Commit e106439e authored by Anderson Sasaki's avatar Anderson Sasaki
Browse files

crypto-selftests-pk.c: Use deterministic signatures in test_known_sig()



Use deterministic signatures for ECDSA and DSA in test_known_sig().  Do
not call test_known_sig() for non-deterministic algorithms.  Do not run
PK_TEST() for algorithms tested with PK_KNOWN_TEST().

test_known_sig() was modified to support only deterministic algorithms.
The "deterministic" parameter was replaced with the "flags" parameter
through which the flags to be used in gnutls_privkey_sign_data() are
passed.

The hard-coded values for the ECDSA and DSA signatures were replaced
with the values corresponding to the deterministic signatures to be used
in known answer tests.  The unused values for GOST signatures were
removed.
Signed-off-by: Anderson Sasaki's avatarAnderson Toshiyuki Sasaki <ansasaki@redhat.com>
parent 0b36cf56
......@@ -110,7 +110,7 @@ static const char ecdsa_secp256r1_privkey[] =
"-----END EC PRIVATE KEY-----\n";
static const char ecdsa_secp256r1_sig[] =
"\x30\x45\x02\x21\x00\x9b\x8f\x60\xed\x9e\x40\x8d\x74\x82\x73\xab\x20\x1a\x69\xfc\xf9\xee\x3c\x41\x80\xc0\x39\xdd\x21\x1a\x64\xfd\xbf\x7e\xaa\x43\x70\x02\x20\x44\x28\x05\xdd\x30\x47\x58\x96\x18\x39\x94\x18\xba\xe7\x7a\xf6\x1e\x2d\xba\xb1\xe0\x7d\x73\x9e\x2f\x58\xee\x0c\x2a\x89\xe8\x35";
"\x30\x45\x02\x21\x00\x80\x67\x18\xb9\x72\xc6\x0b\xe1\xc9\x89\x9b\x85\x11\x49\x29\x08\xd9\x86\x76\xcc\xfb\xc1\xf4\xd0\xa2\x5e\xa7\xb9\x12\xfb\x1a\x68\x02\x20\x67\x12\xb1\x89\x9e\x1d\x9d\x5c\x0f\xef\x6e\xa7\x2a\x95\x8c\xfa\x54\x20\x80\xc8\x30\x7c\xff\x06\xbc\xc8\xe2\x9a\x2f\x05\x2f\x67";
#ifdef ENABLE_NON_SUITEB_CURVES
/* sha256 */
......@@ -121,7 +121,7 @@ static const char ecdsa_secp192r1_privkey[] =
"Fg==" "-----END EC PRIVATE KEY-----";
static const char ecdsa_secp192r1_sig[] =
"\x30\x34\x02\x18\x5f\xb3\x10\x4b\x4d\x44\x48\x29\x4b\xfd\xa7\x8e\xce\x57\xac\x36\x38\x54\xab\x73\xdb\xed\xb8\x5f\x02\x18\x0b\x8b\xf3\xae\x49\x50\x0e\x47\xca\x89\x1a\x00\xca\x23\xf5\x8d\xd6\xe3\xce\x9a\xff\x2e\x4f\x5c";
"\x30\x34\x02\x18\x7c\x43\xe3\xb7\x26\x90\x43\xb5\xf5\x63\x8f\xee\xac\x78\x3d\xac\x35\x35\xd0\x1e\x83\x17\x2b\x64\x02\x18\x14\x6e\x94\xd5\x7e\xac\x43\x42\x0b\x71\x7a\xc8\x29\xe6\xe3\xda\xf2\x95\x0e\xe0\x63\x24\xed\xf2";
static const char ecdsa_secp224r1_privkey[] =
"-----BEGIN EC PRIVATE KEY-----"
......@@ -130,7 +130,7 @@ static const char ecdsa_secp224r1_privkey[] =
