1428 lines
63 KiB
Diff
1428 lines
63 KiB
Diff
diff -up openssl-1.0.1i/crypto/bn/bn_rand.c.fips-reqs openssl-1.0.1i/crypto/bn/bn_rand.c
|
|
--- openssl-1.0.1i/crypto/bn/bn_rand.c.fips-reqs 2014-07-22 21:43:11.000000000 +0200
|
|
+++ openssl-1.0.1i/crypto/bn/bn_rand.c 2014-08-13 19:58:06.818832577 +0200
|
|
@@ -138,9 +138,12 @@ static int bnrand(int pseudorand, BIGNUM
|
|
goto err;
|
|
}
|
|
|
|
- /* make a random number and set the top and bottom bits */
|
|
- time(&tim);
|
|
- RAND_add(&tim,sizeof(tim),0.0);
|
|
+ if (!FIPS_mode()) /* in FIPS mode the RNG is always properly seeded or the module fails */
|
|
+ {
|
|
+ /* make a random number and set the top and bottom bits */
|
|
+ time(&tim);
|
|
+ RAND_add(&tim,sizeof(tim),0.0);
|
|
+ }
|
|
|
|
if (pseudorand)
|
|
{
|
|
diff -up openssl-1.0.1i/crypto/dh/dh_gen.c.fips-reqs openssl-1.0.1i/crypto/dh/dh_gen.c
|
|
--- openssl-1.0.1i/crypto/dh/dh_gen.c.fips-reqs 2014-08-13 19:58:06.765831356 +0200
|
|
+++ openssl-1.0.1i/crypto/dh/dh_gen.c 2014-08-13 19:58:06.818832577 +0200
|
|
@@ -125,7 +125,7 @@ static int dh_builtin_genparams(DH *ret,
|
|
return 0;
|
|
}
|
|
|
|
- if (FIPS_mode() && (prime_len < OPENSSL_DH_FIPS_MIN_MODULUS_BITS))
|
|
+ if (FIPS_mode() && (prime_len < OPENSSL_DH_FIPS_MIN_MODULUS_BITS_GEN))
|
|
{
|
|
DHerr(DH_F_DH_BUILTIN_GENPARAMS, DH_R_KEY_SIZE_TOO_SMALL);
|
|
goto err;
|
|
diff -up openssl-1.0.1i/crypto/dh/dh.h.fips-reqs openssl-1.0.1i/crypto/dh/dh.h
|
|
--- openssl-1.0.1i/crypto/dh/dh.h.fips-reqs 2014-08-13 19:58:06.765831356 +0200
|
|
+++ openssl-1.0.1i/crypto/dh/dh.h 2014-08-13 19:58:06.818832577 +0200
|
|
@@ -78,6 +78,7 @@
|
|
#endif
|
|
|
|
#define OPENSSL_DH_FIPS_MIN_MODULUS_BITS 1024
|
|
+#define OPENSSL_DH_FIPS_MIN_MODULUS_BITS_GEN 2048
|
|
|
|
#define DH_FLAG_CACHE_MONT_P 0x01
|
|
#define DH_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DH
|
|
diff -up openssl-1.0.1i/crypto/dh/dh_check.c.fips-reqs openssl-1.0.1i/crypto/dh/dh_check.c
|
|
--- openssl-1.0.1i/crypto/dh/dh_check.c.fips-reqs 2014-08-06 23:10:56.000000000 +0200
|
|
+++ openssl-1.0.1i/crypto/dh/dh_check.c 2014-08-13 19:58:06.818832577 +0200
|
|
@@ -134,7 +134,33 @@ int DH_check_pub_key(const DH *dh, const
|
|
BN_sub_word(q,1);
|
|
if (BN_cmp(pub_key,q)>=0)
|
|
*ret|=DH_CHECK_PUBKEY_TOO_LARGE;
|
|
+#ifdef OPENSSL_FIPS
|
|
+ if (FIPS_mode() && dh->q != NULL)
|
|
+ {
|
|
+ BN_CTX *ctx = NULL;
|
|
|
|
+ ctx = BN_CTX_new();
|
|
+ if (ctx == NULL)
|
|
+ goto err;
|
|
+
|
|
+ if (BN_mod_exp_mont(q, pub_key, dh->q, dh->p, ctx, NULL) <= 0)
|
|
+ {
|
|
+ BN_CTX_free(ctx);
|
|
+ goto err;
|
|
+ }
|
|
+ if (!BN_is_one(q))
|
|
+ {
|
|
+ /* it would be more correct to add new return flag
|
|
+ * for this test, but we do not want to do it
|
|
+ * so just error out
|
|
+ */
|
|
+ BN_CTX_free(ctx);
|
|
+ goto err;
|
|
+ }
|
|
+
|
|
+ BN_CTX_free(ctx);
|
|
+ }
|
|
+#endif
|
|
ok = 1;
|
|
err:
|
|
if (q != NULL) BN_free(q);
|
|
diff -up openssl-1.0.1i/crypto/dsa/dsa_gen.c.fips-reqs openssl-1.0.1i/crypto/dsa/dsa_gen.c
|
|
--- openssl-1.0.1i/crypto/dsa/dsa_gen.c.fips-reqs 2014-08-13 19:58:06.766831380 +0200
|
|
+++ openssl-1.0.1i/crypto/dsa/dsa_gen.c 2014-08-13 19:58:06.818832577 +0200
|
|
@@ -159,7 +159,7 @@ int dsa_builtin_paramgen(DSA *ret, size_
|
|
}
|
|
|
|
if (FIPS_module_mode() &&
|
|
- (bits != 1024 || qbits != 160) &&
|
|
+ (getenv("OPENSSL_ENFORCE_MODULUS_BITS") || bits != 1024 || qbits != 160) &&
|
|
(bits != 2048 || qbits != 224) &&
|
|
(bits != 2048 || qbits != 256) &&
|
|
(bits != 3072 || qbits != 256))
|
|
diff -up openssl-1.0.1i/crypto/dsa/dsa.h.fips-reqs openssl-1.0.1i/crypto/dsa/dsa.h
|
|
--- openssl-1.0.1i/crypto/dsa/dsa.h.fips-reqs 2014-08-13 19:58:06.766831380 +0200
|
|
+++ openssl-1.0.1i/crypto/dsa/dsa.h 2014-08-13 19:58:06.818832577 +0200
|
|
@@ -89,6 +89,7 @@
|
|
#endif
|
|
|
|
#define OPENSSL_DSA_FIPS_MIN_MODULUS_BITS 1024
|
|
+#define OPENSSL_DSA_FIPS_MIN_MODULUS_BITS_GEN (getenv("OPENSSL_ENFORCE_MODULUS_BITS")?2048:1024)
|
|
|
|
#define DSA_FLAG_CACHE_MONT_P 0x01
|
|
#define DSA_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DSA
|
|
@@ -254,9 +255,9 @@ int DSAparams_print_fp(FILE *fp, const D
|
|
int DSA_print_fp(FILE *bp, const DSA *x, int off);
|
|
#endif
|
|
|
|
-#define DSS_prime_checks 50
|
|
-/* Primality test according to FIPS PUB 186[-1], Appendix 2.1:
|
|
- * 50 rounds of Rabin-Miller */
|
|
+#define DSS_prime_checks 64
|
|
+/* Primality test according to FIPS PUB 186[-4], Appendix 2.1:
|
|
+ * 64 rounds of Rabin-Miller */
|
|
#define DSA_is_prime(n, callback, cb_arg) \
|
|
BN_is_prime(n, DSS_prime_checks, callback, NULL, cb_arg)
|
|
|
|
diff -up openssl-1.0.1i/crypto/dsa/dsa_key.c.fips-reqs openssl-1.0.1i/crypto/dsa/dsa_key.c
|
|
--- openssl-1.0.1i/crypto/dsa/dsa_key.c.fips-reqs 2014-08-13 19:58:06.816832531 +0200
|
|
+++ openssl-1.0.1i/crypto/dsa/dsa_key.c 2014-08-13 19:58:06.818832577 +0200
|
|
@@ -127,7 +127,7 @@ static int dsa_builtin_keygen(DSA *dsa)
|
|
|
|
#ifdef OPENSSL_FIPS
|
|
if (FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW)
|
|
- && (BN_num_bits(dsa->p) < OPENSSL_DSA_FIPS_MIN_MODULUS_BITS))
|
|
+ && (BN_num_bits(dsa->p) < OPENSSL_DSA_FIPS_MIN_MODULUS_BITS_GEN))
|
|
{
|
|
DSAerr(DSA_F_DSA_BUILTIN_KEYGEN, DSA_R_KEY_SIZE_TOO_SMALL);
|
|
goto err;
|
|
diff -up openssl-1.0.1i/crypto/fips/fips.c.fips-reqs openssl-1.0.1e/crypto/fips/fips.c
|
|
--- openssl-1.0.1i/crypto/fips/fips.c.fips-reqs 2014-09-24 16:38:43.000000000 +0200
|
|
+++ openssl-1.0.1i/crypto/fips/fips.c 2014-09-24 16:37:28.000000000 +0200
|
|
@@ -427,27 +427,25 @@ int FIPS_module_mode_set(int onoff, cons
|
|
ret = 0;
|
|
goto end;
|
|
}
|
|
- OPENSSL_ia32cap_P[0] |= (1<<28); /* set "shared cache" */
|
|
- OPENSSL_ia32cap_P[1] &= ~(1<<(60-32)); /* clear AVX */
|
|
}
|
|
#endif
|
|
|
|
- if(!verify_checksums())
|
|
+ if(!FIPS_selftest())
|
|
{
|
|
- FIPSerr(FIPS_F_FIPS_MODULE_MODE_SET,FIPS_R_FINGERPRINT_DOES_NOT_MATCH);
|
|
fips_selftest_fail = 1;
|
|
ret = 0;
|
|
goto end;
|
|
}
|
|
|
|
- if(FIPS_selftest())
|
|
- fips_set_mode(onoff);
|
|
- else
|
|
+ if(!verify_checksums())
|
|
{
|
|
+ FIPSerr(FIPS_F_FIPS_MODULE_MODE_SET,FIPS_R_FINGERPRINT_DOES_NOT_MATCH);
|
|
fips_selftest_fail = 1;
|
|
ret = 0;
|
|
goto end;
|
|
}
|
|
+
|
|
+ fips_set_mode(onoff);
|
|
ret = 1;
|
|
goto end;
|
|
}
|
|
diff -up openssl-1.0.1i/crypto/fips/fips_dh_selftest.c.fips-reqs openssl-1.0.1i/crypto/fips/fips_dh_selftest.c
|
|
--- openssl-1.0.1i/crypto/fips/fips_dh_selftest.c.fips-reqs 2014-08-13 19:58:06.819832600 +0200
|
|
+++ openssl-1.0.1i/crypto/fips/fips_dh_selftest.c 2014-08-13 19:58:06.819832600 +0200
|
|
@@ -0,0 +1,162 @@
|
|
+/* ====================================================================
|
|
+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
|
|
+ * Copyright (c) 2013 Red Hat, Inc.
|
|
+ *
|
|
+ * Redistribution and use in source and binary forms, with or without
|
|
+ * modification, are permitted provided that the following conditions
|
|
+ * are met:
|
|
+ *
|
|
+ * 1. Redistributions of source code must retain the above copyright
|
|
+ * notice, this list of conditions and the following disclaimer.
|
|
+ *
|
|
+ * 2. Redistributions in binary form must reproduce the above copyright
|
|
+ * notice, this list of conditions and the following disclaimer in
|
|
+ * the documentation and/or other materials provided with the
|
|
+ * distribution.
|
|
+ *
|
|
+ * 3. All advertising materials mentioning features or use of this
|
|
+ * software must display the following acknowledgment:
|
|
+ * "This product includes software developed by the OpenSSL Project
|
|
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
|
|
+ *
|
|
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
|
|
+ * endorse or promote products derived from this software without
|
|
+ * prior written permission. For written permission, please contact
|
|
+ * openssl-core@openssl.org.
|
|
+ *
|
|
+ * 5. Products derived from this software may not be called "OpenSSL"
|
|
+ * nor may "OpenSSL" appear in their names without prior written
|
|
+ * permission of the OpenSSL Project.
