]> git.ipfire.org Git - thirdparty/openssl.git/blame - test/evp_libctx_test.c
projects / thirdparty / openssl.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Use adapted test_get_libctx() for simpler test setup and better error reporting
[thirdparty/openssl.git] / test / evp_libctx_test.c
CommitLineData
63794b04
SL		 1/*
2 * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10/*
11
12 * These tests are setup to load null into the default library context.
13 * Any tests are expected to use the created 'libctx' to find algorithms.
14 * The framework runs the tests twice using the 'default' provider or
15 * 'fips' provider as inputs.
16 */
17
18/*
19 * DSA/DH low level APIs are deprecated for public use, but still ok for
20 * internal use.
21 */
22#include "internal/deprecated.h"
23#include <openssl/evp.h>
24#include <openssl/provider.h>
25#include <openssl/dsa.h>
fcdd228b 26#include <openssl/dh.h>
90409da6 27#include <openssl/safestack.h>
f49d4860 28#include <openssl/core_dispatch.h>
80f4fd18 29#include <openssl/core_names.h>
116d2510 30#include <openssl/x509.h>
f49d4860 31#include <openssl/encoder.h>
63794b04
SL		 32#include "testutil.h"
33#include "internal/nelem.h"
90409da6
SL		 34#include "crypto/bn_dh.h" /* _bignum_ffdhe2048_p */
35#include "../e_os.h" /* strcasecmp */
36
b4250010 37static OSSL_LIB_CTX *libctx = NULL;
63794b04
SL		 38static OSSL_PROVIDER *nullprov = NULL;
39static OSSL_PROVIDER *libprov = NULL;
90409da6 40static STACK_OF(OPENSSL_CSTRING) *cipher_names = NULL;
63794b04
SL		 41
42typedef enum OPTION_choice {
43 OPT_ERR = -1,
44 OPT_EOF = 0,
45 OPT_CONFIG_FILE,
46 OPT_PROVIDER_NAME,
47 OPT_TEST_ENUM
48} OPTION_CHOICE;
49
50const OPTIONS *test_get_options(void)
51{
52 static const OPTIONS test_options[] = {
53 OPT_TEST_OPTIONS_DEFAULT_USAGE,
54 { "config", OPT_CONFIG_FILE, '<',
55 "The configuration file to use for the libctx" },
56 { "provider", OPT_PROVIDER_NAME, 's',
57 "The provider to load (The default value is 'default'" },
58 { NULL }
59 };
60 return test_options;
61}
62
fcdd228b 63#ifndef OPENSSL_NO_DH
63794b04
SL		 64static const char *getname(int id)
65{
66 const char *name[] = {"p", "q", "g" };
67
68 if (id >= 0 && id < 3)
69 return name[id];
70 return "?";
71}
72#endif
73
fcdd228b
MC		 74/*
75 * We're using some DH specific values in this test, so we skip compilation if
76 * we're in a no-dh build.
77 */
78#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DH)
63794b04
SL		 79
80static int test_dsa_param_keygen(int tstid)
81{
82 int ret = 0;
83 int expected;
84 EVP_PKEY_CTX *gen_ctx = NULL;
85 EVP_PKEY *pkey_parm = NULL;
86 EVP_PKEY *pkey = NULL;
87 DSA *dsa = NULL;
88 int pind, qind, gind;
89 BIGNUM *p = NULL, *q = NULL, *g = NULL;
90
91 /*
92 * Just grab some fixed dh p, q, g values for testing,
93 * these 'safe primes' should not be used normally for dsa *.
94 */
95 static const BIGNUM *bn[] = {
96 &_bignum_dh2048_256_p, &_bignum_dh2048_256_q, &_bignum_dh2048_256_g
97 };
98
99 /*
100 * These tests are using bad values for p, q, g by reusing the values.
101 * A value of 0 uses p, 1 uses q and 2 uses g.
102 * There are 27 different combinations, with only the 1 valid combination.
