Skip to content

Commit

Permalink
Fix test_pkey_dh.rb in FIPS.
Browse files Browse the repository at this point in the history
[ This is a backport to the 3.2 branch. ]

We use dh2048_ffdhe2048.pem file (DH 2048 bits) instead of dh1024.pem file in
both non-FIPS and FIPS cases. Because the following command fails to generate
the pem file with 1024 bits. And the OpenSSL FIPS 140-2 security policy
document explains the DH public keys are allowed from 2048 bits.[1]

```
$ OPENSSL_CONF=/home/jaruga/.local/openssl-3.3.0-dev-fips-debug-1aa08644ec/ssl/openssl_fips.cnf \
  /home/jaruga/.local/openssl-3.3.0-dev-fips-debug-1aa08644ec/bin/openssl \
  dhparam -out dh1024.pem 1024
Generating DH parameters, 1024 bit long safe prime
dhparam: Generating DH key parameters failed
```

The dh2048_ffdhe2048.pem file was created by the following command with the
OpenSSL FIPS configuration file. The logic to generate the DH pem file is
different between non-FIPS and FIPS cases. In FIPS, it seems that the command
always returns the text defined as ffdhe2048 in the FFDHE groups in RFC 7919
unlike non-FIPS.[2]

As the generated pem file is a normal and valid PKCS#3-style group parameter, we
use the file for the non-FIPS case too.

```
$ OPENSSL_CONF=/home/jaruga/.local/openssl-3.3.0-dev-fips-debug-1aa08644ec/ssl/openssl_fips.cnf \
  /home/jaruga/.local/openssl-3.3.0-dev-fips-debug-1aa08644ec/bin/openssl \
  dhparam -out dh2048_ffdhe2048.pem 2048
```

Note that the hard-coded PEM-encoded string in the `test_DHparams` is
intentional to avoid modifying the content unintentionally.

* [1] https://www.openssl.org/source/ - OpenSSL 3.0.8 FIPS 140-2 security
  policy document page 25, Table 10 – Public Keys - DH Public
  - DH (2048/3072/4096/6144/8192) public key agreement key
* [2] RFC7919 - Appendix A.1: ffdhe2048
  https://www.rfc-editor.org/rfc/rfc7919#appendix-A.1

(cherry picked from commit 6a4ff26)
  • Loading branch information
junaruga authored and rhenium committed May 6, 2024
1 parent 2869463 commit cd76116
Show file tree
Hide file tree
Showing 5 changed files with 58 additions and 26 deletions.
1 change: 1 addition & 0 deletions Rakefile
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@ Rake::TestTask.new(:test_fips_internal) do |t|
t.test_files = FileList[
'test/openssl/test_fips.rb',
'test/openssl/test_pkey.rb',
'test/openssl/test_pkey_dh.rb',
'test/openssl/test_pkey_ec.rb',
]
t.warning = true
Expand Down
5 changes: 0 additions & 5 deletions test/openssl/fixtures/pkey/dh1024.pem

This file was deleted.

8 changes: 8 additions & 0 deletions test/openssl/fixtures/pkey/dh2048_ffdhe2048.pem
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
-----BEGIN DH PARAMETERS-----
MIIBCAKCAQEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz
+8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a
87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7
YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi
7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD
ssbzSibBsu/6iGtCOGEoXJf//////////wIBAg==
-----END DH PARAMETERS-----
64 changes: 44 additions & 20 deletions test/openssl/test_pkey_dh.rb
Original file line number Diff line number Diff line change
Expand Up @@ -18,15 +18,26 @@ def test_new_generate
assert_key(dh)
end if ENV["OSSL_TEST_ALL"]

def test_new_break
def test_new_break_on_non_fips
omit_on_fips

assert_nil(OpenSSL::PKey::DH.new(NEW_KEYLEN) { break })
assert_raise(RuntimeError) do
OpenSSL::PKey::DH.new(NEW_KEYLEN) { raise }
end
end

def test_new_break_on_fips
omit_on_non_fips

# The block argument is not executed in FIPS case.
# See https://github.com/ruby/openssl/issues/692 for details.
assert(OpenSSL::PKey::DH.new(NEW_KEYLEN) { break })
assert(OpenSSL::PKey::DH.new(NEW_KEYLEN) { raise })
end

def test_derive_key
params = Fixtures.pkey("dh1024")
params = Fixtures.pkey("dh2048_ffdhe2048")
dh1 = OpenSSL::PKey.generate_key(params)
dh2 = OpenSSL::PKey.generate_key(params)
dh1_pub = OpenSSL::PKey.read(dh1.public_to_der)
Expand All @@ -44,34 +55,38 @@ def test_derive_key
end

def test_DHparams
dh1024 = Fixtures.pkey("dh1024")
dh1024params = dh1024.public_key
dh = Fixtures.pkey("dh2048_ffdhe2048")
dh_params = dh.public_key

