]>
Commit | Line | Data |
---|---|---|
36fc5fc6 | 1 | /* |
4333b89f | 2 | * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. |
36fc5fc6 | 3 | * |
a6ed19dc | 4 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
36fc5fc6 SL |
5 | * this file except in compliance with the License. You can obtain a copy |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
8 | */ | |
9 | ||
10 | #include <string.h> | |
11 | #include <openssl/evp.h> | |
12 | #include <openssl/kdf.h> | |
ec4d1b8f SL |
13 | #include <openssl/core_names.h> |
14 | #include <openssl/param_build.h> | |
d5e66eab | 15 | #include "internal/cryptlib.h" |
36fc5fc6 SL |
16 | #include "internal/nelem.h" |
17 | #include "self_test.h" | |
18 | #include "self_test_data.inc" | |
19 | ||
47c239c6 | 20 | static int self_test_digest(const ST_KAT_DIGEST *t, OSSL_SELF_TEST *st, |
b4250010 | 21 | OSSL_LIB_CTX *libctx) |
36fc5fc6 SL |
22 | { |
23 | int ok = 0; | |
24 | unsigned char out[EVP_MAX_MD_SIZE]; | |
25 | unsigned int out_len = 0; | |
26 | EVP_MD_CTX *ctx = EVP_MD_CTX_new(); | |
27 | EVP_MD *md = EVP_MD_fetch(libctx, t->algorithm, NULL); | |
28 | ||
47c239c6 | 29 | OSSL_SELF_TEST_onbegin(st, OSSL_SELF_TEST_TYPE_KAT_DIGEST, t->desc); |
36fc5fc6 SL |
30 | |
31 | if (ctx == NULL | |
32 | || md == NULL | |
33 | || !EVP_DigestInit_ex(ctx, md, NULL) | |
34 | || !EVP_DigestUpdate(ctx, t->pt, t->pt_len) | |
35 | || !EVP_DigestFinal(ctx, out, &out_len)) | |
36 | goto err; | |
37 | ||
38 | /* Optional corruption */ | |
47c239c6 | 39 | OSSL_SELF_TEST_oncorrupt_byte(st, out); |
36fc5fc6 SL |
40 | |
41 | if (out_len != t->expected_len | |
42 | || memcmp(out, t->expected, out_len) != 0) | |
43 | goto err; | |
44 | ok = 1; | |
45 | err: | |
36fc5fc6 SL |
46 | EVP_MD_free(md); |
47 | EVP_MD_CTX_free(ctx); | |
ec4d1b8f | 48 | OSSL_SELF_TEST_onend(st, ok); |
36fc5fc6 SL |
49 | return ok; |
50 | } | |
51 | ||
52 | /* | |
53 | * Helper function to setup a EVP_CipherInit | |
54 | * Used to hide the complexity of Authenticated ciphers. | |
55 | */ | |
56 | static int cipher_init(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, | |
57 | const ST_KAT_CIPHER *t, int enc) | |
58 | { | |
59 | unsigned char *in_tag = NULL; | |
60 | int pad = 0, tmp; | |
61 | ||
62 | /* Flag required for Key wrapping */ | |
63 | EVP_CIPHER_CTX_set_flags(ctx, EVP_CIPHER_CTX_FLAG_WRAP_ALLOW); | |
64 | if (t->tag == NULL) { | |
65 | /* Use a normal cipher init */ | |
66 | return EVP_CipherInit_ex(ctx, cipher, NULL, t->key, t->iv, enc) | |
67 | && EVP_CIPHER_CTX_set_padding(ctx, pad); | |
68 | } | |
69 | ||
70 | /* The authenticated cipher init */ | |
71 | if (!enc) | |
72 | in_tag = (unsigned char *)t->tag; | |
73 | ||
74 | return EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc) | |
75 | && EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, t->iv_len, NULL) | |
76 | && (in_tag == NULL | |
77 | || EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, t->tag_len, | |
78 | in_tag)) | |
79 | && EVP_CipherInit_ex(ctx, NULL, NULL, t->key, t->iv, enc) | |
80 | && EVP_CIPHER_CTX_set_padding(ctx, pad) | |
81 | && EVP_CipherUpdate(ctx, NULL, &tmp, t->aad, t->aad_len); | |
82 | } | |
83 | ||
84 | /* Test a single KAT for encrypt/decrypt */ | |
47c239c6 | 85 | static int self_test_cipher(const ST_KAT_CIPHER *t, OSSL_SELF_TEST *st, |
