]> git.ipfire.org Git - thirdparty/openssl.git/blame - test/evp_libctx_test.c
projects / thirdparty / openssl.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Implement EVP_PKEY_dup() function
[thirdparty/openssl.git] / test / evp_libctx_test.c
CommitLineData
63794b04 1/*
4333b89f 2 * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
63794b04
SL		 3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10/*
11
12 * These tests are setup to load null into the default library context.
13 * Any tests are expected to use the created 'libctx' to find algorithms.
14 * The framework runs the tests twice using the 'default' provider or
15 * 'fips' provider as inputs.
16 */
17
18/*
19 * DSA/DH low level APIs are deprecated for public use, but still ok for
20 * internal use.
21 */
22#include "internal/deprecated.h"
23#include <openssl/evp.h>
24#include <openssl/provider.h>
25#include <openssl/dsa.h>
fcdd228b 26#include <openssl/dh.h>
90409da6 27#include <openssl/safestack.h>
f49d4860 28#include <openssl/core_dispatch.h>
80f4fd18 29#include <openssl/core_names.h>
116d2510 30#include <openssl/x509.h>
f49d4860 31#include <openssl/encoder.h>
63794b04
SL		 32#include "testutil.h"
33#include "internal/nelem.h"
90409da6
SL		 34#include "crypto/bn_dh.h" /* _bignum_ffdhe2048_p */
35#include "../e_os.h" /* strcasecmp */
36
b4250010 37static OSSL_LIB_CTX *libctx = NULL;
63794b04
SL		 38static OSSL_PROVIDER *nullprov = NULL;
39static OSSL_PROVIDER *libprov = NULL;
90409da6 40static STACK_OF(OPENSSL_CSTRING) *cipher_names = NULL;
63794b04
SL		 41
42typedef enum OPTION_choice {
43 OPT_ERR = -1,
44 OPT_EOF = 0,
45 OPT_CONFIG_FILE,
46 OPT_PROVIDER_NAME,
47 OPT_TEST_ENUM
48} OPTION_CHOICE;
49
50const OPTIONS *test_get_options(void)
51{
52 static const OPTIONS test_options[] = {
53 OPT_TEST_OPTIONS_DEFAULT_USAGE,
54 { "config", OPT_CONFIG_FILE, '<',
55 "The configuration file to use for the libctx" },
56 { "provider", OPT_PROVIDER_NAME, 's',
57 "The provider to load (The default value is 'default'" },
58 { NULL }
59 };
60 return test_options;
61}
62
fcdd228b 63#ifndef OPENSSL_NO_DH
63794b04
SL		 64static const char *getname(int id)
65{
66 const char *name[] = {"p", "q", "g" };
67
68 if (id >= 0 && id < 3)
69 return name[id];
70 return "?";
71}
72#endif
73
fcdd228b
MC		 74/*
75 * We're using some DH specific values in this test, so we skip compilation if
76 * we're in a no-dh build.
77 */
78#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DH)
63794b04
SL		 79
80static int test_dsa_param_keygen(int tstid)
81{
82 int ret = 0;
83 int expected;
84 EVP_PKEY_CTX *gen_ctx = NULL;
85 EVP_PKEY *pkey_parm = NULL;
2145ba5e 86 EVP_PKEY *pkey = NULL, *dup_pk = NULL;
63794b04
SL		 87 DSA *dsa = NULL;
88 int pind, qind, gind;
89 BIGNUM *p = NULL, *q = NULL, *g = NULL;
90
91 /*
92 * Just grab some fixed dh p, q, g values for testing,
93 * these 'safe primes' should not be used normally for dsa *.
94 */
95 static const BIGNUM *bn[] = {
94553e85
SL		 96 &ossl_bignum_dh2048_256_p, &ossl_bignum_dh2048_256_q,
97 &ossl_bignum_dh2048_256_g
63794b04
SL		 98 };
99
100 /*
101 * These tests are using bad values for p, q, g by reusing the values.
102 * A value of 0 uses p, 1 uses q and 2 uses g.
103 * There are 27 different combinations, with only the 1 valid combination.
