From 60e5039793c2474d29ded039cf1a6b8107733a20 Mon Sep 17 00:00:00 2001 From: NIIBE Yutaka Date: Fri, 21 Feb 2025 14:24:41 +0900 Subject: [PATCH] cipher:rsa: Mark/reject SHA1/unknown with RSA signature generation. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * cipher/rsa-common.c (_gcry_rsa_pkcs1_encode_raw_for_sig): We can't determine if it's compliant when raw PKCS1 encoding is used. (_gcry_rsa_pss_encode): Add the behavior of marking non-compliant use. (_gcry_rsa_pss_verify): Likewise. * cipher/rsa.c (rsa_sign): Handle the check for SHA1. (rsa_verify): Likewise. * tests/t-fips-service-ind.c (check_pk_s_v): Add use cases for RSA and Ed25519. -- GnuPG-bug-id: 7338 Signed-off-by: NIIBE Yutaka Signed-off-by: Lucas Mülling --- cipher/rsa-common.c | 28 +++- cipher/rsa.c | 34 +++++ tests/t-fips-service-ind.c | 290 ++++++++++++++++++++++++++++++++++++- 3 files changed, 347 insertions(+), 5 deletions(-) diff --git a/cipher/rsa-common.c b/cipher/rsa-common.c index 1920eedd..c1d2dcd5 100644 --- a/cipher/rsa-common.c +++ b/cipher/rsa-common.c @@ -380,6 +380,16 @@ _gcry_rsa_pkcs1_encode_raw_for_sig (gcry_mpi_t *r_result, unsigned int nbits, int i; size_t n; + /* With RAW encoding, we can't know if the hash used is compliant or + * not. Reject or mark it's non-compliant. */ + if (fips_mode ()) + { + if (fips_check_rejection (GCRY_FIPS_FLAG_REJECT_PK_MD)) + return GPG_ERR_DIGEST_ALGO; + else + fips_service_indicator_mark_non_compliant (); + } + if ( !valuelen || valuelen + 4 > nframe) { /* Can't encode an DLEN byte digest MD into an NFRAME byte @@ -840,8 +850,13 @@ _gcry_rsa_pss_encode (gcry_mpi_t *r_result, unsigned int nbits, int algo, /* The FIPS 186-4 Section 5.5 allows only 0 <= sLen <= hLen */ if (fips_mode () && saltlen > hlen) { - rc = GPG_ERR_INV_ARG; - goto leave; + if (fips_check_rejection (GCRY_FIPS_FLAG_REJECT_PK)) + { + rc = GPG_ERR_INV_ARG; + goto leave; + } + else + fips_service_indicator_mark_non_compliant (); } /* Allocate a help buffer and setup some pointers. */ @@ -1006,8 +1021,13 @@ _gcry_rsa_pss_verify (gcry_mpi_t value, int hashed_already, /* The FIPS 186-4 Section 5.5 allows only 0 <= sLen <= hLen */ if (fips_mode () && saltlen > hlen) { - rc = GPG_ERR_INV_ARG; - goto leave; + if (fips_check_rejection (GCRY_FIPS_FLAG_REJECT_PK)) + { + rc = GPG_ERR_INV_ARG; + goto leave; + } + else + fips_service_indicator_mark_non_compliant (); } /* Allocate a help buffer and setup some pointers. diff --git