]> git.ipfire.org Git - thirdparty/openssl.git/blob - test/acvp_test.c
projects / thirdparty / openssl.git / blob
? search:


84009193c2b05039a9f0cb37d68702d7c8f8eeda
[thirdparty/openssl.git] / test / acvp_test.c
1 /*
2 * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 /*
11 * A set of tests demonstrating uses cases for CAVS/ACVP testing.
12 *
13 * For examples of testing KDF's, Digests, KeyAgreement & DRBG's refer to
14 * providers/fips/self_test_kats.c
15 */
16
17 #include <string.h>
18 #include <openssl/opensslconf.h> /* To see if OPENSSL_NO_EC is defined */
19 #include <openssl/core_names.h>
20 #include <openssl/evp.h>
21 #include <openssl/ec.h>
22 #include <openssl/dh.h>
23 #include <openssl/dsa.h>
24 #include <openssl/rsa.h>
25 #include <openssl/param_build.h>
26 #include <openssl/provider.h>
27 #include <openssl/self_test.h>
28 #include "testutil.h"
29 #include "testutil/output.h"
30 #include "acvp_test.inc"
31 #include "internal/nelem.h"
32
33 typedef enum OPTION_choice {
34 OPT_ERR = -1,
35 OPT_EOF = 0,
36 OPT_CONFIG_FILE,
37 OPT_TEST_ENUM
38 } OPTION_CHOICE;
39
40 typedef struct st_args {
41 int enable;
42 int called;
43 } SELF_TEST_ARGS;
44
45 static OSSL_PROVIDER *prov_null = NULL;
46 static OSSL_LIB_CTX *libctx = NULL;
47 static SELF_TEST_ARGS self_test_args = { 0 };
48 static OSSL_CALLBACK self_test_events;
49
50 const OPTIONS *test_get_options(void)
51 {
52 static const OPTIONS test_options[] = {
53 OPT_TEST_OPTIONS_DEFAULT_USAGE,
54 { "config", OPT_CONFIG_FILE, '<',
55 "The configuration file to use for the libctx" },
56 { NULL }
57 };
58 return test_options;
59 }
60
61 static int pkey_get_bn_bytes(EVP_PKEY *pkey, const char *name,
62 unsigned char **out, size_t *out_len)
63 {
64 unsigned char *buf = NULL;
65 BIGNUM *bn = NULL;
66 int sz;
67
68 if (!EVP_PKEY_get_bn_param(pkey, name, &bn))
69 goto err;
70 sz = BN_num_bytes(bn);
71 buf = OPENSSL_zalloc(sz);
72 if (buf == NULL)
73 goto err;
74 if (!BN_bn2binpad(bn, buf, sz))
75 goto err;
76
77 *out_len = sz;
78 *out = buf;
79 BN_free(bn);
80 return 1;
81 err:
82 OPENSSL_free(buf);
83 BN_free(bn);
84 return 0;
85 }
86
87 static int sig_gen(EVP_PKEY *pkey, OSSL_PARAM *params, const char *digest_name,
88 const unsigned char *msg, size_t msg_len,
89 unsigned char **sig_out, size_t *sig_out_len)
90 {
91 int ret = 0;
92 EVP_MD_CTX *md_ctx = NULL;
93 unsigned char *sig = NULL;
94 size_t sig_len;
95 size_t sz = EVP_PKEY_size(pkey);
96
97 if (!TEST_ptr(sig = OPENSSL_malloc(sz))
98 || !TEST_ptr(md_ctx = EVP_MD_CTX_new())
99 || !TEST_int_eq(EVP_DigestSignInit_ex(md_ctx, NULL, digest_name, libctx,
100 NULL, pkey, NULL), 1)
101 || !TEST_int_gt(EVP_DigestSign(md_ctx, sig, &sig_len, msg, msg_len), 0))
102 goto err;
103 *sig_out = sig;
104 *sig_out_len = sig_len;
105 sig = NULL;
106 ret = 1;
107 err:
108 OPENSSL_free(sig);
109 EVP_MD_CTX_free(md_ctx);
110 return ret;
111 }
112
113 #ifndef OPENSSL_NO_EC
114 static int ecdsa_keygen_test(int id)
115 {
116 int ret = 0;
117 EVP_PKEY *pkey = NULL;
118 unsigned char *priv = NULL;
119 unsigned char *pubx = NULL, *puby = NULL;
120 size_t priv_len = 0, pubx_len = 0, puby_len = 0;
121 const struct ecdsa_keygen_st *tst = &ecdsa_keygen_data[id];
122
123 self_test_args.called = 0;
124 self_test_args.enable = 1;
125 if (!TEST_ptr(pkey = EVP_PKEY_Q_keygen(libctx, NULL, "EC", tst->curve_name))
126 || !TEST_int_ge(self_test_args.called, 3)
127 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_PRIV_KEY, &priv,
128 &priv_len))
129 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_EC_PUB_X, &pubx,
130 &pubx_len))
131 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_EC_PUB_Y, &puby,
132 &puby_len)))
133 goto err;
134
135 test_output_memory("qy", puby, puby_len);
136 test_output_memory("qx", pubx, pubx_len);
137 test_output_memory("d", priv, priv_len);
138 ret = 1;
139 err:
140 self_test_args.enable = 0;
141 self_test_args.called = 0;
142 OPENSSL_clear_free(priv, priv_len);
143 OPENSSL_free(pubx);
144 OPENSSL_free(puby);
145 EVP_PKEY_free(pkey);
146 return ret;
147 }
148
149 static int ecdsa_create_pkey(EVP_PKEY **pkey, const char *curve_name,
150 const unsigned char *pub, size_t pub_len,
151 int expected)
152 {
153 int ret = 0;
154 EVP_PKEY_CTX *ctx = NULL;
155 OSSL_PARAM_BLD *bld = NULL;
156 OSSL_PARAM *params = NULL;
157
158 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
159 || (curve_name != NULL
160 && !TEST_true(OSSL_PARAM_BLD_push_utf8_string(
161 bld, OSSL_PKEY_PARAM_GROUP_NAME, curve_name, 0) > 0))
162 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
163 OSSL_PKEY_PARAM_PUB_KEY,
164 pub, pub_len) > 0)
165 || !TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
166 || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "EC", NULL))
167 || !TEST_true(EVP_PKEY_fromdata_init(ctx))
168 || !TEST_int_eq(EVP_PKEY_fromdata(ctx, pkey, EVP_PKEY_PUBLIC_KEY,
169 params), expected))
170 goto err;
171
172 ret = 1;
173 err:
174 OSSL_PARAM_free(params);
175 OSSL_PARAM_BLD_free(bld);
176 EVP_PKEY_CTX_free(ctx);
177 return ret;
178 }
179
180 static int ecdsa_pub_verify_test(int id)
181 {
182 const struct ecdsa_pub_verify_st *tst = &ecdsa_pv_data[id];
183
184 int ret = 0;
185 EVP_PKEY_CTX *key_ctx = NULL;
186 EVP_PKEY *pkey = NULL;
187
188 if (!TEST_true(ecdsa_create_pkey(&pkey, tst->curve_name,
189 tst->pub, tst->pub_len, tst->pass)))
190 goto err;
191
192 if (tst->pass) {
193 if (!TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, ""))
194 || !TEST_int_eq(EVP_PKEY_public_check(key_ctx), tst->pass))
195 goto err;
196 }
197 ret = 1;
198 err:
199 EVP_PKEY_free(pkey);
200 EVP_PKEY_CTX_free(key_ctx);
201 return ret;
202 }
203
204 /* Extract r and s from an ecdsa signature */
205 static int get_ecdsa_sig_rs_bytes(const unsigned char *sig, size_t sig_len,
206 unsigned char **r, unsigned char **s,
207 size_t *rlen, size_t *slen)
208 {
209 int ret = 0;
210 unsigned char *rbuf = NULL, *sbuf = NULL;
211 size_t r1_len, s1_len;
