[thirdparty/openssl.git] / test / dsatest.c

/*
 * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

/*
 * DSA low level APIs are deprecated for public use, but still ok for
 * internal use.
 */
#include "internal/deprecated.h"

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/types.h>
#include <sys/stat.h>

#include <openssl/crypto.h>
#include <openssl/rand.h>
#include <openssl/bn.h>
#include <openssl/dsa.h>
#include <openssl/evp.h>
#include <openssl/core_names.h>

#include "testutil.h"
#include "internal/nelem.h"

#ifndef OPENSSL_NO_DSA
static int dsa_cb(int p, int n, BN_GENCB *arg);

static int dsa_test(void)
{
    BN_GENCB *cb;
    DSA *dsa = NULL;
    int counter, ret = 0, i, j;
    unsigned char buf[256];
    unsigned long h;
    unsigned char sig[256];
    unsigned int siglen;
    const BIGNUM *p = NULL, *q = NULL, *g = NULL;
    /*
     * seed, out_p, out_q, out_g are taken from the updated Appendix 5 to FIPS
     * PUB 186 and also appear in Appendix 5 to FIPS PIB 186-1
     */
    static unsigned char seed[20] = {
        0xd5, 0x01, 0x4e, 0x4b, 0x60, 0xef, 0x2b, 0xa8,
        0xb6, 0x21, 0x1b, 0x40, 0x62, 0xba, 0x32, 0x24,
        0xe0, 0x42, 0x7d, 0xd3,
    };
    static unsigned char out_p[] = {
        0x8d, 0xf2, 0xa4, 0x94, 0x49, 0x22, 0x76, 0xaa,
        0x3d, 0x25, 0x75, 0x9b, 0xb0, 0x68, 0x69, 0xcb,
        0xea, 0xc0, 0xd8, 0x3a, 0xfb, 0x8d, 0x0c, 0xf7,
        0xcb, 0xb8, 0x32, 0x4f, 0x0d, 0x78, 0x82, 0xe5,
        0xd0, 0x76, 0x2f, 0xc5, 0xb7, 0x21, 0x0e, 0xaf,
        0xc2, 0xe9, 0xad, 0xac, 0x32, 0xab, 0x7a, 0xac,
        0x49, 0x69, 0x3d, 0xfb, 0xf8, 0x37, 0x24, 0xc2,
        0xec, 0x07, 0x36, 0xee, 0x31, 0xc8, 0x02, 0x91,
    };
    static unsigned char out_q[] = {
        0xc7, 0x73, 0x21, 0x8c, 0x73, 0x7e, 0xc8, 0xee,
        0x99, 0x3b, 0x4f, 0x2d, 0xed, 0x30, 0xf4, 0x8e,
        0xda, 0xce, 0x91, 0x5f,
    };
    static unsigned char out_g[] = {
        0x62, 0x6d, 0x02, 0x78, 0x39, 0xea, 0x0a, 0x13,
        0x41, 0x31, 0x63, 0xa5, 0x5b, 0x4c, 0xb5, 0x00,
        0x29, 0x9d, 0x55, 0x22, 0x95, 0x6c, 0xef, 0xcb,
        0x3b, 0xff, 0x10, 0xf3, 0x99, 0xce, 0x2c, 0x2e,
        0x71, 0xcb, 0x9d, 0xe5, 0xfa, 0x24, 0xba, 0xbf,
        0x58, 0xe5, 0xb7, 0x95, 0x21, 0x92, 0x5c, 0x9c,
        0xc4, 0x2e, 0x9f, 0x6f, 0x46, 0x4b, 0x08, 0x8c,
        0xc5, 0x72, 0xaf, 0x53, 0xe6, 0xd7, 0x88, 0x02,
    };
    static const unsigned char str1[] = "12345678901234567890";

    if (!TEST_ptr(cb = BN_GENCB_new()))
        goto end;

    BN_GENCB_set(cb, dsa_cb, NULL);
    if (!TEST_ptr(dsa = DSA_new())
        || !TEST_true(DSA_generate_parameters_ex(dsa, 512, seed, 20,
                                                &counter, &h, cb)))
        goto end;

    if (!TEST_int_eq(counter, 105))
        goto end;
    if (!TEST_int_eq(h, 2))
        goto end;

    DSA_get0_pqg(dsa, &p, &q, &g);
    i = BN_bn2bin(q, buf);
    j = sizeof(out_q);
    if (!TEST_int_eq(i, j) || !TEST_mem_eq(buf, i, out_q, i))
        goto end;

    i = BN_bn2bin(p, buf);
    j = sizeof(out_p);
    if (!TEST_int_eq(i, j) || !TEST_mem_eq(buf, i, out_p, i))
        goto end;

    i = BN_bn2bin(g, buf);
    j = sizeof(out_g);
    if (!TEST_int_eq(i, j) || !TEST_mem_eq(buf, i, out_g, i))
        goto end;

    DSA_generate_key(dsa);
    DSA_sign(0, str1, 20, sig, &siglen, dsa);
    if (TEST_true(DSA_verify(0, str1, 20, sig, siglen, dsa)))
        ret = 1;

 end:
    DSA_free(dsa);
    BN_GENCB_free(cb);
    return ret;
}

static int dsa_cb(int p, int n, BN_GENCB *arg)
{
    static int ok = 0, num = 0;

    if (p == 0)
        num++;
    if (p == 2)
        ok++;

    if (!ok && (p == 0) && (num > 1)) {
        TEST_error("dsa_cb error");
        return 0;
    }
    return 1;
}

