From 03def95c60ce882d75e6b931317ddbd255296f75 Mon Sep 17 00:00:00 2001 From: Anderson Toshiyuki Sasaki Date: Wed, 3 Apr 2019 13:40:04 +0200 Subject: crypto-selftests-pk.c: Move hardcoded values to the top Signed-off-by: Anderson Toshiyuki Sasaki --- lib/crypto-selftests-pk.c | 224 +++++++++++++++++++++++----------------------- 1 file changed, 112 insertions(+), 112 deletions(-) diff --git a/lib/crypto-selftests-pk.c b/lib/crypto-selftests-pk.c index 7bdb0973ff..4106005bfb 100644 --- a/lib/crypto-selftests-pk.c +++ b/lib/crypto-selftests-pk.c @@ -107,6 +107,118 @@ static const char gost12_512_key[] = "KjL7CLBERDm7Yvlv\n" "-----END PRIVATE KEY-----\n"; +/* A precomputed RSA-SHA256 signature using the rsa_key2048 */ +static const char rsa_sig[] = + "\x7a\xb3\xf8\xb0\xf9\xf0\x52\x88\x37\x17\x97\x9f\xbe\x61\xb4\xd2\x43\x78\x9f\x79\x92\xd0\xad\x08\xdb\xbd\x3c\x72\x7a\xb5\x51\x59\x63\xd6\x7d\xf1\x9c\x1e\x10\x7b\x27\xab\xf8\xd4\x9d\xcd\xc5\xf9\xae\xf7\x09\x6b\x40\x93\xc5\xe9\x1c\x0f\xb4\x82\xa1\x47\x86\x54\x63\xd2\x4d\x40\x9a\x80\xb9\x38\x45\x69\xa2\xd6\x92\xb6\x69\x7f\x3f\xf3\x5b\xa5\x1d\xac\x06\xad\xdf\x4e\xbb\xe6\xda\x68\x0d\xe5\xab\xef\xd2\xf0\xc5\xd8\xc0\xed\x80\xe2\xd4\x76\x98\xec\x44\xa2\xfc\x3f\xce\x2e\x8b\xc4\x4b\xab\xb0\x70\x24\x52\x85\x2a\x36\xcd\x9a\xb5\x05\x00\xea\x98\x7c\x72\x06\x68\xb1\x38\x44\x16\x80\x6a\x3b\x64\x72\xbb\xfd\x4b\xc9\xdd\xda\x2a\x68\xde\x7f\x6e\x48\x28\xc1\x63\x57\x2b\xde\x83\xa3\x27\x34\xd7\xa6\x87\x18\x35\x10\xff\x31\xd9\x47\xc9\x84\x35\xe1\xaa\xe2\xf7\x98\xfa\x19\xd3\xf1\x94\x25\x2a\x96\xe4\xa8\xa7\x05\x10\x93\x87\xde\x96\x85\xe5\x68\xb8\xe5\x4e\xbf\x66\x85\x91\xbd\x52\x5b\x3d\x9f\x1b\x79\xea\xe3\x8b\xef\x62\x18\x39\x7a\x50\x01\x46\x1b\xde\x8d\x37\xbc\x90\x6c\x07\xc0\x07\xed\x60\xce\x2e\x31\xd6\x8f\xe8\x75\xdb\x45\x21\xc6\xcb"; + +/* ECDSA key and signature */ +static const char ecdsa_secp256r1_privkey[] = + "-----BEGIN EC PRIVATE KEY-----\n" + "MHcCAQEEIPAKWV7+pZe9c5EubMNfAEKWRQtP/MvlO9HehwHmJssNoAoGCCqGSM49\n" + "AwEHoUQDQgAE2CNONRio3ciuXtoomJKs3MdbzLbd44VPhtzJN30VLFm5gvnfiCj2\n" + "zzz7pl9Cv0ECHl6yedNI8QEKdcwCDgEmkQ==\n" + "-----END EC PRIVATE KEY-----\n"; + +static const char ecdsa_secp256r1_sig[] = + "\x30\x45\x02\x21\x00\x9b\x8f\x60\xed\x9e\x40\x8d\x74\x82\x73\xab\x20\x1a\x69\xfc\xf9\xee\x3c\x41\x80\xc0\x39\xdd\x21\x1a\x64\xfd\xbf\x7e\xaa\x43\x70\x02\x20\x44\x28\x05\xdd\x30\x47\x58\x96\x18\x39\x94\x18\xba\xe7\x7a\xf6\x1e\x2d\xba\xb1\xe0\x7d\x73\x9e\x2f\x58\xee\x0c\x2a\x89\xe8\x35"; + +#ifdef ENABLE_NON_SUITEB_CURVES +/* sha256 */ +static const char ecdsa_secp192r1_privkey[] = + "-----BEGIN EC PRIVATE KEY-----" + "MF8CAQEEGLjezFcbgDMeApVrdtZHvu/k1a8/tVZ41KAKBggqhkjOPQMBAaE0AzIA" + "BO1lciKdgxeRH8k64vxcaV1OYIK9akVrW02Dw21MXhRLP0l0wzCw6LGSr5rS6AaL" + "Fg==" "-----END EC PRIVATE KEY-----"; + +static const char ecdsa_secp192r1_sig[] = + "\x30\x34\x02\x18\x5f\xb3\x10\x4b\x4d\x44\x48\x29\x4b\xfd\xa7\x8e\xce\x57\xac\x36\x38\x54\xab\x73\xdb\xed\xb8\x5f\x02\x18\x0b\x8b\xf3\xae\x49\x50\x0e\x47\xca\x89\x1a\x00\xca\x23\xf5\x8d\xd6\xe3\xce\x9a\xff\x2e\x4f\x5c"; + +static const char ecdsa_secp224r1_privkey[] = + "-----BEGIN EC PRIVATE KEY-----" + "MGgCAQEEHOKWJFdWdrR/CgVrUeTeawOrJ9GozE9KKx2a8PmgBwYFK4EEACGhPAM6" + "AAQKQj3YpenWT7lFR41SnBvmj/+Bj+kgzQnaF65qWAtPRJsZXFlLTu3/IUNqSRu9" + "DqPsk8xBHAB7pA==" "-----END EC PRIVATE KEY-----"; + +static const char ecdsa_secp224r1_sig[] = + "\x30\x3d\x02\x1c\x76\x03\x8d\x74\xf4\xd3\x09\x2a\xb5\xdf\x6b\x5b\xf4\x4b\x86\xb8\x62\x81\x5d\x7b\x7a\xbb\x37\xfc\xf1\x46\x1c\x2b\x02\x1d\x00\xa0\x98\x5d\x80\x43\x89\xe5\xee\x1a\xec\x46\x08\x04\x55\xbc\x50\xfa\x2a\xd5\xa6\x18\x92\x19\xdb\x68\xa0\x2a\xda"; +#endif + +static const char ecdsa_secp384r1_privkey[] = + "-----BEGIN EC PRIVATE KEY-----" + "MIGkAgEBBDDevshD6gb+4rZpC9vwFcIwNs4KmGzdqCxyyN40a8uOWRbyf7aHdiSS" + "03oAyKtc4JCgBwYFK4EEACKhZANiAARO1KkPMno2tnNXx1S9EZkp8SOpDCZ4aobH" + "IYv8RHnSmKf8I3OKD6TaoeR+1MwJmNJUH90Bj45WXla68/vsPiFcfVKboxsZYe/n" + "pv8e4ugXagVQVBXNZJ859iYPdJR24vo=" "-----END EC PRIVATE KEY-----"; + +static const char ecdsa_secp384r1_sig[] = + "\x30\x66\x02\x31\x00\xbb\x4d\x25\x30\x13\x1b\x3b\x75\x60\x07\xed\x53\x8b\x52\xee\xd8\x6e\xf1\x9d\xa8\x36\x0e\x2e\x20\x31\x51\x11\x48\x78\xdd\xaf\x24\x38\x64\x81\x71\x6b\xa6\xb7\x29\x58\x28\x82\x32\xba\x29\x29\xd9\x02\x31\x00\xeb\x70\x09\x87\xac\x7b\x78\x0d\x4c\x4f\x08\x2b\x86\x27\xe2\x60\x1f\xc9\x11\x9f\x1d\xf5\x82\x4c\xc7\x3d\xb0\x27\xc8\x93\x29\xc7\xd0\x0e\x88\x02\x09\x93\xc2\x72\xce\xa5\x74\x8c\x3d\xe0\x8c\xad"; + +static const char ecdsa_secp521r1_privkey[] = + "-----BEGIN EC PRIVATE KEY-----" + "MIHbAgEBBEGO2n7NN363qSCvJVdlQtCvudtaW4o0fEufXRjE1AsCrle+VXX0Zh0w" + "Y1slSeDHMndpakoiF+XkQ+bhcB867UV6aKAHBgUrgQQAI6GBiQOBhgAEAQb6jDpo" + "byy1tF8Zucg0TMGUzIN2DK+RZJ3QQRdWdirO25OIC3FoFi1Yird6rpoB6HlNyJ7R" + "0bNG9Uv34bSHMn8yAFoiqxUCdJZQbEenMoZsi6COaePe3e0QqvDMr0hEWT23Sr3t" + "LpEV7eZGFfFIJw5wSUp2KOcs+O9WjmoukTWtDKNV" + "-----END EC PRIVATE KEY-----"; + +static const char ecdsa_secp521r1_sig[] = + "\x30\x81\x87\x02\x42\x01\xb8\xcb\x52\x9e\x10\xa8\x49\x3f\xe1\x9e\x14\x0a\xcf\x96\xed\x7e\xab\x7d\x0c\xe1\x9b\xa4\x97\xdf\x01\xf5\x35\x42\x5f\x5b\x28\x15\x24\x33\x6e\x59\x6c\xaf\x10\x8b\x98\x8e\xe9\x4c\x23\x0d\x76\x92\x03\xdd\x6d\x8d\x08\x47\x15\x5b\xf8\x66\x75\x75\x40\xe8\xf4\xa0\x52\x02\x41\x15\x27\x7c\x5f\xa6\x33\xa6\x29\x68\x3f\x55\x8d\x7f\x1d\x4f\x88\xc6\x61\x6e\xac\x21\xdf\x2b\x7b\xde\x76\x9a\xdc\xe6\x3b\x94\x3f\x03\x9c\xa2\xa6\xa3\x63\x39\x48\xbd\x79\x70\x21\xf2\x6b\xff\x58\x66\xf1\x58\xc2\x58\xad\x4f\x84\x14\x5d\x05\x12\x83\xd0\x87\xbd\xf3"; + +/* DSA key and signature */ +static const char dsa_privkey[] = + "-----BEGIN DSA PRIVATE KEY-----\n" + "MIIDTQIBAAKCAQEAh60B6yPMRIT7udq2kKuwnQDohvT1U0w+RJcSr23C05cM/Ovn\n" + "UP/8Rrj6T8K+uYhMbKgLaZiJJW9q04jaPQk0cfUphbLvRjzVHwE/0Bkb+Y1Rv7ni\n" + "Jot2IFMq5iuNraf889PC0WREvFCcIkSFY2Ac4WT7mCcBtfx/raGFXDUjcUrJ0HwZ\n" + "IOhjQDfcXUsztuyYsYA75ociEY8kyDZq/ixyr5++R1VjNf30Re8AbQlXOEGxEN5t\n" + "t+Tvpq8K5L3prQs2KNSzyOUmedjb/ojH4T4qe/RL9EVjjeuIGHDNUT6F197yZ91y\n" + "qLLTf1WjnUyZcKij5rryX0LJBBWawEZjNSHZawIdAMQlyycia4NigCdiDR+QptUn\n" + "2xrj9o14fXkIrXcCggEAXRZm1rbPhsjSTo6cpCVrmDzO1grv83EHiBH4MvRQQnP8\n" + "FpAREsBA5cYju97XvLaLhioZeMjLn08kU7TUbHRUB+ULTuVvE2dQbBpGuKiLRRt9\n" + "6U2T0eD3xGLoM+o8EY/kpqaWGEpZv7hzM9xuo4vy55+viAZgFWULqmltwfG/7w7V\n" + "NXUHNv5H4Ipw//fSDLTPqzUlNqSSswDLz6pCjWEs0rWAqNAMaOiLTz4id9pL48Oe\n" + "oAfpcQR9tgTEnwyXfZBnrJVclHhkHKGeXvU05IgCzpKO76Z5R+By50T0i/JV7vzM\n" + "l2yS9aAl/cprT6U7yI3oU/blldCVNpMcFAFb+fO8DAKCAQBVMo8xptyvQOJeSvbO\n" + "SSYdJ3IiI/0GdkcGWXblWg9z7mrPaWEnT7OquEm/+vYtWd3GHDtyNM+jzsN4Xgjc\n" + "TL3AEd2hLiozJQ1BFKw25VU08UHAYTzUxZhO4Vwtmp46Kwj8YLDQ3NHRWCBxpDQR\n" + "fbiFvyXP+qXap6plMfrydnUD1mae/JSOWOYgdB7tFIehstLxVXx/cAnjwgFU03Df\n" + "grjsad92zA1Hc9wIjbsgAQdTR5DWnFRkRt3UtayBwoyqm6QceZHsv1NAGvkQ4ion\n" + "bEjkHkjF9YCkR9/rspR8cLghRIXMjOpypuSbaRPeeWq0gP2UOxFL/d3iWH0ETr/L\n" + "kTlCAhxYGpVgtfB96qmJukyl9GOGvfkwFTgEyIDoV84M\n" + "-----END DSA PRIVATE KEY-----\n"; + +static const char dsa_sig[] = + "\x30\x3d\x02\x1c\x2e\x40\x14\xb3\x7a\x3f\xc0\x4f\x06\x74\x4f\xa6\x5f\xc2\x0a\x46\x35\x38\x88\xb4\x1a\xcf\x94\x02\x40\x42\x7c\x7f\x02\x1d\x00\x98\xfc\xf1\x08\x66\xf1\x86\x28\xc9\x73\x9e\x2b\x5d\xce\x57\xe8\xb5\xeb\xcf\xa3\xf6\x60\xf6\x63\x16\x0e\xc0\x42"; + +static const char gost01_privkey[] = + "-----BEGIN PRIVATE KEY-----\n" + "MEUCAQAwHAYGKoUDAgITMBIGByqFAwICIwEGByqFAwICHgEEIgQgdNfuHGmmTdPm\n" + "p5dAa3ea9UYxpdYQPP9lbDwzQwG2bJM=\n" + "-----END PRIVATE KEY-----\n"; + +static const char gost01_sig[] = + "\xc5\xc8\xf8\xdc\x22\x51\xb0\x72\xe9\xa2\xbb\x84\x6c\xe2\x24\xd5\x72\x39\x2a\x5a\x0e\x7a\x43\xfc\x9c\xc3\x5d\x32\x92\xbb\xab\xc0\x4b\x99\xbd\xc8\x47\x24\x70\x06\x7e\xa1\xc6\xe3\xa0\xdc\x42\xed\xa0\x66\xf0\xcc\x50\x97\xe9\x5a\x7d\x3f\x65\x2d\x7b\x1b\x03\xcb"; + +static const char gost12_256_privkey[] = + "-----BEGIN PRIVATE KEY-----\n" + "MEgCAQAwHwYIKoUDBwEBAQEwEwYHKoUDAgIjAQYIKoUDBwEBAgIEIgQgKOF96tom\n" + "D61rhSnzKjyrmO3fv0gdlHei+6ovrc8SnBk=\n" + "-----END PRIVATE KEY-----\n"; + +static const char gost12_256_sig[] = + "\xb2\x51\x5a\x1a\xbd\x95\x4e\x71\x55\xad\x74\x74\x81\xa6\xca\x6c\x14\x01\xe0\x18\xda\xe4\x0d\x02\x4f\x14\xd2\x39\xd6\x3c\xb5\x85\xa8\x37\xfd\x7f\x2b\xfa\xe4\xf5\xbc\xbc\x15\x20\x8b\x83\x4b\x84\x0d\x5d\x02\x21\x8c\x0d\xb9\xc4\x2b\xc0\x3e\xfd\x42\x55\x1d\xb0"; + +static const char gost12_512_privkey[] = + "-----BEGIN PRIVATE KEY-----\n" + "MGoCAQAwIQYIKoUDBwEBAQIwFQYJKoUDBwECAQIBBggqhQMHAQECAwRCBECjFpvp\n" + "B0vdc7u59b99TCNXhHiB69JJtUjvieNkGYJpoaaIvoKZTNCjpSZASsZcQZCHOTof\n" + "hsQ3JCCy4xnd5jWT\n" + "-----END PRIVATE KEY-----\n"; + +static const char gost12_512_sig[] = + "\x52\x4f\xa2\x77\x51\xd2\xc5\xef\xd3\xa3\x99\x4e\xec\xff\xc6\xe9\xfc\x2f\xc0\x28\x42\x03\x95\x6c\x9a\x38\xee\xea\x89\x79\xae\x1a\xc3\x68\x5e\xe4\x15\x15\x4b\xec\x0f\xf1\x7e\x0f\xba\x01\xc7\x84\x16\xc7\xb5\xac\x9d\x0c\x22\xdd\x31\xf7\xb0\x9b\x59\x4b\xf0\x02\xa8\x7d\xfd\x6d\x02\x43\xc7\x4f\x65\xbd\x84\x5c\x54\x91\xba\x75\x9f\x5a\x61\x19\x5c\x9a\x10\x78\x34\xa0\xa6\xf6\xdc\xb6\xb0\x50\x22\x38\x5f\xb0\x16\x66\xf1\xd5\x46\x00\xd5\xe2\xa8\xe5\xd2\x11\x5f\xd1\xbe\x6e\xac\xb2\x9c\x14\x34\x96\xe7\x58\x94\xb8\xf4\x5f"; + static int test_rsa_enc(gnutls_pk_algorithm_t pk, unsigned bits, gnutls_digest_algorithm_t ign) { @@ -302,118 +414,6 @@ static int test_sig(gnutls_pk_algorithm_t pk, return