1 1.1 christos /* 2 1.1 christos * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. 3 1.1 christos * 4 1.1 christos * Licensed under the Apache License 2.0 (the "License"). You may not use 5 1.1 christos * this file except in compliance with the License. You can obtain a copy 6 1.1 christos * in the file LICENSE in the source distribution or at 7 1.1 christos * https://www.openssl.org/source/license.html 8 1.1 christos */ 9 1.1 christos 10 1.1 christos /* 11 1.1 christos 12 1.1 christos * These tests are setup to load null into the default library context. 13 1.1 christos * Any tests are expected to use the created 'libctx' to find algorithms. 14 1.1 christos * The framework runs the tests twice using the 'default' provider or 15 1.1 christos * 'fips' provider as inputs. 16 1.1 christos */ 17 1.1 christos 18 1.1 christos /* 19 1.1 christos * DSA/DH low level APIs are deprecated for public use, but still ok for 20 1.1 christos * internal use. 21 1.1 christos */ 22 1.1 christos #include "internal/deprecated.h" 23 1.1 christos #include <assert.h> 24 1.1 christos #include <openssl/evp.h> 25 1.1 christos #include <openssl/provider.h> 26 1.1 christos #include <openssl/dsa.h> 27 1.1 christos #include <openssl/dh.h> 28 1.1 christos #include <openssl/safestack.h> 29 1.1 christos #include <openssl/core_dispatch.h> 30 1.1 christos #include <openssl/core_names.h> 31 1.1 christos #include <openssl/x509.h> 32 1.1 christos #include <openssl/encoder.h> 33 1.1 christos #include "testutil.h" 34 1.1 christos #include "internal/nelem.h" 35 1.1 christos #include "crypto/bn_dh.h" /* _bignum_ffdhe2048_p */ 36 1.1 christos 37 1.1 christos static OSSL_LIB_CTX *libctx = NULL; 38 1.1 christos static OSSL_PROVIDER *nullprov = NULL; 39 1.1 christos static OSSL_PROVIDER *libprov = NULL; 40 1.1 christos static STACK_OF(OPENSSL_STRING) *cipher_names = NULL; 41 1.1 christos 42 1.1 christos typedef enum OPTION_choice { 43 1.1 christos OPT_ERR = -1, 44 1.1 christos OPT_EOF = 0, 45 1.1 christos OPT_CONFIG_FILE, 46 1.1 christos OPT_PROVIDER_NAME, 47 1.1 christos OPT_TEST_ENUM 48 1.1 christos } OPTION_CHOICE; 49 1.1 christos 50 1.1 christos const OPTIONS *test_get_options(void) 51 1.1 christos { 52 1.1 christos static const OPTIONS test_options[] = { 53 1.1 christos OPT_TEST_OPTIONS_DEFAULT_USAGE, 54 1.1 christos { "config", OPT_CONFIG_FILE, '<', 55 1.1 christos "The configuration file to use for the libctx" }, 56 1.1 christos { "provider", OPT_PROVIDER_NAME, 's', 57 1.1 christos "The provider to load (The default value is 'default')" }, 58 1.1 christos { NULL } 59 1.1 christos }; 60 1.1 christos return test_options; 61 1.1 christos } 62 1.1 christos 63 1.1 christos #ifndef OPENSSL_NO_DH 64 1.1 christos static const char *getname(int id) 65 1.1 christos { 66 1.1 christos const char *name[] = {"p", "q", "g" }; 67 1.1 christos 68 1.1 christos if (id >= 0 && id < 3) 69 1.1 christos return name[id]; 70 1.1 christos return "?"; 71 1.1 christos } 72 1.1 christos #endif 73 1.1 christos 74 1.1 christos /* 75 1.1 christos * We're using some DH specific values in this test, so we skip compilation if 76 1.1 christos * we're in a no-dh build. 77 1.1 christos */ 78 1.1 christos #if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DH) 79 1.1 christos 80 1.1 christos static int test_dsa_param_keygen(int tstid) 81 1.1 christos { 82 1.1 christos int ret = 0; 83 1.1 christos int expected; 84 1.1 christos EVP_PKEY_CTX *gen_ctx = NULL; 85 1.1 christos EVP_PKEY *pkey_parm = NULL; 86 1.1 christos EVP_PKEY *pkey = NULL, *dup_pk = NULL; 87 1.1 christos DSA *dsa = NULL; 88 1.1 christos int pind, qind, gind; 89 1.1 christos BIGNUM *p = NULL, *q = NULL, *g = NULL; 90 1.1 christos 91 1.1 christos /* 92 1.1 christos * Just grab some fixed dh p, q, g values for testing, 93 1.1 christos * these 'safe primes' should not be used normally for dsa *. 94 1.1 christos */ 95 1.1 christos static const BIGNUM *bn[] = { 96 1.1 christos &ossl_bignum_dh2048_256_p, &ossl_bignum_dh2048_256_q, 97 1.1 christos &ossl_bignum_dh2048_256_g 98 1.1 christos }; 99 1.1 christos 100 1.1 christos /* 101 1.1 christos * These tests are using bad values for p, q, g by reusing the values. 102 1.1 christos * A value of 0 uses p, 1 uses q and 2 uses g. 103 1.1 christos * There are 27 different combinations, with only the 1 valid combination. 