Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix test_pkey_dsa.rb in FIPS. #729

Merged
merged 1 commit into from Mar 21, 2024
Merged

Fix test_pkey_dsa.rb in FIPS. #729

merged 1 commit into from Mar 21, 2024

Conversation

junaruga
Copy link
Member

@junaruga junaruga commented Mar 12, 2024
edited

This PR is working in progress.

So, I created the new file test/openssl/fixtures/pkey/dsa2048.pem by openssl CLI on the FIPS just in case. I referred to this document - Create a DSA Private Key with PEM format for the steps.

$ OPENSSL_CONF=/path/to/ssl/openssl_fips.cnf \
  /path/to/bin/openssl dsaparam -out dsaparam2048.pem 2048
$ OPENSSL_CONF=/path/to/ssl/openssl_fips.cnf \
  /path/to/bin/openssl gendsa -out dsa2048.pem dsaparam2048.pem

There are still a failure and an error on the test/openssl/test_pkey_dsa.rb below with this PR. And I am not sure how to fix the issues. So, I want to ask @rhenium questions.

$ OPENSSL_CONF=$HOME/.local/openssl-3.3.0-dev-fips-debug-1f03d33ef5/ssl/openssl_fips.cnf \
  bundle exec rake test TEST=test/openssl/test_pkey_dsa.rb
...
Loaded suite /home/jaruga/var/git/ruby/openssl/bundle/ruby/3.4.0+0/gems/rake-13.1.0/lib/rake/rake_test_loader
Started
E
==============================================================================================================================================================================================
Error: test_DSAPrivateKey_encrypted(OpenSSL::TestPKeyDSA): OpenSSL::PKey::DSAError: Neither PUB key nor PRIV key
/home/jaruga/var/git/ruby/openssl/lib/openssl/pkey.rb:190:in `initialize'
/home/jaruga/var/git/ruby/openssl/lib/openssl/pkey.rb:190:in `new'
/home/jaruga/var/git/ruby/openssl/lib/openssl/pkey.rb:190:in `new'
/home/jaruga/var/git/ruby/openssl/test/openssl/test_pkey_dsa.rb:153:in `test_DSAPrivateKey_encrypted'
     150:     Wgx6c8K+qBAIVrilw3EWxw==
     151:     -----END DSA PRIVATE KEY-----
     152:     EOF
  => 153:     key = OpenSSL::PKey::DSA.new(pem, "abcdef")
     154:     assert_same_dsa dsa512, key
     155:     key = OpenSSL::PKey::DSA.new(pem) { "abcdef" }
     156:     assert_same_dsa dsa512, key
==============================================================================================================================================================================================
O
==============================================================================================================================================================================================
Omission: Only for OpenSSL non-FIPS with the following possible reasons:
* A testing logic is non-FIPS specific.
* An encryption used in the test is not FIPS-approved.
 [test_generate_on_non_fips(OpenSSL::TestPKeyDSA)]
/home/jaruga/var/git/ruby/openssl/test/openssl/utils.rb:154:in `omit_on_fips'
==============================================================================================================================================================================================
F
==============================================================================================================================================================================================
Failure: test_sign_verify(OpenSSL::TestPKeyDSA)
/home/jaruga/var/git/ruby/openssl/test/openssl/test_pkey_dsa.rb:73:in `test_sign_verify'
     70:       MCwCFH5h40plgU5Fh0Z4wvEEpz0eE9SnAhRPbkRB8ggsN/vsSEYMXvJwjGg/
     71:       6g==
     72:     end;
  => 73:     assert_equal true, dsa.verify("SHA256", signature0, data)
     74:     signature1 = signature0.succ
     75:     assert_equal false, dsa.verify("SHA256", signature1, data)
     76:   end
<true> expected but was
<false>

diff:
? tru e
? fals 
? ??? 
==============================================================================================================================================================================================
Finished in 0.908693432 seconds.
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
13 tests, 74 assertions, 1 failures, 1 errors, 0 pendings, 1 omissions, 0 notifications
83.3333% passed
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
14.31 tests/s, 81.44 assertions/s
rake aborted!

