[thirdparty/openssl.git] / providers / fips / self_test_kats.c

/*
 * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the OpenSSL license (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

#include <string.h>
#include <openssl/evp.h>
#include <openssl/kdf.h>
#include "internal/cryptlib.h"
#include "internal/nelem.h"
#include "self_test.h"
#include "self_test_data.inc"

static int self_test_digest(const ST_KAT_DIGEST *t, OSSL_ST_EVENT *event,
                            OPENSSL_CTX *libctx)
{
    int ok = 0;
    unsigned char out[EVP_MAX_MD_SIZE];
    unsigned int out_len = 0;
    EVP_MD_CTX *ctx = EVP_MD_CTX_new();
    EVP_MD *md = EVP_MD_fetch(libctx, t->algorithm, NULL);

    SELF_TEST_EVENT_onbegin(event, OSSL_SELF_TEST_TYPE_KAT_DIGEST, t->desc);

    if (ctx == NULL
            || md == NULL
            || !EVP_DigestInit_ex(ctx, md, NULL)
            || !EVP_DigestUpdate(ctx, t->pt, t->pt_len)
            || !EVP_DigestFinal(ctx, out, &out_len))
        goto err;

    /* Optional corruption */
    SELF_TEST_EVENT_oncorrupt_byte(event, out);

    if (out_len != t->expected_len
            || memcmp(out, t->expected, out_len) != 0)
        goto err;
    ok = 1;
err:
    SELF_TEST_EVENT_onend(event, ok);
    EVP_MD_free(md);
    EVP_MD_CTX_free(ctx);

    return ok;
}

/*
 * Helper function to setup a EVP_CipherInit
 * Used to hide the complexity of Authenticated ciphers.
 */
static int cipher_init(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                       const ST_KAT_CIPHER *t, int enc)
{
    unsigned char *in_tag = NULL;
    int pad = 0, tmp;

    /* Flag required for Key wrapping */
    EVP_CIPHER_CTX_set_flags(ctx, EVP_CIPHER_CTX_FLAG_WRAP_ALLOW);
    if (t->tag == NULL) {
        /* Use a normal cipher init */
        return EVP_CipherInit_ex(ctx, cipher, NULL, t->key, t->iv, enc)
               && EVP_CIPHER_CTX_set_padding(ctx, pad);
    }

    /* The authenticated cipher init */
    if (!enc)
        in_tag = (unsigned char *)t->tag;

    return EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc)
           && EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, t->iv_len, NULL)
           && (in_tag == NULL
               || EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, t->tag_len,
                                      in_tag))
           && EVP_CipherInit_ex(ctx, NULL, NULL, t->key, t->iv, enc)
           && EVP_CIPHER_CTX_set_padding(ctx, pad)
           && EVP_CipherUpdate(ctx, NULL, &tmp, t->aad, t->aad_len);
}

/* Test a single KAT for encrypt/decrypt */
static int self_test_cipher(const ST_KAT_CIPHER *t, OSSL_ST_EVENT *event,
                            OPENSSL_CTX *libctx)
{
    int ret = 0, encrypt = 1, len, ct_len = 0, pt_len = 0;
    EVP_CIPHER_CTX *ctx = NULL;
    EVP_CIPHER *cipher = NULL;
    unsigned char ct_buf[256] = { 0 };
    unsigned char pt_buf[256] = { 0 };

    SELF_TEST_EVENT_onbegin(event, OSSL_SELF_TEST_TYPE_KAT_CIPHER, t->base.desc);

    ctx = EVP_CIPHER_CTX_new();
    if (ctx == NULL)
        goto end;
    cipher = EVP_CIPHER_fetch(libctx, t->base.algorithm, "");
    if (cipher == NULL)
        goto end;

    /* Encrypt plain text message */
    if (!cipher_init(ctx, cipher, t, encrypt)
            || !EVP_CipherUpdate(ctx, ct_buf, &len, t->base.pt, t->base.pt_len)
            || !EVP_CipherFinal_ex(ctx, ct_buf + len, &ct_len))
        goto end;

