Next: Description of the FIPS Mode, Previous: Architecture, Up: The Libgcrypt Library [Contents][Index]
In addition to the build time regression test suite, Libgcrypt
implements self-tests to be performed at runtime. Which self-tests
are actually used depends on the mode Libgcrypt is used in. In
standard mode a limited set of self-tests is run at the time an
algorithm is first used. Note that not all algorithms feature a
self-test in standard mode. The GCRYCTL_SELFTEST
control
command may be used to run all implemented self-tests at any time;
this will even run more tests than those run in FIPS mode.
If any of the self-tests fails, the library immediately returns an error code to the caller. If Libgcrypt is in FIPS mode, the self-tests will be performed within the “Self-Test” state and any failure puts the library into the “Error” state.
Power-up tests are only performed if Libgcrypt is in FIPS mode.
The following symmetric encryption algorithm tests are run during power-up:
A known answer tests is run using one test vector and one test
key with AES in ECB mode. (cipher/rijndael.c:selftest_basic_128
)
A known answer tests is run using one test vector and one test
key with AES in ECB mode. (cipher/rijndael.c:selftest_basic_192
)
A known answer tests is run using one test vector and one test key
with AES in ECB mode. (cipher/rijndael.c:selftest_basic_256
)
The following hash algorithm tests are run during power-up:
A known answer test using the string "abc"
is run.
(cipher/sha1.c:selftests_sha1
)
A known answer test using the string "abc"
is run.
(cipher/sha256.c:selftests_sha224
)
A known answer test using the string "abc"
is run.
(cipher/sha256.c:selftests_sha256
)
A known answer test using the string "abc"
is run.
(cipher/sha512.c:selftests_sha384
)
A known answer test using the string "abc"
is run.
(cipher/sha512.c:selftests_sha512
)
The following MAC algorithm tests are run during power-up:
A known answer test using 9 bytes of data and a 64 byte key is run.
(cipher/mac-hmac.c:selftests_sha1
)
A known answer test using 28 bytes of data and a 4 byte key is run.
(cipher/mac-hmac.c:selftests_sha224
)
A known answer test using 28 bytes of data and a 4 byte key is run.
(cipher/mac-hmac.c:selftests_sha256
)
A known answer test using 28 bytes of data and a 4 byte key is run.
(cipher/mac-hmac.c:selftests_sha384
)
A known answer test using 28 bytes of data and a 4 byte key is run.
(cipher/mac-hmac.c:selftests_sha512
)
A known answer test using 9 bytes of data and a 20 byte key is run.
(cipher/mac-hmac.c:selftests_sha3
)
A known answer test using 40 bytes of data and a 16 byte key is run.
(cipher/mac-cmac.c:selftests_cmac_aes
)
The DRNG is tested during power-up this way:
The public key algorithms are tested during power-up:
A pre-defined 2048 bit RSA key is used and these tests are run in turn:
cipher/rsa.c:selftests_rsa
)
cipher/rsa.c:selftests_rsa
)
cipher/rsa.c:selftest_sign_2048
)
cipher/rsa.c:selftest_encr_2048
)
A pre-defined SEC P-256 ECDSA key is used and these tests are run in turn:
cipher/ecc.c:selftests_ecdsa
)
cipher/ecc.c:selftests_ecdsa
)
cipher/ecc.c:selftest_sign
)
The key derivation functions are tested during power-up:
A known answer tests with 8 byte password and 4 byte salt and SHA-1 is used.
(cipher/kdf.c:selftest_pbkdf2
)
The integrity of the Libgcrypt is tested during power-up but only if checking has been enabled at build time. The check works by computing a HMAC SHA-256 checksum over the file used to load Libgcrypt into memory. That checksum is compared against a checksum stored inside of the same file as in the text in the .rodata1 section of the ELF file.
The conditional tests are performed if a certain condition is met. This may occur at any time; the library does not necessary enter the “Self-Test” state to run these tests but will transit to the “Error” state if a test failed.
After an asymmetric key-pair has been generated, Libgcrypt runs a pair-wise consistency tests on the generated key. On failure the generated key is not used, an error code is returned and, if in FIPS mode, the library is put into the “Error” state.
The test uses a random number 64 bits less the size of the modulus as plaintext and runs an encryption and decryption operation in turn. The encrypted value is checked to not match the plaintext, and the result of the decryption is checked to match the plaintext.
A new random number of the same size is generated, signed and verified
to test the correctness of the signing operation. As a second signing
test, the signature is modified by incrementing its value and then
verified with the expected result that the verification fails.
(cipher/rsa.c:test_keys
)
No code is loaded at runtime.
A manual key entry feature is not implemented in Libgcrypt.
The application may requests tests at any time by means of the
GCRYCTL_SELFTEST
control command. Note that using these tests
is not FIPS conformant: Although Libgcrypt rejects all application
requests for services while running self-tests, it does not ensure
that no other operations of Libgcrypt are still being executed. Thus,
in FIPS mode an application requesting self-tests needs to power-cycle
Libgcrypt instead.
When self-tests are requested, Libgcrypt runs all the tests it does during power-up as well as a few extra checks as described below.
The following symmetric encryption algorithm tests are run in addition to the power-up tests:
A known answer tests with test vectors taken from NIST SP800-38a and using the high level functions is run for block modes CFB and OFB.
The following hash algorithm tests are run in addition to the power-up tests:
(cipher/sha1.c:selftests_sha1
,
cipher/sha256.c:selftests_sha224
,
cipher/sha256.c:selftests_sha256
)
(cipher/sha512.c:selftests_sha384
,
cipher/sha512.c:selftests_sha512
)
The following MAC algorithm tests are run in addition to the power-up tests:
(cipher/mac-hmac.c:selftests_sha1
)
(cipher/mac-hmac.c:selftests_sha224
,
cipher/mac-hmac.c:selftests_sha256
,
cipher/mac-hmac.c:selftests_sha384
,
cipher/mac-hmac.c:selftests_sha512
)
(cipher/mac-hmac.c:selftests_sha3
,
(cipher/mac-cmac.c:selftests_cmac_aes
,
Next: Description of the FIPS Mode, Previous: Architecture, Up: The Libgcrypt Library [Contents][Index]