104 */
105 pind = tstid / 9;
106 qind = (tstid / 3) % 3;
107 gind = tstid % 3;
108 expected = (pind == 0 && qind == 1 && gind == 2);
109
110 TEST_note("Testing with (p, q, g) = (%s, %s, %s)\n", getname(pind),
111 getname(qind), getname(gind));
112
113 if (!TEST_ptr(pkey_parm = EVP_PKEY_new())
114 || !TEST_ptr(dsa = DSA_new())
115 || !TEST_ptr(p = BN_dup(bn[pind]))
116 || !TEST_ptr(q = BN_dup(bn[qind]))
117 || !TEST_ptr(g = BN_dup(bn[gind]))
118 || !TEST_true(DSA_set0_pqg(dsa, p, q, g)))
119 goto err;
120 p = q = g = NULL;
121
122 if (!TEST_true(EVP_PKEY_assign_DSA(pkey_parm, dsa)))
123 goto err;
124 dsa = NULL;
125
126 if (!TEST_ptr(gen_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey_parm, NULL))
127 || !TEST_int_gt(EVP_PKEY_keygen_init(gen_ctx), 0)
128 || !TEST_int_eq(EVP_PKEY_keygen(gen_ctx, &pkey), expected))
129 goto err;
2145ba5e
TM		 130
131 if (expected) {
132 if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pkey))
133 || !TEST_int_eq(EVP_PKEY_eq(pkey, dup_pk), 1))
134 goto err;
135 }
136
63794b04
SL		 137 ret = 1;
138err:
139 EVP_PKEY_free(pkey);
2145ba5e 140 EVP_PKEY_free(dup_pk);
63794b04
SL		 141 EVP_PKEY_CTX_free(gen_ctx);
142 EVP_PKEY_free(pkey_parm);
143 DSA_free(dsa);
144 BN_free(g);
145 BN_free(q);
146 BN_free(p);
147 return ret;
148}
149#endif /* OPENSSL_NO_DSA */
150
151#ifndef OPENSSL_NO_DH
152static int do_dh_param_keygen(int tstid, const BIGNUM **bn)
153{
154 int ret = 0;
155 int expected;
156 EVP_PKEY_CTX *gen_ctx = NULL;
157 EVP_PKEY *pkey_parm = NULL;
2145ba5e 158 EVP_PKEY *pkey = NULL, *dup_pk = NULL;
63794b04
SL		 159 DH *dh = NULL;
160 int pind, qind, gind;
161 BIGNUM *p = NULL, *q = NULL, *g = NULL;
162
163 /*
164 * These tests are using bad values for p, q, g by reusing the values.
165 * A value of 0 uses p, 1 uses q and 2 uses g.
166 * There are 27 different combinations, with only the 1 valid combination.
167 */
168 pind = tstid / 9;
169 qind = (tstid / 3) % 3;
170 gind = tstid % 3;
171 expected = (pind == 0 && qind == 1 && gind == 2);
172
173 TEST_note("Testing with (p, q, g) = (%s, %s, %s)", getname(pind),
174 getname(qind), getname(gind));
175
176 if (!TEST_ptr(pkey_parm = EVP_PKEY_new())
177 || !TEST_ptr(dh = DH_new())
178 || !TEST_ptr(p = BN_dup(bn[pind]))
179 || !TEST_ptr(q = BN_dup(bn[qind]))
180 || !TEST_ptr(g = BN_dup(bn[gind]))
181 || !TEST_true(DH_set0_pqg(dh, p, q, g)))
182 goto err;
183 p = q = g = NULL;
184
185 if (!TEST_true(EVP_PKEY_assign_DH(pkey_parm, dh)))
186 goto err;
187 dh = NULL;
188
189 if (!TEST_ptr(gen_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey_parm, NULL))
190 || !TEST_int_gt(EVP_PKEY_keygen_init(gen_ctx), 0)
191 || !TEST_int_eq(EVP_PKEY_keygen(gen_ctx, &pkey), expected))
192 goto err;
2145ba5e
TM		 193
194 if (expected) {
195 if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pkey))
196 || !TEST_int_eq(EVP_PKEY_eq(pkey, dup_pk), 1))
197 goto err;
198 }
199
63794b04
SL		 200 ret = 1;
201err:
202 EVP_PKEY_free(pkey);
2145ba5e 203 EVP_PKEY_free(dup_pk);
63794b04
SL		 204 EVP_PKEY_CTX_free(gen_ctx);
205 EVP_PKEY_free(pkey_parm);
206 DH_free(dh);
207 BN_free(g);
208 BN_free(q);
209 BN_free(p);
210 return ret;
211}
212
213/*
214 * Note that we get the fips186-4 path being run for most of these cases since
