zzy/openssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Refactor OpenSSL 'DSA' EVP_SIGNATURE to also include DSA+hash composites

Browse Source 
(in the code, "sigalg" is used to refer to these composite algorithms,
which is a nod to libcrypto and libssl, where that term is commonly used
for composite algorithms)

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24992)
This commit is contained in:
Richard Levitte 2024-07-24 15:37:08 +02:00 committed by Tomas Mraz
parent c6c6af18ea
commit bb2be4f066
8 changed files with 943 additions and 106 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
providers/defltprov.c
View File

@ -397,6 +397,15 @@ static const OSSL_ALGORITHM deflt_rands[] = {
static const OSSL_ALGORITHM deflt_signature[] = {
#ifndef OPENSSL_NO_DSA
{ PROV_NAMES_DSA, "provider=default", ossl_dsa_signature_functions },
{ PROV_NAMES_DSA_SHA1, "provider=default", ossl_dsa_sha1_signature_functions },
{ PROV_NAMES_DSA_SHA224, "provider=default", ossl_dsa_sha224_signature_functions },
{ PROV_NAMES_DSA_SHA256, "provider=default", ossl_dsa_sha256_signature_functions },
{ PROV_NAMES_DSA_SHA384, "provider=default", ossl_dsa_sha384_signature_functions },
{ PROV_NAMES_DSA_SHA512, "provider=default", ossl_dsa_sha512_signature_functions },
{ PROV_NAMES_DSA_SHA3_224, "provider=default", ossl_dsa_sha3_224_signature_functions },
{ PROV_NAMES_DSA_SHA3_256, "provider=default", ossl_dsa_sha3_256_signature_functions },
{ PROV_NAMES_DSA_SHA3_384, "provider=default", ossl_dsa_sha3_384_signature_functions },
{ PROV_NAMES_DSA_SHA3_512, "provider=default", ossl_dsa_sha3_512_signature_functions },
#endif
{ PROV_NAMES_RSA, "provider=default", ossl_rsa_signature_functions },
#if !defined(OPENSSL_NO_RMD160) && !defined(FIPS_MODULE)

9
providers/fips/fipsprov.c
View File

@ -413,6 +413,15 @@ static const OSSL_ALGORITHM fips_keyexch[] = {
static const OSSL_ALGORITHM fips_signature[] = {
#ifndef OPENSSL_NO_DSA
{ PROV_NAMES_DSA, FIPS_DEFAULT_PROPERTIES, ossl_dsa_signature_functions },
{ PROV_NAMES_DSA_SHA1, FIPS_DEFAULT_PROPERTIES, ossl_dsa_sha1_signature_functions },
{ PROV_NAMES_DSA_SHA224, FIPS_DEFAULT_PROPERTIES, ossl_dsa_sha224_signature_functions },
{ PROV_NAMES_DSA_SHA256, FIPS_DEFAULT_PROPERTIES, ossl_dsa_sha256_signature_functions },
{ PROV_NAMES_DSA_SHA384, FIPS_DEFAULT_PROPERTIES, ossl_dsa_sha384_signature_functions },
{ PROV_NAMES_DSA_SHA512, FIPS_DEFAULT_PROPERTIES, ossl_dsa_sha512_signature_functions },
{ PROV_NAMES_DSA_SHA3_224, FIPS_DEFAULT_PROPERTIES, ossl_dsa_sha3_224_signature_functions },
{ PROV_NAMES_DSA_SHA3_256, FIPS_DEFAULT_PROPERTIES, ossl_dsa_sha3_256_signature_functions },
{ PROV_NAMES_DSA_SHA3_384, FIPS_DEFAULT_PROPERTIES, ossl_dsa_sha3_384_signature_functions },
{ PROV_NAMES_DSA_SHA3_512, FIPS_DEFAULT_PROPERTIES, ossl_dsa_sha3_512_signature_functions },
#endif
{ PROV_NAMES_RSA, FIPS_DEFAULT_PROPERTIES, ossl_rsa_signature_functions },
{ PROV_NAMES_RSA_SHA1, FIPS_DEFAULT_PROPERTIES,

9
providers/implementations/include/prov/implementations.h
View File

@ -332,6 +332,15 @@ extern const OSSL_DISPATCH ossl_kdf_scrypt_keyexch_functions[];
/* Signature */
extern const OSSL_DISPATCH ossl_dsa_signature_functions[];
extern const OSSL_DISPATCH ossl_dsa_sha1_signature_functions[];
extern const OSSL_DISPATCH ossl_dsa_sha224_signature_functions[];
extern const OSSL_DISPATCH ossl_dsa_sha256_signature_functions[];
extern const OSSL_DISPATCH ossl_dsa_sha384_signature_functions[];
extern const OSSL_DISPATCH ossl_dsa_sha512_signature_functions[];
extern const OSSL_DISPATCH ossl_dsa_sha3_224_signature_functions[];
extern const OSSL_DISPATCH ossl_dsa_sha3_256_signature_functions[];
extern const OSSL_DISPATCH ossl_dsa_sha3_384_signature_functions[];
extern const OSSL_DISPATCH ossl_dsa_sha3_512_signature_functions[];
extern const OSSL_DISPATCH ossl_rsa_signature_functions[];
#ifndef OPENSSL_NO_MD5
extern const OSSL_DISPATCH ossl_rsa_md5_signature_functions[];

9
providers/implementations/include/prov/names.h
View File

@ -342,6 +342,15 @@
#define PROV_NAMES_DHX "DHX:X9.42 DH:dhpublicnumber:1.2.840.10046.2.1"
#define PROV_DESCS_DHX "OpenSSL X9.42 DH implementation"
#define PROV_NAMES_DSA "DSA:dsaEncryption:1.2.840.10040.4.1"
#define PROV_NAMES_DSA_SHA1 "DSA-SHA1:DSA-SHA-1:sha1WithDSAEncryption:1.2.840.10040.4.3"
#define PROV_NAMES_DSA_SHA224 "DSA-SHA2-224:DSA-SHA224:dsa_with_SHA224:2.16.840.1.101.3.4.3.1"
#define PROV_NAMES_DSA_SHA256 "DSA-SHA2-256:DSA-SHA256:dsa_with_SHA256:2.16.840.1.101.3.4.3.2"
#define PROV_NAMES_DSA_SHA384 "DSA-SHA2-384:DSA-SHA384:id-dsa-with-sha384:1.2.840.1.101.3.4.3.3"
#define PROV_NAMES_DSA_SHA512 "DSA-SHA2-512:DSA-SHA512:id-dsa-with-sha512:1.2.840.1.101.3.4.3.4"
#define PROV_NAMES_DSA_SHA3_224 "DSA-SHA3-224:id-dsa-with-sha3-224:2.16.840.1.101.3.4.3.5"
#define PROV_NAMES_DSA_SHA3_256 "DSA-SHA3-256:id-dsa-with-sha3-256:2.16.840.1.101.3.4.3.6"
#define PROV_NAMES_DSA_SHA3_384 "DSA-SHA3-384:id-dsa-with-sha3-384:2.16.840.1.101.3.4.3.7"
#define PROV_NAMES_DSA_SHA3_512 "DSA-SHA3-512:id-dsa-with-sha3-512:2.16.840.1.101.3.4.3.8"
#define PROV_DESCS_DSA "OpenSSL DSA implementation"
#define PROV_NAMES_RSA "RSA:rsaEncryption:1.2.840.113549.1.1.1"
#define PROV_NAMES_RSA_MD2 "RSA-MD2:md2WithRSAEncryption:1.2.840.113549.1.1.2"

