]> git.ipfire.org Git - thirdparty/openssl.git/blob - test/acvp_test.c
projects / thirdparty / openssl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Remove TODO in test/acvp_test.c related to setting AES-GCM iv.
[thirdparty/openssl.git] / test / acvp_test.c
1 /*
2 * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 /*
11 * A set of tests demonstrating uses cases for CAVS/ACVP testing.
12 *
13 * For examples of testing KDF's, Digests, KeyAgreement & DRBG's refer to
14 * providers/fips/self_test_kats.c
15 */
16
17 #include <string.h>
18 #include <openssl/opensslconf.h> /* To see if OPENSSL_NO_EC is defined */
19 #include <openssl/core_names.h>
20 #include <openssl/evp.h>
21 #include <openssl/ec.h>
22 #include <openssl/dh.h>
23 #include <openssl/dsa.h>
24 #include <openssl/rsa.h>
25 #include <openssl/param_build.h>
26 #include <openssl/provider.h>
27 #include <openssl/self_test.h>
28 #include "testutil.h"
29 #include "testutil/output.h"
30 #include "acvp_test.inc"
31 #include "internal/nelem.h"
32
33 typedef enum OPTION_choice {
34 OPT_ERR = -1,
35 OPT_EOF = 0,
36 OPT_CONFIG_FILE,
37 OPT_TEST_ENUM
38 } OPTION_CHOICE;
39
40 typedef struct st_args {
41 int enable;
42 int called;
43 } SELF_TEST_ARGS;
44
45 static OSSL_PROVIDER *prov_null = NULL;
46 static OSSL_LIB_CTX *libctx = NULL;
47 static SELF_TEST_ARGS self_test_args = { 0 };
48 static OSSL_CALLBACK self_test_events;
49
50 const OPTIONS *test_get_options(void)
51 {
52 static const OPTIONS test_options[] = {
53 OPT_TEST_OPTIONS_DEFAULT_USAGE,
54 { "config", OPT_CONFIG_FILE, '<',
55 "The configuration file to use for the libctx" },
56 { NULL }
57 };
58 return test_options;
59 }
60
61 static int pkey_get_bn_bytes(EVP_PKEY *pkey, const char *name,
62 unsigned char **out, size_t *out_len)
63 {
64 unsigned char *buf = NULL;
65 BIGNUM *bn = NULL;
66 int sz;
67
68 if (!EVP_PKEY_get_bn_param(pkey, name, &bn))
69 goto err;
70 sz = BN_num_bytes(bn);
71 buf = OPENSSL_zalloc(sz);
72 if (buf == NULL)
73 goto err;
74 if (!BN_bn2binpad(bn, buf, sz))
75 goto err;
76
77 *out_len = sz;
78 *out = buf;
79 BN_free(bn);
80 return 1;
81 err:
82 OPENSSL_free(buf);
83 BN_free(bn);
84 return 0;
85 }
86
87 static int sig_gen(EVP_PKEY *pkey, OSSL_PARAM *params, const char *digest_name,
88 const unsigned char *msg, size_t msg_len,
89 unsigned char **sig_out, size_t *sig_out_len)
90 {
91 int ret = 0;
92 EVP_MD_CTX *md_ctx = NULL;
93 unsigned char *sig = NULL;
94 size_t sig_len;
95 size_t sz = EVP_PKEY_size(pkey);
96
97 if (!TEST_ptr(sig = OPENSSL_malloc(sz))
98 || !TEST_ptr(md_ctx = EVP_MD_CTX_new())
99 || !TEST_int_eq(EVP_DigestSignInit_ex(md_ctx, NULL, digest_name, libctx,
100 NULL, pkey, NULL), 1)
101 || !TEST_int_gt(EVP_DigestSign(md_ctx, sig, &sig_len, msg, msg_len), 0))
102 goto err;
103 *sig_out = sig;
104 *sig_out_len = sig_len;
105 sig = NULL;
106 ret = 1;
107 err:
108 OPENSSL_free(sig);
109 EVP_MD_CTX_free(md_ctx);
110 return ret;
111 }
112
113 #ifndef OPENSSL_NO_EC
114 static int ecdsa_keygen_test(int id)
115 {
116 int ret = 0;
117 EVP_PKEY_CTX *ctx = NULL;
118 EVP_PKEY *pkey = NULL;
119 unsigned char *priv = NULL;
120 unsigned char *pubx = NULL, *puby = NULL;
121 size_t priv_len = 0, pubx_len = 0, puby_len = 0;
122 const struct ecdsa_keygen_st *tst = &ecdsa_keygen_data[id];
123
124 self_test_args.called = 0;
125 self_test_args.enable = 1;
126 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "EC", NULL))
127 || !TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
128 || !TEST_true(EVP_PKEY_CTX_set_group_name(ctx, tst->curve_name))
129 || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0)
130 || !TEST_int_ge(self_test_args.called, 3)
131 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_PRIV_KEY, &priv,
132 &priv_len))
133 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_EC_PUB_X, &pubx,
134 &pubx_len))
135 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_EC_PUB_Y, &puby,
136 &puby_len)))
137 goto err;
138
139 test_output_memory("qy", puby, puby_len);
140 test_output_memory("qx", pubx, pubx_len);
141 test_output_memory("d", priv, priv_len);
142 ret = 1;
143 err:
144 self_test_args.enable = 0;
145 self_test_args.called = 0;
146 OPENSSL_clear_free(priv, priv_len);
147 OPENSSL_free(pubx);
148 OPENSSL_free(puby);
149 EVP_PKEY_free(pkey);
150 EVP_PKEY_CTX_free(ctx);
151 return ret;
152 }
153
154 static int ecdsa_create_pkey(EVP_PKEY **pkey, const char *curve_name,
155 const unsigned char *pub, size_t pub_len,
156 int expected)
157 {
158 int ret = 0;
159 EVP_PKEY_CTX *ctx = NULL;
160 OSSL_PARAM_BLD *bld = NULL;
161 OSSL_PARAM *params = NULL;
162
163 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
164 || (curve_name != NULL
165 && !TEST_true(OSSL_PARAM_BLD_push_utf8_string(
166 bld, OSSL_PKEY_PARAM_GROUP_NAME, curve_name, 0) > 0))
167 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
168 OSSL_PKEY_PARAM_PUB_KEY,
169 pub, pub_len) > 0)
170 || !TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
171 || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "EC", NULL))
172 || !TEST_true(EVP_PKEY_fromdata_init(ctx))
173 || !TEST_int_eq(EVP_PKEY_fromdata(ctx, pkey, EVP_PKEY_PUBLIC_KEY,
174 params), expected))
175 goto err;
176
177 ret = 1;
178 err:
179 OSSL_PARAM_BLD_free_params(params);
180 OSSL_PARAM_BLD_free(bld);
181 EVP_PKEY_CTX_free(ctx);
182 return ret;
183 }
184
185 static int ecdsa_pub_verify_test(int id)
186 {
187 const struct ecdsa_pub_verify_st *tst = &ecdsa_pv_data[id];
188
189 int ret = 0;
190 EVP_PKEY_CTX *key_ctx = NULL;
191 EVP_PKEY *pkey = NULL;
192
193 if (!TEST_true(ecdsa_create_pkey(&pkey, tst->curve_name,
194 tst->pub, tst->pub_len, tst->pass)))
195 goto err;
196
197 if (tst->pass) {
198 if (!TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, ""))
199 || !TEST_int_eq(EVP_PKEY_public_check(key_ctx), tst->pass))
200 goto err;
201 }
202 ret = 1;
203 err:
204 EVP_PKEY_free(pkey);