|
|
+ *
|
|
+ * 6. Redistributions of any form whatsoever must retain the following
|
|
+ * acknowledgment:
|
|
+ * "This product includes software developed by the OpenSSL Project
|
|
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
|
|
+ *
|
|
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
|
|
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
|
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
|
|
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
|
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
|
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
|
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
|
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
|
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
+ *
|
|
+ */
|
|
+
|
|
+#include <string.h>
|
|
+#include <openssl/crypto.h>
|
|
+#include <openssl/dh.h>
|
|
+#include <openssl/fips.h>
|
|
+#include <openssl/err.h>
|
|
+#include <openssl/evp.h>
|
|
+#include <openssl/bn.h>
|
|
+#include "fips_locl.h"
|
|
+
|
|
+#ifdef OPENSSL_FIPS
|
|
+
|
|
+static const unsigned char dh_test_2048_p[] = {
|
|
+ 0xAE,0xEC,0xEE,0x22,0xFA,0x3A,0xA5,0x22,0xC0,0xDE,0x0F,0x09,
|
|
+ 0x7E,0x17,0xC0,0x05,0xF9,0xF1,0xE7,0xC6,0x87,0x14,0x6D,0x11,
|
|
+ 0xE7,0xAE,0xED,0x2F,0x72,0x59,0xC5,0xA9,0x9B,0xB8,0x02,0xA5,
|
|
+ 0xF3,0x69,0x70,0xD6,0xDD,0x90,0xF9,0x19,0x79,0xBE,0x60,0x8F,
|
|
+ 0x25,0x92,0x30,0x1C,0x51,0x51,0x38,0x26,0x82,0x25,0xE6,0xFC,
|
|
+ 0xED,0x65,0x96,0x8F,0x57,0xE5,0x53,0x8B,0x38,0x63,0xC7,0xCE,
|
|
+ 0xBC,0x1B,0x4D,0x18,0x2A,0x5B,0x04,0x3F,0x6A,0x3C,0x94,0x39,
|
|
+ 0xAE,0x36,0xD6,0x5E,0x0F,0xA2,0xCC,0xD0,0xD4,0xD5,0xC6,0x1E,
|
|
+ 0xF6,0xA0,0xF5,0x89,0x4E,0xB4,0x0B,0xA4,0xB3,0x2B,0x3D,0xE2,
|
|
+ 0x4E,0xE1,0x49,0x25,0x99,0x5F,0x32,0x16,0x33,0x32,0x1B,0x7A,
|
|
+ 0xA5,0x5C,0x6B,0x34,0x0D,0x39,0x99,0xDC,0xF0,0x76,0xE5,0x5A,
|
|
+ 0xD4,0x71,0x00,0xED,0x5A,0x73,0xFB,0xC8,0x01,0xAD,0x99,0xCF,
|
|
+ 0x99,0x52,0x7C,0x9C,0x64,0xC6,0x76,0x40,0x57,0xAF,0x59,0xD7,
|
|
+ 0x38,0x0B,0x40,0xDE,0x33,0x0D,0xB8,0x76,0xEC,0xA9,0xD8,0x73,
|
|
+ 0xF8,0xEF,0x26,0x66,0x06,0x27,0xDD,0x7C,0xA4,0x10,0x9C,0xA6,
|
|
+ 0xAA,0xF9,0x53,0x62,0x73,0x1D,0xBA,0x1C,0xF1,0x67,0xF4,0x35,
|
|
+ 0xED,0x6F,0x37,0x92,0xE8,0x4F,0x6C,0xBA,0x52,0x6E,0xA1,0xED,
|
|
+ 0xDA,0x9F,0x85,0x11,0x82,0x52,0x62,0x08,0x44,0xF1,0x30,0x03,
|
|
+ 0xC3,0x38,0x2C,0x79,0xBD,0xD4,0x43,0x45,0xEE,0x8E,0x50,0xFC,
|
|
+ 0x29,0x46,0x9A,0xFE,0x54,0x1A,0x19,0x8F,0x4B,0x84,0x08,0xDE,
|
|
+ 0x20,0x62,0x73,0xCC,0xDD,0x7E,0xF0,0xEF,0xA2,0xFD,0x86,0x58,
|
|
+ 0x4B,0xD8,0x37,0xEB
|
|
+};
|
|
+
|
|
+static const unsigned char dh_test_2048_g[] = {
|
|
+ 0x02
|
|
+};
|
|
+
|
|
+static const unsigned char dh_test_2048_pub_key[] = {
|
|
+ 0xA0,0x39,0x11,0x77,0x9A,0xC1,0x30,0x1F,0xBE,0x48,0xA7,0xAA,
|
|
+ 0xA0,0x84,0x54,0x64,0xAD,0x1B,0x70,0xFA,0x13,0x55,0x63,0xD2,
|
|
+ 0x1F,0x62,0x32,0x93,0x8E,0xC9,0x3E,0x09,0xA7,0x64,0xE4,0x12,
|
|
+ 0x6E,0x1B,0xF2,0x92,0x3B,0xB9,0xCB,0x56,0xEA,0x07,0x88,0xB5,
|
|
+ 0xA6,0xBC,0x16,0x1F,0x27,0xFE,0xD8,0xAA,0x40,0xB2,0xB0,0x2D,
|
|
+ 0x37,0x76,0xA6,0xA4,0x82,0x2C,0x0E,0x22,0x64,0x9D,0xCB,0xD1,
|
|
+ 0x00,0xB7,0x89,0x14,0x72,0x4E,0xBE,0x48,0x41,0xF8,0xB2,0x51,
|
|
+ 0x11,0x09,0x4B,0x22,0x01,0x23,0x39,0x96,0xE0,0x15,0xD7,0x9F,
|
|
+ 0x60,0xD1,0xB7,0xAE,0xFE,0x5F,0xDB,0xE7,0x03,0x17,0x97,0xA6,
|
|
+ 0x16,0x74,0xBD,0x53,0x81,0x19,0xC5,0x47,0x5E,0xCE,0x8D,0xED,
|
|
+ 0x45,0x5D,0x3C,0x00,0xA0,0x0A,0x68,0x6A,0xE0,0x8E,0x06,0x46,
|
|
+ 0x6F,0xD7,0xF9,0xDF,0x31,0x7E,0x77,0x44,0x0D,0x98,0xE0,0xCA,
|
|
+ 0x98,0x09,0x52,0x04,0x90,0xEA,0x6D,0xF4,0x30,0x69,0x8F,0xB1,
|
|
+ 0x9B,0xC1,0x43,0xDB,0xD5,0x8D,0xC8,0x8E,0xB6,0x0B,0x05,0xBE,
|
|
+ 0x0E,0xC5,0x99,0xC8,0x6E,0x4E,0xF3,0xCB,0xC3,0x5E,0x9B,0x53,
|
|
+ 0xF7,0x06,0x1C,0x4F,0xC7,0xB8,0x6E,0x30,0x18,0xCA,0x9B,0xB9,
|
|
+ 0xBC,0x5F,0x17,0x72,0x29,0x5A,0xE5,0xD9,0x96,0xB7,0x0B,0xF3,
|
|
+ 0x2D,0x8C,0xF1,0xE1,0x0E,0x0D,0x74,0xD5,0x9D,0xF0,0x06,0xA9,
|
|
+ 0xB4,0x95,0x63,0x76,0x46,0x55,0x48,0x82,0x39,0x90,0xEF,0x56,
|
|
+ 0x75,0x34,0xB8,0x34,0xC3,0x18,0x6E,0x1E,0xAD,0xE3,0x48,0x7E,
|
|
+ 0x93,0x2C,0x23,0xE7,0xF8,0x90,0x73,0xB1,0x77,0x80,0x67,0xA9,
|
|
+ 0x36,0x9E,0xDA,0xD2
|
|
+};
|
|
+
|
|
+static const unsigned char dh_test_2048_priv_key[] = {
|
|
+ 0x0C,0x4B,0x30,0x89,0xD1,0xB8,0x62,0xCB,0x3C,0x43,0x64,0x91,
|
|
+ 0xF0,0x91,0x54,0x70,0xC5,0x27,0x96,0xE3,0xAC,0xBE,0xE8,0x00,
|
|
+ 0xEC,0x55,0xF6,0xCC
|
|
+};
|
|
+
|
|
+int FIPS_selftest_dh()
|
|
+ {
|
|
+ DH *dh = NULL;
|
|
+ int ret = 0;
|
|
+ void *pub_key = NULL;
|
|
+ int len;
|
|
+
|
|
+ dh = DH_new();
|
|
+
|
|
+ if(dh == NULL)
|
|
+ goto err;
|
|
+
|
|
+ fips_load_key_component(dh, p, dh_test_2048);
|
|
+ fips_load_key_component(dh, g, dh_test_2048);
|
|
+ /* note that the private key is much shorter than normally used
|
|
+ * but still g ** priv_key > p
|
|
+ */
|
|
+ fips_load_key_component(dh, priv_key, dh_test_2048);
|
|
+
|
|
+ if (DH_generate_key(dh) <= 0)
|
|
+ goto err;
|
|
+
|
|
+ len = BN_num_bytes(dh->pub_key);
|
|
+ if ((pub_key = OPENSSL_malloc(len)) == NULL)
|
|
+ goto err;
|
|
+ BN_bn2bin(dh->pub_key, pub_key);
|
|
+
|
|
+ if (len != sizeof(dh_test_2048_pub_key) ||
|
|
+ memcmp(pub_key, dh_test_2048_pub_key, len) != 0)
|
|
+ goto err;
|
|
+
|
|
+ ret = 1;
|
|
+
|
|
+ err:
|
|
+ if (dh)
|
|
+ DH_free(dh);
|
|
+
|
|
+ OPENSSL_free(pub_key);
|
|
+ return ret;
|
|
+ }
|
|
+#endif
|
|
diff -up openssl-1.0.1i/crypto/fips/fips.h.fips-reqs openssl-1.0.1i/crypto/fips/fips.h
|
|
--- openssl-1.0.1i/crypto/fips/fips.h.fips-reqs 2014-08-13 19:58:06.812832439 +0200
|
|
+++ openssl-1.0.1i/crypto/fips/fips.h 2014-08-13 19:58:06.819832600 +0200
|
|
@@ -96,6 +96,7 @@ void FIPS_corrupt_dsa_keygen(void);
|
|
int FIPS_selftest_dsa(void);
|
|
int FIPS_selftest_ecdsa(void);
|
|
int FIPS_selftest_ecdh(void);
|
|
+int FIPS_selftest_dh(void);
|
|
void FIPS_corrupt_rng(void);
|
|
void FIPS_rng_stick(void);
|
|
void FIPS_x931_stick(int onoff);
|
|
diff -up openssl-1.0.1i/crypto/fips/fips_post.c.fips-reqs openssl-1.0.1i/crypto/fips/fips_post.c
|
|
--- openssl-1.0.1i/crypto/fips/fips_post.c.fips-reqs 2014-08-13 19:58:06.809832370 +0200
|
|
+++ openssl-1.0.1i/crypto/fips/fips_post.c 2014-08-13 19:58:06.819832600 +0200
|
|
@@ -99,6 +99,8 @@ int FIPS_selftest(void)
|
|
rv = 0;
|
|
if (!FIPS_selftest_dsa())
|
|
rv = 0;
|
|
+ if (!FIPS_selftest_dh())
|
|
+ rv = 0;
|
|
if (!FIPS_selftest_ecdh())
|
|
rv = 0;
|
|
return rv;
|
|
diff -up openssl-1.0.1i/crypto/fips/fips_rsa_selftest.c.fips-reqs openssl-1.0.1i/crypto/fips/fips_rsa_selftest.c
|
|
--- openssl-1.0.1i/crypto/fips/fips_rsa_selftest.c.fips-reqs 2014-08-13 19:58:06.779831679 +0200
|
|
+++ openssl-1.0.1i/crypto/fips/fips_rsa_selftest.c 2014-08-13 19:59:16.491437297 +0200
|
|
@@ -60,69 +60,113 @@
|
|
#ifdef OPENSSL_FIPS
|
|
|
|
static const unsigned char n[] =
|
|
-"\x00\xBB\xF8\x2F\x09\x06\x82\xCE\x9C\x23\x38\xAC\x2B\x9D\xA8\x71"
|
|
-"\xF7\x36\x8D\x07\xEE\xD4\x10\x43\xA4\x40\xD6\xB6\xF0\x74\x54\xF5"
|
|
-"\x1F\xB8\xDF\xBA\xAF\x03\x5C\x02\xAB\x61\xEA\x48\xCE\xEB\x6F\xCD"
|
|
-"\x48\x76\xED\x52\x0D\x60\xE1\xEC\x46\x19\x71\x9D\x8A\x5B\x8B\x80"
|
|
-"\x7F\xAF\xB8\xE0\xA3\xDF\xC7\x37\x72\x3E\xE6\xB4\xB7\xD9\x3A\x25"
|
|
-"\x84\xEE\x6A\x64\x9D\x06\x09\x53\x74\x88\x34\xB2\x45\x45\x98\x39"
|
|
-"\x4E\xE0\xAA\xB1\x2D\x7B\x61\xA5\x1F\x52\x7A\x9A\x41\xF6\xC1\x68"
|
|
-"\x7F\xE2\x53\x72\x98\xCA\x2A\x8F\x59\x46\xF8\xE5\xFD\x09\x1D\xBD"
|
|
-"\xCB";
|
|
+"\x00\xc9\xd5\x6d\x9d\x90\xdb\x43\xd6\x02\xed\x96\x88\x13\x8a"
|
|
+"\xb2\xbf\x6e\xa1\x06\x10\xb2\x78\x37\xa7\x14\xa8\xff\xdd\x00"
|
|
+"\xdd\xb4\x93\xa0\x45\xcc\x96\x90\xed\xad\xa9\xdd\xc4\xd6\xca"
|
|
+"\x0c\xf0\xed\x4f\x72\x5e\x21\x49\x9a\x18\x12\x15\x8f\x90\x5a"
|
|
+"\xdb\xb6\x33\x99\xa3\xe6\xb4\xf0\xc4\x97\x21\x26\xbb\xe3\xba"
|
|
+"\xf2\xff\xa0\x72\xda\x89\x63\x8e\x8b\x3e\x08\x9d\x92\x2a\xbe"
|
|
+"\x16\xe1\x43\x15\xfc\x57\xc7\x1f\x09\x11\x67\x1c\xa9\x96\xd1"
|
|
+"\x8b\x3e\x80\x93\xc1\x59\xd0\x6d\x39\xf2\xac\x95\xcc\x10\x75"
|
|
+"\xe9\x31\x24\xd1\x43\xaf\x68\x52\x4b\xe7\x16\xd7\x49\x65\x6f"
|
|
+"\x26\xc0\x86\xad\xc0\x07\x0a\xc1\xe1\x2f\x87\x85\x86\x3b\xdc"
|
|
+"\x5a\x99\xbe\xe9\xf9\xb9\xe9\x82\x27\x51\x04\x15\xab\x06\x0e"
|
|
+"\x76\x5a\x28\x8d\x92\xbd\xc5\xb5\x7b\xa8\xdf\x4e\x47\xa2\xc1"
|
|
+"\xe7\x52\xbf\x47\xf7\x62\xe0\x3a\x6f\x4d\x6a\x4d\x4e\xd4\xb9"
|
|
+"\x59\x69\xfa\xb2\x14\xc1\xee\xe6\x2f\x95\xcd\x94\x72\xae\xe4"
|
|
+"\xdb\x18\x9a\xc4\xcd\x70\xbd\xee\x31\x16\xb7\x49\x65\xac\x40"
|
|
+"\x19\x0e\xb5\x6d\x83\xf1\x36\xbb\x08\x2f\x2e\x4e\x92\x62\xa4"
|
|
+"\xff\x50\xdb\x20\x45\xa2\xeb\x16\x7a\xf2\xd5\x28\xc1\xfd\x4e"
|
|
+"\x03\x71";
|
|
+
|
|
|
|
static int corrupt_rsa;
|
|
|
|
static int setrsakey(RSA *key)
|
|
{
|
|
- static const unsigned char e[] = "\x11";
|
|