212 const BIGNUM *r1, *s1;
213 ECDSA_SIG *sign = d2i_ECDSA_SIG(NULL, &sig, sig_len);
214
215 if (sign == NULL)
216 return 0;
217 r1 = ECDSA_SIG_get0_r(sign);
218 s1 = ECDSA_SIG_get0_s(sign);
219 if (r1 == NULL || s1 == NULL)
220 return 0;
221
222 r1_len = BN_num_bytes(r1);
223 s1_len = BN_num_bytes(s1);
224 rbuf = OPENSSL_zalloc(r1_len);
225 sbuf = OPENSSL_zalloc(s1_len);
226 if (rbuf == NULL || sbuf == NULL)
227 goto err;
228 if (BN_bn2binpad(r1, rbuf, r1_len) <= 0)
229 goto err;
230 if (BN_bn2binpad(s1, sbuf, s1_len) <= 0)
231 goto err;
232 *r = rbuf;
233 *s = sbuf;
234 *rlen = r1_len;
235 *slen = s1_len;
236 ret = 1;
237 err:
238 if (ret == 0) {
239 OPENSSL_free(rbuf);
240 OPENSSL_free(sbuf);
241 }
242 ECDSA_SIG_free(sign);
243 return ret;
244 }
245
246 static int ecdsa_siggen_test(int id)
247 {
248 int ret = 0;
249 EVP_PKEY *pkey = NULL;
250 size_t sig_len = 0, rlen = 0, slen = 0;
251 unsigned char *sig = NULL;
252 unsigned char *r = NULL, *s = NULL;
253 const struct ecdsa_siggen_st *tst = &ecdsa_siggen_data[id];
254
255 if (!TEST_ptr(pkey = EVP_PKEY_Q_keygen(libctx, NULL, "EC", tst->curve_name)))
256 goto err;
257
258 if (!TEST_true(sig_gen(pkey, NULL, tst->digest_alg, tst->msg, tst->msg_len,
259 &sig, &sig_len))
260 || !TEST_true(get_ecdsa_sig_rs_bytes(sig, sig_len, &r, &s, &rlen, &slen)))
261 goto err;
262 test_output_memory("r", r, rlen);
263 test_output_memory("s", s, slen);
264 ret = 1;
265 err:
266 OPENSSL_free(r);
267 OPENSSL_free(s);
268 OPENSSL_free(sig);
269 EVP_PKEY_free(pkey);
270 return ret;
271 }
272
273 static int ecdsa_sigver_test(int id)
274 {
275 int ret = 0;
276 EVP_MD_CTX *md_ctx = NULL;
277 EVP_PKEY *pkey = NULL;
278 ECDSA_SIG *sign = NULL;
279 size_t sig_len;
280 unsigned char *sig = NULL;
281 BIGNUM *rbn = NULL, *sbn = NULL;
282 const struct ecdsa_sigver_st *tst = &ecdsa_sigver_data[id];
283
284 if (!TEST_true(ecdsa_create_pkey(&pkey, tst->curve_name,
285 tst->pub, tst->pub_len, 1)))
286 goto err;
287
288 if (!TEST_ptr(sign = ECDSA_SIG_new())
289 || !TEST_ptr(rbn = BN_bin2bn(tst->r, tst->r_len, NULL))
290 || !TEST_ptr(sbn = BN_bin2bn(tst->s, tst->s_len, NULL))
291 || !TEST_true(ECDSA_SIG_set0(sign, rbn, sbn)))
292 goto err;
293 rbn = sbn = NULL;
294
295 ret = TEST_int_gt((sig_len = i2d_ECDSA_SIG(sign, &sig)), 0)
296 && TEST_ptr(md_ctx = EVP_MD_CTX_new())
297 && TEST_true(EVP_DigestVerifyInit_ex(md_ctx, NULL, tst->digest_alg,
298 libctx, NULL, pkey, NULL)
299 && TEST_int_eq(EVP_DigestVerify(md_ctx, sig, sig_len,
300 tst->msg, tst->msg_len), tst->pass));
301 err:
302 BN_free(rbn);
303 BN_free(sbn);
304 OPENSSL_free(sig);
305 ECDSA_SIG_free(sign);
306 EVP_PKEY_free(pkey);
307 EVP_MD_CTX_free(md_ctx);
308 return ret;
309
310 }
311 #endif /* OPENSSL_NO_EC */
312
313 #ifndef OPENSSL_NO_DSA
314 static int pkey_get_octet_bytes(EVP_PKEY *pkey, const char *name,
315 unsigned char **out, size_t *out_len)
316 {
317 size_t len = 0;
318 unsigned char *buf = NULL;
319
320 if (!EVP_PKEY_get_octet_string_param(pkey, name, NULL, 0, &len))
321 goto err;
322
323 buf = OPENSSL_zalloc(len);
324 if (buf == NULL)
325 goto err;
326
327 if (!EVP_PKEY_get_octet_string_param(pkey, name, buf, len, out_len))
328 goto err;
329 *out = buf;
330 return 1;
331 err:
332 OPENSSL_free(buf);
333 return 0;
334 }
335
336 static EVP_PKEY *dsa_paramgen(int L, int N)
337 {
338 EVP_PKEY_CTX *paramgen_ctx = NULL;
339 EVP_PKEY *param_key = NULL;
340
341 if (!TEST_ptr(paramgen_ctx = EVP_PKEY_CTX_new_from_name(libctx, "DSA", NULL))
342 || !TEST_true(EVP_PKEY_paramgen_init(paramgen_ctx))
343 || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_bits(paramgen_ctx, L))
344 || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_q_bits(paramgen_ctx, N))
345 || !TEST_true(EVP_PKEY_paramgen(paramgen_ctx, &param_key)))
346 return NULL;
347 EVP_PKEY_CTX_free(paramgen_ctx);
348 return param_key;
349 }
350
351 static EVP_PKEY *dsa_keygen(int L, int N)
352 {
353 EVP_PKEY *param_key = NULL, *key = NULL;
354 EVP_PKEY_CTX *keygen_ctx = NULL;
355
356 if (!TEST_ptr(param_key = dsa_paramgen(L, N))
357 || !TEST_ptr(keygen_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, param_key,
358 NULL))
359 || !TEST_int_gt(EVP_PKEY_keygen_init(keygen_ctx), 0)
360 || !TEST_int_gt(EVP_PKEY_keygen(keygen_ctx, &key), 0))
361 goto err;
362 err:
363 EVP_PKEY_free(param_key);
364 EVP_PKEY_CTX_free(keygen_ctx);
365 return key;
366 }
367
368 static int dsa_keygen_test(int id)
369 {
370 int ret = 0, i;
371 EVP_PKEY_CTX *paramgen_ctx = NULL, *keygen_ctx = NULL;
372 EVP_PKEY *param_key = NULL, *key = NULL;
373 unsigned char *priv = NULL, *pub = NULL;
374 size_t priv_len = 0, pub_len = 0;
375 const struct dsa_paramgen_st *tst = &dsa_keygen_data[id];
376
377 if (!TEST_ptr(param_key = dsa_paramgen(tst->L, tst->N))
378 || !TEST_ptr(keygen_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, param_key,
379 NULL))
380 || !TEST_int_gt(EVP_PKEY_keygen_init(keygen_ctx), 0))
381 goto err;
382 for (i = 0; i < 2; ++i) {
383 if (!TEST_int_gt(EVP_PKEY_keygen(keygen_ctx, &key), 0)
384 || !TEST_true(pkey_get_bn_bytes(key, OSSL_PKEY_PARAM_PRIV_KEY,
385 &priv, &priv_len))
386 || !TEST_true(pkey_get_bn_bytes(key, OSSL_PKEY_PARAM_PUB_KEY,
387 &pub, &pub_len)))
388 goto err;
389 test_output_memory("y", pub, pub_len);
390 test_output_memory("x", priv, priv_len);
391 EVP_PKEY_free(key);
392 OPENSSL_clear_free(priv, priv_len);
393 OPENSSL_free(pub);
394 key = NULL;
395 pub = priv = NULL;
396 }
397 ret = 1;
398 err:
399 OPENSSL_clear_free(priv, priv_len);
400 OPENSSL_free(pub);
401 EVP_PKEY_free(param_key);
402 EVP_PKEY_free(key);
403 EVP_PKEY_CTX_free(keygen_ctx);
404 EVP_PKEY_CTX_free(paramgen_ctx);
405 return ret;
406 }
407
408 static int dsa_paramgen_test(int id)
409 {
410 int ret = 0, counter = 0;
411 EVP_PKEY_CTX *paramgen_ctx = NULL;
412 EVP_PKEY *param_key = NULL;
413 unsigned char *p = NULL, *q = NULL, *seed = NULL;
414 size_t plen = 0, qlen = 0, seedlen = 0;
415 const struct dsa_paramgen_st *tst = &dsa_paramgen_data[id];
