Skip to content

Commit

Permalink
Add FIPS indicators to evp_test
Browse files Browse the repository at this point in the history 
evp_test code needed to be modified to defer setting algorithm contexts
until the run phase. The parse functions also defer setting into the context
until the run phase, which allows the context to initialize in a controlled order.
This allows params to be passed into the algorithm init function.

Reviewed-by: Neil Horman <[email protected]>
Reviewed-by: Paul Dale <[email protected]>
(Merged from openssl#24623)
  • Loading branch information
@slontis @paulidale
slontis authored and paulidale committed Jul 10, 2024
1 parent c13ddf0 commit 06da147
Show file tree
Hide file tree
Showing 12 changed files with 895 additions and 178 deletions.
792 changes: 640 additions & 152 deletions test/evp_test.c
View file

Large diffs are not rendered by default.

22 changes: 22 additions & 0 deletions test/recipes/30-test_evp_data/evpkdf_tls12_prf.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,3 +47,25 @@ Ctrl.Secret = hexsecret:01
Ctrl.Seed = hexseed:02
Output = 03
Result = KDF_DERIVE_ERROR

# Test that "master secret" is not not used in FIPS mode
FIPSversion = >=3.4.0
KDF = TLS1-PRF
Ctrl.digest = digest:SHA256
Ctrl.Secret = hexsecret:f8938ecc9edebc5030c0c6a441e213cd24e6f770a50dda07876f8d55da062bcadb386b411fd4fe4313a604fce6c17fbc
Ctrl.label = seed:master secret
Ctrl.client_random = hexseed:36c129d01a3200894b9179faac589d9835d58775f9b5ea3587cb8fd0364cae8c
Ctrl.server_random = hexseed:f6c9575ed7ddd73e1f7d16eca115415812a43c2b747daaaae043abfb50053fce
Result = KDF_DERIVE_ERROR

# FIPS indicator callback test
FIPSversion = >=3.4.0
KDF = TLS1-PRF
Unapproved = 1
CtrlInit = ems_check:0
Ctrl.digest = digest:SHA256
Ctrl.Secret = hexsecret:f8938ecc9edebc5030c0c6a441e213cd24e6f770a50dda07876f8d55da062bcadb386b411fd4fe4313a604fce6c17fbc
Ctrl.label = seed:master secret
Ctrl.client_random = hexseed:36c129d01a3200894b9179faac589d9835d58775f9b5ea3587cb8fd0364cae8c
Ctrl.server_random = hexseed:f6c9575ed7ddd73e1f7d16eca115415812a43c2b747daaaae043abfb50053fce
Output = 202c88c00f84a17a20027079604787461176455539e705be730890602c289a5001e34eeb3a043e5d52a65e66125188bf
45 changes: 44 additions & 1 deletion test/recipes/30-test_evp_data/evppkey_dsa.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -334,7 +334,7 @@ Result = DIGESTSIGNINIT_ERROR
Availablein = fips
DigestSign = SHA1
Securitycheck = 1
Key = DSA-2048
Key = DSA-2048-256
Input = "Hello"
Result = DIGESTSIGNINIT_ERROR

Expand All @@ -353,3 +353,46 @@ Securitycheck = 1
Key = DSA-4096-256
Input = "Hello"
Result = DIGESTSIGNINIT_ERROR

Title = Fips Indicator Tests
# Check that the indicator callback is triggered

# Test sign with a 1024 bit key in fips mode
FIPSversion = >=3.4.0
DigestSign = SHA256
Securitycheck = 1
Unapproved = 1
CtrlInit = key-check:0
Key = DSA-1024-FIPS186-2
Input = "Hello"
Result = SIGNATURE_MISMATCH

# Test sign with a 3072 bit key with N == 224 is not allowed in fips mode
FIPSversion = >=3.4.0
DigestSign = SHA256
Securitycheck = 1
Unapproved = 1
CtrlInit = key-check:0
Key = DSA-3072-224
Input = "Hello"
Result = SIGNATURE_MISMATCH