a/cipher/rsa.c b/cipher/rsa.c index c7a809f4..c1329644 100644 --- a/cipher/rsa.c +++ b/cipher/rsa.c @@ -1613,6 +1613,23 @@ rsa_sign (gcry_sexp_t *r_sig, gcry_sexp_t s_data, gcry_sexp_t keyparms) } } + /* Check if use of the hash is compliant. */ + if (fips_mode ()) + { + /* SHA1 is approved hash function, but not for digital signature. */ + if (_gcry_md_algo_info (ctx.hash_algo, GCRYCTL_TEST_ALGO, NULL, NULL) + || ctx.hash_algo == GCRY_MD_SHA1) + { + if (fips_check_rejection (GCRY_FIPS_FLAG_REJECT_PK_MD)) + { + rc = GPG_ERR_DIGEST_ALGO; + goto leave; + } + else + fips_service_indicator_mark_non_compliant (); + } + } + /* Do RSA computation. */ sig = mpi_new (0); if ((ctx.flags & PUBKEY_FLAG_NO_BLINDING)) @@ -1720,6 +1737,23 @@ rsa_verify (gcry_sexp_t s_sig, gcry_sexp_t s_data, gcry_sexp_t keyparms) log_printmpi ("rsa_verify e", pk.e); } + /* Check if use of the hash is compliant. */ + if (fips_mode ()) + { + /* SHA1 is approved hash function, but not for digital signature. */ + if (_gcry_md_algo_info (ctx.hash_algo, GCRYCTL_TEST_ALGO, NULL, NULL) + || ctx.hash_algo == GCRY_MD_SHA1) + { + if (fips_check_rejection (GCRY_FIPS_FLAG_REJECT_PK_MD)) + { + rc = GPG_ERR_DIGEST_ALGO; + goto leave; + } + else + fips_service_indicator_mark_non_compliant (); + } + } + /* Do RSA computation and compare. */ result = mpi_new (0); public (result, sig, &pk); diff --git a/tests/t-fips-service-ind.c b/tests/t-fips-service-ind.c index ed5f8d3f..bec6c27e 100644 --- a/tests/t-fips-service-ind.c +++ b/tests/t-fips-service-ind.c @@ -231,7 +231,8 @@ check_pk_s_v (int reject) const char *data; int expect_failure; } tv[] = { - { + { /* Hashing is done externally, and feeded + to gcry_pk_sign, specifing the hash used */ "(private-key (ecc (curve nistp256)" " (d #519b423d715f8b581f4fa8ee59f4771a5b44c8130b4e3eacca54a56dda72b464#)))", "(public-key (ecc (curve nistp256)" @@ -271,6 +272,293 @@ check_pk_s_v (int reject) "#00112233445566778899AABBCCDDEEFF00010203#))", 1 }, + { /* Hashing is done internally in + gcry_pk_sign with the hash-algo specified. */ + "(private-key\n" + " (ecc\n" + " (curve Ed25519)(flags eddsa)\n" + " (q #4014DB483F15527253B25B4C72BEA8BB70255029636BD71DBBCCD5D8BF48A35F17#)" + " (d #09A0C38E0F1699073541447C19DA12E3A07A7BFDB0C186E4AC5BCE6F23D55252#)" + "))", + "(public-key\n" + " (ecc\n" + " (curve Ed25519)(flags eddsa)\n" + " (q #4014DB483F15527253B25B4C72BEA8BB70255029636BD71DBBCCD5D8BF48A35F17#)" + "))", + "(data(flags