# define P      0
# define Q      1
# define G      2
# define SEED   3
# define PCOUNT 4
# define GINDEX 5
# define HCOUNT 6
# define GROUP  7

static int dsa_keygen_test(void)
{
    int ret = 0;
    EVP_PKEY *param_key = NULL, *key = NULL;
    EVP_PKEY_CTX *pg_ctx = NULL, *kg_ctx = NULL;
    BIGNUM *p_in = NULL, *q_in = NULL, *g_in = NULL;
    BIGNUM *p_out = NULL, *q_out = NULL, *g_out = NULL;
    int gindex_out = 0, pcount_out = 0, hcount_out = 0;
    unsigned char seed_out[32];
    char group_out[32];
    size_t len = 0;
    const OSSL_PARAM *settables = NULL;
    static const unsigned char seed_data[] = {
        0xa6, 0xf5, 0x28, 0x8c, 0x50, 0x77, 0xa5, 0x68,
        0x6d, 0x3a, 0xf5, 0xf1, 0xc6, 0x4c, 0xdc, 0x35,
        0x95, 0x26, 0x3f, 0x03, 0xdc, 0x00, 0x3f, 0x44,
        0x7b, 0x2a, 0xc7, 0x29
    };
    static const unsigned char expected_p[]= {
        0xdb, 0x47, 0x07, 0xaf, 0xf0, 0x06, 0x49, 0x55,
        0xc9, 0xbb, 0x09, 0x41, 0xb8, 0xdb, 0x1f, 0xbc,
        0xa8, 0xed, 0x12, 0x06, 0x7f, 0x88, 0x49, 0xb8,
        0xc9, 0x12, 0x87, 0x21, 0xbb, 0x08, 0x6c, 0xbd,
        0xf1, 0x89, 0xef, 0x84, 0xd9, 0x7a, 0x93, 0xe8,
        0x45, 0x40, 0x81, 0xec, 0x37, 0x27, 0x1a, 0xa4,
        0x22, 0x51, 0x99, 0xf0, 0xde, 0x04, 0xdb, 0xea,
        0xa1, 0xf9, 0x37, 0x83, 0x80, 0x96, 0x36, 0x53,
        0xf6, 0xae, 0x14, 0x73, 0x33, 0x0f, 0xdf, 0x0b,
        0xf9, 0x2f, 0x08, 0x46, 0x31, 0xf9, 0x66, 0xcd,
        0x5a, 0xeb, 0x6c, 0xf3, 0xbb, 0x74, 0xf3, 0x88,
        0xf0, 0x31, 0x5c, 0xa4, 0xc8, 0x0f, 0x86, 0xf3,
        0x0f, 0x9f, 0xc0, 0x8c, 0x57, 0xe4, 0x7f, 0x95,
        0xb3, 0x62, 0xc8, 0x4e, 0xae, 0xf3, 0xd8, 0x14,
        0xcc, 0x47, 0xc2, 0x4b, 0x4f, 0xef, 0xaf, 0xcd,
        0xcf, 0xb2, 0xbb, 0xe8, 0xbe, 0x08, 0xca, 0x15,
        0x90, 0x59, 0x35, 0xef, 0x35, 0x1c, 0xfe, 0xeb,
        0x33, 0x2e, 0x25, 0x22, 0x57, 0x9c, 0x55, 0x23,
        0x0c, 0x6f, 0xed, 0x7c, 0xb6, 0xc7, 0x36, 0x0b,
        0xcb, 0x2b, 0x6a, 0x21, 0xa1, 0x1d, 0x55, 0x77,
        0xd9, 0x91, 0xcd, 0xc1, 0xcd, 0x3d, 0x82, 0x16,
        0x9c, 0xa0, 0x13, 0xa5, 0x83, 0x55, 0x3a, 0x73,
        0x7e, 0x2c, 0x44, 0x3e, 0x70, 0x2e, 0x50, 0x91,
        0x6e, 0xca, 0x3b, 0xef, 0xff, 0x85, 0x35, 0x70,
        0xff, 0x61, 0x0c, 0xb1, 0xb2, 0xb7, 0x94, 0x6f,
        0x65, 0xa4, 0x57, 0x62, 0xef, 0x21, 0x83, 0x0f,
        0x3e, 0x71, 0xae, 0x7d, 0xe4, 0xad, 0xfb, 0xe3,
        0xdd, 0xd6, 0x03, 0xda, 0x9a, 0xd8, 0x8f, 0x2d,
        0xbb, 0x90, 0x87, 0xf8, 0xdb, 0xdc, 0xec, 0x71,
        0xf2, 0xdb, 0x0b, 0x8e, 0xfc, 0x1a, 0x7e, 0x79,
        0xb1, 0x1b, 0x0d, 0xfc, 0x70, 0xec, 0x85, 0xc2,
        0xc5, 0xba, 0xb9, 0x69, 0x3f, 0x88, 0xbc, 0xcb
    };
    static const unsigned char expected_q[]= {
        0x99, 0xb6, 0xa0, 0xee, 0xb3, 0xa6, 0x99, 0x1a,
        0xb6, 0x67, 0x8d, 0xc1, 0x2b, 0x9b, 0xce, 0x2b,
        0x01, 0x72, 0x5a, 0x65, 0x76, 0x3d, 0x93, 0x69,
        0xe2, 0x56, 0xae, 0xd7
    };
    static const unsigned char expected_g[]= {
        0x63, 0xf8, 0xb6, 0xee, 0x2a, 0x27, 0xaf, 0x4f,
        0x4c, 0xf6, 0x08, 0x28, 0x87, 0x4a, 0xe7, 0x1f,
        0x45, 0x46, 0x27, 0x52, 0x3b, 0x7f, 0x6f, 0xd2,
        0x29, 0xcb, 0xe8, 0x11, 0x19, 0x25, 0x35, 0x76,
        0x99, 0xcb, 0x4f, 0x1b, 0xe0, 0xed, 0x32, 0x9e,
        0x05, 0xb5, 0xbe, 0xd7, 0xf6, 0x5a, 0xb2, 0xf6,
        0x0e, 0x0c, 0x7e, 0xf5, 0xe1, 0x05, 0xfe, 0xda,
        0xaf, 0x0f, 0x27, 0x1e, 0x40, 0x2a, 0xf7, 0xa7,
        0x23, 0x49, 0x2c, 0xd9, 0x1b, 0x0a, 0xbe, 0xff,
        0xc7, 0x7c, 0x7d, 0x60, 0xca, 0xa3, 0x19, 0xc3,
        0xb7, 0xe4, 0x43, 0xb0, 0xf5, 0x75, 0x44, 0x90,
        0x46, 0x47, 0xb1, 0xa6, 0x48, 0x0b, 0x21, 0x8e,
        0xee, 0x75, 0xe6, 0x3d, 0xa7, 0xd3, 0x7b, 0x31,
        0xd1, 0xd2, 0x9d, 0xe2, 0x8a, 0xfc, 0x57, 0xfd,
        0x8a, 0x10, 0x31, 0xeb, 0x87, 0x36, 0x3f, 0x65,
        0x72, 0x23, 0x2c, 0xd3, 0xd6, 0x17, 0xa5, 0x62,
        0x58, 0x65, 0x57, 0x6a, 0xd4, 0xa8, 0xfe, 0xec,
        0x57, 0x76, 0x0c, 0xb1, 0x4c, 0x93, 0xed, 0xb0,
        0xb4, 0xf9, 0x45, 0xb3, 0x3e, 0xdd, 0x47, 0xf1,
        0xfb, 0x7d, 0x25, 0x79, 0x3d, 0xfc, 0xa7, 0x39,
        0x90, 0x68, 0x6a, 0x6b, 0xae, 0xf2, 0x6e, 0x64,
        0x8c, 0xfb, 0xb8, 0xdd, 0x76, 0x4e, 0x4a, 0x69,
        0x8c, 0x97, 0x15, 0x77, 0xb2, 0x67, 0xdc, 0xeb,
        0x4a, 0x40, 0x6b, 0xb9, 0x47, 0x8f, 0xa6, 0xab,
        0x6e, 0x98, 0xc0, 0x97, 0x9a, 0x0c, 0xea, 0x00,
        0xfd, 0x56, 0x1a, 0x74, 0x9a, 0x32, 0x6b, 0xfe,
        0xbd, 0xdf, 0x6c, 0x82, 0x54, 0x53, 0x4d, 0x70,
        0x65, 0xe3, 0x8b, 0x37, 0xb8, 0xe4, 0x70, 0x08,
        0xb7, 0x3b, 0x30, 0x27, 0xaf, 0x1c, 0x77, 0xf3,
        0x62, 0xd4, 0x9a, 0x59, 0xba, 0xd1, 0x6e, 0x89,
        0x5c, 0x34, 0x9a, 0xa1, 0xb7, 0x4f, 0x7d, 0x8c,
        0xdc, 0xbc, 0x74, 0x25, 0x5e, 0xbf, 0x77, 0x46
    };
    int expected_c = 1316;
    int expected_h = 2;

