]> git.ipfire.org Git - thirdparty/openssl.git/blame - test/evp_libctx_test.c
projects / thirdparty / openssl.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Add convenience functions and macros for asymmetric key generation
[thirdparty/openssl.git] / test / evp_libctx_test.c
CommitLineData
63794b04 1/*
4333b89f 2 * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
63794b04
SL		 3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10/*
11
12 * These tests are setup to load null into the default library context.
13 * Any tests are expected to use the created 'libctx' to find algorithms.
14 * The framework runs the tests twice using the 'default' provider or
15 * 'fips' provider as inputs.
16 */
17
18/*
19 * DSA/DH low level APIs are deprecated for public use, but still ok for
20 * internal use.
21 */
22#include "internal/deprecated.h"
6c9bc258 23#include <assert.h>
63794b04
SL		 24#include <openssl/evp.h>
25#include <openssl/provider.h>
26#include <openssl/dsa.h>
fcdd228b 27#include <openssl/dh.h>
90409da6 28#include <openssl/safestack.h>
f49d4860 29#include <openssl/core_dispatch.h>
80f4fd18 30#include <openssl/core_names.h>
116d2510 31#include <openssl/x509.h>
f49d4860 32#include <openssl/encoder.h>
63794b04
SL		 33#include "testutil.h"
34#include "internal/nelem.h"
90409da6
SL		 35#include "crypto/bn_dh.h" /* _bignum_ffdhe2048_p */
36#include "../e_os.h" /* strcasecmp */
37
b4250010 38static OSSL_LIB_CTX *libctx = NULL;
63794b04
SL		 39static OSSL_PROVIDER *nullprov = NULL;
40static OSSL_PROVIDER *libprov = NULL;
6c9bc258 41static STACK_OF(OPENSSL_STRING) *cipher_names = NULL;
63794b04
SL		 42
43typedef enum OPTION_choice {
44 OPT_ERR = -1,
45 OPT_EOF = 0,
46 OPT_CONFIG_FILE,
47 OPT_PROVIDER_NAME,
48 OPT_TEST_ENUM
49} OPTION_CHOICE;
50
51const OPTIONS *test_get_options(void)
52{
53 static const OPTIONS test_options[] = {
54 OPT_TEST_OPTIONS_DEFAULT_USAGE,
55 { "config", OPT_CONFIG_FILE, '<',
56 "The configuration file to use for the libctx" },
57 { "provider", OPT_PROVIDER_NAME, 's',
58 "The provider to load (The default value is 'default'" },
59 { NULL }
60 };
61 return test_options;
62}
63
fcdd228b 64#ifndef OPENSSL_NO_DH
63794b04
SL		 65static const char *getname(int id)
66{
67 const char *name[] = {"p", "q", "g" };
68
69 if (id >= 0 && id < 3)
70 return name[id];
71 return "?";
72}
73#endif
74
fcdd228b
MC		 75/*
76 * We're using some DH specific values in this test, so we skip compilation if
77 * we're in a no-dh build.
78 */
79#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DH)
63794b04
SL		 80
81static int test_dsa_param_keygen(int tstid)
82{
83 int ret = 0;
84 int expected;
85 EVP_PKEY_CTX *gen_ctx = NULL;
86 EVP_PKEY *pkey_parm = NULL;
2145ba5e 87 EVP_PKEY *pkey = NULL, *dup_pk = NULL;
63794b04
SL		 88 DSA *dsa = NULL;
89 int pind, qind, gind;
90 BIGNUM *p = NULL, *q = NULL, *g = NULL;
91
92 /*
93 * Just grab some fixed dh p, q, g values for testing,
94 * these 'safe primes' should not be used normally for dsa *.
95 */
96 static const BIGNUM *bn[] = {
94553e85
SL		 97 &ossl_bignum_dh2048_256_p, &ossl_bignum_dh2048_256_q,
98 &ossl_bignum_dh2048_256_g
63794b04
SL		 99 };
100
101 /*
102 * These tests are using bad values for p, q, g by reusing the values.
103 * A value of 0 uses p, 1 uses q and 2 uses g.
104 * There are 27 different combinations, with only the 1 valid combination.
