Use RSA-OAEP in FIPS self-tests and support a fixed OAEP seed to make the test deterministic as required for a known-answer test. Switch the signature FIPS self-test to use the digest_sign and digest_verify provider functions using the EVP_DigestSign and EVP_DigestVerify APIs, as the existing signature self-test does not cover hash computation. Switch the existing Diffie-Hellman FIPS self-test to use FFDHE2048, a known safe prime from RFC 7919. Signed-off-by: Clemens Lang <cllang@redhat.com> Resolves: rhbz#2102535epel8
parent
3e6d5a385b
commit
08d6c35051
@ -0,0 +1,367 @@
|
|||||||
|
From 4a2239bd7d444c30c55b20ea8b4aeadafdfe1afd Mon Sep 17 00:00:00 2001
|
||||||
|
From: Clemens Lang <cllang@redhat.com>
|
||||||
|
Date: Fri, 22 Jul 2022 13:59:37 +0200
|
||||||
|
Subject: [PATCH] FIPS: Use OAEP in KATs, support fixed OAEP seed
|
||||||
|
|
||||||
|
Review by our lab for FIPS 140-3 certification expects the RSA
|
||||||
|
encryption and decryption tests to use a supported padding mode, not raw
|
||||||
|
RSA signatures. Switch to RSA-OAEP for the self tests to fulfill that.
|
||||||
|
|
||||||
|
The FIPS 140-3 Implementation Guidance specifies in section 10.3.A
|
||||||
|
"Cryptographic Algorithm Self-Test Requirements" that a self-test may be
|
||||||
|
a known-answer test, a comparison test, or a fault-detection test.
|
||||||
|
|
||||||
|
Comparison tests are not an option, because they would require
|
||||||
|
a separate implementation of RSA-OAEP, which we do not have. Fault
|
||||||
|
detection tests require implementing fault detection mechanisms into the
|
||||||
|
cryptographic algorithm implementation, we we also do not have.
|
||||||
|
|
||||||
|
As a consequence, a known-answer test must be used to test RSA
|
||||||
|
encryption and decryption, but RSA encryption with OAEP padding is not
|
||||||
|
deterministic, and thus encryption will always yield different results
|
||||||
|
that could not be compared to known answers. For this reason, this
|
||||||
|
change explicitly sets the seed in OAEP (see RFC 8017 section 7.1.1),
|
||||||
|
which is the source of randomness for RSA-OAEP, to a fixed value. This
|
||||||
|
setting is only available during self-test execution, and the parameter
|
||||||
|
set using EVP_PKEY_CTX_set_params() will be ignored otherwise.
|
||||||
|
|
||||||
|
Signed-off-by: Clemens Lang <cllang@redhat.com>
|
||||||
|
---
|
||||||
|
crypto/rsa/rsa_local.h | 8 ++
|
||||||
|
crypto/rsa/rsa_oaep.c | 34 ++++++--
|
||||||
|
include/openssl/core_names.h | 3 +
|
||||||
|
providers/fips/self_test_data.inc | 83 +++++++++++--------
|
||||||
|
providers/fips/self_test_kats.c | 7 ++
|
||||||
|
.../implementations/asymciphers/rsa_enc.c | 41 ++++++++-
|
||||||
|
6 files changed, 133 insertions(+), 43 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/crypto/rsa/rsa_local.h b/crypto/rsa/rsa_local.h
|
||||||
|
index ea70da05ad..dde57a1a0e 100644
|
||||||
|
--- a/crypto/rsa/rsa_local.h
|
||||||
|
+++ b/crypto/rsa/rsa_local.h
|
||||||
|
@@ -193,4 +193,12 @@ int ossl_rsa_padding_add_PKCS1_type_2_ex(OSSL_LIB_CTX *libctx, unsigned char *to
|
||||||
|
int tlen, const unsigned char *from,
|
||||||
|
int flen);
|
||||||
|
|
||||||
|
+int ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex2(OSSL_LIB_CTX *libctx,
|
||||||
|
+ unsigned char *to, int tlen,
|
||||||
|
+ const unsigned char *from, int flen,
|
||||||
|
+ const unsigned char *param,
|
||||||
|
+ int plen, const EVP_MD *md,
|
||||||
|
+ const EVP_MD *mgf1md,
|
||||||
|
+ const char *redhat_st_seed);
|
||||||
|
+
|
||||||
|
#endif /* OSSL_CRYPTO_RSA_LOCAL_H */
|
||||||
|
diff --git a/crypto/rsa/rsa_oaep.c b/crypto/rsa/rsa_oaep.c
|
||||||
|
index d9be1a4f98..b2f7f7dc4b 100644
|
||||||
|
--- a/crypto/rsa/rsa_oaep.c
|
||||||
|
+++ b/crypto/rsa/rsa_oaep.c
|
||||||
|
@@ -44,6 +44,10 @@ int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
|
||||||
|
param, plen, NULL, NULL);
|
||||||
|
}
|
||||||
|
|
||||||
|
+#ifdef FIPS_MODULE
|
||||||
|
+extern int REDHAT_FIPS_asym_cipher_st;
|
||||||
|
+#endif /* FIPS_MODULE */
|
||||||
|
+
|
||||||
|
/*
|
||||||
|
* Perform the padding as per NIST 800-56B 7.2.2.3
|
||||||
|
* from (K) is the key material.
|
||||||
|
@@ -51,12 +55,13 @@ int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
|
||||||
|
* Step numbers are included here but not in the constant time inverse below
|
||||||
|
* to avoid complicating an already difficult enough function.
|
||||||
|
*/
|
||||||
|
-int ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex(OSSL_LIB_CTX *libctx,
|
||||||
|
- unsigned char *to, int tlen,
|
||||||
|
- const unsigned char *from, int flen,
|
||||||
|
- const unsigned char *param,
|
||||||
|
- int plen, const EVP_MD *md,
|
||||||
|
- const EVP_MD *mgf1md)
|
||||||
|
+int ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex2(OSSL_LIB_CTX *libctx,
|
||||||
|
+ unsigned char *to, int tlen,
|
||||||
|
+ const unsigned char *from, int flen,
|
||||||
|
+ const unsigned char *param,
|
||||||
|
+ int plen, const EVP_MD *md,
|
||||||
|
+ const EVP_MD *mgf1md,
|
||||||
|
+ const char *redhat_st_seed)
|
||||||
|
{
|
||||||
|
int rv = 0;
|
||||||
|
int i, emlen = tlen - 1;
|
||||||
|
@@ -107,6 +112,11 @@ int ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex(OSSL_LIB_CTX *libctx,
|
||||||
|
db[emlen - flen - mdlen - 1] = 0x01;
|
||||||
|
memcpy(db + emlen - flen - mdlen, from, (unsigned int)flen);
|
||||||
|
/* step 3d: generate random byte string */
|
||||||
|
+#ifdef FIPS_MODULE
|
||||||
|
+ if (redhat_st_seed != NULL && REDHAT_FIPS_asym_cipher_st) {
|
||||||
|
+ memcpy(seed, redhat_st_seed, mdlen);
|
||||||
|
+ } else
|
||||||
|
+#endif
|
||||||
|
if (RAND_bytes_ex(libctx, seed, mdlen, 0) <= 0)
|
||||||
|
goto err;
|
||||||
|
|
||||||
|
@@ -138,6 +148,18 @@ int ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex(OSSL_LIB_CTX *libctx,
|
||||||
|
return rv;
|
||||||
|
}
|
||||||
|
|
||||||
|
+int ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex(OSSL_LIB_CTX *libctx,
|
||||||
|
+ unsigned char *to, int tlen,
|
||||||
|
+ const unsigned char *from, int flen,
|
||||||
|
+ const unsigned char *param,
|
||||||
|
+ int plen, const EVP_MD *md,
|
||||||
|
+ const EVP_MD *mgf1md)
|
||||||
|
+{
|
||||||
|
+ return ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex2(libctx, to, tlen, from,
|
||||||
|
+ flen, param, plen, md,
|
||||||
|
+ mgf1md, NULL);
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
int RSA_padding_add_PKCS1_OAEP_mgf1(unsigned char *to, int tlen,
|
||||||
|
const unsigned char *from, int flen,
|
||||||
|
const unsigned char *param, int plen,
|
||||||
|
diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h
|
||||||
|
index 59a6e79566..11216fb8f8 100644
|
||||||
|
--- a/include/openssl/core_names.h
|
||||||
|
+++ b/include/openssl/core_names.h
|
||||||
|
@@ -469,6 +469,9 @@ extern "C" {
|
||||||
|
#define OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL "oaep-label"
|
||||||
|
#define OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION "tls-client-version"
|
||||||
|
#define OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION "tls-negotiated-version"
|
||||||
|
+#ifdef FIPS_MODULE
|
||||||
|
+#define OSSL_ASYM_CIPHER_PARAM_REDHAT_KAT_OEAP_SEED "redhat-kat-oaep-seed"
|
||||||
|
+#endif
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Encoder / decoder parameters
|
||||||
|
diff --git a/providers/fips/self_test_data.inc b/providers/fips/self_test_data.inc
|
||||||
|
index 4e30ec56dd..0103c87528 100644
|
||||||
|
--- a/providers/fips/self_test_data.inc
|
||||||
|
+++ b/providers/fips/self_test_data.inc
|
||||||
|
@@ -1294,9 +1294,22 @@ static const ST_KAT_PARAM rsa_priv_key[] = {
|
||||||
|
ST_KAT_PARAM_END()
|
||||||
|
};
|
||||||
|
|
||||||
|
+/*-
|
||||||
|
+ * Using OSSL_PKEY_RSA_PAD_MODE_OAEP directly in the expansion of the
|
||||||
|
+ * ST_KAT_PARAM_UTF8STRING macro below causes a failure on ancient
|
||||||
|
+ * HP/UX PA-RISC compilers.
