]> git.ipfire.org Git - thirdparty/openssl.git/blame - test/dhtest.c
projects / thirdparty / openssl.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
various spelling fixes
[thirdparty/openssl.git] / test / dhtest.c
CommitLineData
58964a49 1/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
d02b48c6
RE		 2 * All rights reserved.
3 *
4 * This package is an SSL implementation written
5 * by Eric Young (eay@cryptsoft.com).
6 * The implementation was written so as to conform with Netscapes SSL.
0f113f3e 7 *
d02b48c6
RE		 8 * This library is free for commercial and non-commercial use as long as
9 * the following conditions are aheared to. The following conditions
10 * apply to all code found in this distribution, be it the RC4, RSA,
11 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
12 * included with this distribution is covered by the same copyright terms
13 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
0f113f3e 14 *
d02b48c6
RE		 15 * Copyright remains Eric Young's, and as such any Copyright notices in
16 * the code are not to be removed.
17 * If this package is used in a product, Eric Young should be given attribution
18 * as the author of the parts of the library used.
19 * This can be in the form of a textual message at program startup or
20 * in documentation (online or textual) provided with the package.
0f113f3e 21 *
d02b48c6
RE		 22 * Redistribution and use in source and binary forms, with or without
23 * modification, are permitted provided that the following conditions
24 * are met:
25 * 1. Redistributions of source code must retain the copyright
26 * notice, this list of conditions and the following disclaimer.
27 * 2. Redistributions in binary form must reproduce the above copyright
28 * notice, this list of conditions and the following disclaimer in the
29 * documentation and/or other materials provided with the distribution.
30 * 3. All advertising materials mentioning features or use of this software
31 * must display the following acknowledgement:
32 * "This product includes cryptographic software written by
33 * Eric Young (eay@cryptsoft.com)"
34 * The word 'cryptographic' can be left out if the rouines from the library
35 * being used are not cryptographic related :-).
0f113f3e 36 * 4. If you include any Windows specific code (or a derivative thereof) from
d02b48c6
RE		 37 * the apps directory (application code) you must include an acknowledgement:
38 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
0f113f3e 39 *
d02b48c6
RE		 40 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
41 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
43 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
44 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
45 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
46 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
48 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
49 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
50 * SUCH DAMAGE.
0f113f3e 51 *
d02b48c6
RE		 52 * The licence and distribution terms for any publically available version or
53 * derivative of this code cannot be changed. i.e. this code cannot simply be
54 * copied and put under another distribution licence
55 * [including the GNU Public Licence.]
56 */
57
58#include <stdio.h>
59#include <stdlib.h>
60#include <string.h>
55f78baf
RL		 61
62#include "../e_os.h"
63
ec577822
BM		 64#include <openssl/crypto.h>
65#include <openssl/bio.h>
66#include <openssl/bn.h>
b0bb2b91 67#include <openssl/rand.h>
cb78486d 68#include <openssl/err.h>
f5d7a031 69
cf1b7d96 70#ifdef OPENSSL_NO_DH
f5d7a031
UM		 71int main(int argc, char *argv[])
72{
73 printf("No DH support\n");
0f113f3e 74 return (0);
