mirror of
https://github.com/openssl/openssl.git
synced 2025-01-12 13:36:28 +08:00
6a2ab4a9c8
Unless the FIPS security check is enabled we allow arbitrary digests with ECDSA and DSA. Fixes #14696 Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15220)
219 lines
7.3 KiB
Plaintext
219 lines
7.3 KiB
Plaintext
#
|
|
# Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved.
|
|
#
|
|
# Licensed under the Apache License 2.0 (the "License"). You may not use
|
|
# this file except in compliance with the License. You can obtain a copy
|
|
# in the file LICENSE in the source distribution or at
|
|
# https://www.openssl.org/source/license.html
|
|
|
|
# Tests start with one of these keywords
|
|
# Cipher Decrypt Derive Digest Encoding KDF MAC PBE
|
|
# PrivPubKeyPair Sign Verify VerifyRecover
|
|
# and continue until a blank line. Lines starting with a pound sign are ignored.
|
|
# The keyword Availablein must appear before the test name if needed.
|
|
|
|
# Public key algorithm tests
|
|
|
|
# Private keys used for PKEY operations.
|
|
|
|
# EC P-256 key
|
|
|
|
PrivateKey=P-256
|
|
-----BEGIN PRIVATE KEY-----
|
|
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgiocvtiiTxNH/xbnw
|
|
+RdYBp+DUuCPoFpJ+NuSbLVyhyWhRANCAAQsFQ9CnOcPIWwlLPXgYs4fY5zV0WXH
|
|
+JQkBywnGX14szuSDpXNtmTpkNzwz+oNlOKo5q+dDlgFbmUxBJJbn+bJ
|
|
-----END PRIVATE KEY-----
|
|
|
|
# EC public key for above
|
|
|
|
PublicKey=P-256-PUBLIC
|
|
-----BEGIN PUBLIC KEY-----
|
|
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAELBUPQpznDyFsJSz14GLOH2Oc1dFl
|
|
x/iUJAcsJxl9eLM7kg6VzbZk6ZDc8M/qDZTiqOavnQ5YBW5lMQSSW5/myQ==
|
|
-----END PUBLIC KEY-----
|
|
|
|
PrivPubKeyPair = P-256:P-256-PUBLIC
|
|
|
|
Title = ECDSA tests
|
|
|
|
Verify = P-256
|
|
Ctrl = digest:SHA1
|
|
Input = "0123456789ABCDEF1234"
|
|
Output = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec8
|
|
|
|
# Digest too long
|
|
Verify = P-256
|
|
Ctrl = digest:SHA1
|
|
Input = "0123456789ABCDEF12345"
|
|
Output = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec8
|
|
Result = VERIFY_ERROR
|
|
|
|
# Digest too short
|
|
Verify = P-256
|
|
Ctrl = digest:SHA1
|
|
Input = "0123456789ABCDEF123"
|
|
Output = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec8
|
|
Result = VERIFY_ERROR
|
|
|
|
# Digest invalid
|
|
Verify = P-256
|
|
Ctrl = digest:SHA1
|
|
Input = "0123456789ABCDEF1235"
|
|
Output = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec8
|
|
Result = VERIFY_ERROR
|
|
|
|
# Invalid signature
|
|
Verify = P-256
|
|
Ctrl = digest:SHA1
|
|
Input = "0123456789ABCDEF1234"
|
|
Output = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec7
|
|
Result = VERIFY_ERROR
|
|
|