104 1.1 christos */ 105 1.1 christos pind = tstid / 9; 106 1.1 christos qind = (tstid / 3) % 3; 107 1.1 christos gind = tstid % 3; 108 1.1 christos expected = (pind == 0 && qind == 1 && gind == 2); 109 1.1 christos 110 1.1 christos TEST_note("Testing with (p, q, g) = (%s, %s, %s)\n", getname(pind), 111 1.1 christos getname(qind), getname(gind)); 112 1.1 christos 113 1.1 christos if (!TEST_ptr(pkey_parm = EVP_PKEY_new()) 114 1.1 christos || !TEST_ptr(dsa = DSA_new()) 115 1.1 christos || !TEST_ptr(p = BN_dup(bn[pind])) 116 1.1 christos || !TEST_ptr(q = BN_dup(bn[qind])) 117 1.1 christos || !TEST_ptr(g = BN_dup(bn[gind])) 118 1.1 christos || !TEST_true(DSA_set0_pqg(dsa, p, q, g))) 119 1.1 christos goto err; 120 1.1 christos p = q = g = NULL; 121 1.1 christos 122 1.1 christos if (!TEST_true(EVP_PKEY_assign_DSA(pkey_parm, dsa))) 123 1.1 christos goto err; 124 1.1 christos dsa = NULL; 125 1.1 christos 126 1.1 christos if (!TEST_ptr(gen_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey_parm, NULL)) 127 1.1 christos || !TEST_int_gt(EVP_PKEY_keygen_init(gen_ctx), 0) 128 1.1 christos || !TEST_int_eq(EVP_PKEY_keygen(gen_ctx, &pkey), expected)) 129 1.1 christos goto err; 130 1.1 christos 131 1.1 christos if (expected) { 132 1.1 christos if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pkey)) 133 1.1 christos || !TEST_int_eq(EVP_PKEY_eq(pkey, dup_pk), 1)) 134 1.1 christos goto err; 135 1.1 christos } 136 1.1 christos 137 1.1 christos ret = 1; 138 1.1 christos err: 139 1.1 christos EVP_PKEY_free(pkey); 140 1.1 christos EVP_PKEY_free(dup_pk); 141 1.1 christos EVP_PKEY_CTX_free(gen_ctx); 142 1.1 christos EVP_PKEY_free(pkey_parm); 143 1.1 christos DSA_free(dsa); 144 1.1 christos BN_free(g); 145 1.1 christos BN_free(q); 146 1.1 christos BN_free(p); 147 1.1 christos return ret; 148 1.1 christos } 149 1.1 christos #endif /* OPENSSL_NO_DSA */ 150 1.1 christos 151 1.1 christos #ifndef OPENSSL_NO_DH 152 1.1 christos static int do_dh_param_keygen(int tstid, const BIGNUM **bn) 153 1.1 christos { 154 1.1 christos int ret = 0; 155 1.1 christos int expected; 156 1.1 christos EVP_PKEY_CTX *gen_ctx = NULL; 157 1.1 christos EVP_PKEY *pkey_parm = NULL; 158 1.1 christos EVP_PKEY *pkey = NULL, *dup_pk = NULL; 159 1.1 christos DH *dh = NULL; 160 1.1 christos int pind, qind, gind; 161 1.1 christos BIGNUM *p = NULL, *q = NULL, *g = NULL; 162 1.1 christos 163 1.1 christos /* 164 1.1 christos * These tests are using bad values for p, q, g by reusing the values. 165 1.1 christos * A value of 0 uses p, 1 uses q and 2 uses g. 166 1.1 christos * There are 27 different combinations, with only the 1 valid combination. 167 1.1 christos */ 168 1.1 christos pind = tstid / 9; 169 1.1 christos qind = (tstid / 3) % 3; 170 1.1 christos gind = tstid % 3; 171 1.1 christos expected = (pind == 0 && qind == 1 && gind == 2); 172 1.1 christos 173 1.1 christos TEST_note("Testing with (p, q, g) = (%s, %s, %s)", getname(pind), 174 1.1 christos getname(qind), getname(gind)); 175 1.1 christos 176 1.1 christos if (!TEST_ptr(pkey_parm = EVP_PKEY_new()) 177 1.1 christos || !TEST_ptr(dh = DH_new()) 178 1.1 christos || !TEST_ptr(p = BN_dup(bn[pind])) 179 1.1 christos || !TEST_ptr(q = BN_dup(bn[qind])) 180 1.1 christos || !TEST_ptr(g = BN_dup(bn[gind])) 181 1.1 christos || !TEST_true(DH_set0_pqg(dh, p, q, g))) 182 1.1 christos goto err; 183 1.1 christos p = q = g = NULL; 184 1.1 christos 185 1.1 christos if (!TEST_true(EVP_PKEY_assign_DH(pkey_parm, dh))) 186 1.1 christos goto err; 187 1.1 christos dh = NULL; 188 1.1 christos 189 1.1 christos if (!TEST_ptr(gen_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey_parm, NULL)) 190 1.1 christos || !TEST_int_gt(EVP_PKEY_keygen_init(gen_ctx), 0) 191 1.1 christos || !TEST_int_eq(EVP_PKEY_keygen(gen_ctx, &pkey), expected)) 192 1.1 christos goto err; 193 1.1 christos 194 1.1 christos if (expected) { 195 1.1 christos if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pkey)) 196 1.1 christos || !TEST_int_eq(EVP_PKEY_eq(pkey, dup_pk), 1)) 197 1.1 christos goto err; 198 1.1 christos } 199 1.1 christos 200 1.1 christos ret = 1; 201 1.1 christos err: 202 1.1 christos EVP_PKEY_free(pkey); 203 1.1 christos EVP_PKEY_free(dup_pk); 204 1.1 christos EVP_PKEY_CTX_free(gen_ctx); 205 1.1 christos EVP_PKEY_free(pkey_parm); 206 1.1 christos DH_free(dh); 207 1.1 christos BN_free(g); 208 1.1 christos BN_free(q); 209 1.1 christos BN_free(p); 210 1.1 christos return ret; 211 1.1 christos } 212 1.1 christos 213 1.1 christos /* 214 1.1 christos * Note that we get the fips186-4 path being run for most of these cases since 215 1.1 christos * the internal code will detect that the p, q, g does not match a safe prime 216 1.1 christos * group (Except for when tstid = 5, which sets the correct p, q, g) 217 1.1 christos */ 218 1.1 christos static int test_dh_safeprime_param_keygen(int tstid) 219 1.1 christos { 220 1.1 christos static const BIGNUM *bn[] = { 221 1.1 christos &ossl_bignum_ffdhe2048_p, &ossl_bignum_ffdhe2048_q, 222 1.1 christos &ossl_bignum_const_2 223 1.1 christos }; 224 1.1 christos return do_dh_param_keygen(tstid, bn); 225 1.1 christos } 226 1.1 christos 227 1.1 christos static int dhx_cert_load(void) 228 1.1 christos { 229 1.1 christos int ret = 0; 230 1.1 christos X509 *cert = NULL; 231 1.1 christos BIO *bio = NULL; 232 1.1 christos 233 1.1 christos static const unsigned char dhx_cert[] = { 234 1.1 christos 0x30,0x82,0x03,0xff,0x30,0x82,0x02,0xe7,0xa0,0x03,0x02,0x01,0x02,0x02,0x09,0x00, 235 1.1 christos 0xdb,0xf5,0x4d,0x22,0xa0,0x7a,0x67,0xa6,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86, 236 1.1 christos 0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x30,0x44,0x31,0x0b,0x30,0x09,0x06,0x03,0x55, 237 1.1 christos 0x04,0x06,0x13,0x02,0x55,0x4b,0x31,0x16,0x30,0x14,0x06,0x03,0x55,0x04,0x0a,0x0c, 