    SELF_TEST_EVENT_oncorrupt_byte(event, ct_buf);
    ct_len += len;
    if (ct_len != (int)t->base.expected_len
        || memcmp(t->base.expected, ct_buf, ct_len) != 0)
        goto end;

    if (t->tag != NULL) {
        unsigned char tag[16] = { 0 };

        if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, t->tag_len, tag)
            || memcmp(tag, t->tag, t->tag_len) != 0)
            goto end;
    }

    if (!(cipher_init(ctx, cipher, t, !encrypt)
          && EVP_CipherUpdate(ctx, pt_buf, &len, ct_buf, ct_len)
          && EVP_CipherFinal_ex(ctx, pt_buf + len, &pt_len)))
        goto end;
    pt_len += len;

    if (pt_len != (int)t->base.pt_len
            || memcmp(pt_buf, t->base.pt, pt_len) != 0)
        goto end;

    ret = 1;
end:
    EVP_CIPHER_free(cipher);
    EVP_CIPHER_CTX_free(ctx);
    SELF_TEST_EVENT_onend(event, ret);
    return ret;
}

static int self_test_kdf(const ST_KAT_KDF *t, OSSL_ST_EVENT *event,
                         OPENSSL_CTX *libctx)
{
    int ret = 0;
    int i, numparams;
    unsigned char out[64];
    EVP_KDF *kdf = NULL;
    EVP_KDF_CTX *ctx = NULL;
    OSSL_PARAM params[16];
    const OSSL_PARAM *settables = NULL;

    numparams = OSSL_NELEM(params);
    SELF_TEST_EVENT_onbegin(event, OSSL_SELF_TEST_TYPE_KAT_KDF, t->desc);

    /* Zeroize the params array to avoid mem leaks on error */
    for (i = 0; i < numparams; ++i)
        params[i] = OSSL_PARAM_construct_end();

    kdf = EVP_KDF_fetch(libctx, t->algorithm, "");
    ctx = EVP_KDF_CTX_new(kdf);
    if (ctx == NULL)
        goto end;

    settables = EVP_KDF_settable_ctx_params(kdf);
    for (i = 0; t->ctrls[i].name != NULL; ++i) {
        if (!ossl_assert(i < (numparams - 1)))
            goto end;
        if (!OSSL_PARAM_allocate_from_text(&params[i], settables,
                                           t->ctrls[i].name,
                                           t->ctrls[i].value,
                                           strlen(t->ctrls[i].value), NULL))
            goto end;
    }
    if (!EVP_KDF_CTX_set_params(ctx, params))
        goto end;

    if (t->expected_len > sizeof(out))
        goto end;
    if (EVP_KDF_derive(ctx, out, t->expected_len) <= 0)
        goto end;

    SELF_TEST_EVENT_oncorrupt_byte(event, out);

    if (memcmp(out, t->expected,  t->expected_len) != 0)
        goto end;

    ret = 1;
end:
    for (i = 0; params[i].key != NULL; ++i)
        OPENSSL_free(params[i].data);
    EVP_KDF_free(kdf);
    EVP_KDF_CTX_free(ctx);
    SELF_TEST_EVENT_onend(event, ret);
    return ret;
}

/*
 * Test a data driven list of KAT's for digest algorithms.
 * All tests are run regardless of if they fail or not.
 * Return 0 if any test fails.
 */
static int self_test_digests(OSSL_ST_EVENT *event, OPENSSL_CTX *libctx)
{
    int i, ret = 1;

    for (i = 0; i < (int)OSSL_NELEM(st_kat_digest_tests); ++i) {
        if (!self_test_digest(&st_kat_digest_tests[i], event, libctx))
            ret = 0;
    }
    return ret;
}

static int self_test_ciphers(OSSL_ST_EVENT *event, OPENSSL_CTX *libctx)
{
    int i, ret = 1;

    for (i = 0; i < (int)OSSL_NELEM(st_kat_cipher_tests); ++i) {
        if (!self_test_cipher(&st_kat_cipher_tests[i], event, libctx))
            ret = 0;
    }
    return ret;
}

static int self_test_kdfs(OSSL_ST_EVENT *event, OPENSSL_CTX *libctx)
{
    int i, ret = 1;

    for (i = 0; i < (int)OSSL_NELEM(st_kat_kdf_tests); ++i) {
        if (!self_test_kdf(&st_kat_kdf_tests[i], event, libctx))
            ret = 0;
    }
    return ret;
}