215 * the internal code will detect that the p, q, g does not match a safe prime
216 * group (Except for when tstid = 5, which sets the correct p, q, g)
217 */
218static int test_dh_safeprime_param_keygen(int tstid)
219{
220 static const BIGNUM *bn[] = {
94553e85
SL		 221 &ossl_bignum_ffdhe2048_p, &ossl_bignum_ffdhe2048_q,
222 &ossl_bignum_const_2
63794b04
SL		 223 };
224 return do_dh_param_keygen(tstid, bn);
225}
116d2510
SL		 226
227static int dhx_cert_load(void)
228{
229 int ret = 0;
230 X509 *cert = NULL;
231 BIO *bio = NULL;
232
233 static const unsigned char dhx_cert[] = {
234 0x30,0x82,0x03,0xff,0x30,0x82,0x02,0xe7,0xa0,0x03,0x02,0x01,0x02,0x02,0x09,0x00,
235 0xdb,0xf5,0x4d,0x22,0xa0,0x7a,0x67,0xa6,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,
236 0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x30,0x44,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,
237 0x04,0x06,0x13,0x02,0x55,0x4b,0x31,0x16,0x30,0x14,0x06,0x03,0x55,0x04,0x0a,0x0c,
238 0x0d,0x4f,0x70,0x65,0x6e,0x53,0x53,0x4c,0x20,0x47,0x72,0x6f,0x75,0x70,0x31,0x1d,
239 0x30,0x1b,0x06,0x03,0x55,0x04,0x03,0x0c,0x14,0x54,0x65,0x73,0x74,0x20,0x53,0x2f,
240 0x4d,0x49,0x4d,0x45,0x20,0x52,0x53,0x41,0x20,0x52,0x6f,0x6f,0x74,0x30,0x1e,0x17,
241 0x0d,0x31,0x33,0x30,0x38,0x30,0x32,0x31,0x34,0x34,0x39,0x32,0x39,0x5a,0x17,0x0d,
242 0x32,0x33,0x30,0x36,0x31,0x31,0x31,0x34,0x34,0x39,0x32,0x39,0x5a,0x30,0x44,0x31,
243 0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x4b,0x31,0x16,0x30,0x14,
244 0x06,0x03,0x55,0x04,0x0a,0x0c,0x0d,0x4f,0x70,0x65,0x6e,0x53,0x53,0x4c,0x20,0x47,
245 0x72,0x6f,0x75,0x70,0x31,0x1d,0x30,0x1b,0x06,0x03,0x55,0x04,0x03,0x0c,0x14,0x54,
246 0x65,0x73,0x74,0x20,0x53,0x2f,0x4d,0x49,0x4d,0x45,0x20,0x45,0x45,0x20,0x44,0x48,
247 0x20,0x23,0x31,0x30,0x82,0x01,0xb6,0x30,0x82,0x01,0x2b,0x06,0x07,0x2a,0x86,0x48,
248 0xce,0x3e,0x02,0x01,0x30,0x82,0x01,0x1e,0x02,0x81,0x81,0x00,0xd4,0x0c,0x4a,0x0c,
249 0x04,0x72,0x71,0x19,0xdf,0x59,0x19,0xc5,0xaf,0x44,0x7f,0xca,0x8e,0x2b,0xf0,0x09,
250 0xf5,0xd3,0x25,0xb1,0x73,0x16,0x55,0x89,0xdf,0xfd,0x07,0xaf,0x19,0xd3,0x7f,0xd0,
251 0x07,0xa2,0xfe,0x3f,0x5a,0xf1,0x01,0xc6,0xf8,0x2b,0xef,0x4e,0x6d,0x03,0x38,0x42,
252 0xa1,0x37,0xd4,0x14,0xb4,0x00,0x4a,0xb1,0x86,0x5a,0x83,0xce,0xb9,0x08,0x0e,0xc1,
253 0x99,0x27,0x47,0x8d,0x0b,0x85,0xa8,0x82,0xed,0xcc,0x0d,0xb9,0xb0,0x32,0x7e,0xdf,
254 0xe8,0xe4,0xf6,0xf6,0xec,0xb3,0xee,0x7a,0x11,0x34,0x65,0x97,0xfc,0x1a,0xb0,0x95,
255 0x4b,0x19,0xb9,0xa6,0x1c,0xd9,0x01,0x32,0xf7,0x35,0x7c,0x2d,0x5d,0xfe,0xc1,0x85,
256 0x70,0x49,0xf8,0xcc,0x99,0xd0,0xbe,0xf1,0x5a,0x78,0xc8,0x03,0x02,0x81,0x80,0x69,
257 0x00,0xfd,0x66,0xf2,0xfc,0x15,0x8b,0x09,0xb8,0xdc,0x4d,0xea,0xaa,0x79,0x55,0xf9,
258 0xdf,0x46,0xa6,0x2f,0xca,0x2d,0x8f,0x59,0x2a,0xad,0x44,0xa3,0xc6,0x18,0x2f,0x95,
259 0xb6,0x16,0x20,0xe3,0xd3,0xd1,0x8f,0x03,0xce,0x71,0x7c,0xef,0x3a,0xc7,0x44,0x39,
260 0x0e,0xe2,0x1f,0xd8,0xd3,0x89,0x2b,0xe7,0x51,0xdc,0x12,0x48,0x4c,0x18,0x4d,0x99,
261 0x12,0x06,0xe4,0x17,0x02,0x03,0x8c,0x24,0x05,0x8e,0xa6,0x85,0xf2,0x69,0x1b,0xe1,
262 0x6a,0xdc,0xe2,0x04,0x3a,0x01,0x9d,0x64,0xbe,0xfe,0x45,0xf9,0x44,0x18,0x71,0xbd,
263 0x2d,0x3e,0x7a,0x6f,0x72,0x7d,0x1a,0x80,0x42,0x57,0xae,0x18,0x6f,0x91,0xd6,0x61,