For the test_DSAPrivateKey_encrypted, maybe I need to replace the following testing DSA private key with AES-128-CBC to another one. But I don't know how to create it maybe by openssl CLI command. How to create it?

openssl/test/openssl/test_pkey_dsa.rb

Lines 133 to 143 in 1e8e246

-----BEGIN DSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-128-CBC,F8BB7BFC7EAB9118AC2E3DA16C8DB1D9
D2sIzsM9MLXBtlF4RW42u2GB9gX3HQ3prtVIjWPLaKBYoToRUiv8WKsjptfZuLSB
74ZPdMS7VITM+W1HIxo/tjS80348Cwc9ou8H/E6WGat8ZUk/igLOUEII+coQS6qw
QpuLMcCIavevX0gjdjEIkojBB81TYDofA1Bp1z1zDI/2Zhw822xapI79ZF7Rmywt
OSyWzFaGipgDpdFsGzvT6//z0jMr0AuJVcZ0VJ5lyPGQZAeVBlbYEI4T72cC5Cz7
XvLiaUtum6/sASD2PQqdDNpgx/WA6Vs1Po2kIUQIM5TIwyJI0GdykZcYm6xIK/ta
Wgx6c8K+qBAIVrilw3EWxw==
-----END DSA PRIVATE KEY-----

For the test_sign_verify, I need to replace the following signature text to another one. But I don't know how to create it maybe by openssl CLI command. How to create it?

openssl/test/openssl/test_pkey_dsa.rb

Lines 62 to 63 in 1e8e246

MCwCFH5h40plgU5Fh0Z4wvEEpz0eE9SnAhRPbkRB8ggsN/vsSEYMXvJwjGg/
6g==

@junaruga junaruga marked this pull request as draft March 12, 2024 21:20
@rhenium
Copy link
Member

rhenium commented Mar 13, 2024

Thanks for working on it!

For the test_DSAPrivateKey_encrypted, maybe I need to replace the following testing DSA private key with AES-128-CBC to another one. But I don't know how to create it maybe by openssl CLI command. How to create it?

This is #643. The traditional encrypted format can't work in FIPS mode due to MD5 being used internally, so it should be simply skipped.

For the test_sign_verify, I need to replace the following signature text to another one. But I don't know how to create it maybe by openssl CLI command. How to create it?

Sorry, I didn't document how I crafted it and don't remember now. However, I think a better option is to take values from NIST CAVP test vectors (FIPS 186-4 for 2048-bit DSA): https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/digital-signatures

@junaruga junaruga changed the title WIP: Fix test_pkey_dsa.rb in FIPS. Fix test_pkey_dsa.rb in FIPS. Mar 14, 2024
@junaruga
Copy link
Member Author

junaruga commented Mar 14, 2024
edited

Thanks for working on it!

For the test_DSAPrivateKey_encrypted, maybe I need to replace the following testing DSA private key with AES-128-CBC to another one. But I don't know how to create it maybe by openssl CLI command. How to create it?

This is #643. The traditional encrypted format can't work in FIPS mode due to MD5 being used internally, so it should be simply skipped.

Ah, right! Thanks for reminding this. I forgot what we dealt with this in the past, commenting the text below.

openssl/test/openssl/utils.rb

Lines 145 to 150 in 043c503

# For example, the password based encryption used in the PEM format uses MD5
# for deriving the encryption key from the password, and MD5 is not
# FIPS-approved.
#
# See https://github.com/openssl/openssl/discussions/21830#discussioncomment-6865636
# for details.

For the test_sign_verify, I need to replace the following signature text to another one. But I don't know how to create it maybe by openssl CLI command. How to create it?

Sorry, I didn't document how I crafted it and don't remember now. However, I think a better option is to take values from NIST CAVP test vectors (FIPS 186-4 for 2048-bit DSA): https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/digital-signatures

I was not able to find the values from NIST CAVP test vectors on the linked document above. Could you tell me the details of how to get the values on the page?

However, I was able to create the signature text, by checking this document - DSA signature with openssl dsa.