ret; } -/* A precomputed RSA-SHA1 signature using the rsa_key2048 */ -static const char rsa_sig[] = - "\x7a\xb3\xf8\xb0\xf9\xf0\x52\x88\x37\x17\x97\x9f\xbe\x61\xb4\xd2\x43\x78\x9f\x79\x92\xd0\xad\x08\xdb\xbd\x3c\x72\x7a\xb5\x51\x59\x63\xd6\x7d\xf1\x9c\x1e\x10\x7b\x27\xab\xf8\xd4\x9d\xcd\xc5\xf9\xae\xf7\x09\x6b\x40\x93\xc5\xe9\x1c\x0f\xb4\x82\xa1\x47\x86\x54\x63\xd2\x4d\x40\x9a\x80\xb9\x38\x45\x69\xa2\xd6\x92\xb6\x69\x7f\x3f\xf3\x5b\xa5\x1d\xac\x06\xad\xdf\x4e\xbb\xe6\xda\x68\x0d\xe5\xab\xef\xd2\xf0\xc5\xd8\xc0\xed\x80\xe2\xd4\x76\x98\xec\x44\xa2\xfc\x3f\xce\x2e\x8b\xc4\x4b\xab\xb0\x70\x24\x52\x85\x2a\x36\xcd\x9a\xb5\x05\x00\xea\x98\x7c\x72\x06\x68\xb1\x38\x44\x16\x80\x6a\x3b\x64\x72\xbb\xfd\x4b\xc9\xdd\xda\x2a\x68\xde\x7f\x6e\x48\x28\xc1\x63\x57\x2b\xde\x83\xa3\x27\x34\xd7\xa6\x87\x18\x35\x10\xff\x31\xd9\x47\xc9\x84\x35\xe1\xaa\xe2\xf7\x98\xfa\x19\xd3\xf1\x94\x25\x2a\x96\xe4\xa8\xa7\x05\x10\x93\x87\xde\x96\x85\xe5\x68\xb8\xe5\x4e\xbf\x66\x85\x91\xbd\x52\x5b\x3d\x9f\x1b\x79\xea\xe3\x8b\xef\x62\x18\x39\x7a\x50\x01\x46\x1b\xde\x8d\x37\xbc\x90\x6c\x07\xc0\x07\xed\x60\xce\x2e\x31\xd6\x8f\xe8\x75\xdb\x45\x21\xc6\xcb"; - -/* ECDSA key and signature */ -static const char ecdsa_secp256r1_privkey[] = - "-----BEGIN EC PRIVATE KEY-----\n" - "MHcCAQEEIPAKWV7+pZe9c5EubMNfAEKWRQtP/MvlO9HehwHmJssNoAoGCCqGSM49\n" - "AwEHoUQDQgAE2CNONRio3ciuXtoomJKs3MdbzLbd44VPhtzJN30VLFm5gvnfiCj2\n" - "zzz7pl9Cv0ECHl6yedNI8QEKdcwCDgEmkQ==\n" - "-----END EC PRIVATE KEY-----\n"; - -static const char ecdsa_secp256r1_sig[] = - "\x30\x45\x02\x21\x00\x9b\x8f\x60\xed\x9e\x40\x8d\x74\x82\x73\xab\x20\x1a\x69\xfc\xf9\xee\x3c\x41\x80\xc0\x39\xdd\x21\x1a\x64\xfd\xbf\x7e\xaa\x43\x70\x02\x20\x44\x28\x05\xdd\x30\x47\x58\x96\x18\x39\x94\x18\xba\xe7\x7a\xf6\x1e\x2d\xba\xb1\xe0\x7d\x73\x9e\x2f\x58\xee\x0c\x2a\x89\xe8\x35"; - -#ifdef ENABLE_NON_SUITEB_CURVES -/* sha256 */ -static const char ecdsa_secp192r1_privkey[] = - "-----BEGIN EC PRIVATE KEY-----" - "MF8CAQEEGLjezFcbgDMeApVrdtZHvu/k1a8/tVZ41KAKBggqhkjOPQMBAaE0AzIA" - "BO1lciKdgxeRH8k64vxcaV1OYIK9akVrW02Dw21MXhRLP0l0wzCw6LGSr5rS6AaL" - "Fg==" "-----END EC PRIVATE KEY-----"; - -static const char ecdsa_secp192r1_sig[] = - "\x30\x34\x02\x18\x5f\xb3\x10\x4b\x4d\x44\x48\x29\x4b\xfd\xa7\x8e\xce\x57\xac\x36\x38\x54\xab\x73\xdb\xed\xb8\x5f\x02\x18\x0b\x8b\xf3\xae\x49\x50\x0e\x47\xca\x89\x1a\x00\xca\x23\xf5\x8d\xd6\xe3\xce\x9a\xff\x2e\x4f\x5c"; - -static const char ecdsa_secp224r1_privkey[] = - "-----BEGIN EC PRIVATE KEY-----" - "MGgCAQEEHOKWJFdWdrR/CgVrUeTeawOrJ9GozE9KKx2a8PmgBwYFK4EEACGhPAM6" - "AAQKQj3YpenWT7lFR41SnBvmj/+Bj+kgzQnaF65qWAtPRJsZXFlLTu3/IUNqSRu9" - "DqPsk8xBHAB7pA==" "-----END EC PRIVATE KEY-----"; - -static const char ecdsa_secp224r1_sig[] = - "\x30\x3d\x02\x1c\x76\x03\x8d\x74\xf4\xd3\x09\x2a\xb5\xdf\x6b\x5b\xf4\x4b\x86\xb8\x62\x81\x5d\x7b\x7a\xbb\x37\xfc\xf1\x46\x1c\x2b\x02\x1d\x00\xa0\x98\x5d\x80\x43\x89\xe5\xee\x1a\xec\x46\x08\x04\x55\xbc\x50\xfa\x2a\xd5\xa6\x18\x92\x19\xdb\x68\xa0\x2a\xda"; -#endif - -static const char ecdsa_secp384r1_privkey[] = - "-----BEGIN EC PRIVATE KEY-----" - "MIGkAgEBBDDevshD6gb+4rZpC9vwFcIwNs4KmGzdqCxyyN40a8uOWRbyf7aHdiSS" - "03oAyKtc4JCgBwYFK4EEACKhZANiAARO1KkPMno2tnNXx1S9EZkp8SOpDCZ4aobH" - "IYv8RHnSmKf8I3OKD6TaoeR+1MwJmNJUH90Bj45WXla68/vsPiFcfVKboxsZYe/n" - "pv8e4ugXagVQVBXNZJ859iYPdJR24vo=" "-----END EC PRIVATE KEY-----"; - -static const char ecdsa_secp384r1_sig[] = - "\x30\x66\x02\x31\x00\xbb\x4d\x25\x30\x13\x1b\x3b\x75\x60\x07\xed\x53\x8b\x52\xee\xd8\x6e\xf1\x9d\xa8\x36\x0e\x2e\x20\x31\x51\x11\x48\x78\xdd\xaf\x24\x38\x64\x81\x71\x6b\xa6\xb7\x29\x58\x28\x82\x32\xba\x29\x29\xd9\x02\x31\x00\xeb\x70\x09\x87\xac\x7b\x78\x0d\x4c\x4f\x08\x2b\x86\x27\xe2\x60\x1f\xc9\x11\x9f\x1d\xf5\x82\x4c\xc7\x3d\xb0\x27\xc8\x93\x29\xc7\xd0\x0e\x88\x02\x09\x93\xc2\x72\xce\xa5\x74\x8c\x3d\xe0\x8c\xad"; - -static const char ecdsa_secp521r1_privkey[] = - "-----BEGIN EC PRIVATE KEY-----" - "MIHbAgEBBEGO2n7NN363qSCvJVdlQtCvudtaW4o0fEufXRjE1AsCrle+VXX0Zh0w" - "Y1slSeDHMndpakoiF+XkQ+bhcB867UV6aKAHBgUrgQQAI6GBiQOBhgAEAQb6jDpo" - "byy1tF8Zucg0TMGUzIN2DK+RZJ3QQRdWdirO25OIC3FoFi1Yird6rpoB6HlNyJ7R" - "0bNG9Uv34bSHMn8yAFoiqxUCdJZQbEenMoZsi6COaePe3e0QqvDMr0hEWT23Sr3t" - "LpEV7eZGFfFIJw5wSUp2KOcs+O9WjmoukTWtDKNV" - "-----END EC PRIVATE KEY-----"; - -static const char ecdsa_secp521r1_sig[] = - "\x30\x81\x87\x02\x42\x01\xb8\xcb\x52\x9e\x10\xa8\x49\x3f\xe1\x9e\x14\x0a\xcf\x96\xed\x7e\xab\x7d\x0c\xe1\x9b\xa4\x97\xdf\x01\xf5\x35\x42\x5f\x5b\x28\x15\x24\x33\x6e\x59\x6c\xaf\x10\x8b\x98\x8e\xe9\x4c\x23\x0d\x76\x92\x03\xdd\x6d\x8d\x08\x47\x15\x5b\xf8\x66\x75\x75\x40\xe8\xf4\xa0\x52\x02\x41\x15\x27\x7c\x5f\xa6\x33\xa6\x29\x68\x3f\x55\x8d\x7f\x1d\x4f\x88\xc6\x61\x6e\xac\x21\xdf\x2b\x7b\xde\x76\x9a\xdc\xe6\x3b\x94\x3f\x03\x9c\xa2\xa6\xa3\x63\x39\x48\xbd\x79\x70\x21\xf2\x6b\xff\x58\x66\xf1\x58\xc2\x58\xad\x4f\x84\x14\x5d\x05\x12\x83\xd0\x87\xbd\xf3"; - -/* DSA key and signature */ -static const char dsa_privkey[] = - "-----BEGIN DSA PRIVATE KEY-----\n" - "MIIDTQIBAAKCAQEAh60B6yPMRIT7udq2kKuwnQDohvT1U0w+RJcSr23C05cM/Ovn\n" - "UP/8Rrj6T8K+uYhMbKgLaZiJJW9q04jaPQk0cfUphbLvRjzVHwE/0Bkb+Y1Rv7ni\n" - "Jot2IFMq5iuNraf889PC0WREvFCcIkSFY2Ac4WT7mCcBtfx/raGFXDUjcUrJ0HwZ\n" - "IOhjQDfcXUsztuyYsYA75ociEY8kyDZq/ixyr5++R1VjNf30Re8AbQlXOEGxEN5t\n" - "t+Tvpq8K5L3prQs2KNSzyOUmedjb/ojH4T4qe/RL9EVjjeuIGHDNUT6F197yZ91y\n" - "qLLTf1WjnUyZcKij5rryX0LJBBWawEZjNSHZawIdAMQlyycia4NigCdiDR+QptUn\n" - "2xrj9o14fXkIrXcCggEAXRZm1rbPhsjSTo6cpCVrmDzO1grv83EHiBH4MvRQQnP8\n" - "FpAREsBA5cYju97XvLaLhioZeMjLn08kU7TUbHRUB+ULTuVvE2dQbBpGuKiLRRt9\n" - "6U2T0eD3xGLoM+o8EY/kpqaWGEpZv7hzM9xuo4vy55+viAZgFWULqmltwfG/7w7V\n" - "NXUHNv5H4Ipw//fSDLTPqzUlNqSSswDLz6pCjWEs0rWAqNAMaOiLTz4id9pL48Oe\n" - "oAfpcQR9tgTEnwyXfZBnrJVclHhkHKGeXvU05IgCzpKO76Z5R+By50T0i/JV7vzM\n" - "l2yS9aAl/cprT6U7yI3oU/blldCVNpMcFAFb+fO8DAKCAQBVMo8xptyvQOJeSvbO\n" - "SSYdJ3IiI/0GdkcGWXblWg9z7mrPaWEnT7OquEm/+vYtWd3GHDtyNM+jzsN4Xgjc\n" - "TL3AEd2hLiozJQ1BFKw25VU08UHAYTzUxZhO4Vwtmp46Kwj8YLDQ3NHRWCBxpDQR\n" - "fbiFvyXP+qXap6plMfrydnUD1mae/JSOWOYgdB7tFIehstLxVXx/cAnjwgFU03Df\n" - "grjsad92zA1Hc9wIjbsgAQdTR5DWnFRkRt3UtayBwoyqm6QceZHsv1NAGvkQ4ion\n" - "bEjkHkjF9YCkR9/rspR8cLghRIXMjOpypuSbaRPeeWq0gP2UOxFL/d3iWH0ETr/L\n" - "kTlCAhxYGpVgtfB96qmJukyl9GOGvfkwFTgEyIDoV84M\n" - "-----END DSA PRIVATE KEY-----\n"; - -static const char dsa_sig[] = - "\x30\x3d\x02\x1c\x2e\x40\x14\xb3\x7a\x3f\xc0\x4f\x06\x74\x4f\xa6\x5f\xc2\x0a\x46\x35\x38\x88\xb4\x1a\xcf\x94\x02\x40\x42\x7c\x7f\x02\x1d\x00\x98\xfc\xf1\x08\x66\xf1\x86\x28\xc9\x73\x9e\x2b\x5d\xce\x57\xe8\xb5\xeb\xcf\xa3\xf6\x60\xf6\x63\x16\x0e\xc0\x42"; - -static const char gost01_privkey[] = - "-----BEGIN PRIVATE KEY-----\n" - "MEUCAQAwHAYGKoUDAgITMBIGByqFAwICIwEGByqFAwICHgEEIgQgdNfuHGmmTdPm\n" - "p5dAa3ea9UYxpdYQPP9lbDwzQwG2bJM=\n" - "-----END PRIVATE KEY-----\n"; - -static const char gost01_sig[] = - "\xc5\xc8\xf8\xdc\x22\x51\xb0\x72\xe9\xa2\xbb\x84\x6c\xe2\x24\xd5\x72\x39\x2a\x5a\x0e\x7a\x43\xfc\x9c\xc3\x5d\x32\x92\xbb\xab\xc0\x4b\x99\xbd\xc8\x47\x24\x70\x06\x7e\xa1\xc6\xe3\xa0\xdc\x42\xed\xa0\x66\xf0\xcc\x50\x97\xe9\x5a\x7d\x3f\x65\x2d\x7b\x1b\x03\xcb"; - -static const char gost12_256_privkey[] = - "-----BEGIN PRIVATE KEY-----\n" - "MEgCAQAwHwYIKoUDBwEBAQEwEwYHKoUDAgIjAQYIKoUDBwEBAgIEIgQgKOF96tom\n" - "D61rhSnzKjyrmO3fv0gdlHei+6ovrc8SnBk=\n" - "-----END PRIVATE KEY-----\n"; - -static const char gost12_256_sig[] = - "\xb2\x51\x5a\x1a\xbd\x95\x4e\x71\x55\xad\x74\x74\x81\xa6\xca\x6c\x14\x01\xe0\x18\xda\xe4\x0d\x02\x4f\x14\xd2\x39\xd6\x3c\xb5\x85\xa8\x37\xfd\x7f\x2b\xfa\xe4\xf5\xbc\xbc\x15\x20\x8b\x83\x4b\x84\x0d\x5d\x02\x21\x8c\x0d\xb9\xc4\x2b\xc0\x3e\xfd\x42\x55\x1d\xb0"; - -static const char gost12_512_privkey[] = - "-----BEGIN PRIVATE KEY-----\n" - "MGoCAQAwIQYIKoUDBwEBAQIwFQYJKoUDBwECAQIBBggqhQMHAQECAwRCBECjFpvp\n" - "B0vdc7u59b99TCNXhHiB69JJtUjvieNkGYJpoaaIvoKZTNCjpSZASsZcQZCHOTof\n" - "hsQ3JCCy4xnd5jWT\n" - "-----END PRIVATE KEY-----\n"; - -static const char gost12_512_sig[] = - "\x52\x4f\xa2\x77\x51\xd2\xc5\xef\xd3\xa3\x99\x4e\xec\xff\xc6\xe9\xfc\x2f\xc0\x28\x42\x03\x95\x6c\x9a\x38\xee\xea\x89\x79\xae\x1a\xc3\x68\x5e\xe4\x15\x15\x4b\xec\x0f\xf1\x7e\x0f\xba\x01\xc7\x84\x16\xc7\xb5\xac\x9d\x0c\x22\xdd\x31\xf7\xb0\x9b\x59\x4b\xf0\x02\xa8\x7d\xfd\x6d\x02\x43\xc7\x4f\x65\xbd\x84\x5c\x54\x91\xba\x75\x9f\x5a\x61\x19\x5c\x9a\x10\x78\x34\xa0\xa6\xf6\xdc\xb6\xb0\x50\x22\x38\x5f\xb0\x16\x66\xf1\xd5\x46\x00\xd5\xe2\xa8\xe5\xd2\x11\x5f\xd1\xbe\x6e\xac\xb2\x9c\x14\x34\x96\xe7\x58\x94\xb8\xf4\x5f"; - static int test_known_sig(gnutls_pk_algorithm_t pk, unsigned bits, gnutls_digest_algorithm_t dig, const void *privkey, size_t privkey_size, -- cgit v1.2.1 From 0bf8f585ca3cbfd463509b3fa35587b00ec91311 Mon Sep 17 00:00:00 2001 From: Anderson Toshiyuki Sasaki Date: Thu, 4 Apr 2019 17:22:04 +0200 Subject: crypto-selftests-pk.c: Fix PK_KNOWN_TEST and PK_TEST Previously, when multiple tests where declared in sequence using one of the macros, only the first test would be executed. This happened because a check for the GNUTLS_SELF_TEST_FLAG_ALL was embedded in the macro. To allow more than one test to be executed in sequence, the check for the flag was removed from both macros. To keep the previous behaviour (execute only the first test) the check for the flag was moved to be after the first test, except for RSA since the RSA encryption test must be executed in FIPS mode. Signed-off-by: Anderson Toshiyuki Sasaki --- lib/crypto-selftests-pk.c | 37 ++++++++++++++++++++----------------- 1 file changed, 20 insertions(+), 17 deletions(-) diff --git a/lib/crypto-selftests-pk.c b/lib/crypto-selftests-pk.c index 4106005bfb..aa3a6a8878 100644 --- a/lib/crypto-selftests-pk.c +++ b/lib/crypto-selftests-pk.c @@ -546,18 +546,14 @@ static int test_known_sig(gnutls_pk_algorithm_t pk, unsigned bits, if (ret < 0) { \ gnutls_assert(); \ goto cleanup; \ - } \ - if (!