From: Simo Sorce Date: Wed, 17 Dec 2025 21:38:51 +0000 (-0500) Subject: fips: Reorder self-tests by complexity X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7f788e575aa181eea96d2a14b0f6e94490c1a03b;p=thirdparty%2Fopenssl.git fips: Reorder self-tests by complexity Reorganize the FIPS self-tests to group them by complexity. The new order groups tests so that more complex ones are executed before less complex one when all tests are run on_demand, improving the odds that lower level tests are implicitly executed as part of higher level tests and therefore reducing the amount of time spent running redundant tests. Signed-off-by: Simo Sorce Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/29222) --- diff --git a/include/internal/fips.h b/include/internal/fips.h index c62865ebd9b..ec145dbec21 100644 --- a/include/internal/fips.h +++ b/include/internal/fips.h @@ -24,14 +24,22 @@ int ossl_fips_self_testing(void); * adjusted accordingly. */ typedef enum { - ST_ID_DIGEST_SHA1, - ST_ID_DIGEST_SHA256, - ST_ID_DIGEST_SHA512, - ST_ID_DIGEST_SHA3_256, + ST_ID_DRBG_HASH, + ST_ID_DRBG_CTR, + ST_ID_DRBG_HMAC, ST_ID_CIPHER_AES_256_GCM, ST_ID_CIPHER_AES_128_ECB, #ifndef OPENSSL_NO_DES ST_ID_CIPHER_DES_EDE3_ECB, +#endif +#ifndef OPENSSL_NO_ML_KEM + ST_ID_ASYM_KEYGEN_ML_KEM, +#endif +#ifndef OPENSSL_NO_ML_DSA + ST_ID_ASYM_KEYGEN_ML_DSA, +#endif +#ifndef OPENSSL_NO_SLH_DSA + ST_ID_ASYM_KEYGEN_SLH_DSA, #endif ST_ID_SIG_RSA_SHA256, #ifndef OPENSSL_NO_EC @@ -59,6 +67,18 @@ typedef enum { #endif /* OPENSSL_NO_SLH_DSA */ #ifndef OPENSSL_NO_LMS ST_ID_SIG_LMS, +#endif +#ifndef OPENSSL_NO_ML_KEM + ST_ID_KEM_ML_KEM, +#endif + ST_ID_ASYM_CIPHER_RSA_ENC, + ST_ID_ASYM_CIPHER_RSA_DEC, + ST_ID_ASYM_CIPHER_RSA_DEC_CRT, +#ifndef OPENSSL_NO_DH + ST_ID_KA_DH, +#endif +#ifndef OPENSSL_NO_EC + ST_ID_KA_ECDH, #endif ST_ID_KDF_TLS13_EXTRACT, ST_ID_KDF_TLS13_EXPAND, @@ -84,31 +104,11 @@ typedef enum { #ifndef OPENSSL_NO_X942KDF ST_ID_KDF_X942KDF, #endif - ST_ID_DRBG_HASH, - ST_ID_DRBG_CTR, - ST_ID_DRBG_HMAC, -#ifndef OPENSSL_NO_DH - ST_ID_KA_DH, -#endif -#ifndef OPENSSL_NO_EC - ST_ID_KA_ECDH, -#endif -#ifndef OPENSSL_NO_ML_KEM - ST_ID_ASYM_KEYGEN_ML_KEM, -#endif -#ifndef OPENSSL_NO_ML_DSA - ST_ID_ASYM_KEYGEN_ML_DSA, -#endif -#ifndef OPENSSL_NO_SLH_DSA - ST_ID_ASYM_KEYGEN_SLH_DSA, -#endif -#ifndef OPENSSL_NO_ML_KEM - ST_ID_KEM_ML_KEM, -#endif - ST_ID_ASYM_CIPHER_RSA_ENC, - ST_ID_ASYM_CIPHER_RSA_DEC, - ST_ID_ASYM_CIPHER_RSA_DEC_CRT, ST_ID_MAC_HMAC, + ST_ID_DIGEST_SHA1, + ST_ID_DIGEST_SHA256, + ST_ID_DIGEST_SHA512, + ST_ID_DIGEST_SHA3_256, ST_ID_MAX } self_test_id_t; diff --git a/providers/fips/self_test_data.c