]> git.ipfire.org Git - thirdparty/openssl.git/blame - providers/fips/self_test_kats.c
projects / thirdparty / openssl.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Replace OSSL_PARAM_BLD_free_params() with OSSL_PARAM_free().
[thirdparty/openssl.git] / providers / fips / self_test_kats.c
CommitLineData
36fc5fc6 1/*
4333b89f 2 * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
36fc5fc6 3 *
a6ed19dc 4 * Licensed under the Apache License 2.0 (the "License"). You may not use
36fc5fc6
SL		 5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10#include <string.h>
11#include <openssl/evp.h>
12#include <openssl/kdf.h>
ec4d1b8f
SL		 13#include <openssl/core_names.h>
14#include <openssl/param_build.h>
d5e66eab 15#include "internal/cryptlib.h"
36fc5fc6
SL		 16#include "internal/nelem.h"
17#include "self_test.h"
18#include "self_test_data.inc"
19
47c239c6 20static int self_test_digest(const ST_KAT_DIGEST *t, OSSL_SELF_TEST *st,
b4250010 21 OSSL_LIB_CTX *libctx)
36fc5fc6
SL		 22{
23 int ok = 0;
24 unsigned char out[EVP_MAX_MD_SIZE];
25 unsigned int out_len = 0;
26 EVP_MD_CTX *ctx = EVP_MD_CTX_new();
27 EVP_MD *md = EVP_MD_fetch(libctx, t->algorithm, NULL);
28
47c239c6 29 OSSL_SELF_TEST_onbegin(st, OSSL_SELF_TEST_TYPE_KAT_DIGEST, t->desc);
36fc5fc6
SL		 30
31 if (ctx == NULL
32 || md == NULL
33 || !EVP_DigestInit_ex(ctx, md, NULL)
34 || !EVP_DigestUpdate(ctx, t->pt, t->pt_len)
35 || !EVP_DigestFinal(ctx, out, &out_len))
36 goto err;
37
38 /* Optional corruption */
47c239c6 39 OSSL_SELF_TEST_oncorrupt_byte(st, out);
36fc5fc6
SL		 40
41 if (out_len != t->expected_len
42 || memcmp(out, t->expected, out_len) != 0)
43 goto err;
44 ok = 1;
45err:
36fc5fc6
SL		 46 EVP_MD_free(md);
47 EVP_MD_CTX_free(ctx);
ec4d1b8f 48 OSSL_SELF_TEST_onend(st, ok);
36fc5fc6
SL		 49 return ok;
50}
51
52/*
53 * Helper function to setup a EVP_CipherInit
54 * Used to hide the complexity of Authenticated ciphers.
55 */
56static int cipher_init(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
57 const ST_KAT_CIPHER *t, int enc)
58{
59 unsigned char *in_tag = NULL;
60 int pad = 0, tmp;
61
62 /* Flag required for Key wrapping */
63 EVP_CIPHER_CTX_set_flags(ctx, EVP_CIPHER_CTX_FLAG_WRAP_ALLOW);
64 if (t->tag == NULL) {
65 /* Use a normal cipher init */
66 return EVP_CipherInit_ex(ctx, cipher, NULL, t->key, t->iv, enc)
67 && EVP_CIPHER_CTX_set_padding(ctx, pad);
68 }
69
70 /* The authenticated cipher init */
71 if (!enc)
72 in_tag = (unsigned char *)t->tag;
73
74 return EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc)
75 && EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, t->iv_len, NULL)
76 && (in_tag == NULL
77 || EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, t->tag_len,
78 in_tag))
