1 1.1 christos /* 2 1.1 christos * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. 3 1.1 christos * 4 1.1 christos * Licensed under the Apache License 2.0 (the "License"). You may not use 5 1.1 christos * this file except in compliance with the License. You can obtain a copy 6 1.1 christos * in the file LICENSE in the source distribution or at 7 1.1 christos * https://www.openssl.org/source/license.html 8 1.1 christos */ 9 1.1 christos 10 1.1 christos /* 11 1.1 christos * A set of tests demonstrating uses cases for CAVS/ACVP testing. 12 1.1 christos * 13 1.1 christos * For examples of testing KDF's, Digests, KeyAgreement & DRBG's refer to 14 1.1 christos * providers/fips/self_test_kats.c 15 1.1 christos */ 16 1.1 christos 17 1.1 christos #include <string.h> 18 1.1 christos #include <openssl/opensslconf.h> /* To see if OPENSSL_NO_EC is defined */ 19 1.1 christos #include <openssl/core_names.h> 20 1.1 christos #include <openssl/evp.h> 21 1.1 christos #include <openssl/ec.h> 22 1.1 christos #include <openssl/dh.h> 23 1.1 christos #include <openssl/dsa.h> 24 1.1 christos #include <openssl/rsa.h> 25 1.1 christos #include <openssl/param_build.h> 26 1.1 christos #include <openssl/provider.h> 27 1.1 christos #include <openssl/self_test.h> 28 1.1 christos #include "testutil.h" 29 1.1 christos #include "testutil/output.h" 30 1.1 christos #include "acvp_test.inc" 31 1.1 christos #include "internal/nelem.h" 32 1.1 christos 33 1.1 christos typedef enum OPTION_choice { 34 1.1 christos OPT_ERR = -1, 35 1.1 christos OPT_EOF = 0, 36 1.1 christos OPT_CONFIG_FILE, 37 1.1 christos OPT_TEST_ENUM 38 1.1 christos } OPTION_CHOICE; 39 1.1 christos 40 1.1 christos typedef struct st_args { 41 1.1 christos int enable; 42 1.1 christos int called; 43 1.1 christos } SELF_TEST_ARGS; 44 1.1 christos 45 1.1 christos static OSSL_PROVIDER *prov_null = NULL; 46 1.1 christos static OSSL_LIB_CTX *libctx = NULL; 47 1.1 christos static SELF_TEST_ARGS self_test_args = { 0 }; 48 1.1 christos static OSSL_CALLBACK self_test_events; 49 1.1 christos 50 1.1 christos const OPTIONS *test_get_options(void) 51 1.1 christos { 52 1.1 christos static const OPTIONS test_options[] = { 53 1.1 christos OPT_TEST_OPTIONS_DEFAULT_USAGE, 54 1.1 christos { "config", OPT_CONFIG_FILE, '<', 55 1.1 christos "The configuration file to use for the libctx" }, 56 1.1 christos { NULL } 57 1.1 christos }; 58 1.1 christos return test_options; 59 1.1 christos } 60 1.1 christos 61 1.1 christos static int pkey_get_bn_bytes(EVP_PKEY *pkey, const char *name, 62 1.1 christos unsigned char **out, size_t *out_len) 63 1.1 christos { 64 1.1 christos unsigned char *buf = NULL; 65 1.1 christos BIGNUM *bn = NULL; 66 1.1 christos int sz; 67 1.1 christos 68 1.1 christos if (!EVP_PKEY_get_bn_param(pkey, name, &bn)) 69 1.1 christos goto err; 70 1.1 christos sz = BN_num_bytes(bn); 71 1.1 christos buf = OPENSSL_zalloc(sz); 72 1.1 christos if (buf == NULL) 73 1.1 christos goto err; 74 1.1 christos if (BN_bn2binpad(bn, buf, sz) <= 0) 75 1.1 christos goto err; 76 1.1 christos 77 1.1 christos *out_len = sz; 78 1.1 christos *out = buf; 79 1.1 christos BN_free(bn); 80 1.1 christos return 1; 81 1.1 christos err: 82 1.1 christos OPENSSL_free(buf); 83 1.1 christos BN_free(bn); 84 1.1 christos return 0; 85 1.1 christos } 86 1.1 christos 87 1.1 christos static int sig_gen(EVP_PKEY *pkey, OSSL_PARAM *params, const char *digest_name, 88 1.1 christos const unsigned char *msg, size_t msg_len, 89 1.1 christos unsigned char **sig_out, size_t *sig_out_len) 90 1.1 christos { 91 1.1 christos int ret = 0; 92 1.1 christos EVP_MD_CTX *md_ctx = NULL; 93 1.1 christos unsigned char *sig = NULL; 94 1.1 christos size_t sig_len; 95 1.1 christos size_t sz = EVP_PKEY_get_size(pkey); 96 1.1 christos 97 1.1 christos sig_len = sz; 98 1.1 christos if (!TEST_ptr(sig = OPENSSL_malloc(sz)) 99 1.1 christos || !TEST_ptr(md_ctx = EVP_MD_CTX_new()) 100 1.1 christos || !TEST_int_eq(EVP_DigestSignInit_ex(md_ctx, NULL, digest_name, libctx, 101 1.1 christos NULL, pkey, NULL), 1) 102 1.1 christos || !TEST_int_gt(EVP_DigestSign(md_ctx, sig, &sig_len, msg, msg_len), 0)) 103 1.1 christos goto err; 104 1.1 christos *sig_out = sig; 105 1.1 christos *sig_out_len = sig_len; 106 1.1 christos sig = NULL; 107 1.1 christos ret = 1; 108 1.1 christos err: 109 1.1 christos OPENSSL_free(sig); 110 1.1 christos EVP_MD_CTX_free(md_ctx); 111 1.1 christos return ret; 112 1.1 christos } 113 1.1 christos 114 1.1 christos #ifndef OPENSSL_NO_EC 115 1.1 christos static int ecdsa_keygen_test(int id) 116 1.1 christos { 117 1.1 christos int ret = 0; 118 1.1 christos EVP_PKEY *pkey = NULL; 119 1.1 christos unsigned char *priv = NULL; 120 1.1 christos unsigned char *pubx = NULL, *puby = NULL; 121 1.1 christos size_t priv_len = 0, pubx_len = 0, puby_len = 0; 122 1.1 christos const struct ecdsa_keygen_st *tst = &ecdsa_keygen_data[id]; 123 1.1 christos 124 1.1 christos self_test_args.called = 0; 125 1.1 christos self_test_args.enable = 1; 126 1.1 christos if (!TEST_ptr(pkey = EVP_PKEY_Q_keygen(libctx, NULL, "EC", tst->curve_name)) 127 1.1 christos || !TEST_int_ge(self_test_args.called, 3) 128 1.1 christos || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_PRIV_KEY, &priv, 129 1.1 christos &priv_len)) 130 1.1 christos || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_EC_PUB_X, &pubx, 131 1.1 christos &pubx_len)) 132 1.1 christos || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_EC_PUB_Y, &puby, 133 1.1 christos &puby_len))) 134 1.1 christos goto err; 135 1.1 christos 136 1.1 christos test_output_memory("qy", puby, puby_len); 137 1.1 christos test_output_memory("qx", pubx, pubx_len); 138 1.1 christos test_output_memory("d", priv, priv_len); 139 1.1 christos ret = 1; 140 1.1 christos err: 141 1.1 christos self_test_args.enable = 0; 142 1.1 christos self_test_args.called = 0; 143 1.1 christos OPENSSL_clear_free(priv, priv_len); 144 1.1 christos OPENSSL_free(pubx); 145 1.1 christos OPENSSL_free(puby); 146 1.1 christos EVP_PKEY_free(pkey); 147 1.1 christos return ret; 148 1.1 christos } 149 1.1 christos 150 1.1 christos static int ecdsa_create_pkey(EVP_PKEY **pkey, const char *curve_name, 151 1.1 christos const unsigned char *pub, size_t pub_len, 152 1.1 christos int expected) 153 1.1 christos { 154 1.1 christos int ret = 0; 155 1.1 christos EVP_PKEY_CTX *ctx = NULL; 156 1.1 christos OSSL_PARAM_BLD *bld = NULL; 157 1.1 christos OSSL_PARAM *params = NULL; 158 1.1 christos 159 1.1 christos if (!TEST_ptr(bld = OSSL_PARAM_BLD_new()) 160 1.1 christos || (curve_name != NULL 161 1.1 christos && !TEST_true(OSSL_PARAM_BLD_push_utf8_string( 162 1.1 christos bld, OSSL_PKEY_PARAM_GROUP_NAME, curve_name, 0) > 0)) 163 1.1 christos || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld, 164 1.1 christos OSSL_PKEY_PARAM_PUB_KEY, 165 1.1 christos pub, pub_len) > 0) 166 1.1 christos || !TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)) 167 1.1 christos || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "EC", NULL)) 168 1.1 christos || !TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1) 169 1.1 christos || !TEST_int_eq(EVP_PKEY_fromdata(ctx, pkey, EVP_PKEY_PUBLIC_KEY, 170 1.1 christos params), expected)) 171 1.1 christos goto err; 172 1.1 christos 173 1.1 christos ret = 1; 174 1.1 christos err: 175 1.1 christos OSSL_PARAM_free(params); 176 1.1 christos OSSL_PARAM_BLD_free(bld); 177 1.1 christos EVP_PKEY_CTX_free(ctx); 178 1.1 christos return ret; 179 1.1 christos } 180 1.1 christos 181 1.1 christos static int ecdsa_pub_verify_test(int id) 182 1.1 christos { 183 1.1 christos const struct ecdsa_pub_verify_st *tst = &ecdsa_pv_data[id]; 184 1.1 christos 185 1.1 christos int ret = 0; 186 1.1 christos EVP_PKEY_CTX *key_ctx = NULL; 187 1.1 christos EVP_PKEY *pkey = NULL; 188 1.1 christos 189 1.1 christos if (!TEST_true(ecdsa_create_pkey(&pkey, tst->curve_name, 190 1.1 christos tst->pub, tst->pub_len, tst->pass))) 191 1.1 christos goto err; 192 1.1 christos 193 1.1 christos if (tst->pass) { 194 1.1 christos if (!TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, "")) 195 1.1 christos || !TEST_int_eq(EVP_PKEY_public_check(key_ctx), tst->pass)) 196 1.1 christos goto err; 197 1.1 christos } 198 1.1 christos ret = 1; 199 1.1 christos err: 200 1.1 christos EVP_PKEY_free(pkey); 201 1.1 christos EVP_PKEY_CTX_free(key_ctx); 202 1.1 christos return ret; 203 1.1 christos } 204 1.1 christos 205 1.1 christos /* Extract