+ static const unsigned char e[] = "\x01\x00\x01";
|
|
|
|
static const unsigned char d[] =
|
|
-"\x00\xA5\xDA\xFC\x53\x41\xFA\xF2\x89\xC4\xB9\x88\xDB\x30\xC1\xCD"
|
|
-"\xF8\x3F\x31\x25\x1E\x06\x68\xB4\x27\x84\x81\x38\x01\x57\x96\x41"
|
|
-"\xB2\x94\x10\xB3\xC7\x99\x8D\x6B\xC4\x65\x74\x5E\x5C\x39\x26\x69"
|
|
-"\xD6\x87\x0D\xA2\xC0\x82\xA9\x39\xE3\x7F\xDC\xB8\x2E\xC9\x3E\xDA"
|
|
-"\xC9\x7F\xF3\xAD\x59\x50\xAC\xCF\xBC\x11\x1C\x76\xF1\xA9\x52\x94"
|
|
-"\x44\xE5\x6A\xAF\x68\xC5\x6C\x09\x2C\xD3\x8D\xC3\xBE\xF5\xD2\x0A"
|
|
-"\x93\x99\x26\xED\x4F\x74\xA1\x3E\xDD\xFB\xE1\xA1\xCE\xCC\x48\x94"
|
|
-"\xAF\x94\x28\xC2\xB7\xB8\x88\x3F\xE4\x46\x3A\x4B\xC8\x5B\x1C\xB3"
|
|
-"\xC1";
|
|
+"\x36\x27\x3d\xb1\xf9\x1b\xdb\xa7\xa0\x41\x7f\x12\x23\xac\x23"
|
|
+"\x29\x99\xd5\x3a\x7b\x60\x67\x41\x07\x63\x53\xb4\xd2\xe7\x58"
|
|
+"\x95\x0a\xc7\x05\xf3\x4e\xb2\xb4\x12\xd4\x70\xdc\x4f\x85\x06"
|
|
+"\xd3\xdd\xd8\x63\x27\x3e\x67\x31\x21\x24\x39\x04\xbc\x06\xa4"
|
|
+"\xcc\xce\x2b\x7a\xfe\x7b\xad\xde\x11\x6e\xa3\xa5\xe6\x04\x53"
|
|
+"\x0e\xa3\x4e\x2d\xb4\x8f\x31\xbf\xca\x75\x25\x52\x02\x85\xde"
|
|
+"\x3d\xb2\x72\x43\xb2\x89\x8a\x9a\x34\x41\x26\x3f\x9a\x67\xbe"
|
|
+"\xa4\x96\x7b\x0e\x75\xba\xa6\x93\xd5\xb8\xd8\xb8\x57\xf2\x4b"
|
|
+"\x0f\x14\x81\xd1\x57\x4e\xf6\x45\x4c\xa6\x3b\xd0\x70\xca\xd3"
|
|
+"\x9d\x55\xde\x22\x05\xe7\x8e\x28\x4d\xee\x11\xcf\xb6\x67\x76"
|
|
+"\x09\xd3\xe3\x3c\x13\xf9\x99\x34\x10\x7b\xec\x81\x38\xf0\xb6"
|
|
+"\x34\x9c\x9b\x50\x6f\x0b\x91\x81\x4d\x89\x94\x04\x7b\xf0\x3c"
|
|
+"\xf4\xb1\xb2\x00\x48\x8d\x5a\x8f\x88\x9e\xc5\xab\x3a\x9e\x44"
|
|
+"\x3f\x54\xe7\xd9\x6e\x47\xaa\xa1\xbd\x40\x46\x31\xf9\xf0\x34"
|
|
+"\xb6\x04\xe1\x2b\x5b\x73\x86\xdd\x3a\x92\x1b\x71\xc7\x3f\x32"
|
|
+"\xe5\xc3\xc2\xab\xa1\x7e\xbf\xa4\x52\xa0\xb0\x68\x90\xd1\x20"
|
|
+"\x12\x79\xe9\xd7\xc9\x40\xba\xf2\x19\xc7\xa5\x00\x92\x86\x0d"
|
|
+"\x01";
|
|
|
|
static const unsigned char p[] =
|
|
-"\x00\xEE\xCF\xAE\x81\xB1\xB9\xB3\xC9\x08\x81\x0B\x10\xA1\xB5\x60"
|
|
-"\x01\x99\xEB\x9F\x44\xAE\xF4\xFD\xA4\x93\xB8\x1A\x9E\x3D\x84\xF6"
|
|
-"\x32\x12\x4E\xF0\x23\x6E\x5D\x1E\x3B\x7E\x28\xFA\xE7\xAA\x04\x0A"
|
|
-"\x2D\x5B\x25\x21\x76\x45\x9D\x1F\x39\x75\x41\xBA\x2A\x58\xFB\x65"
|
|
-"\x99";
|
|
+"\x00\xfc\x5c\x6e\x16\xce\x1f\x03\x7b\xcd\xf7\xb3\x72\xb2\x8f"
|
|
+"\x16\x72\xb8\x56\xae\xf7\xcd\x67\xd8\x4e\x7d\x07\xaf\xd5\x43"
|
|
+"\x26\xc3\x35\xbe\x43\x8f\x4e\x2f\x1c\x43\x4e\x6b\xd2\xb2\xec"
|
|
+"\x52\x6d\x97\x52\x2b\xcc\x5c\x3a\x6b\xf4\x14\xc6\x74\xda\x66"
|
|
+"\x38\x1c\x7a\x3f\x84\x2f\xe3\xf9\x5a\xb8\x65\x69\x46\x06\xa3"
|
|
+"\x37\x79\xb2\xa1\x5b\x58\xed\x5e\xa7\x5f\x8c\x65\x66\xbb\xd1"
|
|
+"\x24\x36\xe6\x37\xa7\x3d\x49\x77\x8a\x8c\x34\xd8\x69\x29\xf3"
|
|
+"\x4d\x58\x22\xb0\x51\x24\xb6\x40\xa8\x86\x59\x0a\xb7\xba\x5c"
|
|
+"\x97\xda\x57\xe8\x36\xda\x7a\x9c\xad";
|
|
|
|
static const unsigned char q[] =
|
|
-"\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9"
|
|
-"\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5A\x0F\x20\x35\x02\x8B\x9D"
|
|
-"\x86\x98\x40\xB4\x16\x66\xB4\x2E\x92\xEA\x0D\xA3\xB4\x32\x04\xB5"
|
|
-"\xCF\xCE\x33\x52\x52\x4D\x04\x16\xA5\xA4\x41\xE7\x00\xAF\x46\x15"
|
|
-"\x03";
|
|
+"\x00\xcc\xbe\x7b\x09\x69\x06\xee\x45\xbf\x88\x47\x38\xa8\xf8"
|
|
+"\x17\xe5\xb6\xba\x67\x55\xe3\xe8\x05\x8b\xb8\xe2\x53\xd6\x8e"
|
|
+"\xef\x2c\xe7\x4f\x4a\xf7\x4e\x26\x8d\x85\x0b\x3f\xec\xc3\x1c"
|
|
+"\xd4\xeb\xec\x6a\xc8\x72\x2a\x25\x7d\xfd\xa6\x77\x96\xf0\x1e"
|
|
+"\xcd\x28\x57\xf8\x37\x30\x75\x6b\xbd\xd4\x7b\x0c\x87\xc5\x6c"
|
|
+"\x87\x40\xa5\xbb\x27\x2c\x78\xc9\x74\x5a\x54\x5b\x0b\x30\x6f"
|
|
+"\x44\x4a\xfa\x71\xe4\x21\x61\x66\xf9\xee\x65\xde\x7c\x04\xd7"
|
|
+"\xfd\xa9\x15\x5b\x7f\xe2\x7a\xba\x69\x86\x72\xa6\x06\x8d\x9b"
|
|
+"\x90\x55\x60\x9e\x4c\x5d\xa9\xb6\x55";
|
|
+
|
|
|
|
static const unsigned char dmp1[] =
|
|
-"\x54\x49\x4C\xA6\x3E\xBA\x03\x37\xE4\xE2\x40\x23\xFC\xD6\x9A\x5A"
|
|
-"\xEB\x07\xDD\xDC\x01\x83\xA4\xD0\xAC\x9B\x54\xB0\x51\xF2\xB1\x3E"
|
|
-"\xD9\x49\x09\x75\xEA\xB7\x74\x14\xFF\x59\xC1\xF7\x69\x2E\x9A\x2E"
|
|
-"\x20\x2B\x38\xFC\x91\x0A\x47\x41\x74\xAD\xC9\x3C\x1F\x67\xC9\x81";
|
|
+"\x7a\xd6\x12\xd0\x0e\xec\x91\xa9\x85\x8b\xf8\x50\xf0\x11\x2e"
|
|
+"\x00\x11\x32\x40\x60\x66\x1f\x11\xee\xc2\x75\x27\x65\x4b\x16"
|
|
+"\x67\x16\x95\xd2\x14\xc3\x1d\xb3\x48\x1f\xb7\xe4\x0b\x2b\x74"
|
|
+"\xc3\xdb\x50\x27\xf9\x85\x3a\xfa\xa9\x08\x23\xc1\x65\x3d\x34"
|
|
+"\x3a\xc8\x56\x7a\x65\x45\x36\x6e\xae\x2a\xce\x9f\x43\x43\xd7"
|
|
+"\x10\xe9\x9e\x18\xf4\xa4\x35\xda\x8a\x6b\xb0\x3f\xdd\x53\xe3"
|
|
+"\xa8\xc5\x4e\x79\x9d\x1f\x51\x8c\xa2\xca\x66\x3c\x6a\x2a\xff"
|
|
+"\x8e\xd2\xf3\xb7\xcb\x82\xda\xde\x2c\xe6\xd2\x8c\xb3\xad\xb6"
|
|
+"\x4c\x95\x55\x76\xbd\xc9\xc8\xd1";
|
|
+
|
|
|
|
static const unsigned char dmq1[] =
|
|
-"\x47\x1E\x02\x90\xFF\x0A\xF0\x75\x03\x51\xB7\xF8\x78\x86\x4C\xA9"
|
|
-"\x61\xAD\xBD\x3A\x8A\x7E\x99\x1C\x5C\x05\x56\xA9\x4C\x31\x46\xA7"
|
|
-"\xF9\x80\x3F\x8F\x6F\x8A\xE3\x42\xE9\x31\xFD\x8A\xE4\x7A\x22\x0D"
|
|
-"\x1B\x99\xA4\x95\x84\x98\x07\xFE\x39\xF9\x24\x5A\x98\x36\xDA\x3D";
|
|
-
|
|
+"\x00\x83\x23\x1d\xbb\x11\x42\x17\x2b\x25\x5a\x2c\x03\xe6\x75"
|
|
+"\xc1\x18\xa8\xc9\x0b\x96\xbf\xba\xc4\x92\x91\x80\xa5\x22\x2f"
|
|
+"\xba\x91\x90\x36\x01\x56\x15\x00\x2c\x74\xa2\x97\xf7\x15\xa1"
|
|
+"\x49\xdf\x32\x35\xd2\xdd\x0c\x91\xa6\xf8\xe7\xbe\x81\x36\x9b"
|
|
+"\x03\xdc\x6b\x3b\xd8\x5d\x79\x57\xe0\xe6\x4f\x49\xdf\x4c\x5c"
|
|
+"\x0e\xe5\x21\x41\x95\xfd\xad\xff\x9a\x3e\xa0\xf9\x0f\x59\x9e"
|
|
+"\x6a\xa7\x7b\x71\xa7\x24\x9a\x36\x52\xae\x97\x20\xc1\x5e\x78"
|
|
+"\xd9\x47\x8b\x1e\x67\xf2\xaf\x98\xe6\x2d\xef\x10\xd7\xf1\xab"
|
|
+"\x49\xee\xe5\x4b\x7e\xae\x1f\x1d\x61";
|
|
+
|
|
+
|
|
static const unsigned char iqmp[] =
|
|
-"\x00\xB0\x6C\x4F\xDA\xBB\x63\x01\x19\x8D\x26\x5B\xDB\xAE\x94\x23"
|
|
-"\xB3\x80\xF2\x71\xF7\x34\x53\x88\x50\x93\x07\x7F\xCD\x39\xE2\x11"
|
|
-"\x9F\xC9\x86\x32\x15\x4F\x58\x83\xB1\x67\xA9\x67\xBF\x40\x2B\x4E"
|
|
-"\x9E\x2E\x0F\x96\x56\xE6\x98\xEA\x36\x66\xED\xFB\x25\x79\x80\x39"
|
|
-"\xF7";
|
|
+"\x23\x96\xc1\x91\x17\x5e\x0a\x83\xd2\xdc\x7b\x69\xb2\x59\x1d"
|
|
+"\x33\x58\x52\x3f\x18\xc7\x09\x50\x1c\xb9\xa1\xbb\x4c\xa2\x38"
|
|
+"\x40\x4c\x9a\x8e\xfe\x9c\x90\x92\xd0\x71\x9f\x89\x99\x50\x91"
|
|
+"\x1f\x34\x8b\x74\x53\x11\x11\x4a\x70\xe2\xf7\x30\xd8\x8c\x80"
|
|
+"\xe1\xcc\x9f\xf1\x63\x17\x1a\x7d\x67\x29\x4c\xcb\x4e\x74\x7b"
|
|
+"\xe0\x3e\x9e\x2f\xf4\x67\x8f\xec\xb9\x5c\x00\x1e\x7e\xa2\x7b"
|
|
+"\x92\xc9\x6f\x4c\xe4\x0e\xf9\x48\x63\xcd\x50\x22\x5d\xbf\xb6"
|
|
+"\x9d\x01\x33\x6a\xf4\x50\xbe\x86\x98\x4f\xca\x3f\x3a\xfa\xcf"
|
|
+"\x07\x40\xc4\xaa\xad\xae\xbe\xbf";
|
|
|
|
key->n = BN_bin2bn(n, sizeof(n)-1, key->n);
|
|
if (corrupt_rsa)
|
|
- BN_set_bit(key->n, 1024);
|
|
+ BN_set_bit(key->n, 2048);
|
|
key->e = BN_bin2bn(e, sizeof(e)-1, key->e);
|
|
key->d = BN_bin2bn(d, sizeof(d)-1, key->d);
|
|
key->p = BN_bin2bn(p, sizeof(p)-1, key->p);
|
|
@@ -145,201 +189,291 @@ void FIPS_corrupt_rsa()
|
|
static const unsigned char kat_tbs[] = "OpenSSL FIPS 140-2 Public Key RSA KAT";
|
|
|
|
static const unsigned char kat_RSA_PSS_SHA1[] = {
|
|
- 0x2D, 0xAF, 0x6E, 0xC2, 0x98, 0xFB, 0x8A, 0xA1, 0xB9, 0x46, 0xDA, 0x0F,
|
|
- 0x01, 0x1E, 0x37, 0x93, 0xC2, 0x55, 0x27, 0xE4, 0x1D, 0xD2, 0x90, 0xBB,
|
|
- 0xF4, 0xBF, 0x4A, 0x74, 0x39, 0x51, 0xBB, 0xE8, 0x0C, 0xB7, 0xF8, 0xD3,
|
|
- 0xD1, 0xDF, 0xE7, 0xBE, 0x80, 0x05, 0xC3, 0xB5, 0xC7, 0x83, 0xD5, 0x4C,
|
|
- 0x7F, 0x49, 0xFB, 0x3F, 0x29, 0x9B, 0xE1, 0x12, 0x51, 0x60, 0xD0, 0xA7,
|
|
- 0x0D, 0xA9, 0x28, 0x56, 0x73, 0xD9, 0x07, 0xE3, 0x5E, 0x3F, 0x9B, 0xF5,
|
|
- 0xB6, 0xF3, 0xF2, 0x5E, 0x74, 0xC9, 0x83, 0x81, 0x47, 0xF0, 0xC5, 0x45,
|
|
- 0x0A, 0xE9, 0x8E, 0x38, 0xD7, 0x18, 0xC6, 0x2A, 0x0F, 0xF8, 0xB7, 0x31,
|
|
- 0xD6, 0x55, 0xE4, 0x66, 0x78, 0x81, 0xD4, 0xE6, 0xDB, 0x9F, 0xBA, 0xE8,
|
|
- 0x23, 0xB5, 0x7F, 0xDC, 0x08, 0xEA, 0xD5, 0x26, 0x1E, 0x20, 0x25, 0x84,
|
|
- 0x26, 0xC6, 0x79, 0xC9, 0x9B, 0x3D, 0x7E, 0xA9
|
|
+ 0xC2, 0x80, 0x82, 0x56, 0xD8, 0xA7, 0xB2, 0x9C, 0xF5, 0xD6, 0x3C, 0xE3,
|
|
+ 0xBF, 0xE9, 0x3A, 0x53, 0x40, 0xAE, 0xF2, 0xA9, 0x6A, 0x39, 0x49, 0x5B,
|
|
+ 0x05, 0x7F, 0x67, 0x38, 0x2E, 0x1D, 0xE1, 0x93, 0x22, 0x65, 0x79, 0x84,
|
|
+ 0x68, 0xFA, 0xD8, 0xAF, 0xA1, 0x98, 0x61, 0x6F, 0x44, 0x27, 0xA6, 0x8B,
|
|
+ 0xCF, 0x0E, 0x13, 0xA9, 0xCE, 0xD7, 0x6C, 0xD2, 0x38, 0xB5, 0x16, 0xB9,
|
|
+ 0x66, 0x94, 0x48, 0xDE, 0x9E, 0x19, 0x3D, 0x6F, 0xB3, 0xA1, 0x9A, 0x19,
|
|
+ 0xDF, 0xFB, 0xAB, 0xA5, 0x9F, 0x38, 0xDA, 0xC9, 0x21, 0x8F, 0xCE, 0x98,
|
|
+ 0x01, 0x3A, 0xC8, 0xE0, 0xDF, 0xDA, 0xFC, 0xF0, 0xA6, 0x86, 0x29, 0xB5,
|
|
+ 0x7F, 0x61, 0xFB, 0xBA, 0xC5, 0x49, 0xB2, 0x7C, 0x6A, 0x26, 0x82, 0xC4,
|
|
+ 0x8F, 0xAA, 0x5B, 0x10, 0xD5, 0xEE, 0xA0, 0x55, 0x42, 0xEF, 0x32, 0x5A,
|
|
+ 0x3F, 0x55, 0xB3, 0x2C, 0x22, 0xE9, 0x65, 0xDA, 0x8D, 0x0A, 0xB9, 0x70,