f5d7a031
UM		 75}
76#else
0f113f3e 77# include <openssl/dh.h>
d02b48c6 78
6d23cf97 79static int cb(int p, int n, BN_GENCB *arg);
d02b48c6 80
0f113f3e
MC		 81static const char rnd_seed[] =
82 "string to make the random number generator think it has entropy";
7d388202 83
20bee968
DSH		 84static int run_rfc5114_tests(void);
85
6b691a5c 86int main(int argc, char *argv[])
0f113f3e 87{
f562aeda 88 BN_GENCB *_cb = NULL;
0f113f3e
MC		 89 DH *a = NULL;
90 DH *b = NULL;
0aeddcfa
MC		 91 BIGNUM *ap = NULL, *ag = NULL, *bp = NULL, *bg = NULL, *apub_key = NULL;
92 BIGNUM *bpub_key = NULL, *priv_key = NULL;
f562aeda
HZ		 93 char buf[12] = {0};
94 unsigned char *abuf = NULL;
95 unsigned char *bbuf = NULL;
96 int i, alen, blen, aout, bout;
97 int ret = 1;
98 BIO *out = NULL;
0f113f3e 99
bbd86bf5 100 CRYPTO_set_mem_debug(1);
0f113f3e
MC		 101 CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
102
0f113f3e
MC		 103 RAND_seed(rnd_seed, sizeof rnd_seed);
104
105 out = BIO_new(BIO_s_file());
106 if (out == NULL)
107 EXIT(1);
0f81f5f7 108 BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT);
0f113f3e
MC		 109
110 _cb = BN_GENCB_new();
f562aeda 111 if (_cb == NULL)
0f113f3e
MC		 112 goto err;
113 BN_GENCB_set(_cb, &cb, out);
f562aeda
HZ		 114 if (((a = DH_new()) == NULL)
115 || (!DH_generate_parameters_ex(a, 64, DH_GENERATOR_5, _cb)))
0f113f3e
MC		 116 goto err;
117
118 if (!DH_check(a, &i))
119 goto err;
120 if (i & DH_CHECK_P_NOT_PRIME)
121 BIO_puts(out, "p value is not prime\n");
122 if (i & DH_CHECK_P_NOT_SAFE_PRIME)
123 BIO_puts(out, "p value is not a safe prime\n");
124 if (i & DH_UNABLE_TO_CHECK_GENERATOR)
125 BIO_puts(out, "unable to check the generator value\n");
126 if (i & DH_NOT_SUITABLE_GENERATOR)
127 BIO_puts(out, "the g value is not a generator\n");
128
0aeddcfa 129 DH_get0_pqg(a, &ap, NULL, &ag);
0f113f3e 130 BIO_puts(out, "\np =");
0aeddcfa 131 BN_print(out, ap);
0f113f3e 132 BIO_puts(out, "\ng =");
0aeddcfa 133 BN_print(out, ag);
0f113f3e
MC		 134 BIO_puts(out, "\n");
135
136 b = DH_new();
137 if (b == NULL)
138 goto err;
139
0aeddcfa
MC		 140 bp = BN_dup(ap);
141 bg = BN_dup(ag);
142 if ((bp == NULL) || (bg == NULL) || !DH_set0_pqg(b, bp, NULL, bg))
0f113f3e 143 goto err;
0aeddcfa 144 bp = bg = NULL;
0f113f3e
MC		 145
146 /* Set a to run with normal modexp and b to use constant time */
0aeddcfa
MC		 147 DH_clear_flags(a, DH_FLAG_NO_EXP_CONSTTIME);
148 DH_set_flags(b, DH_FLAG_NO_EXP_CONSTTIME);
0f113f3e
MC		 149
150 if (!DH_generate_key(a))
151 goto err;
0aeddcfa 152 DH_get0_key(a, &apub_key, &priv_key);
0f113f3e 153 BIO_puts(out, "pri 1=");
0aeddcfa 154 BN_print(out, priv_key);
0f113f3e 155 BIO_puts(out, "\npub 1=");
0aeddcfa 156 BN_print(out, apub_key);
0f113f3e
MC		 157 BIO_puts(out, "\n");
158
159 if (!DH_generate_key(b))
160 goto err;
0aeddcfa 161 DH_get0_key(b, &bpub_key, &priv_key);
0f113f3e 162 BIO_puts(out, "pri 2=");
0aeddcfa 163 BN_print(out, priv_key);
0f113f3e 164 BIO_puts(out, "\npub 2=");
0aeddcfa 165 BN_print(out, bpub_key);
0f113f3e
MC		 166 BIO_puts(out, "\n");
167
168 alen = DH_size(a);
b196e7d9 169 abuf = OPENSSL_malloc(alen);
f562aeda
HZ		 170 if (abuf == NULL)
171 goto err;
172
0aeddcfa 173 aout = DH_compute_key(abuf, bpub_key, a);
0f113f3e
MC		 174
175 BIO_puts(out, "key1 =");
176 for (i = 0; i < aout; i++) {
177 sprintf(buf, "%02X", abuf[i]);
178 BIO_puts(out, buf);
179 }
180 BIO_puts(out, "\n");
181
182 blen = DH_size(b);
b196e7d9 183 bbuf = OPENSSL_malloc(blen);
f562aeda
HZ		 184 if (bbuf == NULL)
185 goto err;
186
0aeddcfa 187 bout = DH_compute_key(bbuf, apub_key, b);
0f113f3e
MC		 188
189 BIO_puts(out, "key2 =");
190 for (i = 0; i < bout; i++) {
191 sprintf(buf, "%02X", bbuf[i]);
192 BIO_puts(out, buf);