|
# Garbage after signature
|
|
Availablein = default
|
|
Verify = P-256
|
|
Ctrl = digest:SHA1
|
|
Input = "0123456789ABCDEF1234"
|
|
Output = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec800
|
|
Result = VERIFY_ERROR
|
|
|
|
# BER signature
|
|
Verify = P-256
|
|
Ctrl = digest:SHA1
|
|
Input = "0123456789ABCDEF1234"
|
|
Output = 3080022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec80000
|
|
Result = VERIFY_ERROR
|
|
|
|
Verify = P-256-PUBLIC
|
|
Ctrl = digest:SHA1
|
|
Input = "0123456789ABCDEF1234"
|
|
Output = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec8
|
|
|
|
Title = DigestSign and DigestVerify
|
|
|
|
DigestVerify = SHA256
|
|
Key = P-256-PUBLIC
|
|
Input = "Hello World"
|
|
Output = 3046022100e7515177ec3817b77a4a94066ab3070817b7aa9d44a8a09f040da250116e8972022100ba59b0f631258e59a9026be5d84f60685f4cf22b9165a0c2736d5c21c8ec1862
|
|
|
|
# Oneshot tests
|
|
OneShotDigestVerify = SHA256
|
|
Key = P-256-PUBLIC
|
|
Input = "Hello World"
|
|
Output = 3046022100e7515177ec3817b77a4a94066ab3070817b7aa9d44a8a09f040da250116e8972022100ba59b0f631258e59a9026be5d84f60685f4cf22b9165a0c2736d5c21c8ec1862
|
|
|
|
# Test that mdsize != tbssize fails
|
|
Sign = P-256
|
|
Ctrl = digest:SHA256
|
|
Input = "0123456789ABCDEF1234"
|
|
Result = KEYOP_ERROR
|
|
|
|
PrivateKey = P-256_NAMED_CURVE_EXPLICIT
|
|
-----BEGIN PRIVATE KEY-----
|
|
MIIBeQIBADCCAQMGByqGSM49AgEwgfcCAQEwLAYHKoZIzj0BAQIhAP////8AAAAB
|
|
AAAAAAAAAAAAAAAA////////////////MFsEIP////8AAAABAAAAAAAAAAAAAAAA
|
|
///////////////8BCBaxjXYqjqT57PrvVV2mIa8ZR0GsMxTsPY7zjw+J9JgSwMV
|
|
AMSdNgiG5wSTamZ44ROdJreBn36QBEEEaxfR8uEsQkf4vOblY6RA8ncDfYEt6zOg
|
|
9KE5RdiYwpZP40Li/hp/m47n60p8D54WK84zV2sxXs7LtkBoN79R9QIhAP////8A
|
|
AAAA//////////+85vqtpxeehPO5ysL8YyVRAgEBBG0wawIBAQQgiUTxtr5vLVjj
|
|
0BOXUa/4r82DJ30QoupYS/wlilW4gWehRANCAATM0n3q2UaDyaQ7OxzJM3B6prhW
|
|
3ev1gTwRBduzqqlwd54AUSgI+pjttW8zrWNitO8H1sf59MPWOESKxNtZ1+Nl
|
|
-----END PRIVATE KEY-----
|
|
|
|
PrivateKey = EC_EXPLICIT
|
|
-----BEGIN PRIVATE KEY-----
|
|
MIIBeQIBADCCAQMGByqGSM49AgEwgfcCAQEwLAYHKoZIzj0BAQIhAP////8AAAAB
|
|
AAAAAAAAAAAAAAAA////////////////MFsEIP////8AAAABAAAAAAAAAAAAAAAA
|
|
///////////////8BCBaxjXYqjqT57PrvVV2mIa8ZR0GsMxTsPY7zjw+J9JgSwMV
|
|
AMSdNgiG5wSTamZ44ROdJreBn36QBEEE5JcIvn36opqjEm/k59Al40rBAxWM2TPG
|
|
l0L13Je51zHpfXQ9Z2o7IQicMXP4wSfJ0qCgg2bgydqoxlYrlLGuVQIhAP////8A
|
|
AAAA//////////+85vqtpxeehPO5ysL8YyVRAgEBBG0wawIBAQQgec92jwduadCk
|
|
OjoNRI+YT5Be5TkzZXzYCyTLkMOikDmhRANCAATtECEhQbLEaiUj/Wu0qjcr81lL
|
|
46dx5zYgArz/iaSNJ3W80oO+F7v04jlQ7wxQzg96R0bwKiMeq5CcW9ZFt6xg
|
|
-----END PRIVATE KEY-----
|
|
|
|
PrivateKey = B-163
|
|
-----BEGIN PRIVATE KEY-----
|
|
