[thirdparty/openssl.git] / test / dsatest.c

/*
 * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

/*
 * DSA low level APIs are deprecated for public use, but still ok for
 * internal use.
 */
#include "internal/deprecated.h"

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/types.h>
#include <sys/stat.h>

#include <openssl/crypto.h>
#include <openssl/rand.h>
#include <openssl/bn.h>
#include <openssl/dsa.h>
#include <openssl/evp.h>
#include <openssl/core_names.h>

#include "testutil.h"
#include "internal/nelem.h"

#ifndef OPENSSL_NO_DSA
static int dsa_cb(int p, int n, BN_GENCB *arg);

static int dsa_test(void)
{
    BN_GENCB *cb;
    DSA *dsa = NULL;
    int counter, ret = 0, i, j;
    unsigned char buf[256];
    unsigned long h;
    unsigned char sig[256];
    unsigned int siglen;
    const BIGNUM *p = NULL, *q = NULL, *g = NULL;
    /*
     * seed, out_p, out_q, out_g are taken from the updated Appendix 5 to FIPS
     * PUB 186 and also appear in Appendix 5 to FIPS PIB 186-1
     */
    static unsigned char seed[20] = {
        0xd5, 0x01, 0x4e, 0x4b, 0x60, 0xef, 0x2b, 0xa8,
        0xb6, 0x21, 0x1b, 0x40, 0x62, 0xba, 0x32, 0x24,
        0xe0, 0x42, 0x7d, 0xd3,
    };
    static unsigned char out_p[] = {
        0x8d, 0xf2, 0xa4, 0x94, 0x49, 0x22, 0x76, 0xaa,
        0x3d, 0x25, 0x75, 0x9b, 0xb0, 0x68, 0x69, 0xcb,
        0xea, 0xc0, 0xd8, 0x3a, 0xfb, 0x8d, 0x0c, 0xf7,
        0xcb, 0xb8, 0x32, 0x4f, 0x0d, 0x78, 0x82, 0xe5,
        0xd0, 0x76, 0x2f, 0xc5, 0xb7, 0x21, 0x0e, 0xaf,
        0xc2, 0xe9, 0xad, 0xac, 0x32, 0xab, 0x7a, 0xac,
        0x49, 0x69, 0x3d, 0xfb, 0xf8, 0x37, 0x24, 0xc2,
        0xec, 0x07, 0x36, 0xee, 0x31, 0xc8, 0x02, 0x91,
    };
    static unsigned char out_q[] = {
        0xc7, 0x73, 0x21, 0x8c, 0x73, 0x7e, 0xc8, 0xee,
        0x99, 0x3b, 0x4f, 0x2d, 0xed, 0x30, 0xf4, 0x8e,
        0xda, 0xce, 0x91, 0x5f,
    };
    static unsigned char out_g[] = {
        0x62, 0x6d, 0x02, 0x78, 0x39, 0xea, 0x0a, 0x13,
        0x41, 0x31, 0x63, 0xa5, 0x5b, 0x4c, 0xb5, 0x00,
        0x29, 0x9d, 0x55, 0x22, 0x95, 0x6c, 0xef, 0xcb,
        0x3b, 0xff, 0x10, 0xf3, 0x99, 0xce, 0x2c, 0x2e,
        0x71, 0xcb, 0x9d, 0xe5, 0xfa, 0x24, 0xba, 0xbf,
        0x58, 0xe5, 0xb7, 0x95, 0x21, 0x92, 0x5c, 0x9c,
        0xc4, 0x2e, 0x9f, 0x6f, 0x46, 0x4b, 0x08, 0x8c,
        0xc5, 0x72, 0xaf, 0x53, 0xe6, 0xd7, 0x88, 0x02,
    };
    static const unsigned char str1[] = "12345678901234567890";

    if (!TEST_ptr(cb = BN_GENCB_new()))
        goto end;

    BN_GENCB_set(cb, dsa_cb, NULL);
    if (!TEST_ptr(dsa = DSA_new())
        || !TEST_true(DSA_generate_parameters_ex(dsa, 512, seed, 20,
                                                &counter, &h, cb)))
        goto end;

    if (!TEST_int_eq(counter, 105))
        goto end;
    if (!TEST_int_eq(h, 2))
        goto end;

    DSA_get0_pqg(dsa, &p, &q, &g);
    i = BN_bn2bin(q, buf);
    j = sizeof(out_q);
    if (!TEST_int_eq(i, j) || !TEST_mem_eq(buf, i, out_q, i))
        goto end;

    i = BN_bn2bin(p, buf);
    j = sizeof(out_p);
    if (!TEST_int_eq(i, j) || !TEST_mem_eq(buf, i, out_p, i))
        goto end;

    i = BN_bn2bin(g, buf);
    j = sizeof(out_g);
    if (!TEST_int_eq(i, j) || !TEST_mem_eq(buf, i, out_g, i))
        goto end;

    if (!TEST_true(DSA_generate_key(dsa)))
        goto end;
    if (!TEST_true(DSA_sign(0, str1, 20, sig, &siglen, dsa)))
        goto end;
    if (TEST_int_gt(DSA_verify(0, str1, 20, sig, siglen, dsa), 0))
        ret = 1;

 end:
    DSA_free(dsa);
    BN_GENCB_free(cb);
    return ret;
}

static int dsa_cb(int p, int n, BN_GENCB *arg)
{
    static int ok = 0, num = 0;

    if (p == 0)
        num++;
    if (p == 2)
        ok++;

    if (!ok && (p == 0) && (num > 1)) {
        TEST_error("dsa_cb error");
        return 0;
    }
    return 1;
}

