1 1.1 christos /* 2 1.1 christos * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. 3 1.1 christos * 4 1.1 christos * Licensed under the Apache License 2.0 (the "License"). You may not use 5 1.1 christos * this file except in compliance with the License. You can obtain a copy 6 1.1 christos * in the file LICENSE in the source distribution or at 7 1.1 christos * https://www.openssl.org/source/license.html 8 1.1 christos */ 9 1.1 christos 10 1.1 christos /* 11 1.1 christos * DSA low level APIs are deprecated for public use, but still ok for 12 1.1 christos * internal use. 13 1.1 christos */ 14 1.1 christos #include "internal/deprecated.h" 15 1.1 christos 16 1.1 christos #include <stdio.h> 17 1.1 christos #include <stdlib.h> 18 1.1 christos #include <string.h> 19 1.1 christos #include <sys/types.h> 20 1.1 christos #include <sys/stat.h> 21 1.1 christos 22 1.1 christos #include <openssl/crypto.h> 23 1.1 christos #include <openssl/rand.h> 24 1.1 christos #include <openssl/bn.h> 25 1.1 christos #include <openssl/dsa.h> 26 1.1 christos #include <openssl/evp.h> 27 1.1 christos #include <openssl/core_names.h> 28 1.1 christos 29 1.1 christos #include "testutil.h" 30 1.1 christos #include "internal/nelem.h" 31 1.1 christos 32 1.1 christos #ifndef OPENSSL_NO_DSA 33 1.1 christos static int dsa_cb(int p, int n, BN_GENCB *arg); 34 1.1 christos 35 1.1 christos static unsigned char out_p[] = { 36 1.1.1.2 christos 0x8d, 37 1.1.1.2 christos 0xf2, 38 1.1.1.2 christos 0xa4, 39 1.1.1.2 christos 0x94, 40 1.1.1.2 christos 0x49, 41 1.1.1.2 christos 0x22, 42 1.1.1.2 christos 0x76, 43 1.1.1.2 christos 0xaa, 44 1.1.1.2 christos 0x3d, 45 1.1.1.2 christos 0x25, 46 1.1.1.2 christos 0x75, 47 1.1.1.2 christos 0x9b, 48 1.1.1.2 christos 0xb0, 49 1.1.1.2 christos 0x68, 50 1.1.1.2 christos 0x69, 51 1.1.1.2 christos 0xcb, 52 1.1.1.2 christos 0xea, 53 1.1.1.2 christos 0xc0, 54 1.1.1.2 christos 0xd8, 55 1.1.1.2 christos 0x3a, 56 1.1.1.2 christos 0xfb, 57 1.1.1.2 christos 0x8d, 58 1.1.1.2 christos 0x0c, 59 1.1.1.2 christos 0xf7, 60 1.1.1.2 christos 0xcb, 61 1.1.1.2 christos 0xb8, 62 1.1.1.2 christos 0x32, 63 1.1.1.2 christos 0x4f, 64 1.1.1.2 christos 0x0d, 65 1.1.1.2 christos 0x78, 66 1.1.1.2 christos 0x82, 67 1.1.1.2 christos 0xe5, 68 1.1.1.2 christos 0xd0, 69 1.1.1.2 christos 0x76, 70 1.1.1.2 christos 0x2f, 71 1.1.1.2 christos 0xc5, 72 1.1.1.2 christos 0xb7, 73 1.1.1.2 christos 0x21, 74 1.1.1.2 christos 0x0e, 75 1.1.1.2 christos 0xaf, 76 1.1.1.2 christos 0xc2, 77 1.1.1.2 christos 0xe9, 78 1.1.1.2 christos 0xad, 79 1.1.1.2 christos 0xac, 80 1.1.1.2 christos 0x32, 81 1.1.1.2 christos 0xab, 82 1.1.1.2 christos 0x7a, 83 1.1.1.2 christos 0xac, 84 1.1.1.2 christos 0x49, 85 1.1.1.2 christos 0x69, 86 1.1.1.2 christos 0x3d, 87 1.1.1.2 christos 0xfb, 88 1.1.1.2 christos 0xf8, 89 1.1.1.2 christos 0x37, 90 1.1.1.2 christos 0x24, 91 1.1.1.2 christos 0xc2, 92 1.1.1.2 christos 0xec, 93 1.1.1.2 christos 0x07, 94 1.1.1.2 christos 0x36, 95 1.1.1.2 christos 0xee, 96 1.1.1.2 christos 0x31, 97 1.1.1.2 christos 0xc8, 98 1.1.1.2 christos 0x02, 99 1.1.1.2 christos 0x91, 100 1.1 christos }; 101 1.1 christos static unsigned char out_q[] = { 102 1.1.1.2 christos 0xc7, 103 1.1.1.2 christos 0x73, 104 1.1.1.2 christos 0x21, 105 1.1.1.2 christos 0x8c, 106 1.1.1.2 christos 0x73, 107 1.1.1.2 christos 0x7e, 108 1.1.1.2 christos 0xc8, 109 1.1.1.2 christos 0xee, 110 1.1.1.2 christos 0x99, 111 1.1.1.2 christos 0x3b, 112 1.1.1.2 