584
providers/implementations/signature/dsa_sig.c
View File

@ -30,14 +30,18 @@
#include "prov/implementations.h"
#include "prov/provider_ctx.h"
#include "prov/securitycheck.h"
#include "crypto/dsa.h"
#include "prov/der_dsa.h"
#include "crypto/dsa.h"
static OSSL_FUNC_signature_newctx_fn dsa_newctx;
static OSSL_FUNC_signature_sign_init_fn dsa_sign_init;
static OSSL_FUNC_signature_verify_init_fn dsa_verify_init;
static OSSL_FUNC_signature_sign_fn dsa_sign;
static OSSL_FUNC_signature_sign_message_update_fn dsa_signverify_message_update;
static OSSL_FUNC_signature_sign_message_final_fn dsa_sign_message_final;
static OSSL_FUNC_signature_verify_fn dsa_verify;
static OSSL_FUNC_signature_verify_message_update_fn dsa_signverify_message_update;
static OSSL_FUNC_signature_verify_message_final_fn dsa_verify_message_final;
static OSSL_FUNC_signature_digest_sign_init_fn dsa_digest_sign_init;
static OSSL_FUNC_signature_digest_sign_update_fn dsa_digest_signverify_update;
static OSSL_FUNC_signature_digest_sign_final_fn dsa_digest_sign_final;
@ -46,6 +50,7 @@ static OSSL_FUNC_signature_digest_verify_update_fn dsa_digest_signverify_update;
static OSSL_FUNC_signature_digest_verify_final_fn dsa_digest_verify_final;
static OSSL_FUNC_signature_freectx_fn dsa_freectx;
static OSSL_FUNC_signature_dupctx_fn dsa_dupctx;
static OSSL_FUNC_signature_query_key_types_fn dsa_sigalg_query_key_types;
static OSSL_FUNC_signature_get_ctx_params_fn dsa_get_ctx_params;
static OSSL_FUNC_signature_gettable_ctx_params_fn dsa_gettable_ctx_params;
static OSSL_FUNC_signature_set_ctx_params_fn dsa_set_ctx_params;
@ -54,6 +59,8 @@ static OSSL_FUNC_signature_get_ctx_md_params_fn dsa_get_ctx_md_params;
static OSSL_FUNC_signature_gettable_ctx_md_params_fn dsa_gettable_ctx_md_params;
static OSSL_FUNC_signature_set_ctx_md_params_fn dsa_set_ctx_md_params;
static OSSL_FUNC_signature_settable_ctx_md_params_fn dsa_settable_ctx_md_params;
static OSSL_FUNC_signature_set_ctx_params_fn dsa_sigalg_set_ctx_params;
static OSSL_FUNC_signature_settable_ctx_params_fn dsa_sigalg_settable_ctx_params;
/*
* What's passed as an actual key is defined by the KEYMGMT interface.
@ -65,7 +72,19 @@ typedef struct {
OSSL_LIB_CTX *libctx;
char *propq;
DSA *dsa;
/* |operation| reuses EVP's operation bitfield */
int operation;
/*
* Flag to determine if a full sigalg is run (1) or if a composable
* signature algorithm is run (0).
*
* When a full sigalg is run (1), this currently affects the following
* other flags, which are to remain untouched after their initialization:
*
* - flag_allow_md (initialized to 0)
*/
unsigned int flag_sigalg : 1;
/*
* Flag to determine if the hash function can be changed (1) or not (0)
* Because it's dangerous to change during a DigestSign or DigestVerify
@ -77,21 +96,23 @@ typedef struct {
/* If this is set to 1 then the generated k is not random */
unsigned int nonce_type;
char mdname[OSSL_MAX_NAME_SIZE];
/* The Algorithm Identifier of the combined signature algorithm */
unsigned char aid_buf[OSSL_MAX_ALGORITHM_ID_SIZE];
unsigned char *aid;
size_t aid_len;
/* main digest */
char mdname[OSSL_MAX_NAME_SIZE];
EVP_MD *md;
EVP_MD_CTX *mdctx;
int operation;
/* Signature, for verification */
unsigned char *sig;
size_t siglen;
OSSL_FIPS_IND_DECLARE
} PROV_DSA_CTX;
static size_t dsa_get_md_size(const PROV_DSA_CTX *pdsactx)
{
int md_size;
@ -162,19 +183,22 @@ static int dsa_setup_md(PROV_DSA_CTX *ctx,
}
#ifdef FIPS_MODULE
{
int sha1_allowed = (ctx->operation != EVP_PKEY_OP_SIGN);
int sha1_allowed
= ((ctx->operation
& (EVP_PKEY_OP_SIGN | EVP_PKEY_OP_SIGNMSG)) == 0);
if (!ossl_fips_ind_digest_sign_check(OSSL_FIPS_IND_GET(ctx),
OSSL_FIPS_IND_SETTABLE1,
ctx->libctx, md_nid, sha1_allowed,
desc,
ctx->libctx,
md_nid, sha1_allowed, desc,
ossl_fips_config_signature_digest_check))
goto err;
}
#endif
if (!ctx->flag_allow_md) {
if (ctx->mdname[0] != '\0' && !EVP_MD_is_a(md, ctx->mdname)) {
if (ctx->mdname[0] != '\0'
&& !EVP_MD_is_a(md, ctx->mdname)) {
ERR_raise_data(ERR_LIB_PROV, PROV_R_DIGEST_NOT_ALLOWED,
"digest %s != %s", mdname, ctx->mdname);
goto err;
@ -207,8 +231,9 @@ static int dsa_setup_md(PROV_DSA_CTX *ctx,
ctx->md = md;
OPENSSL_strlcpy(ctx->mdname, mdname, sizeof(ctx->mdname));
}
return 1;
err:
err:
EVP_MD_free(md);
return 0;
}
@ -243,9 +268,11 @@ static int dsa_check_key(PROV_DSA_CTX *ctx, int sign, const char *desc)
}
#endif
static int dsa_signverify_init(void *vpdsactx, void *vdsa,
const OSSL_PARAM params[], int operation,
const char *desc)
static int
dsa_signverify_init(void *vpdsactx, void *vdsa,
OSSL_FUNC_signature_set_ctx_params_fn *set_ctx_params,
const OSSL_PARAM params[], int operation,
const char *desc)
{
PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx;
@ -268,32 +295,36 @@ static int dsa_signverify_init(void *vpdsactx, void *vdsa,
pdsactx->operation = operation;
OSSL_FIPS_IND_SET_APPROVED(pdsactx)
if (!dsa_set_ctx_params(pdsactx, params))
if (!set_ctx_params(pdsactx, params))
return 0;
#ifdef FIPS_MODULE
if (!dsa_sign_check_approved(pdsactx, operation == EVP_PKEY_OP_SIGN, desc))
return 0;
if (!dsa_check_key(pdsactx, operation == EVP_PKEY_OP_SIGN, desc))
return 0;
{
int operation_is_sign
= (operation & (EVP_PKEY_OP_SIGN | EVP_PKEY_OP_SIGNMSG)) != 0;
if (!dsa_sign_check_approved(pdsactx, operation_is_sign, desc))
return 0;
if (!dsa_check_key(pdsactx, operation_is_sign, desc))
return 0;
}
#endif
return 1;
}
static int dsa_sign_init(void *vpdsactx, void *vdsa, const OSSL_PARAM params[])
{
return dsa_signverify_init(vpdsactx, vdsa, params, EVP_PKEY_OP_SIGN,
"DSA Sign Init");
return dsa_signverify_init(vpdsactx, vdsa, dsa_set_ctx_params, params,
EVP_PKEY_OP_SIGN, "DSA Sign Init");
}
static int dsa_verify_init(void *vpdsactx, void *vdsa,
const OSSL_PARAM params[])
{
return dsa_signverify_init(vpdsactx, vdsa, params, EVP_PKEY_OP_VERIFY,
"DSA Verify Init");
}
static int dsa_sign(void *vpdsactx, unsigned char *sig, size_t *siglen,
size_t sigsize, const unsigned char *tbs, size_t tbslen)
/*
* Sign tbs without digesting it first. This is suitable for "primitive"
* signing and signing the digest of a message, i.e. should be used with
* implementations of the keytype related algorithms.
*/
static int dsa_sign_directly(void *vpdsactx,
unsigned char *sig, size_t *siglen, size_t sigsize,
const unsigned char *tbs, size_t tbslen)
{
PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx;
int ret;
@ -314,7 +345,7 @@ static int dsa_sign(void *vpdsactx, unsigned char *sig, size_t *siglen,
return 1;
}
if (sigsize < (size_t)dsasize)
if (sigsize < dsasize)
return 0;
if (mdsize != 0 && tbslen != mdsize)
@ -330,8 +361,79 @@ static int dsa_sign(void *vpdsactx, unsigned char *sig, size_t *siglen,
return 1;
}
static int dsa_verify(void *vpdsactx, const unsigned char *sig, size_t siglen,
const unsigned char *tbs, size_t tbslen)
static int dsa_signverify_message_update(void *vpdsactx,
const unsigned char *data,
size_t datalen)
{
PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx;
if (pdsactx == NULL)
return 0;
return EVP_DigestUpdate(pdsactx->mdctx, data, datalen);
}
static int dsa_sign_message_final(void *vpdsactx, unsigned char *sig,
size_t *siglen, size_t sigsize)
{
PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx;
unsigned char digest[EVP_MAX_MD_SIZE];
unsigned int dlen = 0;
if (!ossl_prov_is_running() || pdsactx == NULL || pdsactx->mdctx == NULL)
return 0;
/*
* If sig is NULL then we're just finding out the sig size. Other fields
* are ignored. Defer to dsa_sign.
*/
if (sig != NULL) {
/*
* When this function is used through dsa_digest_sign_final(),
* there is the possibility that some externally provided digests
* exceed EVP_MAX_MD_SIZE. We should probably handle that
* somehow but that problem is much larger than just in DSA.
*/
if (!EVP_DigestFinal_ex(pdsactx->mdctx, digest, &dlen))
return 0;
}
return dsa_sign_directly(vpdsactx, sig, siglen, sigsize, digest, dlen);
}
/*
* If signing a message, digest tbs and sign the result.