238 1.1 christos 0x0d,0x4f,0x70,0x65,0x6e,0x53,0x53,0x4c,0x20,0x47,0x72,0x6f,0x75,0x70,0x31,0x1d, 239 1.1 christos 0x30,0x1b,0x06,0x03,0x55,0x04,0x03,0x0c,0x14,0x54,0x65,0x73,0x74,0x20,0x53,0x2f, 240 1.1 christos 0x4d,0x49,0x4d,0x45,0x20,0x52,0x53,0x41,0x20,0x52,0x6f,0x6f,0x74,0x30,0x1e,0x17, 241 1.1 christos 0x0d,0x31,0x33,0x30,0x38,0x30,0x32,0x31,0x34,0x34,0x39,0x32,0x39,0x5a,0x17,0x0d, 242 1.1 christos 0x32,0x33,0x30,0x36,0x31,0x31,0x31,0x34,0x34,0x39,0x32,0x39,0x5a,0x30,0x44,0x31, 243 1.1 christos 0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x4b,0x31,0x16,0x30,0x14, 244 1.1 christos 0x06,0x03,0x55,0x04,0x0a,0x0c,0x0d,0x4f,0x70,0x65,0x6e,0x53,0x53,0x4c,0x20,0x47, 245 1.1 christos 0x72,0x6f,0x75,0x70,0x31,0x1d,0x30,0x1b,0x06,0x03,0x55,0x04,0x03,0x0c,0x14,0x54, 246 1.1 christos 0x65,0x73,0x74,0x20,0x53,0x2f,0x4d,0x49,0x4d,0x45,0x20,0x45,0x45,0x20,0x44,0x48, 247 1.1 christos 0x20,0x23,0x31,0x30,0x82,0x01,0xb6,0x30,0x82,0x01,0x2b,0x06,0x07,0x2a,0x86,0x48, 248 1.1 christos 0xce,0x3e,0x02,0x01,0x30,0x82,0x01,0x1e,0x02,0x81,0x81,0x00,0xd4,0x0c,0x4a,0x0c, 249 1.1 christos 0x04,0x72,0x71,0x19,0xdf,0x59,0x19,0xc5,0xaf,0x44,0x7f,0xca,0x8e,0x2b,0xf0,0x09, 250 1.1 christos 0xf5,0xd3,0x25,0xb1,0x73,0x16,0x55,0x89,0xdf,0xfd,0x07,0xaf,0x19,0xd3,0x7f,0xd0, 251 1.1 christos 0x07,0xa2,0xfe,0x3f,0x5a,0xf1,0x01,0xc6,0xf8,0x2b,0xef,0x4e,0x6d,0x03,0x38,0x42, 252 1.1 christos 0xa1,0x37,0xd4,0x14,0xb4,0x00,0x4a,0xb1,0x86,0x5a,0x83,0xce,0xb9,0x08,0x0e,0xc1, 253 1.1 christos 0x99,0x27,0x47,0x8d,0x0b,0x85,0xa8,0x82,0xed,0xcc,0x0d,0xb9,0xb0,0x32,0x7e,0xdf, 254 1.1 christos 0xe8,0xe4,0xf6,0xf6,0xec,0xb3,0xee,0x7a,0x11,0x34,0x65,0x97,0xfc,0x1a,0xb0,0x95, 255 1.1 christos 0x4b,0x19,0xb9,0xa6,0x1c,0xd9,0x01,0x32,0xf7,0x35,0x7c,0x2d,0x5d,0xfe,0xc1,0x85, 256 1.1 christos 0x70,0x49,0xf8,0xcc,0x99,0xd0,0xbe,0xf1,0x5a,0x78,0xc8,0x03,0x02,0x81,0x80,0x69, 257 1.1 christos 0x00,0xfd,0x66,0xf2,0xfc,0x15,0x8b,0x09,0xb8,0xdc,0x4d,0xea,0xaa,0x79,0x55,0xf9, 258 1.1 christos 0xdf,0x46,0xa6,0x2f,0xca,0x2d,0x8f,0x59,0x2a,0xad,0x44,0xa3,0xc6,0x18,0x2f,0x95, 259 1.1 christos 0xb6,0x16,0x20,0xe3,0xd3,0xd1,0x8f,0x03,0xce,0x71,0x7c,0xef,0x3a,0xc7,0x44,0x39, 260 1.1 christos 0x0e,0xe2,0x1f,0xd8,0xd3,0x89,0x2b,0xe7,0x51,0xdc,0x12,0x48,0x4c,0x18,0x4d,0x99, 261 1.1 christos 0x12,0x06,0xe4,0x17,0x02,0x03,0x8c,0x24,0x05,0x8e,0xa6,0x85,0xf2,0x69,0x1b,0xe1, 262 1.1 christos 0x6a,0xdc,0xe2,0x04,0x3a,0x01,0x9d,0x64,0xbe,0xfe,0x45,0xf9,0x44,0x18,0x71,0xbd, 263 1.1 christos 0x2d,0x3e,0x7a,0x6f,0x72,0x7d,0x1a,0x80,0x42,0x57,0xae,0x18,0x6f,0x91,0xd6,0x61, 264 1.1 christos 0x03,0x8a,0x1c,0x89,0x73,0xc7,0x56,0x41,0x03,0xd3,0xf8,0xed,0x65,0xe2,0x85,0x02, 265 1.1 christos 0x15,0x00,0x89,0x94,0xab,0x10,0x67,0x45,0x41,0xad,0x63,0xc6,0x71,0x40,0x8d,0x6b, 266 1.1 christos 0x9e,0x19,0x5b,0xa4,0xc7,0xf5,0x03,0x81,0x84,0x00,0x02,0x81,0x80,0x2f,0x5b,0xde, 267 1.1 christos 0x72,0x02,0x36,0x6b,0x00,0x5e,0x24,0x7f,0x14,0x2c,0x18,0x52,0x42,0x97,0x4b,0xdb, 268 1.1 christos 0x6e,0x15,0x50,0x3c,0x45,0x3e,0x25,0xf3,0xb7,0xc5,0x6e,0xe5,0x52,0xe7,0xc4,0xfb, 269 1.1 christos 0xf4,0xa5,0xf0,0x39,0x12,0x7f,0xbc,0x54,0x1c,0x93,0xb9,0x5e,0xee,0xe9,0x14,0xb0, 270 1.1 christos 0xdf,0xfe,0xfc,0x36,0xe4,0xf2,0xaf,0xfb,0x13,0xc8,0xdf,0x18,0x94,0x1d,0x40,0xb9, 271 1.1 christos 0x71,0xdd,0x4c,0x9c,0xa7,0x03,0x52,0x02,0xb5,0xed,0x71,0x80,0x3e,0x23,0xda,0x28, 272 1.1 christos 0xe5,0xab,0xe7,0x6f,0xf2,0x0a,0x0e,0x00,0x5b,0x7d,0xc6,0x4b,0xd7,0xc7,0xb2,0xc3, 273 1.1 christos 0xba,0x62,0x7f,0x70,0x28,0xa0,0x9d,0x71,0x13,0x70,0xd1,0x9f,0x32,0x2f,0x3e,0xd2, 274 1.1 christos 0xcd,0x1b,0xa4,0xc6,0x72,0xa0,0x74,0x5d,0x71,0xef,0x03,0x43,0x6e,0xa3,0x60,0x30, 275 1.1 christos 0x5e,0x30,0x0c,0x06,0x03,0x55,0x1d,0x13,0x01,0x01,0xff,0x04,0x02,0x30,0x00,0x30, 276 1.1 christos 0x0e,0x06,0x03,0x55,0x1d,0x0f,0x01,0x01,0xff,0x04,0x04,0x03,0x02,0x05,0xe0,0x30, 277 1.1 christos 0x1d,0x06,0x03,0x55,0x1d,0x0e,0x04,0x16,0x04,0x14,0x0b,0x5a,0x4d,0x5f,0x7d,0x25, 278 1.1 christos 0xc7,0xf2,0x9d,0xc1,0xaa,0xb7,0x63,0x82,0x2f,0xfa,0x8f,0x32,0xe7,0xc0,0x30,0x1f, 279 1.1 christos 0x06,0x03,0x55,0x1d,0x23,0x04,0x18,0x30,0x16,0x80,0x14,0xdf,0x7e,0x5e,0x88,0x05, 280 1.1 christos 0x24,0x33,0x08,0xdd,0x22,0x81,0x02,0x97,0xcc,0x9a,0xb7,0xb1,0x33,0x27,0x30,0x30, 281 1.1 christos 0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x03,0x82, 282 1.1 christos 0x01,0x01,0x00,0x5a,0xf2,0x63,0xef,0xd3,0x16,0xd7,0xf5,0xaa,0xdd,0x12,0x00,0x36, 283 1.1 christos 0x00,0x21,0xa2,0x7b,0x08,0xd6,0x3b,0x9f,0x62,0xac,0x53,0x1f,0xed,0x4c,0xd1,0x15, 284 1.1 christos 0x34,0x65,0x71,0xee,0x96,0x07,0xa6,0xef,0xb2,0xde,0xd8,0xbb,0x35,0x6e,0x2c,0xe2, 285 1.1 christos 0xd1,0x26,0xef,0x7e,0x94,0xe2,0x88,0x51,0xa4,0x6c,0xaa,0x27,0x2a,0xd3,0xb6,0xc2, 286 1.1 christos 0xf7,0xea,0xc3,0x0b,0xa9,0xb5,0x28,0x37,0xa2,0x63,0x08,0xe4,0x88,0xc0,0x1b,0x16, 287 1.1 christos 0x1b,0xca,0xfd,0x8a,0x07,0x32,0x29,0xa7,0x53,0xb5,0x2d,0x30,0xe4,0xf5,0x16,0xc3, 288 1.1 christos 0xe3,0xc2,0x4c,0x30,0x5d,0x35,0x80,0x1c,0xa2,0xdb,0xe3,0x4b,0x51,0x0d,0x4c,0x60, 289 1.1 christos 