729 lines
34 KiB
Diff
729 lines
34 KiB
Diff
From 2c44e9f8b2e7a1ebc65caeb03f9f106d31e30822 Mon Sep 17 00:00:00 2001
|
|
From: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
|
|
Date: Wed, 3 Apr 2019 13:40:04 +0200
|
|
Subject: [PATCH 1/7] crypto-selftests-pk.c: Move hardcoded values to the top
|
|
|
|
The objective of moving these values to the top is to allow them to be
|
|
used by other functions, in particular test_sig().
|
|
|
|
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
|
|
---
|
|
lib/crypto-selftests-pk.c | 224 +++++++++++++++++++-------------------
|
|
1 file changed, 112 insertions(+), 112 deletions(-)
|
|
|
|
diff --git a/lib/crypto-selftests-pk.c b/lib/crypto-selftests-pk.c
|
|
index 1aa53ea29..4fadd4161 100644
|
|
--- a/lib/crypto-selftests-pk.c
|
|
+++ b/lib/crypto-selftests-pk.c
|
|
@@ -107,6 +107,118 @@ static const char gost12_512_key[] =
|
|
"KjL7CLBERDm7Yvlv\n"
|
|
"-----END PRIVATE KEY-----\n";
|
|
|
|
+/* A precomputed RSA-SHA256 signature using the rsa_key2048 */
|
|
+static const char rsa_sig[] =
|
|
+ "\x7a\xb3\xf8\xb0\xf9\xf0\x52\x88\x37\x17\x97\x9f\xbe\x61\xb4\xd2\x43\x78\x9f\x79\x92\xd0\xad\x08\xdb\xbd\x3c\x72\x7a\xb5\x51\x59\x63\xd6\x7d\xf1\x9c\x1e\x10\x7b\x27\xab\xf8\xd4\x9d\xcd\xc5\xf9\xae\xf7\x09\x6b\x40\x93\xc5\xe9\x1c\x0f\xb4\x82\xa1\x47\x86\x54\x63\xd2\x4d\x40\x9a\x80\xb9\x38\x45\x69\xa2\xd6\x92\xb6\x69\x7f\x3f\xf3\x5b\xa5\x1d\xac\x06\xad\xdf\x4e\xbb\xe6\xda\x68\x0d\xe5\xab\xef\xd2\xf0\xc5\xd8\xc0\xed\x80\xe2\xd4\x76\x98\xec\x44\xa2\xfc\x3f\xce\x2e\x8b\xc4\x4b\xab\xb0\x70\x24\x52\x85\x2a\x36\xcd\x9a\xb5\x05\x00\xea\x98\x7c\x72\x06\x68\xb1\x38\x44\x16\x80\x6a\x3b\x64\x72\xbb\xfd\x4b\xc9\xdd\xda\x2a\x68\xde\x7f\x6e\x48\x28\xc1\x63\x57\x2b\xde\x83\xa3\x27\x34\xd7\xa6\x87\x18\x35\x10\xff\x31\xd9\x47\xc9\x84\x35\xe1\xaa\xe2\xf7\x98\xfa\x19\xd3\xf1\x94\x25\x2a\x96\xe4\xa8\xa7\x05\x10\x93\x87\xde\x96\x85\xe5\x68\xb8\xe5\x4e\xbf\x66\x85\x91\xbd\x52\x5b\x3d\x9f\x1b\x79\xea\xe3\x8b\xef\x62\x18\x39\x7a\x50\x01\x46\x1b\xde\x8d\x37\xbc\x90\x6c\x07\xc0\x07\xed\x60\xce\x2e\x31\xd6\x8f\xe8\x75\xdb\x45\x21\xc6\xcb";
|
|
+
|
|
+/* ECDSA key and signature */
|
|
+static const char ecdsa_secp256r1_privkey[] =
|
|
+ "-----BEGIN EC PRIVATE KEY-----\n"
|
|
+ "MHcCAQEEIPAKWV7+pZe9c5EubMNfAEKWRQtP/MvlO9HehwHmJssNoAoGCCqGSM49\n"
|
|
+ "AwEHoUQDQgAE2CNONRio3ciuXtoomJKs3MdbzLbd44VPhtzJN30VLFm5gvnfiCj2\n"
|
|
+ "zzz7pl9Cv0ECHl6yedNI8QEKdcwCDgEmkQ==\n"
|
|
+ "-----END EC PRIVATE KEY-----\n";
|
|
+
|
|
+static const char ecdsa_secp256r1_sig[] =
|
|
+ "\x30\x45\x02\x21\x00\x9b\x8f\x60\xed\x9e\x40\x8d\x74\x82\x73\xab\x20\x1a\x69\xfc\xf9\xee\x3c\x41\x80\xc0\x39\xdd\x21\x1a\x64\xfd\xbf\x7e\xaa\x43\x70\x02\x20\x44\x28\x05\xdd\x30\x47\x58\x96\x18\x39\x94\x18\xba\xe7\x7a\xf6\x1e\x2d\xba\xb1\xe0\x7d\x73\x9e\x2f\x58\xee\x0c\x2a\x89\xe8\x35";
|
|
+
|
|
+#ifdef ENABLE_NON_SUITEB_CURVES
|
|
+/* sha256 */
|
|
+static const char ecdsa_secp192r1_privkey[] =
|
|
+ "-----BEGIN EC PRIVATE KEY-----"
|
|
+ "MF8CAQEEGLjezFcbgDMeApVrdtZHvu/k1a8/tVZ41KAKBggqhkjOPQMBAaE0AzIA"
|
|
+ "BO1lciKdgxeRH8k64vxcaV1OYIK9akVrW02Dw21MXhRLP0l0wzCw6LGSr5rS6AaL"
|
|
+ "Fg==" "-----END EC PRIVATE KEY-----";
|
|
+
|
|
+static const char ecdsa_secp192r1_sig[] =
|
|
+ "\x30\x34\x02\x18\x5f\xb3\x10\x4b\x4d\x44\x48\x29\x4b\xfd\xa7\x8e\xce\x57\xac\x36\x38\x54\xab\x73\xdb\xed\xb8\x5f\x02\x18\x0b\x8b\xf3\xae\x49\x50\x0e\x47\xca\x89\x1a\x00\xca\x23\xf5\x8d\xd6\xe3\xce\x9a\xff\x2e\x4f\x5c";
|
|
+
|
|
+static const char ecdsa_secp224r1_privkey[] =
|
|
+ "-----BEGIN EC PRIVATE KEY-----"
|
|
+ "MGgCAQEEHOKWJFdWdrR/CgVrUeTeawOrJ9GozE9KKx2a8PmgBwYFK4EEACGhPAM6"
|
|
+ "AAQKQj3YpenWT7lFR41SnBvmj/+Bj+kgzQnaF65qWAtPRJsZXFlLTu3/IUNqSRu9"
|
|
+ "DqPsk8xBHAB7pA==" "-----END EC PRIVATE KEY-----";
|
|
+
|
|
+static const char ecdsa_secp224r1_sig[] =
|
|
+ "\x30\x3d\x02\x1c\x76\x03\x8d\x74\xf4\xd3\x09\x2a\xb5\xdf\x6b\x5b\xf4\x4b\x86\xb8\x62\x81\x5d\x7b\x7a\xbb\x37\xfc\xf1\x46\x1c\x2b\x02\x1d\x00\xa0\x98\x5d\x80\x43\x89\xe5\xee\x1a\xec\x46\x08\x04\x55\xbc\x50\xfa\x2a\xd5\xa6\x18\x92\x19\xdb\x68\xa0\x2a\xda";
|
|
+#endif
|
|
+
|
|
+static const char ecdsa_secp384r1_privkey[] =
|
|
+ "-----BEGIN EC PRIVATE KEY-----"
|
|
+ "MIGkAgEBBDDevshD6gb+4rZpC9vwFcIwNs4KmGzdqCxyyN40a8uOWRbyf7aHdiSS"
|
|
+ "03oAyKtc4JCgBwYFK4EEACKhZANiAARO1KkPMno2tnNXx1S9EZkp8SOpDCZ4aobH"
