Patch is attached as a text file. Please let me know if the format needs
to be delivered in another way.
EC and DSA both received the addition of SHA1 mechanism sign/verify
tests.
The readme in the testcases/crypto directory was also edited to include
reasoning behind why EC and DSA are not currently able to use NIST/RFC
supplied test vectors rather than generated vectors.
Ian Davis
IBM LTC Security
From 65db1fc08d5fbc0b3cfa943aafde1dbe455ad1f2 Mon Sep 17 00:00:00 2001
From: Ian Davis <[email protected]>
Date: Mon, 3 Aug 2015 10:48:38 -0500
Subject: [PATCH] - Added SHA1 support for generated tests within EC and DSA
testcases - Added test vector incompatibility notes to README regarding
randomized variables in EC and DSA Signed-off-by: Ian Davis
<[email protected]>
---
testcases/crypto/README | 12 ++++++++++--
testcases/crypto/dsa_func.c | 31 ++++++++++++++++++++++++-------
testcases/crypto/ec_func.c | 38 ++++++++++++++++++++++++++++++--------
3 files changed, 64 insertions(+), 17 deletions(-)
diff --git a/testcases/crypto/README b/testcases/crypto/README
index 5ea4abe..0ec31b1 100644
--- a/testcases/crypto/README
+++ b/testcases/crypto/README
@@ -41,10 +41,18 @@ digest_tests
HMAC SHA1, HMAC SHA256, HMAC SHA512, HMAC MD5
dsa_tests
- TODO - To be tested.
+ Tests sign/verify with both non hashed and SHA1 mechanisms
+
+ Note: Published test vectors cannot be used to test the fucntionality
of DSA.
+ The public/private keys can be manually inserted, but a necessary value,
+ k, for the signature is randomly generated within the algorithm.
ec_tests
- Tests regular curves.
+ Tests regular curves. With both non hashed and SHA1 mechanisms
+
+ Note: Published test vectors cannot be used to test the fucntionality
of (EC)DSA.
+ The public/private keys can be manually inserted, but a necessary value,
+ k, for the signature is randomly generated within the algorithm.
rsa_tests
Tests RSA using published test vectors and generated test data.
diff --git a/testcases/crypto/dsa_func.c b/testcases/crypto/dsa_func.c
index 6e2b7f3..5a6c6ca 100644
--- a/testcases/crypto/dsa_func.c
+++ b/testcases/crypto/dsa_func.c
@@ -115,7 +115,7 @@ CK_RV do_GenerateDSAKeyPair( void )
// the generic DSA mechanism assumes that the data to be signed has already
// been hashed by SHA-1. so the input data length must be 20 bytes
//
-CK_RV do_SignDSA( void )
+CK_RV do_SignDSA(CK_BBOOL sha1_flag)
{
CK_BYTE data1[20];
CK_BYTE signature[256];
@@ -136,8 +136,10 @@ CK_RV do_SignDSA( void )
{CKA_SUBPRIME, DSA_PUBL_SUBPRIME, sizeof(DSA_PUBL_SUBPRIME) },
{CKA_BASE, DSA_PUBL_BASE, sizeof(DSA_PUBL_BASE) }
};
-
- printf("do_SignDSA...\n");
+ if(!sha1_flag)
+ printf("do_SignDSA using CKM_DSA.\n");
+ else
+ printf("do_SignDSA using CKM_DSA_SHA1.\n");
slot_id = SLOT_ID;
flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
@@ -179,7 +181,10 @@ CK_RV do_SignDSA( void )
for (i=0; i < len1; i++)
data1[i] = i % 255;
- mech.mechanism = CKM_DSA;
+ if(!sha1_flag)
+ mech.mechanism = CKM_DSA;