# define P      0
# define Q      1
# define G      2
# define SEED   3
# define PCOUNT 4
# define GINDEX 5
# define HCOUNT 6
# define GROUP  7

static int dsa_keygen_test(void)
{
    int ret = 0;
    EVP_PKEY *param_key = NULL, *key = NULL;
    EVP_PKEY_CTX *pg_ctx = NULL, *kg_ctx = NULL;
    BIGNUM *p_in = NULL, *q_in = NULL, *g_in = NULL;
    BIGNUM *p_out = NULL, *q_out = NULL, *g_out = NULL;
    int gindex_out = 0, pcount_out = 0, hcount_out = 0;
    unsigned char seed_out[32];
    char group_out[32];
    size_t len = 0;
    const OSSL_PARAM *settables = NULL;
    static const unsigned char seed_data[] = {
        0xa6, 0xf5, 0x28, 0x8c, 0x50, 0x77, 0xa5, 0x68,
        0x6d, 0x3a, 0xf5, 0xf1, 0xc6, 0x4c, 0xdc, 0x35,
        0x95, 0x26, 0x3f, 0x03, 0xdc, 0x00, 0x3f, 0x44,
        0x7b, 0x2a, 0xc7, 0x29
    };
    static const unsigned char expected_p[]= {
        0xdb, 0x47, 0x07, 0xaf, 0xf0, 0x06, 0x49, 0x55,
        0xc9, 0xbb, 0x09, 0x41, 0xb8, 0xdb, 0x1f, 0xbc,
        0xa8, 0xed, 0x12, 0x06, 0x7f, 0x88, 0x49, 0xb8,
        0xc9, 0x12, 0x87, 0x21, 0xbb, 0x08, 0x6c, 0xbd,
        0xf1, 0x89, 0xef, 0x84, 0xd9, 0x7a, 0x93, 0xe8,
        0x45, 0x40, 0x81, 0xec, 0x37, 0x27, 0x1a, 0xa4,
        0x22, 0x51, 0x99, 0xf0, 0xde, 0x04, 0xdb, 0xea,
        0xa1, 0xf9, 0x37, 0x83, 0x80, 0x96, 0x36, 0x53,
        0xf6, 0xae, 0x14, 0x73, 0x33, 0x0f, 0xdf, 0x0b,
        0xf9, 0x2f, 0x08, 0x46, 0x31, 0xf9, 0x66, 0xcd,
        0x5a, 0xeb, 0x6c, 0xf3, 0xbb, 0x74, 0xf3, 0x88,
        0xf0, 0x31, 0x5c, 0xa4, 0xc8, 0x0f, 0x86, 0xf3,
        0x0f, 0x9f, 0xc0, 0x8c, 0x57, 0xe4, 0x7f, 0x95,
        0xb3, 0x62, 0xc8, 0x4e, 0xae, 0xf3, 0xd8, 0x14,
        0xcc, 0x47, 0xc2, 0x4b, 0x4f, 0xef, 0xaf, 0xcd,
        0xcf, 0xb2, 0xbb, 0xe8, 0xbe, 0x08, 0xca, 0x15,
        0x90, 0x59, 0x35, 0xef, 0x35, 0x1c, 0xfe, 0xeb,
        0x33, 0x2e, 0x25, 0x22, 0x57, 0x9c, 0x55, 0x23,
        0x0c, 0x6f, 0xed, 0x7c, 0xb6, 0xc7, 0x36, 0x0b,
        0xcb, 0x2b, 0x6a, 0x21, 0xa1, 0x1d, 0x55, 0x77,
        0xd9, 0x91, 0xcd, 0xc1, 0xcd, 0x3d, 0x82, 0x16,
        0x9c, 0xa0, 0x13, 0xa5, 0x83, 0x55, 0x3a, 0x73,
        0x7e, 0x2c, 0x44, 0x3e, 0x70, 0x2e, 0x50, 0x91,
        0x6e, 0xca, 0x3b, 0xef, 0xff, 0x85, 0x35, 0x70,
        0xff, 0x61, 0x0c, 0xb1, 0xb2, 0xb7, 0x94, 0x6f,
        0x65, 0xa4, 0x57, 0x62, 0xef, 0x21, 0x83, 0x0f,
        0x3e, 0x71, 0xae, 0x7d, 0xe4, 0xad, 0xfb, 0xe3,
        0xdd, 0xd6, 0x03, 0xda, 0x9a, 0xd8, 0x8f, 0x2d,
        0xbb, 0x90, 0x87, 0xf8, 0xdb, 0xdc, 0xec, 0x71,
        0xf2, 0xdb, 0x0b, 0x8e, 0xfc, 0x1a, 0x7e, 0x79,
        0xb1, 0x1b, 0x0d, 0xfc, 0x70, 0xec, 0x85, 0xc2,
        0xc5, 0xba, 0xb9, 0x69, 0x3f, 0x88, 0xbc, 0xcb
    };
    static const unsigned char expected_q[]= {
        0x99, 0xb6, 0xa0, 0xee, 0xb3, 0xa6, 0x99, 0x1a,
        0xb6, 0x67, 0x8d, 0xc1, 0x2b, 0x9b, 0xce, 0x2b,
        0x01, 0x72, 0x5a, 0x65, 0x76, 0x3d, 0x93, 0x69,
        0xe2, 0x56, 0xae, 0xd7
    };
    static const unsigned char expected_g[]= {
        0x63, 0xf8, 0xb6, 0xee, 0x2a, 0x27, 0xaf, 0x4f,
        0x4c, 0xf6, 0x08, 0x28, 0x87, 0x4a, 0xe7, 0x1f,
        0x45, 0x46, 0x27, 0x52, 0x3b, 0x7f, 0x6f, 0xd2,
        0x29, 0xcb, 0xe8, 0x11, 0x19, 0x25, 0x35, 0x76,
        0x99, 0xcb, 0x4f, 0x1b, 0xe0, 0xed, 0x32, 0x9e,
        0x05, 0xb5, 0xbe, 0xd7, 0xf6, 0x5a, 0xb2, 0xf6,
        0x0e, 0x0c, 0x7e, 0xf5, 0xe1, 0x05, 0xfe, 0xda,
        0xaf, 0x0f, 0x27, 0x1e, 0x40, 0x2a, 0xf7, 0xa7,
        0x23, 0x49, 0x2c, 0xd9, 0x1b, 0x0a, 0xbe, 0xff,
        0xc7, 0x7c, 0x7d, 0x60, 0xca, 0xa3, 0x19, 0xc3,
        0xb7, 0xe4, 0x43, 0xb0, 0xf5, 0x75, 0x44, 0x90,
        0x46, 0x47, 0xb1, 0xa6, 0x48, 0x0b, 0x21, 0x8e,
        0xee, 0x75, 0xe6, 0x3d, 0xa7, 0xd3, 0x7b, 0x31,
        0xd1, 0xd2, 0x9d, 0xe2, 0x8a, 0xfc, 0x57, 0xfd,
        0x8a, 0x10, 0x31, 0xeb, 0x87, 0x36, 0x3f, 0x65,
        0x72, 0x23, 0x2c, 0xd3, 0xd6, 0x17, 0xa5, 0x62,
        0x58, 0x65, 0x57, 0x6a, 0xd4, 0xa8, 0xfe, 0xec,
        0x57, 0x76, 0x0c, 0xb1, 0x4c, 0x93, 0xed, 0xb0,
        0xb4, 0xf9, 0x45, 0xb3, 0x3e, 0xdd, 0x47, 0xf1,
        0xfb, 0x7d, 0x25, 0x79, 0x3d, 0xfc, 0xa7, 0x39,
        0x90, 0x68, 0x6a, 0x6b, 0xae, 0xf2, 0x6e, 0x64,
        0x8c, 0xfb, 0xb8, 0xdd, 0x76, 0x4e, 0x4a, 0x69,
        0x8c, 0x97, 0x15, 0x77, 0xb2, 0x67, 0xdc, 0xeb,
        0x4a, 0x40, 0x6b, 0xb9, 0x47, 0x8f, 0xa6, 0xab,
        0x6e, 0x98, 0xc0, 0x97, 0x9a, 0x0c, 0xea, 0x00,
        0xfd, 0x56, 0x1a, 0x74, 0x9a, 0x32, 0x6b, 0xfe,
        0xbd, 0xdf, 0x6c, 0x82, 0x54, 0x53, 0x4d, 0x70,
        0x65, 0xe3, 0x8b, 0x37, 0xb8, 0xe4, 0x70, 0x08,
        0xb7, 0x3b, 0x30, 0x27, 0xaf, 0x1c, 0x77, 0xf3,
        0x62, 0xd4, 0x9a, 0x59, 0xba, 0xd1, 0x6e, 0x89,
        0x5c, 0x34, 0x9a, 0xa1, 0xb7, 0x4f, 0x7d, 0x8c,
        0xdc, 0xbc, 0x74, 0x25, 0x5e, 0xbf, 0x77, 0x46
    };
    int expected_c = 1316;
    int expected_h = 2;