# Test sign with a 4096 bit key is not allowed in fips mode
FIPSversion = >=3.4.0
DigestSign = SHA256
Securitycheck = 1
Unapproved = 1
CtrlInit = key-check:0
Key = DSA-4096-256
Input = "Hello"
Result = SIGNATURE_MISMATCH

# Test sign with SHA1 is not allowed in fips mode
FIPSversion = >=3.4.0
DigestSign = SHA1
Securitycheck = 1
Unapproved = 1
CtrlInit = digest-check:0
Key = DSA-2048-256
Input = "Hello"
Result = SIGNATURE_MISMATCH
11 changes: 10 additions & 1 deletion test/recipes/30-test_evp_data/evppkey_ecc.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3594,7 +3594,16 @@ Derive=BOB_cf_prime192v1
Securitycheck = 1
PeerKey=ALICE_cf_prime192v1_PUB
SharedSecret=e36cad3b0f8d00f60f090440a76df47896713ae61421c354
Result = DERIVE_SET_PEER_ERROR
Result = KEYOP_INIT_ERROR

# Check the indicator callback is triggered
FIPSversion = >=3.4.0
Derive=BOB_cf_prime192v1
Securitycheck = 1
Unapproved = 1
CtrlInit = key-check:0
PeerKey=ALICE_cf_prime192v1_PUB
SharedSecret=e36cad3b0f8d00f60f090440a76df47896713ae61421c354

Title=prime256v1 curve tests

Expand Down
2 changes: 1 addition & 1 deletion test/recipes/30-test_evp_data/evppkey_ecdh.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2710,7 +2710,7 @@ Availablein = fips
Derive=ALICE_prime192v1
Securitycheck = 1
PeerKey=BOB_prime192v1_PUB
Result = DERIVE_SET_PEER_ERROR
Result = KEYOP_INIT_ERROR

# ECDH Bob with Alice peer

Expand Down
48 changes: 40 additions & 8 deletions test/recipes/30-test_evp_data/evppkey_ecdsa.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,49 +37,49 @@ PrivPubKeyPair = P-256:P-256-PUBLIC

Title = ECDSA tests

Verify = P-256
Verify = P-256-PUBLIC
Ctrl = digest:SHA1
Input = "0123456789ABCDEF1234"
Output = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec8

# Digest too long
Verify = P-256
Verify = P-256-PUBLIC
Ctrl = digest:SHA1
Input = "0123456789ABCDEF12345"
Output = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec8
Result = VERIFY_ERROR

# Digest too short
Verify = P-256
Verify = P-256-PUBLIC
Ctrl = digest:SHA1
Input = "0123456789ABCDEF123"
Output = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec8
Result = VERIFY_ERROR

# Digest invalid
Verify = P-256
Verify = P-256-PUBLIC
Ctrl = digest:SHA1
Input = "0123456789ABCDEF1235"
Output = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec8
Result = VERIFY_ERROR

# Invalid signature
Verify = P-256
Verify = P-256-PUBLIC
Ctrl = digest:SHA1
Input = "0123456789ABCDEF1234"
Output = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec7
Result = VERIFY_ERROR

# Garbage after signature
Availablein = default
Verify = P-256
Verify = P-256-PUBLIC
Ctrl = digest:SHA1
Input = "0123456789ABCDEF1234"
Output = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec800
Result = VERIFY_ERROR

# BER signature
Verify = P-256
Verify = P-256-PUBLIC
Ctrl = digest:SHA1
Input = "0123456789ABCDEF1234"
Output = 3080022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec80000
Expand Down Expand Up @@ -185,7 +185,6 @@ Title = FIPS Negative tests (using different curves and digests)
# Test that a explicit curve is not allowed in fips mode
Availablein = fips
DigestVerify = SHA256
Securitycheck = 1
Key = EC_EXPLICIT
Input = "Hello World"
Result = DIGESTVERIFYINIT_ERROR
Expand Down Expand Up @@ -228,3 +227,36 @@ DigestVerify = MD5
Securitycheck = 1
Key = P-256-PUBLIC
Result = DIGESTVERIFYINIT_ERROR

Title = FIPS Indicator tests
# Check that the indicator callback is triggered
# We check for signature mismatch since the signature is unique