b4250010 | 86 | OSSL_LIB_CTX *libctx) |
36fc5fc6 SL |
87 | { |
88 | int ret = 0, encrypt = 1, len, ct_len = 0, pt_len = 0; | |
89 | EVP_CIPHER_CTX *ctx = NULL; | |
90 | EVP_CIPHER *cipher = NULL; | |
91 | unsigned char ct_buf[256] = { 0 }; | |
92 | unsigned char pt_buf[256] = { 0 }; | |
93 | ||
47c239c6 | 94 | OSSL_SELF_TEST_onbegin(st, OSSL_SELF_TEST_TYPE_KAT_CIPHER, t->base.desc); |
36fc5fc6 SL |
95 | |
96 | ctx = EVP_CIPHER_CTX_new(); | |
97 | if (ctx == NULL) | |
980a880e | 98 | goto err; |
36fc5fc6 SL |
99 | cipher = EVP_CIPHER_fetch(libctx, t->base.algorithm, ""); |
100 | if (cipher == NULL) | |
980a880e | 101 | goto err; |
36fc5fc6 SL |
102 | |
103 | /* Encrypt plain text message */ | |
104 | if (!cipher_init(ctx, cipher, t, encrypt) | |
105 | || !EVP_CipherUpdate(ctx, ct_buf, &len, t->base.pt, t->base.pt_len) | |
106 | || !EVP_CipherFinal_ex(ctx, ct_buf + len, &ct_len)) | |
980a880e | 107 | goto err; |
36fc5fc6 | 108 | |
47c239c6 | 109 | OSSL_SELF_TEST_oncorrupt_byte(st, ct_buf); |
36fc5fc6 SL |
110 | ct_len += len; |
111 | if (ct_len != (int)t->base.expected_len | |
112 | || memcmp(t->base.expected, ct_buf, ct_len) != 0) | |
980a880e | 113 | goto err; |
36fc5fc6 SL |
114 | |
115 | if (t->tag != NULL) { | |
116 | unsigned char tag[16] = { 0 }; | |
117 | ||
118 | if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, t->tag_len, tag) | |
119 | || memcmp(tag, t->tag, t->tag_len) != 0) | |
980a880e | 120 | goto err; |
36fc5fc6 SL |
121 | } |
122 | ||
123 | if (!(cipher_init(ctx, cipher, t, !encrypt) | |
124 | && EVP_CipherUpdate(ctx, pt_buf, &len, ct_buf, ct_len) | |
125 | && EVP_CipherFinal_ex(ctx, pt_buf + len, &pt_len))) | |
980a880e | 126 | goto err; |
36fc5fc6 SL |
127 | pt_len += len; |
128 | ||
129 | if (pt_len != (int)t->base.pt_len | |
130 | || memcmp(pt_buf, t->base.pt, pt_len) != 0) | |
980a880e | 131 | goto err; |
36fc5fc6 SL |
132 | |
133 | ret = 1; | |
980a880e | 134 | err: |
36fc5fc6 SL |
135 | EVP_CIPHER_free(cipher); |
136 | EVP_CIPHER_CTX_free(ctx); | |
47c239c6 | 137 | OSSL_SELF_TEST_onend(st, ret); |
36fc5fc6 SL |
138 | return ret; |
139 | } | |
140 | ||
ec4d1b8f SL |
141 | static int add_params(OSSL_PARAM_BLD *bld, const ST_KAT_PARAM *params, |
142 | BN_CTX *ctx) | |
143 | { | |
144 | int ret = 0; | |
145 | const ST_KAT_PARAM *p; | |
146 | ||
147 | if (params == NULL) | |
148 | return 1; | |
149 | for (p = params; p->data != NULL; ++p) | |
150 | { | |
151 | switch (p->type) { | |
152 | case OSSL_PARAM_UNSIGNED_INTEGER: { | |
153 | BIGNUM *bn = BN_CTX_get(ctx); | |
154 | ||
155 | if (bn == NULL | |
156 | || (BN_bin2bn(p->data, p->data_len, bn) == NULL) | |
157 | || !OSSL_PARAM_BLD_push_BN(bld, p->name, bn)) | |
158 | goto err; | |
159 | break; | |
160 | } | |
161 | case OSSL_PARAM_UTF8_STRING: { | |
a8eb71ad RL |
162 | if (!OSSL_PARAM_BLD_push_utf8_string(bld, p->name, p->data, |
163 | p->data_len)) | |
ec4d1b8f SL |
164 | goto err; |
165 | break; | |
166 | } | |
167 | case OSSL_PARAM_OCTET_STRING: { | |
168 | if (!OSSL_PARAM_BLD_push_octet_string(bld, p->name, p->data, | |
169 | p->data_len)) | |
170 | goto err; | |
171 | break; | |
172 | } | |
acd3e548 SL |
173 | case OSSL_PARAM_INTEGER: { |
174 | if (!OSSL_PARAM_BLD_push_int(bld, p->name, *(int *)p->data)) | |
175 | goto err; | |
176 | break; | |
177 | } | |
ec4d1b8f SL |
