From 917fc6000dfebd8854f0d1c220b85dec0dbf4676 Mon Sep 17 00:00:00 2001
From: NIIBE Yutaka <gniibe@fsij.org>
Date: Fri, 13 Dec 2024 11:54:31 +0900
Subject: [PATCH 03/19] fips,tests: Add tests for md_open/write/read/close for
 t-digest.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* tests/t-digest.c (check_md_o_w_r_c): New.
(main): Call check_md_o_w_r_c.

--

GnuPG-bug-id: 7338
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
Signed-off-by: Lucas Mülling <lucas.mulling@suse.com>
---
 tests/t-digest.c | 133 +++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 133 insertions(+)

Index: libgcrypt-1.11.0/tests/t-digest.c
===================================================================
--- libgcrypt-1.11.0.orig/tests/t-digest.c
+++ libgcrypt-1.11.0/tests/t-digest.c
@@ -39,6 +39,138 @@ static int in_fips_mode;
 #endif
 
 static void
+check_md_o_w_r_c (void)
+{
+  static struct {
+    int algo;
+    const char *data;
+    int datalen;
+    const char *expect;
+    int expect_failure;
+    unsigned int flags;
+  } tv[] = {
+#if USE_MD5
+    { GCRY_MD_MD5, "abc", 3,
+      "\x90\x01\x50\x98\x3C\xD2\x4F\xB0\xD6\x96\x3F\x7D\x28\xE1\x7F\x72", 1 },
+    { GCRY_MD_MD5, "abc", 3,
+      "\x90\x01\x50\x98\x3C\xD2\x4F\xB0\xD6\x96\x3F\x7D\x28\xE1\x7F\x72", 1,
+      GCRY_MD_FLAG_REJECT_NON_FIPS },
+#endif
+#if USE_SHA1
+    { GCRY_MD_SHA1, "abc", 3,
+      "\xA9\x99\x3E\x36\x47\x06\x81\x6A\xBA\x3E"
+      "\x25\x71\x78\x50\xC2\x6C\x9C\xD0\xD8\x9D" },
+#endif
+    { GCRY_MD_SHA256, "abc", 3,
+      "\xba\x78\x16\xbf\x8f\x01\xcf\xea\x41\x41\x40\xde\x5d\xae\x22\x23"
+      "\xb0\x03\x61\xa3\x96\x17\x7a\x9c\xb4\x10\xff\x61\xf2\x00\x15\xad" },
+    { GCRY_MD_SHA384, "abc", 3,
+      "\xcb\x00\x75\x3f\x45\xa3\x5e\x8b\xb5\xa0\x3d\x69\x9a\xc6\x50\x07"
+      "\x27\x2c\x32\xab\x0e\xde\xd1\x63\x1a\x8b\x60\x5a\x43\xff\x5b\xed"
+      "\x80\x86\x07\x2b\xa1\xe7\xcc\x23\x58\xba\xec\xa1\x34\xc8\x25\xa7" },
+    { GCRY_MD_SHA512, "abc", 3,
+      "\xDD\xAF\x35\xA1\x93\x61\x7A\xBA\xCC\x41\x73\x49\xAE\x20\x41\x31"
+      "\x12\xE6\xFA\x4E\x89\xA9\x7E\xA2\x0A\x9E\xEE\xE6\x4B\x55\xD3\x9A"
+      "\x21\x92\x99\x2A\x27\x4F\xC1\xA8\x36\xBA\x3C\x23\xA3\xFE\xEB\xBD"
+      "\x45\x4D\x44\x23\x64\x3C\xE8\x0E\x2A\x9A\xC9\x4F\xA5\x4C\xA4\x9F" },
+    { GCRY_MD_SHA3_256, "abc", 3,
+      "\x3a\x98\x5d\xa7\x4f\xe2\x25\xb2\x04\x5c\x17\x2d\x6b\xd3\x90\xbd"
+      "\x85\x5f\x08\x6e\x3e\x9d\x52\x5b\x46\xbf\xe2\x45\x11\x43\x15\x32" },
+    { GCRY_MD_SHA3_384, "abc", 3,
+      "\xec\x01\x49\x82\x88\x51\x6f\xc9\x26\x45\x9f\x58\xe2\xc6\xad\x8d"
+      "\xf9\xb4\x73\xcb\x0f\xc0\x8c\x25\x96\xda\x7c\xf0\xe4\x9b\xe4\xb2"
+      "\x98\xd8\x8c\xea\x92\x7a\xc7\xf5\x39\xf1\xed\xf2\x28\x37\x6d\x25" },
+    { GCRY_MD_SHA3_512, "abc", 3,
+      "\xb7\x51\x85\x0b\x1a\x57\x16\x8a\x56\x93\xcd\x92\x4b\x6b\x09\x6e"
+      "\x08\xf6\x21\x82\x74\x44\xf7\x0d\x88\x4f\x5d\x02\x40\xd2\x71\x2e"
+      "\x10\xe1\x16\xe9\x19\x2a\xf3\xc9\x1a\x7e\xc5\x76\x47\xe3\x93\x40"