    if (!TEST_ptr(p_in = BN_bin2bn(expected_p, sizeof(expected_p), NULL))
        || !TEST_ptr(q_in = BN_bin2bn(expected_q, sizeof(expected_q), NULL))
        || !TEST_ptr(g_in = BN_bin2bn(expected_g, sizeof(expected_g), NULL)))
        goto end;
    if (!TEST_ptr(pg_ctx = EVP_PKEY_CTX_new_from_name(NULL, "DSA", NULL))
        || !TEST_int_gt(EVP_PKEY_paramgen_init(pg_ctx), 0)
        || !TEST_ptr_null(EVP_PKEY_CTX_gettable_params(pg_ctx))
        || !TEST_ptr(settables = EVP_PKEY_CTX_settable_params(pg_ctx))
        || !TEST_ptr(OSSL_PARAM_locate_const(settables,
                                             OSSL_PKEY_PARAM_FFC_PBITS))
        || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_type(pg_ctx, "fips186_4"))
        || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_bits(pg_ctx, 2048))
        || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_q_bits(pg_ctx, 224))
        || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_seed(pg_ctx, seed_data,
                                                         sizeof(seed_data)))
        || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_md_props(pg_ctx, "SHA256",
                                                             ""))
        || !TEST_int_gt(EVP_PKEY_gen(pg_ctx, &param_key), 0)
        || !TEST_ptr(kg_ctx = EVP_PKEY_CTX_new_from_pkey(NULL, param_key, NULL))
        || !TEST_int_gt(EVP_PKEY_keygen_init(kg_ctx), 0)
        || !TEST_int_gt(EVP_PKEY_gen(kg_ctx, &key), 0))
        goto end;

