1#
2# Copyright 2024 The OpenSSL Project Authors. All Rights Reserved.
3#
4# Licensed under the Apache License 2.0 (the "License").  You may not use
5# this file except in compliance with the License.  You can obtain a copy
6# in the file LICENSE in the source distribution or at
7# https://www.openssl.org/source/license.html
8
9# Tests start with one of these keywords
10#       Cipher Decrypt Derive Digest Encoding KDF MAC PBE
11#       PrivPubKeyPair Sign Verify VerifyRecover
12# and continue until a blank line. Lines starting with a pound sign are ignored.
13# The keyword Availablein must appear before the test name if needed.
14
15# Public key algorithm tests
16
17# Private keys used for PKEY operations.
18
19# EC P-256 key
20
21PrivateKey=P-256
22-----BEGIN PRIVATE KEY-----
23MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgiocvtiiTxNH/xbnw
24+RdYBp+DUuCPoFpJ+NuSbLVyhyWhRANCAAQsFQ9CnOcPIWwlLPXgYs4fY5zV0WXH
25+JQkBywnGX14szuSDpXNtmTpkNzwz+oNlOKo5q+dDlgFbmUxBJJbn+bJ
26-----END PRIVATE KEY-----
27
28# EC public key for above
29
30PublicKey=P-256-PUBLIC
31-----BEGIN PUBLIC KEY-----
32MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAELBUPQpznDyFsJSz14GLOH2Oc1dFl
33x/iUJAcsJxl9eLM7kg6VzbZk6ZDc8M/qDZTiqOavnQ5YBW5lMQSSW5/myQ==
34-----END PUBLIC KEY-----
35
36PrivPubKeyPair = P-256:P-256-PUBLIC
37
38Title = ECDSA tests
39
40FIPSversion = >=3.4.0
41Verify = ECDSA-SHA1:P-256-PUBLIC
42Input = "0123456789ABCDEF1234"
43Output = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec8
44
45# Digest too long
46FIPSversion = >=3.4.0
47Verify = ECDSA-SHA1:P-256-PUBLIC
48Input = "0123456789ABCDEF12345"
49Output = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec8
50Result = VERIFY_ERROR
51
52# Digest too short
53FIPSversion = >=3.4.0
54Verify = ECDSA-SHA1:P-256-PUBLIC
55Input = "0123456789ABCDEF123"
56Output = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec8
57Result = VERIFY_ERROR
58
59# Digest invalid
60FIPSversion = >=3.4.0
61Verify = ECDSA-SHA1:P-256-PUBLIC
62Input = "0123456789ABCDEF1235"
63Output = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec8
64Result = VERIFY_ERROR
65
66# Invalid signature
67FIPSversion = >=3.4.0
68Verify = ECDSA-SHA1:P-256-PUBLIC
69Input = "0123456789ABCDEF1234"
70Output = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec7
71Result = VERIFY_ERROR
72
73# Garbage after signature
74Availablein = default
75Verify = ECDSA-SHA1:P-256-PUBLIC
76Input = "0123456789ABCDEF1234"
77Output = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec800
78Result = VERIFY_ERROR
79
80# BER signature
81FIPSversion = >=3.4.0
82Verify = ECDSA-SHA1:P-256-PUBLIC
83Input = "0123456789ABCDEF1234"
84Output = 3080022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec80000
85Result = VERIFY_ERROR
86
87FIPSversion = >=3.4.0
88Verify = ECDSA-SHA1:P-256-PUBLIC
89Input = "0123456789ABCDEF1234"
90Output = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec8
91
92Title = Sign-Message and Verify-Message
93
94FIPSversion = >=3.4.0
95Verify-Message = ECDSA-SHA256:P-256-PUBLIC