193 }
194 BIO_puts(out, "\n");
195 if ((aout < 4) || (bout != aout) || (memcmp(abuf, bbuf, aout) != 0)) {
196 fprintf(stderr, "Error in DH routines\n");
197 ret = 1;
198 } else
199 ret = 0;
200 if (!run_rfc5114_tests())
201 ret = 1;
202 err:
f0e1fe7c 203 (void)BIO_flush(out);
0f113f3e
MC		 204 ERR_print_errors_fp(stderr);
205
b548a1f1
RS		 206 OPENSSL_free(abuf);
207 OPENSSL_free(bbuf);
d6407083
RS		 208 DH_free(b);
209 DH_free(a);
0aeddcfa
MC		 210 BN_free(bp);
211 BN_free(bg);
23a1d5e9 212 BN_GENCB_free(_cb);
0f113f3e 213 BIO_free(out);
f0e1fe7c
F		 214
215#ifndef OPENSSL_NO_CRYPTO_MDEBUG
216 if (CRYPTO_mem_leaks_fp(stderr) <= 0)
217 ret = 1;
218#endif
219
0f113f3e 220 EXIT(ret);
0f113f3e 221}
d02b48c6 222
6d23cf97 223static int cb(int p, int n, BN_GENCB *arg)
0f113f3e
MC		 224{
225 char c = '*';
226
227 if (p == 0)
228 c = '.';
229 if (p == 1)
230 c = '+';
231 if (p == 2)
232 c = '*';
233 if (p == 3)
234 c = '\n';
235 BIO_write(BN_GENCB_get_arg(arg), &c, 1);
236 (void)BIO_flush(BN_GENCB_get_arg(arg));
237 return 1;
238}
20bee968
DSH		 239
240/* Test data from RFC 5114 */
241
242static const unsigned char dhtest_1024_160_xA[] = {
0f113f3e
MC		 243 0xB9, 0xA3, 0xB3, 0xAE, 0x8F, 0xEF, 0xC1, 0xA2, 0x93, 0x04, 0x96, 0x50,
244 0x70, 0x86, 0xF8, 0x45, 0x5D, 0x48, 0x94, 0x3E
20bee968 245};
0f113f3e 246
20bee968 247static const unsigned char dhtest_1024_160_yA[] = {
0f113f3e
MC		 248 0x2A, 0x85, 0x3B, 0x3D, 0x92, 0x19, 0x75, 0x01, 0xB9, 0x01, 0x5B, 0x2D,
249 0xEB, 0x3E, 0xD8, 0x4F, 0x5E, 0x02, 0x1D, 0xCC, 0x3E, 0x52, 0xF1, 0x09,
250 0xD3, 0x27, 0x3D, 0x2B, 0x75, 0x21, 0x28, 0x1C, 0xBA, 0xBE, 0x0E, 0x76,
251 0xFF, 0x57, 0x27, 0xFA, 0x8A, 0xCC, 0xE2, 0x69, 0x56, 0xBA, 0x9A, 0x1F,
252 0xCA, 0x26, 0xF2, 0x02, 0x28, 0xD8, 0x69, 0x3F, 0xEB, 0x10, 0x84, 0x1D,
253 0x84, 0xA7, 0x36, 0x00, 0x54, 0xEC, 0xE5, 0xA7, 0xF5, 0xB7, 0xA6, 0x1A,
254 0xD3, 0xDF, 0xB3, 0xC6, 0x0D, 0x2E, 0x43, 0x10, 0x6D, 0x87, 0x27, 0xDA,
255 0x37, 0xDF, 0x9C, 0xCE, 0x95, 0xB4, 0x78, 0x75, 0x5D, 0x06, 0xBC, 0xEA,
256 0x8F, 0x9D, 0x45, 0x96, 0x5F, 0x75, 0xA5, 0xF3, 0xD1, 0xDF, 0x37, 0x01,
257 0x16, 0x5F, 0xC9, 0xE5, 0x0C, 0x42, 0x79, 0xCE, 0xB0, 0x7F, 0x98, 0x95,
258 0x40, 0xAE, 0x96, 0xD5, 0xD8, 0x8E, 0xD7, 0x76
20bee968 259};
0f113f3e 260
20bee968 261static const unsigned char dhtest_1024_160_xB[] = {
0f113f3e
MC		 262 0x93, 0x92, 0xC9, 0xF9, 0xEB, 0x6A, 0x7A, 0x6A, 0x90, 0x22, 0xF7, 0xD8,
263 0x3E, 0x72, 0x23, 0xC6, 0x83, 0x5B, 0xBD, 0xDA
20bee968 264};
0f113f3e 265
20bee968 266static const unsigned char dhtest_1024_160_yB[] = {
0f113f3e
MC		 267 0x71, 0x7A, 0x6C, 0xB0, 0x53, 0x37, 0x1F, 0xF4, 0xA3, 0xB9, 0x32, 0x94,
268 0x1C, 0x1E, 0x56, 0x63, 0xF8, 0x61, 0xA1, 0xD6, 0xAD, 0x34, 0xAE, 0x66,
269 0x57, 0x6D, 0xFB, 0x98, 0xF6, 0xC6, 0xCB, 0xF9, 0xDD, 0xD5, 0xA5, 0x6C,
270 0x78, 0x33, 0xF6, 0xBC, 0xFD, 0xFF, 0x09, 0x55, 0x82, 0xAD, 0x86, 0x8E,
271 0x44, 0x0E, 0x8D, 0x09, 0xFD, 0x76, 0x9E, 0x3C, 0xEC, 0xCD, 0xC3, 0xD3,
272 0xB1, 0xE4, 0xCF, 0xA0, 0x57, 0x77, 0x6C, 0xAA, 0xF9, 0x73, 0x9B, 0x6A,
273 0x9F, 0xEE, 0x8E, 0x74, 0x11, 0xF8, 0xD6, 0xDA, 0xC0, 0x9D, 0x6A, 0x4E,
274 0xDB, 0x46, 0xCC, 0x2B, 0x5D, 0x52, 0x03, 0x09, 0x0E, 0xAE, 0x61, 0x26,
275 0x31, 0x1E, 0x53, 0xFD, 0x2C, 0x14, 0xB5, 0x74, 0xE6, 0xA3, 0x10, 0x9A,
276 0x3D, 0xA1, 0xBE, 0x41, 0xBD, 0xCE, 0xAA, 0x18, 0x6F, 0x5C, 0xE0, 0x67,
277 0x16, 0xA2, 0xB6, 0xA0, 0x7B, 0x3C, 0x33, 0xFE
20bee968 278};
0f113f3e 279
20bee968 280static const unsigned char dhtest_1024_160_Z[] = {
0f113f3e
MC		 281 0x5C, 0x80, 0x4F, 0x45, 0x4D, 0x30, 0xD9, 0xC4, 0xDF, 0x85, 0x27, 0x1F,
282 0x93, 0x52, 0x8C, 0x91, 0xDF, 0x6B, 0x48, 0xAB, 0x5F, 0x80, 0xB3, 0xB5,
283 0x9C, 0xAA, 0xC1, 0xB2, 0x8F, 0x8A, 0xCB, 0xA9, 0xCD, 0x3E, 0x39, 0xF3,
