From f7fd43402c73dcc2d8fced1fca60f7da9a3a2a45 Mon Sep 17 00:00:00 2001 From: slontis Date: Mon, 19 Aug 2024 12:01:53 +1000 Subject: [PATCH] Update FIPS 140-3 self tests Cleanup + remove a few tests that are not required. Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/25222) --- providers/fips/self_test_data.inc | 91 +++++++------------------------ 1 file changed, 21 insertions(+), 70 deletions(-) diff --git a/providers/fips/self_test_data.inc b/providers/fips/self_test_data.inc index 04802422a5c..65ed70f4064 100644 --- a/providers/fips/self_test_data.inc +++ b/providers/fips/self_test_data.inc @@ -7,6 +7,15 @@ * https://www.openssl.org/source/license.html */ +/* + * This file contains self test data required by FIPS 140-3 IG + * 10.3.A Cryptographic Algorithm Self test Requirements + * + * Note that in the 'General CAST requirements': Note33 Allows individual + * self tests for low level algorithms (such as digests) to be omitted, if + * they are tested as part of a higher level algorithm (such as HMAC). + */ + /* Macros to build Self test data */ #define ITM(x) ((void *)&x), sizeof(x) #define ITM_STR(x) ((void *)&x), (sizeof(x) - 1) @@ -137,13 +146,7 @@ typedef struct st_kat_asym_cipher_st { size_t expected_len; } ST_KAT_ASYM_CIPHER; -/*- DIGEST TEST DATA */ -static const unsigned char sha1_pt[] = "abc"; -static const unsigned char sha1_digest[] = { - 0xA9, 0x99, 0x3E, 0x36, 0x47, 0x06, 0x81, 0x6A, 0xBA, 0x3E, 0x25, 0x71, - 0x78, 0x50, 0xC2, 0x6C, 0x9C, 0xD0, 0xD8, 0x9D -}; - +/*- DIGEST SELF TEST DATA */ static const unsigned char sha512_pt[] = "abc"; static const unsigned char sha512_digest[] = { 0xDD, 0xAF, 0x35, 0xA1, 0x93, 0x61, 0x7A, 0xBA, 0xCC, 0x41, 0x73, 0x49, @@ -160,14 +163,13 @@ static const unsigned char sha3_256_digest[] = { 0x89, 0x77, 0x7f, 0x05, 0x1e, 0x40, 0x46, 0xae }; +/* + * Note: + * SHA1 and SHA256 are tested by higher level algorithms so a + * CAST is not needed. + */ static const ST_KAT_DIGEST st_kat_digest_tests[] = { - { - OSSL_SELF_TEST_DESC_MD_SHA1, - "SHA1", - ITM_STR(sha1_pt), - ITM(sha1_digest), - }, { OSSL_SELF_TEST_DESC_MD_SHA2, "SHA512", @@ -429,7 +431,7 @@ static const unsigned char pbkdf2_expected[] = { 0x1c }; static int pbkdf2_iterations = 4096; -static int pbkdf2_pkcs5 = 0; +static int pbkdf2_pkcs5 = 0; /* Enable compliance checks */ static const ST_KAT_PARAM pbkdf2_params[] = { ST_KAT_PARAM_UTF8STRING(OSSL_KDF_PARAM_DIGEST, pbkdf2_digest), ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_PASSWORD, pbkdf2_password), @@ -439,49 +441,6 @@ static const ST_KAT_PARAM pbkdf2_params[] = { ST_KAT_PARAM_END() }; -static const char sshkdf_digest[] = "SHA1"; -static const char sshkdf_type = EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV; -static const unsigned char sshkdf_key[] = { - 0x00, 0x00, 0x00, 0x80, 0x55, 0xba, 0xe9, 0x31, - 0xc0, 0x7f, 0xd8, 0x24, 0xbf, 0x10, 0xad, 0xd1, - 0x90, 0x2b, 0x6f, 0xbc, 0x7c, 0x66, 0x53, 0x47, - 0x38, 0x34, 0x98, 0xa6, 0x86, 0x92, 0x9f, 0xf5, - 0xa2, 0x5f, 0x8e, 0x40, 0xcb, 0x66, 0x45, 0xea, - 0x81, 0x4f, 0xb1, 0xa5, 0xe0, 0xa1, 0x1f, 0x85, - 0x2f, 0x86, 0x25, 0x56, 