eddsa)(hash-algo sha512)(value " + "#00112233445566778899AABBCCDDEEFF000102030405060708090A0B0C0D0E0F" + " 00112233445566778899AABBCCDDEEFF000102030405060708090A0B0C0D0E0F" + " 00112233445566778899AABBCCDDEEFF000102030405060708090A0B0C0D0E0F#))", + 0 + }, + { /* RSA with compliant hash for signing */ + "(private-key" + " (rsa" + " (n #009F56231A3D82E3E7D613D59D53E9AB921BEF9F08A782AED0B6E46ADBC853EC" + " 7C71C422435A3CD8FA0DB9EFD55CD3295BADC4E8E2E2B94E15AE82866AB8ADE8" + " 7E469FAE76DC3577DE87F1F419C4EB41123DFAF8D16922D5EDBAD6E9076D5A1C" + " 958106F0AE5E2E9193C6B49124C64C2A241C4075D4AF16299EB87A6585BAE917" + " DEF27FCDD165764D069BC18D16527B29DAAB549F7BBED4A7C6A842D203ED6613" + " 6E2411744E432CD26D940132F25874483DCAEECDFD95744819CBCF1EA810681C" + " 42907EBCB1C7EAFBE75C87EC32C5413EA10476545D3FC7B2ADB1B66B7F200918" + " 664B0E5261C2895AA28B0DE321E921B3F877172CCCAB81F43EF98002916156F6" + " CB#)\n" + " (e #010001#)\n" + " (d #07EF82500C403899934FE993AC5A36F14FF2DF38CF1EF315F205EE4C83EDAA19" + " 8890FC23DE9AA933CAFB37B6A8A8DBA675411958337287310D3FF2F1DDC0CB93" + " 7E70F57F75F833C021852B631D2B9A520E4431A03C5C3FCB5742DCD841D9FB12" + " 771AA1620DCEC3F1583426066ED9DC3F7028C5B59202C88FDF20396E2FA0EC4F" + " 5A22D9008F3043673931BC14A5046D6327398327900867E39CC61B2D1AFE2F48" + " EC8E1E3861C68D257D7425F4E6F99ABD77D61F10CA100EFC14389071831B33DD" + " 69CC8EABEF860D1DC2AAA84ABEAE5DFC91BC124DAF0F4C8EF5BBEA436751DE84" + " 3A8063E827A024466F44C28614F93B0732A100D4A0D86D532FE1E22C7725E401" + " #)\n" + " (p #00C29D438F115825779631CD665A5739367F3E128ADC29766483A46CA80897E0" + " 79B32881860B8F9A6A04C2614A904F6F2578DAE13EA67CD60AE3D0AA00A1FF9B" + " 441485E44B2DC3D0B60260FBFE073B5AC72FAF67964DE15C8212C389D20DB9CF" + " 54AF6AEF5C4196EAA56495DD30CF709F499D5AB30CA35E086C2A1589D6283F17" + " 83#)\n" + " (q #00D1984135231CB243FE959C0CBEF551EDD986AD7BEDF71EDF447BE3DA27AF46" + " 79C974A6FA69E4D52FE796650623DE70622862713932AA2FD9F2EC856EAEAA77" + " 88B4EA6084DC81C902F014829B18EA8B2666EC41586818E0589E18876065F97E" + " 8D22CE2DA53A05951EC132DCEF41E70A9C35F4ACC268FFAC2ADF54FA1DA110B9" + " 19#)\n" + " (u #67CF0FD7635205DD80FA814EE9E9C267C17376BF3209FB5D1BC42890D2822A04" + " 479DAF4D5B6ED69D0F8D1AF94164D07F8CD52ECEFE880641FA0F41DDAB1785E4" + " A37A32F997A516480B4CD4F6482B9466A1765093ED95023CA32D5EDC1E34CEE9" + " AF595BC51FE43C4BF810FA225AF697FB473B83815966188A4312C048B885E3F7" + " #)))\n", + "(public-key\n" + " (rsa\n" + " (n #009F56231A3D82E3E7D613D59D53E9AB921BEF9F08A782AED0B6E46ADBC853EC" + " 7C71C422435A3CD8FA0DB9EFD55CD3295BADC4E8E2E2B94E15AE82866AB8ADE8" + " 7E469FAE76DC3577DE87F1F419C4EB41123DFAF8D16922D5EDBAD6E9076D5A1C" + " 958106F0AE5E2E9193C6B49124C64C2A241C4075D4AF16299EB87A6585BAE917" + " DEF27FCDD165764D069BC18D16527B29DAAB549F7BBED4A7C6A842D203ED6613" + " 6E2411744E432CD26D940132F25874483DCAEECDFD95744819CBCF1EA810681C" + " 42907EBCB1C7EAFBE75C87EC32C5413EA10476545D3FC7B2ADB1B66B7F200918" + " 664B0E5261C2895AA28B0DE321E921B3F877172CCCAB81F43EF98002916156F6" + " CB#)\n" + " (e #010001#)))\n", + "(data\n (flags pkcs1)\n" + " (hash sha256 " + "#00112233445566778899AABBCCDDEEFF000102030405060708090A0B0C0D0E0F#))\n", + 0 + }, + { /* RSA with non-compliant hash for signing */ + "(private-key" + " (rsa" + " (n #009F56231A3D82E3E7D613D59D53E9AB921BEF9F08A782AED0B6E46ADBC853EC" + " 7C71C422435A3CD8FA0DB9EFD55CD3295BADC4E8E2E2B94E15AE82866AB8ADE8" + " 7E469FAE76DC3577DE87F1F419C4EB41123DFAF8D16922D5EDBAD6E9076D5A1C" + " 958106F0AE5E2E9193C6B49124C64C2A241C4075D4AF16299EB87A6585BAE917" + " DEF27FCDD165764D069BC18D16527B29DAAB549F7BBED4A7C6A842D203ED6613" + " 6E2411744E432CD26D940132F25874483DCAEECDFD95744819CBCF1EA810681C" + " 42907EBCB1C7EAFBE75C87EC32C5413EA10476545D3FC7B2ADB1B66B7F200918" + " 664B0E5261C2895AA28B0DE321E921B3F877172CCCAB81F43EF98002916156F6" + " CB#)\n" + " (e #010001#)\n" + " (d #07EF82500C403899934FE993AC5A36F14FF2DF38CF1EF315F205EE4C83EDAA19" + " 8890FC23DE9AA933CAFB37B6A8A8DBA675411958337287310D3FF2F1DDC0CB93" + " 7E70F57F75F833C021852B631D2B9A520E4431A03C5C3FCB5742DCD841D9FB12" + " 771AA1620DCEC3F1583426066ED9DC3F7028C5B59202C88FDF20396E2FA0EC4F" + " 5A22D9008F3043673931BC14A5046D6327398327900867E39CC61B2D1AFE2F48" + " EC8E1E3861C68D257D7425F4E6F99ABD77D61F10CA100EFC14389071831B33DD" + " 69CC8EABEF860D1DC2AAA84ABEAE5DFC91BC124DAF0F4C8EF5BBEA436751DE84" + " 3A8063E827A024466F44C28614F93B0732A100D4A0D86D532FE1E22C7725E401" + " #)\n" + " (p #00C29D438F115825779631CD665A5739367F3E128ADC29766483A46CA80897E0" + " 79B32881860B8F9A6A04C2614A904F6F2578DAE13EA67CD60AE3D0AA00A1FF9B" + " 441485E44B2DC3D0B60260FBFE073B5AC72FAF67964DE15C8212C389D20DB9CF" + " 54AF6AEF5C4196EAA56495DD30CF709F499D5AB30CA35E086C2A1589D6283F17" + " 83#)\n" + " (q #00D1984135231CB243FE959C0CBEF551EDD986AD7BEDF71EDF447BE3DA27AF46" + " 79C974A6FA69E4D52FE796650623DE70622862713932AA2FD9F2EC856EAEAA77" + " 88B4EA6084DC81C902F014829B18EA8B2666EC41586818E0589E18876065F97E" + " 