416
417 if (!TEST_ptr(paramgen_ctx = EVP_PKEY_CTX_new_from_name(libctx, "DSA", NULL))
418 || !TEST_true(EVP_PKEY_paramgen_init(paramgen_ctx))
419 || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_bits(paramgen_ctx, tst->L))
420 || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_q_bits(paramgen_ctx, tst->N))
421 || !TEST_true(EVP_PKEY_paramgen(paramgen_ctx, &param_key))
422 || !TEST_true(pkey_get_bn_bytes(param_key, OSSL_PKEY_PARAM_FFC_P,
423 &p, &plen))
424 || !TEST_true(pkey_get_bn_bytes(param_key, OSSL_PKEY_PARAM_FFC_Q,
425 &q, &qlen))
426 || !TEST_true(pkey_get_octet_bytes(param_key, OSSL_PKEY_PARAM_FFC_SEED,
427 &seed, &seedlen))
428 || !TEST_true(EVP_PKEY_get_int_param(param_key,
429 OSSL_PKEY_PARAM_FFC_PCOUNTER,
430 &counter)))
431 goto err;
432
433 test_output_memory("p", p, plen);
434 test_output_memory("q", q, qlen);
435 test_output_memory("domainSeed", seed, seedlen);
436 test_printf_stderr("%s: %d\n", "counter", counter);
437 ret = 1;
438 err:
439 OPENSSL_free(p);
440 OPENSSL_free(q);
441 OPENSSL_free(seed);
442 EVP_PKEY_free(param_key);
443 EVP_PKEY_CTX_free(paramgen_ctx);
444 return ret;
445 }
446
447 static int dsa_create_pkey(EVP_PKEY **pkey,
448 const unsigned char *p, size_t p_len,
449 const unsigned char *q, size_t q_len,
450 const unsigned char *g, size_t g_len,
451 const unsigned char *seed, size_t seed_len,
452 int counter,
453 int validate_pq, int validate_g,
454 const unsigned char *pub, size_t pub_len,
455 BN_CTX *bn_ctx)
456 {
457 int ret = 0;
458 EVP_PKEY_CTX *ctx = NULL;
459 OSSL_PARAM_BLD *bld = NULL;
460 OSSL_PARAM *params = NULL;
461 BIGNUM *p_bn = NULL, *q_bn = NULL, *g_bn = NULL, *pub_bn = NULL;
462
463 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
464 || !TEST_ptr(p_bn = BN_CTX_get(bn_ctx))
465 || !TEST_ptr(BN_bin2bn(p, p_len, p_bn))
466 || !TEST_true(OSSL_PARAM_BLD_push_int(bld,
467 OSSL_PKEY_PARAM_FFC_VALIDATE_PQ,
468 validate_pq))
469 || !TEST_true(OSSL_PARAM_BLD_push_int(bld,
470 OSSL_PKEY_PARAM_FFC_VALIDATE_G,
471 validate_g))
472 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p_bn))
473 || !TEST_ptr(q_bn = BN_CTX_get(bn_ctx))
474 || !TEST_ptr(BN_bin2bn(q, q_len, q_bn))
475 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q_bn)))
476 goto err;
477
478 if (g != NULL) {
479 if (!TEST_ptr(g_bn = BN_CTX_get(bn_ctx))
480 || !TEST_ptr(BN_bin2bn(g, g_len, g_bn))
481 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld,
482 OSSL_PKEY_PARAM_FFC_G, g_bn)))
483 goto err;
484 }
485 if (seed != NULL) {
486 if (!TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
487 OSSL_PKEY_PARAM_FFC_SEED, seed, seed_len)))
488 goto err;
489 }
490 if (counter != -1) {
491 if (!TEST_true(OSSL_PARAM_BLD_push_int(bld,
492 OSSL_PKEY_PARAM_FFC_PCOUNTER,
493 counter)))
494 goto err;
495 }
496 if (pub != NULL) {
497 if (!TEST_ptr(pub_bn = BN_CTX_get(bn_ctx))
498 || !TEST_ptr(BN_bin2bn(pub, pub_len, pub_bn))
499 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld,
500 OSSL_PKEY_PARAM_PUB_KEY,
501 pub_bn)))
502 goto err;
503 }
504 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
505 || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "DSA", NULL))
506 || !TEST_true(EVP_PKEY_fromdata_init(ctx))
507 || !TEST_true(EVP_PKEY_fromdata(ctx, pkey, EVP_PKEY_PUBLIC_KEY, params)))
508 goto err;
509
510 ret = 1;
511 err:
512 OSSL_PARAM_free(params);
513 OSSL_PARAM_BLD_free(bld);
514 EVP_PKEY_CTX_free(ctx);
515 return ret;
516 }
517
518 static int dsa_pqver_test(int id)
519 {
520 int ret = 0;
521 BN_CTX *bn_ctx = NULL;
522 EVP_PKEY_CTX *key_ctx = NULL;
523 EVP_PKEY *param_key = NULL;
524 const struct dsa_pqver_st *tst = &dsa_pqver_data[id];
525
526 if (!TEST_ptr(bn_ctx = BN_CTX_new_ex(libctx))
527 || !TEST_true(dsa_create_pkey(&param_key, tst->p, tst->p_len,
528 tst->q, tst->q_len, NULL, 0,
529 tst->seed, tst->seed_len, tst->counter,
530 1, 0,
531 NULL, 0,
532 bn_ctx))
533 || !TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, param_key,
534 NULL))
535 || !TEST_int_eq(EVP_PKEY_param_check(key_ctx), tst->pass))
536 goto err;
537
538 ret = 1;
539 err:
540 BN_CTX_free(bn_ctx);
541 EVP_PKEY_free(param_key);
542 EVP_PKEY_CTX_free(key_ctx);
543 return ret;
544 }
545
546 /* Extract r and s from a dsa signature */
547 static int get_dsa_sig_rs_bytes(const unsigned char *sig, size_t sig_len,
548 unsigned char **r, unsigned char **s,
549 size_t *r_len, size_t *s_len)
550 {
551 int ret = 0;
552 unsigned char *rbuf = NULL, *sbuf = NULL;
553 size_t r1_len, s1_len;
554 const BIGNUM *r1, *s1;
555 DSA_SIG *sign = d2i_DSA_SIG(NULL, &sig, sig_len);
556
557 if (sign == NULL)
558 return 0;
559 DSA_SIG_get0(sign, &r1, &s1);
560 if (r1 == NULL || s1 == NULL)
561 return 0;
562
563 r1_len = BN_num_bytes(r1);
564 s1_len = BN_num_bytes(s1);
565 rbuf = OPENSSL_zalloc(r1_len);
566 sbuf = OPENSSL_zalloc(s1_len);
567 if (rbuf == NULL || sbuf == NULL)
568 goto err;
569 if (BN_bn2binpad(r1, rbuf, r1_len) <= 0)
570 goto err;
571 if (BN_bn2binpad(s1, sbuf, s1_len) <= 0)
572 goto err;
573 *r = rbuf;
574 *s = sbuf;
575 *r_len = r1_len;
576 *s_len = s1_len;
577 ret = 1;
578 err:
579 if (ret == 0) {
580 OPENSSL_free(rbuf);
581 OPENSSL_free(sbuf);
582 }
583 DSA_SIG_free(sign);
584 return ret;
585 }
586
587 static int dsa_siggen_test(int id)
588 {
589 int ret = 0;
590 EVP_PKEY *pkey = NULL;
591 unsigned char *sig = NULL, *r = NULL, *s = NULL;
592 size_t sig_len = 0, rlen = 0, slen = 0;
593 const struct dsa_siggen_st *tst = &dsa_siggen_data[id];
594
595 if (!TEST_ptr(pkey = dsa_keygen(tst->L, tst->N)))
596 goto err;
597
598 if (!TEST_true(sig_gen(pkey, NULL, tst->digest_alg, tst->msg, tst->msg_len,
599 &sig, &sig_len))
600 || !TEST_true(get_dsa_sig_rs_bytes(sig, sig_len, &r, &s, &rlen, &slen)))
601 goto err;
602 test_output_memory("r", r, rlen);
603 test_output_memory("s", s, slen);
604 ret = 1;
605 err:
606 OPENSSL_free(r);
607 OPENSSL_free(s);
608 OPENSSL_free(sig);
609 EVP_PKEY_free(pkey);