284 0xCB, 0x61, 0x45, 0x25, 0xD9, 0x52, 0x1D, 0x2E, 0x64, 0x4C, 0x53, 0xB8,
285 0x07, 0xB8, 0x10, 0xF3, 0x40, 0x06, 0x2F, 0x25, 0x7D, 0x7D, 0x6F, 0xBF,
286 0xE8, 0xD5, 0xE8, 0xF0, 0x72, 0xE9, 0xB6, 0xE9, 0xAF, 0xDA, 0x94, 0x13,
287 0xEA, 0xFB, 0x2E, 0x8B, 0x06, 0x99, 0xB1, 0xFB, 0x5A, 0x0C, 0xAC, 0xED,
288 0xDE, 0xAE, 0xAD, 0x7E, 0x9C, 0xFB, 0xB3, 0x6A, 0xE2, 0xB4, 0x20, 0x83,
289 0x5B, 0xD8, 0x3A, 0x19, 0xFB, 0x0B, 0x5E, 0x96, 0xBF, 0x8F, 0xA4, 0xD0,
290 0x9E, 0x34, 0x55, 0x25, 0x16, 0x7E, 0xCD, 0x91, 0x55, 0x41, 0x6F, 0x46,
291 0xF4, 0x08, 0xED, 0x31, 0xB6, 0x3C, 0x6E, 0x6D
20bee968 292};
0f113f3e 293
20bee968 294static const unsigned char dhtest_2048_224_xA[] = {
0f113f3e
MC		 295 0x22, 0xE6, 0x26, 0x01, 0xDB, 0xFF, 0xD0, 0x67, 0x08, 0xA6, 0x80, 0xF7,
296 0x47, 0xF3, 0x61, 0xF7, 0x6D, 0x8F, 0x4F, 0x72, 0x1A, 0x05, 0x48, 0xE4,
297 0x83, 0x29, 0x4B, 0x0C
20bee968 298};
0f113f3e 299
20bee968 300static const unsigned char dhtest_2048_224_yA[] = {
0f113f3e
MC		 301 0x1B, 0x3A, 0x63, 0x45, 0x1B, 0xD8, 0x86, 0xE6, 0x99, 0xE6, 0x7B, 0x49,
302 0x4E, 0x28, 0x8B, 0xD7, 0xF8, 0xE0, 0xD3, 0x70, 0xBA, 0xDD, 0xA7, 0xA0,
303 0xEF, 0xD2, 0xFD, 0xE7, 0xD8, 0xF6, 0x61, 0x45, 0xCC, 0x9F, 0x28, 0x04,
304 0x19, 0x97, 0x5E, 0xB8, 0x08, 0x87, 0x7C, 0x8A, 0x4C, 0x0C, 0x8E, 0x0B,
305 0xD4, 0x8D, 0x4A, 0x54, 0x01, 0xEB, 0x1E, 0x87, 0x76, 0xBF, 0xEE, 0xE1,
306 0x34, 0xC0, 0x38, 0x31, 0xAC, 0x27, 0x3C, 0xD9, 0xD6, 0x35, 0xAB, 0x0C,
307 0xE0, 0x06, 0xA4, 0x2A, 0x88, 0x7E, 0x3F, 0x52, 0xFB, 0x87, 0x66, 0xB6,
308 0x50, 0xF3, 0x80, 0x78, 0xBC, 0x8E, 0xE8, 0x58, 0x0C, 0xEF, 0xE2, 0x43,
309 0x96, 0x8C, 0xFC, 0x4F, 0x8D, 0xC3, 0xDB, 0x08, 0x45, 0x54, 0x17, 0x1D,
310 0x41, 0xBF, 0x2E, 0x86, 0x1B, 0x7B, 0xB4, 0xD6, 0x9D, 0xD0, 0xE0, 0x1E,
311 0xA3, 0x87, 0xCB, 0xAA, 0x5C, 0xA6, 0x72, 0xAF, 0xCB, 0xE8, 0xBD, 0xB9,
312 0xD6, 0x2D, 0x4C, 0xE1, 0x5F, 0x17, 0xDD, 0x36, 0xF9, 0x1E, 0xD1, 0xEE,
313 0xDD, 0x65, 0xCA, 0x4A, 0x06, 0x45, 0x5C, 0xB9, 0x4C, 0xD4, 0x0A, 0x52,
314 0xEC, 0x36, 0x0E, 0x84, 0xB3, 0xC9, 0x26, 0xE2, 0x2C, 0x43, 0x80, 0xA3,
315 0xBF, 0x30, 0x9D, 0x56, 0x84, 0x97, 0x68, 0xB7, 0xF5, 0x2C, 0xFD, 0xF6,
316 0x55, 0xFD, 0x05, 0x3A, 0x7E, 0xF7, 0x06, 0x97, 0x9E, 0x7E, 0x58, 0x06,
317 0xB1, 0x7D, 0xFA, 0xE5, 0x3A, 0xD2, 0xA5, 0xBC, 0x56, 0x8E, 0xBB, 0x52,
318 0x9A, 0x7A, 0x61, 0xD6, 0x8D, 0x25, 0x6F, 0x8F, 0xC9, 0x7C, 0x07, 0x4A,
319 0x86, 0x1D, 0x82, 0x7E, 0x2E, 0xBC, 0x8C, 0x61, 0x34, 0x55, 0x31, 0x15,
320 0xB7, 0x0E, 0x71, 0x03, 0x92, 0x0A, 0xA1, 0x6D, 0x85, 0xE5, 0x2B, 0xCB,
321 0xAB, 0x8D, 0x78, 0x6A, 0x68, 0x17, 0x8F, 0xA8, 0xFF, 0x7C, 0x2F, 0x5C,
322 0x71, 0x64, 0x8D, 0x6F
20bee968 323};
0f113f3e 324
20bee968 325static const unsigned char dhtest_2048_224_xB[] = {
0f113f3e
MC		 326 0x4F, 0xF3, 0xBC, 0x96, 0xC7, 0xFC, 0x6A, 0x6D, 0x71, 0xD3, 0xB3, 0x63,
327 0x80, 0x0A, 0x7C, 0xDF, 0xEF, 0x6F, 0xC4, 0x1B, 0x44, 0x17, 0xEA, 0x15,
328 0x35, 0x3B, 0x75, 0x90
20bee968 329};
0f113f3e 330
20bee968 331static const unsigned char dhtest_2048_224_yB[] = {
0f113f3e
MC		 332 0x4D, 0xCE, 0xE9, 0x92, 0xA9, 0x76, 0x2A, 0x13, 0xF2, 0xF8, 0x38, 0x44,
333 0xAD, 0x3D, 0x77, 0xEE, 0x0E, 0x31, 0xC9, 0x71, 0x8B, 0x3D, 0xB6, 0xC2,
334 0x03, 0x5D, 0x39, 0x61, 0x18, 0x2C, 0x3E, 0x0B, 0xA2, 0x47, 0xEC, 0x41,
335 0x82, 0xD7, 0x60, 0xCD, 0x48, 0xD9, 0x95, 0x99, 0x97, 0x06, 0x22, 0xA1,
336 0x88, 0x1B, 0xBA, 0x2D, 0xC8, 0x22, 0x93, 0x9C, 0x78, 0xC3, 0x91, 0x2C,
337 0x66, 0x61, 0xFA, 0x54, 0x38, 0xB2, 0x07, 0x66, 0x22, 0x2B, 0x75, 0xE2,
338 0x4C, 0x2E, 0x3A, 0xD0, 0xC7, 0x28, 0x72, 0x36, 0x12, 0x95, 0x25, 0xEE,
339 0x15, 0xB5, 0xDD, 0x79, 0x98, 0xAA, 0x04, 0xC4, 0xA9, 0x69, 0x6C, 0xAC,
340 0xD7, 0x17, 0x20, 0x83, 0xA9, 0x7A, 0x81, 0x66, 0x4E, 0xAD, 0x2C, 0x47,