r and s from an ecdsa signature */ 206 1.1 christos static int get_ecdsa_sig_rs_bytes(const unsigned char *sig, size_t sig_len, 207 1.1 christos unsigned char **r, unsigned char **s, 208 1.1 christos size_t *rlen, size_t *slen) 209 1.1 christos { 210 1.1 christos int ret = 0; 211 1.1 christos unsigned char *rbuf = NULL, *sbuf = NULL; 212 1.1 christos size_t r1_len, s1_len; 213 1.1 christos const BIGNUM *r1, *s1; 214 1.1 christos ECDSA_SIG *sign = d2i_ECDSA_SIG(NULL, &sig, sig_len); 215 1.1 christos 216 1.1 christos if (sign == NULL) 217 1.1 christos return 0; 218 1.1 christos r1 = ECDSA_SIG_get0_r(sign); 219 1.1 christos s1 = ECDSA_SIG_get0_s(sign); 220 1.1 christos if (r1 == NULL || s1 == NULL) 221 1.1 christos goto err; 222 1.1 christos 223 1.1 christos r1_len = BN_num_bytes(r1); 224 1.1 christos s1_len = BN_num_bytes(s1); 225 1.1 christos rbuf = OPENSSL_zalloc(r1_len); 226 1.1 christos sbuf = OPENSSL_zalloc(s1_len); 227 1.1 christos if (rbuf == NULL || sbuf == NULL) 228 1.1 christos goto err; 229 1.1 christos if (BN_bn2binpad(r1, rbuf, r1_len) <= 0) 230 1.1 christos goto err; 231 1.1 christos if (BN_bn2binpad(s1, sbuf, s1_len) <= 0) 232 1.1 christos goto err; 233 1.1 christos *r = rbuf; 234 1.1 christos *s = sbuf; 235 1.1 christos *rlen = r1_len; 236 1.1 christos *slen = s1_len; 237 1.1 christos ret = 1; 238 1.1 christos err: 239 1.1 christos if (ret == 0) { 240 1.1 christos OPENSSL_free(rbuf); 241 1.1 christos OPENSSL_free(sbuf); 242 1.1 christos } 243 1.1 christos ECDSA_SIG_free(sign); 244 1.1 christos return ret; 245 1.1 christos } 246 1.1 christos 247 1.1 christos static int ecdsa_siggen_test(int id) 248 1.1 christos { 249 1.1 christos int ret = 0; 250 1.1 christos EVP_PKEY *pkey = NULL; 251 1.1 christos size_t sig_len = 0, rlen = 0, slen = 0; 252 1.1 christos unsigned char *sig = NULL; 253 1.1 christos unsigned char *r = NULL, *s = NULL; 254 1.1 christos const struct ecdsa_siggen_st *tst = &ecdsa_siggen_data[id]; 255 1.1 christos 256 1.1 christos if (!TEST_ptr(pkey = EVP_PKEY_Q_keygen(libctx, NULL, "EC", tst->curve_name))) 257 1.1 christos goto err; 258 1.1 christos 259 1.1 christos if (!TEST_true(sig_gen(pkey, NULL, tst->digest_alg, tst->msg, tst->msg_len, 260 1.1 christos &sig, &sig_len)) 261 1.1 christos || !TEST_true(get_ecdsa_sig_rs_bytes(sig, sig_len, &r, &s, &rlen, &slen))) 262 1.1 christos goto err; 263 1.1 christos test_output_memory("r", r, rlen); 264 1.1 christos test_output_memory("s", s, slen); 265 1.1 christos ret = 1; 266 1.1 christos err: 267 1.1 christos OPENSSL_free(r); 268 1.1 christos OPENSSL_free(s); 269 1.1 christos OPENSSL_free(sig); 270 1.1 christos EVP_PKEY_free(pkey); 271 1.1 christos return ret; 272 1.1 christos } 273 1.1 christos 274 1.1 christos static int ecdsa_sigver_test(int id) 275 1.1 christos { 276 1.1 christos int ret = 0; 277 1.1 christos EVP_MD_CTX *md_ctx = NULL; 278 1.1 christos EVP_PKEY *pkey = NULL; 279 1.1 christos ECDSA_SIG *sign = NULL; 280 1.1 christos size_t sig_len; 281 1.1 christos unsigned char *sig = NULL; 282 1.1 christos BIGNUM *rbn = NULL, *sbn = NULL; 283 1.1 christos const struct ecdsa_sigver_st *tst = &ecdsa_sigver_data[id]; 284 1.1 christos 285 1.1 christos if (!TEST_true(ecdsa_create_pkey(&pkey, tst->curve_name, 286 1.1 christos tst->pub, tst->pub_len, 1))) 287 1.1 christos goto err; 288 1.1 christos 289 1.1 christos if (!TEST_ptr(sign = ECDSA_SIG_new()) 290 1.1 christos || !TEST_ptr(rbn = BN_bin2bn(tst->r, tst->r_len, NULL)) 291 1.1 christos || !TEST_ptr(sbn = BN_bin2bn(tst->s, tst->s_len, NULL)) 292 1.1 christos || !TEST_true(ECDSA_SIG_set0(sign, rbn, sbn))) 293 1.1 christos goto err; 294 1.1 christos rbn = sbn = NULL; 295 1.1 christos 296 1.1 christos ret = TEST_int_gt((sig_len = i2d_ECDSA_SIG(sign, &sig)), 0) 297 1.1 christos && TEST_ptr(md_ctx = EVP_MD_CTX_new()) 298 1.1 christos && TEST_true(EVP_DigestVerifyInit_ex(md_ctx, NULL, tst->digest_alg, 299 1.1 christos libctx, NULL, pkey, NULL) 300 1.1 christos && TEST_int_eq(EVP_DigestVerify(md_ctx, sig, sig_len, 301 1.1 christos tst->msg, tst->msg_len), tst->pass)); 302 1.1 christos err: 303 1.1 christos BN_free(rbn); 304 1.1 christos BN_free(sbn); 305 1.1 christos OPENSSL_free(sig); 306 1.1 christos ECDSA_SIG_free(sign); 307 1.1 christos EVP_PKEY_free(pkey); 308 1.1 christos EVP_MD_CTX_free(md_ctx); 309 1.1 christos return ret; 310 1.1 christos 311 1.1 christos } 312 1.1 christos #endif /* OPENSSL_NO_EC */ 313 1.1 christos 314 1.1 christos #ifndef OPENSSL_NO_DSA 315 1.1 christos static int pkey_get_octet_bytes(EVP_PKEY *pkey, const char *name, 316 1.1 christos unsigned char **out, size_t *out_len) 317 1.1 christos { 318 1.1 christos size_t len = 0; 319 1.1 christos unsigned char *buf = NULL; 320 1.1 christos 321 1.1 christos if (!EVP_PKEY_get_octet_string_param(pkey, name, NULL, 0, &len)) 322 1.1 christos goto err; 323 1.1 christos 324 1.1 christos buf = OPENSSL_zalloc(len); 325 1.1 christos if (buf == NULL) 326 1.1 christos goto err; 327 1.1 christos 328 1.1 christos if (!EVP_PKEY_get_octet_string_param(pkey, name, buf, len, out_len)) 329 1.1 christos goto err; 330 1.1 christos *out = buf; 331 1.1 christos return 1; 332 1.1 christos err: 333 1.1 christos OPENSSL_free(buf); 334 1.1 christos return 0; 335 1.1 christos } 336 1.1 christos 337 1.1 christos static EVP_PKEY *dsa_paramgen(int L, int N) 338 1.1 christos { 339 1.1 christos EVP_PKEY_CTX *paramgen_ctx = NULL; 340 1.1 christos EVP_PKEY *param_key = NULL; 341 1.1 christos 342 1.1 christos if (!TEST_ptr(paramgen_ctx = EVP_PKEY_CTX_new_from_name(libctx, "DSA", NULL)) 343 1.1 christos || !TEST_int_gt(EVP_PKEY_paramgen_init(paramgen_ctx), 0) 344 1.1 christos || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_bits(paramgen_ctx, L)) 345 1.1 christos || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_q_bits(paramgen_ctx, N)) 346 1.1 christos || !TEST_true(EVP_PKEY_paramgen(paramgen_ctx, ¶m_key))) 347 1.1 christos return NULL; 348 1.1 christos EVP_PKEY_CTX_free(paramgen_ctx); 349 1.1 christos return param_key; 350 1.1 christos } 351 1.1 christos 352 1.1 christos static EVP_PKEY *dsa_keygen(int L, int N) 353 1.1 christos { 354 1.1 christos EVP_PKEY *param_key = NULL, *key = NULL; 355 1.1 christos EVP_PKEY_CTX *keygen_ctx = NULL; 356 1.1 christos 357 1.1 christos if (!TEST_ptr(param_key = dsa_paramgen(L, N)) 358 1.1 christos || !TEST_ptr(keygen_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, param_key, 359 1.1 christos NULL)) 360 1.1 christos || !TEST_int_gt(EVP_PKEY_keygen_init(keygen_ctx), 0) 361 1.1 christos || !TEST_int_gt(EVP_PKEY_keygen(keygen_ctx, &key), 0)) 362 1.1 christos goto err; 363 1.1 christos err: 364 1.1 christos EVP_PKEY_free(param_key); 365 1.1 christos EVP_PKEY_CTX_free(keygen_ctx); 366 1.1 christos return key; 367 1.1 christos } 368 1.1 christos 369 1.1 christos static int dsa_keygen_test(int id) 370 1.1 christos { 371 1.1 christos int ret = 0, i; 372 1.1 christos EVP_PKEY_CTX *paramgen_ctx = NULL, *keygen_ctx = NULL; 373 1.1 christos EVP_PKEY *param_key = NULL, *key = NULL; 374 1.1 christos unsigned char *priv = NULL, *pub = NULL; 375 1.1 christos size_t priv_len = 0, pub_len = 0; 376 1.1 christos const struct dsa_paramgen_st *tst = &dsa_keygen_data[id]; 377 1.1 christos 378 1.1 christos if (!TEST_ptr(param_key = dsa_paramgen(tst->L, tst->N)) 379 1.1 christos || !TEST_ptr(keygen_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, param_key, 380 1.1 christos NULL)) 381 1.1 christos || !TEST_int_gt(EVP_PKEY_keygen_init(keygen_ctx), 0)) 382 1.1 christos goto err; 383 1.1 christos for (i = 0; i < 2; ++i) { 384 1.1 christos if (!TEST_int_gt(EVP_PKEY_keygen(keygen_ctx, &key), 0) 385 1.1 christos || !TEST_true(pkey_get_bn_bytes(key, OSSL_PKEY_PARAM_PRIV_KEY, 386 1.1 christos &priv, &priv_len)) 387 1.1 christos || !TEST_true(pkey_get_bn_bytes(key, OSSL_PKEY_PARAM_PUB_KEY, 388 1.1 christos &pub, &pub_len))) 389 1.1 christos goto err; 390 1.1 christos test_output_memory("y", pub, pub_len); 391 1.1 christos test_output_memory("x", priv, priv_len); 392 1.1 christos EVP_PKEY_free(key); 393 1.1 christos OPENSSL_clear_free(priv, priv_len); 394 1.1 christos OPENSSL_free(pub); 395 1.1 christos key = NULL; 396 1.1 christos pub = priv = NULL; 397 1.1 christos } 398 1.1 christos ret = 1; 399 1.1 christos err: 400 1.1 christos OPENSSL_clear_free(priv, priv_len); 401 1.1 christos OPENSSL_free(pub); 402 1.1 christos EVP_PKEY_free(param_key); 403 1.1 christos