* Otherwise, sign tbs directly.
*/
static int dsa_sign(void *vpdsactx, unsigned char *sig, size_t *siglen,
size_t sigsize, const unsigned char *tbs, size_t tbslen)
{
PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx;
if (pdsactx->operation == EVP_PKEY_OP_SIGNMSG) {
/*
* If |sig| is NULL, the caller is only looking for the sig length.
* DO NOT update the input in this case.
*/
if (sig == NULL)
return dsa_sign_message_final(pdsactx, sig, siglen, sigsize);
if (dsa_signverify_message_update(pdsactx, tbs, tbslen) <= 0)
return 0;
return dsa_sign_message_final(pdsactx, sig, siglen, sigsize);
}
return dsa_sign_directly(pdsactx, sig, siglen, sigsize, tbs, tbslen);
}
static int dsa_verify_init(void *vpdsactx, void *vdsa,
const OSSL_PARAM params[])
{
return dsa_signverify_init(vpdsactx, vdsa, dsa_set_ctx_params, params,
EVP_PKEY_OP_VERIFY, "DSA Verify Init");
}
static int dsa_verify_directly(void *vpdsactx,
const unsigned char *sig, size_t siglen,
const unsigned char *tbs, size_t tbslen)
{
PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx;
size_t mdsize = dsa_get_md_size(pdsactx);
@ -342,6 +444,64 @@ static int dsa_verify(void *vpdsactx, const unsigned char *sig, size_t siglen,
return DSA_verify(0, tbs, tbslen, sig, siglen, pdsactx->dsa);
}
static int dsa_verify_set_sig(void *vpdsactx,
const unsigned char *sig, size_t siglen)
{
PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx;
OSSL_PARAM params[2];
params[0] =
OSSL_PARAM_construct_octet_string(OSSL_SIGNATURE_PARAM_SIGNATURE,
(unsigned char *)sig, siglen);
params[1] = OSSL_PARAM_construct_end();
return dsa_sigalg_set_ctx_params(pdsactx, params);
}
static int dsa_verify_message_final(void *vpdsactx)
{
PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx;
unsigned char digest[EVP_MAX_MD_SIZE];
unsigned int dlen = 0;
if (!ossl_prov_is_running())
return 0;
if (pdsactx == NULL || pdsactx->mdctx == NULL)
return 0;
/*
* The digests used here are all known (see dsa_get_md_nid()), so they
* should not exceed the internal buffer size of EVP_MAX_MD_SIZE.
*/
if (!EVP_DigestFinal_ex(pdsactx->mdctx, digest, &dlen))
return 0;
return dsa_verify_directly(vpdsactx, pdsactx->sig, pdsactx->siglen,
digest, dlen);
}
/*
* If verifying a message, digest tbs and verify the result.
* Otherwise, verify tbs directly.
*/
static int dsa_verify(void *vpdsactx,
const unsigned char *sig, size_t siglen,
const unsigned char *tbs, size_t tbslen)
{
PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx;
if (pdsactx->operation == EVP_PKEY_OP_VERIFYMSG) {
if (dsa_verify_set_sig(pdsactx, sig, siglen) <= 0)
return 0;
if (dsa_signverify_message_update(pdsactx, tbs, tbslen) <= 0)
return 0;
return dsa_verify_message_final(pdsactx);
}
return dsa_verify_directly(pdsactx, sig, siglen, tbs, tbslen);
}
/* DigestSign/DigestVerify wrappers */
static int dsa_digest_signverify_init(void *vpdsactx, const char *mdname,
void *vdsa, const OSSL_PARAM params[],
int operation, const char *desc)
@ -351,10 +511,14 @@ static int dsa_digest_signverify_init(void *vpdsactx, const char *mdname,
if (!ossl_prov_is_running())
return 0;
if (!dsa_signverify_init(vpdsactx, vdsa, params, operation, desc))
if (!dsa_signverify_init(vpdsactx, vdsa, dsa_set_ctx_params, params,
operation, desc))
return 0;
if (!dsa_setup_md(pdsactx, mdname, NULL, desc))
if (mdname != NULL
/* was dsa_setup_md already called in dsa_signverify_init()? */
&& (mdname[0] == '\0' || OPENSSL_strcasecmp(pdsactx->mdname, mdname) != 0)
&& !dsa_setup_md(pdsactx, mdname, NULL, desc))
return 0;
pdsactx->flag_allow_md = 0;
@ -380,92 +544,79 @@ static int dsa_digest_sign_init(void *vpdsactx, const char *mdname,
void *vdsa, const OSSL_PARAM params[])
{
return dsa_digest_signverify_init(vpdsactx, mdname, vdsa, params,
EVP_PKEY_OP_SIGN,
EVP_PKEY_OP_SIGNMSG,
"DSA Digest Sign Init");
}
static int dsa_digest_signverify_update(void *vpdsactx, const unsigned char *data,
size_t datalen)
{
PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx;
if (pdsactx == NULL)
return 0;
/* Sigalg implementations shouldn't do digest_sign */
if (pdsactx->flag_sigalg)
return 0;
return dsa_signverify_message_update(vpdsactx, data, datalen);
}
static int dsa_digest_sign_final(void *vpdsactx, unsigned char *sig,
size_t *siglen, size_t sigsize)
{
PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx;
int ok = 0;
if (pdsactx == NULL)
return 0;
/* Sigalg implementations shouldn't do digest_sign */
if (pdsactx->flag_sigalg)
return 0;
ok = dsa_sign_message_final(pdsactx, sig, siglen, sigsize);
pdsactx->flag_allow_md = 1;
return ok;
}
static int dsa_digest_verify_init(void *vpdsactx, const char *mdname,
void *vdsa, const OSSL_PARAM params[])
{
return dsa_digest_signverify_init(vpdsactx, mdname, vdsa, params,
EVP_PKEY_OP_VERIFY,
EVP_PKEY_OP_VERIFYMSG,
"DSA Digest Verify Init");
}
int dsa_digest_signverify_update(void *vpdsactx, const unsigned char *data,
size_t datalen)
{
PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx;
if (pdsactx == NULL || pdsactx->mdctx == NULL)
return 0;
return EVP_DigestUpdate(pdsactx->mdctx, data, datalen);
}
int dsa_digest_sign_final(void *vpdsactx, unsigned char *sig, size_t *siglen,
size_t sigsize)
{
PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx;
unsigned char digest[EVP_MAX_MD_SIZE];
unsigned int dlen = 0;
if (!ossl_prov_is_running() || pdsactx == NULL || pdsactx->mdctx == NULL)
return 0;
/*
* If sig is NULL then we're just finding out the sig size. Other fields
* are ignored. Defer to dsa_sign.
*/
if (sig != NULL) {
/*
* There is the possibility that some externally provided
* digests exceed EVP_MAX_MD_SIZE. We should probably handle that somehow -
* but that problem is much larger than just in DSA.
*/
if (!EVP_DigestFinal_ex(pdsactx->mdctx, digest, &dlen))
return 0;
}
pdsactx->flag_allow_md = 1;
return dsa_sign(vpdsactx, sig, siglen, sigsize, digest, (size_t)dlen);
}
int dsa_digest_verify_final(void *vpdsactx, const unsigned char *sig,
size_t siglen)
{
PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx;
unsigned char digest[EVP_MAX_MD_SIZE];
unsigned int dlen = 0;
int ok = 0;
if (!ossl_prov_is_running() || pdsactx == NULL || pdsactx->mdctx == NULL)
if (pdsactx == NULL)
return 0;
/* Sigalg implementations shouldn't do digest_verify */
if (pdsactx->flag_sigalg)
return 0;
/*
* There is the possibility that some externally provided
* digests exceed EVP_MAX_MD_SIZE. We should probably handle that somehow -
* but that problem is much larger than just in DSA.
*/
if (!EVP_DigestFinal_ex(pdsactx->mdctx, digest, &dlen))
return 0;
if (dsa_verify_set_sig(pdsactx, sig, siglen))
ok = dsa_verify_message_final(vpdsactx);
pdsactx->flag_allow_md = 1;
return dsa_verify(vpdsactx, sig, siglen, digest, (size_t)dlen);
return ok;
}
static void dsa_freectx(void *vpdsactx)
{
PROV_DSA_CTX *ctx = (PROV_DSA_CTX *)vpdsactx;
OPENSSL_free(ctx->propq);
EVP_MD_CTX_free(ctx->mdctx);
EVP_MD_free(ctx->md);
ctx->propq = NULL;
ctx->mdctx = NULL;
ctx->md = NULL;
OPENSSL_free(ctx->sig);
OPENSSL_free(ctx->propq);
DSA_free(ctx->dsa);
OPENSSL_free(ctx);
}
@ -484,8 +635,6 @@ static void *dsa_dupctx(void *vpdsactx)
*dstctx = *srcctx;
dstctx->dsa = NULL;
dstctx->md = NULL;
dstctx->mdctx = NULL;
dstctx->propq = NULL;
if (srcctx->dsa != NULL && !DSA_up_ref(srcctx->dsa))
@ -502,6 +651,7 @@ static void *dsa_dupctx(void *vpdsactx)
|| !EVP_MD_CTX_copy_ex(dstctx->mdctx, srcctx->mdctx))
goto err;
}
if (srcctx->propq != NULL) {
dstctx->propq = OPENSSL_strdup(srcctx->propq);
if (dstctx->propq == NULL)
@ -554,7 +704,8 @@ static const OSSL_PARAM *dsa_gettable_ctx_params(ossl_unused void *ctx,
return known_gettable_ctx_params;
}
static int dsa_set_ctx_params(void *vpdsactx, const OSSL_PARAM params[])
/* The common params for dsa_set_ctx_params and dsa_sigalg_set_ctx_params */
static int dsa_common_set_ctx_params(void *vpdsactx, const OSSL_PARAM params[])
{
PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx;
const OSSL_PARAM *p;