96Input = "Hello World"
97Output = 3046022100e7515177ec3817b77a4a94066ab3070817b7aa9d44a8a09f040da250116e8972022100ba59b0f631258e59a9026be5d84f60685f4cf22b9165a0c2736d5c21c8ec1862
98
99PublicKey=P-384-PUBLIC
100-----BEGIN PUBLIC KEY-----
101MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAES/TlL5WEJ+u1kV+4yVlVUbTTo/2rZ7rd
102nWwwk/QlukNjDfcfQvDrfOqpTZ9kSKhd0wMxWIJJ/S/cCzCex+2EgbwW8ngAwT19
103twD8guGxyFRaoMDTtW47/nifwYqRaIfC
104-----END PUBLIC KEY-----
105
106FIPSversion = >=3.4.0
107Verify-Message = ECDSA-SHA384:P-384-PUBLIC
108Input = "123400"
109Output = 304d0218389cb27e0bc8d21fa7e5f24cb74f58851313e696333ad68b023100ffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aecec196accc52970
110
111# Oneshot tests
112FIPSversion = >=3.4.0
113Verify-Message = ECDSA-SHA256:P-256-PUBLIC
114Input = "Hello World"
115Output = 3046022100e7515177ec3817b77a4a94066ab3070817b7aa9d44a8a09f040da250116e8972022100ba59b0f631258e59a9026be5d84f60685f4cf22b9165a0c2736d5c21c8ec1862
116
117# Test that mdsize != tbssize fails
118FIPSversion = >=3.4.0
119Sign = ECDSA-SHA256:P-256
120Input = "0123456789ABCDEF1234"
121Result = KEYOP_ERROR
122
123PrivateKey = P-256_NAMED_CURVE_EXPLICIT
124-----BEGIN PRIVATE KEY-----
125MIIBeQIBADCCAQMGByqGSM49AgEwgfcCAQEwLAYHKoZIzj0BAQIhAP////8AAAAB
126AAAAAAAAAAAAAAAA////////////////MFsEIP////8AAAABAAAAAAAAAAAAAAAA
127///////////////8BCBaxjXYqjqT57PrvVV2mIa8ZR0GsMxTsPY7zjw+J9JgSwMV
128AMSdNgiG5wSTamZ44ROdJreBn36QBEEEaxfR8uEsQkf4vOblY6RA8ncDfYEt6zOg
1299KE5RdiYwpZP40Li/hp/m47n60p8D54WK84zV2sxXs7LtkBoN79R9QIhAP////8A
130AAAA//////////+85vqtpxeehPO5ysL8YyVRAgEBBG0wawIBAQQgiUTxtr5vLVjj
1310BOXUa/4r82DJ30QoupYS/wlilW4gWehRANCAATM0n3q2UaDyaQ7OxzJM3B6prhW
1323ev1gTwRBduzqqlwd54AUSgI+pjttW8zrWNitO8H1sf59MPWOESKxNtZ1+Nl
133-----END PRIVATE KEY-----
134
135PrivateKey = EC_EXPLICIT
136-----BEGIN PRIVATE KEY-----
137MIIBeQIBADCCAQMGByqGSM49AgEwgfcCAQEwLAYHKoZIzj0BAQIhAP////8AAAAB
138AAAAAAAAAAAAAAAA////////////////MFsEIP////8AAAABAAAAAAAAAAAAAAAA
139///////////////8BCBaxjXYqjqT57PrvVV2mIa8ZR0GsMxTsPY7zjw+J9JgSwMV
140AMSdNgiG5wSTamZ44ROdJreBn36QBEEE5JcIvn36opqjEm/k59Al40rBAxWM2TPG
141l0L13Je51zHpfXQ9Z2o7IQicMXP4wSfJ0qCgg2bgydqoxlYrlLGuVQIhAP////8A
142AAAA//////////+85vqtpxeehPO5ysL8YyVRAgEBBG0wawIBAQQgec92jwduadCk
143OjoNRI+YT5Be5TkzZXzYCyTLkMOikDmhRANCAATtECEhQbLEaiUj/Wu0qjcr81lL
14446dx5zYgArz/iaSNJ3W80oO+F7v04jlQ7wxQzg96R0bwKiMeq5CcW9ZFt6xg
145-----END PRIVATE KEY-----
146
147PrivateKey = B-163
148-----BEGIN PRIVATE KEY-----
149MGMCAQAwEAYHKoZIzj0CAQYFK4EEAA8ETDBKAgEBBBUDnQW0mLiHVha/jqFznX/K
150DnVlDgChLgMsAAQB1qZ00fPIct+QN8skv1XIHtBNp3EGLytJV0tsAUTYtGhtrzRj
151e3GzYyg=
152-----END PRIVATE KEY-----
153
154PrivateKey = secp256k1
155-----BEGIN PRIVATE KEY-----
156MIGEAgEAMBAGByqGSM49AgEGBSuBBAAKBG0wawIBAQQgsLpFV9joHc0bisyV53XL
157mrG6/Gu6ZaHoXtKP/VFX44ehRANCAARLYWGgp5nP4N8guypLSbYGCVN6ZPCnWW4x
158srYkcpdbxr4neRT3zC62keCKgPbJf5SIHkJ2Tcaw6hVSrBOUFtix
159-----END PRIVATE KEY-----
160
161Title = FIPS tests
162
163# Test that a nist curve with < 112 bits is allowed in fips mode for verifying
164FIPSversion = >=3.4.0