EVP_PKEY_free(key); 404 1.1 christos EVP_PKEY_CTX_free(keygen_ctx); 405 1.1 christos EVP_PKEY_CTX_free(paramgen_ctx); 406 1.1 christos return ret; 407 1.1 christos } 408 1.1 christos 409 1.1 christos static int dsa_paramgen_test(int id) 410 1.1 christos { 411 1.1 christos int ret = 0, counter = 0; 412 1.1 christos EVP_PKEY_CTX *paramgen_ctx = NULL; 413 1.1 christos EVP_PKEY *param_key = NULL; 414 1.1 christos unsigned char *p = NULL, *q = NULL, *seed = NULL; 415 1.1 christos size_t plen = 0, qlen = 0, seedlen = 0; 416 1.1 christos const struct dsa_paramgen_st *tst = &dsa_paramgen_data[id]; 417 1.1 christos 418 1.1 christos if (!TEST_ptr(paramgen_ctx = EVP_PKEY_CTX_new_from_name(libctx, "DSA", NULL)) 419 1.1 christos || !TEST_int_gt(EVP_PKEY_paramgen_init(paramgen_ctx), 0) 420 1.1 christos || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_bits(paramgen_ctx, tst->L)) 421 1.1 christos || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_q_bits(paramgen_ctx, tst->N)) 422 1.1 christos || !TEST_true(EVP_PKEY_paramgen(paramgen_ctx, ¶m_key)) 423 1.1 christos || !TEST_true(pkey_get_bn_bytes(param_key, OSSL_PKEY_PARAM_FFC_P, 424 1.1 christos &p, &plen)) 425 1.1 christos || !TEST_true(pkey_get_bn_bytes(param_key, OSSL_PKEY_PARAM_FFC_Q, 426 1.1 christos &q, &qlen)) 427 1.1 christos || !TEST_true(pkey_get_octet_bytes(param_key, OSSL_PKEY_PARAM_FFC_SEED, 428 1.1 christos &seed, &seedlen)) 429 1.1 christos || !TEST_true(EVP_PKEY_get_int_param(param_key, 430 1.1 christos OSSL_PKEY_PARAM_FFC_PCOUNTER, 431 1.1 christos &counter))) 432 1.1 christos goto err; 433 1.1 christos 434 1.1 christos test_output_memory("p", p, plen); 435 1.1 christos test_output_memory("q", q, qlen); 436 1.1 christos test_output_memory("domainSeed", seed, seedlen); 437 1.1 christos test_printf_stderr("%s: %d\n", "counter", counter); 438 1.1 christos ret = 1; 439 1.1 christos err: 440 1.1 christos OPENSSL_free(p); 441 1.1 christos OPENSSL_free(q); 442 1.1 christos OPENSSL_free(seed); 443 1.1 christos EVP_PKEY_free(param_key); 444 1.1 christos EVP_PKEY_CTX_free(paramgen_ctx); 445 1.1 christos return ret; 446 1.1 christos } 447 1.1 christos 448 1.1 christos static int dsa_create_pkey(EVP_PKEY **pkey, 449 1.1 christos const unsigned char *p, size_t p_len, 450 1.1 christos const unsigned char *q, size_t q_len, 451 1.1 christos const unsigned char *g, size_t g_len, 452 1.1 christos const unsigned char *seed, size_t seed_len, 453 1.1 christos int counter, 454 1.1 christos int validate_pq, int validate_g, 455 1.1 christos const unsigned char *pub, size_t pub_len, 456 1.1 christos BN_CTX *bn_ctx) 457 1.1 christos { 458 1.1 christos int ret = 0; 459 1.1 christos EVP_PKEY_CTX *ctx = NULL; 460 1.1 christos OSSL_PARAM_BLD *bld = NULL; 461 1.1 christos OSSL_PARAM *params = NULL; 462 1.1 christos BIGNUM *p_bn = NULL, *q_bn = NULL, *g_bn = NULL, *pub_bn = NULL; 463 1.1 christos 464 1.1 christos if (!TEST_ptr(bld = OSSL_PARAM_BLD_new()) 465 1.1 christos || !TEST_ptr(p_bn = BN_CTX_get(bn_ctx)) 466 1.1 christos || !TEST_ptr(BN_bin2bn(p, p_len, p_bn)) 467 1.1 christos || !TEST_true(OSSL_PARAM_BLD_push_int(bld, 468 1.1 christos OSSL_PKEY_PARAM_FFC_VALIDATE_PQ, 469 1.1 christos validate_pq)) 470 1.1 christos || !TEST_true(OSSL_PARAM_BLD_push_int(bld, 471 1.1 christos OSSL_PKEY_PARAM_FFC_VALIDATE_G, 472 1.1 christos validate_g)) 473 1.1 christos || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p_bn)) 474 1.1 christos || !TEST_ptr(q_bn = BN_CTX_get(bn_ctx)) 475 1.1 christos || !TEST_ptr(BN_bin2bn(q, q_len, q_bn)) 476 1.1 christos || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q_bn))) 477 1.1 christos goto err; 478 1.1 christos 479 1.1 christos if (g != NULL) { 480 1.1 christos if (!TEST_ptr(g_bn = BN_CTX_get(bn_ctx)) 481 1.1 christos || !TEST_ptr(BN_bin2bn(g, g_len, g_bn)) 482 1.1 christos || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, 483 1.1 christos OSSL_PKEY_PARAM_FFC_G, g_bn))) 484 1.1 christos goto err; 485 1.1 christos } 486 1.1 christos if (seed != NULL) { 487 1.1 christos if (!TEST_true(OSSL_PARAM_BLD_push_octet_string(bld, 488 1.1 christos OSSL_PKEY_PARAM_FFC_SEED, seed, seed_len))) 489 1.1 christos goto err; 490 1.1 christos } 491 1.1 christos if (counter != -1) { 492 1.1 christos if (!TEST_true(OSSL_PARAM_BLD_push_int(bld, 493 1.1 christos OSSL_PKEY_PARAM_FFC_PCOUNTER, 494 1.1 christos counter))) 495 1.1 christos goto err; 496 1.1 christos } 497 1.1 christos if (pub != NULL) { 498 1.1 christos if (!TEST_ptr(pub_bn = BN_CTX_get(bn_ctx)) 499 1.1 christos || !TEST_ptr(BN_bin2bn(pub, pub_len, pub_bn)) 500 1.1 christos || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, 501 1.1 christos OSSL_PKEY_PARAM_PUB_KEY, 502 1.1 christos pub_bn))) 503 1.1 christos goto err; 504 1.1 christos } 505 1.1 christos if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)) 506 1.1 christos || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "DSA", NULL)) 507 1.1 christos || !TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1) 508 1.1 christos || !TEST_int_eq(EVP_PKEY_fromdata(ctx, pkey, EVP_PKEY_PUBLIC_KEY, 509 1.1 christos params), 1)) 510 1.1 christos goto err; 511 1.1 christos 512 1.1 christos ret = 1; 513 1.1 christos err: 514 1.1 christos OSSL_PARAM_free(params); 515 1.1 christos OSSL_PARAM_BLD_free(bld); 516 1.1 christos EVP_PKEY_CTX_free(ctx); 517 1.1 christos return ret; 518 1.1 christos } 519 1.1 christos 520 1.1 christos static int dsa_pqver_test(int id) 521 1.1 christos { 522 1.1 christos int ret = 0; 523 1.1 christos BN_CTX *bn_ctx = NULL; 524 1.1 christos EVP_PKEY_CTX *key_ctx = NULL; 525 1.1 christos EVP_PKEY *param_key = NULL; 526 1.1 christos const struct dsa_pqver_st *tst = &dsa_pqver_data[id]; 527 1.1 christos 528 1.1 christos if (!TEST_ptr(bn_ctx = BN_CTX_new_ex(libctx)) 529 1.1 christos || !TEST_true(dsa_create_pkey(¶m_key, tst->p, tst->p_len, 530 1.1 christos tst->q, tst->q_len, NULL, 0, 531 1.1 christos tst->seed, tst->seed_len, tst->counter, 532 1.1 christos 1, 0, 533 1.1 christos NULL, 0, 534 1.1 christos bn_ctx)) 535 1.1 christos || !TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, param_key, 536 1.1 christos NULL)) 537 1.1 christos || !TEST_int_eq(EVP_PKEY_param_check(key_ctx), tst->pass)) 538 1.1 christos goto err; 539 1.1 christos 540 1.1 christos ret = 1; 541 1.1 christos err: 542 1.1 christos BN_CTX_free(bn_ctx); 543 1.1 christos EVP_PKEY_free(param_key); 544 1.1 christos EVP_PKEY_CTX_free(key_ctx); 545 1.1 christos return ret; 546 1.1 christos } 547 1.1 christos 548 1.1 christos /* Extract r and s from a dsa signature */ 549 1.1 christos static int get_dsa_sig_rs_bytes(const unsigned char *sig, size_t sig_len, 550 1.1 christos unsigned char **r, unsigned char **s, 551 1.1 christos size_t *r_len, size_t *s_len) 552 1.1 christos { 553 1.1 christos int ret = 0; 554 1.1 christos unsigned char *rbuf = NULL, *sbuf = NULL; 555 1.1 christos size_t r1_len, s1_len; 556 1.1 christos const BIGNUM *r1, *s1; 557 1.1 christos DSA_SIG *sign = d2i_DSA_SIG(NULL, &sig, sig_len); 558 1.1 christos 559 1.1 christos if (sign == NULL) 560 1.1 christos return 0; 561 1.1 christos DSA_SIG_get0(sign, &r1, &s1); 562 1.1 christos if (r1 == NULL || s1 == NULL) 563 1.1 christos goto err; 564 1.1 christos 565 1.1 christos r1_len = BN_num_bytes(r1); 566 1.1 christos s1_len = BN_num_bytes(s1); 567 1.1 christos rbuf = OPENSSL_zalloc(r1_len); 568 1.1 christos sbuf = OPENSSL_zalloc(s1_len); 569 1.1 christos if (rbuf == NULL || sbuf == NULL) 570 1.1 christos goto err; 571 1.1 christos if (BN_bn2binpad(r1, rbuf, r1_len) <= 0) 572 1.1 christos goto err; 573 1.1 christos if (BN_bn2binpad(s1, sbuf, s1_len) <= 0) 574 1.1 christos goto err; 575 1.1 christos *r = rbuf; 576 1.1 christos *s = sbuf; 577 1.1 christos *r_len = r1_len; 578 1.1 christos *s_len = s1_len; 579 1.1 christos ret = 1; 580 1.1 christos err: 581 1.1 christos if (ret == 0) { 582 1.1 christos OPENSSL_free(rbuf); 583 1.1 christos OPENSSL_free(sbuf); 584 1.1 christos } 585 1.1 christos DSA_SIG_free(sign); 586 1.1 christos return ret; 587 1.1 christos } 588 1.1 christos 589 1.1 christos static int dsa_siggen_test(int id) 590 1.1 christos { 591 1.1 christos int ret = 0; 592 1.1 christos EVP_PKEY *pkey = NULL; 593 1.1 christos unsigned char *sig = NULL, *r = NULL, *s = NULL; 594 1.1 christos size_t sig_len = 0, rlen = 0, slen = 0; 595 1.1 christos const struct dsa_siggen_st *tst = &dsa_siggen_data[id]; 596 1.1 christos 597 1.1 christos