From: Richard Levitte Date: Wed, 10 Jul 2024 19:26:30 +0000 (+0200) Subject: Add new test types in test/evp_test.c, and a test for RSA sigalgs X-Git-Tag: openssl-3.4.0-alpha1~93 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b02cf2fc8fc5ae2cef8313bac26b9a8fdbb98b2d;p=thirdparty%2Fopenssl.git Add new test types in test/evp_test.c, and a test for RSA sigalgs With these tests, we get to test: - EVP_PKEY_sign_init_ex() - EVP_PKEY_verify_init_ex2() - EVP_PKEY_verify_recover_init_ex2() - EVP_PKEY_sign_message_init() and friends - EVP_PKEY_verify_message_init() and friends A few test cases for RSA-{hash} are added, in test/recipes/30-test_evp_data/evppkey_rsa_sigalg.txt Reviewed-by: Tomas Mraz Reviewed-by: Neil Horman (Merged from https://github.com/openssl/openssl/pull/23416) --- diff --git a/test/evp_test.c b/test/evp_test.c index 5e695917671..3e445dcf9bb 100644 --- a/test/evp_test.c +++ b/test/evp_test.c @@ -25,6 +25,7 @@ #include #include "internal/numbers.h" #include "internal/nelem.h" +#include "internal/sizes.h" #include "crypto/evp.h" #include "testutil.h" @@ -2324,8 +2325,12 @@ static const EVP_TEST_METHOD pkey_kem_test_method = { typedef struct pkey_data_st { /* Context for this operation */ EVP_PKEY_CTX *ctx; + /* Signature algo for such operations */ + EVP_SIGNATURE *sigalgo; /* Key operation to perform */ int (*keyopinit) (EVP_PKEY_CTX *ctx, const OSSL_PARAM params[]); + int (*keyopinit_ex2) (EVP_PKEY_CTX *ctx, EVP_SIGNATURE *algo, + const OSSL_PARAM params[]); int (*keyop) (EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, const unsigned char *tbs, size_t tbslen); @@ -2345,25 +2350,19 @@ typedef struct pkey_data_st { * Perform public key operation setup: lookup key, allocated ctx and call * the appropriate initialisation function */ -static int pkey_test_init(EVP_TEST *t, const char *name, - int use_public, - int (*keyopinit) (EVP_PKEY_CTX *ctx, - const OSSL_PARAM params[]), - int (*keyop)(EVP_PKEY_CTX *ctx, - unsigned char *sig, size_t *siglen, - const unsigned char *tbs, - size_t tbslen)) +static int pkey_test_init_keyctx(EVP_TEST *t, const char *keyname, + int use_public) { PKEY_DATA *kdata; EVP_PKEY *pkey = NULL; int rv = 0; if (use_public) - rv = find_key(&pkey, name, public_keys); + rv = find_key(&pkey, keyname, public_keys); if (rv == 0) - rv = find_key(&pkey, name, private_keys); + rv = find_key(&pkey, keyname, private_keys); if (rv == 0 || pkey == NULL) { - TEST_info("skipping, key '%s' is disabled", name); + TEST_info("skipping, key '%s' is disabled", keyname); t->skip = 1; return 1; } @@ -2372,14 +2371,77 @@ static int pkey_test_init(EVP_TEST *t, const char *name, EVP_PKEY_free(pkey); return 0; } - kdata->keyopinit = keyopinit; - kdata->keyop = keyop; if (!TEST_ptr(kdata->ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, propquery))) { EVP_PKEY_free(pkey); OPENSSL_free(kdata); return 0; } t->data = kdata; + return 1; +} + +static int pkey_test_init(EVP_TEST *t, const char *name, + int use_public, + int (*keyopinit) (EVP_PKEY_CTX *ctx, + const OSSL_PARAM params[]), + int (*keyop)(EVP_PKEY_CTX *ctx, + unsigned char *sig, size_t *siglen, + const unsigned char *tbs, + size_t tbslen)) +{ + PKEY_DATA *kdata = NULL; + int rv = 0; + + rv = pkey_test_init_keyctx(t, name, use_public); + if (t->skip || !rv) + return rv; + kdata = t->data; + kdata->keyopinit = keyopinit; + kdata->keyop = keyop; + kdata->init_controls = sk_OPENSSL_STRING_new_null(); + kdata->controls = sk_OPENSSL_STRING_new_null(); + return 1; +} + +static int pkey_test_init_ex2(EVP_TEST *t, const char *name, + int use_public, + int (*keyopinit)(EVP_PKEY_CTX *ctx, + EVP_SIGNATURE *algo, + const OSSL_PARAM param[]), + int (*keyop)(EVP_PKEY_CTX *ctx, + unsigned char *sig, size_t *siglen, + const unsigned char *tbs, + size_t tbslen)) +{ + PKEY_DATA *kdata = NULL; + int rv = 0; + char algoname[OSSL_MAX_NAME_SIZE + 1]; + const char *p; + + if ((p = strchr(name, ':')) == NULL + || p == name || p[1] == '\0' || p - name > OSSL_MAX_NAME_SIZE) { + TEST_info("Can't extract algorithm or key name from '%s'", name); + return 0; + } + memcpy(algoname, name, p - name); + algoname[p - name] = '\0'; + + if (is_pkey_disabled(algoname)) { + t->skip = 1; + return 1; + } + + rv = pkey_test_init_keyctx(t, /* keyname */ p + 1, use_public); + if (t->skip || !rv) + return rv; + kdata = t->data; + kdata->keyopinit_ex2 = keyopinit; + kdata->keyop = keyop; + if (!TEST_ptr(kdata->sigalgo + = EVP_SIGNATURE_fetch(libctx, algoname, propquery))) { + TEST_info("algoname = '%s'", algoname); + return 0; + } kdata->init_controls = sk_OPENSSL_STRING_new_null(); kdata->controls = sk_OPENSSL_STRING_new_null(); return 1; @@ -2394,6 +2456,7 @@ static void pkey_test_cleanup(EVP_TEST *t) OPENSSL_free(kdata->input); OPENSSL_free(kdata->output); EVP_PKEY_CTX_free(kdata->ctx); + EVP_SIGNATURE_free(kdata->sigalgo); } static int pkey_test_ctrl(EVP_TEST *t, EVP_PKEY_CTX *pctx, @@ -2477,7 +2540,17 @@ static int pkey_test_run_init(EVP_TEST *t) goto err; p = params; } - if (data->keyopinit(data->ctx, p) <= 0) { + if (data->keyopinit != NULL) { + if (data->keyopinit(data->ctx, p) <= 0) { + t->err = "KEYOP_INIT_ERROR"; + goto err; + } + } else if (data->keyopinit_ex2 != NULL) { + if (data->keyopinit_ex2(data->ctx, data->sigalgo, p) <= 0) { + t->err = "KEYOP_INIT_ERROR"; + goto err; + } + } else { t->err = "KEYOP_INIT_ERROR"; goto err; } @@ -2504,6 +2577,12 @@ static int pkey_test_run(EVP_TEST *t) if (!pkey_test_run_init(t)) goto err; + /* Make a copy of the EVP_PKEY context, for repeat use further down */ + if (!TEST_ptr(copy = EVP_PKEY_CTX_dup(expected->ctx))) { + t->err = "INTERNAL_ERROR"; + goto err; + } + if (expected->keyop(expected->ctx, NULL, &got_len, expected->input, expected->input_len) <= 0 || !TEST_ptr(got = OPENSSL_malloc(got_len))) { @@ -2524,11 +2603,7 @@ static int pkey_test_run(EVP_TEST *t) OPENSSL_free(got); got = NULL; - /* Repeat the test on a copy. */ - if (!TEST_ptr(copy = EVP_PKEY_CTX_dup(expected->ctx))) { - t->err = "INTERNAL_ERROR"; - goto err; - } + /* Repeat the test on the EVP_PKEY context copy. */ if (expected->keyop(copy, NULL, &got_len, expected->input, expected->input_len) <= 0 || !TEST_ptr(got = OPENSSL_malloc(got_len))) { @@ -2551,8 +2626,15 @@ static int pkey_test_run(EVP_TEST *t) return 1; } +/* + * "Sign" implies EVP_PKEY_sign_init_ex2() if the argument is a colon-separated + * pair, {algorithm}:{key}. If not, it implies EVP_PKEY_sign_init_ex() + */ static int sign_test_init(EVP_TEST *t, const char *name) { + if (strchr(name, ':') != NULL) + return pkey_test_init_ex2(t, name, 0, + EVP_PKEY_sign_init_ex2, EVP_PKEY_sign); return pkey_test_init(t, name, 0, EVP_PKEY_sign_init_ex, EVP_PKEY_sign); } @@ -2564,8 +2646,35 @@ static const EVP_TEST_METHOD psign_test_method = { pkey_test_run }; +/* + * "Sign-Message" is like "Sign", but uses EVP_PKEY_sign_message_init() + * The argument must be a colon separated pair, {algorithm}:{key} + */ +static int sign_test_message_init(EVP_TEST *t, const char *name) +{ + return pkey_test_init_ex2(t, name, 0, + EVP_PKEY_sign_message_init, EVP_PKEY_sign); +} + +static const EVP_TEST_METHOD psign_message_test_method = { + "Sign-Message", + sign_test_message_init, + pkey_test_cleanup, + pkey_test_parse, + pkey_test_run +}; + +/* + * "VerifyRecover" implies EVP_PKEY_verify_recover_init_ex2() if the argument is a + * colon-separated pair, {algorithm}:{key}. + * If not, it implies EVP_PKEY_verify_recover_init_ex() + */ static int verify_recover_test_init(EVP_TEST *t, const char *name) { + if (strchr(name, ':') != NULL) + return pkey_test_init_ex2(t, name, 1, + EVP_PKEY_verify_recover_init_ex2, + EVP_PKEY_verify_recover); return pkey_test_init(t, name, 1, EVP_PKEY_verify_recover_init_ex, EVP_PKEY_verify_recover); } @@ -2592,8 +2701,16 @@ static const EVP_TEST_METHOD pdecrypt_test_method = { pkey_test_run }; +/* + * "Verify" implies EVP_PKEY_verify_init_ex2() if the argument is a + * colon-separated pair, {algorithm}:{key}. + * If not, it implies EVP_PKEY_verify_init_ex() + */ static int verify_test_init(EVP_TEST *t, const char *name) { + if (strchr(name, ':') != NULL) + return pkey_test_init_ex2(t, name, 1, + EVP_PKEY_verify_init_ex2, NULL); return pkey_test_init(t, name, 1, EVP_PKEY_verify_init_ex, NULL); } @@ -2623,6 +2740,24 @@ static const EVP_TEST_METHOD pverify_test_method = { verify_test_run }; +/* + * "Verify-Message" is like "Verify", but uses EVP_PKEY_verify_message_init() + * The argument must be a colon separated pair, {algorithm}:{key} + */ +static int verify_message_test_init(EVP_TEST *t, const char *name) +{ + return pkey_test_init_ex2(t, name, 0, + EVP_PKEY_verify_message_init, NULL); +} + +static const EVP_TEST_METHOD pverify_message_test_method = { + "Verify-Message", + verify_message_test_init, + pkey_test_cleanup, + pkey_test_parse, + verify_test_run +}; + static int pderive_test_init(EVP_TEST *t, const char *name) { return pkey_test_init(t, name, 0, EVP_PKEY_derive_init_ex, 0); @@ -4420,8 +4555,10 @@ static const EVP_TEST_METHOD *evp_test_list[] = { &pdecrypt_test_method, &pderive_test_method, &psign_test_method, + &psign_message_test_method, &pverify_recover_test_method, &pverify_test_method, + &pverify_message_test_method, &pkey_kem_test_method, NULL }; @@ -5058,6 +5195,12 @@ static int is_pkey_disabled(const char *name) if (HAS_CASE_PREFIX(name, "SM2")) return 1; #endif + + /* For sigalgs we use, we also check for digest suffixes */ +#ifdef OPENSSL_NO_RMD160 + if (HAS_CASE_SUFFIX(name, "-RIPEMD160")) + return 1; +#endif return 0; } diff --git a/test/recipes/30-test_evp.t b/test/recipes/30-test_evp.t index eddca5c58ea..9894c1762ec 100644 --- a/test/recipes/30-test_evp.t +++ b/test/recipes/30-test_evp.t @@ -63,6 +63,7 @@ my @files = qw( evppbe_pbkdf2.txt evppkey_kdf_hkdf.txt evppkey_rsa_common.txt + evppkey_rsa_sigalg.txt evprand.txt ); push @files, qw( diff --git a/test/recipes/30-test_evp_data/evppkey_rsa_sigalg.txt b/test/recipes/30-test_evp_data/evppkey_rsa_sigalg.txt new file mode 100644 index 00000000000..f510f04a1f1 --- /dev/null +++ b/test/recipes/30-test_evp_data/evppkey_rsa_sigalg.txt @@ -0,0 +1,184 @@ +# +# Copyright 2001-2023 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +# Tests start with one of these keywords +# Cipher Decrypt Derive Digest Encoding KDF MAC PBE +# PrivPubKeyPair Sign Verify VerifyRecover +# and continue until a blank line. Lines starting with a pound sign are ignored. +# The keyword Availablein must appear before the test name if needed. + +# Private keys used for PKEY operations. + +# RSA 2048 bit key. + +PrivateKey = RSA-2048 +-----BEGIN PRIVATE KEY----- +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDNAIHqeyrh6gbV +n3xz2f+5SglhXC5Lp8Y2zvCN01M+wxhVJbAVx2m5mnfWclv5w1Mqm25fZifV+4UW +B2jT3anL01l0URcX3D0wnS/EfuQfl+Mq23+d2GShxHZ6Zm7NcbwarPXnUX9LOFlP +6psF5C1a2pkSAIAT5FMWpNm7jtCGuI0odYusr5ItRqhotIXSOcm66w4rZFknEPQr +LR6gpLSALAvsqzKPimiwBzvbVG/uqYCdKEmRKzkMFTK8finHZY+BdfrkbzQzL/h7 +yrPkBkm5hXeGnaDqcYNT8HInVIhpE2SHYNEivmduD8SD3SD/wxvalqMZZsmqLnWt +A95H4cRPAgMBAAECggEAYCl6x5kbFnoG1rJHWLjL4gi+ubLZ7Jc4vYD5Ci41AF3X +ziktnim6iFvTFv7x8gkTvArJDWsICLJBTYIQREHYYkozzgIzyPeApIs3Wv8C12cS +IopwJITbP56+zM+77hcJ26GCgA2Unp5CFuC/81WDiPi9kNo3Oh2CdD7D+90UJ/0W +glplejFpEuhpU2URfKL4RckJQF/KxV+JX8FdIDhsJu54yemQdQKaF4psHkzwwgDo +qc+yfp0Vb4bmwq3CKxqEoc1cpbJ5CHXXlAfISzUjlcuBzD/tW7BDtp7eDAcgRVAC +XO6MX0QBcLYSC7SOD3R7zY9SIRCFDfBDxCjf0YcFMQKBgQD2+WG0fLwDXTrt68fe +hQqVa2Xs25z2B2QGPxWqSFU8WNly/mZ1BW413f3De/O58vYi7icTNyVoScm+8hdv +6PfD+LuRujdN1TuvPeyBTSvewQwf3IjN0Wh28mse36PwlBl+301C/x+ylxEDuJjK +hZxCcocIaoQqtBC7ac8tNa9r4wKBgQDUfnJKf/QQSLJwwlJKQQGHi3MVm7c9PbwY +eyIOY1s1NPluJDoYTZP4YLa/u2txwe2aHh9FhYMCPDAelqaSwaCLU9DsnKkQEA2A +RR47fcagG6xK7O+N95iEa8I1oIy7os9MBoBMwRIZ6VYIxxTj8UMNSR+tu6MqV1Gg +T5d0WDTJpQKBgCHyRSu5uV39AoyRS/eZ8cp36JqV1Q08FtOE+EVfi9evnrPfo9WR +2YQt7yNfdjCo5IwIj/ZkLhAXlFNakz4el2+oUJ/HKLLaDEoaCNf883q6rh/zABrK +HcG7sF2d/7qhoJ9/se7zgjfZ68zHIrkzhDbd5xGREnmMJoCcGo3sQyBhAoGAH3UQ +qmLC2N5KPFMoJ4H0HgLQ6LQCrnhDLkScSBEBYaEUA/AtAYgKjcyTgVLXlyGkcRpg +esRHHr+WSBD5W+R6ReYEmeKfTJdzyDdzQE9gZjdyjC0DUbsDwybIu3OnIef6VEDq +IXK7oUZfzDDcsNn4mTDoFaoff5cpqFfgDgM43VkCgYBNHw11b+d+AQmaZS9QqIt7 +aF3FvwCYHV0jdv0Mb+Kc1bY4c0R5MFpzrTwVmdOerjuuA1+9b+0Hwo3nBZM4eaBu +SOamA2hu2OJWCl9q8fLCT69KqWDjghhvFe7c6aJJGucwaA3Uz3eLcPqoaCarMiNH +fMkTd7GabVourqIZdgvu1Q== +-----END PRIVATE KEY----- + +# Corresponding public key + +PublicKey = RSA-2048-PUBLIC +-----BEGIN PUBLIC KEY----- +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzQCB6nsq4eoG1Z98c9n/ +uUoJYVwuS6fGNs7wjdNTPsMYVSWwFcdpuZp31nJb+cNTKptuX2Yn1fuFFgdo092p +y9NZdFEXF9w9MJ0vxH7kH5fjKtt/ndhkocR2emZuzXG8Gqz151F/SzhZT+qbBeQt +WtqZEgCAE+RTFqTZu47QhriNKHWLrK+SLUaoaLSF0jnJuusOK2RZJxD0Ky0eoKS0 +gCwL7Ksyj4posAc721Rv7qmAnShJkSs5DBUyvH4px2WPgXX65G80My/4e8qz5AZJ +uYV3hp2g6nGDU/ByJ1SIaRNkh2DRIr5nbg/Eg90g/8Mb2pajGWbJqi51rQPeR+HE +TwIDAQAB +-----END PUBLIC KEY----- + +PrivPubKeyPair = RSA-2048:RSA-2048-PUBLIC + +Title = RSA tests with EVP_PKEY_sign, EVP_PKEY_verify, EVP_PKEY_verify_recover + +# Demonstrate the possibility to use the RSA (not RSA-SHA1) signature +# implementation with EVP_PKEY_sign_init_ex2() the same way as with +# EVP_PKEY_sign_init_ex(). +Availablein = default +Sign = RSA:RSA-2048 +Ctrl = digest:SHA1 +Input = "0123456789ABCDEF1234" +Output = c09d402423cbf233d26cae21f954547bc43fe80fd41360a0336cfdbe9aedad05bef6fd2eaee6cd60089a52482d4809a238149520df3bdde4cb9e23d9307b05c0a6f327052325a29adf2cc95b66523be7024e2a585c3d4db15dfbe146efe0ecdc0402e33fe5d40324ee96c5c3edd374a15cdc0f5d84aa243c0f07e188c6518fbfceae158a9943be398e31097da81b62074f626eff738be6160741d5a26957a482b3251fd85d8df78b98148459de10aa93305dbb4a5230aa1da291a9b0e481918f99b7638d72bb687f97661d304ae145d64a474437a4ef39d7b8059332ddeb07e92bf6e0e3acaf8afedc93795e4511737ec1e7aab6d5bc9466afc950c1c17b48ad + +Availablein = default +Sign = RSA-SHA1:RSA-2048 +Input = "0123456789ABCDEF1234" +Output = c09d402423cbf233d26cae21f954547bc43fe80fd41360a0336cfdbe9aedad05bef6fd2eaee6cd60089a52482d4809a238149520df3bdde4cb9e23d9307b05c0a6f327052325a29adf2cc95b66523be7024e2a585c3d4db15dfbe146efe0ecdc0402e33fe5d40324ee96c5c3edd374a15cdc0f5d84aa243c0f07e188c6518fbfceae158a9943be398e31097da81b62074f626eff738be6160741d5a26957a482b3251fd85d8df78b98148459de10aa93305dbb4a5230aa1da291a9b0e481918f99b7638d72bb687f97661d304ae145d64a474437a4ef39d7b8059332ddeb07e92bf6e0e3acaf8afedc93795e4511737ec1e7aab6d5bc9466afc950c1c17b48ad + +# Digest too long +Availablein = default +Sign = RSA-SHA1:RSA-2048 +Input = "0123456789ABCDEF12345" +Output = 00 +Result = KEYOP_ERROR + +# Digest too short +Availablein = default +Sign = RSA-SHA1:RSA-2048 +Input = "0123456789ABCDEF12345" +Output = 00 +Result = KEYOP_ERROR + +Availablein = default +VerifyRecover = RSA-SHA1:RSA-2048 +Input = 49525db4d44c755e560cba980b1d85ea604b0e077fcadd4ba44072a3487bbddb835016200a7d8739cce2dc3223d9c20cbdd25059ab02277f1f21318efd18e21038ec89aa9d40680987129e8b41ba33bceb86518bdf47268b921cce2037acabca6575d832499538d6f40cdba0d40bd7f4d8ea6ca6e2eec87f294efc971407857f5d7db09f6a7b31e301f571c6d82a5e3d08d2bb3a36e673d28b910f5bec57f0fcc4d968fd7c94d0b9226dec17f5192ad8b42bcab6f26e1bea1fdc3b958199acb00f14ebcb2a352f3afcedd4c09000128a603bbeb9696dea13040445253972d46237a25c7845e3b464e6984c2348ea1f1210a9ff0b00d2d72b50db00c009bb39f9 +Result = KEYOP_ERROR + +# Truncated