]> git.ipfire.org Git - thirdparty/openssl.git/blame - test/evp_libctx_test.c
projects / thirdparty / openssl.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Add KEM (Key encapsulation mechanism) support to providers
[thirdparty/openssl.git] / test / evp_libctx_test.c
CommitLineData
63794b04
SL		 1/*
2 * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10/*
11
12 * These tests are setup to load null into the default library context.
13 * Any tests are expected to use the created 'libctx' to find algorithms.
14 * The framework runs the tests twice using the 'default' provider or
15 * 'fips' provider as inputs.
16 */
17
18/*
19 * DSA/DH low level APIs are deprecated for public use, but still ok for
20 * internal use.
21 */
22#include "internal/deprecated.h"
23#include <openssl/evp.h>
24#include <openssl/provider.h>
25#include <openssl/dsa.h>
fcdd228b 26#include <openssl/dh.h>
90409da6 27#include <openssl/safestack.h>
80f4fd18 28#include <openssl/core_names.h>
116d2510 29#include <openssl/x509.h>
63794b04
SL		 30#include "testutil.h"
31#include "internal/nelem.h"
90409da6
SL		 32#include "crypto/bn_dh.h" /* _bignum_ffdhe2048_p */
33#include "../e_os.h" /* strcasecmp */
34
63794b04
SL		 35static OPENSSL_CTX *libctx = NULL;
36static OSSL_PROVIDER *nullprov = NULL;
37static OSSL_PROVIDER *libprov = NULL;
90409da6 38static STACK_OF(OPENSSL_CSTRING) *cipher_names = NULL;
63794b04
SL		 39
40typedef enum OPTION_choice {
41 OPT_ERR = -1,
42 OPT_EOF = 0,
43 OPT_CONFIG_FILE,
44 OPT_PROVIDER_NAME,
45 OPT_TEST_ENUM
46} OPTION_CHOICE;
47
48const OPTIONS *test_get_options(void)
49{
50 static const OPTIONS test_options[] = {
51 OPT_TEST_OPTIONS_DEFAULT_USAGE,
52 { "config", OPT_CONFIG_FILE, '<',
53 "The configuration file to use for the libctx" },
54 { "provider", OPT_PROVIDER_NAME, 's',
55 "The provider to load (The default value is 'default'" },
56 { NULL }
57 };
58 return test_options;
59}
60
fcdd228b 61#ifndef OPENSSL_NO_DH
63794b04
SL		 62static const char *getname(int id)
63{
64 const char *name[] = {"p", "q", "g" };
65
66 if (id >= 0 && id < 3)
67 return name[id];
68 return "?";
69}
70#endif
71
fcdd228b
MC		 72/*
73 * We're using some DH specific values in this test, so we skip compilation if
74 * we're in a no-dh build.
75 */
76#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DH)
63794b04
SL		 77
78static int test_dsa_param_keygen(int tstid)
79{
80 int ret = 0;
81 int expected;
82 EVP_PKEY_CTX *gen_ctx = NULL;
83 EVP_PKEY *pkey_parm = NULL;
84 EVP_PKEY *pkey = NULL;
85 DSA *dsa = NULL;
86 int pind, qind, gind;
87 BIGNUM *p = NULL, *q = NULL, *g = NULL;
88
89 /*
90 * Just grab some fixed dh p, q, g values for testing,
91 * these 'safe primes' should not be used normally for dsa *.
92 */
93 static const BIGNUM *bn[] = {
94 &_bignum_dh2048_256_p, &_bignum_dh2048_256_q, &_bignum_dh2048_256_g
95 };
96
97 /*
98 * These tests are using bad values for p, q, g by reusing the values.
99 * A value of 0 uses p, 1 uses q and 2 uses g.
100 * There are 27 different combinations, with only the 1 valid combination.