79 && EVP_CipherInit_ex(ctx, NULL, NULL, t->key, t->iv, enc)
80 && EVP_CIPHER_CTX_set_padding(ctx, pad)
81 && EVP_CipherUpdate(ctx, NULL, &tmp, t->aad, t->aad_len);
82}
83
84/* Test a single KAT for encrypt/decrypt */
47c239c6 85static int self_test_cipher(const ST_KAT_CIPHER *t, OSSL_SELF_TEST *st,
b4250010 86 OSSL_LIB_CTX *libctx)
36fc5fc6
SL		 87{
88 int ret = 0, encrypt = 1, len, ct_len = 0, pt_len = 0;
89 EVP_CIPHER_CTX *ctx = NULL;
90 EVP_CIPHER *cipher = NULL;
91 unsigned char ct_buf[256] = { 0 };
92 unsigned char pt_buf[256] = { 0 };
93
47c239c6 94 OSSL_SELF_TEST_onbegin(st, OSSL_SELF_TEST_TYPE_KAT_CIPHER, t->base.desc);
36fc5fc6
SL		 95
96 ctx = EVP_CIPHER_CTX_new();
97 if (ctx == NULL)
980a880e 98 goto err;
36fc5fc6
SL		 99 cipher = EVP_CIPHER_fetch(libctx, t->base.algorithm, "");
100 if (cipher == NULL)
980a880e 101 goto err;
36fc5fc6
SL		 102
103 /* Encrypt plain text message */
104 if (!cipher_init(ctx, cipher, t, encrypt)
105 || !EVP_CipherUpdate(ctx, ct_buf, &len, t->base.pt, t->base.pt_len)
106 || !EVP_CipherFinal_ex(ctx, ct_buf + len, &ct_len))
980a880e 107 goto err;
36fc5fc6 108
47c239c6 109 OSSL_SELF_TEST_oncorrupt_byte(st, ct_buf);
36fc5fc6
SL		 110 ct_len += len;
111 if (ct_len != (int)t->base.expected_len
112 || memcmp(t->base.expected, ct_buf, ct_len) != 0)
980a880e 113 goto err;
36fc5fc6
SL		 114
115 if (t->tag != NULL) {
116 unsigned char tag[16] = { 0 };
117
118 if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, t->tag_len, tag)
119 || memcmp(tag, t->tag, t->tag_len) != 0)
980a880e 120 goto err;
36fc5fc6
SL		 121 }
122
123 if (!(cipher_init(ctx, cipher, t, !encrypt)
124 && EVP_CipherUpdate(ctx, pt_buf, &len, ct_buf, ct_len)
125 && EVP_CipherFinal_ex(ctx, pt_buf + len, &pt_len)))
980a880e 126 goto err;
36fc5fc6
SL		 127 pt_len += len;
128
129 if (pt_len != (int)t->base.pt_len
130 || memcmp(pt_buf, t->base.pt, pt_len) != 0)
980a880e 131 goto err;
36fc5fc6
SL		 132
133 ret = 1;
980a880e 134err:
36fc5fc6
SL		 135 EVP_CIPHER_free(cipher);
136 EVP_CIPHER_CTX_free(ctx);
47c239c6 137 OSSL_SELF_TEST_onend(st, ret);
36fc5fc6
SL		 138 return ret;
139}
140
ec4d1b8f
SL		 141static int add_params(OSSL_PARAM_BLD *bld, const ST_KAT_PARAM *params,
142 BN_CTX *ctx)
143{
144 int ret = 0;
145 const ST_KAT_PARAM *p;
146
147 if (params == NULL)
148 return 1;
149 for (p = params; p->data != NULL; ++p)
150 {
151 switch (p->type) {
152 case OSSL_PARAM_UNSIGNED_INTEGER: {
153 BIGNUM *bn = BN_CTX_get(ctx);
154
155 if (bn == NULL
156 || (BN_bin2bn(p->data, p->data_len, bn) == NULL)
157 || !OSSL_PARAM_BLD_push_BN(bld, p->name, bn))
158 goto err;
159 break;
160 }
161 case OSSL_PARAM_UTF8_STRING: {
a8eb71ad
RL		 162 if (!OSSL_PARAM_BLD_push_utf8_string(bld, p->name, p->data,
163 p->data_len))
ec4d1b8f