264 0x03,0x8a,0x1c,0x89,0x73,0xc7,0x56,0x41,0x03,0xd3,0xf8,0xed,0x65,0xe2,0x85,0x02,
265 0x15,0x00,0x89,0x94,0xab,0x10,0x67,0x45,0x41,0xad,0x63,0xc6,0x71,0x40,0x8d,0x6b,
266 0x9e,0x19,0x5b,0xa4,0xc7,0xf5,0x03,0x81,0x84,0x00,0x02,0x81,0x80,0x2f,0x5b,0xde,
267 0x72,0x02,0x36,0x6b,0x00,0x5e,0x24,0x7f,0x14,0x2c,0x18,0x52,0x42,0x97,0x4b,0xdb,
268 0x6e,0x15,0x50,0x3c,0x45,0x3e,0x25,0xf3,0xb7,0xc5,0x6e,0xe5,0x52,0xe7,0xc4,0xfb,
269 0xf4,0xa5,0xf0,0x39,0x12,0x7f,0xbc,0x54,0x1c,0x93,0xb9,0x5e,0xee,0xe9,0x14,0xb0,
270 0xdf,0xfe,0xfc,0x36,0xe4,0xf2,0xaf,0xfb,0x13,0xc8,0xdf,0x18,0x94,0x1d,0x40,0xb9,
271 0x71,0xdd,0x4c,0x9c,0xa7,0x03,0x52,0x02,0xb5,0xed,0x71,0x80,0x3e,0x23,0xda,0x28,
272 0xe5,0xab,0xe7,0x6f,0xf2,0x0a,0x0e,0x00,0x5b,0x7d,0xc6,0x4b,0xd7,0xc7,0xb2,0xc3,
273 0xba,0x62,0x7f,0x70,0x28,0xa0,0x9d,0x71,0x13,0x70,0xd1,0x9f,0x32,0x2f,0x3e,0xd2,
274 0xcd,0x1b,0xa4,0xc6,0x72,0xa0,0x74,0x5d,0x71,0xef,0x03,0x43,0x6e,0xa3,0x60,0x30,
275 0x5e,0x30,0x0c,0x06,0x03,0x55,0x1d,0x13,0x01,0x01,0xff,0x04,0x02,0x30,0x00,0x30,
276 0x0e,0x06,0x03,0x55,0x1d,0x0f,0x01,0x01,0xff,0x04,0x04,0x03,0x02,0x05,0xe0,0x30,
277 0x1d,0x06,0x03,0x55,0x1d,0x0e,0x04,0x16,0x04,0x14,0x0b,0x5a,0x4d,0x5f,0x7d,0x25,
278 0xc7,0xf2,0x9d,0xc1,0xaa,0xb7,0x63,0x82,0x2f,0xfa,0x8f,0x32,0xe7,0xc0,0x30,0x1f,
279 0x06,0x03,0x55,0x1d,0x23,0x04,0x18,0x30,0x16,0x80,0x14,0xdf,0x7e,0x5e,0x88,0x05,
280 0x24,0x33,0x08,0xdd,0x22,0x81,0x02,0x97,0xcc,0x9a,0xb7,0xb1,0x33,0x27,0x30,0x30,
281 0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x03,0x82,
282 0x01,0x01,0x00,0x5a,0xf2,0x63,0xef,0xd3,0x16,0xd7,0xf5,0xaa,0xdd,0x12,0x00,0x36,
283 0x00,0x21,0xa2,0x7b,0x08,0xd6,0x3b,0x9f,0x62,0xac,0x53,0x1f,0xed,0x4c,0xd1,0x15,
284 0x34,0x65,0x71,0xee,0x96,0x07,0xa6,0xef,0xb2,0xde,0xd8,0xbb,0x35,0x6e,0x2c,0xe2,
285 0xd1,0x26,0xef,0x7e,0x94,0xe2,0x88,0x51,0xa4,0x6c,0xaa,0x27,0x2a,0xd3,0xb6,0xc2,
286 0xf7,0xea,0xc3,0x0b,0xa9,0xb5,0x28,0x37,0xa2,0x63,0x08,0xe4,0x88,0xc0,0x1b,0x16,
287 0x1b,0xca,0xfd,0x8a,0x07,0x32,0x29,0xa7,0x53,0xb5,0x2d,0x30,0xe4,0xf5,0x16,0xc3,
288 0xe3,0xc2,0x4c,0x30,0x5d,0x35,0x80,0x1c,0xa2,0xdb,0xe3,0x4b,0x51,0x0d,0x4c,0x60,
289 0x5f,0xb9,0x46,0xac,0xa8,0x46,0xa7,0x32,0xa7,0x9c,0x76,0xf8,0xe9,0xb5,0x19,0xe2,
290 0x0c,0xe1,0x0f,0xc6,0x46,0xe2,0x38,0xa7,0x87,0x72,0x6d,0x6c,0xbc,0x88,0x2f,0x9d,
291 0x2d,0xe5,0xd0,0x7d,0x1e,0xc7,0x5d,0xf8,0x7e,0xb4,0x0b,0xa6,0xf9,0x6c,0xe3,0x7c,
292 0xb2,0x70,0x6e,0x75,0x9b,0x1e,0x63,0xe1,0x4d,0xb2,0x81,0xd3,0x55,0x38,0x94,0x1a,
293 0x7a,0xfa,0xbf,0x01,0x18,0x70,0x2d,0x35,0xd3,0xe3,0x10,0x7a,0x9a,0xa7,0x8f,0xf3,
294 0xbd,0x56,0x55,0x5e,0xd8,0xbd,0x4e,0x16,0x76,0xd0,0x48,0x4c,0xf9,0x51,0x54,0xdf,
295 0x2d,0xb0,0xc9,0xaa,0x5e,0x42,0x38,0x50,0xbf,0x0f,0xc0,0xd9,0x84,0x44,0x4b,0x42,
296 0x24,0xec,0x14,0xa3,0xde,0x11,0xdf,0x58,0x7f,0xc2,0x4d,0xb2,0xd5,0x42,0x78,0x6e,
297 0x52,0x3e,0xad,0xc3,0x5f,0x04,0xc4,0xe6,0x31,0xaa,0x81,0x06,0x8b,0x13,0x4b,0x3c,
298 0x0e,0x6a,0xb1
299 };
300
301 if (!TEST_ptr(bio = BIO_new_mem_buf(dhx_cert, sizeof(dhx_cert)))
d8652be0 302 || !TEST_ptr(cert = X509_new_ex(libctx, NULL))
116d2510
SL		 303 || !TEST_ptr(d2i_X509_bio(bio, &cert)))
304 goto err;
305 ret = 1;
306err:
307 X509_free(cert);
308 BIO_free(bio);
309 return ret;
310}
311
63794b04
SL		 312#endif /* OPENSSL_NO_DH */
313
90409da6
