summaryrefslogtreecommitdiff
path: root/tests/pubkey.c
diff options
context:
space:
mode:
Diffstat (limited to 'tests/pubkey.c')
-rw-r--r--tests/pubkey.c49
1 files changed, 46 insertions, 3 deletions
diff --git a/tests/pubkey.c b/tests/pubkey.c
index 62dc0d6b..5ed6ca1e 100644
--- a/tests/pubkey.c
+++ b/tests/pubkey.c
@@ -165,6 +165,33 @@ show_sexp (const char *prefix, gcry_sexp_t a)
gcry_free (buf);
}
+/* from ../cipher/pubkey-util.c */
+gpg_err_code_t
+_gcry_pk_util_get_nbits (gcry_sexp_t list, unsigned int *r_nbits)
+{
+ char buf[50];
+ const char *s;
+ size_t n;
+
+ *r_nbits = 0;
+
+ list = gcry_sexp_find_token (list, "nbits", 0);
+ if (!list)
+ return 0; /* No NBITS found. */
+
+ s = gcry_sexp_nth_data (list, 1, &n);
+ if (!s || n >= DIM (buf) - 1 )
+ {
+ /* NBITS given without a cdr. */
+ gcry_sexp_release (list);
+ return GPG_ERR_INV_OBJ;
+ }
+ memcpy (buf, s, n);
+ buf[n] = 0;
+ *r_nbits = (unsigned int)strtoul (buf, NULL, 0);
+ gcry_sexp_release (list);
+ return 0;
+}
/* Convert STRING consisting of hex characters into its binary
representation and return it as an allocated buffer. The valid
@@ -906,8 +933,8 @@ check_x931_derived_key (int what)
}
};
gpg_error_t err;
- gcry_sexp_t key_spec, key, pub_key, sec_key;
- gcry_mpi_t d_expected, d_have;
+ gcry_sexp_t key_spec = NULL, key = NULL, pub_key = NULL, sec_key = NULL;
+ gcry_mpi_t d_expected = NULL, d_have = NULL;
if (what < 0 && what >= sizeof testtable)
die ("invalid WHAT value\n");
@@ -916,10 +943,25 @@ check_x931_derived_key (int what)
if (err)
die ("error creating S-expression [%d]: %s\n", what, gpg_strerror (err));
+ {
+ unsigned nbits;
+ err = _gcry_pk_util_get_nbits(key_spec, &nbits);
+ if (err)
+ die ("nbits not found\n");
+ if (gcry_fips_mode_active() && nbits < 2048)
+ {
+ info("RSA key test with %d bits skipped in fips mode\n", nbits);
+ goto leave;
+ }
+ }
+
err = gcry_pk_genkey (&key, key_spec);
gcry_sexp_release (key_spec);
if (err)
- die ("error generating RSA key [%d]: %s\n", what, gpg_strerror (err));
+ {
+ fail ("error generating RSA key [%d]: %s\n", what, gpg_strerror (err));
+ goto leave;
+ }
pub_key = gcry_sexp_find_token (key, "public-key", 0);
if (!pub_key)
@@ -945,6 +987,7 @@ check_x931_derived_key (int what)
show_sexp (NULL, sec_key);
die ("parameter d does match expected value [%d]\n", what);
}
+leave:
gcry_mpi_release (d_expected);
gcry_mpi_release (d_have);
generated by cgit v1.2.1 (git 2.18.0) at 2024-05-03 09:56:49 +0000