8 files changed, 151 insertions, 11 deletions

diff --git a/tests/benchmark.c b/tests/benchmark.c
index c748dacf..1258b81c 100644
--- a/tests/benchmark.c
+++ b/tests/benchmark.c
@@ -1434,6 +1434,12 @@ ecc_bench (int iterations, int print_header)
 
       is_ed25519 = !strcmp (p_sizes[testno], "Ed25519");
       is_gost = !strncmp (p_sizes[testno], "gost", 4);
+
+      /* Only P-{224,256,384,521} are allowed in fips mode */
+      if (gcry_fips_mode_active()
+          && (is_ed25519 || is_gost || !strcmp (p_sizes[testno], "192")))
+         continue;
+
       if (is_ed25519)
         {
           p_size = 256;
diff --git a/tests/curves.c b/tests/curves.c
index bec48e99..2732bbdc 100644
--- a/tests/curves.c
+++ b/tests/curves.c
@@ -171,6 +171,9 @@ check_get_params (void)
 
   gcry_sexp_release (param);
 
+  /* Brainpool curves are not supported in fips mode */
+  if (gcry_fips_mode_active())
+    return;
 
   param = gcry_pk_get_param (GCRY_PK_ECDSA, sample_key_2_curve);
   if (!param)
diff --git a/tests/keygen.c b/tests/keygen.c
index 7afa76c1..dcb59e48 100644
--- a/tests/keygen.c
+++ b/tests/keygen.c
@@ -329,7 +329,7 @@ check_dsa_keys (void)
       if (rc && !in_fips_mode)
         die ("error generating DSA key: %s\n", gpg_strerror (rc));
       else if (!rc && in_fips_mode)
-        die ("generating 512 bit DSA key must not work!");
+        die ("generating 1024 bit DSA key must not work!");
       if (!i && verbose > 1)
         show_sexp ("1024 bit DSA key:\n", key);
       gcry_sexp_release (key);
@@ -354,6 +354,60 @@ check_dsa_keys (void)
   if (verbose > 1)
     show_sexp ("1536 bit DSA key:\n", key);
   gcry_sexp_release (key);
+
+  if (verbose)
+    show ("creating 3072 bit DSA key\n");
+  rc = gcry_sexp_new (&keyparm,
+                      "(genkey\n"
+                      " (dsa\n"
+                      "  (nbits 4:3072)\n"
+                      "  (qbits 3:256)\n"
+                      " ))", 0, 1);
+  if (rc)
+    die ("error creating S-expression: %s\n", gpg_strerror (rc));
+  rc = gcry_pk_genkey (&key, keyparm);
+  gcry_sexp_release (keyparm);
+  if (rc)
+    die ("error generating DSA key: %s\n", gpg_strerror (rc));
+  if (verbose > 1)
+    show_sexp ("3072 bit DSA key:\n", key);
+  gcry_sexp_release (key);
+
+  if (verbose)
+    show ("creating 2048/256 bit DSA key\n");
+  rc = gcry_sexp_new (&keyparm,
+                      "(genkey\n"
+                      " (dsa\n"
+                      "  (nbits 4:2048)\n"
+                      "  (qbits 3:256)\n"
+                      " ))", 0, 1);
+  if (rc)
+    die ("error creating S-expression: %s\n", gpg_strerror (rc));
+  rc = gcry_pk_genkey (&key, keyparm);
+  gcry_sexp_release (keyparm);
+  if (rc)
+    die ("error generating DSA key: %s\n", gpg_strerror (rc));
+  if (verbose > 1)
+    show_sexp ("2048 bit DSA key:\n", key);
+  gcry_sexp_release (key);
+
+  if (verbose)
+    show ("creating 2048/224 bit DSA key\n");
+  rc = gcry_sexp_new (&keyparm,
+                      "(genkey\n"
+                      " (dsa\n"
+                      "  (nbits 4:2048)\n"
+                      "  (qbits 3:224)\n"
+                      " ))", 0, 1);
+  if (rc)
+    die ("error creating S-expression: %s\n", gpg_strerror (rc));
+  rc = gcry_pk_genkey (&key, keyparm);
+  gcry_sexp_release (keyparm);
+  if (rc)
+    die ("error generating DSA key: %s\n", gpg_strerror (rc));
+  if (verbose > 1)
+    show_sexp ("2048 bit DSA key:\n", key);
+  gcry_sexp_release (key);
 }
 