205 EVP_PKEY_CTX_free(key_ctx);
206 return ret;
207 }
208
209 /* Extract r and s from a ecdsa signature */
210 static int get_ecdsa_sig_rs_bytes(const unsigned char *sig, size_t sig_len,
211 unsigned char **r, unsigned char **s,
212 size_t *rlen, size_t *slen)
213 {
214 int ret = 0;
215 unsigned char *rbuf = NULL, *sbuf = NULL;
216 size_t r1_len, s1_len;
217 const BIGNUM *r1, *s1;
218 ECDSA_SIG *sign = d2i_ECDSA_SIG(NULL, &sig, sig_len);
219
220 if (sign == NULL)
221 return 0;
222 r1 = ECDSA_SIG_get0_r(sign);
223 s1 = ECDSA_SIG_get0_s(sign);
224 if (r1 == NULL || s1 == NULL)
225 return 0;
226
227 r1_len = BN_num_bytes(r1);
228 s1_len = BN_num_bytes(s1);
229 rbuf = OPENSSL_zalloc(r1_len);
230 sbuf = OPENSSL_zalloc(s1_len);
231 if (rbuf == NULL || sbuf == NULL)
232 goto err;
233 if (BN_bn2binpad(r1, rbuf, r1_len) <= 0)
234 goto err;
235 if (BN_bn2binpad(s1, sbuf, s1_len) <= 0)
236 goto err;
237 *r = rbuf;
238 *s = sbuf;
239 *rlen = r1_len;
240 *slen = s1_len;
241 ret = 1;
242 err:
243 if (ret == 0) {
244 OPENSSL_free(rbuf);
245 OPENSSL_free(sbuf);
246 }
247 ECDSA_SIG_free(sign);
248 return ret;
249 }
250
251 static int ecdsa_siggen_test(int id)
252 {
253 int ret = 0;
254 EVP_PKEY_CTX *ctx = NULL, *key_ctx = NULL;
255 EVP_PKEY *pkey = NULL;
256 size_t sig_len = 0, rlen = 0, slen = 0;
257 unsigned char *sig = NULL;
258 unsigned char *r = NULL, *s = NULL;
259 const struct ecdsa_siggen_st *tst = &ecdsa_siggen_data[id];
260
261 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "EC", NULL))
262 || !TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
263 || !TEST_true(EVP_PKEY_CTX_set_group_name(ctx, tst->curve_name))
264 || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0))
265 goto err;
266
267 if (!TEST_true(sig_gen(pkey, NULL, tst->digest_alg, tst->msg, tst->msg_len,
268 &sig, &sig_len))
269 || !TEST_true(get_ecdsa_sig_rs_bytes(sig, sig_len, &r, &s, &rlen, &slen)))
270 goto err;
271 test_output_memory("r", r, rlen);
272 test_output_memory("s", s, slen);
273 ret = 1;
274 err:
275 OPENSSL_free(r);
276 OPENSSL_free(s);
277 OPENSSL_free(sig);
278 EVP_PKEY_free(pkey);
279 EVP_PKEY_CTX_free(key_ctx);
280 EVP_PKEY_CTX_free(ctx);
281 return ret;
282 }
283
284 static int ecdsa_sigver_test(int id)
285 {
286 int ret = 0;
287 EVP_MD_CTX *md_ctx = NULL;
288 EVP_PKEY *pkey = NULL;
289 ECDSA_SIG *sign = NULL;
290 size_t sig_len;
291 unsigned char *sig = NULL;
292 BIGNUM *rbn = NULL, *sbn = NULL;
293 const struct ecdsa_sigver_st *tst = &ecdsa_sigver_data[id];
294
295 if (!TEST_true(ecdsa_create_pkey(&pkey, tst->curve_name,
296 tst->pub, tst->pub_len, 1)))
297 goto err;
298
299 if (!TEST_ptr(sign = ECDSA_SIG_new())
300 || !TEST_ptr(rbn = BN_bin2bn(tst->r, tst->r_len, NULL))
301 || !TEST_ptr(sbn = BN_bin2bn(tst->s, tst->s_len, NULL))
302 || !TEST_true(ECDSA_SIG_set0(sign, rbn, sbn)))
303 goto err;
304 rbn = sbn = NULL;
305
306 ret = TEST_int_gt((sig_len = i2d_ECDSA_SIG(sign, &sig)), 0)
307 && TEST_ptr(md_ctx = EVP_MD_CTX_new())
308 && TEST_true(EVP_DigestVerifyInit_ex(md_ctx, NULL, tst->digest_alg,
309 libctx, NULL, pkey, NULL)
310 && TEST_int_eq(EVP_DigestVerify(md_ctx, sig, sig_len,
311 tst->msg, tst->msg_len), tst->pass));
312 err:
313 BN_free(rbn);
314 BN_free(sbn);
315 OPENSSL_free(sig);
316 ECDSA_SIG_free(sign);
317 EVP_PKEY_free(pkey);
318 EVP_MD_CTX_free(md_ctx);
319 return ret;
320
321 }
322 #endif /* OPENSSL_NO_EC */
323
324 #ifndef OPENSSL_NO_DSA
325 static int pkey_get_octet_bytes(EVP_PKEY *pkey, const char *name,
326 unsigned char **out, size_t *out_len)
327 {
328 size_t len = 0;
329 unsigned char *buf = NULL;
330
331 if (!EVP_PKEY_get_octet_string_param(pkey, name, NULL, 0, &len))
332 goto err;
333
334 buf = OPENSSL_zalloc(len);
335 if (buf == NULL)
336 goto err;
337
338 if (!EVP_PKEY_get_octet_string_param(pkey, name, buf, len, out_len))
339 goto err;
340 *out = buf;
341 return 1;
342 err:
343 OPENSSL_free(buf);
344 return 0;
345 }
346
347 static EVP_PKEY *dsa_paramgen(int L, int N)
348 {
349 EVP_PKEY_CTX *paramgen_ctx = NULL;
350 EVP_PKEY *param_key = NULL;
351
352 if (!TEST_ptr(paramgen_ctx = EVP_PKEY_CTX_new_from_name(libctx, "DSA", NULL))
353 || !TEST_true(EVP_PKEY_paramgen_init(paramgen_ctx))
354 || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_bits(paramgen_ctx, L))
355 || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_q_bits(paramgen_ctx, N))
356 || !TEST_true(EVP_PKEY_paramgen(paramgen_ctx, &param_key)))
357 return NULL;
358 EVP_PKEY_CTX_free(paramgen_ctx);
359 return param_key;
360 }
361
362 static EVP_PKEY *dsa_keygen(int L, int N)
363 {
364 EVP_PKEY *param_key = NULL, *key = NULL;
365 EVP_PKEY_CTX *keygen_ctx = NULL;
366
367 if (!TEST_ptr(param_key = dsa_paramgen(L, N))
368 || !TEST_ptr(keygen_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, param_key,
369 NULL))
370 || !TEST_int_gt(EVP_PKEY_keygen_init(keygen_ctx), 0)
371 || !TEST_int_gt(EVP_PKEY_keygen(keygen_ctx, &key), 0))
372 goto err;
373 err:
374 EVP_PKEY_free(param_key);
375 EVP_PKEY_CTX_free(keygen_ctx);
376 return key;
377 }
378
379 static int dsa_keygen_test(int id)
380 {
381 int ret = 0, i;
382 EVP_PKEY_CTX *paramgen_ctx = NULL, *keygen_ctx = NULL;
383 EVP_PKEY *param_key = NULL, *key = NULL;
384 unsigned char *priv = NULL, *pub = NULL;
385 size_t priv_len = 0, pub_len = 0;
386 const struct dsa_paramgen_st *tst = &dsa_keygen_data[id];
387
388 if (!TEST_ptr(param_key = dsa_paramgen(tst->L, tst->N))
389 || !TEST_ptr(keygen_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, param_key,
390 NULL))
391 || !TEST_int_gt(EVP_PKEY_keygen_init(keygen_ctx), 0))
392 goto err;
393 for (i = 0; i < 2; ++i) {
394 if (!TEST_int_gt(EVP_PKEY_keygen(keygen_ctx, &key), 0)
395 || !TEST_true(pkey_get_bn_bytes(key, OSSL_PKEY_PARAM_PRIV_KEY,
396 &priv, &priv_len))
397 || !TEST_true(pkey_get_bn_bytes(key, OSSL_PKEY_PARAM_PUB_KEY,
398 &pub, &pub_len)))
399 goto err;