    if (!TEST_true(EVP_PKEY_get_bn_param(key, OSSL_PKEY_PARAM_FFC_P, &p_out))
        || !TEST_BN_eq(p_in, p_out)
        || !TEST_true(EVP_PKEY_get_bn_param(key, OSSL_PKEY_PARAM_FFC_Q, &q_out))
        || !TEST_BN_eq(q_in, q_out)
        || !TEST_true(EVP_PKEY_get_bn_param(key, OSSL_PKEY_PARAM_FFC_G, &g_out))
        || !TEST_BN_eq(g_in, g_out)
        || !TEST_true(EVP_PKEY_get_octet_string_param(
                          key, OSSL_PKEY_PARAM_FFC_SEED, seed_out,
                          sizeof(seed_out), &len))
        || !TEST_mem_eq(seed_out, len, seed_data, sizeof(seed_data))
        || !TEST_true(EVP_PKEY_get_int_param(key, OSSL_PKEY_PARAM_FFC_GINDEX,
                                             &gindex_out))
        || !TEST_int_eq(gindex_out, -1)
        || !TEST_true(EVP_PKEY_get_int_param(key, OSSL_PKEY_PARAM_FFC_H,
                                             &hcount_out))
        || !TEST_int_eq(hcount_out, expected_h)
        || !TEST_true(EVP_PKEY_get_int_param(key,
                                             OSSL_PKEY_PARAM_FFC_PCOUNTER,
                                             &pcount_out))
        || !TEST_int_eq(pcount_out, expected_c)
        || !TEST_false(EVP_PKEY_get_utf8_string_param(key,
                                                      OSSL_PKEY_PARAM_GROUP_NAME,
                                                      group_out,
                                                      sizeof(group_out), &len)))
        goto end;
    ret = 1;
end:
    BN_free(p_in);
    BN_free(q_in);
    BN_free(g_in);
    BN_free(p_out);
    BN_free(q_out);
    BN_free(g_out);
    EVP_PKEY_free(param_key);
    EVP_PKEY_free(key);
    EVP_PKEY_CTX_free(kg_ctx);
    EVP_PKEY_CTX_free(pg_ctx);
    return ret;
}

static int test_dsa_default_paramgen_validate(int i)
{
    int ret;
    EVP_PKEY_CTX *gen_ctx = NULL;
    EVP_PKEY_CTX *check_ctx = NULL;
    EVP_PKEY *params = NULL;

    ret = TEST_ptr(gen_ctx = EVP_PKEY_CTX_new_from_name(NULL, "DSA", NULL))
          && TEST_int_gt(EVP_PKEY_paramgen_init(gen_ctx), 0)
          && (i == 0
              || TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_bits(gen_ctx, 512)))
          && TEST_int_gt(EVP_PKEY_gen(gen_ctx, &params), 0)
          && TEST_ptr(check_ctx = EVP_PKEY_CTX_new_from_pkey(NULL, params, NULL))
          && TEST_int_gt(EVP_PKEY_param_check(check_ctx), 0);

    EVP_PKEY_free(params);
    EVP_PKEY_CTX_free(check_ctx);
    EVP_PKEY_CTX_free(gen_ctx);
    return ret;
}