 
@@ -406,9 +460,14 @@ check_ecc_keys (void)
       if (verbose)
         show ("creating ECC key using curve %s\n", curves[testno]);
       if (!strcmp (curves[testno], "Ed25519"))
-        rc = gcry_sexp_build (&keyparm, NULL,
-                              "(genkey(ecc(curve %s)(flags param eddsa)))",
-                              curves[testno]);
+        {
+          /* Ed25519 isn't allowed in fips mode */
+          if (in_fips_mode)
+            continue;
+          rc = gcry_sexp_build (&keyparm, NULL,
+                                "(genkey(ecc(curve %s)(flags param eddsa)))",
+                                curves[testno]);
+        }
       else
         rc = gcry_sexp_build (&keyparm, NULL,
                               "(genkey(ecc(curve %s)(flags param)))",
@@ -459,6 +518,40 @@ check_ecc_keys (void)
          " (nocomp): %s\n",
          gpg_strerror (rc));
 
+  if (verbose)
+    show ("creating ECC key using curve NIST P-384 for ECDSA\n");
+
+  /* Must be specified as nistp384 (one word), because ecc_generate
+   * uses _gcry_sexp_nth_string which takes the first word of the name
+   * and thus libgcrypt can't find it later in its curves table.  */
+  rc = gcry_sexp_build (&keyparm, NULL, "(genkey(ecc(curve nistp384)))");
+  if (rc)
+    die ("error creating S-expression: %s\n", gpg_strerror (rc));
+  rc = gcry_pk_genkey (&key, keyparm);
+  gcry_sexp_release (keyparm);
+  if (rc)
+    die ("error generating ECC key using curve NIST P-384 for ECDSA: %s\n",
+         gpg_strerror (rc));
+
+  if (verbose > 1)
+    show_sexp ("ECC key:\n", key);
+
+  check_generated_ecc_key (key);
+  gcry_sexp_release (key);
+
+  if (verbose)
+    show ("creating ECC key using curve NIST P-384 for ECDSA (nocomp)\n");
+  rc = gcry_sexp_build (&keyparm, NULL,
+                        "(genkey(ecc(curve nistp384)(flags nocomp)))");
+  if (rc)
+    die ("error creating S-expression: %s\n", gpg_strerror (rc));
+  rc = gcry_pk_genkey (&key, keyparm);
+  gcry_sexp_release (keyparm);
+  if (rc)
+    die ("error generating ECC key using curve NIST P-384 for ECDSA"
+         " (nocomp): %s\n",
+         gpg_strerror (rc));
+
   if (verbose > 1)
     show_sexp ("ECC key:\n", key);
 
diff --git a/tests/pubkey.c b/tests/pubkey.c
index 5ed6ca1e..b691913b 100644
--- a/tests/pubkey.c
+++ b/tests/pubkey.c
@@ -483,8 +483,8 @@ get_dsa_key_new (gcry_sexp_t *pkey, gcry_sexp_t *skey, int transient_key)
 
   rc = gcry_sexp_new (&key_spec,
                       transient_key
-                      ? "(genkey (dsa (nbits 4:1024)(transient-key)))"
-                      : "(genkey (dsa (nbits 4:1024)))",
+                      ? "(genkey (dsa (nbits 4:2048)(transient-key)))"
+                      : "(genkey (dsa (nbits 4:2048)))",
                       0, 1);
   if (rc)
     die ("error creating S-expression: %s\n", gcry_strerror (rc));
@@ -1243,7 +1243,8 @@ main (int argc, char **argv)
     check_x931_derived_key (i);
 
   check_ecc_sample_key ();
-  check_ed25519ecdsa_sample_key ();
+  if (!gcry_fips_mode_active ())
+    check_ed25519ecdsa_sample_key ();
 
   return !!error_count;
 }
diff --git a/tests/random.c b/tests/random.c
index 2a4b698b..3c087265 100644
--- a/tests/random.c
+++ b/tests/random.c
@@ -647,7 +647,11 @@ main (int argc, char **argv)
 #endif
 