SL		 164 goto err;
165 break;
166 }
167 case OSSL_PARAM_OCTET_STRING: {
168 if (!OSSL_PARAM_BLD_push_octet_string(bld, p->name, p->data,
169 p->data_len))
170 goto err;
171 break;
172 }
acd3e548
SL		 173 case OSSL_PARAM_INTEGER: {
174 if (!OSSL_PARAM_BLD_push_int(bld, p->name, *(int *)p->data))
175 goto err;
176 break;
177 }
ec4d1b8f
SL		 178 default:
179 break;
180 }
181 }
182 ret = 1;
183err:
184 return ret;
185}
186
47c239c6 187static int self_test_kdf(const ST_KAT_KDF *t, OSSL_SELF_TEST *st,
b4250010 188 OSSL_LIB_CTX *libctx)
36fc5fc6
SL		 189{
190 int ret = 0;
acd3e548 191 unsigned char out[128];
36fc5fc6
SL		 192 EVP_KDF *kdf = NULL;
193 EVP_KDF_CTX *ctx = NULL;
ec4d1b8f
SL		 194 BN_CTX *bnctx = NULL;
195 OSSL_PARAM *params = NULL;
196 OSSL_PARAM_BLD *bld = NULL;
36fc5fc6 197
47c239c6 198 OSSL_SELF_TEST_onbegin(st, OSSL_SELF_TEST_TYPE_KAT_KDF, t->desc);
36fc5fc6 199
ec4d1b8f
SL		 200 bld = OSSL_PARAM_BLD_new();
201 if (bld == NULL)
202 goto err;
d5e66eab 203
36fc5fc6 204 kdf = EVP_KDF_fetch(libctx, t->algorithm, "");
ec4d1b8f
SL		 205 if (kdf == NULL)
206 goto err;
207
660c5344 208 ctx = EVP_KDF_CTX_new(kdf);
36fc5fc6 209 if (ctx == NULL)
980a880e 210 goto err;
36fc5fc6 211
ec4d1b8f
SL		 212 bnctx = BN_CTX_new_ex(libctx);
213 if (bnctx == NULL)
214 goto err;
215 if (!add_params(bld, t->params, bnctx))
216 goto err;
217 params = OSSL_PARAM_BLD_to_param(bld);
218 if (params == NULL)
219 goto err;
36fc5fc6
SL		 220
221 if (t->expected_len > sizeof(out))
980a880e 222 goto err;
6bcd32a4 223 if (EVP_KDF_derive(ctx, out, t->expected_len, params) <= 0)
980a880e 224 goto err;
36fc5fc6 225
47c239c6 226 OSSL_SELF_TEST_oncorrupt_byte(st, out);
36fc5fc6
SL		 227
228 if (memcmp(out, t->expected, t->expected_len) != 0)
980a880e 229 goto err;
36fc5fc6
SL		 230
231 ret = 1;
980a880e 232err:
36fc5fc6 233 EVP_KDF_free(kdf);
660c5344 234 EVP_KDF_CTX_free(ctx);
ec4d1b8f 235 BN_CTX_free(bnctx);
3f883c7c 236 OSSL_PARAM_free(params);
ec4d1b8f 237 OSSL_PARAM_BLD_free(bld);
47c239c6 238 OSSL_SELF_TEST_onend(st, ret);
36fc5fc6
SL		 239 return ret;
240}
241
47c239c6 242static int self_test_drbg(const ST_KAT_DRBG *t, OSSL_SELF_TEST *st,
b4250010 243 OSSL_LIB_CTX *libctx)
980a880e
SL		 244{
245 int ret = 0;
246 unsigned char out[256];
6154f9a7
P		 247 EVP_RAND *rand;
248 EVP_RAND_CTX *test = NULL, *drbg = NULL;
249 unsigned int strength = 256;
980a880e
SL		 250 int prediction_resistance = 1; /* Causes a reseed */
251 OSSL_PARAM drbg_params[3] = {
252 OSSL_PARAM_END, OSSL_PARAM_END, OSSL_PARAM_END
253 };
254
47c239c6 255 OSSL_SELF_TEST_onbegin(st, OSSL_SELF_TEST_TYPE_DRBG, t->desc);
980a880e 256
6154f9a7
P		 257 rand = EVP_RAND_fetch(libctx, "TEST-RAND", NULL);
258 if (rand == NULL)
259 goto err;
980a880e 260
6154f9a7