#endif /* OPENSSL_NO_DSA */

int setup_tests(void)
{
#ifndef OPENSSL_NO_DSA
    ADD_TEST(dsa_test);
    ADD_TEST(dsa_keygen_test);
    ADD_ALL_TESTS(test_dsa_default_paramgen_validate, 2);
#endif
    return 1;
}
Commit	Line	Data
440e5d80	1	/*
3c2bdd7d	2	* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
d02b48c6	3	*
909f1a2e	4	* Licensed under the Apache License 2.0 (the "License"). You may not use
440e5d80 RS	5	* this file except in compliance with the License. You can obtain a copy
	6	* in the file LICENSE in the source distribution or at
	7	* https://www.openssl.org/source/license.html
d02b48c6 RE	8	*/
d02b48c6 RE	9
f41ac0ee P	10	/*
	11	* DSA low level APIs are deprecated for public use, but still ok for
	12	* internal use.
	13	*/
	14	#include "internal/deprecated.h"
	15
d02b48c6 RE	16	#include <stdio.h>
	17	#include <stdlib.h>
	18	#include <string.h>
	19	#include <sys/types.h>
	20	#include <sys/stat.h>
55f78baf	21
ec577822 BM	22	#include <openssl/crypto.h>
ec577822 BM	23	#include <openssl/rand.h>
3eeaab4b	24	#include <openssl/bn.h>
93d02986	25	#include <openssl/dsa.h>
b03ec3b5 SL	26	#include <openssl/evp.h>
b03ec3b5 SL	27	#include <openssl/core_names.h>
d02b48c6	28
93d02986	29	#include "testutil.h"
176db6dc	30	#include "internal/nelem.h"
f5d7a031	31
81813776	32	#ifndef OPENSSL_NO_DSA
6d23cf97	33	static int dsa_cb(int p, int n, BN_GENCB *arg);
a87030a1	34
93d02986	35	static int dsa_test(void)
0f113f3e MC	36	{
	37	BN_GENCB *cb;
	38	DSA *dsa = NULL;
	39	int counter, ret = 0, i, j;
	40	unsigned char buf[256];
	41	unsigned long h;
	42	unsigned char sig[256];
	43	unsigned int siglen;
b84e1226	44	const BIGNUM p = NULL, q = NULL, *g = NULL;
b03ec3b5 SL	45	/*
	46	* seed, out_p, out_q, out_g are taken from the updated Appendix 5 to FIPS
	47	* PUB 186 and also appear in Appendix 5 to FIPS PIB 186-1
	48	*/
	49	static unsigned char seed[20] = {
	50	0xd5, 0x01, 0x4e, 0x4b, 0x60, 0xef, 0x2b, 0xa8,
	51	0xb6, 0x21, 0x1b, 0x40, 0x62, 0xba, 0x32, 0x24,
	52	0xe0, 0x42, 0x7d, 0xd3,
	53	};
	54	static unsigned char out_p[] = {
	55	0x8d, 0xf2, 0xa4, 0x94, 0x49, 0x22, 0x76, 0xaa,
	56	0x3d, 0x25, 0x75, 0x9b, 0xb0, 0x68, 0x69, 0xcb,
	57	0xea, 0xc0, 0xd8, 0x3a, 0xfb, 0x8d, 0x0c, 0xf7,
	58	0xcb, 0xb8, 0x32, 0x4f, 0x0d, 0x78, 0x82, 0xe5,
	59	0xd0, 0x76, 0x2f, 0xc5, 0xb7, 0x21, 0x0e, 0xaf,
	60	0xc2, 0xe9, 0xad, 0xac, 0x32, 0xab, 0x7a, 0xac,
	61	0x49, 0x69, 0x3d, 0xfb, 0xf8, 0x37, 0x24, 0xc2,
	62	0xec, 0x07, 0x36, 0xee, 0x31, 0xc8, 0x02, 0x91,
	63	};
	64	static unsigned char out_q[] = {
	65	0xc7, 0x73, 0x21, 0x8c, 0x73, 0x7e, 0xc8, 0xee,
	66	0x99, 0x3b, 0x4f, 0x2d, 0xed, 0x30, 0xf4, 0x8e,
	67	0xda, 0xce, 0x91, 0x5f,
	68	};
	69	static unsigned char out_g[] = {
	70	0x62, 0x6d, 0x02, 0x78, 0x39, 0xea, 0x0a, 0x13,
	71	0x41, 0x31, 0x63, 0xa5, 0x5b, 0x4c, 0xb5, 0x00,
	72	0x29, 0x9d, 0x55, 0x22, 0x95, 0x6c, 0xef, 0xcb,
	73	0x3b, 0xff, 0x10, 0xf3, 0x99, 0xce, 0x2c, 0x2e,
	74	0x71, 0xcb, 0x9d, 0xe5, 0xfa, 0x24, 0xba, 0xbf,
	75	0x58, 0xe5, 0xb7, 0x95, 0x21, 0x92, 0x5c, 0x9c,
	76	0xc4, 0x2e, 0x9f, 0x6f, 0x46, 0x4b, 0x08, 0x8c,
	77	0xc5, 0x72, 0xaf, 0x53, 0xe6, 0xd7, 0x88, 0x02,
	78	};
	79	static const unsigned char str1[] = "12345678901234567890";
0f113f3e	80
93d02986	81	if (!TEST_ptr(cb = BN_GENCB_new()))
0f113f3e MC	82	goto end;
0f113f3e MC	83
93d02986 RS	84	BN_GENCB_set(cb, dsa_cb, NULL);
	85	if (!TEST_ptr(dsa = DSA_new())