|
|
+ 0x43, 0xCC, 0x3F, 0x64, 0x9C, 0xB5, 0x65, 0x49, 0xBD, 0x7F, 0x35, 0xC1,
|
|
+ 0x20, 0x85, 0x24, 0xFE, 0xAA, 0x6B, 0x37, 0x04, 0xA1, 0x0E, 0x9D, 0x5C,
|
|
+ 0xBA, 0x7F, 0x14, 0x69, 0xC5, 0x93, 0xB2, 0x33, 0xC2, 0xC0, 0xC7, 0xDF,
|
|
+ 0x7E, 0x9E, 0xA4, 0xB0, 0xA0, 0x64, 0xD2, 0xAC, 0xFC, 0xFD, 0xFD, 0x99,
|
|
+ 0x8F, 0x6A, 0x40, 0x26, 0xC1, 0x2E, 0x4E, 0x8B, 0x33, 0xBE, 0xF1, 0x45,
|
|
+ 0x59, 0x8F, 0x33, 0x40, 0x1D, 0x2A, 0xD2, 0xF7, 0x50, 0x83, 0x89, 0xCF,
|
|
+ 0x94, 0xC6, 0xF8, 0x36, 0xF0, 0x84, 0x0B, 0x85, 0xA5, 0x02, 0xA9, 0x0F,
|
|
+ 0x41, 0x7A, 0x77, 0xA3, 0x2F, 0x47, 0x1E, 0x1D, 0xEC, 0xE6, 0xD3, 0x01,
|
|
+ 0x1E, 0x6F, 0x7A, 0x96, 0x50, 0x37, 0x37, 0x4B, 0x27, 0x52, 0x0B, 0xDC,
|
|
+ 0xDB, 0xC7, 0xA9, 0x31, 0xB2, 0x40, 0xEE, 0x60, 0x41, 0x26, 0x6A, 0x05,
|
|
+ 0xCE, 0x08, 0x1D, 0x89
|
|
};
|
|
|
|
static const unsigned char kat_RSA_PSS_SHA224[] = {
|
|
- 0x39, 0x4A, 0x6A, 0x20, 0xBC, 0xE9, 0x33, 0xED, 0xEF, 0xC5, 0x58, 0xA7,
|
|
- 0xFE, 0x81, 0xC4, 0x36, 0x50, 0x9A, 0x2C, 0x82, 0x98, 0x08, 0x95, 0xFA,
|
|
- 0xB1, 0x9E, 0xD2, 0x55, 0x61, 0x87, 0x21, 0x59, 0x87, 0x7B, 0x1F, 0x57,
|
|
- 0x30, 0x9D, 0x0D, 0x4A, 0x06, 0xEB, 0x52, 0x37, 0x55, 0x54, 0x1C, 0x89,
|
|
- 0x83, 0x75, 0x59, 0x65, 0x64, 0x90, 0x2E, 0x16, 0xCC, 0x86, 0x05, 0xEE,
|
|
- 0xB1, 0xE6, 0x7B, 0xBA, 0x16, 0x75, 0x0D, 0x0C, 0x64, 0x0B, 0xAB, 0x22,
|
|
- 0x15, 0x78, 0x6B, 0x6F, 0xA4, 0xFB, 0x77, 0x40, 0x64, 0x62, 0xD1, 0xB5,
|
|
- 0x37, 0x1E, 0xE0, 0x3D, 0xA8, 0xF9, 0xD2, 0xBD, 0xAA, 0x38, 0x24, 0x49,
|
|
- 0x58, 0xD2, 0x74, 0x85, 0xF4, 0xB5, 0x93, 0x8E, 0xF5, 0x03, 0xEA, 0x2D,
|
|
- 0xC8, 0x52, 0xFA, 0xCF, 0x7E, 0x35, 0xB0, 0x6A, 0xAF, 0x95, 0xC0, 0x00,
|
|
- 0x54, 0x76, 0x3D, 0x0C, 0x9C, 0xB2, 0xEE, 0xC0
|
|
+ 0xB4, 0x01, 0x93, 0x16, 0x05, 0xF6, 0xEB, 0xE2, 0xA4, 0xEB, 0x48, 0xAA,
|
|
+ 0x00, 0xF4, 0xA1, 0x99, 0x0A, 0xB4, 0xB6, 0x63, 0xE9, 0x68, 0xCA, 0xB3,
|
|
+ 0x13, 0xD7, 0x66, 0x6A, 0xCD, 0xCB, 0x33, 0x9F, 0xE5, 0x84, 0xE2, 0xC3,
|
|
+ 0x0B, 0x53, 0xE5, 0x8B, 0x96, 0x4B, 0xDB, 0x2D, 0x80, 0xA4, 0x1D, 0xE3,
|
|
+ 0x81, 0xDC, 0x52, 0x99, 0xBA, 0x9B, 0x6A, 0x9D, 0x48, 0x1F, 0x73, 0xF7,
|
|
+ 0xAC, 0x09, 0x13, 0xA1, 0x16, 0x2C, 0x60, 0xFB, 0xBC, 0x25, 0xF7, 0x53,
|
|
+ 0xD1, 0x04, 0x5A, 0x3F, 0x95, 0x09, 0x5E, 0xE5, 0xA2, 0x7D, 0xFC, 0x2A,
|
|
+ 0x51, 0x1D, 0x21, 0xCE, 0x2B, 0x4E, 0x1B, 0xB8, 0xCB, 0xDD, 0x24, 0xEE,
|
|
+ 0x99, 0x1D, 0x37, 0xDC, 0xED, 0x5F, 0x2F, 0x48, 0x5E, 0x33, 0x94, 0x06,
|
|
+ 0x19, 0xCD, 0x5A, 0x26, 0x85, 0x77, 0x9D, 0xAF, 0x86, 0x97, 0xC9, 0x08,
|
|
+ 0xD5, 0x81, 0x0E, 0xB8, 0x9F, 0xB6, 0xAF, 0x20, 0x72, 0xDC, 0x13, 0x4D,
|
|
+ 0x7A, 0xE4, 0x5C, 0x81, 0xDE, 0xC0, 0x3D, 0x19, 0x9C, 0x33, 0x11, 0x07,
|
|
+ 0xD5, 0xA9, 0x51, 0x67, 0xCD, 0xFD, 0x37, 0x61, 0x14, 0x9F, 0xE7, 0x70,
|
|
+ 0x18, 0x32, 0xC3, 0x34, 0x54, 0x0D, 0x4F, 0xB4, 0xAE, 0x9F, 0xEC, 0x64,
|
|
+ 0xD8, 0xB2, 0x16, 0xA4, 0xB2, 0x99, 0x92, 0xCB, 0x7F, 0x1F, 0x06, 0x17,
|
|
+ 0x5F, 0xA1, 0x07, 0x68, 0xAE, 0xA7, 0x2D, 0x03, 0x91, 0x2A, 0x9D, 0x69,
|
|
+ 0xC2, 0x9D, 0x90, 0xF7, 0xF9, 0x66, 0x5D, 0x13, 0xB7, 0x7F, 0xD3, 0x97,
|
|
+ 0x45, 0x97, 0x43, 0xD8, 0xCE, 0x3C, 0xF2, 0x98, 0x98, 0xDD, 0xE2, 0x2D,
|
|
+ 0xCF, 0xA1, 0xC4, 0x25, 0x46, 0x2E, 0xD2, 0xE5, 0x5F, 0xC6, 0x01, 0xC5,
|
|
+ 0x4F, 0x42, 0x2B, 0xDE, 0x0F, 0xEA, 0x4A, 0x4F, 0xC3, 0x5B, 0xDF, 0x9B,
|
|
+ 0x5D, 0x30, 0x18, 0x93, 0xD0, 0xDE, 0xC5, 0x09, 0xAA, 0x57, 0x57, 0xBD,
|
|
+ 0x2D, 0x84, 0x03, 0xB7
|
|
};
|
|
|
|
static const unsigned char kat_RSA_PSS_SHA256[] = {
|
|
- 0x6D, 0x3D, 0xBE, 0x8F, 0x60, 0x6D, 0x25, 0x14, 0xF0, 0x31, 0xE3, 0x89,
|
|
- 0x00, 0x97, 0xFA, 0x99, 0x71, 0x28, 0xE5, 0x10, 0x25, 0x9A, 0xF3, 0x8F,
|
|
- 0x7B, 0xC5, 0xA8, 0x4A, 0x74, 0x51, 0x36, 0xE2, 0x8D, 0x7D, 0x73, 0x28,
|
|
- 0xC1, 0x77, 0xC6, 0x27, 0x97, 0x00, 0x8B, 0x00, 0xA3, 0x96, 0x73, 0x4E,
|
|
- 0x7D, 0x2E, 0x2C, 0x34, 0x68, 0x8C, 0x8E, 0xDF, 0x9D, 0x49, 0x47, 0x05,
|
|
- 0xAB, 0xF5, 0x01, 0xD6, 0x81, 0x47, 0x70, 0xF5, 0x1D, 0x6D, 0x26, 0xBA,
|
|
- 0x2F, 0x7A, 0x54, 0x53, 0x4E, 0xED, 0x71, 0xD9, 0x5A, 0xF3, 0xDA, 0xB6,
|
|
- 0x0B, 0x47, 0x34, 0xAF, 0x90, 0xDC, 0xC8, 0xD9, 0x6F, 0x56, 0xCD, 0x9F,
|
|
- 0x21, 0xB7, 0x7E, 0xAD, 0x7C, 0x2F, 0x75, 0x50, 0x47, 0x12, 0xE4, 0x6D,
|
|
- 0x5F, 0xB7, 0x01, 0xDF, 0xC3, 0x11, 0x6C, 0xA9, 0x9E, 0x49, 0xB9, 0xF6,
|
|
- 0x72, 0xF4, 0xF6, 0xEF, 0x88, 0x1E, 0x2D, 0x1C
|
|
+ 0x38, 0xDA, 0x99, 0x51, 0x26, 0x38, 0xC6, 0x7F, 0xC4, 0x81, 0x57, 0x19,
|
|
+ 0x35, 0xC6, 0xF6, 0x1E, 0x90, 0x47, 0x20, 0x55, 0x47, 0x56, 0x26, 0xE9,
|
|
+ 0xF2, 0xA8, 0x39, 0x6C, 0xD5, 0xCD, 0xCB, 0x55, 0xFC, 0x0C, 0xC5, 0xCB,
|
|
+ 0xF7, 0x40, 0x17, 0x3B, 0xCF, 0xE4, 0x05, 0x03, 0x3B, 0xA0, 0xB2, 0xC9,
|
|
+ 0x0D, 0x5E, 0x48, 0x3A, 0xE9, 0xAD, 0x28, 0x71, 0x7D, 0x8F, 0x89, 0x16,
|
|
+ 0x59, 0x93, 0x35, 0xDC, 0x4D, 0x7B, 0xDF, 0x84, 0xE4, 0x68, 0xAA, 0x33,
|
|
+ 0xAA, 0xDC, 0x66, 0x50, 0xC8, 0xA9, 0x32, 0x12, 0xDC, 0xC6, 0x90, 0x49,
|
|
+ 0x0B, 0x75, 0xFF, 0x9B, 0x95, 0x00, 0x9A, 0x90, 0xE0, 0xD4, 0x0E, 0x67,
|
|
+ 0xAB, 0x3C, 0x47, 0x36, 0xC5, 0x2E, 0x1C, 0x46, 0xF0, 0x2D, 0xD3, 0x8B,
|
|
+ 0x42, 0x08, 0xDE, 0x0D, 0xB6, 0x2C, 0x86, 0xB0, 0x35, 0x71, 0x18, 0x6B,
|
|
+ 0x89, 0x67, 0xC0, 0x05, 0xAD, 0xF4, 0x1D, 0x62, 0x4E, 0x75, 0xEC, 0xD6,
|
|
+ 0xC2, 0xDB, 0x07, 0xB0, 0xB6, 0x8D, 0x15, 0xAD, 0xCD, 0xBF, 0xF5, 0x60,
|
|
+ 0x76, 0xAE, 0x48, 0xB8, 0x77, 0x7F, 0xC5, 0x01, 0xD9, 0x29, 0xBB, 0xD6,
|
|
+ 0x17, 0xA2, 0x20, 0x5A, 0xC0, 0x4A, 0x3B, 0x34, 0xC8, 0xB9, 0x39, 0xCF,
|
|
+ 0x06, 0x89, 0x95, 0x6F, 0xC7, 0xCA, 0xC4, 0xE4, 0x43, 0xDF, 0x5A, 0x23,
|
|
+ 0xE2, 0x89, 0xA3, 0x38, 0x78, 0x31, 0x38, 0xC6, 0xA4, 0x6F, 0x5F, 0x73,
|
|
+ 0x5A, 0xE5, 0x9E, 0x09, 0xE7, 0x6F, 0xD4, 0xF8, 0x3E, 0xB7, 0xB0, 0x56,
|
|
+ 0x9A, 0xF3, 0x65, 0xF0, 0xC2, 0xA6, 0x8A, 0x08, 0xBA, 0x44, 0xAC, 0x97,
|
|
+ 0xDE, 0xB4, 0x16, 0x83, 0xDF, 0xE3, 0xEE, 0x71, 0xFA, 0xF9, 0x51, 0x50,
|
|
+ 0x14, 0xDC, 0xFD, 0x6A, 0x82, 0x20, 0x68, 0x64, 0x7D, 0x4E, 0x82, 0x68,
|
|
+ 0xD7, 0x45, 0xFA, 0x6A, 0xE4, 0xE5, 0x29, 0x3A, 0x70, 0xFB, 0xE4, 0x62,
|
|
+ 0x2B, 0x31, 0xB9, 0x7D
|
|
};
|
|
|
|
static const unsigned char kat_RSA_PSS_SHA384[] = {
|
|
- 0x40, 0xFB, 0xA1, 0x21, 0xF4, 0xB2, 0x40, 0x9A, 0xB4, 0x31, 0xA8, 0xF2,
|
|
- 0xEC, 0x1C, 0xC4, 0xC8, 0x7C, 0x22, 0x65, 0x9C, 0x57, 0x45, 0xCD, 0x5E,
|
|
- 0x86, 0x00, 0xF7, 0x25, 0x78, 0xDE, 0xDC, 0x7A, 0x71, 0x44, 0x9A, 0xCD,
|
|
- 0xAA, 0x25, 0xF4, 0xB2, 0xFC, 0xF0, 0x75, 0xD9, 0x2F, 0x78, 0x23, 0x7F,
|
|
- 0x6F, 0x02, 0xEF, 0xC1, 0xAF, 0xA6, 0x28, 0x16, 0x31, 0xDC, 0x42, 0x6C,
|
|
- 0xB2, 0x44, 0xE5, 0x4D, 0x66, 0xA2, 0xE6, 0x71, 0xF3, 0xAC, 0x4F, 0xFB,
|
|
- 0x91, 0xCA, 0xF5, 0x70, 0xEF, 0x6B, 0x9D, 0xA4, 0xEF, 0xD9, 0x3D, 0x2F,
|
|
- 0x3A, 0xBE, 0x89, 0x38, 0x59, 0x01, 0xBA, 0xDA, 0x32, 0xAD, 0x42, 0x89,
|
|
- 0x98, 0x8B, 0x39, 0x44, 0xF0, 0xFC, 0x38, 0xAC, 0x87, 0x1F, 0xCA, 0x6F,
|
|
- 0x48, 0xF6, 0xAE, 0xD7, 0x45, 0xEE, 0xAE, 0x88, 0x0E, 0x60, 0xF4, 0x55,
|
|
- 0x48, 0x44, 0xEE, 0x1F, 0x90, 0x18, 0x4B, 0xF1
|
|
+ 0x99, 0x02, 0xC9, 0x1E, 0x31, 0x82, 0xB4, 0xE6, 0x1B, 0x32, 0xCE, 0x5D,
|
|
+ 0x41, 0x1D, 0x00, 0x2F, 0x04, 0x8B, 0xBD, 0x37, 0x79, 0xCF, 0x77, 0x03,
|
|
+ 0x05, 0x6A, 0x21, 0xC7, 0x8D, 0x24, 0x60, 0x49, 0x39, 0x58, 0xC5, 0x27,
|
|
+ 0x8F, 0xC5, 0x97, 0x4A, 0xB2, 0xE1, 0xD4, 0x36, 0x57, 0xBD, 0x43, 0xCC,
|
|
+ 0x7B, 0xCE, 0xF2, 0xA5, 0x30, 0xF8, 0x72, 0x14, 0xBB, 0xD0, 0x9F, 0xC1,
|
|
+ 0x49, 0xC8, 0x1C, 0xAF, 0xCD, 0x95, 0x78, 0x72, 0x25, 0xF9, 0x45, 0xC6,
|
|
+ 0x5B, 0x62, 0x5E, 0x01, 0xD7, 0x40, 0x5E, 0xC8, 0xCA, 0x0A, 0xF3, 0xBA,
|
|
+ 0x08, 0x07, 0x88, 0xCA, 0x49, 0x36, 0x84, 0x7D, 0xF6, 0xFC, 0x5A, 0xDB,
|
|
+ 0xFC, 0x50, 0xD3, 0xEB, 0x3D, 0x83, 0xB0, 0xF5, 0x94, 0x5E, 0x88, 0xC3,
|
|
+ 0x82, 0xCD, 0x53, 0x40, 0x96, 0x18, 0x6B, 0x4A, 0x6C, 0x9C, 0xFE, 0xE5,
|
|
+ 0x3B, 0x75, 0xF9, 0xEB, 0xA5, 0x77, 0x11, 0xEF, 0x88, 0x1C, 0x25, 0x70,
|
|
+ 0x7D, 0x88, 0x5D, 0xC3, 0xCA, 0xE1, 0x49, 0x14, 0x90, 0xAD, 0xF2, 0x5E,
|
|
+ 0x49, 0xD7, 0x99, 0xA5, 0x7B, 0x77, 0x3B, 0x8E, 0xB8, 0xDB, 0xF1, 0x4C,
|
|
+ 0xD6, 0x9A, 0xDC, 0xE5, 0x7A, 0x1C, 0xE1, 0xCE, 0x9D, 0xF1, 0xF3, 0xA0,
|
|
+ 0x0A, 0x35, 0x52, 0x9D, 0xB9, 0x46, 0x94, 0x82, 0x0F, 0xF7, 0xB2, 0x62,
|
|
+ 0x51, 0x70, 0x75, 0xD2, 0x37, 0x96, 0x67, 0x2F, 0xD0, 0x22, 0xD8, 0x07,
|
|
+ 0x8D, 0x69, 0x9E, 0x6D, 0x0B, 0x40, 0x4F, 0x70, 0xEC, 0x0B, 0xCA, 0x88,
|
|
+ 0x80, 0x8D, 0x9A, 0xF4, 0xF9, 0x18, 0x50, 0x27, 0x08, 0xFA, 0xCC, 0xC7,
|
|
+ 0x3F, 0xE4, 0x84, 0x83, 0xA1, 0xB6, 0x1D, 0x23, 0x34, 0xFE, 0x48, 0xE5,
|
|
+ 0xE3, 0xAE, 0x4D, 0x98, 0xBC, 0xA6, 0x8A, 0x9F, 0xFD, 0x4D, 0xDB, 0x9D,
|
|
+ 0xF7, 0xEB, 0x4E, 0xB6, 0x6F, 0x25, 0xEA, 0x7A, 0xE9, 0x85, 0xB2, 0xEF,
|
|
+ 0x90, 0xD2, 0xA6, 0x2B
|
|
};
|
|
|
|
static const unsigned char kat_RSA_PSS_SHA512[] = {
|
|
- 0x07, 0x1E, 0xD8, 0xD5, 0x05, 0xE8, 0xE6, 0xE6, 0x57, 0xAE, 0x63, 0x8C,
|
|
