From 58e1983ef4b4702d6c8135bee54e0c50314a2456 Mon Sep 17 00:00:00 2001 From: qmuntal Date: Wed, 11 Dec 2024 20:17:05 +0100 Subject: [PATCH 1/3] add RSA PSS FIPS tests --- rsa_test.go | 31 +++++++++++++++++++------------ 1 file changed, 19 insertions(+), 12 deletions(-) diff --git a/rsa_test.go b/rsa_test.go index 5b92025e..5add11fe 100644 --- a/rsa_test.go +++ b/rsa_test.go @@ -259,17 +259,20 @@ func TestRSASignVerifyRSAPSS(t *testing.T) { const keyBits = 2048 var saltLengthCombinations = []struct { signSaltLength, verifySaltLength int - good bool + good, fipsGood bool }{ - {rsa.PSSSaltLengthAuto, rsa.PSSSaltLengthAuto, true}, - {rsa.PSSSaltLengthEqualsHash, rsa.PSSSaltLengthAuto, true}, - {rsa.PSSSaltLengthEqualsHash, rsa.PSSSaltLengthEqualsHash, true}, - {rsa.PSSSaltLengthEqualsHash, 8, false}, - {rsa.PSSSaltLengthAuto, rsa.PSSSaltLengthEqualsHash, false}, - {8, 8, true}, - {rsa.PSSSaltLengthAuto, keyBits/8 - 2 - 32, true}, // simulate Go PSSSaltLengthAuto algorithm (32 = sha256 size) - {rsa.PSSSaltLengthAuto, 20, false}, - {rsa.PSSSaltLengthAuto, -2, false}, + {rsa.PSSSaltLengthAuto, rsa.PSSSaltLengthAuto, true, true}, + {rsa.PSSSaltLengthEqualsHash, rsa.PSSSaltLengthAuto, true, true}, + {rsa.PSSSaltLengthEqualsHash, rsa.PSSSaltLengthEqualsHash, true, true}, + {rsa.PSSSaltLengthEqualsHash, 8, false, false}, + {rsa.PSSSaltLengthAuto, rsa.PSSSaltLengthEqualsHash, false, false}, + {8, 8, true, true}, + {rsa.PSSSaltLengthAuto, keyBits/8 - 2 - 32, true, true}, // simulate Go PSSSaltLengthAuto algorithm (32 = sha256 size) + // In FIPS mode, PSSSaltLengthAuto is capped at PSSSaltLengthEqualsHash. + {rsa.PSSSaltLengthAuto, rsa.PSSSaltLengthEqualsHash, false, true}, + {rsa.PSSSaltLengthAuto, 106, true, false}, + {rsa.PSSSaltLengthAuto, 20, false, true}, + {rsa.PSSSaltLengthAuto, -2, false, false}, } sha256 := openssl.NewSHA256() priv, pub := newRSAKey(t, keyBits) @@ -282,8 +285,12 @@ func TestRSASignVerifyRSAPSS(t *testing.T) { continue } err = openssl.VerifyRSAPSS(pub, crypto.SHA256, hashed, signed, test.verifySaltLength) - if (err == nil) != test.good { - t.Errorf("#%d: bad result, wanted: %t, got: %s", i, test.good, err) + good := test.good + if openssl.FIPS() { + good = test.fipsGood + } + if (err == nil) != good { + t.Errorf("#%d: bad result, wanted: %t, got: %s", i, good, err) } } } From 5fcb8d0c9cdbfe067889cac5ef0eb50402b4a73b Mon Sep 17 00:00:00 2001 From: qmuntal Date: Thu, 12 Dec 2024 17:09:36 +0100 Subject: [PATCH 2/3] fix TestRSASignVerifyRSAPSS --- rsa_test.go | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/rsa_test.go b/rsa_test.go index 5add11fe..8acce5d5 100644 --- a/rsa_test.go +++ b/rsa_test.go @@ -267,10 +267,9 @@ func TestRSASignVerifyRSAPSS(t *testing.T) { {rsa.PSSSaltLengthEqualsHash, 8, false, false}, {rsa.PSSSaltLengthAuto, rsa.PSSSaltLengthEqualsHash, false, false}, {8, 8, true, true}, - {rsa.PSSSaltLengthAuto, keyBits/8 - 2 - 32, true, true}, // simulate Go PSSSaltLengthAuto algorithm (32 = sha256 size) // In FIPS mode, PSSSaltLengthAuto is capped at PSSSaltLengthEqualsHash. {rsa.PSSSaltLengthAuto, rsa.PSSSaltLengthEqualsHash, false, true}, - {rsa.PSSSaltLengthAuto, 106, true, false}, + {rsa.PSSSaltLengthAuto, keyBits/8 - 2 - 32, true, false}, // simulate Go PSSSaltLengthAuto algorithm (32 = sha256 size) {rsa.PSSSaltLengthAuto, 20, false, true}, {rsa.PSSSaltLengthAuto, -2, false, false}, } @@ -281,7 +280,7 @@ func TestRSASignVerifyRSAPSS(t *testing.T) { for i, test := range saltLengthCombinations { signed, err := openssl.SignRSAPSS(priv, crypto.SHA256, hashed, test.signSaltLength) if err != nil { - t.Errorf("#%d: error while signing: %s", i, err) + t.Errorf("#%d: error while signing: %v", i, err) continue } err = openssl.VerifyRSAPSS(pub, crypto.SHA256, hashed, signed, test.verifySaltLength) @@ -290,7 +289,7 @@ func TestRSASignVerifyRSAPSS(t *testing.T) { good = test.fipsGood } if (err == nil) != good { - t.Errorf("#%d: bad result, wanted: %t, got: %s", i, good, err) + t.Errorf("#%d: bad result, wanted: %t, got: %v", i, good, err) } } } From 2d692d2f90795bf6e051b20c83b2f7f697ec75c0 Mon Sep 17 00:00:00 2001 From: qmuntal Date: Thu, 12 Dec 2024 17:13:38 +0100 Subject: [PATCH 3/3] fix TestRSASignVerifyRSAPSS --- rsa_test.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/rsa_test.go b/rsa_test.go index 8acce5d5..a1df9970 100644 --- a/rsa_test.go +++ b/rsa_test.go @@ -257,6 +257,7 @@ func TestRSASignVerifyRSAPSS(t *testing.T) { // Test cases taken from // https://github.com/golang/go/blob/54182ff54a687272dd7632c3a963e036ce03cb7c/src/crypto/rsa/pss_test.go#L200. const keyBits = 2048 + sha256 := openssl.NewSHA256() var saltLengthCombinations = []struct { signSaltLength, verifySaltLength int good, fipsGood bool @@ -269,11 +270,10 @@ func TestRSASignVerifyRSAPSS(t *testing.T) { {8, 8, true, true}, // In FIPS mode, PSSSaltLengthAuto is capped at PSSSaltLengthEqualsHash. {rsa.PSSSaltLengthAuto, rsa.PSSSaltLengthEqualsHash, false, true}, - {rsa.PSSSaltLengthAuto, keyBits/8 - 2 - 32, true, false}, // simulate Go PSSSaltLengthAuto algorithm (32 = sha256 size) - {rsa.PSSSaltLengthAuto, 20, false, true}, + {rsa.PSSSaltLengthAuto, keyBits/8 - 2 - sha256.Size(), true, false}, // simulate Go PSSSaltLengthAuto algorithm + {rsa.PSSSaltLengthAuto, sha256.Size(), false, true}, {rsa.PSSSaltLengthAuto, -2, false, false}, } - sha256 := openssl.NewSHA256() priv, pub := newRSAKey(t, keyBits) sha256.Write([]byte("testing")) hashed := sha256.Sum(nil)