610 return ret;
611 }
612
613 static int dsa_sigver_test(int id)
614 {
615 int ret = 0;
616 EVP_PKEY_CTX *ctx = NULL;
617 EVP_PKEY *pkey = NULL;
618 DSA_SIG *sign = NULL;
619 size_t sig_len;
620 unsigned char *sig = NULL;
621 BIGNUM *rbn = NULL, *sbn = NULL;
622 EVP_MD *md = NULL;
623 unsigned char digest[EVP_MAX_MD_SIZE];
624 unsigned int digest_len;
625 BN_CTX *bn_ctx = NULL;
626 const struct dsa_sigver_st *tst = &dsa_sigver_data[id];
627
628 if (!TEST_ptr(bn_ctx = BN_CTX_new())
629 || !TEST_true(dsa_create_pkey(&pkey, tst->p, tst->p_len,
630 tst->q, tst->q_len, tst->g, tst->g_len,
631 NULL, 0, 0, 0, 0, tst->pub, tst->pub_len,
632 bn_ctx)))
633 goto err;
634
635 if (!TEST_ptr(sign = DSA_SIG_new())
636 || !TEST_ptr(rbn = BN_bin2bn(tst->r, tst->r_len, NULL))
637 || !TEST_ptr(sbn = BN_bin2bn(tst->s, tst->s_len, NULL))
638 || !TEST_true(DSA_SIG_set0(sign, rbn, sbn)))
639 goto err;
640 rbn = sbn = NULL;
641
642 if (!TEST_ptr(md = EVP_MD_fetch(libctx, tst->digest_alg, ""))
643 || !TEST_true(EVP_Digest(tst->msg, tst->msg_len,
644 digest, &digest_len, md, NULL)))
645 goto err;
646
647 if (!TEST_int_gt((sig_len = i2d_DSA_SIG(sign, &sig)), 0)
648 || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, ""))
649 || !TEST_int_gt(EVP_PKEY_verify_init(ctx), 0)
650 || !TEST_int_eq(EVP_PKEY_verify(ctx, sig, sig_len, digest, digest_len),
651 tst->pass))
652 goto err;
653 ret = 1;
654 err:
655 EVP_PKEY_CTX_free(ctx);
656 OPENSSL_free(sig);
657 EVP_MD_free(md);
658 DSA_SIG_free(sign);
659 EVP_PKEY_free(pkey);
660 BN_free(rbn);
661 BN_free(sbn);
662 BN_CTX_free(bn_ctx);
663 return ret;
664 }
665 #endif /* OPENSSL_NO_DSA */
666
667
668 /* cipher encrypt/decrypt */
669 static int cipher_enc(const char *alg,
670 const unsigned char *pt, size_t pt_len,
671 const unsigned char *key, size_t key_len,
672 const unsigned char *iv, size_t iv_len,
673 const unsigned char *ct, size_t ct_len,
674 int enc)
675 {
676 int ret = 0, out_len = 0, len = 0;
677 EVP_CIPHER_CTX *ctx = NULL;
678 EVP_CIPHER *cipher = NULL;
679 unsigned char out[256] = { 0 };
680
681 TEST_note("%s : %s", alg, enc ? "encrypt" : "decrypt");
682 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
683 || !TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, alg, ""))
684 || !TEST_true(EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, enc))
685 || !TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))
686 || !TEST_true(EVP_CipherUpdate(ctx, out, &len, pt, pt_len))
687 || !TEST_true(EVP_CipherFinal_ex(ctx, out + len, &out_len)))
688 goto err;
689 out_len += len;
690 if (!TEST_mem_eq(out, out_len, ct, ct_len))
691 goto err;
692 ret = 1;
693 err:
694 EVP_CIPHER_free(cipher);
695 EVP_CIPHER_CTX_free(ctx);
696 return ret;
697 }
698
699 static int cipher_enc_dec_test(int id)
700 {
701 const struct cipher_st *tst = &cipher_enc_data[id];
702 const int enc = 1;
703
704 return TEST_true(cipher_enc(tst->alg, tst->pt, tst->pt_len,
705 tst->key, tst->key_len,
706 tst->iv, tst->iv_len,
707 tst->ct, tst->ct_len, enc))
708 && TEST_true(cipher_enc(tst->alg, tst->ct, tst->ct_len,
709 tst->key, tst->key_len,
710 tst->iv, tst->iv_len,
711 tst->pt, tst->pt_len, !enc));
712 }
713
714 static int aes_ccm_enc_dec(const char *alg,
715 const unsigned char *pt, size_t pt_len,
716 const unsigned char *key, size_t key_len,
717 const unsigned char *iv, size_t iv_len,
718 const unsigned char *aad, size_t aad_len,
719 const unsigned char *ct, size_t ct_len,
720 const unsigned char *tag, size_t tag_len,
721 int enc, int pass)
722 {
723 int ret = 0;
724 EVP_CIPHER_CTX *ctx;
725 EVP_CIPHER *cipher = NULL;
726 int out_len, len;
727 unsigned char out[1024];
728
729 TEST_note("%s : %s : expected to %s", alg, enc ? "encrypt" : "decrypt",
730 pass ? "pass" : "fail");
731
732 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
733 || !TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, alg, ""))
734 || !TEST_true(EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc))
735 || !TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, iv_len,
736 NULL))
737 || !TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, tag_len,
738 enc ? NULL : (void *)tag))
739 || !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, enc))
740 || !TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))
741 || !TEST_true(EVP_CipherUpdate(ctx, NULL, &len, NULL, pt_len))
742 || !TEST_true(EVP_CipherUpdate(ctx, NULL, &len, aad, aad_len))
743 || !TEST_int_eq(EVP_CipherUpdate(ctx, out, &len, pt, pt_len), pass))
744 goto err;
745
746 if (!pass) {
747 ret = 1;
748 goto err;
749 }
750 if (!TEST_true(EVP_CipherFinal_ex(ctx, out + len, &out_len)))
751 goto err;
752 if (enc) {
753 out_len += len;
754 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG,
755 tag_len, out + out_len))
756 || !TEST_mem_eq(out, out_len, ct, ct_len)
757 || !TEST_mem_eq(out + out_len, tag_len, tag, tag_len))
758 goto err;
759 } else {
760 if (!TEST_mem_eq(out, out_len + len, ct, ct_len))
761 goto err;
762 }
763
764 ret = 1;
765 err:
766 EVP_CIPHER_free(cipher);
767 EVP_CIPHER_CTX_free(ctx);
768 return ret;
769 }
770
771 static int aes_ccm_enc_dec_test(int id)
772 {
773 const struct cipher_ccm_st *tst = &aes_ccm_enc_data[id];
774
775 /* The tag is on the end of the cipher text */
776 const size_t tag_len = tst->ct_len - tst->pt_len;
777 const size_t ct_len = tst->ct_len - tag_len;
778 const unsigned char *tag = tst->ct + ct_len;
779 const int enc = 1;
780 const int pass = 1;
781
782 if (ct_len < 1)
783 return 0;
784
785 return aes_ccm_enc_dec(tst->alg, tst->pt, tst->pt_len,
786 tst->key, tst->key_len,
787 tst->iv, tst->iv_len, tst->aad, tst->aad_len,
788 tst->ct, ct_len, tag, tag_len, enc, pass)
789 && aes_ccm_enc_dec(tst->alg, tst->ct, ct_len,
790 tst->key, tst->key_len,
791 tst->iv, tst->iv_len, tst->aad, tst->aad_len,
792 tst->pt, tst->pt_len, tag, tag_len, !enc, pass)
793 /* test that it fails if the tag is incorrect */
794 && aes_ccm_enc_dec(tst->alg, tst->ct, ct_len,