103 */
104 pind = tstid / 9;
105 qind = (tstid / 3) % 3;
106 gind = tstid % 3;
107 expected = (pind == 0 && qind == 1 && gind == 2);
108
109 TEST_note("Testing with (p, q, g) = (%s, %s, %s)\n", getname(pind),
110 getname(qind), getname(gind));
111
112 if (!TEST_ptr(pkey_parm = EVP_PKEY_new())
113 || !TEST_ptr(dsa = DSA_new())
114 || !TEST_ptr(p = BN_dup(bn[pind]))
115 || !TEST_ptr(q = BN_dup(bn[qind]))
116 || !TEST_ptr(g = BN_dup(bn[gind]))
117 || !TEST_true(DSA_set0_pqg(dsa, p, q, g)))
118 goto err;
119 p = q = g = NULL;
120
121 if (!TEST_true(EVP_PKEY_assign_DSA(pkey_parm, dsa)))
122 goto err;
123 dsa = NULL;
124
125 if (!TEST_ptr(gen_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey_parm, NULL))
126 || !TEST_int_gt(EVP_PKEY_keygen_init(gen_ctx), 0)
127 || !TEST_int_eq(EVP_PKEY_keygen(gen_ctx, &pkey), expected))
128 goto err;
129 ret = 1;
130err:
131 EVP_PKEY_free(pkey);
132 EVP_PKEY_CTX_free(gen_ctx);
133 EVP_PKEY_free(pkey_parm);
134 DSA_free(dsa);
135 BN_free(g);
136 BN_free(q);
137 BN_free(p);
138 return ret;
139}
140#endif /* OPENSSL_NO_DSA */
141
142#ifndef OPENSSL_NO_DH
143static int do_dh_param_keygen(int tstid, const BIGNUM **bn)
144{
145 int ret = 0;
146 int expected;
147 EVP_PKEY_CTX *gen_ctx = NULL;
148 EVP_PKEY *pkey_parm = NULL;
149 EVP_PKEY *pkey = NULL;
150 DH *dh = NULL;
151 int pind, qind, gind;
152 BIGNUM *p = NULL, *q = NULL, *g = NULL;
153
154 /*
155 * These tests are using bad values for p, q, g by reusing the values.
156 * A value of 0 uses p, 1 uses q and 2 uses g.
157 * There are 27 different combinations, with only the 1 valid combination.
158 */
159 pind = tstid / 9;
160 qind = (tstid / 3) % 3;
161 gind = tstid % 3;
162 expected = (pind == 0 && qind == 1 && gind == 2);
163
164 TEST_note("Testing with (p, q, g) = (%s, %s, %s)", getname(pind),
165 getname(qind), getname(gind));
166
167 if (!TEST_ptr(pkey_parm = EVP_PKEY_new())
168 || !TEST_ptr(dh = DH_new())
169 || !TEST_ptr(p = BN_dup(bn[pind]))
170 || !TEST_ptr(q = BN_dup(bn[qind]))
171 || !TEST_ptr(g = BN_dup(bn[gind]))
172 || !TEST_true(DH_set0_pqg(dh, p, q, g)))
173 goto err;
174 p = q = g = NULL;
175
176 if (!TEST_true(EVP_PKEY_assign_DH(pkey_parm, dh)))
177 goto err;
178 dh = NULL;
179
180 if (!TEST_ptr(gen_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey_parm, NULL))
181 || !TEST_int_gt(EVP_PKEY_keygen_init(gen_ctx), 0)
182 || !TEST_int_eq(EVP_PKEY_keygen(gen_ctx, &pkey), expected))
183 goto err;
184 ret = 1;
185err:
186 EVP_PKEY_free(pkey);
187 EVP_PKEY_CTX_free(gen_ctx);
188 EVP_PKEY_free(pkey_parm);
189 DH_free(dh);
190 BN_free(g);
191 BN_free(q);
192 BN_free(p);
193 return ret;
194}
195
196/*
197 * Note that we get the fips186-4 path being run for most of these cases since
198 * the internal code will detect that the p, q, g does not match a safe prime
199 * group (Except for when tstid = 5, which sets the correct p, q, g)
200 */
201static int test_dh_safeprime_param_keygen(int tstid)