christos 0x4f, 113 1.1.1.2 christos 0x2d, 114 1.1.1.2 christos 0xed, 115 1.1.1.2 christos 0x30, 116 1.1.1.2 christos 0xf4, 117 1.1.1.2 christos 0x8e, 118 1.1.1.2 christos 0xda, 119 1.1.1.2 christos 0xce, 120 1.1.1.2 christos 0x91, 121 1.1.1.2 christos 0x5f, 122 1.1 christos }; 123 1.1 christos static unsigned char out_g[] = { 124 1.1.1.2 christos 0x62, 125 1.1.1.2 christos 0x6d, 126 1.1.1.2 christos 0x02, 127 1.1.1.2 christos 0x78, 128 1.1.1.2 christos 0x39, 129 1.1.1.2 christos 0xea, 130 1.1.1.2 christos 0x0a, 131 1.1.1.2 christos 0x13, 132 1.1.1.2 christos 0x41, 133 1.1.1.2 christos 0x31, 134 1.1.1.2 christos 0x63, 135 1.1.1.2 christos 0xa5, 136 1.1.1.2 christos 0x5b, 137 1.1.1.2 christos 0x4c, 138 1.1.1.2 christos 0xb5, 139 1.1.1.2 christos 0x00, 140 1.1.1.2 christos 0x29, 141 1.1.1.2 christos 0x9d, 142 1.1.1.2 christos 0x55, 143 1.1.1.2 christos 0x22, 144 1.1.1.2 christos 0x95, 145 1.1.1.2 christos 0x6c, 146 1.1.1.2 christos 0xef, 147 1.1.1.2 christos 0xcb, 148 1.1.1.2 christos 0x3b, 149 1.1.1.2 christos 0xff, 150 1.1.1.2 christos 0x10, 151 1.1.1.2 christos 0xf3, 152 1.1.1.2 christos 0x99, 153 1.1.1.2 christos 0xce, 154 1.1.1.2 christos 0x2c, 155 1.1.1.2 christos 0x2e, 156 1.1.1.2 christos 0x71, 157 1.1.1.2 christos 0xcb, 158 1.1.1.2 christos 0x9d, 159 1.1.1.2 christos 0xe5, 160 1.1.1.2 christos 0xfa, 161 1.1.1.2 christos 0x24, 162 1.1.1.2 christos 0xba, 163 1.1.1.2 christos 0xbf, 164 1.1.1.2 christos 0x58, 165 1.1.1.2 christos 0xe5, 166 1.1.1.2 christos 0xb7, 167 1.1.1.2 christos 0x95, 168 1.1.1.2 christos 0x21, 169 1.1.1.2 christos 0x92, 170 1.1.1.2 christos 0x5c, 171 1.1.1.2 christos 0x9c, 172 1.1.1.2 christos 0xc4, 173 1.1.1.2 christos 0x2e, 174 1.1.1.2 christos 0x9f, 175 1.1.1.2 christos 0x6f, 176 1.1.1.2 christos 0x46, 177 1.1.1.2 christos 0x4b, 178 1.1.1.2 christos 0x08, 179 1.1.1.2 christos 0x8c, 180 1.1.1.2 christos 0xc5, 181 1.1.1.2 christos 0x72, 182 1.1.1.2 christos 0xaf, 183 1.1.1.2 christos 0x53, 184 1.1.1.2 christos 0xe6, 185 1.1.1.2 christos 0xd7, 186 1.1.1.2 christos 0x88, 187 1.1.1.2 christos 0x02, 188 1.1 christos }; 189 1.1 christos 190 1.1 christos static int dsa_test(void) 191 1.1 christos { 192 1.1 christos BN_GENCB *cb; 193 1.1 christos DSA *dsa = NULL; 194 1.1 christos int counter, ret = 0, i, j; 195 1.1 christos unsigned char buf[256]; 196 1.1 christos unsigned long h; 197 1.1 christos unsigned char sig[256]; 198 1.1 christos unsigned int siglen; 199 1.1 christos const BIGNUM *p = NULL, *q = NULL, *g = NULL; 200 1.1 christos /* 201 1.1 christos * seed, out_p, out_q, out_g are taken from the updated Appendix 5 to FIPS 202 1.1 christos * PUB 186 and also appear in Appendix 5 to FIPS PIB 186-1 203 1.1 christos */ 204 1.1 christos static unsigned char seed[20] = { 205 1.1.1.2 christos 0xd5, 206 1.1.1.2 christos 0x01, 207 1.1.1.2 christos 0x4e, 208 1.1.1.2 christos 0x4b, 209 1.1.1.2 christos 0x60, 210 1.1.1.2 christos 0xef, 211 1.1.1.2 christos 0x2b, 212 1.1.1.2 christos 0xa8, 213 1.1.1.2 christos 0xb6, 214 1.1.1.2 christos 0x21, 215 1.1.1.2 christos 0x1b, 216 1.1.1.2 christos 0x40, 217 1.1.1.2 christos 0x62, 218 1.1.1.2 christos 0xba, 219 1.1.1.2 christos 0x32, 220 1.1.1.2 christos 0x24, 221 1.1.1.2 christos 0xe0, 222 1.1.1.2 christos 0x42, 223 1.1.1.2 christos 0x7d, 224 1.1.1.2 christos 0xd3, 225 1.1 christos }; 226 1.1 christos static const unsigned char str1[] = "12345678901234567890"; 227 1.1 christos 228 1.1 christos if (!TEST_ptr(cb = BN_GENCB_new())) 229 1.1 christos goto end; 230 1.1 christos 231 1.1 christos BN_GENCB_set(cb, dsa_cb, NULL); 232 1.1 christos if (!TEST_ptr(dsa = DSA_new()) 233 1.1 christos || !TEST_true(DSA_generate_parameters_ex(dsa, 512, seed, 20, 234 1.1.1.2 christos &counter, &h, cb))) 235 1.1 christos goto end; 236 1.1 christos 237 1.1 christos if (!TEST_int_eq(counter, 105)) 238 1.1 christos goto end; 239 1.1 christos if (!TEST_int_eq(h, 2)) 240 1.1 christos goto end; 241 1.1 christos 242 1.1 christos DSA_get0_pqg(dsa, &p, &q, &g); 243 1.1 christos i = BN_bn2bin(q, buf); 244 1.1 christos j = sizeof(out_q); 245 1.1 christos if (!TEST_int_eq(i, j) || !TEST_mem_eq(buf, i, out_q, i)) 246 1.1 christos goto end; 247 1.1 christos 248 1.1 christos i = BN_bn2bin(p, buf); 249 1.1 christos j = sizeof(out_p); 250 1.1 christos if (!TEST_int_eq(i, j) || !TEST_mem_eq(buf, i, out_p, i)) 251 1.1 christos goto end; 252 1.1 christos 253 1.1 christos i = BN_bn2bin(g, buf); 254 1.1 christos j = sizeof(out_g); 255 1.1 christos if (!TEST_int_eq(i, j) || !TEST_mem_eq(buf, i, out_g, i)) 256 1.1 christos goto end; 257 1.1 christos 258 1.1 christos if (!TEST_true(DSA_generate_key(dsa))) 259 1.1 christos goto end; 260 1.1 christos if (!TEST_true(DSA_sign(0, str1, 20, sig, &siglen, dsa))) 261 1.1 christos goto end; 262 1.1 christos if (TEST_int_gt(DSA_verify(0, str1, 20, sig, siglen, dsa), 0)) 263 1.1 christos ret = 1; 264 1.1.1.2 christos end: 265 1.1 christos DSA_free(dsa); 266 1.1 christos BN_GENCB_free(cb); 267 1.1 christos return ret; 268 1.1 christos } 269 1.1 christos 270 1.1 christos static int dsa_cb(int p, int n, BN_GENCB *arg) 271 1.1 christos { 272 1.1 christos static int ok = 0, num = 0; 273 1.1 christos 274 1.1 christos if (p == 0) 275 1.1 christos num++; 276 1.1 christos if (p == 2) 277 1.1 christos ok++; 278 1.1 christos 279 1.1 christos if (!ok && (p == 0) && (num > 1)) { 280 1.1 christos TEST_error("dsa_cb error"); 281 1.1 christos return 0; 282 1.1 christos } 283 1.1 christos return 1; 284 1.1 christos } 285 1.1 christos 286 1.1.1.2 christos #define P 0 287 1.1.1.2 christos #define Q 1 288 1.1.1.2 christos #define G 2 289 1.1.1.2 christos #define SEED 3 290 1.1.1.2 christos #define PCOUNT 4 291 1.1.1.2 christos #define GINDEX 5 292 1.1.1.2 christos #define HCOUNT 6 293 1.1.1.2 christos #define GROUP 7 294 1.1 christos 295 1.1 christos static int dsa_keygen_test(void) 296 1.1 christos { 297 1.1 christos int ret = 0; 298 1.1 christos EVP_PKEY *param_key = NULL, *key = NULL; 299 1.1 christos EVP_PKEY_CTX *pg_ctx = NULL, *kg_ctx = NULL; 300 1.1 christos BIGNUM *p_in = NULL, *q_in = NULL, *g_in = NULL; 301 1.1 christos BIGNUM *p_out = NULL, *q_out = NULL, *g_out = NULL; 302 1.1 christos int gindex_out = 0, pcount_out = 0, hcount_out = 0; 303 1.1 christos unsigned char seed_out[32]; 304 1.1 christos char group_out[32]; 305 1.1 christos size_t len = 0; 306 1.1 christos const OSSL_PARAM *settables = NULL; 307 1.1 christos static const unsigned char seed_data[] = { 308 1.1 christos 0xa6, 0xf5, 0x28, 0x8c, 0x50, 0x77, 0xa5, 0x68, 309 1.1 christos 0x6d, 0x3a, 0xf5, 0xf1, 0xc6, 0x4c, 0xdc, 0x35, 310 1.1 christos 0x95, 0x26, 0x3f, 0x03, 0xdc, 0x00, 0x3f, 0x44, 311 1.1 christos 0x7b, 0x2a, 0xc7, 0x29 312 1.1 christos }; 313 1.1.1.2 christos static const unsigned char expected_p[] = { 314 1.1 christos 0xdb, 0x47, 0x07, 0xaf, 0xf0, 0x06, 0x49, 0x55, 315 1.1 christos 0xc9, 0xbb, 