105 */
106 pind = tstid / 9;
107 qind = (tstid / 3) % 3;
108 gind = tstid % 3;
109 expected = (pind == 0 && qind == 1 && gind == 2);
110
111 TEST_note("Testing with (p, q, g) = (%s, %s, %s)\n", getname(pind),
112 getname(qind), getname(gind));
113
114 if (!TEST_ptr(pkey_parm = EVP_PKEY_new())
115 || !TEST_ptr(dsa = DSA_new())
116 || !TEST_ptr(p = BN_dup(bn[pind]))
117 || !TEST_ptr(q = BN_dup(bn[qind]))
118 || !TEST_ptr(g = BN_dup(bn[gind]))
119 || !TEST_true(DSA_set0_pqg(dsa, p, q, g)))
120 goto err;
121 p = q = g = NULL;
122
123 if (!TEST_true(EVP_PKEY_assign_DSA(pkey_parm, dsa)))
124 goto err;
125 dsa = NULL;
126
127 if (!TEST_ptr(gen_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey_parm, NULL))
128 || !TEST_int_gt(EVP_PKEY_keygen_init(gen_ctx), 0)
129 || !TEST_int_eq(EVP_PKEY_keygen(gen_ctx, &pkey), expected))
130 goto err;
2145ba5e
TM		 131
132 if (expected) {
133 if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pkey))
134 || !TEST_int_eq(EVP_PKEY_eq(pkey, dup_pk), 1))
135 goto err;
136 }
137
63794b04
SL		 138 ret = 1;
139err:
140 EVP_PKEY_free(pkey);
2145ba5e 141 EVP_PKEY_free(dup_pk);
63794b04
SL		 142 EVP_PKEY_CTX_free(gen_ctx);
143 EVP_PKEY_free(pkey_parm);
144 DSA_free(dsa);
145 BN_free(g);
146 BN_free(q);
147 BN_free(p);
148 return ret;
149}
150#endif /* OPENSSL_NO_DSA */
151
152#ifndef OPENSSL_NO_DH
153static int do_dh_param_keygen(int tstid, const BIGNUM **bn)
154{
155 int ret = 0;
156 int expected;
157 EVP_PKEY_CTX *gen_ctx = NULL;
158 EVP_PKEY *pkey_parm = NULL;
2145ba5e 159 EVP_PKEY *pkey = NULL, *dup_pk = NULL;
63794b04
SL		 160 DH *dh = NULL;
161 int pind, qind, gind;
162 BIGNUM *p = NULL, *q = NULL, *g = NULL;
163
164 /*
165 * These tests are using bad values for p, q, g by reusing the values.
166 * A value of 0 uses p, 1 uses q and 2 uses g.
167 * There are 27 different combinations, with only the 1 valid combination.
168 */
169 pind = tstid / 9;
170 qind = (tstid / 3) % 3;
171 gind = tstid % 3;
172 expected = (pind == 0 && qind == 1 && gind == 2);
173
174 TEST_note("Testing with (p, q, g) = (%s, %s, %s)", getname(pind),
175 getname(qind), getname(gind));
176
177 if (!TEST_ptr(pkey_parm = EVP_PKEY_new())
178 || !TEST_ptr(dh = DH_new())
179 || !TEST_ptr(p = BN_dup(bn[pind]))
180 || !TEST_ptr(q = BN_dup(bn[qind]))
181 || !TEST_ptr(g = BN_dup(bn[gind]))
182 || !TEST_true(DH_set0_pqg(dh, p, q, g)))
183 goto err;
184 p = q = g = NULL;
185
186 if (!TEST_true(EVP_PKEY_assign_DH(pkey_parm, dh)))
187 goto err;
188 dh = NULL;
189
190 if (!TEST_ptr(gen_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey_parm, NULL))
191 || !TEST_int_gt(EVP_PKEY_keygen_init(gen_ctx), 0)
192 || !TEST_int_eq(EVP_PKEY_keygen(gen_ctx, &pkey), expected))
193 goto err;
2145ba5e
TM		 194
195 if (expected) {
196 if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pkey))
197 || !TEST_int_eq(EVP_PKEY_eq(pkey, dup_pk), 1))
198 goto err;
199 }
200
63794b04
SL		 201 ret = 1;
202err:
203 EVP_PKEY_free(pkey);
2145ba5e 204 EVP_PKEY_free(dup_pk);
63794b04
SL		 205 EVP_PKEY_CTX_free(gen_ctx);
206 EVP_PKEY_free(pkey_parm);
207 DH_free(dh);
208 BN_free(g);
209 BN_free(q);
210 BN_free(p);
211 return ret;
212}
213
214/*
215 * Note that we get the fips186-4 path being run for most of these cases since