178 | default: |
179 | break; | |
180 | } | |
181 | } | |
182 | ret = 1; | |
183 | err: | |
184 | return ret; | |
185 | } | |
186 | ||
47c239c6 | 187 | static int self_test_kdf(const ST_KAT_KDF *t, OSSL_SELF_TEST *st, |
b4250010 | 188 | OSSL_LIB_CTX *libctx) |
36fc5fc6 SL |
189 | { |
190 | int ret = 0; | |
acd3e548 | 191 | unsigned char out[128]; |
36fc5fc6 SL |
192 | EVP_KDF *kdf = NULL; |
193 | EVP_KDF_CTX *ctx = NULL; | |
ec4d1b8f SL |
194 | BN_CTX *bnctx = NULL; |
195 | OSSL_PARAM *params = NULL; | |
196 | OSSL_PARAM_BLD *bld = NULL; | |
36fc5fc6 | 197 | |
47c239c6 | 198 | OSSL_SELF_TEST_onbegin(st, OSSL_SELF_TEST_TYPE_KAT_KDF, t->desc); |
36fc5fc6 | 199 | |
ec4d1b8f SL |
200 | bld = OSSL_PARAM_BLD_new(); |
201 | if (bld == NULL) | |
202 | goto err; | |
d5e66eab | 203 | |
36fc5fc6 | 204 | kdf = EVP_KDF_fetch(libctx, t->algorithm, ""); |
ec4d1b8f SL |
205 | if (kdf == NULL) |
206 | goto err; | |
207 | ||
660c5344 | 208 | ctx = EVP_KDF_CTX_new(kdf); |
36fc5fc6 | 209 | if (ctx == NULL) |
980a880e | 210 | goto err; |
36fc5fc6 | 211 | |
ec4d1b8f SL |
212 | bnctx = BN_CTX_new_ex(libctx); |
213 | if (bnctx == NULL) | |
214 | goto err; | |
215 | if (!add_params(bld, t->params, bnctx)) | |
216 | goto err; | |
217 | params = OSSL_PARAM_BLD_to_param(bld); | |
218 | if (params == NULL) | |
219 | goto err; | |
36fc5fc6 SL |
220 | |
221 | if (t->expected_len > sizeof(out)) | |
980a880e | 222 | goto err; |
6bcd32a4 | 223 | if (EVP_KDF_derive(ctx, out, t->expected_len, params) <= 0) |
980a880e | 224 | goto err; |
36fc5fc6 | 225 | |
47c239c6 | 226 | OSSL_SELF_TEST_oncorrupt_byte(st, out); |
36fc5fc6 SL |
227 | |
228 | if (memcmp(out, t->expected, t->expected_len) != 0) | |
980a880e | 229 | goto err; |
36fc5fc6 SL |
230 | |
231 | ret = 1; | |
980a880e | 232 | err: |
36fc5fc6 | 233 | EVP_KDF_free(kdf); |
660c5344 | 234 | EVP_KDF_CTX_free(ctx); |
ec4d1b8f | 235 | BN_CTX_free(bnctx); |
3f883c7c | 236 | OSSL_PARAM_free(params); |
ec4d1b8f | 237 | OSSL_PARAM_BLD_free(bld); |
47c239c6 | 238 | OSSL_SELF_TEST_onend(st, ret); |
36fc5fc6 SL |
239 | return ret; |
240 | } | |
241 | ||
47c239c6 | 242 | static int self_test_drbg(const ST_KAT_DRBG *t, OSSL_SELF_TEST *st, |
b4250010 | 243 | OSSL_LIB_CTX *libctx) |
980a880e SL |
244 | { |
245 | int ret = 0; | |
246 | unsigned char out[256]; | |
6154f9a7 P |
247 | EVP_RAND *rand; |
248 | EVP_RAND_CTX *test = NULL, *drbg = NULL; | |
249 | unsigned int strength = 256; | |
980a880e SL |
250 | int prediction_resistance = 1; /* Causes a reseed */ |
251 | OSSL_PARAM drbg_params[3] = { | |
252 | OSSL_PARAM_END, OSSL_PARAM_END, OSSL_PARAM_END | |
253 | }; | |
254 | ||
47c239c6 | 255 | OSSL_SELF_TEST_onbegin(st, OSSL_SELF_TEST_TYPE_DRBG, t->desc); |
980a880e | 256 | |
6154f9a7 P |
257 | rand = EVP_RAND_fetch(libctx, "TEST-RAND", NULL); |
258 | if (rand == NULL) | |
259 | goto err; | |
980a880e | 260 | |
6154f9a7 P |
261 | test = EVP_RAND_CTX_new(rand, NULL); |
262 | EVP_RAND_free(rand); | |
263 | if (test == NULL) | |
980a880e SL |
264 | goto err; |
265 | ||
6154f9a7 P |
266 | drbg_params[0] = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_STRENGTH, |
267 | &strength); | |
268 | if (!EVP_RAND_set_ctx_params(test, drbg_params)) | |
980a880e SL |
269 | goto err; |
270 | ||
6154f9a7 P |
271 | rand = EVP_RAND_fetch(libctx, t->algorithm, NULL); |
