Improve FIPS signatures self-tests
This supersedes !1073 (closed)
The goal of this patch set is to fix some bugs and clarify what are the tests actually executed for signing algorithms during the FIPS power-on self-tests. It addresses few bugs which could misguide the reader:
- The
PK_KNOWN_TEST
andPK_TEST
macros included the check forGNUTLS_SELF_TEST_FLAG_ALL
. If more than one test was declared in a sequence, only the first one would be executed when the flag was not set. The macros were changed to not check theGNUTLS_SELF_TEST_FLAG_ALL
, allowing more than one test to be executed in sequence. - The
test_sig()
function always uses the same key regardless the value provided in thebits
parameter. The value given in thebits
parameter only changes the output message. Thus, callingtest_sig()
multiple times for a single key type passing different values inbits
would always use the same key, but print messages as if different keys were tested. The code was changed to not calltest_sig()
for algorithms tested withtest_known_sig()
and to calltest_sig()
only once per key type. - Previously, the
test_known_sig()
would generate signatures only for deterministic algorithms. For non-deterministic algorithms only the verification operation was exercised. The code was changed to calltest_known_sig()
only for deterministic algorithms, which can have known answer tests.
Other than the bugs addressed, the following improvements were made:
- Use deterministic signatures generation for ECDSA and DSA tests. This allows known answer tests to be executed for these algorithms
- Use 2048 bits long key for DSA tests instead of 512 bits key
Note:
- The RSA-PSS signature verification fails when deterministic signature is generated (with zero salt). Thus, the test for RSA-PSS was not changed to be a known answer test.
Checklist
-
Commits have Signed-off-by:
with name/author being identical to the commit author -
Code modified for feature -
Test suite updated with functionality tests -
Test suite updated with negative tests -
Documentation updated / NEWS entry present (for non-trivial changes) -
CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout)
Reviewer's checklist:
-
Any issues marked for closing are addressed -
There is a test suite reasonably covering new functionality or modifications -
Function naming, parameters, return values, types, etc., are consistent and according to CONTRIBUTION.md
-
This feature/change has adequate documentation added -
No obvious mistakes in the code
Edited by Nikos Mavrogiannopoulos