216 * the internal code will detect that the p, q, g does not match a safe prime
217 * group (Except for when tstid = 5, which sets the correct p, q, g)
218 */
219static int test_dh_safeprime_param_keygen(int tstid)
220{
221 static const BIGNUM *bn[] = {
94553e85
SL		 222 &ossl_bignum_ffdhe2048_p, &ossl_bignum_ffdhe2048_q,
223 &ossl_bignum_const_2
63794b04
SL		 224 };
225 return do_dh_param_keygen(tstid, bn);
226}
116d2510
SL		 227
228static int dhx_cert_load(void)
229{
230 int ret = 0;
231 X509 *cert = NULL;
232 BIO *bio = NULL;
233
234 static const unsigned char dhx_cert[] = {
235 0x30,0x82,0x03,0xff,0x30,0x82,0x02,0xe7,0xa0,0x03,0x02,0x01,0x02,0x02,0x09,0x00,
236 0xdb,0xf5,0x4d,0x22,0xa0,0x7a,0x67,0xa6,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,
237 0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x30,0x44,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,
238 0x04,0x06,0x13,0x02,0x55,0x4b,0x31,0x16,0x30,0x14,0x06,0x03,0x55,0x04,0x0a,0x0c,
239 0x0d,0x4f,0x70,0x65,0x6e,0x53,0x53,0x4c,0x20,0x47,0x72,0x6f,0x75,0x70,0x31,0x1d,
240 0x30,0x1b,0x06,0x03,0x55,0x04,0x03,0x0c,0x14,0x54,0x65,0x73,0x74,0x20,0x53,0x2f,
241 0x4d,0x49,0x4d,0x45,0x20,0x52,0x53,0x41,0x20,0x52,0x6f,0x6f,0x74,0x30,0x1e,0x17,
242 0x0d,0x31,0x33,0x30,0x38,0x30,0x32,0x31,0x34,0x34,0x39,0x32,0x39,0x5a,0x17,0x0d,
243 0x32,0x33,0x30,0x36,0x31,0x31,0x31,0x34,0x34,0x39,0x32,0x39,0x5a,0x30,0x44,0x31,
244 0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x4b,0x31,0x16,0x30,0x14,
245 0x06,0x03,0x55,0x04,0x0a,0x0c,0x0d,0x4f,0x70,0x65,0x6e,0x53,0x53,0x4c,0x20,0x47,
246 0x72,0x6f,0x75,0x70,0x31,0x1d,0x30,0x1b,0x06,0x03,0x55,0x04,0x03,0x0c,0x14,0x54,
247 0x65,0x73,0x74,0x20,0x53,0x2f,0x4d,0x49,0x4d,0x45,0x20,0x45,0x45,0x20,0x44,0x48,
248 0x20,0x23,0x31,0x30,0x82,0x01,0xb6,0x30,0x82,0x01,0x2b,0x06,0x07,0x2a,0x86,0x48,
249 0xce,0x3e,0x02,0x01,0x30,0x82,0x01,0x1e,0x02,0x81,0x81,0x00,0xd4,0x0c,0x4a,0x0c,
250 0x04,0x72,0x71,0x19,0xdf,0x59,0x19,0xc5,0xaf,0x44,0x7f,0xca,0x8e,0x2b,0xf0,0x09,
251 0xf5,0xd3,0x25,0xb1,0x73,0x16,0x55,0x89,0xdf,0xfd,0x07,0xaf,0x19,0xd3,0x7f,0xd0,
252 0x07,0xa2,0xfe,0x3f,0x5a,0xf1,0x01,0xc6,0xf8,0x2b,0xef,0x4e,0x6d,0x03,0x38,0x42,
253 0xa1,0x37,0xd4,0x14,0xb4,0x00,0x4a,0xb1,0x86,0x5a,0x83,0xce,0xb9,0x08,0x0e,0xc1,
254 0x99,0x27,0x47,0x8d,0x0b,0x85,0xa8,0x82,0xed,0xcc,0x0d,0xb9,0xb0,0x32,0x7e,0xdf,
255 0xe8,0xe4,0xf6,0xf6,0xec,0xb3,0xee,0x7a,0x11,0x34,0x65,0x97,0xfc,0x1a,0xb0,0x95,
256 0x4b,0x19,0xb9,0xa6,0x1c,0xd9,0x01,0x32,0xf7,0x35,0x7c,0x2d,0x5d,0xfe,0xc1,0x85,
257 0x70,0x49,0xf8,0xcc,0x99,0xd0,0xbe,0xf1,0x5a,0x78,0xc8,0x03,0x02,0x81,0x80,0x69,
258 0x00,0xfd,0x66,0xf2,0xfc,0x15,0x8b,0x09,0xb8,0xdc,0x4d,0xea,0xaa,0x79,0x55,0xf9,
259 0xdf,0x46,0xa6,0x2f,0xca,0x2d,0x8f,0x59,0x2a,0xad,0x44,0xa3,0xc6,0x18,0x2f,0x95,
260 0xb6,0x16,0x20,0xe3,0xd3,0xd1,0x8f,0x03,0xce,0x71,0x7c,0xef,0x3a,0xc7,0x44,0x39,
261 0x0e,0xe2,0x1f,0xd8,0xd3,0x89,0x2b,0xe7,0x51,0xdc,0x12,0x48,0x4c,0x18,0x4d,0x99,
262 0x12,0x06,0xe4,0x17,0x02,0x03,0x8c,0x24,0x05,0x8e,0xa6,0x85,0xf2,0x69,0x1b,0xe1,
263 0x6a,0xdc,0xe2,0x04,0x3a,0x01,0x9d,0x64,0xbe,0xfe,0x45,0xf9,0x44,0x18,0x71,0xbd,
264 0x2d,0x3e,0x7a,0x6f,0x72,0x7d,0x1a,0x80,0x42,0x57,0xae,0x18,0x6f,0x91,0xd6,0x61,
265 0x03,0x8a,0x1c,0x89,0x73,0xc7,0x56,0x41,0x03,0xd3,0xf8,0xed,0x65,0xe2,0x85,0x02,