400 test_output_memory("y", pub, pub_len);
401 test_output_memory("x", priv, priv_len);
402 EVP_PKEY_free(key);
403 OPENSSL_clear_free(priv, priv_len);
404 OPENSSL_free(pub);
405 key = NULL;
406 pub = priv = NULL;
407 }
408 ret = 1;
409 err:
410 OPENSSL_clear_free(priv, priv_len);
411 OPENSSL_free(pub);
412 EVP_PKEY_free(param_key);
413 EVP_PKEY_free(key);
414 EVP_PKEY_CTX_free(keygen_ctx);
415 EVP_PKEY_CTX_free(paramgen_ctx);
416 return ret;
417 }
418
419 static int dsa_paramgen_test(int id)
420 {
421 int ret = 0, counter = 0;
422 EVP_PKEY_CTX *paramgen_ctx = NULL;
423 EVP_PKEY *param_key = NULL;
424 unsigned char *p = NULL, *q = NULL, *seed = NULL;
425 size_t plen = 0, qlen = 0, seedlen = 0;
426 const struct dsa_paramgen_st *tst = &dsa_paramgen_data[id];
427
428 if (!TEST_ptr(paramgen_ctx = EVP_PKEY_CTX_new_from_name(libctx, "DSA", NULL))
429 || !TEST_true(EVP_PKEY_paramgen_init(paramgen_ctx))
430 || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_bits(paramgen_ctx, tst->L))
431 || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_q_bits(paramgen_ctx, tst->N))
432 || !TEST_true(EVP_PKEY_paramgen(paramgen_ctx, &param_key))
433 || !TEST_true(pkey_get_bn_bytes(param_key, OSSL_PKEY_PARAM_FFC_P,
434 &p, &plen))
435 || !TEST_true(pkey_get_bn_bytes(param_key, OSSL_PKEY_PARAM_FFC_Q,
436 &q, &qlen))
437 || !TEST_true(pkey_get_octet_bytes(param_key, OSSL_PKEY_PARAM_FFC_SEED,
438 &seed, &seedlen))
439 || !TEST_true(EVP_PKEY_get_int_param(param_key,
440 OSSL_PKEY_PARAM_FFC_PCOUNTER,
441 &counter)))
442 goto err;
443
444 test_output_memory("p", p, plen);
445 test_output_memory("q", q, qlen);
446 test_output_memory("domainSeed", seed, seedlen);
447 test_printf_stderr("%s: %d\n", "counter", counter);
448 ret = 1;
449 err:
450 OPENSSL_free(p);
451 OPENSSL_free(q);
452 OPENSSL_free(seed);
453 EVP_PKEY_free(param_key);
454 EVP_PKEY_CTX_free(paramgen_ctx);
455 return ret;
456 }
457
458 static int dsa_create_pkey(EVP_PKEY **pkey,
459 const unsigned char *p, size_t p_len,
460 const unsigned char *q, size_t q_len,
461 const unsigned char *g, size_t g_len,
462 const unsigned char *seed, size_t seed_len,
463 int counter,
464 const char *validate_type,
465 const unsigned char *pub, size_t pub_len,
466 BN_CTX *bn_ctx)
467 {
468 int ret = 0;
469 EVP_PKEY_CTX *ctx = NULL;
470 OSSL_PARAM_BLD *bld = NULL;
471 OSSL_PARAM *params = NULL;
472 BIGNUM *p_bn = NULL, *q_bn = NULL, *g_bn = NULL, *pub_bn = NULL;
473
474 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
475 || !TEST_ptr(p_bn = BN_CTX_get(bn_ctx))
476 || !TEST_ptr(BN_bin2bn(p, p_len, p_bn))
477 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
478 OSSL_PKEY_PARAM_FFC_VALIDATE_TYPE,
479 validate_type, 0))
480 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p_bn))
481 || !TEST_ptr(q_bn = BN_CTX_get(bn_ctx))
482 || !TEST_ptr(BN_bin2bn(q, q_len, q_bn))
483 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q_bn)))
484 goto err;
485
486 if (g != NULL) {
487 if (!TEST_ptr(g_bn = BN_CTX_get(bn_ctx))
488 || !TEST_ptr(BN_bin2bn(g, g_len, g_bn))
489 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld,
490 OSSL_PKEY_PARAM_FFC_G, g_bn)))
491 goto err;
492 }
493 if (seed != NULL) {
494 if (!TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
495 OSSL_PKEY_PARAM_FFC_SEED, seed, seed_len)))
496 goto err;
497 }
498 if (counter != -1) {
499 if (!TEST_true(OSSL_PARAM_BLD_push_int(bld,
500 OSSL_PKEY_PARAM_FFC_PCOUNTER,
501 counter)))
502 goto err;
503 }
504 if (pub != NULL) {
505 if (!TEST_ptr(pub_bn = BN_CTX_get(bn_ctx))
506 || !TEST_ptr(BN_bin2bn(pub, pub_len, pub_bn))
507 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld,
508 OSSL_PKEY_PARAM_PUB_KEY,
509 pub_bn)))
510 goto err;
511 }
512 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
513 || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "DSA", NULL))
514 || !TEST_true(EVP_PKEY_fromdata_init(ctx))
515 || !TEST_true(EVP_PKEY_fromdata(ctx, pkey, EVP_PKEY_PUBLIC_KEY, params)))
516 goto err;
517
518 ret = 1;
519 err:
520 OSSL_PARAM_BLD_free_params(params);
521 OSSL_PARAM_BLD_free(bld);
522 EVP_PKEY_CTX_free(ctx);
523 return ret;
524 }
525
526 static int dsa_pqver_test(int id)
527 {
528 int ret = 0;
529 BN_CTX *bn_ctx = NULL;
530 EVP_PKEY_CTX *key_ctx = NULL;
531 EVP_PKEY *param_key = NULL;
532 const struct dsa_pqver_st *tst = &dsa_pqver_data[id];
533
534 if (!TEST_ptr(bn_ctx = BN_CTX_new_ex(libctx))
535 || !TEST_true(dsa_create_pkey(&param_key, tst->p, tst->p_len,
536 tst->q, tst->q_len, NULL, 0,
537 tst->seed, tst->seed_len, tst->counter,
538 OSSL_FFC_PARAM_VALIDATE_PQ,
539 NULL, 0,
540 bn_ctx))
541 || !TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, param_key,
542 NULL))
543 || !TEST_int_eq(EVP_PKEY_param_check(key_ctx), tst->pass))
544 goto err;
545
546 ret = 1;
547 err:
548 BN_CTX_free(bn_ctx);
549 EVP_PKEY_free(param_key);
550 EVP_PKEY_CTX_free(key_ctx);
551 return ret;
552 }
553
554 /* Extract r and s from a dsa signature */
555 static int get_dsa_sig_rs_bytes(const unsigned char *sig, size_t sig_len,
556 unsigned char **r, unsigned char **s,
557 size_t *r_len, size_t *s_len)
558 {
559 int ret = 0;
560 unsigned char *rbuf = NULL, *sbuf = NULL;
561 size_t r1_len, s1_len;
562 const BIGNUM *r1, *s1;
563 DSA_SIG *sign = d2i_DSA_SIG(NULL, &sig, sig_len);
564
565 if (sign == NULL)
566 return 0;
567 DSA_SIG_get0(sign, &r1, &s1);
568 if (r1 == NULL || s1 == NULL)
569 return 0;
570
571 r1_len = BN_num_bytes(r1);
572 s1_len = BN_num_bytes(s1);
573 rbuf = OPENSSL_zalloc(r1_len);
574 sbuf = OPENSSL_zalloc(s1_len);
575 if (rbuf == NULL || sbuf == NULL)
576 goto err;
577 if (BN_bn2binpad(r1, rbuf, r1_len) <= 0)
578 goto err;
579 if (BN_bn2binpad(s1, sbuf, s1_len) <= 0)
580 goto err;
581 *r = rbuf;
582 *s = sbuf;
583 *r_len = r1_len;
584 *s_len = s1_len;
585 ret = 1;
586 err:
587 if (ret == 0) {
588 OPENSSL_free(rbuf);
589 OPENSSL_free(sbuf);
590 }
