]> git.ipfire.org Git - thirdparty/openssl.git/blob - test/dhtest.c
projects / thirdparty / openssl.git / blob
? search:


a357d0262f15be2012858346fd2aaa6f1facfbee
[thirdparty/openssl.git] / test / dhtest.c
1 /*
2 * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 #include <stdio.h>
11 #include <stdlib.h>
12 #include <string.h>
13
14 #include "internal/nelem.h"
15 #include <openssl/crypto.h>
16 #include <openssl/bio.h>
17 #include <openssl/bn.h>
18 #include <openssl/rand.h>
19 #include <openssl/err.h>
20 #include <openssl/obj_mac.h>
21 #include "testutil.h"
22
23 #ifndef OPENSSL_NO_DH
24 # include <openssl/dh.h>
25
26 static int cb(int p, int n, BN_GENCB *arg);
27
28 static int dh_test(void)
29 {
30 DH *dh = NULL;
31 BIGNUM *p = NULL, *q = NULL, *g = NULL;
32 const BIGNUM *p2, *q2, *g2;
33 BIGNUM *priv_key = NULL;
34 const BIGNUM *pub_key2, *priv_key2;
35 BN_GENCB *_cb = NULL;
36 DH *a = NULL;
37 DH *b = NULL;
38 DH *c = NULL;
39 const BIGNUM *ap = NULL, *ag = NULL, *apub_key = NULL;
40 const BIGNUM *bpub_key = NULL, *bpriv_key = NULL;
41 BIGNUM *bp = NULL, *bg = NULL, *cpriv_key = NULL;
42 unsigned char *abuf = NULL;
43 unsigned char *bbuf = NULL;
44 unsigned char *cbuf = NULL;
45 int i, alen, blen, clen, aout, bout, cout;
46 int ret = 0;
47
48 if (!TEST_ptr(dh = DH_new())
49 || !TEST_ptr(p = BN_new())
50 || !TEST_ptr(q = BN_new())
51 || !TEST_ptr(g = BN_new())
52 || !TEST_ptr(priv_key = BN_new()))
53 goto err1;
54
55 /*
56 * I) basic tests
57 */
58
59 /* using a small predefined Sophie Germain DH group with generator 3 */
60 if (!TEST_true(BN_set_word(p, 4079L))
61 || !TEST_true(BN_set_word(q, 2039L))
62 || !TEST_true(BN_set_word(g, 3L))
63 || !TEST_true(DH_set0_pqg(dh, p, q, g)))
64 goto err1;
65
66 /* check fails, because p is way too small */
67 if (!DH_check(dh, &i))
68 goto err2;
69 i ^= DH_MODULUS_TOO_SMALL;
70 if (!TEST_false(i & DH_CHECK_P_NOT_PRIME)
71 || !TEST_false(i & DH_CHECK_P_NOT_SAFE_PRIME)
72 || !TEST_false(i & DH_UNABLE_TO_CHECK_GENERATOR)
73 || !TEST_false(i & DH_NOT_SUITABLE_GENERATOR)
74 || !TEST_false(i & DH_CHECK_Q_NOT_PRIME)
75 || !TEST_false(i & DH_CHECK_INVALID_Q_VALUE)
76 || !TEST_false(i & DH_CHECK_INVALID_J_VALUE)
77 || !TEST_false(i & DH_MODULUS_TOO_SMALL)
78 || !TEST_false(i & DH_MODULUS_TOO_LARGE)
79 || !TEST_false(i))
80 goto err2;
81
82 /* test the combined getter for p, q, and g */
83 DH_get0_pqg(dh, &p2, &q2, &g2);
84 if (!TEST_ptr_eq(p2, p)
85 || !TEST_ptr_eq(q2, q)
86 || !TEST_ptr_eq(g2, g))
87 goto err2;
88
89 /* test the simple getters for p, q, and g */
90 if (!TEST_ptr_eq(DH_get0_p(dh), p2)
91 || !TEST_ptr_eq(DH_get0_q(dh), q2)
92 || !TEST_ptr_eq(DH_get0_g(dh), g2))
93 goto err2;
94
95 /* set the private key only*/
96 if (!TEST_true(BN_set_word(priv_key, 1234L))
97 || !TEST_true(DH_set0_key(dh, NULL, priv_key)))
98 goto err2;
99
100 /* test the combined getter for pub_key and priv_key */
101 DH_get0_key(dh, &pub_key2, &priv_key2);
102 if (!TEST_ptr_eq(pub_key2, NULL)
103 || !TEST_ptr_eq(priv_key2, priv_key))
104 goto err3;
105
106 /* test the simple getters for pub_key and priv_key */
107 if (!TEST_ptr_eq(DH_get0_pub_key(dh), pub_key2)
108 || !TEST_ptr_eq(DH_get0_priv_key(dh), priv_key2))
109 goto err3;
110
111 /* now generate a key pair (expect failure since modulus is too small) */
112 if (!TEST_false(DH_generate_key(dh)))
113 goto err3;
114
115 /* We'll have a stale error on the queue from the above test so clear it */
116 ERR_clear_error();
117
118 /*