+      "\x57\x34\x0b\x4c\xf4\x08\xd5\xa5\x65\x92\xf8\x27\x4e\xec\x53\xf0" }
+#if USE_RMD160
+    ,
+    { GCRY_MD_RMD160, "abc", 3,
+      "\x8e\xb2\x08\xf7\xe0\x5d\x98\x7a\x9b\x04"
+      "\x4a\x8e\x98\xc6\xb0\x87\xf1\x5a\x0b\xfc", 1 }
+#endif
+  };
+  int tvidx;
+  unsigned char *hash;
+  int expectlen;
+  gpg_error_t err;
+
+  for (tvidx=0; tvidx < DIM(tv); tvidx++)
+    {
+      gpg_err_code_t ec;
+      gcry_md_hd_t h;
+
+      if (verbose)
+        fprintf (stderr, "checking gcry_md_open test %d\n",
+                 tvidx);
+
+      expectlen = gcry_md_get_algo_dlen (tv[tvidx].algo);
+      assert (expectlen != 0);
+      err = gcry_md_open (&h, tv[tvidx].algo, tv[tvidx].flags);
+      if (err)
+        {
+          if (in_fips_mode && (tv[tvidx].flags & GCRY_MD_FLAG_REJECT_NON_FIPS)
+              && tv[tvidx].expect_failure)
+            /* Here, an error is expected */
+            ;
+          else
+            fail ("gcry_md_open test %d unexpectedly failed: %s\n",
+                  tvidx, gpg_strerror (err));
+          continue;
+        }
+      else
+        {
+          if (in_fips_mode && (tv[tvidx].flags & GCRY_MD_FLAG_REJECT_NON_FIPS)
+              && tv[tvidx].expect_failure)
+            /* This case, an error is expected, but we observed success */
+            fail ("gcry_md_open test %d unexpectedly succeeded\n", tvidx);
+        }
+
+
+      ec = gcry_get_fips_service_indicator ();
+      if (ec == GPG_ERR_INV_OP)
+        {
+          /* libgcrypt is old, no support of the FIPS service indicator.  */
+          fail ("gcry_md_open test %d unexpectedly failed to check the FIPS service indicator.\n",
+                tvidx);
+          continue;
+        }
+
+      if (in_fips_mode && !tv[tvidx].expect_failure && ec)
+        {
+          /* Success with the FIPS service indicator == 0 expected, but != 0.  */
+          fail ("gcry_md_open test %d unexpectedly set the indicator in FIPS mode.\n",
+                tvidx);
+          continue;
+        }
+      else if (in_fips_mode && tv[tvidx].expect_failure && !ec)
+        {
+          /* Success with the FIPS service indicator != 0 expected, but == 0.  */
+          fail ("gcry_md_open test %d unexpectedly cleared the indicator in FIPS mode.\n",
+                tvidx);
+          continue;
+        }
+
+      gcry_md_write (h, tv[tvidx].data, tv[tvidx].datalen);
+      hash = gcry_md_read (h, tv[tvidx].algo);
+      if (memcmp (hash, tv[tvidx].expect, expectlen))
+        {
+          int i;
+
+          fail ("gcry_md_open test %d failed: mismatch\n", tvidx);
+          fputs ("got:", stderr);
+          for (i=0; i < expectlen; i++)
+            fprintf (stderr, " %02x", hash[i]);
+          putc ('\n', stderr);
+        }
+
+      gcry_md_close (h);
+    }
+}
+
+static void
 check_digests (void)
 {
   static struct {
@@ -194,6 +326,7 @@ main (int argc, char **argv)
     xgcry_control ((GCRYCTL_SET_DEBUG_FLAGS, 1u , 0));
 
   check_digests ();
+  check_md_o_w_r_c ();
 
   return !!error_count;
 }