202{
203 static const BIGNUM *bn[] = {
204 &_bignum_ffdhe2048_p, &_bignum_ffdhe2048_q, &_bignum_const_2
205 };
206 return do_dh_param_keygen(tstid, bn);
207}
116d2510
SL		 208
209static int dhx_cert_load(void)
210{
211 int ret = 0;
212 X509 *cert = NULL;
213 BIO *bio = NULL;
214
215 static const unsigned char dhx_cert[] = {
216 0x30,0x82,0x03,0xff,0x30,0x82,0x02,0xe7,0xa0,0x03,0x02,0x01,0x02,0x02,0x09,0x00,
217 0xdb,0xf5,0x4d,0x22,0xa0,0x7a,0x67,0xa6,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,
218 0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x30,0x44,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,
219 0x04,0x06,0x13,0x02,0x55,0x4b,0x31,0x16,0x30,0x14,0x06,0x03,0x55,0x04,0x0a,0x0c,
220 0x0d,0x4f,0x70,0x65,0x6e,0x53,0x53,0x4c,0x20,0x47,0x72,0x6f,0x75,0x70,0x31,0x1d,
221 0x30,0x1b,0x06,0x03,0x55,0x04,0x03,0x0c,0x14,0x54,0x65,0x73,0x74,0x20,0x53,0x2f,
222 0x4d,0x49,0x4d,0x45,0x20,0x52,0x53,0x41,0x20,0x52,0x6f,0x6f,0x74,0x30,0x1e,0x17,
223 0x0d,0x31,0x33,0x30,0x38,0x30,0x32,0x31,0x34,0x34,0x39,0x32,0x39,0x5a,0x17,0x0d,
224 0x32,0x33,0x30,0x36,0x31,0x31,0x31,0x34,0x34,0x39,0x32,0x39,0x5a,0x30,0x44,0x31,
225 0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x4b,0x31,0x16,0x30,0x14,
226 0x06,0x03,0x55,0x04,0x0a,0x0c,0x0d,0x4f,0x70,0x65,0x6e,0x53,0x53,0x4c,0x20,0x47,
227 0x72,0x6f,0x75,0x70,0x31,0x1d,0x30,0x1b,0x06,0x03,0x55,0x04,0x03,0x0c,0x14,0x54,
228 0x65,0x73,0x74,0x20,0x53,0x2f,0x4d,0x49,0x4d,0x45,0x20,0x45,0x45,0x20,0x44,0x48,
229 0x20,0x23,0x31,0x30,0x82,0x01,0xb6,0x30,0x82,0x01,0x2b,0x06,0x07,0x2a,0x86,0x48,
230 0xce,0x3e,0x02,0x01,0x30,0x82,0x01,0x1e,0x02,0x81,0x81,0x00,0xd4,0x0c,0x4a,0x0c,
231 0x04,0x72,0x71,0x19,0xdf,0x59,0x19,0xc5,0xaf,0x44,0x7f,0xca,0x8e,0x2b,0xf0,0x09,
232 0xf5,0xd3,0x25,0xb1,0x73,0x16,0x55,0x89,0xdf,0xfd,0x07,0xaf,0x19,0xd3,0x7f,0xd0,
233 0x07,0xa2,0xfe,0x3f,0x5a,0xf1,0x01,0xc6,0xf8,0x2b,0xef,0x4e,0x6d,0x03,0x38,0x42,
234 0xa1,0x37,0xd4,0x14,0xb4,0x00,0x4a,0xb1,0x86,0x5a,0x83,0xce,0xb9,0x08,0x0e,0xc1,
235 0x99,0x27,0x47,0x8d,0x0b,0x85,0xa8,0x82,0xed,0xcc,0x0d,0xb9,0xb0,0x32,0x7e,0xdf,
236 0xe8,0xe4,0xf6,0xf6,0xec,0xb3,0xee,0x7a,0x11,0x34,0x65,0x97,0xfc,0x1a,0xb0,0x95,
237 0x4b,0x19,0xb9,0xa6,0x1c,0xd9,0x01,0x32,0xf7,0x35,0x7c,0x2d,0x5d,0xfe,0xc1,0x85,
238 0x70,0x49,0xf8,0xcc,0x99,0xd0,0xbe,0xf1,0x5a,0x78,0xc8,0x03,0x02,0x81,0x80,0x69,
239 0x00,0xfd,0x66,0xf2,0xfc,0x15,0x8b,0x09,0xb8,0xdc,0x4d,0xea,0xaa,0x79,0x55,0xf9,
240 0xdf,0x46,0xa6,0x2f,0xca,0x2d,0x8f,0x59,0x2a,0xad,0x44,0xa3,0xc6,0x18,0x2f,0x95,
241 0xb6,0x16,0x20,0xe3,0xd3,0xd1,0x8f,0x03,0xce,0x71,0x7c,0xef,0x3a,0xc7,0x44,0x39,
242 0x0e,0xe2,0x1f,0xd8,0xd3,0x89,0x2b,0xe7,0x51,0xdc,0x12,0x48,0x4c,0x18,0x4d,0x99,
243 0x12,0x06,0xe4,0x17,0x02,0x03,0x8c,0x24,0x05,0x8e,0xa6,0x85,0xf2,0x69,0x1b,0xe1,
244 0x6a,0xdc,0xe2,0x04,0x3a,0x01,0x9d,0x64,0xbe,0xfe,0x45,0xf9,0x44,0x18,0x71,0xbd,
245 0x2d,0x3e,0x7a,0x6f,0x72,0x7d,0x1a,0x80,0x42,0x57,0xae,0x18,0x6f,0x91,0xd6,0x61,