341 0x9E, 0x44, 0x4E, 0x4C, 0x06, 0x54, 0xCC, 0x19, 0xE2, 0x8D, 0x77, 0x03,
342 0xCE, 0xE8, 0xDA, 0xCD, 0x61, 0x26, 0xF5, 0xD6, 0x65, 0xEC, 0x52, 0xC6,
343 0x72, 0x55, 0xDB, 0x92, 0x01, 0x4B, 0x03, 0x7E, 0xB6, 0x21, 0xA2, 0xAC,
344 0x8E, 0x36, 0x5D, 0xE0, 0x71, 0xFF, 0xC1, 0x40, 0x0A, 0xCF, 0x07, 0x7A,
345 0x12, 0x91, 0x3D, 0xD8, 0xDE, 0x89, 0x47, 0x34, 0x37, 0xAB, 0x7B, 0xA3,
346 0x46, 0x74, 0x3C, 0x1B, 0x21, 0x5D, 0xD9, 0xC1, 0x21, 0x64, 0xA7, 0xE4,
347 0x05, 0x31, 0x18, 0xD1, 0x99, 0xBE, 0xC8, 0xEF, 0x6F, 0xC5, 0x61, 0x17,
348 0x0C, 0x84, 0xC8, 0x7D, 0x10, 0xEE, 0x9A, 0x67, 0x4A, 0x1F, 0xA8, 0xFF,
349 0xE1, 0x3B, 0xDF, 0xBA, 0x1D, 0x44, 0xDE, 0x48, 0x94, 0x6D, 0x68, 0xDC,
350 0x0C, 0xDD, 0x77, 0x76, 0x35, 0xA7, 0xAB, 0x5B, 0xFB, 0x1E, 0x4B, 0xB7,
351 0xB8, 0x56, 0xF9, 0x68, 0x27, 0x73, 0x4C, 0x18, 0x41, 0x38, 0xE9, 0x15,
352 0xD9, 0xC3, 0x00, 0x2E, 0xBC, 0xE5, 0x31, 0x20, 0x54, 0x6A, 0x7E, 0x20,
353 0x02, 0x14, 0x2B, 0x6C
20bee968 354};
0f113f3e 355
20bee968 356static const unsigned char dhtest_2048_224_Z[] = {
0f113f3e
MC		 357 0x34, 0xD9, 0xBD, 0xDC, 0x1B, 0x42, 0x17, 0x6C, 0x31, 0x3F, 0xEA, 0x03,
358 0x4C, 0x21, 0x03, 0x4D, 0x07, 0x4A, 0x63, 0x13, 0xBB, 0x4E, 0xCD, 0xB3,
359 0x70, 0x3F, 0xFF, 0x42, 0x45, 0x67, 0xA4, 0x6B, 0xDF, 0x75, 0x53, 0x0E,
360 0xDE, 0x0A, 0x9D, 0xA5, 0x22, 0x9D, 0xE7, 0xD7, 0x67, 0x32, 0x28, 0x6C,
361 0xBC, 0x0F, 0x91, 0xDA, 0x4C, 0x3C, 0x85, 0x2F, 0xC0, 0x99, 0xC6, 0x79,
362 0x53, 0x1D, 0x94, 0xC7, 0x8A, 0xB0, 0x3D, 0x9D, 0xEC, 0xB0, 0xA4, 0xE4,
363 0xCA, 0x8B, 0x2B, 0xB4, 0x59, 0x1C, 0x40, 0x21, 0xCF, 0x8C, 0xE3, 0xA2,
364 0x0A, 0x54, 0x1D, 0x33, 0x99, 0x40, 0x17, 0xD0, 0x20, 0x0A, 0xE2, 0xC9,
365 0x51, 0x6E, 0x2F, 0xF5, 0x14, 0x57, 0x79, 0x26, 0x9E, 0x86, 0x2B, 0x0F,
366 0xB4, 0x74, 0xA2, 0xD5, 0x6D, 0xC3, 0x1E, 0xD5, 0x69, 0xA7, 0x70, 0x0B,
367 0x4C, 0x4A, 0xB1, 0x6B, 0x22, 0xA4, 0x55, 0x13, 0x53, 0x1E, 0xF5, 0x23,
368 0xD7, 0x12, 0x12, 0x07, 0x7B, 0x5A, 0x16, 0x9B, 0xDE, 0xFF, 0xAD, 0x7A,
369 0xD9, 0x60, 0x82, 0x84, 0xC7, 0x79, 0x5B, 0x6D, 0x5A, 0x51, 0x83, 0xB8,
370 0x70, 0x66, 0xDE, 0x17, 0xD8, 0xD6, 0x71, 0xC9, 0xEB, 0xD8, 0xEC, 0x89,
371 0x54, 0x4D, 0x45, 0xEC, 0x06, 0x15, 0x93, 0xD4, 0x42, 0xC6, 0x2A, 0xB9,
372 0xCE, 0x3B, 0x1C, 0xB9, 0x94, 0x3A, 0x1D, 0x23, 0xA5, 0xEA, 0x3B, 0xCF,
373 0x21, 0xA0, 0x14, 0x71, 0xE6, 0x7E, 0x00, 0x3E, 0x7F, 0x8A, 0x69, 0xC7,
374 0x28, 0xBE, 0x49, 0x0B, 0x2F, 0xC8, 0x8C, 0xFE, 0xB9, 0x2D, 0xB6, 0xA2,
375 0x15, 0xE5, 0xD0, 0x3C, 0x17, 0xC4, 0x64, 0xC9, 0xAC, 0x1A, 0x46, 0xE2,
376 0x03, 0xE1, 0x3F, 0x95, 0x29, 0x95, 0xFB, 0x03, 0xC6, 0x9D, 0x3C, 0xC4,
377 0x7F, 0xCB, 0x51, 0x0B, 0x69, 0x98, 0xFF, 0xD3, 0xAA, 0x6D, 0xE7, 0x3C,
378 0xF9, 0xF6, 0x38, 0x69
20bee968 379};
0f113f3e 380
20bee968 381static const unsigned char dhtest_2048_256_xA[] = {
0f113f3e
MC		 382 0x08, 0x81, 0x38, 0x2C, 0xDB, 0x87, 0x66, 0x0C, 0x6D, 0xC1, 0x3E, 0x61,
383 0x49, 0x38, 0xD5, 0xB9, 0xC8, 0xB2, 0xF2, 0x48, 0x58, 0x1C, 0xC5, 0xE3,
384 0x1B, 0x35, 0x45, 0x43, 0x97, 0xFC, 0xE5, 0x0E
20bee968 385};
0f113f3e 386
20bee968 387static const unsigned char dhtest_2048_256_yA[] = {
0f113f3e
MC		 388 0x2E, 0x93, 0x80, 0xC8, 0x32, 0x3A, 0xF9, 0x75, 0x45, 0xBC, 0x49, 0x41,
389 0xDE, 0xB0, 0xEC, 0x37, 0x42, 0xC6, 0x2F, 0xE0, 0xEC, 0xE8, 0x24, 0xA6,
390 0xAB, 0xDB, 0xE6, 0x6C, 0x59, 0xBE, 0xE0, 0x24, 0x29, 0x11, 0xBF, 0xB9,
391 0x67, 0x23, 0x5C, 0xEB, 0xA3, 0x5A, 0xE1, 0x3E, 0x4E, 0xC7, 0x52, 0xBE,
392 0x63, 0x0B, 0x92, 0xDC, 0x4B, 0xDE, 0x28, 0x47, 0xA9, 0xC6, 0x2C, 0xB8,
393 0x15, 0x27, 0x45, 0x42, 0x1F, 0xB7, 0xEB, 0x60, 0xA6, 0x3C, 0x0F, 0xE9,
394 0x15, 0x9F, 0xCC, 0xE7, 0x26, 0xCE, 0x7C, 0xD8, 0x52, 0x3D, 0x74, 0x50,
395 0x66, 0x7E, 0xF8, 0x40, 0xE4, 0x91, 0x91, 0x21, 0xEB, 0x5F, 0x01, 0xC8,
396 0xC9, 0xB0, 0xD3, 0xD6, 0x48, 0xA9, 0x3B, 0xFB, 0x75, 0x68, 0x9E, 0x82,