|
||||||
|
+ */
|
||||||
|
+static const char pad_mode_oaep[] = OSSL_PKEY_RSA_PAD_MODE_OAEP;
|
||||||
|
+static const char oaep_fixed_seed[] = {
|
||||||
|
+ 0xf6, 0x10, 0xef, 0x0a, 0x97, 0xbf, 0x91, 0x25,
|
||||||
|
+ 0x97, 0xcf, 0x8e, 0x0a, 0x75, 0x51, 0x2f, 0xab,
|
||||||
|
+ 0x2e, 0x4b, 0x2c, 0xe6
|
||||||
|
+};
|
||||||
|
+
|
||||||
|
static const ST_KAT_PARAM rsa_enc_params[] = {
|
||||||
|
- ST_KAT_PARAM_UTF8STRING(OSSL_ASYM_CIPHER_PARAM_PAD_MODE,
|
||||||
|
- OSSL_PKEY_RSA_PAD_MODE_NONE),
|
||||||
|
+ ST_KAT_PARAM_UTF8STRING(OSSL_ASYM_CIPHER_PARAM_PAD_MODE, pad_mode_oaep),
|
||||||
|
+ ST_KAT_PARAM_OCTET(OSSL_ASYM_CIPHER_PARAM_REDHAT_KAT_OEAP_SEED,
|
||||||
|
+ oaep_fixed_seed),
|
||||||
|
ST_KAT_PARAM_END()
|
||||||
|
};
|
||||||
|
|
||||||
|
@@ -1335,43 +1348,43 @@ static const unsigned char rsa_expected_sig[256] = {
|
||||||
|
0x2c, 0x68, 0xf0, 0x37, 0xa9, 0xd2, 0x56, 0xd6
|
||||||
|
};
|
||||||
|
|
||||||
|
-static const unsigned char rsa_asym_plaintext_encrypt[256] = {
|
||||||
|
+static const unsigned char rsa_asym_plaintext_encrypt[208] = {
|
||||||
|
0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
|
||||||
|
0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10,
|
||||||
|
};
|
||||||
|
static const unsigned char rsa_asym_expected_encrypt[256] = {
|
||||||
|
- 0x54, 0xac, 0x23, 0x96, 0x1d, 0x82, 0x5d, 0x8b,
|
||||||
|
- 0x8f, 0x36, 0x33, 0xd0, 0xf4, 0x02, 0xa2, 0x61,
|
||||||
|
- 0xb1, 0x13, 0xd4, 0x4a, 0x46, 0x06, 0x37, 0x3c,
|
||||||
|
- 0xbf, 0x40, 0x05, 0x3c, 0xc6, 0x3b, 0x64, 0xdc,
|
||||||
|
- 0x22, 0x22, 0xaf, 0x36, 0x79, 0x62, 0x45, 0xf0,
|
||||||
|
- 0x97, 0x82, 0x22, 0x44, 0x86, 0x4a, 0x7c, 0xfa,
|
||||||
|
- 0xac, 0x03, 0x21, 0x84, 0x3f, 0x31, 0xad, 0x2a,
|
||||||
|
- 0xa4, 0x6e, 0x7a, 0xc5, 0x93, 0xf3, 0x0f, 0xfc,
|
||||||
|
- 0xf1, 0x62, 0xce, 0x82, 0x12, 0x45, 0xc9, 0x35,
|
||||||
|
- 0xb0, 0x7a, 0xcd, 0x99, 0x8c, 0x91, 0x6b, 0x5a,
|
||||||
|
- 0xd3, 0x46, 0xdb, 0xf9, 0x9e, 0x52, 0x49, 0xbd,
|
||||||
|
- 0x1e, 0xe8, 0xda, 0xac, 0x61, 0x47, 0xc2, 0xda,
|
||||||
|
- 0xfc, 0x1e, 0xfb, 0x74, 0xd7, 0xd6, 0xc1, 0x18,
|
||||||
|
- 0x86, 0x3e, 0x20, 0x9c, 0x7a, 0xe1, 0x04, 0xb7,
|
||||||
|
- 0x38, 0x43, 0xb1, 0x4e, 0xa0, 0xd8, 0xc1, 0x39,
|
||||||
|
- 0x4d, 0xe1, 0xd3, 0xb0, 0xb3, 0xf1, 0x82, 0x87,
|
||||||
|
- 0x1f, 0x74, 0xb5, 0x69, 0xfd, 0x33, 0xd6, 0x21,
|
||||||
|
- 0x7c, 0x61, 0x60, 0x28, 0xca, 0x70, 0xdb, 0xa0,
|
||||||
|
- 0xbb, 0xc8, 0x73, 0xa9, 0x82, 0xf8, 0x6b, 0xd8,
|
||||||
|
- 0xf0, 0xc9, 0x7b, 0x20, 0xdf, 0x9d, 0xfb, 0x8c,
|
||||||
|
- 0xd4, 0xa2, 0x89, 0xe1, 0x9b, 0x04, 0xad, 0xaa,
|
||||||
|
- 0x11, 0x6c, 0x8f, 0xce, 0x83, 0x29, 0x56, 0x69,
|
||||||
|
- 0xbb, 0x00, 0x3b, 0xef, 0xca, 0x2d, 0xcd, 0x52,
|
||||||
|
- 0xc8, 0xf1, 0xb3, 0x9b, 0xb4, 0x4f, 0x6d, 0x9c,
|
||||||
|
- 0x3d, 0x69, 0xcc, 0x6d, 0x1f, 0x38, 0x4d, 0xe6,
|
||||||
|
- 0xbb, 0x0c, 0x87, 0xdc, 0x5f, 0xa9, 0x24, 0x93,
|
||||||
|
- 0x03, 0x46, 0xa2, 0x33, 0x6c, 0xf4, 0xd8, 0x5d,
|
||||||
|
- 0x68, 0xf3, 0xd3, 0xe0, 0xf2, 0x30, 0xdb, 0xf5,
|
||||||
|
- 0x4f, 0x0f, 0xad, 0xc7, 0xd0, 0xaa, 0x47, 0xd9,
|
||||||
|
- 0x9f, 0x85, 0x1b, 0x2e, 0x6c, 0x3c, 0x57, 0x04,
|
||||||
|
- 0x29, 0xf4, 0xf5, 0x66, 0x7d, 0x93, 0x4a, 0xaa,
|
||||||
|
- 0x05, 0x52, 0x55, 0xc1, 0xc6, 0x06, 0x90, 0xab,
|
||||||
|
+ 0x6c, 0x21, 0xc1, 0x9e, 0x94, 0xee, 0xdf, 0x74,
|
||||||
|
+ 0x3a, 0x3c, 0x7c, 0x04, 0x1a, 0x53, 0x9e, 0x7c,
|
||||||
|
+ 0x42, 0xac, 0x7e, 0x28, 0x9a, 0xb7, 0xe2, 0x4e,
|
||||||
|
+ 0x87, 0xd4, 0x00, 0x69, 0x71, 0xf0, 0x3e, 0x0b,
|
||||||
|
+ 0xc1, 0xda, 0xd6, 0xbd, 0x21, 0x39, 0x4f, 0x25,
|
||||||
|
+ 0x22, 0x1f, 0x76, 0x0d, 0x62, 0x1f, 0xa2, 0x89,
|
||||||
|
+ 0xdb, 0x38, 0x32, 0x88, 0x21, 0x1d, 0x89, 0xf1,
|
||||||
|
+ 0xe0, 0x14, 0xd4, 0xb7, 0x90, 0xfc, 0xbc, 0x50,
|
||||||
|
+ 0xb0, 0x8d, 0x5c, 0x2f, 0x49, 0x9e, 0x90, 0x17,
|
||||||
|
+ 0x9e, 0x60, 0x9f, 0xe1, 0x77, 0x4f, 0x11, 0xa2,
|
||||||
|
+ 0xcf, 0x16, 0x65, 0x2d, 0x4a, 0x2c, 0x12, 0xcb,
|
||||||
|
+ 0x1e, 0x3c, 0x29, 0x8b, 0xdc, 0x27, 0x06, 0x9d,
|
||||||
|
+ 0xf4, 0x0d, 0xe1, 0xc9, 0xeb, 0x14, 0x6a, 0x7e,
|
||||||
|
+ 0xfd, 0xa7, 0xa8, 0xa7, 0x51, 0x82, 0x62, 0x0f,
|
||||||
|
+ 0x29, 0x8d, 0x8c, 0x5e, 0xf2, 0xb8, 0xcd, 0xd3,
|
||||||
|
+ 0x51, 0x92, 0xa7, 0x25, 0x39, 0x9d, 0xdd, 0x06,
|
||||||
|
+ 0xff, 0xb1, 0xb0, 0xd5, 0x61, 0x03, 0x8f, 0x25,
|
||||||
|
+ 0x5c, 0x49, 0x12, 0xc1, 0x50, 0x67, 0x61, 0x78,
|
||||||
|
+ 0xb3, 0xe3, 0xc4, 0xf6, 0x36, 0x16, 0xa9, 0x04,
|
||||||
|
+ 0x91, 0x0a, 0x4b, 0x27, 0x28, 0x97, 0x50, 0x7c,
|
||||||
|
+ 0x65, 0x2d, 0xd0, 0x08, 0x71, 0x84, 0xe7, 0x47,
|
||||||
|
+ 0x79, 0x83, 0x91, 0x46, 0xd9, 0x8f, 0x79, 0xce,
|
||||||
|
+ 0x49, 0xcb, 0xcd, 0x8b, 0x34, 0xac, 0x61, 0xe0,
|
||||||
|
+ 0xe6, 0x55, 0xbf, 0x10, 0xe4, 0xac, 0x9a, 0xd6,
|
||||||
|
+ 0xed, 0xc1, 0xc2, 0xb6, 0xb6, 0xf7, 0x41, 0x99,
|
||||||
|
+ 0xde, 0xfa, 0xde, 0x11, 0x16, 0xa2, 0x18, 0x30,
|
||||||
|
+ 0x30, 0xdc, 0x95, 0x76, 0x2f, 0x46, 0x43, 0x20,
|
||||||
|
+ 0xc4, 0xe7, 0x50, 0xb9, 0x1e, 0xcd, 0x69, 0xbb,
|
||||||
|
+ 0x29, 0x94, 0x27, 0x9c, 0xc9, 0xab, 0xb4, 0x27,
|
||||||
|
+ 0x8b, 0x4d, 0xe1, 0xcb, 0xc1, 0x04, 0x2c, 0x66,
|
||||||
|
+ 0x41, 0x3a, 0x4d, 0xeb, 0x61, 0x4c, 0x77, 0x5a,
|
||||||
|
+ 0xee, 0xb0, 0xca, 0x99, 0x0e, 0x7f, 0xbe, 0x06
|
||||||
|
};
|
||||||
|
|
||||||
|
#ifndef OPENSSL_NO_EC
|
||||||
|
diff --git a/providers/fips/self_test_kats.c b/providers/fips/self_test_kats.c
|
||||||
|
index 064794d9bf..b6d5e8e134 100644
|
||||||
|
--- a/providers/fips/self_test_kats.c
|
||||||
|
+++ b/providers/fips/self_test_kats.c
|
||||||
|
@@ -647,14 +647,21 @@ static int self_test_ciphers(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx)
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
|
||||||
|
+int REDHAT_FIPS_asym_cipher_st = 0;
|
||||||
|
+
|
||||||
|
static int self_test_asym_ciphers(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx)
|
||||||
|
{
|
||||||
|
int i, ret = 1;
|
||||||
|
|
||||||
|
+ REDHAT_FIPS_asym_cipher_st = 1;
|
||||||
|
+
|
||||||
|
for (i = 0; i < (int)OSSL_NELEM(st_kat_asym_cipher_tests); ++i) {
|
||||||
|
if (!self_test_asym_cipher(&st_kat_asym_cipher_tests[i], st, libctx))
|
||||||
|
ret = 0;
|
||||||
|
}
|
||||||
|
+
|
||||||
|
+ REDHAT_FIPS_asym_cipher_st = 0;
|
||||||
|
+
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
|
||||||
|
diff --git a/providers/implementations/asymciphers/rsa_enc.c b/providers/implementations/asymciphers/rsa_enc.c
|
||||||
|
index 00cf65fcd6..83be3d8ede 100644
|
||||||
|
--- a/providers/implementations/asymciphers/rsa_enc.c
|
||||||
|