(flags & GNUTLS_SELF_TEST_FLAG_ALL)) \ - return 0 + } #define PK_KNOWN_TEST(pk, det, bits, dig, pkey, sig) \ ret = test_known_sig(pk, bits, dig, pkey, sizeof(pkey)-1, sig, sizeof(sig)-1, det); \ if (ret < 0) { \ gnutls_assert(); \ goto cleanup; \ - } \ - if (!(flags & GNUTLS_SELF_TEST_FLAG_ALL)) \ - return 0 + } /* Known answer tests for DH */ @@ -784,11 +780,12 @@ int gnutls_pk_self_test(unsigned flags, gnutls_pk_algorithm_t pk) PK_KNOWN_TEST(GNUTLS_PK_RSA, 1, 2048, GNUTLS_DIG_SHA256, rsa_key2048, rsa_sig); PK_TEST(GNUTLS_PK_RSA, test_rsa_enc, 2048, 0); - PK_TEST(GNUTLS_PK_RSA, test_sig, 3072, GNUTLS_SIGN_RSA_SHA256); if (!(flags & GNUTLS_SELF_TEST_FLAG_ALL)) return 0; + PK_TEST(GNUTLS_PK_RSA, test_sig, 3072, GNUTLS_SIGN_RSA_SHA256); + FALLTHROUGH; case GNUTLS_PK_RSA_PSS: PK_TEST(GNUTLS_PK_RSA_PSS, test_sig, 2048, GNUTLS_SIGN_RSA_PSS_RSAE_SHA256); @@ -800,11 +797,12 @@ int gnutls_pk_self_test(unsigned flags, gnutls_pk_algorithm_t pk) case GNUTLS_PK_DSA: PK_KNOWN_TEST(GNUTLS_PK_DSA, 0, 2048, GNUTLS_DIG_SHA256, dsa_privkey, dsa_sig); - PK_TEST(GNUTLS_PK_DSA, test_sig, 3072, GNUTLS_SIGN_DSA_SHA256); if (!(flags & GNUTLS_SELF_TEST_FLAG_ALL)) return 0; + PK_TEST(GNUTLS_PK_DSA, test_sig, 3072, GNUTLS_SIGN_DSA_SHA256); + FALLTHROUGH; case GNUTLS_PK_EC: /* Test ECDH and ECDSA */ @@ -820,13 +818,14 @@ int gnutls_pk_self_test(unsigned flags, gnutls_pk_algorithm_t pk) (GNUTLS_ECC_CURVE_SECP256R1), GNUTLS_DIG_SHA256, ecdsa_secp256r1_privkey, ecdsa_secp256r1_sig); - PK_TEST(GNUTLS_PK_EC, test_sig, - GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_SECP256R1), - GNUTLS_SIGN_ECDSA_SHA256); if (!(flags & GNUTLS_SELF_TEST_FLAG_ALL)) return 0; + PK_TEST(GNUTLS_PK_EC, test_sig, + GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_SECP256R1), + GNUTLS_SIGN_ECDSA_SHA256); + PK_KNOWN_TEST(GNUTLS_PK_EC, 0, GNUTLS_CURVE_TO_BITS (GNUTLS_ECC_CURVE_SECP384R1), @@ -870,31 +869,35 @@ int gnutls_pk_self_test(unsigned flags, gnutls_pk_algorithm_t pk) case GNUTLS_PK_GOST_01: PK_KNOWN_TEST(GNUTLS_PK_GOST_01, 0, GNUTLS_ECC_CURVE_GOST256CPA, GNUTLS_DIG_GOSTR_94, gost01_privkey, gost01_sig); - PK_TEST(GNUTLS_PK_GOST_01, test_sig, GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_GOST256CPA), - GNUTLS_SIGN_GOST_94); if (!(flags & GNUTLS_SELF_TEST_FLAG_ALL)) return 0; + PK_TEST(GNUTLS_PK_GOST_01, test_sig, GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_GOST256CPA), + GNUTLS_SIGN_GOST_94); + FALLTHROUGH; case GNUTLS_PK_GOST_12_256: PK_KNOWN_TEST(GNUTLS_PK_GOST_12_256, 0, GNUTLS_ECC_CURVE_GOST256CPA, GNUTLS_DIG_STREEBOG_256, gost12_256_privkey, gost12_256_sig); - PK_TEST(GNUTLS_PK_GOST_12_256, test_sig, GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_GOST256CPA), - GNUTLS_SIGN_GOST_256); if (!(flags & GNUTLS_SELF_TEST_FLAG_ALL)) return 0; + PK_TEST(GNUTLS_PK_GOST_12_256, test_sig, GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_GOST256CPA), + GNUTLS_SIGN_GOST_256); + FALLTHROUGH; case GNUTLS_PK_GOST_12_512: PK_KNOWN_TEST(GNUTLS_PK_GOST_12_512, 0, GNUTLS_ECC_CURVE_GOST512A, GNUTLS_DIG_STREEBOG_512, gost12_512_privkey, gost12_512_sig); - PK_TEST(GNUTLS_PK_GOST_12_512, test_sig, GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_GOST512A), - GNUTLS_SIGN_GOST_512); if (!(flags & GNUTLS_SELF_TEST_FLAG_ALL)) return 0; + + PK_TEST(GNUTLS_PK_GOST_12_512, test_sig, GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_GOST512A), + GNUTLS_SIGN_GOST_512); + #endif break; -- cgit v1.2.1 From 66155f9dc5deb92219ca29ba73e7ed44819ef85d Mon Sep 17 00:00:00 2001 From: Anderson Toshiyuki Sasaki Date: Thu, 5 Mar 2020 15:54:06 +0100 Subject: crypto-selftests-pk.c: Use specified key in test_sig() Previously, test_sig() would use the same key regardless the value provided in bits parameter. The changes introduced make test_sig() to choose the key according to the value provided in bits. For RSA, only 2048 bits key is available for testing. The calls were adjusted accordingly. Introduced 2048 bits DSA key in test_sig(). Removed unused 512 bits key, leaving only the 2048 bits key available. For GOST, use the same keys for test_sig() and test_known_sig(). Remove the unused keys. Reorder constant values and change variables names for better readability. Signed-off-by: Anderson Toshiyuki Sasaki --- lib/crypto-selftests-pk.c | 461 +++++++++++++++++++++++++++------------------- 1 file changed, 269 insertions(+), 192 deletions(-) diff --git a/lib/crypto-selftests-pk.c b/lib/crypto-selftests-pk.c index aa3a6a8878..ac26dd7f43 100644 --- a/lib/crypto-selftests-pk.c +++ b/lib/crypto-selftests-pk.c @@ -42,182 +42,207 @@ static const gnutls_datum_t bad_data = { .size = sizeof(DATASTR) - 2 }; -static const char rsa_key2048[] = - "-----BEGIN RSA PRIVATE KEY-----\n" - "MIIEogIBAAKCAQEA6yCv+BLrRP/dMPBXJWK21c0aqxIX6JkODL4K+zlyEURt8/Wp\n" - "nw37CJwHD3VrimSnk2SJvBfTNhzYhCsLShDOPvi4qBrLZ1WozjoVJ8tRE4VCcjQJ\n" - "snpJ7ldiV+Eos1Z3FkbV/uQcw5CYCb/TciSukaWlI+G/xas9EOOFt4aELbc1yDe0\n" - "hyfPDtoaKfek4GhT9qT1I8pTC40P9OrA9Jt8lblqxHWwqmdunLTjPjB5zJT6QgI+\n" - "j1xuq7ZOQhveNA/AOyzh574GIpgsuvPPLBQwsCQkscr7cFnCsyOPgYJrQW3De2+l\n" - "wjp2D7gZeeQcFQKazXcFoiqNpJWoBWmU0qqsgwIDAQABAoIBAAghNzRioxPdrO42\n" - "QS0fvqah0tw7Yew+7oduQr7w+4qxTQP0aIsBVr6zdmMIclF0rX6hKUoBoOHsGWho\n" - "fJlw/1CaFPhrBMFr6sxGodigZQtBvkxolDVBmTDOgK39MQUSZke0501K4du5MiiU\n" - "I2F89zQ9//m/onvZMeFVnJf95LAX5qHr/FLARQFtOpgWzcGVxdvJdJlYb1zMUril\n" - "PqyAZXo1j0vgHWwSd54k8mBLus7l8KT57VFce8+9nBPrOrqW4rDVXzs/go3S+kiI\n" - "OyzYeUs9czg1N1e3VhEaC+EdYUawc0ASuEkbsJ53L8pwDvS+2ly2ykYziJp95Fjv\n" - "bzyd1dECgYEA8FzGCxu7A6/ei9Dn0Fmi8Ns/QvEgbdlGw4v4MlXHjrGJYdOB0BwG\n" - "2D2k0ODNYKlUX2J4hi5x8aCH33y/v0EcOHyuqM33vOWBVbdcumCqcOmp341UebAO\n" - "uCPgDJNhjxXaeDVPnizqnOBA1B9sTxwmCOmFIiFRLbR+XluvDh3t8L0CgYEA+my6\n" - "124Rw7kcFx+9JoB/Z+bUJDYpefUT91gBUhhEdEMx5fujhMzAbLpIRjFQq+75Qb7v\n" - "0NyIS09B4oKOqQYzVEJwqKY7H71BTl7QuzJ8Qtuh/DMZsVIt6xpvdeuAKpEOqz44\n" - "ZD3fW1B59A3ja7kqZadCqq2b02UTk+gdeOrYBj8CgYACX3gZDfoHrEnPKY3QUcI5\n" - "DIEQYR8H1phLP+uAW7ZvozMPAy6J5mzu35Tr9vwwExvhITC9amH3l7UfsLSX58Wm\n" - "jRyQUBA9Dir7tKa2tFOab8Qcj+GgnetXSAtjNGVHK1kPzL7vedQLHm+laHYCRe3e\n" - "Mqf80UVi5SBGQDN3OTZrJQKBgEkj2oozDqMwfGDQl0kYfJ2XEFynKQQCrVsva+tT\n" - "RSMDwR4fmcmel5Dp81P08U/WExy9rIM+9duxAVgrs4jwU6uHYCoRqvEBMIK4NJSI\n" - "ETzhsvTa4+UjUF/7L5SsPJmyFiuzl3rHi2W7InNCXyrGQPjBmjoJTJq4SbiIMZtw\n" - "U7m3AoGACG2rE/Ud71kyOJcKwxzEt8kd+2CMuaZeE/xk+3zLSSjXJzKPficogM3I\n" - "K37/N7N0FjhdQ5hRuD3GH1fcjv9AKdGHsH7RuaG+jHTRUjS1glr17SSQzh6xXnWj\n" - "jG0M4UZm5P9STL09nZuWH0wfpr/eg+9+A6yOVfnADI13v+Ygk7k=\n" - "-----END RSA PRIVATE KEY-----\n"; - -static const char ecc_key[] = - "-----BEGIN EC PRIVATE KEY-----\n" - "MHgCAQEEIQDzaOg65+brGV6INN0zXrUodxwRuocGG+GtKzN7ko26v6AKBggqhkjO\n" - "PQMBB6FEA0IABEppi34ngyNQ2a9kJmnT5QxIHAUGI1SpnsAyCfze4j6MJ7o/g7qx\n" - "MSHpe5vd0TQz+/GAa1zxle8mB/Cdh0JaTrA=\n" - "-----END EC PRIVATE KEY-----\n"; - -static const char dsa_key[] = - "-----BEGIN DSA PRIVATE KEY-----\n" - "MIH4AgEAAkEA6KUOSXfFNcInFLPdOlLlKNCe79zJrkxnsQN+lllxuk1ifZrE07r2\n" - "3edTrc4riQNnZ2nZ372tYUAMJg+5jM6IIwIVAOa58exwZ+42Tl+p3b4Kbpyu2Ron\n" - "AkBocj7gkiBYHtv6HMIIzooaxn4vpGR0Ns6wBfroBUGvrnSAgfT3WyiNaHkIF28e\n" - "quWcEeOJjUgFvatcM8gcY288AkEAyKWlgzBurIYST8TM3j4PuQJDTvdHDaGoAUAa\n" - "EfjmOw2UXKwqTmwPiT5BYKgCo2ILS87ttlTpd8vndH37pmnmVQIUQIVuKpZ8y9Bw\n" - "VzO8qcrLCFvTOXY=\n" - "-----END DSA PRIVATE KEY-----\n"; - -static const char gost01_key[] = - "-----BEGIN PRIVATE KEY-----\n" - "MEUCAQAwHAYGKoUDAgITMBIGByqFAwICJAAGByqFAwICHgEEIgQgR1lBLIr4WBpn\n" - "4MOCH8oxGWb52EPNL3gjNJiQuBQuf6U=\n" - "-----END PRIVATE KEY-----\n"; - -static const char gost12_256_key[] = - "-----BEGIN PRIVATE KEY-----\n" - "MEgCAQAwHwYIKoUDBwEBAQEwEwYHKoUDAgIkAAYIKoUDBwEBAgIEIgQg0+JttJEV\n" - "Ud+XBzX9q13ByKK+j2b+mEmNIo1yB0wGleo=\n" - "-----END PRIVATE KEY-----\n"; - -static const char gost12_512_key[] = - "-----BEGIN PRIVATE KEY-----\n" - "MGoCAQAwIQYIKoUDBwEBAQIwFQYJKoUDBwECAQIBBggqhQMHAQECAwRCBECS7bAh\n" - "TP5um5bxziaKkhb6xSI5WBQCSlaiHPBaMbgmgJiF8RubF7k0YMefpt0+sA3GvVGA\n" - "KjL7CLBERDm7Yvlv\n" - "-----END PRIVATE KEY-----\n"; - -/* A precomputed RSA-SHA256 signature using the rsa_key2048 */ -static const char rsa_sig[] = - "\x7a\xb3\xf8\xb0\xf9\xf0\x52\x88\x37\x17\x97\x9f\xbe\x61\xb4\xd2\x43\x78\x9f\x79\x92\xd0\xad\x08\xdb\xbd\x3c\x72\x7a\xb5\x51\x59\x63\xd6\x7d\xf1\x9c\x1e\x10\x7b\x27\xab\xf8\xd4\x9d\xcd\xc5\xf9\xae\xf7\x09\x6b\x40\x93\xc5\xe9\x1c\x0f\xb4\x82\xa1\x47\x86\x54\x63\xd2\x4d\x40\x9a\x80\xb9\x38\x45\x69\xa2\xd6\x92\xb6\x69\x7f\x3f\xf3\x5b\xa5\x1d\xac\x06\xad\xdf\x4e\xbb\xe6\xda\x68\x0d\xe5\xab\xef\xd2\xf0\xc5\xd8\xc0\xed\x80\xe2\xd4\x76\x98\xec\x44\xa2\xfc\x3f\xce\x2e\x8b\xc4\x4b\xab\xb0\x70\x24\x52\x85\x2a\x36\xcd\x9a\xb5\x05\x00\xea\x98\x7c\x72\x06\x68\xb1\x38\x44\x16\x80\x6a\x3b\x64\x72\xbb\xfd\x4b\xc9\xdd\xda\x2a\x68\xde\x7f\x6e\x48\x28\xc1\x63\x57\x2b\xde\x83\xa3\x27\x34\xd7\xa6\x87\x18\x35\x10\xff\x31\xd9\x47\xc9\x84\x35\xe1\xaa\xe2\xf7\x98\xfa\x19\xd3\xf1\x94\x25\x2a\x96\xe4\xa8\xa7\x05\x10\x93\x87\xde\x96\x85\xe5\x68\xb8\xe5\x4e\xbf\x66\x85\x91\xbd\x52\x5b\x3d\x9f\x1b\x79\xea\xe3\x8b\xef\x62\x18\x39\x7a\x50\x01\x46\x1b\xde\x8d\x37\xbc\x90\x6c\x07\xc0\x07\xed\x60\xce\x2e\x31\xd6\x8f\xe8\x75\xdb\x45\x21\xc6\xcb"; - -/* ECDSA