540,17 @@ context_param (void)
   show ("checking standard curves\n");
   for (idx=0; test_curve[idx].desc; idx++)
     {
+      /* P-192 and Ed25519 are not supported in fips mode */
+      if (gcry_fips_mode_active())
+        {
+          if (!strcmp(test_curve[idx].desc, "NIST P-192")
+              || !strcmp(test_curve[idx].desc, "Ed25519"))
+            {
+	      show("skipping %s in fips mode\n", test_curve[idx].desc );
+              continue;
+            }
+        }
+
       gcry_ctx_release (ctx);
       err = gcry_mpi_ec_new (&ctx, NULL, test_curve[idx].desc);
       if (err)
@@ -635,6 +646,10 @@ context_param (void)
       gcry_sexp_release (sexp);
     }
 
+  /* Skipping Ed25519 if in FIPS mode (it isn't supported) */
+  if (gcry_fips_mode_active())
+    goto cleanup;
+
   show ("checking sample public key (Ed25519)\n");
   q = hex2mpi (sample_ed25519_q);
   gcry_sexp_release (keyparam);
@@ -722,6 +737,7 @@ context_param (void)
 
     }
 
+ cleanup:
   gcry_ctx_release (ctx);
   gcry_sexp_release (keyparam);
 }
@@ -1101,8 +1117,14 @@ main (int argc, char **argv)
   context_alloc ();
   context_param ();
   basic_ec_math ();
-  basic_ec_math_simplified ();
-  twistededwards_math ();
+
+  /* The tests are for P-192 and ed25519 which are not supported in
+     FIPS mode.  */
+  if (!gcry_fips_mode_active())
+    {
+      basic_ec_math_simplified ();
+      twistededwards_math ();
+    }
 
   show ("All tests completed. Errors: %d\n", error_count);
   return error_count ? 1 : 0;