b/providers/fips/self_test_data.c index 59758a76175..fe77f1d0edf 100644 --- a/providers/fips/self_test_data.c +++ b/providers/fips/self_test_data.c @@ -3332,40 +3332,61 @@ static const ST_KAT_PARAM hmac_kat_params[] = { ST_DEFINITION st_all_tests[ST_ID_MAX] = { { - ST_ID_DIGEST_SHA1, - "SHA1", - OSSL_SELF_TEST_DESC_MD_SHA1, - SELF_TEST_KAT_DIGEST, - SELF_TEST_STATE_INIT, - ITM_BUF_STR(sha1_pt), - ITM_BUF(sha1_digest), - }, - { - ST_ID_DIGEST_SHA256, - "SHA256", - OSSL_SELF_TEST_DESC_MD_SHA2, - SELF_TEST_KAT_DIGEST, + ST_ID_DRBG_HASH, + "HASH-DRBG", + OSSL_SELF_TEST_DESC_DRBG_HASH, + SELF_TEST_DRBG, SELF_TEST_STATE_INIT, - ITM_BUF_STR(sha256_pt), - ITM_BUF(sha256_digest), + .expected = ITM_BUF(drbg_hash_sha256_pr_expected), + .u.drbg = { + "digest", + "SHA256", + ITM_BUF(drbg_hash_sha256_pr_entropyin), + ITM_BUF(drbg_hash_sha256_pr_nonce), + ITM_BUF(drbg_hash_sha256_pr_persstr), + ITM_BUF(drbg_hash_sha256_pr_entropyinpr0), + ITM_BUF(drbg_hash_sha256_pr_entropyinpr1), + ITM_BUF(drbg_hash_sha256_pr_addin0), + ITM_BUF(drbg_hash_sha256_pr_addin1), + }, }, { - ST_ID_DIGEST_SHA512, - "SHA512", - OSSL_SELF_TEST_DESC_MD_SHA2, - SELF_TEST_KAT_DIGEST, + ST_ID_DRBG_CTR, + "CTR-DRBG", + OSSL_SELF_TEST_DESC_DRBG_CTR, + SELF_TEST_DRBG, SELF_TEST_STATE_INIT, - ITM_BUF_STR(sha512_pt), - ITM_BUF(sha512_digest), + .expected = ITM_BUF(drbg_ctr_aes128_pr_df_expected), + .u.drbg = { + "cipher", + "AES-128-CTR", + ITM_BUF(drbg_ctr_aes128_pr_df_entropyin), + ITM_BUF(drbg_ctr_aes128_pr_df_nonce), + ITM_BUF(drbg_ctr_aes128_pr_df_persstr), + ITM_BUF(drbg_ctr_aes128_pr_df_entropyinpr0), + ITM_BUF(drbg_ctr_aes128_pr_df_entropyinpr1), + ITM_BUF(drbg_ctr_aes128_pr_df_addin0), + ITM_BUF(drbg_ctr_aes128_pr_df_addin1), + }, }, { - ST_ID_DIGEST_SHA3_256, - "SHA3-256", - OSSL_SELF_TEST_DESC_MD_SHA3, - SELF_TEST_KAT_DIGEST, + ST_ID_DRBG_HMAC, + "HMAC-DRBG", + OSSL_SELF_TEST_DESC_DRBG_HMAC, + SELF_TEST_DRBG, SELF_TEST_STATE_INIT, - ITM_BUF(sha3_256_pt), - ITM_BUF(sha3_256_digest), + .expected = ITM_BUF(drbg_hmac_sha2_pr_expected), + .u.drbg = { + "digest", + "SHA256", + ITM_BUF(drbg_hmac_sha2_pr_entropyin), + ITM_BUF(drbg_hmac_sha2_pr_nonce), + ITM_BUF(drbg_hmac_sha2_pr_persstr), + ITM_BUF(drbg_hmac_sha2_pr_entropyinpr0), + ITM_BUF(drbg_hmac_sha2_pr_entropyinpr1), + ITM_BUF(drbg_hmac_sha2_pr_addin0), + ITM_BUF(drbg_hmac_sha2_pr_addin1), + }, }, { ST_ID_CIPHER_AES_256_GCM, @@ -3380,7 +3401,8 @@ ST_DEFINITION st_all_tests[ST_ID_MAX] = { ITM_BUF(aes_256_gcm_key), ITM_BUF(aes_256_gcm_iv), ITM_BUF(aes_256_gcm_aad), - ITM_BUF(aes_256_gcm_tag) }, + ITM_BUF(aes_256_gcm_tag), + }, }, { ST_ID_CIPHER_AES_128_ECB, @@ -3410,6 +3432,49 @@ ST_DEFINITION