397 0x44, 0xAC, 0x13, 0x4A, 0xF5, 0x44, 0x71, 0x1C, 0xE7, 0x9A, 0x02, 0xDC,
398 0xC3, 0x42, 0x26, 0x68, 0x47, 0x80, 0xDD, 0xDC, 0xB4, 0x98, 0x59, 0x41,
399 0x06, 0xC3, 0x7F, 0x5B, 0xC7, 0x98, 0x56, 0x48, 0x7A, 0xF5, 0xAB, 0x02,
400 0x2A, 0x2E, 0x5E, 0x42, 0xF0, 0x98, 0x97, 0xC1, 0xA8, 0x5A, 0x11, 0xEA,
401 0x02, 0x12, 0xAF, 0x04, 0xD9, 0xB4, 0xCE, 0xBC, 0x93, 0x7C, 0x3C, 0x1A,
402 0x3E, 0x15, 0xA8, 0xA0, 0x34, 0x2E, 0x33, 0x76, 0x15, 0xC8, 0x4E, 0x7F,
403 0xE3, 0xB8, 0xB9, 0xB8, 0x7F, 0xB1, 0xE7, 0x3A, 0x15, 0xAF, 0x12, 0xA3,
404 0x0D, 0x74, 0x6E, 0x06, 0xDF, 0xC3, 0x4F, 0x29, 0x0D, 0x79, 0x7C, 0xE5,
405 0x1A, 0xA1, 0x3A, 0xA7, 0x85, 0xBF, 0x66, 0x58, 0xAF, 0xF5, 0xE4, 0xB0,
406 0x93, 0x00, 0x3C, 0xBE, 0xAF, 0x66, 0x5B, 0x3C, 0x2E, 0x11, 0x3A, 0x3A,
407 0x4E, 0x90, 0x52, 0x69, 0x34, 0x1D, 0xC0, 0x71, 0x14, 0x26, 0x68, 0x5F,
408 0x4E, 0xF3, 0x7E, 0x86, 0x8A, 0x81, 0x26, 0xFF, 0x3F, 0x22, 0x79, 0xB5,
409 0x7C, 0xA6, 0x7E, 0x29
20bee968 410};
0f113f3e 411
20bee968 412static const unsigned char dhtest_2048_256_xB[] = {
0f113f3e
MC		 413 0x7D, 0x62, 0xA7, 0xE3, 0xEF, 0x36, 0xDE, 0x61, 0x7B, 0x13, 0xD1, 0xAF,
414 0xB8, 0x2C, 0x78, 0x0D, 0x83, 0xA2, 0x3B, 0xD4, 0xEE, 0x67, 0x05, 0x64,
415 0x51, 0x21, 0xF3, 0x71, 0xF5, 0x46, 0xA5, 0x3D
20bee968 416};
0f113f3e 417
20bee968 418static const unsigned char dhtest_2048_256_yB[] = {
0f113f3e
MC		 419 0x57, 0x5F, 0x03, 0x51, 0xBD, 0x2B, 0x1B, 0x81, 0x74, 0x48, 0xBD, 0xF8,
420 0x7A, 0x6C, 0x36, 0x2C, 0x1E, 0x28, 0x9D, 0x39, 0x03, 0xA3, 0x0B, 0x98,
421 0x32, 0xC5, 0x74, 0x1F, 0xA2, 0x50, 0x36, 0x3E, 0x7A, 0xCB, 0xC7, 0xF7,
422 0x7F, 0x3D, 0xAC, 0xBC, 0x1F, 0x13, 0x1A, 0xDD, 0x8E, 0x03, 0x36, 0x7E,
423 0xFF, 0x8F, 0xBB, 0xB3, 0xE1, 0xC5, 0x78, 0x44, 0x24, 0x80, 0x9B, 0x25,
424 0xAF, 0xE4, 0xD2, 0x26, 0x2A, 0x1A, 0x6F, 0xD2, 0xFA, 0xB6, 0x41, 0x05,
425 0xCA, 0x30, 0xA6, 0x74, 0xE0, 0x7F, 0x78, 0x09, 0x85, 0x20, 0x88, 0x63,
426 0x2F, 0xC0, 0x49, 0x23, 0x37, 0x91, 0xAD, 0x4E, 0xDD, 0x08, 0x3A, 0x97,
427 0x8B, 0x88, 0x3E, 0xE6, 0x18, 0xBC, 0x5E, 0x0D, 0xD0, 0x47, 0x41, 0x5F,
428 0x2D, 0x95, 0xE6, 0x83, 0xCF, 0x14, 0x82, 0x6B, 0x5F, 0xBE, 0x10, 0xD3,
429 0xCE, 0x41, 0xC6, 0xC1, 0x20, 0xC7, 0x8A, 0xB2, 0x00, 0x08, 0xC6, 0x98,
430 0xBF, 0x7F, 0x0B, 0xCA, 0xB9, 0xD7, 0xF4, 0x07, 0xBE, 0xD0, 0xF4, 0x3A,
431 0xFB, 0x29, 0x70, 0xF5, 0x7F, 0x8D, 0x12, 0x04, 0x39, 0x63, 0xE6, 0x6D,
432 0xDD, 0x32, 0x0D, 0x59, 0x9A, 0xD9, 0x93, 0x6C, 0x8F, 0x44, 0x13, 0x7C,
433 0x08, 0xB1, 0x80, 0xEC, 0x5E, 0x98, 0x5C, 0xEB, 0xE1, 0x86, 0xF3, 0xD5,
434 0x49, 0x67, 0x7E, 0x80, 0x60, 0x73, 0x31, 0xEE, 0x17, 0xAF, 0x33, 0x80,
435 0xA7, 0x25, 0xB0, 0x78, 0x23, 0x17, 0xD7, 0xDD, 0x43, 0xF5, 0x9D, 0x7A,
436 0xF9, 0x56, 0x8A, 0x9B, 0xB6, 0x3A, 0x84, 0xD3, 0x65, 0xF9, 0x22, 0x44,
437 0xED, 0x12, 0x09, 0x88, 0x21, 0x93, 0x02, 0xF4, 0x29, 0x24, 0xC7, 0xCA,
438 0x90, 0xB8, 0x9D, 0x24, 0xF7, 0x1B, 0x0A, 0xB6, 0x97, 0x82, 0x3D, 0x7D,
439 0xEB, 0x1A, 0xFF, 0x5B, 0x0E, 0x8E, 0x4A, 0x45, 0xD4, 0x9F, 0x7F, 0x53,
440 0x75, 0x7E, 0x19, 0x13
20bee968 441};
0f113f3e 442
20bee968 443static const unsigned char dhtest_2048_256_Z[] = {
0f113f3e
MC		 444 0x86, 0xC7, 0x0B, 0xF8, 0xD0, 0xBB, 0x81, 0xBB, 0x01, 0x07, 0x8A, 0x17,
445 0x21, 0x9C, 0xB7, 0xD2, 0x72, 0x03, 0xDB, 0x2A, 0x19, 0xC8, 0x77, 0xF1,
446 0xD1, 0xF1, 0x9F, 0xD7, 0xD7, 0x7E, 0xF2, 0x25, 0x46, 0xA6, 0x8F, 0x00,
447 0x5A, 0xD5, 0x2D, 0xC8, 0x45, 0x53, 0xB7, 0x8F, 0xC6, 0x03, 0x30, 0xBE,
448 0x51, 0xEA, 0x7C, 0x06, 0x72, 0xCA, 0xC1, 0x51, 0x5E, 0x4B, 0x35, 0xC0,
449 0x47, 0xB9, 0xA5, 0x51, 0xB8, 0x8F, 0x39, 0xDC, 0x26, 0xDA, 0x14, 0xA0,
450 0x9E, 0xF7, 0x47, 0x74, 0xD4, 0x7C, 0x76, 0x2D, 0xD1, 0x77, 0xF9, 0xED,
451 0x5B, 0xC2, 0xF1, 0x1E, 0x52, 0xC8, 0x79, 0xBD, 0x95, 0x09, 0x85, 0x04,