272 | if (rand == NULL) | |
273 | goto err; | |
274 | ||
275 | drbg = EVP_RAND_CTX_new(rand, test); | |
276 | EVP_RAND_free(rand); | |
277 | if (drbg == NULL) | |
278 | goto err; | |
279 | ||
280 | strength = EVP_RAND_strength(drbg); | |
281 | ||
282 | drbg_params[0] = OSSL_PARAM_construct_utf8_string(t->param_name, | |
283 | t->param_value, 0); | |
284 | /* This is only used by HMAC-DRBG but it is ignored by the others */ | |
285 | drbg_params[1] = | |
286 | OSSL_PARAM_construct_utf8_string(OSSL_DRBG_PARAM_MAC, "HMAC", 0); | |
287 | if (!EVP_RAND_set_ctx_params(drbg, drbg_params)) | |
980a880e SL |
288 | goto err; |
289 | ||
290 | drbg_params[0] = | |
6154f9a7 P |
291 | OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY, |
292 | (void *)t->entropyin, | |
293 | t->entropyinlen); | |
980a880e | 294 | drbg_params[1] = |
6154f9a7 | 295 | OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_NONCE, |
980a880e | 296 | (void *)t->nonce, t->noncelen); |
8d5b197b | 297 | if (!EVP_RAND_instantiate(test, strength, 0, NULL, 0, drbg_params)) |
6154f9a7 | 298 | goto err; |
8d5b197b P |
299 | if (!EVP_RAND_instantiate(drbg, strength, 0, t->persstr, t->persstrlen, |
300 | NULL)) | |
980a880e SL |
301 | goto err; |
302 | ||
303 | drbg_params[0] = | |
6154f9a7 | 304 | OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY, |
980a880e SL |
305 | (void *)t->entropyinpr1, |
306 | t->entropyinpr1len); | |
6154f9a7 P |
307 | if (!EVP_RAND_set_ctx_params(test, drbg_params)) |
308 | goto err; | |
980a880e | 309 | |
6154f9a7 P |
310 | if (!EVP_RAND_generate(drbg, out, t->expectedlen, strength, |
311 | prediction_resistance, | |
312 | t->entropyaddin1, t->entropyaddin1len)) | |
980a880e SL |
313 | goto err; |
314 | ||
315 | drbg_params[0] = | |
6154f9a7 | 316 | OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY, |
980a880e SL |
317 | (void *)t->entropyinpr2, |
318 | t->entropyinpr2len); | |
6154f9a7 P |
319 | if (!EVP_RAND_set_ctx_params(test, drbg_params)) |
320 | goto err; | |
321 | ||
7d6766cb P |
322 | /* |
323 | * This calls ossl_prov_drbg_reseed() internally when | |
324 | * prediction_resistance = 1 | |
325 | */ | |
6154f9a7 P |
326 | if (!EVP_RAND_generate(drbg, out, t->expectedlen, strength, |
327 | prediction_resistance, | |
328 | t->entropyaddin2, t->entropyaddin2len)) | |
980a880e SL |
329 | goto err; |
330 | ||
47c239c6 | 331 | OSSL_SELF_TEST_oncorrupt_byte(st, out); |
980a880e SL |
332 | |
333 | if (memcmp(out, t->expected, t->expectedlen) != 0) | |
334 | goto err; | |
335 | ||
6154f9a7 | 336 | if (!EVP_RAND_uninstantiate(drbg)) |
980a880e SL |
337 | goto err; |
338 | /* | |
7d6766cb P |
339 | * Check that the DRBG data has been zeroized after |
340 | * ossl_prov_drbg_uninstantiate. | |
980a880e | 341 | */ |
6154f9a7 | 342 | if (!EVP_RAND_verify_zeroization(drbg)) |
e7045215 DMSP |
343 | goto err; |
344 | ||
980a880e SL |
345 | ret = 1; |
346 | err: | |
6154f9a7 P |
347 | EVP_RAND_CTX_free(drbg); |
348 | EVP_RAND_CTX_free(test); | |
47c239c6 | 349 | OSSL_SELF_TEST_onend(st, ret); |
980a880e SL |
350 | return ret; |
351 | } | |
352 | ||
cbb85bda | 353 | #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC) |
ec4d1b8f | 354 | static int self_test_ka(const ST_KAT_KAS *t, |
b4250010 | 355 | OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx) |