    if (!TEST_ptr(p_in = BN_bin2bn(expected_p, sizeof(expected_p), NULL))
        || !TEST_ptr(q_in = BN_bin2bn(expected_q, sizeof(expected_q), NULL))
        || !TEST_ptr(g_in = BN_bin2bn(expected_g, sizeof(expected_g), NULL)))
        goto end;
    if (!TEST_ptr(pg_ctx = EVP_PKEY_CTX_new_from_name(NULL, "DSA", NULL))
        || !TEST_int_gt(EVP_PKEY_paramgen_init(pg_ctx), 0)
        || !TEST_ptr_null(EVP_PKEY_CTX_gettable_params(pg_ctx))
        || !TEST_ptr(settables = EVP_PKEY_CTX_settable_params(pg_ctx))
        || !TEST_ptr(OSSL_PARAM_locate_const(settables,
                                             OSSL_PKEY_PARAM_FFC_PBITS))
        || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_type(pg_ctx, "fips186_4"))
        || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_bits(pg_ctx, 2048))
        || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_q_bits(pg_ctx, 224))
        || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_seed(pg_ctx, seed_data,
                                                         sizeof(seed_data)))
        || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_md_props(pg_ctx, "SHA256",
                                                             ""))
        || !TEST_int_gt(EVP_PKEY_generate(pg_ctx, &param_key), 0)
        || !TEST_ptr(kg_ctx = EVP_PKEY_CTX_new_from_pkey(NULL, param_key, NULL))
        || !TEST_int_gt(EVP_PKEY_keygen_init(kg_ctx), 0)
        || !TEST_int_gt(EVP_PKEY_generate(kg_ctx, &key), 0))
        goto end;

