Fixed DH tests for latest CentOS FIPS OpenSSL (#5604)

* Fixed DH tests for latest CentOS FIPS OpenSSL (1.1.1g)

Author: alex

.github/workflows/ci.yml

@@ -88,7 +88,7 @@ jobs:
         IMAGE:
           - {IMAGE: "pyca/cryptography-runner-centos8", TOXENV: "py27"}
           - {IMAGE: "pyca/cryptography-runner-centos8", TOXENV: "py36"}
-          - {IMAGE: "pyca/cryptography-runner-centos8-fips", TOXENV: "py36", ENV: "OPENSSL_FORCE_FIPS_MODE=1"}
+          - {IMAGE: "pyca/cryptography-runner-centos8-fips", TOXENV: "py36", FIPS: true}
           - {IMAGE: "pyca/cryptography-runner-stretch", TOXENV: "py27"}
           - {IMAGE: "pyca/cryptography-runner-buster", TOXENV: "py37"}
           - {IMAGE: "pyca/cryptography-runner-bullseye", TOXENV: "py38"}
@@ -100,20 +100,20 @@ jobs:
           - {IMAGE: "pyca/cryptography-runner-ubuntu-rolling", TOXENV: "py38-randomorder"}
           - {IMAGE: "pyca/cryptography-runner-fedora", TOXENV: "py39"}
           - {IMAGE: "pyca/cryptography-runner-alpine", TOXENV: "py38"}
-    name: "tox -e ${{ matrix.IMAGE.TOXENV }} on ${{ matrix.IMAGE.IMAGE }} ${{ matrix.IMAGE.ENV }}"
+    name: "tox -e ${{ matrix.IMAGE.TOXENV }} on ${{ matrix.IMAGE.IMAGE }}"
     steps:
       - uses: actions/checkout@v2
       - run: 'git clone --depth=1 https://github.com/google/wycheproof "$HOME/wycheproof"'
-      - run: 'echo "$ENV_VAR" >> $GITHUB_ENV'
-        if: matrix.IMAGE.ENV
-        env:
-          ENV_VAR: ${{ matrix.IMAGE.ENV }}
+      - run: |
+          echo "OPENSSL_FORCE_FIPS_MODE=1" >> $GITHUB_ENV
+          echo "CFLAGS=-DUSE_OSRANDOM_RNG_FOR_TESTING" >> $GITHUB_ENV
+        if: matrix.IMAGE.FIPS
       - run: 'tox -- --wycheproof-root="$HOME/wycheproof"'
         env:
           TOXENV: ${{ matrix.IMAGE.TOXENV }}
       - uses: ./.github/actions/upload-coverage
         with:
-          name: "tox -e ${{ matrix.IMAGE.TOXENV }} on ${{ matrix.IMAGE.IMAGE }} ${{ matrix.IMAGE.ENV }}"
+          name: "tox -e ${{ matrix.IMAGE.TOXENV }} on ${{ matrix.IMAGE.IMAGE }}"
 
   macos:
     runs-on: macos-latest

tests/hazmat/primitives/test_dh.py

@@ -151,6 +151,7 @@ def test_unsupported_generator_generate_dh(self, backend):
         with pytest.raises(ValueError):
             dh.generate_parameters(7, 512, backend)
 
+    @pytest.mark.skip_fips(reason="non-FIPS parameters")
     def test_dh_parameters_supported(self, backend):
         valid_p = int(
             b"907c7211ae61aaaba1825ff53b6cb71ac6df9f1a424c033f4a0a41ac42fad3a9"
@@ -171,6 +172,12 @@ def test_dh_parameters_supported(self, backend):
     )
     def test_dh_parameters_allows_rfc3526_groups(self, backend, vector):
         p = int_from_bytes(binascii.unhexlify(vector["p"]), "big")
+        if (
+            backend._fips_enabled
+            and p.bit_length() < backend._fips_dh_min_modulus
+        ):
+            pytest.skip("modulus too small for FIPS mode")
+
         params = dh.DHParameterNumbers(p, int(vector["g"]))
         param = params.parameters(backend)
         key = param.generate_private_key()
@@ -180,6 +187,7 @@ def test_dh_parameters_allows_rfc3526_groups(self, backend, vector):
         roundtripped_key = key.private_numbers().private_key(backend)
         assert key.private_numbers() == roundtripped_key.private_numbers()
 