@ -574,6 +725,32 @@ static int dsa_set_ctx_params(void *vpdsactx, const OSSL_PARAM params[])
OSSL_SIGNATURE_PARAM_FIPS_SIGN_CHECK))
return 0;
p = OSSL_PARAM_locate_const(params, OSSL_SIGNATURE_PARAM_NONCE_TYPE);
if (p != NULL
&& !OSSL_PARAM_get_uint(p, &pdsactx->nonce_type))
return 0;
return 1;
}
#define DSA_COMMON_SETTABLE_CTX_PARAMS \
OSSL_PARAM_uint(OSSL_SIGNATURE_PARAM_NONCE_TYPE, NULL), \
OSSL_FIPS_IND_SETTABLE_CTX_PARAM(OSSL_SIGNATURE_PARAM_FIPS_KEY_CHECK) \
OSSL_FIPS_IND_SETTABLE_CTX_PARAM(OSSL_SIGNATURE_PARAM_FIPS_DIGEST_CHECK) \
OSSL_FIPS_IND_SETTABLE_CTX_PARAM(OSSL_SIGNATURE_PARAM_FIPS_SIGN_CHECK) \
OSSL_PARAM_END
static int dsa_set_ctx_params(void *vpdsactx, const OSSL_PARAM params[])
{
PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx;
const OSSL_PARAM *p;
int ret;
if ((ret = dsa_common_set_ctx_params(pdsactx, params)) <= 0)
return ret;
if (params == NULL)
return 1;
p = OSSL_PARAM_locate_const(params, OSSL_SIGNATURE_PARAM_DIGEST);
if (p != NULL) {
char mdname[OSSL_MAX_NAME_SIZE] = "", *pmdname = mdname;
@ -590,21 +767,13 @@ static int dsa_set_ctx_params(void *vpdsactx, const OSSL_PARAM params[])
if (!dsa_setup_md(pdsactx, mdname, mdprops, "DSA Set Ctx"))
return 0;
}
p = OSSL_PARAM_locate_const(params, OSSL_SIGNATURE_PARAM_NONCE_TYPE);
if (p != NULL
&& !OSSL_PARAM_get_uint(p, &pdsactx->nonce_type))
return 0;
return 1;
}
static const OSSL_PARAM settable_ctx_params[] = {
OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST, NULL, 0),
OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_PROPERTIES, NULL, 0),
OSSL_PARAM_uint(OSSL_SIGNATURE_PARAM_NONCE_TYPE, NULL),
OSSL_FIPS_IND_SETTABLE_CTX_PARAM(OSSL_SIGNATURE_PARAM_FIPS_KEY_CHECK)
OSSL_FIPS_IND_SETTABLE_CTX_PARAM(OSSL_SIGNATURE_PARAM_FIPS_DIGEST_CHECK)
OSSL_FIPS_IND_SETTABLE_CTX_PARAM(OSSL_SIGNATURE_PARAM_FIPS_SIGN_CHECK)
OSSL_PARAM_END
DSA_COMMON_SETTABLE_CTX_PARAMS
};
static const OSSL_PARAM settable_ctx_params_no_digest[] = {
@ -697,3 +866,210 @@ const OSSL_DISPATCH ossl_dsa_signature_functions[] = {
(void (*)(void))dsa_settable_ctx_md_params },
OSSL_DISPATCH_END
};
/* ------------------------------------------------------------------ */
/*
* So called sigalgs (composite DSA+hash) implemented below. They
* are pretty much hard coded.
*/
static OSSL_FUNC_signature_query_key_types_fn dsa_sigalg_query_key_types;
static OSSL_FUNC_signature_settable_ctx_params_fn dsa_sigalg_settable_ctx_params;
static OSSL_FUNC_signature_set_ctx_params_fn dsa_sigalg_set_ctx_params;
/*
* dsa_sigalg_signverify_init() is almost like dsa_digest_signverify_init(),
* just doesn't allow fetching an MD from whatever the user chooses.
*/
static int dsa_sigalg_signverify_init(void *vpdsactx, void *vdsa,
OSSL_FUNC_signature_set_ctx_params_fn *set_ctx_params,
const OSSL_PARAM params[],
const char *mdname,
int operation, const char *desc)
{
PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx;
if (!ossl_prov_is_running())
return 0;
if (!dsa_signverify_init(vpdsactx, vdsa, set_ctx_params, params, operation,
desc))
return 0;
if (!dsa_setup_md(pdsactx, mdname, NULL, desc))
return 0;
pdsactx->flag_sigalg = 1;
pdsactx->flag_allow_md = 0;
if (pdsactx->mdctx == NULL) {
pdsactx->mdctx = EVP_MD_CTX_new();
if (pdsactx->mdctx == NULL)
goto error;
}
if (!EVP_DigestInit_ex2(pdsactx->mdctx, pdsactx->md, params))
goto error;
return 1;
error:
EVP_MD_CTX_free(pdsactx->mdctx);
pdsactx->mdctx = NULL;
return 0;
}
static const char **dsa_sigalg_query_key_types(void)
{
static const char *keytypes[] = { "DSA", NULL };
return keytypes;
}
static const OSSL_PARAM settable_sigalg_ctx_params[] = {
OSSL_PARAM_octet_string(OSSL_SIGNATURE_PARAM_SIGNATURE, NULL, 0),
DSA_COMMON_SETTABLE_CTX_PARAMS
};
static const OSSL_PARAM *dsa_sigalg_settable_ctx_params(void *vpdsactx,
ossl_unused void *provctx)
{
PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx;
if (pdsactx != NULL && pdsactx->operation == EVP_PKEY_OP_VERIFYMSG)
return settable_sigalg_ctx_params;
return NULL;
}
static int dsa_sigalg_set_ctx_params(void *vpdsactx, const OSSL_PARAM params[])
{
PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx;
const OSSL_PARAM *p;
int ret;
if ((ret = dsa_common_set_ctx_params(pdsactx, params)) <= 0)
return ret;
if (params == NULL)
return 1;
if (pdsactx->operation == EVP_PKEY_OP_VERIFYMSG) {
p = OSSL_PARAM_locate_const(params, OSSL_SIGNATURE_PARAM_SIGNATURE);
if (p != NULL) {
OPENSSL_free(pdsactx->sig);
pdsactx->sig = NULL;
pdsactx->siglen = 0;
if (!OSSL_PARAM_get_octet_string(p, (void **)&pdsactx->sig,
0, &pdsactx->siglen))
return 0;
}
}
return 1;
}
#define IMPL_DSA_SIGALG(md, MD) \
static OSSL_FUNC_signature_sign_init_fn dsa_##md##_sign_init; \
static OSSL_FUNC_signature_sign_message_init_fn \
dsa_##md##_sign_message_init; \
static OSSL_FUNC_signature_verify_init_fn dsa_##md##_verify_init; \
static OSSL_FUNC_signature_verify_message_init_fn \
dsa_##md##_verify_message_init; \
\
static int \
dsa_##md##_sign_init(void *vpdsactx, void *vdsa, \
const OSSL_PARAM params[]) \
{ \
static const char desc[] = "DSA-" #MD " Sign Init"; \
\
return dsa_sigalg_signverify_init(vpdsactx, vdsa, \
dsa_sigalg_set_ctx_params, \
params, #MD, \
EVP_PKEY_OP_SIGN, \
desc); \
} \
\
static int \
dsa_##md##_sign_message_init(void *vpdsactx, void *vdsa, \
const OSSL_PARAM params[]) \
{ \
static const char desc[] = "DSA-" #MD " Sign Message Init"; \
\
return dsa_sigalg_signverify_init(vpdsactx, vdsa, \
dsa_sigalg_set_ctx_params, \
params, #MD, \
EVP_PKEY_OP_SIGNMSG, \
desc); \
} \
\
static int \
dsa_##md##_verify_init(void *vpdsactx, void *vdsa, \
const OSSL_PARAM params[]) \
{ \
static const char desc[] = "DSA-" #MD " Verify Init"; \
\
return dsa_sigalg_signverify_init(vpdsactx, vdsa, \
dsa_sigalg_set_ctx_params, \
params, #MD, \
EVP_PKEY_OP_VERIFY, \
desc); \
} \
\
static int \
dsa_##md##_verify_message_init(void *vpdsactx, void *vdsa, \
const OSSL_PARAM params[]) \
{ \
static const char desc[] = "DSA-" #MD " Verify Message Init"; \
\
return dsa_sigalg_signverify_init(vpdsactx, vdsa, \
dsa_sigalg_set_ctx_params, \
params, #MD, \
EVP_PKEY_OP_VERIFYMSG, \
desc); \
} \
\
const OSSL_DISPATCH ossl_dsa_##md##_signature_functions[] = { \
{ OSSL_FUNC_SIGNATURE_NEWCTX, (void (*)(void))dsa_newctx }, \
{ OSSL_FUNC_SIGNATURE_SIGN_INIT, \
(void (*)(void))dsa_##md##_sign_init }, \
{ OSSL_FUNC_SIGNATURE_SIGN, (void (*)(void))dsa_sign }, \
{ OSSL_FUNC_SIGNATURE_SIGN_MESSAGE_INIT, \
(void (*)(void))dsa_##md##_sign_message_init }, \
{ OSSL_FUNC_SIGNATURE_SIGN_MESSAGE_UPDATE, \
(void (*)(void))dsa_signverify_message_update }, \
{ OSSL_FUNC_SIGNATURE_SIGN_MESSAGE_FINAL, \
(void (*)(void))dsa_sign_message_final }, \
{ OSSL_FUNC_SIGNATURE_VERIFY_INIT, \
(void (*)(void))dsa_##md##_verify_init }, \
{ OSSL_FUNC_SIGNATURE_VERIFY, \
(void (*)(void))dsa_verify }, \
{ OSSL_FUNC_SIGNATURE_VERIFY_MESSAGE_INIT, \
(void (*)(void))dsa_##md##_verify_message_init }, \
{ OSSL_FUNC_SIGNATURE_VERIFY_MESSAGE_UPDATE, \
(void (*)(void))dsa_signverify_message_update }, \
{ OSSL_FUNC_SIGNATURE_VERIFY_MESSAGE_FINAL, \
(void (*)(void))dsa_verify_message_final }, \
{ OSSL_FUNC_SIGNATURE_FREECTX, (void (*)(void))dsa_freectx }, \
{ OSSL_FUNC_SIGNATURE_DUPCTX, (void (*)(void))dsa_dupctx }, \
{ OSSL_FUNC_SIGNATURE_QUERY_KEY_TYPES, \
(void (*)(void))dsa_sigalg_query_key_types }, \
{ OSSL_FUNC_SIGNATURE_GET_CTX_PARAMS, \
(void (*)(void))dsa_get_ctx_params }, \
{ OSSL_FUNC_SIGNATURE_GETTABLE_CTX_PARAMS, \
(void (*)(void))dsa_gettable_ctx_params }, \
{ OSSL_FUNC_SIGNATURE_SET_CTX_PARAMS, \
(void (*)(void))dsa_sigalg_set_ctx_params }, \
{ OSSL_FUNC_SIGNATURE_SETTABLE_CTX_PARAMS, \
(void (*)(void))dsa_sigalg_settable_ctx_params }, \
OSSL_DISPATCH_END \
}
IMPL_DSA_SIGALG(sha1, SHA1);
IMPL_DSA_SIGALG(sha224, SHA2-224);
IMPL_DSA_SIGALG(sha256, SHA2-256);
IMPL_DSA_SIGALG(sha384, SHA2-384);
IMPL_DSA_SIGALG(sha512, SHA2-512);
IMPL_DSA_SIGALG(sha3_224, SHA3-224);
IMPL_DSA_SIGALG(sha3_256, SHA3-256);
IMPL_DSA_SIGALG(sha3_384, SHA3-384);
IMPL_DSA_SIGALG(sha3_512, SHA3-512);