119 * II) key generation
120 */
121
122 /* generate a DH group ... */
123 if (!TEST_ptr(_cb = BN_GENCB_new()))
124 goto err3;
125 BN_GENCB_set(_cb, &cb, NULL);
126 if (!TEST_ptr(a = DH_new())
127 || !TEST_true(DH_generate_parameters_ex(a, 512,
128 DH_GENERATOR_5, _cb)))
129 goto err3;
130
131 /* ... and check whether it is valid */
132 if (!DH_check(a, &i))
133 goto err3;
134 if (!TEST_false(i & DH_CHECK_P_NOT_PRIME)
135 || !TEST_false(i & DH_CHECK_P_NOT_SAFE_PRIME)
136 || !TEST_false(i & DH_UNABLE_TO_CHECK_GENERATOR)
137 || !TEST_false(i & DH_NOT_SUITABLE_GENERATOR)
138 || !TEST_false(i & DH_CHECK_Q_NOT_PRIME)
139 || !TEST_false(i & DH_CHECK_INVALID_Q_VALUE)
140 || !TEST_false(i & DH_CHECK_INVALID_J_VALUE)
141 || !TEST_false(i & DH_MODULUS_TOO_SMALL)
142 || !TEST_false(i & DH_MODULUS_TOO_LARGE)
143 || !TEST_false(i))
144 goto err3;
145
146 DH_get0_pqg(a, &ap, NULL, &ag);
147
148 /* now create another copy of the DH group for the peer */
149 if (!TEST_ptr(b = DH_new()))
150 goto err3;
151
152 if (!TEST_ptr(bp = BN_dup(ap))
153 || !TEST_ptr(bg = BN_dup(ag))
154 || !TEST_true(DH_set0_pqg(b, bp, NULL, bg)))
155 goto err3;
156 bp = bg = NULL;
157
158 /*
159 * III) simulate a key exchange
160 */
161
162 if (!DH_generate_key(a))
163 goto err3;
164 DH_get0_key(a, &apub_key, NULL);
165
166 if (!DH_generate_key(b))
167 goto err3;
168 DH_get0_key(b, &bpub_key, &bpriv_key);
169
170 /* Also test with a private-key-only copy of |b|. */
171 if (!TEST_ptr(c = DHparams_dup(b))
172 || !TEST_ptr(cpriv_key = BN_dup(bpriv_key))
173 || !TEST_true(DH_set0_key(c, NULL, cpriv_key)))
174 goto err3;
175 cpriv_key = NULL;
176
177 alen = DH_size(a);
178 if (!TEST_ptr(abuf = OPENSSL_malloc(alen))
179 || !TEST_true((aout = DH_compute_key(abuf, bpub_key, a)) != -1))
180 goto err3;
181
182 blen = DH_size(b);
183 if (!TEST_ptr(bbuf = OPENSSL_malloc(blen))
184 || !TEST_true((bout = DH_compute_key(bbuf, apub_key, b)) != -1))
185 goto err3;
186
187 clen = DH_size(c);
188 if (!TEST_ptr(cbuf = OPENSSL_malloc(clen))
189 || !TEST_true((cout = DH_compute_key(cbuf, apub_key, c)) != -1))
190 goto err3;
191
192 if (!TEST_true(aout >= 20)
193 || !TEST_mem_eq(abuf, aout, bbuf, bout)
194 || !TEST_mem_eq(abuf, aout, cbuf, cout))
195 goto err3;
196
197 ret = 1;
198 goto success;
199
200 err1:
201 /* an error occurred before p,q,g were assigned to dh */
202 BN_free(p);
203 BN_free(q);
204 BN_free(g);
205 err2:
206 /* an error occurred before priv_key was assigned to dh */
207 BN_free(priv_key);
208 err3:
209 success:
210 OPENSSL_free(abuf);
211 OPENSSL_free(bbuf);
212 OPENSSL_free(cbuf);
213 DH_free(b);
214 DH_free(a);
215 DH_free(c);
216 BN_free(bp);
217 BN_free(bg);
218 BN_free(cpriv_key);
219 BN_GENCB_free(_cb);
220 DH_free(dh);
221
222 return ret;
223 }
224
225 static int cb(int p, int n, BN_GENCB *arg)
226 {
227 return 1;
228 }
229
230 /* Test data from RFC 5114 */
231
232 static const unsigned char dhtest_1024_160_xA[] = {
233 0xB9, 0xA3, 0xB3, 0xAE, 0x8F, 0xEF, 0xC1, 0xA2, 0x93, 0x04, 0x96, 0x50,
234 0x70, 0x86, 0xF8, 0x45, 0x5D, 0x48, 0x94, 0x3E
235 };
236
237 static const unsigned char dhtest_1024_160_yA[] = {
238 0x2A, 0x85, 0x3B, 0x3D, 0x92, 0x19, 0x75, 0x01, 0xB9, 0x01, 0x5B, 0x2D,
239 0xEB, 0x3E, 0xD8, 0x4F, 0x5E, 0x02, 0x1D, 0xCC, 0x3E, 0x52, 0xF1, 0x09,
240 0xD3, 0x27, 0x3D, 0x2B, 0x75, 0x21, 0x28, 0x1C, 0xBA, 0xBE, 0x0E, 0x76,
241 0xFF, 0x57, 0x27, 0xFA, 0x8A, 0xCC, 0xE2, 0x69, 0x56, 0xBA, 0x9A, 0x1F,
242 0xCA, 0x26, 0xF2, 0x02, 0x28, 0xD8, 0x69, 0x3F, 0xEB, 0x10, 0x84, 0x1D,
