From 6daefa8222e735604667f8ef13a8d95764728c36 Mon Sep 17 00:00:00 2001 From: Ondrej Kozina Date: Thu, 31 Oct 2024 13:43:17 +0100 Subject: [PATCH] api-test: Use minimal key size 14 bytes (112 bits). As per SP800-132 minimal key length is 112 bits. Use it while testing unbound keys stored in LUKS2 keyslots. Otherwise the test fails in FIPS mode. --- tests/api-test-2.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/tests/api-test-2.c b/tests/api-test-2.c index 3d19fde6..6b746de2 100644 --- a/tests/api-test-2.c +++ b/tests/api-test-2.c @@ -3213,19 +3213,20 @@ static void Luks2KeyslotAdd(void) /* in general crypt_keyslot_add_by_key must allow any reasonable key size * even though such keyslot will not be usable for segment encryption */ EQ_(crypt_keyslot_add_by_key(cd, 2, key2, key_size-1, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_VOLUME_KEY_NO_SEGMENT), 2); - EQ_(crypt_keyslot_add_by_key(cd, 3, key2, 13, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_VOLUME_KEY_NO_SEGMENT), 3); + /* As per SP800-132 112 bits (14 bytes) is minimal key length */ + EQ_(crypt_keyslot_add_by_key(cd, 3, key2, 14, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_VOLUME_KEY_NO_SEGMENT), 3); FAIL_(crypt_keyslot_get_key_size(cd, CRYPT_ANY_SLOT), "Bad keyslot specification."); EQ_(crypt_get_volume_key_size(cd), key_size); EQ_(crypt_keyslot_get_key_size(cd, 0), key_size); EQ_(crypt_keyslot_get_key_size(cd, 1), key_size); EQ_(crypt_keyslot_get_key_size(cd, 2), key_size-1); - EQ_(crypt_keyslot_get_key_size(cd, 3), 13); + EQ_(crypt_keyslot_get_key_size(cd, 3), 14); key_ret_len = key_size - 1; FAIL_(crypt_volume_key_get(cd, CRYPT_ANY_SLOT, key_ret, &key_ret_len, PASSPHRASE1, strlen(PASSPHRASE1)), "Wrong size"); - key_ret_len = 13; + key_ret_len = 14; FAIL_(crypt_volume_key_get(cd, 2, key_ret, &key_ret_len, PASSPHRASE1, strlen(PASSPHRASE1)), "wrong size"); EQ_(crypt_volume_key_get(cd, 3, key_ret, &key_ret_len, PASSPHRASE1, strlen(PASSPHRASE1)), 3); FAIL_(crypt_activate_by_volume_key(cd, NULL, key_ret, key_ret_len, 0), "Not a volume key");