if (!TEST_ptr(pkey = dsa_keygen(tst->L, tst->N))) 598 1.1 christos goto err; 599 1.1 christos 600 1.1 christos if (!TEST_true(sig_gen(pkey, NULL, tst->digest_alg, tst->msg, tst->msg_len, 601 1.1 christos &sig, &sig_len)) 602 1.1 christos || !TEST_true(get_dsa_sig_rs_bytes(sig, sig_len, &r, &s, &rlen, &slen))) 603 1.1 christos goto err; 604 1.1 christos test_output_memory("r", r, rlen); 605 1.1 christos test_output_memory("s", s, slen); 606 1.1 christos ret = 1; 607 1.1 christos err: 608 1.1 christos OPENSSL_free(r); 609 1.1 christos OPENSSL_free(s); 610 1.1 christos OPENSSL_free(sig); 611 1.1 christos EVP_PKEY_free(pkey); 612 1.1 christos return ret; 613 1.1 christos } 614 1.1 christos 615 1.1 christos static int dsa_sigver_test(int id) 616 1.1 christos { 617 1.1 christos int ret = 0; 618 1.1 christos EVP_PKEY_CTX *ctx = NULL; 619 1.1 christos EVP_PKEY *pkey = NULL; 620 1.1 christos DSA_SIG *sign = NULL; 621 1.1 christos size_t sig_len; 622 1.1 christos unsigned char *sig = NULL; 623 1.1 christos BIGNUM *rbn = NULL, *sbn = NULL; 624 1.1 christos EVP_MD *md = NULL; 625 1.1 christos unsigned char digest[EVP_MAX_MD_SIZE]; 626 1.1 christos unsigned int digest_len; 627 1.1 christos BN_CTX *bn_ctx = NULL; 628 1.1 christos const struct dsa_sigver_st *tst = &dsa_sigver_data[id]; 629 1.1 christos 630 1.1 christos if (!TEST_ptr(bn_ctx = BN_CTX_new()) 631 1.1 christos || !TEST_true(dsa_create_pkey(&pkey, tst->p, tst->p_len, 632 1.1 christos tst->q, tst->q_len, tst->g, tst->g_len, 633 1.1 christos NULL, 0, 0, 0, 0, tst->pub, tst->pub_len, 634 1.1 christos bn_ctx))) 635 1.1 christos goto err; 636 1.1 christos 637 1.1 christos if (!TEST_ptr(sign = DSA_SIG_new()) 638 1.1 christos || !TEST_ptr(rbn = BN_bin2bn(tst->r, tst->r_len, NULL)) 639 1.1 christos || !TEST_ptr(sbn = BN_bin2bn(tst->s, tst->s_len, NULL)) 640 1.1 christos || !TEST_true(DSA_SIG_set0(sign, rbn, sbn))) 641 1.1 christos goto err; 642 1.1 christos rbn = sbn = NULL; 643 1.1 christos 644 1.1 christos if (!TEST_ptr(md = EVP_MD_fetch(libctx, tst->digest_alg, "")) 645 1.1 christos || !TEST_true(EVP_Digest(tst->msg, tst->msg_len, 646 1.1 christos digest, &digest_len, md, NULL))) 647 1.1 christos goto err; 648 1.1 christos 649 1.1 christos if (!TEST_int_gt((sig_len = i2d_DSA_SIG(sign, &sig)), 0) 650 1.1 christos || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, "")) 651 1.1 christos || !TEST_int_gt(EVP_PKEY_verify_init(ctx), 0) 652 1.1 christos || !TEST_int_eq(EVP_PKEY_verify(ctx, sig, sig_len, digest, digest_len), 653 1.1 christos tst->pass)) 654 1.1 christos goto err; 655 1.1 christos ret = 1; 656 1.1 christos err: 657 1.1 christos EVP_PKEY_CTX_free(ctx); 658 1.1 christos OPENSSL_free(sig); 659 1.1 christos EVP_MD_free(md); 660 1.1 christos DSA_SIG_free(sign); 661 1.1 christos EVP_PKEY_free(pkey); 662 1.1 christos BN_free(rbn); 663 1.1 christos BN_free(sbn); 664 1.1 christos BN_CTX_free(bn_ctx); 665 1.1 christos return ret; 666 1.1 christos } 667 1.1 christos #endif /* OPENSSL_NO_DSA */ 668 1.1 christos 669 1.1 christos 670 1.1 christos /* cipher encrypt/decrypt */ 671 1.1 christos static int cipher_enc(const char *alg, 672 1.1 christos const unsigned char *pt, size_t pt_len, 673 1.1 christos const unsigned char *key, size_t key_len, 674 1.1 christos const unsigned char *iv, size_t iv_len, 675 1.1 christos const unsigned char *ct, size_t ct_len, 676 1.1 christos int enc) 677 1.1 christos { 678 1.1 christos int ret = 0, out_len = 0, len = 0; 679 1.1 christos EVP_CIPHER_CTX *ctx = NULL; 680 1.1 christos EVP_CIPHER *cipher = NULL; 681 1.1 christos unsigned char out[256] = { 0 }; 682 1.1 christos 683 1.1 christos TEST_note("%s : %s", alg, enc ? "encrypt" : "decrypt"); 684 1.1 christos if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()) 685 1.1 christos || !TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, alg, "")) 686 1.1 christos || !TEST_true(EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, enc)) 687 1.1 christos || !TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0)) 688 1.1 christos || !TEST_true(EVP_CipherUpdate(ctx, out, &len, pt, pt_len)) 689 1.1 christos || !TEST_true(EVP_CipherFinal_ex(ctx, out + len, &out_len))) 690 1.1 christos goto err; 691 1.1 christos out_len += len; 692 1.1 christos if (!TEST_mem_eq(out, out_len, ct, ct_len)) 693 1.1 christos goto err; 694 1.1 christos ret = 1; 695 1.1 christos err: 696 1.1 christos EVP_CIPHER_free(cipher); 697 1.1 christos EVP_CIPHER_CTX_free(ctx); 698 1.1 christos return ret; 699 1.1 christos } 700 1.1 christos 701 1.1 christos static int cipher_enc_dec_test(int id) 702 1.1 christos { 703 1.1 christos const struct cipher_st *tst = &cipher_enc_data[id]; 704 1.1 christos const int enc = 1; 705 1.1 christos 706 1.1 christos return TEST_true(cipher_enc(tst->alg, tst->pt, tst->pt_len, 707 1.1 christos tst->key, tst->key_len, 708 1.1 christos tst->iv, tst->iv_len, 709 1.1 christos tst->ct, tst->ct_len, enc)) 710 1.1 christos && TEST_true(cipher_enc(tst->alg, tst->ct, tst->ct_len, 711 1.1 christos tst->key, tst->key_len, 712 1.1 christos tst->iv, tst->iv_len, 713 1.1 christos tst->pt, tst->pt_len, !enc)); 714 1.1 christos } 715 1.1 christos 716 1.1 christos static int aes_ccm_enc_dec(const char *alg, 717 1.1 christos const unsigned char *pt, size_t pt_len, 718 1.1 christos const unsigned char *key, size_t key_len, 719 1.1 christos const unsigned char *iv, size_t iv_len, 720 1.1 christos const unsigned char *aad, size_t aad_len, 721 1.1 christos const unsigned char *ct, size_t ct_len, 722 1.1 christos const unsigned char *tag, size_t tag_len, 723 1.1 christos int enc, int pass) 724 1.1 christos { 725 1.1 christos int ret = 0; 726 1.1 christos EVP_CIPHER_CTX *ctx; 727 1.1 christos EVP_CIPHER *cipher = NULL; 728 1.1 christos int out_len, len; 729 1.1 christos unsigned char out[1024]; 730 1.1 christos 731 1.1 christos TEST_note("%s : %s : expected to %s", alg, enc ? "encrypt" : "decrypt", 732 1.1 christos pass ? "pass" : "fail"); 733 1.1 christos 734 1.1 christos if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()) 735 1.1 christos || !TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, alg, "")) 736 1.1 christos || !TEST_true(EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc)) 737 1.1 christos || !TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, iv_len, 738 1.1 christos NULL), 0) 739 1.1 christos || !TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, tag_len, 740 1.1 christos enc ? NULL : (void *)tag), 0) 741 1.1 christos || !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, enc)) 742 1.1 christos || !TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0)) 743 1.1 christos || !TEST_true(EVP_CipherUpdate(ctx, NULL, &len, NULL, pt_len)) 744 1.1 christos || !TEST_true(EVP_CipherUpdate(ctx, NULL, &len, aad, aad_len)) 745 1.1 christos || !TEST_int_eq(EVP_CipherUpdate(ctx, out, &len, pt, pt_len), pass)) 746 1.1 christos goto err; 747 1.1 christos 748 1.1 christos if (!pass) { 749 1.1 christos ret = 1; 750 1.1 christos goto err; 751 1.1 christos } 752 1.1 christos if (!TEST_true(EVP_CipherFinal_ex(ctx, out + len, &out_len))) 753 1.1 christos goto err; 754 1.1 christos if (enc) { 755 1.1 christos out_len += len; 756 1.1 christos if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, 757 1.1 christos tag_len, out + out_len), 0) 758 1.1 christos || !TEST_mem_eq(out, out_len, ct, ct_len) 759 1.1 christos || !TEST_mem_eq(out + out_len, tag_len, tag, tag_len)) 760 1.1 christos goto err; 761 1.1 christos } else { 762 1.1 christos if (!TEST_mem_eq(out, out_len + len, ct, ct_len)) 763 1.1 christos goto err; 764 1.1 christos } 765 1.1 christos 766 1.1 christos ret = 1; 767 1.1 christos err: 768 1.1 christos EVP_CIPHER_free(cipher); 769 1.1 christos EVP_CIPHER_CTX_free(ctx); 770 1.1 christos return ret; 771 1.1 christos } 772 1.1 christos 773 1.1 christos static int aes_ccm_enc_dec_test(int id) 774 1.1 christos { 775 1.1 christos const struct cipher_ccm_st *tst = &aes_ccm_enc_data[id]; 776 1.1 christos 777 1.1 christos /* The tag is on the end of the cipher text */ 778 1.1 christos const size_t tag_len = tst->ct_len - tst->pt_len; 779 1.1 christos const size_t ct_len = tst->ct_len - tag_len; 780 1.1 christos const unsigned char *tag = tst->ct + ct_len; 781 1.1 christos const int enc = 1; 782 1.1 christos const int pass = 1; 783 1.1 christos 784 1.1 christos if (ct_len < 1) 785 1.1 christos return 0; 786 1.1 christos 