795 tst->key, tst->key_len,
796 tst->iv, tst->iv_len, tst->aad, tst->aad_len,
797 tst->pt, tst->pt_len,
798 tag - 1, tag_len, !enc, !pass);
799 }
800
801 static int aes_gcm_enc_dec(const char *alg,
802 const unsigned char *pt, size_t pt_len,
803 const unsigned char *key, size_t key_len,
804 const unsigned char *iv, size_t iv_len,
805 const unsigned char *aad, size_t aad_len,
806 const unsigned char *ct, size_t ct_len,
807 const unsigned char *tag, size_t tag_len,
808 int enc, int pass)
809 {
810 int ret = 0;
811 EVP_CIPHER_CTX *ctx;
812 EVP_CIPHER *cipher = NULL;
813 int out_len, len;
814 unsigned char out[1024];
815
816 TEST_note("%s : %s : expected to %s", alg, enc ? "encrypt" : "decrypt",
817 pass ? "pass" : "fail");
818
819 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
820 || !TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, alg, ""))
821 || !TEST_true(EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc))
822 || !TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, iv_len,
823 NULL)))
824 goto err;
825
826 if (!enc) {
827 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, tag_len,
828 (void *)tag)))
829 goto err;
830 }
831 /*
832 * For testing purposes the IV it being set here. In a compliant application
833 * the IV would be generated internally. A fake entropy source could also
834 * be used to feed in the random IV bytes (see fake_random.c)
835 */
836 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, enc))
837 || !TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))
838 || !TEST_true(EVP_CipherUpdate(ctx, NULL, &len, aad, aad_len))
839 || !TEST_true(EVP_CipherUpdate(ctx, out, &len, pt, pt_len)))
840 goto err;
841
842 if (!TEST_int_eq(EVP_CipherFinal_ex(ctx, out + len, &out_len), pass))
843 goto err;
844 if (!pass) {
845 ret = 1;
846 goto err;
847 }
848 out_len += len;
849 if (enc) {
850 if (!TEST_mem_eq(out, out_len, ct, ct_len)
851 || !TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG,
852 tag_len, out + out_len))
853 || !TEST_mem_eq(out + out_len, tag_len, tag, tag_len))
854 goto err;
855 } else {
856 if (!TEST_mem_eq(out, out_len, ct, ct_len))
857 goto err;
858 }
859
860 ret = 1;
861 err:
862 EVP_CIPHER_free(cipher);
863 EVP_CIPHER_CTX_free(ctx);
864 return ret;
865 }
866
867 static int aes_gcm_enc_dec_test(int id)
868 {
869 const struct cipher_gcm_st *tst = &aes_gcm_enc_data[id];
870 int enc = 1;
871 int pass = 1;
872
873 return aes_gcm_enc_dec(tst->alg, tst->pt, tst->pt_len,
874 tst->key, tst->key_len,
875 tst->iv, tst->iv_len, tst->aad, tst->aad_len,
876 tst->ct, tst->ct_len, tst->tag, tst->tag_len,
877 enc, pass)
878 && aes_gcm_enc_dec(tst->alg, tst->ct, tst->ct_len,
879 tst->key, tst->key_len,
880 tst->iv, tst->iv_len, tst->aad, tst->aad_len,
881 tst->pt, tst->pt_len, tst->tag, tst->tag_len,
882 !enc, pass)
883 /* Fail if incorrect tag passed to decrypt */
884 && aes_gcm_enc_dec(tst->alg, tst->ct, tst->ct_len,
885 tst->key, tst->key_len,
886 tst->iv, tst->iv_len, tst->aad, tst->aad_len,
887 tst->pt, tst->pt_len, tst->aad, tst->tag_len,
888 !enc, !pass);
889 }
890
891 #ifndef OPENSSL_NO_DH
892 static int dh_create_pkey(EVP_PKEY **pkey, const char *group_name,
893 const unsigned char *pub, size_t pub_len,
894 const unsigned char *priv, size_t priv_len,
895 BN_CTX *bn_ctx, int pass)
896 {
897 int ret = 0;
898 EVP_PKEY_CTX *ctx = NULL;
899 OSSL_PARAM_BLD *bld = NULL;
900 OSSL_PARAM *params = NULL;
901 BIGNUM *pub_bn = NULL, *priv_bn = NULL;
902
903 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
904 || (group_name != NULL
905 && !TEST_int_gt(OSSL_PARAM_BLD_push_utf8_string(
906 bld, OSSL_PKEY_PARAM_GROUP_NAME,
907 group_name, 0), 0)))
908 goto err;
909
910 if (pub != NULL) {
911 if (!TEST_ptr(pub_bn = BN_CTX_get(bn_ctx))
912 || !TEST_ptr(BN_bin2bn(pub, pub_len, pub_bn))
913 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
914 pub_bn)))
915 goto err;
916 }
917 if (priv != NULL) {
918 if (!TEST_ptr(priv_bn = BN_CTX_get(bn_ctx))
919 || !TEST_ptr(BN_bin2bn(priv, priv_len, priv_bn))
920 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
921 priv_bn)))
922 goto err;
923 }
924
925 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
926 || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "DH", NULL))
927 || !TEST_true(EVP_PKEY_fromdata_init(ctx))
928 || !TEST_int_eq(EVP_PKEY_fromdata(ctx, pkey, EVP_PKEY_KEYPAIR, params),
929 pass))
930 goto err;
931
932 ret = 1;
933 err:
934 OSSL_PARAM_free(params);
935 OSSL_PARAM_BLD_free(bld);
936 EVP_PKEY_CTX_free(ctx);
937 return ret;
938 }
939
940 static int dh_safe_prime_keygen_test(int id)
941 {
942 int ret = 0;
943 EVP_PKEY_CTX *ctx = NULL;
944 EVP_PKEY *pkey = NULL;
945 unsigned char *priv = NULL;
946 unsigned char *pub = NULL;
947 size_t priv_len = 0, pub_len = 0;
948 OSSL_PARAM params[2];
949 const struct dh_safe_prime_keygen_st *tst = &dh_safe_prime_keygen_data[id];
950
951 params[0] = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME,
952 (char *)tst->group_name, 0);
953 params[1] = OSSL_PARAM_construct_end();
954
955 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "DH", NULL))
956 || !TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
957 || !TEST_true(EVP_PKEY_CTX_set_params(ctx, params))
958 || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0)
959 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_PRIV_KEY,
960 &priv, &priv_len))
961 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_PUB_KEY,
962 &pub, &pub_len)))
963 goto err;
964
965 test_output_memory("x", priv, priv_len);
966 test_output_memory("y", pub, pub_len);
967 ret = 1;
968 err:
969 OPENSSL_clear_free(priv, priv_len);
970 OPENSSL_free(pub);
971 EVP_PKEY_free(pkey);
972 EVP_PKEY_CTX_free(ctx);
973 return ret;
974 }
975
976 static int dh_safe_prime_keyver_test(int id)
977 {
978 int ret = 0;
979 BN_CTX *bn_ctx = NULL;
980 EVP_PKEY_CTX *key_ctx = NULL;
981 EVP_PKEY *pkey = NULL;
982 const struct dh_safe_prime_keyver_st *tst = &dh_safe_prime_keyver_data[id];