591 DSA_SIG_free(sign);
592 return ret;
593 }
594
595 static int dsa_siggen_test(int id)
596 {
597 int ret = 0;
598 EVP_PKEY *pkey = NULL;
599 unsigned char *sig = NULL, *r = NULL, *s = NULL;
600 size_t sig_len = 0, rlen = 0, slen = 0;
601 const struct dsa_siggen_st *tst = &dsa_siggen_data[id];
602
603 if (!TEST_ptr(pkey = dsa_keygen(tst->L, tst->N)))
604 goto err;
605
606 if (!TEST_true(sig_gen(pkey, NULL, tst->digest_alg, tst->msg, tst->msg_len,
607 &sig, &sig_len))
608 || !TEST_true(get_dsa_sig_rs_bytes(sig, sig_len, &r, &s, &rlen, &slen)))
609 goto err;
610 test_output_memory("r", r, rlen);
611 test_output_memory("s", s, slen);
612 ret = 1;
613 err:
614 OPENSSL_free(r);
615 OPENSSL_free(s);
616 OPENSSL_free(sig);
617 EVP_PKEY_free(pkey);
618 return ret;
619 }
620
621 static int dsa_sigver_test(int id)
622 {
623 int ret = 0;
624 EVP_PKEY_CTX *ctx = NULL;
625 EVP_PKEY *pkey = NULL;
626 DSA_SIG *sign = NULL;
627 size_t sig_len;
628 unsigned char *sig = NULL;
629 BIGNUM *rbn = NULL, *sbn = NULL;
630 EVP_MD *md = NULL;
631 unsigned char digest[EVP_MAX_MD_SIZE];
632 unsigned int digest_len;
633 BN_CTX *bn_ctx = NULL;
634 const struct dsa_sigver_st *tst = &dsa_sigver_data[id];
635
636 if (!TEST_ptr(bn_ctx = BN_CTX_new())
637 || !TEST_true(dsa_create_pkey(&pkey, tst->p, tst->p_len,
638 tst->q, tst->q_len, tst->g, tst->g_len,
639 NULL, 0, 0, "", tst->pub, tst->pub_len,
640 bn_ctx)))
641 goto err;
642
643 if (!TEST_ptr(sign = DSA_SIG_new())
644 || !TEST_ptr(rbn = BN_bin2bn(tst->r, tst->r_len, NULL))
645 || !TEST_ptr(sbn = BN_bin2bn(tst->s, tst->s_len, NULL))
646 || !TEST_true(DSA_SIG_set0(sign, rbn, sbn)))
647 goto err;
648 rbn = sbn = NULL;
649
650 if (!TEST_ptr(md = EVP_MD_fetch(libctx, tst->digest_alg, ""))
651 || !TEST_true(EVP_Digest(tst->msg, tst->msg_len,
652 digest, &digest_len, md, NULL)))
653 goto err;
654
655 if (!TEST_int_gt((sig_len = i2d_DSA_SIG(sign, &sig)), 0)
656 || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, ""))
657 || !TEST_int_gt(EVP_PKEY_verify_init(ctx), 0)
658 || !TEST_int_eq(EVP_PKEY_verify(ctx, sig, sig_len, digest, digest_len),
659 tst->pass))
660 goto err;
661 ret = 1;
662 err:
663 EVP_PKEY_CTX_free(ctx);
664 OPENSSL_free(sig);
665 EVP_MD_free(md);
666 DSA_SIG_free(sign);
667 EVP_PKEY_free(pkey);
668 BN_free(rbn);
669 BN_free(sbn);
670 BN_CTX_free(bn_ctx);
671 return ret;
672 }
673 #endif /* OPENSSL_NO_DSA */
674
675
676 /* cipher encrypt/decrypt */
677 static int cipher_enc(const char *alg,
678 const unsigned char *pt, size_t pt_len,
679 const unsigned char *key, size_t key_len,
680 const unsigned char *iv, size_t iv_len,
681 const unsigned char *ct, size_t ct_len,
682 int enc)
683 {
684 int ret = 0, out_len = 0, len = 0;
685 EVP_CIPHER_CTX *ctx = NULL;
686 EVP_CIPHER *cipher = NULL;
687 unsigned char out[256] = { 0 };
688
689 TEST_note("%s : %s", alg, enc ? "encrypt" : "decrypt");
690 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
691 || !TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, alg, ""))
692 || !TEST_true(EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, enc))
693 || !TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))
694 || !TEST_true(EVP_CipherUpdate(ctx, out, &len, pt, pt_len))
695 || !TEST_true(EVP_CipherFinal_ex(ctx, out + len, &out_len)))
696 goto err;
697 out_len += len;
698 if (!TEST_mem_eq(out, out_len, ct, ct_len))
699 goto err;
700 ret = 1;
701 err:
702 EVP_CIPHER_free(cipher);
703 EVP_CIPHER_CTX_free(ctx);
704 return ret;
705 }
706
707 static int cipher_enc_dec_test(int id)
708 {
709 const struct cipher_st *tst = &cipher_enc_data[id];
710 const int enc = 1;
711
712 return TEST_true(cipher_enc(tst->alg, tst->pt, tst->pt_len,
713 tst->key, tst->key_len,
714 tst->iv, tst->iv_len,
715 tst->ct, tst->ct_len, enc))
716 && TEST_true(cipher_enc(tst->alg, tst->ct, tst->ct_len,
717 tst->key, tst->key_len,
718 tst->iv, tst->iv_len,
719 tst->pt, tst->pt_len, !enc));
720 }
721
722 static int aes_ccm_enc_dec(const char *alg,
723 const unsigned char *pt, size_t pt_len,
724 const unsigned char *key, size_t key_len,
725 const unsigned char *iv, size_t iv_len,
726 const unsigned char *aad, size_t aad_len,
727 const unsigned char *ct, size_t ct_len,
728 const unsigned char *tag, size_t tag_len,
729 int enc, int pass)
730 {
731 int ret = 0;
732 EVP_CIPHER_CTX *ctx;
733 EVP_CIPHER *cipher = NULL;
734 int out_len, len;
735 unsigned char out[1024];
736
737 TEST_note("%s : %s : expected to %s", alg, enc ? "encrypt" : "decrypt",
738 pass ? "pass" : "fail");
739
740 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
741 || !TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, alg, ""))
742 || !TEST_true(EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc))
743 || !TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, iv_len,
744 NULL))
745 || !TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, tag_len,
746 enc ? NULL : (void *)tag))
747 || !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, enc))
748 || !TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))
749 || !TEST_true(EVP_CipherUpdate(ctx, NULL, &len, NULL, pt_len))
750 || !TEST_true(EVP_CipherUpdate(ctx, NULL, &len, aad, aad_len))
751 || !TEST_int_eq(EVP_CipherUpdate(ctx, out, &len, pt, pt_len), pass))
752 goto err;
753
754 if (!pass) {
755 ret = 1;
756 goto err;
757 }
758 if (!TEST_true(EVP_CipherFinal_ex(ctx, out + len, &out_len)))
759 goto err;
760 if (enc) {
761 out_len += len;
762 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG,
763 tag_len, out + out_len))
764 || !TEST_mem_eq(out, out_len, ct, ct_len)
765 || !TEST_mem_eq(out + out_len, tag_len, tag, tag_len))
766 goto err;
767 } else {
768 if (!TEST_mem_eq(out, out_len + len, ct, ct_len))
769 goto err;
770 }
771
772 ret = 1;
773 err:
774 EVP_CIPHER_free(cipher);
775 EVP_CIPHER_CTX_free(ctx);
776 return ret;
777 }
778
779 static int aes_ccm_enc_dec_test(int id)
780 {