0x09, 0x41, 0xb8, 0xdb, 0x1f, 0xbc, 316 1.1 christos 0xa8, 0xed, 0x12, 0x06, 0x7f, 0x88, 0x49, 0xb8, 317 1.1 christos 0xc9, 0x12, 0x87, 0x21, 0xbb, 0x08, 0x6c, 0xbd, 318 1.1 christos 0xf1, 0x89, 0xef, 0x84, 0xd9, 0x7a, 0x93, 0xe8, 319 1.1 christos 0x45, 0x40, 0x81, 0xec, 0x37, 0x27, 0x1a, 0xa4, 320 1.1 christos 0x22, 0x51, 0x99, 0xf0, 0xde, 0x04, 0xdb, 0xea, 321 1.1 christos 0xa1, 0xf9, 0x37, 0x83, 0x80, 0x96, 0x36, 0x53, 322 1.1 christos 0xf6, 0xae, 0x14, 0x73, 0x33, 0x0f, 0xdf, 0x0b, 323 1.1 christos 0xf9, 0x2f, 0x08, 0x46, 0x31, 0xf9, 0x66, 0xcd, 324 1.1 christos 0x5a, 0xeb, 0x6c, 0xf3, 0xbb, 0x74, 0xf3, 0x88, 325 1.1 christos 0xf0, 0x31, 0x5c, 0xa4, 0xc8, 0x0f, 0x86, 0xf3, 326 1.1 christos 0x0f, 0x9f, 0xc0, 0x8c, 0x57, 0xe4, 0x7f, 0x95, 327 1.1 christos 0xb3, 0x62, 0xc8, 0x4e, 0xae, 0xf3, 0xd8, 0x14, 328 1.1 christos 0xcc, 0x47, 0xc2, 0x4b, 0x4f, 0xef, 0xaf, 0xcd, 329 1.1 christos 0xcf, 0xb2, 0xbb, 0xe8, 0xbe, 0x08, 0xca, 0x15, 330 1.1 christos 0x90, 0x59, 0x35, 0xef, 0x35, 0x1c, 0xfe, 0xeb, 331 1.1 christos 0x33, 0x2e, 0x25, 0x22, 0x57, 0x9c, 0x55, 0x23, 332 1.1 christos 0x0c, 0x6f, 0xed, 0x7c, 0xb6, 0xc7, 0x36, 0x0b, 333 1.1 christos 0xcb, 0x2b, 0x6a, 0x21, 0xa1, 0x1d, 0x55, 0x77, 334 1.1 christos 0xd9, 0x91, 0xcd, 0xc1, 0xcd, 0x3d, 0x82, 0x16, 335 1.1 christos 0x9c, 0xa0, 0x13, 0xa5, 0x83, 0x55, 0x3a, 0x73, 336 1.1 christos 0x7e, 0x2c, 0x44, 0x3e, 0x70, 0x2e, 0x50, 0x91, 337 1.1 christos 0x6e, 0xca, 0x3b, 0xef, 0xff, 0x85, 0x35, 0x70, 338 1.1 christos 0xff, 0x61, 0x0c, 0xb1, 0xb2, 0xb7, 0x94, 0x6f, 339 1.1 christos 0x65, 0xa4, 0x57, 0x62, 0xef, 0x21, 0x83, 0x0f, 340 1.1 christos 0x3e, 0x71, 0xae, 0x7d, 0xe4, 0xad, 0xfb, 0xe3, 341 1.1 christos 0xdd, 0xd6, 0x03, 0xda, 0x9a, 0xd8, 0x8f, 0x2d, 342 1.1 christos 0xbb, 0x90, 0x87, 0xf8, 0xdb, 0xdc, 0xec, 0x71, 343 1.1 christos 0xf2, 0xdb, 0x0b, 0x8e, 0xfc, 0x1a, 0x7e, 0x79, 344 1.1 christos 0xb1, 0x1b, 0x0d, 0xfc, 0x70, 0xec, 0x85, 0xc2, 345 1.1 christos 0xc5, 0xba, 0xb9, 0x69, 0x3f, 0x88, 0xbc, 0xcb 346 1.1 christos }; 347 1.1.1.2 christos static const unsigned char expected_q[] = { 348 1.1 christos 0x99, 0xb6, 0xa0, 0xee, 0xb3, 0xa6, 0x99, 0x1a, 349 1.1 christos 0xb6, 0x67, 0x8d, 0xc1, 0x2b, 0x9b, 0xce, 0x2b, 350 1.1 christos 0x01, 0x72, 0x5a, 0x65, 0x76, 0x3d, 0x93, 0x69, 351 1.1 christos 0xe2, 0x56, 0xae, 0xd7 352 1.1 christos }; 353 1.1.1.2 christos static const unsigned char expected_g[] = { 354 1.1 christos 0x63, 0xf8, 0xb6, 0xee, 0x2a, 0x27, 0xaf, 0x4f, 355 1.1 christos 0x4c, 0xf6, 0x08, 0x28, 0x87, 0x4a, 0xe7, 0x1f, 356 1.1 christos 0x45, 0x46, 0x27, 0x52, 0x3b, 0x7f, 0x6f, 0xd2, 357 1.1 christos 0x29, 0xcb, 0xe8, 0x11, 0x19, 0x25, 0x35, 0x76, 358 1.1 christos 0x99, 0xcb, 0x4f, 0x1b, 0xe0, 0xed, 0x32, 0x9e, 359 1.1 christos 0x05, 0xb5, 0xbe, 0xd7, 0xf6, 0x5a, 0xb2, 0xf6, 360 1.1 christos 0x0e, 0x0c, 0x7e, 0xf5, 0xe1, 0x05, 0xfe, 0xda, 361 1.1 christos 0xaf, 0x0f, 0x27, 0x1e, 0x40, 0x2a, 0xf7, 0xa7, 362 1.1 christos 0x23, 0x49, 0x2c, 0xd9, 0x1b, 0x0a, 0xbe, 0xff, 363 1.1 christos 0xc7, 0x7c, 0x7d, 0x60, 0xca, 0xa3, 0x19, 0xc3, 364 1.1 christos 0xb7, 0xe4, 0x43, 0xb0, 0xf5, 0x75, 0x44, 0x90, 365 1.1 christos 0x46, 0x47, 0xb1, 0xa6, 0x48, 0x0b, 0x21, 0x8e, 366 1.1 christos 0xee, 0x75, 0xe6, 0x3d, 0xa7, 0xd3, 0x7b, 0x31, 367 1.1 christos 0xd1, 0xd2, 0x9d, 0xe2, 0x8a, 0xfc, 0x57, 0xfd, 368 1.1 christos 0x8a, 0x10, 0x31, 0xeb, 0x87, 0x36, 0x3f, 0x65, 369 1.1 christos 0x72, 0x23, 0x2c, 0xd3, 0xd6, 0x17, 0xa5, 