P		 261 test = EVP_RAND_CTX_new(rand, NULL);
262 EVP_RAND_free(rand);
263 if (test == NULL)
980a880e
SL		 264 goto err;
265
6154f9a7
P		 266 drbg_params[0] = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_STRENGTH,
267 &strength);
268 if (!EVP_RAND_set_ctx_params(test, drbg_params))
980a880e
SL		 269 goto err;
270
6154f9a7
P		 271 rand = EVP_RAND_fetch(libctx, t->algorithm, NULL);
272 if (rand == NULL)
273 goto err;
274
275 drbg = EVP_RAND_CTX_new(rand, test);
276 EVP_RAND_free(rand);
277 if (drbg == NULL)
278 goto err;
279
280 strength = EVP_RAND_strength(drbg);
281
282 drbg_params[0] = OSSL_PARAM_construct_utf8_string(t->param_name,
283 t->param_value, 0);
284 /* This is only used by HMAC-DRBG but it is ignored by the others */
285 drbg_params[1] =
286 OSSL_PARAM_construct_utf8_string(OSSL_DRBG_PARAM_MAC, "HMAC", 0);
287 if (!EVP_RAND_set_ctx_params(drbg, drbg_params))
980a880e
SL		 288 goto err;
289
290 drbg_params[0] =
6154f9a7
P		 291 OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY,
292 (void *)t->entropyin,
293 t->entropyinlen);
980a880e 294 drbg_params[1] =
6154f9a7 295 OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_NONCE,
980a880e 296 (void *)t->nonce, t->noncelen);
8d5b197b 297 if (!EVP_RAND_instantiate(test, strength, 0, NULL, 0, drbg_params))
6154f9a7 298 goto err;
8d5b197b
P		 299 if (!EVP_RAND_instantiate(drbg, strength, 0, t->persstr, t->persstrlen,
300 NULL))
980a880e
SL		 301 goto err;
302
303 drbg_params[0] =
6154f9a7 304 OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY,
980a880e
SL		 305 (void *)t->entropyinpr1,
306 t->entropyinpr1len);
6154f9a7
P		 307 if (!EVP_RAND_set_ctx_params(test, drbg_params))
308 goto err;
980a880e 309
6154f9a7
P		 310 if (!EVP_RAND_generate(drbg, out, t->expectedlen, strength,
311 prediction_resistance,
312 t->entropyaddin1, t->entropyaddin1len))
980a880e
SL		 313 goto err;
314
315 drbg_params[0] =
6154f9a7 316 OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY,
980a880e
SL		 317 (void *)t->entropyinpr2,
318 t->entropyinpr2len);
6154f9a7
P		 319 if (!EVP_RAND_set_ctx_params(test, drbg_params))
320 goto err;
321
7d6766cb
P		 322 /*
323 * This calls ossl_prov_drbg_reseed() internally when
324 * prediction_resistance = 1
325 */
6154f9a7
P		 326 if (!EVP_RAND_generate(drbg, out, t->expectedlen, strength,
327 prediction_resistance,
328 t->entropyaddin2, t->entropyaddin2len))
980a880e
SL		 329 goto err;
330
47c239c6 331 OSSL_SELF_TEST_oncorrupt_byte(st, out);
980a880e
SL		 332
333 if (memcmp(out, t->expected, t->expectedlen) != 0)
334 goto err;
335
6154f9a7 336 if (!EVP_RAND_uninstantiate(drbg))
980a880e
SL		 337 goto err;
338 /*
7d6766cb
P		 339 * Check that the DRBG data has been zeroized after
340 * ossl_prov_drbg_uninstantiate.