243 0x84, 0xA7, 0x36, 0x00, 0x54, 0xEC, 0xE5, 0xA7, 0xF5, 0xB7, 0xA6, 0x1A,
244 0xD3, 0xDF, 0xB3, 0xC6, 0x0D, 0x2E, 0x43, 0x10, 0x6D, 0x87, 0x27, 0xDA,
245 0x37, 0xDF, 0x9C, 0xCE, 0x95, 0xB4, 0x78, 0x75, 0x5D, 0x06, 0xBC, 0xEA,
246 0x8F, 0x9D, 0x45, 0x96, 0x5F, 0x75, 0xA5, 0xF3, 0xD1, 0xDF, 0x37, 0x01,
247 0x16, 0x5F, 0xC9, 0xE5, 0x0C, 0x42, 0x79, 0xCE, 0xB0, 0x7F, 0x98, 0x95,
248 0x40, 0xAE, 0x96, 0xD5, 0xD8, 0x8E, 0xD7, 0x76
249 };
250
251 static const unsigned char dhtest_1024_160_xB[] = {
252 0x93, 0x92, 0xC9, 0xF9, 0xEB, 0x6A, 0x7A, 0x6A, 0x90, 0x22, 0xF7, 0xD8,
253 0x3E, 0x72, 0x23, 0xC6, 0x83, 0x5B, 0xBD, 0xDA
254 };
255
256 static const unsigned char dhtest_1024_160_yB[] = {
257 0x71, 0x7A, 0x6C, 0xB0, 0x53, 0x37, 0x1F, 0xF4, 0xA3, 0xB9, 0x32, 0x94,
258 0x1C, 0x1E, 0x56, 0x63, 0xF8, 0x61, 0xA1, 0xD6, 0xAD, 0x34, 0xAE, 0x66,
259 0x57, 0x6D, 0xFB, 0x98, 0xF6, 0xC6, 0xCB, 0xF9, 0xDD, 0xD5, 0xA5, 0x6C,
260 0x78, 0x33, 0xF6, 0xBC, 0xFD, 0xFF, 0x09, 0x55, 0x82, 0xAD, 0x86, 0x8E,
261 0x44, 0x0E, 0x8D, 0x09, 0xFD, 0x76, 0x9E, 0x3C, 0xEC, 0xCD, 0xC3, 0xD3,
262 0xB1, 0xE4, 0xCF, 0xA0, 0x57, 0x77, 0x6C, 0xAA, 0xF9, 0x73, 0x9B, 0x6A,
263 0x9F, 0xEE, 0x8E, 0x74, 0x11, 0xF8, 0xD6, 0xDA, 0xC0, 0x9D, 0x6A, 0x4E,
264 0xDB, 0x46, 0xCC, 0x2B, 0x5D, 0x52, 0x03, 0x09, 0x0E, 0xAE, 0x61, 0x26,
265 0x31, 0x1E, 0x53, 0xFD, 0x2C, 0x14, 0xB5, 0x74, 0xE6, 0xA3, 0x10, 0x9A,
266 0x3D, 0xA1, 0xBE, 0x41, 0xBD, 0xCE, 0xAA, 0x18, 0x6F, 0x5C, 0xE0, 0x67,
267 0x16, 0xA2, 0xB6, 0xA0, 0x7B, 0x3C, 0x33, 0xFE
268 };
269
270 static const unsigned char dhtest_1024_160_Z[] = {
271 0x5C, 0x80, 0x4F, 0x45, 0x4D, 0x30, 0xD9, 0xC4, 0xDF, 0x85, 0x27, 0x1F,
272 0x93, 0x52, 0x8C, 0x91, 0xDF, 0x6B, 0x48, 0xAB, 0x5F, 0x80, 0xB3, 0xB5,
273 0x9C, 0xAA, 0xC1, 0xB2, 0x8F, 0x8A, 0xCB, 0xA9, 0xCD, 0x3E, 0x39, 0xF3,
274 0xCB, 0x61, 0x45, 0x25, 0xD9, 0x52, 0x1D, 0x2E, 0x64, 0x4C, 0x53, 0xB8,
275 0x07, 0xB8, 0x10, 0xF3, 0x40, 0x06, 0x2F, 0x25, 0x7D, 0x7D, 0x6F, 0xBF,
276 0xE8, 0xD5, 0xE8, 0xF0, 0x72, 0xE9, 0xB6, 0xE9, 0xAF, 0xDA, 0x94, 0x13,
277 0xEA, 0xFB, 0x2E, 0x8B, 0x06, 0x99, 0xB1, 0xFB, 0x5A, 0x0C, 0xAC, 0xED,
278 0xDE, 0xAE, 0xAD, 0x7E, 0x9C, 0xFB, 0xB3, 0x6A, 0xE2, 0xB4, 0x20, 0x83,
279 0x5B, 0xD8, 0x3A, 0x19, 0xFB, 0x0B, 0x5E, 0x96, 0xBF, 0x8F, 0xA4, 0xD0,
280 0x9E, 0x34, 0x55, 0x25, 0x16, 0x7E, 0xCD, 0x91, 0x55, 0x41, 0x6F, 0x46,
281 0xF4, 0x08, 0xED, 0x31, 0xB6, 0x3C, 0x6E, 0x6D
282 };
283
284 static const unsigned char dhtest_2048_224_xA[] = {
285 0x22, 0xE6, 0x26, 0x01, 0xDB, 0xFF, 0xD0, 0x67, 0x08, 0xA6, 0x80, 0xF7,
286 0x47, 0xF3, 0x61, 0xF7, 0x6D, 0x8F, 0x4F, 0x72, 0x1A, 0x05, 0x48, 0xE4,
287 0x83, 0x29, 0x4B, 0x0C
288 };
289
290 static const unsigned char dhtest_2048_224_yA[] = {
291 0x1B, 0x3A, 0x63, 0x45, 0x1B, 0xD8, 0x86, 0xE6, 0x99, 0xE6, 0x7B, 0x49,
292 0x4E, 0x28, 0x8B, 0xD7, 0xF8, 0xE0, 0xD3, 0x70, 0xBA, 0xDD, 0xA7, 0xA0,
293 0xEF, 0xD2, 0xFD, 0xE7, 0xD8, 0xF6, 0x61, 0x45, 0xCC, 0x9F, 0x28, 0x04,
294 0x19, 0x97, 0x5E, 0xB8, 0x08, 0x87, 0x7C, 0x8A, 0x4C, 0x0C, 0x8E, 0x0B,
295 0xD4, 0x8D, 0x4A, 0x54, 0x01, 0xEB, 0x1E, 0x87, 0x76, 0xBF, 0xEE, 0xE1,
296 0x34, 0xC0, 0x38, 0x31, 0xAC, 0x27, 0x3C, 0xD9, 0xD6, 0x35, 0xAB, 0x0C,
297 0xE0, 0x06, 0xA4, 0x2A, 0x88, 0x7E, 0x3F, 0x52, 0xFB, 0x87, 0x66, 0xB6,
298 0x50, 0xF3, 0x80, 0x78, 0xBC, 0x8E, 0xE8, 0x58, 0x0C, 0xEF, 0xE2, 0x43,
299 0x96, 0x8C, 0xFC, 0x4F, 0x8D, 0xC3, 0xDB, 0x08, 0x45, 0x54, 0x17, 0x1D,
300 0x41, 0xBF, 0x2E, 0x86, 0x1B, 0x7B, 0xB4, 0xD6, 0x9D, 0xD0, 0xE0, 0x1E,