	86	\|\| !TEST_true(DSA_generate_parameters_ex(dsa, 512, seed, 20,
	87	&counter, &h, cb)))
0f113f3e MC	88	goto end;
0f113f3e MC	89
93d02986	90	if (!TEST_int_eq(counter, 105))
0f113f3e	91	goto end;
93d02986	92	if (!TEST_int_eq(h, 2))
0f113f3e	93	goto end;
0f113f3e	94
6e9fa57c MC	95	DSA_get0_pqg(dsa, &p, &q, &g);
6e9fa57c MC	96	i = BN_bn2bin(q, buf);
0f113f3e	97	j = sizeof(out_q);
93d02986	98	if (!TEST_int_eq(i, j) \|\| !TEST_mem_eq(buf, i, out_q, i))
0f113f3e	99	goto end;
0f113f3e	100
6e9fa57c	101	i = BN_bn2bin(p, buf);
0f113f3e	102	j = sizeof(out_p);
93d02986	103	if (!TEST_int_eq(i, j) \|\| !TEST_mem_eq(buf, i, out_p, i))
0f113f3e	104	goto end;
0f113f3e	105
6e9fa57c	106	i = BN_bn2bin(g, buf);
0f113f3e	107	j = sizeof(out_g);
93d02986	108	if (!TEST_int_eq(i, j) \|\| !TEST_mem_eq(buf, i, out_g, i))
0f113f3e	109	goto end;
0f113f3e	110
0f113f3e MC	111	DSA_generate_key(dsa);
0f113f3e MC	112	DSA_sign(0, str1, 20, sig, &siglen, dsa);
93d02986	113	if (TEST_true(DSA_verify(0, str1, 20, sig, siglen, dsa)))
0f113f3e MC	114	ret = 1;
	115
	116	end:
d6407083	117	DSA_free(dsa);
23a1d5e9	118	BN_GENCB_free(cb);
93d02986	119	return ret;
0f113f3e	120	}
d02b48c6	121
6d23cf97	122	static int dsa_cb(int p, int n, BN_GENCB *arg)
0f113f3e	123	{
0f113f3e MC	124	static int ok = 0, num = 0;
0f113f3e MC	125
93d02986	126	if (p == 0)
0f113f3e	127	num++;
93d02986	128	if (p == 2)
0f113f3e	129	ok++;
0f113f3e MC	130
0f113f3e MC	131	if (!ok && (p == 0) && (num > 1)) {
93d02986	132	TEST_error("dsa_cb error");
0f113f3e MC	133	return 0;
	134	}
	135	return 1;
	136	}
b03ec3b5 SL	137
	138	# define P 0
	139	# define Q 1
	140	# define G 2
	141	# define SEED 3
	142	# define PCOUNT 4
	143	# define GINDEX 5
	144	# define HCOUNT 6
	145	# define GROUP 7
	146
	147	static int dsa_keygen_test(void)
	148	{
	149	int ret = 0;
	150	EVP_PKEY param_key = NULL, key = NULL;
	151	EVP_PKEY_CTX pg_ctx = NULL, kg_ctx = NULL;
	152	BIGNUM p_in = NULL, q_in = NULL, *g_in = NULL;
	153	BIGNUM p_out = NULL, q_out = NULL, *g_out = NULL;
	154	int gindex_out = 0, pcount_out = 0, hcount_out = 0;
	155	unsigned char seed_out[32];
	156	char group_out[32];
	157	size_t len = 0;
5e77b79a	158	const OSSL_PARAM *settables = NULL;
b03ec3b5 SL	159	static const unsigned char seed_data[] = {
	160	0xa6, 0xf5, 0x28, 0x8c, 0x50, 0x77, 0xa5, 0x68,
	161	0x6d, 0x3a, 0xf5, 0xf1, 0xc6, 0x4c, 0xdc, 0x35,
	162	0x95, 0x26, 0x3f, 0x03, 0xdc, 0x00, 0x3f, 0x44,
	163	0x7b, 0x2a, 0xc7, 0x29
	164	};
	165	static const unsigned char expected_p[]= {
	166	0xdb, 0x47, 0x07, 0xaf, 0xf0, 0x06, 0x49, 0x55,
	167	0xc9, 0xbb, 0x09, 0x41, 0xb8, 0xdb, 0x1f, 0xbc,
	168	0xa8, 0xed, 0x12, 0x06, 0x7f, 0x88, 0x49, 0xb8,
	169	0xc9, 0x12, 0x87, 0x21, 0xbb, 0x08, 0x6c, 0xbd,
	170	0xf1, 0x89, 0xef, 0x84, 0xd9, 0x7a, 0x93, 0xe8,
	171	0x45, 0x40, 0x81, 0xec, 0x37, 0x27, 0x1a, 0xa4,
	172	0x22, 0x51, 0x99, 0xf0, 0xde, 0x04, 0xdb, 0xea,
	173	0xa1, 0xf9, 0x37, 0x83, 0x80, 0x96, 0x36, 0x53,
	174	0xf6, 0xae, 0x14, 0x73, 0x33, 0x0f, 0xdf, 0x0b,
	175	0xf9, 0x2f, 0x08, 0x46, 0x31, 0xf9, 0x66, 0xcd,
	176	0x5a, 0xeb, 0x6c, 0xf3, 0xbb, 0x74, 0xf3, 0x88,
	177	0xf0, 0x31, 0x5c, 0xa4, 0xc8, 0x0f, 0x86, 0xf3,
	178	0x0f, 0x9f, 0xc0, 0x8c, 0x57, 0xe4, 0x7f, 0x95,
	179	0xb3, 0x62, 0xc8, 0x4e, 0xae, 0xf3, 0xd8, 0x14,
	180	0xcc, 0x47, 0xc2, 0x4b, 0x4f, 0xef, 0xaf, 0xcd,
	181	0xcf, 0xb2, 0xbb, 0xe8, 0xbe, 0x08, 0xca, 0x15,
	182	0x90, 0x59, 0x35, 0xef, 0x35, 0x1c, 0xfe, 0xeb,