8D22CE2DA53A05951EC132DCEF41E70A9C35F4ACC268FFAC2ADF54FA1DA110B9" + " 19#)\n" + " (u #67CF0FD7635205DD80FA814EE9E9C267C17376BF3209FB5D1BC42890D2822A04" + " 479DAF4D5B6ED69D0F8D1AF94164D07F8CD52ECEFE880641FA0F41DDAB1785E4" + " A37A32F997A516480B4CD4F6482B9466A1765093ED95023CA32D5EDC1E34CEE9" + " AF595BC51FE43C4BF810FA225AF697FB473B83815966188A4312C048B885E3F7" + " #)))\n", + "(public-key\n" + " (rsa\n" + " (n #009F56231A3D82E3E7D613D59D53E9AB921BEF9F08A782AED0B6E46ADBC853EC" + " 7C71C422435A3CD8FA0DB9EFD55CD3295BADC4E8E2E2B94E15AE82866AB8ADE8" + " 7E469FAE76DC3577DE87F1F419C4EB41123DFAF8D16922D5EDBAD6E9076D5A1C" + " 958106F0AE5E2E9193C6B49124C64C2A241C4075D4AF16299EB87A6585BAE917" + " DEF27FCDD165764D069BC18D16527B29DAAB549F7BBED4A7C6A842D203ED6613" + " 6E2411744E432CD26D940132F25874483DCAEECDFD95744819CBCF1EA810681C" + " 42907EBCB1C7EAFBE75C87EC32C5413EA10476545D3FC7B2ADB1B66B7F200918" + " 664B0E5261C2895AA28B0DE321E921B3F877172CCCAB81F43EF98002916156F6" + " CB#)\n" + " (e #010001#)))\n", + "(data\n (flags pkcs1)\n" + " (hash sha1 #11223344556677889900AABBCCDDEEFF10203040#))\n", + 1 + }, + { /* RSA with unknown hash for signing */ + "(private-key" + " (rsa" + " (n #009F56231A3D82E3E7D613D59D53E9AB921BEF9F08A782AED0B6E46ADBC853EC" + " 7C71C422435A3CD8FA0DB9EFD55CD3295BADC4E8E2E2B94E15AE82866AB8ADE8" + " 7E469FAE76DC3577DE87F1F419C4EB41123DFAF8D16922D5EDBAD6E9076D5A1C" + " 958106F0AE5E2E9193C6B49124C64C2A241C4075D4AF16299EB87A6585BAE917" + " DEF27FCDD165764D069BC18D16527B29DAAB549F7BBED4A7C6A842D203ED6613" + " 6E2411744E432CD26D940132F25874483DCAEECDFD95744819CBCF1EA810681C" + " 42907EBCB1C7EAFBE75C87EC32C5413EA10476545D3FC7B2ADB1B66B7F200918" + " 664B0E5261C2895AA28B0DE321E921B3F877172CCCAB81F43EF98002916156F6" + " CB#)\n" + " (e #010001#)\n" + " (d #07EF82500C403899934FE993AC5A36F14FF2DF38CF1EF315F205EE4C83EDAA19" + " 8890FC23DE9AA933CAFB37B6A8A8DBA675411958337287310D3FF2F1DDC0CB93" + " 7E70F57F75F833C021852B631D2B9A520E4431A03C5C3FCB5742DCD841D9FB12" + " 771AA1620DCEC3F1583426066ED9DC3F7028C5B59202C88FDF20396E2FA0EC4F" + " 5A22D9008F3043673931BC14A5046D6327398327900867E39CC61B2D1AFE2F48" + " EC8E1E3861C68D257D7425F4E6F99ABD77D61F10CA100EFC14389071831B33DD" + " 69CC8EABEF860D1DC2AAA84ABEAE5DFC91BC124DAF0F4C8EF5BBEA436751DE84" + " 3A8063E827A024466F44C28614F93B0732A100D4A0D86D532FE1E22C7725E401" + " #)\n" + " (p #00C29D438F115825779631CD665A5739367F3E128ADC29766483A46CA80897E0" + " 