|
|
+ "IYv8RHnSmKf8I3OKD6TaoeR+1MwJmNJUH90Bj45WXla68/vsPiFcfVKboxsZYe/n"
|
|
+ "pv8e4ugXagVQVBXNZJ859iYPdJR24vo=" "-----END EC PRIVATE KEY-----";
|
|
+
|
|
+static const char ecdsa_secp384r1_sig[] =
|
|
+ "\x30\x66\x02\x31\x00\xbb\x4d\x25\x30\x13\x1b\x3b\x75\x60\x07\xed\x53\x8b\x52\xee\xd8\x6e\xf1\x9d\xa8\x36\x0e\x2e\x20\x31\x51\x11\x48\x78\xdd\xaf\x24\x38\x64\x81\x71\x6b\xa6\xb7\x29\x58\x28\x82\x32\xba\x29\x29\xd9\x02\x31\x00\xeb\x70\x09\x87\xac\x7b\x78\x0d\x4c\x4f\x08\x2b\x86\x27\xe2\x60\x1f\xc9\x11\x9f\x1d\xf5\x82\x4c\xc7\x3d\xb0\x27\xc8\x93\x29\xc7\xd0\x0e\x88\x02\x09\x93\xc2\x72\xce\xa5\x74\x8c\x3d\xe0\x8c\xad";
|
|
+
|
|
+static const char ecdsa_secp521r1_privkey[] =
|
|
+ "-----BEGIN EC PRIVATE KEY-----"
|
|
+ "MIHbAgEBBEGO2n7NN363qSCvJVdlQtCvudtaW4o0fEufXRjE1AsCrle+VXX0Zh0w"
|
|
+ "Y1slSeDHMndpakoiF+XkQ+bhcB867UV6aKAHBgUrgQQAI6GBiQOBhgAEAQb6jDpo"
|
|
+ "byy1tF8Zucg0TMGUzIN2DK+RZJ3QQRdWdirO25OIC3FoFi1Yird6rpoB6HlNyJ7R"
|
|
+ "0bNG9Uv34bSHMn8yAFoiqxUCdJZQbEenMoZsi6COaePe3e0QqvDMr0hEWT23Sr3t"
|
|
+ "LpEV7eZGFfFIJw5wSUp2KOcs+O9WjmoukTWtDKNV"
|
|
+ "-----END EC PRIVATE KEY-----";
|
|
+
|
|
+static const char ecdsa_secp521r1_sig[] =
|
|
+ "\x30\x81\x87\x02\x42\x01\xb8\xcb\x52\x9e\x10\xa8\x49\x3f\xe1\x9e\x14\x0a\xcf\x96\xed\x7e\xab\x7d\x0c\xe1\x9b\xa4\x97\xdf\x01\xf5\x35\x42\x5f\x5b\x28\x15\x24\x33\x6e\x59\x6c\xaf\x10\x8b\x98\x8e\xe9\x4c\x23\x0d\x76\x92\x03\xdd\x6d\x8d\x08\x47\x15\x5b\xf8\x66\x75\x75\x40\xe8\xf4\xa0\x52\x02\x41\x15\x27\x7c\x5f\xa6\x33\xa6\x29\x68\x3f\x55\x8d\x7f\x1d\x4f\x88\xc6\x61\x6e\xac\x21\xdf\x2b\x7b\xde\x76\x9a\xdc\xe6\x3b\x94\x3f\x03\x9c\xa2\xa6\xa3\x63\x39\x48\xbd\x79\x70\x21\xf2\x6b\xff\x58\x66\xf1\x58\xc2\x58\xad\x4f\x84\x14\x5d\x05\x12\x83\xd0\x87\xbd\xf3";
|
|
+
|
|
+/* DSA key and signature */
|
|
+static const char dsa_privkey[] =
|
|
+ "-----BEGIN DSA PRIVATE KEY-----\n"
|
|
+ "MIIDTQIBAAKCAQEAh60B6yPMRIT7udq2kKuwnQDohvT1U0w+RJcSr23C05cM/Ovn\n"
|
|
+ "UP/8Rrj6T8K+uYhMbKgLaZiJJW9q04jaPQk0cfUphbLvRjzVHwE/0Bkb+Y1Rv7ni\n"
|
|
+ "Jot2IFMq5iuNraf889PC0WREvFCcIkSFY2Ac4WT7mCcBtfx/raGFXDUjcUrJ0HwZ\n"
|
|
+ "IOhjQDfcXUsztuyYsYA75ociEY8kyDZq/ixyr5++R1VjNf30Re8AbQlXOEGxEN5t\n"
|
|
+ "t+Tvpq8K5L3prQs2KNSzyOUmedjb/ojH4T4qe/RL9EVjjeuIGHDNUT6F197yZ91y\n"
|
|
+ "qLLTf1WjnUyZcKij5rryX0LJBBWawEZjNSHZawIdAMQlyycia4NigCdiDR+QptUn\n"
|
|
+ "2xrj9o14fXkIrXcCggEAXRZm1rbPhsjSTo6cpCVrmDzO1grv83EHiBH4MvRQQnP8\n"
|
|
+ "FpAREsBA5cYju97XvLaLhioZeMjLn08kU7TUbHRUB+ULTuVvE2dQbBpGuKiLRRt9\n"
|
|
+ "6U2T0eD3xGLoM+o8EY/kpqaWGEpZv7hzM9xuo4vy55+viAZgFWULqmltwfG/7w7V\n"
|
|
+ "NXUHNv5H4Ipw//fSDLTPqzUlNqSSswDLz6pCjWEs0rWAqNAMaOiLTz4id9pL48Oe\n"
|
|
+ "oAfpcQR9tgTEnwyXfZBnrJVclHhkHKGeXvU05IgCzpKO76Z5R+By50T0i/JV7vzM\n"
|
|
+ "l2yS9aAl/cprT6U7yI3oU/blldCVNpMcFAFb+fO8DAKCAQBVMo8xptyvQOJeSvbO\n"
|
|
+ "SSYdJ3IiI/0GdkcGWXblWg9z7mrPaWEnT7OquEm/+vYtWd3GHDtyNM+jzsN4Xgjc\n"
|
|
+ "TL3AEd2hLiozJQ1BFKw25VU08UHAYTzUxZhO4Vwtmp46Kwj8YLDQ3NHRWCBxpDQR\n"
|
|
+ "fbiFvyXP+qXap6plMfrydnUD1mae/JSOWOYgdB7tFIehstLxVXx/cAnjwgFU03Df\n"
|
|
+ "grjsad92zA1Hc9wIjbsgAQdTR5DWnFRkRt3UtayBwoyqm6QceZHsv1NAGvkQ4ion\n"
|
|
+ "bEjkHkjF9YCkR9/rspR8cLghRIXMjOpypuSbaRPeeWq0gP2UOxFL/d3iWH0ETr/L\n"
|
|
+ "kTlCAhxYGpVgtfB96qmJukyl9GOGvfkwFTgEyIDoV84M\n"
|
|
+ "-----END DSA PRIVATE KEY-----\n";
|
|
+
|
|
+static const char dsa_sig[] =
|
|
+ "\x30\x3d\x02\x1c\x2e\x40\x14\xb3\x7a\x3f\xc0\x4f\x06\x74\x4f\xa6\x5f\xc2\x0a\x46\x35\x38\x88\xb4\x1a\xcf\x94\x02\x40\x42\x7c\x7f\x02\x1d\x00\x98\xfc\xf1\x08\x66\xf1\x86\x28\xc9\x73\x9e\x2b\x5d\xce\x57\xe8\xb5\xeb\xcf\xa3\xf6\x60\xf6\x63\x16\x0e\xc0\x42";
|
|
+
|
|
+static const char gost01_privkey[] =
|
|
+ "-----BEGIN PRIVATE KEY-----\n"
|
|
+ "MEUCAQAwHAYGKoUDAgITMBIGByqFAwICIwEGByqFAwICHgEEIgQgdNfuHGmmTdPm\n"
|
|
+ "p5dAa3ea9UYxpdYQPP9lbDwzQwG2bJM=\n"
|
|
+ "-----END PRIVATE KEY-----\n";
|
|
+
|
|
+static const char gost01_sig[] =
|
|
+ "\xc5\xc8\xf8\xdc\x22\x51\xb0\x72\xe9\xa2\xbb\x84\x6c\xe2\x24\xd5\x72\x39\x2a\x5a\x0e\x7a\x43\xfc\x9c\xc3\x5d\x32\x92\xbb\xab\xc0\x4b\x99\xbd\xc8\x47\x24\x70\x06\x7e\xa1\xc6\xe3\xa0\xdc\x42\xed\xa0\x66\xf0\xcc\x50\x97\xe9\x5a\x7d\x3f\x65\x2d\x7b\x1b\x03\xcb";
|
|
+
|
|
+static const char gost12_256_privkey[] =
|
|
+ "-----BEGIN PRIVATE KEY-----\n"
|
|
+ "MEgCAQAwHwYIKoUDBwEBAQEwEwYHKoUDAgIjAQYIKoUDBwEBAgIEIgQgKOF96tom\n"
|
|
+ "D61rhSnzKjyrmO3fv0gdlHei+6ovrc8SnBk=\n"
|
|