+    @pytest.mark.skip_fips(reason="non-FIPS parameters")
     @pytest.mark.parametrize(
         "vector",
         load_vectors_from_file(
@@ -227,6 +235,7 @@ def test_convert_to_numbers(self, backend, with_q):
             deserialized_private, dh.DHPrivateKeyWithSerialization
         )
 
+    @pytest.mark.skip_fips(reason="FIPS requires specific parameters")
     def test_numbers_unsupported_parameters(self, backend):
         # p is set to P_1536 + 1 because when calling private_key we want it to
         # fail the DH_check call OpenSSL does, but we specifically want it to
@@ -415,6 +424,7 @@ def test_dh_vectors(self, backend, vector):
 
         assert int_from_bytes(symkey, "big") == int(vector["k"], 16)
 
+    @pytest.mark.skip_fips(reason="non-FIPS parameters")
     @pytest.mark.parametrize(
         "vector",
         load_vectors_from_file(
@@ -477,6 +487,7 @@ def test_private_bytes_rejects_invalid(self, encoding, fmt, backend):
         with pytest.raises(ValueError):
             key.private_bytes(encoding, fmt, serialization.NoEncryption())
 
+    @pytest.mark.skip_fips(reason="non-FIPS parameters")
     @pytest.mark.parametrize(
         ("key_path", "loader_func", "encoding", "is_dhx"),
         [
@@ -521,6 +532,7 @@ def test_private_bytes_match(
         )
         assert serialized == key_bytes
 
+    @pytest.mark.skip_fips(reason="non-FIPS parameters")
     @pytest.mark.parametrize(
         ("key_path", "loader_func", "vec_path", "is_dhx"),
         [

tests/hazmat/primitives/test_serialization.py

@@ -1757,6 +1757,7 @@ def test_openssh_serialization_unsupported(self, backend):
 class TestDHSerialization(object):
     """Test all options with least-supported key type."""
 
+    @pytest.mark.skip_fips(reason="non-FIPS parameters")
     def test_dh_public_key(self, backend):
         data = load_vectors_from_file(
             os.path.join("asymmetric", "DH", "dhkey.pem"),
@@ -1788,6 +1789,7 @@ def test_dh_public_key(self, backend):
                 with pytest.raises(ValueError):
                     public_key.public_bytes(enc, fmt)
 
+    @pytest.mark.skip_fips(reason="non-FIPS parameters")
     def test_dh_private_key(self, backend):
         data = load_vectors_from_file(
             os.path.join("asymmetric", "DH", "dhkey.pem"),

tests/x509/test_x509.py

@@ -41,6 +41,7 @@
 )
 from cryptography.hazmat.primitives import hashes, serialization
 from cryptography.hazmat.primitives.asymmetric import (
+    dh,
     dsa,
     ec,
     ed25519,
@@ -51,6 +52,7 @@
 from cryptography.hazmat.primitives.asymmetric.utils import (
     decode_dss_signature,
 )
+from cryptography.utils import int_from_bytes
 from cryptography.x509.name import _ASN1Type
 from cryptography.x509.oid import (
     AuthorityInformationAccessOID,
@@ -65,7 +67,7 @@
 from ..hazmat.primitives.fixtures_ec import EC_KEY_SECP256R1
 from ..hazmat.primitives.fixtures_rsa import RSA_KEY_2048, RSA_KEY_512
 from ..hazmat.primitives.test_ec import _skip_curve_unsupported
-from ..utils import load_vectors_from_file
+from ..utils import load_nist_vectors, load_vectors_from_file
 
 
 @utils.register_interface(x509.ExtensionType)
@@ -5237,12 +5239,14 @@ class TestSignatureRejection(object):
     """Test if signing rejects DH keys properly."""
 
     def load_key(self, backend):
-        data = load_vectors_from_file(
-            os.path.join("asymmetric", "DH", "dhkey.pem"),
-            lambda pemfile: pemfile.read(),
-            mode="rb",
-        )
-        return serialization.load_pem_private_key(data, None, backend)
+        vector = load_vectors_from_file(
+            os.path.join("asymmetric", "DH", "rfc3526.txt"),
+            load_nist_vectors,
+        )[1]
+        p = int_from_bytes(binascii.unhexlify(vector["p"]), "big")
+        params = dh.DHParameterNumbers(p, int(vector["g"]))
+        param = params.parameters(backend)
+        return param.generate_private_key()
 
     def test_crt_signing_check(self, backend):
         issuer_private_key = self.load_key(backend)