0x62, 370 1.1 christos 0x58, 0x65, 0x57, 0x6a, 0xd4, 0xa8, 0xfe, 0xec, 371 1.1 christos 0x57, 0x76, 0x0c, 0xb1, 0x4c, 0x93, 0xed, 0xb0, 372 1.1 christos 0xb4, 0xf9, 0x45, 0xb3, 0x3e, 0xdd, 0x47, 0xf1, 373 1.1 christos 0xfb, 0x7d, 0x25, 0x79, 0x3d, 0xfc, 0xa7, 0x39, 374 1.1 christos 0x90, 0x68, 0x6a, 0x6b, 0xae, 0xf2, 0x6e, 0x64, 375 1.1 christos 0x8c, 0xfb, 0xb8, 0xdd, 0x76, 0x4e, 0x4a, 0x69, 376 1.1 christos 0x8c, 0x97, 0x15, 0x77, 0xb2, 0x67, 0xdc, 0xeb, 377 1.1 christos 0x4a, 0x40, 0x6b, 0xb9, 0x47, 0x8f, 0xa6, 0xab, 378 1.1 christos 0x6e, 0x98, 0xc0, 0x97, 0x9a, 0x0c, 0xea, 0x00, 379 1.1 christos 0xfd, 0x56, 0x1a, 0x74, 0x9a, 0x32, 0x6b, 0xfe, 380 1.1 christos 0xbd, 0xdf, 0x6c, 0x82, 0x54, 0x53, 0x4d, 0x70, 381 1.1 christos 0x65, 0xe3, 0x8b, 0x37, 0xb8, 0xe4, 0x70, 0x08, 382 1.1 christos 0xb7, 0x3b, 0x30, 0x27, 0xaf, 0x1c, 0x77, 0xf3, 383 1.1 christos 0x62, 0xd4, 0x9a, 0x59, 0xba, 0xd1, 0x6e, 0x89, 384 1.1 christos 0x5c, 0x34, 0x9a, 0xa1, 0xb7, 0x4f, 0x7d, 0x8c, 385 1.1 christos 0xdc, 0xbc, 0x74, 0x25, 0x5e, 0xbf, 0x77, 0x46 386 1.1 christos }; 387 1.1 christos int expected_c = 1316; 388 1.1 christos int expected_h = 2; 389 1.1 christos 390 1.1 christos if (!TEST_ptr(p_in = BN_bin2bn(expected_p, sizeof(expected_p), NULL)) 391 1.1 christos || !TEST_ptr(q_in = BN_bin2bn(expected_q, sizeof(expected_q), NULL)) 392 1.1 christos || !TEST_ptr(g_in = BN_bin2bn(expected_g, sizeof(expected_g), NULL))) 393 1.1 christos goto end; 394 1.1 christos if (!TEST_ptr(pg_ctx = EVP_PKEY_CTX_new_from_name(NULL, "DSA", NULL)) 395 1.1 christos || !TEST_int_gt(EVP_PKEY_paramgen_init(pg_ctx), 0) 396 1.1 christos || !TEST_ptr(EVP_PKEY_CTX_gettable_params(pg_ctx)) 397 1.1 christos || !TEST_ptr(settables = EVP_PKEY_CTX_settable_params(pg_ctx)) 398 1.1 christos || !TEST_ptr(OSSL_PARAM_locate_const(settables, 399 1.1.1.2 christos OSSL_PKEY_PARAM_FFC_PBITS)) 400 1.1 christos || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_type(pg_ctx, "fips186_4")) 401 1.1 christos || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_bits(pg_ctx, 2048)) 402 1.1 christos || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_q_bits(pg_ctx, 224)) 403 1.1 christos || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_seed(pg_ctx, seed_data, 404 1.1.1.2 christos sizeof(seed_data))) 405 1.1 christos || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_md_props(pg_ctx, "SHA256", 406 1.1.1.2 christos "")) 407 1.1 christos || !TEST_int_gt(EVP_PKEY_generate(pg_ctx, ¶m_key), 0) 408 1.1 christos || !TEST_ptr(kg_ctx = EVP_PKEY_CTX_new_from_pkey(NULL, param_key, NULL)) 409 1.1 christos || !TEST_int_gt(EVP_PKEY_keygen_init(kg_ctx), 0) 410 1.1 christos || !TEST_int_gt(EVP_PKEY_generate(kg_ctx, &key), 0)) 411 1.1 christos goto end; 412 1.1 christos 413 1.1 christos if (!TEST_true(EVP_PKEY_get_bn_param(key, OSSL_PKEY_PARAM_FFC_P, &p_out)) 414 1.1 christos || !TEST_BN_eq(p_in, p_out) 415 1.1 christos || !TEST_true(EVP_PKEY_get_bn_param(key, OSSL_PKEY_PARAM_FFC_Q, &q_out)) 416 1.1 christos || !TEST_BN_eq(q_in, q_out) 417 1.1 christos || !TEST_true(EVP_PKEY_get_bn_param(key, OSSL_PKEY_PARAM_FFC_G, &g_out)) 418 1.1 christos || !TEST_BN_eq(g_in, g_out) 419 1.1 christos || !TEST_true(EVP_PKEY_get_octet_string_param( 420 1.1.1.2 christos key, OSSL_PKEY_PARAM_FFC_SEED, seed_out, 421 1.1.1.2 christos sizeof(seed_out), &len)) 422 1.1 christos || !TEST_mem_eq(seed_out, len, seed_data, sizeof(seed_data)) 423 1.1 