0x5f,0xb9,0x46,0xac,0xa8,0x46,0xa7,0x32,0xa7,0x9c,0x76,0xf8,0xe9,0xb5,0x19,0xe2, 290 1.1 christos 0x0c,0xe1,0x0f,0xc6,0x46,0xe2,0x38,0xa7,0x87,0x72,0x6d,0x6c,0xbc,0x88,0x2f,0x9d, 291 1.1 christos 0x2d,0xe5,0xd0,0x7d,0x1e,0xc7,0x5d,0xf8,0x7e,0xb4,0x0b,0xa6,0xf9,0x6c,0xe3,0x7c, 292 1.1 christos 0xb2,0x70,0x6e,0x75,0x9b,0x1e,0x63,0xe1,0x4d,0xb2,0x81,0xd3,0x55,0x38,0x94,0x1a, 293 1.1 christos 0x7a,0xfa,0xbf,0x01,0x18,0x70,0x2d,0x35,0xd3,0xe3,0x10,0x7a,0x9a,0xa7,0x8f,0xf3, 294 1.1 christos 0xbd,0x56,0x55,0x5e,0xd8,0xbd,0x4e,0x16,0x76,0xd0,0x48,0x4c,0xf9,0x51,0x54,0xdf, 295 1.1 christos 0x2d,0xb0,0xc9,0xaa,0x5e,0x42,0x38,0x50,0xbf,0x0f,0xc0,0xd9,0x84,0x44,0x4b,0x42, 296 1.1 christos 0x24,0xec,0x14,0xa3,0xde,0x11,0xdf,0x58,0x7f,0xc2,0x4d,0xb2,0xd5,0x42,0x78,0x6e, 297 1.1 christos 0x52,0x3e,0xad,0xc3,0x5f,0x04,0xc4,0xe6,0x31,0xaa,0x81,0x06,0x8b,0x13,0x4b,0x3c, 298 1.1 christos 0x0e,0x6a,0xb1 299 1.1 christos }; 300 1.1 christos 301 1.1 christos if (!TEST_ptr(bio = BIO_new_mem_buf(dhx_cert, sizeof(dhx_cert))) 302 1.1 christos || !TEST_ptr(cert = X509_new_ex(libctx, NULL)) 303 1.1 christos || !TEST_ptr(d2i_X509_bio(bio, &cert))) 304 1.1 christos goto err; 305 1.1 christos ret = 1; 306 1.1 christos err: 307 1.1 christos X509_free(cert); 308 1.1 christos BIO_free(bio); 309 1.1 christos return ret; 310 1.1 christos } 311 1.1 christos 312 1.1 christos #endif /* OPENSSL_NO_DH */ 313 1.1 christos 314 1.1 christos static int test_cipher_reinit(int test_id) 315 1.1 christos { 316 1.1 christos int ret = 0, diff, ccm, siv, no_null_key; 317 1.1 christos int out1_len = 0, out2_len = 0, out3_len = 0; 318 1.1 christos EVP_CIPHER *cipher = NULL; 319 1.1 christos EVP_CIPHER_CTX *ctx = NULL; 320 1.1 christos unsigned char out1[256]; 321 1.1 christos unsigned char out2[256]; 322 1.1 christos unsigned char out3[256]; 323 1.1 christos unsigned char in[16] = { 324 1.1 christos 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 325 1.1 christos 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10 326 1.1 christos }; 327 1.1 christos unsigned char key[64] = { 328 1.1 christos 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 329 1.1 christos 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 330 1.1 christos 0x01, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 331 1.1 christos 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 332 1.1 christos 0x02, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 333 1.1 christos 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 334 1.1 christos 0x03, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 335 1.1 christos 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 336 1.1 christos }; 337 1.1 christos unsigned char iv[16] = { 338 1.1 christos 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08, 339 1.1 christos 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00 340 1.1 christos }; 341 1.1 christos const char *name = sk_OPENSSL_STRING_value(cipher_names, test_id); 342 1.1 christos 343 1.1 christos if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) 344 1.1 christos goto err; 345 1.1 christos 346 1.1 christos TEST_note("Fetching %s\n", name); 347 1.1 christos if (!TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, name, NULL))) 348 1.1 christos goto err; 349 1.1 christos 350 1.1 christos /* ccm fails on the second update - this matches OpenSSL 1_1_1 behaviour */ 351 1.1 christos ccm = (EVP_CIPHER_get_mode(cipher) == EVP_CIPH_CCM_MODE); 352 1.1 christos 353 1.1 christos /* siv cannot be called with NULL key as the iv is irrelevant */ 354 1.1 christos siv = (EVP_CIPHER_get_mode(cipher) == EVP_CIPH_SIV_MODE); 355 1.1 christos 356 1.1 christos /* 357 1.1 christos * Skip init call with a null key for RC4 as the stream cipher does not 358 1.1 christos * handle reinit (1.1.1 behaviour). 359 1.1 christos */ 360 1.1 christos no_null_key = EVP_CIPHER_is_a(cipher, "RC4") 361 1.1 christos || EVP_CIPHER_is_a(cipher, "RC4-40") 362 1.1 christos || EVP_CIPHER_is_a(cipher, "RC4-HMAC-MD5"); 363 1.1 christos 364 1.1 christos /* DES3-WRAP uses random every update - so it will give a different value */ 365 1.1 christos diff = EVP_CIPHER_is_a(cipher, "DES3-WRAP"); 366 1.1 christos 367 1.1 christos if (!TEST_true(EVP_EncryptInit_ex(ctx, cipher, NULL, key, iv)) 368 1.1 christos || !TEST_true(EVP_EncryptUpdate(ctx, out1, &out1_len, in, sizeof(in))) 369 1.1 christos || !TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv)) 370 1.1 christos || !TEST_int_eq(EVP_EncryptUpdate(ctx, out2, &out2_len, in, sizeof(in)), 371 1.1 christos ccm ? 0 : 1) 372 1.1 christos || (!no_null_key 373 1.1 christos && (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv)) 374 1.1 christos || !TEST_int_eq(EVP_EncryptUpdate(ctx, out3, &out3_len, in, sizeof(in)), 375 1.1 christos ccm || siv ? 