SL		 314static int test_cipher_reinit(int test_id)
315{
8bc5b0a5
TM		 316 int ret = 0, diff, ccm, siv;
317 int out1_len = 0, out2_len = 0, out3_len = 0;
90409da6
SL		 318 EVP_CIPHER *cipher = NULL;
319 EVP_CIPHER_CTX *ctx = NULL;
320 unsigned char out1[256];
321 unsigned char out2[256];
8bc5b0a5 322 unsigned char out3[256];
90409da6
SL		 323 unsigned char in[16] = {
324 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
325 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10
326 };
327 unsigned char key[64] = {
328 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
329 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
330 0x01, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
331 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
332 0x02, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
333 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
334 0x03, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
335 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
336 };
337 unsigned char iv[16] = {
338 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08,
339 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00
340 };
341 const char *name = sk_OPENSSL_CSTRING_value(cipher_names, test_id);
342
343 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()))
344 goto err;
345
346 TEST_note("Fetching %s\n", name);
347 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, name, NULL)))
348 goto err;
349
350 /* ccm fails on the second update - this matches OpenSSL 1_1_1 behaviour */
351 ccm = (EVP_CIPHER_mode(cipher) == EVP_CIPH_CCM_MODE);
352
8bc5b0a5
TM		 353 /* siv cannot be called with NULL key as the iv is irrelevant */
354 siv = (EVP_CIPHER_mode(cipher) == EVP_CIPH_SIV_MODE);
355
90409da6
SL		 356 /* DES3-WRAP uses random every update - so it will give a different value */
357 diff = EVP_CIPHER_is_a(cipher, "DES3-WRAP");
358
359 if (!TEST_true(EVP_EncryptInit_ex(ctx, cipher, NULL, key, iv))
360 || !TEST_true(EVP_EncryptUpdate(ctx, out1, &out1_len, in, sizeof(in)))
361 || !TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv))
362 || !TEST_int_eq(EVP_EncryptUpdate(ctx, out2, &out2_len, in, sizeof(in)),
8bc5b0a5
TM		 363 ccm ? 0 : 1)
364 || !TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv))
365 || !TEST_int_eq(EVP_EncryptUpdate(ctx, out3, &out3_len, in, sizeof(in)),
366 ccm || siv ? 0 : 1))
90409da6
SL		 367 goto err;
368
369 if (ccm == 0) {
370 if (diff) {
8bc5b0a5
TM		 371 if (!TEST_mem_ne(out1, out1_len, out2, out2_len)
372 || !TEST_mem_ne(out1, out1_len, out3, out3_len)
373 || !TEST_mem_ne(out2, out2_len, out3, out3_len))
90409da6
SL		 374 goto err;
375 } else {
8bc5b0a5
TM		 376 if (!TEST_mem_eq(out1, out1_len, out2, out2_len)
377 || (!siv && !TEST_mem_eq(out1, out1_len, out3, out3_len)))
90409da6
SL		 378 goto err;
379 }
380 }
381 ret = 1;
382err:
383 EVP_CIPHER_free(cipher);
384 EVP_CIPHER_CTX_free(ctx);
385 return ret;
386}
387
914f97ee
SL		 388/*
389 * This test only uses a partial block (half the block size) of input for each
390 * EVP_EncryptUpdate() in order to test that the second init/update is not using
391 * a leftover buffer from the first init/update.
392 * Note: some ciphers don't need a full block to produce output.