christos || !TEST_true(EVP_PKEY_get_int_param(key, OSSL_PKEY_PARAM_FFC_GINDEX, 424 1.1.1.2 christos &gindex_out)) 425 1.1 christos || !TEST_int_eq(gindex_out, -1) 426 1.1 christos || !TEST_true(EVP_PKEY_get_int_param(key, OSSL_PKEY_PARAM_FFC_H, 427 1.1.1.2 christos &hcount_out)) 428 1.1 christos || !TEST_int_eq(hcount_out, expected_h) 429 1.1 christos || !TEST_true(EVP_PKEY_get_int_param(key, 430 1.1.1.2 christos OSSL_PKEY_PARAM_FFC_PCOUNTER, 431 1.1.1.2 christos &pcount_out)) 432 1.1 christos || !TEST_int_eq(pcount_out, expected_c) 433 1.1 christos || !TEST_false(EVP_PKEY_get_utf8_string_param(key, 434 1.1.1.2 christos OSSL_PKEY_PARAM_GROUP_NAME, 435 1.1.1.2 christos group_out, 436 1.1.1.2 christos sizeof(group_out), &len))) 437 1.1 christos goto end; 438 1.1 christos ret = 1; 439 1.1 christos end: 440 1.1 christos BN_free(p_in); 441 1.1 christos BN_free(q_in); 442 1.1 christos BN_free(g_in); 443 1.1 christos BN_free(p_out); 444 1.1 christos BN_free(q_out); 445 1.1 christos BN_free(g_out); 446 1.1 christos EVP_PKEY_free(param_key); 447 1.1 christos EVP_PKEY_free(key); 448 1.1 christos EVP_PKEY_CTX_free(kg_ctx); 449 1.1 christos EVP_PKEY_CTX_free(pg_ctx); 450 1.1 christos return ret; 451 1.1 christos } 452 1.1 christos 453 1.1 christos static int test_dsa_default_paramgen_validate(int i) 454 1.1 christos { 455 1.1 christos int ret; 456 1.1 christos EVP_PKEY_CTX *gen_ctx = NULL; 457 1.1 christos EVP_PKEY_CTX *check_ctx = NULL; 458 1.1 christos EVP_PKEY *params = NULL; 459 1.1 christos 460 1.1 christos ret = TEST_ptr(gen_ctx = EVP_PKEY_CTX_new_from_name(NULL, "DSA", NULL)) 461 1.1.1.2 christos && TEST_int_gt(EVP_PKEY_paramgen_init(gen_ctx), 0) 462 1.1.1.2 christos && (i == 0 463 1.1.1.2 christos || TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_bits(gen_ctx, 512))) 464 1.1.1.2 christos && TEST_int_gt(EVP_PKEY_generate(gen_ctx, ¶ms), 0) 465 1.1.1.2 christos && TEST_ptr(check_ctx = EVP_PKEY_CTX_new_from_pkey(NULL, params, NULL)) 466 1.1.1.2 christos && TEST_int_gt(EVP_PKEY_param_check(check_ctx), 0); 467 1.1 christos 468 1.1 christos EVP_PKEY_free(params); 469 1.1 christos EVP_PKEY_CTX_free(check_ctx); 470 1.1 christos EVP_PKEY_CTX_free(gen_ctx); 471 1.1 christos return ret; 472 1.1 christos } 473 1.1 christos 474 1.1 christos static int test_dsa_sig_infinite_loop(void) 475 1.1 christos { 476 1.1 christos int ret = 0; 477 1.1 christos DSA *dsa = NULL; 478 1.1 christos BIGNUM *p = NULL, *q = NULL, *g = NULL, *priv = NULL, *pub = NULL, *priv2 = NULL; 479 1.1 christos BIGNUM *badq = NULL, *badpriv = NULL; 480 1.1 christos const unsigned char msg[] = { 0x00 }; 481 1.1 christos unsigned int signature_len0; 482 1.1 christos unsigned int signature_len; 483 1.1 christos unsigned char signature[64]; 484 1.1 christos 485 1.1 christos static unsigned char out_priv[] = { 486 1.1 christos 0x17, 0x00, 0xb2, 0x8d, 0xcb, 0x24, 0xc9, 0x98, 487 1.1 christos 0xd0, 0x7f, 0x1f, 0x83, 0x1a, 0xa1, 0xc4, 0xa4, 488 1.1 christos 0xf8, 0x0f, 0x7f, 0x12 489 1.1 christos }; 490 1.1 christos static unsigned char out_pub[] = { 491 1.1 christos 0x04, 0x72, 0xee, 0x8d, 0xaa, 0x4d, 0x89, 0x60, 492 1.1 christos 0x0e, 0xb2, 0xd4, 0x38, 0x84, 0xa2, 0x2a, 0x60, 493 1.1 christos 0x5f, 0x67, 0xd7, 0x9e, 0x24, 0xdd, 0xe8, 0x50, 494 1.1 christos 0xf2, 0x23, 0x71, 0x55, 0x53, 0x94, 0x0d, 0x6b, 495 1.1 christos 0x2e, 0xcd, 0x30, 0xda, 0x6f, 0x1e, 0x2c, 0xcf, 496 1.1 christos 0x59, 0xbe, 0x05, 