+++ b/providers/implementations/asymciphers/rsa_enc.c
|
||||||
|
@@ -30,6 +30,9 @@
|
||||||
|
#include "prov/implementations.h"
|
||||||
|
#include "prov/providercommon.h"
|
||||||
|
#include "prov/securitycheck.h"
|
||||||
|
+#ifdef FIPS_MODULE
|
||||||
|
+# include "crypto/rsa/rsa_local.h"
|
||||||
|
+#endif
|
||||||
|
|
||||||
|
#include <stdlib.h>
|
||||||
|
|
||||||
|
@@ -75,6 +78,9 @@ typedef struct {
|
||||||
|
/* TLS padding */
|
||||||
|
unsigned int client_version;
|
||||||
|
unsigned int alt_version;
|
||||||
|
+#ifdef FIPS_MODULE
|
||||||
|
+ char *redhat_st_oaep_seed;
|
||||||
|
+#endif /* FIPS_MODULE */
|
||||||
|
} PROV_RSA_CTX;
|
||||||
|
|
||||||
|
static void *rsa_newctx(void *provctx)
|
||||||
|
@@ -190,12 +196,21 @@ static int rsa_encrypt(void *vprsactx, unsigned char *out, size_t *outlen,
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
ret =
|
||||||
|
- ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex(prsactx->libctx, tbuf,
|
||||||
|
+#ifdef FIPS_MODULE
|
||||||
|
+ ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex2(
|
||||||
|
+#else
|
||||||
|
+ ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex(
|
||||||
|
+#endif
|
||||||
|
+ prsactx->libctx, tbuf,
|
||||||
|
rsasize, in, inlen,
|
||||||
|
prsactx->oaep_label,
|
||||||
|
prsactx->oaep_labellen,
|
||||||
|
prsactx->oaep_md,
|
||||||
|
- prsactx->mgf1_md);
|
||||||
|
+ prsactx->mgf1_md
|
||||||
|
+#ifdef FIPS_MODULE
|
||||||
|
+ , prsactx->redhat_st_oaep_seed
|
||||||
|
+#endif
|
||||||
|
+ );
|
||||||
|
|
||||||
|
if (!ret) {
|
||||||
|
OPENSSL_free(tbuf);
|
||||||
|
@@ -326,6 +341,9 @@ static void rsa_freectx(void *vprsactx)
|
||||||
|
EVP_MD_free(prsactx->oaep_md);
|
||||||
|
EVP_MD_free(prsactx->mgf1_md);
|
||||||
|
OPENSSL_free(prsactx->oaep_label);
|
||||||
|
+#ifdef FIPS_MODULE
|
||||||
|
+ OPENSSL_free(prsactx->redhat_st_oaep_seed);
|
||||||
|
+#endif /* FIPS_MODULE */
|
||||||
|
|
||||||
|
OPENSSL_free(prsactx);
|
||||||
|
}
|
||||||
|
@@ -445,6 +463,9 @@ static const OSSL_PARAM known_gettable_ctx_params[] = {
|
||||||
|
NULL, 0),
|
||||||
|
OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION, NULL),
|
||||||
|
OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION, NULL),
|
||||||
|
+#ifdef FIPS_MODULE
|
||||||
|
+ OSSL_PARAM_octet_string(OSSL_ASYM_CIPHER_PARAM_REDHAT_KAT_OEAP_SEED, NULL, 0),
|
||||||
|
+#endif /* FIPS_MODULE */
|
||||||
|
OSSL_PARAM_END
|
||||||
|
};
|
||||||
|
|
||||||
|
@@ -454,6 +475,10 @@ static const OSSL_PARAM *rsa_gettable_ctx_params(ossl_unused void *vprsactx,
|
||||||
|
return known_gettable_ctx_params;
|
||||||
|
}
|
||||||
|
|
||||||
|
+#ifdef FIPS_MODULE
|
||||||
|
+extern int REDHAT_FIPS_asym_cipher_st;
|
||||||
|
+#endif /* FIPS_MODULE */
|
||||||
|
+
|
||||||
|
static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[])
|
||||||
|
{
|
||||||
|
PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx;
|
||||||
|
@@ -563,6 +588,18 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[])
|
||||||
|
prsactx->oaep_labellen = tmp_labellen;
|
||||||
|
}
|
||||||
|
|
||||||
|
+#ifdef FIPS_MODULE
|
||||||
|
+ p = OSSL_PARAM_locate_const(params, OSSL_ASYM_CIPHER_PARAM_REDHAT_KAT_OEAP_SEED);
|
||||||
|
+ if (p != NULL && REDHAT_FIPS_asym_cipher_st) {
|
||||||
|
+ void *tmp_oaep_seed = NULL;
|
||||||
|
+
|
||||||
|
+ if (!OSSL_PARAM_get_octet_string(p, &tmp_oaep_seed, 0, NULL))
|
||||||
|
+ return 0;
|
||||||
|
+ OPENSSL_free(prsactx->redhat_st_oaep_seed);
|
||||||
|
+ prsactx->redhat_st_oaep_seed = (char *)tmp_oaep_seed;
|
||||||
|
+ }
|
||||||
|
+#endif /* FIPS_MODULE */
|
||||||
|
+
|
||||||
|
p = OSSL_PARAM_locate_const(params, OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION);
|
||||||
|
if (p != NULL) {
|
||||||
|
unsigned int client_version;
|
||||||
|
--
|
||||||
|
2.37.1
|
||||||
|
|
@ -0,0 +1,307 @@
|
|||||||
|
From 97ac06e5a8e3a8699279c06eeb64c8e958bad7bd Mon Sep 17 00:00:00 2001
|
||||||
|
From: Clemens Lang <cllang@redhat.com>
|
||||||
|
Date: Fri, 15 Jul 2022 17:45:40 +0200
|
||||||
|
Subject: [PATCH] FIPS: Use digest_sign & digest_verify in self test
|
||||||
|
|
||||||
|
In review for FIPS 140-3, the lack of a self-test for the digest_sign
|
||||||
|
and digest_verify provider functions was highlighted as a problem. NIST
|
||||||
|
no longer provides ACVP tests for the RSA SigVer primitive (see
|
||||||
|
https://github.com/usnistgov/ACVP/issues/1347). Because FIPS 140-3
|
||||||
|
recommends the use of functions that compute the digest and signature
|
||||||
|
within the module, we have been advised in our module review that the
|
||||||
|
self tests should also use the combined digest and signature APIs, i.e.
|
||||||
|
the digest_sign and digest_verify provider functions.
|
||||||
|
|
||||||
|
Modify the signature self-test to use these instead by switching to
|
||||||
|
EVP_DigestSign and EVP_DigestVerify. This requires adding more ifdefs to
|
||||||
|
crypto/evp/m_sigver.c to make these functions usable in the FIPS module.
|
||||||
|
|
||||||
|
Signed-off-by: Clemens Lang <cllang@redhat.com>
|
||||||
|
---
|
||||||
|
crypto/evp/m_sigver.c | 43 +++++++++++++++++++++++++++------
|
||||||
|
providers/fips/self_test_kats.c | 37 +++++++++++++++-------------
|
||||||
|
2 files changed, 56 insertions(+), 24 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c
|
||||||
|
index db1a1d7bc3..c94c3c53bd 100644
|
||||||
|
--- a/crypto/evp/m_sigver.c
|
||||||
|
+++ b/crypto/evp/m_sigver.c
|
||||||
|
@@ -88,6 +88,7 @@ static int update(EVP_MD_CTX *ctx, const void *data, size_t datalen)
|
||||||
|
ERR_raise(ERR_LIB_EVP, EVP_R_ONLY_ONESHOT_SUPPORTED);
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
+#endif /* !defined(FIPS_MODULE) */
|
||||||
|
|
||||||
|
/*
|
||||||
|
* If we get the "NULL" md then the name comes back as "UNDEF". We want to use
|
||||||
|
@@ -130,8 +131,10 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
|
||||||
|
reinit = 0;
|
||||||
|
if (e == NULL)
|
||||||
|
ctx->pctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, props);
|
||||||
|
+#ifndef FIPS_MODULE
|
||||||
|
else
|
||||||
|
ctx->pctx = EVP_PKEY_CTX_new(pkey, e);
|
||||||
|
+#endif /* !defined(FIPS_MODULE) */
|
||||||
|
}
|
||||||
|
if (ctx->pctx == NULL)
|
||||||
|
return 0;
|
||||||
|
@@ -139,8 +142,10 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
|
||||||
|
locpctx = ctx->pctx;
|
||||||
|
ERR_set_mark();
|
||||||
|
|
||||||
|
+#ifndef FIPS_MODULE
|
||||||
|
if (evp_pkey_ctx_is_legacy(locpctx))
|
||||||
|
goto legacy;
|