"DqPsk8xBHAB7pA==" "-----END EC PRIVATE KEY-----";
static const char ecdsa_secp224r1_sig[] =
"\x30\x3d\x02\x1c\x76\x03\x8d\x74\xf4\xd3\x09\x2a\xb5\xdf\x6b\x5b\xf4\x4b\x86\xb8\x62\x81\x5d\x7b\x7a\xbb\x37\xfc\xf1\x46\x1c\x2b\x02\x1d\x00\xa0\x98\x5d\x80\x43\x89\xe5\xee\x1a\xec\x46\x08\x04\x55\xbc\x50\xfa\x2a\xd5\xa6\x18\x92\x19\xdb\x68\xa0\x2a\xda";
"\x30\x3d\x02\x1c\x14\x22\x09\xa1\x51\x33\x37\xfd\x78\x73\xbd\x84\x6e\x76\xa8\x60\x90\xf5\xb6\x57\x34\x25\xe0\x79\xe3\x01\x61\xa9\x02\x1d\x00\xb1\xee\xdb\xae\xb3\xe6\x9c\x04\x68\xd5\xe1\x0d\xb6\xfc\x5c\x45\xc3\x4f\xbf\x2b\xa5\xe0\x89\x37\x84\x04\x82\x5f";
#endif
static const char ecdsa_secp384r1_privkey[] =
......@@ -141,7 +141,7 @@ static const char ecdsa_secp384r1_privkey[] =
"pv8e4ugXagVQVBXNZJ859iYPdJR24vo=" "-----END EC PRIVATE KEY-----";
static const char ecdsa_secp384r1_sig[] =
"\x30\x66\x02\x31\x00\xbb\x4d\x25\x30\x13\x1b\x3b\x75\x60\x07\xed\x53\x8b\x52\xee\xd8\x6e\xf1\x9d\xa8\x36\x0e\x2e\x20\x31\x51\x11\x48\x78\xdd\xaf\x24\x38\x64\x81\x71\x6b\xa6\xb7\x29\x58\x28\x82\x32\xba\x29\x29\xd9\x02\x31\x00\xeb\x70\x09\x87\xac\x7b\x78\x0d\x4c\x4f\x08\x2b\x86\x27\xe2\x60\x1f\xc9\x11\x9f\x1d\xf5\x82\x4c\xc7\x3d\xb0\x27\xc8\x93\x29\xc7\xd0\x0e\x88\x02\x09\x93\xc2\x72\xce\xa5\x74\x8c\x3d\xe0\x8c\xad";
"\x30\x65\x02\x31\x00\xa7\x73\x60\x16\xdb\xf9\x1f\xfc\x9e\xd2\x12\x23\xd4\x04\xa7\x31\x1f\x15\x28\xfd\x87\x9c\x2c\xb1\xf3\x38\x35\x23\x3b\x6e\xfe\x6a\x5d\x89\x34\xbe\x02\x82\xc6\x27\xea\x45\x53\xa9\x87\xc5\x31\x0a\x02\x30\x76\x32\x80\x6b\x43\x3c\xb4\xfd\x90\x03\xe0\x1d\x5d\x77\x18\x45\xf6\x71\x29\xa9\x05\x87\x49\x75\x3a\x78\x9c\x49\xe5\x6c\x8e\x18\xcd\x5d\xee\x2c\x6f\x92\xf7\x15\xd3\x38\xd5\xf9\x9b\x9d\x1a\xf4";
static const char ecdsa_secp521r1_privkey[] =
"-----BEGIN EC PRIVATE KEY-----"
......@@ -153,7 +153,7 @@ static const char ecdsa_secp521r1_privkey[] =
"-----END EC PRIVATE KEY-----";
static const char ecdsa_secp521r1_sig[] =
"\x30\x81\x87\x02\x42\x01\xb8\xcb\x52\x9e\x10\xa8\x49\x3f\xe1\x9e\x14\x0a\xcf\x96\xed\x7e\xab\x7d\x0c\xe1\x9b\xa4\x97\xdf\x01\xf5\x35\x42\x5f\x5b\x28\x15\x24\x33\x6e\x59\x6c\xaf\x10\x8b\x98\x8e\xe9\x4c\x23\x0d\x76\x92\x03\xdd\x6d\x8d\x08\x47\x15\x5b\xf8\x66\x75\x75\x40\xe8\xf4\xa0\x52\x02\x41\x15\x27\x7c\x5f\xa6\x33\xa6\x29\x68\x3f\x55\x8d\x7f\x1d\x4f\x88\xc6\x61\x6e\xac\x21\xdf\x2b\x7b\xde\x76\x9a\xdc\xe6\x3b\x94\x3f\x03\x9c\xa2\xa6\xa3\x63\x39\x48\xbd\x79\x70\x21\xf2\x6b\xff\x58\x66\xf1\x58\xc2\x58\xad\x4f\x84\x14\x5d\x05\x12\x83\xd0\x87\xbd\xf3";