ec4d1b8f SL |
356 | { |
357 | int ret = 0; | |
358 | EVP_PKEY_CTX *kactx = NULL, *dctx = NULL; | |
359 | EVP_PKEY *pkey = NULL, *peerkey = NULL; | |
360 | OSSL_PARAM *params = NULL; | |
361 | OSSL_PARAM *params_peer = NULL; | |
362 | unsigned char secret[256]; | |
6d9a54c6 | 363 | size_t secret_len = sizeof(secret); |
ec4d1b8f SL |
364 | OSSL_PARAM_BLD *bld = NULL; |
365 | BN_CTX *bnctx = NULL; | |
366 | ||
367 | OSSL_SELF_TEST_onbegin(st, OSSL_SELF_TEST_TYPE_KAT_KA, t->desc); | |
368 | ||
369 | bnctx = BN_CTX_new_ex(libctx); | |
370 | if (bnctx == NULL) | |
371 | goto err; | |
372 | ||
373 | bld = OSSL_PARAM_BLD_new(); | |
374 | if (bld == NULL) | |
375 | goto err; | |
376 | ||
377 | if (!add_params(bld, t->key_group, bnctx) | |
378 | || !add_params(bld, t->key_host_data, bnctx)) | |
379 | goto err; | |
380 | params = OSSL_PARAM_BLD_to_param(bld); | |
381 | ||
382 | if (!add_params(bld, t->key_group, bnctx) | |
383 | || !add_params(bld, t->key_peer_data, bnctx)) | |
384 | goto err; | |
385 | ||
386 | params_peer = OSSL_PARAM_BLD_to_param(bld); | |
387 | if (params == NULL || params_peer == NULL) | |
388 | goto err; | |
389 | ||
390 | /* Create a EVP_PKEY_CTX to load the DH keys into */ | |
391 | kactx = EVP_PKEY_CTX_new_from_name(libctx, t->algorithm, ""); | |
392 | if (kactx == NULL) | |
393 | goto err; | |
2db985b7 SL |
394 | if (EVP_PKEY_fromdata_init(kactx) <= 0 |
395 | || EVP_PKEY_fromdata(kactx, &pkey, EVP_PKEY_KEYPAIR, params) <= 0) | |
ec4d1b8f | 396 | goto err; |
2db985b7 SL |
397 | if (EVP_PKEY_fromdata_init(kactx) <= 0 |
398 | || EVP_PKEY_fromdata(kactx, &peerkey, EVP_PKEY_KEYPAIR, params_peer) <= 0) | |
ec4d1b8f SL |
399 | goto err; |
400 | ||
401 | /* Create a EVP_PKEY_CTX to perform key derivation */ | |
402 | dctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, NULL); | |
403 | if (dctx == NULL) | |
404 | goto err; | |
405 | ||
406 | if (EVP_PKEY_derive_init(dctx) <= 0 | |
407 | || EVP_PKEY_derive_set_peer(dctx, peerkey) <= 0 | |
408 | || EVP_PKEY_derive(dctx, secret, &secret_len) <= 0) | |
409 | goto err; | |
410 | ||
411 | OSSL_SELF_TEST_oncorrupt_byte(st, secret); | |
412 | ||
413 | if (secret_len != t->expected_len | |
414 | || memcmp(secret, t->expected, t->expected_len) != 0) | |
415 | goto err; | |
416 | ret = 1; | |
417 | err: | |
418 | BN_CTX_free(bnctx); | |
419 | EVP_PKEY_free(pkey); | |
420 | EVP_PKEY_free(peerkey); | |
421 | EVP_PKEY_CTX_free(kactx); | |
422 | EVP_PKEY_CTX_free(dctx); | |
3f883c7c SL |
423 | OSSL_PARAM_free(params_peer); |
424 | OSSL_PARAM_free(params); | |
ec4d1b8f SL |
425 | OSSL_PARAM_BLD_free(bld); |
426 | OSSL_SELF_TEST_onend(st, ret); | |
427 | return ret; | |
428 | } | |
cbb85bda | 429 | #endif /* !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC) */ |
ec4d1b8f SL |
430 | |
431 | static int self_test_sign(const ST_KAT_SIGN *t, | |
b4250010 | 432 | OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx) |
ec4d1b8f SL |
433 | { |
434 | int ret = 0; | |
435 | OSSL_PARAM *params = NULL, *params_sig = NULL; | |
436 | OSSL_PARAM_BLD *bld = NULL; | |
437 | EVP_PKEY_CTX *sctx = NULL, *kctx = NULL; | |
438 | EVP_PKEY *pkey = NULL; | |
439 | unsigned char sig[256]; | |
440 | BN_CTX *bnctx = NULL; | |
441 | size_t siglen = 0; | |
442 | static const unsigned char dgst[] = { | |