452 0xCD, 0x9E, 0xEC, 0xD8, 0xA8, 0xF9, 0xB3, 0xEF, 0xBD, 0x1F, 0x00, 0x8A,
453 0xC5, 0x85, 0x30, 0x97, 0xD9, 0xD1, 0x83, 0x7F, 0x2B, 0x18, 0xF7, 0x7C,
454 0xD7, 0xBE, 0x01, 0xAF, 0x80, 0xA7, 0xC7, 0xB5, 0xEA, 0x3C, 0xA5, 0x4C,
455 0xC0, 0x2D, 0x0C, 0x11, 0x6F, 0xEE, 0x3F, 0x95, 0xBB, 0x87, 0x39, 0x93,
456 0x85, 0x87, 0x5D, 0x7E, 0x86, 0x74, 0x7E, 0x67, 0x6E, 0x72, 0x89, 0x38,
457 0xAC, 0xBF, 0xF7, 0x09, 0x8E, 0x05, 0xBE, 0x4D, 0xCF, 0xB2, 0x40, 0x52,
458 0xB8, 0x3A, 0xEF, 0xFB, 0x14, 0x78, 0x3F, 0x02, 0x9A, 0xDB, 0xDE, 0x7F,
459 0x53, 0xFA, 0xE9, 0x20, 0x84, 0x22, 0x40, 0x90, 0xE0, 0x07, 0xCE, 0xE9,
460 0x4D, 0x4B, 0xF2, 0xBA, 0xCE, 0x9F, 0xFD, 0x4B, 0x57, 0xD2, 0xAF, 0x7C,
461 0x72, 0x4D, 0x0C, 0xAA, 0x19, 0xBF, 0x05, 0x01, 0xF6, 0xF1, 0x7B, 0x4A,
462 0xA1, 0x0F, 0x42, 0x5E, 0x3E, 0xA7, 0x60, 0x80, 0xB4, 0xB9, 0xD6, 0xB3,
463 0xCE, 0xFE, 0xA1, 0x15, 0xB2, 0xCE, 0xB8, 0x78, 0x9B, 0xB8, 0xA3, 0xB0,
464 0xEA, 0x87, 0xFE, 0xBE, 0x63, 0xB6, 0xC8, 0xF8, 0x46, 0xEC, 0x6D, 0xB0,
465 0xC2, 0x6C, 0x5D, 0x7C
20bee968
DSH		 466};
467
e729aac1
MC		 468static const unsigned char dhtest_rfc5114_2048_224_bad_y[] = {
469 0x45, 0x32, 0x5F, 0x51, 0x07, 0xE5, 0xDF, 0x1C, 0xD6, 0x02, 0x82, 0xB3,
470 0x32, 0x8F, 0xA4, 0x0F, 0x87, 0xB8, 0x41, 0xFE, 0xB9, 0x35, 0xDE, 0xAD,
471 0xC6, 0x26, 0x85, 0xB4, 0xFF, 0x94, 0x8C, 0x12, 0x4C, 0xBF, 0x5B, 0x20,
472 0xC4, 0x46, 0xA3, 0x26, 0xEB, 0xA4, 0x25, 0xB7, 0x68, 0x8E, 0xCC, 0x67,
473 0xBA, 0xEA, 0x58, 0xD0, 0xF2, 0xE9, 0xD2, 0x24, 0x72, 0x60, 0xDA, 0x88,
474 0x18, 0x9C, 0xE0, 0x31, 0x6A, 0xAD, 0x50, 0x6D, 0x94, 0x35, 0x8B, 0x83,
475 0x4A, 0x6E, 0xFA, 0x48, 0x73, 0x0F, 0x83, 0x87, 0xFF, 0x6B, 0x66, 0x1F,
476 0xA8, 0x82, 0xC6, 0x01, 0xE5, 0x80, 0xB5, 0xB0, 0x52, 0xD0, 0xE9, 0xD8,
477 0x72, 0xF9, 0x7D, 0x5B, 0x8B, 0xA5, 0x4C, 0xA5, 0x25, 0x95, 0x74, 0xE2,
478 0x7A, 0x61, 0x4E, 0xA7, 0x8F, 0x12, 0xE2, 0xD2, 0x9D, 0x8C, 0x02, 0x70,
479 0x34, 0x44, 0x32, 0xC7, 0xB2, 0xF3, 0xB9, 0xFE, 0x17, 0x2B, 0xD6, 0x1F,
480 0x8B, 0x7E, 0x4A, 0xFA, 0xA3, 0xB5, 0x3E, 0x7A, 0x81, 0x9A, 0x33, 0x66,
481 0x62, 0xA4, 0x50, 0x18, 0x3E, 0xA2, 0x5F, 0x00, 0x07, 0xD8, 0x9B, 0x22,
482 0xE4, 0xEC, 0x84, 0xD5, 0xEB, 0x5A, 0xF3, 0x2A, 0x31, 0x23, 0xD8, 0x44,
483 0x22, 0x2A, 0x8B, 0x37, 0x44, 0xCC, 0xC6, 0x87, 0x4B, 0xBE, 0x50, 0x9D,
484 0x4A, 0xC4, 0x8E, 0x45, 0xCF, 0x72, 0x4D, 0xC0, 0x89, 0xB3, 0x72, 0xED,
485 0x33, 0x2C, 0xBC, 0x7F, 0x16, 0x39, 0x3B, 0xEB, 0xD2, 0xDD, 0xA8, 0x01,
486 0x73, 0x84, 0x62, 0xB9, 0x29, 0xD2, 0xC9, 0x51, 0x32, 0x9E, 0x7A, 0x6A,
487 0xCF, 0xC1, 0x0A, 0xDB, 0x0E, 0xE0, 0x62, 0x77, 0x6F, 0x59, 0x62, 0x72,
488 0x5A, 0x69, 0xA6, 0x5B, 0x70, 0xCA, 0x65, 0xC4, 0x95, 0x6F, 0x9A, 0xC2,
489 0xDF, 0x72, 0x6D, 0xB1, 0x1E, 0x54, 0x7B, 0x51, 0xB4, 0xEF, 0x7F, 0x89,
490 0x93, 0x74, 0x89, 0x59
491};
492
0f113f3e
MC		 493typedef struct {
494 DH *(*get_param) (void);
495 const unsigned char *xA;
496 size_t xA_len;
497 const unsigned char *yA;
498 size_t yA_len;
499 const unsigned char *xB;
500 size_t xB_len;
501 const unsigned char *yB;
502 size_t yB_len;
503 const unsigned char *Z;
504 size_t Z_len;
505} rfc5114_td;
506
507# define make_rfc5114_td(pre) { \
508 DH_get_##pre, \
509 dhtest_##pre##_xA, sizeof(dhtest_##pre##_xA), \
510 dhtest_##pre##_yA, sizeof(dhtest_##pre##_yA), \
511 dhtest_##pre##_xB, sizeof(dhtest_##pre##_xB), \
512 dhtest_##pre##_yB, sizeof(dhtest_##pre##_yB), \
513 dhtest_##pre##_Z, sizeof(dhtest_##pre##_Z) \
514 }
20bee968
DSH		 515
516static const rfc5114_td rfctd[] = {
0f113f3e
MC		 517 make_rfc5114_td(1024_160),
518 make_rfc5114_td(2048_224),
519 make_rfc5114_td(2048_256)
20bee968
DSH		 520};
521
522static int run_rfc5114_tests(void)
0f113f3e
MC		 523{
524 int i;
f562aeda
HZ		 525 DH *dhA = NULL;