0 : 1)))) 376 1.1 christos goto err; 377 1.1 christos 378 1.1 christos if (ccm == 0) { 379 1.1 christos if (diff) { 380 1.1 christos if (!TEST_mem_ne(out1, out1_len, out2, out2_len) 381 1.1 christos || !TEST_mem_ne(out1, out1_len, out3, out3_len) 382 1.1 christos || !TEST_mem_ne(out2, out2_len, out3, out3_len)) 383 1.1 christos goto err; 384 1.1 christos } else { 385 1.1 christos if (!TEST_mem_eq(out1, out1_len, out2, out2_len) 386 1.1 christos || (!siv && !no_null_key && !TEST_mem_eq(out1, out1_len, out3, out3_len))) 387 1.1 christos goto err; 388 1.1 christos } 389 1.1 christos } 390 1.1 christos ret = 1; 391 1.1 christos err: 392 1.1 christos EVP_CIPHER_free(cipher); 393 1.1 christos EVP_CIPHER_CTX_free(ctx); 394 1.1 christos return ret; 395 1.1 christos } 396 1.1 christos 397 1.1 christos /* 398 1.1 christos * This test only uses a partial block (half the block size) of input for each 399 1.1 christos * EVP_EncryptUpdate() in order to test that the second init/update is not using 400 1.1 christos * a leftover buffer from the first init/update. 401 1.1 christos * Note: some ciphers don't need a full block to produce output. 402 1.1 christos */ 403 1.1 christos static int test_cipher_reinit_partialupdate(int test_id) 404 1.1 christos { 405 1.1 christos int ret = 0, in_len; 406 1.1 christos int out1_len = 0, out2_len = 0, out3_len = 0; 407 1.1 christos EVP_CIPHER *cipher = NULL; 408 1.1 christos EVP_CIPHER_CTX *ctx = NULL; 409 1.1 christos unsigned char out1[256]; 410 1.1 christos unsigned char out2[256]; 411 1.1 christos unsigned char out3[256]; 412 1.1 christos static const unsigned char in[32] = { 413 1.1 christos 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 414 1.1 christos 0xba, 0xbe, 0xba, 0xbe, 0x00, 0x00, 0xba, 0xbe, 415 1.1 christos 0x01, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 416 1.1 christos 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 417 1.1 christos }; 418 1.1 christos static const unsigned char key[64] = { 419 1.1 christos 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 420 1.1 christos 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 421 1.1 christos 0x01, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 422 1.1 christos 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 423 1.1 christos 0x02, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 424 1.1 christos 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 425 1.1 christos 0x03, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 426 1.1 christos 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 427 1.1 christos }; 428 1.1 christos static const unsigned char iv[16] = { 429 1.1 christos 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08, 430 1.1 christos 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00 431 1.1 christos }; 432 1.1 christos const char *name = sk_OPENSSL_STRING_value(cipher_names, test_id); 433 1.1 christos 434 1.1 christos if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) 435 1.1 christos goto err; 436 1.1 christos 437 1.1 christos TEST_note("Fetching %s\n", name); 438 1.1 christos if (!TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, name, NULL))) 439 1.1 christos goto err; 440 1.1 christos 441 1.1 christos in_len = EVP_CIPHER_get_block_size(cipher) / 2; 442 1.1 christos 443 1.1 christos /* skip any ciphers that don't allow partial updates */ 444 1.1 christos if (((EVP_CIPHER_get_flags(cipher) 445 1.1 christos & (EVP_CIPH_FLAG_CTS | EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK)) != 0) 446 1.1 christos || EVP_CIPHER_get_mode(cipher) == EVP_CIPH_CCM_MODE 447 1.1 christos || EVP_CIPHER_get_mode(cipher) == EVP_CIPH_XTS_MODE 448 1.1 christos || EVP_CIPHER_get_mode(cipher) == EVP_CIPH_WRAP_MODE) { 449 1.1 christos ret = 1; 450 1.1 christos goto err; 451 1.1 christos } 452 1.1 christos 453 1.1 christos if (!TEST_true(EVP_EncryptInit_ex(ctx, cipher, NULL, key, iv)) 454 1.1 christos || !TEST_true(EVP_EncryptUpdate(ctx, out1, &out1_len, in, in_len)) 455 1.1 christos || !TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv)) 456 1.1 christos || !TEST_true(EVP_EncryptUpdate(ctx, out2, &out2_len, in, in_len))) 457 1.1 christos goto err; 458 1.1 christos 459 1.1 christos if (!TEST_mem_eq(out1, out1_len, out2, out2_len)) 460 1.1 christos goto err; 461 1.1 christos 462 1.1 christos if (EVP_CIPHER_get_mode(cipher) != EVP_CIPH_SIV_MODE) { 463 1.1 christos if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv)) 464 1.1 christos || !TEST_true(EVP_EncryptUpdate(ctx, out3, &out3_len, in, in_len))) 465 1.1 christos goto err; 466 1.1 christos 467 1.1 christos if (!TEST_mem_eq(out1, out1_len, out3, out3_len)) 468 1.1 christos goto err; 469 1.1 christos } 470 1.1 christos ret = 1; 471 1.1 christos err: 472 1.1 christos EVP_CIPHER_free(cipher); 473 1.1 christos EVP_CIPHER_CTX_free(ctx); 474 1.1 christos return ret; 475 1.1 christos } 476 1.1 christos 477 1.1 christos 478 1.1 christos static int name_cmp(const char * const *a, const char * const *b) 479 1.1 christos { 480 1.1 christos return OPENSSL_strcasecmp(*a, *b); 481 1.1 christos } 482 1.1 christos 483 1.1 christos static void collect_cipher_names(EVP_CIPHER *cipher, void *cipher_names_list) 484 1.1 christos { 485 1.1 christos STACK_OF(OPENSSL_STRING) *names = cipher_names_list; 486 1.1 christos const char *name = EVP_CIPHER_get0_name(cipher); 487 1.1 christos char *namedup = NULL; 488 1.1 christos 489 1.1 christos assert(name != NULL); 490 1.1 christos /* the cipher will be freed after returning, strdup is needed */ 491 1.1 christos if ((namedup = OPENSSL_strdup(name)) != NULL 492 1.1 christos && !sk_OPENSSL_STRING_push(names, namedup)) 493 1.1 christos OPENSSL_free(namedup); 494 1.1 christos } 495 1.1 christos 496 1.1 christos static int rsa_keygen(int bits, EVP_PKEY **pub, EVP_PKEY **priv) 497 1.1 christos { 498 1.1 christos int ret = 0; 499 1.1 christos unsigned char *pub_der = NULL; 500 1.1 christos const unsigned char *pp = NULL; 501 1.1 christos size_t len = 0; 502 1.1 christos OSSL_ENCODER_CTX *ectx = NULL; 503 1.1 christos 504 1.3 christos if (!TEST_ptr(*priv = EVP_PKEY_Q_keygen(libctx, NULL, "RSA", (size_t)bits)) 505 1.1 christos || !TEST_ptr(ectx = 506 1.1 christos OSSL_ENCODER_CTX_new_for_pkey(*priv, 507 1.1 christos EVP_PKEY_PUBLIC_KEY, 508 1.1 christos "DER", "type-specific", 509 1.1 christos NULL)) 510 1.1 christos || !TEST_true(OSSL_ENCODER_to_data(ectx, &pub_der, &len))) 511 1.1 christos goto err; 512 1.1 christos pp = pub_der; 513 1.1 christos if (!TEST_ptr(d2i_PublicKey(EVP_PKEY_RSA, pub, &pp, len))) 514 1.1 christos goto err; 515 1.1 christos ret = 1; 516 1.1 christos err: 517 1.1 christos OSSL_ENCODER_CTX_free(ectx); 518 1.1 christos OPENSSL_free(pub_der); 519 1.1 christos return ret; 520 1.1 christos } 521 1.1 christos 522 1.1 christos static int kem_rsa_gen_recover(void) 523 1.1 christos { 524 1.1 christos int ret = 0; 525 1.1 christos EVP_PKEY *pub = NULL; 526 1.1 christos EVP_PKEY *priv = NULL; 527 1.1 christos EVP_PKEY_CTX *sctx = NULL, *rctx = NULL, *dctx = NULL; 528 1.1 christos unsigned char secret[256] = { 0, }; 529 1.1 christos unsigned char ct[256] = { 0, }; 530 1.1 christos unsigned char unwrap[256] = { 0, }; 531 1.1 christos size_t ctlen = 0, unwraplen = 0, secretlen = 0; 532 1.1 christos int bits = 2048; 533 1.1 christos 534 1.1 christos ret = TEST_true(rsa_keygen(bits, &pub, &priv)) 535 1.1 christos && TEST_ptr(sctx = EVP_PKEY_CTX_new_from_pkey(libctx, pub, NULL)) 536 1.1 christos && TEST_int_eq(EVP_PKEY_encapsulate_init(sctx, NULL), 1) 537 1.1 christos && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(sctx, "RSASVE"), 1) 538 1.1 christos && TEST_ptr(dctx = EVP_PKEY_CTX_dup(sctx)) 539 1.3 christos /* Test that providing a NULL wrappedlen fails */ 540 1.3 christos && TEST_int_eq(EVP_PKEY_encapsulate(dctx, NULL, NULL, NULL, NULL), 0) 541 1.1 christos && TEST_int_eq(EVP_PKEY_encapsulate(dctx, NULL, &ctlen, NULL, 542 1.1 christos &secretlen), 1) 543 1.1 christos && TEST_int_eq(ctlen, secretlen) 544 1.1 christos && TEST_int_eq(ctlen, bits / 8) 545 1.1 christos && TEST_int_eq(EVP_PKEY_encapsulate(dctx, ct, &ctlen, secret, 546 1.1 christos &secretlen), 1) 547 1.1 christos && TEST_ptr(rctx = EVP_PKEY_CTX_new_from_pkey(libctx, priv, NULL)) 548 1.1 christos && TEST_int_eq(EVP_PKEY_decapsulate_init(rctx, NULL), 1) 549 1.1 christos && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(rctx, "RSASVE"), 1) 550 1.3 christos /* Test that providing a NULL unwrappedlen fails */ 551 1.3 christos && TEST_int_eq(EVP_PKEY_decapsulate(rctx, NULL, NULL, ct, ctlen), 0) 552 1.1 christos && TEST_int_eq(EVP_PKEY_decapsulate(rctx, NULL, &unwraplen, 553 1.1 christos ct, ctlen), 1) 554 1.1 christos && TEST_int_eq(EVP_PKEY_decapsulate(rctx, unwrap, &unwraplen, 555 1.1 christos ct, ctlen), 1) 556 1.1 christos && TEST_mem_eq(unwrap, unwraplen, secret, secretlen); 557 1.3 christos 558 1.3 christos /* Test that providing a too short unwrapped/ctlen fails */ 559 1.3 christos if (fips_provider_version_match(libctx, ">=3.4.0")) { 560 1.3 christos ctlen = 1; 561 1.3 christos if (!TEST_int_eq(EVP_PKEY_encapsulate(dctx, ct, &ctlen, secret, 562 1.3 christos &secretlen), 0)) 563 1.3 christos ret = 0; 564 1.3 christos unwraplen = 1; 565 1.3 christos if (!TEST_int_eq(EVP_PKEY_decapsulate(rctx, unwrap, &unwraplen, ct, 566 1.3 christos ctlen), 0)) 567 1.3 christos ret = 0; 568 1.3 christos } 569 1.3 christos 570 1.1 christos EVP_PKEY_free(pub); 571 1.1 christos EVP_PKEY_free(priv); 572 1.1 christos EVP_PKEY_CTX_free(rctx); 573 1.1 christos EVP_PKEY_CTX_free(dctx); 574 1.1 christos EVP_PKEY_CTX_free(sctx); 575 1.1 christos return ret; 576 1.1 christos } 577 1.1 christos 578 1.1 christos #ifndef OPENSSL_NO_DES 579 1.1 christos /* 580 1.1 christos * This test makes sure that EVP_CIPHER_CTX_rand_key() works correctly 581 1.1 christos * For fips mode this code would produce an error if the flag is not set. 582 1.1 christos */ 583 1.1 christos static int test_cipher_tdes_randkey(void) 584 1.1 christos { 585 1.1 christos int ret; 586 1.1 christos EVP_CIPHER_CTX *ctx = NULL; 587 1.1 christos EVP_CIPHER *tdes_cipher = NULL, *aes_cipher = NULL; 588 1.1 christos unsigned char key[24] = { 0 }; 589 1.1 christos 590 1.1 christos ret = TEST_ptr(aes_cipher = EVP_CIPHER_fetch(libctx, "AES-256-CBC", NULL)) 591 1.1 christos && TEST_int_eq(EVP_CIPHER_get_flags(aes_cipher) & EVP_CIPH_RAND_KEY, 