digest [copy from evppkey_rsa_common.txt] +FIPSversion = >= 3.4.0 +Sign = RSA-SHA512-224:RSA-2048 +Input = "0123456789ABCDEF123456789ABC" +Output = 5f720e9488139bb21e1c2f027fd5ce5993e6d31c5a8faaee833487b3a944d66891178868ace8070cad3ee2ffbe54aa4885a15fd1a7cc5166970fe1fd8c0423e72bd3e3b56fc4a53ed80aaaeca42497f0ec3c62113edc05cd006608f5eef7ce3ad4cba1069f68731dd28a524a1f93fcdc5547112d48d45586dd943ba0d443be9635720d8a61697c54c96627f0d85c5fbeaa3b4af86a65cf2fc3800dd5de34c046985f25d0efc0bb6edccc1d08b3a4fb9c8faffe181c7e68b31e374ad1440a4a664eec9ca0dc53a9d2f5bc7d9940d866f64201bcbc63612754df45727ea24b531d7de83d1bb707444859fa35521320c33bf6f4dbeb6fb56e653adbf7af15843f17 + +FIPSversion = >= 3.4.0 +Verify = RSA-SHA512-224:RSA-2048 +Input = "0123456789ABCDEF123456789ABC" +Output = 5f720e9488139bb21e1c2f027fd5ce5993e6d31c5a8faaee833487b3a944d66891178868ace8070cad3ee2ffbe54aa4885a15fd1a7cc5166970fe1fd8c0423e72bd3e3b56fc4a53ed80aaaeca42497f0ec3c62113edc05cd006608f5eef7ce3ad4cba1069f68731dd28a524a1f93fcdc5547112d48d45586dd943ba0d443be9635720d8a61697c54c96627f0d85c5fbeaa3b4af86a65cf2fc3800dd5de34c046985f25d0efc0bb6edccc1d08b3a4fb9c8faffe181c7e68b31e374ad1440a4a664eec9ca0dc53a9d2f5bc7d9940d866f64201bcbc63612754df45727ea24b531d7de83d1bb707444859fa35521320c33bf6f4dbeb6fb56e653adbf7af15843f17 + + +Title = RSA with EVP_PKEY_sign_message, EVP_PKEY_verify_message + +Availablein = default +Sign-Message = RSA-SHA1:RSA-2048 +Input = "Hello World" +Output = 3da3ca2bdd1b23a231b0e3c49d95d5959f9398c27a1e534c7e6baf1d2682304d3b6b229385b1edf483f5ef6f9b35bf10c519a302bb2f79c564e1a59ba71aa2fa36df96c942c43e8d9bd4702b5f61c12a078ae2b34d0de221fc8f9f936b79a67c89d11ba5da8c63a1370d0e824c6b661123e9b58b143ff533cf362cbdad70e65b419a6d45723bf22db3c76bb8f5337c5c5c93cb6f38b30d0c835b54c23405ca4217dd0b755f3712ebad285d9e0c02655f6ce5ce6fed78f3c81843de325f628055eef57f280dee0c3170050137ee599b9ab7f2b5d3c5f831777ea05a5eb097c70bad1a7214dadae12d7960bb9425390c7d25a79985e1e3c28ad422ff93c808f4b5 + +FIPSversion = >= 3.4.0 +Sign-Message = RSA-SHA256:RSA-2048 +Input = "Hello World" +Output = ba8c24b86f18633767ed1778ef12d283a508d0bef32dd50b4a67cbd6b75df0f4ef6e69bfafbc809b01b93ab34aad9a33908644efca6eca04db1afda1016d1c1603183d2263597cf85ce5b7acd6a4872cbcc401b90b221d85aa0a2d0e1f159fc0843e0a55c47dc108c3f207d000e954605fabbb8c938050f280e29653aa1438109d02e53dfbdcb8cb9b46d372dd39ba7317a3f4c0020dba1ddd247b3d58addb1df7208785a62a8e3e4372c1fa6d24a17cd6413f7f5c046ba40a881c21875fde848b3b56fea7264430eca15b27c5c3b72fedcbcc124f8d939ffc11e6d3172c7eb491d378902093fcc3bf3a2835a1fcfabf457c13abf7b37f08595ed72332e27034 + +# As there dont seem to be test vectors for these - they were just generated +# to verify that all digests are supported. +# +# The following can easily be verified manually with this or similar +# command, provided that the RSA-2048 private key is stored in key.pem, +# and that {hashname} is replaced with the actual hash name: +# +# echo -n 'Hello World' | openssl dgst -hex -sign key.pem -{hashname} +# +# That command uses the EVP_DigestSign API. + +Title = Test RSA with different