301 0xA3, 0x87, 0xCB, 0xAA, 0x5C, 0xA6, 0x72, 0xAF, 0xCB, 0xE8, 0xBD, 0xB9,
302 0xD6, 0x2D, 0x4C, 0xE1, 0x5F, 0x17, 0xDD, 0x36, 0xF9, 0x1E, 0xD1, 0xEE,
303 0xDD, 0x65, 0xCA, 0x4A, 0x06, 0x45, 0x5C, 0xB9, 0x4C, 0xD4, 0x0A, 0x52,
304 0xEC, 0x36, 0x0E, 0x84, 0xB3, 0xC9, 0x26, 0xE2, 0x2C, 0x43, 0x80, 0xA3,
305 0xBF, 0x30, 0x9D, 0x56, 0x84, 0x97, 0x68, 0xB7, 0xF5, 0x2C, 0xFD, 0xF6,
306 0x55, 0xFD, 0x05, 0x3A, 0x7E, 0xF7, 0x06, 0x97, 0x9E, 0x7E, 0x58, 0x06,
307 0xB1, 0x7D, 0xFA, 0xE5, 0x3A, 0xD2, 0xA5, 0xBC, 0x56, 0x8E, 0xBB, 0x52,
308 0x9A, 0x7A, 0x61, 0xD6, 0x8D, 0x25, 0x6F, 0x8F, 0xC9, 0x7C, 0x07, 0x4A,
309 0x86, 0x1D, 0x82, 0x7E, 0x2E, 0xBC, 0x8C, 0x61, 0x34, 0x55, 0x31, 0x15,
310 0xB7, 0x0E, 0x71, 0x03, 0x92, 0x0A, 0xA1, 0x6D, 0x85, 0xE5, 0x2B, 0xCB,
311 0xAB, 0x8D, 0x78, 0x6A, 0x68, 0x17, 0x8F, 0xA8, 0xFF, 0x7C, 0x2F, 0x5C,
312 0x71, 0x64, 0x8D, 0x6F
313 };
314
315 static const unsigned char dhtest_2048_224_xB[] = {
316 0x4F, 0xF3, 0xBC, 0x96, 0xC7, 0xFC, 0x6A, 0x6D, 0x71, 0xD3, 0xB3, 0x63,
317 0x80, 0x0A, 0x7C, 0xDF, 0xEF, 0x6F, 0xC4, 0x1B, 0x44, 0x17, 0xEA, 0x15,
318 0x35, 0x3B, 0x75, 0x90
319 };
320
321 static const unsigned char dhtest_2048_224_yB[] = {
322 0x4D, 0xCE, 0xE9, 0x92, 0xA9, 0x76, 0x2A, 0x13, 0xF2, 0xF8, 0x38, 0x44,
323 0xAD, 0x3D, 0x77, 0xEE, 0x0E, 0x31, 0xC9, 0x71, 0x8B, 0x3D, 0xB6, 0xC2,
324 0x03, 0x5D, 0x39, 0x61, 0x18, 0x2C, 0x3E, 0x0B, 0xA2, 0x47, 0xEC, 0x41,
325 0x82, 0xD7, 0x60, 0xCD, 0x48, 0xD9, 0x95, 0x99, 0x97, 0x06, 0x22, 0xA1,
326 0x88, 0x1B, 0xBA, 0x2D, 0xC8, 0x22, 0x93, 0x9C, 0x78, 0xC3, 0x91, 0x2C,
327 0x66, 0x61, 0xFA, 0x54, 0x38, 0xB2, 0x07, 0x66, 0x22, 0x2B, 0x75, 0xE2,
328 0x4C, 0x2E, 0x3A, 0xD0, 0xC7, 0x28, 0x72, 0x36, 0x12, 0x95, 0x25, 0xEE,
329 0x15, 0xB5, 0xDD, 0x79, 0x98, 0xAA, 0x04, 0xC4, 0xA9, 0x69, 0x6C, 0xAC,
330 0xD7, 0x17, 0x20, 0x83, 0xA9, 0x7A, 0x81, 0x66, 0x4E, 0xAD, 0x2C, 0x47,
331 0x9E, 0x44, 0x4E, 0x4C, 0x06, 0x54, 0xCC, 0x19, 0xE2, 0x8D, 0x77, 0x03,
332 0xCE, 0xE8, 0xDA, 0xCD, 0x61, 0x26, 0xF5, 0xD6, 0x65, 0xEC, 0x52, 0xC6,
333 0x72, 0x55, 0xDB, 0x92, 0x01, 0x4B, 0x03, 0x7E, 0xB6, 0x21, 0xA2, 0xAC,
334 0x8E, 0x36, 0x5D, 0xE0, 0x71, 0xFF, 0xC1, 0x40, 0x0A, 0xCF, 0x07, 0x7A,
335 0x12, 0x91, 0x3D, 0xD8, 0xDE, 0x89, 0x47, 0x34, 0x37, 0xAB, 0x7B, 0xA3,
336 0x46, 0x74, 0x3C, 0x1B, 0x21, 0x5D, 0xD9, 0xC1, 0x21, 0x64, 0xA7, 0xE4,
337 0x05, 0x31, 0x18, 0xD1, 0x99, 0xBE, 0xC8, 0xEF, 0x6F, 0xC5, 0x61, 0x17,
338 0x0C, 0x84, 0xC8, 0x7D, 0x10, 0xEE, 0x9A, 0x67, 0x4A, 0x1F, 0xA8, 0xFF,
339 0xE1, 0x3B, 0xDF, 0xBA, 0x1D, 0x44, 0xDE, 0x48, 0x94, 0x6D, 0x68, 0xDC,
340 0x0C, 0xDD, 0x77, 0x76, 0x35, 0xA7, 0xAB, 0x5B, 0xFB, 0x1E, 0x4B, 0xB7,
341 0xB8, 0x56, 0xF9, 0x68, 0x27, 0x73, 0x4C, 0x18, 0x41, 0x38, 0xE9, 0x15,
342 0xD9, 0xC3, 0x00, 0x2E, 0xBC, 0xE5, 0x31, 0x20, 0x54, 0x6A, 0x7E, 0x20,
343 0x02, 0x14, 0x2B, 0x6C
344 };
345
346 static const unsigned char dhtest_2048_224_Z[] = {
347 0x34, 0xD9, 0xBD, 0xDC, 0x1B, 0x42, 0x17, 0x6C, 0x31, 0x3F, 0xEA, 0x03,
348 0x4C, 0x21, 0x03, 0x4D, 0x07, 0x4A, 0x63, 0x13, 0xBB, 0x4E, 0xCD, 0xB3,
349 0x70, 0x3F, 0xFF, 0x42, 0x45, 0x67, 0xA4, 0x6B, 0xDF, 0x75, 0x53, 0x0E,
350 0xDE, 0x0A, 0x9D, 0xA5, 0x22, 0x9D, 0xE7, 0xD7, 0x67, 0x32, 0x28, 0x6C,
351 0xBC, 0x0F, 0x91, 0xDA, 0x4C, 0x3C, 0x85, 0x2F, 0xC0, 0x99, 0xC6, 0x79,
352 0x53, 0x1D, 0x94, 0xC7, 0x8A, 0xB0, 0x3D, 0x9D, 0xEC, 0xB0, 0xA4, 0xE4,
353 0xCA, 0x8B, 0x2B, 0xB4, 0x59, 0x1C, 0x40, 0x21, 0xCF, 0x8C, 0xE3, 0xA2,
354 0x0A, 0x54, 0x1D, 0x33, 0x99, 0x40, 0x17, 0xD0, 0x20, 0x0A, 0xE2, 0xC9,