- 0xC6, 0x83, 0xB7, 0xA0, 0x59, 0xBB, 0xF2, 0xC6, 0x8F, 0x12, 0x53, 0x9A,
|
|
- 0x9B, 0x54, 0x9E, 0xB3, 0xC1, 0x1D, 0x23, 0x4D, 0x51, 0xED, 0x9E, 0xDD,
|
|
- 0x4B, 0xF3, 0x46, 0x9B, 0x6B, 0xF6, 0x7C, 0x24, 0x60, 0x79, 0x23, 0x39,
|
|
- 0x01, 0x1C, 0x51, 0xCB, 0xD8, 0xE9, 0x9A, 0x01, 0x67, 0x5F, 0xFE, 0xD7,
|
|
- 0x7C, 0xE3, 0x7F, 0xED, 0xDB, 0x87, 0xBB, 0xF0, 0x3D, 0x78, 0x55, 0x61,
|
|
- 0x57, 0xE3, 0x0F, 0xE3, 0xD2, 0x9D, 0x0C, 0x2A, 0x20, 0xB0, 0x85, 0x13,
|
|
- 0xC5, 0x47, 0x34, 0x0D, 0x32, 0x15, 0xC8, 0xAE, 0x9A, 0x6A, 0x39, 0x63,
|
|
- 0x2D, 0x60, 0xF5, 0x4C, 0xDF, 0x8A, 0x48, 0x4B, 0xBF, 0xF4, 0xA8, 0xFE,
|
|
- 0x76, 0xF2, 0x32, 0x1B, 0x9C, 0x7C, 0xCA, 0xFE, 0x7F, 0x80, 0xC2, 0x88,
|
|
- 0x5C, 0x97, 0x70, 0xB4, 0x26, 0xC9, 0x14, 0x8B
|
|
+ 0x3F, 0x83, 0x43, 0x78, 0x25, 0xBE, 0x81, 0xB2, 0x6E, 0x78, 0x11, 0x32,
|
|
+ 0xD0, 0x88, 0x05, 0x53, 0x95, 0xED, 0x81, 0x12, 0xCE, 0x50, 0xD9, 0x06,
|
|
+ 0x42, 0x89, 0xA0, 0x55, 0x7A, 0x05, 0x13, 0x94, 0x35, 0x9B, 0xCA, 0x5D,
|
|
+ 0xCB, 0xB2, 0x32, 0xE1, 0x04, 0x99, 0xEC, 0xE7, 0xA6, 0x69, 0x4D, 0x2B,
|
|
+ 0xC1, 0x57, 0x13, 0x48, 0x0D, 0x6B, 0x4D, 0x83, 0x28, 0x06, 0x79, 0x9D,
|
|
+ 0xB4, 0x70, 0xCE, 0xC0, 0xFC, 0x3B, 0x69, 0xB3, 0x91, 0x54, 0xA9, 0x44,
|
|
+ 0x2E, 0xDA, 0x4A, 0xC5, 0xC2, 0x99, 0xF0, 0xDE, 0xCA, 0x77, 0x99, 0x6B,
|
|
+ 0x0C, 0x79, 0xE5, 0x29, 0x74, 0x83, 0x69, 0xEA, 0xB8, 0x72, 0x30, 0x3D,
|
|
+ 0x7A, 0x30, 0xE1, 0x03, 0x7B, 0x09, 0xE6, 0x11, 0xC0, 0xDC, 0xFF, 0xFD,
|
|
+ 0xBD, 0xEC, 0x9C, 0xCC, 0x46, 0x7B, 0x4C, 0x4C, 0x59, 0xBE, 0x82, 0x7C,
|
|
+ 0xF5, 0x60, 0x5A, 0xC3, 0xE8, 0xA8, 0x8A, 0x38, 0x9E, 0x01, 0x57, 0xF1,
|
|
+ 0x79, 0x3A, 0x7C, 0xA3, 0x9F, 0x12, 0x1A, 0x4F, 0x2E, 0xA2, 0xE5, 0x0A,
|
|
+ 0xAB, 0xC0, 0xF4, 0xA5, 0xE3, 0x5F, 0x89, 0x1C, 0x8F, 0xA4, 0x5E, 0xCE,
|
|
+ 0x0D, 0x91, 0x05, 0x1B, 0x17, 0x62, 0x48, 0xFE, 0xA5, 0x4C, 0xEF, 0x2D,
|
|
+ 0x28, 0xF1, 0x5E, 0xE6, 0xD1, 0x30, 0x89, 0x0A, 0xAD, 0x18, 0xAF, 0x6F,
|
|
+ 0x04, 0x09, 0x36, 0x9A, 0xFF, 0xCA, 0xA1, 0xA7, 0x05, 0x7F, 0xD4, 0xBF,
|
|
+ 0x3A, 0xB5, 0x42, 0x6D, 0xE9, 0x07, 0x29, 0x65, 0x8B, 0xAD, 0x4D, 0x0F,
|
|
+ 0x22, 0xE1, 0x59, 0x43, 0x68, 0x87, 0xA8, 0x8B, 0xBC, 0x69, 0xA1, 0x94,
|
|
+ 0x22, 0x3E, 0x8A, 0x49, 0xE8, 0xA3, 0x6F, 0xC2, 0x93, 0x58, 0xE7, 0xAE,
|
|
+ 0xC9, 0x1F, 0xCF, 0x61, 0x93, 0xFC, 0xC1, 0xF6, 0xF3, 0x27, 0x7F, 0x0A,
|
|
+ 0x90, 0xE0, 0x65, 0x32, 0x57, 0x47, 0xE2, 0xED, 0x08, 0x59, 0xA6, 0xF0,
|
|
+ 0x17, 0x2C, 0x13, 0xE0
|
|
};
|
|
|
|
static const unsigned char kat_RSA_SHA1[] = {
|
|
- 0x71, 0xEE, 0x1A, 0xC0, 0xFE, 0x01, 0x93, 0x54, 0x79, 0x5C, 0xF2, 0x4C,
|
|
- 0x4A, 0xFD, 0x1A, 0x05, 0x8F, 0x64, 0xB1, 0x6D, 0x61, 0x33, 0x8D, 0x9B,
|
|
- 0xE7, 0xFD, 0x60, 0xA3, 0x83, 0xB5, 0xA3, 0x51, 0x55, 0x77, 0x90, 0xCF,
|
|
- 0xDC, 0x22, 0x37, 0x8E, 0xD0, 0xE1, 0xAE, 0x09, 0xE3, 0x3D, 0x1E, 0xF8,
|
|
- 0x80, 0xD1, 0x8B, 0xC2, 0xEC, 0x0A, 0xD7, 0x6B, 0x88, 0x8B, 0x8B, 0xA1,
|
|
- 0x20, 0x22, 0xBE, 0x59, 0x5B, 0xE0, 0x23, 0x24, 0xA1, 0x49, 0x30, 0xBA,
|
|
- 0xA9, 0x9E, 0xE8, 0xB1, 0x8A, 0x62, 0x16, 0xBF, 0x4E, 0xCA, 0x2E, 0x4E,
|
|
- 0xBC, 0x29, 0xA8, 0x67, 0x13, 0xB7, 0x9F, 0x1D, 0x04, 0x44, 0xE5, 0x5F,
|
|
- 0x35, 0x07, 0x11, 0xBC, 0xED, 0x19, 0x37, 0x21, 0xCF, 0x23, 0x48, 0x1F,
|
|
- 0x72, 0x05, 0xDE, 0xE6, 0xE8, 0x7F, 0x33, 0x8A, 0x76, 0x4B, 0x2F, 0x95,
|
|
- 0xDF, 0xF1, 0x5F, 0x84, 0x80, 0xD9, 0x46, 0xB4
|
|
+ 0x3B, 0x60, 0x4B, 0xFC, 0x54, 0x28, 0x23, 0xE6, 0x2F, 0x05, 0x04, 0xBA,
|
|
+ 0x9D, 0xE4, 0x3C, 0xB8, 0x5B, 0x60, 0x5C, 0xCD, 0x9D, 0xEA, 0xC3, 0x4C,
|
|
+ 0xC2, 0x33, 0xE6, 0xC6, 0x21, 0x48, 0x76, 0xEC, 0xB2, 0xF5, 0x11, 0xDE,
|
|
+ 0x44, 0xB4, 0xAF, 0x16, 0x11, 0xC3, 0x18, 0x16, 0xB3, 0x69, 0xBB, 0x94,
|
|
+ 0xED, 0xE8, 0xB3, 0x9E, 0xB1, 0x43, 0x8E, 0xCE, 0xB4, 0x34, 0x9B, 0x08,
|
|
+ 0x22, 0xAF, 0x31, 0x73, 0xB5, 0xFA, 0x11, 0x7E, 0x8F, 0x13, 0x52, 0xEC,
|
|
+ 0xC9, 0x03, 0xEE, 0x0D, 0x2B, 0x91, 0x32, 0xF2, 0x8E, 0xDF, 0x02, 0xE0,
|
|
+ 0x0A, 0x47, 0xD2, 0x0A, 0x51, 0x00, 0x1A, 0x30, 0x6F, 0x0C, 0xB3, 0x54,
|
|
+ 0x64, 0x20, 0x90, 0x0C, 0x01, 0xBE, 0xC0, 0x42, 0x8C, 0x5D, 0x18, 0x6F,
|
|
+ 0x32, 0x75, 0x45, 0x7B, 0x1C, 0x04, 0xA2, 0x9F, 0x84, 0xD7, 0xF5, 0x3A,
|
|
+ 0x95, 0xD4, 0xE8, 0x8D, 0xEC, 0x99, 0xEF, 0x18, 0x5E, 0x64, 0xD3, 0xAF,
|
|
+ 0xF8, 0xD4, 0xFF, 0x3C, 0x87, 0xA0, 0x3F, 0xC7, 0x22, 0x05, 0xFD, 0xFD,
|
|
+ 0x29, 0x8A, 0x28, 0xDA, 0xA9, 0x8A, 0x8B, 0x23, 0x62, 0x9D, 0x42, 0xB8,
|
|
+ 0x4A, 0x76, 0x0D, 0x9F, 0x9A, 0xE0, 0xE6, 0xDD, 0xAD, 0x5E, 0x5F, 0xD5,
|
|
+ 0x32, 0xE9, 0x4B, 0x97, 0x7D, 0x62, 0x0A, 0xB3, 0xBE, 0xF2, 0x8C, 0x1F,
|
|
+ 0x2B, 0x22, 0x06, 0x15, 0x33, 0x71, 0xED, 0x9B, 0xA0, 0x82, 0xCE, 0xBF,
|
|
+ 0x3B, 0x08, 0x5F, 0xA7, 0x20, 0x94, 0x09, 0xEB, 0x82, 0xA5, 0x41, 0x60,
|
|
+ 0xF1, 0x08, 0xEB, 0x8D, 0xCC, 0x8D, 0xC9, 0x52, 0x0A, 0xAF, 0xF4, 0xF9,
|
|
+ 0x9F, 0x82, 0xD8, 0x0B, 0x75, 0x5E, 0xE4, 0xAF, 0x65, 0x96, 0xAF, 0xFC,
|
|
+ 0x33, 0xBF, 0x9F, 0x3E, 0xA4, 0x7B, 0x86, 0xC7, 0xF7, 0x47, 0xAB, 0x37,
|
|
+ 0x05, 0xD6, 0x0D, 0x31, 0x72, 0x8C, 0x80, 0x1E, 0xA9, 0x54, 0xFC, 0xDF,
|
|
+ 0x27, 0x90, 0xE2, 0x01
|
|
};
|
|
|
|
static const unsigned char kat_RSA_SHA224[] = {
|
|
- 0x62, 0xAA, 0x79, 0xA9, 0x18, 0x0E, 0x5F, 0x8C, 0xBB, 0xB7, 0x15, 0xF9,
|
|
- 0x25, 0xBB, 0xFA, 0xD4, 0x3A, 0x34, 0xED, 0x9E, 0xA0, 0xA9, 0x18, 0x8D,
|
|
- 0x5B, 0x55, 0x9A, 0x7E, 0x1E, 0x08, 0x08, 0x60, 0xC5, 0x1A, 0xC5, 0x89,
|
|
- 0x08, 0xE2, 0x1B, 0xBD, 0x62, 0x50, 0x17, 0x76, 0x30, 0x2C, 0x9E, 0xCD,
|
|
- 0xA4, 0x02, 0xAD, 0xB1, 0x6D, 0x44, 0x6D, 0xD5, 0xC6, 0x45, 0x41, 0xE5,
|
|
- 0xEE, 0x1F, 0x8D, 0x7E, 0x08, 0x16, 0xA6, 0xE1, 0x5E, 0x0B, 0xA9, 0xCC,
|
|
- 0xDB, 0x59, 0x55, 0x87, 0x09, 0x25, 0x70, 0x86, 0x84, 0x02, 0xC6, 0x3B,
|
|
- 0x0B, 0x44, 0x4C, 0x46, 0x95, 0xF4, 0xF8, 0x5A, 0x91, 0x28, 0x3E, 0xB2,
|
|
- 0x58, 0x2E, 0x06, 0x45, 0x49, 0xE0, 0x92, 0xE2, 0xC0, 0x66, 0xE6, 0x35,
|
|
- 0xD9, 0x79, 0x7F, 0x17, 0x5E, 0x02, 0x73, 0x04, 0x77, 0x82, 0xE6, 0xDC,
|
|
- 0x40, 0x21, 0x89, 0x8B, 0x37, 0x3E, 0x1E, 0x8D
|
|
+ 0xA2, 0xD8, 0x42, 0x53, 0xDD, 0xBF, 0x1F, 0x6B, 0x07, 0xE0, 0x60, 0x86,
|
|
+ 0x5A, 0x60, 0x06, 0x8F, 0x44, 0xD9, 0xB0, 0x4A, 0xAA, 0x90, 0x71, 0xB8,
|
|
+ 0xB2, 0xBC, 0x30, 0x41, 0x50, 0xBB, 0xFD, 0x46, 0x98, 0x4D, 0xC0, 0x89,
|
|
+ 0x57, 0x85, 0x8A, 0x97, 0x49, 0x25, 0xA8, 0x0C, 0x69, 0x70, 0x19, 0x39,
|
|
+ 0x66, 0x24, 0xB4, 0x69, 0x47, 0xD2, 0x7C, 0xDE, 0x2D, 0x37, 0x59, 0xB3,
|
|
+ 0xE3, 0xC7, 0x6B, 0xDD, 0xBE, 0xE1, 0xE6, 0x28, 0x9A, 0x8D, 0x42, 0x3E,
|
|
+ 0x28, 0x01, 0xD7, 0x03, 0xC9, 0x73, 0xC3, 0x6B, 0x03, 0xEC, 0x1E, 0xF8,
|
|
+ 0x53, 0x8B, 0x52, 0x42, 0x89, 0x55, 0xB7, 0x87, 0xA9, 0x94, 0xC2, 0xB4,
|
|
+ 0x4B, 0x76, 0xF5, 0x61, 0x47, 0xE1, 0x44, 0x7B, 0xEC, 0xB4, 0x25, 0x66,
|
|
+ 0xC0, 0xFF, 0xEB, 0x86, 0x24, 0xAA, 0xA8, 0x72, 0xC7, 0xFB, 0xFB, 0xF6,
|
|
+ 0x84, 0xA7, 0x5B, 0xD4, 0x87, 0xE5, 0x84, 0x56, 0x1E, 0x4C, 0xE5, 0xBC,
|
|
+ 0x87, 0x94, 0xAC, 0x9C, 0x1B, 0x3D, 0xF7, 0xD4, 0x36, 0x85, 0x9F, 0xC9,
|
|
+ 0xF6, 0x43, 0x3F, 0xB6, 0x25, 0x33, 0x48, 0x0F, 0xE5, 0x7C, 0xCD, 0x53,
|
|
+ 0x48, 0xEB, 0x02, 0x11, 0xB9, 0x9E, 0xC3, 0xB4, 0xE1, 0x54, 0xD6, 0xAA,
|
|
+ 0x1A, 0x9E, 0x10, 0xE1, 0x27, 0x25, 0xF2, 0xE1, 0xAB, 0xAB, 0x6C, 0x45,
|
|
+ 0x61, 0xD5, 0xA3, 0x6C, 0xB6, 0x33, 0x52, 0xAE, 0x3D, 0xFD, 0x22, 0xFC,
|
|
+ 0x3A, 0xAB, 0x63, 0x94, 0xB5, 0x3A, 0x69, 0x11, 0xAC, 0x99, 0x4F, 0x33,
|
|
+ 0x67, 0x0A, 0x1A, 0x70, 0x1E, 0xB9, 0xE2, 0x26, 0x27, 0x68, 0xEA, 0xF5,
|
|
+ 0x97, 0x55, 0xAC, 0x83, 0x6A, 0x40, 0x3B, 0x56, 0xAE, 0x13, 0x88, 0xE8,
|
|
+ 0x98, 0x72, 0x52, 0x91, 0x7F, 0x78, 0x0A, 0x18, 0xD4, 0x44, 0x78, 0x83,
|
|
+ 0x0D, 0x44, 0x77, 0xA6, 0xF3, 0x04, 0xF1, 0x8C, 0xBC, 0x2F, 0xF9, 0x5B,
|
|
+ 0xDB, 0x70, 0x00, 0xF6
|
|
};
|
|
|
|
static const unsigned char kat_RSA_SHA256[] = {
|
|
- 0x0D, 0x55, 0xE2, 0xAA, 0x81, 0xDB, 0x8E, 0x82, 0x05, 0x17, 0xA5, 0x23,
|
|
- 0xE7, 0x3B, 0x1D, 0xAF, 0xFB, 0x8C, 0xD0, 0x81, 0x20, 0x7B, 0xAA, 0x23,
|
|
- 0x92, 0x87, 0x8C, 0xD1, 0x53, 0x85, 0x16, 0xDC, 0xBE, 0xAD, 0x6F, 0x35,
|
|
- 0x98, 0x2D, 0x69, 0x84, 0xBF, 0xD9, 0x8A, 0x01, 0x17, 0x58, 0xB2, 0x6E,
|
|
- 0x2C, 0x44, 0x9B, 0x90, 0xF1, 0xFB, 0x51, 0xE8, 0x6A, 0x90, 0x2D, 0x18,
|
|
- 0x0E, 0xC0, 0x90, 0x10, 0x24, 0xA9, 0x1D, 0xB3, 0x58, 0x7A, 0x91, 0x30,
|
|
- 0xBE, 0x22, 0xC7, 0xD3, 0xEC, 0xC3, 0x09, 0x5D, 0xBF, 0xE2, 0x80, 0x3A,
|
|
- 0x7C, 0x85, 0xB4, 0xBC, 0xD1, 0xE9, 0xF0, 0x5C, 0xDE, 0x81, 0xA6, 0x38,
|
|
- 0xB8, 0x42, 0xBB, 0x86, 0xC5, 0x9D, 0xCE, 0x7C, 0x2C, 0xEE, 0xD1, 0xDA,
|
|
- 0x27, 0x48, 0x2B, 0xF5, 0xAB, 0xB9, 0xF7, 0x80, 0xD1, 0x90, 0x27, 0x90,
|
|
- 0xBD, 0x44, 0x97, 0x60, 0xCD, 0x57, 0xC0, 0x7A
|
|
+ 0xC2, 0xB1, 0x97, 0x00, 0x9A, 0xE5, 0x80, 0x6A, 0xE2, 0x51, 0x68, 0xB9,
|
|
+ 0x7A, 0x0C, 0xF2, 0xB4, 0x77, 0xED, 0x15, 0x0C, 0x4E, 0xE1, 0xDC, 0xFF,
|
|
+ 0x8E, 0xBC, 0xDE, 0xC7, 0x9A, 0x96, 0xF1, 0x47, 0x45, 0x24, 0x9D, 0x6F,