246 0x03,0x8a,0x1c,0x89,0x73,0xc7,0x56,0x41,0x03,0xd3,0xf8,0xed,0x65,0xe2,0x85,0x02,
247 0x15,0x00,0x89,0x94,0xab,0x10,0x67,0x45,0x41,0xad,0x63,0xc6,0x71,0x40,0x8d,0x6b,
248 0x9e,0x19,0x5b,0xa4,0xc7,0xf5,0x03,0x81,0x84,0x00,0x02,0x81,0x80,0x2f,0x5b,0xde,
249 0x72,0x02,0x36,0x6b,0x00,0x5e,0x24,0x7f,0x14,0x2c,0x18,0x52,0x42,0x97,0x4b,0xdb,
250 0x6e,0x15,0x50,0x3c,0x45,0x3e,0x25,0xf3,0xb7,0xc5,0x6e,0xe5,0x52,0xe7,0xc4,0xfb,
251 0xf4,0xa5,0xf0,0x39,0x12,0x7f,0xbc,0x54,0x1c,0x93,0xb9,0x5e,0xee,0xe9,0x14,0xb0,
252 0xdf,0xfe,0xfc,0x36,0xe4,0xf2,0xaf,0xfb,0x13,0xc8,0xdf,0x18,0x94,0x1d,0x40,0xb9,
253 0x71,0xdd,0x4c,0x9c,0xa7,0x03,0x52,0x02,0xb5,0xed,0x71,0x80,0x3e,0x23,0xda,0x28,
254 0xe5,0xab,0xe7,0x6f,0xf2,0x0a,0x0e,0x00,0x5b,0x7d,0xc6,0x4b,0xd7,0xc7,0xb2,0xc3,
255 0xba,0x62,0x7f,0x70,0x28,0xa0,0x9d,0x71,0x13,0x70,0xd1,0x9f,0x32,0x2f,0x3e,0xd2,
256 0xcd,0x1b,0xa4,0xc6,0x72,0xa0,0x74,0x5d,0x71,0xef,0x03,0x43,0x6e,0xa3,0x60,0x30,
257 0x5e,0x30,0x0c,0x06,0x03,0x55,0x1d,0x13,0x01,0x01,0xff,0x04,0x02,0x30,0x00,0x30,
258 0x0e,0x06,0x03,0x55,0x1d,0x0f,0x01,0x01,0xff,0x04,0x04,0x03,0x02,0x05,0xe0,0x30,
259 0x1d,0x06,0x03,0x55,0x1d,0x0e,0x04,0x16,0x04,0x14,0x0b,0x5a,0x4d,0x5f,0x7d,0x25,
260 0xc7,0xf2,0x9d,0xc1,0xaa,0xb7,0x63,0x82,0x2f,0xfa,0x8f,0x32,0xe7,0xc0,0x30,0x1f,
261 0x06,0x03,0x55,0x1d,0x23,0x04,0x18,0x30,0x16,0x80,0x14,0xdf,0x7e,0x5e,0x88,0x05,
262 0x24,0x33,0x08,0xdd,0x22,0x81,0x02,0x97,0xcc,0x9a,0xb7,0xb1,0x33,0x27,0x30,0x30,
263 0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x03,0x82,
264 0x01,0x01,0x00,0x5a,0xf2,0x63,0xef,0xd3,0x16,0xd7,0xf5,0xaa,0xdd,0x12,0x00,0x36,
265 0x00,0x21,0xa2,0x7b,0x08,0xd6,0x3b,0x9f,0x62,0xac,0x53,0x1f,0xed,0x4c,0xd1,0x15,
266 0x34,0x65,0x71,0xee,0x96,0x07,0xa6,0xef,0xb2,0xde,0xd8,0xbb,0x35,0x6e,0x2c,0xe2,
267 0xd1,0x26,0xef,0x7e,0x94,0xe2,0x88,0x51,0xa4,0x6c,0xaa,0x27,0x2a,0xd3,0xb6,0xc2,
268 0xf7,0xea,0xc3,0x0b,0xa9,0xb5,0x28,0x37,0xa2,0x63,0x08,0xe4,0x88,0xc0,0x1b,0x16,
269 0x1b,0xca,0xfd,0x8a,0x07,0x32,0x29,0xa7,0x53,0xb5,0x2d,0x30,0xe4,0xf5,0x16,0xc3,
270 0xe3,0xc2,0x4c,0x30,0x5d,0x35,0x80,0x1c,0xa2,0xdb,0xe3,0x4b,0x51,0x0d,0x4c,0x60,
271 0x5f,0xb9,0x46,0xac,0xa8,0x46,0xa7,0x32,0xa7,0x9c,0x76,0xf8,0xe9,0xb5,0x19,0xe2,
272 0x0c,0xe1,0x0f,0xc6,0x46,0xe2,0x38,0xa7,0x87,0x72,0x6d,0x6c,0xbc,0x88,0x2f,0x9d,
273 0x2d,0xe5,0xd0,0x7d,0x1e,0xc7,0x5d,0xf8,0x7e,0xb4,0x0b,0xa6,0xf9,0x6c,0xe3,0x7c,
274 0xb2,0x70,0x6e,0x75,0x9b,0x1e,0x63,0xe1,0x4d,0xb2,0x81,0xd3,0x55,0x38,0x94,0x1a,
275 0x7a,0xfa,0xbf,0x01,0x18,0x70,0x2d,0x35,0xd3,0xe3,0x10,0x7a,0x9a,0xa7,0x8f,0xf3,
276 0xbd,0x56,0x55,0x5e,0xd8,0xbd,0x4e,0x16,0x76,0xd0,0x48,0x4c,0xf9,0x51,0x54,0xdf,
277 0x2d,0xb0,0xc9,0xaa,0x5e,0x42,0x38,0x50,0xbf,0x0f,0xc0,0xd9,0x84,0x44,0x4b,0x42,
278 0x24,0xec,0x14,0xa3,0xde,0x11,0xdf,0x58,0x7f,0xc2,0x4d,0xb2,0xd5,0x42,0x78,0x6e,
279 0x52,0x3e,0xad,0xc3,0x5f,0x04,0xc4,0xe6,0x31,0xaa,0x81,0x06,0x8b,0x13,0x4b,0x3c,