0x41, 0xe5, 0xed, 0x98, - 0x6e, 0x83, 0xa7, 0x8b, 0xc8, 0x26, 0x94, 0x80, - 0xea, 0xc0, 0xb0, 0xdf, 0xd7, 0x70, 0xca, 0xb9, - 0x2e, 0x7a, 0x28, 0xdd, 0x87, 0xff, 0x45, 0x24, - 0x66, 0xd6, 0xae, 0x86, 0x7c, 0xea, 0xd6, 0x3b, - 0x36, 0x6b, 0x1c, 0x28, 0x6e, 0x6c, 0x48, 0x11, - 0xa9, 0xf1, 0x4c, 0x27, 0xae, 0xa1, 0x4c, 0x51, - 0x71, 0xd4, 0x9b, 0x78, 0xc0, 0x6e, 0x37, 0x35, - 0xd3, 0x6e, 0x6a, 0x3b, 0xe3, 0x21, 0xdd, 0x5f, - 0xc8, 0x23, 0x08, 0xf3, 0x4e, 0xe1, 0xcb, 0x17, - 0xfb, 0xa9, 0x4a, 0x59, -}; -static const unsigned char sshkdf_xcghash[] = { - 0xa4, 0xeb, 0xd4, 0x59, 0x34, 0xf5, 0x67, 0x92, - 0xb5, 0x11, 0x2d, 0xcd, 0x75, 0xa1, 0x07, 0x5f, - 0xdc, 0x88, 0x92, 0x45, -}; -static const unsigned char sshkdf_session_id[] = { - 0xa4, 0xeb, 0xd4, 0x59, 0x34, 0xf5, 0x67, 0x92, - 0xb5, 0x11, 0x2d, 0xcd, 0x75, 0xa1, 0x07, 0x5f, - 0xdc, 0x88, 0x92, 0x45, -}; -static const unsigned char sshkdf_expected[] = { - 0xe2, 0xf6, 0x27, 0xc0, 0xb4, 0x3f, 0x1a, 0xc1, -}; -static const ST_KAT_PARAM sshkdf_params[] = { - ST_KAT_PARAM_UTF8STRING(OSSL_KDF_PARAM_DIGEST, sshkdf_digest), - ST_KAT_PARAM_UTF8CHAR(OSSL_KDF_PARAM_SSHKDF_TYPE, sshkdf_type), - ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_KEY, sshkdf_key), - ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_SSHKDF_XCGHASH, sshkdf_xcghash), - ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_SSHKDF_SESSION_ID, sshkdf_session_id), - ST_KAT_PARAM_END() -}; - static const char tls12prf_digest[] = "SHA256"; static const unsigned char tls12prf_secret[] = { 0x20, 0x2c, 0x88, 0xc0, 0x0f, 0x84, 0xa1, 0x7a, @@ -629,6 +588,11 @@ static const ST_KAT_PARAM tls13_kdf_client_early_secret_params[] = { ST_KAT_PARAM_END() }; +/* + * NOTES: + * According to FIPS 140-3 10.3.A Note18: SSH KDF is not required, since it is + * sufficient to self-test the underlying SHA hash functions. + */ static const ST_KAT_KDF st_kat_kdf_tests[] = { { @@ -655,12 +619,6 @@ static const ST_KAT_KDF st_kat_kdf_tests[] = pbkdf2_params, ITM(pbkdf2_expected) }, - { - OSSL_SELF_TEST_DESC_KDF_SSHKDF, - OSSL_KDF_NAME_SSHKDF, - sshkdf_params, - ITM(sshkdf_expected) - }, { OSSL_SELF_TEST_DESC_KDF_KBKDF, OSSL_KDF_NAME_KBKDF, @@ -1654,12 +1612,6 @@ static const unsigned char dsa_pub[] = { 0xe5, 0x1b, 0x16, 0xa4, 0xe3, 0x92, 0x15, 0xea, 0x0b, 0x17, 0xc4, 0x73, 0x59, 0x74, 0xc5, 0x16 }; -static const unsigned char dsa_priv[] = { - 0x6c, 0xca, 0xee, 0xf6, 0xd7, 0x3b, 0x4e, 0x80, - 0xf1, 0x1c, 0x17, 0xb8, 0xe9, 0x62, 0x7c, 0x03, - 0x66, 0x35, 0xba, 0xc3, 0x94, 0x23, 0x50, 0x5e, - 0x40, 0x7e, 0x5c, 0xb7 -}; static const unsigned char dsa_expected_sig[] = { 0x30, 0x3c, 0x02, 0x1c, 0x69, 0xc6, 0xd6, 0x9e, 0x2b, 0x91, 0xea, 0x72, 0xb3, 0x8b, 0x7c, 0x57, @@ -1676,7 +1628,6 @@ static const ST_KAT_PARAM dsa_key[] = { ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_FFC_Q, dsa_q), ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_FFC_G, dsa_g), ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_PUB_KEY, dsa_pub), - ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_PRIV_KEY, dsa_priv), ST_KAT_PARAM_END() }; #endif /* OPENSSL_NO_DSA */ -- 2.47.2