   if (early_rng)
-    check_early_rng_type_switching ();
+    {
+      /* Don't switch RNG in fips mode. */
+      if (!gcry_fips_mode_active())
+        check_early_rng_type_switching ();
+    }
 
   gcry_control (GCRYCTL_DISABLE_SECMEM, 0);
   if (!gcry_check_version (GCRYPT_VERSION))
@@ -670,7 +674,10 @@ main (int argc, char **argv)
      to its high requirement for entropy.  */
   if (!getenv ("GCRYPT_IN_REGRESSION_TEST"))
     check_drbg_reinit ();
-  check_rng_type_switching ();
+
+  /* Don't switch RNG in fips mode.  */
+  if (!gcry_fips_mode_active())
+    check_rng_type_switching ();
 
   if (!in_recursion)
     run_all_rng_tests (program);
diff --git a/tests/t-ed25519.c b/tests/t-ed25519.c
index 38e154de..d63c145d 100644
--- a/tests/t-ed25519.c
+++ b/tests/t-ed25519.c
@@ -548,6 +548,10 @@ main (int argc, char **argv)
   gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0);
   gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
 
+  /* Ed25519 isn't supported in fips mode */
+  if (gcry_fips_mode_active())
+    return 77;
+
   start_timer ();
   check_ed25519 (fname);
   stop_timer ();
diff --git a/tests/t-kdf.c b/tests/t-kdf.c
index 18c83575..bf31c830 100644
--- a/tests/t-kdf.c
+++ b/tests/t-kdf.c
@@ -888,6 +888,10 @@ check_openpgp (void)
     {
       if (tv[tvidx].disabled)
         continue;
+      /* MD5 isn't supported in fips mode */
+      if (gcry_fips_mode_active()
+          && tv[tvidx].hashalgo == GCRY_MD_MD5)
+        continue;
       if (verbose)
         fprintf (stderr, "checking S2K test vector %d\n", tvidx);
       assert (tv[tvidx].dklen <= sizeof outbuf);
diff --git a/tests/t-mpi-point.c b/tests/t-mpi-point.c
index d72cd27f..55c6b666 100644
--- a/tests/t-mpi-point.c
+++ b/tests/t-mpi-point.c
@@ -540,6 +540,17 @@ context_param (void)
   show ("checking standard curves\n");
   for (idx=0; test_curve[idx].desc; idx++)
     {
+      /* P-192 and Ed25519 are not supported in fips mode */
+      if (gcry_fips_mode_active())
+        {
+          if (!strcmp(test_curve[idx].desc, "NIST P-192")
+              || !strcmp(test_curve[idx].desc, "Ed25519"))
+            {
+	      show("skipping %s in fips mode\n", test_curve[idx].desc );
+              continue;
+            }
+        }
+
       gcry_ctx_release (ctx);
       err = gcry_mpi_ec_new (&ctx, NULL, test_curve[idx].desc);
       if (err)
@@ -635,6 +646,10 @@ context_param (void)
       gcry_sexp_release (sexp);
     }
 
+  /* Skipping Ed25519 if in FIPS mode (it isn't supported) */
+  if (gcry_fips_mode_active())
+    goto cleanup;
+
   show ("checking sample public key (Ed25519)\n");
   q = hex2mpi (sample_ed25519_q);
   gcry_sexp_release (keyparam);
@@ -722,6 +737,7 @@ context_param (void)
 
     }
 
+ cleanup:
   gcry_ctx_release (ctx);
   gcry_sexp_release (keyparam);
 }
@@ -1101,8 +1117,14 @@ main (int argc, char **argv)
   context_alloc ();
   context_param ();
   basic_ec_math ();
-  basic_ec_math_simplified ();
-  twistededwards_math ();
+
+  /* The tests are for P-192 and ed25519 which are not supported in
+     FIPS mode.  */
+  if (!gcry_fips_mode_active())
+    {
+      basic_ec_math_simplified ();
+      twistededwards_math ();
+    }
 
   show ("All tests completed. Errors: %d\n", error_count);
   return error_count ? 1 : 0;