781 const struct cipher_ccm_st *tst = &aes_ccm_enc_data[id];
782
783 /* The tag is on the end of the cipher text */
784 const size_t tag_len = tst->ct_len - tst->pt_len;
785 const size_t ct_len = tst->ct_len - tag_len;
786 const unsigned char *tag = tst->ct + ct_len;
787 const int enc = 1;
788 const int pass = 1;
789
790 if (ct_len < 1)
791 return 0;
792
793 return aes_ccm_enc_dec(tst->alg, tst->pt, tst->pt_len,
794 tst->key, tst->key_len,
795 tst->iv, tst->iv_len, tst->aad, tst->aad_len,
796 tst->ct, ct_len, tag, tag_len, enc, pass)
797 && aes_ccm_enc_dec(tst->alg, tst->ct, ct_len,
798 tst->key, tst->key_len,
799 tst->iv, tst->iv_len, tst->aad, tst->aad_len,
800 tst->pt, tst->pt_len, tag, tag_len, !enc, pass)
801 /* test that it fails if the tag is incorrect */
802 && aes_ccm_enc_dec(tst->alg, tst->ct, ct_len,
803 tst->key, tst->key_len,
804 tst->iv, tst->iv_len, tst->aad, tst->aad_len,
805 tst->pt, tst->pt_len,
806 tag - 1, tag_len, !enc, !pass);
807 }
808
809 static int aes_gcm_enc_dec(const char *alg,
810 const unsigned char *pt, size_t pt_len,
811 const unsigned char *key, size_t key_len,
812 const unsigned char *iv, size_t iv_len,
813 const unsigned char *aad, size_t aad_len,
814 const unsigned char *ct, size_t ct_len,
815 const unsigned char *tag, size_t tag_len,
816 int enc, int pass)
817 {
818 int ret = 0;
819 EVP_CIPHER_CTX *ctx;
820 EVP_CIPHER *cipher = NULL;
821 int out_len, len;
822 unsigned char out[1024];
823
824 TEST_note("%s : %s : expected to %s", alg, enc ? "encrypt" : "decrypt",
825 pass ? "pass" : "fail");
826
827 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
828 || !TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, alg, ""))
829 || !TEST_true(EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc))
830 || !TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, iv_len,
831 NULL)))
832 goto err;
833
834 if (!enc) {
835 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, tag_len,
836 (void *)tag)))
837 goto err;
838 }
839 /*
840 * For testing purposes the IV it being set here. In a compliant application
841 * the IV would be generated internally. A fake entropy source could also
842 * be used to feed in the random IV bytes (see fake_random.c)
843 */
844 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, enc))
845 || !TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))
846 || !TEST_true(EVP_CipherUpdate(ctx, NULL, &len, aad, aad_len))
847 || !TEST_true(EVP_CipherUpdate(ctx, out, &len, pt, pt_len)))
848 goto err;
849
850 if (!TEST_int_eq(EVP_CipherFinal_ex(ctx, out + len, &out_len), pass))
851 goto err;
852 if (!pass) {
853 ret = 1;
854 goto err;
855 }
856 out_len += len;
857 if (enc) {
858 if (!TEST_mem_eq(out, out_len, ct, ct_len)
859 || !TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG,
860 tag_len, out + out_len))
861 || !TEST_mem_eq(out + out_len, tag_len, tag, tag_len))
862 goto err;
863 } else {
864 if (!TEST_mem_eq(out, out_len, ct, ct_len))
865 goto err;
866 }
867
868 ret = 1;
869 err:
870 EVP_CIPHER_free(cipher);
871 EVP_CIPHER_CTX_free(ctx);
872 return ret;
873 }
874
875 static int aes_gcm_enc_dec_test(int id)
876 {
877 const struct cipher_gcm_st *tst = &aes_gcm_enc_data[id];
878 int enc = 1;
879 int pass = 1;
880
881 return aes_gcm_enc_dec(tst->alg, tst->pt, tst->pt_len,
882 tst->key, tst->key_len,
883 tst->iv, tst->iv_len, tst->aad, tst->aad_len,
884 tst->ct, tst->ct_len, tst->tag, tst->tag_len,
885 enc, pass)
886 && aes_gcm_enc_dec(tst->alg, tst->ct, tst->ct_len,
887 tst->key, tst->key_len,
888 tst->iv, tst->iv_len, tst->aad, tst->aad_len,
889 tst->pt, tst->pt_len, tst->tag, tst->tag_len,
890 !enc, pass)
891 /* Fail if incorrect tag passed to decrypt */
892 && aes_gcm_enc_dec(tst->alg, tst->ct, tst->ct_len,
893 tst->key, tst->key_len,
894 tst->iv, tst->iv_len, tst->aad, tst->aad_len,
895 tst->pt, tst->pt_len, tst->aad, tst->tag_len,
896 !enc, !pass);
897 }
898
899 #ifndef OPENSSL_NO_DH
900 static int dh_create_pkey(EVP_PKEY **pkey, const char *group_name,
901 const unsigned char *pub, size_t pub_len,
902 const unsigned char *priv, size_t priv_len,
903 BN_CTX *bn_ctx, int pass)
904 {
905 int ret = 0;
906 EVP_PKEY_CTX *ctx = NULL;
907 OSSL_PARAM_BLD *bld = NULL;
908 OSSL_PARAM *params = NULL;
909 BIGNUM *pub_bn = NULL, *priv_bn = NULL;
910
911 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
912 || (group_name != NULL
913 && !TEST_int_gt(OSSL_PARAM_BLD_push_utf8_string(
914 bld, OSSL_PKEY_PARAM_GROUP_NAME,
915 group_name, 0), 0)))
916 goto err;
917
918 if (pub != NULL) {
919 if (!TEST_ptr(pub_bn = BN_CTX_get(bn_ctx))
920 || !TEST_ptr(BN_bin2bn(pub, pub_len, pub_bn))
921 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
922 pub_bn)))
923 goto err;
924 }
925 if (priv != NULL) {
926 if (!TEST_ptr(priv_bn = BN_CTX_get(bn_ctx))
927 || !TEST_ptr(BN_bin2bn(priv, priv_len, priv_bn))
928 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
929 priv_bn)))
930 goto err;
931 }
932
933 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
934 || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "DH", NULL))
935 || !TEST_true(EVP_PKEY_fromdata_init(ctx))
936 || !TEST_int_eq(EVP_PKEY_fromdata(ctx, pkey, EVP_PKEY_KEYPAIR, params),
937 pass))
938 goto err;
939
940 ret = 1;
941 err:
942 OSSL_PARAM_BLD_free_params(params);
943 OSSL_PARAM_BLD_free(bld);
944 EVP_PKEY_CTX_free(ctx);
945 return ret;
946 }
947
948 static int dh_safe_prime_keygen_test(int id)
949 {
950 int ret = 0;
951 EVP_PKEY_CTX *ctx = NULL;
952 EVP_PKEY *pkey = NULL;
953 unsigned char *priv = NULL;
954 unsigned char *pub = NULL;
955 size_t priv_len = 0, pub_len = 0;
956 OSSL_PARAM params[2];
957 const struct dh_safe_prime_keygen_st *tst = &dh_safe_prime_keygen_data[id];
958
959 params[0] = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME,
960 (char *)tst->group_name, 0);
961 params[1] = OSSL_PARAM_construct_end();
962