266 0x15,0x00,0x89,0x94,0xab,0x10,0x67,0x45,0x41,0xad,0x63,0xc6,0x71,0x40,0x8d,0x6b,
267 0x9e,0x19,0x5b,0xa4,0xc7,0xf5,0x03,0x81,0x84,0x00,0x02,0x81,0x80,0x2f,0x5b,0xde,
268 0x72,0x02,0x36,0x6b,0x00,0x5e,0x24,0x7f,0x14,0x2c,0x18,0x52,0x42,0x97,0x4b,0xdb,
269 0x6e,0x15,0x50,0x3c,0x45,0x3e,0x25,0xf3,0xb7,0xc5,0x6e,0xe5,0x52,0xe7,0xc4,0xfb,
270 0xf4,0xa5,0xf0,0x39,0x12,0x7f,0xbc,0x54,0x1c,0x93,0xb9,0x5e,0xee,0xe9,0x14,0xb0,
271 0xdf,0xfe,0xfc,0x36,0xe4,0xf2,0xaf,0xfb,0x13,0xc8,0xdf,0x18,0x94,0x1d,0x40,0xb9,
272 0x71,0xdd,0x4c,0x9c,0xa7,0x03,0x52,0x02,0xb5,0xed,0x71,0x80,0x3e,0x23,0xda,0x28,
273 0xe5,0xab,0xe7,0x6f,0xf2,0x0a,0x0e,0x00,0x5b,0x7d,0xc6,0x4b,0xd7,0xc7,0xb2,0xc3,
274 0xba,0x62,0x7f,0x70,0x28,0xa0,0x9d,0x71,0x13,0x70,0xd1,0x9f,0x32,0x2f,0x3e,0xd2,
275 0xcd,0x1b,0xa4,0xc6,0x72,0xa0,0x74,0x5d,0x71,0xef,0x03,0x43,0x6e,0xa3,0x60,0x30,
276 0x5e,0x30,0x0c,0x06,0x03,0x55,0x1d,0x13,0x01,0x01,0xff,0x04,0x02,0x30,0x00,0x30,
277 0x0e,0x06,0x03,0x55,0x1d,0x0f,0x01,0x01,0xff,0x04,0x04,0x03,0x02,0x05,0xe0,0x30,
278 0x1d,0x06,0x03,0x55,0x1d,0x0e,0x04,0x16,0x04,0x14,0x0b,0x5a,0x4d,0x5f,0x7d,0x25,
279 0xc7,0xf2,0x9d,0xc1,0xaa,0xb7,0x63,0x82,0x2f,0xfa,0x8f,0x32,0xe7,0xc0,0x30,0x1f,
280 0x06,0x03,0x55,0x1d,0x23,0x04,0x18,0x30,0x16,0x80,0x14,0xdf,0x7e,0x5e,0x88,0x05,
281 0x24,0x33,0x08,0xdd,0x22,0x81,0x02,0x97,0xcc,0x9a,0xb7,0xb1,0x33,0x27,0x30,0x30,
282 0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x03,0x82,
283 0x01,0x01,0x00,0x5a,0xf2,0x63,0xef,0xd3,0x16,0xd7,0xf5,0xaa,0xdd,0x12,0x00,0x36,
284 0x00,0x21,0xa2,0x7b,0x08,0xd6,0x3b,0x9f,0x62,0xac,0x53,0x1f,0xed,0x4c,0xd1,0x15,
285 0x34,0x65,0x71,0xee,0x96,0x07,0xa6,0xef,0xb2,0xde,0xd8,0xbb,0x35,0x6e,0x2c,0xe2,
286 0xd1,0x26,0xef,0x7e,0x94,0xe2,0x88,0x51,0xa4,0x6c,0xaa,0x27,0x2a,0xd3,0xb6,0xc2,
287 0xf7,0xea,0xc3,0x0b,0xa9,0xb5,0x28,0x37,0xa2,0x63,0x08,0xe4,0x88,0xc0,0x1b,0x16,
288 0x1b,0xca,0xfd,0x8a,0x07,0x32,0x29,0xa7,0x53,0xb5,0x2d,0x30,0xe4,0xf5,0x16,0xc3,
289 0xe3,0xc2,0x4c,0x30,0x5d,0x35,0x80,0x1c,0xa2,0xdb,0xe3,0x4b,0x51,0x0d,0x4c,0x60,
290 0x5f,0xb9,0x46,0xac,0xa8,0x46,0xa7,0x32,0xa7,0x9c,0x76,0xf8,0xe9,0xb5,0x19,0xe2,
291 0x0c,0xe1,0x0f,0xc6,0x46,0xe2,0x38,0xa7,0x87,0x72,0x6d,0x6c,0xbc,0x88,0x2f,0x9d,
292 0x2d,0xe5,0xd0,0x7d,0x1e,0xc7,0x5d,0xf8,0x7e,0xb4,0x0b,0xa6,0xf9,0x6c,0xe3,0x7c,
293 0xb2,0x70,0x6e,0x75,0x9b,0x1e,0x63,0xe1,0x4d,0xb2,0x81,0xd3,0x55,0x38,0x94,0x1a,
294 0x7a,0xfa,0xbf,0x01,0x18,0x70,0x2d,0x35,0xd3,0xe3,0x10,0x7a,0x9a,0xa7,0x8f,0xf3,
295 0xbd,0x56,0x55,0x5e,0xd8,0xbd,0x4e,0x16,0x76,0xd0,0x48,0x4c,0xf9,0x51,0x54,0xdf,
296 0x2d,0xb0,0xc9,0xaa,0x5e,0x42,0x38,0x50,0xbf,0x0f,0xc0,0xd9,0x84,0x44,0x4b,0x42,
297 0x24,0xec,0x14,0xa3,0xde,0x11,0xdf,0x58,0x7f,0xc2,0x4d,0xb2,0xd5,0x42,0x78,0x6e,
298 0x52,0x3e,0xad,0xc3,0x5f,0x04,0xc4,0xe6,0x31,0xaa,0x81,0x06,0x8b,0x13,0x4b,0x3c,
299 0x0e,0x6a,0xb1
300 };
301
302 if (!TEST_ptr(bio = BIO_new_mem_buf(dhx_cert, sizeof(dhx_cert)))
d8652be0 303 || !TEST_ptr(cert = X509_new_ex(libctx, NULL))
116d2510
SL		 304 || !TEST_ptr(d2i_X509_bio(bio, &cert)))
305 goto err;
306 ret = 1;
307err:
308 X509_free(cert);
309 BIO_free(bio);
310 return ret;
311}
312
63794b04
SL		 313#endif /* OPENSSL_NO_DH */
314
90409da6
SL		 315static int test_cipher_reinit(int test_id)
316{
8bc5b0a5
TM		 317 int ret = 0, diff, ccm, siv;