||||||
|
+#endif /* !defined(FIPS_MODULE) */
|
||||||
|
|
||||||
|
/* do not reinitialize if pkey is set or operation is different */
|
||||||
|
if (reinit
|
||||||
|
@@ -225,8 +230,10 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
|
||||||
|
signature =
|
||||||
|
evp_signature_fetch_from_prov((OSSL_PROVIDER *)tmp_prov,
|
||||||
|
supported_sig, locpctx->propquery);
|
||||||
|
+#ifndef FIPS_MODULE
|
||||||
|
if (signature == NULL)
|
||||||
|
goto legacy;
|
||||||
|
+#endif /* !defined(FIPS_MODULE) */
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
if (signature == NULL)
|
||||||
|
@@ -310,6 +317,7 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
|
||||||
|
ctx->fetched_digest = EVP_MD_fetch(locpctx->libctx, mdname, props);
|
||||||
|
if (ctx->fetched_digest != NULL) {
|
||||||
|
ctx->digest = ctx->reqdigest = ctx->fetched_digest;
|
||||||
|
+#ifndef FIPS_MODULE
|
||||||
|
} else {
|
||||||
|
/* legacy engine support : remove the mark when this is deleted */
|
||||||
|
ctx->reqdigest = ctx->digest = EVP_get_digestbyname(mdname);
|
||||||
|
@@ -318,11 +326,13 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
|
||||||
|
ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
|
||||||
|
goto err;
|
||||||
|
}
|
||||||
|
+#endif /* !defined(FIPS_MODULE) */
|
||||||
|
}
|
||||||
|
(void)ERR_pop_to_mark();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
+#ifndef FIPS_MODULE
|
||||||
|
if (ctx->reqdigest != NULL
|
||||||
|
&& !EVP_PKEY_is_a(locpctx->pkey, SN_hmac)
|
||||||
|
&& !EVP_PKEY_is_a(locpctx->pkey, SN_tls1_prf)
|
||||||
|
@@ -334,6 +344,7 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
|
||||||
|
goto err;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
+#endif /* !defined(FIPS_MODULE) */
|
||||||
|
|
||||||
|
if (ver) {
|
||||||
|
if (signature->digest_verify_init == NULL) {
|
||||||
|
@@ -366,6 +377,7 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
|
||||||
|
EVP_KEYMGMT_free(tmp_keymgmt);
|
||||||
|
return 0;
|
||||||
|
|
||||||
|
+#ifndef FIPS_MODULE
|
||||||
|
legacy:
|
||||||
|
/*
|
||||||
|
* If we don't have the full support we need with provided methods,
|
||||||
|
@@ -437,6 +449,7 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
|
||||||
|
ctx->pctx->flag_call_digest_custom = 1;
|
||||||
|
|
||||||
|
ret = 1;
|
||||||
|
+#endif /* !defined(FIPS_MODULE) */
|
||||||
|
|
||||||
|
end:
|
||||||
|
#ifndef FIPS_MODULE
|
||||||
|
@@ -479,7 +492,6 @@ int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
|
||||||
|
return do_sigver_init(ctx, pctx, type, NULL, NULL, NULL, e, pkey, 1,
|
||||||
|
NULL);
|
||||||
|
}
|
||||||
|
-#endif /* FIPS_MDOE */
|
||||||
|
|
||||||
|
int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize)
|
||||||
|
{
|
||||||
|
@@ -541,23 +553,29 @@ int EVP_DigestVerifyUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize)
|
||||||
|
return EVP_DigestUpdate(ctx, data, dsize);
|
||||||
|
}
|
||||||
|
|
||||||
|
-#ifndef FIPS_MODULE
|
||||||
|
int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
|
||||||
|
size_t *siglen)
|
||||||
|
{
|
||||||
|
- int sctx = 0, r = 0;
|
||||||
|
- EVP_PKEY_CTX *dctx, *pctx = ctx->pctx;
|
||||||
|
+ int r = 0;
|
||||||
|
+#ifndef FIPS_MODULE
|
||||||
|
+ int sctx = 0;
|
||||||
|
+ EVP_PKEY_CTX *dctx;
|
||||||
|
+#endif /* !defined(FIPS_MODULE) */
|
||||||
|
+ EVP_PKEY_CTX *pctx = ctx->pctx;
|
||||||
|
|
||||||
|
+#ifndef FIPS_MODULE
|
||||||
|
if (pctx == NULL
|
||||||
|
|| pctx->operation != EVP_PKEY_OP_SIGNCTX
|
||||||
|
|| pctx->op.sig.algctx == NULL
|
||||||
|
|| pctx->op.sig.signature == NULL)
|
||||||
|
goto legacy;
|
||||||
|
+#endif /* !defined(FIPS_MODULE) */
|
||||||
|
|
||||||
|
if (sigret == NULL || (ctx->flags & EVP_MD_CTX_FLAG_FINALISE) != 0)
|
||||||
|
return pctx->op.sig.signature->digest_sign_final(pctx->op.sig.algctx,
|
||||||
|
sigret, siglen,
|
||||||
|
(siglen == NULL) ? 0 : *siglen);
|
||||||
|
+#ifndef FIPS_MODULE
|
||||||
|
dctx = EVP_PKEY_CTX_dup(pctx);
|
||||||
|
if (dctx == NULL)
|
||||||
|
return 0;
|
||||||
|
@@ -566,8 +584,10 @@ int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
|
||||||
|
sigret, siglen,
|
||||||
|
(siglen == NULL) ? 0 : *siglen);
|
||||||
|
EVP_PKEY_CTX_free(dctx);
|
||||||
|
+#endif /* defined(FIPS_MODULE) */
|
||||||
|
return r;
|
||||||
|
|
||||||
|
+#ifndef FIPS_MODULE
|
||||||
|
legacy:
|
||||||
|
if (pctx == NULL || pctx->pmeth == NULL) {
|
||||||
|
ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
|
||||||
|
@@ -639,6 +659,7 @@ int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return 1;
|
||||||
|
+#endif /* !defined(FIPS_MODULE) */
|
||||||
|
}
|
||||||
|
|
||||||
|
int EVP_DigestSign(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen,
|
||||||
|
@@ -669,21 +690,27 @@ int EVP_DigestSign(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen,
|
||||||
|
int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig,
|
||||||
|
size_t siglen)
|
||||||
|
{
|
||||||
|
- unsigned char md[EVP_MAX_MD_SIZE];
|
||||||
|
int r = 0;
|
||||||
|
+#ifndef FIPS_MODULE
|
||||||
|
+ unsigned char md[EVP_MAX_MD_SIZE];
|
||||||
|
unsigned int mdlen = 0;
|
||||||
|
int vctx = 0;
|
||||||
|
- EVP_PKEY_CTX *dctx, *pctx = ctx->pctx;
|
||||||
|
+ EVP_PKEY_CTX *dctx;
|
||||||
|
+#endif /* !defined(FIPS_MODULE) */
|
||||||
|
+ EVP_PKEY_CTX *pctx = ctx->pctx;
|
||||||
|
|
||||||
|
+#ifndef FIPS_MODULE
|
||||||
|
if (pctx == NULL
|
||||||
|
|| pctx->operation != EVP_PKEY_OP_VERIFYCTX
|
||||||
|
|| pctx->op.sig.algctx == NULL
|
||||||
|
|| pctx->op.sig.signature == NULL)
|
||||||
|
goto legacy;
|
||||||
|
+#endif /* !defined(FIPS_MODULE) */
|
||||||
|
|
||||||
|
if ((ctx->flags & EVP_MD_CTX_FLAG_FINALISE) != 0)
|
||||||
|
return pctx->op.sig.signature->digest_verify_final(pctx->op.sig.algctx,
|
||||||
|
sig, siglen);
|
||||||
|
+#ifndef FIPS_MODULE
|
||||||
|
dctx = EVP_PKEY_CTX_dup(pctx);
|
||||||
|
if (dctx == NULL)
|
||||||
|
return 0;
|
||||||
|
@@ -691,8 +718,10 @@ int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig,
|
||||||
|
r = dctx->op.sig.signature->digest_verify_final(dctx->op.sig.algctx,
|
||||||
|
sig, siglen);
|
||||||
|
EVP_PKEY_CTX_free(dctx);
|
||||||
|
+#endif /* !defined(FIPS_MODULE) */
|
||||||
|
return r;
|
||||||
|
|
||||||
|
+#ifndef FIPS_MODULE
|
||||||
|
legacy:
|
||||||
|
if (pctx == NULL || pctx->pmeth == NULL) {
|
||||||
|
ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
|
||||||
|
@@ -732,6 +761,7 @@ int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig,
|
||||||
|
if (vctx || !r)