    if (!TEST_true(EVP_PKEY_get_bn_param(key, OSSL_PKEY_PARAM_FFC_P, &p_out))
        || !TEST_BN_eq(p_in, p_out)
        || !TEST_true(EVP_PKEY_get_bn_param(key, OSSL_PKEY_PARAM_FFC_Q, &q_out))
        || !TEST_BN_eq(q_in, q_out)
        || !TEST_true(EVP_PKEY_get_bn_param(key, OSSL_PKEY_PARAM_FFC_G, &g_out))
        || !TEST_BN_eq(g_in, g_out)
        || !TEST_true(EVP_PKEY_get_octet_string_param(
                          key, OSSL_PKEY_PARAM_FFC_SEED, seed_out,
                          sizeof(seed_out), &len))
        || !TEST_mem_eq(seed_out, len, seed_data, sizeof(seed_data))
        || !TEST_true(EVP_PKEY_get_int_param(key, OSSL_PKEY_PARAM_FFC_GINDEX,
                                             &gindex_out))
        || !TEST_int_eq(gindex_out, -1)
        || !TEST_true(EVP_PKEY_get_int_param(key, OSSL_PKEY_PARAM_FFC_H,
                                             &hcount_out))
        || !TEST_int_eq(hcount_out, expected_h)
        || !TEST_true(EVP_PKEY_get_int_param(key,
                                             OSSL_PKEY_PARAM_FFC_PCOUNTER,
                                             &pcount_out))
        || !TEST_int_eq(pcount_out, expected_c)
        || !TEST_false(EVP_PKEY_get_utf8_string_param(key,
                                                      OSSL_PKEY_PARAM_GROUP_NAME,
                                                      group_out,
                                                      sizeof(group_out), &len)))
        goto end;
    ret = 1;
end:
    BN_free(p_in);
    BN_free(q_in);
    BN_free(g_in);
    BN_free(p_out);
    BN_free(q_out);
    BN_free(g_out);
    EVP_PKEY_free(param_key);
    EVP_PKEY_free(key);
    EVP_PKEY_CTX_free(kg_ctx);
    EVP_PKEY_CTX_free(pg_ctx);
    return ret;
}

static int test_dsa_default_paramgen_validate(int i)
{
    int ret;
    EVP_PKEY_CTX *gen_ctx = NULL;
    EVP_PKEY_CTX *check_ctx = NULL;
    EVP_PKEY *params = NULL;

    ret = TEST_ptr(gen_ctx = EVP_PKEY_CTX_new_from_name(NULL, "DSA", NULL))
          && TEST_int_gt(EVP_PKEY_paramgen_init(gen_ctx), 0)
          && (i == 0
              || TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_bits(gen_ctx, 512)))
          && TEST_int_gt(EVP_PKEY_generate(gen_ctx, &params), 0)
          && TEST_ptr(check_ctx = EVP_PKEY_CTX_new_from_pkey(NULL, params, NULL))
          && TEST_int_gt(EVP_PKEY_param_check(check_ctx), 0);

    EVP_PKEY_free(params);
    EVP_PKEY_CTX_free(check_ctx);
    EVP_PKEY_CTX_free(gen_ctx);
    return ret;
}