/*
 * Run the algorithm KAT's.
 * Return 1 is successful, otherwise return 0.
 * This runs all the tests regardless of if any fail.
 *
 * TODO(3.0) Add self tests for KA, DRBG, Sign/Verify when they become available
 */
int SELF_TEST_kats(OSSL_ST_EVENT *event, OPENSSL_CTX *libctx)
{
    int ret = 1;

    if (!self_test_digests(event, libctx))
        ret = 0;
    if (!self_test_ciphers(event, libctx))
        ret = 0;
    if (!self_test_kdfs(event, libctx))
        ret = 0;

    return ret;
}
Commit	Line	Data
36fc5fc6	1	/*
d5e66eab	2	* Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved.
36fc5fc6 SL	3	*
	4	* Licensed under the OpenSSL license (the "License"). You may not use
	5	* this file except in compliance with the License. You can obtain a copy
	6	* in the file LICENSE in the source distribution or at
	7	* https://www.openssl.org/source/license.html
	8	*/
	9
	10	#include <string.h>
	11	#include <openssl/evp.h>
	12	#include <openssl/kdf.h>
d5e66eab	13	#include "internal/cryptlib.h"
36fc5fc6 SL	14	#include "internal/nelem.h"
	15	#include "self_test.h"
	16	#include "self_test_data.inc"
	17
	18	static int self_test_digest(const ST_KAT_DIGEST t, OSSL_ST_EVENT event,
	19	OPENSSL_CTX *libctx)
	20	{
	21	int ok = 0;
	22	unsigned char out[EVP_MAX_MD_SIZE];
	23	unsigned int out_len = 0;
	24	EVP_MD_CTX *ctx = EVP_MD_CTX_new();
	25	EVP_MD *md = EVP_MD_fetch(libctx, t->algorithm, NULL);
	26
	27	SELF_TEST_EVENT_onbegin(event, OSSL_SELF_TEST_TYPE_KAT_DIGEST, t->desc);
	28
	29	if (ctx == NULL
	30	\|\| md == NULL
	31	\|\| !EVP_DigestInit_ex(ctx, md, NULL)
	32	\|\| !EVP_DigestUpdate(ctx, t->pt, t->pt_len)
	33	\|\| !EVP_DigestFinal(ctx, out, &out_len))
	34	goto err;
	35
	36	/* Optional corruption */
	37	SELF_TEST_EVENT_oncorrupt_byte(event, out);
	38
	39	if (out_len != t->expected_len
	40	\|\| memcmp(out, t->expected, out_len) != 0)
	41	goto err;
	42	ok = 1;
	43	err:
	44	SELF_TEST_EVENT_onend(event, ok);
	45	EVP_MD_free(md);
	46	EVP_MD_CTX_free(ctx);
	47
	48	return ok;
	49	}
	50
	51	/*
	52	* Helper function to setup a EVP_CipherInit
	53	* Used to hide the complexity of Authenticated ciphers.
	54	*/
	55	static int cipher_init(EVP_CIPHER_CTX ctx, const EVP_CIPHER cipher,
	56	const ST_KAT_CIPHER *t, int enc)
	57	{
	58	unsigned char *in_tag = NULL;
	59	int pad = 0, tmp;
	60
	61	/* Flag required for Key wrapping */
	62	EVP_CIPHER_CTX_set_flags(ctx, EVP_CIPHER_CTX_FLAG_WRAP_ALLOW);
	63	if (t->tag == NULL) {
	64	/* Use a normal cipher init */
	65	return EVP_CipherInit_ex(ctx, cipher, NULL, t->key, t->iv, enc)
	66	&& EVP_CIPHER_CTX_set_padding(ctx, pad);
	67	}
	68
	69	/* The authenticated cipher init */
	70	if (!enc)
	71	in_tag = (unsigned char *)t->tag;
	72