355 0x51, 0x6E, 0x2F, 0xF5, 0x14, 0x57, 0x79, 0x26, 0x9E, 0x86, 0x2B, 0x0F,
356 0xB4, 0x74, 0xA2, 0xD5, 0x6D, 0xC3, 0x1E, 0xD5, 0x69, 0xA7, 0x70, 0x0B,
357 0x4C, 0x4A, 0xB1, 0x6B, 0x22, 0xA4, 0x55, 0x13, 0x53, 0x1E, 0xF5, 0x23,
358 0xD7, 0x12, 0x12, 0x07, 0x7B, 0x5A, 0x16, 0x9B, 0xDE, 0xFF, 0xAD, 0x7A,
359 0xD9, 0x60, 0x82, 0x84, 0xC7, 0x79, 0x5B, 0x6D, 0x5A, 0x51, 0x83, 0xB8,
360 0x70, 0x66, 0xDE, 0x17, 0xD8, 0xD6, 0x71, 0xC9, 0xEB, 0xD8, 0xEC, 0x89,
361 0x54, 0x4D, 0x45, 0xEC, 0x06, 0x15, 0x93, 0xD4, 0x42, 0xC6, 0x2A, 0xB9,
362 0xCE, 0x3B, 0x1C, 0xB9, 0x94, 0x3A, 0x1D, 0x23, 0xA5, 0xEA, 0x3B, 0xCF,
363 0x21, 0xA0, 0x14, 0x71, 0xE6, 0x7E, 0x00, 0x3E, 0x7F, 0x8A, 0x69, 0xC7,
364 0x28, 0xBE, 0x49, 0x0B, 0x2F, 0xC8, 0x8C, 0xFE, 0xB9, 0x2D, 0xB6, 0xA2,
365 0x15, 0xE5, 0xD0, 0x3C, 0x17, 0xC4, 0x64, 0xC9, 0xAC, 0x1A, 0x46, 0xE2,
366 0x03, 0xE1, 0x3F, 0x95, 0x29, 0x95, 0xFB, 0x03, 0xC6, 0x9D, 0x3C, 0xC4,
367 0x7F, 0xCB, 0x51, 0x0B, 0x69, 0x98, 0xFF, 0xD3, 0xAA, 0x6D, 0xE7, 0x3C,
368 0xF9, 0xF6, 0x38, 0x69
369 };
370
371 static const unsigned char dhtest_2048_256_xA[] = {
372 0x08, 0x81, 0x38, 0x2C, 0xDB, 0x87, 0x66, 0x0C, 0x6D, 0xC1, 0x3E, 0x61,
373 0x49, 0x38, 0xD5, 0xB9, 0xC8, 0xB2, 0xF2, 0x48, 0x58, 0x1C, 0xC5, 0xE3,
374 0x1B, 0x35, 0x45, 0x43, 0x97, 0xFC, 0xE5, 0x0E
375 };
376
377 static const unsigned char dhtest_2048_256_yA[] = {
378 0x2E, 0x93, 0x80, 0xC8, 0x32, 0x3A, 0xF9, 0x75, 0x45, 0xBC, 0x49, 0x41,
379 0xDE, 0xB0, 0xEC, 0x37, 0x42, 0xC6, 0x2F, 0xE0, 0xEC, 0xE8, 0x24, 0xA6,
380 0xAB, 0xDB, 0xE6, 0x6C, 0x59, 0xBE, 0xE0, 0x24, 0x29, 0x11, 0xBF, 0xB9,
381 0x67, 0x23, 0x5C, 0xEB, 0xA3, 0x5A, 0xE1, 0x3E, 0x4E, 0xC7, 0x52, 0xBE,
382 0x63, 0x0B, 0x92, 0xDC, 0x4B, 0xDE, 0x28, 0x47, 0xA9, 0xC6, 0x2C, 0xB8,
383 0x15, 0x27, 0x45, 0x42, 0x1F, 0xB7, 0xEB, 0x60, 0xA6, 0x3C, 0x0F, 0xE9,
384 0x15, 0x9F, 0xCC, 0xE7, 0x26, 0xCE, 0x7C, 0xD8, 0x52, 0x3D, 0x74, 0x50,
385 0x66, 0x7E, 0xF8, 0x40, 0xE4, 0x91, 0x91, 0x21, 0xEB, 0x5F, 0x01, 0xC8,
386 0xC9, 0xB0, 0xD3, 0xD6, 0x48, 0xA9, 0x3B, 0xFB, 0x75, 0x68, 0x9E, 0x82,
387 0x44, 0xAC, 0x13, 0x4A, 0xF5, 0x44, 0x71, 0x1C, 0xE7, 0x9A, 0x02, 0xDC,
388 0xC3, 0x42, 0x26, 0x68, 0x47, 0x80, 0xDD, 0xDC, 0xB4, 0x98, 0x59, 0x41,
389 0x06, 0xC3, 0x7F, 0x5B, 0xC7, 0x98, 0x56, 0x48, 0x7A, 0xF5, 0xAB, 0x02,
390 0x2A, 0x2E, 0x5E, 0x42, 0xF0, 0x98, 0x97, 0xC1, 0xA8, 0x5A, 0x11, 0xEA,
391 0x02, 0x12, 0xAF, 0x04, 0xD9, 0xB4, 0xCE, 0xBC, 0x93, 0x7C, 0x3C, 0x1A,
392 0x3E, 0x15, 0xA8, 0xA0, 0x34, 0x2E, 0x33, 0x76, 0x15, 0xC8, 0x4E, 0x7F,
393 0xE3, 0xB8, 0xB9, 0xB8, 0x7F, 0xB1, 0xE7, 0x3A, 0x15, 0xAF, 0x12, 0xA3,
394 0x0D, 0x74, 0x6E, 0x06, 0xDF, 0xC3, 0x4F, 0x29, 0x0D, 0x79, 0x7C, 0xE5,
395 0x1A, 0xA1, 0x3A, 0xA7, 0x85, 0xBF, 0x66, 0x58, 0xAF, 0xF5, 0xE4, 0xB0,
396 0x93, 0x00, 0x3C, 0xBE, 0xAF, 0x66, 0x5B, 0x3C, 0x2E, 0x11, 0x3A, 0x3A,
397 0x4E, 0x90, 0x52, 0x69, 0x34, 0x1D, 0xC0, 0x71, 0x14, 0x26, 0x68, 0x5F,
398 0x4E, 0xF3, 0x7E, 0x86, 0x8A, 0x81, 0x26, 0xFF, 0x3F, 0x22, 0x79, 0xB5,
399 0x7C, 0xA6, 0x7E, 0x29
400 };
401
402 static const unsigned char dhtest_2048_256_xB[] = {
403 0x7D, 0x62, 0xA7, 0xE3, 0xEF, 0x36, 0xDE, 0x61, 0x7B, 0x13, 0xD1, 0xAF,
404 0xB8, 0x2C, 0x78, 0x0D, 0x83, 0xA2, 0x3B, 0xD4, 0xEE, 0x67, 0x05, 0x64,
405 0x51, 0x21, 0xF3, 0x71, 0xF5, 0x46, 0xA5, 0x3D
406 };
407
408 static const unsigned char dhtest_2048_256_yB[] = {
409 0x57, 0x5F, 0x03, 0x51, 0xBD, 0x2B, 0x1B, 0x81, 0x74, 0x48, 0xBD, 0xF8,
410 0x7A, 0x6C, 0x36, 0x2C, 0x1E, 0x28, 0x9D, 0x39, 0x03, 0xA3, 0x0B, 0x98,