983
984 if (!TEST_ptr(bn_ctx = BN_CTX_new_ex(libctx))
985 || !TEST_true(dh_create_pkey(&pkey, tst->group_name,
986 tst->pub, tst->pub_len,
987 tst->priv, tst->priv_len, bn_ctx, 1))
988 || !TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, ""))
989 || !TEST_int_eq(EVP_PKEY_check(key_ctx), tst->pass))
990 goto err;
991
992 ret = 1;
993 err:
994 EVP_PKEY_free(pkey);
995 EVP_PKEY_CTX_free(key_ctx);
996 BN_CTX_free(bn_ctx);
997 return ret;
998 }
999 #endif /* OPENSSL_NO_DH */
1000
1001
1002 static int rsa_create_pkey(EVP_PKEY **pkey,
1003 const unsigned char *n, size_t n_len,
1004 const unsigned char *e, size_t e_len,
1005 const unsigned char *d, size_t d_len,
1006 BN_CTX *bn_ctx)
1007 {
1008 int ret = 0;
1009 EVP_PKEY_CTX *ctx = NULL;
1010 OSSL_PARAM_BLD *bld = NULL;
1011 OSSL_PARAM *params = NULL;
1012 BIGNUM *e_bn = NULL, *d_bn = NULL, *n_bn = NULL;
1013
1014 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
1015 || !TEST_ptr(n_bn = BN_CTX_get(bn_ctx))
1016 || !TEST_ptr(BN_bin2bn(n, n_len, n_bn))
1017 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_N, n_bn)))
1018 goto err;
1019
1020 if (e != NULL) {
1021 if (!TEST_ptr(e_bn = BN_CTX_get(bn_ctx))
1022 || !TEST_ptr(BN_bin2bn(e, e_len, e_bn))
1023 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_E,
1024 e_bn)))
1025 goto err;
1026 }
1027 if (d != NULL) {
1028 if (!TEST_ptr(d_bn = BN_CTX_get(bn_ctx))
1029 || !TEST_ptr(BN_bin2bn(d, d_len, d_bn))
1030 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_D,
1031 d_bn)))
1032 goto err;
1033 }
1034 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
1035 || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "RSA", NULL))
1036 || !TEST_true(EVP_PKEY_fromdata_init(ctx))
1037 || !TEST_true(EVP_PKEY_fromdata(ctx, pkey, EVP_PKEY_KEYPAIR, params)))
1038 goto err;
1039
1040 ret = 1;
1041 err:
1042 OSSL_PARAM_free(params);
1043 OSSL_PARAM_BLD_free(bld);
1044 EVP_PKEY_CTX_free(ctx);
1045 return ret;
1046 }
1047
1048 static int rsa_keygen_test(int id)
1049 {
1050 int ret = 0;
1051 EVP_PKEY_CTX *ctx = NULL;
1052 EVP_PKEY *pkey = NULL;
1053 BIGNUM *e_bn = NULL;
1054 BIGNUM *xp1_bn = NULL, *xp2_bn = NULL, *xp_bn = NULL;
1055 BIGNUM *xq1_bn = NULL, *xq2_bn = NULL, *xq_bn = NULL;
1056 unsigned char *n = NULL, *d = NULL;
1057 unsigned char *p = NULL, *p1 = NULL, *p2 = NULL;
1058 unsigned char *q = NULL, *q1 = NULL, *q2 = NULL;
1059 size_t n_len = 0, d_len = 0;
1060 size_t p_len = 0, p1_len = 0, p2_len = 0;
1061 size_t q_len = 0, q1_len = 0, q2_len = 0;
1062 OSSL_PARAM_BLD *bld = NULL;
1063 OSSL_PARAM *params = NULL;
1064 const struct rsa_keygen_st *tst = &rsa_keygen_data[id];
1065
1066 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
1067 || !TEST_ptr(xp1_bn = BN_bin2bn(tst->xp1, tst->xp1_len, NULL))
1068 || !TEST_ptr(xp2_bn = BN_bin2bn(tst->xp2, tst->xp2_len, NULL))
1069 || !TEST_ptr(xp_bn = BN_bin2bn(tst->xp, tst->xp_len, NULL))
1070 || !TEST_ptr(xq1_bn = BN_bin2bn(tst->xq1, tst->xq1_len, NULL))
1071 || !TEST_ptr(xq2_bn = BN_bin2bn(tst->xq2, tst->xq2_len, NULL))
1072 || !TEST_ptr(xq_bn = BN_bin2bn(tst->xq, tst->xq_len, NULL))
1073 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_TEST_XP1,
1074 xp1_bn))
1075 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_TEST_XP2,
1076 xp2_bn))
1077 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_TEST_XP,
1078 xp_bn))
1079 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_TEST_XQ1,
1080 xq1_bn))
1081 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_TEST_XQ2,
1082 xq2_bn))
1083 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_TEST_XQ,
1084 xq_bn))
1085 || !TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
1086 goto err;
1087
1088 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "RSA", NULL))
1089 || !TEST_ptr(e_bn = BN_bin2bn(tst->e, tst->e_len, NULL))
1090 || !TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
1091 || !TEST_true(EVP_PKEY_CTX_set_params(ctx, params))
1092 || !TEST_true(EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, tst->mod))
1093 || !TEST_true(EVP_PKEY_CTX_set1_rsa_keygen_pubexp(ctx, e_bn))
1094 || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0)
1095 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_TEST_P1,
1096 &p1, &p1_len))
1097 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_TEST_P2,
1098 &p2, &p2_len))
1099 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_TEST_Q1,
1100 &q1, &q1_len))
1101 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_TEST_Q2,
1102 &q2, &q2_len))
1103 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_FACTOR1,
1104 &p, &p_len))
1105 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_FACTOR2,
1106 &q, &q_len))
1107 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_N,
1108 &n, &n_len))
1109 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_D,
1110 &d, &d_len)))
1111 goto err;
1112
1113 if (!TEST_mem_eq(tst->p1, tst->p1_len, p1, p1_len)
1114 || !TEST_mem_eq(tst->p2, tst->p2_len, p2, p2_len)
1115 || !TEST_mem_eq(tst->p, tst->p_len, p, p_len)
1116 || !TEST_mem_eq(tst->q1, tst->q1_len, q1, q1_len)
1117 || !TEST_mem_eq(tst->q2, tst->q2_len, q2, q2_len)
1118 || !TEST_mem_eq(tst->q, tst->q_len, q, q_len)
1119 || !TEST_mem_eq(tst->n, tst->n_len, n, n_len)
1120 || !TEST_mem_eq(tst->d, tst->d_len, d, d_len))
1121 goto err;
1122
1123 test_output_memory("p1", p1, p1_len);
1124 test_output_memory("p2", p2, p2_len);
1125 test_output_memory("p", p, p_len);
1126 test_output_memory("q1", q1, q1_len);
1127 test_output_memory("q2", q2, q2_len);
1128 test_output_memory("q", q, q_len);
1129 test_output_memory("n", n, n_len);
1130 test_output_memory("d", d, d_len);
1131 ret = 1;
1132 err:
1133 BN_free(xp1_bn);
1134 BN_free(xp2_bn);
1135 BN_free(xp_bn);
1136 BN_free(xq1_bn);
1137 BN_free(xq2_bn);
1138 BN_free(xq_bn);
1139 BN_free(e_bn);
1140 OPENSSL_free(p1);
1141 OPENSSL_free(p2);
1142 OPENSSL_free(q1);
1143 OPENSSL_free(q2);
1144 OPENSSL_free(p);