79B32881860B8F9A6A04C2614A904F6F2578DAE13EA67CD60AE3D0AA00A1FF9B" + " 441485E44B2DC3D0B60260FBFE073B5AC72FAF67964DE15C8212C389D20DB9CF" + " 54AF6AEF5C4196EAA56495DD30CF709F499D5AB30CA35E086C2A1589D6283F17" + " 83#)\n" + " (q #00D1984135231CB243FE959C0CBEF551EDD986AD7BEDF71EDF447BE3DA27AF46" + " 79C974A6FA69E4D52FE796650623DE70622862713932AA2FD9F2EC856EAEAA77" + " 88B4EA6084DC81C902F014829B18EA8B2666EC41586818E0589E18876065F97E" + " 8D22CE2DA53A05951EC132DCEF41E70A9C35F4ACC268FFAC2ADF54FA1DA110B9" + " 19#)\n" + " (u #67CF0FD7635205DD80FA814EE9E9C267C17376BF3209FB5D1BC42890D2822A04" + " 479DAF4D5B6ED69D0F8D1AF94164D07F8CD52ECEFE880641FA0F41DDAB1785E4" + " A37A32F997A516480B4CD4F6482B9466A1765093ED95023CA32D5EDC1E34CEE9" + " AF595BC51FE43C4BF810FA225AF697FB473B83815966188A4312C048B885E3F7" + " #)))\n", + "(public-key\n" + " (rsa\n" + " (n #009F56231A3D82E3E7D613D59D53E9AB921BEF9F08A782AED0B6E46ADBC853EC" + " 7C71C422435A3CD8FA0DB9EFD55CD3295BADC4E8E2E2B94E15AE82866AB8ADE8" + " 7E469FAE76DC3577DE87F1F419C4EB41123DFAF8D16922D5EDBAD6E9076D5A1C" + " 958106F0AE5E2E9193C6B49124C64C2A241C4075D4AF16299EB87A6585BAE917" + " DEF27FCDD165764D069BC18D16527B29DAAB549F7BBED4A7C6A842D203ED6613" + " 6E2411744E432CD26D940132F25874483DCAEECDFD95744819CBCF1EA810681C" + " 42907EBCB1C7EAFBE75C87EC32C5413EA10476545D3FC7B2ADB1B66B7F200918" + " 664B0E5261C2895AA28B0DE321E921B3F877172CCCAB81F43EF98002916156F6" + " CB#)\n" + " (e #010001#)))\n", + "(data\n (flags pkcs1-raw)\n" + " (value " + "#00112233445566778899AABBCCDDEEFF000102030405060708090A0B0C0D0E0F#))\n", + 1 + }, + { /* RSA with compliant hash for signing */ + "(private-key" + " (rsa" + " (n #009F56231A3D82E3E7D613D59D53E9AB921BEF9F08A782AED0B6E46ADBC853EC" + " 7C71C422435A3CD8FA0DB9EFD55CD3295BADC4E8E2E2B94E15AE82866AB8ADE8" + " 7E469FAE76DC3577DE87F1F419C4EB41123DFAF8D16922D5EDBAD6E9076D5A1C" + " 958106F0AE5E2E9193C6B49124C64C2A241C4075D4AF16299EB87A6585BAE917" + " DEF27FCDD165764D069BC18D16527B29DAAB549F7BBED4A7C6A842D203ED6613" + " 6E2411744E432CD26D940132F25874483DCAEECDFD95744819CBCF1EA810681C" + " 42907EBCB1C7EAFBE75C87EC32C5413EA10476545D3FC7B2ADB1B66B7F200918" + " 664B0E5261C2895AA28B0DE321E921B3F877172CCCAB81F43EF98002916156F6" + " CB#)\n" + " (e #010001#)\n" + " (d #07EF82500C403899934FE993AC5A36F14FF2DF38CF1EF315F205EE4C83EDAA19" + " 8890FC23DE9AA933CAFB37B6A8A8DBA675411958337287310D3FF2F1DDC0CB93" + " 7E70F57F75F833C021852B631D2B9A520E4431A03C5C3FCB5742DCD841D9FB12" + " 