963 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "DH", NULL))
964 || !TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
965 || !TEST_true(EVP_PKEY_CTX_set_params(ctx, params))
966 || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0)
967 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_PRIV_KEY,
968 &priv, &priv_len))
969 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_PUB_KEY,
970 &pub, &pub_len)))
971 goto err;
972
973 test_output_memory("x", priv, priv_len);
974 test_output_memory("y", pub, pub_len);
975 ret = 1;
976 err:
977 OPENSSL_clear_free(priv, priv_len);
978 OPENSSL_free(pub);
979 EVP_PKEY_free(pkey);
980 EVP_PKEY_CTX_free(ctx);
981 return ret;
982 }
983
984 static int dh_safe_prime_keyver_test(int id)
985 {
986 int ret = 0;
987 BN_CTX *bn_ctx = NULL;
988 EVP_PKEY_CTX *key_ctx = NULL;
989 EVP_PKEY *pkey = NULL;
990 const struct dh_safe_prime_keyver_st *tst = &dh_safe_prime_keyver_data[id];
991
992 if (!TEST_ptr(bn_ctx = BN_CTX_new_ex(libctx))
993 || !TEST_true(dh_create_pkey(&pkey, tst->group_name,
994 tst->pub, tst->pub_len,
995 tst->priv, tst->priv_len, bn_ctx, 1))
996 || !TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, ""))
997 || !TEST_int_eq(EVP_PKEY_check(key_ctx), tst->pass))
998 goto err;
999
1000 ret = 1;
1001 err:
1002 EVP_PKEY_free(pkey);
1003 EVP_PKEY_CTX_free(key_ctx);
1004 BN_CTX_free(bn_ctx);
1005 return ret;
1006 }
1007 #endif /* OPENSSL_NO_DH */
1008
1009
1010 static EVP_PKEY *rsa_keygen(int bits)
1011 {
1012 EVP_PKEY *key = NULL;
1013 EVP_PKEY_CTX *keygen_ctx = NULL;
1014
1015 if (!TEST_ptr(keygen_ctx = EVP_PKEY_CTX_new_from_name(libctx, "RSA", NULL))
1016 || !TEST_int_gt(EVP_PKEY_keygen_init(keygen_ctx), 0)
1017 || !TEST_true(EVP_PKEY_CTX_set_rsa_keygen_bits(keygen_ctx, bits))
1018 || !TEST_int_gt(EVP_PKEY_keygen(keygen_ctx, &key), 0))
1019 goto err;
1020 err:
1021 EVP_PKEY_CTX_free(keygen_ctx);
1022 return key;
1023 }
1024
1025 static int rsa_create_pkey(EVP_PKEY **pkey,
1026 const unsigned char *n, size_t n_len,
1027 const unsigned char *e, size_t e_len,
1028 const unsigned char *d, size_t d_len,
1029 BN_CTX *bn_ctx)
1030 {
1031 int ret = 0;
1032 EVP_PKEY_CTX *ctx = NULL;
1033 OSSL_PARAM_BLD *bld = NULL;
1034 OSSL_PARAM *params = NULL;
1035 BIGNUM *e_bn = NULL, *d_bn = NULL, *n_bn = NULL;
1036
1037 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
1038 || !TEST_ptr(n_bn = BN_CTX_get(bn_ctx))
1039 || !TEST_ptr(BN_bin2bn(n, n_len, n_bn))
1040 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_N, n_bn)))
1041 goto err;
1042
1043 if (e != NULL) {
1044 if (!TEST_ptr(e_bn = BN_CTX_get(bn_ctx))
1045 || !TEST_ptr(BN_bin2bn(e, e_len, e_bn))
1046 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_E,
1047 e_bn)))
1048 goto err;
1049 }
1050 if (d != NULL) {
1051 if (!TEST_ptr(d_bn = BN_CTX_get(bn_ctx))
1052 || !TEST_ptr(BN_bin2bn(d, d_len, d_bn))
1053 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_D,
1054 d_bn)))
1055 goto err;
1056 }
1057 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
1058 || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "RSA", NULL))
1059 || !TEST_true(EVP_PKEY_fromdata_init(ctx))
1060 || !TEST_true(EVP_PKEY_fromdata(ctx, pkey, EVP_PKEY_KEYPAIR, params)))
1061 goto err;
1062
1063 ret = 1;
1064 err:
1065 OSSL_PARAM_BLD_free_params(params);
1066 OSSL_PARAM_BLD_free(bld);
1067 EVP_PKEY_CTX_free(ctx);
1068 return ret;
1069 }
1070
1071 static int rsa_keygen_test(int id)
1072 {
1073 int ret = 0;
1074 EVP_PKEY_CTX *ctx = NULL;
1075 EVP_PKEY *pkey = NULL;
1076 BIGNUM *e_bn = NULL;
1077 BIGNUM *xp1_bn = NULL, *xp2_bn = NULL, *xp_bn = NULL;
1078 BIGNUM *xq1_bn = NULL, *xq2_bn = NULL, *xq_bn = NULL;
1079 unsigned char *n = NULL, *d = NULL;
1080 unsigned char *p = NULL, *p1 = NULL, *p2 = NULL;
1081 unsigned char *q = NULL, *q1 = NULL, *q2 = NULL;
1082 size_t n_len = 0, d_len = 0;
1083 size_t p_len = 0, p1_len = 0, p2_len = 0;
1084 size_t q_len = 0, q1_len = 0, q2_len = 0;
1085 OSSL_PARAM_BLD *bld = NULL;
1086 OSSL_PARAM *params = NULL;
1087 const struct rsa_keygen_st *tst = &rsa_keygen_data[id];
1088
1089 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
1090 || !TEST_ptr(xp1_bn = BN_bin2bn(tst->xp1, tst->xp1_len, NULL))
1091 || !TEST_ptr(xp2_bn = BN_bin2bn(tst->xp2, tst->xp2_len, NULL))
1092 || !TEST_ptr(xp_bn = BN_bin2bn(tst->xp, tst->xp_len, NULL))
1093 || !TEST_ptr(xq1_bn = BN_bin2bn(tst->xq1, tst->xq1_len, NULL))
1094 || !TEST_ptr(xq2_bn = BN_bin2bn(tst->xq2, tst->xq2_len, NULL))
1095 || !TEST_ptr(xq_bn = BN_bin2bn(tst->xq, tst->xq_len, NULL))
1096 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_TEST_XP1,
1097 xp1_bn))
1098 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_TEST_XP2,
1099 xp2_bn))
1100 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_TEST_XP,
1101 xp_bn))
1102 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_TEST_XQ1,
1103 xq1_bn))
1104 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_TEST_XQ2,
1105 xq2_bn))
1106 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_TEST_XQ,
1107 xq_bn))
1108 || !TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
1109 goto err;
1110
1111 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "RSA", NULL))
1112 || !TEST_ptr(e_bn = BN_bin2bn(tst->e, tst->e_len, NULL))
1113 || !TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
1114 || !TEST_true(EVP_PKEY_CTX_set_params(ctx, params))
1115 || !TEST_true(EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, tst->mod))
1116 || !TEST_true(EVP_PKEY_CTX_set1_rsa_keygen_pubexp(ctx, e_bn))
1117 || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0)
1118 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_TEST_P1,
1119 &p1, &p1_len))
1120 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_TEST_P2,
1121 &p2, &p2_len))
1122 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_TEST_Q1,
1123 &q1, &q1_len))
1124 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_TEST_Q2,