5
test/evp_test.c
View File

@ -2537,7 +2537,7 @@ static int pkey_test_run_init(EVP_TEST *t)
{
PKEY_DATA *data = t->data;
int i, ret = 0;
OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
OSSL_PARAM params[3] = { OSSL_PARAM_END, OSSL_PARAM_END, OSSL_PARAM_END };
OSSL_PARAM *p = NULL;
size_t params_n = 0, params_n_allocstart = 0;
@ -2628,6 +2628,9 @@ static int pkey_test_run(EVP_TEST *t)
got, got_len))
goto err;
if (pkey_check_fips_approved(expected->ctx, t) <= 0)
goto err;
err:
OPENSSL_free(got);
EVP_PKEY_CTX_free(copy);

5
test/recipes/30-test_evp.t
View File

@ -74,7 +74,10 @@ push @files, qw(
evpkdf_x942_des.txt
evpmac_cmac_des.txt
) unless $no_des;
push @files, qw(evppkey_dsa.txt) unless $no_dsa;
push @files, qw(
evppkey_dsa.txt
evppkey_dsa_sigalg.txt
) unless $no_dsa;
push @files, qw(
evppkey_ecx.txt
evppkey_ecx_sigalg.txt

419
test/recipes/30-test_evp_data/evppkey_dsa_sigalg.txt Normal file
View File

@ -0,0 +1,419 @@
#
# Copyright 2024 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
# Tests start with one of these keywords
# Cipher Decrypt Derive Digest Encoding KDF MAC PBE
# PrivPubKeyPair Sign Verify VerifyRecover
# and continue until a blank line. Lines starting with a pound sign are ignored.
# Private keys used for PKEY operations.
# DSA key
PrivateKey=DSA-1024
-----BEGIN PRIVATE KEY-----
MIIBSwIBADCCASwGByqGSM44BAEwggEfAoGBAO0SwRpkAeM21qSM5ch4CLEHpFk4
19R5ve1UUr421y3HEUURsrVpxYKvyx8aOBQC/akz95cYxNN3y1JnJJMxPklhdJrJ
f/WDYPxjMk8BqNJmeZtLuCVLKGwQomuo7ZkG955WRyLHYEdQ6uC7K2QTPKpW6psF
YFaDYjAjSEKk2MFxAhUAykDkKLZdhPWzwM8/qYaE31VmWz0CgYEApNVF8oFK41ez
Qci9XbSZJHyPB+3jML1YQkHxiiInaIz6GEFtjUbIUEYA/ovY+6ECNI1aIDHTd7CH
woS0mp33oQYs43nt29B6UwbtMmbzCOQ9vGGwWVho+JtHyyPWrDuLmkvLtoQPaxYt
6PVa3gncr2v3njcVuH+EQ6DuFR93zksEFgIUbyv6pqH+UQurernJn/7sUm2U2i0=
-----END PRIVATE KEY-----
PublicKey=DSA-1024-PUBLIC
-----BEGIN PUBLIC KEY-----
MIIBtzCCASwGByqGSM44BAEwggEfAoGBAO0SwRpkAeM21qSM5ch4CLEHpFk419R5
ve1UUr421y3HEUURsrVpxYKvyx8aOBQC/akz95cYxNN3y1JnJJMxPklhdJrJf/WD
YPxjMk8BqNJmeZtLuCVLKGwQomuo7ZkG955WRyLHYEdQ6uC7K2QTPKpW6psFYFaD
YjAjSEKk2MFxAhUAykDkKLZdhPWzwM8/qYaE31VmWz0CgYEApNVF8oFK41ezQci9
XbSZJHyPB+3jML1YQkHxiiInaIz6GEFtjUbIUEYA/ovY+6ECNI1aIDHTd7CHwoS0
mp33oQYs43nt29B6UwbtMmbzCOQ9vGGwWVho+JtHyyPWrDuLmkvLtoQPaxYt6PVa
3gncr2v3njcVuH+EQ6DuFR93zksDgYQAAoGAVXFwJ5wTuF0rQ6AWfTitm3/zUeRW
SeKFo+Rg0GrBI+Wg2Tj+Yn6V8Xs+Xyjim1wsd2P6/BlJzCEr4nHjP9JcBICqM3vI
9zCaT/vYsLD7/T7rF9AF/jV+LnkGJCzLbDYF04IkhtLNHOQob+Uc8PWB78e/1Lc4
SzJw2oHciIOt+UU=
-----END PUBLIC KEY-----
PrivPubKeyPair = DSA-1024:DSA-1024-PUBLIC
Title = DSA tests
FIPSversion = >=3.4.0
Verify = DSA-SHA1:DSA-1024
Input = "0123456789ABCDEF1234"
Output = 302d021500942b8c5850e05b59e24495116b1e8559e51b610e0214237aedf272d91f2397f63c9fc8790e1a6cde5d87
FIPSversion = >=3.4.0
Verify = DSA-SHA1:DSA-1024-PUBLIC
Input = "0123456789ABCDEF1234"
Output = 302d021500942b8c5850e05b59e24495116b1e8559e51b610e0214237aedf272d91f2397f63c9fc8790e1a6cde5d87
# Modified signature
FIPSversion = >=3.4.0
Verify = DSA-SHA1:DSA-1024-PUBLIC
Input = "0123456789ABCDEF1234"
Output = 302d021500942b8c5850e05b59e24495116b1e8559e51b610e0214237aedf272d91f2397f63c9fc8790e1a6cde5d88
Result = VERIFY_ERROR
# Digest too short
FIPSversion = >=3.4.0
Verify = DSA-SHA1:DSA-1024-PUBLIC
Input = "0123456789ABCDEF123"
Output = 302d021500942b8c5850e05b59e24495116b1e8559e51b610e0214237aedf272d91f2397f63c9fc8790e1a6cde5d87
Result = VERIFY_ERROR
# Digest too long
FIPSversion = >=3.4.0
Verify = DSA-SHA1:DSA-1024-PUBLIC
Input = "0123456789ABCDEF12345"
Output = 302d021500942b8c5850e05b59e24495116b1e8559e51b610e0214237aedf272d91f2397f63c9fc8790e1a6cde5d87
Result = VERIFY_ERROR
# Garbage after signature
FIPSversion = >=3.4.0
Verify = DSA-1024-PUBLIC
Input = "0123456789ABCDEF1234"
Output = 302d021500942b8c5850e05b59e24495116b1e8559e51b610e0214237aedf272d91f2397f63c9fc8790e1a6cde5d8700
Result = VERIFY_ERROR
# Invalid tag
FIPSversion = >=3.4.0
Verify = DSA-SHA1:DSA-1024-PUBLIC
Input = "0123456789ABCDEF1234"
Output = 312d021500942b8c5850e05b59e24495116b1e8559e51b610e0214237aedf272d91f2397f63c9fc8790e1a6cde5d87
Result = VERIFY_ERROR
# BER signature
FIPSversion = >=3.4.0
Verify = DSA-SHA1:DSA-1024-PUBLIC
Input = "0123456789ABCDEF1234"
Output = 3080021500942b8c5850e05b59e24495116b1e8559e51b610e0214237aedf272d91f2397f63c9fc8790e1a6cde5d870000
Result = VERIFY_ERROR
Title = Test keypair mismatches