787 1.1 christos return aes_ccm_enc_dec(tst->alg, tst->pt, tst->pt_len, 788 1.1 christos tst->key, tst->key_len, 789 1.1 christos tst->iv, tst->iv_len, tst->aad, tst->aad_len, 790 1.1 christos tst->ct, ct_len, tag, tag_len, enc, pass) 791 1.1 christos && aes_ccm_enc_dec(tst->alg, tst->ct, ct_len, 792 1.1 christos tst->key, tst->key_len, 793 1.1 christos tst->iv, tst->iv_len, tst->aad, tst->aad_len, 794 1.1 christos tst->pt, tst->pt_len, tag, tag_len, !enc, pass) 795 1.1 christos /* test that it fails if the tag is incorrect */ 796 1.1 christos && aes_ccm_enc_dec(tst->alg, tst->ct, ct_len, 797 1.1 christos tst->key, tst->key_len, 798 1.1 christos tst->iv, tst->iv_len, tst->aad, tst->aad_len, 799 1.1 christos tst->pt, tst->pt_len, 800 1.1 christos tag - 1, tag_len, !enc, !pass); 801 1.1 christos } 802 1.1 christos 803 1.1 christos static int aes_gcm_enc_dec(const char *alg, 804 1.1 christos const unsigned char *pt, size_t pt_len, 805 1.1 christos const unsigned char *key, size_t key_len, 806 1.1 christos const unsigned char *iv, size_t iv_len, 807 1.1 christos const unsigned char *aad, size_t aad_len, 808 1.1 christos const unsigned char *ct, size_t ct_len, 809 1.1 christos const unsigned char *tag, size_t tag_len, 810 1.1 christos int enc, int pass) 811 1.1 christos { 812 1.1 christos int ret = 0; 813 1.1 christos EVP_CIPHER_CTX *ctx; 814 1.1 christos EVP_CIPHER *cipher = NULL; 815 1.1 christos int out_len, len; 816 1.1 christos unsigned char out[1024]; 817 1.1 christos 818 1.1 christos TEST_note("%s : %s : expected to %s", alg, enc ? "encrypt" : "decrypt", 819 1.1 christos pass ? "pass" : "fail"); 820 1.1 christos 821 1.1 christos if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()) 822 1.1 christos || !TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, alg, "")) 823 1.1 christos || !TEST_true(EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc)) 824 1.1 christos || !TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, iv_len, 825 1.1 christos NULL), 0)) 826 1.1 christos goto err; 827 1.1 christos 828 1.1 christos if (!enc) { 829 1.1 christos if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, tag_len, 830 1.1 christos (void *)tag), 0)) 831 1.1 christos goto err; 832 1.1 christos } 833 1.1 christos /* 834 1.1 christos * For testing purposes the IV it being set here. In a compliant application 835 1.1 christos * the IV would be generated internally. A fake entropy source could also 836 1.1 christos * be used to feed in the random IV bytes (see fake_random.c) 837 1.1 christos */ 838 1.1 christos if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, enc)) 839 1.1 christos || !TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0)) 840 1.1 christos || !TEST_true(EVP_CipherUpdate(ctx, NULL, &len, aad, aad_len)) 841 1.1 christos || !TEST_true(EVP_CipherUpdate(ctx, out, &len, pt, pt_len))) 842 1.1 christos goto err; 843 1.1 christos 844 1.1 christos if (!TEST_int_eq(EVP_CipherFinal_ex(ctx, out + len, &out_len), pass)) 845 1.1 christos goto err; 846 1.1 christos if (!pass) { 847 1.1 christos ret = 1; 848 1.1 christos goto err; 849 1.1 christos } 850 1.1 christos out_len += len; 851 1.1 christos if (enc) { 852 1.1 christos if (!TEST_mem_eq(out, out_len, ct, ct_len) 853 1.1 christos || !TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, 854 1.1 christos tag_len, out + out_len), 0) 855 1.1 christos || !TEST_mem_eq(out + out_len, tag_len, tag, tag_len)) 856 1.1 christos goto err; 857 1.1 christos } else { 858 1.1 christos if (!TEST_mem_eq(out, out_len, ct, ct_len)) 859 1.1 christos goto err; 860 1.1 christos } 861 1.1 christos 862 1.1 christos ret = 1; 863 1.1 christos err: 864 1.1 christos EVP_CIPHER_free(cipher); 865 1.1 christos EVP_CIPHER_CTX_free(ctx); 866 1.1 christos return ret; 867 1.1 christos } 868 1.1 christos 869 1.1 christos static int aes_gcm_enc_dec_test(int id) 870 1.1 christos { 871 1.1 christos const struct cipher_gcm_st *tst = &aes_gcm_enc_data[id]; 872 1.1 christos int enc = 1; 873 1.1 christos int pass = 1; 874 1.1 christos 875 1.1 christos return aes_gcm_enc_dec(tst->alg, tst->pt, tst->pt_len, 876 1.1 christos tst->key, tst->key_len, 877 1.1 christos tst->iv, tst->iv_len, tst->aad, tst->aad_len, 878 1.1 christos tst->ct, tst->ct_len, tst->tag, tst->tag_len, 879 1.1 christos enc, pass) 880 1.1 christos && aes_gcm_enc_dec(tst->alg, tst->ct, tst->ct_len, 881 1.1 christos tst->key, tst->key_len, 882 1.1 christos tst->iv, tst->iv_len, tst->aad, tst->aad_len, 883 1.1 christos tst->pt, tst->pt_len, tst->tag, tst->tag_len, 884 1.1 christos !enc, pass) 885 1.1 christos /* Fail if incorrect tag passed to decrypt */ 886 1.1 christos && aes_gcm_enc_dec(tst->alg, tst->ct, tst->ct_len, 887 1.1 christos tst->key, tst->key_len, 888 1.1 christos tst->iv, tst->iv_len, tst->aad, tst->aad_len, 889 1.1 christos tst->pt, tst->pt_len, tst->aad, tst->tag_len, 890 1.1 christos !enc, !pass); 891 1.1 christos } 892 1.1 christos 893 1.1 christos #ifndef OPENSSL_NO_DH 894 1.1 christos static int dh_create_pkey(EVP_PKEY **pkey, const char *group_name, 895 1.1 christos const unsigned char *pub, size_t pub_len, 896 1.1 christos const unsigned char *priv, size_t priv_len, 897 1.1 christos BN_CTX *bn_ctx, int pass) 898 1.1 christos { 899 1.1 christos int ret = 0; 900 1.1 christos EVP_PKEY_CTX *ctx = NULL; 901 1.1 christos OSSL_PARAM_BLD *bld = NULL; 902 1.1 christos OSSL_PARAM *params = NULL; 903 1.1 christos BIGNUM *pub_bn = NULL, *priv_bn = NULL; 904 1.1 christos 905 1.1 christos if (!TEST_ptr(bld = OSSL_PARAM_BLD_new()) 906 1.1 christos || (group_name != NULL 907 1.1 christos && !TEST_int_gt(OSSL_PARAM_BLD_push_utf8_string( 908 1.1 christos bld, OSSL_PKEY_PARAM_GROUP_NAME, 909 1.1 christos group_name, 0), 0))) 910 1.1 christos goto err; 911 1.1 christos 912 1.1 christos if (pub != NULL) { 913 1.1 christos if (!TEST_ptr(pub_bn = BN_CTX_get(bn_ctx)) 914 1.1 christos || !TEST_ptr(BN_bin2bn(pub, pub_len, pub_bn)) 915 1.1 christos || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY, 916 1.1 christos pub_bn))) 917 1.1 christos goto err; 918 1.1 christos } 919 1.1 christos if (priv != NULL) { 920 1.1 christos if (!TEST_ptr(priv_bn = BN_CTX_get(bn_ctx)) 921 1.1 christos || !TEST_ptr(BN_bin2bn(priv, priv_len, priv_bn)) 922 1.1 christos || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY, 923 1.1 christos priv_bn))) 924 1.1 christos goto err; 925 1.1 christos } 926 1.1 christos 927 1.1 christos if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)) 928 1.1 christos || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "DH", NULL)) 929 1.1 christos || !TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1) 930 1.1 christos || !TEST_int_eq(EVP_PKEY_fromdata(ctx, pkey, EVP_PKEY_KEYPAIR, params), 931 1.1 christos pass)) 932 1.1 christos goto err; 933 1.1 christos 934 1.1 christos ret = 1; 935 1.1 christos err: 936 1.1 christos OSSL_PARAM_free(params); 937 1.1 christos OSSL_PARAM_BLD_free(bld); 938 1.1 christos EVP_PKEY_CTX_free(ctx); 939 1.1 christos return ret; 940 1.1 christos } 941 1.1 christos 942 1.1 christos static int dh_safe_prime_keygen_test(int id) 943 1.1 christos { 944 1.1 christos int ret = 0; 945 1.1 christos EVP_PKEY_CTX *ctx = NULL; 946 1.1 christos EVP_PKEY *pkey = NULL; 947 1.1 christos unsigned char *priv = NULL; 948 1.1 christos unsigned char *pub = NULL; 949 1.1 christos size_t priv_len = 0, pub_len = 0; 950 1.1 christos OSSL_PARAM params[2]; 951 1.1 christos const struct dh_safe_prime_keygen_st *tst = &dh_safe_prime_keygen_data[id]; 952 1.1 christos 953 1.1 christos params[0] = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME, 954 1.1 christos (char *)tst->group_name, 0); 955 1.1 christos params[1] = OSSL_PARAM_construct_end(); 956 1.1 christos 957 1.1 christos if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "DH", NULL)) 958 1.1 christos || !TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0) 959 1.1 christos || !TEST_true(EVP_PKEY_CTX_set_params(ctx, params)) 960 1.1 christos || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0) 961 1.1 christos || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_PRIV_KEY, 962 1.1 christos &priv, &priv_len)) 963 1.1 christos || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_PUB_KEY, 964 1.1 christos &pub, &pub_len))) 965 1.1 christos goto err; 966 1.1 christos 967 1.1 christos test_output_memory("x", priv, priv_len); 968 1.1 christos