1125 &q2, &q2_len))
1126 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_FACTOR1,
1127 &p, &p_len))
1128 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_FACTOR2,
1129 &q, &q_len))
1130 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_N,
1131 &n, &n_len))
1132 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_D,
1133 &d, &d_len)))
1134 goto err;
1135
1136 if (!TEST_mem_eq(tst->p1, tst->p1_len, p1, p1_len)
1137 || !TEST_mem_eq(tst->p2, tst->p2_len, p2, p2_len)
1138 || !TEST_mem_eq(tst->p, tst->p_len, p, p_len)
1139 || !TEST_mem_eq(tst->q1, tst->q1_len, q1, q1_len)
1140 || !TEST_mem_eq(tst->q2, tst->q2_len, q2, q2_len)
1141 || !TEST_mem_eq(tst->q, tst->q_len, q, q_len)
1142 || !TEST_mem_eq(tst->n, tst->n_len, n, n_len)
1143 || !TEST_mem_eq(tst->d, tst->d_len, d, d_len))
1144 goto err;
1145
1146 test_output_memory("p1", p1, p1_len);
1147 test_output_memory("p2", p2, p2_len);
1148 test_output_memory("p", p, p_len);
1149 test_output_memory("q1", q1, q1_len);
1150 test_output_memory("q2", q2, q2_len);
1151 test_output_memory("q", q, q_len);
1152 test_output_memory("n", n, n_len);
1153 test_output_memory("d", d, d_len);
1154 ret = 1;
1155 err:
1156 BN_free(xp1_bn);
1157 BN_free(xp2_bn);
1158 BN_free(xp_bn);
1159 BN_free(xq1_bn);
1160 BN_free(xq2_bn);
1161 BN_free(xq_bn);
1162 BN_free(e_bn);
1163 OPENSSL_free(p1);
1164 OPENSSL_free(p2);
1165 OPENSSL_free(q1);
1166 OPENSSL_free(q2);
1167 OPENSSL_free(p);
1168 OPENSSL_free(q);
1169 OPENSSL_free(n);
1170 OPENSSL_free(d);
1171 EVP_PKEY_free(pkey);
1172 EVP_PKEY_CTX_free(ctx);
1173 OSSL_PARAM_BLD_free_params(params);
1174 OSSL_PARAM_BLD_free(bld);
1175 return ret;
1176 }
1177
1178 static int rsa_siggen_test(int id)
1179 {
1180 int ret = 0;
1181 EVP_PKEY *pkey = NULL;
1182 unsigned char *sig = NULL, *n = NULL, *e = NULL;
1183 size_t sig_len = 0, n_len = 0, e_len = 0;
1184 OSSL_PARAM params[4], *p;
1185 const struct rsa_siggen_st *tst = &rsa_siggen_data[id];
1186
1187 TEST_note("RSA %s signature generation", tst->sig_pad_mode);
1188
1189 p = params;
1190 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_PAD_MODE,
1191 (char *)tst->sig_pad_mode, 0);
1192 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
1193 (char *)tst->digest_alg, 0);
1194 if (tst->pss_salt_len >= 0) {
1195 int salt_len = tst->pss_salt_len;
1196
1197 *p++ = OSSL_PARAM_construct_int(OSSL_SIGNATURE_PARAM_PSS_SALTLEN,
1198 &salt_len);
1199 }
1200 *p++ = OSSL_PARAM_construct_end();
1201
1202 if (!TEST_ptr(pkey = rsa_keygen(tst->mod))
1203 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_N, &n, &n_len))
1204 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_E, &e, &e_len))
1205 || !TEST_true(sig_gen(pkey, params, tst->digest_alg,
1206 tst->msg, tst->msg_len,
1207 &sig, &sig_len)))
1208 goto err;
1209 test_output_memory("n", n, n_len);
1210 test_output_memory("e", e, e_len);
1211 test_output_memory("sig", sig, sig_len);
1212 ret = 1;
1213 err:
1214 OPENSSL_free(n);
1215 OPENSSL_free(e);
1216 OPENSSL_free(sig);
1217 EVP_PKEY_free(pkey);
1218 return ret;
1219 }
1220
1221 static int rsa_sigver_test(int id)
1222 {
1223 int ret = 0;
1224 EVP_PKEY_CTX *pkey_ctx = NULL;
1225 EVP_PKEY *pkey = NULL;
1226 EVP_MD_CTX *md_ctx = NULL;
1227 BN_CTX *bn_ctx = NULL;
1228 OSSL_PARAM params[4], *p;
1229 const struct rsa_sigver_st *tst = &rsa_sigver_data[id];
1230
1231 TEST_note("RSA %s Signature Verify : expected to %s ", tst->sig_pad_mode,
1232 tst->pass == PASS ? "pass" : "fail");
1233
1234 p = params;
1235 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_PAD_MODE,
1236 (char *)tst->sig_pad_mode, 0);
1237 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
1238 (char *)tst->digest_alg, 0);
1239 if (tst->pss_salt_len >= 0) {
1240 int salt_len = tst->pss_salt_len;
1241
1242 *p++ = OSSL_PARAM_construct_int(OSSL_SIGNATURE_PARAM_PSS_SALTLEN,
1243 &salt_len);
1244 }
1245 *p++ = OSSL_PARAM_construct_end();
1246
1247 if (!TEST_ptr(bn_ctx = BN_CTX_new())
1248 || !TEST_true(rsa_create_pkey(&pkey, tst->n, tst->n_len,
1249 tst->e, tst->e_len, NULL, 0, bn_ctx))
1250 || !TEST_ptr(md_ctx = EVP_MD_CTX_new())
1251 || !TEST_true(EVP_DigestVerifyInit_ex(md_ctx, &pkey_ctx,
1252 tst->digest_alg, libctx, NULL,
1253 pkey, NULL)
1254 || !TEST_true(EVP_PKEY_CTX_set_params(pkey_ctx, params))
1255 || !TEST_int_eq(EVP_DigestVerify(md_ctx, tst->sig, tst->sig_len,
1256 tst->msg, tst->msg_len), tst->pass)))
1257 goto err;
1258 ret = 1;
1259 err:
1260 EVP_PKEY_free(pkey);
1261 BN_CTX_free(bn_ctx);
1262 EVP_MD_CTX_free(md_ctx);
1263 return ret;
1264 }
1265
1266 static int rsa_decryption_primitive_test(int id)
1267 {
1268 int ret = 0;
1269 EVP_PKEY_CTX *ctx = NULL;
1270 EVP_PKEY *pkey = NULL;
1271 unsigned char pt[2048];
1272 size_t pt_len = sizeof(pt);
1273 unsigned char *n = NULL, *e = NULL;
1274 size_t n_len = 0, e_len = 0;
1275 BN_CTX *bn_ctx = NULL;
1276 const struct rsa_decrypt_prim_st *tst = &rsa_decrypt_prim_data[id];
1277
1278 if (!TEST_ptr(pkey = rsa_keygen(2048))
1279 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_N, &n, &n_len))
1280 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_E, &e, &e_len))
1281 || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, ""))
1282 || !TEST_int_gt(EVP_PKEY_decrypt_init(ctx), 0)
1283 || !TEST_int_gt(EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_NO_PADDING), 0))
1284 goto err;
1285
1286 test_output_memory("n", n, n_len);
1287 test_output_memory("e", e, e_len);
1288 if (!EVP_PKEY_decrypt(ctx, pt, &pt_len, tst->ct, tst->ct_len))
1289 TEST_note("Decryption Failed");
1290 else
1291 test_output_memory("pt", pt, pt_len);
1292 ret = 1;
1293 err:
1294 OPENSSL_free(n);
1295 OPENSSL_free(e);
1296 EVP_PKEY_CTX_free(ctx);
1297 EVP_PKEY_free(pkey);
1298 BN_CTX_free(bn_ctx);
1299 return ret;
1300 }
1301
1302 static int self_test_events(const OSSL_PARAM params[], void *varg)
1303 {