And the signature0 is the decoded value of the text. So, I encoded the generated signature.txt by the base64 command to create the testing signature text (signature_encoded.txt).

openssl/test/openssl/test_pkey_dsa.rb

Lines 61 to 64 in 043c503

signature0 = (<<~'end;').unpack1("m")
MCwCFH5h40plgU5Fh0Z4wvEEpz0eE9SnAhRPbkRB8ggsN/vsSEYMXvJwjGg/
6g==
end; 

$ echo -n "Sign me!" > data.txt
$ /path/to/bin/openssl dgst -sha256 -sign dsa2048.pem data.txt > signature.txt
$ cat signature.txt | base64 > signature_encoded.txt

Al the steps were executed by openssl CLI on the FIPS module using the export OPENSSL_CONF="/path/to/ssl/openssl_fips.cnf".

I rebased on the latest master branch, and also updated the commit message.

@junaruga junaruga marked this pull request as ready for review March 14, 2024 19:34
@junaruga junaruga mentioned this pull request Mar 15, 2024
Open
@junaruga
Fix test_pkey_dsa.rb in FIPS.
4bdcb41 
Note that I created the `dsa2048.pem` and signature text
(`signature_encoded.txt`), that is used as a text to create the `signature0` in
the `test_sign_verify` by the following steps with the `openssl` CLI on FIPS
module.

```
$ OPENSSL_DIR="${HOME}/.local/openssl-3.3.0-dev-fips-debug-1f03d33ef5"
$ export OPENSSL_CONF="${OPENSSL_DIR}/ssl/openssl_fips.cnf"

$ "${OPENSSL_DIR}/bin/openssl" dsaparam -out dsaparam2048.pem 2048
$ "${OPENSSL_DIR}/bin/openssl" gendsa -out dsa2048.pem dsaparam2048.pem

$ echo -n "Sign me!" > data.txt
$ "${OPENSSL_DIR}/bin/openssl" dgst -sha256 -sign dsa2048.pem data.txt > signature.txt
$ cat signature.txt | base64 > signature_encoded.txt
```

Skip the `test_DSAPrivateKey_encrypted` on FIPS because AES-128-CBC, the
password based encryption used in the PEM format uses MD5 for deriving the
encryption key from the password, and MD5 is not FIPS-approved.
See also the comment on the `test/openssl/utils.rb#omit_on_fips`.
@junaruga junaruga requested a review from rhenium March 20, 2024 11:11
@rhenium rhenium merged commit a8caa63 into ruby:master Mar 21, 2024
50 checks passed
@rhenium
Copy link
Member

rhenium commented Mar 21, 2024

Sorry, I didn't document how I crafted it and don't remember now. However, I think a better option is to take values from NIST CAVP test vectors (FIPS 186-4 for 2048-bit DSA): https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/digital-signatures

I was not able to find the values from NIST CAVP test vectors on the linked document above. Could you tell me the details of how to get the values on the page?

There are download links for .zip files at the bottom of the page. This is completely optional and the current changes look good to me.

Thanks!

@junaruga junaruga deleted the wip/fips-test-pkey-dsa branch March 22, 2024 18:23
@junaruga
Copy link
Member Author

As always, thanks for reviewing the PR!

@junaruga
Copy link
Member Author

junaruga commented Apr 2, 2024

Sorry, I didn't document how I crafted it and don't remember now. However, I think a better option is to take values from NIST CAVP test vectors (FIPS 186-4 for 2048-bit DSA): https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/digital-signatures

I was not able to find the values from NIST CAVP test vectors on the linked document above. Could you tell me the details of how to get the values on the page?

There are download links for .zip files at the bottom of the page. This is completely optional and the current changes look good to me.

I missed to reply your comment above. I downloaded the 186-3dsatestvectors.zip file at the page: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/digital-signatures - Test Vectors - FIPS 186-4 - DSA.

And I extracted the zip file.

$ unzip 186-3dsatestvectors.zip
$ ls -1
186-3dsatestvectors.zip
KeyPair.rsp
PQGGen.rsp
PQGGen.txt
PQGVer.rsp
Readme.txt
SigGen.rsp
SigGen.txt
SigVer.rsp

I checked the Readme.txt. I assumed that the SigGen.txt file includes the base64 encoded signature text.