318 int out1_len = 0, out2_len = 0, out3_len = 0;
90409da6
SL		 319 EVP_CIPHER *cipher = NULL;
320 EVP_CIPHER_CTX *ctx = NULL;
321 unsigned char out1[256];
322 unsigned char out2[256];
8bc5b0a5 323 unsigned char out3[256];
90409da6
SL		 324 unsigned char in[16] = {
325 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
326 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10
327 };
328 unsigned char key[64] = {
329 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
330 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
331 0x01, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
332 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
333 0x02, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
334 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
335 0x03, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
336 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
337 };
338 unsigned char iv[16] = {
339 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08,
340 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00
341 };
6c9bc258 342 const char *name = sk_OPENSSL_STRING_value(cipher_names, test_id);
90409da6
SL		 343
344 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()))
345 goto err;
346
347 TEST_note("Fetching %s\n", name);
348 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, name, NULL)))
349 goto err;
350
351 /* ccm fails on the second update - this matches OpenSSL 1_1_1 behaviour */
352 ccm = (EVP_CIPHER_mode(cipher) == EVP_CIPH_CCM_MODE);
353
8bc5b0a5
TM		 354 /* siv cannot be called with NULL key as the iv is irrelevant */
355 siv = (EVP_CIPHER_mode(cipher) == EVP_CIPH_SIV_MODE);
356
90409da6
SL		 357 /* DES3-WRAP uses random every update - so it will give a different value */
358 diff = EVP_CIPHER_is_a(cipher, "DES3-WRAP");
359
360 if (!TEST_true(EVP_EncryptInit_ex(ctx, cipher, NULL, key, iv))
361 || !TEST_true(EVP_EncryptUpdate(ctx, out1, &out1_len, in, sizeof(in)))
362 || !TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv))
363 || !TEST_int_eq(EVP_EncryptUpdate(ctx, out2, &out2_len, in, sizeof(in)),
8bc5b0a5
TM		 364 ccm ? 0 : 1)
365 || !TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv))
366 || !TEST_int_eq(EVP_EncryptUpdate(ctx, out3, &out3_len, in, sizeof(in)),
367 ccm || siv ? 0 : 1))
90409da6
SL		 368 goto err;
369
370 if (ccm == 0) {
371 if (diff) {
8bc5b0a5
TM		 372 if (!TEST_mem_ne(out1, out1_len, out2, out2_len)
373 || !TEST_mem_ne(out1, out1_len, out3, out3_len)
374 || !TEST_mem_ne(out2, out2_len, out3, out3_len))
90409da6
SL		 375 goto err;
376 } else {
8bc5b0a5
TM		 377 if (!TEST_mem_eq(out1, out1_len, out2, out2_len)
378 || (!siv && !TEST_mem_eq(out1, out1_len, out3, out3_len)))
90409da6
SL		 379 goto err;
380 }
381 }
382 ret = 1;
383err:
384 EVP_CIPHER_free(cipher);
385 EVP_CIPHER_CTX_free(ctx);
386 return ret;
387}
388
914f97ee
SL		 389/*
390 * This test only uses a partial block (half the block size) of input for each
391 * EVP_EncryptUpdate() in order to test that the second init/update is not using
392 * a leftover buffer from the first init/update.
393 * Note: some ciphers don't need a full block to produce output.
394 */
395static int test_cipher_reinit_partialupdate(int test_id)
396{
8bc5b0a5
TM		 397 int ret = 0, in_len;