	73	return EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc)
	74	&& EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, t->iv_len, NULL)
	75	&& (in_tag == NULL
	76	\|\| EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, t->tag_len,
	77	in_tag))
78	&& EVP_CipherInit_ex(ctx, NULL, NULL, t->key, t->iv, enc)
79	&& EVP_CIPHER_CTX_set_padding(ctx, pad)
80	&& EVP_CipherUpdate(ctx, NULL, &tmp, t->aad, t->aad_len);
81	}
82
83	/* Test a single KAT for encrypt/decrypt */
84	static int self_test_cipher(const ST_KAT_CIPHER t, OSSL_ST_EVENT event,
85	OPENSSL_CTX *libctx)
86	{
87	int ret = 0, encrypt = 1, len, ct_len = 0, pt_len = 0;
88	EVP_CIPHER_CTX *ctx = NULL;
89	EVP_CIPHER *cipher = NULL;
90	unsigned char ct_buf[256] = { 0 };
91	unsigned char pt_buf[256] = { 0 };
92
93	SELF_TEST_EVENT_onbegin(event, OSSL_SELF_TEST_TYPE_KAT_CIPHER, t->base.desc);
94
95	ctx = EVP_CIPHER_CTX_new();
96	if (ctx == NULL)
97	goto end;
98	cipher = EVP_CIPHER_fetch(libctx, t->base.algorithm, "");
99	if (cipher == NULL)
100	goto end;
101
102	/* Encrypt plain text message */
103	if (!cipher_init(ctx, cipher, t, encrypt)
104	\|\| !EVP_CipherUpdate(ctx, ct_buf, &len, t->base.pt, t->base.pt_len)
105	\|\| !EVP_CipherFinal_ex(ctx, ct_buf + len, &ct_len))
106	goto end;
107
108	SELF_TEST_EVENT_oncorrupt_byte(event, ct_buf);
109	ct_len += len;
110	if (ct_len != (int)t->base.expected_len
111	\|\| memcmp(t->base.expected, ct_buf, ct_len) != 0)
112	goto end;
113
114	if (t->tag != NULL) {
115	unsigned char tag[16] = { 0 };
116
117	if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, t->tag_len, tag)
118	\|\| memcmp(tag, t->tag, t->tag_len) != 0)
119	goto end;
120	}
121
122	if (!(cipher_init(ctx, cipher, t, !encrypt)
123	&& EVP_CipherUpdate(ctx, pt_buf, &len, ct_buf, ct_len)
124	&& EVP_CipherFinal_ex(ctx, pt_buf + len, &pt_len)))
125	goto end;
126	pt_len += len;
127
128	if (pt_len != (int)t->base.pt_len
129	\|\| memcmp(pt_buf, t->base.pt, pt_len) != 0)
130	goto end;
131
132	ret = 1;
133	end:
134	EVP_CIPHER_free(cipher);
135	EVP_CIPHER_CTX_free(ctx);
136	SELF_TEST_EVENT_onend(event, ret);
137	return ret;
138	}
139
140	static int self_test_kdf(const ST_KAT_KDF t, OSSL_ST_EVENT event,
141	OPENSSL_CTX *libctx)
142	{
143	int ret = 0;
d5e66eab	144	int i, numparams;
36fc5fc6 SL	145	unsigned char out[64];
	146	EVP_KDF *kdf = NULL;
	147	EVP_KDF_CTX *ctx = NULL;
	148	OSSL_PARAM params[16];
	149	const OSSL_PARAM *settables = NULL;
	150
d5e66eab	151	numparams = OSSL_NELEM(params);
36fc5fc6 SL	152	SELF_TEST_EVENT_onbegin(event, OSSL_SELF_TEST_TYPE_KAT_KDF, t->desc);
36fc5fc6 SL	153
d5e66eab SL	154	/* Zeroize the params array to avoid mem leaks on error */
	155	for (i = 0; i < numparams; ++i)