+ "-----END PRIVATE KEY-----\n";
|
|
+
|
|
+static const char gost12_256_sig[] =
|
|
+ "\xb2\x51\x5a\x1a\xbd\x95\x4e\x71\x55\xad\x74\x74\x81\xa6\xca\x6c\x14\x01\xe0\x18\xda\xe4\x0d\x02\x4f\x14\xd2\x39\xd6\x3c\xb5\x85\xa8\x37\xfd\x7f\x2b\xfa\xe4\xf5\xbc\xbc\x15\x20\x8b\x83\x4b\x84\x0d\x5d\x02\x21\x8c\x0d\xb9\xc4\x2b\xc0\x3e\xfd\x42\x55\x1d\xb0";
|
|
+
|
|
+static const char gost12_512_privkey[] =
|
|
+ "-----BEGIN PRIVATE KEY-----\n"
|
|
+ "MGoCAQAwIQYIKoUDBwEBAQIwFQYJKoUDBwECAQIBBggqhQMHAQECAwRCBECjFpvp\n"
|
|
+ "B0vdc7u59b99TCNXhHiB69JJtUjvieNkGYJpoaaIvoKZTNCjpSZASsZcQZCHOTof\n"
|
|
+ "hsQ3JCCy4xnd5jWT\n"
|
|
+ "-----END PRIVATE KEY-----\n";
|
|
+
|
|
+static const char gost12_512_sig[] =
|
|
+ "\x52\x4f\xa2\x77\x51\xd2\xc5\xef\xd3\xa3\x99\x4e\xec\xff\xc6\xe9\xfc\x2f\xc0\x28\x42\x03\x95\x6c\x9a\x38\xee\xea\x89\x79\xae\x1a\xc3\x68\x5e\xe4\x15\x15\x4b\xec\x0f\xf1\x7e\x0f\xba\x01\xc7\x84\x16\xc7\xb5\xac\x9d\x0c\x22\xdd\x31\xf7\xb0\x9b\x59\x4b\xf0\x02\xa8\x7d\xfd\x6d\x02\x43\xc7\x4f\x65\xbd\x84\x5c\x54\x91\xba\x75\x9f\x5a\x61\x19\x5c\x9a\x10\x78\x34\xa0\xa6\xf6\xdc\xb6\xb0\x50\x22\x38\x5f\xb0\x16\x66\xf1\xd5\x46\x00\xd5\xe2\xa8\xe5\xd2\x11\x5f\xd1\xbe\x6e\xac\xb2\x9c\x14\x34\x96\xe7\x58\x94\xb8\xf4\x5f";
|
|
+
|
|
static int test_rsa_enc(gnutls_pk_algorithm_t pk,
|
|
unsigned bits, gnutls_digest_algorithm_t ign)
|
|
{
|
|
@@ -302,118 +414,6 @@ static int test_sig(gnutls_pk_algorithm_t pk,
|
|
return ret;
|
|
}
|
|
|
|
-/* A precomputed RSA-SHA1 signature using the rsa_key2048 */
|
|
-static const char rsa_sig[] =
|
|
- "\x7a\xb3\xf8\xb0\xf9\xf0\x52\x88\x37\x17\x97\x9f\xbe\x61\xb4\xd2\x43\x78\x9f\x79\x92\xd0\xad\x08\xdb\xbd\x3c\x72\x7a\xb5\x51\x59\x63\xd6\x7d\xf1\x9c\x1e\x10\x7b\x27\xab\xf8\xd4\x9d\xcd\xc5\xf9\xae\xf7\x09\x6b\x40\x93\xc5\xe9\x1c\x0f\xb4\x82\xa1\x47\x86\x54\x63\xd2\x4d\x40\x9a\x80\xb9\x38\x45\x69\xa2\xd6\x92\xb6\x69\x7f\x3f\xf3\x5b\xa5\x1d\xac\x06\xad\xdf\x4e\xbb\xe6\xda\x68\x0d\xe5\xab\xef\xd2\xf0\xc5\xd8\xc0\xed\x80\xe2\xd4\x76\x98\xec\x44\xa2\xfc\x3f\xce\x2e\x8b\xc4\x4b\xab\xb0\x70\x24\x52\x85\x2a\x36\xcd\x9a\xb5\x05\x00\xea\x98\x7c\x72\x06\x68\xb1\x38\x44\x16\x80\x6a\x3b\x64\x72\xbb\xfd\x4b\xc9\xdd\xda\x2a\x68\xde\x7f\x6e\x48\x28\xc1\x63\x57\x2b\xde\x83\xa3\x27\x34\xd7\xa6\x87\x18\x35\x10\xff\x31\xd9\x47\xc9\x84\x35\xe1\xaa\xe2\xf7\x98\xfa\x19\xd3\xf1\x94\x25\x2a\x96\xe4\xa8\xa7\x05\x10\x93\x87\xde\x96\x85\xe5\x68\xb8\xe5\x4e\xbf\x66\x85\x91\xbd\x52\x5b\x3d\x9f\x1b\x79\xea\xe3\x8b\xef\x62\x18\x39\x7a\x50\x01\x46\x1b\xde\x8d\x37\xbc\x90\x6c\x07\xc0\x07\xed\x60\xce\x2e\x31\xd6\x8f\xe8\x75\xdb\x45\x21\xc6\xcb";
|
|
-
|
|
-/* ECDSA key and signature */
|
|
-static const char ecdsa_secp256r1_privkey[] =
|
|
- "-----BEGIN EC PRIVATE KEY-----\n"
|
|
- "MHcCAQEEIPAKWV7+pZe9c5EubMNfAEKWRQtP/MvlO9HehwHmJssNoAoGCCqGSM49\n"
|
|
- "AwEHoUQDQgAE2CNONRio3ciuXtoomJKs3MdbzLbd44VPhtzJN30VLFm5gvnfiCj2\n"
|
|
- "zzz7pl9Cv0ECHl6yedNI8QEKdcwCDgEmkQ==\n"
|
|
- "-----END EC PRIVATE KEY-----\n";
|
|
-
|
|
-static const char ecdsa_secp256r1_sig[] =
|
|
- "\x30\x45\x02\x21\x00\x9b\x8f\x60\xed\x9e\x40\x8d\x74\x82\x73\xab\x20\x1a\x69\xfc\xf9\xee\x3c\x41\x80\xc0\x39\xdd\x21\x1a\x64\xfd\xbf\x7e\xaa\x43\x70\x02\x20\x44\x28\x05\xdd\x30\x47\x58\x96\x18\x39\x94\x18\xba\xe7\x7a\xf6\x1e\x2d\xba\xb1\xe0\x7d\x73\x9e\x2f\x58\xee\x0c\x2a\x89\xe8\x35";
|
|
-
|
|
-#ifdef ENABLE_NON_SUITEB_CURVES
|
|
-/* sha256 */
|
|
-static const char ecdsa_secp192r1_privkey[] =
|
|
- "-----BEGIN EC PRIVATE KEY-----"
|
|
- "MF8CAQEEGLjezFcbgDMeApVrdtZHvu/k1a8/tVZ41KAKBggqhkjOPQMBAaE0AzIA"
|
|
- "BO1lciKdgxeRH8k64vxcaV1OYIK9akVrW02Dw21MXhRLP0l0wzCw6LGSr5rS6AaL"
|
|
- "Fg==" "-----END EC PRIVATE KEY-----";
|
|
-
|
|
-static const char ecdsa_secp192r1_sig[] =
|
|
- "\x30\x34\x02\x18\x5f\xb3\x10\x4b\x4d\x44\x48\x29\x4b\xfd\xa7\x8e\xce\x57\xac\x36\x38\x54\xab\x73\xdb\xed\xb8\x5f\x02\x18\x0b\x8b\xf3\xae\x49\x50\x0e\x47\xca\x89\x1a\x00\xca\x23\xf5\x8d\xd6\xe3\xce\x9a\xff\x2e\x4f\x5c";
|
|
-
|
|
-static const char ecdsa_secp224r1_privkey[] =
|
|
- "-----BEGIN EC PRIVATE KEY-----"
|
|
- "MGgCAQEEHOKWJFdWdrR/CgVrUeTeawOrJ9GozE9KKx2a8PmgBwYFK4EEACGhPAM6"
|
|
- "AAQKQj3YpenWT7lFR41SnBvmj/+Bj+kgzQnaF65qWAtPRJsZXFlLTu3/IUNqSRu9"
|
|
- "DqPsk8xBHAB7pA==" "-----END EC PRIVATE KEY-----";
|
|
-
|
|
-static const char ecdsa_secp224r1_sig[] =
|
|