FIPSversion = >=3.4.0
DigestSign = SHA3-512
Securitycheck = 1
Unapproved = 1
CtrlInit = key-check:0
Key = B-163
Input = "Hello World"
Result = SIGNATURE_MISMATCH

# Test that SHA1 is not allowed in fips mode for signing
FIPSversion = >=3.4.0
DigestSign = SHA1
Securitycheck = 1
Unapproved = 1
CtrlInit = digest-check:0
Key = P-256
Input = "Hello World"
Result = SIGNATURE_MISMATCH

# Test that SHA1 is not allowed in fips mode for signing
FIPSversion = >=3.4.0
Sign = P-256
Securitycheck = 1
Unapproved = 1
CtrlInit = digest-check:0
Ctrl = digest:SHA1
Input = "0123456789ABCDEF1234"
Result = KEYOP_MISMATCH
16 changes: 8 additions & 8 deletions test/recipes/30-test_evp_data/evppkey_ffdhe.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -98,21 +98,21 @@ SharedSecret=00006620DD85B56EE8540C8040CAC46B7385344A164E4DBDF521F7D99F88FA68EDD
# The plain shared secret for these keys needs padding as seen above.
Derive=ffdhe2048-1
PeerKey=ffdhe2048-2-pub
KDFType=X942KDF-ASN1
KDFOutlen=32
KDFDigest=SHA-256
CEKAlg=id-aes128-wrap
Ctrl = kdf-type:X942KDF-ASN1
Ctrl = kdf-outlen:32
Ctrl = kdf-digest:SHA-256
Ctrl = cekalg:AES-128-WRAP
Ctrl = dh_pad:1
SharedSecret=89A249DF4EE9033B89C2B4E52072A736D94F51143A1ED5C8F1E91FCBEBE09654

# FIPS(3.0.0): allows the padding to be set, later versions do not #17859
FIPSversion = >3.0.0
Derive=ffdhe2048-2
PeerKey=ffdhe2048-1-pub
KDFType=X942KDF-ASN1
KDFOutlen=32
KDFDigest=SHA-256
CEKAlg=id-aes128-wrap
Ctrl = kdf-type:X942KDF-ASN1
Ctrl = kdf-outlen:32
Ctrl = kdf-digest:SHA-256
Ctrl = cekalg:AES-128-WRAP
Ctrl = dh_pad:0
SharedSecret=89A249DF4EE9033B89C2B4E52072A736D94F51143A1ED5C8F1E91FCBEBE09654

Expand Down
2 changes: 1 addition & 1 deletion test/recipes/30-test_evp_data/evppkey_kas.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -54,7 +54,7 @@ Availablein = fips
Derive=KAS-ECC-CDH_P-192_C0
Securitycheck = 1
PeerKey=KAS-ECC-CDH_P-192_C0-Peer-PUBLIC
Result = DERIVE_SET_PEER_ERROR
Result = KEYOP_INIT_ERROR

PrivateKey=KAS-ECC-CDH_P-192_C1
-----BEGIN PRIVATE KEY-----
Expand Down
37 changes: 35 additions & 2 deletions test/recipes/30-test_evp_data/evppkey_rsa.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -599,7 +599,6 @@ Ctrl = rsa_mgf1_md:sha1
Input=65033bc2f67d6aba7d526acb873b8d9241e5e4d9
Output=1ed1d848fb1edb44129bd9b354795af97a069a7a00d0151048593e0c72c3517ff9ff2a41d0cb5a0ac860d736a199704f7cb6a53986a88bbd8abcc0076a2ce847880031525d449da2ac78356374c536e343faa7cba42a5aaa6506087791c06a8e989335aed19bfab2d5e67e27fb0c2875af896c21b6e8e7309d04e4f6727e69463e