411 0x32, 0xC5, 0x74, 0x1F, 0xA2, 0x50, 0x36, 0x3E, 0x7A, 0xCB, 0xC7, 0xF7,
412 0x7F, 0x3D, 0xAC, 0xBC, 0x1F, 0x13, 0x1A, 0xDD, 0x8E, 0x03, 0x36, 0x7E,
413 0xFF, 0x8F, 0xBB, 0xB3, 0xE1, 0xC5, 0x78, 0x44, 0x24, 0x80, 0x9B, 0x25,
414 0xAF, 0xE4, 0xD2, 0x26, 0x2A, 0x1A, 0x6F, 0xD2, 0xFA, 0xB6, 0x41, 0x05,
415 0xCA, 0x30, 0xA6, 0x74, 0xE0, 0x7F, 0x78, 0x09, 0x85, 0x20, 0x88, 0x63,
416 0x2F, 0xC0, 0x49, 0x23, 0x37, 0x91, 0xAD, 0x4E, 0xDD, 0x08, 0x3A, 0x97,
417 0x8B, 0x88, 0x3E, 0xE6, 0x18, 0xBC, 0x5E, 0x0D, 0xD0, 0x47, 0x41, 0x5F,
418 0x2D, 0x95, 0xE6, 0x83, 0xCF, 0x14, 0x82, 0x6B, 0x5F, 0xBE, 0x10, 0xD3,
419 0xCE, 0x41, 0xC6, 0xC1, 0x20, 0xC7, 0x8A, 0xB2, 0x00, 0x08, 0xC6, 0x98,
420 0xBF, 0x7F, 0x0B, 0xCA, 0xB9, 0xD7, 0xF4, 0x07, 0xBE, 0xD0, 0xF4, 0x3A,
421 0xFB, 0x29, 0x70, 0xF5, 0x7F, 0x8D, 0x12, 0x04, 0x39, 0x63, 0xE6, 0x6D,
422 0xDD, 0x32, 0x0D, 0x59, 0x9A, 0xD9, 0x93, 0x6C, 0x8F, 0x44, 0x13, 0x7C,
423 0x08, 0xB1, 0x80, 0xEC, 0x5E, 0x98, 0x5C, 0xEB, 0xE1, 0x86, 0xF3, 0xD5,
424 0x49, 0x67, 0x7E, 0x80, 0x60, 0x73, 0x31, 0xEE, 0x17, 0xAF, 0x33, 0x80,
425 0xA7, 0x25, 0xB0, 0x78, 0x23, 0x17, 0xD7, 0xDD, 0x43, 0xF5, 0x9D, 0x7A,
426 0xF9, 0x56, 0x8A, 0x9B, 0xB6, 0x3A, 0x84, 0xD3, 0x65, 0xF9, 0x22, 0x44,
427 0xED, 0x12, 0x09, 0x88, 0x21, 0x93, 0x02, 0xF4, 0x29, 0x24, 0xC7, 0xCA,
428 0x90, 0xB8, 0x9D, 0x24, 0xF7, 0x1B, 0x0A, 0xB6, 0x97, 0x82, 0x3D, 0x7D,
429 0xEB, 0x1A, 0xFF, 0x5B, 0x0E, 0x8E, 0x4A, 0x45, 0xD4, 0x9F, 0x7F, 0x53,
430 0x75, 0x7E, 0x19, 0x13
431 };
432
433 static const unsigned char dhtest_2048_256_Z[] = {
434 0x86, 0xC7, 0x0B, 0xF8, 0xD0, 0xBB, 0x81, 0xBB, 0x01, 0x07, 0x8A, 0x17,
435 0x21, 0x9C, 0xB7, 0xD2, 0x72, 0x03, 0xDB, 0x2A, 0x19, 0xC8, 0x77, 0xF1,
436 0xD1, 0xF1, 0x9F, 0xD7, 0xD7, 0x7E, 0xF2, 0x25, 0x46, 0xA6, 0x8F, 0x00,
437 0x5A, 0xD5, 0x2D, 0xC8, 0x45, 0x53, 0xB7, 0x8F, 0xC6, 0x03, 0x30, 0xBE,
438 0x51, 0xEA, 0x7C, 0x06, 0x72, 0xCA, 0xC1, 0x51, 0x5E, 0x4B, 0x35, 0xC0,
439 0x47, 0xB9, 0xA5, 0x51, 0xB8, 0x8F, 0x39, 0xDC, 0x26, 0xDA, 0x14, 0xA0,
440 0x9E, 0xF7, 0x47, 0x74, 0xD4, 0x7C, 0x76, 0x2D, 0xD1, 0x77, 0xF9, 0xED,
441 0x5B, 0xC2, 0xF1, 0x1E, 0x52, 0xC8, 0x79, 0xBD, 0x95, 0x09, 0x85, 0x04,
442 0xCD, 0x9E, 0xEC, 0xD8, 0xA8, 0xF9, 0xB3, 0xEF, 0xBD, 0x1F, 0x00, 0x8A,
443 0xC5, 0x85, 0x30, 0x97, 0xD9, 0xD1, 0x83, 0x7F, 0x2B, 0x18, 0xF7, 0x7C,
444 0xD7, 0xBE, 0x01, 0xAF, 0x80, 0xA7, 0xC7, 0xB5, 0xEA, 0x3C, 0xA5, 0x4C,
445 0xC0, 0x2D, 0x0C, 0x11, 0x6F, 0xEE, 0x3F, 0x95, 0xBB, 0x87, 0x39, 0x93,
446 0x85, 0x87, 0x5D, 0x7E, 0x86, 0x74, 0x7E, 0x67, 0x6E, 0x72, 0x89, 0x38,
447 0xAC, 0xBF, 0xF7, 0x09, 0x8E, 0x05, 0xBE, 0x4D, 0xCF, 0xB2, 0x40, 0x52,
448 0xB8, 0x3A, 0xEF, 0xFB, 0x14, 0x78, 0x3F, 0x02, 0x9A, 0xDB, 0xDE, 0x7F,
449 0x53, 0xFA, 0xE9, 0x20, 0x84, 0x22, 0x40, 0x90, 0xE0, 0x07, 0xCE, 0xE9,
450 0x4D, 0x4B, 0xF2, 0xBA, 0xCE, 0x9F, 0xFD, 0x4B, 0x57, 0xD2, 0xAF, 0x7C,
451 0x72, 0x4D, 0x0C, 0xAA, 0x19, 0xBF, 0x05, 0x01, 0xF6, 0xF1, 0x7B, 0x4A,
452 0xA1, 0x0F, 0x42, 0x5E, 0x3E, 0xA7, 0x60, 0x80, 0xB4, 0xB9, 0xD6, 0xB3,
453 0xCE, 0xFE, 0xA1, 0x15, 0xB2, 0xCE, 0xB8, 0x78, 0x9B, 0xB8, 0xA3, 0xB0,
454 0xEA, 0x87, 0xFE, 0xBE, 0x63, 0xB6, 0xC8, 0xF8, 0x46, 0xEC, 0x6D, 0xB0,
455 0xC2, 0x6C, 0x5D, 0x7C
456 };
457
458 static const unsigned char dhtest_rfc5114_2048_224_bad_y[] = {
459 0x45, 0x32, 0x5F, 0x51, 0x07, 0xE5, 0xDF, 0x1C, 0xD6, 0x02, 0x82, 0xB3,
460 0x32, 0x8F, 0xA4, 0x0F, 0x87, 0xB8, 0x41, 0xFE, 0xB9, 0x35, 0xDE, 0xAD,
461 0xC6, 0x26, 0x85, 0xB4, 0xFF, 0x94, 0x8C, 0x12, 0x4C, 0xBF, 0x5B, 0x20,