- "\x30\x3d\x02\x1c\x76\x03\x8d\x74\xf4\xd3\x09\x2a\xb5\xdf\x6b\x5b\xf4\x4b\x86\xb8\x62\x81\x5d\x7b\x7a\xbb\x37\xfc\xf1\x46\x1c\x2b\x02\x1d\x00\xa0\x98\x5d\x80\x43\x89\xe5\xee\x1a\xec\x46\x08\x04\x55\xbc\x50\xfa\x2a\xd5\xa6\x18\x92\x19\xdb\x68\xa0\x2a\xda";
|
|
-#endif
|
|
-
|
|
-static const char ecdsa_secp384r1_privkey[] =
|
|
- "-----BEGIN EC PRIVATE KEY-----"
|
|
- "MIGkAgEBBDDevshD6gb+4rZpC9vwFcIwNs4KmGzdqCxyyN40a8uOWRbyf7aHdiSS"
|
|
- "03oAyKtc4JCgBwYFK4EEACKhZANiAARO1KkPMno2tnNXx1S9EZkp8SOpDCZ4aobH"
|
|
- "IYv8RHnSmKf8I3OKD6TaoeR+1MwJmNJUH90Bj45WXla68/vsPiFcfVKboxsZYe/n"
|
|
- "pv8e4ugXagVQVBXNZJ859iYPdJR24vo=" "-----END EC PRIVATE KEY-----";
|
|
-
|
|
-static const char ecdsa_secp384r1_sig[] =
|
|
- "\x30\x66\x02\x31\x00\xbb\x4d\x25\x30\x13\x1b\x3b\x75\x60\x07\xed\x53\x8b\x52\xee\xd8\x6e\xf1\x9d\xa8\x36\x0e\x2e\x20\x31\x51\x11\x48\x78\xdd\xaf\x24\x38\x64\x81\x71\x6b\xa6\xb7\x29\x58\x28\x82\x32\xba\x29\x29\xd9\x02\x31\x00\xeb\x70\x09\x87\xac\x7b\x78\x0d\x4c\x4f\x08\x2b\x86\x27\xe2\x60\x1f\xc9\x11\x9f\x1d\xf5\x82\x4c\xc7\x3d\xb0\x27\xc8\x93\x29\xc7\xd0\x0e\x88\x02\x09\x93\xc2\x72\xce\xa5\x74\x8c\x3d\xe0\x8c\xad";
|
|
-
|
|
-static const char ecdsa_secp521r1_privkey[] =
|
|
- "-----BEGIN EC PRIVATE KEY-----"
|
|
- "MIHbAgEBBEGO2n7NN363qSCvJVdlQtCvudtaW4o0fEufXRjE1AsCrle+VXX0Zh0w"
|
|
- "Y1slSeDHMndpakoiF+XkQ+bhcB867UV6aKAHBgUrgQQAI6GBiQOBhgAEAQb6jDpo"
|
|
- "byy1tF8Zucg0TMGUzIN2DK+RZJ3QQRdWdirO25OIC3FoFi1Yird6rpoB6HlNyJ7R"
|
|
- "0bNG9Uv34bSHMn8yAFoiqxUCdJZQbEenMoZsi6COaePe3e0QqvDMr0hEWT23Sr3t"
|
|
- "LpEV7eZGFfFIJw5wSUp2KOcs+O9WjmoukTWtDKNV"
|
|
- "-----END EC PRIVATE KEY-----";
|
|
-
|
|
-static const char ecdsa_secp521r1_sig[] =
|
|
- "\x30\x81\x87\x02\x42\x01\xb8\xcb\x52\x9e\x10\xa8\x49\x3f\xe1\x9e\x14\x0a\xcf\x96\xed\x7e\xab\x7d\x0c\xe1\x9b\xa4\x97\xdf\x01\xf5\x35\x42\x5f\x5b\x28\x15\x24\x33\x6e\x59\x6c\xaf\x10\x8b\x98\x8e\xe9\x4c\x23\x0d\x76\x92\x03\xdd\x6d\x8d\x08\x47\x15\x5b\xf8\x66\x75\x75\x40\xe8\xf4\xa0\x52\x02\x41\x15\x27\x7c\x5f\xa6\x33\xa6\x29\x68\x3f\x55\x8d\x7f\x1d\x4f\x88\xc6\x61\x6e\xac\x21\xdf\x2b\x7b\xde\x76\x9a\xdc\xe6\x3b\x94\x3f\x03\x9c\xa2\xa6\xa3\x63\x39\x48\xbd\x79\x70\x21\xf2\x6b\xff\x58\x66\xf1\x58\xc2\x58\xad\x4f\x84\x14\x5d\x05\x12\x83\xd0\x87\xbd\xf3";
|
|
-
|
|
-/* DSA key and signature */
|
|
-static const char dsa_privkey[] =
|
|
- "-----BEGIN DSA PRIVATE KEY-----\n"
|
|
- "MIIDTQIBAAKCAQEAh60B6yPMRIT7udq2kKuwnQDohvT1U0w+RJcSr23C05cM/Ovn\n"
|
|
- "UP/8Rrj6T8K+uYhMbKgLaZiJJW9q04jaPQk0cfUphbLvRjzVHwE/0Bkb+Y1Rv7ni\n"
|
|
- "Jot2IFMq5iuNraf889PC0WREvFCcIkSFY2Ac4WT7mCcBtfx/raGFXDUjcUrJ0HwZ\n"
|
|
- "IOhjQDfcXUsztuyYsYA75ociEY8kyDZq/ixyr5++R1VjNf30Re8AbQlXOEGxEN5t\n"
|
|
- "t+Tvpq8K5L3prQs2KNSzyOUmedjb/ojH4T4qe/RL9EVjjeuIGHDNUT6F197yZ91y\n"
|
|
- "qLLTf1WjnUyZcKij5rryX0LJBBWawEZjNSHZawIdAMQlyycia4NigCdiDR+QptUn\n"
|
|
- "2xrj9o14fXkIrXcCggEAXRZm1rbPhsjSTo6cpCVrmDzO1grv83EHiBH4MvRQQnP8\n"
|
|
- "FpAREsBA5cYju97XvLaLhioZeMjLn08kU7TUbHRUB+ULTuVvE2dQbBpGuKiLRRt9\n"
|
|
- "6U2T0eD3xGLoM+o8EY/kpqaWGEpZv7hzM9xuo4vy55+viAZgFWULqmltwfG/7w7V\n"
|
|
- "NXUHNv5H4Ipw//fSDLTPqzUlNqSSswDLz6pCjWEs0rWAqNAMaOiLTz4id9pL48Oe\n"
|
|
- "oAfpcQR9tgTEnwyXfZBnrJVclHhkHKGeXvU05IgCzpKO76Z5R+By50T0i/JV7vzM\n"
|
|
- "l2yS9aAl/cprT6U7yI3oU/blldCVNpMcFAFb+fO8DAKCAQBVMo8xptyvQOJeSvbO\n"
|
|
- "SSYdJ3IiI/0GdkcGWXblWg9z7mrPaWEnT7OquEm/+vYtWd3GHDtyNM+jzsN4Xgjc\n"
|
|
- "TL3AEd2hLiozJQ1BFKw25VU08UHAYTzUxZhO4Vwtmp46Kwj8YLDQ3NHRWCBxpDQR\n"
|
|
- "fbiFvyXP+qXap6plMfrydnUD1mae/JSOWOYgdB7tFIehstLxVXx/cAnjwgFU03Df\n"
|
|
- "grjsad92zA1Hc9wIjbsgAQdTR5DWnFRkRt3UtayBwoyqm6QceZHsv1NAGvkQ4ion\n"
|
|
- "bEjkHkjF9YCkR9/rspR8cLghRIXMjOpypuSbaRPeeWq0gP2UOxFL/d3iWH0ETr/L\n"
|
|
- "kTlCAhxYGpVgtfB96qmJukyl9GOGvfkwFTgEyIDoV84M\n"
|
|
- "-----END DSA PRIVATE KEY-----\n";
|
|
-
|
|
-static const char dsa_sig[] =
|
|
- "\x30\x3d\x02\x1c\x2e\x40\x14\xb3\x7a\x3f\xc0\x4f\x06\x74\x4f\xa6\x5f\xc2\x0a\x46\x35\x38\x88\xb4\x1a\xcf\x94\x02\x40\x42\x7c\x7f\x02\x1d\x00\x98\xfc\xf1\x08\x66\xf1\x86\x28\xc9\x73\x9e\x2b\x5d\xce\x57\xe8\xb5\xeb\xcf\xa3\xf6\x60\xf6\x63\x16\x0e\xc0\x42";
|
|
-
|
|
-static const char gost01_privkey[] =
|
|
- "-----BEGIN PRIVATE KEY-----\n"
|
|
- "MEUCAQAwHAYGKoUDAgITMBIGByqFAwICIwEGByqFAwICHgEEIgQgdNfuHGmmTdPm\n"
|
|
- "p5dAa3ea9UYxpdYQPP9lbDwzQwG2bJM=\n"
|
|
- "-----END PRIVATE KEY-----\n";
|
|
-
|
|
-static const char gost01_sig[] =
|
|