280 0x0e,0x6a,0xb1
281 };
282
283 if (!TEST_ptr(bio = BIO_new_mem_buf(dhx_cert, sizeof(dhx_cert)))
d8652be0 284 || !TEST_ptr(cert = X509_new_ex(libctx, NULL))
116d2510
SL		 285 || !TEST_ptr(d2i_X509_bio(bio, &cert)))
286 goto err;
287 ret = 1;
288err:
289 X509_free(cert);
290 BIO_free(bio);
291 return ret;
292}
293
63794b04
SL		 294#endif /* OPENSSL_NO_DH */
295
90409da6
SL		 296static int test_cipher_reinit(int test_id)
297{
298 int ret = 0, out1_len = 0, out2_len = 0, diff, ccm;
299 EVP_CIPHER *cipher = NULL;
300 EVP_CIPHER_CTX *ctx = NULL;
301 unsigned char out1[256];
302 unsigned char out2[256];
303 unsigned char in[16] = {
304 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
305 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10
306 };
307 unsigned char key[64] = {
308 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
309 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
310 0x01, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
311 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
312 0x02, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
313 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
314 0x03, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
315 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
316 };
317 unsigned char iv[16] = {
318 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08,
319 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00
320 };
321 const char *name = sk_OPENSSL_CSTRING_value(cipher_names, test_id);
322
323 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()))
324 goto err;
325
326 TEST_note("Fetching %s\n", name);
327 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, name, NULL)))
328 goto err;
329
330 /* ccm fails on the second update - this matches OpenSSL 1_1_1 behaviour */
331 ccm = (EVP_CIPHER_mode(cipher) == EVP_CIPH_CCM_MODE);
332
333 /* DES3-WRAP uses random every update - so it will give a different value */
334 diff = EVP_CIPHER_is_a(cipher, "DES3-WRAP");
335
336 if (!TEST_true(EVP_EncryptInit_ex(ctx, cipher, NULL, key, iv))
337 || !TEST_true(EVP_EncryptUpdate(ctx, out1, &out1_len, in, sizeof(in)))
338 || !TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv))
339 || !TEST_int_eq(EVP_EncryptUpdate(ctx, out2, &out2_len, in, sizeof(in)),
340 ccm ? 0 : 1))
341 goto err;
342
343 if (ccm == 0) {
344 if (diff) {
345 if (!TEST_mem_ne(out1, out1_len, out2, out2_len))
346 goto err;
347 } else {
348 if (!TEST_mem_eq(out1, out1_len, out2, out2_len))
349 goto err;
350 }
351 }
352 ret = 1;
353err:
354 EVP_CIPHER_free(cipher);
355 EVP_CIPHER_CTX_free(ctx);
356 return ret;
357}
358
914f97ee
SL		 359/*
360 * This test only uses a partial block (half the block size) of input for each
361 * EVP_EncryptUpdate() in order to test that the second init/update is not using
362 * a leftover buffer from the first init/update.
363 * Note: some ciphers don't need a full block to produce output.
