1657
1687
for (i = 0; algos[i].md; i++)
1689
if ((gcry_md_test_algo (algos[i].md) || algos[i].md == GCRY_MD_MD5)
1693
fprintf (stderr, " algorithm %d not available in fips mode\n",
1660
fprintf (stderr, " checking %s [%i] for length %zi\n",
1699
" checking %s [%i] for %zi byte key and %zi byte data\n",
1661
1700
gcry_md_algo_name (algos[i].md),
1663
strlen(algos[i].data));
1702
strlen(algos[i].key), strlen(algos[i].data));
1665
1704
check_one_hmac (algos[i].md, algos[i].data, strlen (algos[i].data),
1666
1705
algos[i].key, strlen(algos[i].key),
1986
2045
main (int argc, char **argv)
1990
if (argc > 1 && !strcmp (argv[1], "--verbose"))
1992
else if (argc > 1 && !strcmp (argv[1], "--debug"))
1993
verbose = debug = 1;
2051
int selftest_only = 0;
2056
while (argc && last_argc != argc )
2059
if (!strcmp (*argv, "--"))
2064
else if (!strcmp (*argv, "--verbose"))
2069
else if (!strcmp (*argv, "--debug"))
2071
verbose = debug = 1;
2074
else if (!strcmp (*argv, "--fips"))
2079
else if (!strcmp (*argv, "--selftest"))
2087
gcry_control (GCRYCTL_SET_VERBOSITY, (int)verbose);
2090
gcry_control (GCRYCTL_FORCE_FIPS_MODE, 0);
1995
2092
if (!gcry_check_version (GCRYPT_VERSION))
1996
2093
die ("version mismatch\n");
2095
if ( gcry_fips_mode_active () )
2099
gcry_control (GCRYCTL_DISABLE_SECMEM, 0);
1999
2102
gcry_set_progress_handler (progress_handler, NULL);
2001
gcry_control (GCRYCTL_DISABLE_SECMEM, 0);
2002
2104
gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
2004
2106
gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1u, 0);
2005
2107
/* No valuable keys are create, so we can speed up our RNG. */
2006
2108
gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0);
2009
check_aes128_cbc_cts_cipher ();
2010
check_cbc_mac_cipher ();
2011
check_ctr_cipher ();
2012
check_cfb_cipher ();
2013
check_ofb_cipher ();
2113
check_aes128_cbc_cts_cipher ();
2114
check_cbc_mac_cipher ();
2115
check_ctr_cipher ();
2116
check_cfb_cipher ();
2117
check_ofb_cipher ();
2124
if (in_fips_mode && !selftest_only)
2126
/* If we are in fips mode do some more tests. */
2129
/* First trigger a self-test. */
2130
gcry_control (GCRYCTL_FORCE_FIPS_MODE, 0);
2131
if (!gcry_control (GCRYCTL_OPERATIONAL_P, 0))
2132
fail ("not in operational state after self-test\n");
2134
/* Get us into the error state. */
2135
err = gcry_md_open (&md, GCRY_MD_SHA1, 0);
2137
fail ("failed to open SHA-1 hash context: %s\n", gpg_strerror (err));
2140
err = gcry_md_enable (md, GCRY_MD_SHA256);
2142
fail ("failed to add SHA-256 hash context: %s\n",
2143
gpg_strerror (err));
2146
/* gcry_md_get_algo is only defined for a context with
2147
just one digest algorithm. With our setup it should
2148
put the oibrary intoerror state. */
2149
fputs ("Note: Two lines with error messages follow "
2150
"- this is expected\n", stderr);
2151
gcry_md_get_algo (md);
2153
if (gcry_control (GCRYCTL_OPERATIONAL_P, 0))
2154
fail ("expected error state but still in operational state\n");
2157
/* Now run a self-test and to get back into
2158
operational state. */
2159
gcry_control (GCRYCTL_FORCE_FIPS_MODE, 0);
2160
if (!gcry_control (GCRYCTL_OPERATIONAL_P, 0))
2161
fail ("did not reach operational after error "
2170
/* If in standard mode, run selftests. */
2171
if (gcry_control (GCRYCTL_SELFTEST, 0))
2172
fail ("running self-test failed\n");
2019
2176
fprintf (stderr, "\nAll tests completed. Errors: %i\n", error_count);
2178
if (in_fips_mode && !gcry_fips_mode_active ())
2179
fprintf (stderr, "FIPS mode is not anymore active\n");
2021
2181
return error_count ? 1 : 0;