From 0645110ebdf0192d20831e00e45d308e719ff0f1 Mon Sep 17 00:00:00 2001 From: Shane Lontis Date: Sat, 29 Aug 2020 12:51:14 +1000 Subject: [PATCH] Add fips checks for ecdsa signatures Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/12745) --- providers/common/include/prov/provider_util.h | 1 + providers/common/provider_util.c | 63 ++++++ providers/implementations/signature/ecdsa.c | 89 ++++---- test/evp_test.c | 7 +- .../30-test_evp_data/evppkey_ecdsa.txt | 83 +++++++- test/ssl-tests/20-cert-select.cnf | 196 +++++++++--------- test/ssl-tests/20-cert-select.cnf.in | 46 ++-- 7 files changed, 312 insertions(+), 173 deletions(-) diff --git a/providers/common/include/prov/provider_util.h b/providers/common/include/prov/provider_util.h index 7306e6aa8c..d4fbd9b74b 100644 --- a/providers/common/include/prov/provider_util.h +++ b/providers/common/include/prov/provider_util.h @@ -132,3 +132,4 @@ void ossl_prov_cache_exported_algorithms(const OSSL_ALGORITHM_CAPABLE *in, int ossl_prov_digest_md_to_nid(const EVP_MD *md, const OSSL_ITEM *it, size_t it_len); int ossl_prov_digest_get_approved_nid(const EVP_MD *md, int sha1_allowed); +int ossl_prov_ec_check(const EC_KEY *ec, int protect); diff --git a/providers/common/provider_util.c b/providers/common/provider_util.c index 51ade22a37..f27171a830 100644 --- a/providers/common/provider_util.c +++ b/providers/common/provider_util.c @@ -353,3 +353,66 @@ int ossl_prov_digest_get_approved_nid(const EVP_MD *md, int sha1_allowed) #endif return mdnid; } + +/* + * In FIPS mode: + * protect should be 1 for any operations that need 112 bits of security + * strength (such as signing, and key exchange), or 0 for operations that allow + * a lower security strength (such as verify). + * + * For ECDH key agreement refer to SP800-56A + * https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-56Ar3.pdf + * "Appendix D" + * + * For ECDSA signatures refer to + * https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar2.pdf + * "Table 2" + */ +int ossl_prov_ec_check(const EC_KEY *ec, int protect) +{ +#ifdef FIPS_MODULE + int nid, strength; + const char *curve_name; + const EC_GROUP *group = EC_KEY_get0_group(ec); + + if (group == NULL) { + ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_CURVE, "No group"); + return 0; + } + nid = EC_GROUP_get_curve_name(group); + if (nid == NID_undef) { + ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_CURVE, + "Explicit curves are not allowed in fips mode"); + return 0; + } + + curve_name = EC_curve_nid2nist(nid); + if (curve_name == NULL) { + ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_CURVE, + "Curve %s is not approved in FIPS mode", curve_name); + return 0; + } + + /* + * For EC the security strength is the (order_bits / 2) + * e.g. P-224 is 112 bits. + */ + strength = EC_GROUP_order_bits(group) / 2; + /* The min security strength allowed for legacy verification is 80 bits */ + if (strength < 80) { + ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_CURVE); + return 0; + } + + /* + * For signing/or key agreement only allow curves with at least 112 bits of + * security strength + */ + if (protect && strength < 112) { + ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_CURVE, + "Curve %s cannot be used for signing", curve_name); + return 0; + } +#endif + return 1; +} diff --git a/providers/implementations/signature/ecdsa.c b/providers/implementations/signature/ecdsa.c index 2862fb0e31..8ca235c0b4 100644 --- a/providers/implementations/signature/ecdsa.c +++ b/providers/implementations/signature/ecdsa.c @@ -28,18 +28,19 @@ #include "prov/providercommonerr.h" #include "prov/implementations.h" #include "prov/provider_ctx.h" +#include "prov/provider_util.h" #include "crypto/ec.h" #include "prov/der_ec.h" static OSSL_FUNC_signature_newctx_fn ecdsa_newctx; -static OSSL_FUNC_signature_sign_init_fn ecdsa_signature_init; -static OSSL_FUNC_signature_verify_init_fn ecdsa_signature_init; +static OSSL_FUNC_signature_sign_init_fn ecdsa_sign_init; +static OSSL_FUNC_signature_verify_init_fn ecdsa_verify_init; static OSSL_FUNC_signature_sign_fn ecdsa_sign; static OSSL_FUNC_signature_verify_fn ecdsa_verify; -static OSSL_FUNC_signature_digest_sign_init_fn ecdsa_digest_signverify_init; +static OSSL_FUNC_signature_digest_sign_init_fn ecdsa_digest_sign_init; static OSSL_FUNC_signature_digest_sign_update_fn ecdsa_digest_signverify_update; static OSSL_FUNC_signature_digest_sign_final_fn ecdsa_digest_sign_final; -static OSSL_FUNC_signature_digest_verify_init_fn ecdsa_digest_signverify_init; +static OSSL_FUNC_signature_digest_verify_init_fn ecdsa_digest_verify_init; static OSSL_FUNC_signature_digest_verify_update_fn ecdsa_digest_signverify_update; static OSSL_FUNC_signature_digest_verify_final_fn ecdsa_digest_verify_final; static OSSL_FUNC_signature_freectx_fn ecdsa_freectx; @@ -70,6 +71,7 @@ typedef struct { unsigned char *aid; size_t aid_len; size_t mdsize; + int operation; EVP_MD *md; EVP_MD_CTX *mdctx; @@ -114,7 +116,7 @@ static void *ecdsa_newctx(void *provctx, const char *propq) return ctx; } -static int ecdsa_signature_init(void *vctx, void *ec) +static int ecdsa_signverify_init(void *vctx, void *ec, int operation) { PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx; @@ -125,7 +127,18 @@ static int ecdsa_signature_init(void *vctx, void *ec) return 0; EC_KEY_free(ctx->ec); ctx->ec = ec; - return 1; + ctx->operation = operation; + return ossl_prov_ec_check(ec, operation == EVP_PKEY_OP_SIGN); +} + +static int ecdsa_sign_init(void *vctx, void *ec) +{ + return ecdsa_signverify_init(vctx, ec, EVP_PKEY_OP_SIGN); +} + +static int ecdsa_verify_init(void *vctx, void *ec) +{ + return ecdsa_signverify_init(vctx, ec, EVP_PKEY_OP_VERIFY); } static int ecdsa_sign(void *vctx, unsigned char *sig, size_t *siglen, @@ -174,44 +187,11 @@ static int ecdsa_verify(void *vctx, const unsigned char *sig, size_t siglen, return ECDSA_verify(0, tbs, tbslen, sig, siglen, ctx->ec); } -static int get_md_nid(const EVP_MD *md) +static int get_md_nid(const PROV_ECDSA_CTX *ctx, const EVP_MD *md) { - /* - * Because the ECDSA library deals with NIDs, we need to translate. - * We do so using EVP_MD_is_a(), and therefore need a name to NID - * map. - */ - static const OSSL_ITEM name_to_nid[] = { - { NID_sha1, OSSL_DIGEST_NAME_SHA1 }, - { NID_sha224, OSSL_DIGEST_NAME_SHA2_224 }, - { NID_sha256, OSSL_DIGEST_NAME_SHA2_256 }, - { NID_sha384, OSSL_DIGEST_NAME_SHA2_384 }, - { NID_sha512, OSSL_DIGEST_NAME_SHA2_512 }, - { NID_sha3_224, OSSL_DIGEST_NAME_SHA3_224 }, - { NID_sha3_256, OSSL_DIGEST_NAME_SHA3_256 }, - { NID_sha3_384, OSSL_DIGEST_NAME_SHA3_384 }, - { NID_sha3_512, OSSL_DIGEST_NAME_SHA3_512 }, - /* TODO - Add SHAKE OIDS when they are standardized */ + int sha1_allowed = (ctx->operation != EVP_PKEY_OP_SIGN); - }; - size_t i; - int mdnid = NID_undef; - - if (md == NULL) - goto end; - - for (i = 0; i < OSSL_NELEM(name_to_nid); i++) { - if (EVP_MD_is_a(md, name_to_nid[i].ptr)) { - mdnid = (int)name_to_nid[i].id; - break; - } - } - - if (mdnid == NID_undef) - ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_DIGEST); - - end: - return mdnid; + return ossl_prov_digest_get_approved_nid(md, sha1_allowed); } static void free_md(PROV_ECDSA_CTX *ctx) @@ -226,7 +206,7 @@ static void free_md(PROV_ECDSA_CTX *ctx) } static int ecdsa_digest_signverify_init(void *vctx, const char *mdname, - void *ec) + void *ec, int operation) { PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx; int md_nid = NID_undef; @@ -237,11 +217,12 @@ static int ecdsa_digest_signverify_init(void *vctx, const char *mdname, free_md(ctx); - if (!ecdsa_signature_init(vctx, ec)) + if (!ecdsa_signverify_init(vctx, ec, operation)) return 0; ctx->md = EVP_MD_fetch(ctx->libctx, mdname, ctx->propq); - if ((md_nid = get_md_nid(ctx->md)) == NID_undef) + md_nid = get_md_nid(ctx, ctx->md); + if (md_nid == NID_undef) goto error; ctx->mdsize = EVP_MD_size(ctx->md); @@ -273,6 +254,16 @@ error: return 0; } +static int ecdsa_digest_sign_init(void *vctx, const char *mdname, void *ec) +{ + return ecdsa_digest_signverify_init(vctx, mdname, ec, EVP_PKEY_OP_SIGN); +} + +static int ecdsa_digest_verify_init(void *vctx, const char *mdname, void *ec) +{ + return ecdsa_digest_signverify_init(vctx, mdname, ec, EVP_PKEY_OP_VERIFY); +} + int ecdsa_digest_signverify_update(void *vctx, const unsigned char *data, size_t datalen) { @@ -521,18 +512,18 @@ static const OSSL_PARAM *ecdsa_settable_ctx_md_params(void *vctx) const OSSL_DISPATCH ecdsa_signature_functions[] = { { OSSL_FUNC_SIGNATURE_NEWCTX, (void (*)(void))ecdsa_newctx }, - { OSSL_FUNC_SIGNATURE_SIGN_INIT, (void (*)(void))ecdsa_signature_init }, + { OSSL_FUNC_SIGNATURE_SIGN_INIT, (void (*)(void))ecdsa_sign_init }, { OSSL_FUNC_SIGNATURE_SIGN, (void (*)(void))ecdsa_sign }, - { OSSL_FUNC_SIGNATURE_VERIFY_INIT, (void (*)(void))ecdsa_signature_init }, + { OSSL_FUNC_SIGNATURE_VERIFY_INIT, (void (*)(void))ecdsa_verify_init }, { OSSL_FUNC_SIGNATURE_VERIFY, (void (*)(void))ecdsa_verify }, { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_INIT, - (void (*)(void))ecdsa_digest_signverify_init }, + (void (*)(void))ecdsa_digest_sign_init }, { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_UPDATE, (void (*)(void))ecdsa_digest_signverify_update }, { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_FINAL, (void (*)(void))ecdsa_digest_sign_final }, { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_INIT, - (void (*)(void))ecdsa_digest_signverify_init }, + (void (*)(void))ecdsa_digest_verify_init }, { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_UPDATE, (void (*)(void))ecdsa_digest_signverify_update }, { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_FINAL, diff --git a/test/evp_test.c b/test/evp_test.c index 69857dea37..b8ca4a1915 100644 --- a/test/evp_test.c +++ b/test/evp_test.c @@ -1627,8 +1627,11 @@ static int pderive_test_parse(EVP_TEST *t, EVP_PKEY *peer; if (find_key(&peer, value, public_keys) == 0) return -1; - if (EVP_PKEY_derive_set_peer(kdata->ctx, peer) <= 0) - return -1; + if (EVP_PKEY_derive_set_peer(kdata->ctx, peer) <= 0) { + t->err = "DERIVE_SET_PEER_ERROR"; + return 1; + } + t->err = NULL; return 1; } if (strcmp(keyword, "SharedSecret") == 0) diff --git a/test/recipes/30-test_evp_data/evppkey_ecdsa.txt b/test/recipes/30-test_evp_data/evppkey_ecdsa.txt index 0af8c8f144..1800f3b9be 100644 --- a/test/recipes/30-test_evp_data/evppkey_ecdsa.txt +++ b/test/recipes/30-test_evp_data/evppkey_ecdsa.txt @@ -90,7 +90,6 @@ Ctrl = digest:SHA1 Input = "0123456789ABCDEF1234" Output = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec8 - Title = DigestSign and DigestVerify DigestVerify = SHA256 @@ -108,3 +107,85 @@ OneShotDigestVerify = SHA256 Key = P-256-PUBLIC Input = "Hello World" Output = 3046022100e7515177ec3817b77a4a94066ab3070817b7aa9d44a8a09f040da250116e8972022100ba59b0f631258e59a9026be5d84f60685f4cf22b9165a0c2736d5c21c8ec1862 + +PrivateKey = P-256_NAMED_CURVE_EXPLICIT +-----BEGIN PRIVATE KEY----- +MIIBeQIBADCCAQMGByqGSM49AgEwgfcCAQEwLAYHKoZIzj0BAQIhAP////8AAAAB +AAAAAAAAAAAAAAAA////////////////MFsEIP////8AAAABAAAAAAAAAAAAAAAA +///////////////8BCBaxjXYqjqT57PrvVV2mIa8ZR0GsMxTsPY7zjw+J9JgSwMV +AMSdNgiG5wSTamZ44ROdJreBn36QBEEEaxfR8uEsQkf4vOblY6RA8ncDfYEt6zOg +9KE5RdiYwpZP40Li/hp/m47n60p8D54WK84zV2sxXs7LtkBoN79R9QIhAP////8A +AAAA//////////+85vqtpxeehPO5ysL8YyVRAgEBBG0wawIBAQQgiUTxtr5vLVjj +0BOXUa/4r82DJ30QoupYS/wlilW4gWehRANCAATM0n3q2UaDyaQ7OxzJM3B6prhW +3ev1gTwRBduzqqlwd54AUSgI+pjttW8zrWNitO8H1sf59MPWOESKxNtZ1+Nl +-----END PRIVATE KEY----- + +PrivateKey = EC_EXPLICIT +-----BEGIN PRIVATE KEY----- +MIIBeQIBADCCAQMGByqGSM49AgEwgfcCAQEwLAYHKoZIzj0BAQIhAP////8AAAAB +AAAAAAAAAAAAAAAA////////////////MFsEIP////8AAAABAAAAAAAAAAAAAAAA +///////////////8BCBaxjXYqjqT57PrvVV2mIa8ZR0GsMxTsPY7zjw+J9JgSwMV +AMSdNgiG5wSTamZ44ROdJreBn36QBEEE5JcIvn36opqjEm/k59Al40rBAxWM2TPG +l0L13Je51zHpfXQ9Z2o7IQicMXP4wSfJ0qCgg2bgydqoxlYrlLGuVQIhAP////8A +AAAA//////////+85vqtpxeehPO5ysL8YyVRAgEBBG0wawIBAQQgec92jwduadCk +OjoNRI+YT5Be5TkzZXzYCyTLkMOikDmhRANCAATtECEhQbLEaiUj/Wu0qjcr81lL +46dx5zYgArz/iaSNJ3W80oO+F7v04jlQ7wxQzg96R0bwKiMeq5CcW9ZFt6xg +-----END PRIVATE KEY----- + +PrivateKey = B-163 +-----BEGIN PRIVATE KEY----- +MGMCAQAwEAYHKoZIzj0CAQYFK4EEAA8ETDBKAgEBBBUDnQW0mLiHVha/jqFznX/K +DnVlDgChLgMsAAQB1qZ00fPIct+QN8skv1XIHtBNp3EGLytJV0tsAUTYtGhtrzRj +e3GzYyg= +-----END PRIVATE KEY----- + +PrivateKey = secp256k1 +-----BEGIN PRIVATE KEY----- +MIGEAgEAMBAGByqGSM49AgEGBSuBBAAKBG0wawIBAQQgsLpFV9joHc0bisyV53XL +mrG6/Gu6ZaHoXtKP/VFX44ehRANCAARLYWGgp5nP4N8guypLSbYGCVN6ZPCnWW4x +srYkcpdbxr4neRT3zC62keCKgPbJf5SIHkJ2Tcaw6hVSrBOUFtix +-----END PRIVATE KEY----- + +Title = FIPS tests + +# Test that a nist curve with < 112 bits is allowed in fips mode for verifying +DigestVerify = SHA256 +Key = B-163 +Input = "Hello World" +Output = 302e0215027bb891747468b4b59ca2a2bf8f42d29d08866cf5021502cc311b25e9a2168e42240b07a6071070f687eb3b + +# Test that a nist curve with SHA3 is allowed in fips mode +# The sign will get a mismatch error since the output signature changes on each run +DigestSign = SHA3-512 +Key = P-256 +Input = "Hello World" +Result = SIGNATURE_MISMATCH + +# Test that a explicit curve that is a named curve is allowed in fips mode +DigestVerify = SHA256 +Key = P-256_NAMED_CURVE_EXPLICIT +Input = "Hello World" +Output = 30450220796fcf472882ed5779226dcd0217b9d2b9acfe4fa2fb0109c8ee63c63adc1033022100e306c69f7e31b9a5d54eb12ba813cddf4de4af933e4f6cea38a0817d9d831d91 + +Title = FIPS Negative tests (using different curves and digests) + +# Test that a explicit curve is not allowed in fips mode +Availablein = fips +DigestVerify = SHA256 +Key = EC_EXPLICIT +Input = "Hello World" +Result = DIGESTVERIFYINIT_ERROR + +# Test that a curve with < 112 bits is not allowed in fips mode for signing +Availablein = fips +DigestSign = SHA3-512 +Key = B-163 +Input = "Hello World" +Result = DIGESTSIGNINIT_ERROR + +# Test that a non nist curve is not allowed in fips mode +Availablein = fips +DigestSign = SHA3-512 +Key = secp256k1 +Input = "Hello World" +Result = DIGESTSIGNINIT_ERROR diff --git a/test/ssl-tests/20-cert-select.cnf b/test/ssl-tests/20-cert-select.cnf index 02dc6220ca..b0e3b79013 100644 --- a/test/ssl-tests/20-cert-select.cnf +++ b/test/ssl-tests/20-cert-select.cnf @@ -10,14 +10,14 @@ test-4 = 4-P-256 CipherString and Signature Algorithm Selection test-5 = 5-ECDSA CipherString Selection, no ECDSA certificate test-6 = 6-ECDSA Signature Algorithm Selection test-7 = 7-ECDSA Signature Algorithm Selection SHA384 -test-8 = 8-ECDSA Signature Algorithm Selection