diff options
-rw-r--r-- | providers/defltprov.c | 9 | ||||
-rw-r--r-- | providers/fips/fipsprov.c | 9 | ||||
-rw-r--r-- | providers/implementations/include/prov/implementations.h | 9 | ||||
-rw-r--r-- | providers/implementations/include/prov/names.h | 9 | ||||
-rw-r--r-- | providers/implementations/signature/dsa_sig.c | 562 | ||||
-rw-r--r-- | test/evp_test.c | 5 | ||||
-rw-r--r-- | test/recipes/30-test_evp.t | 5 | ||||
-rw-r--r-- | test/recipes/30-test_evp_data/evppkey_dsa_sigalg.txt | 419 |
8 files changed, 932 insertions, 95 deletions
diff --git a/providers/defltprov.c b/providers/defltprov.c index 06c5ae50ff..380db83675 100644 --- a/providers/defltprov.c +++ b/providers/defltprov.c @@ -397,6 +397,15 @@ static const OSSL_ALGORITHM deflt_rands[] = { static const OSSL_ALGORITHM deflt_signature[] = { #ifndef OPENSSL_NO_DSA { PROV_NAMES_DSA, "provider=default", ossl_dsa_signature_functions }, + { PROV_NAMES_DSA_SHA1, "provider=default", ossl_dsa_sha1_signature_functions }, + { PROV_NAMES_DSA_SHA224, "provider=default", ossl_dsa_sha224_signature_functions }, + { PROV_NAMES_DSA_SHA256, "provider=default", ossl_dsa_sha256_signature_functions }, + { PROV_NAMES_DSA_SHA384, "provider=default", ossl_dsa_sha384_signature_functions }, + { PROV_NAMES_DSA_SHA512, "provider=default", ossl_dsa_sha512_signature_functions }, + { PROV_NAMES_DSA_SHA3_224, "provider=default", ossl_dsa_sha3_224_signature_functions }, + { PROV_NAMES_DSA_SHA3_256, "provider=default", ossl_dsa_sha3_256_signature_functions }, + { PROV_NAMES_DSA_SHA3_384, "provider=default", ossl_dsa_sha3_384_signature_functions }, + { PROV_NAMES_DSA_SHA3_512, "provider=default", ossl_dsa_sha3_512_signature_functions }, #endif { PROV_NAMES_RSA, "provider=default", ossl_rsa_signature_functions }, #if !defined(OPENSSL_NO_RMD160) && !defined(FIPS_MODULE) diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c index 0c247c89ab..f2ab35d2ae 100644 --- a/providers/fips/fipsprov.c +++ b/providers/fips/fipsprov.c @@ -413,6 +413,15 @@ static const OSSL_ALGORITHM fips_keyexch[] = { static const OSSL_ALGORITHM fips_signature[] = { #ifndef OPENSSL_NO_DSA { PROV_NAMES_DSA, FIPS_DEFAULT_PROPERTIES, ossl_dsa_signature_functions }, + { PROV_NAMES_DSA_SHA1, FIPS_DEFAULT_PROPERTIES, ossl_dsa_sha1_signature_functions }, + { PROV_NAMES_DSA_SHA224, FIPS_DEFAULT_PROPERTIES, ossl_dsa_sha224_signature_functions }, + { PROV_NAMES_DSA_SHA256, FIPS_DEFAULT_PROPERTIES, ossl_dsa_sha256_signature_functions }, + { PROV_NAMES_DSA_SHA384, FIPS_DEFAULT_PROPERTIES, ossl_dsa_sha384_signature_functions }, + { PROV_NAMES_DSA_SHA512, FIPS_DEFAULT_PROPERTIES, ossl_dsa_sha512_signature_functions }, + { PROV_NAMES_DSA_SHA3_224, FIPS_DEFAULT_PROPERTIES, ossl_dsa_sha3_224_signature_functions }, + { PROV_NAMES_DSA_SHA3_256, FIPS_DEFAULT_PROPERTIES, ossl_dsa_sha3_256_signature_functions }, + { PROV_NAMES_DSA_SHA3_384, FIPS_DEFAULT_PROPERTIES, ossl_dsa_sha3_384_signature_functions }, + { PROV_NAMES_DSA_SHA3_512, FIPS_DEFAULT_PROPERTIES, ossl_dsa_sha3_512_signature_functions }, #endif { PROV_NAMES_RSA, FIPS_DEFAULT_PROPERTIES, ossl_rsa_signature_functions }, { PROV_NAMES_RSA_SHA1, FIPS_DEFAULT_PROPERTIES, diff --git a/providers/implementations/include/prov/implementations.h b/providers/implementations/include/prov/implementations.h index fdf6cee749..61d8ee0cf0 100644 --- a/providers/implementations/include/prov/implementations.h +++ b/providers/implementations/include/prov/implementations.h @@ -332,6 +332,15 @@ extern const OSSL_DISPATCH ossl_kdf_scrypt_keyexch_functions[]; /* Signature */ extern const OSSL_DISPATCH ossl_dsa_signature_functions[]; +extern const OSSL_DISPATCH ossl_dsa_sha1_signature_functions[]; +extern const OSSL_DISPATCH ossl_dsa_sha224_signature_functions[]; +extern const OSSL_DISPATCH ossl_dsa_sha256_signature_functions[]; +extern const OSSL_DISPATCH ossl_dsa_sha384_signature_functions[]; +extern const OSSL_DISPATCH ossl_dsa_sha512_signature_functions[]; +extern const OSSL_DISPATCH ossl_dsa_sha3_224_signature_functions[]; +extern const OSSL_DISPATCH ossl_dsa_sha3_256_signature_functions[]; +extern const OSSL_DISPATCH ossl_dsa_sha3_384_signature_functions[]; +extern const OSSL_DISPATCH ossl_dsa_sha3_512_signature_functions[]; extern const OSSL_DISPATCH ossl_rsa_signature_functions[]; #ifndef OPENSSL_NO_MD5 extern const OSSL_DISPATCH ossl_rsa_md5_signature_functions[]; diff --git a/providers/implementations/include/prov/names.h b/providers/implementations/include/prov/names.h index a62100f63b..4b7a62494e 100644 --- a/providers/implementations/include/prov/names.h +++ b/providers/implementations/include/prov/names.h @@ -342,6 +342,15 @@ #define PROV_NAMES_DHX "DHX:X9.42 DH:dhpublicnumber:1.2.840.10046.2.1" #define PROV_DESCS_DHX "OpenSSL X9.42 DH implementation" #define PROV_NAMES_DSA "DSA:dsaEncryption:1.2.840.10040.4.1" +#define PROV_NAMES_DSA_SHA1 "DSA-SHA1:DSA-SHA-1:sha1WithDSAEncryption:1.2.840.10040.4.3" +#define PROV_NAMES_DSA_SHA224 "DSA-SHA2-224:DSA-SHA224:dsa_with_SHA224:2.16.840.1.101.3.4.3.1" +#define PROV_NAMES_DSA_SHA256 "DSA-SHA2-256:DSA-SHA256:dsa_with_SHA256:2.16.840.1.101.3.4.3.2" +#define PROV_NAMES_DSA_SHA384 "DSA-SHA2-384:DSA-SHA384:id-dsa-with-sha384:1.2.840.1.101.3.4.3.3" +#define PROV_NAMES_DSA_SHA512 "DSA-SHA2-512:DSA-SHA512:id-dsa-with-sha512:1.2.840.1.101.3.4.3.4" +#define PROV_NAMES_DSA_SHA3_224 "DSA-SHA3-224:id-dsa-with-sha3-224:2.16.840.1.101.3.4.3.5" +#define PROV_NAMES_DSA_SHA3_256 "DSA-SHA3-256:id-dsa-with-sha3-256:2.16.840.1.101.3.4.3.6" +#define PROV_NAMES_DSA_SHA3_384 "DSA-SHA3-384:id-dsa-with-sha3-384:2.16.840.1.101.3.4.3.7" +#define PROV_NAMES_DSA_SHA3_512 "DSA-SHA3-512:id-dsa-with-sha3-512:2.16.840.1.101.3.4.3.8" #define PROV_DESCS_DSA "OpenSSL DSA implementation" #define PROV_NAMES_RSA "RSA:rsaEncryption:1.2.840.113549.1.1.1" #define PROV_NAMES_RSA_MD2 "RSA-MD2:md2WithRSAEncryption:1.2.840.113549.1.1.2" diff --git a/providers/implementations/signature/dsa_sig.c b/providers/implementations/signature/dsa_sig.c index ec2205aa5a..a14fa796e9 100644 --- a/providers/implementations/signature/dsa_sig.c +++ b/providers/implementations/signature/dsa_sig.c @@ -30,14 +30,18 @@ #include "prov/implementations.h" #include "prov/provider_ctx.h" #include "prov/securitycheck.h" -#include "crypto/dsa.h" #include "prov/der_dsa.h" +#include "crypto/dsa.h" static OSSL_FUNC_signature_newctx_fn dsa_newctx; static OSSL_FUNC_signature_sign_init_fn dsa_sign_init; static OSSL_FUNC_signature_verify_init_fn dsa_verify_init; static OSSL_FUNC_signature_sign_fn dsa_sign; +static OSSL_FUNC_signature_sign_message_update_fn dsa_signverify_message_update; +static OSSL_FUNC_signature_sign_message_final_fn dsa_sign_message_final; static OSSL_FUNC_signature_verify_fn dsa_verify; +static OSSL_FUNC_signature_verify_message_update_fn dsa_signverify_message_update; +static OSSL_FUNC_signature_verify_message_final_fn dsa_verify_message_final; static OSSL_FUNC_signature_digest_sign_init_fn dsa_digest_sign_init; static OSSL_FUNC_signature_digest_sign_update_fn dsa_digest_signverify_update; static OSSL_FUNC_signature_digest_sign_final_fn dsa_digest_sign_final; @@ -46,6 +50,7 @@ static OSSL_FUNC_signature_digest_verify_update_fn dsa_digest_signverify_update; static OSSL_FUNC_signature_digest_verify_final_fn dsa_digest_verify_final; static OSSL_FUNC_signature_freectx_fn dsa_freectx; static OSSL_FUNC_signature_dupctx_fn dsa_dupctx; +static OSSL_FUNC_signature_query_key_types_fn dsa_sigalg_query_key_types; static OSSL_FUNC_signature_get_ctx_params_fn dsa_get_ctx_params; static OSSL_FUNC_signature_gettable_ctx_params_fn dsa_gettable_ctx_params; static OSSL_FUNC_signature_set_ctx_params_fn dsa_set_ctx_params; @@ -54,6 +59,8 @@ static OSSL_FUNC_signature_get_ctx_md_params_fn dsa_get_ctx_md_params; static OSSL_FUNC_signature_gettable_ctx_md_params_fn dsa_gettable_ctx_md_params; static OSSL_FUNC_signature_set_ctx_md_params_fn dsa_set_ctx_md_params; static OSSL_FUNC_signature_settable_ctx_md_params_fn dsa_settable_ctx_md_params; +static OSSL_FUNC_signature_set_ctx_params_fn dsa_sigalg_set_ctx_params; +static OSSL_FUNC_signature_settable_ctx_params_fn dsa_sigalg_settable_ctx_params; /* * What's passed as an actual key is defined by the KEYMGMT interface. @@ -65,8 +72,20 @@ typedef struct { OSSL_LIB_CTX *libctx; char *propq; DSA *dsa; + /* |operation| reuses EVP's operation bitfield */ + int operation; /* + * Flag to determine if a full sigalg is run (1) or if a composable + * signature algorithm is run (0). + * + * When a full sigalg is run (1), this currently affects the following + * other flags, which are to remain untouched after their initialization: + * + * - flag_allow_md (initialized to 0) + */ + unsigned int flag_sigalg : 1; + /* * Flag to determine if the hash function can be changed (1) or not (0) * Because it's dangerous to change during a DigestSign or DigestVerify * operation, this flag is cleared by their Init function, and set again @@ -77,21 +96,23 @@ typedef struct { /* If this is set to 1 then the generated k is not random */ unsigned int nonce_type; - char mdname[OSSL_MAX_NAME_SIZE]; - /* The Algorithm Identifier of the combined signature algorithm */ unsigned char aid_buf[OSSL_MAX_ALGORITHM_ID_SIZE]; unsigned char *aid; size_t aid_len; /* main digest */ + char mdname[OSSL_MAX_NAME_SIZE]; EVP_MD *md; EVP_MD_CTX *mdctx; - int operation; + + /* Signature, for verification */ + unsigned char *sig; + size_t siglen; + OSSL_FIPS_IND_DECLARE } PROV_DSA_CTX; - static size_t dsa_get_md_size(const PROV_DSA_CTX *pdsactx) { int md_size; @@ -162,19 +183,22 @@ static int dsa_setup_md(PROV_DSA_CTX *ctx, } #ifdef FIPS_MODULE { - int sha1_allowed = (ctx->operation != EVP_PKEY_OP_SIGN); + int sha1_allowed + = ((ctx->operation + & (EVP_PKEY_OP_SIGN | EVP_PKEY_OP_SIGNMSG)) == 0); if (!ossl_fips_ind_digest_sign_check(OSSL_FIPS_IND_GET(ctx), OSSL_FIPS_IND_SETTABLE1, - ctx->libctx, md_nid, sha1_allowed, - desc, + ctx->libctx, + md_nid, sha1_allowed, desc, ossl_fips_config_signature_digest_check)) goto err; } #endif if (!ctx->flag_allow_md) { - if (ctx->mdname[0] != '\0' && !EVP_MD_is_a(md, ctx->mdname)) { + if (ctx->mdname[0] != '\0' + && !EVP_MD_is_a(md, ctx->mdname)) { ERR_raise_data(ERR_LIB_PROV, PROV_R_DIGEST_NOT_ALLOWED, "digest %s != %s", mdname, ctx->mdname); goto err; @@ -207,8 +231,9 @@ static int dsa_setup_md(PROV_DSA_CTX *ctx, ctx->md = md; OPENSSL_strlcpy(ctx->mdname, mdname, sizeof(ctx->mdname)); } + return 1; -err: + err: EVP_MD_free(md); return 0; } @@ -243,9 +268,11 @@ static int dsa_check_key(PROV_DSA_CTX *ctx, int sign, const char *desc) } #endif -static int dsa_signverify_init(void *vpdsactx, void *vdsa, - const OSSL_PARAM params[], int operation, - const char *desc) +static int +dsa_signverify_init(void *vpdsactx, void *vdsa, + OSSL_FUNC_signature_set_ctx_params_fn *set_ctx_params, + const OSSL_PARAM params[], int operation, + const char *desc) { PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx; @@ -268,32 +295,36 @@ static int dsa_signverify_init(void *vpdsactx, void *vdsa, pdsactx->operation = operation; OSSL_FIPS_IND_SET_APPROVED(pdsactx) - if (!dsa_set_ctx_params(pdsactx, params)) + if (!set_ctx_params(pdsactx, params)) return 0; #ifdef FIPS_MODULE - if (!dsa_sign_check_approved(pdsactx, operation == EVP_PKEY_OP_SIGN, desc)) - return 0; - if (!dsa_check_key(pdsactx, operation == EVP_PKEY_OP_SIGN, desc)) - return 0; + { + int operation_is_sign + = (operation & (EVP_PKEY_OP_SIGN | EVP_PKEY_OP_SIGNMSG)) != 0; + + if (!dsa_sign_check_approved(pdsactx, operation_is_sign, desc)) + return 0; + if (!dsa_check_key(pdsactx, operation_is_sign, desc)) + return 0; + } #endif return 1; } static int dsa_sign_init(void *vpdsactx, void *vdsa, const OSSL_PARAM params[]) { - return dsa_signverify_init(vpdsactx, vdsa, params, EVP_PKEY_OP_SIGN, - "DSA Sign Init"); -} - -static int dsa_verify_init(void *vpdsactx, void *vdsa, - const OSSL_PARAM params[]) -{ - return dsa_signverify_init(vpdsactx, vdsa, params, EVP_PKEY_OP_VERIFY, - "DSA Verify Init"); + return dsa_signverify_init(vpdsactx, vdsa, dsa_set_ctx_params, params, + EVP_PKEY_OP_SIGN, "DSA Sign Init"); } -static int dsa_sign(void *vpdsactx, unsigned char *sig, size_t *siglen, - size_t sigsize, const unsigned char *tbs, size_t tbslen) +/* + * Sign tbs without digesting it first. This is suitable for "primitive" + * signing and signing the digest of a message, i.e. should be used with + * implementations of the keytype related algorithms. + */ +static int dsa_sign_directly(void *vpdsactx, + unsigned char *sig, size_t *siglen, size_t sigsize, + const unsigned char *tbs, size_t tbslen) { PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx; int ret; @@ -314,7 +345,7 @@ static int dsa_sign(void *vpdsactx, unsigned char *sig, size_t *siglen, return 1; } - if (sigsize < (size_t)dsasize) + if (sigsize < dsasize) return 0; if (mdsize != 0 && tbslen != mdsize) @@ -330,8 +361,79 @@ static int dsa_sign(void *vpdsactx, unsigned char *sig, size_t *siglen, return 1; } -static int dsa_verify(void *vpdsactx, const unsigned char *sig, size_t siglen, - const unsigned char *tbs, size_t tbslen) +static int dsa_signverify_message_update(void *vpdsactx, + const unsigned char *data, + size_t datalen) +{ + PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx; + + if (pdsactx == NULL) + return 0; + + return EVP_DigestUpdate(pdsactx->mdctx, data, datalen); +} + +static int dsa_sign_message_final(void *vpdsactx, unsigned char *sig, + size_t *siglen, size_t sigsize) +{ + PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx; + unsigned char digest[EVP_MAX_MD_SIZE]; + unsigned int dlen = 0; + + if (!ossl_prov_is_running() || pdsactx == NULL || pdsactx->mdctx == NULL) + return 0; + /* + * If sig is NULL then we're just finding out the sig size. Other fields + * are ignored. Defer to dsa_sign. + */ + if (sig != NULL) { + /* + * When this function is used through dsa_digest_sign_final(), + * there is the possibility that some externally provided digests + * exceed EVP_MAX_MD_SIZE. We should probably handle that + * somehow but that problem is much larger than just in DSA. + */ + if (!EVP_DigestFinal_ex(pdsactx->mdctx, digest, &dlen)) + return 0; + } + + return dsa_sign_directly(vpdsactx, sig, siglen, sigsize, digest, dlen); +} + +/* + * If signing a message, digest tbs and sign the result. + * Otherwise, sign tbs directly. + */ +static int dsa_sign(void *vpdsactx, unsigned char *sig, size_t *siglen, + size_t sigsize, const unsigned char *tbs, size_t tbslen) +{ + PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx; + + if (pdsactx->operation == EVP_PKEY_OP_SIGNMSG) { + /* + * If |sig| is NULL, the caller is only looking for the sig length. + * DO NOT update the input in this case. + */ + if (sig == NULL) + return dsa_sign_message_final(pdsactx, sig, siglen, sigsize); + + if (dsa_signverify_message_update(pdsactx, tbs, tbslen) <= 0) + return 0; + return dsa_sign_message_final(pdsactx, sig, siglen, sigsize); + } + return dsa_sign_directly(pdsactx, sig, siglen, sigsize, tbs, tbslen); +} + +static int dsa_verify_init(void *vpdsactx, void *vdsa, + const OSSL_PARAM params[]) +{ + return dsa_signverify_init(vpdsactx, vdsa, dsa_set_ctx_params, params, + EVP_PKEY_OP_VERIFY, "DSA Verify Init"); +} + +static int dsa_verify_directly(void *vpdsactx, + const unsigned char *sig, size_t siglen, + const unsigned char *tbs, size_t tbslen) { PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx; size_t mdsize = dsa_get_md_size(pdsactx); @@ -342,6 +444,64 @@ static int dsa_verify(void *vpdsactx, const unsigned char *sig, size_t siglen, return DSA_verify(0, tbs, tbslen, sig, siglen, pdsactx->dsa); } +static int dsa_verify_set_sig(void *vpdsactx, + const unsigned char *sig, size_t siglen) +{ + PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx; + OSSL_PARAM params[2]; + + params[0] = + OSSL_PARAM_construct_octet_string(OSSL_SIGNATURE_PARAM_SIGNATURE, + (unsigned char *)sig, siglen); + params[1] = OSSL_PARAM_construct_end(); + return dsa_sigalg_set_ctx_params(pdsactx, params); +} + +static int dsa_verify_message_final(void *vpdsactx) +{ + PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx; + unsigned char digest[EVP_MAX_MD_SIZE]; + unsigned int dlen = 0; + + if (!ossl_prov_is_running()) + return 0; + + if (pdsactx == NULL || pdsactx->mdctx == NULL) + return 0; + + /* + * The digests used here are all known (see dsa_get_md_nid()), so they + * should not exceed the internal buffer size of EVP_MAX_MD_SIZE. + */ + if (!EVP_DigestFinal_ex(pdsactx->mdctx, digest, &dlen)) + return 0; + + return dsa_verify_directly(vpdsactx, pdsactx->sig, pdsactx->siglen, + digest, dlen); +} + +/* + * If verifying a message, digest tbs and verify the result. + * Otherwise, verify tbs directly. + */ +static int dsa_verify(void *vpdsactx, + const unsigned char *sig, size_t siglen, + const unsigned char *tbs, size_t tbslen) +{ + PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx; + + if (pdsactx->operation == EVP_PKEY_OP_VERIFYMSG) { + if (dsa_verify_set_sig(pdsactx, sig, siglen) <= 0) + return 0; + if (dsa_signverify_message_update(pdsactx, tbs, tbslen) <= 0) + return 0; + return dsa_verify_message_final(pdsactx); + } + return dsa_verify_directly(pdsactx, sig, siglen, tbs, tbslen); +} + +/* DigestSign/DigestVerify wrappers */ + static int dsa_digest_signverify_init(void *vpdsactx, const char *mdname, void *vdsa, const OSSL_PARAM params[], int operation, const char *desc) @@ -351,10 +511,14 @@ static int dsa_digest_signverify_init(void *vpdsactx, const char *mdname, if (!ossl_prov_is_running()) return 0; - if (!dsa_signverify_init(vpdsactx, vdsa, params, operation, desc)) + if (!dsa_signverify_init(vpdsactx, vdsa, dsa_set_ctx_params, params, + operation, desc)) return 0; - if (!dsa_setup_md(pdsactx, mdname, NULL, desc)) + if (mdname != NULL + /* was dsa_setup_md already called in dsa_signverify_init()? */ + && (mdname[0] == '\0' || OPENSSL_strcasecmp(pdsactx->mdname, mdname) != 0) + && !dsa_setup_md(pdsactx, mdname, NULL, desc)) return 0; pdsactx->flag_allow_md = 0; @@ -380,92 +544,79 @@ static int dsa_digest_sign_init(void *vpdsactx, const char *mdname, void *vdsa, const OSSL_PARAM params[]) { return dsa_digest_signverify_init(vpdsactx, mdname, vdsa, params, - EVP_PKEY_OP_SIGN, + EVP_PKEY_OP_SIGNMSG, "DSA Digest Sign Init"); } -static int dsa_digest_verify_init(void *vpdsactx, const char *mdname, - void *vdsa, const OSSL_PARAM params[]) -{ - return