|
||||||
|
return r;
|
||||||
|
return EVP_PKEY_verify(pctx, sig, siglen, md, mdlen);
|
||||||
|
+#endif /* !defined(FIPS_MODULE) */
|
||||||
|
}
|
||||||
|
|
||||||
|
int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret,
|
||||||
|
@@ -757,4 +787,3 @@ int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret,
|
||||||
|
return -1;
|
||||||
|
return EVP_DigestVerifyFinal(ctx, sigret, siglen);
|
||||||
|
}
|
||||||
|
-#endif /* FIPS_MODULE */
|
||||||
|
diff --git a/providers/fips/self_test_kats.c b/providers/fips/self_test_kats.c
|
||||||
|
index b6d5e8e134..77eec075e6 100644
|
||||||
|
--- a/providers/fips/self_test_kats.c
|
||||||
|
+++ b/providers/fips/self_test_kats.c
|
||||||
|
@@ -444,11 +444,14 @@ static int self_test_sign(const ST_KAT_SIGN *t,
|
||||||
|
int ret = 0;
|
||||||
|
OSSL_PARAM *params = NULL, *params_sig = NULL;
|
||||||
|
OSSL_PARAM_BLD *bld = NULL;
|
||||||
|
+ EVP_MD *md = NULL;
|
||||||
|
+ EVP_MD_CTX *ctx = NULL;
|
||||||
|
EVP_PKEY_CTX *sctx = NULL, *kctx = NULL;
|
||||||
|
EVP_PKEY *pkey = NULL;
|
||||||
|
- unsigned char sig[256];
|
||||||
|
BN_CTX *bnctx = NULL;
|
||||||
|
BIGNUM *K = NULL;
|
||||||
|
+ const char *msg = "Hello World!";
|
||||||
|
+ unsigned char sig[256];
|
||||||
|
size_t siglen = sizeof(sig);
|
||||||
|
static const unsigned char dgst[] = {
|
||||||
|
0x7f, 0x83, 0xb1, 0x65, 0x7f, 0xf1, 0xfc, 0x53, 0xb9, 0x2d, 0xc1, 0x81,
|
||||||
|
@@ -488,23 +491,22 @@ static int self_test_sign(const ST_KAT_SIGN *t,
|
||||||
|
|| EVP_PKEY_fromdata(kctx, &pkey, EVP_PKEY_KEYPAIR, params) <= 0)
|
||||||
|
goto err;
|
||||||
|
|
||||||
|
- /* Create a EVP_PKEY_CTX to use for the signing operation */
|
||||||
|
- sctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, NULL);
|
||||||
|
- if (sctx == NULL
|
||||||
|
- || EVP_PKEY_sign_init(sctx) <= 0)
|
||||||
|
- goto err;
|
||||||
|
-
|
||||||
|
- /* set signature parameters */
|
||||||
|
- if (!OSSL_PARAM_BLD_push_utf8_string(bld, OSSL_SIGNATURE_PARAM_DIGEST,
|
||||||
|
- t->mdalgorithm,
|
||||||
|
- strlen(t->mdalgorithm) + 1))
|
||||||
|
- goto err;
|
||||||
|
+ /* Create a EVP_MD_CTX to use for the signature operation, assign signature
|
||||||
|
+ * parameters and sign */
|
||||||
|
params_sig = OSSL_PARAM_BLD_to_param(bld);
|
||||||
|
- if (EVP_PKEY_CTX_set_params(sctx, params_sig) <= 0)
|
||||||
|
+ md = EVP_MD_fetch(libctx, "SHA256", NULL);
|
||||||
|
+ ctx = EVP_MD_CTX_new();
|
||||||
|
+ if (md == NULL || ctx == NULL)
|
||||||
|
+ goto err;
|
||||||
|
+ EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_FINALISE | EVP_MD_CTX_FLAG_ONESHOT);
|
||||||
|
+ if (EVP_DigestSignInit(ctx, &sctx, md, NULL, pkey) <= 0
|
||||||
|
+ || EVP_PKEY_CTX_set_params(sctx, params_sig) <= 0
|
||||||
|
+ || EVP_DigestSign(ctx, sig, &siglen, (const unsigned char *)msg, strlen(msg)) <= 0
|
||||||
|
+ || EVP_MD_CTX_reset(ctx) <= 0)
|
||||||
|
goto err;
|
||||||
|
|
||||||
|
- if (EVP_PKEY_sign(sctx, sig, &siglen, dgst, sizeof(dgst)) <= 0
|
||||||
|
- || EVP_PKEY_verify_init(sctx) <= 0
|
||||||
|
+ EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_FINALISE | EVP_MD_CTX_FLAG_ONESHOT);
|
||||||
|
+ if (EVP_DigestVerifyInit(ctx, &sctx, md, NULL, pkey) <= 0
|
||||||
|
|| EVP_PKEY_CTX_set_params(sctx, params_sig) <= 0)
|
||||||
|
goto err;
|
||||||
|
|
||||||
|
@@ -518,14 +520,15 @@ static int self_test_sign(const ST_KAT_SIGN *t,
|
||||||
|
goto err;
|
||||||
|
|
||||||
|
OSSL_SELF_TEST_oncorrupt_byte(st, sig);
|
||||||
|
- if (EVP_PKEY_verify(sctx, sig, siglen, dgst, sizeof(dgst)) <= 0)
|
||||||
|
+ if (EVP_DigestVerify(ctx, sig, siglen, (const unsigned char *)msg, strlen(msg)) <= 0)
|
||||||
|
goto err;
|
||||||
|
ret = 1;
|
||||||
|
err:
|
||||||
|
BN_CTX_free(bnctx);
|
||||||
|
EVP_PKEY_free(pkey);
|
||||||
|
+ EVP_MD_free(md);
|
||||||
|
+ EVP_MD_CTX_free(ctx);
|
||||||
|
EVP_PKEY_CTX_free(kctx);
|
||||||
|
- EVP_PKEY_CTX_free(sctx);
|
||||||
|
OSSL_PARAM_free(params);
|
||||||
|
OSSL_PARAM_free(params_sig);
|
||||||
|
OSSL_PARAM_BLD_free(bld);
|
||||||
|
--
|
||||||
|
2.37.1
|
||||||
|
|
@ -0,0 +1,378 @@
|
|||||||
|
From e385647549c467fe263b68b72dd21bdfb875ee88 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Clemens Lang <cllang@redhat.com>
|
||||||
|
Date: Fri, 22 Jul 2022 17:51:16 +0200
|
||||||
|
Subject: [PATCH 2/2] FIPS: Use FFDHE2048 in self test
|
||||||
|
|
||||||
|
Signed-off-by: Clemens Lang <cllang@redhat.com>
|
||||||
|
---
|
||||||
|
providers/fips/self_test_data.inc | 342 +++++++++++++++---------------
|
||||||
|
1 file changed, 172 insertions(+), 170 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/providers/fips/self_test_data.inc b/providers/fips/self_test_data.inc
|
||||||
|
index a29cc650b5..1b5623833f 100644
|
||||||
|
--- a/providers/fips/self_test_data.inc
|
||||||
|
+++ b/providers/fips/self_test_data.inc
|
||||||
|
@@ -821,188 +821,190 @@ static const ST_KAT_DRBG st_kat_drbg_tests[] =
|
||||||
|
|
||||||
|
#ifndef OPENSSL_NO_DH
|
||||||
|
/* DH KAT */
|
||||||
|
+/* RFC7919 FFDHE2048 p */
|
||||||
|
static const unsigned char dh_p[] = {
|
||||||
|
- 0xdc, 0xca, 0x15, 0x11, 0xb2, 0x31, 0x32, 0x25,
|
||||||
|
- 0xf5, 0x21, 0x16, 0xe1, 0x54, 0x27, 0x89, 0xe0,
|
||||||
|
- 0x01, 0xf0, 0x42, 0x5b, 0xcc, 0xc7, 0xf3, 0x66,
|
||||||
|
- 0xf7, 0x40, 0x64, 0x07, 0xf1, 0xc9, 0xfa, 0x8b,
|
||||||
|
- 0xe6, 0x10, 0xf1, 0x77, 0x8b, 0xb1, 0x70, 0xbe,
|
||||||
|
- 0x39, 0xdb, 0xb7, 0x6f, 0x85, 0xbf, 0x24, 0xce,
|
||||||
|
- 0x68, 0x80, 0xad, 0xb7, 0x62, 0x9f, 0x7c, 0x6d,
|
||||||
|
- 0x01, 0x5e, 0x61, 0xd4, 0x3f, 0xa3, 0xee, 0x4d,
|
||||||
|
- 0xe1, 0x85, 0xf2, 0xcf, 0xd0, 0x41, 0xff, 0xde,
|
||||||
|
- 0x9d, 0x41, 0x84, 0x07, 0xe1, 0x51, 0x38, 0xbb,
|
||||||
|
- 0x02, 0x1d, 0xae, 0xb3, 0x5f, 0x76, 0x2d, 0x17,
|
||||||
|
- 0x82, 0xac, 0xc6, 0x58, 0xd3, 0x2b, 0xd4, 0xb0,
|
||||||
|
- 0x23, 0x2c, 0x92, 0x7d, 0xd3, 0x8f, 0xa0, 0x97,
|
||||||
|
- 0xb3, 0xd1, 0x85, 0x9f, 0xa8, 0xac, 0xaf, 0xb9,
|
||||||
|
- 0x8f, 0x06, 0x66, 0x08, 0xfc, 0x64, 0x4e, 0xc7,
|
||||||
|
- 0xdd, 0xb6, 0xf0, 0x85, 0x99, 0xf9, 0x2a, 0xc1,
|
||||||
|
- 0xb5, 0x98, 0x25, 0xda, 0x84, 0x32, 0x07, 0x7d,
|
||||||
|
- 0xef, 0x69, 0x56, 0x46, 0x06, 0x3c, 0x20, 0x82,
|
||||||
|
- 0x3c, 0x95, 0x07, 0xab, 0x6f, 0x01, 0x76, 0xd4,
|
||||||
|
- 0x73, 0x0d, 0x99, 0x0d, 0xbb, 0xe6, 0x36, 0x1c,
|
||||||
|
- 0xd8, 0xb2, 0xb9, 0x4d, 0x3d, 0x2f, 0x32, 0x9b,
|
||||||
|
- 0x82, 0x09, 0x9b, 0xd6, 0x61, 0xf4, 0x29, 0x50,
|
||||||
|
- 0xf4, 0x03, 0xdf, 0x3e, 0xde, 0x62, 0xa3, 0x31,
|
||||||
|
- 0x88, 0xb0, 0x27, 0x98, 0xba, 0x82, 0x3f, 0x44,