393 */
394static int test_cipher_reinit_partialupdate(int test_id)
395{
8bc5b0a5
TM		 396 int ret = 0, in_len;
397 int out1_len = 0, out2_len = 0, out3_len = 0;
914f97ee
SL		 398 EVP_CIPHER *cipher = NULL;
399 EVP_CIPHER_CTX *ctx = NULL;
400 unsigned char out1[256];
401 unsigned char out2[256];
8bc5b0a5 402 unsigned char out3[256];
914f97ee
SL		 403 static const unsigned char in[32] = {
404 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
405 0xba, 0xbe, 0xba, 0xbe, 0x00, 0x00, 0xba, 0xbe,
406 0x01, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
407 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
408 };
409 static const unsigned char key[64] = {
410 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
411 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
412 0x01, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
413 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
414 0x02, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
415 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
416 0x03, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
417 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
418 };
419 static const unsigned char iv[16] = {
420 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08,
421 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00
422 };
423 const char *name = sk_OPENSSL_CSTRING_value(cipher_names, test_id);
424
425 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()))
426 goto err;
427
428 TEST_note("Fetching %s\n", name);
429 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, name, NULL)))
430 goto err;
431
432 in_len = EVP_CIPHER_block_size(cipher) / 2;
433
434 /* skip any ciphers that don't allow partial updates */
435 if (((EVP_CIPHER_flags(cipher)
436 & (EVP_CIPH_FLAG_CTS | EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK)) != 0)
437 || EVP_CIPHER_mode(cipher) == EVP_CIPH_CCM_MODE
438 || EVP_CIPHER_mode(cipher) == EVP_CIPH_XTS_MODE
439 || EVP_CIPHER_mode(cipher) == EVP_CIPH_WRAP_MODE) {
440 ret = 1;
441 goto err;
442 }
443
444 if (!TEST_true(EVP_EncryptInit_ex(ctx, cipher, NULL, key, iv))
445 || !TEST_true(EVP_EncryptUpdate(ctx, out1, &out1_len, in, in_len))
446 || !TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv))
447 || !TEST_true(EVP_EncryptUpdate(ctx, out2, &out2_len, in, in_len)))
448 goto err;
449
8bc5b0a5
TM		 450 if (!TEST_mem_eq(out1, out1_len, out2, out2_len))
451 goto err;
452
453 if (EVP_CIPHER_mode(cipher) != EVP_CIPH_SIV_MODE) {
454 if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv))
455 || !TEST_true(EVP_EncryptUpdate(ctx, out3, &out3_len, in, in_len)))
914f97ee 456 goto err;
8bc5b0a5
TM		 457
458 if (!TEST_mem_eq(out1, out1_len, out3, out3_len))
914f97ee
SL		 459 goto err;
460 }
461 ret = 1;
462err:
463 EVP_CIPHER_free(cipher);
464 EVP_CIPHER_CTX_free(ctx);
465 return ret;
466}
467
468
90409da6
SL		 469static int name_cmp(const char * const *a, const char * const *b)
470{
471 return strcasecmp(*a, *b);
472}
473
474static void collect_cipher_names(EVP_CIPHER *cipher, void *cipher_names_list)
475{
476 STACK_OF(OPENSSL_CSTRING) *names = cipher_names_list;
477
478 sk_OPENSSL_CSTRING_push(names, EVP_CIPHER_name(cipher));
479}
480
80f4fd18
SL		 481static int rsa_keygen(int bits, EVP_PKEY **pub, EVP_PKEY **priv)
482{
483 int ret = 0;
484 EVP_PKEY_CTX *keygen_ctx = NULL;
485 unsigned char *pub_der = NULL;
486 const unsigned char *pp = NULL;
f49d4860
RL		 487 size_t len = 0;
488 OSSL_ENCODER_CTX *ectx = NULL;
80f4fd18
SL		 489
490 if (!TEST_ptr(keygen_ctx = EVP_PKEY_CTX_new_from_name(libctx, "RSA", NULL))
491 || !TEST_int_gt(EVP_PKEY_keygen_init(keygen_ctx), 0)
492 || !TEST_true(EVP_PKEY_CTX_set_rsa_keygen_bits(keygen_ctx, bits))
493 || !TEST_int_gt(EVP_PKEY_keygen(keygen_ctx, priv), 0)
f49d4860 494 || !TEST_ptr(ectx =
fe75766c
TM		 495 OSSL_ENCODER_CTX_new_for_pkey(*priv,
496 EVP_PKEY_PUBLIC_KEY,
497 "DER", "type-specific",
498 NULL))
f49d4860 499 || !TEST_true(OSSL_ENCODER_to_data(ectx, &pub_der, &len)))
80f4fd18
SL		 500 goto err;
501 pp = pub_der;
502 if (!TEST_ptr(d2i_PublicKey(EVP_PKEY_RSA, pub, &pp, len)))
503 goto err;
504 ret = 1;
505err:
f49d4860 506 OSSL_ENCODER_CTX_free(ectx);
80f4fd18
SL		 507 OPENSSL_free(pub_der);
508 EVP_PKEY_CTX_free(keygen_ctx);