dsa_digest_signverify_init(vpdsactx, mdname, vdsa, params, - EVP_PKEY_OP_VERIFY, - "DSA Digest Verify Init"); -} - -int dsa_digest_signverify_update(void *vpdsactx, const unsigned char *data, - size_t datalen) +static int dsa_digest_signverify_update(void *vpdsactx, const unsigned char *data, + size_t datalen) { PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx; - if (pdsactx == NULL || pdsactx->mdctx == NULL) + if (pdsactx == NULL) + return 0; + /* Sigalg implementations shouldn't do digest_sign */ + if (pdsactx->flag_sigalg) return 0; - return EVP_DigestUpdate(pdsactx->mdctx, data, datalen); + return dsa_signverify_message_update(vpdsactx, data, datalen); } -int dsa_digest_sign_final(void *vpdsactx, unsigned char *sig, size_t *siglen, - size_t sigsize) +static int dsa_digest_sign_final(void *vpdsactx, unsigned char *sig, + size_t *siglen, size_t sigsize) { PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx; - unsigned char digest[EVP_MAX_MD_SIZE]; - unsigned int dlen = 0; + int ok = 0; - if (!ossl_prov_is_running() || pdsactx == NULL || pdsactx->mdctx == NULL) + if (pdsactx == NULL) + return 0; + /* Sigalg implementations shouldn't do digest_sign */ + if (pdsactx->flag_sigalg) return 0; - /* - * If sig is NULL then we're just finding out the sig size. Other fields - * are ignored. Defer to dsa_sign. - */ - if (sig != NULL) { - /* - * There is the possibility that some externally provided - * digests exceed EVP_MAX_MD_SIZE. We should probably handle that somehow - - * but that problem is much larger than just in DSA. - */ - if (!EVP_DigestFinal_ex(pdsactx->mdctx, digest, &dlen)) - return 0; - } + ok = dsa_sign_message_final(pdsactx, sig, siglen, sigsize); pdsactx->flag_allow_md = 1; - return dsa_sign(vpdsactx, sig, siglen, sigsize, digest, (size_t)dlen); + return ok; } +static int dsa_digest_verify_init(void *vpdsactx, const char *mdname, + void *vdsa, const OSSL_PARAM params[]) +{ + return dsa_digest_signverify_init(vpdsactx, mdname, vdsa, params, + EVP_PKEY_OP_VERIFYMSG, + "DSA Digest Verify Init"); +} int dsa_digest_verify_final(void *vpdsactx, const unsigned char *sig, size_t siglen) { PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx; - unsigned char digest[EVP_MAX_MD_SIZE]; - unsigned int dlen = 0; + int ok = 0; - if (!ossl_prov_is_running() || pdsactx == NULL || pdsactx->mdctx == NULL) + if (pdsactx == NULL) return 0; - - /* - * There is the possibility that some externally provided - * digests exceed EVP_MAX_MD_SIZE. We should probably handle that somehow - - * but that problem is much larger than just in DSA. - */ - if (!EVP_DigestFinal_ex(pdsactx->mdctx, digest, &dlen)) + /* Sigalg implementations shouldn't do digest_verify */ + if (pdsactx->flag_sigalg) return 0; + if (dsa_verify_set_sig(pdsactx, sig, siglen)) + ok = dsa_verify_message_final(vpdsactx); + pdsactx->flag_allow_md = 1; - return dsa_verify(vpdsactx, sig, siglen, digest, (size_t)dlen); + return ok; } static void dsa_freectx(void *vpdsactx) { PROV_DSA_CTX *ctx = (PROV_DSA_CTX *)vpdsactx; - OPENSSL_free(ctx->propq); EVP_MD_CTX_free(ctx->mdctx); EVP_MD_free(ctx->md); - ctx->propq = NULL; - ctx->mdctx = NULL; - ctx->md = NULL; + OPENSSL_free(ctx->sig); + OPENSSL_free(ctx->propq); DSA_free(ctx->dsa); OPENSSL_free(ctx); } @@ -484,8 +635,6 @@ static void *dsa_dupctx(void *vpdsactx) *dstctx = *srcctx; dstctx->dsa = NULL; - dstctx->md = NULL; - dstctx->mdctx = NULL; dstctx->propq = NULL; if (srcctx->dsa != NULL && !DSA_up_ref(srcctx->dsa)) @@ -502,6 +651,7 @@ static void *dsa_dupctx(void *vpdsactx) || !EVP_MD_CTX_copy_ex(dstctx->mdctx, srcctx->mdctx)) goto err; } + if (srcctx->propq != NULL) { dstctx->propq = OPENSSL_strdup(srcctx->propq); if (dstctx->propq == NULL) @@ -554,7 +704,8 @@ static const OSSL_PARAM *dsa_gettable_ctx_params(ossl_unused void *ctx, return known_gettable_ctx_params; } -static int dsa_set_ctx_params(void *vpdsactx, const OSSL_PARAM params[]) +/* The common params for dsa_set_ctx_params and dsa_sigalg_set_ctx_params */ +static int dsa_common_set_ctx_params(void *vpdsactx, const OSSL_PARAM params[]) { PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx; const OSSL_PARAM *p; @@ -574,6 +725,32 @@ static int dsa_set_ctx_params(void *vpdsactx, const OSSL_PARAM params[]) OSSL_SIGNATURE_PARAM_FIPS_SIGN_CHECK)) return 0; + p = OSSL_PARAM_locate_const(params, OSSL_SIGNATURE_PARAM_NONCE_TYPE); + if (p != NULL + && !OSSL_PARAM_get_uint(p, &pdsactx->nonce_type)) + return 0; + return 1; +} + +#define DSA_COMMON_SETTABLE_CTX_PARAMS \ + OSSL_PARAM_uint(OSSL_SIGNATURE_PARAM_NONCE_TYPE, NULL), \ + OSSL_FIPS_IND_SETTABLE_CTX_PARAM(OSSL_SIGNATURE_PARAM_FIPS_KEY_CHECK) \ + OSSL_FIPS_IND_SETTABLE_CTX_PARAM(OSSL_SIGNATURE_PARAM_FIPS_DIGEST_CHECK) \ + OSSL_FIPS_IND_SETTABLE_CTX_PARAM(OSSL_SIGNATURE_PARAM_FIPS_SIGN_CHECK) \ + OSSL_PARAM_END + +static int dsa_set_ctx_params(void *vpdsactx, const OSSL_PARAM params[]) +{ + PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx; + const OSSL_PARAM *p; + int ret; + + if ((ret = dsa_common_set_ctx_params(pdsactx, params)) <= 0) + return ret; + + if (params == NULL) + return 1; + p = OSSL_PARAM_locate_const(params, OSSL_SIGNATURE_PARAM_DIGEST); if (p != NULL) { char mdname[OSSL_MAX_NAME_SIZE] = "", *pmdname = mdname; @@ -590,21 +767,13 @@ static int dsa_set_ctx_params(void *vpdsactx, const OSSL_PARAM params[]) if (!dsa_setup_md(pdsactx, mdname, mdprops, "DSA Set Ctx")) return 0; } - p = OSSL_PARAM_locate_const(params, OSSL_SIGNATURE_PARAM_NONCE_TYPE); - if (p != NULL - && !OSSL_PARAM_get_uint(p, &pdsactx->nonce_type)) - return 0; return 1; } static const OSSL_PARAM settable_ctx_params[] = { OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST, NULL, 0), OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_PROPERTIES, NULL, 0), - OSSL_PARAM_uint(OSSL_SIGNATURE_PARAM_NONCE_TYPE, NULL), - OSSL_FIPS_IND_SETTABLE_CTX_PARAM(OSSL_SIGNATURE_PARAM_FIPS_KEY_CHECK) - OSSL_FIPS_IND_SETTABLE_CTX_PARAM(OSSL_SIGNATURE_PARAM_FIPS_DIGEST_CHECK) - OSSL_FIPS_IND_SETTABLE_CTX_PARAM(OSSL_SIGNATURE_PARAM_FIPS_SIGN_CHECK) - OSSL_PARAM_END + DSA_COMMON_SETTABLE_CTX_PARAMS }; static const OSSL_PARAM settable_ctx_params_no_digest[] = { @@ -697,3 +866,210 @@ const OSSL_DISPATCH ossl_dsa_signature_functions[] = { (void (*)(void))dsa_settable_ctx_md_params }, OSSL_DISPATCH_END }; + +/* ------------------------------------------------------------------ */ + +/* + * So called sigalgs (composite DSA+hash) implemented below. They + * are pretty much hard coded. + */ + +static OSSL_FUNC_signature_query_key_types_fn dsa_sigalg_query_key_types; +static OSSL_FUNC_signature_settable_ctx_params_fn dsa_sigalg_settable_ctx_params; +static OSSL_FUNC_signature_set_ctx_params_fn dsa_sigalg_set_ctx_params; + +/* + * dsa_sigalg_signverify_init() is almost like dsa_digest_signverify_init(), + * just doesn't allow fetching an MD from whatever the user chooses. + */ +static int dsa_sigalg_signverify_init(void *vpdsactx, void *vdsa, + OSSL_FUNC_signature_set_ctx_params_fn *set_ctx_params, + const OSSL_PARAM params[], + const char *mdname, + int operation, const char *desc) +{ + PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx; + + if (!ossl_prov_is_running()) + return 0; + + if (!dsa_signverify_init(vpdsactx, vdsa, set_ctx_params, params, operation, + desc)) + return 0; + + if (!dsa_setup_md(pdsactx, mdname, NULL, desc)) + return 0; + + pdsactx->flag_sigalg = 1; + pdsactx->flag_allow_md = 0; + + if (pdsactx->mdctx == NULL) { + pdsactx->mdctx = EVP_MD_CTX_new(); + if (pdsactx->mdctx == NULL) + goto error; + } + + if (!EVP_DigestInit_ex2(pdsactx->mdctx, pdsactx->md, params)) + goto error; + + return 1; + + error: + EVP_MD_CTX_free(pdsactx->mdctx); + pdsactx->mdctx = NULL; + return 0; +} + +static const char **dsa_sigalg_query_key_types(void) +{ + static const char *keytypes[] = { "DSA", NULL }; + + return keytypes; +} + +static const OSSL_PARAM settable_sigalg_ctx_params[] = { + OSSL_PARAM_octet_string(OSSL_SIGNATURE_PARAM_SIGNATURE, NULL, 0), + DSA_COMMON_SETTABLE_CTX_PARAMS +}; + +static const OSSL_PARAM *dsa_sigalg_settable_ctx_params(void *vpdsactx, + ossl_unused void *provctx) +{ + PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx; + + if (pdsactx != NULL && pdsactx->operation == EVP_PKEY_OP_VERIFYMSG) + return settable_sigalg_ctx_params; + return NULL; +} + +static int dsa_sigalg_set_ctx_params(void *vpdsactx, const OSSL_PARAM params[]) +{ + PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx; + const OSSL_PARAM *p; + int ret; + + if ((ret = dsa_common_set_ctx_params(pdsactx, params)) <= 0) + return ret; + + if (params == NULL) + return 1; + + if (pdsactx->operation == EVP_PKEY_OP_VERIFYMSG) { + p = OSSL_PARAM_locate_const(params, OSSL_SIGNATURE_PARAM_SIGNATURE); + if (p != NULL) { + OPENSSL_free(pdsactx->sig); + pdsactx->sig = NULL; + pdsactx->siglen = 0; + if (!OSSL_PARAM_get_octet_string(p, (void **)&pdsactx->sig, + 0, &pdsactx->siglen)) + return 0; + } + } + return 1; +} + +#define IMPL_DSA_SIGALG(md, MD) \ + static OSSL_FUNC_signature_sign_init_fn dsa_##md##_sign_init; \ + static OSSL_FUNC_signature_sign_message_init_fn \ + dsa_##md##_sign_message_init; \ + static OSSL_FUNC_signature_verify_init_fn dsa_##md##_verify_init; \ + static OSSL_FUNC_signature_verify_message_init_fn \ + dsa_##md##_verify_message_init; \ + \ + static int \ + dsa_##md##_sign_init(void *vpdsactx, void *vdsa, \ + const OSSL_PARAM params[]) \ + { \ + static const char desc[] = "DSA-" #MD " Sign Init"; \ + \ + return dsa_sigalg_signverify_init(vpdsactx, vdsa, \ + dsa_sigalg_set_ctx_params, \ + params, #MD, \ + EVP_PKEY_OP_SIGN, \ + desc); \ + } \ + \ + static int \ + dsa_##md##_sign_message_init(void *vpdsactx, void *vdsa, \ + const OSSL_PARAM params[]) \ + { \ + static const char desc[] = "DSA-" #MD " Sign Message Init"; \ + \ + return dsa_sigalg_signverify_init(vpdsactx, vdsa, \ + dsa_sigalg_set_ctx_params, \ + params, #MD, \ + EVP_PKEY_OP_SIGNMSG, \ + desc); \ + } \ + \ + static int \ + dsa_##md##_verify_init(void *vpdsactx, void *vdsa, \ + const OSSL_PARAM params[]) \ + { \ + static const char desc[] = "DSA-" #MD " Verify Init"; \ + \ + return dsa_sigalg_signverify_init(vpdsactx, vdsa, \ + dsa_sigalg_set_ctx_params, \ + params, #MD, \ + EVP_PKEY_OP_VERIFY, \ + desc); \ + } \ + \ + static int \ + dsa_##md##_verify_message_init(void *vpdsactx, void *vdsa, \ + const OSSL_PARAM params[]) \ + { \ + static const char desc[] = "DSA-" #MD " Verify Message Init"; \ + \ + return dsa_sigalg_signverify_init(vpdsactx, vdsa, \ + dsa_sigalg_set_ctx_params, \ + params, #MD, \ + EVP_PKEY_OP_VERIFYMSG, \ + desc); \ + } \ + \ + const OSSL_DISPATCH ossl_dsa_##md##_signature_functions[] = { \ + { OSSL_FUNC_SIGNATURE_NEWCTX, (void (*)(void))dsa_newctx }, \ + { OSSL_FUNC_SIGNATURE_SIGN_INIT, \ + (void (*)(void))dsa_##md##_sign_init }, \ + { OSSL_FUNC_SIGNATURE_SIGN, (void (*)(void))dsa_sign }, \ + { OSSL_FUNC_SIGNATURE_SIGN_MESSAGE_INIT, \ + (void (*)(void))dsa_##md##_sign_message_init }, \ + { OSSL_FUNC_SIGNATURE_SIGN_MESSAGE_UPDATE, \ + (void (*)(void))dsa_signverify_message_update }, \ + { OSSL_FUNC_SIGNATURE_SIGN_MESSAGE_FINAL, \ + (void (*)(void))dsa_sign_message_final }, \ + { OSSL_FUNC_SIGNATURE_VERIFY_INIT, \ + (void (*)(void))dsa_##md##_verify_init }, \ + { OSSL_FUNC_SIGNATURE_VERIFY, \ + (void (*)(void))dsa_verify }, \ + { OSSL_FUNC_SIGNATURE_VERIFY_MESSAGE_INIT, \ + (void (*)(void))dsa_##md##_verify_message_init }, \ + { OSSL_FUNC_SIGNATURE_VERIFY_MESSAGE_UPDATE, \ + (void (*)(void))dsa_signverify_message_update }, \ + { OSSL_FUNC_SIGNATURE_VERIFY_MESSAGE_FINAL, \ + (void (*)(void))dsa_verify_message_final }, \ + { OSSL_FUNC_SIGNATURE_FREECTX, (void (*)(void))dsa_freectx }, \ + { OSSL_FUNC_SIGNATURE_DUPCTX, (void (*)(void))dsa_dupctx }, \ + { OSSL_FUNC_SIGNATURE_QUERY_KEY_TYPES, \ + (void (*)(void))dsa_sigalg_query_key_types }, \ + { OSSL_FUNC_SIGNATURE_GET_CTX_PARAMS, \ + (void (*)(void))dsa_get_ctx_params }, \ + { OSSL_FUNC_SIGNATURE_GETTABLE_CTX_PARAMS, \ + (void (*)(void))dsa_gettable_ctx_params }, \ + { OSSL_FUNC_SIGNATURE_SET_CTX_PARAMS, \ + (void (*)(void))dsa_sigalg_set_ctx_params }, \ + { OSSL_FUNC_SIGNATURE_SETTABLE_CTX_PARAMS, \ + (void (*)(void))dsa_sigalg_settable_ctx_params }, \ + OSSL_DISPATCH_END \ + } + +IMPL_DSA_SIGALG(sha1, SHA1); +IMPL_DSA_SIGALG(sha224, SHA2-224); +IMPL_DSA_SIGALG(sha256, SHA2-256); +IMPL_DSA_SIGALG(sha384, SHA2-384); +IMPL_DSA_SIGALG(sha512, SHA2-512); +IMPL_DSA_SIGALG(sha3_224, SHA3-224); +IMPL_DSA_SIGALG(sha3_256, SHA3-256); +IMPL_DSA_SIGALG(sha3_384, SHA3-384); +IMPL_DSA_SIGALG(sha3_512, SHA3-512); diff --git a/test/evp_test.c b/test/evp_test.c index 69ecafe7eb..30a5c85468 100644 --- a/test/evp_test.c +++ b/test/evp_test.c @@ -2537,7 +2537,7 @@ static int pkey_test_run_init(EVP_TEST *t) { PKEY_DATA *data = t->data; int i, ret = 0; - OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; + OSSL_PARAM params[3] = { OSSL_PARAM_END, OSSL_PARAM_END, OSSL_PARAM_END }; OSSL_PARAM *p = NULL; size_t params_n = 0, params_n_allocstart = 0; @@ -2628,6 +2628,9 @@ static int pkey_test_run(EVP_TEST *t) got, got_len)) goto err; + if (pkey_check_fips_approved(expected->ctx, t) <= 0) + goto err; + err: OPENSSL_free(got); EVP_PKEY_CTX_free(copy); diff --git a/test/recipes/30-test_evp.t b/test/recipes/30-test_evp.t index 689dc5eb07..e8dcbfce98 100644 --- a/test/recipes/30-test_evp.t +++ b/test/recipes/30-test_evp.t @@ -74,7 +74,10 @@ push @files, qw( evpkdf_x942_des.txt evpmac_cmac_des.txt ) unless $no_des; -push @files, qw(evppkey_dsa.txt) unless $no_dsa; +push @files, qw( + evppkey_dsa.txt + evppkey_dsa_sigalg.txt + ) unless $no_dsa; push @files, qw( evppkey_ecx.txt evppkey_ecx_sigalg.txt diff --git a/test/recipes/30-test_evp_data/evppkey_dsa_sigalg.txt b/test/recipes/30-test_evp_data/evppkey_dsa_sigalg.txt new file mode 100644 index 0000000000..6f5c088827 --- /dev/null +++ b/test/recipes/30-test_evp_data/evppkey_dsa_sigalg.txt @@ -0,0 +1,419 @@ +# +# Copyright 2024 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +# Tests start with one of these keywords +# Cipher Decrypt Derive Digest Encoding KDF MAC PBE +# PrivPubKeyPair Sign Verify VerifyRecover +# and continue until a blank line. Lines starting with a pound sign are ignored. + + +# Private keys used for PKEY operations. + +# DSA key +PrivateKey=DSA-1024 +-----BEGIN PRIVATE KEY----- +MIIBSwIBADCCASwGByqGSM44BAEwggEfAoGBAO0SwRpkAeM21qSM5ch4CLEHpFk4 +19R5ve1UUr421y3HEUURsrVpxYKvyx8aOBQC/akz95cYxNN3y1JnJJMxPklhdJrJ +f/WDYPxjMk8BqNJmeZtLuCVLKGwQomuo7ZkG955WRyLHYEdQ6uC7K2QTPKpW6psF +YFaDYjAjSEKk2MFxAhUAykDkKLZdhPWzwM8/qYaE31VmWz0CgYEApNVF8oFK41ez +Qci9XbSZJHyPB+3jML1YQkHxiiInaIz6GEFtjUbIUEYA/ovY+6ECNI1aIDHTd7CH +woS0mp33oQYs43nt29B6UwbtMmbzCOQ9vGGwWVho+JtHyyPWrDuLmkvLtoQPaxYt +6PVa3gncr2v3njcVuH+EQ6DuFR93zksEFgIUbyv6pqH+UQurernJn/7sUm2U2i0= +-----END PRIVATE KEY----- + +PublicKey=DSA-1024-PUBLIC +-----BEGIN PUBLIC KEY----- +MIIBtzCCASwGByqGSM44BAEwggEfAoGBAO0SwRpkAeM21qSM5ch4CLEHpFk419R5 +ve1UUr421y3HEUURsrVpxYKvyx8aOBQC/akz95cYxNN3y1JnJJMxPklhdJrJf/WD +YPxjMk8BqNJmeZtLuCVLKGwQomuo7ZkG955WRyLHYEdQ6uC7K2QTPKpW6psFYFaD +YjAjSEKk2MFxAhUAykDkKLZdhPWzwM8/qYaE31VmWz0CgYEApNVF8oFK41ezQci9 +XbSZJHyPB+3jML1YQkHxiiInaIz6GEFtjUbIUEYA/ovY+6ECNI1aIDHTd7CHwoS0 +mp33oQYs43nt29B6UwbtMmbzCOQ9vGGwWVho+JtHyyPWrDuLmkvLtoQPaxYt6PVa +3gncr2v3njcVuH+EQ6DuFR93zksDgYQAAoGAVXFwJ5wTuF0rQ6AWfTitm3/zUeRW +SeKFo+Rg0GrBI+Wg2Tj+Yn6V8Xs+Xyjim1wsd2P6/BlJzCEr4nHjP9JcBICqM3vI +9zCaT/vYsLD7/T7rF9AF/jV+LnkGJCzLbDYF04IkhtLNHOQob+Uc8PWB78e/1Lc4 +SzJw2oHciIOt+UU= +-----END PUBLIC KEY----- + +PrivPubKeyPair = DSA-1024:DSA-1024-PUBLIC + +Title = DSA tests + +FIPSversion = >=3.4.0 +Verify = DSA-SHA1:DSA-1024 +Input = "0123456789ABCDEF1234" +Output = 302d021500942b8c5850e05b59e24495116b1e8559e51b610e0214237aedf272d91f2397f63c9fc8790e1a6cde5d87 + +FIPSversion = >=3.4.0 +Verify = DSA-SHA1:DSA-1024-PUBLIC +Input = "0123456789ABCDEF1234" +Output = 302d021500942b8c5850e05b59e24495116b1e8559e51b610e0214237aedf272d91f2397f63c9fc8790e1a6cde5d87 + +# Modified signature +FIPSversion = >=3.4.0 +Verify = DSA-SHA1:DSA-1024-PUBLIC +Input = "0123456789ABCDEF1234" +Output = 302d021500942b8c5850e05b59e24495116b1e8559e51b610e0214237aedf272d91f2397f63c9fc8790e1a6cde5d88 +Result = VERIFY_ERROR + +# Digest too short +FIPSversion = >=3.4.0 +Verify = DSA-SHA1:DSA-1024-PUBLIC +Input = "0123456789ABCDEF123" +Output = 302d021500942b8c5850e05b59e24495116b1e8559e51b610e0214237aedf272d91f2397f63c9fc8790e1a6cde5d87 +Result = VERIFY_ERROR + +# Digest too long +FIPSversion = >=3.4.0 +Verify = DSA-SHA1:DSA-1024-PUBLIC +Input = "0123456789ABCDEF12345" +Output = 302d021500942b8c5850e05b59e24495116b1e8559e51b610e0214237aedf272d91f2397f63c9fc8790e1a6cde5d87 +Result = VERIFY_ERROR + +# Garbage after signature +FIPSversion = >=3.4.0 +Verify = DSA-1024-PUBLIC +Input = "0123456789ABCDEF1234" +Output = 302d021500942b8c5850e05b59e24495116b1e8559e51b610e0214237aedf272d91f2397f63c9fc8790e1a6cde5d8700 +Result = VERIFY_ERROR + +# Invalid tag +FIPSversion = >=3.4.0 +Verify = DSA-SHA1:DSA-1024-PUBLIC +Input = "0123456789ABCDEF1234" +Output = 312d021500942b8c5850e05b59e24495116b1e8559e51b610e0214237aedf272d91f2397f63c9fc8790e1a6cde5d87 +Result = VERIFY_ERROR + +# BER signature +FIPSversion = >=3.4.0 +Verify = DSA-SHA1:DSA-1024-PUBLIC +Input = "0123456789ABCDEF1234" +Output = 3080021500942b8c5850e05b59e24495116b1e8559e51b610e0214237aedf272d91f2397f63c9fc8790e1a6cde5d870000 +Result = VERIFY_ERROR + +Title = Test keypair mismatches + +PrivateKey = DSA-1024-BIS +-----BEGIN PRIVATE KEY----- +MIIBSwIBADCCASwGByqGSM44BAEwggEfAoGBAO0SwRpkAeM21qSM5ch4CLEHpFk419R5ve1UUr42 +1y3HEUURsrVpxYKvyx8aOBQC/akz95cYxNN3y1JnJJMxPklhdJrJf/WDYPxjMk8BqNJmeZtLuCVL +KGwQomuo7ZkG955WRyLHYEdQ6uC7K2QTPKpW6psFYFaDYjAjSEKk2MFxAhUAykDkKLZdhPWzwM8/ +qYaE31VmWz0CgYEApNVF8oFK41ezQci9XbSZJHyPB+3jML1YQkHxiiInaIz6GEFtjUbIUEYA/ovY ++6ECNI1aIDHTd7CHwoS0mp33oQYs43nt29B6UwbtMmbzCOQ9vGGwWVho+JtHyyPWrDuLmkvLtoQP +axYt6PVa3gncr2v3njcVuH+EQ6DuFR93zksEFgIUFQFshP0hj7i6ClXkSPYoFW6KrIY= +-----END PRIVATE KEY----- + +PublicKey = DSA-1024-BIS-PUBLIC +-----BEGIN PUBLIC KEY----- +MIIBtzCCASwGByqGSM44BAEwggEfAoGBAO0SwRpkAeM21qSM5ch4CLEHpFk419R5 +ve1UUr421y3HEUURsrVpxYKvyx8aOBQC/akz95cYxNN3y1JnJJMxPklhdJrJf/WD +YPxjMk8BqNJmeZtLuCVLKGwQomuo7ZkG955WRyLHYEdQ6uC7K2QTPKpW6psFYFaD +YjAjSEKk2MFxAhUAykDkKLZdhPWzwM8/qYaE31VmWz0CgYEApNVF8oFK41ezQci9 +XbSZJHyPB+3jML1YQkHxiiInaIz6GEFtjUbIUEYA/ovY+6ECNI1aIDHTd7CHwoS0 +mp33oQYs43nt29B6UwbtMmbzCOQ9vGGwWVho+JtHyyPWrDuLmkvLtoQPaxYt6PVa +3gncr2v3njcVuH+EQ6DuFR93zksDgYQAAoGAdZCPYZ9WvtKW7dFvbEjl0HHBxLNX +8kV1/FAxsDrQd+c8mWdruNzcmwsZJklJuTK9czKnXgLmkRHR20I4oNrJ/bptV8lV +iDvJBJlmZ1aGh6yLIHzYBbgbgia3lBrFlO5qUxNmbNeiC+HIqUvlVBmQOLN6+Xjn +Q4A0wDK8dmF2dFI= +-----END PUBLIC KEY----- + +PrivPubKeyPair = DSA-1024-BIS:DSA-1024-BIS-PUBLIC + +PrivPubKeyPair = DSA-1024:DSA-1024-BIS-PUBLIC +Result = KEYPAIR_MISMATCH + +PrivPubKeyPair = DSA-1024-BIS:DSA-1024-PUBLIC +Result = KEYPAIR_MISMATCH + + +PrivateKey = DSA-1024-FIPS186-2 +-----BEGIN PRIVATE KEY----- +MIIBWgIBADCCATMGByqGSM44BAEwggEmAoGBALRSnNcjMPIl4tekT5D3AgqsK042 +Ar1dGKeJCmWrSngAELtSH0yZCwsbl7wLEgG2lfusbn5sdtbpFioKInohZruRhzwC +59GRXjAFD0QPhVE/qy6Oto+8WIHAa/RiEIkxRfTiAe9Ach56k9lZYONDUHDqH38u +UIfjoUN+jlzoJcWbAh0A6TfgjmB+CxvxG/2pz8OAXXfNP8/JLfYvolE/fwKBgH7l +jLeoOofKc+rwO2Fha8nuFddXRSePZKzC7mRQsPXwfvX5V6msU2xizjdPIsqVu7qA +Bcc1YMd7/5C3vaKuS21DxBOs7nAHbO9ZZtGlpUAnJwM/P09nMb3yG6tR9LF3AQmu +Kr2KShQB0FlSgvcCDTX7g8eJ/UuIWo6wX4hSdHDhBB4CHAdVVg1m5ikOICUBo37Y +/TqkTaCFsMDwcDc20Jg= +-----END PRIVATE KEY----- + +PrivateKey = DSA-2048-160 +-----BEGIN PRIVATE KEY----- +MIICTAIBADCCAi0GByqGSM44BAEwggIgAoIBAQCOypCJyAO7uNZSPSNGalSkyjQC +xdFVIGfMJKjEXzJnH4g3ts0UqUyO8126REDJEXDeMi22841xsSvzz0ZJeT5YvMLW +t1BtSTiYg2QOar1qEGJunHgjsWKJbVzIqWNw60ZP7pNKmlR7PKa3WDaPhdeVP8zJ +PEMeUHOSprO5Jk/Hjr8jxV0znIIixb9L9PgJAwxiM7rkRHS2Oz1FCYDmNmuFhQDh +Cb3wY9t1AcAHZ05uZ4PtNjdRPwFLPeVdckPj0ntApvOrH18xPWBmwcVeHAH1SV2k +7LPK7wILHVzcKm74ubX/s1wKysyyXyKM+oCgG9jvfh09VQJcHTHaVS643ohZAhUA +uQMLDZqMQbh9TYlm9xYCEBaeVs0CggEAcum3PgEQIRfukytMQ7gKMyfxHqhMmJ6t +RolRhgMrSfl99dmMoqJV+sdSjYvZSkwl71N1Y4Al8GcJB1SzTSb8qGRzM+43pa4k +SyQZ62WA8w5gaIQJ85JUrWiT8C6SgwAbruS5BVHRbQD6FxZwro9+s8uPnLesMTQX +p4maNSQaqYX7tqGl6Z7Wo0PsEwuDRvBlI6sl97gl4q3FQPByCq/64UW/eF6Illo1 +dpfbiWCszsp8oczXCEuP+2Y67WUIj3LjFA7WM/R8K4SfdMQ/VXY/cyRhlUqQl8Qe +ndBVKe0IeSdqvMcLNoUip7DGcOXW2ogZl+wgeP4xL3pdo8uS025kjwQWAhRfutAE +r/MlbdGMvcA7l0XmzzY85w== +-----END PRIVATE KEY----- + +PrivateKey = DSA-2048-224 +-----BEGIN PRIVATE KEY----- +MIICXAIBADCCAjUGByqGSM44BAEwggIoAoIBAQDVjuiHR3XA9yAjToNQOmdg2rN9 +0A4mIEV3XGy1nqaKZXdavdXcsAGLmttZ/gfiHi0JNh3rxj4dbvcaN+K0IWXq6hAY +6ZOvDZ0FH5DRH63Ecd8fWY/BMDr178sOINkPG8hLRmYcrAp/4woMBPxkEtQBfl4R +POus+OYS4sJpl8wEgfy0HhLXkkN4YQhBf57NvQ7+LcwaErDcNLRguI3TRzflhNEh +ieBfYtIIgISIi0yMsxOINopuHeAmcANLjyUqkQ44xcJ0kM+OoAKFq/XukkTj++iP +9Okh+bmNEo23RtM4qqScZyUIX4bPyynbkMdu01ZG+q8PEhyoxGpHkMT6kYHBAh0A +/rbeX9L8STLoLIsLUMbdPVLWvnLyLooSygawvwKCAQAhscCNIY/bPZ6DRULS8i4G +0f+9chMR+C5tNykaTzCUxRjObOWKu0z1JyViiafcAoV8j1e64xRxA4a8g9RrKilK +KztCJfwIJCeHIjHi/dvIR0z1SDeNNVpFacAT+DF5G+sMqS8Mael0MnEcR2sNkw+1 +MVIO5tinKWAFM087hsSmKs/uIvdVexH2ptKKehxTFjs8ySfAMiMfqhaC2JgPCFL1 +jUpAIvs4oCx2yZKvq+TzJOq8LRHG3qSHa0BcNVPKfVkmVJRg4ETzza1/e14Re1BR +si7RL7EtHuFiFjYiWTGueT+e0jdBS8CoafD1V/I7NPqVmGc5NeaRv4n+ESpDSX+z +BB4CHBN2hfQxLXg+t/MNcza5M0WoAWna5JzQBAtDzIM= +-----END PRIVATE KEY----- + +PrivateKey = DSA-2048-256 +-----BEGIN PRIVATE KEY----- +MIICZQIBADCCAjoGByqGSM44BAEwggItAoIBAQDAuDj/d/t7n4013h18atbOYg4Q +oWZPLmA7MvFABqrlv9lfa0dRGhOHyXClHh2bsNMwk3txKjTaTwjM9v80xe47y2lv +34DPEKaWf+6HGcsu313kjIoAITO61HK0TJXjm0BV2uzZQFmvVHwEZmt7uGFcTc4t +Vl71Z+MjhlMqpOmXIL/OBJkMOE1CXF/b6oKyXJvyZRpE4oxS+8B1l7d/N0B1XhQl +EMToFwmvsKfeeK24wDfxasfbNbQ7Zih/5HylWtNXbvldnOf6cfPPPM6FO7HVI9R5 +llQKxFWujVrX0IOXu89xT8t+/ICKJtLKD5HzmeH1Y6LO+Qnsu5tW8IhnDHKLAiEA +prlohsCeURHqsKcqtMElD7vg+Ati8OKgdo79/ktz9bMCggEBALC9Awm0lClgvefU +inwV6gQppvAQttX7fUGjnrmuAXjw/pm4MBuzkR1P7vm2IY51+SopK+ZvgXXXnWGQ +m8y3DCuoSnfE6Y+NpAfL9iJxy5W+ByvW75GW7/Lj5hR/igKKuYhfGYT/2eIGtdQ2 +C2tcWTcV7Gfk60WSw9eLUtKCUjBHaoFHFMo3MWH64Fc0xVEQ1DLgEC5Y3TLmiLBx +VOGpp5ZFeAc52n/W4afbBcQ5ifGFPwgcS7+WdnUUs7awuCCldh74kz58kdTJAztZ +ZjjK728BYEE4P6itUNtr3jgNzhqwTBFvOwWCQA//a7vpyqtHMzDmpcVuDx6f4iP3 +aghyxFAEIgIgK1Ct6iRtcq01mdt4EGRrkiAHBr5zTcAgbv5ZaU99pmQ= +-----END PRIVATE KEY----- + +PrivateKey = DSA-3072-256 +-----BEGIN PRIVATE KEY----- +MIIDZgIBADCCAzoGByqGSM44BAEwggMtAoIBgQCvf6pPUvu2J7j4aaGcpEkfjX7e +DvM5qlpuf2GDwbWFQpkxeRFtmd5EFbgNvRMsLyfTA3KWd4k2nFug2Uf5kFJ0rOcI +nToVcrPjg8onD43Rcknvmu5grsjDvCFMmWFu361LbWxZCgGCwSUv4P647kS5ccaD +k0o4f+a8YWLahop/HowqoN8/TvC/izdN0WvRYKeegJcBzaaBKWsBS8ucu0jEh5S3 +PCAQRFoKNRPjUzjIhycIlpdmI5BG72SkvSSMef9wvGl72FN2t3v5dbWjl7QgghU5 +0BB/RlueApJgrFhadE/0ZJKSukPMbL9a0L1xZl01iJYraa76rn5weVkU8sW7BN7C +oHTovusrls/AtEBKXKC47rNnfSc9VwfwdNBuvs33Ga872575bjOunQiXQRxuuqjq +u3MyixPygIy+MmjhjPhnpYnb+1sytpoN1UOTi9QMHWLp2ExYvurda6n4nCjbJBcB +DvWPyapslDP+yT/3aEH0ctqu/QMk3rPxBAzVytUCIQD/CwBYEWtyd6IoiqcWVMT5 +4k1cKfg5ZbNu7mG3iS+iSwKCAYEAm1QNpGrOS2orCVUP80KQFTQwg37tlynJjXev +ORdBgDXpIjFcdEgsEx9cHzlOywBDQWxHLXRukvgQbx7dCq2RgEM6Fo6ngbhj87zw +dLFdXxj/TU0fJPhj3VIF2qu5vG1SZRu4zKNZ6uoJP7R4/7o/shHOoTyCOigRew4X +A2P9eIxpEv/KXRznxjG1IcAQJcPYBDwjE555WNHL0jzzKEyxyxmkm9ThEpleW7HU +ij78B5O45V/AHVF7oB/L+Aqmbc2dZy8EtShsMKqSMdFWjV0BnuzsPt9KmKT+rbj6 +MpqgdaKPEsYVD4Nk6EWEyYbWmELtS9jKH5E4Z/pqFGeamsiD5Sn0ap7SGa81BtA+ +s7FMG851b2jtRw0RB4+boGx0Lt43WbytfmW445i4h/NMB0nE/pzjIIjD3URdNoaS +2G2eZcW/aC9bKkOoAr2USSlgylPCkz2a/CAx7i925HOZ2dw9HJ940vkAoxP+nMQv +kMzKKeM5QVgAeRwjDqRk9uCWD7VyBCMCIQDxycQrIIL4PxAoPIM7//v8mL7A3YSW +o3mO5AXuBuEe2g== +-----END PRIVATE KEY----- + +PrivateKey = DSA-3072-224 +-----BEGIN PRIVATE KEY----- +MIIDXAIBADCCAzUGByqGSM44BAEwggMoAoIBgQDEY9anVQ8qwdz77IQx1bSmu5MI +mP7pf9IUXbH5fZFrCjlDu34w2WvsdDRrM2/isvKb/wj+sgg5dx5bWRn/+xolwu8l +upmD6KMJ07t9SSla155tkvS/8hU5AD8elH9vV+HlTPKRHNF1X3jFJRVay64O+vFX +WRe7t3yBFv/VqkhnYwm5aymMK6/TXR1znJzrMNgU1Ao3unhjaFnRsldHVHjXrA4y +rJRMsa4r5BCPQNK8iXKabAw19oiRbRvqs3YfzoR1HqZ3LGO1/p9ECoc/QW0uI1Za +LYQli1aNtNmtYhwKvy7O8IzjrbjkDRgl/TtDmtfpDnM6FkQebgU0OxQXTOwZgtEV +a7VY+EwG1q+Qab7uvuO2YJ7Mk2JKmu4u0Gz7tq5N+hEN4P5UMC/MUw6ftLCGN6l6 +ycEJHMgGzDsAKEJW6NcXneY3vXpdaRGnuxyUKI86wQd3Qg1Mm3H1gqtkd48owIJm +RtE/u91T4OJOcwVm2FxDgmMsb0LwqAELL+I9RH8CHQDNAddLZ4ovSccoD+s06I+X +d+GzJ8cNcbn4H1TVAoIBgAmwgz0CjHaacOiXcQ4GLw0kN2IpXKAXYma1vDlDcesT +lY8dcGsX2UjuLnfegMRkb5FMGZ8TDjgDG4vLo2p1ybt7S7s0hn56bju5HZLSOmAp +nu5M15iZxDzgVvhRkB0EG/aw5i6iq22JUA5SUAGYLemcZIuukIDu6vhTeK2125qa +q+Uc0/kyPMOf0zABo+I2wWNmZgdq26F147Yrf06VY3ekxcER1vAUfVBHxeYPfdZR +N8ztdzYTPtCSxyIWATUxYvWxsaxqNckjXLZp5t9L72Zc8k5swsBDIAabhJTiQrRS +hkhD0UOCf2pUNFcHIxLqYskOycEjtmKrAYbrHZDRw5CzP5ABaDYwqgxi2ZSt/tv4 +iYUhX4tRicGeAWLM7D3LxG+P/6q7dJ/Gjjx8gmbcBJKcjVDGp/b8xn1WY83gbNEJ +HOAqdXyxgnQL+E581jk13LixzoOboyrhryFqVoMarZOXEAQKToG24tj5DO7LmviW +8hzXTwJmVlKblGJxVmqDuQQeAhx6PjOtN4DxhxZdoX8+lU7C6CWYvyQbJOER0XVn +-----END PRIVATE KEY----- + +PrivateKey = DSA-4096-256 +-----BEGIN PRIVATE KEY----- +MIIEZQIBADCCBDoGByqGSM44BAEwggQtAoICAQD9m23nz0MOXi3GFvuv+Qpva9Ms +oZ/oPS1sYy/JtxvBtEjWv0b0wxtLAiASkBBhaqC1Qy+9O7dC7s5wze/0v/mAxFtF +X18KhMWSRtgiGOWzg6Nyog+Dus224Qa6wfYC1+lcGG/TmDLSmukBrVzd/71pSOkT +6O3v5hx1JOdJzzNPt1kjq31B1/2h9OXnARg1JDCLHP6fxRkWj2ThwU+FwlKTpo+d +MsC0Xl93t1lBOiS5VsHLSZIeqsInEj3bWBTT6C5q0huZKBQ9iT3SwAq/gG8KL9DV +MGSWQwAQdUpQWcv6JDwLb6h6QhHmzclDCF8JAGRzLA9kDWbmYPXQuVxj1//LuJba +fMe6tLWBuAMeQNFuB/pro2dszbo8GDOYEaOfogG86x9hfgBoPufU0oHlfhj3nhO8 +cLYwvhRkN/ZZyTM5/1aHQNvp6S+sIGD1WFKPxMZuTH2k01I0s8ESGrlWpnPgwNQx +iwx+dlXLFZNdDOiS+Mb9JPSuJ/xDagHmQzG0gxYiLfWQKjAMol4niB6mGIm0gEYq +Rw9OEHE/ghzBMbr6M+BLDm7PDac5y1a3L6l9e0Yq9h+4bwqTqZIpNIsRS4A0lmXd +IXs54dQmTwF75cMWjOAOYwxua97I4Ci3nkJWiozBugoGrKTSkeNX21uMfVJKidjd +j79Vlz79qnMSB42sqwIhAPwv8XkIkZvnDKTTowvUy8L6V/SxF7KZFtvX5Mx4KJt7 +AoICAQDdWpUSEpBLdFiu6MzqdWnRv9pt8BEu0sC9Z+xE3VrpDKqqnK2Rhtye0yIk +4fofLl9VF2J4P6hzDcCu8QEDj0K3dWQR+BU1WMBHMCTHrTM51XAqbjR1H3ZYWVxC +WgWrVGQkcD55TrM2RYBKH6Wa7K9HeFVJcdHrh0AZb4lXIBZHf0+71cOfZH8w1ufl +yKzYNMGY9+eoU3Pm0D5gBO/69uWDrK21SJMW3Fpqm4rgeHtNhR4oI6cagyo2+XfD +e+ivCk5XKCXgImKpKDMuKhJy0K4vZFjVHeIWl2mf1zyhmCxuAcGEf9dRVKtnQQGS +8uJGddKuda67J9vecN78H2nhsZcU9DRPzgjW+tUTwSX3ycW/hEA65kN5PUSpj8Ax +7gZN5Jn8bGNlCgLItHQMscGDo0L47+bN8G8JguZr+hpNFKmYMpbQ15yHaRU7DR36 +Zx91SEQ1o8Kn8mNT37RBYk/vZij9P8QRnn3pen9Ha5CBNs6/8RERaUJ84kSCV0iL +4/ed3syr8bek8a2rN6qhLZSKfYwLdiu0VaBsmJrOoE7xNgJ+f0g7aTptO1NOiwtY +ftiDvljQGG1QhAv9i1uSmz6EPYn3VCJPadxX8mlPmpGCewk8ycOV1IFgCK86cdTl +bDfJavyQoCWW6EF260m2+rWtl6ILGhhWIbDN5KfXBhrOPvxvHQQiAiBZM1KxUjGw +h2C/91Z0b0Xg4QYNOtVUbfqQTJQAqEpaRg== +-----END PRIVATE KEY----- + +Title = FIPS Tests (using different key sizes and digests) + +# Test sign with a 2048 bit key with N == 160 is not allowed in fips mode +Availablein = fips +FIPSversion = >=3.4.0 +Sign-Message = DSA-SHA256:DSA-2048-160 +Input = "Hello" +Output = 00 +Result = KEYOP_INIT_ERROR + +# Test sign with a 2048 bit key with N == 224 is allowed in fips mode +Availablein = default +FIPSversion = >=3.4.0 +Sign-Message = DSA-SHA256:DSA-2048-224 +Input = "Hello" +Output = 00 +Result = KEYOP_MISMATCH + +# Test sign with a 2048 bit key with N == 256 is allowed in fips mode +Availablein = default +FIPSversion = >=3.4.0 +Sign-Message = DSA-SHA256:DSA-2048-256 +Input = "Hello" +Result = KEYOP_MISMATCH + +# Test sign with a 3072 bit key with N == 256 is allowed in fips mode +Availablein = default +FIPSversion = >=3.4.0 +Sign-Message = DSA-SHA256:DSA-3072-256 +Input = "Hello" +Result = KEYOP_MISMATCH + +# Test sign with a 2048 bit SHA3 is allowed in fips mode +Availablein = default +FIPSversion = >=3.4.0 +Sign-Message = DSA-SHA3-224:DSA-2048-256 +Input = "Hello" +Result = KEYOP_MISMATCH + +# Test verify with a 1024 bit key is allowed in fips mode +FIPSversion = >=3.4.0 +Verify-Message = DSA-SHA256:DSA-1024 +Input = "Hello " +Output = 302c02142e32c8a5b0bd19b2ba33fd9c78aad3729dcb1b9e02142c006f7726a9d6833d414865b95167ea5f4f7713 + +# Test verify with SHA1 is allowed in fips mode +FIPSversion = >=3.4.0 +Verify-Message = DSA-SHA1:DSA-1024 +Input = "Hello " +Output = 302c0214602d21ed37e46051bb3d06cc002adddeb4cdb3bd02144f39f75587b286588862d06366b2f29bddaf8cf6 + +# Test verify with a 2048/160 bit key is allowed in fips mode +FIPSversion = >=3.4.0 +Verify-Message = DSA-SHA256:DSA-2048-160 +Input = "Hello" +Output = 302e021500a51ca7f70ae206f221dc9b805bb04bfc07d6e448021500b16e45f9dac8aff04e115f96c00f4237d0fced41 + +Title = Fips Negative Tests (using different key sizes and digests) + +# Test sign with a 1024 bit key is not allowed in fips mode +Availablein = fips +FIPSversion = >=3.4.0 +Sign-Message = DSA-SHA256:DSA-1024-FIPS186-2 +Securitycheck = 1 +Input = "Hello" +Result = KEYOP_INIT_ERROR + +# Test sign with SHA1 is not allowed in fips mode +Availablein = fips +FIPSversion = >=3.4.0 +Sign-Message = DSA-SHA1:DSA-2048-256 +Securitycheck = 1 +Input = "Hello" +Result = KEYOP_INIT_ERROR + +# Test sign with a 3072 bit key with N == 224 is not allowed in fips mode +Availablein = fips +FIPSversion = >=3.4.0 +Sign-Message = DSA-SHA256:DSA-3072-224 +Securitycheck = 1 +Input = "Hello" +Result = KEYOP_INIT_ERROR + +# Test sign with a 4096 bit key is not allowed in fips mode +Availablein = fips +FIPSversion = >=3.4.0 +Sign-Message = DSA-SHA256:DSA-4096-256 +Securitycheck = 1 +Input = "Hello" +Result = KEYOP_INIT_ERROR + +Title = Fips Indicator Tests +# Check that the indicator callback is triggered + +# Test sign with a 1024 bit key is unapproved in fips mode if the sign and key +# checks are ignored. +Availablein = fips +FIPSversion = >=3.4.0 +Sign-Message = DSA-SHA256:DSA-1024-FIPS186-2 +Securitycheck = 1 +Unapproved = 1 +CtrlInit = sign-check:0 +CtrlInit = key-check:0 +Input = "Hello" +Result = KEYOP_MISMATCH + +# Test sign with a 1024 bit key is unapproved and fails the key check in +# fips mode if the sign check is ignored +Availablein = fips +FIPSversion = >=3.4.0 +Sign-Message = DSA-SHA256:DSA-1024-FIPS186-2 +Securitycheck = 1 +Unapproved = 1 +CtrlInit = sign-check:0 +Input = "Hello" +Result = KEYOP_INIT_ERROR + +# Test sign with a 3072 bit key with N == 224 is not allowed in fips mode if the +# sign and key checks are ignored +Availablein = fips +FIPSversion = >=3.4.0 +Sign-Message = DSA-SHA256:DSA-3072-224 +Securitycheck = 1 +Unapproved = 1 +CtrlInit = sign-check:0 +CtrlInit = key-check:0 +Input = "Hello" +Result = KEYOP_MISMATCH + +# Test sign with a 4096 bit key is unapproved in fips mode if the sign and key +# checks are ignored +Availablein = fips +FIPSversion = >=3.4.0 +Sign-Message = DSA-SHA256:DSA-4096-256 +Securitycheck = 1 +Unapproved = 1 +CtrlInit = sign-check:0 +CtrlInit = key-check:0 +Input = "Hello" +Result = KEYOP_MISMATCH + +# Test sign with SHA1 is unapproved in fips mode if DSA sign check is ignored +Availablein = fips +FIPSversion = >=3.4.0 +Sign-Message = DSA-SHA1:DSA-2048-256 +Securitycheck = 1 +Unapproved = 1 +CtrlInit = sign-check:0 +Input = "Hello" +Result = KEYOP_INIT_ERROR |