|
||||||
|
- 0xb9, 0x46, 0xfe, 0x9d, 0xf6, 0x77, 0xa0, 0xc5,
|
||||||
|
- 0xa1, 0x23, 0x8e, 0xaa, 0x97, 0xb7, 0x0f, 0x80,
|
||||||
|
- 0xda, 0x8c, 0xac, 0x88, 0xe0, 0x92, 0xb1, 0x12,
|
||||||
|
- 0x70, 0x60, 0xff, 0xbf, 0x45, 0x57, 0x99, 0x94,
|
||||||
|
- 0x01, 0x1d, 0xc2, 0xfa, 0xa5, 0xe7, 0xf6, 0xc7,
|
||||||
|
- 0x62, 0x45, 0xe1, 0xcc, 0x31, 0x22, 0x31, 0xc1,
|
||||||
|
- 0x7d, 0x1c, 0xa6, 0xb1, 0x90, 0x07, 0xef, 0x0d,
|
||||||
|
- 0xb9, 0x9f, 0x9c, 0xb6, 0x0e, 0x1d, 0x5f, 0x69
|
||||||
|
-};
|
||||||
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
||||||
|
+ 0xad, 0xf8, 0x54, 0x58, 0xa2, 0xbb, 0x4a, 0x9a,
|
||||||
|
+ 0xaf, 0xdc, 0x56, 0x20, 0x27, 0x3d, 0x3c, 0xf1,
|
||||||
|
+ 0xd8, 0xb9, 0xc5, 0x83, 0xce, 0x2d, 0x36, 0x95,
|
||||||
|
+ 0xa9, 0xe1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xfb,
|
||||||
|
+ 0xcc, 0x93, 0x9d, 0xce, 0x24, 0x9b, 0x3e, 0xf9,
|
||||||
|
+ 0x7d, 0x2f, 0xe3, 0x63, 0x63, 0x0c, 0x75, 0xd8,
|
||||||
|
+ 0xf6, 0x81, 0xb2, 0x02, 0xae, 0xc4, 0x61, 0x7a,
|
||||||
|
+ 0xd3, 0xdf, 0x1e, 0xd5, 0xd5, 0xfd, 0x65, 0x61,
|
||||||
|
+ 0x24, 0x33, 0xf5, 0x1f, 0x5f, 0x06, 0x6e, 0xd0,
|
||||||
|
+ 0x85, 0x63, 0x65, 0x55, 0x3d, 0xed, 0x1a, 0xf3,
|
||||||
|
+ 0xb5, 0x57, 0x13, 0x5e, 0x7f, 0x57, 0xc9, 0x35,
|
||||||
|
+ 0x98, 0x4f, 0x0c, 0x70, 0xe0, 0xe6, 0x8b, 0x77,
|
||||||
|
+ 0xe2, 0xa6, 0x89, 0xda, 0xf3, 0xef, 0xe8, 0x72,
|
||||||
|
+ 0x1d, 0xf1, 0x58, 0xa1, 0x36, 0xad, 0xe7, 0x35,
|
||||||
|
+ 0x30, 0xac, 0xca, 0x4f, 0x48, 0x3a, 0x79, 0x7a,
|
||||||
|
+ 0xbc, 0x0a, 0xb1, 0x82, 0xb3, 0x24, 0xfb, 0x61,
|
||||||
|
+ 0xd1, 0x08, 0xa9, 0x4b, 0xb2, 0xc8, 0xe3, 0xfb,
|
||||||
|
+ 0xb9, 0x6a, 0xda, 0xb7, 0x60, 0xd7, 0xf4, 0x68,
|
||||||
|
+ 0x1d, 0x4f, 0x42, 0xa3, 0xde, 0x39, 0x4d, 0xf4,
|
||||||
|
+ 0xae, 0x56, 0xed, 0xe7, 0x63, 0x72, 0xbb, 0x19,
|
||||||
|
+ 0x0b, 0x07, 0xa7, 0xc8, 0xee, 0x0a, 0x6d, 0x70,
|
||||||
|
+ 0x9e, 0x02, 0xfc, 0xe1, 0xcd, 0xf7, 0xe2, 0xec,
|
||||||
|
+ 0xc0, 0x34, 0x04, 0xcd, 0x28, 0x34, 0x2f, 0x61,
|
||||||
|
+ 0x91, 0x72, 0xfe, 0x9c, 0xe9, 0x85, 0x83, 0xff,
|
||||||
|
+ 0x8e, 0x4f, 0x12, 0x32, 0xee, 0xf2, 0x81, 0x83,
|
||||||
|
+ 0xc3, 0xfe, 0x3b, 0x1b, 0x4c, 0x6f, 0xad, 0x73,
|
||||||
|
+ 0x3b, 0xb5, 0xfc, 0xbc, 0x2e, 0xc2, 0x20, 0x05,
|
||||||
|
+ 0xc5, 0x8e, 0xf1, 0x83, 0x7d, 0x16, 0x83, 0xb2,
|
||||||
|
+ 0xc6, 0xf3, 0x4a, 0x26, 0xc1, 0xb2, 0xef, 0xfa,
|
||||||
|
+ 0x88, 0x6b, 0x42, 0x38, 0x61, 0x28, 0x5c, 0x97,
|
||||||
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff
|
||||||
|
+};
|
||||||
|
+/* RFC7919 FFDHE2048 q */
|
||||||
|
static const unsigned char dh_q[] = {
|
||||||
|
- 0x89, 0x8b, 0x22, 0x67, 0x17, 0xef, 0x03, 0x9e,
|
||||||
|
- 0x60, 0x3e, 0x82, 0xe5, 0xc7, 0xaf, 0xe4, 0x83,
|
||||||
|
- 0x74, 0xac, 0x5f, 0x62, 0x5c, 0x54, 0xf1, 0xea,
|
||||||
|
- 0x11, 0xac, 0xb5, 0x7d
|
||||||
|
-};
|
||||||
|
+ 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
||||||
|
+ 0xd6, 0xfc, 0x2a, 0x2c, 0x51, 0x5d, 0xa5, 0x4d,
|
||||||
|
+ 0x57, 0xee, 0x2b, 0x10, 0x13, 0x9e, 0x9e, 0x78,
|
||||||
|
+ 0xec, 0x5c, 0xe2, 0xc1, 0xe7, 0x16, 0x9b, 0x4a,
|
||||||
|
+ 0xd4, 0xf0, 0x9b, 0x20, 0x8a, 0x32, 0x19, 0xfd,
|
||||||
|
+ 0xe6, 0x49, 0xce, 0xe7, 0x12, 0x4d, 0x9f, 0x7c,
|
||||||
|
+ 0xbe, 0x97, 0xf1, 0xb1, 0xb1, 0x86, 0x3a, 0xec,
|
||||||
|
+ 0x7b, 0x40, 0xd9, 0x01, 0x57, 0x62, 0x30, 0xbd,
|
||||||
|
+ 0x69, 0xef, 0x8f, 0x6a, 0xea, 0xfe, 0xb2, 0xb0,
|
||||||
|
+ 0x92, 0x19, 0xfa, 0x8f, 0xaf, 0x83, 0x37, 0x68,
|
||||||
|
+ 0x42, 0xb1, 0xb2, 0xaa, 0x9e, 0xf6, 0x8d, 0x79,
|
||||||
|
+ 0xda, 0xab, 0x89, 0xaf, 0x3f, 0xab, 0xe4, 0x9a,
|
||||||
|
+ 0xcc, 0x27, 0x86, 0x38, 0x70, 0x73, 0x45, 0xbb,
|
||||||
|
+ 0xf1, 0x53, 0x44, 0xed, 0x79, 0xf7, 0xf4, 0x39,
|
||||||
|
+ 0x0e, 0xf8, 0xac, 0x50, 0x9b, 0x56, 0xf3, 0x9a,
|
||||||
|
+ 0x98, 0x56, 0x65, 0x27, 0xa4, 0x1d, 0x3c, 0xbd,
|
||||||
|
+ 0x5e, 0x05, 0x58, 0xc1, 0x59, 0x92, 0x7d, 0xb0,
|
||||||
|
+ 0xe8, 0x84, 0x54, 0xa5, 0xd9, 0x64, 0x71, 0xfd,
|
||||||
|
+ 0xdc, 0xb5, 0x6d, 0x5b, 0xb0, 0x6b, 0xfa, 0x34,
|
||||||
|
+ 0x0e, 0xa7, 0xa1, 0x51, 0xef, 0x1c, 0xa6, 0xfa,
|
||||||
|
+ 0x57, 0x2b, 0x76, 0xf3, 0xb1, 0xb9, 0x5d, 0x8c,
|
||||||
|
+ 0x85, 0x83, 0xd3, 0xe4, 0x77, 0x05, 0x36, 0xb8,
|
||||||
|
+ 0x4f, 0x01, 0x7e, 0x70, 0xe6, 0xfb, 0xf1, 0x76,
|
||||||
|
+ 0x60, 0x1a, 0x02, 0x66, 0x94, 0x1a, 0x17, 0xb0,
|
||||||
|
+ 0xc8, 0xb9, 0x7f, 0x4e, 0x74, 0xc2, 0xc1, 0xff,
|
||||||
|
+ 0xc7, 0x27, 0x89, 0x19, 0x77, 0x79, 0x40, 0xc1,
|
||||||
|
+ 0xe1, 0xff, 0x1d, 0x8d, 0xa6, 0x37, 0xd6, 0xb9,
|
||||||
|
+ 0x9d, 0xda, 0xfe, 0x5e, 0x17, 0x61, 0x10, 0x02,
|
||||||
|
+ 0xe2, 0xc7, 0x78, 0xc1, 0xbe, 0x8b, 0x41, 0xd9,
|
||||||
|
+ 0x63, 0x79, 0xa5, 0x13, 0x60, 0xd9, 0x77, 0xfd,
|
||||||
|
+ 0x44, 0x35, 0xa1, 0x1c, 0x30, 0x94, 0x2e, 0x4b,
|
||||||
|
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff
|
||||||
|
+};
|
||||||
|
+/* RFC7919 FFDHE2048 g */
|
||||||
|
static const unsigned char dh_g[] = {
|
||||||
|
- 0x5e, 0xf7, 0xb8, 0x8f, 0x2d, 0xf6, 0x01, 0x39,
|
||||||
|
- 0x35, 0x1d, 0xfb, 0xfe, 0x12, 0x66, 0x80, 0x5f,
|
||||||
|
- 0xdf, 0x35, 0x6c, 0xdf, 0xd1, 0x3a, 0x4d, 0xa0,
|
||||||
|
- 0x05, 0x0c, 0x7e, 0xde, 0x24, 0x6d, 0xf5, 0x9f,
|
||||||
|
- 0x6a, 0xbf, 0x96, 0xad, 0xe5, 0xf2, 0xb2, 0x8f,
|
||||||
|
- 0xfe, 0x88, 0xd6, 0xbc, 0xe7, 0xf7, 0x89, 0x4a,
|
||||||
|
- 0x3d, 0x53, 0x5f, 0xc8, 0x21, 0x26, 0xdd, 0xd4,
|
||||||
|
- 0x24, 0x87, 0x2e, 0x16, 0xb8, 0x38, 0xdf, 0x8c,
|
||||||
|
- 0x51, 0xe9, 0x01, 0x6f, 0x88, 0x9c, 0x7c, 0x20,
|
||||||
|
- 0x3e, 0x98, 0xa8, 0xb6, 0x31, 0xf9, 0xc7, 0x25,
|
||||||
|
- 0x63, 0xd3, 0x8a, 0x49, 0x58, 0x9a, 0x07, 0x53,
|
||||||
|
- 0xd3, 0x58, 0xe7, 0x83, 0x31, 0x8c, 0xef, 0xd9,
|
||||||
|
- 0x67, 0x7c, 0x7b, 0x2d, 0xbb, 0x77, 0xd6, 0xdc,
|
||||||
|
- 0xe2, 0xa1, 0x96, 0x37, 0x95, 0xca, 0x64, 0xb9,
|
||||||
|
- 0x2d, 0x1c, 0x9a, 0xac, 0x6d, 0x0e, 0x8d, 0x43,
|
||||||
|
- 0x1d, 0xe5, 0xe5, 0x00, 0x60, 0xdf, 0xf7, 0x86,
|
||||||
|
- 0x89, 0xc9, 0xec, 0xa1, 0xc1, 0x24, 0x8c, 0x16,
|
||||||
|
- 0xed, 0x09, 0xc7, 0xad, 0x41, 0x2a, 0x17, 0x40,
|
||||||
|
- 0x6d, 0x2b, 0x52, 0x5a, 0xa1, 0xca, 0xbb, 0x23,
|
||||||
|
- 0x7b, 0x97, 0x34, 0xec, 0x7b, 0x8c, 0xe3, 0xfa,
|
||||||
|
- 0xe0, 0x2f, 0x29, 0xc5, 0xef, 0xed, 0x30, 0xd6,
|
||||||
|
- 0x91, 0x87, 0xda, 0x10, 0x9c, 0x2c, 0x9f, 0xe2,
|
||||||
|
- 0xaa, 0xdb, 0xb0, 0xc2, 0x2a, 0xf5, 0x4c, 0x61,
|
||||||
|
- 0x66, 0x55, 0x00, 0x0c, 0x43, 0x1c, 0x6b, 0x4a,
|
||||||
|
- 0x37, 0x97, 0x63, 0xb0, 0xa9, 0x16, 0x58, 0xef,
|
||||||
|
- 0xc8, 0x4e, 0x8b, 0x06, 0x35, 0x8c, 0x8b, 0x4f,
|
||||||
|