0x6c, 0x07, 0x0e, 0xc6, 0x38, 497 1.1 christos 0x05, 0xcb, 0x0c, 0x44, 0x0a, 0x08, 0x13, 0xb6, 498 1.1 christos 0x0f, 0x14, 0xde, 0x4a, 0xf6, 0xed, 0x4e, 0xc3 499 1.1 christos }; 500 1.1 christos if (!TEST_ptr(p = BN_bin2bn(out_p, sizeof(out_p), NULL)) 501 1.1 christos || !TEST_ptr(q = BN_bin2bn(out_q, sizeof(out_q), NULL)) 502 1.1 christos || !TEST_ptr(g = BN_bin2bn(out_g, sizeof(out_g), NULL)) 503 1.1 christos || !TEST_ptr(pub = BN_bin2bn(out_pub, sizeof(out_pub), NULL)) 504 1.1 christos || !TEST_ptr(priv = BN_bin2bn(out_priv, sizeof(out_priv), NULL)) 505 1.1 christos || !TEST_ptr(priv2 = BN_dup(priv)) 506 1.1 christos || !TEST_ptr(badq = BN_new()) 507 1.1 christos || !TEST_true(BN_set_word(badq, 1)) 508 1.1 christos || !TEST_ptr(badpriv = BN_new()) 509 1.1 christos || !TEST_true(BN_set_word(badpriv, 0)) 510 1.1 christos || !TEST_ptr(dsa = DSA_new())) 511 1.1 christos goto err; 512 1.1 christos 513 1.1 christos if (!TEST_true(DSA_set0_pqg(dsa, p, q, g))) 514 1.1 christos goto err; 515 1.1 christos p = q = g = NULL; 516 1.1 christos 517 1.1 christos if (!TEST_true(DSA_set0_key(dsa, pub, priv))) 518 1.1 christos goto err; 519 1.1 christos pub = priv = NULL; 520 1.1 christos 521 1.1 christos if (!TEST_int_le(DSA_size(dsa), sizeof(signature))) 522 1.1 christos goto err; 523 1.1 christos 524 1.1 christos /* Test passing signature as NULL */ 525 1.1 christos if (!TEST_true(DSA_sign(0, msg, sizeof(msg), NULL, &signature_len0, dsa)) 526 1.1 christos || !TEST_int_gt(signature_len0, 0)) 527 1.1 christos goto err; 528 1.1 christos 529 1.1 christos if (!TEST_true(DSA_sign(0, msg, sizeof(msg), signature, &signature_len, dsa)) 530 1.1 christos || !TEST_int_gt(signature_len, 0) 531 1.1 christos || !TEST_int_le(signature_len, signature_len0)) 532 1.1 christos goto err; 533 1.1 christos 534 1.1 christos /* Test using a private key of zero fails - this causes an infinite loop without the retry test */ 535 1.1 christos if (!TEST_true(DSA_set0_key(dsa, NULL, badpriv))) 536 1.1 christos goto err; 537 1.1 christos badpriv = NULL; 538 1.1 christos if (!TEST_false(DSA_sign(0, msg, sizeof(msg), signature, &signature_len, dsa))) 539 1.1 christos goto err; 540 1.1 christos 541 1.1 christos /* Restore private and set a bad q - this caused an infinite loop in the setup */ 542 1.1 christos if (!TEST_true(DSA_set0_key(dsa, NULL, priv2))) 543 1.1 christos goto err; 544 1.1 christos priv2 = NULL; 545 1.1 christos if (!TEST_true(DSA_set0_pqg(dsa, NULL, badq, NULL))) 546 1.1 christos goto err; 547 1.1 christos badq = NULL; 548 1.1 christos if (!TEST_false(DSA_sign(0, msg, sizeof(msg), signature, &signature_len, dsa))) 549 1.1 christos goto err; 550 1.1 christos 551 1.1 christos ret = 1; 552 1.1 christos err: 553 1.1 christos BN_free(badq); 554 1.1 christos BN_free(badpriv); 555 1.1 christos BN_free(pub); 556 1.1 christos BN_free(priv); 557 1.1 christos BN_free(priv2); 558 1.1 christos BN_free(g); 559 1.1 christos BN_free(q); 560 1.1 christos BN_free(p); 561 1.1 christos DSA_free(dsa); 562 1.1 christos return ret; 563 1.1 christos } 564 1.1 christos 565 1.1 christos static int test_dsa_sig_neg_param(void) 566 1.1 christos { 567 1.1 christos int ret = 0, setpqg = 0; 568 1.1 christos DSA *dsa = NULL; 569 1.1 christos BIGNUM *p = NULL, *q = NULL, *g = NULL, *priv = NULL, *pub = NULL; 570 1.1 christos const unsigned char msg[] = { 0x00 }; 571 1.1 christos unsigned int signature_len; 572 1.1 christos