980a880e 341 */
6154f9a7 342 if (!EVP_RAND_verify_zeroization(drbg))
e7045215
DMSP		 343 goto err;
344
980a880e
SL		 345 ret = 1;
346err:
6154f9a7
P		 347 EVP_RAND_CTX_free(drbg);
348 EVP_RAND_CTX_free(test);
47c239c6 349 OSSL_SELF_TEST_onend(st, ret);
980a880e
SL		 350 return ret;
351}
352
cbb85bda 353#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)
ec4d1b8f 354static int self_test_ka(const ST_KAT_KAS *t,
b4250010 355 OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx)
ec4d1b8f
SL		 356{
357 int ret = 0;
358 EVP_PKEY_CTX *kactx = NULL, *dctx = NULL;
359 EVP_PKEY *pkey = NULL, *peerkey = NULL;
360 OSSL_PARAM *params = NULL;
361 OSSL_PARAM *params_peer = NULL;
362 unsigned char secret[256];
6d9a54c6 363 size_t secret_len = sizeof(secret);
ec4d1b8f
SL		 364 OSSL_PARAM_BLD *bld = NULL;
365 BN_CTX *bnctx = NULL;
366
367 OSSL_SELF_TEST_onbegin(st, OSSL_SELF_TEST_TYPE_KAT_KA, t->desc);
368
369 bnctx = BN_CTX_new_ex(libctx);
370 if (bnctx == NULL)
371 goto err;
372
373 bld = OSSL_PARAM_BLD_new();
374 if (bld == NULL)
375 goto err;
376
377 if (!add_params(bld, t->key_group, bnctx)
378 || !add_params(bld, t->key_host_data, bnctx))
379 goto err;
380 params = OSSL_PARAM_BLD_to_param(bld);
381
382 if (!add_params(bld, t->key_group, bnctx)
383 || !add_params(bld, t->key_peer_data, bnctx))
384 goto err;
385
386 params_peer = OSSL_PARAM_BLD_to_param(bld);
387 if (params == NULL || params_peer == NULL)
388 goto err;
389
390 /* Create a EVP_PKEY_CTX to load the DH keys into */
391 kactx = EVP_PKEY_CTX_new_from_name(libctx, t->algorithm, "");
392 if (kactx == NULL)
393 goto err;
2db985b7
SL		 394 if (EVP_PKEY_fromdata_init(kactx) <= 0
395 || EVP_PKEY_fromdata(kactx, &pkey, EVP_PKEY_KEYPAIR, params) <= 0)
ec4d1b8f 396 goto err;
2db985b7
SL		 397 if (EVP_PKEY_fromdata_init(kactx) <= 0
398 || EVP_PKEY_fromdata(kactx, &peerkey, EVP_PKEY_KEYPAIR, params_peer) <= 0)
ec4d1b8f
SL		 399 goto err;
400
401 /* Create a EVP_PKEY_CTX to perform key derivation */
402 dctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, NULL);
403 if (dctx == NULL)
404 goto err;
405
406 if (EVP_PKEY_derive_init(dctx) <= 0
407 || EVP_PKEY_derive_set_peer(dctx, peerkey) <= 0
408 || EVP_PKEY_derive(dctx, secret, &secret_len) <= 0)
409 goto err;
410
411 OSSL_SELF_TEST_oncorrupt_byte(st, secret);
412
413 if (secret_len != t->expected_len
414 || memcmp(secret, t->expected, t->expected_len) != 0)
415 goto err;
416 ret = 1;
417err:
418 BN_CTX_free(bnctx);
419 EVP_PKEY_free(pkey);
420 EVP_PKEY_free(peerkey);
421 EVP_PKEY_CTX_free(kactx);
422 EVP_PKEY_CTX_free(dctx);
3f883c7c
SL		 423 OSSL_PARAM_free(params_peer);
424 OSSL_PARAM_free(params);
ec4d1b8f
SL		 425 OSSL_PARAM_BLD_free(bld);
426 OSSL_SELF_TEST_onend(st, ret);
427 return ret;
428}
cbb85bda 429#endif /* !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC) */
ec4d1b8f
SL		 430