0) 592 1.1 christos && TEST_ptr(tdes_cipher = EVP_CIPHER_fetch(libctx, "DES-EDE3-CBC", NULL)) 593 1.1 christos && TEST_int_ne(EVP_CIPHER_get_flags(tdes_cipher) & EVP_CIPH_RAND_KEY, 0) 594 1.1 christos && TEST_ptr(ctx = EVP_CIPHER_CTX_new()) 595 1.1 christos && TEST_true(EVP_CipherInit_ex(ctx, tdes_cipher, NULL, NULL, NULL, 1)) 596 1.1 christos && TEST_int_gt(EVP_CIPHER_CTX_rand_key(ctx, key), 0); 597 1.1 christos 598 1.1 christos EVP_CIPHER_CTX_free(ctx); 599 1.1 christos EVP_CIPHER_free(tdes_cipher); 600 1.1 christos EVP_CIPHER_free(aes_cipher); 601 1.1 christos return ret; 602 1.1 christos } 603 1.1 christos #endif /* OPENSSL_NO_DES */ 604 1.1 christos 605 1.1 christos static int kem_rsa_params(void) 606 1.1 christos { 607 1.1 christos int ret = 0; 608 1.1 christos EVP_PKEY *pub = NULL; 609 1.1 christos EVP_PKEY *priv = NULL; 610 1.1 christos EVP_PKEY_CTX *pubctx = NULL, *privctx = NULL; 611 1.1 christos unsigned char secret[256] = { 0, }; 612 1.1 christos unsigned char ct[256] = { 0, }; 613 1.1 christos size_t ctlen = 0, secretlen = 0; 614 1.1 christos 615 1.1 christos ret = TEST_true(rsa_keygen(2048, &pub, &priv)) 616 1.3 christos && TEST_ptr(pubctx = EVP_PKEY_CTX_new_from_pkey(libctx, pub, NULL)) 617 1.3 christos && TEST_ptr(privctx = EVP_PKEY_CTX_new_from_pkey(libctx, priv, NULL)) 618 1.3 christos /* Test setting kem op before the init fails */ 619 1.3 christos && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx, "RSASVE"), -2) 620 1.3 christos /* Test NULL ctx passed */ 621 1.3 christos && TEST_int_eq(EVP_PKEY_encapsulate_init(NULL, NULL), 0) 622 1.3 christos && TEST_int_eq(EVP_PKEY_encapsulate(NULL, NULL, NULL, NULL, NULL), 0) 623 1.3 christos && TEST_int_eq(EVP_PKEY_decapsulate_init(NULL, NULL), 0) 624 1.3 christos && TEST_int_eq(EVP_PKEY_decapsulate(NULL, NULL, NULL, NULL, 0), 0) 625 1.3 christos /* Test Invalid operation */ 626 1.3 christos && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, NULL, NULL, NULL), -1) 627 1.3 christos && TEST_int_eq(EVP_PKEY_decapsulate(privctx, NULL, NULL, NULL, 0), 0) 628 1.3 christos /* Wrong key component - no secret should be returned on failure */ 629 1.3 christos && TEST_int_eq(EVP_PKEY_decapsulate_init(pubctx, NULL), 1) 630 1.3 christos && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx, "RSASVE"), 1) 631 1.3 christos && TEST_int_eq(EVP_PKEY_decapsulate(pubctx, secret, &secretlen, ct, 632 1.3 christos sizeof(ct)), 0) 633 1.3 christos && TEST_uchar_eq(secret[0], 0) 634 1.3 christos /* Test encapsulate fails if the mode is not set */ 635 1.3 christos && TEST_int_eq(EVP_PKEY_encapsulate_init(pubctx, NULL), 1) 636 1.3 christos && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, ct, &ctlen, secret, &secretlen), -2) 637 1.3 christos /* Test setting a bad kem ops fail */ 638 1.3 christos && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx, "RSA"), 0) 639 1.3 christos && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx, NULL), 0) 640 1.3 christos && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(NULL, "RSASVE"), 0) 641 1.3 christos && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(NULL, NULL), 0) 642 1.3 christos /* Test secretlen is optional */ 643 1.3 christos && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx, "RSASVE"), 1) 644 1.3 christos && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, &ctlen, NULL, NULL), 1) 645 1.3 christos && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, ct, &ctlen, secret, NULL), 1) 646 1.3 christos && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, &ctlen, NULL, NULL), 1) 647 1.3 christos /* Test outlen is optional */ 648 1.3 christos && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, NULL, NULL, &secretlen), 1) 649 1.3 christos && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, ct, NULL, secret, &secretlen), 1) 650 1.3 christos /* test that either len must be set if out is NULL */ 651 1.3 christos && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, NULL, NULL, NULL), 0) 652 1.3 christos && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, &ctlen, NULL, NULL), 1) 653 1.3 christos && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, NULL, NULL, &secretlen), 1) 654 1.3 christos && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, &ctlen, NULL, &secretlen), 1) 655 1.3 christos /* Secret buffer should be set if there is an output buffer */ 656 1.3 christos && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, ct, &ctlen, NULL, NULL), 0) 657 1.3 christos /* Test that lengths are optional if ct is not NULL */ 658 1.3 christos && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, ct, NULL, secret, NULL), 1) 659 1.3 christos /* Pass if secret or secret length are not NULL */ 660 1.3 christos && TEST_int_eq(EVP_PKEY_decapsulate_init(privctx, NULL), 1) 661 1.3 christos && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(privctx, "RSASVE"), 1) 662 1.3 christos && TEST_int_eq(EVP_PKEY_decapsulate(privctx, secret, NULL, ct, sizeof(ct)), 1) 663 1.3 christos && TEST_int_eq(EVP_PKEY_decapsulate(privctx, NULL, &secretlen, ct, sizeof(ct)), 1) 664 1.3 christos && TEST_int_eq(secretlen, 256) 665 1.3 christos /* Fail if passed NULL arguments */ 666 1.3 christos && TEST_int_eq(EVP_PKEY_decapsulate(privctx, NULL, NULL, ct, sizeof(ct)), 0) 667 1.3 christos && TEST_int_eq(EVP_PKEY_decapsulate(privctx, secret, &secretlen, NULL, 0), 0) 668 1.3 christos && TEST_int_eq(EVP_PKEY_decapsulate(privctx, secret, &secretlen, NULL, sizeof(ct)), 0) 669 1.3 christos && TEST_int_eq(EVP_PKEY_decapsulate(privctx, secret, &secretlen, ct, 0), 0); 670 1.1 christos 671 1.1 christos EVP_PKEY_free(pub); 672 1.1 christos EVP_PKEY_free(priv); 673 1.1 christos EVP_PKEY_CTX_free(pubctx); 674 1.1 christos EVP_PKEY_CTX_free(privctx); 675 1.1 christos return ret; 676 1.1 christos } 677 1.1 christos 678 1.1 christos #ifndef OPENSSL_NO_DH 679 1.1 christos static EVP_PKEY *gen_dh_key(void) 680 1.1 christos { 681 1.1 christos EVP_PKEY_CTX *gctx = NULL; 682 1.1 christos EVP_PKEY *pkey = NULL; 683 1.1 christos OSSL_PARAM params[2]; 684 1.1 christos 685 1.1 christos params[0] = OSSL_PARAM_construct_utf8_string("group", "ffdhe2048", 0); 686 1.1 christos params[1] = OSSL_PARAM_construct_end(); 687 1.1 christos 688 1.1 christos if (!TEST_ptr(gctx = EVP_PKEY_CTX_new_from_name(libctx, "DH", NULL)) 689 1.1 christos || !TEST_int_gt(EVP_PKEY_keygen_init(gctx), 0) 690 1.1 christos || !TEST_true(EVP_PKEY_CTX_set_params(gctx, params)) 691 1.1 christos || !TEST_true(EVP_PKEY_keygen(gctx, &pkey))) 692 1.1 christos goto err; 693 1.1 christos err: 694 1.1 christos EVP_PKEY_CTX_free(gctx); 695 1.1 christos return pkey; 696 1.1 christos } 697 1.1 christos 698 1.1 christos /* Fail if we try to use a dh key */ 699 1.1 christos static int kem_invalid_keytype(void) 700 1.1 christos { 701 1.1 christos int ret = 0; 702 1.1 christos EVP_PKEY *key = NULL; 703 1.1 christos EVP_PKEY_CTX *sctx = NULL; 704 1.1 christos 705 1.1 christos if (!TEST_ptr(key = gen_dh_key())) 706 1.1 christos goto done; 707 1.1 christos 708 1.1 christos if (!TEST_ptr(sctx = EVP_PKEY_CTX_new_from_pkey(libctx, key, NULL))) 709 1.1 christos goto done; 710 1.1 christos if (!TEST_int_eq(EVP_PKEY_encapsulate_init(sctx, NULL), -2)) 711 1.1 christos goto done; 712 1.1 christos 713 1.1 christos ret = 1; 714 1.1 christos done: 715 1.1 christos EVP_PKEY_free(key); 716 1.1 christos EVP_PKEY_CTX_free(sctx); 717 1.1 christos return ret; 718 1.1 christos } 719 1.1 christos #endif /* OPENSSL_NO_DH */ 720 1.1 christos 721 1.1 christos int setup_tests(void) 722 1.1 christos { 723 1.1 christos const char *prov_name = "default"; 724 1.1 christos char *config_file = NULL; 725 1.1 christos OPTION_CHOICE o; 726 1.1 christos 727 1.1 christos while ((o = opt_next()) != OPT_EOF) { 728 1.1 christos switch (o) { 729 1.1 christos case OPT_PROVIDER_NAME: 730 1.1 christos prov_name = opt_arg(); 731 1.1 christos break; 732 1.1 christos case OPT_CONFIG_FILE: 733 1.1 christos config_file = opt_arg(); 734 1.1 christos break; 735 1.1 christos case OPT_TEST_CASES: 736 1.1 christos break; 737 1.1 christos default: 738 1.1 christos case OPT_ERR: 739 1.1 christos return 0; 740 1.1 christos } 741 1.1 christos } 742 1.1 christos 743 1.1 christos if (!test_get_libctx(&libctx, &nullprov, config_file, &libprov, prov_name)) 744 1.1 christos return 0; 745 1.1 christos 746 1.1 christos #if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DH) 747 1.1 christos ADD_ALL_TESTS(test_dsa_param_keygen, 3 * 3 * 3); 748 1.1 christos #endif 749 1.1 christos #ifndef OPENSSL_NO_DH 750 1.1 christos ADD_ALL_TESTS(test_dh_safeprime_param_keygen, 3 * 3 * 3); 751 1.1 christos ADD_TEST(dhx_cert_load); 752 1.1 christos #endif 753 1.1 christos 754 1.1 christos if (!TEST_ptr(cipher_names = sk_OPENSSL_STRING_new(name_cmp))) 755 1.1 christos return 0; 756 1.1 christos EVP_CIPHER_do_all_provided(libctx, collect_cipher_names, cipher_names); 757 1.1 christos 758 1.1 christos ADD_ALL_TESTS(test_cipher_reinit, sk_OPENSSL_STRING_num(cipher_names)); 759 1.1 christos ADD_ALL_TESTS(test_cipher_reinit_partialupdate, 760 1.1 christos sk_OPENSSL_STRING_num(cipher_names)); 761 1.1 christos ADD_TEST(kem_rsa_gen_recover); 762 1.1 christos ADD_TEST(kem_rsa_params); 763 1.1 christos #ifndef OPENSSL_NO_DH 764 1.1 christos ADD_TEST(kem_invalid_keytype); 765 1.1 christos #endif 766 1.1 christos #ifndef OPENSSL_NO_DES 767 1.1 christos ADD_TEST(test_cipher_tdes_randkey); 768 1.1 christos #endif 769 1.1 christos return 1; 770 1.1 christos } 771 1.1 christos 772 1.1 christos /* Because OPENSSL_free is a macro, it can't be passed as a function pointer */ 773 1.1 christos static void string_free(char *m) 774 1.1 christos { 775 1.1 christos OPENSSL_free(m); 776 1.1 christos } 777 1.1 christos 778 1.1 christos void cleanup_tests(void) 779 1.1 christos { 780 1.1 christos sk_OPENSSL_STRING_pop_free(cipher_names, string_free); 781 1.1 christos OSSL_PROVIDER_unload(libprov); 782 1.1 christos OSSL_LIB_CTX_free(libctx); 783 1.1 christos OSSL_PROVIDER_unload(nullprov); 784 1.1 christos } 785
Indexes created Wed Mar 04 05:31:52 UTC 2026