462 0xC4, 0x46, 0xA3, 0x26, 0xEB, 0xA4, 0x25, 0xB7, 0x68, 0x8E, 0xCC, 0x67,
463 0xBA, 0xEA, 0x58, 0xD0, 0xF2, 0xE9, 0xD2, 0x24, 0x72, 0x60, 0xDA, 0x88,
464 0x18, 0x9C, 0xE0, 0x31, 0x6A, 0xAD, 0x50, 0x6D, 0x94, 0x35, 0x8B, 0x83,
465 0x4A, 0x6E, 0xFA, 0x48, 0x73, 0x0F, 0x83, 0x87, 0xFF, 0x6B, 0x66, 0x1F,
466 0xA8, 0x82, 0xC6, 0x01, 0xE5, 0x80, 0xB5, 0xB0, 0x52, 0xD0, 0xE9, 0xD8,
467 0x72, 0xF9, 0x7D, 0x5B, 0x8B, 0xA5, 0x4C, 0xA5, 0x25, 0x95, 0x74, 0xE2,
468 0x7A, 0x61, 0x4E, 0xA7, 0x8F, 0x12, 0xE2, 0xD2, 0x9D, 0x8C, 0x02, 0x70,
469 0x34, 0x44, 0x32, 0xC7, 0xB2, 0xF3, 0xB9, 0xFE, 0x17, 0x2B, 0xD6, 0x1F,
470 0x8B, 0x7E, 0x4A, 0xFA, 0xA3, 0xB5, 0x3E, 0x7A, 0x81, 0x9A, 0x33, 0x66,
471 0x62, 0xA4, 0x50, 0x18, 0x3E, 0xA2, 0x5F, 0x00, 0x07, 0xD8, 0x9B, 0x22,
472 0xE4, 0xEC, 0x84, 0xD5, 0xEB, 0x5A, 0xF3, 0x2A, 0x31, 0x23, 0xD8, 0x44,
473 0x22, 0x2A, 0x8B, 0x37, 0x44, 0xCC, 0xC6, 0x87, 0x4B, 0xBE, 0x50, 0x9D,
474 0x4A, 0xC4, 0x8E, 0x45, 0xCF, 0x72, 0x4D, 0xC0, 0x89, 0xB3, 0x72, 0xED,
475 0x33, 0x2C, 0xBC, 0x7F, 0x16, 0x39, 0x3B, 0xEB, 0xD2, 0xDD, 0xA8, 0x01,
476 0x73, 0x84, 0x62, 0xB9, 0x29, 0xD2, 0xC9, 0x51, 0x32, 0x9E, 0x7A, 0x6A,
477 0xCF, 0xC1, 0x0A, 0xDB, 0x0E, 0xE0, 0x62, 0x77, 0x6F, 0x59, 0x62, 0x72,
478 0x5A, 0x69, 0xA6, 0x5B, 0x70, 0xCA, 0x65, 0xC4, 0x95, 0x6F, 0x9A, 0xC2,
479 0xDF, 0x72, 0x6D, 0xB1, 0x1E, 0x54, 0x7B, 0x51, 0xB4, 0xEF, 0x7F, 0x89,
480 0x93, 0x74, 0x89, 0x59
481 };
482
483 typedef struct {
484 DH *(*get_param) (void);
485 const unsigned char *xA;
486 size_t xA_len;
487 const unsigned char *yA;
488 size_t yA_len;
489 const unsigned char *xB;
490 size_t xB_len;
491 const unsigned char *yB;
492 size_t yB_len;
493 const unsigned char *Z;
494 size_t Z_len;
495 } rfc5114_td;
496
497 # define make_rfc5114_td(pre) { \
498 DH_get_##pre, \
499 dhtest_##pre##_xA, sizeof(dhtest_##pre##_xA), \
500 dhtest_##pre##_yA, sizeof(dhtest_##pre##_yA), \
501 dhtest_##pre##_xB, sizeof(dhtest_##pre##_xB), \
502 dhtest_##pre##_yB, sizeof(dhtest_##pre##_yB), \
503 dhtest_##pre##_Z, sizeof(dhtest_##pre##_Z) \
504 }
505
506 static const rfc5114_td rfctd[] = {
507 make_rfc5114_td(1024_160),
508 make_rfc5114_td(2048_224),
509 make_rfc5114_td(2048_256)
510 };
511
512 static int rfc5114_test(void)
513 {
514 int i;
515 DH *dhA = NULL;
516 DH *dhB = NULL;
517 unsigned char *Z1 = NULL;
518 unsigned char *Z2 = NULL;
519 const rfc5114_td *td = NULL;
520 BIGNUM *bady = NULL, *priv_key = NULL, *pub_key = NULL;
521 const BIGNUM *pub_key_tmp;
522
523 for (i = 0; i < (int)OSSL_NELEM(rfctd); i++) {
524 td = rfctd + i;
525 /* Set up DH structures setting key components */
526 if (!TEST_ptr(dhA = td->get_param())
527 || !TEST_ptr(dhB = td->get_param()))
528 goto bad_err;
529
530 if (!TEST_ptr(priv_key = BN_bin2bn(td->xA, td->xA_len, NULL))
531 || !TEST_ptr(pub_key = BN_bin2bn(td->yA, td->yA_len, NULL))
532 || !TEST_true(DH_set0_key(dhA, pub_key, priv_key)))
533 goto bad_err;
534
535 if (!TEST_ptr(priv_key = BN_bin2bn(td->xB, td->xB_len, NULL))
536 || !TEST_ptr(pub_key = BN_bin2bn(td->yB, td->yB_len, NULL))
537 || !TEST_true( DH_set0_key(dhB, pub_key, priv_key)))
538 goto bad_err;
539 priv_key = pub_key = NULL;
540
541 if (!TEST_uint_eq(td->Z_len, (size_t)DH_size(dhA))
542 || !TEST_uint_eq(td->Z_len, (size_t)DH_size(dhB)))
543 goto err;
544
545 if (!TEST_ptr(Z1 = OPENSSL_malloc(DH_size(dhA)))
546 || !TEST_ptr(Z2 = OPENSSL_malloc(DH_size(dhB))))
547 goto bad_err;
548 /*
549 * Work out shared secrets using both sides and compare with expected
550 * values.