431static int self_test_sign(const ST_KAT_SIGN *t,
b4250010 432 OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx)
ec4d1b8f
SL		 433{
434 int ret = 0;
435 OSSL_PARAM *params = NULL, *params_sig = NULL;
436 OSSL_PARAM_BLD *bld = NULL;
437 EVP_PKEY_CTX *sctx = NULL, *kctx = NULL;
438 EVP_PKEY *pkey = NULL;
439 unsigned char sig[256];
440 BN_CTX *bnctx = NULL;
441 size_t siglen = 0;
442 static const unsigned char dgst[] = {
443 0x7f, 0x83, 0xb1, 0x65, 0x7f, 0xf1, 0xfc, 0x53, 0xb9, 0x2d, 0xc1, 0x81,
444 0x48, 0xa1, 0xd6, 0x5d, 0xfc, 0x2d, 0x4b, 0x1f, 0xa3, 0xd6, 0x77, 0x28,
445 0x4a, 0xdd, 0xd2, 0x00, 0x12, 0x6d, 0x90, 0x69
446 };
447
448 OSSL_SELF_TEST_onbegin(st, OSSL_SELF_TEST_TYPE_KAT_SIGNATURE, t->desc);
449
450 bnctx = BN_CTX_new_ex(libctx);
451 if (bnctx == NULL)
452 goto err;
453
454 bld = OSSL_PARAM_BLD_new();
455 if (bld == NULL)
456 goto err;
457
458 if (!add_params(bld, t->key, bnctx))
459 goto err;
460 params = OSSL_PARAM_BLD_to_param(bld);
461
462 /* Create a EVP_PKEY_CTX to load the DSA key into */
463 kctx = EVP_PKEY_CTX_new_from_name(libctx, t->algorithm, "");
464 if (kctx == NULL || params == NULL)
465 goto err;
2db985b7
SL		 466 if (EVP_PKEY_fromdata_init(kctx) <= 0
467 || EVP_PKEY_fromdata(kctx, &pkey, EVP_PKEY_KEYPAIR, params) <= 0)
ec4d1b8f
SL		 468 goto err;
469
470 /* Create a EVP_PKEY_CTX to use for the signing operation */
471 sctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, NULL);
472 if (sctx == NULL
473 || EVP_PKEY_sign_init(sctx) <= 0)
474 goto err;
475
476 /* set signature parameters */
477 if (!OSSL_PARAM_BLD_push_utf8_string(bld, OSSL_SIGNATURE_PARAM_DIGEST,
478 t->mdalgorithm,
479 strlen(t->mdalgorithm) + 1))
480 goto err;
481 params_sig = OSSL_PARAM_BLD_to_param(bld);
482 if (EVP_PKEY_CTX_set_params(sctx, params_sig) <= 0)
483 goto err;
484
485 if (EVP_PKEY_sign(sctx, sig, &siglen, dgst, sizeof(dgst)) <= 0
486 || EVP_PKEY_verify_init(sctx) <= 0
487 || EVP_PKEY_CTX_set_params(sctx, params_sig) <= 0)
488 goto err;
489
490 /*
491 * Used by RSA, for other key types where the signature changes, we
492 * can only use the verify.
493 */
494 if (t->sig_expected != NULL
495 && (siglen != t->sig_expected_len
496 || memcmp(sig, t->sig_expected, t->sig_expected_len) != 0))
497 goto err;
498
499 OSSL_SELF_TEST_oncorrupt_byte(st, sig);
500 if (EVP_PKEY_verify(sctx, sig, siglen, dgst, sizeof(dgst)) <= 0)
501 goto err;
502 ret = 1;
503err:
504 BN_CTX_free(bnctx);
505 EVP_PKEY_free(pkey);
506 EVP_PKEY_CTX_free(kctx);
507 EVP_PKEY_CTX_free(sctx);
3f883c7c
SL		 508 OSSL_PARAM_free(params);
509 OSSL_PARAM_free(params_sig);
ec4d1b8f
SL		 510 OSSL_PARAM_BLD_free(bld);
511 OSSL_SELF_TEST_onend(st, ret);
512 return ret;
513}
514
4343a418
SL		 515/*
516 * Test an encrypt or decrypt KAT..
517 *
518 * FIPS 140-2 IG D.9 states that separate KAT tests are needed for encrypt
519 * and decrypt..