#endif /* OPENSSL_NO_DSA */

int setup_tests(void)
{
#ifndef OPENSSL_NO_DSA
    ADD_TEST(dsa_test);
    ADD_TEST(dsa_keygen_test);
    ADD_ALL_TESTS(test_dsa_default_paramgen_validate, 2);
#endif
    return 1;
}
Commit	Line	Data
440e5d80	1	/*
3c2bdd7d	2	* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
d02b48c6	3	*
909f1a2e	4	* Licensed under the Apache License 2.0 (the "License"). You may not use
440e5d80 RS	5	* this file except in compliance with the License. You can obtain a copy
	6	* in the file LICENSE in the source distribution or at
	7	* https://www.openssl.org/source/license.html
d02b48c6 RE	8	*/
d02b48c6 RE	9
f41ac0ee P	10	/*
	11	* DSA low level APIs are deprecated for public use, but still ok for
	12	* internal use.
	13	*/
	14	#include "internal/deprecated.h"
	15
d02b48c6 RE	16	#include <stdio.h>
	17	#include <stdlib.h>
	18	#include <string.h>
	19	#include <sys/types.h>
	20	#include <sys/stat.h>
55f78baf	21
ec577822 BM	22	#include <openssl/crypto.h>
ec577822 BM	23	#include <openssl/rand.h>
3eeaab4b	24	#include <openssl/bn.h>
93d02986	25	#include <openssl/dsa.h>
b03ec3b5 SL	26	#include <openssl/evp.h>
b03ec3b5 SL	27	#include <openssl/core_names.h>
d02b48c6	28
93d02986	29	#include "testutil.h"
176db6dc	30	#include "internal/nelem.h"
f5d7a031	31
81813776	32	#ifndef OPENSSL_NO_DSA
6d23cf97	33	static int dsa_cb(int p, int n, BN_GENCB *arg);
a87030a1	34
93d02986	35	static int dsa_test(void)
0f113f3e MC	36	{
	37	BN_GENCB *cb;
	38	DSA *dsa = NULL;
	39	int counter, ret = 0, i, j;
	40	unsigned char buf[256];
	41	unsigned long h;
	42	unsigned char sig[256];
	43	unsigned int siglen;
b84e1226	44	const BIGNUM p = NULL, q = NULL, *g = NULL;
b03ec3b5 SL	45	/*
	46	* seed, out_p, out_q, out_g are taken from the updated Appendix 5 to FIPS
	47	* PUB 186 and also appear in Appendix 5 to FIPS PIB 186-1
	48	*/
	49	static unsigned char seed[20] = {
	50	0xd5, 0x01, 0x4e, 0x4b, 0x60, 0xef, 0x2b, 0xa8,
	51	0xb6, 0x21, 0x1b, 0x40, 0x62, 0xba, 0x32, 0x24,
	52	0xe0, 0x42, 0x7d, 0xd3,
	53	};
	54	static unsigned char out_p[] = {
	55	0x8d, 0xf2, 0xa4, 0x94, 0x49, 0x22, 0x76, 0xaa,
	56	0x3d, 0x25, 0x75, 0x9b, 0xb0, 0x68, 0x69, 0xcb,
	57	0xea, 0xc0, 0xd8, 0x3a, 0xfb, 0x8d, 0x0c, 0xf7,
	58	0xcb, 0xb8, 0x32, 0x4f, 0x0d, 0x78, 0x82, 0xe5,
	59	0xd0, 0x76, 0x2f, 0xc5, 0xb7, 0x21, 0x0e, 0xaf,
	60	0xc2, 0xe9, 0xad, 0xac, 0x32, 0xab, 0x7a, 0xac,
	61	0x49, 0x69, 0x3d, 0xfb, 0xf8, 0x37, 0x24, 0xc2,
	62	0xec, 0x07, 0x36, 0xee, 0x31, 0xc8, 0x02, 0x91,
	63	};
	64	static unsigned char out_q[] = {
	65	0xc7, 0x73, 0x21, 0x8c, 0x73, 0x7e, 0xc8, 0xee,
	66	0x99, 0x3b, 0x4f, 0x2d, 0xed, 0x30, 0xf4, 0x8e,
	67	0xda, 0xce, 0x91, 0x5f,
	68	};
	69	static unsigned char out_g[] = {
	70	0x62, 0x6d, 0x02, 0x78, 0x39, 0xea, 0x0a, 0x13,
	71	0x41, 0x31, 0x63, 0xa5, 0x5b, 0x4c, 0xb5, 0x00,
	72	0x29, 0x9d, 0x55, 0x22, 0x95, 0x6c, 0xef, 0xcb,
	73	0x3b, 0xff, 0x10, 0xf3, 0x99, 0xce, 0x2c, 0x2e,
	74	0x71, 0xcb, 0x9d, 0xe5, 0xfa, 0x24, 0xba, 0xbf,
	75	0x58, 0xe5, 0xb7, 0x95, 0x21, 0x92, 0x5c, 0x9c,
	76	0xc4, 0x2e, 0x9f, 0x6f, 0x46, 0x4b, 0x08, 0x8c,
	77	0xc5, 0x72, 0xaf, 0x53, 0xe6, 0xd7, 0x88, 0x02,
	78	};
	79	static const unsigned char str1[] = "12345678901234567890";
0f113f3e	80
93d02986	81	if (!TEST_ptr(cb = BN_GENCB_new()))
0f113f3e MC	82	goto end;
0f113f3e MC	83
93d02986 RS	84	BN_GENCB_set(cb, dsa_cb, NULL);
	85	if (!TEST_ptr(dsa = DSA_new())
	86	\|\| !TEST_true(DSA_generate_parameters_ex(dsa, 512, seed, 20,