551 */
552 DH_get0_key(dhB, &pub_key_tmp, NULL);
553 if (!TEST_int_ne(DH_compute_key(Z1, pub_key_tmp, dhA), -1))
554 goto bad_err;
555
556 DH_get0_key(dhA, &pub_key_tmp, NULL);
557 if (!TEST_int_ne(DH_compute_key(Z2, pub_key_tmp, dhB), -1))
558 goto bad_err;
559
560 if (!TEST_mem_eq(Z1, td->Z_len, td->Z, td->Z_len)
561 || !TEST_mem_eq(Z2, td->Z_len, td->Z, td->Z_len))
562 goto err;
563
564 DH_free(dhA);
565 dhA = NULL;
566 DH_free(dhB);
567 dhB = NULL;
568 OPENSSL_free(Z1);
569 Z1 = NULL;
570 OPENSSL_free(Z2);
571 Z2 = NULL;
572 }
573
574 /* Now i == OSSL_NELEM(rfctd) */
575 /* RFC5114 uses unsafe primes, so now test an invalid y value */
576 if (!TEST_ptr(dhA = DH_get_2048_224())
577 || !TEST_ptr(Z1 = OPENSSL_malloc(DH_size(dhA))))
578 goto bad_err;
579
580 if (!TEST_ptr(bady = BN_bin2bn(dhtest_rfc5114_2048_224_bad_y,
581 sizeof(dhtest_rfc5114_2048_224_bad_y),
582 NULL)))
583 goto bad_err;
584
585 if (!DH_generate_key(dhA))
586 goto bad_err;
587
588 if (DH_compute_key(Z1, bady, dhA) != -1) {
589 /*
590 * DH_compute_key should fail with -1. If we get here we unexpectedly
591 * allowed an invalid y value
592 */
593 goto err;
594 }
595 /* We'll have a stale error on the queue from the above test so clear it */
596 ERR_clear_error();
597 BN_free(bady);
598 DH_free(dhA);
599 OPENSSL_free(Z1);
600 return 1;
601
602 bad_err:
603 BN_free(bady);
604 DH_free(dhA);
605 DH_free(dhB);
606 BN_free(pub_key);
607 BN_free(priv_key);
608 OPENSSL_free(Z1);
609 OPENSSL_free(Z2);
610 TEST_error("Initialisation error RFC5114 set %d\n", i + 1);
611 return 0;
612
613 err:
614 BN_free(bady);
615 DH_free(dhA);
616 DH_free(dhB);
617 OPENSSL_free(Z1);
618 OPENSSL_free(Z2);
619 TEST_error("Test failed RFC5114 set %d\n", i + 1);
620 return 0;
621 }
622
623 static int rfc7919_test(void)
624 {
625 DH *a = NULL, *b = NULL;
626 const BIGNUM *apub_key = NULL, *bpub_key = NULL;
627 unsigned char *abuf = NULL;
628 unsigned char *bbuf = NULL;
629 int i, alen, blen, aout, bout;
630 int ret = 0;
631
632 if (!TEST_ptr(a = DH_new_by_nid(NID_ffdhe2048)))
633 goto err;
634
635 if (!DH_check(a, &i))
636 goto err;
637 if (!TEST_false(i & DH_CHECK_P_NOT_PRIME)
638 || !TEST_false(i & DH_CHECK_P_NOT_SAFE_PRIME)
639 || !TEST_false(i & DH_UNABLE_TO_CHECK_GENERATOR)
640 || !TEST_false(i & DH_NOT_SUITABLE_GENERATOR)
641 || !TEST_false(i))
642 goto err;
643
644 if (!DH_generate_key(a))
645 goto err;
646 DH_get0_key(a, &apub_key, NULL);
647
648 /* now create another copy of the DH group for the peer */
649 if (!TEST_ptr(b = DH_new_by_nid(NID_ffdhe2048)))
650 goto err;
651
652 if (!DH_generate_key(b))
653 goto err;
654 DH_get0_key(b, &bpub_key, NULL);
655
656 alen = DH_size(a);
657 if (!TEST_ptr(abuf = OPENSSL_malloc(alen))
658 || !TEST_true((aout = DH_compute_key(abuf, bpub_key, a)) != -1))
659 goto err;
660
661 blen = DH_size(b);
662 if (!TEST_ptr(bbuf = OPENSSL_malloc(blen))
663 || !TEST_true((bout = DH_compute_key(bbuf, apub_key, b)) != -1))
664 goto err;
665
666 if (!TEST_true(aout >= 20)
667 || !TEST_mem_eq(abuf, aout, bbuf, bout))
668 goto err;
669
670 ret = 1;
671
672 err:
673 OPENSSL_free(abuf);
674 OPENSSL_free(bbuf);
675 DH_free(a);
676 DH_free(b);
677 return ret;
678 }
679
680 static int prime_groups[] = {
681 NID_ffdhe2048,
682 NID_ffdhe3072,
683 NID_ffdhe4096,
684 NID_ffdhe6144,
685 NID_ffdhe8192,
686 NID_modp_2048,
687 NID_modp_3072,
688 NID_modp_4096,
689 NID_modp_6144,
690 };
691
692 static int dh_test_prime_groups(int index)
693 {
694 int ok = 0;
695 DH *dh = NULL;
696 const BIGNUM *p, *q, *g;
697
698 if (!TEST_ptr(dh = DH_new_by_nid(prime_groups[index])))
699 goto err;
700 DH_get0_pqg(dh, &p, &q, &g);
701 if (!TEST_ptr(p) || !TEST_ptr(q) || !TEST_ptr(g))
702 goto err;
703
704 if (!TEST_int_eq(DH_get_nid(dh), prime_groups[index]))
705 goto err;
706 ok = 1;
707 err:
708 DH_free(dh);
709 return ok;
710 }
711 #endif
712
713
714 int setup_tests(void)
715 {
716 #ifdef OPENSSL_NO_DH
717 TEST_note("No DH support");
718 #else
719 ADD_TEST(dh_test);
720 ADD_TEST(rfc5114_test);
721 ADD_TEST(rfc7919_test);
722 ADD_ALL_TESTS(dh_test_prime_groups, OSSL_NELEM(prime_groups));
723 #endif
724 return 1;
725 }
A mirror of the official openssl repository