509 return ret;
510}
511
512static int kem_rsa_gen_recover(void)
513{
514 int ret = 0;
515 EVP_PKEY *pub = NULL;
516 EVP_PKEY *priv = NULL;
517 EVP_PKEY_CTX *sctx = NULL, *rctx = NULL;
518 unsigned char secret[256] = { 0, };
519 unsigned char ct[256] = { 0, };
520 unsigned char unwrap[256] = { 0, };
521 size_t ctlen = 0, unwraplen = 0, secretlen = 0;
522
523 ret = TEST_true(rsa_keygen(2048, &pub, &priv))
524 && TEST_ptr(sctx = EVP_PKEY_CTX_new_from_pkey(libctx, pub, NULL))
af6171b3 525 && TEST_int_eq(EVP_PKEY_encapsulate_init(sctx, NULL), 1)
80f4fd18
SL		 526 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(sctx, "RSASVE"), 1)
527 && TEST_int_eq(EVP_PKEY_encapsulate(sctx, NULL, &ctlen, NULL,
528 &secretlen), 1)
529 && TEST_int_eq(ctlen, secretlen)
530 && TEST_int_eq(ctlen, 2048 / 8)
531 && TEST_int_eq(EVP_PKEY_encapsulate(sctx, ct, &ctlen, secret,
532 &secretlen), 1)
533 && TEST_ptr(rctx = EVP_PKEY_CTX_new_from_pkey(libctx, priv, NULL))
af6171b3 534 && TEST_int_eq(EVP_PKEY_decapsulate_init(rctx, NULL), 1)
80f4fd18
SL		 535 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(rctx, "RSASVE"), 1)
536 && TEST_int_eq(EVP_PKEY_decapsulate(rctx, NULL, &unwraplen,
537 ct, ctlen), 1)
538 && TEST_int_eq(EVP_PKEY_decapsulate(rctx, unwrap, &unwraplen,
539 ct, ctlen), 1)
540 && TEST_mem_eq(unwrap, unwraplen, secret, secretlen);
541 EVP_PKEY_free(pub);
542 EVP_PKEY_free(priv);
543 EVP_PKEY_CTX_free(rctx);
544 EVP_PKEY_CTX_free(sctx);
545 return ret;
546}
547
548static int kem_rsa_params(void)
549{
550 int ret = 0;
551 EVP_PKEY *pub = NULL;
552 EVP_PKEY *priv = NULL;
553 EVP_PKEY_CTX *pubctx = NULL, *privctx = NULL;
554 unsigned char secret[256] = { 0, };
555 unsigned char ct[256] = { 0, };
556 size_t ctlen = 0, secretlen = 0;
557
558 ret = TEST_true(rsa_keygen(2048, &pub, &priv))
559 && TEST_ptr(pubctx = EVP_PKEY_CTX_new_from_pkey(libctx, pub, NULL))
560 && TEST_ptr(privctx = EVP_PKEY_CTX_new_from_pkey(libctx, priv, NULL))
561 /* Test setting kem op before the init fails */
562 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx, "RSASVE"), -2)
563 /* Test NULL ctx passed */
af6171b3 564 && TEST_int_eq(EVP_PKEY_encapsulate_init(NULL, NULL), 0)
80f4fd18 565 && TEST_int_eq(EVP_PKEY_encapsulate(NULL, NULL, NULL, NULL, NULL), 0)
af6171b3 566 && TEST_int_eq(EVP_PKEY_decapsulate_init(NULL, NULL), 0)
80f4fd18
SL		 567 && TEST_int_eq(EVP_PKEY_decapsulate(NULL, NULL, NULL, NULL, 0), 0)
568 /* Test Invalid operation */
569 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, NULL, NULL, NULL), -1)
570 && TEST_int_eq(EVP_PKEY_decapsulate(privctx, NULL, NULL, NULL, 0), 0)
571 /* Wrong key component - no secret should be returned on failure */
af6171b3 572 && TEST_int_eq(EVP_PKEY_decapsulate_init(pubctx, NULL), 1)
80f4fd18
SL		 573 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx, "RSASVE"), 1)
574 && TEST_int_eq(EVP_PKEY_decapsulate(pubctx, secret, &secretlen, ct,
575 sizeof(ct)), 0)
576 && TEST_uchar_eq(secret[0], 0)
577 /* Test encapsulate fails if the mode is not set */
af6171b3 578 && TEST_int_eq(EVP_PKEY_encapsulate_init(pubctx, NULL), 1)
80f4fd18
SL		 579 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, ct, &ctlen, secret, &secretlen), -2)
580 /* Test setting a bad kem ops fail */
581 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx, "RSA"), 0)
582 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx, NULL), 0)
583 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(NULL, "RSASVE"), 0)
584 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(NULL, NULL), 0)
585 /* Test secretlen is optional */
586 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx, "RSASVE"), 1)
587 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, ct, &ctlen, secret, NULL), 1)
588 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, &ctlen, NULL, NULL), 1)
589 /* Test outlen is optional */
590 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, NULL, NULL, &secretlen), 1)
591 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, ct, NULL, secret, &secretlen), 1)
592 /* test that either len must be set if out is NULL */
593 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, NULL, NULL, NULL), 0)
594 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, &ctlen, NULL, NULL), 1)