101 */
102 pind = tstid / 9;
103 qind = (tstid / 3) % 3;
104 gind = tstid % 3;
105 expected = (pind == 0 && qind == 1 && gind == 2);
106
107 TEST_note("Testing with (p, q, g) = (%s, %s, %s)\n", getname(pind),
108 getname(qind), getname(gind));
109
110 if (!TEST_ptr(pkey_parm = EVP_PKEY_new())
111 || !TEST_ptr(dsa = DSA_new())
112 || !TEST_ptr(p = BN_dup(bn[pind]))
113 || !TEST_ptr(q = BN_dup(bn[qind]))
114 || !TEST_ptr(g = BN_dup(bn[gind]))
115 || !TEST_true(DSA_set0_pqg(dsa, p, q, g)))
116 goto err;
117 p = q = g = NULL;
118
119 if (!TEST_true(EVP_PKEY_assign_DSA(pkey_parm, dsa)))
120 goto err;
121 dsa = NULL;
122
123 if (!TEST_ptr(gen_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey_parm, NULL))
124 || !TEST_int_gt(EVP_PKEY_keygen_init(gen_ctx), 0)
125 || !TEST_int_eq(EVP_PKEY_keygen(gen_ctx, &pkey), expected))
126 goto err;
127 ret = 1;
128err:
129 EVP_PKEY_free(pkey);
130 EVP_PKEY_CTX_free(gen_ctx);
131 EVP_PKEY_free(pkey_parm);
132 DSA_free(dsa);
133 BN_free(g);
134 BN_free(q);
135 BN_free(p);
136 return ret;
137}
138#endif /* OPENSSL_NO_DSA */
139
140#ifndef OPENSSL_NO_DH
141static int do_dh_param_keygen(int tstid, const BIGNUM **bn)
142{
143 int ret = 0;
144 int expected;
145 EVP_PKEY_CTX *gen_ctx = NULL;
146 EVP_PKEY *pkey_parm = NULL;
147 EVP_PKEY *pkey = NULL;
148 DH *dh = NULL;
149 int pind, qind, gind;
150 BIGNUM *p = NULL, *q = NULL, *g = NULL;
151
152 /*
153 * These tests are using bad values for p, q, g by reusing the values.
154 * A value of 0 uses p, 1 uses q and 2 uses g.
155 * There are 27 different combinations, with only the 1 valid combination.
156 */
157 pind = tstid / 9;
158 qind = (tstid / 3) % 3;
159 gind = tstid % 3;
160 expected = (pind == 0 && qind == 1 && gind == 2);
161
162 TEST_note("Testing with (p, q, g) = (%s, %s, %s)", getname(pind),
163 getname(qind), getname(gind));
164
165 if (!TEST_ptr(pkey_parm = EVP_PKEY_new())
166 || !TEST_ptr(dh = DH_new())
167 || !TEST_ptr(p = BN_dup(bn[pind]))
168 || !TEST_ptr(q = BN_dup(bn[qind]))
169 || !TEST_ptr(g = BN_dup(bn[gind]))
170 || !TEST_true(DH_set0_pqg(dh, p, q, g)))
171 goto err;
172 p = q = g = NULL;
173
174 if (!TEST_true(EVP_PKEY_assign_DH(pkey_parm, dh)))
175 goto err;
176 dh = NULL;
177
178 if (!TEST_ptr(gen_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey_parm, NULL))
179 || !TEST_int_gt(EVP_PKEY_keygen_init(gen_ctx), 0)
180 || !TEST_int_eq(EVP_PKEY_keygen(gen_ctx, &pkey), expected))
181 goto err;
182 ret = 1;
183err:
184 EVP_PKEY_free(pkey);
185 EVP_PKEY_CTX_free(gen_ctx);
186 EVP_PKEY_free(pkey_parm);
187 DH_free(dh);
188 BN_free(g);
189 BN_free(q);
190 BN_free(p);
191 return ret;
192}
193
194/*
195 * Note that we get the fips186-4 path being run for most of these cases since
196 * the internal code will detect that the p, q, g does not match a safe prime
197 * group (Except for when tstid = 5, which sets the correct p, q, g)
198 */
199static int test_dh_safeprime_param_keygen(int tstid)
200{
201 static const BIGNUM *bn[] = {
202 &_bignum_ffdhe2048_p, &_bignum_ffdhe2048_q, &_bignum_const_2
203 };
204 return do_dh_param_keygen(tstid, bn);
205}
116d2510
SL		 206
207static int dhx_cert_load(void)
208{
209 int ret = 0;
210 X509 *cert = NULL;
211 BIO *bio = NULL;
212
213 static const unsigned char dhx_cert[] = {
214 0x30,0x82,0x03,0xff,0x30,0x82,0x02,0xe7,0xa0,0x03,0x02,0x01,0x02,0x02,0x09,0x00,
215 0xdb,0xf5,0x4d,0x22,0xa0,0x7a,0x67,0xa6,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,
216 0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x30,0x44,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,
217 0x04,0x06,0x13,0x02,0x55,0x4b,0x31,0x16,0x30,0x14,0x06,0x03,0x55,0x04,0x0a,0x0c,
218 0x0d,0x4f,0x70,0x65,0x6e,0x53,0x53,0x4c,0x20,0x47,0x72,0x6f,0x75,0x70,0x31,0x1d,
219 0x30,0x1b,0x06,0x03,0x55,0x04,0x03,0x0c,0x14,0x54,0x65,0x73,0x74,0x20,0x53,0x2f,
220 0x4d,0x49,0x4d,0x45,0x20,0x52,0x53,0x41,0x20,0x52,0x6f,0x6f,0x74,0x30,0x1e,0x17,
221 0x0d,0x31,0x33,0x30,0x38,0x30,0x32,0x31,0x34,0x34,0x39,0x32,0x39,0x5a,0x17,0x0d,
222 0x32,0x33,0x30,0x36,0x31,0x31,0x31,0x34,0x34,0x39,0x32,0x39,0x5a,0x30,0x44,0x31,
223 0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x4b,0x31,0x16,0x30,0x14,
224 0x06,0x03,0x55,0x04,0x0a,0x0c,0x0d,0x4f,0x70,0x65,0x6e,0x53,0x53,0x4c,0x20,0x47,
225 0x72,0x6f,0x75,0x70,0x31,0x1d,0x30,0x1b,0x06,0x03,0x55,0x04,0x03,0x0c,0x14,0x54,
226 0x65,0x73,0x74,0x20,0x53,0x2f,0x4d,0x49,0x4d,0x45,0x20,0x45,0x45,0x20,0x44,0x48,
227 0x20,0x23,0x31,0x30,0x82,0x01,0xb6,0x30,0x82,0x01,0x2b,0x06,0x07,0x2a,0x86,0x48,
228 0xce,0x3e,0x02,0x01,0x30,0x82,0x01,0x1e,0x02,0x81,0x81,0x00,0xd4,0x0c,0x4a,0x0c,
229 0x04,0x72,0x71,0x19,0xdf,0x59,0x19,0xc5,0xaf,0x44,0x7f,0xca,0x8e,0x2b,0xf0,0x09,
230 0xf5,0xd3,0x25,0xb1,0x73,0x16,0x55,0x89,0xdf,0xfd,0x07,0xaf,0x19,0xd3,0x7f,0xd0,
231 0x07,0xa2,0xfe,0x3f,0x5a,0xf1,0x01,0xc6,0xf8,0x2b,0xef,0x4e,0x6d,0x03,0x38,0x42,
232 0xa1,0x37,0xd4,0x14,0xb4,0x00,0x4a,0xb1,0x86,0x5a,0x83,0xce,0xb9,0x08,0x0e,0xc1,
233 0x99,0x27,0x47,0x8d,0x0b,0x85,0xa8,0x82,0xed,0xcc,0x0d,0xb9,0xb0,0x32,0x7e,0xdf,
234 0xe8,0xe4,0xf6,0xf6,0xec,0xb3,0xee,0x7a,0x11,0x34,0x65,0x97,0xfc,0x1a,0xb0,0x95,
235 0x4b,0x19,0xb9,0xa6,0x1c,0xd9,0x01,0x32,0xf7,0x35,0x7c,0x2d,0x5d,0xfe,0xc1,0x85,
236 0x70,0x49,0xf8,0xcc,0x99,0xd0,0xbe,0xf1,0x5a,0x78,0xc8,0x03,0x02,0x81,0x80,0x69,
237 0x00,0xfd,0x66,0xf2,0xfc,0x15,0x8b,0x09,0xb8,0xdc,0x4d,0xea,0xaa,0x79,0x55,0xf9,
238 0xdf,0x46,0xa6,0x2f,0xca,0x2d,0x8f,0x59,0x2a,0xad,0x44,0xa3,0xc6,0x18,0x2f,0x95,
239 0xb6,0x16,0x20,0xe3,0xd3,0xd1,0x8f,0x03,0xce,0x71,0x7c,0xef,0x3a,0xc7,0x44,0x39,
240 0x0e,0xe2,0x1f,0xd8,0xd3,0x89,0x2b,0xe7,0x51,0xdc,0x12,0x48,0x4c,0x18,0x4d,0x99,
241 0x12,0x06,0xe4,0x17,0x02,0x03,0x8c,0x24,0x05,0x8e,0xa6,0x85,0xf2,0x69,0x1b,0xe1,
242 0x6a,0xdc,0xe2,0x04,0x3a,0x01,0x9d,0x64,0xbe,0xfe,0x45,0xf9,0x44,0x18,0x71,0xbd,
243 0x2d,0x3e,0x7a,0x6f,0x72,0x7d,0x1a,0x80,0x42,0x57,0xae,0x18,0x6f,0x91,0xd6,0x61,
244 0x03,0x8a,0x1c,0x89,0x73,0xc7,0x56,0x41,0x03,0xd3,0xf8,0xed,0x65,0xe2,0x85,0x02,
245 0x15,0x00,0x89,0x94,0xab,0x10,0x67,0x45,0x41,0xad,0x63,0xc6,0x71,0x40,0x8d,0x6b,
246 0x9e,0x19,0x5b,0xa4,0xc7,0xf5,0x03,0x81,0x84,0x00,0x02,0x81,0x80,0x2f,0x5b,0xde,
247 0x72,0x02,0x36,0x6b,0x00,0x5e,0x24,0x7f,0x14,0x2c,0x18,0x52,0x42,0x97,0x4b,0xdb,
248 0x6e,0x15,0x50,0x3c,0x45,0x3e,0x25,0xf3,0xb7,0xc5,0x6e,0xe5,0x52,0xe7,0xc4,0xfb,
249 0xf4,0xa5,0xf0,0x39,0x12,0x7f,0xbc,0x54,0x1c,0x93,0xb9,0x5e,0xee,0xe9,0x14,0xb0,
250 0xdf,0xfe,0xfc,0x36,0xe4,0xf2,0xaf,0xfb,0x13,0xc8,0xdf,0x18,0x94,0x1d,0x40,0xb9,
251 0x71,0xdd,0x4c,0x9c,0xa7,0x03,0x52,0x02,0xb5,0xed,0x71,0x80,0x3e,0x23,0xda,0x28,
252 0xe5,0xab,0xe7,0x6f,0xf2,0x0a,0x0e,0x00,0x5b,0x7d,0xc6,0x4b,0xd7,0xc7,0xb2,0xc3,
253 0xba,0x62,0x7f,0x70,0x28,0xa0,0x9d,0x71,0x13,0x70,0xd1,0x9f,0x32,0x2f,0x3e,0xd2,
254 0xcd,0x1b,0xa4,0xc6,0x72,0xa0,0x74,0x5d,0x71,0xef,0x03,0x43,0x6e,0xa3,0x60,0x30,
255 0x5e,0x30,0x0c,0x06,0x03,0x55,0x1d,0x13,0x01,0x01,0xff,0x04,0x02,0x30,0x00,0x30,
256 0x0e,0x06,0x03,0x55,0x1d,0x0f,0x01,0x01,0xff,0x04,0x04,0x03,0x02,0x05,0xe0,0x30,
257 0x1d,0x06,0x03,0x55,0x1d,0x0e,0x04,0x16,0x04,0x14,0x0b,0x5a,0x4d,0x5f,0x7d,0x25,
258 0xc7,0xf2,0x9d,0xc1,0xaa,0xb7,0x63,0x82,0x2f,0xfa,0x8f,0x32,0xe7,0xc0,0x30,0x1f,
259 0x06,0x03,0x55,0x1d,0x23,0x04,0x18,0x30,0x16,0x80,0x14,0xdf,0x7e,0x5e,0x88,0x05,
260 0x24,0x33,0x08,0xdd,0x22,0x81,0x02,0x97,0xcc,0x9a,0xb7,0xb1,0x33,0x27,0x30,0x30,
261 0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x03,0x82,
262 0x01,0x01,0x00,0x5a,0xf2,0x63,0xef,0xd3,0x16,0xd7,0xf5,0xaa,0xdd,0x12,0x00,0x36,
263 0x00,0x21,0xa2,0x7b,0x08,0xd6,0x3b,0x9f,0x62,0xac,0x53,0x1f,0xed,0x4c,0xd1,0x15,
264 0x34,0x65,0x71,0xee,0x96,0x07,0xa6,0xef,0xb2,0xde,0xd8,0xbb,0x35,0x6e,0x2c,0xe2,
265 0xd1,0x26,0xef,0x7e,0x94,0xe2,0x88,0x51,0xa4,0x6c,0xaa,0x27,0x2a,0xd3,0xb6,0xc2,
266 0xf7,0xea,0xc3,0x0b,0xa9,0xb5,0x28,0x37,0xa2,0x63,0x08,0xe4,0x88,0xc0,0x1b,0x16,
267 0x1b,0xca,0xfd,0x8a,0x07,0x32,0x29,0xa7,0x53,0xb5,0x2d,0x30,0xe4,0xf5,0x16,0xc3,
268 0xe3,0xc2,0x4c,0x30,0x5d,0x35,0x80,0x1c,0xa2,0xdb,0xe3,0x4b,0x51,0x0d,0x4c,0x60,
269 0x5f,0xb9,0x46,0xac,0xa8,0x46,0xa7,0x32,0xa7,0x9c,0x76,0xf8,0xe9,0xb5,0x19,0xe2,
270 0x0c,0xe1,0x0f,0xc6,0x46,0xe2,0x38,0xa7,0x87,0x72,0x6d,0x6c,0xbc,0x88,0x2f,0x9d,
271 0x2d,0xe5,0xd0,0x7d,0x1e,0xc7,0x5d,0xf8,0x7e,0xb4,0x0b,0xa6,0xf9,0x6c,0xe3,0x7c,
272 0xb2,0x70,0x6e,0x75,0x9b,0x1e,0x63,0xe1,0x4d,0xb2,0x81,0xd3,0x55,0x38,0x94,0x1a,
273 0x7a,0xfa,0xbf,0x01,0x18,0x70,0x2d,0x35,0xd3,0xe3,0x10,0x7a,0x9a,0xa7,0x8f,0xf3,
274 0xbd,0x56,0x55,0x5e,0xd8,0xbd,0x4e,0x16,0x76,0xd0,0x48,0x4c,0xf9,0x51,0x54,0xdf,
275 0x2d,0xb0,0xc9,0xaa,0x5e,0x42,0x38,0x50,0xbf,0x0f,0xc0,0xd9,0x84,0x44,0x4b,0x42,
276 0x24,0xec,0x14,0xa3,0xde,0x11,0xdf,0x58,0x7f,0xc2,0x4d,0xb2,0xd5,0x42,0x78,0x6e,
277 0x52,0x3e,0xad,0xc3,0x5f,0x04,0xc4,0xe6,0x31,0xaa,0x81,0x06,0x8b,0x13,0x4b,0x3c,
278 0x0e,0x6a,0xb1
279 };
280
281 if (!TEST_ptr(bio = BIO_new_mem_buf(dhx_cert, sizeof(dhx_cert)))
282 || !TEST_ptr(cert = X509_new_with_libctx(libctx, NULL))
283 || !TEST_ptr(d2i_X509_bio(bio, &cert)))
284 goto err;
285 ret = 1;
286err:
287 X509_free(cert);
288 BIO_free(bio);
289 return ret;
290}
291
63794b04
SL		 292#endif /* OPENSSL_NO_DH */
293
90409da6
SL		 294static int test_cipher_reinit(int test_id)
295{
296 int ret = 0, out1_len = 0, out2_len = 0, diff, ccm;
297 EVP_CIPHER *cipher = NULL;
298 EVP_CIPHER_CTX *ctx = NULL;
299 unsigned char out1[256];
300 unsigned char out2[256];
301 unsigned char in[16] = {
302 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
303 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10
304 };
305 unsigned char key[64] = {
306 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
307 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
308 0x01, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
309 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
310 0x02, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
311 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
312 0x03, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
313 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
314 };
315 unsigned char iv[16] = {
316 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08,
317 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00
318 };
319 const char *name = sk_OPENSSL_CSTRING_value(cipher_names, test_id);
320
321 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()))
322 goto err;
323
324 TEST_note("Fetching %s\n", name);
325 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, name, NULL)))
326 goto err;
327
328 /* ccm fails on the second update - this matches OpenSSL 1_1_1 behaviour */
329 ccm = (EVP_CIPHER_mode(cipher) == EVP_CIPH_CCM_MODE);
330
331 /* DES3-WRAP uses random every update - so it will give a different value */
332 diff = EVP_CIPHER_is_a(cipher, "DES3-WRAP");
333
334 if (!TEST_true(EVP_EncryptInit_ex(ctx, cipher, NULL, key, iv))
335 || !TEST_true(EVP_EncryptUpdate(ctx, out1, &out1_len, in, sizeof(in)))
336 || !TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv))
337 || !TEST_int_eq(EVP_EncryptUpdate(ctx, out2, &out2_len, in, sizeof(in)),
338 ccm ? 0 : 1))
339 goto err;
340
341 if (ccm == 0) {
342 if (diff) {
343 if (!TEST_mem_ne(out1, out1_len, out2, out2_len))
344 goto err;
345 } else {
346 if (!TEST_mem_eq(out1, out1_len, out2, out2_len))
347 goto err;
348 }
349 }
350 ret = 1;
351err:
352 EVP_CIPHER_free(cipher);
353 EVP_CIPHER_CTX_free(ctx);
354 return ret;
355}
356
914f97ee
SL		 357/*
358 * This test only uses a partial block (half the block size) of input for each
359 * EVP_EncryptUpdate() in order to test that the second init/update is not using
360 * a leftover buffer from the first init/update.
361 * Note: some ciphers don't need a full block to produce output.
362 */
363static int test_cipher_reinit_partialupdate(int test_id)
364{
365 int ret = 0, out1_len = 0, out2_len = 0, in_len;
366 EVP_CIPHER *cipher = NULL;
367 EVP_CIPHER_CTX *ctx = NULL;
368 unsigned char out1[256];
369 unsigned char out2[256];
370 static const unsigned char in[32] = {
371 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
372 0xba, 0xbe, 0xba, 0xbe, 0x00, 0x00, 0xba, 0xbe,
373 0x01, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
374 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
375 };
376 static const unsigned char key[64] = {
377 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
378 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
379 0x01, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
380 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
381 0x02, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
382 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
383 0x03, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
384 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
385 };
386 static const unsigned char iv[16] = {
387 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08,
388 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00
389 };
390 const char *name = sk_OPENSSL_CSTRING_value(cipher_names, test_id);
391
392 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()))
393 goto err;
394
395 TEST_note("Fetching %s\n", name);
396 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, name, NULL)))
397 goto err;
398
399 in_len = EVP_CIPHER_block_size(cipher) / 2;
400
401 /* skip any ciphers that don't allow partial updates */
402 if (((EVP_CIPHER_flags(cipher)
403 & (EVP_CIPH_FLAG_CTS | EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK)) != 0)
404 || EVP_CIPHER_mode(cipher) == EVP_CIPH_CCM_MODE
405 || EVP_CIPHER_mode(cipher) == EVP_CIPH_XTS_MODE
406 || EVP_CIPHER_mode(cipher) == EVP_CIPH_WRAP_MODE) {
407 ret = 1;
408 goto err;
409 }
410
411 if (!TEST_true(EVP_EncryptInit_ex(ctx, cipher, NULL, key, iv))
412 || !TEST_true(EVP_EncryptUpdate(ctx, out1, &out1_len, in, in_len))
413 || !TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv))
414 || !TEST_true(EVP_EncryptUpdate(ctx, out2, &out2_len, in, in_len)))
415 goto err;
416
417 /* DES3-WRAP uses random every update - so it will give a different value */
418 if (EVP_CIPHER_is_a(cipher, "DES3-WRAP")) {
419 if (!TEST_mem_ne(out1, out1_len, out2, out2_len))
420 goto err;
421 } else {
422 if (!TEST_mem_eq(out1, out1_len, out2, out2_len))
423 goto err;
424 }
425 ret = 1;
426err:
427 EVP_CIPHER_free(cipher);
428 EVP_CIPHER_CTX_free(ctx);
429 return ret;
430}
431
432
90409da6
SL		 433static int name_cmp(const char * const *a, const char * const *b)
434{
435 return strcasecmp(*a, *b);
436}
437
438static void collect_cipher_names(EVP_CIPHER *cipher, void *cipher_names_list)
439{
440 STACK_OF(OPENSSL_CSTRING) *names = cipher_names_list;
441
442 sk_OPENSSL_CSTRING_push(names, EVP_CIPHER_name(cipher));
443}
444
80f4fd18
SL		 445static int rsa_keygen(int bits, EVP_PKEY **pub, EVP_PKEY **priv)
446{
447 int ret = 0;
448 EVP_PKEY_CTX *keygen_ctx = NULL;
449 unsigned char *pub_der = NULL;
450 const unsigned char *pp = NULL;
451 long len = 0;
452
453 if (!TEST_ptr(keygen_ctx = EVP_PKEY_CTX_new_from_name(libctx, "RSA", NULL))
454 || !TEST_int_gt(EVP_PKEY_keygen_init(keygen_ctx), 0)
455 || !TEST_true(EVP_PKEY_CTX_set_rsa_keygen_bits(keygen_ctx, bits))
456 || !TEST_int_gt(EVP_PKEY_keygen(keygen_ctx, priv), 0)
457 || !TEST_int_gt(len = i2d_PublicKey(*priv, &pub_der), 0))
458 goto err;
459 pp = pub_der;
460 if (!TEST_ptr(d2i_PublicKey(EVP_PKEY_RSA, pub, &pp, len)))
461 goto err;
462 ret = 1;
463err:
464 OPENSSL_free(pub_der);
465 EVP_PKEY_CTX_free(keygen_ctx);
466 return ret;
467}
468
469static int kem_rsa_gen_recover(void)
470{
471 int ret = 0;
472 EVP_PKEY *pub = NULL;
473 EVP_PKEY *priv = NULL;
474 EVP_PKEY_CTX *sctx = NULL, *rctx = NULL;
475 unsigned char secret[256] = { 0, };
476 unsigned char ct[256] = { 0, };
477 unsigned char unwrap[256] = { 0, };
478 size_t ctlen = 0, unwraplen = 0, secretlen = 0;
479
480 ret = TEST_true(rsa_keygen(2048, &pub, &priv))
481 && TEST_ptr(sctx = EVP_PKEY_CTX_new_from_pkey(libctx, pub, NULL))
482 && TEST_int_eq(EVP_PKEY_encapsulate_init(sctx), 1)
483 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(sctx, "RSASVE"), 1)
484 && TEST_int_eq(EVP_PKEY_encapsulate(sctx, NULL, &ctlen, NULL,
485 &secretlen), 1)
486 && TEST_int_eq(ctlen, secretlen)
487 && TEST_int_eq(ctlen, 2048 / 8)
488 && TEST_int_eq(EVP_PKEY_encapsulate(sctx, ct, &ctlen, secret,
489 &secretlen), 1)
490 && TEST_ptr(rctx = EVP_PKEY_CTX_new_from_pkey(libctx, priv, NULL))
491 && TEST_int_eq(EVP_PKEY_decapsulate_init(rctx), 1)
492 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(rctx, "RSASVE"), 1)
493 && TEST_int_eq(EVP_PKEY_decapsulate(rctx, NULL, &unwraplen,
494 ct, ctlen), 1)
495 && TEST_int_eq(EVP_PKEY_decapsulate(rctx, unwrap, &unwraplen,
496 ct, ctlen), 1)
497 && TEST_mem_eq(unwrap, unwraplen, secret, secretlen);
498 EVP_PKEY_free(pub);
499 EVP_PKEY_free(priv);
500 EVP_PKEY_CTX_free(rctx);
501 EVP_PKEY_CTX_free(sctx);
502 return ret;
503}
504
505static int kem_rsa_params(void)
506{
507 int ret = 0;
508 EVP_PKEY *pub = NULL;
509 EVP_PKEY *priv = NULL;
510 EVP_PKEY_CTX *pubctx = NULL, *privctx = NULL;
511 unsigned char secret[256] = { 0, };
512 unsigned char ct[256] = { 0, };
513 size_t ctlen = 0, secretlen = 0;
514
515 ret = TEST_true(rsa_keygen(2048, &pub, &priv))
516 && TEST_ptr(pubctx = EVP_PKEY_CTX_new_from_pkey(libctx, pub, NULL))
517 && TEST_ptr(privctx = EVP_PKEY_CTX_new_from_pkey(libctx, priv, NULL))
518 /* Test setting kem op before the init fails */
519 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx, "RSASVE"), -2)
520 /* Test NULL ctx passed */
521 && TEST_int_eq(EVP_PKEY_encapsulate_init(NULL), 0)
522 && TEST_int_eq(EVP_PKEY_encapsulate(NULL, NULL, NULL, NULL, NULL), 0)
523 && TEST_int_eq(EVP_PKEY_decapsulate_init(NULL), 0)
524 && TEST_int_eq(EVP_PKEY_decapsulate(NULL, NULL, NULL, NULL, 0), 0)
525 /* Test Invalid operation */
526 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, NULL, NULL, NULL), -1)
527 && TEST_int_eq(EVP_PKEY_decapsulate(privctx, NULL, NULL, NULL, 0), 0)
528 /* Wrong key component - no secret should be returned on failure */
529 && TEST_int_eq(EVP_PKEY_decapsulate_init(pubctx), 1)
530 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx, "RSASVE"), 1)
531 && TEST_int_eq(EVP_PKEY_decapsulate(pubctx, secret, &secretlen, ct,
532 sizeof(ct)), 0)
533 && TEST_uchar_eq(secret[0], 0)
534 /* Test encapsulate fails if the mode is not set */
535 && TEST_int_eq(EVP_PKEY_encapsulate_init(pubctx), 1)
536 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, ct, &ctlen, secret, &secretlen), -2)
537 /* Test setting a bad kem ops fail */
538 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx, "RSA"), 0)
539 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx, NULL), 0)
540 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(NULL, "RSASVE"), 0)
541 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(NULL, NULL), 0)
542 /* Test secretlen is optional */
543 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx, "RSASVE"), 1)
544 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, ct, &ctlen, secret, NULL), 1)
545 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, &ctlen, NULL, NULL), 1)
546 /* Test outlen is optional */
547 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, NULL, NULL, &secretlen), 1)
548 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, ct, NULL, secret, &secretlen), 1)
549 /* test that either len must be set if out is NULL */
550 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, NULL, NULL, NULL), 0)
551 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, &ctlen, NULL, NULL), 1)
552 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, NULL, NULL, &secretlen), 1)
553 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, &ctlen, NULL, &secretlen), 1)
554 /* Secret buffer should be set if there is an output buffer */
555 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, ct, &ctlen, NULL, NULL), 0)
556 /* Test that lengths are optional if ct is not NULL */
557 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, ct, NULL, secret, NULL), 1)
558 /* Pass if secret or secret length are not NULL */
559 && TEST_int_eq(EVP_PKEY_decapsulate_init(privctx), 1)
560 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(privctx, "RSASVE"), 1)
561 && TEST_int_eq(EVP_PKEY_decapsulate(privctx, secret, NULL, ct, sizeof(ct)), 1)
562 && TEST_int_eq(EVP_PKEY_decapsulate(privctx, NULL, &secretlen, ct, sizeof(ct)), 1)
563 && TEST_int_eq(secretlen, 256)
564 /* Fail if passed NULL arguments */
565 && TEST_int_eq(EVP_PKEY_decapsulate(privctx, NULL, NULL, ct, sizeof(ct)), 0)
566 && TEST_int_eq(EVP_PKEY_decapsulate(privctx, secret, &secretlen, NULL, 0), 0)
567 && TEST_int_eq(EVP_PKEY_decapsulate(privctx, secret, &secretlen, NULL, sizeof(ct)), 0)
568 && TEST_int_eq(EVP_PKEY_decapsulate(privctx, secret, &secretlen, ct, 0), 0);
569
570 EVP_PKEY_free(pub);
571 EVP_PKEY_free(priv);
572 EVP_PKEY_CTX_free(pubctx);
573 EVP_PKEY_CTX_free(privctx);
574 return ret;
575}
576
577#ifndef OPENSSL_NO_DH
578static EVP_PKEY *gen_dh_key(void)
579{
580 EVP_PKEY_CTX *gctx = NULL;
581 EVP_PKEY *pkey = NULL;
582 OSSL_PARAM params[2];
583
584 params[0] = OSSL_PARAM_construct_utf8_string("group", "ffdhe2048", 0);
585 params[1] = OSSL_PARAM_construct_end();
586
587 if (!TEST_ptr(gctx = EVP_PKEY_CTX_new_from_name(libctx, "DH", NULL))
588 || !TEST_true(EVP_PKEY_keygen_init(gctx))
589 || !TEST_true(EVP_PKEY_CTX_set_params(gctx, params))
590 || !TEST_true(EVP_PKEY_keygen(gctx, &pkey)))
591 goto err;
592err:
593 EVP_PKEY_CTX_free(gctx);
594 return pkey;
595}
596
597/* Fail if we try to use a dh key */
598static int kem_invalid_keytype(void)
599{
600 int ret = 0;
601 EVP_PKEY *key = NULL;
602 EVP_PKEY_CTX *sctx = NULL;
603
604 if (!TEST_ptr(key = gen_dh_key()))
605 goto done;
606
607 if (!TEST_ptr(sctx = EVP_PKEY_CTX_new_from_pkey(libctx, key, NULL)))
608 goto done;
609 if (!TEST_int_eq(EVP_PKEY_encapsulate_init(sctx), -2))
610 goto done;
611
612 ret = 1;
613done:
614 EVP_PKEY_free(key);
615 EVP_PKEY_CTX_free(sctx);
616 return ret;
617}
618#endif /* OPENSSL_NO_DH */
619
63794b04
SL		 620int setup_tests(void)
621{
622 const char *prov_name = "default";
623 char *config_file = NULL;
624 OPTION_CHOICE o;
625
626 while ((o = opt_next()) != OPT_EOF) {
627 switch (o) {
628 case OPT_PROVIDER_NAME:
629 prov_name = opt_arg();
630 break;
631 case OPT_CONFIG_FILE:
632 config_file = opt_arg();
633 break;
634 case OPT_TEST_CASES:
635 break;
636 default:
637 case OPT_ERR:
638 return 0;
639 }
640 }
641
642 nullprov = OSSL_PROVIDER_load(NULL, "null");
643 if (!TEST_ptr(nullprov))
644 return 0;
645
646 libctx = OPENSSL_CTX_new();
647
648 if (!TEST_ptr(libctx))
649 return 0;
650
651 if (config_file != NULL) {
652 if (!TEST_true(OPENSSL_CTX_load_config(libctx, config_file)))
653 return 0;
654 }
655
656 libprov = OSSL_PROVIDER_load(libctx, prov_name);
657 if (!TEST_ptr(libprov))
658 return 0;
659
fcdd228b 660#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DH)
63794b04
SL		 661 ADD_ALL_TESTS(test_dsa_param_keygen, 3 * 3 * 3);
662#endif
663#ifndef OPENSSL_NO_DH
664 ADD_ALL_TESTS(test_dh_safeprime_param_keygen, 3 * 3 * 3);
116d2510 665 ADD_TEST(dhx_cert_load);
63794b04 666#endif
90409da6
SL		 667
668 if (!TEST_ptr(cipher_names = sk_OPENSSL_CSTRING_new(name_cmp)))
669 return 0;
670 EVP_CIPHER_do_all_provided(libctx, collect_cipher_names, cipher_names);
671
672 ADD_ALL_TESTS(test_cipher_reinit, sk_OPENSSL_CSTRING_num(cipher_names));
914f97ee
SL		 673 ADD_ALL_TESTS(test_cipher_reinit_partialupdate,
674 sk_OPENSSL_CSTRING_num(cipher_names));
80f4fd18
SL		 675 ADD_TEST(kem_rsa_gen_recover);
676 ADD_TEST(kem_rsa_params);
677#ifndef OPENSSL_NO_DH
678 ADD_TEST(kem_invalid_keytype);
679#endif
63794b04
SL		 680 return 1;
681}
682
683void cleanup_tests(void)
684{
90409da6 685 sk_OPENSSL_CSTRING_free(cipher_names);
63794b04
SL		 686 OSSL_PROVIDER_unload(libprov);
687 OPENSSL_CTX_free(libctx);
688 OSSL_PROVIDER_unload(nullprov);
689}
A mirror of the official openssl repository