"\x30\x81\x88\x02\x42\x01\x9d\x13\x2e\xc9\x75\x1b\x60\x10\x62\xc5\x0d\xcb\x08\x9e\x86\x01\xd3\xc9\x8c\xee\x2e\x16\x3d\x8c\xc2\x65\x80\xe1\x32\x56\xc3\x02\x9d\xf0\x4a\x89\x8d\x2e\x33\x2a\x90\x4e\x72\x1d\xaa\x84\x14\xe8\xcb\xdf\x7a\x4a\xc9\x67\x2e\xba\xa3\xf2\xc2\x07\xf7\x1b\xa5\x91\xbd\x02\x42\x01\xe3\x32\xd2\x25\xeb\x2e\xaf\xb4\x6c\xc0\xaa\x5c\xc1\x56\x14\x13\x23\x7f\x62\xcf\x4c\xb8\xd1\x96\xe0\x29\x6d\xed\x74\xdd\x23\x64\xf9\x29\x86\x40\x22\x2f\xb6\x8d\x4c\x8e\x0b\x7a\xda\xdb\x03\x44\x01\x9b\x81\x1c\x3c\xab\x78\xee\xf2\xc5\x24\x33\x61\x65\x01\x87\x66";
/* DSA key and signature */
static const char dsa_privkey[] =
......@@ -179,35 +179,7 @@ static const char dsa_privkey[] =
"-----END DSA PRIVATE KEY-----\n";
static const char dsa_sig[] =
"\x30\x3d\x02\x1c\x2e\x40\x14\xb3\x7a\x3f\xc0\x4f\x06\x74\x4f\xa6\x5f\xc2\x0a\x46\x35\x38\x88\xb4\x1a\xcf\x94\x02\x40\x42\x7c\x7f\x02\x1d\x00\x98\xfc\xf1\x08\x66\xf1\x86\x28\xc9\x73\x9e\x2b\x5d\xce\x57\xe8\xb5\xeb\xcf\xa3\xf6\x60\xf6\x63\x16\x0e\xc0\x42";
static const char gost01_privkey[] =
"-----BEGIN PRIVATE KEY-----\n"
"MEUCAQAwHAYGKoUDAgITMBIGByqFAwICIwEGByqFAwICHgEEIgQgdNfuHGmmTdPm\n"
"p5dAa3ea9UYxpdYQPP9lbDwzQwG2bJM=\n"
"-----END PRIVATE KEY-----\n";
static const char gost01_sig[] =
"\xc5\xc8\xf8\xdc\x22\x51\xb0\x72\xe9\xa2\xbb\x84\x6c\xe2\x24\xd5\x72\x39\x2a\x5a\x0e\x7a\x43\xfc\x9c\xc3\x5d\x32\x92\xbb\xab\xc0\x4b\x99\xbd\xc8\x47\x24\x70\x06\x7e\xa1\xc6\xe3\xa0\xdc\x42\xed\xa0\x66\xf0\xcc\x50\x97\xe9\x5a\x7d\x3f\x65\x2d\x7b\x1b\x03\xcb";
static const char gost12_256_privkey[] =
"-----BEGIN PRIVATE KEY-----\n"
"MEgCAQAwHwYIKoUDBwEBAQEwEwYHKoUDAgIjAQYIKoUDBwEBAgIEIgQgKOF96tom\n"
"D61rhSnzKjyrmO3fv0gdlHei+6ovrc8SnBk=\n"
"-----END PRIVATE KEY-----\n";
static const char gost12_256_sig[] =
"\xb2\x51\x5a\x1a\xbd\x95\x4e\x71\x55\xad\x74\x74\x81\xa6\xca\x6c\x14\x01\xe0\x18\xda\xe4\x0d\x02\x4f\x14\xd2\x39\xd6\x3c\xb5\x85\xa8\x37\xfd\x7f\x2b\xfa\xe4\xf5\xbc\xbc\x15\x20\x8b\x83\x4b\x84\x0d\x5d\x02\x21\x8c\x0d\xb9\xc4\x2b\xc0\x3e\xfd\x42\x55\x1d\xb0";
static const char gost12_512_privkey[] =
"-----BEGIN PRIVATE KEY-----\n"
"MGoCAQAwIQYIKoUDBwEBAQIwFQYJKoUDBwECAQIBBggqhQMHAQECAwRCBECjFpvp\n"
"B0vdc7u59b99TCNXhHiB69JJtUjvieNkGYJpoaaIvoKZTNCjpSZASsZcQZCHOTof\n"
"hsQ3JCCy4xnd5jWT\n"
"-----END PRIVATE KEY-----\n";
static const char gost12_512_sig[] =