398 int out1_len = 0, out2_len = 0, out3_len = 0;
914f97ee
SL		 399 EVP_CIPHER *cipher = NULL;
400 EVP_CIPHER_CTX *ctx = NULL;
401 unsigned char out1[256];
402 unsigned char out2[256];
8bc5b0a5 403 unsigned char out3[256];
914f97ee
SL		 404 static const unsigned char in[32] = {
405 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
406 0xba, 0xbe, 0xba, 0xbe, 0x00, 0x00, 0xba, 0xbe,
407 0x01, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
408 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
409 };
410 static const unsigned char key[64] = {
411 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
412 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
413 0x01, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
414 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
415 0x02, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
416 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
417 0x03, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
418 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
419 };
420 static const unsigned char iv[16] = {
421 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08,
422 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00
423 };
6c9bc258 424 const char *name = sk_OPENSSL_STRING_value(cipher_names, test_id);
914f97ee
SL		 425
426 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()))
427 goto err;
428
429 TEST_note("Fetching %s\n", name);
430 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, name, NULL)))
431 goto err;
432
433 in_len = EVP_CIPHER_block_size(cipher) / 2;
434
435 /* skip any ciphers that don't allow partial updates */
436 if (((EVP_CIPHER_flags(cipher)
437 & (EVP_CIPH_FLAG_CTS | EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK)) != 0)
438 || EVP_CIPHER_mode(cipher) == EVP_CIPH_CCM_MODE
439 || EVP_CIPHER_mode(cipher) == EVP_CIPH_XTS_MODE
440 || EVP_CIPHER_mode(cipher) == EVP_CIPH_WRAP_MODE) {
441 ret = 1;
442 goto err;
443 }
444
445 if (!TEST_true(EVP_EncryptInit_ex(ctx, cipher, NULL, key, iv))
446 || !TEST_true(EVP_EncryptUpdate(ctx, out1, &out1_len, in, in_len))
447 || !TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv))
448 || !TEST_true(EVP_EncryptUpdate(ctx, out2, &out2_len, in, in_len)))
449 goto err;
450
8bc5b0a5
TM		 451 if (!TEST_mem_eq(out1, out1_len, out2, out2_len))
452 goto err;
453
454 if (EVP_CIPHER_mode(cipher) != EVP_CIPH_SIV_MODE) {
455 if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv))
456 || !TEST_true(EVP_EncryptUpdate(ctx, out3, &out3_len, in, in_len)))
914f97ee 457 goto err;
8bc5b0a5
TM		 458
459 if (!TEST_mem_eq(out1, out1_len, out3, out3_len))
914f97ee
SL		 460 goto err;
461 }
462 ret = 1;
463err:
464 EVP_CIPHER_free(cipher);
465 EVP_CIPHER_CTX_free(ctx);
466 return ret;
467}
468
469
90409da6
SL		 470static int name_cmp(const char * const *a, const char * const *b)
471{
472 return strcasecmp(*a, *b);
473}
474
475static void collect_cipher_names(EVP_CIPHER *cipher, void *cipher_names_list)
476{
6c9bc258
TM		 477 STACK_OF(OPENSSL_STRING) *names = cipher_names_list;
478 const char *name = EVP_CIPHER_name(cipher);
479 char *namedup = NULL;
480
481 assert(name != NULL);
482 /* the cipher will be freed after returning, strdup is needed */
483 if ((namedup = OPENSSL_strdup(name)) != NULL
