diff options
author | Dimitri John Ledkov <dimitri.ledkov@surgut.co.uk> | 2024-05-13 18:07:40 +0100 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2024-05-22 15:31:00 +0200 |
commit | 1bfc8d17f349fbe1c849bf362b24ca0af4a8977d (patch) | |
tree | 8181102afd5116eb0488d6d176d3555ec512c771 /test | |
parent | 973ddaa03f39ef6d3c890918afbeb0ea9cbe8b07 (diff) |
rsa-oaep: block SHAKE usage in FIPS mode
NIST SP 800-56 rev2 only allows using approved hash algorithms in
OAEP. Unlike FIPS 186-5 it doesn't have text allowing to use XOF SHAKE
functions. Maybe future revisions of SP 800-56 will adopt similar text
to FIPS 186-5 and allow XOF as MD and MGF (not MGF1).
RFC documents do not specify if SHAKE is allowed or blocked for usage
(i.e. there is no equivalent of RFC 8692 or RFC 8702 for OAEP). Status
quo allows their usage.
Add test cases for SHAKE in RSA-OAEP as allowed in default provider,
and blocked in fips.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24387)
Diffstat (limited to 'test')
-rw-r--r-- | test/recipes/30-test_evp_data/evppkey_rsa_common.txt | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/test/recipes/30-test_evp_data/evppkey_rsa_common.txt b/test/recipes/30-test_evp_data/evppkey_rsa_common.txt index 0036acdb0f..29f9f03aee 100644 --- a/test/recipes/30-test_evp_data/evppkey_rsa_common.txt +++ b/test/recipes/30-test_evp_data/evppkey_rsa_common.txt @@ -328,6 +328,38 @@ Ctrl = rsa_padding_mode:oaep Input = 458708DFBD42A1297CE7A9C86C7087AB80B1754810929B89C5107CA55368587686986FCE94D86CC1595B3FB736223A656EC0F34D18BA1CC5665593610F56C58E26B272D584F3D983A5C91085700755AEBD921FB280BBA3EDA7046EC07B43E7298E52D59EDC92BE4639A8CE08B2F85976ECF6D98CC469EEB9D5D8E2A32EA8A6626EDAFE1038B3DF455668A9F3C77CAD8B92FB872E00058C3D2A7EDE1A1F03FC5622084AE04D9D24F6BF0995C58D35B93B699B9763595E123F2AB0863CC9229EB290E2EDE7715C7A8F39E0B9A3E2E1B56EBB62F1CBFBB5986FB212EBD785B83D01D968B11D1756C7337F70C1F1A63BFF03608E24F3A2FD44E67F832A8701C5D5AF Output = "Hello World" +# Decrypt OAEP SHAKE MGF1 +Availablein = default +Decrypt = RSA-2048 +Ctrl = rsa_padding_mode:oaep +Ctrl = rsa_mgf1_md:shake128 +Input = 5998271817ECB28F061CA7A036CF8B79FCFA69C5C5FD782EB6B76AAA137338E3FB4F09BC3E53002EDE3B279F7470071F22C088B56D06626992EB5A20CA596B2F61BF7691CC1F9AD18ACC1E4E8598000A7829F387024740C42DF89D83A9C5032BB891964405019D0144A251B13F9FC6A652B5FF07697541F5A616AC7D39BA8F47CC2D48BC327201C8A0A0E0543BC7ACB0A99545DB94C8EE94D928D813AD06E4B2790AF30B42BFB141516BA1D3285C0A46E2EC0ABD23A3BB19556A58E4EEBB35950464C8C961C9707C66AE580CBD64583482A6B88FE1B68CFFE5A0AE5797DFAB90D3F594C624917EC25ADBFDEEBF212C9C15C6AE4AFA35A4F3CF79FC4BD3F8A91A +Output = "Hello World" + +# Decrypt OAEP SHAKE MD +Availablein = default +Decrypt = RSA-2048 +Ctrl = rsa_padding_mode:oaep +Ctrl = rsa_oaep_md:shake128 +Input = 9DA9DA65D80395D1BB6A410F08B5A6B7D911463BE5804894DCE78973995DB98654E873CEFE001C436E15091D3E95137B51B84099553C97E144A102CF4A3BC9EB48036827F1F77E9308A34BC335EBF2FC6A1F0C6DB910BE75222109F9D3D2A02683F680DDD5C08D2A3273A90607F34E6454D72FD39095128775906A6B3064F2E14122A5FB8BF874DAB27D65B637A38AF93C68609699F180EE0DE551D8B31A90B5934632AA2C770F667D3C59917CC4D32E0F964E9516728E87974B0D072598B4E027A4CA3D80E8979677C40A1F7391481C81EE3CB0A529138F1E1D41538E5A06D7CB08C49F01F601EED40784ABCFC3A9C4BB8BA557277DE6FAF9F08EF092446CE0 +Output = "Hello World" + +# Decrypt OAEP SHAKE MGF1 +Availablein = fips +Decrypt = RSA-2048 +Ctrl = rsa_padding_mode:oaep +Ctrl = rsa_mgf1_md:shake128 +Input = 5998271817ECB28F061CA7A036CF8B79FCFA69C5C5FD782EB6B76AAA137338E3FB4F09BC3E53002EDE3B279F7470071F22C088B56D06626992EB5A20CA596B2F61BF7691CC1F9AD18ACC1E4E8598000A7829F387024740C42DF89D83A9C5032BB891964405019D0144A251B13F9FC6A652B5FF07697541F5A616AC7D39BA8F47CC2D48BC327201C8A0A0E0543BC7ACB0A99545DB94C8EE94D928D813AD06E4B2790AF30B42BFB141516BA1D3285C0A46E2EC0ABD23A3BB19556A58E4EEBB35950464C8C961C9707C66AE580CBD64583482A6B88FE1B68CFFE5A0AE5797DFAB90D3F594C624917EC25ADBFDEEBF212C9C15C6AE4AFA35A4F3CF79FC4BD3F8A91A +Result = KEYOP_ERROR + +# Decrypt OAEP SHAKE MD +Availablein = fips +Decrypt = RSA-2048 +Ctrl = rsa_padding_mode:oaep +Ctrl = rsa_oaep_md:shake128 +Input = 9DA9DA65D80395D1BB6A410F08B5A6B7D911463BE5804894DCE78973995DB98654E873CEFE001C436E15091D3E95137B51B84099553C97E144A102CF4A3BC9EB48036827F1F77E9308A34BC335EBF2FC6A1F0C6DB910BE75222109F9D3D2A02683F680DDD5C08D2A3273A90607F34E6454D72FD39095128775906A6B3064F2E14122A5FB8BF874DAB27D65B637A38AF93C68609699F180EE0DE551D8B31A90B5934632AA2C770F667D3C59917CC4D32E0F964E9516728E87974B0D072598B4E027A4CA3D80E8979677C40A1F7391481C81EE3CB0A529138F1E1D41538E5A06D7CB08C49F01F601EED40784ABCFC3A9C4BB8BA557277DE6FAF9F08EF092446CE0 +Result = KEYOP_ERROR + # OAEP padding, corrupted ciphertext Decrypt = RSA-2048 Ctrl = rsa_padding_mode:oaep |