443 | 0x7f, 0x83, 0xb1, 0x65, 0x7f, 0xf1, 0xfc, 0x53, 0xb9, 0x2d, 0xc1, 0x81, | |
444 | 0x48, 0xa1, 0xd6, 0x5d, 0xfc, 0x2d, 0x4b, 0x1f, 0xa3, 0xd6, 0x77, 0x28, | |
445 | 0x4a, 0xdd, 0xd2, 0x00, 0x12, 0x6d, 0x90, 0x69 | |
446 | }; | |
447 | ||
448 | OSSL_SELF_TEST_onbegin(st, OSSL_SELF_TEST_TYPE_KAT_SIGNATURE, t->desc); | |
449 | ||
450 | bnctx = BN_CTX_new_ex(libctx); | |
451 | if (bnctx == NULL) | |
452 | goto err; | |
453 | ||
454 | bld = OSSL_PARAM_BLD_new(); | |
455 | if (bld == NULL) | |
456 | goto err; | |
457 | ||
458 | if (!add_params(bld, t->key, bnctx)) | |
459 | goto err; | |
460 | params = OSSL_PARAM_BLD_to_param(bld); | |
461 | ||
462 | /* Create a EVP_PKEY_CTX to load the DSA key into */ | |
463 | kctx = EVP_PKEY_CTX_new_from_name(libctx, t->algorithm, ""); | |
464 | if (kctx == NULL || params == NULL) | |
465 | goto err; | |
2db985b7 SL |
466 | if (EVP_PKEY_fromdata_init(kctx) <= 0 |
467 | || EVP_PKEY_fromdata(kctx, &pkey, EVP_PKEY_KEYPAIR, params) <= 0) | |
ec4d1b8f SL |
468 | goto err; |
469 | ||
470 | /* Create a EVP_PKEY_CTX to use for the signing operation */ | |
471 | sctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, NULL); | |
472 | if (sctx == NULL | |
473 | || EVP_PKEY_sign_init(sctx) <= 0) | |
474 | goto err; | |
475 | ||
476 | /* set signature parameters */ | |
477 | if (!OSSL_PARAM_BLD_push_utf8_string(bld, OSSL_SIGNATURE_PARAM_DIGEST, | |
478 | t->mdalgorithm, | |
479 | strlen(t->mdalgorithm) + 1)) | |
480 | goto err; | |
481 | params_sig = OSSL_PARAM_BLD_to_param(bld); | |
482 | if (EVP_PKEY_CTX_set_params(sctx, params_sig) <= 0) | |
483 | goto err; | |
484 | ||
485 | if (EVP_PKEY_sign(sctx, sig, &siglen, dgst, sizeof(dgst)) <= 0 | |
486 | || EVP_PKEY_verify_init(sctx) <= 0 | |
487 | || EVP_PKEY_CTX_set_params(sctx, params_sig) <= 0) | |
488 | goto err; | |
489 | ||
490 | /* | |
491 | * Used by RSA, for other key types where the signature changes, we | |
492 | * can only use the verify. | |
493 | */ | |
494 | if (t->sig_expected != NULL | |
495 | && (siglen != t->sig_expected_len | |
496 | || memcmp(sig, t->sig_expected, t->sig_expected_len) != 0)) | |
497 | goto err; | |
498 | ||
499 | OSSL_SELF_TEST_oncorrupt_byte(st, sig); | |
500 | if (EVP_PKEY_verify(sctx, sig, siglen, dgst, sizeof(dgst)) <= 0) | |
501 | goto err; | |
502 | ret = 1; | |
503 | err: | |
504 | BN_CTX_free(bnctx); | |
505 | EVP_PKEY_free(pkey); | |
506 | EVP_PKEY_CTX_free(kctx); | |
507 | EVP_PKEY_CTX_free(sctx); | |
3f883c7c SL |
508 | OSSL_PARAM_free(params); |
509 | OSSL_PARAM_free(params_sig); | |
ec4d1b8f SL |
510 | OSSL_PARAM_BLD_free(bld); |
511 | OSSL_SELF_TEST_onend(st, ret); | |
512 | return ret; | |
513 | } | |
514 | ||
4343a418 SL |
515 | /* |
516 | * Test an encrypt or decrypt KAT.. | |
517 | * | |
518 | * FIPS 140-2 IG D.9 states that separate KAT tests are needed for encrypt | |
519 | * and decrypt.. | |
520 | */ | |
521 | static int self_test_asym_cipher(const ST_KAT_ASYM_CIPHER *t, OSSL_SELF_TEST *st, | |
b4250010 | 522 | OSSL_LIB_CTX *libctx) |
4343a418 SL |
523 | { |
524 | int ret = 0; | |
525 | OSSL_PARAM *keyparams = NULL, *initparams = NULL; | |
526 | OSSL_PARAM_BLD *keybld = NULL, *initbld = NULL; | |
527 | EVP_PKEY_CTX *encctx = NULL, *keyctx = NULL; | |
528 | EVP_PKEY *key = NULL; | |
529 | BN_CTX *bnctx = NULL; | |
530 | unsigned char out[256]; | |