"\x52\x4f\xa2\x77\x51\xd2\xc5\xef\xd3\xa3\x99\x4e\xec\xff\xc6\xe9\xfc\x2f\xc0\x28\x42\x03\x95\x6c\x9a\x38\xee\xea\x89\x79\xae\x1a\xc3\x68\x5e\xe4\x15\x15\x4b\xec\x0f\xf1\x7e\x0f\xba\x01\xc7\x84\x16\xc7\xb5\xac\x9d\x0c\x22\xdd\x31\xf7\xb0\x9b\x59\x4b\xf0\x02\xa8\x7d\xfd\x6d\x02\x43\xc7\x4f\x65\xbd\x84\x5c\x54\x91\xba\x75\x9f\x5a\x61\x19\x5c\x9a\x10\x78\x34\xa0\xa6\xf6\xdc\xb6\xb0\x50\x22\x38\x5f\xb0\x16\x66\xf1\xd5\x46\x00\xd5\xe2\xa8\xe5\xd2\x11\x5f\xd1\xbe\x6e\xac\xb2\x9c\x14\x34\x96\xe7\x58\x94\xb8\xf4\x5f";
"\x30\x3d\x02\x1d\x00\xbe\x87\x2f\xcf\xa1\xe4\x86\x5c\x72\x58\x4a\x7b\x8f\x32\x7f\xa5\x1b\xdc\x5c\xae\xda\x98\xea\x15\x32\xed\x0c\x4e\x02\x1c\x4c\x76\x01\x2b\xcd\xb9\x33\x95\xf2\xfa\xde\x56\x01\xb7\xaa\xe4\x5a\x4a\x2e\xf1\x24\x5a\xd1\xb5\x83\x9a\x93\x61";
static int test_rsa_enc(gnutls_pk_algorithm_t pk,
unsigned bits, gnutls_digest_algorithm_t ign)
......@@ -408,7 +380,7 @@ static int test_known_sig(gnutls_pk_algorithm_t pk, unsigned bits,
gnutls_digest_algorithm_t dig,
const void *privkey, size_t privkey_size,
const void *stored_sig, size_t stored_sig_size,
unsigned deterministic_sigs)
gnutls_privkey_flags_t flags)
{
int ret;
gnutls_datum_t sig = { NULL, 0 };
......@@ -417,8 +389,11 @@ static int test_known_sig(gnutls_pk_algorithm_t pk, unsigned bits,
gnutls_privkey_t key;
char param_name[32];
if (pk == GNUTLS_PK_EC || pk == GNUTLS_PK_GOST_01 ||
pk == GNUTLS_PK_GOST_12_256 || pk == GNUTLS_PK_GOST_12_512) {
if (pk == GNUTLS_PK_EC ||
pk == GNUTLS_PK_GOST_01 ||
pk == GNUTLS_PK_GOST_12_256 ||
pk == GNUTLS_PK_GOST_12_512)
{
snprintf(param_name, sizeof(param_name), "%s",
gnutls_ecc_curve_get_name(GNUTLS_BITS_TO_CURVE
(bits)));
......@@ -452,39 +427,37 @@ static int test_known_sig(gnutls_pk_algorithm_t pk, unsigned bits,
goto cleanup;
}
/* Test if the signature we generate matches the stored */
ret = gnutls_privkey_sign_data(key, dig, flags, &signed_data, &sig);
if (ret < 0) {
gnutls_assert();
goto cleanup;
}
/* Test if the generated signature matches the stored */
ssig.data = (void *) stored_sig;
ssig.size = stored_sig_size;
if (deterministic_sigs != 0) { /* do not compare against stored signature if not provided */
ret =
gnutls_privkey_sign_data(key, dig, 0, &signed_data,
&sig);
if (ret < 0) {
gnutls_assert();
goto cleanup;
}
if (sig.size != ssig.size
|| memcmp(sig.data, ssig.data, sig.size) != 0) {
ret = GNUTLS_E_SELF_TEST_ERROR;
if (sig.size != ssig.size
|| memcmp(sig.data, ssig.data, sig.size) != 0) {
ret = GNUTLS_E_SELF_TEST_ERROR;
#if 0