	183	0x33, 0x2e, 0x25, 0x22, 0x57, 0x9c, 0x55, 0x23,
	184	0x0c, 0x6f, 0xed, 0x7c, 0xb6, 0xc7, 0x36, 0x0b,
	185	0xcb, 0x2b, 0x6a, 0x21, 0xa1, 0x1d, 0x55, 0x77,
	186	0xd9, 0x91, 0xcd, 0xc1, 0xcd, 0x3d, 0x82, 0x16,
	187	0x9c, 0xa0, 0x13, 0xa5, 0x83, 0x55, 0x3a, 0x73,
	188	0x7e, 0x2c, 0x44, 0x3e, 0x70, 0x2e, 0x50, 0x91,
	189	0x6e, 0xca, 0x3b, 0xef, 0xff, 0x85, 0x35, 0x70,
	190	0xff, 0x61, 0x0c, 0xb1, 0xb2, 0xb7, 0x94, 0x6f,
	191	0x65, 0xa4, 0x57, 0x62, 0xef, 0x21, 0x83, 0x0f,
	192	0x3e, 0x71, 0xae, 0x7d, 0xe4, 0xad, 0xfb, 0xe3,
	193	0xdd, 0xd6, 0x03, 0xda, 0x9a, 0xd8, 0x8f, 0x2d,
	194	0xbb, 0x90, 0x87, 0xf8, 0xdb, 0xdc, 0xec, 0x71,
	195	0xf2, 0xdb, 0x0b, 0x8e, 0xfc, 0x1a, 0x7e, 0x79,
	196	0xb1, 0x1b, 0x0d, 0xfc, 0x70, 0xec, 0x85, 0xc2,
	197	0xc5, 0xba, 0xb9, 0x69, 0x3f, 0x88, 0xbc, 0xcb
	198	};
	199	static const unsigned char expected_q[]= {
	200	0x99, 0xb6, 0xa0, 0xee, 0xb3, 0xa6, 0x99, 0x1a,
	201	0xb6, 0x67, 0x8d, 0xc1, 0x2b, 0x9b, 0xce, 0x2b,
	202	0x01, 0x72, 0x5a, 0x65, 0x76, 0x3d, 0x93, 0x69,
	203	0xe2, 0x56, 0xae, 0xd7
	204	};
	205	static const unsigned char expected_g[]= {
	206	0x63, 0xf8, 0xb6, 0xee, 0x2a, 0x27, 0xaf, 0x4f,
	207	0x4c, 0xf6, 0x08, 0x28, 0x87, 0x4a, 0xe7, 0x1f,
	208	0x45, 0x46, 0x27, 0x52, 0x3b, 0x7f, 0x6f, 0xd2,
	209	0x29, 0xcb, 0xe8, 0x11, 0x19, 0x25, 0x35, 0x76,
	210	0x99, 0xcb, 0x4f, 0x1b, 0xe0, 0xed, 0x32, 0x9e,
	211	0x05, 0xb5, 0xbe, 0xd7, 0xf6, 0x5a, 0xb2, 0xf6,
	212	0x0e, 0x0c, 0x7e, 0xf5, 0xe1, 0x05, 0xfe, 0xda,
	213	0xaf, 0x0f, 0x27, 0x1e, 0x40, 0x2a, 0xf7, 0xa7,
	214	0x23, 0x49, 0x2c, 0xd9, 0x1b, 0x0a, 0xbe, 0xff,
	215	0xc7, 0x7c, 0x7d, 0x60, 0xca, 0xa3, 0x19, 0xc3,
	216	0xb7, 0xe4, 0x43, 0xb0, 0xf5, 0x75, 0x44, 0x90,
	217	0x46, 0x47, 0xb1, 0xa6, 0x48, 0x0b, 0x21, 0x8e,
	218	0xee, 0x75, 0xe6, 0x3d, 0xa7, 0xd3, 0x7b, 0x31,
	219	0xd1, 0xd2, 0x9d, 0xe2, 0x8a, 0xfc, 0x57, 0xfd,
	220	0x8a, 0x10, 0x31, 0xeb, 0x87, 0x36, 0x3f, 0x65,
	221	0x72, 0x23, 0x2c, 0xd3, 0xd6, 0x17, 0xa5, 0x62,
	222	0x58, 0x65, 0x57, 0x6a, 0xd4, 0xa8, 0xfe, 0xec,
223	0x57, 0x76, 0x0c, 0xb1, 0x4c, 0x93, 0xed, 0xb0,
224	0xb4, 0xf9, 0x45, 0xb3, 0x3e, 0xdd, 0x47, 0xf1,
225	0xfb, 0x7d, 0x25, 0x79, 0x3d, 0xfc, 0xa7, 0x39,
226	0x90, 0x68, 0x6a, 0x6b, 0xae, 0xf2, 0x6e, 0x64,
227	0x8c, 0xfb, 0xb8, 0xdd, 0x76, 0x4e, 0x4a, 0x69,
228	0x8c, 0x97, 0x15, 0x77, 0xb2, 0x67, 0xdc, 0xeb,
229	0x4a, 0x40, 0x6b, 0xb9, 0x47, 0x8f, 0xa6, 0xab,
230	0x6e, 0x98, 0xc0, 0x97, 0x9a, 0x0c, 0xea, 0x00,
231	0xfd, 0x56, 0x1a, 0x74, 0x9a, 0x32, 0x6b, 0xfe,
232	0xbd, 0xdf, 0x6c, 0x82, 0x54, 0x53, 0x4d, 0x70,
233	0x65, 0xe3, 0x8b, 0x37, 0xb8, 0xe4, 0x70, 0x08,
234	0xb7, 0x3b, 0x30, 0x27, 0xaf, 0x1c, 0x77, 0xf3,
235	0x62, 0xd4, 0x9a, 0x59, 0xba, 0xd1, 0x6e, 0x89,
236	0x5c, 0x34, 0x9a, 0xa1, 0xb7, 0x4f, 0x7d, 0x8c,
237	0xdc, 0xbc, 0x74, 0x25, 0x5e, 0xbf, 0x77, 0x46
238	};
239	int expected_c = 1316;
240	int expected_h = 2;
241
242	if (!TEST_ptr(p_in = BN_bin2bn(expected_p, sizeof(expected_p), NULL))
243	\|\| !TEST_ptr(q_in = BN_bin2bn(expected_q, sizeof(expected_q), NULL))
244	\|\| !TEST_ptr(g_in = BN_bin2bn(expected_g, sizeof(expected_g), NULL)))
245	goto end;
246	if (!TEST_ptr(pg_ctx = EVP_PKEY_CTX_new_from_name(NULL, "DSA", NULL))
247	\|\| !TEST_int_gt(EVP_PKEY_paramgen_init(pg_ctx), 0)
5e77b79a SL	248	\|\| !TEST_ptr_null(EVP_PKEY_CTX_gettable_params(pg_ctx))
	249	\|\| !TEST_ptr(settables = EVP_PKEY_CTX_settable_params(pg_ctx))