+ else
+ mech.mechanism = CKM_DSA_SHA1;
mech.ulParameterLen = 0;
mech.pParameter = NULL;
@@ -227,7 +232,7 @@ CK_RV do_SignDSA( void )
} else
rc = CKR_OK;
- printf("Looks okay...\n");
+ printf("No problems encountered.\n");
session_close:
@@ -261,10 +266,22 @@ CK_RV dsa_functions()
GetSystemTime(&t2);
process_time( t1, t2 );
+ CK_BBOOL sha1_flag = 1;
+
+ GetSystemTime(&t1);
+ rc = do_SignDSA(!sha1_flag);
+ if (rc) {
+ PRINT_ERR("ERROR do_SignDSA using CKM_DSA failed, rc =
0x%lx\n", rc);
+ if (!no_stop)
+ return rc;
+ }
+ GetSystemTime(&t2);
+ process_time( t1, t2 );
+
GetSystemTime(&t1);
- rc = do_SignDSA();
+ rc = do_SignDSA(sha1_flag);
if (rc) {
- PRINT_ERR("ERROR do_SignDSA failed, rc = 0x%lx\n", rc);
+ PRINT_ERR("ERROR do_SignDSA using CKM_DSA_SHA1 failed, rc =
0x%lx\n", rc);
if (!no_stop)
return rc;
}
diff --git a/testcases/crypto/ec_func.c b/testcases/crypto/ec_func.c
index 8e30a8a..381578a 100644
--- a/testcases/crypto/ec_func.c
+++ b/testcases/crypto/ec_func.c
@@ -142,6 +142,13 @@ _signVerifyParam signVerifyInput[] = {
{ CKM_ECDSA, 64 }
};
+_signVerifyParam signVerifyInputSHA1[] = {
+ { CKM_ECDSA_SHA1, 20 },
+ { CKM_ECDSA_SHA1, 32 },
+ { CKM_ECDSA_SHA1, 48 },
+ { CKM_ECDSA_SHA1, 64 }
+};
+
CK_RV
run_GenerateSignVerifyECC(CK_SESSION_HANDLE session, CK_MECHANISM_TYPE
mechType, CK_ULONG inputlen, CK_OBJECT_HANDLE priv_key, CK_OBJECT_HANDLE
publ_key)
{
@@ -252,7 +259,7 @@ run_GenerateSignVerifyECC(CK_SESSION_HANDLE session,
CK_MECHANISM_TYPE mechType,
}
CK_RV
-run_GenerateECCKeyPairSignVerify()
+run_GenerateECCKeyPairSignVerify(CK_BBOOL sha1_flag)
{
CK_MECHANISM mech;
CK_OBJECT_HANDLE publ_key, priv_key;
@@ -310,14 +317,25 @@ run_GenerateECCKeyPairSignVerify()
}
testcase_pass("*Generate supported key pair index=%lu passed.",
i);
+ /* Note that the sizeof(signVerifyInput) =
sizeof(signVerifyInputSHA1) */
for (j = 0; j < (sizeof(signVerifyInput) /
sizeof(_signVerifyParam)); j++) {
testcase_new_assertion();
- rc = run_GenerateSignVerifyECC(
- session,
- signVerifyInput[j].mechtype,
- signVerifyInput[j].inputlen,
- priv_key,
- publ_key);
+ if(!sha1_flag){
+ rc = run_GenerateSignVerifyECC(
+ session,
+ signVerifyInput[j].mechtype,
+ signVerifyInput[j].inputlen,
+ priv_key,
+ publ_key);
+ }
+ else{
+ rc = run_GenerateSignVerifyECC(
+ session,
+ signVerifyInputSHA1[j].mechtype,
+ signVerifyInputSHA1[j].inputlen,
+ priv_key,
+ publ_key);
+ }
if (rc != 0) {
testcase_fail("run_GenerateSignVerifyECC failed
index=%lu.", j);
goto testcase_cleanup;
@@ -390,7 +408,11 @@ main(int argc, char **argv)
testcase_setup(total_assertions);
- rv = run_GenerateECCKeyPairSignVerify();
+ CK_BBOOL sha1_flag = 1;
+
+ rv = run_GenerateECCKeyPairSignVerify(!sha1_flag);
+
+ rv = run_GenerateECCKeyPairSignVerify(sha1_flag);
testcase_print_result();
------------------------------------------------------------------------------
_______________________________________________
Opencryptoki-tech mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/opencryptoki-tech