SHA1 -test-9 = 9-ECDSA Signature Algorithm Selection compressed point -test-10 = 10-ECDSA Signature Algorithm Selection, no ECDSA certificate -test-11 = 11-RSA Signature Algorithm Selection -test-12 = 12-RSA-PSS Signature Algorithm Selection -test-13 = 13-RSA key exchange with all RSA certificate types -test-14 = 14-Suite B P-256 Hash Algorithm Selection -test-15 = 15-Suite B P-384 Hash Algorithm Selection +test-8 = 8-ECDSA Signature Algorithm Selection compressed point +test-9 = 9-ECDSA Signature Algorithm Selection, no ECDSA certificate +test-10 = 10-RSA Signature Algorithm Selection +test-11 = 11-RSA-PSS Signature Algorithm Selection +test-12 = 12-RSA key exchange with all RSA certificate types +test-13 = 13-Suite B P-256 Hash Algorithm Selection +test-14 = 14-Suite B P-384 Hash Algorithm Selection +test-15 = 15-ECDSA Signature Algorithm Selection SHA1 test-16 = 16-Ed25519 CipherString and Signature Algorithm Selection test-17 = 17-Ed448 CipherString and Signature Algorithm Selection test-18 = 18-ECDSA with brainpool @@ -319,48 +319,14 @@ ExpectedServerSignType = EC # =========================================================== -[8-ECDSA Signature Algorithm Selection SHA1] -ssl_conf = 8-ECDSA Signature Algorithm Selection SHA1-ssl +[8-ECDSA Signature Algorithm Selection compressed point] +ssl_conf = 8-ECDSA Signature Algorithm Selection compressed point-ssl -[8-ECDSA Signature Algorithm Selection SHA1-ssl] -server = 8-ECDSA Signature Algorithm Selection SHA1-server -client = 8-ECDSA Signature Algorithm Selection SHA1-client +[8-ECDSA Signature Algorithm Selection compressed point-ssl] +server = 8-ECDSA Signature Algorithm Selection compressed point-server +client = 8-ECDSA Signature Algorithm Selection compressed point-client -[8-ECDSA Signature Algorithm Selection SHA1-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem -ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem -Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem -Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem -Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem -Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem -MaxProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[8-ECDSA Signature Algorithm Selection SHA1-client] -CipherString = DEFAULT:@SECLEVEL=0 -SignatureAlgorithms = ECDSA+SHA1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-8] -ExpectedResult = Success -ExpectedServerCertType = P-256 -ExpectedServerSignHash = SHA1 -ExpectedServerSignType = EC - - -# =========================================================== - -[9-ECDSA Signature Algorithm Selection compressed point] -ssl_conf = 9-ECDSA Signature Algorithm Selection compressed point-ssl - -[9-ECDSA Signature Algorithm Selection compressed point-ssl] -server = 9-ECDSA Signature Algorithm Selection compressed point-server -client = 9-ECDSA Signature Algorithm Selection compressed point-client - -[9-ECDSA Signature Algorithm Selection compressed point-server] +[8-ECDSA Signature Algorithm Selection compressed point-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-cecdsa-cert.pem @@ -368,13 +334,13 @@ ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-cecdsa-key.pem MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[9-ECDSA Signature Algorithm Selection compressed point-client] +[8-ECDSA Signature Algorithm Selection compressed point-client] CipherString = DEFAULT SignatureAlgorithms = ECDSA+SHA256 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-9] +[test-8] ExpectedResult = Success ExpectedServerCertType = P-256 ExpectedServerSignHash = SHA256 @@ -383,39 +349,39 @@ ExpectedServerSignType = EC # =========================================================== -[10-ECDSA Signature Algorithm Selection, no ECDSA certificate] -ssl_conf = 10-ECDSA Signature Algorithm Selection, no ECDSA certificate-ssl +[9-ECDSA Signature Algorithm Selection, no ECDSA certificate] +ssl_conf = 9-ECDSA Signature Algorithm Selection, no ECDSA certificate-ssl -[10-ECDSA Signature Algorithm Selection, no ECDSA certificate-ssl] -server = 10-ECDSA Signature Algorithm Selection, no ECDSA certificate-server -client = 10-ECDSA Signature Algorithm Selection, no ECDSA certificate-client +[9-ECDSA Signature Algorithm Selection, no ECDSA certificate-ssl] +server = 9-ECDSA Signature Algorithm Selection, no ECDSA certificate-server +client = 9-ECDSA Signature Algorithm Selection, no ECDSA certificate-client -[10-ECDSA Signature Algorithm Selection, no ECDSA certificate-server] +[9-ECDSA Signature Algorithm Selection, no ECDSA certificate-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[10-ECDSA Signature Algorithm Selection, no ECDSA certificate-client] +[9-ECDSA Signature Algorithm Selection, no ECDSA certificate-client] CipherString = DEFAULT SignatureAlgorithms = ECDSA+SHA256 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-10] +[test-9] ExpectedResult = ServerFail # =========================================================== -[11-RSA Signature Algorithm Selection] -ssl_conf = 11-RSA Signature Algorithm Selection-ssl +[10-RSA Signature Algorithm Selection] +ssl_conf = 10-RSA Signature Algorithm Selection-ssl -[11-RSA Signature Algorithm Selection-ssl] -server = 11-RSA Signature Algorithm Selection-server -client = 11-RSA Signature Algorithm Selection-client +[10-RSA Signature Algorithm Selection-ssl] +server = 10-RSA Signature Algorithm Selection-server +client = 10-RSA Signature Algorithm Selection-client -[11-RSA Signature Algorithm Selection-server] +[10-RSA Signature Algorithm Selection-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem @@ -427,13 +393,13 @@ Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[11-RSA Signature Algorithm Selection-client] +[10-RSA Signature Algorithm Selection-client] CipherString = DEFAULT SignatureAlgorithms = RSA+SHA256 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-11] +[test-10] ExpectedResult = Success ExpectedServerCertType = RSA ExpectedServerSignHash = SHA256 @@ -442,14 +408,14 @@ ExpectedServerSignType = RSA # =========================================================== -[12-RSA-PSS Signature Algorithm Selection] -ssl_conf = 12-RSA-PSS Signature Algorithm Selection-ssl +[11-RSA-PSS Signature Algorithm Selection] +ssl_conf = 11-RSA-PSS Signature Algorithm Selection-ssl -[12-RSA-PSS Signature Algorithm Selection-ssl] -server = 12-RSA-PSS Signature Algorithm Selection-server -client = 12-RSA-PSS Signature Algorithm Selection-client +[11-RSA-PSS Signature Algorithm Selection-ssl] +server = 11-RSA-PSS Signature Algorithm Selection-server +client = 11-RSA-PSS Signature Algorithm Selection-client -[12-RSA-PSS Signature Algorithm Selection-server] +[11-RSA-PSS Signature Algorithm Selection-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem @@ -461,13 +427,13 @@ Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[12-RSA-PSS Signature Algorithm Selection-client] +[11-RSA-PSS Signature Algorithm Selection-client] CipherString = DEFAULT SignatureAlgorithms = RSA-PSS+SHA256 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-12] +[test-11] ExpectedResult = Success ExpectedServerCertType = RSA ExpectedServerSignHash = SHA256 @@ -476,41 +442,41 @@ ExpectedServerSignType = RSA-PSS # =========================================================== -[13-RSA