Title = RSA DigestSign and DigestVerify

DigestSign = SHA1
Expand All @@ -613,7 +612,6 @@ Key = RSA-2048
Input = "Hello World"
Output = 3da3ca2bdd1b23a231b0e3c49d95d5959f9398c27a1e534c7e6baf1d2682304d3b6b229385b1edf483f5ef6f9b35bf10c519a302bb2f79c564e1a59ba71aa2fa36df96c942c43e8d9bd4702b5f61c12a078ae2b34d0de221fc8f9f936b79a67c89d11ba5da8c63a1370d0e824c6b661123e9b58b143ff533cf362cbdad70e65b419a6d45723bf22db3c76bb8f5337c5c5c93cb6f38b30d0c835b54c23405ca4217dd0b755f3712ebad285d9e0c02655f6ce5ce6fed78f3c81843de325f628055eef57f280dee0c3170050137ee599b9ab7f2b5d3c5f831777ea05a5eb097c70bad1a7214dadae12d7960bb9425390c7d25a79985e1e3c28ad422ff93c808f4b5


Title = Test RSA keygen

# Key generation tests
Expand All @@ -623,3 +621,38 @@ Ctrl = rsa_keygen_bits:128
KeyName = tmprsa
Result = PKEY_CTRL_ERROR
Reason = key size too small

Title = Test RSASVE (KEM)

# RSA Encapsulate/Decapsulate
Kem = RSA-2048
Op = RSASVE

# RSA Decapsulate
Kem = RSA-2048
Op = RSASVE
Input = 431937b777ae3ddda69da20ea602aeb76f87a7e120f24ff2bf7757de4302413fd875eb740d5ea108d0bce1102d9f0ec1613aa433ab33164afeb06b531334e4a0ea0965a4ef1c06ad783ce5799a35a62c1f8926b878be7400bd39a35a144ddccb1161f9b22891afb84bff8c31028fee69eaeca4c73d9d1dc0db371d52f33c950d7a3d51c2032567d07e1c2af36b4a4e13af04ba165ca3242cafcc2e1778ff205ede37397c1b71aa88ff16927b2ed6e7b04fd980b9a9392ce7ce902c11ac22e0d72633eb6d0b85c766e22a5f80bca7161d7bf544af4790b3d2af0d7631faf6204c3908be1072d52a5be47687cad09a978b856f4d72e659650adccd05b343630d7b
Output = 01fd95c07b4f4888f4efaf6d69d9309f677b4c0cd2179f10572e4576163c25046917340e8c5098f64d580f56614856a4c46e7e14843a62f5c387b0b30f09d456302534bfa2c944af66bb8a172ea3064d59ed9855797436ea70e218ef59181c6497222819cb1903cdf6febc6d484f1cb8a44946ee7be9e734e6423c83d4aaf509d84980292fe996000d34c9727146157a422110047b7441e0ecd81824b96e09a5fe3a1f0a46099625aeb0a3712e991293a7401bc01dca8bb5e72aaee9a9367ff3294ca158b64404a651c2fd3bab21178e54f27dd0ca25f64f3a6f44a284f8687459a7e453e6c3cc8c2f58da214047d7c416167923b6d6c61d5988e96dff15fad9

# Test small RSA keys are not allowed for Encapsulation in FIPS mode
FIPSversion = >=3.4.0
Kem = RSA-512
Securitycheck = 1
Op = RSASVE
Result = TEST_ENCAPSULATE_INIT_ERROR

# Test small RSA keys are not allowed for Decapsulation in FIPS mode
FIPSversion = >=3.4.0
Kem = RSA-512
Securitycheck = 1
Op = RSASVE
Input = 431937b777ae3ddda69da20ea602aeb76f87a7e120f24ff2bf7757de4302413fd875eb740d5ea108d0bce1102d9f0ec1613aa433ab33164afeb06b531334e4a0ea0965a4ef1c06ad783ce5799a35a62c1f8926b878be7400bd39a35a144ddccb1161f9b22891afb84bff8c31028fee69eaeca4c73d9d1dc0db371d52f33c950d
Result = TEST_DECAPSULATE_INIT_ERROR

# Test FIPS indicator callback is triggered
FIPSversion = >=3.4.0
Kem = RSA-512
Securitycheck = 1
Unapproved = 1
CtrlInit = key-check:0
Op = RSASVE
58 changes: 54 additions & 4 deletions test/recipes/30-test_evp_data/evppkey_rsa_common.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1915,6 +1915,13 @@ Title = RSA FIPS tests