digests + +FIPSversion = >= 3.4.0 +Sign-Message = RSA-SHA224:RSA-2048 +Input = "Hello World" +Output = 4bae2cf892733233985102eb7117303e49994a8a97b3de64597c33f15a689502ba4dcea20f0ada460b262bd0c92db23dd090453f95debbfd7a835b51d1923ede76f4f66ba04d9ba0715b333a747c8d469283af653f286a307a3c46cd91f51ca2d597f9d3951fc068ff3ed45ba6b3540801159c7c890a252183de9e4aeb0512eb9ae681ac1d436c9efef9f265dcdf64ce67dce73d8a88bcb0008211bc6cd5493822818bfc208b8737ae38874184f834301de26e537694cfdc0abaccc2702820ee58cbba243aac685681329705999f4d77e596615293eb642ec450f149caabfab55092fc0315ec4157d322813ba9790c0f46c6805b8e1c0f21b6211c3529e6d7cc + +FIPSversion = >= 3.4.0 +Sign-Message = RSA-SHA384:RSA-2048 +Input = "Hello World" +Output = 041348caa7ffaa7dce1ac67567c408967a1736dd44ff73076570a63c4c7128ff09f716918b81fdfaa160368bc8b85c23466f8c0d4172da880386b75065f541c0fb6c9355a1731532ebab9cf5026cafe03a790bc1698586fbdff5f6e8f1a7148b07f1f895a99d0f041b8b36d8ffdd5e77ba36e5177610e0825ba78594f95826dabdc95f682da04edf0d133c55e78fa386dea9dbc1cf748e768e9116976476e75a84b5510d869beac9a1a9ffc579a28629154b24ee9df8d51fee479f4dca5646a2032c27206ad30f4937fc096c41362562bee74562132a4f471bb4b4c76e774be0e9eca9412809665ab13951d3699b3a7ccb6714a0f070345f6f3e037bd0f8ae52 + +FIPSversion = >= 3.4.0 +Sign-Message = RSA-SHA512:RSA-2048 +Input = "Hello World" +Output = 32e1f87fcd81a9d5a9f988087cdb3931fe0b12197d501b9c958cc1614a236e71a00ee7c96f7d5b3ae5ae3f11e40df5d06b0a818ee2a573aa1459f7f14dc22ca0b0b0ad2d47f4ab9e479baa084973b69f74f691ee700af102aceaf788e513f0e942a862bc6884ef1efb993b11d2ebd95139c61c37f8eac3edd94a4d8a358842f17da6d2971b8141a70097a1de569751eb4533e27880206fb8f8e1ac995688ca6facc85ed116becea9d3c4d0e96b2cb4b422b21c81328a335441d897c7deebf0f605ef086cfc5d81d1ab30ac04f674993511b142ea7ad43a8d3b7b1d2d26ce4a93413b690afdb1718408379fbd002a3c569bf11f0c10ce7cb46e257ce6b62ef62b + +FIPSversion = >= 3.4.0 +Sign-Message = RSA-SHA512-224:RSA-2048 +Input = "Hello World" +Output = 8f20f0f2389408cfb7f4b47c299ca610c34a2ad20664378530ecf977c3243ce5f01c71296d2101dc962853a27f64a228eea92fee05780be31cdd7fe648d39f136de1dd857609d0d54d0de52c5cdf09d95986d808d1c92dcb3e8e96848af788c959927196316fcc56b884d34711a2a947b7e806caf7a2b05314f0c726b5e083baa0b341ac6515529bf6b3a7098a635c865e8d4b05af68fb3e893feb12ac7c4d667e1233f2e39449c285d4ad2a809e687f68ef66daf710e7d21e97833372c251bc0b45bc79c8bfe4087f16662875c2fc91a02d11078556a2b3232617406fbd947b9d95c193742ac4bb1858934ed7288cd0327c678b5295c682a4d2ba91d8fafae7 + +FIPSversion = >= 3.4.0 +Sign-Message = RSA-SHA512-256:RSA-2048 +Input = "Hello World" +Output = 00904130234e4e1a51060f7747ab26ca766c64cff1df97e4d0f432169046da422305ddea16b96e0d8fcc5ab651ac247d1b65283f2f27e7e97538e9f6b77f9558c9885d5ddacaf4d6ca600ad61693766498fa815361cd1debe2d71a5af77da71f8bd72d2f5cf741aa177a2dc44107f5887d95b217c67dbc5a4874f9aa8de1fc8a5645815c561edcb348db6458018096a99a98f5d2e677f068c9093618e28f532a97e8d6161aec002d5273884ce8b46f077d37b1e158de682a927126952bdbb6b6dfdf47d7e34a7d9c9b1395315586a11ceadfb72c021b28e28b8397bc9086418a45cb8c1ad46ef47f1c2bedb14b50e50b58bd607992e1d19b895119c6a62471b4 + +FIPSversion = >= 3.4.0 +Sign-Message = RSA-SHA3-224:RSA-2048 +Input = "Hello World" +Output = 5b6f6834356ba08ef649d822592d7a3d889995283e3752760b0728ed99aa05af901298159485a690f8dab21c850946ef2376bedcc87f403288039e1eb18dfdf4ac1075753528c94b5a8b11f74513ef64eddc215f7df97d977e788fd93db4063529fd87f583c1c98d39cd79178330bae7980d9a846acdf3bdd77a864f85b77941b375c076ff86def44b8da19b5de6131bb8894c870d4deeb62361bd429faad97530abab33795912d63f2fb886b25f1a1d9583fae3b7cf6dd6a5addd1b28320ab88a4dac2d938fb50b6c9115c7a0a4edd6b7b3453e435605839703f0b0c6e58f7bb73ef0fb38cab4f2d9dc1fd8b8b77b36ae945dea7563eaa33608781ce5ac181b + +FIPSversion = >= 3.4.0 +Sign-Message = RSA-SHA3-256:RSA-2048 +Input = "Hello World" +Output = c531d0db6635b7c58c7118641565796c3d61323e303246cfc39e4e697727fede52b029407f82aa07e25c4833d18ec6ef6b585f3f078ca1494ae80a696fec701e1c2386196100cc5879fb8ea77f07b7019185258e1ad632c28cc672a61296787bb16a0e4f259d6eac1960f7eaaee1f7ab7eea3cf2d9e11435859630f0c71c48c8655b1252e072f18831731b2bc8e788a722c77db57583c7456e9b7fd5273e6781e214616620084dfefffe506910a39087912c3a8586fce65d8a0b1e5803ffe59b53537119653d708a55ef17d2721b9c8c183fe6750991b0e77b79d8d208ad750b2bc3426fbeeebf9b090bfc19f6534e44bf6d7d2f2e1dc2594b38ceda420553c9 + +FIPSversion = >= 3.4.0 +Sign-Message = RSA-SHA3-384:RSA-2048 +Input = "Hello World" +Output = 78bc11342fd44b4c047a365cc6ef78476bf28547da4eafec09f6bdf68a5593e993716662801b313515d80ddd232dfcc414cf896349a0237976dd89a97a9c88a92cd86992996d9c2747bf4e5dff5acb2fc67aa51ceb27ed1b95edd952d8eab3055cdc576a860593308c426f7ea73e01bd05fb20a4fcb64b10945e1684da67a8367826535344ad25057b4840e138909668c2423669b51f2fec631fd7e919f6e8b82ee293878894cac6a58b21f2168ba6335197e39e587fd60076a369f0b8e779c045c507654fbb98f5ffc998f720ab48bdbfe6d397aa63c7209b45068e24b65371180ff6d775851b2aaceac393082920fffb9e8b6999c682875bd0eff231dfaadf + +FIPSversion = >= 3.4.0 +Sign-Message = RSA-SHA3-512:RSA-2048 +Input = "Hello World" +Output = 4681312b0e27e4e5f2dd3165ea5bdc98210d4883709a842239cef72099d71855fc322c3d2f74a7e7357647de153c22e4c4f9a0e4f1ce9b7f993242df5ee778ca949e6e184551e87e0aac8440ae990ef76a14f6056a16181390ad3a150bfdbb985cfe4cca3255b5eb0871116654d59fc89f69adb46c307b927c51a5f34069a2f43c854fde8e2df0ded10f8e257d1d800aa44bf31981f93c062128cc551ad7f5f7ba68e9d7c917c8fc51bcda3ce9192680c1e5308bd5c571ac0a5ae7347a897e8698ea94059562cd3035e3ed5fcf6c4ca8c20f58a079dfcdb175242a5726237d1b92378ec7dc4f2db09a0fbd62d1ab6d1a3d0be7afd34ed9c3ecd1bc5a3d2c448c + +Availablein = default +Sign-Message = RSA-RIPEMD160:RSA-2048 +Input = "Hello World" +Output = 6a7fc08e9999fc9d50cda476e973a01a06efeb52eece1c78cb1422950476cbff67408c6f5c0a5749a70d3b505d9b6ad84f6854cb290fab18b28c13233030964ce81e3cf4f34bd606322e44534c335994c9761ae989936fd33be4c53e43cc54f027e4d3eb48563be6242ffcb831d4382e5b3f155c345e6f4367ae40d92cb70376942f45ce9fde97eb282ff3767b7972821381e1c3443b0e595bc968c16119dbdeef9f91d9f15f61feb0a0a25c66c2e72513a853d6cc797e83c8719d82ed951ccce06292f07696c7f97a52a7048bd4c70c5a70dbab0470be3b75af0f28dd39535bb8fee899cb69d3b6970cc59c773c0c15122931b6904d3c5c98011650bb8283d6