531 | size_t outlen = sizeof(out); | |
532 | ||
533 | OSSL_SELF_TEST_onbegin(st, OSSL_SELF_TEST_TYPE_KAT_ASYM_CIPHER, t->desc); | |
534 | ||
535 | bnctx = BN_CTX_new_ex(libctx); | |
536 | if (bnctx == NULL) | |
537 | goto err; | |
538 | ||
539 | /* Load a public or private key from data */ | |
540 | keybld = OSSL_PARAM_BLD_new(); | |
541 | if (keybld == NULL | |
542 | || !add_params(keybld, t->key, bnctx)) | |
543 | goto err; | |
544 | keyparams = OSSL_PARAM_BLD_to_param(keybld); | |
545 | keyctx = EVP_PKEY_CTX_new_from_name(libctx, t->algorithm, NULL); | |
546 | if (keyctx == NULL || keyparams == NULL) | |
547 | goto err; | |
2db985b7 SL |
548 | if (EVP_PKEY_fromdata_init(keyctx) <= 0 |
549 | || EVP_PKEY_fromdata(keyctx, &key, EVP_PKEY_KEYPAIR, keyparams) <= 0) | |
4343a418 SL |
550 | goto err; |
551 | ||
552 | /* Create a EVP_PKEY_CTX to use for the encrypt or decrypt operation */ | |
553 | encctx = EVP_PKEY_CTX_new_from_pkey(libctx, key, NULL); | |
554 | if (encctx == NULL | |
555 | || (t->encrypt && EVP_PKEY_encrypt_init(encctx) <= 0) | |
556 | || (!t->encrypt && EVP_PKEY_decrypt_init(encctx) <= 0)) | |
557 | goto err; | |
558 | ||
559 | /* Add any additional parameters such as padding */ | |
560 | if (t->postinit != NULL) { | |
561 | initbld = OSSL_PARAM_BLD_new(); | |
562 | if (initbld == NULL) | |
563 | goto err; | |
564 | if (!add_params(initbld, t->postinit, bnctx)) | |
565 | goto err; | |
566 | initparams = OSSL_PARAM_BLD_to_param(initbld); | |
567 | if (initparams == NULL) | |
568 | goto err; | |
569 | if (EVP_PKEY_CTX_set_params(encctx, initparams) <= 0) | |
570 | goto err; | |
571 | } | |
572 | ||
573 | if (t->encrypt) { | |
574 | if (EVP_PKEY_encrypt(encctx, out, &outlen, | |
575 | t->in, t->in_len) <= 0) | |
576 | goto err; | |
577 | } else { | |
578 | if (EVP_PKEY_decrypt(encctx, out, &outlen, | |
579 | t->in, t->in_len) <= 0) | |
580 | goto err; | |
581 | } | |
582 | /* Check the KAT */ | |
583 | OSSL_SELF_TEST_oncorrupt_byte(st, out); | |
584 | if (outlen != t->expected_len | |
585 | || memcmp(out, t->expected, t->expected_len) != 0) | |
586 | goto err; | |
587 | ||
588 | ret = 1; | |
589 | err: | |
590 | BN_CTX_free(bnctx); | |
591 | EVP_PKEY_free(key); | |
592 | EVP_PKEY_CTX_free(encctx); | |
593 | EVP_PKEY_CTX_free(keyctx); | |
3f883c7c | 594 | OSSL_PARAM_free(keyparams); |
4343a418 | 595 | OSSL_PARAM_BLD_free(keybld); |
3f883c7c | 596 | OSSL_PARAM_free(initparams); |
4343a418 SL |
597 | OSSL_PARAM_BLD_free(initbld); |
598 | OSSL_SELF_TEST_onend(st, ret); | |
599 | return ret; | |
600 | } | |
601 | ||
36fc5fc6 SL |
602 | /* |
603 | * Test a data driven list of KAT's for digest algorithms. | |
604 | * All tests are run regardless of if they fail or not. | |
605 | * Return 0 if any test fails. | |
606 | */ | |
b4250010 | 607 | static int self_test_digests(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx) |
36fc5fc6 SL |
608 | { |
609 | int i, ret = 1; | |
610 | ||
611 | for (i = 0; i < (int)OSSL_NELEM(st_kat_digest_tests); ++i) { | |
47c239c6 | 612 | if (!self_test_digest(&st_kat_digest_tests[i], st, libctx)) |
36fc5fc6 SL |
613 | ret = 0; |
614 | } | |
615 | return ret; | |
616 | } | |
617 | ||
b4250010 | 618 | static int self_test_ciphers(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx) |
36fc5fc6 SL |
619 | { |