unsigned char signature[64]; 573 1.1 christos 574 1.1 christos static unsigned char out_priv[] = { 575 1.1 christos 0x17, 0x00, 0xb2, 0x8d, 0xcb, 0x24, 0xc9, 0x98, 576 1.1 christos 0xd0, 0x7f, 0x1f, 0x83, 0x1a, 0xa1, 0xc4, 0xa4, 577 1.1 christos 0xf8, 0x0f, 0x7f, 0x12 578 1.1 christos }; 579 1.1 christos static unsigned char out_pub[] = { 580 1.1 christos 0x04, 0x72, 0xee, 0x8d, 0xaa, 0x4d, 0x89, 0x60, 581 1.1 christos 0x0e, 0xb2, 0xd4, 0x38, 0x84, 0xa2, 0x2a, 0x60, 582 1.1 christos 0x5f, 0x67, 0xd7, 0x9e, 0x24, 0xdd, 0xe8, 0x50, 583 1.1 christos 0xf2, 0x23, 0x71, 0x55, 0x53, 0x94, 0x0d, 0x6b, 584 1.1 christos 0x2e, 0xcd, 0x30, 0xda, 0x6f, 0x1e, 0x2c, 0xcf, 585 1.1 christos 0x59, 0xbe, 0x05, 0x6c, 0x07, 0x0e, 0xc6, 0x38, 586 1.1 christos 0x05, 0xcb, 0x0c, 0x44, 0x0a, 0x08, 0x13, 0xb6, 587 1.1 christos 0x0f, 0x14, 0xde, 0x4a, 0xf6, 0xed, 0x4e, 0xc3 588 1.1 christos }; 589 1.1 christos if (!TEST_ptr(p = BN_bin2bn(out_p, sizeof(out_p), NULL)) 590 1.1 christos || !TEST_ptr(q = BN_bin2bn(out_q, sizeof(out_q), NULL)) 591 1.1 christos || !TEST_ptr(g = BN_bin2bn(out_g, sizeof(out_g), NULL)) 592 1.1 christos || !TEST_ptr(pub = BN_bin2bn(out_pub, sizeof(out_pub), NULL)) 593 1.1 christos || !TEST_ptr(priv = BN_bin2bn(out_priv, sizeof(out_priv), NULL)) 594 1.1 christos || !TEST_ptr(dsa = DSA_new())) 595 1.1 christos goto err; 596 1.1 christos 597 1.1 christos if (!TEST_true(DSA_set0_pqg(dsa, p, q, g))) 598 1.1 christos goto err; 599 1.1 christos setpqg = 1; 600 1.1 christos 601 1.1 christos if (!TEST_true(DSA_set0_key(dsa, pub, priv))) 602 1.1 christos goto err; 603 1.1 christos pub = priv = NULL; 604 1.1 christos 605 1.1 christos BN_set_negative(p, 1); 606 1.1 christos if (!TEST_false(DSA_sign(0, msg, sizeof(msg), signature, &signature_len, dsa))) 607 1.1 christos goto err; 608 1.1 christos 609 1.1 christos BN_set_negative(p, 0); 610 1.1 christos BN_set_negative(q, 1); 611 1.1 christos if (!TEST_false(DSA_sign(0, msg, sizeof(msg), signature, &signature_len, dsa))) 612 1.1 christos goto err; 613 1.1 christos 614 1.1 christos BN_set_negative(q, 0); 615 1.1 christos BN_set_negative(g, 1); 616 1.1 christos if (!TEST_false(DSA_sign(0, msg, sizeof(msg), signature, &signature_len, dsa))) 617 1.1 christos goto err; 618 1.1 christos 619 1.1 christos BN_set_negative(p, 1); 620 1.1 christos BN_set_negative(q, 1); 621 1.1 christos BN_set_negative(g, 1); 622 1.1 christos if (!TEST_false(DSA_sign(0, msg, sizeof(msg), signature, &signature_len, dsa))) 623 1.1 christos goto err; 624 1.1 christos 625 1.1 christos ret = 1; 626 1.1 christos err: 627 1.1 christos BN_free(pub); 628 1.1 christos BN_free(priv); 629 1.1 christos 630 1.1 christos if (setpqg == 0) { 631 1.1 christos BN_free(g); 632 1.1 christos BN_free(q); 633 1.1 christos BN_free(p); 634 1.1 christos } 635 1.1 christos DSA_free(dsa); 636 1.1 christos return ret; 637 1.1 christos } 638 1.1 christos 639 1.1 christos #endif /* OPENSSL_NO_DSA */ 640 1.1 christos 641 1.1 christos int setup_tests(void) 642 1.1 christos { 643 1.1 christos #ifndef OPENSSL_NO_DSA 644 1.1 christos ADD_TEST(dsa_test); 645 1.1 christos ADD_TEST(dsa_keygen_test); 646 1.1 christos ADD_TEST(test_dsa_sig_infinite_loop); 647 1.1 christos ADD_TEST(test_dsa_sig_neg_param); 648 1.1 christos ADD_ALL_TESTS(test_dsa_default_paramgen_validate, 2); 649 1.1 christos #endif 650 1.1 christos return 1; 651 1.1 christos } 652
Indexes created Mon Mar 02 05:31:46 UTC 2026