364 */
365static int test_cipher_reinit_partialupdate(int test_id)
366{
367 int ret = 0, out1_len = 0, out2_len = 0, in_len;
368 EVP_CIPHER *cipher = NULL;
369 EVP_CIPHER_CTX *ctx = NULL;
370 unsigned char out1[256];
371 unsigned char out2[256];
372 static const unsigned char in[32] = {
373 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
374 0xba, 0xbe, 0xba, 0xbe, 0x00, 0x00, 0xba, 0xbe,
375 0x01, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
376 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
377 };
378 static const unsigned char key[64] = {
379 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
380 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
381 0x01, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
382 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
383 0x02, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
384 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
385 0x03, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
386 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
387 };
388 static const unsigned char iv[16] = {
389 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08,
390 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00
391 };
392 const char *name = sk_OPENSSL_CSTRING_value(cipher_names, test_id);
393
394 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()))
395 goto err;
396
397 TEST_note("Fetching %s\n", name);
398 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, name, NULL)))
399 goto err;
400
401 in_len = EVP_CIPHER_block_size(cipher) / 2;
402
403 /* skip any ciphers that don't allow partial updates */
404 if (((EVP_CIPHER_flags(cipher)
405 & (EVP_CIPH_FLAG_CTS | EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK)) != 0)
406 || EVP_CIPHER_mode(cipher) == EVP_CIPH_CCM_MODE
407 || EVP_CIPHER_mode(cipher) == EVP_CIPH_XTS_MODE
408 || EVP_CIPHER_mode(cipher) == EVP_CIPH_WRAP_MODE) {
409 ret = 1;
410 goto err;
411 }
412
413 if (!TEST_true(EVP_EncryptInit_ex(ctx, cipher, NULL, key, iv))
414 || !TEST_true(EVP_EncryptUpdate(ctx, out1, &out1_len, in, in_len))
415 || !TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv))
416 || !TEST_true(EVP_EncryptUpdate(ctx, out2, &out2_len, in, in_len)))
417 goto err;
418
419 /* DES3-WRAP uses random every update - so it will give a different value */
420 if (EVP_CIPHER_is_a(cipher, "DES3-WRAP")) {
421 if (!TEST_mem_ne(out1, out1_len, out2, out2_len))
422 goto err;
423 } else {
424 if (!TEST_mem_eq(out1, out1_len, out2, out2_len))
425 goto err;
426 }
427 ret = 1;
428err:
429 EVP_CIPHER_free(cipher);
430 EVP_CIPHER_CTX_free(ctx);
431 return ret;
432}
433
434
90409da6
SL		 435static int name_cmp(const char * const *a, const char * const *b)
436{
437 return strcasecmp(*a, *b);
438}
439
440static void collect_cipher_names(EVP_CIPHER *cipher, void *cipher_names_list)
441{
442 STACK_OF(OPENSSL_CSTRING) *names = cipher_names_list;
443
444 sk_OPENSSL_CSTRING_push(names, EVP_CIPHER_name(cipher));
445}
446
80f4fd18
SL		 447static int rsa_keygen(int bits, EVP_PKEY **pub, EVP_PKEY **priv)
448{
449 int ret = 0;
450 EVP_PKEY_CTX *keygen_ctx = NULL;
451 unsigned char *pub_der = NULL;
452 const unsigned char *pp = NULL;
f49d4860
RL		 453 size_t len = 0;
454 OSSL_ENCODER_CTX *ectx = NULL;
80f4fd18
SL		 455
456 if (!TEST_ptr(keygen_ctx = EVP_PKEY_CTX_new_from_name(libctx, "RSA", NULL))
457 || !TEST_int_gt(EVP_PKEY_keygen_init(keygen_ctx), 0)
458 || !TEST_true(EVP_PKEY_CTX_set_rsa_keygen_bits(keygen_ctx, bits))
459 || !TEST_int_gt(EVP_PKEY_keygen(keygen_ctx, priv), 0)
f49d4860
RL		 460 || !TEST_ptr(ectx =
461 OSSL_ENCODER_CTX_new_by_EVP_PKEY(*priv,
462 EVP_PKEY_PUBLIC_KEY,
463 "DER", "type-specific",
b03da688 464 NULL))
f49d4860 465 || !TEST_true(OSSL_ENCODER_to_data(ectx, &pub_der, &len)))
80f4fd18
SL		 466 goto err;
467 pp = pub_der;
468 if (!TEST_ptr(d2i_PublicKey(EVP_PKEY_RSA, pub, &pp, len)))
469 goto err;
470 ret = 1;
471err:
f49d4860 472 OSSL_ENCODER_CTX_free(ectx);
80f4fd18
SL		 473 OPENSSL_free(pub_der);
474 EVP_PKEY_CTX_free(keygen_ctx);
475 return ret;
476}
477
478static int kem_rsa_gen_recover(void)
