Re: Query regarding openssl-3.0.0 ecdsa self tests
It is not a bug, the pairwise test is sufficient. It's just a misleading name. And I do not think it will cause any problem with FIPS validation, this can be documented. Tomas On Mon, 2021-08-30 at 16:53 +0530, Nagarjun J wrote: > Hello, > > Then, is this a bug in ECDSA POST ? Or have to rename the test , as > it is misleading and can cause problems in FIPS certification ? > > Thanks, > Nagarjun > > On Mon, Aug 30, 2021 at 3:51 PM Tomas Mraz wrote: > > The question was about the fips module POST (power on self test) > > and > > there what I wrote applies. Having special RNG providing constant > > data > > to ECDSA/DSA would be possible to do but it is not required, it > > would > > needlessly complicate the code, and add a risk of having such > > constant > > RNG being accidentally used for something where real random numbers > > are > > needed. > > > > Tomas > > > > On Mon, 2021-08-30 at 13:17 +0300, Billy Brumley wrote: > > > This is not really true. At least, for some of the tests. > > > > > > https://github.com/openssl/openssl/blob/master/test/ecdsatest.c#L73 > > > > > > That hijacks the RNG to feed the expected nonce, so it can check > > > vs > > a > > > KAT. > > > > > > Cheers, > > > > > > BBB > > > > > > On Mon, Aug 30, 2021 at 12:40 PM Tomas Mraz > > > wrote: > > > > > > > > Hello, > > > > > > > > your analysis is right. It does only pairwise consistency test > > > > as > > > > the > > > > KAT is impossible to do for regular DSA and ECDSA due to random > > > > nonce > > > > being input of the signature algorithm and thus the signature > > > > always > > > > changes. > > > > > > > > Tomas > > > > > > > > On Fri, 2021-08-27 at 22:47 +0530, Nagarjun J wrote: > > > > > Hi, > > > > > > > > > > Does openssl-3.0.0 really does ecdsa KAT ? The post test logs > > > > > says > > > > > "ECDSA KAT :PASS. But when i debuged the code it actually > > > > > doing > > > > > ECDSA > > > > > pairwise consistency test. > > > > > > > > > > Thanks, > > > > > Nagarjun > > > > > > > > -- > > > > Tomáš Mráz > > > > No matter how far down the wrong road you've gone, turn back. > > > > Turkish proverb > > > > [You'll know whether the road is wrong if you carefully listen > > > > to > > > > your > > > > conscience.] > > > > > > > > > > -- Tomáš Mráz No matter how far down the wrong road you've gone, turn back. Turkish proverb [You'll know whether the road is wrong if you carefully listen to your conscience.]
Re: Query regarding openssl-3.0.0 ecdsa self tests
Hello, Then, is this a bug in ECDSA POST ? Or have to rename the test , as it is misleading and can cause problems in FIPS certification ? Thanks, Nagarjun On Mon, Aug 30, 2021 at 3:51 PM Tomas Mraz wrote: > The question was about the fips module POST (power on self test) and > there what I wrote applies. Having special RNG providing constant data > to ECDSA/DSA would be possible to do but it is not required, it would > needlessly complicate the code, and add a risk of having such constant > RNG being accidentally used for something where real random numbers are > needed. > > Tomas > > On Mon, 2021-08-30 at 13:17 +0300, Billy Brumley wrote: > > This is not really true. At least, for some of the tests. > > > > https://github.com/openssl/openssl/blob/master/test/ecdsatest.c#L73 > > > > That hijacks the RNG to feed the expected nonce, so it can check vs a > > KAT. > > > > Cheers, > > > > BBB > > > > On Mon, Aug 30, 2021 at 12:40 PM Tomas Mraz > > wrote: > > > > > > Hello, > > > > > > your analysis is right. It does only pairwise consistency test as > > > the > > > KAT is impossible to do for regular DSA and ECDSA due to random > > > nonce > > > being input of the signature algorithm and thus the signature > > > always > > > changes. > > > > > > Tomas > > > > > > On Fri, 2021-08-27 at 22:47 +0530, Nagarjun J wrote: > > > > Hi, > > > > > > > > Does openssl-3.0.0 really does ecdsa KAT ? The post test logs > > > > says > > > > "ECDSA KAT :PASS. But when i debuged the code it actually doing > > > > ECDSA > > > > pairwise consistency test. > > > > > > > > Thanks, > > > > Nagarjun > > > > > > -- > > > Tomáš Mráz > > > No matter how far down the wrong road you've gone, turn back. > > > Turkish proverb > > > [You'll know whether the road is wrong if you carefully listen to > > > your > > > conscience.] > > > > > > > > -- > Tomáš Mráz > No matter how far down the wrong road you've gone, turn back. > Turkish proverb > [You'll know whether the road is wrong if you carefully listen to your > conscience.] > > >