165Verify-Message = ECDSA-SHA256:B-163
166Input = "Hello World"
167Output = 302e0215027bb891747468b4b59ca2a2bf8f42d29d08866cf5021502cc311b25e9a2168e42240b07a6071070f687eb3b
168
169# Test that a nist curve with SHA3 is allowed in fips mode
170# The sign will get a mismatch error since the output signature changes on each run
171FIPSversion = >=3.4.0
172Sign-Message = ECDSA-SHA3-512:P-256
173Input = "Hello World"
174Result = KEYOP_MISMATCH
175
176# Test that a explicit curve that is a named curve is allowed in fips mode
177FIPSversion = >=3.4.0
178Verify-Message = ECDSA-SHA256:P-256_NAMED_CURVE_EXPLICIT
179Input = "Hello World"
180Output = 30450220796fcf472882ed5779226dcd0217b9d2b9acfe4fa2fb0109c8ee63c63adc1033022100e306c69f7e31b9a5d54eb12ba813cddf4de4af933e4f6cea38a0817d9d831d91
181
182Title = FIPS Negative tests (using different curves and digests)
183
184# Test that a explicit curve is not allowed in fips mode
185Availablein = fips
186FIPSversion = >=3.4.0
187Verify-Message = ECDSA-SHA256:EC_EXPLICIT
188Input = "Hello World"
189Result = KEYOP_INIT_ERROR
190
191# Test that a curve with < 112 bits is not allowed in fips mode for signing
192Availablein = fips
193FIPSversion = >=3.4.0
194Sign-Message = ECDSA-SHA3-512:B-163
195Securitycheck = 1
196Input = "Hello World"
197Result = KEYOP_INIT_ERROR
198
199# Test that a non nist curve is not allowed in fips mode
200Availablein = fips
201FIPSversion = >=3.4.0
202Sign-Message = ECDSA-SHA3-512:secp256k1
203Securitycheck = 1
204Input = "Hello World"
205Result = KEYOP_INIT_ERROR
206
207# Test that SHA1 is not allowed in fips mode for signing
208Availablein = fips
209FIPSversion = >=3.4.0
210Sign-Message = ECDSA-SHA1:B-163
211Securitycheck = 1
212Input = "Hello World"
213Result = KEYOP_INIT_ERROR
214
215# Test that SHA1 is not allowed in fips mode for signing
216Availablein = fips
217FIPSversion = >=3.4.0
218Sign = ECDSA-SHA1:P-256
219Securitycheck = 1
220Input = "0123456789ABCDEF1234"
221Result = KEYOP_INIT_ERROR
222
223# Invalid non-approved digest
224Availablein = fips
225FIPSversion = >=3.4.0
226Verify-Message = ECDSA-MD5:P-256-PUBLIC
227Securitycheck = 1
228Result = KEYOP_INIT_ERROR
229
230Title = FIPS Indicator tests
231# Check that the indicator callback is triggered
232# We check for signature mismatch since the signature is unique
233
234Availablein = fips
235FIPSversion = >=3.4.0
236Sign-Message = ECDSA-SHA3-512:B-163
237Securitycheck = 1
238Unapproved = 1
239CtrlInit = key-check:0
240Input = "Hello World"
241Result = KEYOP_MISMATCH
242
243# Test that SHA1 is not allowed in fips mode for signing
244Availablein = fips
245FIPSversion = >=3.4.0
246Sign-Message = ECDSA-SHA1:P-256
247Securitycheck = 1
248Unapproved = 1
249CtrlInit = digest-check:0
250Input = "Hello World"
251Result = KEYOP_MISMATCH
252
253# Test that SHA1 is not allowed in fips mode for signing
254Availablein = fips
255FIPSversion = >=3.4.0
256Sign = ECDSA-SHA1:P-256
257Securitycheck = 1
258Unapproved = 1
259CtrlInit = digest-check:0
260Input = "0123456789ABCDEF1234"
261Result = KEYOP_MISMATCH
262