unsigned i;
fprintf(stderr, "\nstored[%d]: ", ssig.size);
for (i = 0; i < ssig.size; i++)
fprintf(stderr, "\\x%.2x", ssig.data[i]);
fprintf(stderr, "\ngenerated[%d]: ", sig.size);
for (i = 0; i < sig.size; i++)
fprintf(stderr, "\\x%.2x", sig.data[i]);
fprintf(stderr, "\n");
unsigned i;
fprintf(stderr, "Algorithm: %s-%s\n",
gnutls_pk_get_name(pk), param_name);
fprintf(stderr, "\nstored[%d]: ", ssig.size);
for (i = 0; i < ssig.size; i++)
fprintf(stderr, "\\x%.2x", ssig.data[i]);
fprintf(stderr, "\ngenerated[%d]: ", sig.size);
for (i = 0; i < sig.size; i++)
fprintf(stderr, "\\x%.2x", sig.data[i]);
fprintf(stderr, "\n");
#endif
gnutls_assert();
goto cleanup;
}
gnutls_assert();
goto cleanup;
}
/* Test if we can verify the signature */
/* Test if we can verify the generated signature */
ret = gnutls_pubkey_import_privkey(pub, key, 0, 0);
if (ret < 0) {
......@@ -494,7 +467,7 @@ static int test_known_sig(gnutls_pk_algorithm_t pk, unsigned bits,
ret =
gnutls_pubkey_verify_data2(pub, gnutls_pk_to_sign(pk, dig), 0,
&signed_data, &ssig);
&signed_data, &sig);
if (ret < 0) {
ret = GNUTLS_E_SELF_TEST_ERROR;
gnutls_assert();
......@@ -505,7 +478,7 @@ static int test_known_sig(gnutls_pk_algorithm_t pk, unsigned bits,
ret =
gnutls_pubkey_verify_data2(pub, gnutls_pk_to_sign(pk, dig), 0,
&bad_data, &ssig);
&bad_data, &sig);
if (ret != GNUTLS_E_PK_SIG_VERIFY_FAILED) {
ret = GNUTLS_E_SELF_TEST_ERROR;
......@@ -538,8 +511,8 @@ static int test_known_sig(gnutls_pk_algorithm_t pk, unsigned bits,
goto cleanup; \
}
#define PK_KNOWN_TEST(pk, det, bits, dig, pkey, sig) \
ret = test_known_sig(pk, bits, dig, pkey, sizeof(pkey)-1, sig, sizeof(sig)-1, det); \
#define PK_KNOWN_TEST(pk, bits, dig, pkey, sig, flags) \
ret = test_known_sig(pk, bits, dig, pkey, sizeof(pkey)-1, sig, sizeof(sig)-1, flags); \
if (ret < 0) { \
gnutls_assert(); \
goto cleanup; \
......@@ -767,15 +740,13 @@ int gnutls_pk_self_test(unsigned flags, gnutls_pk_algorithm_t pk)
return 0;
FALLTHROUGH;
case GNUTLS_PK_RSA:
PK_KNOWN_TEST(GNUTLS_PK_RSA, 1, 2048, GNUTLS_DIG_SHA256,
rsa_key2048, rsa_sig);
PK_KNOWN_TEST(GNUTLS_PK_RSA, 2048, GNUTLS_DIG_SHA256,
rsa_key2048, rsa_sig, 0);
PK_TEST(GNUTLS_PK_RSA, test_rsa_enc, 2048, 0);
if (!(flags & GNUTLS_SELF_TEST_FLAG_ALL))
return 0;
PK_TEST(GNUTLS_PK_RSA, test_sig, 2048, GNUTLS_SIGN_RSA_SHA256);
FALLTHROUGH;
case GNUTLS_PK_RSA_PSS:
PK_TEST(GNUTLS_PK_RSA_PSS, test_sig, 2048, GNUTLS_SIGN_RSA_PSS_RSAE_SHA256);