test_output_memory("y", pub, pub_len); 969 1.1 christos ret = 1; 970 1.1 christos err: 971 1.1 christos OPENSSL_clear_free(priv, priv_len); 972 1.1 christos OPENSSL_free(pub); 973 1.1 christos EVP_PKEY_free(pkey); 974 1.1 christos EVP_PKEY_CTX_free(ctx); 975 1.1 christos return ret; 976 1.1 christos } 977 1.1 christos 978 1.1 christos static int dh_safe_prime_keyver_test(int id) 979 1.1 christos { 980 1.1 christos int ret = 0; 981 1.1 christos BN_CTX *bn_ctx = NULL; 982 1.1 christos EVP_PKEY_CTX *key_ctx = NULL; 983 1.1 christos EVP_PKEY *pkey = NULL; 984 1.1 christos const struct dh_safe_prime_keyver_st *tst = &dh_safe_prime_keyver_data[id]; 985 1.1 christos 986 1.1 christos if (!TEST_ptr(bn_ctx = BN_CTX_new_ex(libctx)) 987 1.1 christos || !TEST_true(dh_create_pkey(&pkey, tst->group_name, 988 1.1 christos tst->pub, tst->pub_len, 989 1.1 christos tst->priv, tst->priv_len, bn_ctx, 1)) 990 1.1 christos || !TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, "")) 991 1.1 christos || !TEST_int_eq(EVP_PKEY_check(key_ctx), tst->pass)) 992 1.1 christos goto err; 993 1.1 christos 994 1.1 christos ret = 1; 995 1.1 christos err: 996 1.1 christos EVP_PKEY_free(pkey); 997 1.1 christos EVP_PKEY_CTX_free(key_ctx); 998 1.1 christos BN_CTX_free(bn_ctx); 999 1.1 christos return ret; 1000 1.1 christos } 1001 1.1 christos #endif /* OPENSSL_NO_DH */ 1002 1.1 christos 1003 1.1 christos 1004 1.1 christos static int rsa_create_pkey(EVP_PKEY **pkey, 1005 1.1 christos const unsigned char *n, size_t n_len, 1006 1.1 christos const unsigned char *e, size_t e_len, 1007 1.1 christos const unsigned char *d, size_t d_len, 1008 1.1 christos BN_CTX *bn_ctx) 1009 1.1 christos { 1010 1.1 christos int ret = 0; 1011 1.1 christos EVP_PKEY_CTX *ctx = NULL; 1012 1.1 christos OSSL_PARAM_BLD *bld = NULL; 1013 1.1 christos OSSL_PARAM *params = NULL; 1014 1.1 christos BIGNUM *e_bn = NULL, *d_bn = NULL, *n_bn = NULL; 1015 1.1 christos 1016 1.1 christos if (!TEST_ptr(bld = OSSL_PARAM_BLD_new()) 1017 1.1 christos || !TEST_ptr(n_bn = BN_CTX_get(bn_ctx)) 1018 1.1 christos || !TEST_ptr(BN_bin2bn(n, n_len, n_bn)) 1019 1.1 christos || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_N, n_bn))) 1020 1.1 christos goto err; 1021 1.1 christos 1022 1.1 christos if (e != NULL) { 1023 1.1 christos if (!TEST_ptr(e_bn = BN_CTX_get(bn_ctx)) 1024 1.1 christos || !TEST_ptr(BN_bin2bn(e, e_len, e_bn)) 1025 1.1 christos || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_E, 1026 1.1 christos e_bn))) 1027 1.1 christos goto err; 1028 1.1 christos } 1029 1.1 christos if (d != NULL) { 1030 1.1 christos if (!TEST_ptr(d_bn = BN_CTX_get(bn_ctx)) 1031 1.1 christos || !TEST_ptr(BN_bin2bn(d, d_len, d_bn)) 1032 1.1 christos || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_D, 1033 1.1 christos d_bn))) 1034 1.1 christos goto err; 1035 1.1 christos } 1036 1.1 christos if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)) 1037 1.1 christos || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "RSA", NULL)) 1038 1.1 christos || !TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1) 1039 1.1 christos || !TEST_int_eq(EVP_PKEY_fromdata(ctx, pkey, EVP_PKEY_KEYPAIR, params), 1040 1.1 christos 1)) 1041 1.1 christos goto err; 1042 1.1 christos 1043 1.1 christos ret = 1; 1044 1.1 christos err: 1045 1.1 christos OSSL_PARAM_free(params); 1046 1.1 christos OSSL_PARAM_BLD_free(bld); 1047 1.1 christos EVP_PKEY_CTX_free(ctx); 1048 1.1 christos return ret; 1049 1.1 christos } 1050 1.1 christos 1051 1.1 christos static int rsa_keygen_test(int id) 1052 1.1 christos { 1053 1.1 christos int ret = 0; 1054 1.1 christos EVP_PKEY_CTX *ctx = NULL; 1055 1.1 christos EVP_PKEY *pkey = NULL; 1056 1.1 christos BIGNUM *e_bn = NULL; 1057 1.1 christos BIGNUM *xp1_bn = NULL, *xp2_bn = NULL, *xp_bn = NULL; 1058 1.1 christos BIGNUM *xq1_bn = NULL, *xq2_bn = NULL, *xq_bn = NULL; 1059 1.1 christos unsigned char *n = NULL, *d = NULL; 1060 1.1 christos unsigned char *p = NULL, *p1 = NULL, *p2 = NULL; 1061 1.1 christos unsigned char *q = NULL, *q1 = NULL, *q2 = NULL; 1062 1.1 christos size_t n_len = 0, d_len = 0; 1063 1.1 christos size_t p_len = 0, p1_len = 0, p2_len = 0; 1064 1.1 christos size_t q_len = 0, q1_len = 0, q2_len = 0; 1065 1.1 christos OSSL_PARAM_BLD *bld = NULL; 1066 1.1 christos OSSL_PARAM *params = NULL; 1067 1.1 christos const struct rsa_keygen_st *tst = &rsa_keygen_data[id]; 1068 1.1 christos 1069 1.1 christos if (!TEST_ptr(bld = OSSL_PARAM_BLD_new()) 1070 1.1 christos || !TEST_ptr(xp1_bn = BN_bin2bn(tst->xp1, tst->xp1_len, NULL)) 1071 1.1 christos || !TEST_ptr(xp2_bn = BN_bin2bn(tst->xp2, tst->xp2_len, NULL)) 1072 1.1 christos || !TEST_ptr(xp_bn = BN_bin2bn(tst->xp, tst->xp_len, NULL)) 1073 1.1 christos || !TEST_ptr(xq1_bn = BN_bin2bn(tst->xq1, tst->xq1_len, NULL)) 1074 1.1 christos || !TEST_ptr(xq2_bn = BN_bin2bn(tst->xq2, tst->xq2_len, NULL)) 1075 1.1 christos || !TEST_ptr(xq_bn = BN_bin2bn(tst->xq, tst->xq_len, NULL)) 1076 1.1 christos || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_TEST_XP1, 1077 1.1 christos xp1_bn)) 1078 1.1 christos || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_TEST_XP2, 1079 1.1 christos xp2_bn)) 1080 1.1 christos || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_TEST_XP, 1081 1.1 christos xp_bn)) 1082 1.1 christos || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_TEST_XQ1, 1083 1.1 christos xq1_bn)) 1084 1.1 christos || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_TEST_XQ2, 1085 1.1 christos xq2_bn)) 1086 1.1 christos || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_TEST_XQ, 1087 1.1 christos xq_bn)) 1088 1.1 christos || !TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))) 1089 1.1 christos goto err; 1090 1.1 christos 1091 1.1 christos if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "RSA", NULL)) 1092 1.1 christos || !TEST_ptr(e_bn = BN_bin2bn(tst->e, tst->e_len, NULL)) 1093 1.1 christos || !TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0) 1094 1.1 christos || !TEST_int_gt(EVP_PKEY_CTX_set_params(ctx, params), 0) 1095 1.1 christos || !TEST_int_gt(EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, tst->mod), 0) 1096 1.1 christos || !TEST_int_gt(EVP_PKEY_CTX_set1_rsa_keygen_pubexp(ctx, e_bn), 0) 1097 1.1 christos || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0) 1098 1.1 christos || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_TEST_P1, 1099 1.1 christos &p1, &p1_len)) 1100 1.1 christos || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_TEST_P2, 1101 1.1 christos &p2, &p2_len)) 1102 1.1 christos || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_TEST_Q1, 1103 1.1 christos &q1, &q1_len)) 1104 1.1 christos || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_TEST_Q2, 1105 1.1 christos &q2, &q2_len)) 1106 1.1 christos || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_FACTOR1, 1107 1.1 christos &p, &p_len)) 1108 1.1 christos || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_FACTOR2, 1109 1.1 christos &q, &q_len)) 1110 1.1 christos || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_N, 1111 1.1 christos &n, &n_len)) 1112 1.1 christos || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_D, 1113 1.1 christos &d, &d_len))) 1114 1.1 christos goto err; 1115 1.1 christos 1116 1.1 christos if (!TEST_mem_eq(tst->p1, tst->p1_len, p1, p1_len) 1117 1.1 christos || !TEST_mem_eq(tst->p2, tst->p2_len, p2, p2_len) 1118 1.1 christos || !TEST_mem_eq(tst->p, tst->p_len, p, p_len) 1119 1.1 christos || !TEST_mem_eq(tst->q1, tst->q1_len, q1, q1_len) 1120 1.1 christos || !TEST_mem_eq(tst->q2, tst->q2_len, q2, q2_len) 1121 1.1 christos || !TEST_mem_eq(tst->q, tst->q_len, q, q_len) 1122 1.1 christos || !TEST_mem_eq(tst->n, tst->n_len, n, n_len) 1123 1.1 christos || !TEST_mem_eq(tst->d, tst->d_len, d, d_len)) 1124 1.1 christos goto err; 1125 1.1 christos 1126 1.1 christos test_output_memory("p1", p1, p1_len); 1127 1.1 christos test_output_memory("p2", p2, p2_len); 1128 1.1 christos test_output_memory("p", p, p_len); 1129 1.1 christos test_output_memory("q1", q1, q1_len); 1130 1.1 christos test_output_memory("q2", q2, q2_len); 1131 1.1 christos test_output_memory("q", q, q_len); 1132 1.1 christos test_output_memory("n", n, n_len); 1133 1.1 christos test_output_memory("d", d, d_len); 1134 1.1 christos ret = 1; 1135 1.1 christos err: 1136 1.1 christos BN_free(xp1_bn); 1137 1.1 christos BN_free(xp2_bn); 1138 1.1 christos BN_free(xp_bn); 