1145 OPENSSL_free(q);
1146 OPENSSL_free(n);
1147 OPENSSL_free(d);
1148 EVP_PKEY_free(pkey);
1149 EVP_PKEY_CTX_free(ctx);
1150 OSSL_PARAM_free(params);
1151 OSSL_PARAM_BLD_free(bld);
1152 return ret;
1153 }
1154
1155 static int rsa_siggen_test(int id)
1156 {
1157 int ret = 0;
1158 EVP_PKEY *pkey = NULL;
1159 unsigned char *sig = NULL, *n = NULL, *e = NULL;
1160 size_t sig_len = 0, n_len = 0, e_len = 0;
1161 OSSL_PARAM params[4], *p;
1162 const struct rsa_siggen_st *tst = &rsa_siggen_data[id];
1163
1164 TEST_note("RSA %s signature generation", tst->sig_pad_mode);
1165
1166 p = params;
1167 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_PAD_MODE,
1168 (char *)tst->sig_pad_mode, 0);
1169 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
1170 (char *)tst->digest_alg, 0);
1171 if (tst->pss_salt_len >= 0) {
1172 int salt_len = tst->pss_salt_len;
1173
1174 *p++ = OSSL_PARAM_construct_int(OSSL_SIGNATURE_PARAM_PSS_SALTLEN,
1175 &salt_len);
1176 }
1177 *p++ = OSSL_PARAM_construct_end();
1178
1179 if (!TEST_ptr(pkey = EVP_PKEY_Q_keygen(libctx, NULL, "RSA", tst->mod))
1180 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_N, &n, &n_len))
1181 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_E, &e, &e_len))
1182 || !TEST_true(sig_gen(pkey, params, tst->digest_alg,
1183 tst->msg, tst->msg_len,
1184 &sig, &sig_len)))
1185 goto err;
1186 test_output_memory("n", n, n_len);
1187 test_output_memory("e", e, e_len);
1188 test_output_memory("sig", sig, sig_len);
1189 ret = 1;
1190 err:
1191 OPENSSL_free(n);
1192 OPENSSL_free(e);
1193 OPENSSL_free(sig);
1194 EVP_PKEY_free(pkey);
1195 return ret;
1196 }
1197
1198 static int rsa_sigver_test(int id)
1199 {
1200 int ret = 0;
1201 EVP_PKEY_CTX *pkey_ctx = NULL;
1202 EVP_PKEY *pkey = NULL;
1203 EVP_MD_CTX *md_ctx = NULL;
1204 BN_CTX *bn_ctx = NULL;
1205 OSSL_PARAM params[4], *p;
1206 const struct rsa_sigver_st *tst = &rsa_sigver_data[id];
1207
1208 TEST_note("RSA %s Signature Verify : expected to %s ", tst->sig_pad_mode,
1209 tst->pass == PASS ? "pass" : "fail");
1210
1211 p = params;
1212 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_PAD_MODE,
1213 (char *)tst->sig_pad_mode, 0);
1214 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
1215 (char *)tst->digest_alg, 0);
1216 if (tst->pss_salt_len >= 0) {
1217 int salt_len = tst->pss_salt_len;
1218
1219 *p++ = OSSL_PARAM_construct_int(OSSL_SIGNATURE_PARAM_PSS_SALTLEN,
1220 &salt_len);
1221 }
1222 *p++ = OSSL_PARAM_construct_end();
1223
1224 if (!TEST_ptr(bn_ctx = BN_CTX_new())
1225 || !TEST_true(rsa_create_pkey(&pkey, tst->n, tst->n_len,
1226 tst->e, tst->e_len, NULL, 0, bn_ctx))
1227 || !TEST_ptr(md_ctx = EVP_MD_CTX_new())
1228 || !TEST_true(EVP_DigestVerifyInit_ex(md_ctx, &pkey_ctx,
1229 tst->digest_alg, libctx, NULL,
1230 pkey, NULL)
1231 || !TEST_true(EVP_PKEY_CTX_set_params(pkey_ctx, params))
1232 || !TEST_int_eq(EVP_DigestVerify(md_ctx, tst->sig, tst->sig_len,
1233 tst->msg, tst->msg_len), tst->pass)))
1234 goto err;
1235 ret = 1;
1236 err:
1237 EVP_PKEY_free(pkey);
1238 BN_CTX_free(bn_ctx);
1239 EVP_MD_CTX_free(md_ctx);
1240 return ret;
1241 }
1242
1243 static int rsa_decryption_primitive_test(int id)
1244 {
1245 int ret = 0;
1246 EVP_PKEY_CTX *ctx = NULL;
1247 EVP_PKEY *pkey = NULL;
1248 unsigned char pt[2048];
1249 size_t pt_len = sizeof(pt);
1250 unsigned char *n = NULL, *e = NULL;
1251 size_t n_len = 0, e_len = 0;
1252 BN_CTX *bn_ctx = NULL;
1253 const struct rsa_decrypt_prim_st *tst = &rsa_decrypt_prim_data[id];
1254
1255 if (!TEST_ptr(pkey = EVP_PKEY_Q_keygen(libctx, NULL, "RSA", 2048))
1256 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_N, &n, &n_len))
1257 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_E, &e, &e_len))
1258 || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, ""))
1259 || !TEST_int_gt(EVP_PKEY_decrypt_init(ctx), 0)
1260 || !TEST_int_gt(EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_NO_PADDING), 0))
1261 goto err;
1262
1263 test_output_memory("n", n, n_len);
1264 test_output_memory("e", e, e_len);
1265 if (!EVP_PKEY_decrypt(ctx, pt, &pt_len, tst->ct, tst->ct_len))
1266 TEST_note("Decryption Failed");
1267 else
1268 test_output_memory("pt", pt, pt_len);
1269 ret = 1;
1270 err:
1271 OPENSSL_free(n);
1272 OPENSSL_free(e);
1273 EVP_PKEY_CTX_free(ctx);
1274 EVP_PKEY_free(pkey);
1275 BN_CTX_free(bn_ctx);
1276 return ret;
1277 }
1278
1279 static int self_test_events(const OSSL_PARAM params[], void *varg)
1280 {
1281 SELF_TEST_ARGS *args = varg;
1282 const OSSL_PARAM *p = NULL;
1283 const char *phase = NULL, *type = NULL, *desc = NULL;
1284 int ret = 0;
1285
1286 if (!args->enable)
1287 return 1;
1288
1289 args->called++;
1290 p = OSSL_PARAM_locate_const(params, OSSL_PROV_PARAM_SELF_TEST_PHASE);
1291 if (p == NULL || p->data_type != OSSL_PARAM_UTF8_STRING)
1292 goto err;
1293 phase = (const char *)p->data;
1294
1295 p = OSSL_PARAM_locate_const(params, OSSL_PROV_PARAM_SELF_TEST_DESC);
1296 if (p == NULL || p->data_type != OSSL_PARAM_UTF8_STRING)
1297 goto err;
1298 desc = (const char *)p->data;
1299
1300 p = OSSL_PARAM_locate_const(params, OSSL_PROV_PARAM_SELF_TEST_TYPE);
1301 if (p == NULL || p->data_type != OSSL_PARAM_UTF8_STRING)
1302 goto err;
1303 type = (const char *)p->data;
1304
1305 BIO_printf(bio_out, "%s %s %s\n", phase, desc, type);
1306 ret = 1;
1307 err:
1308 return ret;
1309 }
1310
1311 static int drbg_test(int id)
1312 {
1313 OSSL_PARAM params[3];
1314 EVP_RAND *rand = NULL;
1315 EVP_RAND_CTX *ctx = NULL, *parent = NULL;
1316 unsigned char returned_bits[64];
1317 const size_t returned_bits_len = sizeof(returned_bits);
1318 unsigned int strength = 256;
1319 const struct drbg_st *tst = &drbg_data[id];
1320 int res = 0;
1321
1322 /* Create the seed source */
1323 if (!TEST_ptr(rand = EVP_RAND_fetch(libctx, "TEST-RAND", "-fips"))
1324 || !TEST_ptr(parent = EVP_RAND_CTX_new(rand, NULL)))
1325 goto err;
1326 EVP_RAND_free(rand);
1327 rand = NULL;
1328