	250	\|\| !TEST_ptr(OSSL_PARAM_locate_const(settables,
	251	OSSL_PKEY_PARAM_FFC_PBITS))
f1d66708	252	\|\| !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_type(pg_ctx, "fips186_4"))
b03ec3b5 SL	253	\|\| !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_bits(pg_ctx, 2048))
	254	\|\| !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_q_bits(pg_ctx, 224))
	255	\|\| !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_seed(pg_ctx, seed_data,
	256	sizeof(seed_data)))
	257	\|\| !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_md_props(pg_ctx, "SHA256",
	258	""))
	259	\|\| !TEST_int_gt(EVP_PKEY_gen(pg_ctx, &param_key), 0)
	260	\|\| !TEST_ptr(kg_ctx = EVP_PKEY_CTX_new_from_pkey(NULL, param_key, NULL))
	261	\|\| !TEST_int_gt(EVP_PKEY_keygen_init(kg_ctx), 0)
	262	\|\| !TEST_int_gt(EVP_PKEY_gen(kg_ctx, &key), 0))
	263	goto end;
	264
	265	if (!TEST_true(EVP_PKEY_get_bn_param(key, OSSL_PKEY_PARAM_FFC_P, &p_out))
	266	\|\| !TEST_BN_eq(p_in, p_out)
	267	\|\| !TEST_true(EVP_PKEY_get_bn_param(key, OSSL_PKEY_PARAM_FFC_Q, &q_out))
	268	\|\| !TEST_BN_eq(q_in, q_out)
	269	\|\| !TEST_true(EVP_PKEY_get_bn_param(key, OSSL_PKEY_PARAM_FFC_G, &g_out))
	270	\|\| !TEST_BN_eq(g_in, g_out)
	271	\|\| !TEST_true(EVP_PKEY_get_octet_string_param(
	272	key, OSSL_PKEY_PARAM_FFC_SEED, seed_out,
	273	sizeof(seed_out), &len))
	274	\|\| !TEST_mem_eq(seed_out, len, seed_data, sizeof(seed_data))
	275	\|\| !TEST_true(EVP_PKEY_get_int_param(key, OSSL_PKEY_PARAM_FFC_GINDEX,
	276	&gindex_out))
	277	\|\| !TEST_int_eq(gindex_out, -1)
	278	\|\| !TEST_true(EVP_PKEY_get_int_param(key, OSSL_PKEY_PARAM_FFC_H,
	279	&hcount_out))
	280	\|\| !TEST_int_eq(hcount_out, expected_h)
	281	\|\| !TEST_true(EVP_PKEY_get_int_param(key,
	282	OSSL_PKEY_PARAM_FFC_PCOUNTER,
	283	&pcount_out))
	284	\|\| !TEST_int_eq(pcount_out, expected_c)
	285	\|\| !TEST_false(EVP_PKEY_get_utf8_string_param(key,
023b188c	286	OSSL_PKEY_PARAM_GROUP_NAME,
b03ec3b5 SL	287	group_out,
	288	sizeof(group_out), &len)))
	289	goto end;
	290	ret = 1;
	291	end:
	292	BN_free(p_in);
	293	BN_free(q_in);
	294	BN_free(g_in);
	295	BN_free(p_out);
	296	BN_free(q_out);
	297	BN_free(g_out);
	298	EVP_PKEY_free(param_key);
	299	EVP_PKEY_free(key);
	300	EVP_PKEY_CTX_free(kg_ctx);
	301	EVP_PKEY_CTX_free(pg_ctx);
	302	return ret;
	303	}
	304
3a37ddde SL	305	static int test_dsa_default_paramgen_validate(int i)
	306	{
	307	int ret;
	308	EVP_PKEY_CTX *gen_ctx = NULL;
	309	EVP_PKEY_CTX *check_ctx = NULL;
	310	EVP_PKEY *params = NULL;
	311
	312	ret = TEST_ptr(gen_ctx = EVP_PKEY_CTX_new_from_name(NULL, "DSA", NULL))
	313	&& TEST_int_gt(EVP_PKEY_paramgen_init(gen_ctx), 0)
	314	&& (i == 0
	315	\|\| TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_bits(gen_ctx, 512)))
	316	&& TEST_int_gt(EVP_PKEY_gen(gen_ctx, &params), 0)
	317	&& TEST_ptr(check_ctx = EVP_PKEY_CTX_new_from_pkey(NULL, params, NULL))
	318	&& TEST_int_gt(EVP_PKEY_param_check(check_ctx), 0);
	319
	320	EVP_PKEY_free(params);
	321	EVP_PKEY_CTX_free(check_ctx);
	322	EVP_PKEY_CTX_free(gen_ctx);
	323	return ret;
	324	}
	325
81813776	326	#endif /* OPENSSL_NO_DSA */
93d02986	327
ad887416	328	int setup_tests(void)
93d02986 RS	329	{
	330	#ifndef OPENSSL_NO_DSA
	331	ADD_TEST(dsa_test);
b03ec3b5	332	ADD_TEST(dsa_keygen_test);
3a37ddde	333	ADD_ALL_TESTS(test_dsa_default_paramgen_validate, 2);
f5d7a031	334	#endif
ad887416	335	return 1;
93d02986	336	}