	87	&counter, &h, cb)))
0f113f3e MC	88	goto end;
0f113f3e MC	89
93d02986	90	if (!TEST_int_eq(counter, 105))
0f113f3e	91	goto end;
93d02986	92	if (!TEST_int_eq(h, 2))
0f113f3e	93	goto end;
0f113f3e	94
6e9fa57c MC	95	DSA_get0_pqg(dsa, &p, &q, &g);
6e9fa57c MC	96	i = BN_bn2bin(q, buf);
0f113f3e	97	j = sizeof(out_q);
93d02986	98	if (!TEST_int_eq(i, j) \|\| !TEST_mem_eq(buf, i, out_q, i))
0f113f3e	99	goto end;
0f113f3e	100
6e9fa57c	101	i = BN_bn2bin(p, buf);
0f113f3e	102	j = sizeof(out_p);
93d02986	103	if (!TEST_int_eq(i, j) \|\| !TEST_mem_eq(buf, i, out_p, i))
0f113f3e	104	goto end;
0f113f3e	105
6e9fa57c	106	i = BN_bn2bin(g, buf);
0f113f3e	107	j = sizeof(out_g);
93d02986	108	if (!TEST_int_eq(i, j) \|\| !TEST_mem_eq(buf, i, out_g, i))
0f113f3e	109	goto end;
0f113f3e	110
12e05599 TM	111	if (!TEST_true(DSA_generate_key(dsa)))
	112	goto end;
	113	if (!TEST_true(DSA_sign(0, str1, 20, sig, &siglen, dsa)))
	114	goto end;
	115	if (TEST_int_gt(DSA_verify(0, str1, 20, sig, siglen, dsa), 0))
0f113f3e MC	116	ret = 1;
	117
	118	end:
d6407083	119	DSA_free(dsa);
23a1d5e9	120	BN_GENCB_free(cb);
93d02986	121	return ret;
0f113f3e	122	}
d02b48c6	123
6d23cf97	124	static int dsa_cb(int p, int n, BN_GENCB *arg)
0f113f3e	125	{
0f113f3e MC	126	static int ok = 0, num = 0;
0f113f3e MC	127
93d02986	128	if (p == 0)
0f113f3e	129	num++;
93d02986	130	if (p == 2)
0f113f3e	131	ok++;
0f113f3e MC	132
0f113f3e MC	133	if (!ok && (p == 0) && (num > 1)) {
93d02986	134	TEST_error("dsa_cb error");
0f113f3e MC	135	return 0;
	136	}
	137	return 1;
	138	}
b03ec3b5 SL	139
	140	# define P 0
	141	# define Q 1
	142	# define G 2
	143	# define SEED 3
	144	# define PCOUNT 4
	145	# define GINDEX 5
	146	# define HCOUNT 6
	147	# define GROUP 7
	148
	149	static int dsa_keygen_test(void)
	150	{
	151	int ret = 0;
	152	EVP_PKEY param_key = NULL, key = NULL;
	153	EVP_PKEY_CTX pg_ctx = NULL, kg_ctx = NULL;
	154	BIGNUM p_in = NULL, q_in = NULL, *g_in = NULL;
	155	BIGNUM p_out = NULL, q_out = NULL, *g_out = NULL;
	156	int gindex_out = 0, pcount_out = 0, hcount_out = 0;
	157	unsigned char seed_out[32];
	158	char group_out[32];
	159	size_t len = 0;
5e77b79a	160	const OSSL_PARAM *settables = NULL;
b03ec3b5 SL	161	static const unsigned char seed_data[] = {
	162	0xa6, 0xf5, 0x28, 0x8c, 0x50, 0x77, 0xa5, 0x68,
	163	0x6d, 0x3a, 0xf5, 0xf1, 0xc6, 0x4c, 0xdc, 0x35,
	164	0x95, 0x26, 0x3f, 0x03, 0xdc, 0x00, 0x3f, 0x44,
	165	0x7b, 0x2a, 0xc7, 0x29
	166	};
	167	static const unsigned char expected_p[]= {
	168	0xdb, 0x47, 0x07, 0xaf, 0xf0, 0x06, 0x49, 0x55,
	169	0xc9, 0xbb, 0x09, 0x41, 0xb8, 0xdb, 0x1f, 0xbc,
	170	0xa8, 0xed, 0x12, 0x06, 0x7f, 0x88, 0x49, 0xb8,
	171	0xc9, 0x12, 0x87, 0x21, 0xbb, 0x08, 0x6c, 0xbd,
	172	0xf1, 0x89, 0xef, 0x84, 0xd9, 0x7a, 0x93, 0xe8,
	173	0x45, 0x40, 0x81, 0xec, 0x37, 0x27, 0x1a, 0xa4,
	174	0x22, 0x51, 0x99, 0xf0, 0xde, 0x04, 0xdb, 0xea,
	175	0xa1, 0xf9, 0x37, 0x83, 0x80, 0x96, 0x36, 0x53,
	176	0xf6, 0xae, 0x14, 0x73, 0x33, 0x0f, 0xdf, 0x0b,
	177	0xf9, 0x2f, 0x08, 0x46, 0x31, 0xf9, 0x66, 0xcd,
	178	0x5a, 0xeb, 0x6c, 0xf3, 0xbb, 0x74, 0xf3, 0x88,
	179	0xf0, 0x31, 0x5c, 0xa4, 0xc8, 0x0f, 0x86, 0xf3,
	180	0x0f, 0x9f, 0xc0, 0x8c, 0x57, 0xe4, 0x7f, 0x95,
	181	0xb3, 0x62, 0xc8, 0x4e, 0xae, 0xf3, 0xd8, 0x14,
	182	0xcc, 0x47, 0xc2, 0x4b, 0x4f, 0xef, 0xaf, 0xcd,
	183	0xcf, 0xb2, 0xbb, 0xe8, 0xbe, 0x08, 0xca, 0x15,
	184	0x90, 0x59, 0x35, 0xef, 0x35, 0x1c, 0xfe, 0xeb,