1329 params[0] = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_STRENGTH, &strength);
1330 params[1] = OSSL_PARAM_construct_end();
1331 if (!TEST_true(EVP_RAND_CTX_set_params(parent, params)))
1332 goto err;
1333
1334 /* Get the DRBG */
1335 if (!TEST_ptr(rand = EVP_RAND_fetch(libctx, tst->drbg_name, ""))
1336 || !TEST_ptr(ctx = EVP_RAND_CTX_new(rand, parent)))
1337 goto err;
1338
1339 /* Set the DRBG up */
1340 params[0] = OSSL_PARAM_construct_int(OSSL_DRBG_PARAM_USE_DF,
1341 (int *)&tst->use_df);
1342 params[1] = OSSL_PARAM_construct_utf8_string(OSSL_DRBG_PARAM_CIPHER,
1343 (char *)tst->cipher, 0);
1344 params[2] = OSSL_PARAM_construct_end();
1345 if (!TEST_true(EVP_RAND_CTX_set_params(ctx, params)))
1346 goto err;
1347
1348 /* Feed in the entropy and nonce */
1349 params[0] = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY,
1350 (void *)tst->entropy_input,
1351 tst->entropy_input_len);
1352 params[1] = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_NONCE,
1353 (void *)tst->nonce,
1354 tst->nonce_len);
1355 params[2] = OSSL_PARAM_construct_end();
1356 if (!TEST_true(EVP_RAND_CTX_set_params(parent, params)))
1357 goto err;
1358
1359 /*
1360 * Run the test
1361 * A NULL personalisation string defaults to the built in so something
1362 * non-NULL is needed if there is no personalisation string
1363 */
1364 if (!TEST_true(EVP_RAND_instantiate(ctx, 0, 0, (void *)"", 0, NULL))
1365 || !TEST_true(EVP_RAND_generate(ctx, returned_bits, returned_bits_len,
1366 0, 0, NULL, 0))
1367 || !TEST_true(EVP_RAND_generate(ctx, returned_bits, returned_bits_len,
1368 0, 0, NULL, 0)))
1369 goto err;
1370
1371 test_output_memory("returned bits", returned_bits, returned_bits_len);
1372
1373 /* Clean up */
1374 if (!TEST_true(EVP_RAND_uninstantiate(ctx))
1375 || !TEST_true(EVP_RAND_uninstantiate(parent)))
1376 goto err;
1377
1378 /* Verify the output */
1379 if (!TEST_mem_eq(returned_bits, returned_bits_len,
1380 tst->returned_bits, tst->returned_bits_len))
1381 goto err;
1382 res = 1;
1383 err:
1384 EVP_RAND_CTX_free(ctx);
1385 EVP_RAND_CTX_free(parent);
1386 EVP_RAND_free(rand);
1387 return res;
1388 }
1389
1390 static int aes_cfb1_bits_test(void)
1391 {
1392 int ret = 0;
1393 EVP_CIPHER *cipher = NULL;
1394 EVP_CIPHER_CTX *ctx = NULL;
1395 unsigned char out[16] = { 0 };
1396 int outlen;
1397 const OSSL_PARAM *params, *p;
1398
1399 static const unsigned char key[] = {
1400 0x12, 0x22, 0x58, 0x2F, 0x1C, 0x1A, 0x8A, 0x88,
1401 0x30, 0xFC, 0x18, 0xB7, 0x24, 0x89, 0x7F, 0xC0
1402 };
1403 static const unsigned char iv[] = {
1404 0x05, 0x28, 0xB5, 0x2B, 0x58, 0x27, 0x63, 0x5C,
1405 0x81, 0x86, 0xD3, 0x63, 0x60, 0xB0, 0xAA, 0x2B
1406 };
1407 static const unsigned char pt[] = {
1408 0xB4
1409 };
1410 static const unsigned char expected[] = {
1411 0x6C
1412 };
1413
1414 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, "AES-128-CFB1", "fips=yes")))
1415 goto err;
1416 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()))
1417 goto err;
1418 if (!TEST_int_gt(EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, 1), 0))
1419 goto err;
1420 if (!TEST_ptr(params = EVP_CIPHER_CTX_settable_params(ctx))
1421 || !TEST_ptr(p = OSSL_PARAM_locate_const(params,
1422 OSSL_CIPHER_PARAM_USE_BITS)))
1423 goto err;
1424 EVP_CIPHER_CTX_set_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS);
1425 if (!TEST_int_gt(EVP_CipherUpdate(ctx, out, &outlen, pt, 7), 0))
1426 goto err;
1427 if (!TEST_int_eq(outlen, 7))
1428 goto err;
1429 if (!TEST_mem_eq(out, (outlen + 7) / 8, expected, sizeof(expected)))
1430 goto err;
1431 ret = 1;
1432 err:
1433 EVP_CIPHER_free(cipher);
1434 EVP_CIPHER_CTX_free(ctx);
1435 return ret;
1436 }
1437
1438 int setup_tests(void)
1439 {
1440 char *config_file = NULL;
1441
1442 OPTION_CHOICE o;
1443
1444 while ((o = opt_next()) != OPT_EOF) {
1445 switch (o) {
1446 case OPT_CONFIG_FILE:
1447 config_file = opt_arg();
1448 break;
1449 case OPT_TEST_CASES:
1450 break;
1451 default:
1452 case OPT_ERR:
1453 return 0;
1454 }
1455 }
1456
1457 if (!test_get_libctx(&libctx, &prov_null, config_file, NULL, NULL))
1458 return 0;
1459
1460 OSSL_SELF_TEST_set_callback(libctx, self_test_events, &self_test_args);
1461
1462 ADD_TEST(aes_cfb1_bits_test);
1463 ADD_ALL_TESTS(cipher_enc_dec_test, OSSL_NELEM(cipher_enc_data));
1464 ADD_ALL_TESTS(aes_ccm_enc_dec_test, OSSL_NELEM(aes_ccm_enc_data));
1465 ADD_ALL_TESTS(aes_gcm_enc_dec_test, OSSL_NELEM(aes_gcm_enc_data));
1466
1467 ADD_ALL_TESTS(rsa_keygen_test, OSSL_NELEM(rsa_keygen_data));
1468 ADD_ALL_TESTS(rsa_siggen_test, OSSL_NELEM(rsa_siggen_data));
1469 ADD_ALL_TESTS(rsa_sigver_test, OSSL_NELEM(rsa_sigver_data));
1470 ADD_ALL_TESTS(rsa_decryption_primitive_test,
1471 OSSL_NELEM(rsa_decrypt_prim_data));
1472
1473 #ifndef OPENSSL_NO_DH
1474 ADD_ALL_TESTS(dh_safe_prime_keygen_test,
1475 OSSL_NELEM(dh_safe_prime_keygen_data));
1476 ADD_ALL_TESTS(dh_safe_prime_keyver_test,
1477 OSSL_NELEM(dh_safe_prime_keyver_data));
1478 #endif /* OPENSSL_NO_DH */
1479
1480 #ifndef OPENSSL_NO_DSA
1481 ADD_ALL_TESTS(dsa_keygen_test, OSSL_NELEM(dsa_keygen_data));
1482 ADD_ALL_TESTS(dsa_paramgen_test, OSSL_NELEM(dsa_paramgen_data));
1483 ADD_ALL_TESTS(dsa_pqver_test, OSSL_NELEM(dsa_pqver_data));
1484 ADD_ALL_TESTS(dsa_siggen_test, OSSL_NELEM(dsa_siggen_data));
1485 ADD_ALL_TESTS(dsa_sigver_test, OSSL_NELEM(dsa_sigver_data));
1486 #endif /* OPENSSL_NO_DSA */
1487
1488 #ifndef OPENSSL_NO_EC
1489 ADD_ALL_TESTS(ecdsa_keygen_test, OSSL_NELEM(ecdsa_keygen_data));
1490 ADD_ALL_TESTS(ecdsa_pub_verify_test, OSSL_NELEM(ecdsa_pv_data));
1491 ADD_ALL_TESTS(ecdsa_siggen_test, OSSL_NELEM(ecdsa_siggen_data));
1492 ADD_ALL_TESTS(ecdsa_sigver_test, OSSL_NELEM(ecdsa_sigver_data));
1493 #endif /* OPENSSL_NO_EC */
1494
1495 ADD_ALL_TESTS(drbg_test, OSSL_NELEM(drbg_data));
1496 return 1;
1497 }
1498
1499 void cleanup_tests(void)
1500 {
1501 OSSL_PROVIDER_unload(prov_null);
1502 OSSL_LIB_CTX_free(libctx);
1503 }
A mirror of the official openssl repository