520 */
521static int self_test_asym_cipher(const ST_KAT_ASYM_CIPHER *t, OSSL_SELF_TEST *st,
b4250010 522 OSSL_LIB_CTX *libctx)
4343a418
SL		 523{
524 int ret = 0;
525 OSSL_PARAM *keyparams = NULL, *initparams = NULL;
526 OSSL_PARAM_BLD *keybld = NULL, *initbld = NULL;
527 EVP_PKEY_CTX *encctx = NULL, *keyctx = NULL;
528 EVP_PKEY *key = NULL;
529 BN_CTX *bnctx = NULL;
530 unsigned char out[256];
531 size_t outlen = sizeof(out);
532
533 OSSL_SELF_TEST_onbegin(st, OSSL_SELF_TEST_TYPE_KAT_ASYM_CIPHER, t->desc);
534
535 bnctx = BN_CTX_new_ex(libctx);
536 if (bnctx == NULL)
537 goto err;
538
539 /* Load a public or private key from data */
540 keybld = OSSL_PARAM_BLD_new();
541 if (keybld == NULL
542 || !add_params(keybld, t->key, bnctx))
543 goto err;
544 keyparams = OSSL_PARAM_BLD_to_param(keybld);
545 keyctx = EVP_PKEY_CTX_new_from_name(libctx, t->algorithm, NULL);
546 if (keyctx == NULL || keyparams == NULL)
547 goto err;
2db985b7
SL		 548 if (EVP_PKEY_fromdata_init(keyctx) <= 0
549 || EVP_PKEY_fromdata(keyctx, &key, EVP_PKEY_KEYPAIR, keyparams) <= 0)
4343a418
SL		 550 goto err;
551
552 /* Create a EVP_PKEY_CTX to use for the encrypt or decrypt operation */
553 encctx = EVP_PKEY_CTX_new_from_pkey(libctx, key, NULL);
554 if (encctx == NULL
555 || (t->encrypt && EVP_PKEY_encrypt_init(encctx) <= 0)
556 || (!t->encrypt && EVP_PKEY_decrypt_init(encctx) <= 0))
557 goto err;
558
559 /* Add any additional parameters such as padding */
560 if (t->postinit != NULL) {
561 initbld = OSSL_PARAM_BLD_new();
562 if (initbld == NULL)
563 goto err;
564 if (!add_params(initbld, t->postinit, bnctx))
565 goto err;
566 initparams = OSSL_PARAM_BLD_to_param(initbld);
567 if (initparams == NULL)
568 goto err;
569 if (EVP_PKEY_CTX_set_params(encctx, initparams) <= 0)
570 goto err;
571 }
572
573 if (t->encrypt) {
574 if (EVP_PKEY_encrypt(encctx, out, &outlen,
575 t->in, t->in_len) <= 0)
576 goto err;
577 } else {
578 if (EVP_PKEY_decrypt(encctx, out, &outlen,
579 t->in, t->in_len) <= 0)
580 goto err;
581 }
582 /* Check the KAT */
583 OSSL_SELF_TEST_oncorrupt_byte(st, out);
584 if (outlen != t->expected_len
585 || memcmp(out, t->expected, t->expected_len) != 0)
586 goto err;
587
588 ret = 1;
589err:
590 BN_CTX_free(bnctx);
591 EVP_PKEY_free(key);
592 EVP_PKEY_CTX_free(encctx);
593 EVP_PKEY_CTX_free(keyctx);
3f883c7c 594 OSSL_PARAM_free(keyparams);
4343a418 595 OSSL_PARAM_BLD_free(keybld);
3f883c7c 596 OSSL_PARAM_free(initparams);
4343a418
SL		 597 OSSL_PARAM_BLD_free(initbld);
598 OSSL_SELF_TEST_onend(st, ret);
599 return ret;
600}
601
36fc5fc6
SL		 602/*
603 * Test a data driven list of KAT's for digest algorithms.
604 * All tests are run regardless of if they fail or not.
605 * Return 0 if any test fails.