526 DH *dhB = NULL;
527 unsigned char *Z1 = NULL;
528 unsigned char *Z2 = NULL;
529 const rfc5114_td *td = NULL;
0aeddcfa 530 BIGNUM *bady = NULL, *priv_key = NULL, *pub_key = NULL;
f562aeda 531
bdcb1a2c 532 for (i = 0; i < (int)OSSL_NELEM(rfctd); i++) {
f562aeda 533 td = rfctd + i;
0f113f3e
MC		 534 /* Set up DH structures setting key components */
535 dhA = td->get_param();
536 dhB = td->get_param();
f562aeda 537 if ((dhA == NULL) || (dhB == NULL))
0f113f3e
MC		 538 goto bad_err;
539
0aeddcfa
MC		 540 priv_key = BN_bin2bn(td->xA, td->xA_len, NULL);
541 pub_key = BN_bin2bn(td->yA, td->yA_len, NULL);
542 if (priv_key == NULL || pub_key == NULL
543 || !DH_set0_key(dhA, pub_key, priv_key))
544 goto bad_err;
0f113f3e 545
0aeddcfa
MC		 546 priv_key = BN_bin2bn(td->xB, td->xB_len, NULL);
547 pub_key = BN_bin2bn(td->yB, td->yB_len, NULL);
0f113f3e 548
0aeddcfa
MC		 549 if (priv_key == NULL || pub_key == NULL
550 || !DH_set0_key(dhB, pub_key, priv_key))
0f113f3e 551 goto bad_err;
0aeddcfa 552 priv_key = pub_key = NULL;
0f113f3e
MC		 553
554 if ((td->Z_len != (size_t)DH_size(dhA))
555 || (td->Z_len != (size_t)DH_size(dhB)))
556 goto err;
557
558 Z1 = OPENSSL_malloc(DH_size(dhA));
559 Z2 = OPENSSL_malloc(DH_size(dhB));
f562aeda
HZ		 560 if ((Z1 == NULL) || (Z2 == NULL))
561 goto bad_err;
0f113f3e
MC		 562 /*
563 * Work out shared secrets using both sides and compare with expected
564 * values.
565 */
0aeddcfa
MC		 566 DH_get0_key(dhB, &pub_key, NULL);
567 if (DH_compute_key(Z1, pub_key, dhA) == -1) {
568 pub_key = NULL;
0f113f3e 569 goto bad_err;
0aeddcfa
MC		 570 }
571 DH_get0_key(dhA, &pub_key, NULL);
572 if (DH_compute_key(Z2, pub_key, dhB) == -1) {
573 pub_key = NULL;
0f113f3e 574 goto bad_err;
0aeddcfa
MC		 575 }
576 pub_key = NULL;
0f113f3e
MC		 577
578 if (memcmp(Z1, td->Z, td->Z_len))
579 goto err;
580 if (memcmp(Z2, td->Z, td->Z_len))
581 goto err;
582
583 printf("RFC5114 parameter test %d OK\n", i + 1);
584
585 DH_free(dhA);
586 DH_free(dhB);
587 OPENSSL_free(Z1);
588 OPENSSL_free(Z2);
e729aac1
MC		 589 dhA = NULL;
590 dhB = NULL;
591 Z1 = NULL;
592 Z2 = NULL;
593 }
0f113f3e 594
e729aac1
MC		 595 /* Now i == OSSL_NELEM(rfctd) */
596 /* RFC5114 uses unsafe primes, so now test an invalid y value */
597 dhA = DH_get_2048_224();
598 if (dhA == NULL)
599 goto bad_err;
600 Z1 = OPENSSL_malloc(DH_size(dhA));
601 if (Z1 == NULL)
602 goto bad_err;
603
604 bady = BN_bin2bn(dhtest_rfc5114_2048_224_bad_y,
605 sizeof(dhtest_rfc5114_2048_224_bad_y), NULL);
606 if (bady == NULL)
607 goto bad_err;
608
609 if (!DH_generate_key(dhA))
610 goto bad_err;
611
612 if (DH_compute_key(Z1, bady, dhA) != -1) {
613 /*
614 * DH_compute_key should fail with -1. If we get here we unexpectedly
615 * allowed an invalid y value
616 */
617 goto err;
0f113f3e 618 }
e729aac1
MC		 619 /* We'll have a stale error on the queue from the above test so clear it */
620 ERR_clear_error();
621
622 printf("RFC5114 parameter test %d OK\n", i + 1);
623
624 BN_free(bady);
625 DH_free(dhA);
626 OPENSSL_free(Z1);
627
0f113f3e
MC		 628 return 1;
629 bad_err:
e729aac1 630 BN_free(bady);
f562aeda
HZ		 631 DH_free(dhA);
632 DH_free(dhB);
0aeddcfa
MC		 633 BN_free(pub_key);
634 BN_free(priv_key);
f562aeda
HZ		 635 OPENSSL_free(Z1);
636 OPENSSL_free(Z2);
637
8483a003 638 fprintf(stderr, "Initialisation error RFC5114 set %d\n", i + 1);
0f113f3e
MC		 639 ERR_print_errors_fp(stderr);
640 return 0;
641 err:
e729aac1 642 BN_free(bady);
f562aeda
HZ		 643 DH_free(dhA);
644 DH_free(dhB);
645 OPENSSL_free(Z1);
646 OPENSSL_free(Z2);
647
0f113f3e
MC		 648 fprintf(stderr, "Test failed RFC5114 set %d\n", i + 1);
649 return 0;
650}
20bee968 651
f5d7a031 652#endif
A mirror of the official openssl repository