......@@ -785,14 +756,12 @@ int gnutls_pk_self_test(unsigned flags, gnutls_pk_algorithm_t pk)
FALLTHROUGH;
case GNUTLS_PK_DSA:
PK_KNOWN_TEST(GNUTLS_PK_DSA, 0, 2048, GNUTLS_DIG_SHA256,
dsa_privkey, dsa_sig);
PK_KNOWN_TEST(GNUTLS_PK_DSA, 2048, GNUTLS_DIG_SHA256,
dsa_privkey, dsa_sig, GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE);
if (!(flags & GNUTLS_SELF_TEST_FLAG_ALL))
return 0;
PK_TEST(GNUTLS_PK_DSA, test_sig, 2048, GNUTLS_SIGN_DSA_SHA256);
FALLTHROUGH;
case GNUTLS_PK_EC:
/* Test ECDH and ECDSA */
......@@ -803,79 +772,66 @@ int gnutls_pk_self_test(unsigned flags, gnutls_pk_algorithm_t pk)
}
/* Test ECDSA */
PK_KNOWN_TEST(GNUTLS_PK_EC, 0,
PK_KNOWN_TEST(GNUTLS_PK_EC,
GNUTLS_CURVE_TO_BITS
(GNUTLS_ECC_CURVE_SECP256R1),
GNUTLS_DIG_SHA256, ecdsa_secp256r1_privkey,
ecdsa_secp256r1_sig);
ecdsa_secp256r1_sig, GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE);
if (!(flags & GNUTLS_SELF_TEST_FLAG_ALL))
return 0;
PK_TEST(GNUTLS_PK_EC, test_sig,
GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_SECP256R1),
GNUTLS_SIGN_ECDSA_SHA256);
PK_KNOWN_TEST(GNUTLS_PK_EC, 0,
PK_KNOWN_TEST(GNUTLS_PK_EC,
GNUTLS_CURVE_TO_BITS
(GNUTLS_ECC_CURVE_SECP384R1),
GNUTLS_DIG_SHA256, ecdsa_secp384r1_privkey,
ecdsa_secp384r1_sig);
GNUTLS_DIG_SHA384, ecdsa_secp384r1_privkey,
ecdsa_secp384r1_sig, GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE);
PK_KNOWN_TEST(GNUTLS_PK_EC, 0,
PK_KNOWN_TEST(GNUTLS_PK_EC,
GNUTLS_CURVE_TO_BITS
(GNUTLS_ECC_CURVE_SECP521R1),
GNUTLS_DIG_SHA512, ecdsa_secp521r1_privkey,
ecdsa_secp521r1_sig);
ecdsa_secp521r1_sig, GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE);
#ifdef ENABLE_NON_SUITEB_CURVES
PK_KNOWN_TEST(GNUTLS_PK_EC, 0,
PK_KNOWN_TEST(GNUTLS_PK_EC,
GNUTLS_CURVE_TO_BITS
(GNUTLS_ECC_CURVE_SECP192R1),
GNUTLS_DIG_SHA256, ecdsa_secp192r1_privkey,
ecdsa_secp192r1_sig);
ecdsa_secp192r1_sig, GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE);
PK_KNOWN_TEST(GNUTLS_PK_EC, 0,
PK_KNOWN_TEST(GNUTLS_PK_EC,
GNUTLS_CURVE_TO_BITS
(GNUTLS_ECC_CURVE_SECP224R1),
GNUTLS_DIG_SHA256, ecdsa_secp224r1_privkey,
ecdsa_secp224r1_sig);
ecdsa_secp224r1_sig, GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE);
  • Do I understand it correctly that for ECDSA and DSA only deterministic signatures are tested as part of the power-on tests? Wasn't it stated that deterministic signatures are not supported in FIPS mode? If so, would in FIPS mode any test being exectued?