606 */
b4250010 607static int self_test_digests(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx)
36fc5fc6
SL		 608{
609 int i, ret = 1;
610
611 for (i = 0; i < (int)OSSL_NELEM(st_kat_digest_tests); ++i) {
47c239c6 612 if (!self_test_digest(&st_kat_digest_tests[i], st, libctx))
36fc5fc6
SL		 613 ret = 0;
614 }
615 return ret;
616}
617
b4250010 618static int self_test_ciphers(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx)
36fc5fc6
SL		 619{
620 int i, ret = 1;
621
622 for (i = 0; i < (int)OSSL_NELEM(st_kat_cipher_tests); ++i) {
47c239c6 623 if (!self_test_cipher(&st_kat_cipher_tests[i], st, libctx))
36fc5fc6
SL		 624 ret = 0;
625 }
626 return ret;
627}
628
b4250010 629static int self_test_asym_ciphers(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx)
4343a418
SL		 630{
631 int i, ret = 1;
632
633 for (i = 0; i < (int)OSSL_NELEM(st_kat_asym_cipher_tests); ++i) {
634 if (!self_test_asym_cipher(&st_kat_asym_cipher_tests[i], st, libctx))
635 ret = 0;
636 }
637 return ret;
638}
639
b4250010 640static int self_test_kdfs(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx)
36fc5fc6
SL		 641{
642 int i, ret = 1;
643
644 for (i = 0; i < (int)OSSL_NELEM(st_kat_kdf_tests); ++i) {
47c239c6 645 if (!self_test_kdf(&st_kat_kdf_tests[i], st, libctx))
36fc5fc6
SL		 646 ret = 0;
647 }
648 return ret;
649}
650
b4250010 651static int self_test_drbgs(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx)
980a880e
SL		 652{
653 int i, ret = 1;
654
655 for (i = 0; i < (int)OSSL_NELEM(st_kat_drbg_tests); ++i) {
47c239c6 656 if (!self_test_drbg(&st_kat_drbg_tests[i], st, libctx))
980a880e
SL		 657 ret = 0;
658 }
659 return ret;
660}
661
b4250010 662static int self_test_kas(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx)
ec4d1b8f 663{
cbb85bda
MC		 664 int ret = 1;
665#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)
666 int i;
ec4d1b8f
SL		 667
668 for (i = 0; i < (int)OSSL_NELEM(st_kat_kas_tests); ++i) {
669 if (!self_test_ka(&st_kat_kas_tests[i], st, libctx))
670 ret = 0;
671 }
cbb85bda
MC		 672#endif
673
ec4d1b8f
SL		 674 return ret;
675}
676
b4250010 677static int self_test_signatures(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx)
ec4d1b8f
SL		 678{
679 int i, ret = 1;
680
681 for (i = 0; i < (int)OSSL_NELEM(st_kat_sign_tests); ++i) {
682 if (!self_test_sign(&st_kat_sign_tests[i], st, libctx))
683 ret = 0;
684 }
685 return ret;
686}
687
36fc5fc6
SL		 688/*
689 * Run the algorithm KAT's.
690 * Return 1 is successful, otherwise return 0.
691 * This runs all the tests regardless of if any fail.
36fc5fc6 692 */
b4250010 693int SELF_TEST_kats(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx)
36fc5fc6
SL		 694{
695 int ret = 1;
696
47c239c6 697 if (!self_test_digests(st, libctx))
36fc5fc6 698 ret = 0;
47c239c6 699 if (!self_test_ciphers(st, libctx))
36fc5fc6 700 ret = 0;
ec4d1b8f
SL		 701 if (!self_test_signatures(st, libctx))
702 ret = 0;
47c239c6 703 if (!self_test_kdfs(st, libctx))
36fc5fc6 704 ret = 0;
47c239c6 705 if (!self_test_drbgs(st, libctx))
980a880e 706 ret = 0;
ec4d1b8f
SL		 707 if (!self_test_kas(st, libctx))
708 ret = 0;
4343a418
SL		 709 if (!self_test_asym_ciphers(st, libctx))
710 ret = 0;
36fc5fc6
SL		 711
712 return ret;
713}
A mirror of the official openssl repository