479{
480 int ret = 0;
481 EVP_PKEY *pub = NULL;
482 EVP_PKEY *priv = NULL;
483 EVP_PKEY_CTX *sctx = NULL, *rctx = NULL;
484 unsigned char secret[256] = { 0, };
485 unsigned char ct[256] = { 0, };
486 unsigned char unwrap[256] = { 0, };
487 size_t ctlen = 0, unwraplen = 0, secretlen = 0;
488
489 ret = TEST_true(rsa_keygen(2048, &pub, &priv))
490 && TEST_ptr(sctx = EVP_PKEY_CTX_new_from_pkey(libctx, pub, NULL))
491 && TEST_int_eq(EVP_PKEY_encapsulate_init(sctx), 1)
492 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(sctx, "RSASVE"), 1)
493 && TEST_int_eq(EVP_PKEY_encapsulate(sctx, NULL, &ctlen, NULL,
494 &secretlen), 1)
495 && TEST_int_eq(ctlen, secretlen)
496 && TEST_int_eq(ctlen, 2048 / 8)
497 && TEST_int_eq(EVP_PKEY_encapsulate(sctx, ct, &ctlen, secret,
498 &secretlen), 1)
499 && TEST_ptr(rctx = EVP_PKEY_CTX_new_from_pkey(libctx, priv, NULL))
500 && TEST_int_eq(EVP_PKEY_decapsulate_init(rctx), 1)
501 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(rctx, "RSASVE"), 1)
502 && TEST_int_eq(EVP_PKEY_decapsulate(rctx, NULL, &unwraplen,
503 ct, ctlen), 1)
504 && TEST_int_eq(EVP_PKEY_decapsulate(rctx, unwrap, &unwraplen,
505 ct, ctlen), 1)
506 && TEST_mem_eq(unwrap, unwraplen, secret, secretlen);
507 EVP_PKEY_free(pub);
508 EVP_PKEY_free(priv);
509 EVP_PKEY_CTX_free(rctx);
510 EVP_PKEY_CTX_free(sctx);
511 return ret;
512}
513
514static int kem_rsa_params(void)
515{
516 int ret = 0;
517 EVP_PKEY *pub = NULL;
518 EVP_PKEY *priv = NULL;
519 EVP_PKEY_CTX *pubctx = NULL, *privctx = NULL;
520 unsigned char secret[256] = { 0, };
521 unsigned char ct[256] = { 0, };
522 size_t ctlen = 0, secretlen = 0;
523
524 ret = TEST_true(rsa_keygen(2048, &pub, &priv))
525 && TEST_ptr(pubctx = EVP_PKEY_CTX_new_from_pkey(libctx, pub, NULL))
526 && TEST_ptr(privctx = EVP_PKEY_CTX_new_from_pkey(libctx, priv, NULL))
527 /* Test setting kem op before the init fails */
528 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx, "RSASVE"), -2)
529 /* Test NULL ctx passed */
530 && TEST_int_eq(EVP_PKEY_encapsulate_init(NULL), 0)
531 && TEST_int_eq(EVP_PKEY_encapsulate(NULL, NULL, NULL, NULL, NULL), 0)
532 && TEST_int_eq(EVP_PKEY_decapsulate_init(NULL), 0)
533 && TEST_int_eq(EVP_PKEY_decapsulate(NULL, NULL, NULL, NULL, 0), 0)
534 /* Test Invalid operation */
535 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, NULL, NULL, NULL), -1)
536 && TEST_int_eq(EVP_PKEY_decapsulate(privctx, NULL, NULL, NULL, 0), 0)
537 /* Wrong key component - no secret should be returned on failure */
538 && TEST_int_eq(EVP_PKEY_decapsulate_init(pubctx), 1)
539 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx, "RSASVE"), 1)
540 && TEST_int_eq(EVP_PKEY_decapsulate(pubctx, secret, &secretlen, ct,
541 sizeof(ct)), 0)
542 && TEST_uchar_eq(secret[0], 0)
543 /* Test encapsulate fails if the mode is not set */
544 && TEST_int_eq(EVP_PKEY_encapsulate_init(pubctx), 1)
545 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, ct, &ctlen, secret, &secretlen), -2)
546 /* Test setting a bad kem ops fail */
547 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx, "RSA"), 0)
548 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx, NULL), 0)
549 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(NULL, "RSASVE"), 0)
550 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(NULL, NULL), 0)
551 /* Test secretlen is optional */
552 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx, "RSASVE"), 1)
553 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, ct, &ctlen, secret, NULL), 1)
554 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, &ctlen, NULL, NULL), 1)
555 /* Test outlen is optional */
556 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, NULL, NULL, &secretlen), 1)
557 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, ct, NULL, secret, &secretlen), 1)
558 /* test that either len must be set if out is NULL */
559 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, NULL, NULL, NULL), 0)
560 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, &ctlen, NULL, NULL), 1)
561 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, NULL, NULL, &secretlen), 1)