|
|
+ 0xA6, 0xF3, 0x1D, 0x0D, 0x35, 0x4C, 0x1A, 0xF3, 0x58, 0x2C, 0x6C, 0x06,
|
|
+ 0xD6, 0x22, 0x37, 0x77, 0x8C, 0x33, 0xE5, 0x07, 0x53, 0x93, 0x28, 0xCF,
|
|
+ 0x67, 0xFA, 0xC4, 0x1F, 0x1B, 0x24, 0xDB, 0x4C, 0xC5, 0x2A, 0x51, 0xA2,
|
|
+ 0x60, 0x15, 0x8C, 0x54, 0xB4, 0x30, 0xE2, 0x24, 0x47, 0x86, 0xF2, 0xF8,
|
|
+ 0x6C, 0xD6, 0x12, 0x59, 0x2C, 0x74, 0x9A, 0x37, 0xF3, 0xC4, 0xA2, 0xD5,
|
|
+ 0x4E, 0x1F, 0x77, 0xF0, 0x27, 0xCE, 0x77, 0xF8, 0x4A, 0x79, 0x03, 0xBE,
|
|
+ 0xC8, 0x06, 0x2D, 0xA7, 0xA6, 0x46, 0xF5, 0x55, 0x79, 0xD7, 0x5C, 0xC6,
|
|
+ 0x5B, 0xB1, 0x00, 0x4E, 0x7C, 0xD9, 0x11, 0x85, 0xE0, 0xB1, 0x4D, 0x2D,
|
|
+ 0x13, 0xD7, 0xAC, 0xEA, 0x64, 0xD1, 0xAC, 0x8F, 0x8D, 0x8F, 0xEA, 0x42,
|
|
+ 0x7F, 0xF9, 0xB7, 0x7D, 0x2C, 0x68, 0x49, 0x07, 0x7A, 0x74, 0xEF, 0xB4,
|
|
+ 0xC9, 0x97, 0x16, 0x5C, 0x6C, 0x6E, 0x5C, 0x09, 0x2E, 0x8E, 0x13, 0x2E,
|
|
+ 0x1A, 0x8D, 0xA6, 0x0C, 0x6E, 0x0C, 0x1C, 0x0F, 0xCC, 0xB2, 0x78, 0x8A,
|
|
+ 0x07, 0xFC, 0x5C, 0xC2, 0xF5, 0x65, 0xEC, 0xAB, 0x8B, 0x3C, 0xCA, 0x91,
|
|
+ 0x6F, 0x84, 0x7C, 0x21, 0x0E, 0xB8, 0xDA, 0x7B, 0x6C, 0xF7, 0xDF, 0xAB,
|
|
+ 0x7E, 0x15, 0xFD, 0x85, 0x0B, 0x33, 0x9B, 0x6A, 0x3A, 0xC3, 0xEF, 0x65,
|
|
+ 0x04, 0x6E, 0xB2, 0xAC, 0x98, 0xFD, 0xEB, 0x02, 0xF5, 0xC0, 0x0B, 0x5E,
|
|
+ 0xCB, 0xD4, 0x83, 0x82, 0x18, 0x1B, 0xDA, 0xB4, 0xCD, 0xE8, 0x71, 0x6B,
|
|
+ 0x1D, 0xB5, 0x4F, 0xE9, 0xD6, 0x43, 0xA0, 0x0A, 0x14, 0xA0, 0xE7, 0x5D,
|
|
+ 0x47, 0x9D, 0x18, 0xD7
|
|
};
|
|
|
|
static const unsigned char kat_RSA_SHA384[] = {
|
|
- 0x1D, 0xE3, 0x6A, 0xDD, 0x27, 0x4C, 0xC0, 0xA5, 0x27, 0xEF, 0xE6, 0x1F,
|
|
- 0xD2, 0x91, 0x68, 0x59, 0x04, 0xAE, 0xBD, 0x99, 0x63, 0x56, 0x47, 0xC7,
|
|
- 0x6F, 0x22, 0x16, 0x48, 0xD0, 0xF9, 0x18, 0xA9, 0xCA, 0xFA, 0x5D, 0x5C,
|
|
- 0xA7, 0x65, 0x52, 0x8A, 0xC8, 0x44, 0x7E, 0x86, 0x5D, 0xA9, 0xA6, 0x55,
|
|
- 0x65, 0x3E, 0xD9, 0x2D, 0x02, 0x38, 0xA8, 0x79, 0x28, 0x7F, 0xB6, 0xCF,
|
|
- 0x82, 0xDD, 0x7E, 0x55, 0xE1, 0xB1, 0xBC, 0xE2, 0x19, 0x2B, 0x30, 0xC2,
|
|
- 0x1B, 0x2B, 0xB0, 0x82, 0x46, 0xAC, 0x4B, 0xD1, 0xE2, 0x7D, 0xEB, 0x8C,
|
|
- 0xFF, 0x95, 0xE9, 0x6A, 0x1C, 0x3D, 0x4D, 0xBF, 0x8F, 0x8B, 0x9C, 0xCD,
|
|
- 0xEA, 0x85, 0xEE, 0x00, 0xDC, 0x1C, 0xA7, 0xEB, 0xD0, 0x8F, 0x99, 0xF1,
|
|
- 0x16, 0x28, 0x24, 0x64, 0x04, 0x39, 0x2D, 0x58, 0x1E, 0x37, 0xDC, 0x04,
|
|
- 0xBD, 0x31, 0xA2, 0x2F, 0xB3, 0x35, 0x56, 0xBF
|
|
+ 0x11, 0x5E, 0x63, 0xFE, 0x47, 0xAA, 0x6A, 0x84, 0xEB, 0x44, 0x9A, 0x00,
|
|
+ 0x96, 0x4A, 0xED, 0xD2, 0xA7, 0x67, 0x3A, 0x64, 0x82, 0x30, 0x61, 0x2D,
|
|
+ 0xE3, 0xF5, 0x49, 0x68, 0x5E, 0x60, 0xD2, 0x4D, 0xEF, 0xF2, 0xA4, 0xB2,
|
|
+ 0x9A, 0x81, 0x1D, 0x41, 0xA5, 0x73, 0x59, 0xEB, 0xBB, 0xC4, 0x9E, 0x2B,
|
|
+ 0xEB, 0xC3, 0xDE, 0x3A, 0xEA, 0xF5, 0xAD, 0xDA, 0x87, 0x08, 0x68, 0xCF,
|
|
+ 0x12, 0x9B, 0xC1, 0xE4, 0xA7, 0x71, 0xF8, 0xBD, 0x6B, 0x6F, 0x50, 0xF1,
|
|
+ 0xD1, 0xFF, 0xCE, 0x6C, 0xD9, 0xBE, 0xDA, 0x76, 0xF3, 0xEB, 0xAB, 0x9C,
|
|
+ 0x41, 0x6E, 0x4F, 0x35, 0x7A, 0x61, 0x27, 0xBC, 0x03, 0x3E, 0xAE, 0x3E,
|
|
+ 0x1B, 0xDD, 0xAC, 0xD9, 0x1A, 0xFF, 0xD3, 0xF5, 0x66, 0x43, 0x07, 0x76,
|
|
+ 0x8A, 0x69, 0x2D, 0x14, 0xB1, 0xBE, 0x55, 0x49, 0x90, 0x89, 0x4B, 0xC4,
|
|
+ 0x11, 0x67, 0xD5, 0x9D, 0xB0, 0xB2, 0xEE, 0x8D, 0x0A, 0x47, 0x4A, 0xD9,
|
|
+ 0x0E, 0xD1, 0x24, 0xF0, 0x30, 0x2B, 0xF2, 0x79, 0x47, 0xDB, 0x70, 0xB4,
|
|
+ 0x46, 0xF2, 0xF8, 0xB7, 0xB4, 0xF6, 0x34, 0x79, 0xA8, 0x2D, 0x3D, 0x56,
|
|
+ 0xD5, 0x9A, 0x60, 0x7A, 0x04, 0xC7, 0x66, 0x1D, 0xCD, 0x3C, 0xD5, 0x39,
|
|
+ 0x37, 0x12, 0x51, 0x5E, 0x9F, 0xF8, 0x1A, 0xAF, 0x13, 0xC1, 0x13, 0x00,
|
|
+ 0x35, 0xD5, 0x8D, 0x17, 0xE3, 0x02, 0x28, 0xD9, 0xEC, 0xDE, 0xD1, 0x2F,
|
|
+ 0x93, 0x49, 0x03, 0x11, 0x3E, 0x56, 0x9D, 0xC2, 0x31, 0xF8, 0xAF, 0x2D,
|
|
+ 0xD9, 0x99, 0xB7, 0x8A, 0xAC, 0x5A, 0x86, 0x20, 0x3A, 0x83, 0x29, 0x26,
|
|
+ 0x9D, 0x03, 0x52, 0x2B, 0x34, 0x56, 0x40, 0x16, 0x53, 0x50, 0x82, 0xC9,
|
|
+ 0xC7, 0xD5, 0x51, 0x4C, 0xED, 0xB3, 0xE2, 0xE1, 0xCF, 0xA8, 0xCE, 0xBD,
|
|
+ 0xB1, 0x48, 0xA6, 0x8A, 0x79, 0x17, 0x55, 0x11, 0xEF, 0xE8, 0x14, 0xF4,
|
|
+ 0x7E, 0x37, 0x1D, 0x96
|
|
};
|
|
|
|
static const unsigned char kat_RSA_SHA512[] = {
|
|
- 0x69, 0x52, 0x1B, 0x51, 0x5E, 0x06, 0xCA, 0x9B, 0x16, 0x51, 0x5D, 0xCF,
|
|
- 0x49, 0x25, 0x4A, 0xA1, 0x6A, 0x77, 0x4C, 0x36, 0x40, 0xF8, 0xB2, 0x9A,
|
|
- 0x15, 0xEA, 0x5C, 0xE5, 0xE6, 0x82, 0xE0, 0x86, 0x82, 0x6B, 0x32, 0xF1,
|
|
- 0x04, 0xC1, 0x5A, 0x1A, 0xED, 0x1E, 0x9A, 0xB6, 0x4C, 0x54, 0x9F, 0xD8,
|
|
- 0x8D, 0xCC, 0xAC, 0x8A, 0xBB, 0x9C, 0x82, 0x3F, 0xA6, 0x53, 0x62, 0xB5,
|
|
- 0x80, 0xE2, 0xBC, 0xDD, 0x67, 0x2B, 0xD9, 0x3F, 0xE4, 0x75, 0x92, 0x6B,
|
|
- 0xAF, 0x62, 0x7C, 0x52, 0xF0, 0xEE, 0x33, 0xDF, 0x1B, 0x1D, 0x47, 0xE6,
|
|
- 0x59, 0x56, 0xA5, 0xB9, 0x5C, 0xE6, 0x77, 0x78, 0x16, 0x63, 0x84, 0x05,
|
|
- 0x6F, 0x0E, 0x2B, 0x31, 0x9D, 0xF7, 0x7F, 0xB2, 0x64, 0x71, 0xE0, 0x2D,
|
|
- 0x3E, 0x62, 0xCE, 0xB5, 0x3F, 0x88, 0xDF, 0x2D, 0xAB, 0x98, 0x65, 0x91,
|
|
- 0xDF, 0x70, 0x14, 0xA5, 0x3F, 0x36, 0xAB, 0x84
|
|
+ 0x35, 0x6D, 0xF1, 0x9E, 0xCF, 0xB1, 0xF6, 0x0C, 0x04, 0x21, 0x17, 0xB3,
|
|
+ 0xC4, 0x9D, 0xFE, 0x62, 0x1C, 0x1A, 0x45, 0x00, 0x2E, 0x6B, 0xB6, 0x9F,
|
|
+ 0x5C, 0xB1, 0xCB, 0xCF, 0xF9, 0x67, 0xEA, 0x62, 0x8A, 0xEB, 0x77, 0x02,
|
|
+ 0x42, 0x30, 0x88, 0xB1, 0x48, 0xDF, 0x12, 0x60, 0x6E, 0x92, 0xBB, 0x4B,
|
|
+ 0x09, 0x68, 0xD1, 0x70, 0x2B, 0x59, 0xEE, 0x57, 0x96, 0xF9, 0xEA, 0xA3,
|
|
+ 0x4C, 0xE9, 0xC9, 0xBD, 0x25, 0x34, 0x66, 0x15, 0x6C, 0xC9, 0x81, 0xD1,
|
|
+ 0x48, 0x0F, 0x33, 0x5F, 0x05, 0x4F, 0xC2, 0xC4, 0xDD, 0x09, 0x54, 0x79,
|
|
+ 0xA1, 0x57, 0x07, 0x70, 0xA0, 0x33, 0x02, 0x4D, 0x5D, 0xE9, 0x24, 0xD1,
|
|
+ 0xEF, 0xF0, 0x61, 0xD0, 0x1D, 0x41, 0xE2, 0x9B, 0x2B, 0x7C, 0xD0, 0x4E,
|
|
+ 0x55, 0xD9, 0x6D, 0xA1, 0x16, 0x9F, 0xDA, 0xC3, 0x3B, 0xF1, 0x74, 0xD1,
|
|
+ 0x99, 0xF1, 0x63, 0x57, 0xAD, 0xC7, 0x55, 0xF4, 0x97, 0x43, 0x1C, 0xED,
|
|
+ 0x1B, 0x7A, 0x32, 0xCB, 0x24, 0xA6, 0x3D, 0x93, 0x37, 0x90, 0x74, 0xEE,
|
|
+ 0xD2, 0x8D, 0x4B, 0xBC, 0x72, 0xDA, 0x25, 0x2B, 0x64, 0xE9, 0xCA, 0x69,
|
|
+ 0x36, 0xB6, 0xEC, 0x6E, 0x8F, 0x33, 0x0E, 0x74, 0x40, 0x48, 0x51, 0xE2,
|
|
+ 0x54, 0x6F, 0xAF, 0x6E, 0x36, 0x54, 0x3A, 0xEC, 0x78, 0x37, 0xE6, 0x1F,
|
|
+ 0x76, 0xA5, 0x4D, 0xA6, 0xD9, 0xB3, 0x6B, 0x17, 0x6D, 0x61, 0xFC, 0xA3,
|
|
+ 0x85, 0x4A, 0xCC, 0xDA, 0x52, 0xAC, 0x5B, 0xDA, 0x51, 0xE5, 0x7F, 0x5B,
|
|
+ 0x52, 0x8B, 0x74, 0x75, 0x99, 0x5C, 0x01, 0xFD, 0x25, 0x3E, 0xCD, 0x86,
|
|
+ 0x6F, 0x7A, 0xC0, 0xD8, 0x17, 0x6F, 0xD1, 0xD2, 0x6B, 0xAB, 0x14, 0x1F,
|
|
+ 0x3B, 0xB8, 0x15, 0x05, 0x86, 0x40, 0x36, 0xCF, 0xDA, 0x59, 0x2B, 0x9A,
|
|
+ 0xE9, 0x1E, 0x6E, 0xD3, 0x6B, 0xA1, 0x19, 0xC5, 0xE6, 0x3F, 0xE9, 0x2E,
|
|
+ 0x43, 0xA8, 0x34, 0x0A
|
|
};
|
|
|
|
-static const unsigned char kat_RSA_X931_SHA1[] = {
|
|
- 0x86, 0xB4, 0x18, 0xBA, 0xD1, 0x80, 0xB6, 0x7C, 0x42, 0x45, 0x4D, 0xDF,
|
|
- 0xE9, 0x2D, 0xE1, 0x83, 0x5F, 0xB5, 0x2F, 0xC9, 0xCD, 0xC4, 0xB2, 0x75,
|
|
- 0x80, 0xA4, 0xF1, 0x4A, 0xE7, 0x83, 0x12, 0x1E, 0x1E, 0x14, 0xB8, 0xAC,
|
|
- 0x35, 0xE2, 0xAA, 0x0B, 0x5C, 0xF8, 0x38, 0x4D, 0x04, 0xEE, 0xA9, 0x97,
|
|
- 0x70, 0xFB, 0x5E, 0xE7, 0xB7, 0xE3, 0x62, 0x23, 0x4B, 0x38, 0xBE, 0xD6,
|
|
- 0x53, 0x15, 0xF7, 0xDF, 0x87, 0xB4, 0x0E, 0xCC, 0xB1, 0x1A, 0x11, 0x19,
|
|
- 0xEE, 0x51, 0xCC, 0x92, 0xDD, 0xBC, 0x63, 0x29, 0x63, 0x0C, 0x59, 0xD7,
|
|
- 0x6F, 0x4C, 0x3C, 0x37, 0x5B, 0x37, 0x03, 0x61, 0x7D, 0x24, 0x1C, 0x99,
|
|
- 0x48, 0xAF, 0x82, 0xFE, 0x32, 0x41, 0x9B, 0xB2, 0xDB, 0xEA, 0xED, 0x76,
|
|
- 0x8E, 0x6E, 0xCA, 0x7E, 0x4E, 0x14, 0xBA, 0x30, 0x84, 0x1C, 0xB3, 0x67,
|
|
- 0xA3, 0x29, 0x80, 0x70, 0x54, 0x68, 0x7D, 0x49
|
|
-};
|
|
+static int fips_rsa_encrypt_test(RSA *rsa, const unsigned char *plaintext, int ptlen)
|
|
+ {
|
|
+ unsigned char *ctbuf = NULL, *ptbuf = NULL;
|
|
+ int ret = 0;
|
|
+ int len;
|
|
|
|
-static const unsigned char kat_RSA_X931_SHA256[] = {
|
|
- 0x7E, 0xA2, 0x77, 0xFE, 0xB8, 0x54, 0x8A, 0xC7, 0x7F, 0x64, 0x54, 0x89,
|
|
- 0xE5, 0x52, 0x15, 0x8E, 0x52, 0x96, 0x4E, 0xA6, 0x58, 0x92, 0x1C, 0xDD,
|
|
- 0xEA, 0xA2, 0x2D, 0x5C, 0xD1, 0x62, 0x00, 0x49, 0x05, 0x95, 0x73, 0xCF,
|
|
- 0x16, 0x76, 0x68, 0xF6, 0xC6, 0x5E, 0x80, 0xB8, 0xB8, 0x7B, 0xC8, 0x9B,
|
|
- 0xC6, 0x53, 0x88, 0x26, 0x20, 0x88, 0x73, 0xB6, 0x13, 0xB8, 0xF0, 0x4B,
|
|
- 0x00, 0x85, 0xF3, 0xDD, 0x07, 0x50, 0xEB, 0x20, 0xC4, 0x38, 0x0E, 0x98,
|
|
- 0xAD, 0x4E, 0x49, 0x2C, 0xD7, 0x65, 0xA5, 0x19, 0x0E, 0x59, 0x01, 0xEC,
|
|
- 0x7E, 0x75, 0x89, 0x69, 0x2E, 0x63, 0x76, 0x85, 0x46, 0x8D, 0xA0, 0x8C,
|
|
- 0x33, 0x1D, 0x82, 0x8C, 0x03, 0xEA, 0x69, 0x88, 0x35, 0xA1, 0x42, 0xBD,
|
|
- 0x21, 0xED, 0x8D, 0xBC, 0xBC, 0xDB, 0x30, 0xFF, 0x86, 0xF0, 0x5B, 0xDC,
|
|
- 0xE3, 0xE2, 0xE8, 0x0A, 0x0A, 0x29, 0x94, 0x80
|
|
-};
|
|
+ ctbuf = OPENSSL_malloc(RSA_size(rsa));
|
|
+ if (!ctbuf)
|
|
+ goto err;
|
|
|
|