MGMCAQAwEAYHKoZIzj0CAQYFK4EEAA8ETDBKAgEBBBUDnQW0mLiHVha/jqFznX/K
|
|
DnVlDgChLgMsAAQB1qZ00fPIct+QN8skv1XIHtBNp3EGLytJV0tsAUTYtGhtrzRj
|
|
e3GzYyg=
|
|
-----END PRIVATE KEY-----
|
|
|
|
PrivateKey = secp256k1
|
|
-----BEGIN PRIVATE KEY-----
|
|
MIGEAgEAMBAGByqGSM49AgEGBSuBBAAKBG0wawIBAQQgsLpFV9joHc0bisyV53XL
|
|
mrG6/Gu6ZaHoXtKP/VFX44ehRANCAARLYWGgp5nP4N8guypLSbYGCVN6ZPCnWW4x
|
|
srYkcpdbxr4neRT3zC62keCKgPbJf5SIHkJ2Tcaw6hVSrBOUFtix
|
|
-----END PRIVATE KEY-----
|
|
|
|
Title = FIPS tests
|
|
|
|
# Test that a nist curve with < 112 bits is allowed in fips mode for verifying
|
|
DigestVerify = SHA256
|
|
Key = B-163
|
|
Input = "Hello World"
|
|
Output = 302e0215027bb891747468b4b59ca2a2bf8f42d29d08866cf5021502cc311b25e9a2168e42240b07a6071070f687eb3b
|
|
|
|
# Test that a nist curve with SHA3 is allowed in fips mode
|
|
# The sign will get a mismatch error since the output signature changes on each run
|
|
DigestSign = SHA3-512
|
|
Key = P-256
|
|
Input = "Hello World"
|
|
Result = SIGNATURE_MISMATCH
|
|
|
|
# Test that a explicit curve that is a named curve is allowed in fips mode
|
|
DigestVerify = SHA256
|
|
Key = P-256_NAMED_CURVE_EXPLICIT
|
|
Input = "Hello World"
|
|
Output = 30450220796fcf472882ed5779226dcd0217b9d2b9acfe4fa2fb0109c8ee63c63adc1033022100e306c69f7e31b9a5d54eb12ba813cddf4de4af933e4f6cea38a0817d9d831d91
|
|
|
|
Title = FIPS Negative tests (using different curves and digests)
|
|
|
|
# Test that a explicit curve is not allowed in fips mode
|
|
Availablein = fips
|
|
DigestVerify = SHA256
|
|
Securitycheck = 1
|
|
Key = EC_EXPLICIT
|
|
Input = "Hello World"
|
|
Result = DIGESTVERIFYINIT_ERROR
|
|
|
|
# Test that a curve with < 112 bits is not allowed in fips mode for signing
|
|
Availablein = fips
|
|
DigestSign = SHA3-512
|
|
Securitycheck = 1
|
|
Key = B-163
|
|
Input = "Hello World"
|
|
Result = DIGESTSIGNINIT_ERROR
|
|
|
|
# Test that a non nist curve is not allowed in fips mode
|
|
Availablein = fips
|
|
DigestSign = SHA3-512
|
|
Securitycheck = 1
|
|
Key = secp256k1
|
|
Input = "Hello World"
|
|
Result = DIGESTSIGNINIT_ERROR
|
|
|
|
# Test that SHA1 is not allowed in fips mode for signing
|
|
Availablein = fips
|
|
DigestSign = SHA1
|
|
Securitycheck = 1
|
|
Key = B-163
|
|
Input = "Hello World"
|
|
Result = DIGESTSIGNINIT_ERROR
|
|
|
|
# Test that SHA1 is not allowed in fips mode for signing
|
|
Availablein = fips
|
|
Sign = P-256
|
|
Securitycheck = 1
|
|
Ctrl = digest:SHA1
|
|
Input = "0123456789ABCDEF1234"
|
|
Result = PKEY_CTRL_ERROR
|
|
|
|
# Invalid non-approved digest
|
|
Availablein = fips
|
|
DigestVerify = MD5
|
|
Securitycheck = 1
|
|
Key = P-256-PUBLIC
|
|
Result = DIGESTVERIFYINIT_ERROR
|