562 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, &ctlen, NULL, &secretlen), 1)
563 /* Secret buffer should be set if there is an output buffer */
564 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, ct, &ctlen, NULL, NULL), 0)
565 /* Test that lengths are optional if ct is not NULL */
566 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, ct, NULL, secret, NULL), 1)
567 /* Pass if secret or secret length are not NULL */
568 && TEST_int_eq(EVP_PKEY_decapsulate_init(privctx), 1)
569 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(privctx, "RSASVE"), 1)
570 && TEST_int_eq(EVP_PKEY_decapsulate(privctx, secret, NULL, ct, sizeof(ct)), 1)
571 && TEST_int_eq(EVP_PKEY_decapsulate(privctx, NULL, &secretlen, ct, sizeof(ct)), 1)
572 && TEST_int_eq(secretlen, 256)
573 /* Fail if passed NULL arguments */
574 && TEST_int_eq(EVP_PKEY_decapsulate(privctx, NULL, NULL, ct, sizeof(ct)), 0)
575 && TEST_int_eq(EVP_PKEY_decapsulate(privctx, secret, &secretlen, NULL, 0), 0)
576 && TEST_int_eq(EVP_PKEY_decapsulate(privctx, secret, &secretlen, NULL, sizeof(ct)), 0)
577 && TEST_int_eq(EVP_PKEY_decapsulate(privctx, secret, &secretlen, ct, 0), 0);
578
579 EVP_PKEY_free(pub);
580 EVP_PKEY_free(priv);
581 EVP_PKEY_CTX_free(pubctx);
582 EVP_PKEY_CTX_free(privctx);
583 return ret;
584}
585
586#ifndef OPENSSL_NO_DH
587static EVP_PKEY *gen_dh_key(void)
588{
589 EVP_PKEY_CTX *gctx = NULL;
590 EVP_PKEY *pkey = NULL;
591 OSSL_PARAM params[2];
592
593 params[0] = OSSL_PARAM_construct_utf8_string("group", "ffdhe2048", 0);
594 params[1] = OSSL_PARAM_construct_end();
595
596 if (!TEST_ptr(gctx = EVP_PKEY_CTX_new_from_name(libctx, "DH", NULL))
597 || !TEST_true(EVP_PKEY_keygen_init(gctx))
598 || !TEST_true(EVP_PKEY_CTX_set_params(gctx, params))
599 || !TEST_true(EVP_PKEY_keygen(gctx, &pkey)))
600 goto err;
601err:
602 EVP_PKEY_CTX_free(gctx);
603 return pkey;
604}
605
606/* Fail if we try to use a dh key */
607static int kem_invalid_keytype(void)
608{
609 int ret = 0;
610 EVP_PKEY *key = NULL;
611 EVP_PKEY_CTX *sctx = NULL;
612
613 if (!TEST_ptr(key = gen_dh_key()))
614 goto done;
615
616 if (!TEST_ptr(sctx = EVP_PKEY_CTX_new_from_pkey(libctx, key, NULL)))
617 goto done;
618 if (!TEST_int_eq(EVP_PKEY_encapsulate_init(sctx), -2))
619 goto done;
620
621 ret = 1;
622done:
623 EVP_PKEY_free(key);
624 EVP_PKEY_CTX_free(sctx);
625 return ret;
626}
627#endif /* OPENSSL_NO_DH */
628
63794b04
SL		 629int setup_tests(void)
630{
631 const char *prov_name = "default";
632 char *config_file = NULL;
633 OPTION_CHOICE o;
634
635 while ((o = opt_next()) != OPT_EOF) {
636 switch (o) {
637 case OPT_PROVIDER_NAME:
638 prov_name = opt_arg();
639 break;
640 case OPT_CONFIG_FILE:
641 config_file = opt_arg();
642 break;
643 case OPT_TEST_CASES:
644 break;
645 default:
646 case OPT_ERR:
647 return 0;
648 }
649 }
650
bca7ad6e 651 if (!test_get_libctx(&libctx, &nullprov, config_file, &libprov, prov_name))
63794b04
SL		 652 return 0;
653
fcdd228b 654#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DH)
63794b04
SL		 655 ADD_ALL_TESTS(test_dsa_param_keygen, 3 * 3 * 3);
656#endif
657#ifndef OPENSSL_NO_DH
658 ADD_ALL_TESTS(test_dh_safeprime_param_keygen, 3 * 3 * 3);
116d2510 659 ADD_TEST(dhx_cert_load);
63794b04 660#endif
90409da6
SL		 661
662 if (!TEST_ptr(cipher_names = sk_OPENSSL_CSTRING_new(name_cmp)))
663 return 0;
664 EVP_CIPHER_do_all_provided(libctx, collect_cipher_names, cipher_names);
665
666 ADD_ALL_TESTS(test_cipher_reinit, sk_OPENSSL_CSTRING_num(cipher_names));
914f97ee
SL		 667 ADD_ALL_TESTS(test_cipher_reinit_partialupdate,
668 sk_OPENSSL_CSTRING_num(cipher_names));
80f4fd18
SL		 669 ADD_TEST(kem_rsa_gen_recover);
670 ADD_TEST(kem_rsa_params);
671#ifndef OPENSSL_NO_DH
672 ADD_TEST(kem_invalid_keytype);
673#endif
63794b04
SL		 674 return 1;
675}
676
677void cleanup_tests(void)
678{
90409da6 679 sk_OPENSSL_CSTRING_free(cipher_names);
63794b04 680 OSSL_PROVIDER_unload(libprov);
b4250010 681 OSSL_LIB_CTX_free(libctx);
63794b04
SL		 682 OSSL_PROVIDER_unload(nullprov);
683}
A mirror of the official openssl repository