-static const unsigned char kat_RSA_X931_SHA384[] = {
|
|
- 0x5C, 0x7D, 0x96, 0x35, 0xEC, 0x7E, 0x11, 0x38, 0xBB, 0x7B, 0xEC, 0x7B,
|
|
- 0xF2, 0x82, 0x8E, 0x99, 0xBD, 0xEF, 0xD8, 0xAE, 0xD7, 0x39, 0x37, 0xCB,
|
|
- 0xE6, 0x4F, 0x5E, 0x0A, 0x13, 0xE4, 0x2E, 0x40, 0xB9, 0xBE, 0x2E, 0xE3,
|
|
- 0xEF, 0x78, 0x83, 0x18, 0x44, 0x35, 0x9C, 0x8E, 0xD7, 0x4A, 0x63, 0xF6,
|
|
- 0x57, 0xC2, 0xB0, 0x08, 0x51, 0x73, 0xCF, 0xCA, 0x99, 0x66, 0xEE, 0x31,
|
|
- 0xD8, 0x69, 0xE9, 0xAB, 0x13, 0x27, 0x7B, 0x41, 0x1E, 0x6D, 0x8D, 0xF1,
|
|
- 0x3E, 0x9C, 0x35, 0x95, 0x58, 0xDD, 0x2B, 0xD5, 0xA0, 0x60, 0x41, 0x79,
|
|
- 0x24, 0x22, 0xE4, 0xB7, 0xBF, 0x47, 0x53, 0xF6, 0x34, 0xD5, 0x7C, 0xFF,
|
|
- 0x0E, 0x09, 0xEE, 0x2E, 0xE2, 0x37, 0xB9, 0xDE, 0xC5, 0x12, 0x44, 0x35,
|
|
- 0xEF, 0x01, 0xE6, 0x5E, 0x39, 0x31, 0x2D, 0x71, 0xA5, 0xDC, 0xC6, 0x6D,
|
|
- 0xE2, 0xCD, 0x85, 0xDB, 0x73, 0x82, 0x65, 0x28
|
|
-};
|
|
+ len = RSA_public_encrypt(ptlen, plaintext, ctbuf, rsa, RSA_PKCS1_PADDING);
|
|
+ if (len <= 0)
|
|
+ goto err;
|
|
+ /* Check ciphertext doesn't match plaintext */
|
|
+ if (len >= ptlen && !memcmp(plaintext, ctbuf, ptlen))
|
|
+ goto err;
|
|
|
|
-static const unsigned char kat_RSA_X931_SHA512[] = {
|
|
- 0xA6, 0x65, 0xA2, 0x77, 0x4F, 0xB3, 0x86, 0xCB, 0x64, 0x3A, 0xC1, 0x63,
|
|
- 0xFC, 0xA1, 0xAA, 0xCB, 0x9B, 0x79, 0xDD, 0x4B, 0xE1, 0xD9, 0xDA, 0xAC,
|
|
- 0xE7, 0x47, 0x09, 0xB2, 0x11, 0x4B, 0x8A, 0xAA, 0x05, 0x9E, 0x77, 0xD7,
|
|
- 0x3A, 0xBD, 0x5E, 0x53, 0x09, 0x4A, 0xE6, 0x0F, 0x5E, 0xF9, 0x14, 0x28,
|
|
- 0xA0, 0x99, 0x74, 0x64, 0x70, 0x4E, 0xF2, 0xE3, 0xFA, 0xC7, 0xF8, 0xC5,
|
|
- 0x6E, 0x2B, 0x79, 0x96, 0x0D, 0x0C, 0xC8, 0x10, 0x34, 0x53, 0xD2, 0xAF,
|
|
- 0x17, 0x0E, 0xE0, 0xBF, 0x79, 0xF6, 0x04, 0x72, 0x10, 0xE0, 0xF6, 0xD0,
|
|
- 0xCE, 0x8A, 0x6F, 0xA1, 0x95, 0x89, 0xBF, 0x58, 0x8F, 0x46, 0x5F, 0x09,
|
|
- 0x9F, 0x09, 0xCA, 0x84, 0x15, 0x85, 0xE0, 0xED, 0x04, 0x2D, 0xFB, 0x7C,
|
|
- 0x36, 0x35, 0x21, 0x31, 0xC3, 0xFD, 0x92, 0x42, 0x11, 0x30, 0x71, 0x1B,
|
|
- 0x60, 0x83, 0x18, 0x88, 0xA3, 0xF5, 0x59, 0xC3
|
|
-};
|
|
+ ptbuf = OPENSSL_malloc(RSA_size(rsa));
|
|
+ if (!ptbuf)
|
|
+ goto err;
|
|
+
|
|
+ len = RSA_private_decrypt(len, ctbuf, ptbuf, rsa, RSA_PKCS1_PADDING);
|
|
+ if (len != ptlen)
|
|
+ goto err;
|
|
+ if (memcmp(ptbuf, plaintext, len))
|
|
+ goto err;
|
|
+
|
|
+ ret = 1;
|
|
|
|
+ err:
|
|
+ if (ctbuf)
|
|
+ OPENSSL_free(ctbuf);
|
|
+ if (ptbuf)
|
|
+ OPENSSL_free(ptbuf);
|
|
+ return ret;
|
|
+ }
|
|
|
|
int FIPS_selftest_rsa()
|
|
{
|
|
@@ -353,7 +487,7 @@ int FIPS_selftest_rsa()
|
|
if ((pk=EVP_PKEY_new()) == NULL)
|
|
goto err;
|
|
|
|
- EVP_PKEY_assign_RSA(pk, key);
|
|
+ EVP_PKEY_set1_RSA(pk, key);
|
|
|
|
if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1,
|
|
kat_RSA_SHA1, sizeof(kat_RSA_SHA1),
|
|
@@ -407,36 +541,15 @@ int FIPS_selftest_rsa()
|
|
"RSA SHA512 PSS"))
|
|
goto err;
|
|
|
|
-
|
|
- if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1,
|
|
- kat_RSA_X931_SHA1, sizeof(kat_RSA_X931_SHA1),
|
|
- EVP_sha1(), EVP_MD_CTX_FLAG_PAD_X931,
|
|
- "RSA SHA1 X931"))
|
|
- goto err;
|
|
- /* NB: SHA224 not supported in X9.31 */
|
|
- if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1,
|
|
- kat_RSA_X931_SHA256, sizeof(kat_RSA_X931_SHA256),
|
|
- EVP_sha256(), EVP_MD_CTX_FLAG_PAD_X931,
|
|
- "RSA SHA256 X931"))
|
|
- goto err;
|
|
- if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1,
|
|
- kat_RSA_X931_SHA384, sizeof(kat_RSA_X931_SHA384),
|
|
- EVP_sha384(), EVP_MD_CTX_FLAG_PAD_X931,
|
|
- "RSA SHA384 X931"))
|
|
- goto err;
|
|
- if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1,
|
|
- kat_RSA_X931_SHA512, sizeof(kat_RSA_X931_SHA512),
|
|
- EVP_sha512(), EVP_MD_CTX_FLAG_PAD_X931,
|
|
- "RSA SHA512 X931"))
|
|
+ if (!fips_rsa_encrypt_test(key, kat_tbs, sizeof(kat_tbs) - 1))
|
|
goto err;
|
|
|
|
-
|
|
ret = 1;
|
|
|
|
err:
|
|
if (pk)
|
|
EVP_PKEY_free(pk);
|
|
- else if (key)
|
|
+ if (key)
|
|
RSA_free(key);
|
|
return ret;
|
|
}
|
|
diff -up openssl-1.0.1i/crypto/fips/Makefile.fips-reqs openssl-1.0.1i/crypto/fips/Makefile
|
|
--- openssl-1.0.1i/crypto/fips/Makefile.fips-reqs 2014-08-13 19:58:06.809832370 +0200
|
|
+++ openssl-1.0.1i/crypto/fips/Makefile 2014-08-13 19:58:06.820832624 +0200
|
|
@@ -24,13 +24,15 @@ LIBSRC=fips_aes_selftest.c fips_des_self
|
|
fips_rsa_selftest.c fips_sha_selftest.c fips.c fips_dsa_selftest.c fips_rand.c \
|
|
fips_rsa_x931g.c fips_post.c fips_drbg_ctr.c fips_drbg_hash.c fips_drbg_hmac.c \
|
|
fips_drbg_lib.c fips_drbg_rand.c fips_drbg_selftest.c fips_rand_lib.c \
|
|
- fips_cmac_selftest.c fips_ecdh_selftest.c fips_ecdsa_selftest.c fips_enc.c fips_md.c
|
|
+ fips_cmac_selftest.c fips_ecdh_selftest.c fips_ecdsa_selftest.c fips_enc.c fips_md.c \
|
|
+ fips_dh_selftest.c
|
|
|
|
LIBOBJ=fips_aes_selftest.o fips_des_selftest.o fips_hmac_selftest.o fips_rand_selftest.o \
|
|
fips_rsa_selftest.o fips_sha_selftest.o fips.o fips_dsa_selftest.o fips_rand.o \
|
|
fips_rsa_x931g.o fips_post.o fips_drbg_ctr.o fips_drbg_hash.o fips_drbg_hmac.o \
|
|
fips_drbg_lib.o fips_drbg_rand.o fips_drbg_selftest.o fips_rand_lib.o \
|
|
- fips_cmac_selftest.o fips_ecdh_selftest.o fips_ecdsa_selftest.o fips_enc.o fips_md.o
|
|
+ fips_cmac_selftest.o fips_ecdh_selftest.o fips_ecdsa_selftest.o fips_enc.o fips_md.o \
|
|
+ fips_dh_selftest.o
|
|
|
|
LIBCRYPTO=-L.. -lcrypto
|
|
|
|
diff -up openssl-1.0.1i/crypto/modes/gcm128.c.fips-reqs openssl-1.0.1i/crypto/modes/gcm128.c
|
|
--- openssl-1.0.1i/crypto/modes/gcm128.c.fips-reqs 2014-08-13 19:58:06.740830781 +0200
|
|
+++ openssl-1.0.1i/crypto/modes/gcm128.c 2014-08-13 19:58:06.820832624 +0200
|
|
@@ -931,6 +931,10 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT
|
|
# endif
|
|
#endif
|
|
|
|
+ ctx->totlen += len;
|
|
+ if (ctx->totlen>(U64(1)<<36) || (sizeof(len)==8 && ctx->totlen<len))
|
|
+ return -1;
|
|
+
|
|
#if 0
|
|
n = (unsigned int)mlen%16; /* alternative to ctx->mres */
|
|
#endif
|
|
@@ -1294,6 +1298,10 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_C
|
|
# endif
|
|
#endif
|
|
|
|
+ ctx->totlen += len;
|
|
+ if (ctx->totlen>(U64(1)<<36) || (sizeof(len)==8 && ctx->totlen<len))
|
|
+ return -1;
|
|
+
|
|
mlen += len;
|
|
if (mlen>((U64(1)<<36)-32) || (sizeof(len)==8 && mlen<len))
|
|
return -1;
|
|
diff -up openssl-1.0.1i/crypto/modes/modes_lcl.h.fips-reqs openssl-1.0.1i/crypto/modes/modes_lcl.h
|
|
--- openssl-1.0.1i/crypto/modes/modes_lcl.h.fips-reqs 2014-08-13 19:58:06.410823180 +0200
|
|
+++ openssl-1.0.1i/crypto/modes/modes_lcl.h 2014-08-13 19:58:06.820832624 +0200
|
|
@@ -112,6 +112,7 @@ struct gcm128_context {
|
|
unsigned int mres, ares;
|
|
block128_f block;
|
|
void *key;
|
|
+ u64 totlen;
|
|
};
|
|
|
|
struct xts128_context {
|
|
diff -up openssl-1.0.1i/crypto/rand/rand_lcl.h.fips-reqs openssl-1.0.1i/crypto/rand/rand_lcl.h
|
|
--- openssl-1.0.1i/crypto/rand/rand_lcl.h.fips-reqs 2014-08-13 19:58:06.525825829 +0200
|
|
+++ openssl-1.0.1i/crypto/rand/rand_lcl.h 2014-08-13 19:58:06.820832624 +0200
|
|
@@ -112,7 +112,7 @@
|
|
#ifndef HEADER_RAND_LCL_H
|
|
#define HEADER_RAND_LCL_H
|
|
|
|
-#define ENTROPY_NEEDED 32 /* require 256 bits = 32 bytes of randomness */
|
|
+#define ENTROPY_NEEDED 48 /* require 384 bits = 48 bytes of randomness */
|
|
|
|
|
|
#if !defined(USE_MD5_RAND) && !defined(USE_SHA1_RAND) && !defined(USE_MDC2_RAND) && !defined(USE_MD2_RAND)
|
|
diff -up openssl-1.0.1i/crypto/rand/rand_lib.c.fips-reqs openssl-1.0.1i/crypto/rand/rand_lib.c
|
|
--- openssl-1.0.1i/crypto/rand/rand_lib.c.fips-reqs 2014-08-06 23:10:56.000000000 +0200
|
|
+++ openssl-1.0.1i/crypto/rand/rand_lib.c 2014-08-13 19:58:06.820832624 +0200
|
|
@@ -240,12 +240,24 @@ static int drbg_rand_add(DRBG_CTX *ctx,
|
|
double entropy)
|
|
{
|
|
RAND_SSLeay()->add(in, inlen, entropy);
|
|
+ if (FIPS_rand_status())
|
|
+ {
|
|
+ CRYPTO_w_lock(CRYPTO_LOCK_RAND);
|
|
+ FIPS_drbg_reseed(ctx, NULL, 0);
|
|
+ CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
|
|
+ }
|
|
return 1;
|
|
}
|
|
|
|
static int drbg_rand_seed(DRBG_CTX *ctx, const void *in, int inlen)
|
|
{
|
|
RAND_SSLeay()->seed(in, inlen);
|
|
+ if (FIPS_rand_status())
|
|
+ {
|
|
+ CRYPTO_w_lock(CRYPTO_LOCK_RAND);
|
|
+ FIPS_drbg_reseed(ctx, NULL, 0);
|
|
+ CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
|
|
+ }
|
|
return 1;
|
|
}
|
|
|
|
diff -up openssl-1.0.1i/crypto/rsa/rsa_gen.c.fips-reqs openssl-1.0.1i/crypto/rsa/rsa_gen.c
|
|
--- openssl-1.0.1i/crypto/rsa/rsa_gen.c.fips-reqs 2014-08-13 19:58:06.782831748 +0200
|
|
+++ openssl-1.0.1i/crypto/rsa/rsa_gen.c 2014-08-13 19:58:06.821832646 +0200
|
|
@@ -1,5 +1,6 @@
|
|
/* crypto/rsa/rsa_gen.c */
|
|
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
|
+ * Copyright (C) 2013 Red Hat, Inc.