- "\xc5\xc8\xf8\xdc\x22\x51\xb0\x72\xe9\xa2\xbb\x84\x6c\xe2\x24\xd5\x72\x39\x2a\x5a\x0e\x7a\x43\xfc\x9c\xc3\x5d\x32\x92\xbb\xab\xc0\x4b\x99\xbd\xc8\x47\x24\x70\x06\x7e\xa1\xc6\xe3\xa0\xdc\x42\xed\xa0\x66\xf0\xcc\x50\x97\xe9\x5a\x7d\x3f\x65\x2d\x7b\x1b\x03\xcb";
|
|
-
|
|
-static const char gost12_256_privkey[] =
|
|
- "-----BEGIN PRIVATE KEY-----\n"
|
|
- "MEgCAQAwHwYIKoUDBwEBAQEwEwYHKoUDAgIjAQYIKoUDBwEBAgIEIgQgKOF96tom\n"
|
|
- "D61rhSnzKjyrmO3fv0gdlHei+6ovrc8SnBk=\n"
|
|
- "-----END PRIVATE KEY-----\n";
|
|
-
|
|
-static const char gost12_256_sig[] =
|
|
- "\xb2\x51\x5a\x1a\xbd\x95\x4e\x71\x55\xad\x74\x74\x81\xa6\xca\x6c\x14\x01\xe0\x18\xda\xe4\x0d\x02\x4f\x14\xd2\x39\xd6\x3c\xb5\x85\xa8\x37\xfd\x7f\x2b\xfa\xe4\xf5\xbc\xbc\x15\x20\x8b\x83\x4b\x84\x0d\x5d\x02\x21\x8c\x0d\xb9\xc4\x2b\xc0\x3e\xfd\x42\x55\x1d\xb0";
|
|
-
|
|
-static const char gost12_512_privkey[] =
|
|
- "-----BEGIN PRIVATE KEY-----\n"
|
|
- "MGoCAQAwIQYIKoUDBwEBAQIwFQYJKoUDBwECAQIBBggqhQMHAQECAwRCBECjFpvp\n"
|
|
- "B0vdc7u59b99TCNXhHiB69JJtUjvieNkGYJpoaaIvoKZTNCjpSZASsZcQZCHOTof\n"
|
|
- "hsQ3JCCy4xnd5jWT\n"
|
|
- "-----END PRIVATE KEY-----\n";
|
|
-
|
|
-static const char gost12_512_sig[] =
|
|
- "\x52\x4f\xa2\x77\x51\xd2\xc5\xef\xd3\xa3\x99\x4e\xec\xff\xc6\xe9\xfc\x2f\xc0\x28\x42\x03\x95\x6c\x9a\x38\xee\xea\x89\x79\xae\x1a\xc3\x68\x5e\xe4\x15\x15\x4b\xec\x0f\xf1\x7e\x0f\xba\x01\xc7\x84\x16\xc7\xb5\xac\x9d\x0c\x22\xdd\x31\xf7\xb0\x9b\x59\x4b\xf0\x02\xa8\x7d\xfd\x6d\x02\x43\xc7\x4f\x65\xbd\x84\x5c\x54\x91\xba\x75\x9f\x5a\x61\x19\x5c\x9a\x10\x78\x34\xa0\xa6\xf6\xdc\xb6\xb0\x50\x22\x38\x5f\xb0\x16\x66\xf1\xd5\x46\x00\xd5\xe2\xa8\xe5\xd2\x11\x5f\xd1\xbe\x6e\xac\xb2\x9c\x14\x34\x96\xe7\x58\x94\xb8\xf4\x5f";
|
|
-
|
|
static int test_known_sig(gnutls_pk_algorithm_t pk, unsigned bits,
|
|
gnutls_digest_algorithm_t dig,
|
|
const void *privkey, size_t privkey_size,
|
|
--
|
|
2.20.1
|
|
|
|
|
|
From 4b04d899849ea566ae33862289276d9b297cd493 Mon Sep 17 00:00:00 2001
|
|
From: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
|
|
Date: Wed, 3 Apr 2019 13:44:56 +0200
|
|
Subject: [PATCH 2/7] crypto-selftests-pk.c: Add a comparison with a known
|
|
signature
|
|
|
|
For RSA, compare the generated signature with a stored known value in
|
|
test_sig().
|
|
|
|
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
|
|
---
|
|
lib/crypto-selftests-pk.c | 13 +++++++++++++
|
|
1 file changed, 13 insertions(+)
|
|
|
|
diff --git a/lib/crypto-selftests-pk.c b/lib/crypto-selftests-pk.c
|
|
index 4fadd4161..0233e6b9f 100644
|
|
--- a/lib/crypto-selftests-pk.c
|
|
+++ b/lib/crypto-selftests-pk.c
|
|
@@ -313,6 +313,7 @@ static int test_sig(gnutls_pk_algorithm_t pk,
|
|
{
|
|
int ret;
|
|
gnutls_datum_t sig = { NULL, 0 };
|
|
+ gnutls_datum_t known_sig = { NULL, 0 };
|
|
gnutls_datum_t raw_rsa_key = { (void*)rsa_key2048, sizeof(rsa_key2048)-1 };
|
|
gnutls_datum_t raw_dsa_key = { (void*)dsa_key, sizeof(dsa_key)-1 };
|
|
gnutls_datum_t raw_ecc_key = { (void*)ecc_key, sizeof(ecc_key)-1 };
|
|
@@ -343,6 +344,8 @@ static int test_sig(gnutls_pk_algorithm_t pk,
|
|
}
|
|
|
|
if (pk == GNUTLS_PK_RSA) {
|
|
+ known_sig.data = (void *)rsa_sig;
|
|
+ known_sig.size = sizeof(rsa_sig) - 1;
|
|
ret = gnutls_privkey_import_x509_raw(key, &raw_rsa_key, GNUTLS_X509_FMT_PEM, NULL, 0);
|
|
} else if (pk == GNUTLS_PK_RSA_PSS) {
|
|
ret = gnutls_privkey_import_x509_raw(key, &raw_rsa_key, GNUTLS_X509_FMT_PEM, NULL, 0);
|
|
@@ -378,6 +381,16 @@ static int test_sig(gnutls_pk_algorithm_t pk,
|
|
goto cleanup;
|
|
}
|
|
|
|
+ /* Compare with a stored known signature */
|
|
+ if (known_sig.data != NULL) {
|
|
+ if (sig.size != known_sig.size
|
|
+ || memcmp(sig.data, known_sig.data, sig.size) != 0) {
|
|
+ ret = GNUTLS_E_SELF_TEST_ERROR;
|
|
+ gnutls_assert();
|
|
+ goto cleanup;
|
|
+ }
|
|
+ }
|
|
+
|
|
ret =
|
|
gnutls_pubkey_verify_data2(pub, sigalgo, 0,
|
|
&signed_data, &sig);
|
|
--
|
|
2.20.1
|
|
|
|
|
|
From db2b308fdbe98420b722eaf678c1a911bc51b0a5 Mon Sep 17 00:00:00 2001
|
|
From: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
|
|
Date: Thu, 18 Apr 2019 17:22:18 +0200
|
|
Subject: [PATCH 4/7] tests: Run rng-no-onload test in FIPS mode
|
|
|
|
This changes the function used in the test to override gnutls_rnd() to
|
|
fill the given buffer with a different value each time it is called.