595 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, NULL, NULL, &secretlen), 1)
596 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, &ctlen, NULL, &secretlen), 1)
597 /* Secret buffer should be set if there is an output buffer */
598 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, ct, &ctlen, NULL, NULL), 0)
599 /* Test that lengths are optional if ct is not NULL */
600 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, ct, NULL, secret, NULL), 1)
601 /* Pass if secret or secret length are not NULL */
af6171b3 602 && TEST_int_eq(EVP_PKEY_decapsulate_init(privctx, NULL), 1)
80f4fd18
SL		 603 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(privctx, "RSASVE"), 1)
604 && TEST_int_eq(EVP_PKEY_decapsulate(privctx, secret, NULL, ct, sizeof(ct)), 1)
605 && TEST_int_eq(EVP_PKEY_decapsulate(privctx, NULL, &secretlen, ct, sizeof(ct)), 1)
606 && TEST_int_eq(secretlen, 256)
607 /* Fail if passed NULL arguments */
608 && TEST_int_eq(EVP_PKEY_decapsulate(privctx, NULL, NULL, ct, sizeof(ct)), 0)
609 && TEST_int_eq(EVP_PKEY_decapsulate(privctx, secret, &secretlen, NULL, 0), 0)
610 && TEST_int_eq(EVP_PKEY_decapsulate(privctx, secret, &secretlen, NULL, sizeof(ct)), 0)
611 && TEST_int_eq(EVP_PKEY_decapsulate(privctx, secret, &secretlen, ct, 0), 0);
612
613 EVP_PKEY_free(pub);
614 EVP_PKEY_free(priv);
615 EVP_PKEY_CTX_free(pubctx);
616 EVP_PKEY_CTX_free(privctx);
617 return ret;
618}
619
620#ifndef OPENSSL_NO_DH
621static EVP_PKEY *gen_dh_key(void)
622{
623 EVP_PKEY_CTX *gctx = NULL;
624 EVP_PKEY *pkey = NULL;
625 OSSL_PARAM params[2];
626
627 params[0] = OSSL_PARAM_construct_utf8_string("group", "ffdhe2048", 0);
628 params[1] = OSSL_PARAM_construct_end();
629
630 if (!TEST_ptr(gctx = EVP_PKEY_CTX_new_from_name(libctx, "DH", NULL))
631 || !TEST_true(EVP_PKEY_keygen_init(gctx))
632 || !TEST_true(EVP_PKEY_CTX_set_params(gctx, params))
633 || !TEST_true(EVP_PKEY_keygen(gctx, &pkey)))
634 goto err;
635err:
636 EVP_PKEY_CTX_free(gctx);
637 return pkey;
638}
639
640/* Fail if we try to use a dh key */
641static int kem_invalid_keytype(void)
642{
643 int ret = 0;
644 EVP_PKEY *key = NULL;
645 EVP_PKEY_CTX *sctx = NULL;
646
647 if (!TEST_ptr(key = gen_dh_key()))
648 goto done;
649
650 if (!TEST_ptr(sctx = EVP_PKEY_CTX_new_from_pkey(libctx, key, NULL)))
651 goto done;
af6171b3 652 if (!TEST_int_eq(EVP_PKEY_encapsulate_init(sctx, NULL), -2))
80f4fd18
SL		 653 goto done;
654
655 ret = 1;
656done:
657 EVP_PKEY_free(key);
658 EVP_PKEY_CTX_free(sctx);
659 return ret;
660}
661#endif /* OPENSSL_NO_DH */
662
63794b04
SL		 663int setup_tests(void)
664{
665 const char *prov_name = "default";
666 char *config_file = NULL;
667 OPTION_CHOICE o;
668
669 while ((o = opt_next()) != OPT_EOF) {
670 switch (o) {
671 case OPT_PROVIDER_NAME:
672 prov_name = opt_arg();
673 break;
674 case OPT_CONFIG_FILE:
675 config_file = opt_arg();
676 break;
677 case OPT_TEST_CASES:
678 break;
679 default:
680 case OPT_ERR:
681 return 0;
682 }
683 }
684
bca7ad6e 685 if (!test_get_libctx(&libctx, &nullprov, config_file, &libprov, prov_name))
63794b04
SL		 686 return 0;
687
fcdd228b 688#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DH)
63794b04
SL		 689 ADD_ALL_TESTS(test_dsa_param_keygen, 3 * 3 * 3);
690#endif
691#ifndef OPENSSL_NO_DH
692 ADD_ALL_TESTS(test_dh_safeprime_param_keygen, 3 * 3 * 3);
116d2510 693 ADD_TEST(dhx_cert_load);
63794b04 694#endif
90409da6
SL		 695
696 if (!TEST_ptr(cipher_names = sk_OPENSSL_CSTRING_new(name_cmp)))
697 return 0;
698 EVP_CIPHER_do_all_provided(libctx, collect_cipher_names, cipher_names);
699
700 ADD_ALL_TESTS(test_cipher_reinit, sk_OPENSSL_CSTRING_num(cipher_names));
914f97ee
SL		 701 ADD_ALL_TESTS(test_cipher_reinit_partialupdate,
702 sk_OPENSSL_CSTRING_num(cipher_names));
80f4fd18
SL		 703 ADD_TEST(kem_rsa_gen_recover);
704 ADD_TEST(kem_rsa_params);
705#ifndef OPENSSL_NO_DH
706 ADD_TEST(kem_invalid_keytype);
707#endif
63794b04
SL		 708 return 1;
709}
710
711void cleanup_tests(void)
712{
90409da6 713 sk_OPENSSL_CSTRING_free(cipher_names);
63794b04 714 OSSL_PROVIDER_unload(libprov);
b4250010 715 OSSL_LIB_CTX_free(libctx);
63794b04
SL		 716 OSSL_PROVIDER_unload(nullprov);
717}
A mirror of the official openssl repository