Re: Query regarding openssl-3.0.0 ecdsa self tests
The question was about the fips module POST (power on self test) and there what I wrote applies. Having special RNG providing constant data to ECDSA/DSA would be possible to do but it is not required, it would needlessly complicate the code, and add a risk of having such constant RNG being accidentally used for something where real random numbers are needed. Tomas On Mon, 2021-08-30 at 13:17 +0300, Billy Brumley wrote: > This is not really true. At least, for some of the tests. > > https://github.com/openssl/openssl/blob/master/test/ecdsatest.c#L73 > > That hijacks the RNG to feed the expected nonce, so it can check vs a > KAT. > > Cheers, > > BBB > > On Mon, Aug 30, 2021 at 12:40 PM Tomas Mraz > wrote: > > > > Hello, > > > > your analysis is right. It does only pairwise consistency test as > > the > > KAT is impossible to do for regular DSA and ECDSA due to random > > nonce > > being input of the signature algorithm and thus the signature > > always > > changes. > > > > Tomas > > > > On Fri, 2021-08-27 at 22:47 +0530, Nagarjun J wrote: > > > Hi, > > > > > > Does openssl-3.0.0 really does ecdsa KAT ? The post test logs > > > says > > > "ECDSA KAT :PASS. But when i debuged the code it actually doing > > > ECDSA > > > pairwise consistency test. > > > > > > Thanks, > > > Nagarjun > > > > -- > > Tomáš Mráz > > No matter how far down the wrong road you've gone, turn back. > > Turkish proverb > > [You'll know whether the road is wrong if you carefully listen to > > your > > conscience.] > > > > -- Tomáš Mráz No matter how far down the wrong road you've gone, turn back. Turkish proverb [You'll know whether the road is wrong if you carefully listen to your conscience.]
Re: Query regarding openssl-3.0.0 ecdsa self tests
This is not really true. At least, for some of the tests. https://github.com/openssl/openssl/blob/master/test/ecdsatest.c#L73 That hijacks the RNG to feed the expected nonce, so it can check vs a KAT. Cheers, BBB On Mon, Aug 30, 2021 at 12:40 PM Tomas Mraz wrote: > > Hello, > > your analysis is right. It does only pairwise consistency test as the > KAT is impossible to do for regular DSA and ECDSA due to random nonce > being input of the signature algorithm and thus the signature always > changes. > > Tomas > > On Fri, 2021-08-27 at 22:47 +0530, Nagarjun J wrote: > > Hi, > > > > Does openssl-3.0.0 really does ecdsa KAT ? The post test logs says > > "ECDSA KAT :PASS. But when i debuged the code it actually doing ECDSA > > pairwise consistency test. > > > > Thanks, > > Nagarjun > > -- > Tomáš Mráz > No matter how far down the wrong road you've gone, turn back. > Turkish proverb > [You'll know whether the road is wrong if you carefully listen to your > conscience.] > >
Re: Query regarding openssl-3.0.0 ecdsa self tests
Hello, your analysis is right. It does only pairwise consistency test as the KAT is impossible to do for regular DSA and ECDSA due to random nonce being input of the signature algorithm and thus the signature always changes. Tomas On Fri, 2021-08-27 at 22:47 +0530, Nagarjun J wrote: > Hi, > > Does openssl-3.0.0 really does ecdsa KAT ? The post test logs says > "ECDSA KAT :PASS. But when i debuged the code it actually doing ECDSA > pairwise consistency test. > > Thanks, > Nagarjun -- Tomáš Mráz No matter how far down the wrong road you've gone, turn back. Turkish proverb [You'll know whether the road is wrong if you carefully listen to your conscience.]
Query regarding openssl-3.0.0 ecdsa self tests
Hi, Does openssl-3.0.0 really does ecdsa KAT ? The post test logs says "ECDSA KAT :PASS. But when i debuged the code it actually doing ECDSA pairwise consistency test. Thanks, Nagarjun