# FIPS tests

# Decrypt with small RSA key is not permitted in FIPS mode
Availablein = fips
Decrypt = RSA-512
Securitycheck = 1
Input = 550AF55A2904E7B9762352F8FB7FA235A9CB053AACB2D5FCB8CA48453CB2EE3619746C701ABF2D4CC67003471A187900B05AA812BD25ED05C675DFC8C97A24A7BF49BD6214992CAD766D05A9A2B57B74F26A737E0237B8B76C45F1F226A836D7CFBC75BA999BDBE48DBC09227AA46C88F21DCCBA7840141AD5A5D71FD122E6BD6AC3E564780DFE623FC1CA9B995A6037BF0BBD43B205A84AC5444F34202C05CE9113087176432476576DE6FFFF9A52EA57C08BE3EC2F49676CB8E12F762AC71FA3C321E00AC988910C85FF52F93825666CE0D40FFAA0592078919D4493F46D95CCF76364C6D57760DD0B64805F9AFC76A2365A5575CA301D5103F0EA76CB9A78
Result = KEYOP_INIT_ERROR

# Verifying with SHA1 is permitted in fips mode for older applications
DigestVerify = SHA1
Key = RSA-2048
Expand All @@ -1928,33 +1935,76 @@ Input = "Hello"
Output = 80382819f51b197c42f9fc02a85198683d918059afc013ae155992442563dd2897008297fecb3a8d8cf9421d493a99bd427a628f17cc4a7c76d23dfad0619f4068403fa7351f6d5a92a631d670c04407f305a4b5cb492295754e73e9b7ad41459826d3619a61e90d4744bdaf0f24f2393ea9241e973600c2ed62b1a0a37c504e

# Signing with SHA1 is not allowed in fips mode
Availablein = fips
FIPSversion = >=3.4.0
DigestSign = SHA1
Securitycheck = 1
Key = RSA-2048
Input = "Hello"
Result = DIGESTSIGNINIT_ERROR

# Signing with a 1024 bit key is not allowed in fips mode
Availablein = fips
FIPSversion = >=3.4.0
DigestSign = SHA256
Securitycheck = 1
Key = RSA-1024
Input = "Hello"
Result = DIGESTSIGNINIT_ERROR

# Verifying with a legacy digest in fips mode is not allowed
Availablein = fips
FIPSversion = >=3.4.0
DigestVerify = MD5
Securitycheck = 1
Key = RSA-2048
Input = "Hello"
Result = DIGESTVERIFYINIT_ERROR

# Verifying with a key smaller than 1024 bits in fips mode is not allowed
Availablein = fips
FIPSversion = >=3.4.0
DigestVerify = SHA256
Securitycheck = 1
Key = RSA-512
Input = "Hello"
Result = DIGESTVERIFYINIT_ERROR

##################################################
# Check that the indicator callback is triggered

Title = RSA FIPS Indicator tests

# Decrypt with small RSA key is not permitted in FIPS mode
FIPSversion = >=3.4.0
Decrypt = RSA-512
Securitycheck = 1
Unapproved = 1
CtrlInit = key-check:0
Input = 550AF55A2904E7B9762352F8FB7FA235
Result = KEYOP_MISMATCH

# Signing with SHA1 is not allowed in fips mode
FIPSversion = >=3.4.0
DigestSign = SHA1
Securitycheck = 1
Unapproved = 1
CtrlInit = digest-check:0
Key = RSA-2048
Input = "Hello"
Result = SIGNATURE_MISMATCH

FIPSversion = >=3.4.0
DigestSign = SHA256
Securitycheck = 1
Unapproved = 1
CtrlInit = key-check:0
Key = RSA-1024
Input = "Hello"
Result = SIGNATURE_MISMATCH

# Verifying with a key smaller than 1024 bits in fips mode is not allowed
FIPSversion = >=3.4.0
DigestVerify = SHA256
Securitycheck = 1
Unapproved = 1
CtrlInit = key-check:0
Key = RSA-512
Input = "Hello"
Result = VERIFY_ERROR
Loading

0 comments on commit 06da147

Please sign in to comment.