484 && !sk_OPENSSL_STRING_push(names, namedup))
485 OPENSSL_free(namedup);
90409da6
SL		 486}
487
80f4fd18
SL		 488static int rsa_keygen(int bits, EVP_PKEY **pub, EVP_PKEY **priv)
489{
490 int ret = 0;
80f4fd18
SL		 491 unsigned char *pub_der = NULL;
492 const unsigned char *pp = NULL;
f49d4860
RL		 493 size_t len = 0;
494 OSSL_ENCODER_CTX *ectx = NULL;
80f4fd18 495
f9253152 496 if (!TEST_ptr(*priv = EVP_PKEY_Q_keygen(libctx, NULL, "RSA", bits))
f49d4860 497 || !TEST_ptr(ectx =
fe75766c
TM		 498 OSSL_ENCODER_CTX_new_for_pkey(*priv,
499 EVP_PKEY_PUBLIC_KEY,
500 "DER", "type-specific",
501 NULL))
f49d4860 502 || !TEST_true(OSSL_ENCODER_to_data(ectx, &pub_der, &len)))
80f4fd18
SL		 503 goto err;
504 pp = pub_der;
505 if (!TEST_ptr(d2i_PublicKey(EVP_PKEY_RSA, pub, &pp, len)))
506 goto err;
507 ret = 1;
508err:
f49d4860 509 OSSL_ENCODER_CTX_free(ectx);
80f4fd18 510 OPENSSL_free(pub_der);
80f4fd18
SL		 511 return ret;
512}
513
514static int kem_rsa_gen_recover(void)
515{
516 int ret = 0;
517 EVP_PKEY *pub = NULL;
518 EVP_PKEY *priv = NULL;
519 EVP_PKEY_CTX *sctx = NULL, *rctx = NULL;
520 unsigned char secret[256] = { 0, };
521 unsigned char ct[256] = { 0, };
522 unsigned char unwrap[256] = { 0, };
523 size_t ctlen = 0, unwraplen = 0, secretlen = 0;
524
525 ret = TEST_true(rsa_keygen(2048, &pub, &priv))
526 && TEST_ptr(sctx = EVP_PKEY_CTX_new_from_pkey(libctx, pub, NULL))
af6171b3 527 && TEST_int_eq(EVP_PKEY_encapsulate_init(sctx, NULL), 1)
80f4fd18
SL		 528 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(sctx, "RSASVE"), 1)
529 && TEST_int_eq(EVP_PKEY_encapsulate(sctx, NULL, &ctlen, NULL,
530 &secretlen), 1)
531 && TEST_int_eq(ctlen, secretlen)
532 && TEST_int_eq(ctlen, 2048 / 8)
533 && TEST_int_eq(EVP_PKEY_encapsulate(sctx, ct, &ctlen, secret,
534 &secretlen), 1)
535 && TEST_ptr(rctx = EVP_PKEY_CTX_new_from_pkey(libctx, priv, NULL))
af6171b3 536 && TEST_int_eq(EVP_PKEY_decapsulate_init(rctx, NULL), 1)
80f4fd18
SL		 537 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(rctx, "RSASVE"), 1)
538 && TEST_int_eq(EVP_PKEY_decapsulate(rctx, NULL, &unwraplen,
539 ct, ctlen), 1)
540 && TEST_int_eq(EVP_PKEY_decapsulate(rctx, unwrap, &unwraplen,
541 ct, ctlen), 1)
542 && TEST_mem_eq(unwrap, unwraplen, secret, secretlen);
543 EVP_PKEY_free(pub);
544 EVP_PKEY_free(priv);
545 EVP_PKEY_CTX_free(rctx);
546 EVP_PKEY_CTX_free(sctx);
547 return ret;
548}
549
550static int kem_rsa_params(void)
551{
552 int ret = 0;
553 EVP_PKEY *pub = NULL;
554 EVP_PKEY *priv = NULL;
555 EVP_PKEY_CTX *pubctx = NULL, *privctx = NULL;
556 unsigned char secret[256] = { 0, };
557 unsigned char ct[256] = { 0, };
558 size_t ctlen = 0, secretlen = 0;
559
560 ret = TEST_true(rsa_keygen(2048, &pub, &priv))
561 && TEST_ptr(pubctx = EVP_PKEY_CTX_new_from_pkey(libctx, pub, NULL))
562 && TEST_ptr(privctx = EVP_PKEY_CTX_new_from_pkey(libctx, priv, NULL))
563 /* Test setting kem op before the init fails */
564 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx, "RSASVE"), -2)
565 /* Test NULL ctx passed */
af6171b3 566 && TEST_int_eq(EVP_PKEY_encapsulate_init(NULL, NULL), 0)
80f4fd18 567 && TEST_int_eq(EVP_PKEY_encapsulate(NULL, NULL, NULL, NULL, NULL), 0)
af6171b3 568 && TEST_int_eq(EVP_PKEY_decapsulate_init(NULL, NULL), 0)
80f4fd18