|
|
This allows the test to run when FIPS mode is enabled.
|
|
|
|
Previously the rng-no-onload test could get stuck if FIPS mode was
|
|
enabled. This happened if gnutls_rnd() function was called during
|
|
global_init() in a loop that checks the generated value (e.g. if ECDSA
|
|
signature generation is called during self tests).
|
|
|
|
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
|
|
---
|
|
tests/rng-no-onload.c | 12 +++++++-----
|
|
1 file changed, 7 insertions(+), 5 deletions(-)
|
|
|
|
diff --git a/tests/rng-no-onload.c b/tests/rng-no-onload.c
|
|
index ac01be214..a485a440d 100644
|
|
--- a/tests/rng-no-onload.c
|
|
+++ b/tests/rng-no-onload.c
|
|
@@ -50,18 +50,20 @@ static int _rnd_called = 0;
|
|
int __attribute__ ((visibility ("protected")))
|
|
gnutls_rnd(gnutls_rnd_level_t level, void *data, size_t len)
|
|
{
|
|
+ static unsigned int value = 0;
|
|
+
|
|
_rnd_called = 1;
|
|
|
|
- memset(data, 0xff, len);
|
|
+ /* Increment 'value' in each call up to 255, then start again from 0 */
|
|
+ value = (value + 1) & 0xFF;
|
|
+
|
|
+ memset(data, value, len);
|
|
+
|
|
return 0;
|
|
}
|
|
|
|
void doit(void)
|
|
{
|
|
- if (gnutls_fips140_mode_enabled()) {
|
|
- exit(77);
|
|
- }
|
|
-
|
|
global_init();
|
|
|
|
if (_rnd_called != 0)
|
|
--
|
|
2.20.1
|
|
|
|
|
|
From fc926cd65f1de06f359315c6693c1a9c9899ba8c Mon Sep 17 00:00:00 2001
|
|
From: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
|
|
Date: Thu, 4 Apr 2019 15:45:02 +0200
|
|
Subject: [PATCH 5/7] crypto-selftests-pk.c: Fix test_known_sig
|
|
|
|
Previously a new signature was generated only for deterministic
|
|
algorithms (i.e. only RSA). With this, a new signature is always
|
|
generated (and compared with a stored signature for deterministic
|
|
algorithms). The signature verification is tested for both generated
|
|
and stored signatures.
|
|
|
|
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
|
|
---
|
|
lib/crypto-selftests-pk.c | 31 ++++++++++++++++++++-----------
|
|
1 file changed, 20 insertions(+), 11 deletions(-)
|
|
|
|
diff --git a/lib/crypto-selftests-pk.c b/lib/crypto-selftests-pk.c
|
|
index 0233e6b9f..ba8f5e376 100644
|
|
--- a/lib/crypto-selftests-pk.c
|
|
+++ b/lib/crypto-selftests-pk.c
|
|
@@ -475,19 +475,17 @@ static int test_known_sig(gnutls_pk_algorithm_t pk, unsigned bits,
|
|
goto cleanup;
|
|
}
|
|
|
|
- /* Test if the signature we generate matches the stored */
|
|
+ ret = gnutls_privkey_sign_data(key, dig, 0, &signed_data, &sig);
|
|
+ if (ret < 0) {
|
|
+ gnutls_assert();
|
|
+ goto cleanup;
|
|
+ }
|
|
+
|
|
+ /* Test if the generated signature matches the stored */
|
|
ssig.data = (void *) stored_sig;
|
|
ssig.size = stored_sig_size;
|
|
|
|
if (deterministic_sigs != 0) { /* do not compare against stored signature if not provided */
|
|
- ret =
|
|
- gnutls_privkey_sign_data(key, dig, 0, &signed_data,
|
|
- &sig);
|
|
- if (ret < 0) {
|
|
- gnutls_assert();
|
|
- goto cleanup;
|
|
- }
|
|
-
|
|
if (sig.size != ssig.size
|
|
|| memcmp(sig.data, ssig.data, sig.size) != 0) {
|
|
ret = GNUTLS_E_SELF_TEST_ERROR;
|
|
@@ -507,7 +505,7 @@ static int test_known_sig(gnutls_pk_algorithm_t pk, unsigned bits,
|
|
}
|
|
}
|
|
|
|
- /* Test if we can verify the signature */
|
|
+ /* Test if we can verify the generated signature */
|
|
|
|
ret = gnutls_pubkey_import_privkey(pub, key, 0, 0);
|
|
if (ret < 0) {
|
|
@@ -515,6 +513,17 @@ static int test_known_sig(gnutls_pk_algorithm_t pk, unsigned bits,
|
|
goto cleanup;
|
|
}
|
|
|
|
+ ret =
|
|
+ gnutls_pubkey_verify_data2(pub, gnutls_pk_to_sign(pk, dig), 0,
|
|
+ &signed_data, &sig);
|
|
+ if (ret < 0) {
|
|
+ ret = GNUTLS_E_SELF_TEST_ERROR;
|
|
+ gnutls_assert();
|
|
+ goto cleanup;
|
|
+ }
|
|
+
|
|
+ /* Test if we can verify the stored signature */
|
|
+
|
|
ret =
|
|
gnutls_pubkey_verify_data2(pub, gnutls_pk_to_sign(pk, dig), 0,
|
|
&signed_data, &ssig);
|
|
@@ -528,7 +537,7 @@ static int test_known_sig(gnutls_pk_algorithm_t pk, unsigned bits,
|
|
|
|
ret =
|
|
gnutls_pubkey_verify_data2(pub, gnutls_pk_to_sign(pk, dig), 0,
|
|
- &bad_data, &ssig);
|
|
+ &bad_data, &sig);
|
|
|
|
if (ret != GNUTLS_E_PK_SIG_VERIFY_FAILED) {
|
|
ret = GNUTLS_E_SELF_TEST_ERROR;
|
|
--
|
|
2.20.1
|
|
|
|
|
|
From 7e49999db264556ac73ff498bd8f7edce401cdd1 Mon Sep 17 00:00:00 2001
|
|
From: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
|
|
Date: Thu, 4 Apr 2019 17:22:04 +0200
|
|
Subject: [PATCH 6/7] crypto-selftests-pk.c: Fix PK_KNOWN_TEST and PK_TEST
|
|
|
|
Remove the flag check from the end of the macros. This change allows
|
|
more than one test to run in sequence when GNUTLS_SELF_TEST_FLAG_ALL is
|
|
not set. Move the flags checks to run the minimal set of tests required
|
|
for FIPS and keep the previous behaviour for GOST (run the first test
|
|
for each algorithm).
