diff options
author | Dimitri John Ledkov <dimitri.ledkov@surgut.co.uk> | 2024-05-11 01:26:55 +0100 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2024-05-22 15:31:00 +0200 |
commit | 973ddaa03f39ef6d3c890918afbeb0ea9cbe8b07 (patch) | |
tree | ec9d031c4d3d97859bde0b388d1dd60468c3b132 /test | |
parent | 7884bedc04b90bcdd46cb52e525ebe6aa1bedae5 (diff) | |
download | openssl-973ddaa03f39ef6d3c890918afbeb0ea9cbe8b07.zip openssl-973ddaa03f39ef6d3c890918afbeb0ea9cbe8b07.tar.gz openssl-973ddaa03f39ef6d3c890918afbeb0ea9cbe8b07.tar.bz2 |
rsa-pss: add tests checking for SHAKE usage in RSA-PSS
FIPS 186-5, RFC 8692, RFC 8702 all agree and specify that Shake shall
be used directly as MGF (not as a hash in MGF1). Add tests that try to
specify shake hash as MGF1 to ensure that fails.
Separately the above standards specify how to use SHAKE as a message
digest with either fixed or minimum output lengths. However, currently
shake is not part of allowed hashes.
Note that rsa_setup_md()/rsa_setup_mgf1_md() call
ossl_digest_rsa_sign_get_md_nid() ->
ossl_digest_get_approved_nid_with_sha1() ->
ossl_digest_get_approved_nid() which only contain sha1/sha2/sha3
digests without XOF.
The digest test case will need to be replace if/when shake with
minimum output lengths is added to ossl_digest_get_approved_nid().
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24387)
Diffstat (limited to 'test')
-rw-r--r-- | test/recipes/30-test_evp_data/evppkey_rsa_common.txt | 37 |
1 files changed, 37 insertions, 0 deletions
diff --git a/test/recipes/30-test_evp_data/evppkey_rsa_common.txt b/test/recipes/30-test_evp_data/evppkey_rsa_common.txt index f5398f7..0036acd 100644 --- a/test/recipes/30-test_evp_data/evppkey_rsa_common.txt +++ b/test/recipes/30-test_evp_data/evppkey_rsa_common.txt @@ -989,6 +989,43 @@ Verify = RSA-PSS-BAD2 Result = KEYOP_INIT_ERROR Reason = invalid salt length +# Test sign with MGF1 using shake fails +Sign = RSA-PSS +Ctrl = digest:sha256 +Ctrl = rsa_padding_mode:pss +Ctrl = rsa_mgf1_md:shake256 +Input = "" +Output = "" +Result = PKEY_CTRL_ERROR + +# Test verify with MGF1 using shake fails +Verify = RSA-PSS +Ctrl = digest:sha256 +Ctrl = rsa_padding_mode:pss +Ctrl = rsa_mgf1_md:shake256 +Input = "" +Output = "" +Result = PKEY_CTRL_ERROR + +# Test sign with digest using shake fails. Remove once FIPS 186-5 / +# RFC-8702 / RFC-8692 SHAKE digest implemented +Sign = RSA-PSS +Ctrl = digest:shake256 +Ctrl = rsa_padding_mode:pss +Ctrl = rsa_mgf1_md:sha256 +Input = "" +Output = "" +Result = PKEY_CTRL_ERROR + +# Test sign with digest using shake fails. Remove once FIPS 186-5 / +# RFC-8702 / RFC-8692 SHAKE digest implemented +Verify = RSA-PSS +Ctrl = digest:shake256 +Ctrl = rsa_padding_mode:pss +Ctrl = rsa_mgf1_md:sha256 +Input = "" +Output = "" +Result = PKEY_CTRL_ERROR # Additional RSA-PSS and RSA-OAEP tests converted from # ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1-vec.zip |