620 | int i, ret = 1; | |
621 | ||
622 | for (i = 0; i < (int)OSSL_NELEM(st_kat_cipher_tests); ++i) { | |
47c239c6 | 623 | if (!self_test_cipher(&st_kat_cipher_tests[i], st, libctx)) |
36fc5fc6 SL |
624 | ret = 0; |
625 | } | |
626 | return ret; | |
627 | } | |
628 | ||
b4250010 | 629 | static int self_test_asym_ciphers(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx) |
4343a418 SL |
630 | { |
631 | int i, ret = 1; | |
632 | ||
633 | for (i = 0; i < (int)OSSL_NELEM(st_kat_asym_cipher_tests); ++i) { | |
634 | if (!self_test_asym_cipher(&st_kat_asym_cipher_tests[i], st, libctx)) | |
635 | ret = 0; | |
636 | } | |
637 | return ret; | |
638 | } | |
639 | ||
b4250010 | 640 | static int self_test_kdfs(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx) |
36fc5fc6 SL |
641 | { |
642 | int i, ret = 1; | |
643 | ||
644 | for (i = 0; i < (int)OSSL_NELEM(st_kat_kdf_tests); ++i) { | |
47c239c6 | 645 | if (!self_test_kdf(&st_kat_kdf_tests[i], st, libctx)) |
36fc5fc6 SL |
646 | ret = 0; |
647 | } | |
648 | return ret; | |
649 | } | |
650 | ||
b4250010 | 651 | static int self_test_drbgs(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx) |
980a880e SL |
652 | { |
653 | int i, ret = 1; | |
654 | ||
655 | for (i = 0; i < (int)OSSL_NELEM(st_kat_drbg_tests); ++i) { | |
47c239c6 | 656 | if (!self_test_drbg(&st_kat_drbg_tests[i], st, libctx)) |
980a880e SL |
657 | ret = 0; |
658 | } | |
659 | return ret; | |
660 | } | |
661 | ||
b4250010 | 662 | static int self_test_kas(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx) |
ec4d1b8f | 663 | { |
cbb85bda MC |
664 | int ret = 1; |
665 | #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC) | |
666 | int i; | |
ec4d1b8f SL |
667 | |
668 | for (i = 0; i < (int)OSSL_NELEM(st_kat_kas_tests); ++i) { | |
669 | if (!self_test_ka(&st_kat_kas_tests[i], st, libctx)) | |
670 | ret = 0; | |
671 | } | |
cbb85bda MC |
672 | #endif |
673 | ||
ec4d1b8f SL |
674 | return ret; |
675 | } | |
676 | ||
b4250010 | 677 | static int self_test_signatures(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx) |
ec4d1b8f SL |
678 | { |
679 | int i, ret = 1; | |
680 | ||
681 | for (i = 0; i < (int)OSSL_NELEM(st_kat_sign_tests); ++i) { | |
682 | if (!self_test_sign(&st_kat_sign_tests[i], st, libctx)) | |
683 | ret = 0; | |
684 | } | |
685 | return ret; | |
686 | } | |
687 | ||
36fc5fc6 SL |
688 | /* |
689 | * Run the algorithm KAT's. | |
690 | * Return 1 is successful, otherwise return 0. | |
691 | * This runs all the tests regardless of if any fail. | |
36fc5fc6 | 692 | */ |
b4250010 | 693 | int SELF_TEST_kats(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx) |
36fc5fc6 SL |
694 | { |
695 | int ret = 1; | |
696 | ||
47c239c6 | 697 | if (!self_test_digests(st, libctx)) |
36fc5fc6 | 698 | ret = 0; |
47c239c6 | 699 | if (!self_test_ciphers(st, libctx)) |
36fc5fc6 | 700 | ret = 0; |
ec4d1b8f SL |
701 | if (!self_test_signatures(st, libctx)) |
702 | ret = 0; | |
47c239c6 | 703 | if (!self_test_kdfs(st, libctx)) |
36fc5fc6 | 704 | ret = 0; |
47c239c6 | 705 | if (!self_test_drbgs(st, libctx)) |
980a880e | 706 | ret = 0; |
ec4d1b8f SL |
707 | if (!self_test_kas(st, libctx)) |
708 | ret = 0; | |
4343a418 SL |
709 | if (!self_test_asym_ciphers(st, libctx)) |
710 | ret = 0; | |
36fc5fc6 SL |
711 | |
712 | return ret; | |
713 | } |