$ cat Readme.txt
...
3. The file SigGen.txt contains values for DSA signature generation with the
following additional values needed to calculate r and s as in Section 4.6:
	a. 'x' -- The private key.
	
	b. 'k' -- The Per-message secret number (PMSN) used to compute R and S.
	See Section 4.5 and Appendix B.2 for more information on the PMSN.

Then I could see a list of the data set. Maybe this was the file, right? In this case, with the SHA-256, and DSA2048 in the test_sign_verify, I assumed that we could use the datasets in the categories "L=2048, N=224, SHA-256" and "L=2048, N=256, SHA-256", right? I understand using the datasets is optional. I was just curious about how to use this kind of dataset for a next opportunity to contribute.

$ cat SigGen.txt
...
[mod = L=2048, N=224, SHA-256]

P = a4c7eaab42c4c73b757770916489f17cd50725cd0a4bc4e1cf67f763b8c1de2d6dab9856baafb008f365b18a42e14dc51f350b88eca0209c5aa4fd71a7a96c765f5901c21e720570d7837bec7c76d2e49344731ca39405d0a879b9e0dcd1a8125fd130ec1e783e654b94e3002e6b629e904ab3877867720cbd54b4270a9e15cd028c7cc796f06c272a660951928fdbeb2dca061b41e932257305742ff16e2f429191d5e5f1a6ddf6e78c5d7722cff80a9c0bd5c8d7aeba8c04438992b075e307c1534c49ad380f477f5f7987dc172c161dca38dcaf3fb3846c72c9119a5299adc748951b3dce0d00d4a9013800b2008203b72465bc6a84ae059a30c4522dea57
Q = ce89fe332b8e4eb3d1e8ddcea5d163a5bc13b63f16993755427aef43
G = 8c465edf5a180730291e080dfc5385397a5006450dba2efe0129264fbd897bb5579ca0eab19aa278220424724b4f2a6f6ee6328432abf661380646097233505339c5519d357d7112b6eec938b85d5aa75cc2e38092f0a530acb54e50fe82c4d562fb0f3036b80b30334023ebbe6637a0010b00c7db86371168563671e1e0f028aedbd45d2d572621a609982a073e51aae27707afbeef29e2ecee84d7a6d5da382be3a35f42b6c66849202ab19d025b869d08776476d1ab981475ad2ad2f3e6fd07e30696d90a626816df60d6ca7afd7b482f942f83b45cc82933731f87faee320900f2aa3e70b1867e1430e40be67c07f9290299ef067b8b24a7515b3f992c07

Msg = cec8d2843dee7cb5f9119b75562585e05c5ce2f4e6457e9bcc3c1c781ccd2c0442b6282aea610f7161dcede176e774861f7d2691be6c894ac3ebf80c0fab21e52a3e63ae0b35025762ccd6c9e1fecc7f9fe00aa55c0c3ae33ae88f66187f9598eba9f863171f3f56484625bf39d883427349b8671d9bb7d396180694e5b546ae
X = 551595eccbb003b0bf8ddda184a59da51e459a0d28205e5592ca4cb1
Y = 748a40237211a2d9852596e7a891f43d4eb0ee48826c9cfb336bbb68dbe5a5e16b2e1271d4d13de03644bb85ef6be523a4d4d88415bcd596ba8e0a3c4f6439e981ed013d7d9c70336febf7d420cfed02c267457bb3f3e7c82145d2af54830b942ec74a5d503e4226cd25dd75decd3f50f0a858155d7be799410836ddc559ce99e1ae513808fdaeac34843dd7258f16f67f19205f6f139251a4186da8496d5e90d3fecf8ed10be6c25ff5eb33d960c9a8f4c581c8c724ca43b761e9fdb5af66bffb9d2ebb11a6b504a1fbe4f834ecb6ac254cab513e943b9a953a7084b3305c661bfad434f6a835503c9ade7f4a57f5c965ec301ecde938ee31b4deb038af97b3
K = 6f326546aa174b3d319ef7331ec8dfd363dd78ae583a920165ff7e54
R = 9c5fa46879ddaf5c14f07dfb5320715f67a6fec179e3ad53342fb6d1
S = c3e17e7b3c4d0ac8d49f4dd0f04c16a094f42da0afcc6c90f5f1bbc8
...

[mod = L=2048, N=256, SHA-256]

P = a8adb6c0b4cf9588012e5deff1a871d383e0e2a85b5e8e03d814fe13a059705e663230a377bf7323a8fa117100200bfd5adf857393b0bbd67906c081e585410e38480ead51684dac3a38f7b64c9eb109f19739a4517cd7d5d6291e8af20a3fbf17336c7bf80ee718ee087e322ee41047dabefbcc34d10b66b644ddb3160a28c0639563d71993a26543eadb7718f317bf5d9577a6156561b082a10029cd44012b18de6844509fe058ba87980792285f2750969fe89c2cd6498db3545638d5379d125dccf64e06c1af33a6190841d223da1513333a7c9d78462abaab31b9f96d5f34445ceb6309f2f6d2c8dde06441e87980d303ef9a1ff007e8be2f0be06cc15f
Q = e71f8567447f42e75f5ef85ca20fe557ab0343d37ed09edc3f6e68604d6b9dfb
G = 5ba24de9607b8998e66ce6c4f812a314c6935842f7ab54cd82b19fa104abfb5d84579a623b2574b37d22ccae9b3e415e48f5c0f9bcbdff8071d63b9bb956e547af3a8df99e5d3061979652ff96b765cb3ee493643544c75dbe5bb39834531952a0fb4b0378b3fcbb4c8b5800a5330392a2a04e700bb6ed7e0b85795ea38b1b962741b3f33b9dde2f4ec1354f09e2eb78e95f037a5804b6171659f88715ce1a9b0cc90c27f35ef2f10ff0c7c7a2bb0154d9b8ebe76a3d764aa879af372f4240de8347937e5a90cec9f41ff2f26b8da9a94a225d1a913717d73f10397d2183f1ba3b7b45a68f1ff1893caf69a827802f7b6a48d51da6fbefb64fd9a6c5b75c4561

Msg = 4e3a28bcf90d1d2e75f075d9fbe55b36c5529b17bc3a9ccaba6935c9e20548255b3dfae0f91db030c12f2c344b3a29c4151c5b209f5e319fdf1c23b190f64f1fe5b330cb7c8fa952f9d90f13aff1cb11d63181da9efc6f7e15bfed4862d1a62c7dcf3ba8bf1ff304b102b1ec3f1497dddf09712cf323f5610a9d10c3d9132659
X = 446969025446247f84fdea74d02d7dd13672b2deb7c085be11111441955a377b
Y = 5a55dceddd1134ee5f11ed85deb4d634a3643f5f36dc3a70689256469a0b651ad22880f14ab85719434f9c0e407e60ea420e2a0cd29422c4899c416359dbb1e592456f2b3cce233259c117542fd05f31ea25b015d9121c890b90e0bad033be1368d229985aac7226d1c8c2eab325ef3b2cd59d3b9f7de7dbc94af1a9339eb430ca36c26c46ecfa6c5481711496f624e188ad7540ef5df26f8efacb820bd17a1f618acb50c9bc197d4cb7ccac45d824a3bf795c234b556b06aeb929173453252084003f69fe98045fe74002ba658f93475622f76791d9b2623d1b5fff2cc16844746efd2d30a6a8134bfc4c8cc80a46107901fb973c28fc553130f3286c1489da
K = 117a529e3fdfc79843a5a4c07539036b865214e014b4928c2a31f47bf62a4fdb
R = 633055e055f237c38999d81c397848c38cce80a55b649d9e7905c298e2a51447
S = 2bbf68317660ec1e4b154915027b0bc00ee19cfc0bf75d01930504f2ce10a8b0
...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rhenium rhenium rhenium approved these changes

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@junaruga @rhenium