	156	params[i] = OSSL_PARAM_construct_end();
	157
36fc5fc6 SL	158	kdf = EVP_KDF_fetch(libctx, t->algorithm, "");
	159	ctx = EVP_KDF_CTX_new(kdf);
	160	if (ctx == NULL)
	161	goto end;
	162
	163	settables = EVP_KDF_settable_ctx_params(kdf);
	164	for (i = 0; t->ctrls[i].name != NULL; ++i) {
d5e66eab SL	165	if (!ossl_assert(i < (numparams - 1)))
d5e66eab SL	166	goto end;
36fc5fc6 SL	167	if (!OSSL_PARAM_allocate_from_text(&params[i], settables,
	168	t->ctrls[i].name,
	169	t->ctrls[i].value,
2ee0dfa6	170	strlen(t->ctrls[i].value), NULL))
36fc5fc6 SL	171	goto end;
36fc5fc6 SL	172	}
36fc5fc6 SL	173	if (!EVP_KDF_CTX_set_params(ctx, params))
	174	goto end;
	175
	176	if (t->expected_len > sizeof(out))
	177	goto end;
	178	if (EVP_KDF_derive(ctx, out, t->expected_len) <= 0)
	179	goto end;
	180
	181	SELF_TEST_EVENT_oncorrupt_byte(event, out);
	182
	183	if (memcmp(out, t->expected, t->expected_len) != 0)
	184	goto end;
	185
	186	ret = 1;
	187	end:
	188	for (i = 0; params[i].key != NULL; ++i)
	189	OPENSSL_free(params[i].data);
	190	EVP_KDF_free(kdf);
	191	EVP_KDF_CTX_free(ctx);
	192	SELF_TEST_EVENT_onend(event, ret);
	193	return ret;
	194	}
	195
	196	/*
	197	* Test a data driven list of KAT's for digest algorithms.
	198	* All tests are run regardless of if they fail or not.
	199	* Return 0 if any test fails.
	200	*/
	201	static int self_test_digests(OSSL_ST_EVENT event, OPENSSL_CTX libctx)
	202	{
	203	int i, ret = 1;
	204
	205	for (i = 0; i < (int)OSSL_NELEM(st_kat_digest_tests); ++i) {
	206	if (!self_test_digest(&st_kat_digest_tests[i], event, libctx))
	207	ret = 0;
	208	}
	209	return ret;
	210	}
	211
	212	static int self_test_ciphers(OSSL_ST_EVENT event, OPENSSL_CTX libctx)
	213	{
	214	int i, ret = 1;
	215
	216	for (i = 0; i < (int)OSSL_NELEM(st_kat_cipher_tests); ++i) {
	217	if (!self_test_cipher(&st_kat_cipher_tests[i], event, libctx))
	218	ret = 0;
	219	}
	220	return ret;
	221	}
	222
	223	static int self_test_kdfs(OSSL_ST_EVENT event, OPENSSL_CTX libctx)
	224	{
	225	int i, ret = 1;
	226
	227	for (i = 0; i < (int)OSSL_NELEM(st_kat_kdf_tests); ++i) {
	228	if (!self_test_kdf(&st_kat_kdf_tests[i], event, libctx))
	229	ret = 0;
	230	}
	231	return ret;
	232	}
	233
	234	/*
	235	* Run the algorithm KAT's.
	236	* Return 1 is successful, otherwise return 0.
237	* This runs all the tests regardless of if any fail.
238	*
239	* TODO(3.0) Add self tests for KA, DRBG, Sign/Verify when they become available
240	*/
241	int SELF_TEST_kats(OSSL_ST_EVENT event, OPENSSL_CTX libctx)
242	{
243	int ret = 1;
244
245	if (!self_test_digests(event, libctx))
246	ret = 0;
247	if (!self_test_ciphers(event, libctx))
248	ret = 0;
249	if (!self_test_kdfs(event, libctx))
250	ret = 0;
251
252	return ret;
253	}