key and signature */ +/* RSA 2048 private key and signature */ +static const char rsa_2048_privkey[] = + "-----BEGIN RSA PRIVATE KEY-----\n" + "MIIEogIBAAKCAQEA6yCv+BLrRP/dMPBXJWK21c0aqxIX6JkODL4K+zlyEURt8/Wp\n" + "nw37CJwHD3VrimSnk2SJvBfTNhzYhCsLShDOPvi4qBrLZ1WozjoVJ8tRE4VCcjQJ\n" + "snpJ7ldiV+Eos1Z3FkbV/uQcw5CYCb/TciSukaWlI+G/xas9EOOFt4aELbc1yDe0\n" + "hyfPDtoaKfek4GhT9qT1I8pTC40P9OrA9Jt8lblqxHWwqmdunLTjPjB5zJT6QgI+\n" + "j1xuq7ZOQhveNA/AOyzh574GIpgsuvPPLBQwsCQkscr7cFnCsyOPgYJrQW3De2+l\n" + "wjp2D7gZeeQcFQKazXcFoiqNpJWoBWmU0qqsgwIDAQABAoIBAAghNzRioxPdrO42\n" + "QS0fvqah0tw7Yew+7oduQr7w+4qxTQP0aIsBVr6zdmMIclF0rX6hKUoBoOHsGWho\n" + "fJlw/1CaFPhrBMFr6sxGodigZQtBvkxolDVBmTDOgK39MQUSZke0501K4du5MiiU\n" + "I2F89zQ9//m/onvZMeFVnJf95LAX5qHr/FLARQFtOpgWzcGVxdvJdJlYb1zMUril\n" + "PqyAZXo1j0vgHWwSd54k8mBLus7l8KT57VFce8+9nBPrOrqW4rDVXzs/go3S+kiI\n" + "OyzYeUs9czg1N1e3VhEaC+EdYUawc0ASuEkbsJ53L8pwDvS+2ly2ykYziJp95Fjv\n" + "bzyd1dECgYEA8FzGCxu7A6/ei9Dn0Fmi8Ns/QvEgbdlGw4v4MlXHjrGJYdOB0BwG\n" + "2D2k0ODNYKlUX2J4hi5x8aCH33y/v0EcOHyuqM33vOWBVbdcumCqcOmp341UebAO\n" + "uCPgDJNhjxXaeDVPnizqnOBA1B9sTxwmCOmFIiFRLbR+XluvDh3t8L0CgYEA+my6\n" + "124Rw7kcFx+9JoB/Z+bUJDYpefUT91gBUhhEdEMx5fujhMzAbLpIRjFQq+75Qb7v\n" + "0NyIS09B4oKOqQYzVEJwqKY7H71BTl7QuzJ8Qtuh/DMZsVIt6xpvdeuAKpEOqz44\n" + "ZD3fW1B59A3ja7kqZadCqq2b02UTk+gdeOrYBj8CgYACX3gZDfoHrEnPKY3QUcI5\n" + "DIEQYR8H1phLP+uAW7ZvozMPAy6J5mzu35Tr9vwwExvhITC9amH3l7UfsLSX58Wm\n" + "jRyQUBA9Dir7tKa2tFOab8Qcj+GgnetXSAtjNGVHK1kPzL7vedQLHm+laHYCRe3e\n" + "Mqf80UVi5SBGQDN3OTZrJQKBgEkj2oozDqMwfGDQl0kYfJ2XEFynKQQCrVsva+tT\n" + "RSMDwR4fmcmel5Dp81P08U/WExy9rIM+9duxAVgrs4jwU6uHYCoRqvEBMIK4NJSI\n" + "ETzhsvTa4+UjUF/7L5SsPJmyFiuzl3rHi2W7InNCXyrGQPjBmjoJTJq4SbiIMZtw\n" + "U7m3AoGACG2rE/Ud71kyOJcKwxzEt8kd+2CMuaZeE/xk+3zLSSjXJzKPficogM3I\n" + "K37/N7N0FjhdQ5hRuD3GH1fcjv9AKdGHsH7RuaG+jHTRUjS1glr17SSQzh6xXnWj\n" + "jG0M4UZm5P9STL09nZuWH0wfpr/eg+9+A6yOVfnADI13v+Ygk7k=\n" + "-----END RSA PRIVATE KEY-----\n"; + +static const char rsa_2048_sig[] = + "\x7a\xb3\xf8\xb0\xf9\xf0\x52\x88\x37\x17\x97\x9f\xbe\x61\xb4\xd2" + "\x43\x78\x9f\x79\x92\xd0\xad\x08\xdb\xbd\x3c\x72\x7a\xb5\x51\x59" + "\x63\xd6\x7d\xf1\x9c\x1e\x10\x7b\x27\xab\xf8\xd4\x9d\xcd\xc5\xf9" + "\xae\xf7\x09\x6b\x40\x93\xc5\xe9\x1c\x0f\xb4\x82\xa1\x47\x86\x54" + "\x63\xd2\x4d\x40\x9a\x80\xb9\x38\x45\x69\xa2\xd6\x92\xb6\x69\x7f" + "\x3f\xf3\x5b\xa5\x1d\xac\x06\xad\xdf\x4e\xbb\xe6\xda\x68\x0d\xe5" + "\xab\xef\xd2\xf0\xc5\xd8\xc0\xed\x80\xe2\xd4\x76\x98\xec\x44\xa2" + "\xfc\x3f\xce\x2e\x8b\xc4\x4b\xab\xb0\x70\x24\x52\x85\x2a\x36\xcd" + "\x9a\xb5\x05\x00\xea\x98\x7c\x72\x06\x68\xb1\x38\x44\x16\x80\x6a" + "\x3b\x64\x72\xbb\xfd\x4b\xc9\xdd\xda\x2a\x68\xde\x7f\x6e\x48\x28" + "\xc1\x63\x57\x2b\xde\x83\xa3\x27\x34\xd7\xa6\x87\x18\x35\x10\xff" + "\x31\xd9\x47\xc9\x84\x35\xe1\xaa\xe2\xf7\x98\xfa\x19\xd3\xf1\x94" + "\x25\x2a\x96\xe4\xa8\xa7\x05\x10\x93\x87\xde\x96\x85\xe5\x68\xb8" + "\xe5\x4e\xbf\x66\x85\x91\xbd\x52\x5b\x3d\x9f\x1b\x79\xea\xe3\x8b" + "\xef\x62\x18\x39\x7a\x50\x01\x46\x1b\xde\x8d\x37\xbc\x90\x6c\x07" + "\xc0\x07\xed\x60\xce\x2e\x31\xd6\x8f\xe8\x75\xdb\x45\x21\xc6\xcb"; + +/* DSA 2048 private key and signature */ +static const char dsa_2048_privkey[] = + "-----BEGIN DSA PRIVATE KEY-----\n" + "MIIDTQIBAAKCAQEAh60B6yPMRIT7udq2kKuwnQDohvT1U0w+RJcSr23C05cM/Ovn\n" + "UP/8Rrj6T8K+uYhMbKgLaZiJJW9q04jaPQk0cfUphbLvRjzVHwE/0Bkb+Y1Rv7ni\n" + "Jot2IFMq5iuNraf889PC0WREvFCcIkSFY2Ac4WT7mCcBtfx/raGFXDUjcUrJ0HwZ\n" + "IOhjQDfcXUsztuyYsYA75ociEY8kyDZq/ixyr5++R1VjNf30Re8AbQlXOEGxEN5t\n" + "t+Tvpq8K5L3prQs2KNSzyOUmedjb/ojH4T4qe/RL9EVjjeuIGHDNUT6F197yZ91y\n" + "qLLTf1WjnUyZcKij5rryX0LJBBWawEZjNSHZawIdAMQlyycia4NigCdiDR+QptUn\n" + "2xrj9o14fXkIrXcCggEAXRZm1rbPhsjSTo6cpCVrmDzO1grv83EHiBH4MvRQQnP8\n" + "FpAREsBA5cYju97XvLaLhioZeMjLn08kU7TUbHRUB+ULTuVvE2dQbBpGuKiLRRt9\n" + "6U2T0eD3xGLoM+o8EY/kpqaWGEpZv7hzM9xuo4vy55+viAZgFWULqmltwfG/7w7V\n" + "NXUHNv5H4Ipw//fSDLTPqzUlNqSSswDLz6pCjWEs0rWAqNAMaOiLTz4id9pL48Oe\n" + "oAfpcQR9tgTEnwyXfZBnrJVclHhkHKGeXvU05IgCzpKO76Z5R+By50T0i/JV7vzM\n" + "l2yS9aAl/cprT6U7yI3oU/blldCVNpMcFAFb+fO8DAKCAQBVMo8xptyvQOJeSvbO\n" + "SSYdJ3IiI/0GdkcGWXblWg9z7mrPaWEnT7OquEm/+vYtWd3GHDtyNM+jzsN4Xgjc\n" + "TL3AEd2hLiozJQ1BFKw25VU08UHAYTzUxZhO4Vwtmp46Kwj8YLDQ3NHRWCBxpDQR\n" + "fbiFvyXP+qXap6plMfrydnUD1mae/JSOWOYgdB7tFIehstLxVXx/cAnjwgFU03Df\n" + "grjsad92zA1Hc9wIjbsgAQdTR5DWnFRkRt3UtayBwoyqm6QceZHsv1NAGvkQ4ion\n" + "bEjkHkjF9YCkR9/rspR8cLghRIXMjOpypuSbaRPeeWq0gP2UOxFL/d3iWH0ETr/L\n" + "kTlCAhxYGpVgtfB96qmJukyl9GOGvfkwFTgEyIDoV84M\n" + "-----END DSA PRIVATE KEY-----\n"; + +static const char dsa_2048_sig[] = + "\x30\x3d\x02\x1c\x2e\x40\x14\xb3\x7a\x3f\xc0\x4f\x06\x74\x4f\xa6" + "\x5f\xc2\x0a\x46\x35\x38\x88\xb4\x1a\xcf\x94\x02\x40\x42\x7c\x7f" + "\x02\x1d\x00\x98\xfc\xf1\x08\x66\xf1\x86\x28\xc9\x73\x9e\x2b\x5d" + "\xce\x57\xe8\xb5\xeb\xcf\xa3\xf6\x60\xf6\x63\x16\x0e\xc0\x42"; + +/* secp256r1 private key and signature */ static const char ecdsa_secp256r1_privkey[] = - "-----BEGIN EC PRIVATE KEY-----\n" - "MHcCAQEEIPAKWV7+pZe9c5EubMNfAEKWRQtP/MvlO9HehwHmJssNoAoGCCqGSM49\n" - "AwEHoUQDQgAE2CNONRio3ciuXtoomJKs3MdbzLbd44VPhtzJN30VLFm5gvnfiCj2\n" - "zzz7pl9Cv0ECHl6yedNI8QEKdcwCDgEmkQ==\n" - "-----END EC PRIVATE KEY-----\n"; + "-----BEGIN EC PRIVATE KEY-----\n" + "MHcCAQEEIPAKWV7+pZe9c5EubMNfAEKWRQtP/MvlO9HehwHmJssNoAoGCCqGSM49\n" + "AwEHoUQDQgAE2CNONRio3ciuXtoomJKs3MdbzLbd44VPhtzJN30VLFm5gvnfiCj2\n" + "zzz7pl9Cv0ECHl6yedNI8QEKdcwCDgEmkQ==\n" + "-----END EC PRIVATE KEY-----\n"; static const char ecdsa_secp256r1_sig[] = - "\x30\x45\x02\x21\x00\x9b\x8f\x60\xed\x9e\x40\x8d\x74\x82\x73\xab\x20\x1a\x69\xfc\xf9\xee\x3c\x41\x80\xc0\x39\xdd\x21\x1a\x64\xfd\xbf\x7e\xaa\x43\x70\x02\x20\x44\x28\x05\xdd\x30\x47\x58\x96\x18\x39\x94\x18\xba\xe7\x7a\xf6\x1e\x2d\xba\xb1\xe0\x7d\x73\x9e\x2f\x58\xee\x0c\x2a\x89\xe8\x35"; + "\x30\x45\x02\x21\x00\x9b\x8f\x60\xed\x9e\x40\x8d\x74\x82\x73\xab" + "\x20\x1a\x69\xfc\xf9\xee\x3c\x41\x80\xc0\x39\xdd\x21\x1a\x64\xfd" + "\xbf\x7e\xaa\x43\x70\x02\x20\x44\x28\x05\xdd\x30\x47\x58\x96\x18" + "\x39\x94\x18\xba\xe7\x7a\xf6\x1e\x2d\xba\xb1\xe0\x7d\x73\x9e\x2f" + "\x58\xee\x0c\x2a\x89\xe8\x35"; #ifdef ENABLE_NON_SUITEB_CURVES -/* sha256 */ +/* secp192r1 private key and signature */ static const char ecdsa_secp192r1_privkey[] = - "-----BEGIN EC PRIVATE KEY-----" - "MF8CAQEEGLjezFcbgDMeApVrdtZHvu/k1a8/tVZ41KAKBggqhkjOPQMBAaE0AzIA" - "BO1lciKdgxeRH8k64vxcaV1OYIK9akVrW02Dw21MXhRLP0l0wzCw6LGSr5rS6AaL" - "Fg==" "-----END EC PRIVATE KEY-----"; + "-----BEGIN EC PRIVATE KEY-----" + "MF8CAQEEGLjezFcbgDMeApVrdtZHvu/k1a8/tVZ41KAKBggqhkjOPQMBAaE0AzIA" + "BO1lciKdgxeRH8k64vxcaV1OYIK9akVrW02Dw21MXhRLP0l0wzCw6LGSr5rS6AaL" + "Fg==" "-----END EC PRIVATE KEY-----"; static const char ecdsa_secp192r1_sig[] = - "\x30\x34\x02\x18\x5f\xb3\x10\x4b\x4d\x44\x48\x29\x4b\xfd\xa7\x8e\xce\x57\xac\x36\x38\x54\xab\x73\xdb\xed\xb8\x5f\x02\x18\x0b\x8b\xf3\xae\x49\x50\x0e\x47\xca\x89\x1a\x00\xca\x23\xf5\x8d\xd6\xe3\xce\x9a\xff\x2e\x4f\x5c"; + "\x30\x34\x02\x18\x5f\xb3\x10\x4b\x4d\x44\x48\x29\x4b\xfd\xa7\x8e" + "\xce\x57\xac\x36\x38\x54\xab\x73\xdb\xed\xb8\x5f\x02\x18\x0b\x8b" + "\xf3\xae\x49\x50\x0e\x47\xca\x89\x1a\x00\xca\x23\xf5\x8d\xd6\xe3" + "\xce\x9a\xff\x2e\x4f\x5c"; +/* secp224r1 private key and signature */ static const char ecdsa_secp224r1_privkey[] = - "-----BEGIN EC PRIVATE KEY-----" - "MGgCAQEEHOKWJFdWdrR/CgVrUeTeawOrJ9GozE9KKx2a8PmgBwYFK4EEACGhPAM6" - "AAQKQj3YpenWT7lFR41SnBvmj/+Bj+kgzQnaF65qWAtPRJsZXFlLTu3/IUNqSRu9" - "DqPsk8xBHAB7pA==" "-----END EC PRIVATE KEY-----"; + "-----BEGIN EC PRIVATE KEY-----" + "MGgCAQEEHOKWJFdWdrR/CgVrUeTeawOrJ9GozE9KKx2a8PmgBwYFK4EEACGhPAM6" + "AAQKQj3YpenWT7lFR41SnBvmj/+Bj+kgzQnaF65qWAtPRJsZXFlLTu3/IUNqSRu9" + "DqPsk8xBHAB7pA==" "-----END EC PRIVATE KEY-----"; static const char ecdsa_secp224r1_sig[] = - "\x30\x3d\x02\x1c\x76\x03\x8d\x74\xf4\xd3\x09\x2a\xb5\xdf\x6b\x5b\xf4\x4b\x86\xb8\x62\x81\x5d\x7b\x7a\xbb\x37\xfc\xf1\x46\x1c\x2b\x02\x1d\x00\xa0\x98\x5d\x80\x43\x89\xe5\xee\x1a\xec\x46\x08\x04\x55\xbc\x50\xfa\x2a\xd5\xa6\x18\x92\x19\xdb\x68\xa0\x2a\xda"; + "\x30\x3d\x02\x1c\x76\x03\x8d\x74\xf4\xd3\x09\x2a\xb5\xdf\x6b\x5b" + "\xf4\x4b\x86\xb8\x62\x81\x5d\x7b\x7a\xbb\x37\xfc\xf1\x46\x1c\x2b" + "\x02\x1d\x00\xa0\x98\x5d\x80\x43\x89\xe5\xee\x1a\xec\x46\x08\x04" + "\x55\xbc\x50\xfa\x2a\xd5\xa6\x18\x92\x19\xdb\x68\xa0\x2a\xda"; #endif +/* secp384r1 private key and signature */ static const char ecdsa_secp384r1_privkey[] = - "-----BEGIN EC PRIVATE KEY-----" - "MIGkAgEBBDDevshD6gb+4rZpC9vwFcIwNs4KmGzdqCxyyN40a8uOWRbyf7aHdiSS" - "03oAyKtc4JCgBwYFK4EEACKhZANiAARO1KkPMno2tnNXx1S9EZkp8SOpDCZ4aobH" - "IYv8RHnSmKf8I3OKD6TaoeR+1MwJmNJUH90Bj45WXla68/vsPiFcfVKboxsZYe/n" - "pv8e4ugXagVQVBXNZJ859iYPdJR24vo=" "-----END EC PRIVATE KEY-----"; + "-----BEGIN EC PRIVATE