PrivateKey = DSA-1024-BIS
-----BEGIN PRIVATE KEY-----
MIIBSwIBADCCASwGByqGSM44BAEwggEfAoGBAO0SwRpkAeM21qSM5ch4CLEHpFk419R5ve1UUr42
1y3HEUURsrVpxYKvyx8aOBQC/akz95cYxNN3y1JnJJMxPklhdJrJf/WDYPxjMk8BqNJmeZtLuCVL
KGwQomuo7ZkG955WRyLHYEdQ6uC7K2QTPKpW6psFYFaDYjAjSEKk2MFxAhUAykDkKLZdhPWzwM8/
qYaE31VmWz0CgYEApNVF8oFK41ezQci9XbSZJHyPB+3jML1YQkHxiiInaIz6GEFtjUbIUEYA/ovY
+6ECNI1aIDHTd7CHwoS0mp33oQYs43nt29B6UwbtMmbzCOQ9vGGwWVho+JtHyyPWrDuLmkvLtoQP
axYt6PVa3gncr2v3njcVuH+EQ6DuFR93zksEFgIUFQFshP0hj7i6ClXkSPYoFW6KrIY=
-----END PRIVATE KEY-----
PublicKey = DSA-1024-BIS-PUBLIC
-----BEGIN PUBLIC KEY-----
MIIBtzCCASwGByqGSM44BAEwggEfAoGBAO0SwRpkAeM21qSM5ch4CLEHpFk419R5
ve1UUr421y3HEUURsrVpxYKvyx8aOBQC/akz95cYxNN3y1JnJJMxPklhdJrJf/WD
YPxjMk8BqNJmeZtLuCVLKGwQomuo7ZkG955WRyLHYEdQ6uC7K2QTPKpW6psFYFaD
YjAjSEKk2MFxAhUAykDkKLZdhPWzwM8/qYaE31VmWz0CgYEApNVF8oFK41ezQci9
XbSZJHyPB+3jML1YQkHxiiInaIz6GEFtjUbIUEYA/ovY+6ECNI1aIDHTd7CHwoS0
mp33oQYs43nt29B6UwbtMmbzCOQ9vGGwWVho+JtHyyPWrDuLmkvLtoQPaxYt6PVa
3gncr2v3njcVuH+EQ6DuFR93zksDgYQAAoGAdZCPYZ9WvtKW7dFvbEjl0HHBxLNX
8kV1/FAxsDrQd+c8mWdruNzcmwsZJklJuTK9czKnXgLmkRHR20I4oNrJ/bptV8lV
iDvJBJlmZ1aGh6yLIHzYBbgbgia3lBrFlO5qUxNmbNeiC+HIqUvlVBmQOLN6+Xjn
Q4A0wDK8dmF2dFI=
-----END PUBLIC KEY-----
PrivPubKeyPair = DSA-1024-BIS:DSA-1024-BIS-PUBLIC
PrivPubKeyPair = DSA-1024:DSA-1024-BIS-PUBLIC
Result = KEYPAIR_MISMATCH
PrivPubKeyPair = DSA-1024-BIS:DSA-1024-PUBLIC
Result = KEYPAIR_MISMATCH
PrivateKey = DSA-1024-FIPS186-2
-----BEGIN PRIVATE KEY-----
MIIBWgIBADCCATMGByqGSM44BAEwggEmAoGBALRSnNcjMPIl4tekT5D3AgqsK042
Ar1dGKeJCmWrSngAELtSH0yZCwsbl7wLEgG2lfusbn5sdtbpFioKInohZruRhzwC
59GRXjAFD0QPhVE/qy6Oto+8WIHAa/RiEIkxRfTiAe9Ach56k9lZYONDUHDqH38u
UIfjoUN+jlzoJcWbAh0A6TfgjmB+CxvxG/2pz8OAXXfNP8/JLfYvolE/fwKBgH7l
jLeoOofKc+rwO2Fha8nuFddXRSePZKzC7mRQsPXwfvX5V6msU2xizjdPIsqVu7qA
Bcc1YMd7/5C3vaKuS21DxBOs7nAHbO9ZZtGlpUAnJwM/P09nMb3yG6tR9LF3AQmu
Kr2KShQB0FlSgvcCDTX7g8eJ/UuIWo6wX4hSdHDhBB4CHAdVVg1m5ikOICUBo37Y
/TqkTaCFsMDwcDc20Jg=
-----END PRIVATE KEY-----
PrivateKey = DSA-2048-160
-----BEGIN PRIVATE KEY-----
MIICTAIBADCCAi0GByqGSM44BAEwggIgAoIBAQCOypCJyAO7uNZSPSNGalSkyjQC
xdFVIGfMJKjEXzJnH4g3ts0UqUyO8126REDJEXDeMi22841xsSvzz0ZJeT5YvMLW
t1BtSTiYg2QOar1qEGJunHgjsWKJbVzIqWNw60ZP7pNKmlR7PKa3WDaPhdeVP8zJ
PEMeUHOSprO5Jk/Hjr8jxV0znIIixb9L9PgJAwxiM7rkRHS2Oz1FCYDmNmuFhQDh
Cb3wY9t1AcAHZ05uZ4PtNjdRPwFLPeVdckPj0ntApvOrH18xPWBmwcVeHAH1SV2k
7LPK7wILHVzcKm74ubX/s1wKysyyXyKM+oCgG9jvfh09VQJcHTHaVS643ohZAhUA
uQMLDZqMQbh9TYlm9xYCEBaeVs0CggEAcum3PgEQIRfukytMQ7gKMyfxHqhMmJ6t
RolRhgMrSfl99dmMoqJV+sdSjYvZSkwl71N1Y4Al8GcJB1SzTSb8qGRzM+43pa4k
SyQZ62WA8w5gaIQJ85JUrWiT8C6SgwAbruS5BVHRbQD6FxZwro9+s8uPnLesMTQX
p4maNSQaqYX7tqGl6Z7Wo0PsEwuDRvBlI6sl97gl4q3FQPByCq/64UW/eF6Illo1
dpfbiWCszsp8oczXCEuP+2Y67WUIj3LjFA7WM/R8K4SfdMQ/VXY/cyRhlUqQl8Qe
ndBVKe0IeSdqvMcLNoUip7DGcOXW2ogZl+wgeP4xL3pdo8uS025kjwQWAhRfutAE
r/MlbdGMvcA7l0XmzzY85w==
-----END PRIVATE KEY-----
PrivateKey = DSA-2048-224
-----BEGIN PRIVATE KEY-----
MIICXAIBADCCAjUGByqGSM44BAEwggIoAoIBAQDVjuiHR3XA9yAjToNQOmdg2rN9
0A4mIEV3XGy1nqaKZXdavdXcsAGLmttZ/gfiHi0JNh3rxj4dbvcaN+K0IWXq6hAY
6ZOvDZ0FH5DRH63Ecd8fWY/BMDr178sOINkPG8hLRmYcrAp/4woMBPxkEtQBfl4R
POus+OYS4sJpl8wEgfy0HhLXkkN4YQhBf57NvQ7+LcwaErDcNLRguI3TRzflhNEh
ieBfYtIIgISIi0yMsxOINopuHeAmcANLjyUqkQ44xcJ0kM+OoAKFq/XukkTj++iP
9Okh+bmNEo23RtM4qqScZyUIX4bPyynbkMdu01ZG+q8PEhyoxGpHkMT6kYHBAh0A
/rbeX9L8STLoLIsLUMbdPVLWvnLyLooSygawvwKCAQAhscCNIY/bPZ6DRULS8i4G
0f+9chMR+C5tNykaTzCUxRjObOWKu0z1JyViiafcAoV8j1e64xRxA4a8g9RrKilK
KztCJfwIJCeHIjHi/dvIR0z1SDeNNVpFacAT+DF5G+sMqS8Mael0MnEcR2sNkw+1
MVIO5tinKWAFM087hsSmKs/uIvdVexH2ptKKehxTFjs8ySfAMiMfqhaC2JgPCFL1
jUpAIvs4oCx2yZKvq+TzJOq8LRHG3qSHa0BcNVPKfVkmVJRg4ETzza1/e14Re1BR
si7RL7EtHuFiFjYiWTGueT+e0jdBS8CoafD1V/I7NPqVmGc5NeaRv4n+ESpDSX+z
BB4CHBN2hfQxLXg+t/MNcza5M0WoAWna5JzQBAtDzIM=
-----END PRIVATE KEY-----
PrivateKey = DSA-2048-256
-----BEGIN PRIVATE KEY-----
MIICZQIBADCCAjoGByqGSM44BAEwggItAoIBAQDAuDj/d/t7n4013h18atbOYg4Q
oWZPLmA7MvFABqrlv9lfa0dRGhOHyXClHh2bsNMwk3txKjTaTwjM9v80xe47y2lv
34DPEKaWf+6HGcsu313kjIoAITO61HK0TJXjm0BV2uzZQFmvVHwEZmt7uGFcTc4t
Vl71Z+MjhlMqpOmXIL/OBJkMOE1CXF/b6oKyXJvyZRpE4oxS+8B1l7d/N0B1XhQl
EMToFwmvsKfeeK24wDfxasfbNbQ7Zih/5HylWtNXbvldnOf6cfPPPM6FO7HVI9R5
llQKxFWujVrX0IOXu89xT8t+/ICKJtLKD5HzmeH1Y6LO+Qnsu5tW8IhnDHKLAiEA
prlohsCeURHqsKcqtMElD7vg+Ati8OKgdo79/ktz9bMCggEBALC9Awm0lClgvefU
inwV6gQppvAQttX7fUGjnrmuAXjw/pm4MBuzkR1P7vm2IY51+SopK+ZvgXXXnWGQ