	185	0x33, 0x2e, 0x25, 0x22, 0x57, 0x9c, 0x55, 0x23,
	186	0x0c, 0x6f, 0xed, 0x7c, 0xb6, 0xc7, 0x36, 0x0b,
	187	0xcb, 0x2b, 0x6a, 0x21, 0xa1, 0x1d, 0x55, 0x77,
	188	0xd9, 0x91, 0xcd, 0xc1, 0xcd, 0x3d, 0x82, 0x16,
	189	0x9c, 0xa0, 0x13, 0xa5, 0x83, 0x55, 0x3a, 0x73,
	190	0x7e, 0x2c, 0x44, 0x3e, 0x70, 0x2e, 0x50, 0x91,
	191	0x6e, 0xca, 0x3b, 0xef, 0xff, 0x85, 0x35, 0x70,
	192	0xff, 0x61, 0x0c, 0xb1, 0xb2, 0xb7, 0x94, 0x6f,
	193	0x65, 0xa4, 0x57, 0x62, 0xef, 0x21, 0x83, 0x0f,
	194	0x3e, 0x71, 0xae, 0x7d, 0xe4, 0xad, 0xfb, 0xe3,
	195	0xdd, 0xd6, 0x03, 0xda, 0x9a, 0xd8, 0x8f, 0x2d,
	196	0xbb, 0x90, 0x87, 0xf8, 0xdb, 0xdc, 0xec, 0x71,
	197	0xf2, 0xdb, 0x0b, 0x8e, 0xfc, 0x1a, 0x7e, 0x79,
	198	0xb1, 0x1b, 0x0d, 0xfc, 0x70, 0xec, 0x85, 0xc2,
	199	0xc5, 0xba, 0xb9, 0x69, 0x3f, 0x88, 0xbc, 0xcb
	200	};
	201	static const unsigned char expected_q[]= {
	202	0x99, 0xb6, 0xa0, 0xee, 0xb3, 0xa6, 0x99, 0x1a,
	203	0xb6, 0x67, 0x8d, 0xc1, 0x2b, 0x9b, 0xce, 0x2b,
	204	0x01, 0x72, 0x5a, 0x65, 0x76, 0x3d, 0x93, 0x69,
	205	0xe2, 0x56, 0xae, 0xd7
	206	};
	207	static const unsigned char expected_g[]= {
	208	0x63, 0xf8, 0xb6, 0xee, 0x2a, 0x27, 0xaf, 0x4f,
	209	0x4c, 0xf6, 0x08, 0x28, 0x87, 0x4a, 0xe7, 0x1f,
	210	0x45, 0x46, 0x27, 0x52, 0x3b, 0x7f, 0x6f, 0xd2,
	211	0x29, 0xcb, 0xe8, 0x11, 0x19, 0x25, 0x35, 0x76,
	212	0x99, 0xcb, 0x4f, 0x1b, 0xe0, 0xed, 0x32, 0x9e,
	213	0x05, 0xb5, 0xbe, 0xd7, 0xf6, 0x5a, 0xb2, 0xf6,
	214	0x0e, 0x0c, 0x7e, 0xf5, 0xe1, 0x05, 0xfe, 0xda,
	215	0xaf, 0x0f, 0x27, 0x1e, 0x40, 0x2a, 0xf7, 0xa7,
	216	0x23, 0x49, 0x2c, 0xd9, 0x1b, 0x0a, 0xbe, 0xff,
	217	0xc7, 0x7c, 0x7d, 0x60, 0xca, 0xa3, 0x19, 0xc3,
	218	0xb7, 0xe4, 0x43, 0xb0, 0xf5, 0x75, 0x44, 0x90,
	219	0x46, 0x47, 0xb1, 0xa6, 0x48, 0x0b, 0x21, 0x8e,
	220	0xee, 0x75, 0xe6, 0x3d, 0xa7, 0xd3, 0x7b, 0x31,
	221	0xd1, 0xd2, 0x9d, 0xe2, 0x8a, 0xfc, 0x57, 0xfd,
	222	0x8a, 0x10, 0x31, 0xeb, 0x87, 0x36, 0x3f, 0x65,
	223	0x72, 0x23, 0x2c, 0xd3, 0xd6, 0x17, 0xa5, 0x62,
	224	0x58, 0x65, 0x57, 0x6a, 0xd4, 0xa8, 0xfe, 0xec,
225	0x57, 0x76, 0x0c, 0xb1, 0x4c, 0x93, 0xed, 0xb0,
226	0xb4, 0xf9, 0x45, 0xb3, 0x3e, 0xdd, 0x47, 0xf1,
227	0xfb, 0x7d, 0x25, 0x79, 0x3d, 0xfc, 0xa7, 0x39,
228	0x90, 0x68, 0x6a, 0x6b, 0xae, 0xf2, 0x6e, 0x64,
229	0x8c, 0xfb, 0xb8, 0xdd, 0x76, 0x4e, 0x4a, 0x69,
230	0x8c, 0x97, 0x15, 0x77, 0xb2, 0x67, 0xdc, 0xeb,
231	0x4a, 0x40, 0x6b, 0xb9, 0x47, 0x8f, 0xa6, 0xab,
232	0x6e, 0x98, 0xc0, 0x97, 0x9a, 0x0c, 0xea, 0x00,
233	0xfd, 0x56, 0x1a, 0x74, 0x9a, 0x32, 0x6b, 0xfe,
234	0xbd, 0xdf, 0x6c, 0x82, 0x54, 0x53, 0x4d, 0x70,
235	0x65, 0xe3, 0x8b, 0x37, 0xb8, 0xe4, 0x70, 0x08,
236	0xb7, 0x3b, 0x30, 0x27, 0xaf, 0x1c, 0x77, 0xf3,
237	0x62, 0xd4, 0x9a, 0x59, 0xba, 0xd1, 0x6e, 0x89,
238	0x5c, 0x34, 0x9a, 0xa1, 0xb7, 0x4f, 0x7d, 0x8c,
239	0xdc, 0xbc, 0x74, 0x25, 0x5e, 0xbf, 0x77, 0x46
240	};
241	int expected_c = 1316;
242	int expected_h = 2;
243
244	if (!TEST_ptr(p_in = BN_bin2bn(expected_p, sizeof(expected_p), NULL))
245	\|\| !TEST_ptr(q_in = BN_bin2bn(expected_q, sizeof(expected_q), NULL))
246	\|\| !TEST_ptr(g_in = BN_bin2bn(expected_g, sizeof(expected_g), NULL)))
247	goto end;
248	if (!TEST_ptr(pg_ctx = EVP_PKEY_CTX_new_from_name(NULL, "DSA", NULL))
249	\|\| !TEST_int_gt(EVP_PKEY_paramgen_init(pg_ctx), 0)
5e77b79a SL	250	\|\| !TEST_ptr_null(EVP_PKEY_CTX_gettable_params(pg_ctx))
	251	\|\| !TEST_ptr(settables = EVP_PKEY_CTX_settable_params(pg_ctx))
	252	\|\| !TEST_ptr(OSSL_PARAM_locate_const(settables,