|
|
* All rights reserved.
|
|
*
|
|
* This package is an SSL implementation written
|
|
@@ -165,6 +166,236 @@ int RSA_generate_key_ex(RSA *rsa, int bi
|
|
return rsa_builtin_keygen(rsa, bits, e_value, cb);
|
|
}
|
|
|
|
+#ifdef OPENSSL_FIPS
|
|
+static int FIPS_rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb)
|
|
+ {
|
|
+ BIGNUM *r0 = NULL, *r1 = NULL, *r2 = NULL, *r3 = NULL, *tmp;
|
|
+ BIGNUM local_r0, local_d, local_p;
|
|
+ BIGNUM *pr0, *d, *p;
|
|
+ BN_CTX *ctx = NULL;
|
|
+ int ok = -1;
|
|
+ int i;
|
|
+ int n = 0;
|
|
+ int test = 0;
|
|
+ int pbits = bits/2;
|
|
+
|
|
+ if(FIPS_selftest_failed())
|
|
+ {
|
|
+ FIPSerr(FIPS_F_RSA_BUILTIN_KEYGEN, FIPS_R_FIPS_SELFTEST_FAILED);
|
|
+ return 0;
|
|
+ }
|
|
+
|
|
+ if ((pbits & 0xFF) || (getenv("OPENSSL_ENFORCE_MODULUS_BITS") && bits != 2048 && bits != 3072))
|
|
+ {
|
|
+ FIPSerr(FIPS_F_RSA_BUILTIN_KEYGEN, FIPS_R_INVALID_KEY_LENGTH);
|
|
+ return 0;
|
|
+ }
|
|
+
|
|
+ ctx = BN_CTX_new();
|
|
+ if (ctx == NULL) goto err;
|
|
+ BN_CTX_start(ctx);
|
|
+ r0 = BN_CTX_get(ctx);
|
|
+ r1 = BN_CTX_get(ctx);
|
|
+ r2 = BN_CTX_get(ctx);
|
|
+ r3 = BN_CTX_get(ctx);
|
|
+
|
|
+ if (r3 == NULL) goto err;
|
|
+
|
|
+ /* We need the RSA components non-NULL */
|
|
+ if (!rsa->n && ((rsa->n=BN_new()) == NULL)) goto err;
|
|
+ if (!rsa->d && ((rsa->d=BN_new()) == NULL)) goto err;
|
|
+ if (!rsa->e && ((rsa->e=BN_new()) == NULL)) goto err;
|
|
+ if (!rsa->p && ((rsa->p=BN_new()) == NULL)) goto err;
|
|
+ if (!rsa->q && ((rsa->q=BN_new()) == NULL)) goto err;
|
|
+ if (!rsa->dmp1 && ((rsa->dmp1=BN_new()) == NULL)) goto err;
|
|
+ if (!rsa->dmq1 && ((rsa->dmq1=BN_new()) == NULL)) goto err;
|
|
+ if (!rsa->iqmp && ((rsa->iqmp=BN_new()) == NULL)) goto err;
|
|
+
|
|
+ if (!BN_set_word(r0, RSA_F4)) goto err;
|
|
+ if (BN_cmp(e_value, r0) < 0 || BN_num_bits(e_value) > 256)
|
|
+ {
|
|
+ ok = 0; /* we set our own err */
|
|
+ RSAerr(RSA_F_RSA_BUILTIN_KEYGEN,RSA_R_BAD_E_VALUE);
|
|
+ goto err;
|
|
+ }
|
|
+
|
|
+ /* prepare approximate minimum p and q */
|
|
+ if (!BN_set_word(r0, 0xB504F334)) goto err;
|
|
+ if (!BN_lshift(r0, r0, pbits - 32)) goto err;
|
|
+
|
|
+ /* prepare minimum p and q difference */
|
|
+ if (!BN_one(r3)) goto err;
|
|
+ if (!BN_lshift(r3, r3, pbits - 100)) goto err;
|
|
+
|
|
+ BN_copy(rsa->e, e_value);
|
|
+
|
|
+ if (!BN_is_zero(rsa->p) && !BN_is_zero(rsa->q))
|
|
+ test = 1;
|
|
+
|
|
+retry:
|
|
+ /* generate p and q */
|
|
+ for (i = 0; i < 5 * pbits; i++)
|
|
+ {
|
|
+ ploop:
|
|
+ if (!test)
|
|
+ if (!BN_rand(rsa->p, pbits, 0, 1)) goto err;
|
|
+ if (BN_cmp(rsa->p, r0) < 0)
|
|
+ {
|
|
+ if (test) goto err;
|
|
+ goto ploop;
|
|
+ }
|
|
+
|
|
+ if (!BN_sub(r2, rsa->p, BN_value_one())) goto err;
|
|
+ if (!BN_gcd(r1, r2, rsa->e, ctx)) goto err;
|
|
+ if (BN_is_one(r1))
|
|
+ {
|
|
+ int r;
|
|
+ r = BN_is_prime_fasttest_ex(rsa->p, pbits>1024?4:5, ctx, 0, cb);
|
|
+ if (r == -1 || (test && r <= 0)) goto err;
|
|
+ if (r > 0) break;
|
|
+ }
|
|
+
|
|
+ if(!BN_GENCB_call(cb, 2, n++))
|
|
+ goto err;
|
|
+ }
|
|
+
|
|
+ if(!BN_GENCB_call(cb, 3, 0))
|
|
+ goto err;
|
|
+
|
|
+ if(i >= 5*pbits)
|
|
+ /* prime not found */
|
|
+ goto err;
|
|
+
|
|
+ for (i = 0; i < 5 * pbits; i++)
|
|
+ {
|
|
+ qloop:
|
|
+ if (!test)
|
|
+ if (!BN_rand(rsa->q, pbits, 0, 1)) goto err;
|
|
+ if (BN_cmp(rsa->q, r0) < 0)
|
|
+ {
|
|
+ if (test) goto err;
|
|
+ goto qloop;
|
|
+ }
|
|
+ if (!BN_sub(r2, rsa->q, rsa->p)) goto err;
|
|
+ if (BN_ucmp(r2, r3) <= 0)
|
|
+ {
|
|
+ if (test) goto err;
|
|
+ goto qloop;
|
|
+ }
|
|
+
|
|
+ if (!BN_sub(r2, rsa->q, BN_value_one())) goto err;
|
|
+ if (!BN_gcd(r1, r2, rsa->e, ctx)) goto err;
|
|
+ if (BN_is_one(r1))
|
|
+ {
|
|
+ int r;
|
|
+ r = BN_is_prime_fasttest_ex(rsa->q, pbits>1024?4:5, ctx, 0, cb);
|
|
+ if (r == -1 || (test && r <= 0)) goto err;
|
|
+ if (r > 0) break;
|
|
+ }
|
|
+
|
|
+ if(!BN_GENCB_call(cb, 2, n++))
|
|
+ goto err;
|
|
+ }
|
|
+
|
|
+ if(!BN_GENCB_call(cb, 3, 1))
|
|
+ goto err;
|
|
+
|
|
+ if(i >= 5*pbits)
|
|
+ /* prime not found */
|
|
+ goto err;
|
|
+
|
|
+ if (test)
|
|
+ {
|
|
+ /* do not try to calculate the remaining key values */
|
|
+ BN_clear(rsa->n);
|
|
+ ok = 1;
|
|
+ goto err;
|
|
+ }
|
|
+
|
|
+ if (BN_cmp(rsa->p,rsa->q) < 0)
|
|
+ {
|
|
+ tmp=rsa->p;
|
|
+ rsa->p=rsa->q;
|
|
+ rsa->q=tmp;
|
|
+ }
|
|
+
|
|
+ /* calculate n */
|
|
+ if (!BN_mul(rsa->n,rsa->p,rsa->q,ctx)) goto err;
|
|
+
|
|
+ /* calculate d */
|
|
+ if (!BN_sub(r1,rsa->p,BN_value_one())) goto err; /* p-1 */
|
|
+ if (!BN_sub(r2,rsa->q,BN_value_one())) goto err; /* q-1 */
|
|
+
|
|
+ if (!BN_gcd(r0, r1, r2, ctx)) goto err;
|
|
+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
|
|
+ {
|
|
+ pr0 = &local_r0;
|
|
+ BN_with_flags(pr0, r0, BN_FLG_CONSTTIME);
|
|
+ }
|
|
+ else
|
|
+ pr0 = r0;
|
|
+ if (!BN_div(r0, NULL, r1, pr0, ctx)) goto err;
|
|
+ if (!BN_mul(r0,r0,r2,ctx)) goto err; /* lcm(p-1, q-1) */
|
|
+
|
|
+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
|
|
+ {
|
|
+ pr0 = &local_r0;
|
|
+ BN_with_flags(pr0, r0, BN_FLG_CONSTTIME);
|
|
+ }
|
|
+ else
|
|
+ pr0 = r0;
|
|
+ if (!BN_mod_inverse(rsa->d,rsa->e,pr0,ctx)) goto err; /* d */
|
|
+
|
|
+ if (BN_num_bits(rsa->d) < pbits) goto retry; /* d is too small */
|
|
+
|
|
+ /* set up d for correct BN_FLG_CONSTTIME flag */
|
|
+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
|
|
+ {
|
|
+ d = &local_d;
|
|
+ BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);
|
|
+ }
|
|
+ else
|
|
+ d = rsa->d;
|
|
+
|
|
+ /* calculate d mod (p-1) */
|
|
+ if (!BN_mod(rsa->dmp1,d,r1,ctx)) goto err;
|
|
+
|
|
+ /* calculate d mod (q-1) */
|
|
+ if (!BN_mod(rsa->dmq1,d,r2,ctx)) goto err;
|
|
+
|
|
+ /* calculate inverse of q mod p */
|
|
+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
|
|
+ {
|
|
+ p = &local_p;
|
|
+ BN_with_flags(p, rsa->p, BN_FLG_CONSTTIME);
|
|
+ }
|
|
+ else
|
|
+ p = rsa->p;
|
|
+ if (!BN_mod_inverse(rsa->iqmp,rsa->q,p,ctx)) goto err;
|
|
+
|
|
+ if (fips_rsa_pairwise_fail)
|
|
+ BN_add_word(rsa->n, 1);
|
|
+
|
|
+ if(!fips_check_rsa(rsa))
|
|
+ goto err;
|
|
+
|
|
+ ok=1;
|
|
+err:
|
|
+ if (ok == -1)
|
|
+ {
|
|
+ RSAerr(RSA_F_RSA_BUILTIN_KEYGEN,ERR_LIB_BN);
|
|
+ ok = 0;
|
|
+ }
|
|
+ if (ctx != NULL)
|
|
+ {
|
|
+ BN_CTX_end(ctx);
|
|
+ BN_CTX_free(ctx);
|
|
+ }
|
|
+
|
|
+ return ok;
|
|
+ }
|
|
+#endif
|
|
+
|
|
static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb)
|
|
{
|
|
BIGNUM *r0=NULL,*r1=NULL,*r2=NULL,*r3=NULL,*tmp;
|
|
@@ -176,17 +407,12 @@ static int rsa_builtin_keygen(RSA *rsa,
|
|
#ifdef OPENSSL_FIPS
|
|
if (FIPS_module_mode())
|
|
{
|
|
- if(FIPS_selftest_failed())
|
|
- {
|
|
- FIPSerr(FIPS_F_RSA_BUILTIN_KEYGEN,FIPS_R_FIPS_SELFTEST_FAILED);
|
|
- return 0;
|
|
- }
|
|
-
|
|
if (bits < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS)
|
|
{
|
|
FIPSerr(FIPS_F_RSA_BUILTIN_KEYGEN,FIPS_R_KEY_TOO_SHORT);
|
|
return 0;
|
|
}
|
|
+ return FIPS_rsa_builtin_keygen(rsa, bits, e_value, cb);
|
|
}
|
|
#endif
|
|
|
|
@@ -301,17 +527,6 @@ static int rsa_builtin_keygen(RSA *rsa,
|
|
p = rsa->p;
|
|
if (!BN_mod_inverse(rsa->iqmp,rsa->q,p,ctx)) goto err;
|
|
|
|
-#ifdef OPENSSL_FIPS
|
|
- if (FIPS_module_mode())
|
|
- {
|
|
- if (fips_rsa_pairwise_fail)
|
|
- BN_add_word(rsa->n, 1);
|
|
-
|
|
- if(!fips_check_rsa(rsa))
|
|
- goto err;
|
|
- }
|
|
-#endif
|
|
-
|
|
ok=1;
|
|
err:
|
|
if (ok == -1)
|
|
diff -up openssl-1.0.1i/ssl/t1_enc.c.fips-reqs openssl-1.0.1i/ssl/t1_enc.c
|
|
--- openssl-1.0.1i/ssl/t1_enc.c.fips-reqs 2014-08-06 23:10:56.000000000 +0200
|
|
+++ openssl-1.0.1i/ssl/t1_enc.c 2014-08-13 19:58:06.821832646 +0200
|
|
@@ -291,6 +291,27 @@ static int tls1_PRF(long digest_mask,
|
|
err:
|
|
return ret;
|
|
}
|
|
+
|
|
+int private_tls1_PRF(long digest_mask,
|
|
+ const void *seed1, int seed1_len,
|
|
+ const void *seed2, int seed2_len,
|
|
+ const void *seed3, int seed3_len,
|
|
+ const void *seed4, int seed4_len,
|
|
+ const void *seed5, int seed5_len,
|
|
+ const unsigned char *sec, int slen,
|
|
+ unsigned char *out1,
|
|
+ unsigned char *out2, int olen)
|
|
+ {
|
|
+ return tls1_PRF(digest_mask,
|
|
+ seed1, seed1_len,
|
|
+ seed2, seed2_len,
|
|
+ seed3, seed3_len,
|
|
+ seed4, seed4_len,
|
|
+ seed5, seed5_len,
|
|
+ sec, slen,
|
|
+ out1, out2, olen);
|
|
+ }
|
|
+
|
|
static int tls1_generate_key_block(SSL *s, unsigned char *km,
|
|
unsigned char *tmp, int num)
|
|
{
|