771AA1620DCEC3F1583426066ED9DC3F7028C5B59202C88FDF20396E2FA0EC4F" + " 5A22D9008F3043673931BC14A5046D6327398327900867E39CC61B2D1AFE2F48" + " EC8E1E3861C68D257D7425F4E6F99ABD77D61F10CA100EFC14389071831B33DD" + " 69CC8EABEF860D1DC2AAA84ABEAE5DFC91BC124DAF0F4C8EF5BBEA436751DE84" + " 3A8063E827A024466F44C28614F93B0732A100D4A0D86D532FE1E22C7725E401" + " #)\n" + " (p #00C29D438F115825779631CD665A5739367F3E128ADC29766483A46CA80897E0" + " 79B32881860B8F9A6A04C2614A904F6F2578DAE13EA67CD60AE3D0AA00A1FF9B" + " 441485E44B2DC3D0B60260FBFE073B5AC72FAF67964DE15C8212C389D20DB9CF" + " 54AF6AEF5C4196EAA56495DD30CF709F499D5AB30CA35E086C2A1589D6283F17" + " 83#)\n" + " (q #00D1984135231CB243FE959C0CBEF551EDD986AD7BEDF71EDF447BE3DA27AF46" + " 79C974A6FA69E4D52FE796650623DE70622862713932AA2FD9F2EC856EAEAA77" + " 88B4EA6084DC81C902F014829B18EA8B2666EC41586818E0589E18876065F97E" + " 8D22CE2DA53A05951EC132DCEF41E70A9C35F4ACC268FFAC2ADF54FA1DA110B9" + " 19#)\n" + " (u #67CF0FD7635205DD80FA814EE9E9C267C17376BF3209FB5D1BC42890D2822A04" + " 479DAF4D5B6ED69D0F8D1AF94164D07F8CD52ECEFE880641FA0F41DDAB1785E4" + " A37A32F997A516480B4CD4F6482B9466A1765093ED95023CA32D5EDC1E34CEE9" + " AF595BC51FE43C4BF810FA225AF697FB473B83815966188A4312C048B885E3F7" + " #)))\n", + "(public-key\n" + " (rsa\n" + " (n #009F56231A3D82E3E7D613D59D53E9AB921BEF9F08A782AED0B6E46ADBC853EC" + " 7C71C422435A3CD8FA0DB9EFD55CD3295BADC4E8E2E2B94E15AE82866AB8ADE8" + " 7E469FAE76DC3577DE87F1F419C4EB41123DFAF8D16922D5EDBAD6E9076D5A1C" + " 958106F0AE5E2E9193C6B49124C64C2A241C4075D4AF16299EB87A6585BAE917" + " DEF27FCDD165764D069BC18D16527B29DAAB549F7BBED4A7C6A842D203ED6613" + " 6E2411744E432CD26D940132F25874483DCAEECDFD95744819CBCF1EA810681C" + " 42907EBCB1C7EAFBE75C87EC32C5413EA10476545D3FC7B2ADB1B66B7F200918" + " 664B0E5261C2895AA28B0DE321E921B3F877172CCCAB81F43EF98002916156F6" + " CB#)\n" + " (e #010001#)))\n", + "(data\n (flags pss)\n" + " (hash sha256 " + "#00112233445566778899AABBCCDDEEFF000102030405060708090A0B0C0D0E0F#))\n", + 0 + }, + { /* RSA with non-compliant hash for signing */ + "(private-key" + " (rsa" + " (n #009F56231A3D82E3E7D613D59D53E9AB921BEF9F08A782AED0B6E46ADBC853EC" + " 7C71C422435A3CD8FA0DB9EFD55CD3295BADC4E8E2E2B94E15AE82866AB8ADE8" + " 7E469FAE76DC3577DE87F1F419C4EB41123DFAF8D16922D5EDBAD6E9076D5A1C" + " 958106F0AE5E2E9193C6B49124C64C2A241C4075D4AF16299EB87A6585BAE917" + " DEF27FCDD165764D069BC18D16527B29DAAB549F7BBED4A7C6A842D203ED6613" + " 