- 0x21, 0x37, 0x10, 0xfd, 0x10, 0x17, 0x2c, 0xf3,
|
||||||
|
- 0x9b, 0x83, 0x0c, 0x2d, 0xd8, 0x4a, 0x0c, 0x8a,
|
||||||
|
- 0xb8, 0x25, 0x16, 0xec, 0xab, 0x99, 0x5f, 0xa4,
|
||||||
|
- 0x21, 0x5e, 0x02, 0x3e, 0x4e, 0xcf, 0x80, 0x74,
|
||||||
|
- 0xc3, 0x9d, 0x6c, 0x88, 0xb7, 0x0d, 0x1e, 0xe4,
|
||||||
|
- 0xe9, 0x6f, 0xdc, 0x20, 0xea, 0x11, 0x5c, 0x32
|
||||||
|
+ 0x02
|
||||||
|
};
|
||||||
|
static const unsigned char dh_priv[] = {
|
||||||
|
- 0x14, 0x33, 0xe0, 0xb5, 0xa9, 0x17, 0xb6, 0x0a,
|
||||||
|
- 0x30, 0x23, 0xf2, 0xf8, 0xaa, 0x2c, 0x2d, 0x70,
|
||||||
|
- 0xd2, 0x96, 0x8a, 0xba, 0x9a, 0xea, 0xc8, 0x15,
|
||||||
|
- 0x40, 0xb8, 0xfc, 0xe6
|
||||||
|
+ 0x01, 0xdc, 0x2a, 0xb9, 0x87, 0x71, 0x57, 0x0f,
|
||||||
|
+ 0xcd, 0x93, 0x65, 0x4c, 0xa1, 0xd6, 0x56, 0x6d,
|
||||||
|
+ 0xc5, 0x35, 0xd5, 0xcb, 0x4c, 0xb8, 0xad, 0x8d,
|
||||||
|
+ 0x6c, 0xdc, 0x5d, 0x6e, 0x94
|
||||||
|
};
|
||||||
|
static const unsigned char dh_pub[] = {
|
||||||
|
- 0x95, 0xdd, 0x33, 0x8d, 0x29, 0xe5, 0x71, 0x04,
|
||||||
|
- 0x92, 0xb9, 0x18, 0x31, 0x7b, 0x72, 0xa3, 0x69,
|
||||||
|
- 0x36, 0xe1, 0x95, 0x1a, 0x2e, 0xe5, 0xa5, 0x59,
|
||||||
|
- 0x16, 0x99, 0xc0, 0x48, 0x6d, 0x0d, 0x4f, 0x9b,
|
||||||
|
- 0xdd, 0x6d, 0x5a, 0x3f, 0x6b, 0x98, 0x89, 0x0c,
|
||||||
|
- 0x62, 0xb3, 0x76, 0x52, 0xd3, 0x6e, 0x71, 0x21,
|
||||||
|
- 0x11, 0xe6, 0x8a, 0x73, 0x55, 0x37, 0x25, 0x06,
|
||||||
|
- 0x99, 0xef, 0xe3, 0x30, 0x53, 0x73, 0x91, 0xfb,
|
||||||
|
- 0xc2, 0xc5, 0x48, 0xbc, 0x5a, 0xc3, 0xe5, 0xb2,
|
||||||
|
- 0x33, 0x86, 0xc3, 0xee, 0xf5, 0xeb, 0x43, 0xc0,
|
||||||
|
- 0x99, 0xd7, 0x0a, 0x52, 0x02, 0x68, 0x7e, 0x83,
|
||||||
|
- 0x96, 0x42, 0x48, 0xfc, 0xa9, 0x1f, 0x40, 0x90,
|
||||||
|
- 0x8e, 0x8f, 0xb3, 0x31, 0x93, 0x15, 0xf6, 0xd2,
|
||||||
|
- 0x60, 0x6d, 0x7f, 0x7c, 0xd5, 0x2c, 0xc6, 0xe7,
|
||||||
|
- 0xc5, 0x84, 0x3a, 0xfb, 0x22, 0x51, 0x9c, 0xf0,
|
||||||
|
- 0xf0, 0xf9, 0xd3, 0xa0, 0xa4, 0xe8, 0xc8, 0x88,
|
||||||
|
- 0x99, 0xef, 0xed, 0xe7, 0x36, 0x43, 0x51, 0xfb,
|
||||||
|
- 0x6a, 0x36, 0x3e, 0xe7, 0x17, 0xe5, 0x44, 0x5a,
|
||||||
|
- 0xda, 0xb4, 0xc9, 0x31, 0xa6, 0x48, 0x39, 0x97,
|
||||||
|
- 0xb8, 0x7d, 0xad, 0x83, 0x67, 0x7e, 0x4d, 0x1d,
|
||||||
|
- 0x3a, 0x77, 0x75, 0xe0, 0xf6, 0xd0, 0x0f, 0xdf,
|
||||||
|
- 0x73, 0xc7, 0xad, 0x80, 0x1e, 0x66, 0x5a, 0x0e,
|
||||||
|
- 0x5a, 0x79, 0x6d, 0x0a, 0x03, 0x80, 0xa1, 0x9f,
|
||||||
|
- 0xa1, 0x82, 0xef, 0xc8, 0xa0, 0x4f, 0x5e, 0x4d,
|
||||||
|
- 0xb9, 0x0d, 0x1a, 0x86, 0x37, 0xf9, 0x5d, 0xb1,
|
||||||
|
- 0x64, 0x36, 0xbd, 0xc8, 0xf3, 0xfc, 0x09, 0x6c,
|
||||||
|
- 0x4f, 0xf7, 0xf2, 0x34, 0xbe, 0x8f, 0xef, 0x47,
|
||||||
|
- 0x9a, 0xc4, 0xb0, 0xdc, 0x4b, 0x77, 0x26, 0x3e,
|
||||||
|
- 0x07, 0xd9, 0x95, 0x9d, 0xe0, 0xf1, 0xbf, 0x3f,
|
||||||
|
- 0x0a, 0xe3, 0xd9, 0xd5, 0x0e, 0x4b, 0x89, 0xc9,
|
||||||
|
- 0x9e, 0x3e, 0xa1, 0x21, 0x73, 0x43, 0xdd, 0x8c,
|
||||||
|
- 0x65, 0x81, 0xac, 0xc4, 0x95, 0x9c, 0x91, 0xd3
|
||||||
|
+ 0x00, 0xc4, 0x82, 0x14, 0x69, 0x16, 0x4c, 0x05,
|
||||||
|
+ 0x55, 0x2a, 0x7e, 0x55, 0x6d, 0x02, 0xbb, 0x7f,
|
||||||
|
+ 0xcc, 0x63, 0x74, 0xee, 0xcb, 0xb4, 0x98, 0x43,
|
||||||
|
+ 0x0e, 0x29, 0x43, 0x0d, 0x44, 0xc7, 0xf1, 0x23,
|
||||||
|
+ 0x81, 0xca, 0x1c, 0x5c, 0xc3, 0xff, 0x01, 0x4a,
|
||||||
|
+ 0x1a, 0x03, 0x9e, 0x5f, 0xd1, 0x4e, 0xa0, 0x0b,
|
||||||
|
+ 0xb9, 0x5c, 0x0d, 0xef, 0x14, 0x01, 0x62, 0x3c,
|
||||||
|
+ 0x8a, 0x8e, 0x60, 0xbb, 0x39, 0xd6, 0x38, 0x63,
|
||||||
|
+ 0xb7, 0x65, 0xd0, 0x0b, 0x1a, 0xaf, 0x53, 0x38,
|
||||||
|
+ 0x10, 0x0f, 0x3e, 0xeb, 0x9d, 0x0c, 0x24, 0xf6,
|
||||||
|
+ 0xe3, 0x70, 0x08, 0x8a, 0x4d, 0x01, 0xf8, 0x7a,
|
||||||
|
+ 0x87, 0x49, 0x64, 0x72, 0xb1, 0x75, 0x3b, 0x94,
|
||||||
|
+ 0xc8, 0x09, 0x2d, 0x6a, 0x63, 0xd8, 0x9a, 0x92,
|
||||||
|
+ 0xb9, 0x5b, 0x1a, 0xc3, 0x47, 0x0b, 0x63, 0x44,
|
||||||
|
+ 0x3b, 0xe3, 0xc0, 0x09, 0xc9, 0xf9, 0x02, 0x53,
|
||||||
|
+ 0xd8, 0xfb, 0x06, 0x44, 0xdb, 0xdf, 0xe8, 0x13,
|
||||||
|
+ 0x2b, 0x40, 0x6a, 0xd4, 0x13, 0x4e, 0x52, 0x30,
|
||||||
|
+ 0xd6, 0xc1, 0xd8, 0x59, 0x9d, 0x59, 0xba, 0x1b,
|
||||||
|
+ 0xbf, 0xaa, 0x6f, 0xe9, 0x3d, 0xfd, 0xff, 0x01,
|
||||||
|
+ 0x0b, 0x54, 0xe0, 0x6a, 0x4e, 0x27, 0x2b, 0x3d,
|
||||||
|
+ 0xe8, 0xef, 0xb0, 0xbe, 0x52, 0xc3, 0x52, 0x18,
|
||||||
|
+ 0x6f, 0xa3, 0x27, 0xab, 0x6c, 0x12, 0xc3, 0x81,
|
||||||
|
+ 0xcb, 0xae, 0x23, 0x11, 0xa0, 0x5d, 0xc3, 0x6f,
|
||||||
|
+ 0x23, 0x17, 0x40, 0xb3, 0x05, 0x4f, 0x5d, 0xb7,
|
||||||
|
+ 0x34, 0xbe, 0x87, 0x2c, 0xa9, 0x9e, 0x98, 0x39,
|
||||||
|
+ 0xbf, 0x2e, 0x9d, 0xad, 0x4f, 0x70, 0xad, 0xed,
|
||||||
|
+ 0x1b, 0x5e, 0x47, 0x90, 0x49, 0x2e, 0x61, 0x71,
|
||||||
|
+ 0x5f, 0x07, 0x0b, 0x35, 0x04, 0xfc, 0x53, 0xce,
|
||||||
|
+ 0x58, 0x60, 0x6c, 0x5b, 0x8b, 0xfe, 0x70, 0x04,
|
||||||
|
+ 0x2a, 0x6a, 0x98, 0x0a, 0xd0, 0x80, 0xae, 0x69,
|
||||||
|
+ 0x95, 0xf9, 0x99, 0x18, 0xfc, 0xe4, 0x8e, 0xed,
|
||||||
|
+ 0x61, 0xd9, 0x02, 0x9d, 0x4e, 0x05, 0xe9, 0xf2,
|
||||||
|
+ 0x32
|
||||||
|
};
|
||||||
|
static const unsigned char dh_peer_pub[] = {
|
||||||
|
- 0x1f, 0xc1, 0xda, 0x34, 0x1d, 0x1a, 0x84, 0x6a,
|
||||||
|
- 0x96, 0xb7, 0xbe, 0x24, 0x34, 0x0f, 0x87, 0x7d,
|
||||||
|
- 0xd0, 0x10, 0xaa, 0x03, 0x56, 0xd5, 0xad, 0x58,
|
||||||
|
- 0xaa, 0xe9, 0xc7, 0xb0, 0x8f, 0x74, 0x9a, 0x32,
|
||||||
|
- 0x23, 0x51, 0x10, 0xb5, 0xd8, 0x8e, 0xb5, 0xdb,
|
||||||
|
- 0xfa, 0x97, 0x8d, 0x27, 0xec, 0xc5, 0x30, 0xf0,
|
||||||
|
- 0x2d, 0x31, 0x14, 0x00, 0x5b, 0x64, 0xb1, 0xc0,
|
||||||
|
- 0xe0, 0x24, 0xcb, 0x8a, 0xe2, 0x16, 0x98, 0xbc,
|
||||||
|
- 0xa9, 0xe6, 0x0d, 0x42, 0x80, 0x86, 0x22, 0xf1,
|
||||||
|
- 0x81, 0xc5, 0x6e, 0x1d, 0xe7, 0xa9, 0x6e, 0x6e,
|
||||||
|
- 0xfe, 0xe9, 0xd6, 0x65, 0x67, 0xe9, 0x1b, 0x97,
|
||||||
|
- 0x70, 0x42, 0xc7, 0xe3, 0xd0, 0x44, 0x8f, 0x05,
|
||||||
|
- 0xfb, 0x77, 0xf5, 0x22, 0xb9, 0xbf, 0xc8, 0xd3,
|
||||||
|
- 0x3c, 0xc3, 0xc3, 0x1e, 0xd3, 0xb3, 0x1f, 0x0f,
|
||||||
|
- 0xec, 0xb6, 0xdb, 0x4f, 0x6e, 0xa3, 0x11, 0xe7,
|
||||||
|
- 0x7a, 0xfd, 0xbc, 0xd4, 0x7a, 0xee, 0x1b, 0xb1,
|
||||||
|
- 0x50, 0xf2, 0x16, 0x87, 0x35, 0x78, 0xfb, 0x96,
|
||||||
|
- 0x46, 0x8e, 0x8f, 0x9f, 0x3d, 0xe8, 0xef, 0xbf,
|
||||||
|
- 0xce, 0x75, 0x62, 0x4b, 0x1d, 0xf0, 0x53, 0x22,
|
||||||
|
- 0xa3, 0x4f, 0x14, 0x63, 0xe8, 0x39, 0xe8, 0x98,
|
||||||
|
- 0x4c, 0x4a, 0xd0, 0xa9, 0x6e, 0x1a, 0xc8, 0x42,
|
||||||
|
- 0xe5, 0x31, 0x8c, 0xc2, 0x3c, 0x06, 0x2a, 0x8c,
|
||||||
|
- 0xa1, 0x71, 0xb8, 0xd5, 0x75, 0x98, 0x0d, 0xde,
|
||||||
|
- 0x7f, 0xc5, 0x6f, 0x15, 0x36, 0x52, 0x38, 0x20,
|
||||||
|
- 0xd4, 0x31, 0x92, 0xbf, 0xd5, 0x1e, 0x8e, 0x22,
|
||||||
|
- 0x89, 0x78, 0xac, 0xa5, 0xb9, 0x44, 0x72, 0xf3,