key exchange with all RSA certificate types] -ssl_conf = 13-RSA key exchange with all RSA certificate types-ssl +[12-RSA key exchange with all RSA certificate types] +ssl_conf = 12-RSA key exchange with all RSA certificate types-ssl -[13-RSA key exchange with all RSA certificate types-ssl] -server = 13-RSA key exchange with all RSA certificate types-server -client = 13-RSA key exchange with all RSA certificate types-client +[12-RSA key exchange with all RSA certificate types-ssl] +server = 12-RSA key exchange with all RSA certificate types-server +client = 12-RSA key exchange with all RSA certificate types-client -[13-RSA key exchange with all RSA certificate types-server] +[12-RSA key exchange with all RSA certificate types-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT PSS.Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem PSS.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[13-RSA key exchange with all RSA certificate types-client] +[12-RSA key exchange with all RSA certificate types-client] CipherString = kRSA MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-13] +[test-12] ExpectedResult = Success ExpectedServerCertType = RSA # =========================================================== -[14-Suite B P-256 Hash Algorithm Selection] -ssl_conf = 14-Suite B P-256 Hash Algorithm Selection-ssl +[13-Suite B P-256 Hash Algorithm Selection] +ssl_conf = 13-Suite B P-256 Hash Algorithm Selection-ssl -[14-Suite B P-256 Hash Algorithm Selection-ssl] -server = 14-Suite B P-256 Hash Algorithm Selection-server -client = 14-Suite B P-256 Hash Algorithm Selection-client +[13-Suite B P-256 Hash Algorithm Selection-ssl] +server = 13-Suite B P-256 Hash Algorithm Selection-server +client = 13-Suite B P-256 Hash Algorithm Selection-client -[14-Suite B P-256 Hash Algorithm Selection-server] +[13-Suite B P-256 Hash Algorithm Selection-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = SUITEB128 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/p256-server-cert.pem @@ -518,13 +484,13 @@ ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/p256-server-key.pem MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[14-Suite B P-256 Hash Algorithm Selection-client] +[13-Suite B P-256 Hash Algorithm Selection-client] CipherString = DEFAULT SignatureAlgorithms = ECDSA+SHA384:ECDSA+SHA256 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/p384-root.pem VerifyMode = Peer -[test-14] +[test-13] ExpectedResult = Success ExpectedServerCertType = P-256 ExpectedServerSignHash = SHA256 @@ -533,14 +499,14 @@ ExpectedServerSignType = EC # =========================================================== -[15-Suite B P-384 Hash Algorithm Selection] -ssl_conf = 15-Suite B P-384 Hash Algorithm Selection-ssl +[14-Suite B P-384 Hash Algorithm Selection] +ssl_conf = 14-Suite B P-384 Hash Algorithm Selection-ssl -[15-Suite B P-384 Hash Algorithm Selection-ssl] -server = 15-Suite B P-384 Hash Algorithm Selection-server -client = 15-Suite B P-384 Hash Algorithm Selection-client +[14-Suite B P-384 Hash Algorithm Selection-ssl] +server = 14-Suite B P-384 Hash Algorithm Selection-server +client = 14-Suite B P-384 Hash Algorithm Selection-client -[15-Suite B P-384 Hash Algorithm Selection-server] +[14-Suite B P-384 Hash Algorithm Selection-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = SUITEB128 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/p384-server-cert.pem @@ -548,19 +514,53 @@ ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/p384-server-key.pem MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[15-Suite B P-384 Hash Algorithm