asn1 = OpenSSL::ASN1::Sequence([
OpenSSL::ASN1::Integer(dh1024.p),
OpenSSL::ASN1::Integer(dh1024.g)
OpenSSL::ASN1::Integer(dh.p),
OpenSSL::ASN1::Integer(dh.g)
])
key = OpenSSL::PKey::DH.new(asn1.to_der)
assert_same_dh dh1024params, key
assert_same_dh dh_params, key

pem = <<~EOF
-----BEGIN DH PARAMETERS-----
MIGHAoGBAKnKQ8MNK6nYZzLrrcuTsLxuiJGXoOO5gT+tljOTbHBuiktdMTITzIY0
pFxIvjG05D7HoBZQfrR0c92NGWPkAiCkhQKB8JCbPVzwNLDy6DZ0pmofDKrEsYHG
AQjjxMXhwULlmuR/K+WwlaZPiLIBYalLAZQ7ZbOPeVkJ8ePao0eLAgEC
MIIBCAKCAQEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz
+8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a
87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7
YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi
7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD
ssbzSibBsu/6iGtCOGEoXJf//////////wIBAg==
-----END DH PARAMETERS-----
EOF

key = OpenSSL::PKey::DH.new(pem)
assert_same_dh dh1024params, key
assert_same_dh dh_params, key
key = OpenSSL::PKey.read(pem)
assert_same_dh dh1024params, key
assert_same_dh dh_params, key

assert_equal asn1.to_der, dh1024.to_der
assert_equal pem, dh1024.export
assert_equal asn1.to_der, dh.to_der
assert_equal pem, dh.export
end

def test_public_key
dh = Fixtures.pkey("dh1024")
dh = Fixtures.pkey("dh2048_ffdhe2048")
public_key = dh.public_key
assert_no_key(public_key) #implies public_key.public? is false!
assert_equal(dh.to_der, public_key.to_der)
Expand All @@ -80,7 +95,8 @@ def test_public_key

def test_generate_key
# Deprecated in v3.0.0; incompatible with OpenSSL 3.0
dh = Fixtures.pkey("dh1024").public_key # creates a copy with params only
# Creates a copy with params only
dh = Fixtures.pkey("dh2048_ffdhe2048").public_key
assert_no_key(dh)
dh.generate_key!
assert_key(dh)
Expand All @@ -91,7 +107,15 @@ def test_generate_key
end if !openssl?(3, 0, 0)

def test_params_ok?
dh0 = Fixtures.pkey("dh1024")
# Skip the tests in old OpenSSL version 1.1.1c or early versions before
# applying the following commits in OpenSSL 1.1.1d to make `DH_check`
# function pass the RFC 7919 FFDHE group texts.
# https://github.com/openssl/openssl/pull/9435
unless openssl?(1, 1, 1, 4)
pend 'DH check for RFC 7919 FFDHE group texts is not implemented'
end

dh0 = Fixtures.pkey("dh2048_ffdhe2048")

dh1 = OpenSSL::PKey::DH.new(OpenSSL::ASN1::Sequence([
OpenSSL::ASN1::Integer(dh0.p),
Expand All @@ -108,7 +132,7 @@ def test_params_ok?

def test_dup
# Parameters only
dh1 = Fixtures.pkey("dh1024")
dh1 = Fixtures.pkey("dh2048_ffdhe2048")
dh2 = dh1.dup
assert_equal dh1.to_der, dh2.to_der
assert_not_equal nil, dh1.p
Expand All @@ -125,7 +149,7 @@ def test_dup
end

# With a key pair
dh3 = OpenSSL::PKey.generate_key(Fixtures.pkey("dh1024"))
dh3 = OpenSSL::PKey.generate_key(Fixtures.pkey("dh2048_ffdhe2048"))
dh4 = dh3.dup
assert_equal dh3.to_der, dh4.to_der
assert_equal dh1.to_der, dh4.to_der # encodes parameters only
Expand All @@ -136,7 +160,7 @@ def test_dup
end

def test_marshal
dh = Fixtures.pkey("dh1024")
dh = Fixtures.pkey("dh2048_ffdhe2048")
deserialized = Marshal.load(Marshal.dump(dh))

assert_equal dh.to_der, deserialized.to_der
Expand Down
6 changes: 5 additions & 1 deletion test/openssl/utils.rb
Original file line number Diff line number Diff line change
Expand Up @@ -151,7 +151,11 @@ def teardown
def omit_on_fips
return unless OpenSSL.fips_mode

omit 'An encryption used in the test is not FIPS-approved'
omit <<~MESSAGE
Only for OpenSSL non-FIPS with the following possible reasons:
* A testing logic is non-FIPS specific.
* An encryption used in the test is not FIPS-approved.
MESSAGE
end

def omit_on_non_fips
Expand Down

0 comments on commit cd76116

Please sign in to comment.