    Also, note, deterministic signatures are not yet approved. This implies that for FIPS at the moment only self tests with non-deterministic signatures are possible, i.e. the pairwise-consistency test.

  • I'm confused by this comment. This whole effort of using deterministic signatures during the self-test started with the objective of avoiding calling getrandom() during POST. In previous communication, you wrote that wouldn't be a problem to use the deterministic signatures from RFC 6979 for testing ECDSA/DSA algorithms.

    Note that the test also executes the pairwise-consistency test by verifying the generated signature, although the signature uses a deterministic scheme to compute k.

  • Note Stephan that as Anderson says the deterministic mode is only used to avoid calling the random generator early, but it is not really tested as such. The operation tested is the ECDSA/DSA operation (e.g., previously it was tested with a fixed random number, now it is the same but with random number generated the RFC6979 way).

    Edited by Nikos Mavrogiannopoulos
  • Yes, you are right, there is one provision in FIPS IG that allows deterministic even now - please disregard my comments.

    Note, teh provision allowing it is IG 9.4 stating that a KAT for DSA /ECDSA is permissible. I accidentally swapped that out of my memory :-)

  • Thank you for the clarification!

Please register or sign in to reply
#endif
#if ENABLE_GOST
FALLTHROUGH;
case GNUTLS_PK_GOST_01:
PK_KNOWN_TEST(GNUTLS_PK_GOST_01, 0, GNUTLS_ECC_CURVE_GOST256CPA, GNUTLS_DIG_GOSTR_94,
gost01_privkey, gost01_sig);
PK_TEST(GNUTLS_PK_GOST_01, test_sig, GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_GOST256CPA),
GNUTLS_SIGN_GOST_94);
if (!(flags & GNUTLS_SELF_TEST_FLAG_ALL))
return 0;
PK_TEST(GNUTLS_PK_GOST_01, test_sig, GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_GOST256CPA),
GNUTLS_SIGN_GOST_94);
FALLTHROUGH;
case GNUTLS_PK_GOST_12_256:
PK_KNOWN_TEST(GNUTLS_PK_GOST_12_256, 0, GNUTLS_ECC_CURVE_GOST256CPA, GNUTLS_DIG_STREEBOG_256,
gost12_256_privkey, gost12_256_sig);
PK_TEST(GNUTLS_PK_GOST_12_256, test_sig, GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_GOST256CPA),
GNUTLS_SIGN_GOST_256);
if (!(flags & GNUTLS_SELF_TEST_FLAG_ALL))
return 0;
PK_TEST(GNUTLS_PK_GOST_12_256, test_sig, GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_GOST256CPA),
GNUTLS_SIGN_GOST_256);
FALLTHROUGH;
case GNUTLS_PK_GOST_12_512:
PK_KNOWN_TEST(GNUTLS_PK_GOST_12_512, 0, GNUTLS_ECC_CURVE_GOST512A, GNUTLS_DIG_STREEBOG_512,
gost12_512_privkey, gost12_512_sig);
PK_TEST(GNUTLS_PK_GOST_12_512, test_sig, GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_GOST512A),
GNUTLS_SIGN_GOST_512);
if (!(flags & GNUTLS_SELF_TEST_FLAG_ALL))
return 0;
PK_TEST(GNUTLS_PK_GOST_12_512, test_sig, GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_GOST512A),
GNUTLS_SIGN_GOST_512);
#endif
break;
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment