]>
Commit | Line | Data |
---|---|---|
63794b04 SL |
1 | /* |
2 | * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. | |
3 | * | |
4 | * Licensed under the Apache License 2.0 (the "License"). You may not use | |
5 | * this file except in compliance with the License. You can obtain a copy | |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
8 | */ | |
9 | ||
10 | /* | |
11 | ||
12 | * These tests are setup to load null into the default library context. | |
13 | * Any tests are expected to use the created 'libctx' to find algorithms. | |
14 | * The framework runs the tests twice using the 'default' provider or | |
15 | * 'fips' provider as inputs. | |
16 | */ | |
17 | ||
18 | /* | |
19 | * DSA/DH low level APIs are deprecated for public use, but still ok for | |
20 | * internal use. | |
21 | */ | |
22 | #include "internal/deprecated.h" | |
23 | #include <openssl/evp.h> | |
24 | #include <openssl/provider.h> | |
25 | #include <openssl/dsa.h> | |
fcdd228b | 26 | #include <openssl/dh.h> |
90409da6 | 27 | #include <openssl/safestack.h> |
f49d4860 | 28 | #include <openssl/core_dispatch.h> |
80f4fd18 | 29 | #include <openssl/core_names.h> |
116d2510 | 30 | #include <openssl/x509.h> |
f49d4860 | 31 | #include <openssl/encoder.h> |
63794b04 SL |
32 | #include "testutil.h" |
33 | #include "internal/nelem.h" | |
90409da6 SL |
34 | #include "crypto/bn_dh.h" /* _bignum_ffdhe2048_p */ |
35 | #include "../e_os.h" /* strcasecmp */ | |
36 | ||
b4250010 | 37 | static OSSL_LIB_CTX *libctx = NULL; |
63794b04 SL |
38 | static OSSL_PROVIDER *nullprov = NULL; |
39 | static OSSL_PROVIDER *libprov = NULL; | |
90409da6 | 40 | static STACK_OF(OPENSSL_CSTRING) *cipher_names = NULL; |
63794b04 SL |
41 | |
42 | typedef enum OPTION_choice { | |
43 | OPT_ERR = -1, | |
44 | OPT_EOF = 0, | |
45 | OPT_CONFIG_FILE, | |
46 | OPT_PROVIDER_NAME, | |
47 | OPT_TEST_ENUM | |
48 | } OPTION_CHOICE; | |
49 | ||
50 | const OPTIONS *test_get_options(void) | |
51 | { | |
52 | static const OPTIONS test_options[] = { | |
53 | OPT_TEST_OPTIONS_DEFAULT_USAGE, | |
54 | { "config", OPT_CONFIG_FILE, '<', | |
55 | "The configuration file to use for the libctx" }, | |
56 | { "provider", OPT_PROVIDER_NAME, 's', | |
57 | "The provider to load (The default value is 'default'" }, | |
58 | { NULL } | |
59 | }; | |
60 | return test_options; | |
61 | } | |
62 | ||
fcdd228b | 63 | #ifndef OPENSSL_NO_DH |
63794b04 SL |
64 | static const char *getname(int id) |
65 | { | |
66 | const char *name[] = {"p", "q", "g" }; | |
67 | ||
68 | if (id >= 0 && id < 3) | |
69 | return name[id]; | |
70 | return "?"; | |
71 | } | |
72 | #endif | |
73 | ||
fcdd228b MC |
74 | /* |
75 | * We're using some DH specific values in this test, so we skip compilation if | |
76 | * we're in a no-dh build. | |
77 | */ | |
78 | #if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DH) | |
63794b04 SL |
79 | |
80 | static int test_dsa_param_keygen(int tstid) | |
81 | { | |
82 | int ret = 0; | |
83 | int expected; | |
84 | EVP_PKEY_CTX *gen_ctx = NULL; | |
85 | EVP_PKEY *pkey_parm = NULL; | |
86 | EVP_PKEY *pkey = NULL; | |
87 | DSA *dsa = NULL; | |
88 | int pind, qind, gind; | |
89 | BIGNUM *p = NULL, *q = NULL, *g = NULL; | |
90 | ||
91 | /* | |
92 | * Just grab some fixed dh p, q, g values for testing, | |
93 | * these 'safe primes' should not be used normally for dsa *. | |
94 | */ | |
95 | static const BIGNUM *bn[] = { | |
96 | &_bignum_dh2048_256_p, &_bignum_dh2048_256_q, &_bignum_dh2048_256_g | |
97 | }; | |
98 | ||
99 | /* | |
100 | * These tests are using bad values for p, q, g by reusing the values. | |
101 | * A value of 0 uses p, 1 uses q and 2 uses g. | |
102 | * There are 27 different combinations, with only the 1 valid combination. | |
103 | */ | |
104 | pind = tstid / 9; | |
105 | qind = (tstid / 3) % 3; | |
106 | gind = tstid % 3; | |
107 | expected = (pind == 0 && qind == 1 && gind == 2); | |
108 | ||
109 | TEST_note("Testing with (p, q, g) = (%s, %s, %s)\n", getname(pind), | |
110 | getname(qind), getname(gind)); | |
111 | ||
112 | if (!TEST_ptr(pkey_parm = EVP_PKEY_new()) | |
113 | || !TEST_ptr(dsa = DSA_new()) | |
114 | || !TEST_ptr(p = BN_dup(bn[pind])) | |
115 | || !TEST_ptr(q = BN_dup(bn[qind])) | |
116 | || !TEST_ptr(g = BN_dup(bn[gind])) | |
117 | || !TEST_true(DSA_set0_pqg(dsa, p, q, g))) | |
118 | goto err; | |
119 | p = q = g = NULL; | |
120 | ||
121 | if (!TEST_true(EVP_PKEY_assign_DSA(pkey_parm, dsa))) | |
122 | goto err; | |
123 | dsa = NULL; | |
124 | ||
125 | if (!TEST_ptr(gen_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey_parm, NULL)) | |
126 | || !TEST_int_gt(EVP_PKEY_keygen_init(gen_ctx), 0) | |
127 | || !TEST_int_eq(EVP_PKEY_keygen(gen_ctx, &pkey), expected)) | |
128 | goto err; | |
129 | ret = 1; | |
130 | err: | |
131 | EVP_PKEY_free(pkey); | |
132 | EVP_PKEY_CTX_free(gen_ctx); | |
133 | EVP_PKEY_free(pkey_parm); | |
134 | DSA_free(dsa); | |
135 | BN_free(g); | |
136 | BN_free(q); | |
137 | BN_free(p); | |
138 | return ret; | |
139 | } | |
140 | #endif /* OPENSSL_NO_DSA */ | |
141 | ||
142 | #ifndef OPENSSL_NO_DH | |
143 | static int do_dh_param_keygen(int tstid, const BIGNUM **bn) | |
144 | { | |
145 | int ret = 0; | |
146 | int expected; | |
147 | EVP_PKEY_CTX *gen_ctx = NULL; | |
148 | EVP_PKEY *pkey_parm = NULL; | |
149 | EVP_PKEY *pkey = NULL; | |
150 | DH *dh = NULL; | |
151 | int pind, qind, gind; | |
152 | BIGNUM *p = NULL, *q = NULL, *g = NULL; | |
153 | ||
154 | /* | |
155 | * These tests are using bad values for p, q, g by reusing the values. | |
156 | * A value of 0 uses p, 1 uses q and 2 uses g. | |
157 | * There are 27 different combinations, with only the 1 valid combination. | |
158 | */ | |
159 | pind = tstid / 9; | |
160 | qind = (tstid / 3) % 3; | |
161 | gind = tstid % 3; | |
162 | expected = (pind == 0 && qind == 1 && gind == 2); | |
163 | ||
164 | TEST_note("Testing with (p, q, g) = (%s, %s, %s)", getname(pind), | |
165 | getname(qind), getname(gind)); | |
166 | ||
167 | if (!TEST_ptr(pkey_parm = EVP_PKEY_new()) | |
168 | || !TEST_ptr(dh = DH_new()) | |
169 | || !TEST_ptr(p = BN_dup(bn[pind])) | |
170 | || !TEST_ptr(q = BN_dup(bn[qind])) | |
171 | || !TEST_ptr(g = BN_dup(bn[gind])) | |
172 | || !TEST_true(DH_set0_pqg(dh, p, q, g))) | |
173 | goto err; | |
174 | p = q = g = NULL; | |
175 | ||
176 | if (!TEST_true(EVP_PKEY_assign_DH(pkey_parm, dh))) | |
177 | goto err; | |
178 | dh = NULL; | |
179 | ||
180 | if (!TEST_ptr(gen_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey_parm, NULL)) | |
181 | || !TEST_int_gt(EVP_PKEY_keygen_init(gen_ctx), 0) | |
182 | || !TEST_int_eq(EVP_PKEY_keygen(gen_ctx, &pkey), expected)) | |
183 | goto err; | |
184 | ret = 1; | |
185 | err: | |
186 | EVP_PKEY_free(pkey); | |
187 | EVP_PKEY_CTX_free(gen_ctx); | |
188 | EVP_PKEY_free(pkey_parm); | |
189 | DH_free(dh); | |
190 | BN_free(g); | |
191 | BN_free(q); | |
192 | BN_free(p); | |
193 | return ret; | |
194 | } | |
195 | ||
196 | /* | |
197 | * Note that we get the fips186-4 path being run for most of these cases since | |
198 | * the internal code will detect that the p, q, g does not match a safe prime | |
199 | * group (Except for when tstid = 5, which sets the correct p, q, g) | |
200 | */ | |
201 | static int test_dh_safeprime_param_keygen(int tstid) | |
202 | { | |
203 | static const BIGNUM *bn[] = { | |
204 | &_bignum_ffdhe2048_p, &_bignum_ffdhe2048_q, &_bignum_const_2 | |
205 | }; | |
206 | return do_dh_param_keygen(tstid, bn); | |
207 | } | |
116d2510 SL |
208 | |
209 | static int dhx_cert_load(void) | |
210 | { | |
211 | int ret = 0; | |
212 | X509 *cert = NULL; | |
213 | BIO *bio = NULL; | |
214 | ||
215 | static const unsigned char dhx_cert[] = { | |
216 | 0x30,0x82,0x03,0xff,0x30,0x82,0x02,0xe7,0xa0,0x03,0x02,0x01,0x02,0x02,0x09,0x00, | |
217 | 0xdb,0xf5,0x4d,0x22,0xa0,0x7a,0x67,0xa6,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86, | |
218 | 0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x30,0x44,0x31,0x0b,0x30,0x09,0x06,0x03,0x55, | |
219 | 0x04,0x06,0x13,0x02,0x55,0x4b,0x31,0x16,0x30,0x14,0x06,0x03,0x55,0x04,0x0a,0x0c, | |
220 | 0x0d,0x4f,0x70,0x65,0x6e,0x53,0x53,0x4c,0x20,0x47,0x72,0x6f,0x75,0x70,0x31,0x1d, | |
221 | 0x30,0x1b,0x06,0x03,0x55,0x04,0x03,0x0c,0x14,0x54,0x65,0x73,0x74,0x20,0x53,0x2f, | |
222 | 0x4d,0x49,0x4d,0x45,0x20,0x52,0x53,0x41,0x20,0x52,0x6f,0x6f,0x74,0x30,0x1e,0x17, | |
223 | 0x0d,0x31,0x33,0x30,0x38,0x30,0x32,0x31,0x34,0x34,0x39,0x32,0x39,0x5a,0x17,0x0d, | |
224 | 0x32,0x33,0x30,0x36,0x31,0x31,0x31,0x34,0x34,0x39,0x32,0x39,0x5a,0x30,0x44,0x31, | |
225 | 0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x4b,0x31,0x16,0x30,0x14, | |
226 | 0x06,0x03,0x55,0x04,0x0a,0x0c,0x0d,0x4f,0x70,0x65,0x6e,0x53,0x53,0x4c,0x20,0x47, | |
227 | 0x72,0x6f,0x75,0x70,0x31,0x1d,0x30,0x1b,0x06,0x03,0x55,0x04,0x03,0x0c,0x14,0x54, | |
228 | 0x65,0x73,0x74,0x20,0x53,0x2f,0x4d,0x49,0x4d,0x45,0x20,0x45,0x45,0x20,0x44,0x48, | |
229 | 0x20,0x23,0x31,0x30,0x82,0x01,0xb6,0x30,0x82,0x01,0x2b,0x06,0x07,0x2a,0x86,0x48, | |
230 | 0xce,0x3e,0x02,0x01,0x30,0x82,0x01,0x1e,0x02,0x81,0x81,0x00,0xd4,0x0c,0x4a,0x0c, | |
231 | 0x04,0x72,0x71,0x19,0xdf,0x59,0x19,0xc5,0xaf,0x44,0x7f,0xca,0x8e,0x2b,0xf0,0x09, | |
232 | 0xf5,0xd3,0x25,0xb1,0x73,0x16,0x55,0x89,0xdf,0xfd,0x07,0xaf,0x19,0xd3,0x7f,0xd0, | |
233 | 0x07,0xa2,0xfe,0x3f,0x5a,0xf1,0x01,0xc6,0xf8,0x2b,0xef,0x4e,0x6d,0x03,0x38,0x42, | |
234 | 0xa1,0x37,0xd4,0x14,0xb4,0x00,0x4a,0xb1,0x86,0x5a,0x83,0xce,0xb9,0x08,0x0e,0xc1, | |
235 | 0x99,0x27,0x47,0x8d,0x0b,0x85,0xa8,0x82,0xed,0xcc,0x0d,0xb9,0xb0,0x32,0x7e,0xdf, | |
236 | 0xe8,0xe4,0xf6,0xf6,0xec,0xb3,0xee,0x7a,0x11,0x34,0x65,0x97,0xfc,0x1a,0xb0,0x95, | |
237 | 0x4b,0x19,0xb9,0xa6,0x1c,0xd9,0x01,0x32,0xf7,0x35,0x7c,0x2d,0x5d,0xfe,0xc1,0x85, | |
238 | 0x70,0x49,0xf8,0xcc,0x99,0xd0,0xbe,0xf1,0x5a,0x78,0xc8,0x03,0x02,0x81,0x80,0x69, | |
239 | 0x00,0xfd,0x66,0xf2,0xfc,0x15,0x8b,0x09,0xb8,0xdc,0x4d,0xea,0xaa,0x79,0x55,0xf9, | |
240 | 0xdf,0x46,0xa6,0x2f,0xca,0x2d,0x8f,0x59,0x2a,0xad,0x44,0xa3,0xc6,0x18,0x2f,0x95, | |
241 | 0xb6,0x16,0x20,0xe3,0xd3,0xd1,0x8f,0x03,0xce,0x71,0x7c,0xef,0x3a,0xc7,0x44,0x39, | |
242 | 0x0e,0xe2,0x1f,0xd8,0xd3,0x89,0x2b,0xe7,0x51,0xdc,0x12,0x48,0x4c,0x18,0x4d,0x99, | |
243 | 0x12,0x06,0xe4,0x17,0x02,0x03,0x8c,0x24,0x05,0x8e,0xa6,0x85,0xf2,0x69,0x1b,0xe1, | |
244 | 0x6a,0xdc,0xe2,0x04,0x3a,0x01,0x9d,0x64,0xbe,0xfe,0x45,0xf9,0x44,0x18,0x71,0xbd, | |
245 | 0x2d,0x3e,0x7a,0x6f,0x72,0x7d,0x1a,0x80,0x42,0x57,0xae,0x18,0x6f,0x91,0xd6,0x61, | |
246 | 0x03,0x8a,0x1c,0x89,0x73,0xc7,0x56,0x41,0x03,0xd3,0xf8,0xed,0x65,0xe2,0x85,0x02, | |
247 | 0x15,0x00,0x89,0x94,0xab,0x10,0x67,0x45,0x41,0xad,0x63,0xc6,0x71,0x40,0x8d,0x6b, | |
248 | 0x9e,0x19,0x5b,0xa4,0xc7,0xf5,0x03,0x81,0x84,0x00,0x02,0x81,0x80,0x2f,0x5b,0xde, | |
249 | 0x72,0x02,0x36,0x6b,0x00,0x5e,0x24,0x7f,0x14,0x2c,0x18,0x52,0x42,0x97,0x4b,0xdb, | |
250 | 0x6e,0x15,0x50,0x3c,0x45,0x3e,0x25,0xf3,0xb7,0xc5,0x6e,0xe5,0x52,0xe7,0xc4,0xfb, | |
251 | 0xf4,0xa5,0xf0,0x39,0x12,0x7f,0xbc,0x54,0x1c,0x93,0xb9,0x5e,0xee,0xe9,0x14,0xb0, | |
252 | 0xdf,0xfe,0xfc,0x36,0xe4,0xf2,0xaf,0xfb,0x13,0xc8,0xdf,0x18,0x94,0x1d,0x40,0xb9, | |
253 | 0x71,0xdd,0x4c,0x9c,0xa7,0x03,0x52,0x02,0xb5,0xed,0x71,0x80,0x3e,0x23,0xda,0x28, | |
254 | 0xe5,0xab,0xe7,0x6f,0xf2,0x0a,0x0e,0x00,0x5b,0x7d,0xc6,0x4b,0xd7,0xc7,0xb2,0xc3, | |
255 | 0xba,0x62,0x7f,0x70,0x28,0xa0,0x9d,0x71,0x13,0x70,0xd1,0x9f,0x32,0x2f,0x3e,0xd2, | |
256 | 0xcd,0x1b,0xa4,0xc6,0x72,0xa0,0x74,0x5d,0x71,0xef,0x03,0x43,0x6e,0xa3,0x60,0x30, | |
257 | 0x5e,0x30,0x0c,0x06,0x03,0x55,0x1d,0x13,0x01,0x01,0xff,0x04,0x02,0x30,0x00,0x30, | |
258 | 0x0e,0x06,0x03,0x55,0x1d,0x0f,0x01,0x01,0xff,0x04,0x04,0x03,0x02,0x05,0xe0,0x30, | |
259 | 0x1d,0x06,0x03,0x55,0x1d,0x0e,0x04,0x16,0x04,0x14,0x0b,0x5a,0x4d,0x5f,0x7d,0x25, | |
260 | 0xc7,0xf2,0x9d,0xc1,0xaa,0xb7,0x63,0x82,0x2f,0xfa,0x8f,0x32,0xe7,0xc0,0x30,0x1f, | |
261 | 0x06,0x03,0x55,0x1d,0x23,0x04,0x18,0x30,0x16,0x80,0x14,0xdf,0x7e,0x5e,0x88,0x05, | |
262 | 0x24,0x33,0x08,0xdd,0x22,0x81,0x02,0x97,0xcc,0x9a,0xb7,0xb1,0x33,0x27,0x30,0x30, | |
263 | 0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x03,0x82, | |
264 | 0x01,0x01,0x00,0x5a,0xf2,0x63,0xef,0xd3,0x16,0xd7,0xf5,0xaa,0xdd,0x12,0x00,0x36, | |
265 | 0x00,0x21,0xa2,0x7b,0x08,0xd6,0x3b,0x9f,0x62,0xac,0x53,0x1f,0xed,0x4c,0xd1,0x15, | |
266 | 0x34,0x65,0x71,0xee,0x96,0x07,0xa6,0xef,0xb2,0xde,0xd8,0xbb,0x35,0x6e,0x2c,0xe2, | |
267 | 0xd1,0x26,0xef,0x7e,0x94,0xe2,0x88,0x51,0xa4,0x6c,0xaa,0x27,0x2a,0xd3,0xb6,0xc2, | |
268 | 0xf7,0xea,0xc3,0x0b,0xa9,0xb5,0x28,0x37,0xa2,0x63,0x08,0xe4,0x88,0xc0,0x1b,0x16, | |
269 | 0x1b,0xca,0xfd,0x8a,0x07,0x32,0x29,0xa7,0x53,0xb5,0x2d,0x30,0xe4,0xf5,0x16,0xc3, | |
270 | 0xe3,0xc2,0x4c,0x30,0x5d,0x35,0x80,0x1c,0xa2,0xdb,0xe3,0x4b,0x51,0x0d,0x4c,0x60, | |
271 | 0x5f,0xb9,0x46,0xac,0xa8,0x46,0xa7,0x32,0xa7,0x9c,0x76,0xf8,0xe9,0xb5,0x19,0xe2, | |
272 | 0x0c,0xe1,0x0f,0xc6,0x46,0xe2,0x38,0xa7,0x87,0x72,0x6d,0x6c,0xbc,0x88,0x2f,0x9d, | |
273 | 0x2d,0xe5,0xd0,0x7d,0x1e,0xc7,0x5d,0xf8,0x7e,0xb4,0x0b,0xa6,0xf9,0x6c,0xe3,0x7c, | |
274 | 0xb2,0x70,0x6e,0x75,0x9b,0x1e,0x63,0xe1,0x4d,0xb2,0x81,0xd3,0x55,0x38,0x94,0x1a, | |
275 | 0x7a,0xfa,0xbf,0x01,0x18,0x70,0x2d,0x35,0xd3,0xe3,0x10,0x7a,0x9a,0xa7,0x8f,0xf3, | |
276 | 0xbd,0x56,0x55,0x5e,0xd8,0xbd,0x4e,0x16,0x76,0xd0,0x48,0x4c,0xf9,0x51,0x54,0xdf, | |
277 | 0x2d,0xb0,0xc9,0xaa,0x5e,0x42,0x38,0x50,0xbf,0x0f,0xc0,0xd9,0x84,0x44,0x4b,0x42, | |
278 | 0x24,0xec,0x14,0xa3,0xde,0x11,0xdf,0x58,0x7f,0xc2,0x4d,0xb2,0xd5,0x42,0x78,0x6e, | |
279 | 0x52,0x3e,0xad,0xc3,0x5f,0x04,0xc4,0xe6,0x31,0xaa,0x81,0x06,0x8b,0x13,0x4b,0x3c, | |
280 | 0x0e,0x6a,0xb1 | |
281 | }; | |
282 | ||
283 | if (!TEST_ptr(bio = BIO_new_mem_buf(dhx_cert, sizeof(dhx_cert))) | |
d8652be0 | 284 | || !TEST_ptr(cert = X509_new_ex(libctx, NULL)) |
116d2510 SL |
285 | || !TEST_ptr(d2i_X509_bio(bio, &cert))) |
286 | goto err; | |
287 | ret = 1; | |
288 | err: | |
289 | X509_free(cert); | |
290 | BIO_free(bio); | |
291 | return ret; | |
292 | } | |
293 | ||
63794b04 SL |
294 | #endif /* OPENSSL_NO_DH */ |
295 | ||
90409da6 SL |
296 | static int test_cipher_reinit(int test_id) |
297 | { | |
298 | int ret = 0, out1_len = 0, out2_len = 0, diff, ccm; | |
299 | EVP_CIPHER *cipher = NULL; | |
300 | EVP_CIPHER_CTX *ctx = NULL; | |
301 | unsigned char out1[256]; | |
302 | unsigned char out2[256]; | |
303 | unsigned char in[16] = { | |
304 | 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, | |
305 | 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10 | |
306 | }; | |
307 | unsigned char key[64] = { | |
308 | 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, | |
309 | 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, | |
310 | 0x01, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, | |
311 | 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, | |
312 | 0x02, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, | |
313 | 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, | |
314 | 0x03, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, | |
315 | 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, | |
316 | }; | |
317 | unsigned char iv[16] = { | |
318 | 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08, | |
319 | 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00 | |
320 | }; | |
321 | const char *name = sk_OPENSSL_CSTRING_value(cipher_names, test_id); | |
322 | ||
323 | if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) | |
324 | goto err; | |
325 | ||
326 | TEST_note("Fetching %s\n", name); | |
327 | if (!TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, name, NULL))) | |
328 | goto err; | |
329 | ||
330 | /* ccm fails on the second update - this matches OpenSSL 1_1_1 behaviour */ | |
331 | ccm = (EVP_CIPHER_mode(cipher) == EVP_CIPH_CCM_MODE); | |
332 | ||
333 | /* DES3-WRAP uses random every update - so it will give a different value */ | |
334 | diff = EVP_CIPHER_is_a(cipher, "DES3-WRAP"); | |
335 | ||
336 | if (!TEST_true(EVP_EncryptInit_ex(ctx, cipher, NULL, key, iv)) | |
337 | || !TEST_true(EVP_EncryptUpdate(ctx, out1, &out1_len, in, sizeof(in))) | |
338 | || !TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv)) | |
339 | || !TEST_int_eq(EVP_EncryptUpdate(ctx, out2, &out2_len, in, sizeof(in)), | |
340 | ccm ? 0 : 1)) | |
341 | goto err; | |
342 | ||
343 | if (ccm == 0) { | |
344 | if (diff) { | |
345 | if (!TEST_mem_ne(out1, out1_len, out2, out2_len)) | |
346 | goto err; | |
347 | } else { | |
348 | if (!TEST_mem_eq(out1, out1_len, out2, out2_len)) | |
349 | goto err; | |
350 | } | |
351 | } | |
352 | ret = 1; | |
353 | err: | |
354 | EVP_CIPHER_free(cipher); | |
355 | EVP_CIPHER_CTX_free(ctx); | |
356 | return ret; | |
357 | } | |
358 | ||
914f97ee SL |
359 | /* |
360 | * This test only uses a partial block (half the block size) of input for each | |
361 | * EVP_EncryptUpdate() in order to test that the second init/update is not using | |
362 | * a leftover buffer from the first init/update. | |
363 | * Note: some ciphers don't need a full block to produce output. | |
364 | */ | |
365 | static int test_cipher_reinit_partialupdate(int test_id) | |
366 | { | |
367 | int ret = 0, out1_len = 0, out2_len = 0, in_len; | |
368 | EVP_CIPHER *cipher = NULL; | |
369 | EVP_CIPHER_CTX *ctx = NULL; | |
370 | unsigned char out1[256]; | |
371 | unsigned char out2[256]; | |
372 | static const unsigned char in[32] = { | |
373 | 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, | |
374 | 0xba, 0xbe, 0xba, 0xbe, 0x00, 0x00, 0xba, 0xbe, | |
375 | 0x01, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, | |
376 | 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, | |
377 | }; | |
378 | static const unsigned char key[64] = { | |
379 | 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, | |
380 | 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, | |
381 | 0x01, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, | |
382 | 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, | |
383 | 0x02, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, | |
384 | 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, | |
385 | 0x03, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, | |
386 | 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, | |
387 | }; | |
388 | static const unsigned char iv[16] = { | |
389 | 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08, | |
390 | 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00 | |
391 | }; | |
392 | const char *name = sk_OPENSSL_CSTRING_value(cipher_names, test_id); | |
393 | ||
394 | if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) | |
395 | goto err; | |
396 | ||
397 | TEST_note("Fetching %s\n", name); | |
398 | if (!TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, name, NULL))) | |
399 | goto err; | |
400 | ||
401 | in_len = EVP_CIPHER_block_size(cipher) / 2; | |
402 | ||
403 | /* skip any ciphers that don't allow partial updates */ | |
404 | if (((EVP_CIPHER_flags(cipher) | |
405 | & (EVP_CIPH_FLAG_CTS | EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK)) != 0) | |
406 | || EVP_CIPHER_mode(cipher) == EVP_CIPH_CCM_MODE | |
407 | || EVP_CIPHER_mode(cipher) == EVP_CIPH_XTS_MODE | |
408 | || EVP_CIPHER_mode(cipher) == EVP_CIPH_WRAP_MODE) { | |
409 | ret = 1; | |
410 | goto err; | |
411 | } | |
412 | ||
413 | if (!TEST_true(EVP_EncryptInit_ex(ctx, cipher, NULL, key, iv)) | |
414 | || !TEST_true(EVP_EncryptUpdate(ctx, out1, &out1_len, in, in_len)) | |
415 | || !TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv)) | |
416 | || !TEST_true(EVP_EncryptUpdate(ctx, out2, &out2_len, in, in_len))) | |
417 | goto err; | |
418 | ||
419 | /* DES3-WRAP uses random every update - so it will give a different value */ | |
420 | if (EVP_CIPHER_is_a(cipher, "DES3-WRAP")) { | |
421 | if (!TEST_mem_ne(out1, out1_len, out2, out2_len)) | |
422 | goto err; | |
423 | } else { | |
424 | if (!TEST_mem_eq(out1, out1_len, out2, out2_len)) | |
425 | goto err; | |
426 | } | |
427 | ret = 1; | |
428 | err: | |
429 | EVP_CIPHER_free(cipher); | |
430 | EVP_CIPHER_CTX_free(ctx); | |
431 | return ret; | |
432 | } | |
433 | ||
434 | ||
90409da6 SL |
435 | static int name_cmp(const char * const *a, const char * const *b) |
436 | { | |
437 | return strcasecmp(*a, *b); | |
438 | } | |
439 | ||
440 | static void collect_cipher_names(EVP_CIPHER *cipher, void *cipher_names_list) | |
441 | { | |
442 | STACK_OF(OPENSSL_CSTRING) *names = cipher_names_list; | |
443 | ||
444 | sk_OPENSSL_CSTRING_push(names, EVP_CIPHER_name(cipher)); | |
445 | } | |
446 | ||
80f4fd18 SL |
447 | static int rsa_keygen(int bits, EVP_PKEY **pub, EVP_PKEY **priv) |
448 | { | |
449 | int ret = 0; | |
450 | EVP_PKEY_CTX *keygen_ctx = NULL; | |
451 | unsigned char *pub_der = NULL; | |
452 | const unsigned char *pp = NULL; | |
f49d4860 RL |
453 | size_t len = 0; |
454 | OSSL_ENCODER_CTX *ectx = NULL; | |
80f4fd18 SL |
455 | |
456 | if (!TEST_ptr(keygen_ctx = EVP_PKEY_CTX_new_from_name(libctx, "RSA", NULL)) | |
457 | || !TEST_int_gt(EVP_PKEY_keygen_init(keygen_ctx), 0) | |
458 | || !TEST_true(EVP_PKEY_CTX_set_rsa_keygen_bits(keygen_ctx, bits)) | |
459 | || !TEST_int_gt(EVP_PKEY_keygen(keygen_ctx, priv), 0) | |
f49d4860 RL |
460 | || !TEST_ptr(ectx = |
461 | OSSL_ENCODER_CTX_new_by_EVP_PKEY(*priv, | |
462 | EVP_PKEY_PUBLIC_KEY, | |
463 | "DER", "type-specific", | |
b03da688 | 464 | NULL)) |
f49d4860 | 465 | || !TEST_true(OSSL_ENCODER_to_data(ectx, &pub_der, &len))) |
80f4fd18 SL |
466 | goto err; |
467 | pp = pub_der; | |
468 | if (!TEST_ptr(d2i_PublicKey(EVP_PKEY_RSA, pub, &pp, len))) | |
469 | goto err; | |
470 | ret = 1; | |
471 | err: | |
f49d4860 | 472 | OSSL_ENCODER_CTX_free(ectx); |
80f4fd18 SL |
473 | OPENSSL_free(pub_der); |
474 | EVP_PKEY_CTX_free(keygen_ctx); | |
475 | return ret; | |
476 | } | |
477 | ||
478 | static int kem_rsa_gen_recover(void) | |
479 | { | |
480 | int ret = 0; | |
481 | EVP_PKEY *pub = NULL; | |
482 | EVP_PKEY *priv = NULL; | |
483 | EVP_PKEY_CTX *sctx = NULL, *rctx = NULL; | |
484 | unsigned char secret[256] = { 0, }; | |
485 | unsigned char ct[256] = { 0, }; | |
486 | unsigned char unwrap[256] = { 0, }; | |
487 | size_t ctlen = 0, unwraplen = 0, secretlen = 0; | |
488 | ||
489 | ret = TEST_true(rsa_keygen(2048, &pub, &priv)) | |
490 | && TEST_ptr(sctx = EVP_PKEY_CTX_new_from_pkey(libctx, pub, NULL)) | |
491 | && TEST_int_eq(EVP_PKEY_encapsulate_init(sctx), 1) | |
492 | && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(sctx, "RSASVE"), 1) | |
493 | && TEST_int_eq(EVP_PKEY_encapsulate(sctx, NULL, &ctlen, NULL, | |
494 | &secretlen), 1) | |
495 | && TEST_int_eq(ctlen, secretlen) | |
496 | && TEST_int_eq(ctlen, 2048 / 8) | |
497 | && TEST_int_eq(EVP_PKEY_encapsulate(sctx, ct, &ctlen, secret, | |
498 | &secretlen), 1) | |
499 | && TEST_ptr(rctx = EVP_PKEY_CTX_new_from_pkey(libctx, priv, NULL)) | |
500 | && TEST_int_eq(EVP_PKEY_decapsulate_init(rctx), 1) | |
501 | && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(rctx, "RSASVE"), 1) | |
502 | && TEST_int_eq(EVP_PKEY_decapsulate(rctx, NULL, &unwraplen, | |
503 | ct, ctlen), 1) | |
504 | && TEST_int_eq(EVP_PKEY_decapsulate(rctx, unwrap, &unwraplen, | |
505 | ct, ctlen), 1) | |
506 | && TEST_mem_eq(unwrap, unwraplen, secret, secretlen); | |
507 | EVP_PKEY_free(pub); | |
508 | EVP_PKEY_free(priv); | |
509 | EVP_PKEY_CTX_free(rctx); | |
510 | EVP_PKEY_CTX_free(sctx); | |
511 | return ret; | |
512 | } | |
513 | ||
514 | static int kem_rsa_params(void) | |
515 | { | |
516 | int ret = 0; | |
517 | EVP_PKEY *pub = NULL; | |
518 | EVP_PKEY *priv = NULL; | |
519 | EVP_PKEY_CTX *pubctx = NULL, *privctx = NULL; | |
520 | unsigned char secret[256] = { 0, }; | |
521 | unsigned char ct[256] = { 0, }; | |
522 | size_t ctlen = 0, secretlen = 0; | |
523 | ||
524 | ret = TEST_true(rsa_keygen(2048, &pub, &priv)) | |
525 | && TEST_ptr(pubctx = EVP_PKEY_CTX_new_from_pkey(libctx, pub, NULL)) | |
526 | && TEST_ptr(privctx = EVP_PKEY_CTX_new_from_pkey(libctx, priv, NULL)) | |
527 | /* Test setting kem op before the init fails */ | |
528 | && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx, "RSASVE"), -2) | |
529 | /* Test NULL ctx passed */ | |
530 | && TEST_int_eq(EVP_PKEY_encapsulate_init(NULL), 0) | |
531 | && TEST_int_eq(EVP_PKEY_encapsulate(NULL, NULL, NULL, NULL, NULL), 0) | |
532 | && TEST_int_eq(EVP_PKEY_decapsulate_init(NULL), 0) | |
533 | && TEST_int_eq(EVP_PKEY_decapsulate(NULL, NULL, NULL, NULL, 0), 0) | |
534 | /* Test Invalid operation */ | |
535 | && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, NULL, NULL, NULL), -1) | |
536 | && TEST_int_eq(EVP_PKEY_decapsulate(privctx, NULL, NULL, NULL, 0), 0) | |
537 | /* Wrong key component - no secret should be returned on failure */ | |
538 | && TEST_int_eq(EVP_PKEY_decapsulate_init(pubctx), 1) | |
539 | && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx, "RSASVE"), 1) | |
540 | && TEST_int_eq(EVP_PKEY_decapsulate(pubctx, secret, &secretlen, ct, | |
541 | sizeof(ct)), 0) | |
542 | && TEST_uchar_eq(secret[0], 0) | |
543 | /* Test encapsulate fails if the mode is not set */ | |
544 | && TEST_int_eq(EVP_PKEY_encapsulate_init(pubctx), 1) | |
545 | && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, ct, &ctlen, secret, &secretlen), -2) | |
546 | /* Test setting a bad kem ops fail */ | |
547 | && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx, "RSA"), 0) | |
548 | && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx, NULL), 0) | |
549 | && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(NULL, "RSASVE"), 0) | |
550 | && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(NULL, NULL), 0) | |
551 | /* Test secretlen is optional */ | |
552 | && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx, "RSASVE"), 1) | |
553 | && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, ct, &ctlen, secret, NULL), 1) | |
554 | && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, &ctlen, NULL, NULL), 1) | |
555 | /* Test outlen is optional */ | |
556 | && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, NULL, NULL, &secretlen), 1) | |
557 | && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, ct, NULL, secret, &secretlen), 1) | |
558 | /* test that either len must be set if out is NULL */ | |
559 | && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, NULL, NULL, NULL), 0) | |
560 | && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, &ctlen, NULL, NULL), 1) | |
561 | && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, NULL, NULL, &secretlen), 1) | |
562 | && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, &ctlen, NULL, &secretlen), 1) | |
563 | /* Secret buffer should be set if there is an output buffer */ | |
564 | && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, ct, &ctlen, NULL, NULL), 0) | |
565 | /* Test that lengths are optional if ct is not NULL */ | |
566 | && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, ct, NULL, secret, NULL), 1) | |
567 | /* Pass if secret or secret length are not NULL */ | |
568 | && TEST_int_eq(EVP_PKEY_decapsulate_init(privctx), 1) | |
569 | && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(privctx, "RSASVE"), 1) | |
570 | && TEST_int_eq(EVP_PKEY_decapsulate(privctx, secret, NULL, ct, sizeof(ct)), 1) | |
571 | && TEST_int_eq(EVP_PKEY_decapsulate(privctx, NULL, &secretlen, ct, sizeof(ct)), 1) | |
572 | && TEST_int_eq(secretlen, 256) | |
573 | /* Fail if passed NULL arguments */ | |
574 | && TEST_int_eq(EVP_PKEY_decapsulate(privctx, NULL, NULL, ct, sizeof(ct)), 0) | |
575 | && TEST_int_eq(EVP_PKEY_decapsulate(privctx, secret, &secretlen, NULL, 0), 0) | |
576 | && TEST_int_eq(EVP_PKEY_decapsulate(privctx, secret, &secretlen, NULL, sizeof(ct)), 0) | |
577 | && TEST_int_eq(EVP_PKEY_decapsulate(privctx, secret, &secretlen, ct, 0), 0); | |
578 | ||
579 | EVP_PKEY_free(pub); | |
580 | EVP_PKEY_free(priv); | |
581 | EVP_PKEY_CTX_free(pubctx); | |
582 | EVP_PKEY_CTX_free(privctx); | |
583 | return ret; | |
584 | } | |
585 | ||
586 | #ifndef OPENSSL_NO_DH | |
587 | static EVP_PKEY *gen_dh_key(void) | |
588 | { | |
589 | EVP_PKEY_CTX *gctx = NULL; | |
590 | EVP_PKEY *pkey = NULL; | |
591 | OSSL_PARAM params[2]; | |
592 | ||
593 | params[0] = OSSL_PARAM_construct_utf8_string("group", "ffdhe2048", 0); | |
594 | params[1] = OSSL_PARAM_construct_end(); | |
595 | ||
596 | if (!TEST_ptr(gctx = EVP_PKEY_CTX_new_from_name(libctx, "DH", NULL)) | |
597 | || !TEST_true(EVP_PKEY_keygen_init(gctx)) | |
598 | || !TEST_true(EVP_PKEY_CTX_set_params(gctx, params)) | |
599 | || !TEST_true(EVP_PKEY_keygen(gctx, &pkey))) | |
600 | goto err; | |
601 | err: | |
602 | EVP_PKEY_CTX_free(gctx); | |
603 | return pkey; | |
604 | } | |
605 | ||
606 | /* Fail if we try to use a dh key */ | |
607 | static int kem_invalid_keytype(void) | |
608 | { | |
609 | int ret = 0; | |
610 | EVP_PKEY *key = NULL; | |
611 | EVP_PKEY_CTX *sctx = NULL; | |
612 | ||
613 | if (!TEST_ptr(key = gen_dh_key())) | |
614 | goto done; | |
615 | ||
616 | if (!TEST_ptr(sctx = EVP_PKEY_CTX_new_from_pkey(libctx, key, NULL))) | |
617 | goto done; | |
618 | if (!TEST_int_eq(EVP_PKEY_encapsulate_init(sctx), -2)) | |
619 | goto done; | |
620 | ||
621 | ret = 1; | |
622 | done: | |
623 | EVP_PKEY_free(key); | |
624 | EVP_PKEY_CTX_free(sctx); | |
625 | return ret; | |
626 | } | |
627 | #endif /* OPENSSL_NO_DH */ | |
628 | ||
63794b04 SL |
629 | int setup_tests(void) |
630 | { | |
631 | const char *prov_name = "default"; | |
632 | char *config_file = NULL; | |
633 | OPTION_CHOICE o; | |
634 | ||
635 | while ((o = opt_next()) != OPT_EOF) { | |
636 | switch (o) { | |
637 | case OPT_PROVIDER_NAME: | |
638 | prov_name = opt_arg(); | |
639 | break; | |
640 | case OPT_CONFIG_FILE: | |
641 | config_file = opt_arg(); | |
642 | break; | |
643 | case OPT_TEST_CASES: | |
644 | break; | |
645 | default: | |
646 | case OPT_ERR: | |
647 | return 0; | |
648 | } | |
649 | } | |
650 | ||
bca7ad6e | 651 | if (!test_get_libctx(&libctx, &nullprov, config_file, &libprov, prov_name)) |
63794b04 SL |
652 | return 0; |
653 | ||
fcdd228b | 654 | #if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DH) |
63794b04 SL |
655 | ADD_ALL_TESTS(test_dsa_param_keygen, 3 * 3 * 3); |
656 | #endif | |
657 | #ifndef OPENSSL_NO_DH | |
658 | ADD_ALL_TESTS(test_dh_safeprime_param_keygen, 3 * 3 * 3); | |
116d2510 | 659 | ADD_TEST(dhx_cert_load); |
63794b04 | 660 | #endif |
90409da6 SL |
661 | |
662 | if (!TEST_ptr(cipher_names = sk_OPENSSL_CSTRING_new(name_cmp))) | |
663 | return 0; | |
664 | EVP_CIPHER_do_all_provided(libctx, collect_cipher_names, cipher_names); | |
665 | ||
666 | ADD_ALL_TESTS(test_cipher_reinit, sk_OPENSSL_CSTRING_num(cipher_names)); | |
914f97ee SL |
667 | ADD_ALL_TESTS(test_cipher_reinit_partialupdate, |
668 | sk_OPENSSL_CSTRING_num(cipher_names)); | |
80f4fd18 SL |
669 | ADD_TEST(kem_rsa_gen_recover); |
670 | ADD_TEST(kem_rsa_params); | |
671 | #ifndef OPENSSL_NO_DH | |
672 | ADD_TEST(kem_invalid_keytype); | |
673 | #endif | |
63794b04 SL |
674 | return 1; |
675 | } | |
676 | ||
677 | void cleanup_tests(void) | |
678 | { | |
90409da6 | 679 | sk_OPENSSL_CSTRING_free(cipher_names); |
63794b04 | 680 | OSSL_PROVIDER_unload(libprov); |
b4250010 | 681 | OSSL_LIB_CTX_free(libctx); |
63794b04 SL |
682 | OSSL_PROVIDER_unload(nullprov); |
683 | } |