	253	OSSL_PKEY_PARAM_FFC_PBITS))
f1d66708	254	\|\| !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_type(pg_ctx, "fips186_4"))
b03ec3b5 SL	255	\|\| !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_bits(pg_ctx, 2048))
	256	\|\| !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_q_bits(pg_ctx, 224))
	257	\|\| !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_seed(pg_ctx, seed_data,
	258	sizeof(seed_data)))
	259	\|\| !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_md_props(pg_ctx, "SHA256",
	260	""))
f9253152	261	\|\| !TEST_int_gt(EVP_PKEY_generate(pg_ctx, &param_key), 0)
b03ec3b5 SL	262	\|\| !TEST_ptr(kg_ctx = EVP_PKEY_CTX_new_from_pkey(NULL, param_key, NULL))
b03ec3b5 SL	263	\|\| !TEST_int_gt(EVP_PKEY_keygen_init(kg_ctx), 0)
f9253152	264	\|\| !TEST_int_gt(EVP_PKEY_generate(kg_ctx, &key), 0))
b03ec3b5 SL	265	goto end;
	266
	267	if (!TEST_true(EVP_PKEY_get_bn_param(key, OSSL_PKEY_PARAM_FFC_P, &p_out))
	268	\|\| !TEST_BN_eq(p_in, p_out)
	269	\|\| !TEST_true(EVP_PKEY_get_bn_param(key, OSSL_PKEY_PARAM_FFC_Q, &q_out))
	270	\|\| !TEST_BN_eq(q_in, q_out)
	271	\|\| !TEST_true(EVP_PKEY_get_bn_param(key, OSSL_PKEY_PARAM_FFC_G, &g_out))
	272	\|\| !TEST_BN_eq(g_in, g_out)
	273	\|\| !TEST_true(EVP_PKEY_get_octet_string_param(
	274	key, OSSL_PKEY_PARAM_FFC_SEED, seed_out,
	275	sizeof(seed_out), &len))
	276	\|\| !TEST_mem_eq(seed_out, len, seed_data, sizeof(seed_data))
	277	\|\| !TEST_true(EVP_PKEY_get_int_param(key, OSSL_PKEY_PARAM_FFC_GINDEX,
	278	&gindex_out))
	279	\|\| !TEST_int_eq(gindex_out, -1)
	280	\|\| !TEST_true(EVP_PKEY_get_int_param(key, OSSL_PKEY_PARAM_FFC_H,
	281	&hcount_out))
	282	\|\| !TEST_int_eq(hcount_out, expected_h)
	283	\|\| !TEST_true(EVP_PKEY_get_int_param(key,
	284	OSSL_PKEY_PARAM_FFC_PCOUNTER,
	285	&pcount_out))
	286	\|\| !TEST_int_eq(pcount_out, expected_c)
	287	\|\| !TEST_false(EVP_PKEY_get_utf8_string_param(key,
023b188c	288	OSSL_PKEY_PARAM_GROUP_NAME,
b03ec3b5 SL	289	group_out,
	290	sizeof(group_out), &len)))
	291	goto end;
	292	ret = 1;
	293	end:
	294	BN_free(p_in);
	295	BN_free(q_in);
	296	BN_free(g_in);
	297	BN_free(p_out);
	298	BN_free(q_out);
	299	BN_free(g_out);
	300	EVP_PKEY_free(param_key);
	301	EVP_PKEY_free(key);
	302	EVP_PKEY_CTX_free(kg_ctx);
	303	EVP_PKEY_CTX_free(pg_ctx);
	304	return ret;
	305	}
	306
3a37ddde SL	307	static int test_dsa_default_paramgen_validate(int i)
	308	{
	309	int ret;
	310	EVP_PKEY_CTX *gen_ctx = NULL;
	311	EVP_PKEY_CTX *check_ctx = NULL;
	312	EVP_PKEY *params = NULL;
	313
	314	ret = TEST_ptr(gen_ctx = EVP_PKEY_CTX_new_from_name(NULL, "DSA", NULL))
	315	&& TEST_int_gt(EVP_PKEY_paramgen_init(gen_ctx), 0)
	316	&& (i == 0
	317	\|\| TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_bits(gen_ctx, 512)))
f9253152	318	&& TEST_int_gt(EVP_PKEY_generate(gen_ctx, &params), 0)
3a37ddde SL	319	&& TEST_ptr(check_ctx = EVP_PKEY_CTX_new_from_pkey(NULL, params, NULL))
	320	&& TEST_int_gt(EVP_PKEY_param_check(check_ctx), 0);
	321
	322	EVP_PKEY_free(params);
	323	EVP_PKEY_CTX_free(check_ctx);
	324	EVP_PKEY_CTX_free(gen_ctx);
	325	return ret;
	326	}
	327
81813776	328	#endif /* OPENSSL_NO_DSA */
93d02986	329
ad887416	330	int setup_tests(void)
93d02986 RS	331	{
	332	#ifndef OPENSSL_NO_DSA
	333	ADD_TEST(dsa_test);
b03ec3b5	334	ADD_TEST(dsa_keygen_test);
3a37ddde	335	ADD_ALL_TESTS(test_dsa_default_paramgen_validate, 2);
f5d7a031	336	#endif
ad887416	337	return 1;
93d02986	338	}