1304 SELF_TEST_ARGS *args = varg;
1305 const OSSL_PARAM *p = NULL;
1306 const char *phase = NULL, *type = NULL, *desc = NULL;
1307 int ret = 0;
1308
1309 if (!args->enable)
1310 return 1;
1311
1312 args->called++;
1313 p = OSSL_PARAM_locate_const(params, OSSL_PROV_PARAM_SELF_TEST_PHASE);
1314 if (p == NULL || p->data_type != OSSL_PARAM_UTF8_STRING)
1315 goto err;
1316 phase = (const char *)p->data;
1317
1318 p = OSSL_PARAM_locate_const(params, OSSL_PROV_PARAM_SELF_TEST_DESC);
1319 if (p == NULL || p->data_type != OSSL_PARAM_UTF8_STRING)
1320 goto err;
1321 desc = (const char *)p->data;
1322
1323 p = OSSL_PARAM_locate_const(params, OSSL_PROV_PARAM_SELF_TEST_TYPE);
1324 if (p == NULL || p->data_type != OSSL_PARAM_UTF8_STRING)
1325 goto err;
1326 type = (const char *)p->data;
1327
1328 BIO_printf(bio_out, "%s %s %s\n", phase, desc, type);
1329 ret = 1;
1330 err:
1331 return ret;
1332 }
1333
1334 static int drbg_test(int id)
1335 {
1336 OSSL_PARAM params[3];
1337 EVP_RAND *rand = NULL;
1338 EVP_RAND_CTX *ctx = NULL, *parent = NULL;
1339 unsigned char returned_bits[64];
1340 const size_t returned_bits_len = sizeof(returned_bits);
1341 unsigned int strength = 256;
1342 const struct drbg_st *tst = &drbg_data[id];
1343 int res = 0;
1344
1345 /* Create the seed source */
1346 if (!TEST_ptr(rand = EVP_RAND_fetch(libctx, "TEST-RAND", "-fips"))
1347 || !TEST_ptr(parent = EVP_RAND_CTX_new(rand, NULL)))
1348 goto err;
1349 EVP_RAND_free(rand);
1350 rand = NULL;
1351
1352 params[0] = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_STRENGTH, &strength);
1353 params[1] = OSSL_PARAM_construct_end();
1354 if (!TEST_true(EVP_RAND_set_ctx_params(parent, params)))
1355 goto err;
1356
1357 /* Get the DRBG */
1358 if (!TEST_ptr(rand = EVP_RAND_fetch(libctx, tst->drbg_name, ""))
1359 || !TEST_ptr(ctx = EVP_RAND_CTX_new(rand, parent)))
1360 goto err;
1361
1362 /* Set the DRBG up */
1363 params[0] = OSSL_PARAM_construct_int(OSSL_DRBG_PARAM_USE_DF,
1364 (int *)&tst->use_df);
1365 params[1] = OSSL_PARAM_construct_utf8_string(OSSL_DRBG_PARAM_CIPHER,
1366 (char *)tst->cipher, 0);
1367 params[2] = OSSL_PARAM_construct_end();
1368 if (!TEST_true(EVP_RAND_set_ctx_params(ctx, params)))
1369 goto err;
1370
1371 /* Feed in the entropy and nonce */
1372 params[0] = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY,
1373 (void *)tst->entropy_input,
1374 tst->entropy_input_len);
1375 params[1] = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_NONCE,
1376 (void *)tst->nonce,
1377 tst->nonce_len);
1378 params[2] = OSSL_PARAM_construct_end();
1379 if (!TEST_true(EVP_RAND_set_ctx_params(parent, params)))
1380 goto err;
1381
1382 /*
1383 * Run the test
1384 * A NULL personalisation string defaults to the built in so something
1385 * non-NULL is needed if there is no personalisation string
1386 */
1387 if (!TEST_true(EVP_RAND_instantiate(ctx, 0, 0, (void *)"", 0, NULL))
1388 || !TEST_true(EVP_RAND_generate(ctx, returned_bits, returned_bits_len,
1389 0, 0, NULL, 0))
1390 || !TEST_true(EVP_RAND_generate(ctx, returned_bits, returned_bits_len,
1391 0, 0, NULL, 0)))
1392 goto err;
1393
1394 test_output_memory("returned bits", returned_bits, returned_bits_len);
1395
1396 /* Clean up */
1397 if (!TEST_true(EVP_RAND_uninstantiate(ctx))
1398 || !TEST_true(EVP_RAND_uninstantiate(parent)))
1399 goto err;
1400
1401 /* Verify the output */
1402 if (!TEST_mem_eq(returned_bits, returned_bits_len,
1403 tst->returned_bits, tst->returned_bits_len))
1404 goto err;
1405 res = 1;
1406 err:
1407 EVP_RAND_CTX_free(ctx);
1408 EVP_RAND_CTX_free(parent);
1409 EVP_RAND_free(rand);
1410 return res;
1411 }
1412
1413 int setup_tests(void)
1414 {
1415 char *config_file = NULL;
1416
1417 OPTION_CHOICE o;
1418
1419 while ((o = opt_next()) != OPT_EOF) {
1420 switch (o) {
1421 case OPT_CONFIG_FILE:
1422 config_file = opt_arg();
1423 break;
1424 case OPT_TEST_CASES:
1425 break;
1426 default:
1427 case OPT_ERR:
1428 return 0;
1429 }
1430 }
1431
1432 if (!test_get_libctx(&libctx, &prov_null, config_file, NULL, NULL))
1433 return 0;
1434
1435 OSSL_SELF_TEST_set_callback(libctx, self_test_events, &self_test_args);
1436
1437 ADD_ALL_TESTS(cipher_enc_dec_test, OSSL_NELEM(cipher_enc_data));
1438 ADD_ALL_TESTS(aes_ccm_enc_dec_test, OSSL_NELEM(aes_ccm_enc_data));
1439 ADD_ALL_TESTS(aes_gcm_enc_dec_test, OSSL_NELEM(aes_gcm_enc_data));
1440
1441 ADD_ALL_TESTS(rsa_keygen_test, OSSL_NELEM(rsa_keygen_data));
1442 ADD_ALL_TESTS(rsa_siggen_test, OSSL_NELEM(rsa_siggen_data));
1443 ADD_ALL_TESTS(rsa_sigver_test, OSSL_NELEM(rsa_sigver_data));
1444 ADD_ALL_TESTS(rsa_decryption_primitive_test,
1445 OSSL_NELEM(rsa_decrypt_prim_data));
1446
1447 #ifndef OPENSSL_NO_DH
1448 ADD_ALL_TESTS(dh_safe_prime_keygen_test,
1449 OSSL_NELEM(dh_safe_prime_keygen_data));
1450 ADD_ALL_TESTS(dh_safe_prime_keyver_test,
1451 OSSL_NELEM(dh_safe_prime_keyver_data));
1452 #endif /* OPENSSL_NO_DH */
1453
1454 #ifndef OPENSSL_NO_DSA
1455 ADD_ALL_TESTS(dsa_keygen_test, OSSL_NELEM(dsa_keygen_data));
1456 ADD_ALL_TESTS(dsa_paramgen_test, OSSL_NELEM(dsa_paramgen_data));
1457 ADD_ALL_TESTS(dsa_pqver_test, OSSL_NELEM(dsa_pqver_data));
1458 ADD_ALL_TESTS(dsa_siggen_test, OSSL_NELEM(dsa_siggen_data));
1459 ADD_ALL_TESTS(dsa_sigver_test, OSSL_NELEM(dsa_sigver_data));
1460 #endif /* OPENSSL_NO_DSA */
1461
1462 #ifndef OPENSSL_NO_EC
1463 ADD_ALL_TESTS(ecdsa_keygen_test, OSSL_NELEM(ecdsa_keygen_data));
1464 ADD_ALL_TESTS(ecdsa_pub_verify_test, OSSL_NELEM(ecdsa_pv_data));
1465 ADD_ALL_TESTS(ecdsa_siggen_test, OSSL_NELEM(ecdsa_siggen_data));
1466 ADD_ALL_TESTS(ecdsa_sigver_test, OSSL_NELEM(ecdsa_sigver_data));
1467 #endif /* OPENSSL_NO_EC */
1468
1469 ADD_ALL_TESTS(drbg_test, OSSL_NELEM(drbg_data));
1470 return 1;
1471 }
1472
1473 void cleanup_tests(void)
1474 {
1475 OSSL_PROVIDER_unload(prov_null);
1476 OSSL_LIB_CTX_free(libctx);
1477 }
A mirror of the official openssl repository