KEY-----" + "MIGkAgEBBDDevshD6gb+4rZpC9vwFcIwNs4KmGzdqCxyyN40a8uOWRbyf7aHdiSS" + "03oAyKtc4JCgBwYFK4EEACKhZANiAARO1KkPMno2tnNXx1S9EZkp8SOpDCZ4aobH" + "IYv8RHnSmKf8I3OKD6TaoeR+1MwJmNJUH90Bj45WXla68/vsPiFcfVKboxsZYe/n" + "pv8e4ugXagVQVBXNZJ859iYPdJR24vo=" "-----END EC PRIVATE KEY-----"; static const char ecdsa_secp384r1_sig[] = - "\x30\x66\x02\x31\x00\xbb\x4d\x25\x30\x13\x1b\x3b\x75\x60\x07\xed\x53\x8b\x52\xee\xd8\x6e\xf1\x9d\xa8\x36\x0e\x2e\x20\x31\x51\x11\x48\x78\xdd\xaf\x24\x38\x64\x81\x71\x6b\xa6\xb7\x29\x58\x28\x82\x32\xba\x29\x29\xd9\x02\x31\x00\xeb\x70\x09\x87\xac\x7b\x78\x0d\x4c\x4f\x08\x2b\x86\x27\xe2\x60\x1f\xc9\x11\x9f\x1d\xf5\x82\x4c\xc7\x3d\xb0\x27\xc8\x93\x29\xc7\xd0\x0e\x88\x02\x09\x93\xc2\x72\xce\xa5\x74\x8c\x3d\xe0\x8c\xad"; - + "\x30\x66\x02\x31\x00\xbb\x4d\x25\x30\x13\x1b\x3b\x75\x60\x07\xed" + "\x53\x8b\x52\xee\xd8\x6e\xf1\x9d\xa8\x36\x0e\x2e\x20\x31\x51\x11" + "\x48\x78\xdd\xaf\x24\x38\x64\x81\x71\x6b\xa6\xb7\x29\x58\x28\x82" + "\x32\xba\x29\x29\xd9\x02\x31\x00\xeb\x70\x09\x87\xac\x7b\x78\x0d" + "\x4c\x4f\x08\x2b\x86\x27\xe2\x60\x1f\xc9\x11\x9f\x1d\xf5\x82\x4c" + "\xc7\x3d\xb0\x27\xc8\x93\x29\xc7\xd0\x0e\x88\x02\x09\x93\xc2\x72" + "\xce\xa5\x74\x8c\x3d\xe0\x8c\xad"; + +/* secp521r1 private key and signature */ static const char ecdsa_secp521r1_privkey[] = - "-----BEGIN EC PRIVATE KEY-----" - "MIHbAgEBBEGO2n7NN363qSCvJVdlQtCvudtaW4o0fEufXRjE1AsCrle+VXX0Zh0w" - "Y1slSeDHMndpakoiF+XkQ+bhcB867UV6aKAHBgUrgQQAI6GBiQOBhgAEAQb6jDpo" - "byy1tF8Zucg0TMGUzIN2DK+RZJ3QQRdWdirO25OIC3FoFi1Yird6rpoB6HlNyJ7R" - "0bNG9Uv34bSHMn8yAFoiqxUCdJZQbEenMoZsi6COaePe3e0QqvDMr0hEWT23Sr3t" - "LpEV7eZGFfFIJw5wSUp2KOcs+O9WjmoukTWtDKNV" - "-----END EC PRIVATE KEY-----"; + "-----BEGIN EC PRIVATE KEY-----" + "MIHbAgEBBEGO2n7NN363qSCvJVdlQtCvudtaW4o0fEufXRjE1AsCrle+VXX0Zh0w" + "Y1slSeDHMndpakoiF+XkQ+bhcB867UV6aKAHBgUrgQQAI6GBiQOBhgAEAQb6jDpo" + "byy1tF8Zucg0TMGUzIN2DK+RZJ3QQRdWdirO25OIC3FoFi1Yird6rpoB6HlNyJ7R" + "0bNG9Uv34bSHMn8yAFoiqxUCdJZQbEenMoZsi6COaePe3e0QqvDMr0hEWT23Sr3t" + "LpEV7eZGFfFIJw5wSUp2KOcs+O9WjmoukTWtDKNV" + "-----END EC PRIVATE KEY-----"; static const char ecdsa_secp521r1_sig[] = - "\x30\x81\x87\x02\x42\x01\xb8\xcb\x52\x9e\x10\xa8\x49\x3f\xe1\x9e\x14\x0a\xcf\x96\xed\x7e\xab\x7d\x0c\xe1\x9b\xa4\x97\xdf\x01\xf5\x35\x42\x5f\x5b\x28\x15\x24\x33\x6e\x59\x6c\xaf\x10\x8b\x98\x8e\xe9\x4c\x23\x0d\x76\x92\x03\xdd\x6d\x8d\x08\x47\x15\x5b\xf8\x66\x75\x75\x40\xe8\xf4\xa0\x52\x02\x41\x15\x27\x7c\x5f\xa6\x33\xa6\x29\x68\x3f\x55\x8d\x7f\x1d\x4f\x88\xc6\x61\x6e\xac\x21\xdf\x2b\x7b\xde\x76\x9a\xdc\xe6\x3b\x94\x3f\x03\x9c\xa2\xa6\xa3\x63\x39\x48\xbd\x79\x70\x21\xf2\x6b\xff\x58\x66\xf1\x58\xc2\x58\xad\x4f\x84\x14\x5d\x05\x12\x83\xd0\x87\xbd\xf3"; - -/* DSA key and signature */ -static const char dsa_privkey[] = - "-----BEGIN DSA PRIVATE KEY-----\n" - "MIIDTQIBAAKCAQEAh60B6yPMRIT7udq2kKuwnQDohvT1U0w+RJcSr23C05cM/Ovn\n" - "UP/8Rrj6T8K+uYhMbKgLaZiJJW9q04jaPQk0cfUphbLvRjzVHwE/0Bkb+Y1Rv7ni\n" - "Jot2IFMq5iuNraf889PC0WREvFCcIkSFY2Ac4WT7mCcBtfx/raGFXDUjcUrJ0HwZ\n" - "IOhjQDfcXUsztuyYsYA75ociEY8kyDZq/ixyr5++R1VjNf30Re8AbQlXOEGxEN5t\n" - "t+Tvpq8K5L3prQs2KNSzyOUmedjb/ojH4T4qe/RL9EVjjeuIGHDNUT6F197yZ91y\n" - "qLLTf1WjnUyZcKij5rryX0LJBBWawEZjNSHZawIdAMQlyycia4NigCdiDR+QptUn\n" - "2xrj9o14fXkIrXcCggEAXRZm1rbPhsjSTo6cpCVrmDzO1grv83EHiBH4MvRQQnP8\n" - "FpAREsBA5cYju97XvLaLhioZeMjLn08kU7TUbHRUB+ULTuVvE2dQbBpGuKiLRRt9\n" - "6U2T0eD3xGLoM+o8EY/kpqaWGEpZv7hzM9xuo4vy55+viAZgFWULqmltwfG/7w7V\n" - "NXUHNv5H4Ipw//fSDLTPqzUlNqSSswDLz6pCjWEs0rWAqNAMaOiLTz4id9pL48Oe\n" - "oAfpcQR9tgTEnwyXfZBnrJVclHhkHKGeXvU05IgCzpKO76Z5R+By50T0i/JV7vzM\n" - "l2yS9aAl/cprT6U7yI3oU/blldCVNpMcFAFb+fO8DAKCAQBVMo8xptyvQOJeSvbO\n" - "SSYdJ3IiI/0GdkcGWXblWg9z7mrPaWEnT7OquEm/+vYtWd3GHDtyNM+jzsN4Xgjc\n" - "TL3AEd2hLiozJQ1BFKw25VU08UHAYTzUxZhO4Vwtmp46Kwj8YLDQ3NHRWCBxpDQR\n" - "fbiFvyXP+qXap6plMfrydnUD1mae/JSOWOYgdB7tFIehstLxVXx/cAnjwgFU03Df\n" - "grjsad92zA1Hc9wIjbsgAQdTR5DWnFRkRt3UtayBwoyqm6QceZHsv1NAGvkQ4ion\n" - "bEjkHkjF9YCkR9/rspR8cLghRIXMjOpypuSbaRPeeWq0gP2UOxFL/d3iWH0ETr/L\n" - "kTlCAhxYGpVgtfB96qmJukyl9GOGvfkwFTgEyIDoV84M\n" - "-----END DSA PRIVATE KEY-----\n"; - -static const char dsa_sig[] = - "\x30\x3d\x02\x1c\x2e\x40\x14\xb3\x7a\x3f\xc0\x4f\x06\x74\x4f\xa6\x5f\xc2\x0a\x46\x35\x38\x88\xb4\x1a\xcf\x94\x02\x40\x42\x7c\x7f\x02\x1d\x00\x98\xfc\xf1\x08\x66\xf1\x86\x28\xc9\x73\x9e\x2b\x5d\xce\x57\xe8\xb5\xeb\xcf\xa3\xf6\x60\xf6\x63\x16\x0e\xc0\x42"; - + "\x30\x81\x87\x02\x42\x01\xb8\xcb\x52\x9e\x10\xa8\x49\x3f\xe1\x9e" + "\x14\x0a\xcf\x96\xed\x7e\xab\x7d\x0c\xe1\x9b\xa4\x97\xdf\x01\xf5" + "\x35\x42\x5f\x5b\x28\x15\x24\x33\x6e\x59\x6c\xaf\x10\x8b\x98\x8e" + "\xe9\x4c\x23\x0d\x76\x92\x03\xdd\x6d\x8d\x08\x47\x15\x5b\xf8\x66" + "\x75\x75\x40\xe8\xf4\xa0\x52\x02\x41\x15\x27\x7c\x5f\xa6\x33\xa6" + "\x29\x68\x3f\x55\x8d\x7f\x1d\x4f\x88\xc6\x61\x6e\xac\x21\xdf\x2b" + "\x7b\xde\x76\x9a\xdc\xe6\x3b\x94\x3f\x03\x9c\xa2\xa6\xa3\x63\x39" + "\x48\xbd\x79\x70\x21\xf2\x6b\xff\x58\x66\xf1\x58\xc2\x58\xad\x4f" + "\x84\x14\x5d\x05\x12\x83\xd0\x87\xbd\xf3"; + +/* GOST01 private key and signature */ static const char gost01_privkey[] = - "-----BEGIN PRIVATE KEY-----\n" - "MEUCAQAwHAYGKoUDAgITMBIGByqFAwICIwEGByqFAwICHgEEIgQgdNfuHGmmTdPm\n" - "p5dAa3ea9UYxpdYQPP9lbDwzQwG2bJM=\n" - "-----END PRIVATE KEY-----\n"; + "-----BEGIN PRIVATE KEY-----\n" + "MEUCAQAwHAYGKoUDAgITMBIGByqFAwICIwEGByqFAwICHgEEIgQgdNfuHGmmTdPm\n" + "p5dAa3ea9UYxpdYQPP9lbDwzQwG2bJM=\n" + "-----END PRIVATE KEY-----\n"; static const char gost01_sig[] = - "\xc5\xc8\xf8\xdc\x22\x51\xb0\x72\xe9\xa2\xbb\x84\x6c\xe2\x24\xd5\x72\x39\x2a\x5a\x0e\x7a\x43\xfc\x9c\xc3\x5d\x32\x92\xbb\xab\xc0\x4b\x99\xbd\xc8\x47\x24\x70\x06\x7e\xa1\xc6\xe3\xa0\xdc\x42\xed\xa0\x66\xf0\xcc\x50\x97\xe9\x5a\x7d\x3f\x65\x2d\x7b\x1b\x03\xcb"; + "\xc5\xc8\xf8\xdc\x22\x51\xb0\x72\xe9\xa2\xbb\x84\x6c\xe2\x24\xd5" + "\x72\x39\x2a\x5a\x0e\x7a\x43\xfc\x9c\xc3\x5d\x32\x92\xbb\xab\xc0" + "\x4b\x99\xbd\xc8\x47\x24\x70\x06\x7e\xa1\xc6\xe3\xa0\xdc\x42\xed" + "\xa0\x66\xf0\xcc\x50\x97\xe9\x5a\x7d\x3f\x65\x2d\x7b\x1b\x03\xcb"; +/* GOST12 256 private key and signature */ static const char gost12_256_privkey[] = - "-----BEGIN PRIVATE KEY-----\n" - "MEgCAQAwHwYIKoUDBwEBAQEwEwYHKoUDAgIjAQYIKoUDBwEBAgIEIgQgKOF96tom\n" - "D61rhSnzKjyrmO3fv0gdlHei+6ovrc8SnBk=\n" - "-----END PRIVATE KEY-----\n"; + "-----BEGIN PRIVATE KEY-----\n" + "MEgCAQAwHwYIKoUDBwEBAQEwEwYHKoUDAgIjAQYIKoUDBwEBAgIEIgQgKOF96tom\n" + "D61rhSnzKjyrmO3fv0gdlHei+6ovrc8SnBk=\n" + "-----END PRIVATE KEY-----\n"; static const char gost12_256_sig[] = - "\xb2\x51\x5a\x1a\xbd\x95\x4e\x71\x55\xad\x74\x74\x81\xa6\xca\x6c\x14\x01\xe0\x18\xda\xe4\x0d\x02\x4f\x14\xd2\x39\xd6\x3c\xb5\x85\xa8\x37\xfd\x7f\x2b\xfa\xe4\xf5\xbc\xbc\x15\x20\x8b\x83\x4b\x84\x0d\x5d\x02\x21\x8c\x0d\xb9\xc4\x2b\xc0\x3e\xfd\x42\x55\x1d\xb0"; + "\xb2\x51\x5a\x1a\xbd\x95\x4e\x71\x55\xad\x74\x74\x81\xa6\xca\x6c" + "\x14\x01\xe0\x18\xda\xe4\x0d\x02\x4f\x14\xd2\x39\xd6\x3c\xb5\x85" + "\xa8\x37\xfd\x7f\x2b\xfa\xe4\xf5\xbc\xbc\x15\x20\x8b\x83\x4b\x84" + "\x0d\x5d\x02\x21\x8c\x0d\xb9\xc4\x2b\xc0\x3e\xfd\x42\x55\x1d\xb0"; +/* GOST12 512 private key and signature */ static const char gost12_512_privkey[] = - "-----BEGIN PRIVATE KEY-----\n" - "MGoCAQAwIQYIKoUDBwEBAQIwFQYJKoUDBwECAQIBBggqhQMHAQECAwRCBECjFpvp\n" - "B0vdc7u59b99TCNXhHiB69JJtUjvieNkGYJpoaaIvoKZTNCjpSZASsZcQZCHOTof\n" - "hsQ3JCCy4xnd5jWT\n" - "-----END PRIVATE KEY-----\n"; + "-----BEGIN PRIVATE KEY-----\n" + "MGoCAQAwIQYIKoUDBwEBAQIwFQYJKoUDBwECAQIBBggqhQMHAQECAwRCBECjFpvp\n" + "B0vdc7u59b99TCNXhHiB69JJtUjvieNkGYJpoaaIvoKZTNCjpSZASsZcQZCHOTof\n" + "hsQ3JCCy4xnd5jWT\n" + "-----END PRIVATE KEY-----\n"; static const char gost12_512_sig[] = - "\x52\x4f\xa2\x77\x51\xd2\xc5\xef\xd3\xa3\x99\x4e\xec\xff\xc6\xe9\xfc\x2f\xc0\x28\x42\x03\x95\x6c\x9a\x38\xee\xea\x89\x79\xae\x1a\xc3\x68\x5e\xe4\x15\x15\x4b\xec\x0f\xf1\x7e\x0f\xba\x01\xc7\x84\x16\xc7\xb5\xac\x9d\x0c\x22\xdd\x31\xf7\xb0\x9b\x59\x4b\xf0\x02\xa8\x7d\xfd\x6d\x02\x43\xc7\x4f\x65\xbd\x84\x5c\x54\x91\xba\x75\x9f\x5a\x61\x19\x5c\x9a\x10\x78\x34\xa0\xa6\xf6\xdc\xb6\xb0\x50\x22\x38\x5f\xb0\x16\x66\xf1\xd5\x46\x00\xd5\xe2\xa8\xe5\xd2\x11\x5f\xd1\xbe\x6e\xac\xb2\x9c\x14\x34\x96\xe7\x58\x94\xb8\xf4\x5f"; + "\x52\x4f\xa2\x77\x51\xd2\xc5\xef\xd3\xa3\x99\x4e\xec\xff\xc6\xe9" + "\xfc\x2f\xc0\x28\x42\x03\x95\x6c\x9a\x38\xee\xea\x89\x79\xae\x1a" + "\xc3\x68\x5e\xe4\x15\x15\x4b\xec\x0f\xf1\x7e\x0f\xba\x01\xc7\x84" + "\x16\xc7\xb5\xac\x9d\x0c\x22\xdd\x31\xf7\xb0\x9b\x59\x4b\xf0\x02" + "\xa8\x7d\xfd\x6d\x02\x43\xc7\x4f\x65\xbd\x84\x5c\x54\x91\xba\x75" + "\x9f\x5a\x61\x19\x5c\x9a\x10\x78\x34\xa0\xa6\xf6\xdc\xb6\xb0\x50" + "\x22\x38\x5f\xb0\x16\x66\xf1\xd5\x46\x00\xd5\xe2\xa8\xe5\xd2\x11" + "\x5f\xd1\xbe\x6e\xac\xb2\x9c\x14\x34\x96\xe7\x58\x94\xb8\xf4\x5f"; static int test_rsa_enc(gnutls_pk_algorithm_t pk, unsigned bits, gnutls_digest_algorithm_t ign) @@ -225,7 +250,7 @@ static int test_rsa_enc(gnutls_pk_algorithm_t pk, int ret; gnutls_datum_t enc = { NULL, 0 }; gnutls_datum_t dec = { NULL, 0 }; - gnutls_datum_t raw_rsa_key = { (void*)rsa_key2048, sizeof(rsa_key2048)-1 }; + gnutls_datum_t raw_rsa_key = { (void*)rsa_2048_privkey, sizeof(rsa_2048_privkey)-1 }; gnutls_privkey_t key; gnutls_pubkey_t pub = NULL; unsigned char plaintext2[sizeof(DATASTR) - 1]; @@ -312,26 +337,12 @@ static int test_sig(gnutls_pk_algorithm_t pk, unsigned bits, gnutls_sign_algorithm_t sigalgo) { int ret; - gnutls_datum_t sig = { NULL, 0 }; - gnutls_datum_t raw_rsa_key = { (void*)rsa_key2048, sizeof(rsa_key2048)-1 }; - gnutls_datum_t raw_dsa_key = { (void*)dsa_key, sizeof(dsa_key)-1 }; - gnutls_datum_t raw_ecc_key = { (void*)ecc_key, sizeof(ecc_key)-1 }; - gnutls_datum_t raw_gost01_key = { (void*)gost01_key, sizeof(gost01_key)-1 }; - gnutls_datum_t raw_gost12_256_key = { (void*)gost12_256_key, sizeof(gost12_256_key)-1 }; - gnutls_datum_t raw_gost12_512_key = { (void*)gost12_512_key, sizeof(gost12_512_key)-1 }; gnutls_privkey_t key; + gnutls_datum_t raw_key; + gnutls_datum_t sig = { NULL, 0 }; gnutls_pubkey_t pub = NULL; char param_name[32]; - if (pk == GNUTLS_PK_EC || pk == GNUTLS_PK_GOST_01 || - pk == GNUTLS_PK_GOST_12_256 || pk == GNUTLS_PK_GOST_12_512) { - snprintf(param_name, sizeof(param_name), "%s", - gnutls_ecc_curve_get_name(GNUTLS_BITS_TO_CURVE - (bits))); - } else { - snprintf(param_name, sizeof(param_name), "%u", bits); - } - ret = gnutls_privkey_init(&key); if (ret < 0) return gnutls_assert_val(ret); @@ -342,25 +353,83 @@ static int test_sig(gnutls_pk_algorithm_t pk, goto cleanup; } - if (pk == GNUTLS_PK_RSA) { - ret = gnutls_privkey_import_x509_raw(key, &raw_rsa_key, GNUTLS_X509_FMT_PEM, NULL, 0); - } else if (pk == GNUTLS_PK_RSA_PSS) { - ret = gnutls_privkey_import_x509_raw(key, &raw_rsa_key, GNUTLS_X509_FMT_PEM, NULL, 0); - } else if (pk == GNUTLS_PK_DSA) { - ret = gnutls_privkey_import_x509_raw(key, &raw_dsa_key, GNUTLS_X509_FMT_PEM, NULL, 0); - } else if (pk == GNUTLS_PK_ECC) { - ret = gnutls_privkey_import_x509_raw(key, &raw_ecc_key, GNUTLS_X509_FMT_PEM, NULL, 0); - } else if (pk == GNUTLS_PK_GOST_01) { - ret = gnutls_privkey_import_x509_raw(key, &raw_gost01_key, GNUTLS_X509_FMT_PEM, NULL, 0); - } else if (pk == GNUTLS_PK_GOST_12_256) { - ret = gnutls_privkey_import_x509_raw(key, &raw_gost12_256_key, GNUTLS_X509_FMT_PEM, NULL, 0); - } else if (pk == GNUTLS_PK_GOST_12_512) { - ret = gnutls_privkey_import_x509_raw(key, &raw_gost12_512_key, GNUTLS_X509_FMT_PEM, NULL, 0); - } else { - gnutls_assert(); - ret = GNUTLS_E_INTERNAL_ERROR; + switch(pk) { + case GNUTLS_PK_RSA: + raw_key.data = (void*)rsa_2048_privkey; + raw_key.size = sizeof(rsa_2048_privkey) - 1; + snprintf(param_name, sizeof(param_name), "%u", bits); + break; + case GNUTLS_PK_RSA_PSS: + raw_key.data = (void*)rsa_2048_privkey; + raw_key.size = sizeof(rsa_2048_privkey) - 1; + snprintf(param_name, sizeof(param_name), "%u", bits); + break; + case GNUTLS_PK_DSA: + raw_key.data = (void*)dsa_2048_privkey; + raw_key.size = sizeof(dsa_2048_privkey) - 1; + snprintf(param_name, sizeof(param_name), "%u", bits); + break; + case GNUTLS_PK_ECC: + switch(bits) { +#ifdef ENABLE_NON_SUITEB_CURVES + case GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_SECP192R1): + raw_key.data = (void*)ecdsa_secp192r1_privkey; + raw_key.size = sizeof(ecdsa_secp192r1_privkey) - 1; + break; + case GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_SECP224R1): + raw_key.data = (void*)ecdsa_secp224r1_privkey; + raw_key.size = sizeof(ecdsa_secp224r1_privkey) - 1; + break; +#endif + case GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_SECP256R1): + raw_key.data = (void*)ecdsa_secp256r1_privkey; + raw_key.size = sizeof(ecdsa_secp256r1_privkey) - 1; + break; + case GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_SECP384R1): + raw_key.data = (void*)ecdsa_secp384r1_privkey; + raw_key.size = sizeof(ecdsa_secp384r1_privkey) - 1; + break; + case GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_SECP521R1): + raw_key.data = (void*)ecdsa_secp521r1_privkey; + raw_key.size = sizeof(ecdsa_secp521r1_privkey) - 1; + break; + default: + gnutls_assert(); + ret = GNUTLS_E_INTERNAL_ERROR; + goto cleanup; + } + snprintf(param_name, sizeof(param_name), "%s", + gnutls_ecc_curve_get_name(GNUTLS_BITS_TO_CURVE + (bits))); + break; + case GNUTLS_PK_GOST_01: + raw_key.data = (void*)gost01_privkey; + raw_key.size = sizeof(gost01_privkey) - 1; + snprintf(param_name, sizeof(param_name), "%s", + gnutls_ecc_curve_get_name(GNUTLS_BITS_TO_CURVE + (bits))); + break; + case GNUTLS_PK_GOST_12_256: + raw_key.data = (void*)gost12_256_privkey; + raw_key.size = sizeof(gost12_256_privkey) - 1; + snprintf(param_name, sizeof(param_name), "%s", + gnutls_ecc_curve_get_name(GNUTLS_BITS_TO_CURVE + (bits))); + break; + case GNUTLS_PK_GOST_12_512: + raw_key.data = (void*)gost12_512_privkey; + raw_key.size = sizeof(gost12_512_privkey) - 1; + snprintf(param_name, sizeof(param_name), "%s", + gnutls_ecc_curve_get_name(GNUTLS_BITS_TO_CURVE + (bits))); + break; + default: + gnutls_assert(); + ret = GNUTLS_E_INTERNAL_ERROR; + goto cleanup; } + ret = gnutls_privkey_import_x509_raw(key, &raw_key, GNUTLS_X509_FMT_PEM, NULL, 0); if (ret < 0) { gnutls_assert(); goto cleanup; @@ -398,7 +467,8 @@ static int test_sig(gnutls_pk_algorithm_t pk, } ret = 0; - cleanup: + +cleanup: if (pub != NULL) gnutls_pubkey_deinit(pub); gnutls_privkey_deinit(key); @@ -778,13 +848,13 @@ int gnutls_pk_self_test(unsigned flags, gnutls_pk_algorithm_t pk) FALLTHROUGH; case GNUTLS_PK_RSA: PK_KNOWN_TEST(GNUTLS_PK_RSA, 1, 2048, GNUTLS_DIG_SHA256, - rsa_key2048, rsa_sig); + rsa_2048_privkey, rsa_2048_sig); PK_TEST(GNUTLS_PK_RSA, test_rsa_enc, 2048, 0); if (!(flags & GNUTLS_SELF_TEST_FLAG_ALL)) return 0; - PK_TEST(GNUTLS_PK_RSA, test_sig, 3072, GNUTLS_SIGN_RSA_SHA256); + PK_TEST(GNUTLS_PK_RSA, test_sig, 2048, GNUTLS_SIGN_RSA_SHA256); FALLTHROUGH; case GNUTLS_PK_RSA_PSS: @@ -796,12 +866,12 @@ int gnutls_pk_self_test(unsigned flags, gnutls_pk_algorithm_t pk) FALLTHROUGH; case GNUTLS_PK_DSA: PK_KNOWN_TEST(GNUTLS_PK_DSA, 0, 2048, GNUTLS_DIG_SHA256, - dsa_privkey, dsa_sig); + dsa_2048_privkey, dsa_2048_sig); if (!(flags & GNUTLS_SELF_TEST_FLAG_ALL)) return 0; - PK_TEST(GNUTLS_PK_DSA, test_sig, 3072, GNUTLS_SIGN_DSA_SHA256); + PK_TEST(GNUTLS_PK_DSA, test_sig, 2048, GNUTLS_SIGN_DSA_SHA256); FALLTHROUGH; case GNUTLS_PK_EC: @@ -823,8 +893,8 @@ int gnutls_pk_self_test(unsigned flags, gnutls_pk_algorithm_t pk) return 0; PK_TEST(GNUTLS_PK_EC, test_sig, - GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_SECP256R1), - GNUTLS_SIGN_ECDSA_SHA256); + GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_SECP256R1), + GNUTLS_SIGN_ECDSA_SHA256); PK_KNOWN_TEST(GNUTLS_PK_EC, 0, GNUTLS_CURVE_TO_BITS @@ -867,35 +937,42 @@ int gnutls_pk_self_test(unsigned flags, gnutls_pk_algorithm_t pk) #if ENABLE_GOST FALLTHROUGH; case GNUTLS_PK_GOST_01: - PK_KNOWN_TEST(GNUTLS_PK_GOST_01, 0, GNUTLS_ECC_CURVE_GOST256CPA, GNUTLS_DIG_GOSTR_94, + PK_KNOWN_TEST(GNUTLS_PK_GOST_01, 0, + GNUTLS_ECC_CURVE_GOST256CPA, + GNUTLS_DIG_GOSTR_94, gost01_privkey, gost01_sig); if (!(flags & GNUTLS_SELF_TEST_FLAG_ALL)) return 0; - PK_TEST(GNUTLS_PK_GOST_01, test_sig, GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_GOST256CPA), + PK_TEST(GNUTLS_PK_GOST_01, test_sig, + GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_GOST256CPA), GNUTLS_SIGN_GOST_94); FALLTHROUGH; case GNUTLS_PK_GOST_12_256: - PK_KNOWN_TEST(GNUTLS_PK_GOST_12_256, 0, GNUTLS_ECC_CURVE_GOST256CPA, GNUTLS_DIG_STREEBOG_256, + PK_KNOWN_TEST(GNUTLS_PK_GOST_12_256, 0, + GNUTLS_ECC_CURVE_GOST256CPA, GNUTLS_DIG_STREEBOG_256, gost12_256_privkey, gost12_256_sig); if (!(flags & GNUTLS_SELF_TEST_FLAG_ALL)) return 0; - PK_TEST(GNUTLS_PK_GOST_12_256, test_sig, GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_GOST256CPA), + PK_TEST(GNUTLS_PK_GOST_12_256, test_sig, + GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_GOST256CPA), GNUTLS_SIGN_GOST_256); FALLTHROUGH; case GNUTLS_PK_GOST_12_512: - PK_KNOWN_TEST(GNUTLS_PK_GOST_12_512, 0, GNUTLS_ECC_CURVE_GOST512A, GNUTLS_DIG_STREEBOG_512, + PK_KNOWN_TEST(GNUTLS_PK_GOST_12_512, 0, + GNUTLS_ECC_CURVE_GOST512A, GNUTLS_DIG_STREEBOG_512, gost12_512_privkey, gost12_512_sig); if (!(flags & GNUTLS_SELF_TEST_FLAG_ALL)) return 0; - PK_TEST(GNUTLS_PK_GOST_12_512, test_sig, GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_GOST512A), + PK_TEST(GNUTLS_PK_GOST_12_512, test_sig, + GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_GOST512A), GNUTLS_SIGN_GOST_512); #endif -- cgit v1.2.1 From 45f4fcc52600330b3f782bbf058cacc19a58261e Mon Sep 17 00:00:00 2001 From: Anderson Toshiyuki Sasaki Date: Thu, 4 Apr 2019 15:45:02 +0200 Subject: crypto-selftests-pk.c: Use deterministic signatures in test_known_sig() Use deterministic signatures for ECDSA and DSA in test_known_sig(). Do not call test_known_sig() for non-deterministic algorithms. Do not run PK_TEST() for algorithms tested with PK_KNOWN_TEST(). The deterministic algorithms are used if in FIPS-140 POST or if FIPS-140 mode is disabled. When called explicitly with FIPS-140 mode enabled, the pairwise-consistency test (PK_TEST()) is used instead. test_known_sig() was modified to support only deterministic algorithms. The "deterministic" parameter was replaced with the "flags" parameter through which the flags to be used in gnutls_privkey_sign_data() are passed. The hard-coded values for the ECDSA and DSA signatures were replaced with the values corresponding to the deterministic signatures to be used in known answer tests. The unused values for GOST signatures were removed. Signed-off-by: Anderson Toshiyuki Sasaki --- lib/crypto-selftests-pk.c | 318 ++++++++++++++++++++++------------------------ 1 file changed, 153 insertions(+), 165 deletions(-) diff --git a/lib/crypto-selftests-pk.c b/lib/crypto-selftests-pk.c index ac26dd7f43..6f66cd84dd 100644 --- a/lib/crypto-selftests-pk.c +++ b/lib/crypto-selftests-pk.c @@ -22,6 +22,7 @@ #include "gnutls_int.h" #include "errors.h" +#include "fips.h" #include #include #include @@ -114,10 +115,10 @@ static const char dsa_2048_privkey[] = "-----END DSA PRIVATE KEY-----\n"; static const char dsa_2048_sig[] = - "\x30\x3d\x02\x1c\x2e\x40\x14\xb3\x7a\x3f\xc0\x4f\x06\x74\x4f\xa6" - "\x5f\xc2\x0a\x46\x35\x38\x88\xb4\x1a\xcf\x94\x02\x40\x42\x7c\x7f" - "\x02\x1d\x00\x98\xfc\xf1\x08\x66\xf1\x86\x28\xc9\x73\x9e\x2b\x5d" - "\xce\x57\xe8\xb5\xeb\xcf\xa3\xf6\x60\xf6\x63\x16\x0e\xc0\x42"; + "\x30\x3d\x02\x1d\x00\xbe\x87\x2f\xcf\xa1\xe4\x86\x5c\x72\x58\x4a" + "\x7b\x8f\x32\x7f\xa5\x1b\xdc\x5c\xae\xda\x98\xea\x15\x32\xed\x0c" + "\x4e\x02\x1c\x4c\x76\x01\x2b\xcd\xb9\x33\x95\xf2\xfa\xde\x56\x01" + "\xb7\xaa\xe4\x5a\x4a\x2e\xf1\x24\x5a\xd1\xb5\x83\x9a\x93\x61"; /* secp256r1 private key and signature */ static const char ecdsa_secp256r1_privkey[] = @@ -128,11 +129,11 @@ static const char ecdsa_secp256r1_privkey[] = "-----END EC PRIVATE KEY-----\n"; static const char ecdsa_secp256r1_sig[] = - "\x30\x45\x02\x21\x00\x9b\x8f\x60\xed\x9e\x40\x8d\x74\x82\x73\xab" - "\x20\x1a\x69\xfc\xf9\xee\x3c\x41\x80\xc0\x39\xdd\x21\x1a\x64\xfd" - "\xbf\x7e\xaa\x43\x70\x02\x20\x44\x28\x05\xdd\x30\x47\x58\x96\x18" - "\x39\x94\x18\xba\xe7\x7a\xf6\x1e\x2d\xba\xb1\xe0\x7d\x73\x9e\x2f" - "\x58\xee\x0c\x2a\x89\xe8\x35"; + "\x30\x45\x02\x21\x00\x80\x67\x18\xb9\x72\xc6\x0b\xe1\xc9\x89\x9b" + "\x85\x11\x49\x29\x08\xd9\x86\x76\xcc\xfb\xc1\xf4\xd0\xa2\x5e\xa7" + "\xb9\x12\xfb\x1a\x68\x02\x20\x67\x12\xb1\x89\x9e\x1d\x9d\x5c\x0f" + "\xef\x6e\xa7\x2a\x95\x8c\xfa\x54\x20\x80\xc8\x30\x7c\xff\x06\xbc" + "\xc8\xe2\x9a\x2f\x05\x2f\x67"; #ifdef ENABLE_NON_SUITEB_CURVES /* secp192r1 private key and signature */ @@ -143,10 +144,10 @@ static const char ecdsa_secp192r1_privkey[] = "Fg==" "-----END EC PRIVATE KEY-----"; static const char ecdsa_secp192r1_sig[] = - "\x30\x34\x02\x18\x5f\xb3\x10\x4b\x4d\x44\x48\x29\x4b\xfd\xa7\x8e" - "\xce\x57\xac\x36\x38\x54\xab\x73\xdb\xed\xb8\x5f\x02\x18\x0b\x8b" - "\xf3\xae\x49\x50\x0e\x47\xca\x89\x1a\x00\xca\x23\xf5\x8d\xd6\xe3" - "\xce\x9a\xff\x2e\x4f\x5c"; + "\x30\x34\x02\x18\x7c\x43\xe3\xb7\x26\x90\x43\xb5\xf5\x63\x8f\xee" + "\xac\x78\x3d\xac\x35\x35\xd0\x1e\x83\x17\x2b\x64\x02\x18\x14\x6e" + "\x94\xd5\x7e\xac\x43\x42\x0b\x71\x7a\xc8\x29\xe6\xe3\xda\xf2\x95" + "\x0e\xe0\x63\x24\xed\xf2"; /* secp224r1 private key and signature */ static const char ecdsa_secp224r1_privkey[] = @@ -156,10 +157,10 @@ static const char ecdsa_secp224r1_privkey[] = "DqPsk8xBHAB7pA==" "-----END EC PRIVATE KEY-----"; static const char ecdsa_secp224r1_sig[] = - "\x30\x3d\x02\x1c\x76\x03\x8d\x74\xf4\xd3\x09\x2a\xb5\xdf\x6b\x5b" - "\xf4\x4b\x86\xb8\x62\x81\x5d\x7b\x7a\xbb\x37\xfc\xf1\x46\x1c\x2b" - "\x02\x1d\x00\xa0\x98\x5d\x80\x43\x89\xe5\xee\x1a\xec\x46\x08\x04" - "\x55\xbc\x50\xfa\x2a\xd5\xa6\x18\x92\x19\xdb\x68\xa0\x2a\xda"; + "\x30\x3d\x02\x1c\x14\x22\x09\xa1\x51\x33\x37\xfd\x78\x73\xbd\x84" + "\x6e\x76\xa8\x60\x90\xf5\xb6\x57\x34\x25\xe0\x79\xe3\x01\x61\xa9" + "\x02\x1d\x00\xb1\xee\xdb\xae\xb3\xe6\x9c\x04\x68\xd5\xe1\x0d\xb6" + "\xfc\x5c\x45\xc3\x4f\xbf\x2b\xa5\xe0\x89\x37\x84\x04\x82\x5f"; #endif /* secp384r1 private key and signature */ @@ -171,13 +172,13 @@ static const char ecdsa_secp384r1_privkey[] = "pv8e4ugXagVQVBXNZJ859iYPdJR24vo=" "-----END EC PRIVATE KEY-----"; static const char ecdsa_secp384r1_sig[] = - "\x30\x66\x02\x31\x00\xbb\x4d\x25\x30\x13\x1b\x3b\x75\x60\x07\xed" - "\x53\x8b\x52\xee\xd8\x6e\xf1\x9d\xa8\x36\x0e\x2e\x20\x31\x51\x11" - "\x48\x78\xdd\xaf\x24\x38\x64\x81\x71\x6b\xa6\xb7\x29\x58\x28\x82" - "\x32\xba\x29\x29\xd9\x02\x31\x00\xeb\x70\x09\x87\xac\x7b\x78\x0d" - "\x4c\x4f\x08\x2b\x86\x27\xe2\x60\x1f\xc9\x11\x9f\x1d\xf5\x82\x4c" - "\xc7\x3d\xb0\x27\xc8\x93\x29\xc7\xd0\x0e\x88\x02\x09\x93\xc2\x72" - "\xce\xa5\x74\x8c\x3d\xe0\x8c\xad"; + "\x30\x65\x02\x31\x00\xa7\x73\x60\x16\xdb\xf9\x1f\xfc\x9e\xd2\x12" + "\x23\xd4\x04\xa7\x31\x1f\x15\x28\xfd\x87\x9c\x2c\xb1\xf3\x38\x35" + "\x23\x3b\x6e\xfe\x6a\x5d\x89\x34\xbe\x02\x82\xc6\x27\xea\x45\x53" + "\xa9\x87\xc5\x31\x0a\x02\x30\x76\x32\x80\x6b\x43\x3c\xb4\xfd\x90" + "\x03\xe0\x1d\x5d\x77\x18\x45\xf6\x71\x29\xa9\x05\x87\x49\x75\x3a" + "\x78\x9c\x49\xe5\x6c\x8e\x18\xcd\x5d\xee\x2c\x6f\x92\xf7\x15\xd3" + "\x38\xd5\xf9\x9b\x9d\x1a\xf4"; /* secp521r1 private key and signature */ static const char ecdsa_secp521r1_privkey[] = @@ -190,43 +191,31 @@ static const char ecdsa_secp521r1_privkey[] = "-----END EC PRIVATE KEY-----"; static const char ecdsa_secp521r1_sig[] = - "\x30\x81\x87\x02\x42\x01\xb8\xcb\x52\x9e\x10\xa8\x49\x3f\xe1\x9e" - "\x14\x0a\xcf\x96\xed\x7e\xab\x7d\x0c\xe1\x9b\xa4\x97\xdf\x01\xf5" - "\x35\x42\x5f\x5b\x28\x15\x24\x33\x6e\x59\x6c\xaf\x10\x8b\x98\x8e" - "\xe9\x4c\x23\x0d\x76\x92\x03\xdd\x6d\x8d\x08\x47\x15\x5b\xf8\x66" - "\x75\x75\x40\xe8\xf4\xa0\x52\x02\x41\x15\x27\x7c\x5f\xa6\x33\xa6" - "\x29\x68\x3f\x55\x8d\x7f\x1d\x4f\x88\xc6\x61\x6e\xac\x21\xdf\x2b" - "\x7b\xde\x76\x9a\xdc\xe6\x3b\x94\x3f\x03\x9c\xa2\xa6\xa3\x63\x39" - "\x48\xbd\x79\x70\x21\xf2\x6b\xff\x58\x66\xf1\x58\xc2\x58\xad\x4f" - "\x84\x14\x5d\x05\x12\x83\xd0\x87\xbd\xf3"; - -/* GOST01 private key and signature */ + "\x30\x81\x88\x02\x42\x01\x9d\x13\x2e\xc9\x75\x1b\x60\x10\x62\xc5" + "\x0d\xcb\x08\x9e\x86\x01\xd3\xc9\x8c\xee\x2e\x16\x3d\x8c\xc2\x65" + "\x80\xe1\x32\x56\xc3\x02\x9d\xf0\x4a\x89\x8d\x2e\x33\x2a\x90\x4e" + "\x72\x1d\xaa\x84\x14\xe8\xcb\xdf\x7a\x4a\xc9\x67\x2e\xba\xa3\xf2" + "\xc2\x07\xf7\x1b\xa5\x91\xbd\x02\x42\x01\xe3\x32\xd2\x25\xeb\x2e" + "\xaf\xb4\x6c\xc0\xaa\x5c\xc1\x56\x14\x13\x23\x7f\x62\xcf\x4c\xb8" + "\xd1\x96\xe0\x29\x6d\xed\x74\xdd\x23\x64\xf9\x29\x86\x40\x22\x2f" + "\xb6\x8d\x4c\x8e\x0b\x7a\xda\xdb\x03\x44\x01\x9b\x81\x1c\x3c\xab" + "\x78\xee\xf2\xc5\x24\x33\x61\x65\x01\x87\x66"; + +/* GOST01 private key */ static const char gost01_privkey[] = "-----BEGIN PRIVATE KEY-----\n" "MEUCAQAwHAYGKoUDAgITMBIGByqFAwICIwEGByqFAwICHgEEIgQgdNfuHGmmTdPm\n" "p5dAa3ea9UYxpdYQPP9lbDwzQwG2bJM=\n" "-----END PRIVATE KEY-----\n"; -static const char gost01_sig[] = - "\xc5\xc8\xf8\xdc\x22\x51\xb0\x72\xe9\xa2\xbb\x84\x6c\xe2\x24\xd5" - "\x72\x39\x2a\x5a\x0e\x7a\x43\xfc\x9c\xc3\x5d\x32\x92\xbb\xab\xc0" - "\x4b\x99\xbd\xc8\x47\x24\x70\x06\x7e\xa1\xc6\xe3\xa0\xdc\x42\xed" - "\xa0\x66\xf0\xcc\x50\x97\xe9\x5a\x7d\x3f\x65\x2d\x7b\x1b\x03\xcb"; - -/* GOST12 256 private key and signature */ +/* GOST12 256 private key */ static const char gost12_256_privkey[] = "-----BEGIN PRIVATE KEY-----\n" "MEgCAQAwHwYIKoUDBwEBAQEwEwYHKoUDAgIjAQYIKoUDBwEBAgIEIgQgKOF96tom\n" "D61rhSnzKjyrmO3fv0gdlHei+6ovrc8SnBk=\n" "-----END PRIVATE KEY-----\n"; -static const char gost12_256_sig[] = - "\xb2\x51\x5a\x1a\xbd\x95\x4e\x71\x55\xad\x74\x74\x81\xa6\xca\x6c" - "\x14\x01\xe0\x18\xda\xe4\x0d\x02\x4f\x14\xd2\x39\xd6\x3c\xb5\x85" - "\xa8\x37\xfd\x7f\x2b\xfa\xe4\xf5\xbc\xbc\x15\x20\x8b\x83\x4b\x84" - "\x0d\x5d\x02\x21\x8c\x0d\xb9\xc4\x2b\xc0\x3e\xfd\x42\x55\x1d\xb0"; - -/* GOST12 512 private key and signature */ +/* GOST12 512 private key */ static const char gost12_512_privkey[] = "-----BEGIN PRIVATE KEY-----\n" "MGoCAQAwIQYIKoUDBwEBAQIwFQYJKoUDBwECAQIBBggqhQMHAQECAwRCBECjFpvp\n" @@ -234,16 +223,6 @@ static const char gost12_512_privkey[] = "hsQ3JCCy4xnd5jWT\n" "-----END PRIVATE KEY-----\n"; -static const char gost12_512_sig[] = - "\x52\x4f\xa2\x77\x51\xd2\xc5\xef\xd3\xa3\x99\x4e\xec\xff\xc6\xe9" - "\xfc\x2f\xc0\x28\x42\x03\x95\x6c\x9a\x38\xee\xea\x89\x79\xae\x1a" - "\xc3\x68\x5e\xe4\x15\x15\x4b\xec\x0f\xf1\x7e\x0f\xba\x01\xc7\x84" - "\x16\xc7\xb5\xac\x9d\x0c\x22\xdd\x31\xf7\xb0\x9b\x59\x4b\xf0\x02" - "\xa8\x7d\xfd\x6d\x02\x43\xc7\x4f\x65\xbd\x84\x5c\x54\x91\xba\x75" - "\x9f\x5a\x61\x19\x5c\x9a\x10\x78\x34\xa0\xa6\xf6\xdc\xb6\xb0\x50" - "\x22\x38\x5f\xb0\x16\x66\xf1\xd5\x46\x00\xd5\xe2\xa8\xe5\xd2\x11" - "\x5f\xd1\xbe\x6e\xac\xb2\x9c\x14\x34\x96\xe7\x58\x94\xb8\xf4\x5f"; - static int test_rsa_enc(gnutls_pk_algorithm_t pk, unsigned bits, gnutls_digest_algorithm_t ign) { @@ -488,7 +467,7 @@ static int test_known_sig(gnutls_pk_algorithm_t pk, unsigned bits, gnutls_digest_algorithm_t dig, const void *privkey, size_t privkey_size, const void *stored_sig, size_t stored_sig_size, - unsigned deterministic_sigs) + gnutls_privkey_flags_t flags) { int ret; gnutls_datum_t sig = { NULL, 0 }; @@ -497,8 +476,11 @@ static int test_known_sig(gnutls_pk_algorithm_t pk, unsigned bits, gnutls_privkey_t key; char param_name[32]; - if (pk == GNUTLS_PK_EC || pk == GNUTLS_PK_GOST_01 || - pk == GNUTLS_PK_GOST_12_256 || pk == GNUTLS_PK_GOST_12_512) { + if (pk == GNUTLS_PK_EC || + pk == GNUTLS_PK_GOST_01 || + pk == GNUTLS_PK_GOST_12_256 || + pk == GNUTLS_PK_GOST_12_512) + { snprintf(param_name, sizeof(param_name), "%s", gnutls_ecc_curve_get_name(GNUTLS_BITS_TO_CURVE (bits))); @@ -532,39 +514,37 @@ static int test_known_sig(gnutls_pk_algorithm_t pk, unsigned bits, goto cleanup; } - /* Test if the signature we generate matches the stored */ + ret = gnutls_privkey_sign_data(key, dig, flags, &signed_data, &sig); + if (ret < 0) { + gnutls_assert(); + goto cleanup; + } + + /* Test if the generated signature matches the stored */ ssig.data = (void *) stored_sig; ssig.size = stored_sig_size; - if (deterministic_sigs != 0) { /* do not compare against stored signature if not provided */ - ret = - gnutls_privkey_sign_data(key, dig, 0, &signed_data, - &sig); - if (ret < 0) { - gnutls_assert(); - goto cleanup; - } - - if (sig.size != ssig.size - || memcmp(sig.data, ssig.data, sig.size) != 0) { - ret = GNUTLS_E_SELF_TEST_ERROR; + if (sig.size != ssig.size + || memcmp(sig.data, ssig.data, sig.size) != 0) { + ret = GNUTLS_E_SELF_TEST_ERROR; #if 0 - unsigned i; - fprintf(stderr, "\nstored[%d]: ", ssig.size); - for (i = 0; i < ssig.size; i++) - fprintf(stderr, "\\x%.2x", ssig.data[i]); - - fprintf(stderr, "\ngenerated[%d]: ", sig.size); - for (i = 0; i < sig.size; i++) - fprintf(stderr, "\\x%.2x", sig.data[i]); - fprintf(stderr, "\n"); + unsigned i; + fprintf(stderr, "Algorithm: %s-%s\n", + gnutls_pk_get_name(pk), param_name); + fprintf(stderr, "\nstored[%d]: ", ssig.size); + for (i = 0; i < ssig.size; i++) + fprintf(stderr, "\\x%.2x", ssig.data[i]); + + fprintf(stderr, "\ngenerated[%d]: ", sig.size); + for (i = 0; i < sig.size; i++) + fprintf(stderr, "\\x%.2x", sig.data[i]); + fprintf(stderr, "\n"); #endif - gnutls_assert(); - goto cleanup; - } + gnutls_assert(); + goto cleanup; } - /* Test if we can verify the signature */ + /* Test if we can verify the generated signature */ ret = gnutls_pubkey_import_privkey(pub, key, 0, 0); if (ret < 0) { @@ -574,7 +554,7 @@ static int test_known_sig(gnutls_pk_algorithm_t pk, unsigned bits, ret = gnutls_pubkey_verify_data2(pub, gnutls_pk_to_sign(pk, dig), 0, - &signed_data, &ssig); + &signed_data, &sig); if (ret < 0) { ret = GNUTLS_E_SELF_TEST_ERROR; gnutls_assert(); @@ -585,7 +565,7 @@ static int test_known_sig(gnutls_pk_algorithm_t pk, unsigned bits, ret = gnutls_pubkey_verify_data2(pub, gnutls_pk_to_sign(pk, dig), 0, - &bad_data, &ssig); + &bad_data, &sig); if (ret != GNUTLS_E_PK_SIG_VERIFY_FAILED) { ret = GNUTLS_E_SELF_TEST_ERROR; @@ -618,8 +598,8 @@ static int test_known_sig(gnutls_pk_algorithm_t pk, unsigned bits, goto cleanup; \ } -#define PK_KNOWN_TEST(pk, det, bits, dig, pkey, sig) \ - ret = test_known_sig(pk, bits, dig, pkey, sizeof(pkey)-1, sig, sizeof(sig)-1, det); \ +#define PK_KNOWN_TEST(pk, bits, dig, pkey, sig, flags) \ + ret = test_known_sig(pk, bits, dig, pkey, sizeof(pkey)-1, sig, sizeof(sig)-1, flags); \ if (ret < 0) { \ gnutls_assert(); \ goto cleanup; \ @@ -830,9 +810,18 @@ int gnutls_pk_self_test(unsigned flags, gnutls_pk_algorithm_t pk) { int ret; + bool is_post = false; + bool is_fips140_mode_enabled = false; + if (flags & GNUTLS_SELF_TEST_FLAG_ALL) pk = GNUTLS_PK_UNKNOWN; + if (_gnutls_get_lib_state() == LIB_STATE_SELFTEST) + is_post = true; + + if (gnutls_fips140_mode_enabled()) + is_fips140_mode_enabled = true; + switch (pk) { case GNUTLS_PK_UNKNOWN: FALLTHROUGH; @@ -847,32 +836,36 @@ int gnutls_pk_self_test(unsigned flags, gnutls_pk_algorithm_t pk) return 0; FALLTHROUGH; case GNUTLS_PK_RSA: - PK_KNOWN_TEST(GNUTLS_PK_RSA, 1, 2048, GNUTLS_DIG_SHA256, - rsa_2048_privkey, rsa_2048_sig); + PK_KNOWN_TEST(GNUTLS_PK_RSA, 2048, GNUTLS_DIG_SHA256, + rsa_2048_privkey, rsa_2048_sig, 0); + PK_TEST(GNUTLS_PK_RSA, test_rsa_enc, 2048, 0); if (!(flags & GNUTLS_SELF_TEST_FLAG_ALL)) return 0; - PK_TEST(GNUTLS_PK_RSA, test_sig, 2048, GNUTLS_SIGN_RSA_SHA256); - FALLTHROUGH; case GNUTLS_PK_RSA_PSS: - PK_TEST(GNUTLS_PK_RSA_PSS, test_sig, 2048, GNUTLS_SIGN_RSA_PSS_RSAE_SHA256); + PK_TEST(GNUTLS_PK_RSA_PSS, test_sig, 2048, + GNUTLS_SIGN_RSA_PSS_RSAE_SHA256); if (!(flags & GNUTLS_SELF_TEST_FLAG_ALL)) return 0; FALLTHROUGH; case GNUTLS_PK_DSA: - PK_KNOWN_TEST(GNUTLS_PK_DSA, 0, 2048, GNUTLS_DIG_SHA256, - dsa_2048_privkey, dsa_2048_sig); + if (is_post || !is_fips140_mode_enabled) { + PK_KNOWN_TEST(GNUTLS_PK_DSA, 2048, GNUTLS_DIG_SHA256, + dsa_2048_privkey, dsa_2048_sig, + GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE); + } else { + PK_TEST(GNUTLS_PK_DSA, test_sig, 2048, + GNUTLS_SIGN_DSA_SHA256); + } if (!(flags & GNUTLS_SELF_TEST_FLAG_ALL)) return 0; - PK_TEST(GNUTLS_PK_DSA, test_sig, 2048, GNUTLS_SIGN_DSA_SHA256); - FALLTHROUGH; case GNUTLS_PK_EC: /* Test ECDH and ECDSA */ @@ -883,100 +876,95 @@ int gnutls_pk_self_test(unsigned flags, gnutls_pk_algorithm_t pk) } /* Test ECDSA */ - PK_KNOWN_TEST(GNUTLS_PK_EC, 0, - GNUTLS_CURVE_TO_BITS - (GNUTLS_ECC_CURVE_SECP256R1), - GNUTLS_DIG_SHA256, ecdsa_secp256r1_privkey, - ecdsa_secp256r1_sig); + if (is_post || !is_fips140_mode_enabled) { + PK_KNOWN_TEST(GNUTLS_PK_EC, + GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_SECP256R1), + GNUTLS_DIG_SHA256, ecdsa_secp256r1_privkey, + ecdsa_secp256r1_sig, GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE); + } else { + PK_TEST(GNUTLS_PK_EC, test_sig, + GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_SECP256R1), + GNUTLS_SIGN_ECDSA_SHA256); + } if (!(flags & GNUTLS_SELF_TEST_FLAG_ALL)) return 0; - PK_TEST(GNUTLS_PK_EC, test_sig, - GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_SECP256R1), - GNUTLS_SIGN_ECDSA_SHA256); - - PK_KNOWN_TEST(GNUTLS_PK_EC, 0, - GNUTLS_CURVE_TO_BITS - (GNUTLS_ECC_CURVE_SECP384R1), - GNUTLS_DIG_SHA256, ecdsa_secp384r1_privkey, - ecdsa_secp384r1_sig); - PK_TEST(GNUTLS_PK_EC, test_sig, - GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_SECP384R1), - GNUTLS_SIGN_ECDSA_SHA384); - - PK_KNOWN_TEST(GNUTLS_PK_EC, 0, - GNUTLS_CURVE_TO_BITS - (GNUTLS_ECC_CURVE_SECP521R1), - GNUTLS_DIG_SHA512, ecdsa_secp521r1_privkey, - ecdsa_secp521r1_sig); - PK_TEST(GNUTLS_PK_EC, test_sig, - GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_SECP521R1), - GNUTLS_SIGN_ECDSA_SHA512); + if (is_post || !is_fips140_mode_enabled) { + PK_KNOWN_TEST(GNUTLS_PK_EC, + GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_SECP384R1), + GNUTLS_DIG_SHA384, ecdsa_secp384r1_privkey, + ecdsa_secp384r1_sig, GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE); + } else { + PK_TEST(GNUTLS_PK_EC, test_sig, + GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_SECP384R1), + GNUTLS_SIGN_ECDSA_SHA384); + } + + if (is_post || !is_fips140_mode_enabled) { + PK_KNOWN_TEST(GNUTLS_PK_EC, + GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_SECP521R1), + GNUTLS_DIG_SHA512, ecdsa_secp521r1_privkey, + ecdsa_secp521r1_sig, GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE); + } else { + PK_TEST(GNUTLS_PK_EC, test_sig, + GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_SECP521R1), + GNUTLS_SIGN_ECDSA_SHA512); + } #ifdef ENABLE_NON_SUITEB_CURVES - PK_KNOWN_TEST(GNUTLS_PK_EC, 0, - GNUTLS_CURVE_TO_BITS - (GNUTLS_ECC_CURVE_SECP192R1), - GNUTLS_DIG_SHA256, ecdsa_secp192r1_privkey, - ecdsa_secp192r1_sig); - PK_TEST(GNUTLS_PK_EC, test_sig, - GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_SECP192R1), - GNUTLS_SIGN_ECDSA_SHA256); - - PK_KNOWN_TEST(GNUTLS_PK_EC, 0, - GNUTLS_CURVE_TO_BITS - (GNUTLS_ECC_CURVE_SECP224R1), - GNUTLS_DIG_SHA256, ecdsa_secp224r1_privkey, - ecdsa_secp224r1_sig); - PK_TEST(GNUTLS_PK_EC, test_sig, - GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_SECP224R1), - GNUTLS_SIGN_ECDSA_SHA256); + if (is_post || !is_fips140_mode_enabled) { + PK_KNOWN_TEST(GNUTLS_PK_EC, + GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_SECP192R1), + GNUTLS_DIG_SHA256, ecdsa_secp192r1_privkey, + ecdsa_secp192r1_sig, GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE); + } else { + PK_TEST(GNUTLS_PK_EC, test_sig, + GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_SECP192R1), + GNUTLS_SIGN_ECDSA_SHA256); + } + + if (is_post || !is_fips140_mode_enabled) { + PK_KNOWN_TEST(GNUTLS_PK_EC, + GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_SECP224R1), + GNUTLS_DIG_SHA256, ecdsa_secp224r1_privkey, + ecdsa_secp224r1_sig, GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE); + } else { + PK_TEST(GNUTLS_PK_EC, test_sig, + GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_SECP224R1), + GNUTLS_SIGN_ECDSA_SHA256); + } #endif + #if ENABLE_GOST FALLTHROUGH; case GNUTLS_PK_GOST_01: - PK_KNOWN_TEST(GNUTLS_PK_GOST_01, 0, - GNUTLS_ECC_CURVE_GOST256CPA, - GNUTLS_DIG_GOSTR_94, - gost01_privkey, gost01_sig); - - if (!(flags & GNUTLS_SELF_TEST_FLAG_ALL)) - return 0; - PK_TEST(GNUTLS_PK_GOST_01, test_sig, GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_GOST256CPA), GNUTLS_SIGN_GOST_94); - FALLTHROUGH; - case GNUTLS_PK_GOST_12_256: - PK_KNOWN_TEST(GNUTLS_PK_GOST_12_256, 0, - GNUTLS_ECC_CURVE_GOST256CPA, GNUTLS_DIG_STREEBOG_256, - gost12_256_privkey, gost12_256_sig); - if (!(flags & GNUTLS_SELF_TEST_FLAG_ALL)) return 0; + FALLTHROUGH; + case GNUTLS_PK_GOST_12_256: PK_TEST(GNUTLS_PK_GOST_12_256, test_sig, GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_GOST256CPA), GNUTLS_SIGN_GOST_256); - FALLTHROUGH; - case GNUTLS_PK_GOST_12_512: - PK_KNOWN_TEST(GNUTLS_PK_GOST_12_512, 0, - GNUTLS_ECC_CURVE_GOST512A, GNUTLS_DIG_STREEBOG_512, - gost12_512_privkey, gost12_512_sig); - if (!(flags & GNUTLS_SELF_TEST_FLAG_ALL)) return 0; + FALLTHROUGH; + case GNUTLS_PK_GOST_12_512: PK_TEST(GNUTLS_PK_GOST_12_512, test_sig, GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_GOST512A), GNUTLS_SIGN_GOST_512); + if (!(flags & GNUTLS_SELF_TEST_FLAG_ALL)) + return 0; #endif - break; default: return gnutls_assert_val(GNUTLS_E_NO_SELF_TEST); -- cgit v1.2.1