1139 1.1 christos BN_free(xq1_bn); 1140 1.1 christos BN_free(xq2_bn); 1141 1.1 christos BN_free(xq_bn); 1142 1.1 christos BN_free(e_bn); 1143 1.1 christos OPENSSL_free(p1); 1144 1.1 christos OPENSSL_free(p2); 1145 1.1 christos OPENSSL_free(q1); 1146 1.1 christos OPENSSL_free(q2); 1147 1.1 christos OPENSSL_free(p); 1148 1.1 christos OPENSSL_free(q); 1149 1.1 christos OPENSSL_free(n); 1150 1.1 christos OPENSSL_free(d); 1151 1.1 christos EVP_PKEY_free(pkey); 1152 1.1 christos EVP_PKEY_CTX_free(ctx); 1153 1.1 christos OSSL_PARAM_free(params); 1154 1.1 christos OSSL_PARAM_BLD_free(bld); 1155 1.1 christos return ret; 1156 1.1 christos } 1157 1.1 christos 1158 1.1 christos static int rsa_siggen_test(int id) 1159 1.1 christos { 1160 1.1 christos int ret = 0; 1161 1.1 christos EVP_PKEY *pkey = NULL; 1162 1.1 christos unsigned char *sig = NULL, *n = NULL, *e = NULL; 1163 1.1 christos size_t sig_len = 0, n_len = 0, e_len = 0; 1164 1.1 christos OSSL_PARAM params[4], *p; 1165 1.1 christos const struct rsa_siggen_st *tst = &rsa_siggen_data[id]; 1166 1.1 christos int salt_len = tst->pss_salt_len; 1167 1.1 christos 1168 1.1 christos TEST_note("RSA %s signature generation", tst->sig_pad_mode); 1169 1.1 christos 1170 1.1 christos p = params; 1171 1.1 christos *p++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_PAD_MODE, 1172 1.1 christos (char *)tst->sig_pad_mode, 0); 1173 1.1 christos *p++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST, 1174 1.1 christos (char *)tst->digest_alg, 0); 1175 1.1 christos if (salt_len >= 0) 1176 1.1 christos *p++ = OSSL_PARAM_construct_int(OSSL_SIGNATURE_PARAM_PSS_SALTLEN, 1177 1.1 christos &salt_len); 1178 1.1 christos *p++ = OSSL_PARAM_construct_end(); 1179 1.1 christos 1180 1.1 christos if (!TEST_ptr(pkey = EVP_PKEY_Q_keygen(libctx, NULL, "RSA", tst->mod)) 1181 1.1 christos || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_N, &n, &n_len)) 1182 1.1 christos || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_E, &e, &e_len)) 1183 1.1 christos || !TEST_true(sig_gen(pkey, params, tst->digest_alg, 1184 1.1 christos tst->msg, tst->msg_len, 1185 1.1 christos &sig, &sig_len))) 1186 1.1 christos goto err; 1187 1.1 christos test_output_memory("n", n, n_len); 1188 1.1 christos test_output_memory("e", e, e_len); 1189 1.1 christos test_output_memory("sig", sig, sig_len); 1190 1.1 christos ret = 1; 1191 1.1 christos err: 1192 1.1 christos OPENSSL_free(n); 1193 1.1 christos OPENSSL_free(e); 1194 1.1 christos OPENSSL_free(sig); 1195 1.1 christos EVP_PKEY_free(pkey); 1196 1.1 christos return ret; 1197 1.1 christos } 1198 1.1 christos 1199 1.1 christos static int rsa_sigver_test(int id) 1200 1.1 christos { 1201 1.1 christos int ret = 0; 1202 1.1 christos EVP_PKEY_CTX *pkey_ctx = NULL; 1203 1.1 christos EVP_PKEY *pkey = NULL; 1204 1.1 christos EVP_MD_CTX *md_ctx = NULL; 1205 1.1 christos BN_CTX *bn_ctx = NULL; 1206 1.1 christos OSSL_PARAM params[4], *p; 1207 1.1 christos const struct rsa_sigver_st *tst = &rsa_sigver_data[id]; 1208 1.1 christos int salt_len = tst->pss_salt_len; 1209 1.1 christos 1210 1.1 christos TEST_note("RSA %s Signature Verify : expected to %s ", tst->sig_pad_mode, 1211 1.1 christos tst->pass == PASS ? "pass" : "fail"); 1212 1.1 christos 1213 1.1 christos p = params; 1214 1.1 christos *p++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_PAD_MODE, 1215 1.1 christos (char *)tst->sig_pad_mode, 0); 1216 1.1 christos *p++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST, 1217 1.1 christos (char *)tst->digest_alg, 0); 1218 1.1 christos if (salt_len >= 0) 1219 1.1 christos *p++ = OSSL_PARAM_construct_int(OSSL_SIGNATURE_PARAM_PSS_SALTLEN, 1220 1.1 christos &salt_len); 1221 1.1 christos *p++ = OSSL_PARAM_construct_end(); 1222 1.1 christos 1223 1.1 christos if (!TEST_ptr(bn_ctx = BN_CTX_new()) 1224 1.1 christos || !TEST_true(rsa_create_pkey(&pkey, tst->n, tst->n_len, 1225 1.1 christos tst->e, tst->e_len, NULL, 0, bn_ctx)) 1226 1.1 christos || !TEST_ptr(md_ctx = EVP_MD_CTX_new()) 1227 1.1 christos || !TEST_true(EVP_DigestVerifyInit_ex(md_ctx, &pkey_ctx, 1228 1.1 christos tst->digest_alg, libctx, NULL, 1229 1.1 christos pkey, NULL)) 1230 1.1 christos || !TEST_true(EVP_PKEY_CTX_set_params(pkey_ctx, params)) 1231 1.1 christos || !TEST_int_eq(EVP_DigestVerify(md_ctx, tst->sig, tst->sig_len, 1232 1.1 christos tst->msg, tst->msg_len), tst->pass)) 1233 1.1 christos goto err; 1234 1.1 christos ret = 1; 1235 1.1 christos err: 1236 1.1 christos EVP_PKEY_free(pkey); 1237 1.1 christos BN_CTX_free(bn_ctx); 1238 1.1 christos EVP_MD_CTX_free(md_ctx); 1239 1.1 christos return ret; 1240 1.1 christos } 1241 1.1 christos 1242 1.1 christos static int rsa_decryption_primitive_test(int id) 1243 1.1 christos { 1244 1.1 christos int ret = 0; 1245 1.1 christos EVP_PKEY_CTX *ctx = NULL; 1246 1.1 christos EVP_PKEY *pkey = NULL; 1247 1.1 christos unsigned char pt[2048]; 1248 1.1 christos size_t pt_len = sizeof(pt); 1249 1.1 christos unsigned char *n = NULL, *e = NULL; 1250 1.1 christos size_t n_len = 0, e_len = 0; 1251 1.1 christos BN_CTX *bn_ctx = NULL; 1252 1.1 christos const struct rsa_decrypt_prim_st *tst = &rsa_decrypt_prim_data[id]; 1253 1.1 christos 1254 1.3 christos if (!TEST_ptr(pkey = EVP_PKEY_Q_keygen(libctx, NULL, "RSA", (size_t)2048)) 1255 1.1 christos || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_N, &n, &n_len)) 1256 1.1 christos || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_E, &e, &e_len)) 1257 1.1 christos || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, "")) 1258 1.1 christos || !TEST_int_gt(EVP_PKEY_decrypt_init(ctx), 0) 1259 1.1 christos || !TEST_int_gt(EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_NO_PADDING), 0)) 1260 1.1 christos goto err; 1261 1.1 christos 1262 1.1 christos test_output_memory("n", n, n_len); 1263 1.1 christos test_output_memory("e", e, e_len); 1264 1.1 christos if (EVP_PKEY_decrypt(ctx, pt, &pt_len, tst->ct, tst->ct_len) <= 0) 1265 1.1 christos TEST_note("Decryption Failed"); 1266 1.1 christos else 1267 1.1 christos test_output_memory("pt", pt, pt_len); 1268 1.1 christos ret = 1; 1269 1.1 christos err: 1270 1.1 christos OPENSSL_free(n); 1271 1.1 christos OPENSSL_free(e); 1272 1.1 christos EVP_PKEY_CTX_free(ctx); 1273 1.1 christos EVP_PKEY_free(pkey); 1274 1.1 christos BN_CTX_free(bn_ctx); 1275 1.1 christos return ret; 1276 1.1 christos } 1277 1.1 christos 1278 1.1 christos static int self_test_events(const OSSL_PARAM params[], void *varg) 1279 1.1 christos { 1280 1.1 christos SELF_TEST_ARGS *args = varg; 1281 1.1 christos const OSSL_PARAM *p = NULL; 1282 1.1 christos const char *phase = NULL, *type = NULL, *desc = NULL; 1283 1.1 christos int ret = 0; 1284 1.1 christos 1285 1.1 christos if (!args->enable) 1286 1.1 christos return 1; 1287 1.1 christos 1288 1.1 christos args->called++; 1289 1.1 christos p = OSSL_PARAM_locate_const(params, OSSL_PROV_PARAM_SELF_TEST_PHASE); 1290 1.1 christos if (p == NULL || p->data_type != OSSL_PARAM_UTF8_STRING) 1291 1.1 christos goto err; 1292 1.1 christos phase = (const char *)p->data; 1293 1.1 christos 1294 1.1 christos p = OSSL_PARAM_locate_const(params, OSSL_PROV_PARAM_SELF_TEST_DESC); 1295 1.1 christos if (p == NULL || p->data_type != OSSL_PARAM_UTF8_STRING) 1296 1.1 christos goto err; 1297 1.1 christos desc = (const char *)p->data; 1298 1.1 christos 1299 1.1 christos p = OSSL_PARAM_locate_const(params, OSSL_PROV_PARAM_SELF_TEST_TYPE); 1300 1.1 christos if (p == NULL || p->data_type != OSSL_PARAM_UTF8_STRING) 1301 1.1 christos goto err; 1302 1.1 christos type = (const char *)p->data; 1303 1.1 christos 1304 1.1 christos BIO_printf(bio_out, "%s %s %s\n", phase, desc, type); 1305 1.1 christos ret = 1; 1306 1.1 christos err: 1307 1.1 christos return ret; 1308 1.1 christos } 1309 1.1 christos 1310 1.1 christos static int drbg_test(int id) 1311 1.1 christos { 1312 1.1 christos OSSL_PARAM params[3]; 1313 1.1 christos EVP_RAND *rand = NULL; 1314 1.1 christos EVP_RAND_CTX *ctx = NULL, *parent = NULL; 1315 1.1 christos unsigned char returned_bits[64]; 1316 1.1 christos const size_t returned_bits_len = sizeof(returned_bits); 1317 1.1 christos unsigned int strength = 256; 1318 1.1 christos const struct drbg_st *tst = &drbg_data[id]; 1319 1.1 christos int res = 0; 1320 1.1 christos 1321 1.1 christos /* Create the seed source */ 1322 1.1 christos if (!TEST_ptr(rand = EVP_RAND_fetch(libctx, "TEST-RAND", "-fips")) 1323 1.1 christos || !TEST_ptr(parent = EVP_RAND_CTX_new(rand, NULL))) 1324 1.1 christos goto err; 1325 1.1 christos EVP_RAND_free(rand); 1326 1.1 christos rand = NULL; 1327 1.1 christos 1328 1.1 christos params[0] = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_STRENGTH, &strength); 1329 1.1 christos params[1] = OSSL_PARAM_construct_end(); 1330 1.1 christos if (!TEST_true(EVP_RAND_CTX_set_params(parent, params))) 1331 1.1 christos goto err; 1332 1.1 christos 1333 1.1 christos /* Get the DRBG */ 1334 1.1 christos if (!TEST_ptr(rand = EVP_RAND_fetch(libctx, tst->drbg_name, "")) 1335 1.1 christos || !TEST_ptr(ctx = EVP_RAND_CTX_new(rand, parent))) 1336 1.1 christos goto err; 1337 1.1 christos 1338 1.1 christos /* Set the DRBG up */ 1339 1.1 christos params[0] = OSSL_PARAM_construct_int(OSSL_DRBG_PARAM_USE_DF, 1340 1.1 christos (int *)&tst->use_df); 1341 1.1 christos params[1] = OSSL_PARAM_construct_utf8_string(OSSL_DRBG_PARAM_CIPHER, 1342 1.1 christos (char *)tst->cipher, 0); 1343 1.1 christos params[2] = OSSL_PARAM_construct_end(); 1344 1.1 christos if (!TEST_true(EVP_RAND_CTX_set_params(ctx, params))) 1345 1.1 christos goto err; 1346 1.1 christos 1347 1.1 christos /* Feed in the entropy and nonce */ 1348 1.1 christos params[0] = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY, 1349 1.1 christos (void *)tst->entropy_input, 1350 1.1 christos tst->entropy_input_len); 1351 1.1 christos params[1] = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_NONCE, 1352 1.1 christos (void *)tst->nonce, 1353 1.1 christos tst->nonce_len); 1354 1.1 christos params[2] = OSSL_PARAM_construct_end(); 1355 1.1 christos if (!TEST_true(EVP_RAND_CTX_set_params(parent, params))) 1356 1.1 christos goto err; 1357 1.1 christos 1358 1.1 christos /* 1359 1.1 christos * Run the test 1360 1.1 christos * A NULL personalisation string defaults to the built in so something 1361 1.1 christos * non-NULL is needed if there is no personalisation string 1362 1.1 christos */ 1363 1.1 christos if (!TEST_true(EVP_RAND_instantiate(ctx, 0, 0, (void *)"", 0, NULL)) 1364 1.1 christos || !TEST_true(EVP_RAND_generate(ctx, returned_bits, returned_bits_len, 1365 1.1 christos 0, 0, NULL, 0)) 1366 1.1 christos || !TEST_true(EVP_RAND_generate(ctx, returned_bits, returned_bits_len, 1367 1.1 christos 0, 0, NULL, 0))) 1368 1.1 christos goto err; 1369 1.1 christos 1370 1.1 christos test_output_memory("returned bits", returned_bits, returned_bits_len); 1371 1.1 christos 1372 1.1 christos /* Clean up */ 1373 1.1 christos if (!TEST_true(EVP_RAND_uninstantiate(ctx)) 1374 1.1 christos || !TEST_true(EVP_RAND_uninstantiate(parent))) 1375 1.1 christos goto err; 1376 1.1 christos 1377 1.1 christos /* Verify the output */ 1378 1.1 christos if (!TEST_mem_eq(returned_bits, returned_bits_len, 1379 1.1 christos tst->returned_bits, tst->returned_bits_len)) 1380 1.1 christos goto err; 1381 1.1 christos res = 1; 1382 1.1 christos err: 1383 1.1 christos EVP_RAND_CTX_free(ctx); 1384 1.1 christos EVP_RAND_CTX_free(parent); 1385 1.1 christos EVP_RAND_free(rand); 1386 1.1 christos return res; 1387 1.1 christos } 1388 1.1 christos 1389 1.1 christos static int aes_cfb1_bits_test(void) 1390 1.1 christos { 1391 1.1 christos int ret = 0; 1392 1.1 christos EVP_CIPHER *cipher = NULL; 1393 1.1 christos EVP_CIPHER_CTX *ctx = NULL; 1394 1.1 christos unsigned char out[16] = { 0 }; 1395 1.1 christos int outlen; 1396 1.1 christos const OSSL_PARAM *params, *p; 1397 1.1 christos 1398 1.1 christos static const unsigned char key[] = { 1399 1.1 christos 0x12, 0x22, 0x58, 0x2F, 0x1C, 0x1A, 0x8A, 0x88, 1400 1.1 christos 0x30, 0xFC, 0x18, 0xB7, 0x24, 0x89, 0x7F, 0xC0 1401 1.1 christos }; 1402 1.1 christos static const unsigned char iv[] = { 1403 1.1 christos 0x05, 0x28, 0xB5, 0x2B, 0x58, 0x27, 0x63, 0x5C, 1404 1.1 christos 0x81, 0x86, 0xD3, 0x63, 0x60, 0xB0, 0xAA, 0x2B 1405 1.1 christos }; 1406 1.1 christos static const unsigned char pt[] = { 1407 1.1 christos 0xB4 1408 1.1 christos }; 1409 1.1 christos static const unsigned char expected[] = { 1410 1.1 christos 0x6C 1411 1.1 christos }; 1412 1.1 christos 1413 1.1 christos if (!TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, "AES-128-CFB1", "fips=yes"))) 1414 1.1 christos goto err; 1415 1.1 christos if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) 1416 1.1 christos goto err; 1417 1.1 christos if (!TEST_int_gt(EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, 1), 0)) 1418 1.1 christos goto err; 1419 1.1 christos if (!TEST_ptr(params = EVP_CIPHER_CTX_settable_params(ctx)) 1420 1.1 christos || !TEST_ptr(p = OSSL_PARAM_locate_const(params, 1421 1.1 christos OSSL_CIPHER_PARAM_USE_BITS))) 1422 1.1 christos goto err; 1423 1.1 christos EVP_CIPHER_CTX_set_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS); 1424 1.1 christos if (!TEST_int_gt(EVP_CipherUpdate(ctx, out, &outlen, pt, 7), 0)) 1425 1.1 christos goto err; 1426 1.1 christos if (!TEST_int_eq(outlen, 7)) 1427 1.1 christos goto err; 1428 1.1 christos if (!TEST_mem_eq(out, (outlen + 7) / 8, expected, sizeof(expected))) 1429 1.1 christos goto err; 1430 1.1 christos ret = 1; 1431 1.1 christos err: 1432 1.1 christos EVP_CIPHER_free(cipher); 1433 1.1 christos EVP_CIPHER_CTX_free(ctx); 1434 1.1 christos return ret; 1435 1.1 christos } 1436 1.1 christos 1437 1.1 christos int setup_tests(void) 1438 1.1 christos { 1439 1.1 christos char *config_file = NULL; 1440 1.1 christos 1441 1.1 christos OPTION_CHOICE o; 1442 1.1 christos 1443 1.1 christos while ((o = opt_next()) != OPT_EOF) { 1444 1.1 christos switch (o) { 1445 1.1 christos case OPT_CONFIG_FILE: 1446 1.1 christos config_file = opt_arg(); 1447 1.1 christos break; 1448 1.1 christos case OPT_TEST_CASES: 1449 1.1 christos break; 1450 1.1 christos default: 1451 1.1 christos case OPT_ERR: 1452 1.1 christos return 0; 1453 1.1 christos } 1454 1.1 christos } 1455 1.1 christos 1456 1.1 christos if (!test_get_libctx(&libctx, &prov_null, config_file, NULL, NULL)) 1457 1.1 christos return 0; 1458 1.1 christos 1459 1.1 christos OSSL_SELF_TEST_set_callback(libctx, self_test_events, &self_test_args); 1460 1.1 christos 1461 1.1 christos ADD_TEST(aes_cfb1_bits_test); 1462 1.1 christos ADD_ALL_TESTS(cipher_enc_dec_test, OSSL_NELEM(cipher_enc_data)); 1463 1.1 christos ADD_ALL_TESTS(aes_ccm_enc_dec_test, OSSL_NELEM(aes_ccm_enc_data)); 1464 1.1 christos ADD_ALL_TESTS(aes_gcm_enc_dec_test, OSSL_NELEM(aes_gcm_enc_data)); 1465 1.1 christos 1466 1.1 christos ADD_ALL_TESTS(rsa_keygen_test, OSSL_NELEM(rsa_keygen_data)); 1467 1.1 christos ADD_ALL_TESTS(rsa_siggen_test, OSSL_NELEM(rsa_siggen_data)); 1468 1.1 christos ADD_ALL_TESTS(rsa_sigver_test, OSSL_NELEM(rsa_sigver_data)); 1469 1.1 christos ADD_ALL_TESTS(rsa_decryption_primitive_test, 1470 1.1 christos OSSL_NELEM(rsa_decrypt_prim_data)); 1471 1.1 christos 1472 1.1 christos #ifndef OPENSSL_NO_DH 1473 1.1 christos ADD_ALL_TESTS(dh_safe_prime_keygen_test, 1474 1.1 christos OSSL_NELEM(dh_safe_prime_keygen_data)); 1475 1.1 christos ADD_ALL_TESTS(dh_safe_prime_keyver_test, 1476 1.1 christos OSSL_NELEM(dh_safe_prime_keyver_data)); 1477 1.1 christos #endif /* OPENSSL_NO_DH */ 1478 1.1 christos 1479 1.1 christos #ifndef OPENSSL_NO_DSA 1480 1.1 christos ADD_ALL_TESTS(dsa_keygen_test, OSSL_NELEM(dsa_keygen_data)); 1481 1.1 christos ADD_ALL_TESTS(dsa_paramgen_test, OSSL_NELEM(dsa_paramgen_data)); 1482 1.1 christos ADD_ALL_TESTS(dsa_pqver_test, OSSL_NELEM(dsa_pqver_data)); 1483 1.1 christos ADD_ALL_TESTS(dsa_siggen_test, OSSL_NELEM(dsa_siggen_data)); 1484 1.1 christos ADD_ALL_TESTS(dsa_sigver_test, OSSL_NELEM(dsa_sigver_data)); 1485 1.1 christos #endif /* OPENSSL_NO_DSA */ 1486 1.1 christos 1487 1.1 christos #ifndef OPENSSL_NO_EC 1488 1.1 christos ADD_ALL_TESTS(ecdsa_keygen_test, OSSL_NELEM(ecdsa_keygen_data)); 1489 1.1 christos ADD_ALL_TESTS(ecdsa_pub_verify_test, OSSL_NELEM(ecdsa_pv_data)); 1490 1.1 christos ADD_ALL_TESTS(ecdsa_siggen_test, OSSL_NELEM(ecdsa_siggen_data)); 1491 1.1 christos ADD_ALL_TESTS(ecdsa_sigver_test, OSSL_NELEM(ecdsa_sigver_data)); 1492 1.1 christos #endif /* OPENSSL_NO_EC */ 1493 1.1 christos 1494 1.1 christos ADD_ALL_TESTS(drbg_test, OSSL_NELEM(drbg_data)); 1495 1.1 christos return 1; 1496 1.1 christos } 1497 1.1 christos 1498 1.1 christos void cleanup_tests(void) 1499 1.1 christos { 1500 1.1 christos OSSL_PROVIDER_unload(prov_null); 1501 1.1 christos OSSL_LIB_CTX_free(libctx); 1502 1.1 christos } 1503
Indexes created Sun Mar 01 05:31:48 UTC 2026