m8y3DCuoSnfE6Y+NpAfL9iJxy5W+ByvW75GW7/Lj5hR/igKKuYhfGYT/2eIGtdQ2
C2tcWTcV7Gfk60WSw9eLUtKCUjBHaoFHFMo3MWH64Fc0xVEQ1DLgEC5Y3TLmiLBx
VOGpp5ZFeAc52n/W4afbBcQ5ifGFPwgcS7+WdnUUs7awuCCldh74kz58kdTJAztZ
ZjjK728BYEE4P6itUNtr3jgNzhqwTBFvOwWCQA//a7vpyqtHMzDmpcVuDx6f4iP3
aghyxFAEIgIgK1Ct6iRtcq01mdt4EGRrkiAHBr5zTcAgbv5ZaU99pmQ=
-----END PRIVATE KEY-----
PrivateKey = DSA-3072-256
-----BEGIN PRIVATE KEY-----
MIIDZgIBADCCAzoGByqGSM44BAEwggMtAoIBgQCvf6pPUvu2J7j4aaGcpEkfjX7e
DvM5qlpuf2GDwbWFQpkxeRFtmd5EFbgNvRMsLyfTA3KWd4k2nFug2Uf5kFJ0rOcI
nToVcrPjg8onD43Rcknvmu5grsjDvCFMmWFu361LbWxZCgGCwSUv4P647kS5ccaD
k0o4f+a8YWLahop/HowqoN8/TvC/izdN0WvRYKeegJcBzaaBKWsBS8ucu0jEh5S3
PCAQRFoKNRPjUzjIhycIlpdmI5BG72SkvSSMef9wvGl72FN2t3v5dbWjl7QgghU5
0BB/RlueApJgrFhadE/0ZJKSukPMbL9a0L1xZl01iJYraa76rn5weVkU8sW7BN7C
oHTovusrls/AtEBKXKC47rNnfSc9VwfwdNBuvs33Ga872575bjOunQiXQRxuuqjq
u3MyixPygIy+MmjhjPhnpYnb+1sytpoN1UOTi9QMHWLp2ExYvurda6n4nCjbJBcB
DvWPyapslDP+yT/3aEH0ctqu/QMk3rPxBAzVytUCIQD/CwBYEWtyd6IoiqcWVMT5
4k1cKfg5ZbNu7mG3iS+iSwKCAYEAm1QNpGrOS2orCVUP80KQFTQwg37tlynJjXev
ORdBgDXpIjFcdEgsEx9cHzlOywBDQWxHLXRukvgQbx7dCq2RgEM6Fo6ngbhj87zw
dLFdXxj/TU0fJPhj3VIF2qu5vG1SZRu4zKNZ6uoJP7R4/7o/shHOoTyCOigRew4X
A2P9eIxpEv/KXRznxjG1IcAQJcPYBDwjE555WNHL0jzzKEyxyxmkm9ThEpleW7HU
ij78B5O45V/AHVF7oB/L+Aqmbc2dZy8EtShsMKqSMdFWjV0BnuzsPt9KmKT+rbj6
MpqgdaKPEsYVD4Nk6EWEyYbWmELtS9jKH5E4Z/pqFGeamsiD5Sn0ap7SGa81BtA+
s7FMG851b2jtRw0RB4+boGx0Lt43WbytfmW445i4h/NMB0nE/pzjIIjD3URdNoaS
2G2eZcW/aC9bKkOoAr2USSlgylPCkz2a/CAx7i925HOZ2dw9HJ940vkAoxP+nMQv
kMzKKeM5QVgAeRwjDqRk9uCWD7VyBCMCIQDxycQrIIL4PxAoPIM7//v8mL7A3YSW
o3mO5AXuBuEe2g==
-----END PRIVATE KEY-----
PrivateKey = DSA-3072-224
-----BEGIN PRIVATE KEY-----
MIIDXAIBADCCAzUGByqGSM44BAEwggMoAoIBgQDEY9anVQ8qwdz77IQx1bSmu5MI
mP7pf9IUXbH5fZFrCjlDu34w2WvsdDRrM2/isvKb/wj+sgg5dx5bWRn/+xolwu8l
upmD6KMJ07t9SSla155tkvS/8hU5AD8elH9vV+HlTPKRHNF1X3jFJRVay64O+vFX
WRe7t3yBFv/VqkhnYwm5aymMK6/TXR1znJzrMNgU1Ao3unhjaFnRsldHVHjXrA4y
rJRMsa4r5BCPQNK8iXKabAw19oiRbRvqs3YfzoR1HqZ3LGO1/p9ECoc/QW0uI1Za
LYQli1aNtNmtYhwKvy7O8IzjrbjkDRgl/TtDmtfpDnM6FkQebgU0OxQXTOwZgtEV
a7VY+EwG1q+Qab7uvuO2YJ7Mk2JKmu4u0Gz7tq5N+hEN4P5UMC/MUw6ftLCGN6l6
ycEJHMgGzDsAKEJW6NcXneY3vXpdaRGnuxyUKI86wQd3Qg1Mm3H1gqtkd48owIJm
RtE/u91T4OJOcwVm2FxDgmMsb0LwqAELL+I9RH8CHQDNAddLZ4ovSccoD+s06I+X
d+GzJ8cNcbn4H1TVAoIBgAmwgz0CjHaacOiXcQ4GLw0kN2IpXKAXYma1vDlDcesT
lY8dcGsX2UjuLnfegMRkb5FMGZ8TDjgDG4vLo2p1ybt7S7s0hn56bju5HZLSOmAp
nu5M15iZxDzgVvhRkB0EG/aw5i6iq22JUA5SUAGYLemcZIuukIDu6vhTeK2125qa
q+Uc0/kyPMOf0zABo+I2wWNmZgdq26F147Yrf06VY3ekxcER1vAUfVBHxeYPfdZR
N8ztdzYTPtCSxyIWATUxYvWxsaxqNckjXLZp5t9L72Zc8k5swsBDIAabhJTiQrRS
hkhD0UOCf2pUNFcHIxLqYskOycEjtmKrAYbrHZDRw5CzP5ABaDYwqgxi2ZSt/tv4
iYUhX4tRicGeAWLM7D3LxG+P/6q7dJ/Gjjx8gmbcBJKcjVDGp/b8xn1WY83gbNEJ
HOAqdXyxgnQL+E581jk13LixzoOboyrhryFqVoMarZOXEAQKToG24tj5DO7LmviW
8hzXTwJmVlKblGJxVmqDuQQeAhx6PjOtN4DxhxZdoX8+lU7C6CWYvyQbJOER0XVn
-----END PRIVATE KEY-----
PrivateKey = DSA-4096-256
-----BEGIN PRIVATE KEY-----
MIIEZQIBADCCBDoGByqGSM44BAEwggQtAoICAQD9m23nz0MOXi3GFvuv+Qpva9Ms
oZ/oPS1sYy/JtxvBtEjWv0b0wxtLAiASkBBhaqC1Qy+9O7dC7s5wze/0v/mAxFtF
X18KhMWSRtgiGOWzg6Nyog+Dus224Qa6wfYC1+lcGG/TmDLSmukBrVzd/71pSOkT
6O3v5hx1JOdJzzNPt1kjq31B1/2h9OXnARg1JDCLHP6fxRkWj2ThwU+FwlKTpo+d
MsC0Xl93t1lBOiS5VsHLSZIeqsInEj3bWBTT6C5q0huZKBQ9iT3SwAq/gG8KL9DV
MGSWQwAQdUpQWcv6JDwLb6h6QhHmzclDCF8JAGRzLA9kDWbmYPXQuVxj1//LuJba
fMe6tLWBuAMeQNFuB/pro2dszbo8GDOYEaOfogG86x9hfgBoPufU0oHlfhj3nhO8
cLYwvhRkN/ZZyTM5/1aHQNvp6S+sIGD1WFKPxMZuTH2k01I0s8ESGrlWpnPgwNQx
iwx+dlXLFZNdDOiS+Mb9JPSuJ/xDagHmQzG0gxYiLfWQKjAMol4niB6mGIm0gEYq
Rw9OEHE/ghzBMbr6M+BLDm7PDac5y1a3L6l9e0Yq9h+4bwqTqZIpNIsRS4A0lmXd
IXs54dQmTwF75cMWjOAOYwxua97I4Ci3nkJWiozBugoGrKTSkeNX21uMfVJKidjd
j79Vlz79qnMSB42sqwIhAPwv8XkIkZvnDKTTowvUy8L6V/SxF7KZFtvX5Mx4KJt7
AoICAQDdWpUSEpBLdFiu6MzqdWnRv9pt8BEu0sC9Z+xE3VrpDKqqnK2Rhtye0yIk
4fofLl9VF2J4P6hzDcCu8QEDj0K3dWQR+BU1WMBHMCTHrTM51XAqbjR1H3ZYWVxC
WgWrVGQkcD55TrM2RYBKH6Wa7K9HeFVJcdHrh0AZb4lXIBZHf0+71cOfZH8w1ufl
yKzYNMGY9+eoU3Pm0D5gBO/69uWDrK21SJMW3Fpqm4rgeHtNhR4oI6cagyo2+XfD
e+ivCk5XKCXgImKpKDMuKhJy0K4vZFjVHeIWl2mf1zyhmCxuAcGEf9dRVKtnQQGS
8uJGddKuda67J9vecN78H2nhsZcU9DRPzgjW+tUTwSX3ycW/hEA65kN5PUSpj8Ax
7gZN5Jn8bGNlCgLItHQMscGDo0L47+bN8G8JguZr+hpNFKmYMpbQ15yHaRU7DR36
Zx91SEQ1o8Kn8mNT37RBYk/vZij9P8QRnn3pen9Ha5CBNs6/8RERaUJ84kSCV0iL
4/ed3syr8bek8a2rN6qhLZSKfYwLdiu0VaBsmJrOoE7xNgJ+f0g7aTptO1NOiwtY
ftiDvljQGG1QhAv9i1uSmz6EPYn3VCJPadxX8mlPmpGCewk8ycOV1IFgCK86cdTl