6E2411744E432CD26D940132F25874483DCAEECDFD95744819CBCF1EA810681C" + " 42907EBCB1C7EAFBE75C87EC32C5413EA10476545D3FC7B2ADB1B66B7F200918" + " 664B0E5261C2895AA28B0DE321E921B3F877172CCCAB81F43EF98002916156F6" + " CB#)\n" + " (e #010001#)\n" + " (d #07EF82500C403899934FE993AC5A36F14FF2DF38CF1EF315F205EE4C83EDAA19" + " 8890FC23DE9AA933CAFB37B6A8A8DBA675411958337287310D3FF2F1DDC0CB93" + " 7E70F57F75F833C021852B631D2B9A520E4431A03C5C3FCB5742DCD841D9FB12" + " 771AA1620DCEC3F1583426066ED9DC3F7028C5B59202C88FDF20396E2FA0EC4F" + " 5A22D9008F3043673931BC14A5046D6327398327900867E39CC61B2D1AFE2F48" + " EC8E1E3861C68D257D7425F4E6F99ABD77D61F10CA100EFC14389071831B33DD" + " 69CC8EABEF860D1DC2AAA84ABEAE5DFC91BC124DAF0F4C8EF5BBEA436751DE84" + " 3A8063E827A024466F44C28614F93B0732A100D4A0D86D532FE1E22C7725E401" + " #)\n" + " (p #00C29D438F115825779631CD665A5739367F3E128ADC29766483A46CA80897E0" + " 79B32881860B8F9A6A04C2614A904F6F2578DAE13EA67CD60AE3D0AA00A1FF9B" + " 441485E44B2DC3D0B60260FBFE073B5AC72FAF67964DE15C8212C389D20DB9CF" + " 54AF6AEF5C4196EAA56495DD30CF709F499D5AB30CA35E086C2A1589D6283F17" + " 83#)\n" + " (q #00D1984135231CB243FE959C0CBEF551EDD986AD7BEDF71EDF447BE3DA27AF46" + " 79C974A6FA69E4D52FE796650623DE70622862713932AA2FD9F2EC856EAEAA77" + " 88B4EA6084DC81C902F014829B18EA8B2666EC41586818E0589E18876065F97E" + " 8D22CE2DA53A05951EC132DCEF41E70A9C35F4ACC268FFAC2ADF54FA1DA110B9" + " 19#)\n" + " (u #67CF0FD7635205DD80FA814EE9E9C267C17376BF3209FB5D1BC42890D2822A04" + " 479DAF4D5B6ED69D0F8D1AF94164D07F8CD52ECEFE880641FA0F41DDAB1785E4" + " A37A32F997A516480B4CD4F6482B9466A1765093ED95023CA32D5EDC1E34CEE9" + " AF595BC51FE43C4BF810FA225AF697FB473B83815966188A4312C048B885E3F7" + " #)))\n", + "(public-key\n" + " (rsa\n" + " (n #009F56231A3D82E3E7D613D59D53E9AB921BEF9F08A782AED0B6E46ADBC853EC" + " 7C71C422435A3CD8FA0DB9EFD55CD3295BADC4E8E2E2B94E15AE82866AB8ADE8" + " 7E469FAE76DC3577DE87F1F419C4EB41123DFAF8D16922D5EDBAD6E9076D5A1C" + " 958106F0AE5E2E9193C6B49124C64C2A241C4075D4AF16299EB87A6585BAE917" + " DEF27FCDD165764D069BC18D16527B29DAAB549F7BBED4A7C6A842D203ED6613" + " 6E2411744E432CD26D940132F25874483DCAEECDFD95744819CBCF1EA810681C" + " 42907EBCB1C7EAFBE75C87EC32C5413EA10476545D3FC7B2ADB1B66B7F200918" + " 664B0E5261C2895AA28B0DE321E921B3F877172CCCAB81F43EF98002916156F6" + " CB#)\n" + " (e #010001#)))\n", + "(data\n (flags pss)\n" + " (hash sha1 #11223344556677889900AABBCCDDEEFF10203040#))\n", + 1 + } }; int tvidx; gpg_error_t err; -- 2.49.0