st_all_tests[ST_ID_MAX] = { ITM_BUF(tdes_key), }, }, +#endif +#ifndef OPENSSL_NO_ML_KEM + /* + * FIPS 140-3 IG 10.3.A resolution 14 mandates a CAST for ML-KEM + * key generation. + */ + { + ST_ID_ASYM_KEYGEN_ML_KEM, + "ML-KEM-512", + OSSL_SELF_TEST_DESC_KEYGEN_ML_KEM, + SELF_TEST_KAT_ASYM_KEYGEN, + SELF_TEST_STATE_INIT, + .u.akgen = { + ml_kem_keygen_params, + ml_kem_key, + }, + }, +#endif +#ifndef OPENSSL_NO_ML_DSA + { + ST_ID_ASYM_KEYGEN_ML_DSA, + "ML-DSA-65", + OSSL_SELF_TEST_DESC_KEYGEN_ML_DSA, + SELF_TEST_KAT_ASYM_KEYGEN, + SELF_TEST_STATE_INIT, + .u.akgen = { + ml_dsa_keygen_params, + ml_dsa_key, + }, + }, +#endif +#ifndef OPENSSL_NO_SLH_DSA + { + ST_ID_ASYM_KEYGEN_SLH_DSA, + "SLH-DSA-SHA2-128f", + OSSL_SELF_TEST_DESC_KEYGEN_SLH_DSA, + SELF_TEST_KAT_ASYM_KEYGEN, + SELF_TEST_STATE_INIT, + .u.akgen = { + slh_dsa_sha2_128f_keygen_init_params, + slh_dsa_128f_keygen_expected_params, + }, + }, #endif { ST_ID_SIG_RSA_SHA256, @@ -3619,7 +3684,98 @@ ST_DEFINITION st_all_tests[ST_ID_MAX] = { lms_key, }, }, -#endif /* OPENSSL_NO_LMS */ +#endif +#ifndef OPENSSL_NO_ML_KEM + { + ST_ID_KEM_ML_KEM, + "ML-KEM-512", + OSSL_SELF_TEST_DESC_KEM, + SELF_TEST_KAT_KEM, + SELF_TEST_STATE_INIT, + .u.kem = { + ml_kem_key, + ITM_BUF(ml_kem_512_cipher_text), + ITM_BUF(ml_kem_512_entropy), + ITM_BUF(ml_kem_512_secret), + ITM_BUF(ml_kem_512_reject_secret), + }, + }, +#endif + { + ST_ID_ASYM_CIPHER_RSA_ENC, + "RSA", + OSSL_SELF_TEST_DESC_ASYM_RSA_ENC, + SELF_TEST_KAT_ASYM_CIPHER, + SELF_TEST_STATE_INIT, + ITM_BUF(rsa_asym_plaintext_encrypt), + ITM_BUF(rsa_asym_expected_encrypt), + .u.ac = { + 1, + rsa_pub_key, + rsa_enc_params, + }, + .depends_on = rsaenc_depends_on, + }, + { + ST_ID_ASYM_CIPHER_RSA_DEC, + "RSA", + OSSL_SELF_TEST_DESC_ASYM_RSA_DEC, + SELF_TEST_KAT_ASYM_CIPHER, + SELF_TEST_STATE_INIT, + ITM_BUF(rsa_asym_expected_encrypt), + ITM_BUF(rsa_asym_plaintext_encrypt), + .u.ac = { + 0, + rsa_priv_key, + rsa_enc_params, + }, + .depends_on = rsaenc_depends_on, + }, + { + ST_ID_ASYM_CIPHER_RSA_DEC_CRT, + "RSA", + OSSL_SELF_TEST_DESC_ASYM_RSA_DEC, + SELF_TEST_KAT_ASYM_CIPHER, + SELF_TEST_STATE_INIT, + ITM_BUF(rsa_asym_expected_encrypt), + ITM_BUF(rsa_asym_plaintext_encrypt), + .u.ac = { + 0, + rsa_crt_key, + rsa_enc_params, + }, + .depends_on = rsaenc_depends_on, + }, +#ifndef OPENSSL_NO_DH + { + ST_ID_KA_DH, + "DH", + OSSL_SELF_TEST_DESC_KA_DH, + SELF_TEST_KAT_KAS, + SELF_TEST_STATE_INIT, + .expected = ITM_BUF(dh_secret_expected), + .u.kas = { + dh_group, + dh_host_key, + dh_peer_key, + }, + }, +#endif +#ifndef OPENSSL_NO_EC + { + ST_ID_KA_ECDH, + "EC", + OSSL_SELF_TEST_DESC_KA_ECDH, + SELF_TEST_KAT_KAS, + SELF_TEST_STATE_INIT, + .expected = ITM_BUF(ecdh_secret_expected), + .u.kas = { + ecdh_group, + ecdh_host_key, + ecdh_peer_key, + }, + }, +#endif { ST_ID_KDF_TLS13_EXTRACT, OSSL_KDF_NAME_TLS1_3_KDF, @@ -3766,206 +3922,51 @@ ST_DEFINITION st_all_tests[ST_ID_MAX] = { }, #endif { - ST_ID_DRBG_HASH, - "HASH-DRBG", - OSSL_SELF_TEST_DESC_DRBG_HASH, - SELF_TEST_DRBG, - SELF_TEST_STATE_INIT, - .expected = ITM_BUF(drbg_hash_sha256_pr_expected), - .u.drbg = { - "digest", - "SHA256", - ITM_BUF(drbg_hash_sha256_pr_entropyin), - ITM_BUF(drbg_hash_sha256_pr_nonce), - ITM_BUF(drbg_hash_sha256_pr_persstr), - ITM_BUF(drbg_hash_sha256_pr_entropyinpr0), - ITM_BUF(drbg_hash_sha256_pr_entropyinpr1), - ITM_BUF(drbg_hash_sha256_pr_addin0), - ITM_BUF(drbg_hash_sha256_pr_addin1), - }, - }, - { - ST_ID_DRBG_CTR, - "CTR-DRBG", - OSSL_SELF_TEST_DESC_DRBG_CTR, - SELF_TEST_DRBG, - SELF_TEST_STATE_INIT, - .expected = ITM_BUF(drbg_ctr_aes128_pr_df_expected), - .u.drbg = { - "cipher", - "AES-128-CTR", - ITM_BUF(drbg_ctr_aes128_pr_df_entropyin), - ITM_BUF(drbg_ctr_aes128_pr_df_nonce), - ITM_BUF(drbg_ctr_aes128_pr_df_persstr), - ITM_BUF(drbg_ctr_aes128_pr_df_entropyinpr0), - ITM_BUF(drbg_ctr_aes128_pr_df_entropyinpr1), - ITM_BUF(drbg_ctr_aes128_pr_df_addin0), - ITM_BUF(drbg_ctr_aes128_pr_df_addin1), - }, - }, - { - ST_ID_DRBG_HMAC, - "HMAC-DRBG", - OSSL_SELF_TEST_DESC_DRBG_HMAC, - SELF_TEST_DRBG, - SELF_TEST_STATE_INIT, - .expected = ITM_BUF(drbg_hmac_sha2_pr_expected), - .u.drbg = { - "digest", - "SHA256", - ITM_BUF(drbg_hmac_sha2_pr_entropyin), - ITM_BUF(drbg_hmac_sha2_pr_nonce), - ITM_BUF(drbg_hmac_sha2_pr_persstr), - ITM_BUF(drbg_hmac_sha2_pr_entropyinpr0), - ITM_BUF(drbg_hmac_sha2_pr_entropyinpr1), - ITM_BUF(drbg_hmac_sha2_pr_addin0), - ITM_BUF(drbg_hmac_sha2_pr_addin1), - }, - }, -#ifndef OPENSSL_NO_DH - { - ST_ID_KA_DH, - "DH", - OSSL_SELF_TEST_DESC_KA_DH, - SELF_TEST_KAT_KAS, - SELF_TEST_STATE_INIT, - .expected = ITM_BUF(dh_secret_expected), - .u.kas = { - dh_group, - dh_host_key, - dh_peer_key, - }, - }, -#endif -#ifndef OPENSSL_NO_EC - { - ST_ID_KA_ECDH, - "EC", - OSSL_SELF_TEST_DESC_KA_ECDH, - SELF_TEST_KAT_KAS, - SELF_TEST_STATE_INIT, - .expected = ITM_BUF(ecdh_secret_expected), - .u.kas = { - ecdh_group, - ecdh_host_key, - ecdh_peer_key, - }, - }, -#endif -#ifndef OPENSSL_NO_ML_KEM - /* - * FIPS 140-3 IG 10.3.A resolution 14 mandates a CAST for ML-KEM - * key generation. - */ - { - ST_ID_ASYM_KEYGEN_ML_KEM, - "ML-KEM-512", - OSSL_SELF_TEST_DESC_KEYGEN_ML_KEM, - SELF_TEST_KAT_ASYM_KEYGEN, - SELF_TEST_STATE_INIT, - .u.akgen = { - ml_kem_keygen_params, - ml_kem_key, - }, - }, -#endif -#ifndef OPENSSL_NO_ML_DSA - { - ST_ID_ASYM_KEYGEN_ML_DSA, - "ML-DSA-65", - OSSL_SELF_TEST_DESC_KEYGEN_ML_DSA, - SELF_TEST_KAT_ASYM_KEYGEN, - SELF_TEST_STATE_INIT, - .u.akgen = { - ml_dsa_keygen_params, - ml_dsa_key, - }, - }, -#endif -#ifndef OPENSSL_NO_SLH_DSA - { - ST_ID_ASYM_KEYGEN_SLH_DSA, - "SLH-DSA-SHA2-128f", - OSSL_SELF_TEST_DESC_KEYGEN_SLH_DSA, - SELF_TEST_KAT_ASYM_KEYGEN, - SELF_TEST_STATE_INIT, - .u.akgen = { - slh_dsa_sha2_128f_keygen_init_params, - slh_dsa_128f_keygen_expected_params, - }, - }, -#endif -#ifndef OPENSSL_NO_ML_KEM - { - ST_ID_KEM_ML_KEM, - "ML-KEM-512", - OSSL_SELF_TEST_DESC_KEM, - SELF_TEST_KAT_KEM, + ST_ID_MAC_HMAC, + "HMAC", + OSSL_SELF_TEST_DESC_INTEGRITY_HMAC, + SELF_TEST_KAT_MAC, SELF_TEST_STATE_INIT, - .u.kem = { - ml_kem_key, - ITM_BUF(ml_kem_512_cipher_text), - ITM_BUF(ml_kem_512_entropy), - ITM_BUF(ml_kem_512_secret), - ITM_BUF(ml_kem_512_reject_secret), + ITM_BUF(hmac_kat_pt), + ITM_BUF(hmac_kat_expected), + .u.mac = { + hmac_kat_params, }, }, -#endif { - ST_ID_ASYM_CIPHER_RSA_ENC, - "RSA", - OSSL_SELF_TEST_DESC_ASYM_RSA_ENC, - SELF_TEST_KAT_ASYM_CIPHER, + ST_ID_DIGEST_SHA1, + "SHA1", + OSSL_SELF_TEST_DESC_MD_SHA1, + SELF_TEST_KAT_DIGEST, SELF_TEST_STATE_INIT, - ITM_BUF(rsa_asym_plaintext_encrypt), - ITM_BUF(rsa_asym_expected_encrypt), - .u.ac = { - 1, - rsa_pub_key, - rsa_enc_params, - }, - .depends_on = rsaenc_depends_on, + ITM_BUF_STR(sha1_pt), + ITM_BUF(sha1_digest), }, { - ST_ID_ASYM_CIPHER_RSA_DEC, - "RSA", - OSSL_SELF_TEST_DESC_ASYM_RSA_DEC, - SELF_TEST_KAT_ASYM_CIPHER, + ST_ID_DIGEST_SHA256, + "SHA256", + OSSL_SELF_TEST_DESC_MD_SHA2, + SELF_TEST_KAT_DIGEST, SELF_TEST_STATE_INIT, - ITM_BUF(rsa_asym_expected_encrypt), - ITM_BUF(rsa_asym_plaintext_encrypt), - .u.ac = { - 0, - rsa_priv_key, - rsa_enc_params, - }, - .depends_on = rsaenc_depends_on, + ITM_BUF_STR(sha256_pt), + ITM_BUF(sha256_digest), }, { - ST_ID_ASYM_CIPHER_RSA_DEC_CRT, - "RSA", - OSSL_SELF_TEST_DESC_ASYM_RSA_DEC, - SELF_TEST_KAT_ASYM_CIPHER, + ST_ID_DIGEST_SHA512, + "SHA512", + OSSL_SELF_TEST_DESC_MD_SHA2, + SELF_TEST_KAT_DIGEST, SELF_TEST_STATE_INIT, - ITM_BUF(rsa_asym_expected_encrypt), - ITM_BUF(rsa_asym_plaintext_encrypt), - .u.ac = { - 0, - rsa_crt_key, - rsa_enc_params, - }, - .depends_on = rsaenc_depends_on, + ITM_BUF_STR(sha512_pt), + ITM_BUF(sha512_digest), }, { - ST_ID_MAC_HMAC, - "HMAC", - OSSL_SELF_TEST_DESC_INTEGRITY_HMAC, - SELF_TEST_KAT_MAC, + ST_ID_DIGEST_SHA3_256, + "SHA3-256", + OSSL_SELF_TEST_DESC_MD_SHA3, + SELF_TEST_KAT_DIGEST, SELF_TEST_STATE_INIT, - ITM_BUF(hmac_kat_pt), - ITM_BUF(hmac_kat_expected), - .u.mac = { - hmac_kat_params, - }, + ITM_BUF(sha3_256_pt), + ITM_BUF(sha3_256_digest), }, };