Selection-client] +[14-Suite B P-384 Hash Algorithm Selection-client] CipherString = DEFAULT SignatureAlgorithms = ECDSA+SHA256:ECDSA+SHA384 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/p384-root.pem VerifyMode = Peer -[test-15] +[test-14] ExpectedResult = Success ExpectedServerCertType = P-384 ExpectedServerSignHash = SHA384 ExpectedServerSignType = EC +# =========================================================== + +[15-ECDSA Signature Algorithm Selection SHA1] +ssl_conf = 15-ECDSA Signature Algorithm Selection SHA1-ssl + +[15-ECDSA Signature Algorithm Selection SHA1-ssl] +server = 15-ECDSA Signature Algorithm Selection SHA1-server +client = 15-ECDSA Signature Algorithm Selection SHA1-client + +[15-ECDSA Signature Algorithm Selection SHA1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT:@SECLEVEL=0 +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem +Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem +Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem +Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem +Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[15-ECDSA Signature Algorithm Selection SHA1-client] +CipherString = DEFAULT:@SECLEVEL=0 +SignatureAlgorithms = ECDSA+SHA1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-15] +ExpectedResult = Success +ExpectedServerCertType = P-256 +ExpectedServerSignHash = SHA1 +ExpectedServerSignType = EC + + # =========================================================== [16-Ed25519 CipherString and Signature Algorithm Selection] diff --git a/test/ssl-tests/20-cert-select.cnf.in b/test/ssl-tests/20-cert-select.cnf.in index 228ba88cf3..ddb9ff4747 100644 --- a/test/ssl-tests/20-cert-select.cnf.in +++ b/test/ssl-tests/20-cert-select.cnf.in @@ -199,29 +199,6 @@ our @tests = ( "ExpectedResult" => "Success" }, }, - { - name => "ECDSA Signature Algorithm Selection SHA1", - server => { - "CipherString" => "DEFAULT:\@SECLEVEL=0", - "ECDSA.Certificate" => test_pem("server-ecdsa-cert.pem"), - "ECDSA.PrivateKey" => test_pem("server-ecdsa-key.pem"), - "Ed25519.Certificate" => test_pem("server-ed25519-cert.pem"), - "Ed25519.PrivateKey" => test_pem("server-ed25519-key.pem"), - "Ed448.Certificate" => test_pem("server-ed448-cert.pem"), - "Ed448.PrivateKey" => test_pem("server-ed448-key.pem"), - "MaxProtocol" => "TLSv1.2" - }, - client => { - "CipherString" => "DEFAULT:\@SECLEVEL=0", - "SignatureAlgorithms" => "ECDSA+SHA1", - }, - test => { - "ExpectedServerCertType" => "P-256", - "ExpectedServerSignHash" => "SHA1", - "ExpectedServerSignType" => "EC", - "ExpectedResult" => "Success" - }, - }, { name => "ECDSA Signature Algorithm Selection compressed point", server => { @@ -330,6 +307,29 @@ our @tests = ( ); my @tests_non_fips = ( + { + name => "ECDSA Signature Algorithm Selection SHA1", + server => { + "CipherString" => "DEFAULT:\@SECLEVEL=0", + "ECDSA.Certificate" => test_pem("server-ecdsa-cert.pem"), + "ECDSA.PrivateKey" => test_pem("server-ecdsa-key.pem"), + "Ed25519.Certificate" => test_pem("server-ed25519-cert.pem"), + "Ed25519.PrivateKey" => test_pem("server-ed25519-key.pem"), + "Ed448.Certificate" => test_pem("server-ed448-cert.pem"), + "Ed448.PrivateKey" => test_pem("server-ed448-key.pem"), + "MaxProtocol" => "TLSv1.2" + }, + client => { + "CipherString" => "DEFAULT:\@SECLEVEL=0", + "SignatureAlgorithms" => "ECDSA+SHA1", + }, + test => { + "ExpectedServerCertType" => "P-256", + "ExpectedServerSignHash" => "SHA1", + "ExpectedServerSignType" => "EC", + "ExpectedResult" => "Success" + }, + }, # TODO(3.0) No Ed25519/Ed448 in FIPS mode at the moment { name => "Ed25519 CipherString and Signature Algorithm Selection",