bDfJavyQoCWW6EF260m2+rWtl6ILGhhWIbDN5KfXBhrOPvxvHQQiAiBZM1KxUjGw
h2C/91Z0b0Xg4QYNOtVUbfqQTJQAqEpaRg==
-----END PRIVATE KEY-----
Title = FIPS Tests (using different key sizes and digests)
# Test sign with a 2048 bit key with N == 160 is not allowed in fips mode
Availablein = fips
FIPSversion = >=3.4.0
Sign-Message = DSA-SHA256:DSA-2048-160
Input = "Hello"
Output = 00
Result = KEYOP_INIT_ERROR
# Test sign with a 2048 bit key with N == 224 is allowed in fips mode
Availablein = default
FIPSversion = >=3.4.0
Sign-Message = DSA-SHA256:DSA-2048-224
Input = "Hello"
Output = 00
Result = KEYOP_MISMATCH
# Test sign with a 2048 bit key with N == 256 is allowed in fips mode
Availablein = default
FIPSversion = >=3.4.0
Sign-Message = DSA-SHA256:DSA-2048-256
Input = "Hello"
Result = KEYOP_MISMATCH
# Test sign with a 3072 bit key with N == 256 is allowed in fips mode
Availablein = default
FIPSversion = >=3.4.0
Sign-Message = DSA-SHA256:DSA-3072-256
Input = "Hello"
Result = KEYOP_MISMATCH
# Test sign with a 2048 bit SHA3 is allowed in fips mode
Availablein = default
FIPSversion = >=3.4.0
Sign-Message = DSA-SHA3-224:DSA-2048-256
Input = "Hello"
Result = KEYOP_MISMATCH
# Test verify with a 1024 bit key is allowed in fips mode
FIPSversion = >=3.4.0
Verify-Message = DSA-SHA256:DSA-1024
Input = "Hello "
Output = 302c02142e32c8a5b0bd19b2ba33fd9c78aad3729dcb1b9e02142c006f7726a9d6833d414865b95167ea5f4f7713
# Test verify with SHA1 is allowed in fips mode
FIPSversion = >=3.4.0
Verify-Message = DSA-SHA1:DSA-1024
Input = "Hello "
Output = 302c0214602d21ed37e46051bb3d06cc002adddeb4cdb3bd02144f39f75587b286588862d06366b2f29bddaf8cf6
# Test verify with a 2048/160 bit key is allowed in fips mode
FIPSversion = >=3.4.0
Verify-Message = DSA-SHA256:DSA-2048-160
Input = "Hello"
Output = 302e021500a51ca7f70ae206f221dc9b805bb04bfc07d6e448021500b16e45f9dac8aff04e115f96c00f4237d0fced41
Title = Fips Negative Tests (using different key sizes and digests)
# Test sign with a 1024 bit key is not allowed in fips mode
Availablein = fips
FIPSversion = >=3.4.0
Sign-Message = DSA-SHA256:DSA-1024-FIPS186-2
Securitycheck = 1
Input = "Hello"
Result = KEYOP_INIT_ERROR
# Test sign with SHA1 is not allowed in fips mode
Availablein = fips
FIPSversion = >=3.4.0
Sign-Message = DSA-SHA1:DSA-2048-256
Securitycheck = 1
Input = "Hello"
Result = KEYOP_INIT_ERROR
# Test sign with a 3072 bit key with N == 224 is not allowed in fips mode
Availablein = fips
FIPSversion = >=3.4.0
Sign-Message = DSA-SHA256:DSA-3072-224
Securitycheck = 1
Input = "Hello"
Result = KEYOP_INIT_ERROR
# Test sign with a 4096 bit key is not allowed in fips mode
Availablein = fips
FIPSversion = >=3.4.0
Sign-Message = DSA-SHA256:DSA-4096-256
Securitycheck = 1
Input = "Hello"
Result = KEYOP_INIT_ERROR
Title = Fips Indicator Tests
# Check that the indicator callback is triggered
# Test sign with a 1024 bit key is unapproved in fips mode if the sign and key
# checks are ignored.
Availablein = fips
FIPSversion = >=3.4.0
Sign-Message = DSA-SHA256:DSA-1024-FIPS186-2
Securitycheck = 1
Unapproved = 1
CtrlInit = sign-check:0
CtrlInit = key-check:0
Input = "Hello"
Result = KEYOP_MISMATCH
# Test sign with a 1024 bit key is unapproved and fails the key check in
# fips mode if the sign check is ignored
Availablein = fips
FIPSversion = >=3.4.0
Sign-Message = DSA-SHA256:DSA-1024-FIPS186-2
Securitycheck = 1
Unapproved = 1
CtrlInit = sign-check:0
Input = "Hello"
Result = KEYOP_INIT_ERROR
# Test sign with a 3072 bit key with N == 224 is not allowed in fips mode if the
# sign and key checks are ignored
Availablein = fips
FIPSversion = >=3.4.0
Sign-Message = DSA-SHA256:DSA-3072-224
Securitycheck = 1
Unapproved = 1
CtrlInit = sign-check:0
CtrlInit = key-check:0
Input = "Hello"
Result = KEYOP_MISMATCH
# Test sign with a 4096 bit key is unapproved in fips mode if the sign and key
# checks are ignored
Availablein = fips
FIPSversion = >=3.4.0
Sign-Message = DSA-SHA256:DSA-4096-256
Securitycheck = 1
Unapproved = 1
CtrlInit = sign-check:0
CtrlInit = key-check:0
Input = "Hello"
Result = KEYOP_MISMATCH
# Test sign with SHA1 is unapproved in fips mode if DSA sign check is ignored
Availablein = fips
FIPSversion = >=3.4.0
Sign-Message = DSA-SHA1:DSA-2048-256
Securitycheck = 1
Unapproved = 1
CtrlInit = sign-check:0
Input = "Hello"
Result = KEYOP_INIT_ERROR