|
||||||
|
- 0x39, 0xca, 0xeb, 0x99, 0x31, 0xb4, 0x2b, 0xe3,
|
||||||
|
- 0x01, 0x26, 0x8b, 0xc9, 0x97, 0x89, 0xc9, 0xb2,
|
||||||
|
- 0x55, 0x71, 0xc3, 0xc0, 0xe4, 0xcb, 0x3f, 0x00,
|
||||||
|
- 0x7f, 0x1a, 0x51, 0x1c, 0xbb, 0x53, 0xc8, 0x51,
|
||||||
|
- 0x9c, 0xdd, 0x13, 0x02, 0xab, 0xca, 0x6c, 0x0f,
|
||||||
|
- 0x34, 0xf9, 0x67, 0x39, 0xf1, 0x7f, 0xf4, 0x8b
|
||||||
|
+ 0x00, 0xef, 0x15, 0x02, 0xf5, 0x56, 0xa3, 0x79,
|
||||||
|
+ 0x40, 0x58, 0xbc, 0xeb, 0x56, 0xad, 0xcb, 0xda,
|
||||||
|
+ 0x8c, 0xda, 0xb8, 0xd1, 0xda, 0x6f, 0x25, 0x29,
|
||||||
|
+ 0x9e, 0x43, 0x76, 0x2d, 0xb2, 0xd8, 0xbc, 0x84,
|
||||||
|
+ 0xbc, 0x85, 0xd0, 0x94, 0x8d, 0x44, 0x27, 0x57,
|
||||||
|
+ 0xe4, 0xdf, 0xc1, 0x78, 0x42, 0x8f, 0x08, 0xf5,
|
||||||
|
+ 0x74, 0xfe, 0x02, 0x56, 0xd2, 0x09, 0xc8, 0x68,
|
||||||
|
+ 0xef, 0xed, 0x18, 0xc9, 0xfd, 0x2e, 0x95, 0x6c,
|
||||||
|
+ 0xba, 0x6c, 0x00, 0x0e, 0xf5, 0xd1, 0x1b, 0xf6,
|
||||||
|
+ 0x15, 0x14, 0x5b, 0x67, 0x22, 0x7c, 0x6a, 0x20,
|
||||||
|
+ 0x76, 0x43, 0x51, 0xef, 0x5e, 0x1e, 0xf9, 0x2d,
|
||||||
|
+ 0xd6, 0xb4, 0xc5, 0xc6, 0x18, 0x33, 0xd1, 0xa3,
|
||||||
|
+ 0x3b, 0xe6, 0xdd, 0x57, 0x9d, 0xad, 0x13, 0x7a,
|
||||||
|
+ 0x53, 0xde, 0xb3, 0x97, 0xc0, 0x7e, 0xd7, 0x77,
|
||||||
|
+ 0x6b, 0xf8, 0xbd, 0x13, 0x70, 0x8c, 0xba, 0x73,
|
||||||
|
+ 0x80, 0xb3, 0x80, 0x6f, 0xfb, 0x1c, 0xda, 0x53,
|
||||||
|
+ 0x4d, 0x3c, 0x8a, 0x2e, 0xa1, 0x37, 0xce, 0xb1,
|
||||||
|
+ 0xde, 0x45, 0x97, 0x58, 0x65, 0x4d, 0xcf, 0x05,
|
||||||
|
+ 0xbb, 0xc3, 0xd7, 0x38, 0x6d, 0x0a, 0x59, 0x7a,
|
||||||
|
+ 0x99, 0x15, 0xb7, 0x9a, 0x3d, 0xfd, 0x61, 0xe5,
|
||||||
|
+ 0x1a, 0xa2, 0xcc, 0xf6, 0xfe, 0xb1, 0xee, 0xe9,
|
||||||
|
+ 0xa9, 0xe2, 0xeb, 0x06, 0xbc, 0x14, 0x6e, 0x91,
|
||||||
|
+ 0x0d, 0xf1, 0xe3, 0xbb, 0xe0, 0x7e, 0x1d, 0x31,
|
||||||
|
+ 0x79, 0xf1, 0x6d, 0x5f, 0xcb, 0xaf, 0xb2, 0x4f,
|
||||||
|
+ 0x22, 0x12, 0xbf, 0x72, 0xbd, 0xd0, 0x30, 0xe4,
|
||||||
|
+ 0x1c, 0x35, 0x96, 0x61, 0x98, 0x39, 0xfb, 0x7e,
|
||||||
|
+ 0x6d, 0x66, 0xc4, 0x69, 0x41, 0x0d, 0x0d, 0x59,
|
||||||
|
+ 0xbb, 0xa7, 0xbf, 0x34, 0xe0, 0x39, 0x36, 0x84,
|
||||||
|
+ 0x5e, 0x0e, 0x03, 0x2d, 0xcf, 0xaa, 0x02, 0x8a,
|
||||||
|
+ 0xba, 0x59, 0x88, 0x47, 0xc4, 0x4d, 0xd7, 0xbd,
|
||||||
|
+ 0x78, 0x76, 0x24, 0xf1, 0x45, 0x56, 0x44, 0xc2,
|
||||||
|
+ 0x4a, 0xc2, 0xd5, 0x3a, 0x59, 0x40, 0xab, 0x87,
|
||||||
|
+ 0x64
|
||||||
|
};
|
||||||
|
|
||||||
|
static const unsigned char dh_secret_expected[] = {
|
||||||
|
- 0x08, 0xff, 0x33, 0xbb, 0x2e, 0xcf, 0xf4, 0x9a,
|
||||||
|
- 0x7d, 0x4a, 0x79, 0x12, 0xae, 0xb1, 0xbb, 0x6a,
|
||||||
|
- 0xb5, 0x11, 0x64, 0x1b, 0x4a, 0x76, 0x77, 0x0c,
|
||||||
|
- 0x8c, 0xc1, 0xbc, 0xc2, 0x33, 0x34, 0x3d, 0xfe,
|
||||||
|
- 0x70, 0x0d, 0x11, 0x81, 0x3d, 0x2c, 0x9e, 0xd2,
|
||||||
|
- 0x3b, 0x21, 0x1c, 0xa9, 0xe8, 0x78, 0x69, 0x21,
|
||||||
|
- 0xed, 0xca, 0x28, 0x3c, 0x68, 0xb1, 0x61, 0x53,
|
||||||
|
- 0xfa, 0x01, 0xe9, 0x1a, 0xb8, 0x2c, 0x90, 0xdd,
|
||||||
|
- 0xab, 0x4a, 0x95, 0x81, 0x67, 0x70, 0xa9, 0x87,
|
||||||
|
- 0x10, 0xe1, 0x4c, 0x92, 0xab, 0x83, 0xb6, 0xe4,
|
||||||
|
- 0x6e, 0x1e, 0x42, 0x6e, 0xe8, 0x52, 0x43, 0x0d,
|
||||||
|
- 0x61, 0x87, 0xda, 0xa3, 0x72, 0x0a, 0x6b, 0xcd,
|
||||||
|
- 0x73, 0x23, 0x5c, 0x6b, 0x0f, 0x94, 0x1f, 0x33,
|
||||||
|
- 0x64, 0xf5, 0x04, 0x20, 0x55, 0x1a, 0x4b, 0xfe,
|
||||||
|
- 0xaf, 0xe2, 0xbc, 0x43, 0x85, 0x05, 0xa5, 0x9a,
|
||||||
|
- 0x4a, 0x40, 0xda, 0xca, 0x7a, 0x89, 0x5a, 0x73,
|
||||||
|
- 0xdb, 0x57, 0x5c, 0x74, 0xc1, 0x3a, 0x23, 0xad,
|
||||||
|
- 0x88, 0x32, 0x95, 0x7d, 0x58, 0x2d, 0x38, 0xf0,
|
||||||
|
- 0xa6, 0x16, 0x5f, 0xb0, 0xd7, 0xe9, 0xb8, 0x79,
|
||||||
|
- 0x9e, 0x42, 0xfd, 0x32, 0x20, 0xe3, 0x32, 0xe9,
|
||||||
|
- 0x81, 0x85, 0xa0, 0xc9, 0x42, 0x97, 0x57, 0xb2,
|
||||||
|
- 0xd0, 0xd0, 0x2c, 0x17, 0xdb, 0xaa, 0x1f, 0xf6,
|
||||||
|
- 0xed, 0x93, 0xd7, 0xe7, 0x3e, 0x24, 0x1e, 0xae,
|
||||||
|
- 0xd9, 0x0c, 0xaf, 0x39, 0x4d, 0x2b, 0xc6, 0x57,
|
||||||
|
- 0x0f, 0x18, 0xc8, 0x1f, 0x2b, 0xe5, 0xd0, 0x1a,
|
||||||
|
- 0x2c, 0xa9, 0x9f, 0xf1, 0x42, 0xb5, 0xd9, 0x63,
|
||||||
|
- 0xf9, 0xf5, 0x00, 0x32, 0x5e, 0x75, 0x56, 0xf9,
|
||||||
|
- 0x58, 0x49, 0xb3, 0xff, 0xc7, 0x47, 0x94, 0x86,
|
||||||
|
- 0xbe, 0x1d, 0x45, 0x96, 0xa3, 0x10, 0x6b, 0xd5,
|
||||||
|
- 0xcb, 0x4f, 0x61, 0xc5, 0x7e, 0xc5, 0xf1, 0x00,
|
||||||
|
- 0xfb, 0x7a, 0x0c, 0x82, 0xa1, 0x0b, 0x82, 0x52,
|
||||||
|
- 0x6a, 0x97, 0xd1, 0xd9, 0x7d, 0x98, 0xea, 0xf6
|
||||||
|
+ 0x56, 0x13, 0xe3, 0x12, 0x6b, 0x5f, 0x67, 0xe5,
|
||||||
|
+ 0x08, 0xe5, 0x35, 0x0e, 0x11, 0x90, 0x9d, 0xf5,
|
||||||
|
+ 0x1a, 0x24, 0xfa, 0x42, 0xd1, 0x4a, 0x50, 0x93,
|
||||||
|
+ 0x5b, 0xf4, 0x11, 0x6f, 0xd0, 0xc3, 0xc5, 0xa5,
|
||||||
|
+ 0x80, 0xae, 0x01, 0x3d, 0x66, 0x92, 0xc0, 0x3e,
|
||||||
|
+ 0x5f, 0xe9, 0x75, 0xb6, 0x5b, 0x37, 0x82, 0x39,
|
||||||
|
+ 0x72, 0x66, 0x0b, 0xa2, 0x73, 0x94, 0xe5, 0x04,
|
||||||
|
+ 0x7c, 0x0c, 0x19, 0x9a, 0x03, 0x53, 0xc4, 0x9d,
|
||||||
|
+ 0xc1, 0x0f, 0xc3, 0xec, 0x0e, 0x2e, 0xa3, 0x7c,
|
||||||
|
+ 0x07, 0x0e, 0xaf, 0x18, 0x1d, 0xc7, 0x8b, 0x47,
|
||||||
|
+ 0x4b, 0x94, 0x05, 0x6d, 0xec, 0xdd, 0xa1, 0xae,
|
||||||
|
+ 0x7b, 0x21, 0x86, 0x53, 0xd3, 0x62, 0x38, 0x08,
|
||||||
|
+ 0xea, 0xda, 0xdc, 0xb2, 0x5a, 0x7c, 0xef, 0x19,
|
||||||
|
+ 0xf8, 0x29, 0xef, 0xf8, 0xd0, 0xfb, 0xde, 0xe8,
|
||||||
|
+ 0xb8, 0x2f, 0xb3, 0xa1, 0x16, 0xa2, 0xd0, 0x8f,
|
||||||
|
+ 0x48, 0xdc, 0x7d, 0xcb, 0xee, 0x5c, 0x06, 0x1e,
|
||||||
|
+ 0x2a, 0x66, 0xe8, 0x1f, 0xdb, 0x18, 0xe9, 0xd2,
|
||||||
|
+ 0xfd, 0xa2, 0x4e, 0x39, 0xa3, 0x2e, 0x88, 0x3d,
|
||||||
|
+ 0x7d, 0xac, 0x15, 0x18, 0x25, 0xe6, 0xba, 0xd4,
|
||||||
|
+ 0x0e, 0x89, 0x26, 0x60, 0x8f, 0xdc, 0x4a, 0xb4,
|
||||||
|
+ 0x49, 0x8f, 0x98, 0xe8, 0x62, 0x8c, 0xc6, 0x66,
|
||||||
|
+ 0x20, 0x4c, 0xe1, 0xed, 0xfc, 0x01, 0x88, 0x46,
|
||||||
|
+ 0xa7, 0x67, 0x48, 0x39, 0xc5, 0x22, 0x95, 0xa0,
|
||||||
|
+ 0x23, 0xb9, 0xd1, 0xed, 0x87, 0xcf, 0xa7, 0x70,
|
||||||
|
+ 0x1c, 0xac, 0xd3, 0xaf, 0x5c, 0x26, 0x50, 0x3c,
|
||||||
|
+ 0xe4, 0x23, 0xb6, 0xcc, 0xd7, 0xc5, 0xda, 0x2f,
|
||||||
|
+ 0xf4, 0x45, 0xf1, 0xe4, 0x40, 0xb5, 0x0a, 0x25,
|
||||||
|
+ 0x86, 0xe6, 0xde, 0x11, 0x3c, 0x46, 0x16, 0xbc,
|
||||||
|
+ 0x41, 0xc2, 0x28, 0x19, 0x81, 0x5a, 0x46, 0x02,
|
||||||
|
+ 0x87, 0xd0, 0x15, 0x0c, 0xd2, 0xfe, 0x75, 0x04,
|
||||||
|
+ 0x82, 0xd2, 0x0a, 0xb7, 0xbc, 0xc5, 0x6c, 0xb1,
|
||||||
|
+ 0x41, 0xa8, 0x2b, 0x28, 0xbb, 0x86, 0x0c, 0x89
|
||||||
|
};
|
||||||
|
|
||||||
|
static const ST_KAT_PARAM dh_group[] = {
|
||||||
|
--
|
||||||
|
2.35.3
|
||||||
|
|
Loading…
Reference in new issue