|
|
|
|
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
|
|
---
|
|
lib/crypto-selftests-pk.c | 37 ++++++++++++++++++++-----------------
|
|
1 file changed, 20 insertions(+), 17 deletions(-)
|
|
|
|
diff --git a/lib/crypto-selftests-pk.c b/lib/crypto-selftests-pk.c
|
|
index ba8f5e376..fc8ee2525 100644
|
|
--- a/lib/crypto-selftests-pk.c
|
|
+++ b/lib/crypto-selftests-pk.c
|
|
@@ -568,18 +568,14 @@ static int test_known_sig(gnutls_pk_algorithm_t pk, unsigned bits,
|
|
if (ret < 0) { \
|
|
gnutls_assert(); \
|
|
goto cleanup; \
|
|
- } \
|
|
- if (!(flags & GNUTLS_SELF_TEST_FLAG_ALL)) \
|
|
- return 0
|
|
+ }
|
|
|
|
#define PK_KNOWN_TEST(pk, det, bits, dig, pkey, sig) \
|
|
ret = test_known_sig(pk, bits, dig, pkey, sizeof(pkey)-1, sig, sizeof(sig)-1, det); \
|
|
if (ret < 0) { \
|
|
gnutls_assert(); \
|
|
goto cleanup; \
|
|
- } \
|
|
- if (!(flags & GNUTLS_SELF_TEST_FLAG_ALL)) \
|
|
- return 0
|
|
+ }
|
|
|
|
|
|
/* This file is also included by the test app in tests/slow/cipher-test, so in that
|
|
@@ -812,11 +808,12 @@ int gnutls_pk_self_test(unsigned flags, gnutls_pk_algorithm_t pk)
|
|
PK_KNOWN_TEST(GNUTLS_PK_RSA, 1, 2048, GNUTLS_DIG_SHA256,
|
|
rsa_key2048, rsa_sig);
|
|
PK_TEST(GNUTLS_PK_RSA, test_rsa_enc, 2048, 0);
|
|
- PK_TEST(GNUTLS_PK_RSA, test_sig, 3072, GNUTLS_SIGN_RSA_SHA256);
|
|
|
|
if (!(flags & GNUTLS_SELF_TEST_FLAG_ALL))
|
|
return 0;
|
|
|
|
+ PK_TEST(GNUTLS_PK_RSA, test_sig, 3072, GNUTLS_SIGN_RSA_SHA256);
|
|
+
|
|
FALLTHROUGH;
|
|
case GNUTLS_PK_RSA_PSS:
|
|
PK_TEST(GNUTLS_PK_RSA_PSS, test_sig, 2048, GNUTLS_SIGN_RSA_PSS_RSAE_SHA256);
|
|
@@ -828,11 +825,12 @@ int gnutls_pk_self_test(unsigned flags, gnutls_pk_algorithm_t pk)
|
|
case GNUTLS_PK_DSA:
|
|
PK_KNOWN_TEST(GNUTLS_PK_DSA, 0, 2048, GNUTLS_DIG_SHA256,
|
|
dsa_privkey, dsa_sig);
|
|
- PK_TEST(GNUTLS_PK_DSA, test_sig, 3072, GNUTLS_SIGN_DSA_SHA256);
|
|
|
|
if (!(flags & GNUTLS_SELF_TEST_FLAG_ALL))
|
|
return 0;
|
|
|
|
+ PK_TEST(GNUTLS_PK_DSA, test_sig, 3072, GNUTLS_SIGN_DSA_SHA256);
|
|
+
|
|
FALLTHROUGH;
|
|
case GNUTLS_PK_EC:
|
|
/* Test ECDH and ECDSA */
|
|
@@ -850,13 +848,14 @@ int gnutls_pk_self_test(unsigned flags, gnutls_pk_algorithm_t pk)
|
|
(GNUTLS_ECC_CURVE_SECP256R1),
|
|
GNUTLS_DIG_SHA256, ecdsa_secp256r1_privkey,
|
|
ecdsa_secp256r1_sig);
|
|
- PK_TEST(GNUTLS_PK_EC, test_sig,
|
|
- GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_SECP256R1),
|
|
- GNUTLS_SIGN_ECDSA_SHA256);
|
|
|
|
if (!(flags & GNUTLS_SELF_TEST_FLAG_ALL))
|
|
return 0;
|
|
|
|
+ PK_TEST(GNUTLS_PK_EC, test_sig,
|
|
+ GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_SECP256R1),
|
|
+ GNUTLS_SIGN_ECDSA_SHA256);
|
|
+
|
|
PK_KNOWN_TEST(GNUTLS_PK_EC, 0,
|
|
GNUTLS_CURVE_TO_BITS
|
|
(GNUTLS_ECC_CURVE_SECP384R1),
|
|
@@ -900,31 +899,35 @@ int gnutls_pk_self_test(unsigned flags, gnutls_pk_algorithm_t pk)
|
|
case GNUTLS_PK_GOST_01:
|
|
PK_KNOWN_TEST(GNUTLS_PK_GOST_01, 0, GNUTLS_ECC_CURVE_GOST256CPA, GNUTLS_DIG_GOSTR_94,
|
|
gost01_privkey, gost01_sig);
|
|
- PK_TEST(GNUTLS_PK_GOST_01, test_sig, GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_GOST256CPA),
|
|
- GNUTLS_SIGN_GOST_94);
|
|
|
|
if (!(flags & GNUTLS_SELF_TEST_FLAG_ALL))
|
|
return 0;
|
|
|
|
+ PK_TEST(GNUTLS_PK_GOST_01, test_sig, GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_GOST256CPA),
|
|
+ GNUTLS_SIGN_GOST_94);
|
|
+
|
|
FALLTHROUGH;
|
|
case GNUTLS_PK_GOST_12_256:
|
|
PK_KNOWN_TEST(GNUTLS_PK_GOST_12_256, 0, GNUTLS_ECC_CURVE_GOST256CPA, GNUTLS_DIG_STREEBOG_256,
|
|
gost12_256_privkey, gost12_256_sig);
|
|
- PK_TEST(GNUTLS_PK_GOST_12_256, test_sig, GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_GOST256CPA),
|
|
- GNUTLS_SIGN_GOST_256);
|
|
|
|
if (!(flags & GNUTLS_SELF_TEST_FLAG_ALL))
|
|
return 0;
|
|
|
|
+ PK_TEST(GNUTLS_PK_GOST_12_256, test_sig, GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_GOST256CPA),
|
|
+ GNUTLS_SIGN_GOST_256);
|
|
+
|
|
FALLTHROUGH;
|
|
case GNUTLS_PK_GOST_12_512:
|
|
PK_KNOWN_TEST(GNUTLS_PK_GOST_12_512, 0, GNUTLS_ECC_CURVE_GOST512A, GNUTLS_DIG_STREEBOG_512,
|
|
gost12_512_privkey, gost12_512_sig);
|
|
- PK_TEST(GNUTLS_PK_GOST_12_512, test_sig, GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_GOST512A),
|
|
- GNUTLS_SIGN_GOST_512);
|
|
|
|
if (!(flags & GNUTLS_SELF_TEST_FLAG_ALL))
|
|
return 0;
|
|
+
|
|
+ PK_TEST(GNUTLS_PK_GOST_12_512, test_sig, GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_GOST512A),
|
|
+ GNUTLS_SIGN_GOST_512);
|
|
+
|
|
#endif
|
|
|
|
break;
|
|
--
|
|
2.20.1
|
|
|
|
|
|
From c2e83d2110b98d93588f1b6187bc932feb958ca4 Mon Sep 17 00:00:00 2001
|
|
From: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
|
|
Date: Mon, 8 Apr 2019 14:21:57 +0200
|
|
Subject: [PATCH 7/7] crypto-selftests-pk.c: Cleanup self tests
|
|
|
|
test_sig() always uses the same key for RSA, DSA, and ECDSA regardless
|
|
of the value provided in the "bits" parameter. Therefore, avoid
|
|
printing specific information (number of bits or name of the curve).
|
|
|
|
Changes test_sig() to use 2048 bits key for DSA; deleted hardcoded 512
|
|
bits DSA key;
|
|
|
|
Avoid calling test_sig() multiple times for ECDSA: the same key is
|
|
used regardless of the curve provided in the parameters.
|
|
|
|
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
|
|
---
|
|
lib/crypto-selftests-pk.c | 42 +++++++++------------------------------
|
|
1 file changed, 9 insertions(+), 33 deletions(-)
|
|
|
|
diff --git a/lib/crypto-selftests-pk.c b/lib/crypto-selftests-pk.c
|
|
index fc8ee2525..3d665b723 100644
|
|
--- a/lib/crypto-selftests-pk.c
|
|
+++ b/lib/crypto-selftests-pk.c
|
|
@@ -78,16 +78,6 @@ static const char ecc_key[] =
|
|
"MSHpe5vd0TQz+/GAa1zxle8mB/Cdh0JaTrA=\n"
|
|
"-----END EC PRIVATE KEY-----\n";
|
|
|
|
-static const char dsa_key[] =
|
|
- "-----BEGIN DSA PRIVATE KEY-----\n"
|
|
- "MIH4AgEAAkEA6KUOSXfFNcInFLPdOlLlKNCe79zJrkxnsQN+lllxuk1ifZrE07r2\n"
|
|
- "3edTrc4riQNnZ2nZ372tYUAMJg+5jM6IIwIVAOa58exwZ+42Tl+p3b4Kbpyu2Ron\n"
|
|
- "AkBocj7gkiBYHtv6HMIIzooaxn4vpGR0Ns6wBfroBUGvrnSAgfT3WyiNaHkIF28e\n"
|
|
- "quWcEeOJjUgFvatcM8gcY288AkEAyKWlgzBurIYST8TM3j4PuQJDTvdHDaGoAUAa\n"
|
|
- "EfjmOw2UXKwqTmwPiT5BYKgCo2ILS87ttlTpd8vndH37pmnmVQIUQIVuKpZ8y9Bw\n"
|
|
- "VzO8qcrLCFvTOXY=\n"
|
|
- "-----END DSA PRIVATE KEY-----\n";
|
|
-
|
|
static const char gost01_key[] =
|
|
"-----BEGIN PRIVATE KEY-----\n"
|
|
"MEUCAQAwHAYGKoUDAgITMBIGByqFAwICJAAGByqFAwICHgEEIgQgR1lBLIr4WBpn\n"
|
|
@@ -315,22 +305,20 @@ static int test_sig(gnutls_pk_algorithm_t pk,
|
|
gnutls_datum_t sig = { NULL, 0 };
|
|
gnutls_datum_t known_sig = { NULL, 0 };
|
|
gnutls_datum_t raw_rsa_key = { (void*)rsa_key2048, sizeof(rsa_key2048)-1 };
|
|
- gnutls_datum_t raw_dsa_key = { (void*)dsa_key, sizeof(dsa_key)-1 };
|
|
+ gnutls_datum_t raw_dsa_key = { (void*)dsa_privkey, sizeof(dsa_privkey)-1 };
|
|
gnutls_datum_t raw_ecc_key = { (void*)ecc_key, sizeof(ecc_key)-1 };
|
|
gnutls_datum_t raw_gost01_key = { (void*)gost01_key, sizeof(gost01_key)-1 };
|
|
gnutls_datum_t raw_gost12_256_key = { (void*)gost12_256_key, sizeof(gost12_256_key)-1 };
|
|
gnutls_datum_t raw_gost12_512_key = { (void*)gost12_512_key, sizeof(gost12_512_key)-1 };
|
|
gnutls_privkey_t key;
|
|
gnutls_pubkey_t pub = NULL;
|
|
- char param_name[32];
|
|
+ char param_name[32] = "";
|
|
|
|
- if (pk == GNUTLS_PK_EC || pk == GNUTLS_PK_GOST_01 ||
|
|
- pk == GNUTLS_PK_GOST_12_256 || pk == GNUTLS_PK_GOST_12_512) {
|
|
- snprintf(param_name, sizeof(param_name), "%s",
|
|
+ if (pk == GNUTLS_PK_GOST_01 || pk == GNUTLS_PK_GOST_12_256 ||
|
|
+ pk == GNUTLS_PK_GOST_12_512) {
|
|
+ snprintf(param_name, sizeof(param_name), "-%s",
|
|
gnutls_ecc_curve_get_name(GNUTLS_BITS_TO_CURVE
|
|
(bits)));
|
|
- } else {
|
|
- snprintf(param_name, sizeof(param_name), "%u", bits);
|
|
}
|
|
|
|
ret = gnutls_privkey_init(&key);
|
|
@@ -418,10 +406,10 @@ static int test_sig(gnutls_pk_algorithm_t pk,
|
|
gnutls_free(sig.data);
|
|
|
|
if (ret == 0)
|
|
- _gnutls_debug_log("%s-%s-sig self test succeeded\n",
|
|
+ _gnutls_debug_log("%s%s-sig self test succeeded\n",
|
|
gnutls_pk_get_name(pk), param_name);
|
|
else
|
|
- _gnutls_debug_log("%s-%s-sig self test failed\n",
|
|
+ _gnutls_debug_log("%s%s-sig self test failed\n",
|
|
gnutls_pk_get_name(pk), param_name);
|
|
|
|
return ret;
|
|
@@ -812,7 +800,7 @@ int gnutls_pk_self_test(unsigned flags, gnutls_pk_algorithm_t pk)
|
|
if (!(flags & GNUTLS_SELF_TEST_FLAG_ALL))
|
|
return 0;
|
|
|
|
- PK_TEST(GNUTLS_PK_RSA, test_sig, 3072, GNUTLS_SIGN_RSA_SHA256);
|
|
+ PK_TEST(GNUTLS_PK_RSA, test_sig, 2048, GNUTLS_SIGN_RSA_SHA256);
|
|
|
|
FALLTHROUGH;
|
|
case GNUTLS_PK_RSA_PSS:
|
|
@@ -829,7 +817,7 @@ int gnutls_pk_self_test(unsigned flags, gnutls_pk_algorithm_t pk)
|
|
if (!(flags & GNUTLS_SELF_TEST_FLAG_ALL))
|
|
return 0;
|
|
|
|
- PK_TEST(GNUTLS_PK_DSA, test_sig, 3072, GNUTLS_SIGN_DSA_SHA256);
|
|
+ PK_TEST(GNUTLS_PK_DSA, test_sig, 2048, GNUTLS_SIGN_DSA_SHA256);
|
|
|
|
FALLTHROUGH;
|
|
case GNUTLS_PK_EC:
|
|
@@ -861,18 +849,12 @@ int gnutls_pk_self_test(unsigned flags, gnutls_pk_algorithm_t pk)
|
|
(GNUTLS_ECC_CURVE_SECP384R1),
|
|
GNUTLS_DIG_SHA256, ecdsa_secp384r1_privkey,
|
|
ecdsa_secp384r1_sig);
|
|
- PK_TEST(GNUTLS_PK_EC, test_sig,
|
|
- GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_SECP384R1),
|
|
- GNUTLS_SIGN_ECDSA_SHA384);
|
|
|
|
PK_KNOWN_TEST(GNUTLS_PK_EC, 0,
|
|
GNUTLS_CURVE_TO_BITS
|
|
(GNUTLS_ECC_CURVE_SECP521R1),
|
|
GNUTLS_DIG_SHA512, ecdsa_secp521r1_privkey,
|
|
ecdsa_secp521r1_sig);
|
|
- PK_TEST(GNUTLS_PK_EC, test_sig,
|
|
- GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_SECP521R1),
|
|
- GNUTLS_SIGN_ECDSA_SHA512);
|
|
|
|
#ifdef ENABLE_NON_SUITEB_CURVES
|
|
PK_KNOWN_TEST(GNUTLS_PK_EC, 0,
|
|
@@ -880,18 +862,12 @@ int gnutls_pk_self_test(unsigned flags, gnutls_pk_algorithm_t pk)
|
|
(GNUTLS_ECC_CURVE_SECP192R1),
|
|
GNUTLS_DIG_SHA256, ecdsa_secp192r1_privkey,
|
|
ecdsa_secp192r1_sig);
|
|
- PK_TEST(GNUTLS_PK_EC, test_sig,
|
|
- GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_SECP192R1),
|
|
- GNUTLS_SIGN_ECDSA_SHA256);
|
|
|
|
PK_KNOWN_TEST(GNUTLS_PK_EC, 0,
|
|
GNUTLS_CURVE_TO_BITS
|
|
(GNUTLS_ECC_CURVE_SECP224R1),
|
|
GNUTLS_DIG_SHA256, ecdsa_secp224r1_privkey,
|
|
ecdsa_secp224r1_sig);
|
|
- PK_TEST(GNUTLS_PK_EC, test_sig,
|
|
- GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_SECP224R1),
|
|
- GNUTLS_SIGN_ECDSA_SHA256);
|
|
#endif
|
|
|
|
#if ENABLE_GOST
|
|
--
|
|
2.20.1
|