SL		 569 && TEST_int_eq(EVP_PKEY_decapsulate(NULL, NULL, NULL, NULL, 0), 0)
570 /* Test Invalid operation */
571 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, NULL, NULL, NULL), -1)
572 && TEST_int_eq(EVP_PKEY_decapsulate(privctx, NULL, NULL, NULL, 0), 0)
573 /* Wrong key component - no secret should be returned on failure */
af6171b3 574 && TEST_int_eq(EVP_PKEY_decapsulate_init(pubctx, NULL), 1)
80f4fd18
SL		 575 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx, "RSASVE"), 1)
576 && TEST_int_eq(EVP_PKEY_decapsulate(pubctx, secret, &secretlen, ct,
577 sizeof(ct)), 0)
578 && TEST_uchar_eq(secret[0], 0)
579 /* Test encapsulate fails if the mode is not set */
af6171b3 580 && TEST_int_eq(EVP_PKEY_encapsulate_init(pubctx, NULL), 1)
80f4fd18
SL		 581 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, ct, &ctlen, secret, &secretlen), -2)
582 /* Test setting a bad kem ops fail */
583 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx, "RSA"), 0)
584 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx, NULL), 0)
585 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(NULL, "RSASVE"), 0)
586 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(NULL, NULL), 0)
587 /* Test secretlen is optional */
588 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx, "RSASVE"), 1)
589 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, ct, &ctlen, secret, NULL), 1)
590 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, &ctlen, NULL, NULL), 1)
591 /* Test outlen is optional */
592 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, NULL, NULL, &secretlen), 1)
593 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, ct, NULL, secret, &secretlen), 1)
594 /* test that either len must be set if out is NULL */
595 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, NULL, NULL, NULL), 0)
596 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, &ctlen, NULL, NULL), 1)
597 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, NULL, NULL, &secretlen), 1)
598 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, &ctlen, NULL, &secretlen), 1)
599 /* Secret buffer should be set if there is an output buffer */
600 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, ct, &ctlen, NULL, NULL), 0)
601 /* Test that lengths are optional if ct is not NULL */
602 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, ct, NULL, secret, NULL), 1)
603 /* Pass if secret or secret length are not NULL */
af6171b3 604 && TEST_int_eq(EVP_PKEY_decapsulate_init(privctx, NULL), 1)
80f4fd18
SL		 605 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(privctx, "RSASVE"), 1)
606 && TEST_int_eq(EVP_PKEY_decapsulate(privctx, secret, NULL, ct, sizeof(ct)), 1)
607 && TEST_int_eq(EVP_PKEY_decapsulate(privctx, NULL, &secretlen, ct, sizeof(ct)), 1)
608 && TEST_int_eq(secretlen, 256)
609 /* Fail if passed NULL arguments */
610 && TEST_int_eq(EVP_PKEY_decapsulate(privctx, NULL, NULL, ct, sizeof(ct)), 0)
611 && TEST_int_eq(EVP_PKEY_decapsulate(privctx, secret, &secretlen, NULL, 0), 0)
612 && TEST_int_eq(EVP_PKEY_decapsulate(privctx, secret, &secretlen, NULL, sizeof(ct)), 0)
613 && TEST_int_eq(EVP_PKEY_decapsulate(privctx, secret, &secretlen, ct, 0), 0);
614
615 EVP_PKEY_free(pub);
616 EVP_PKEY_free(priv);
617 EVP_PKEY_CTX_free(pubctx);
618 EVP_PKEY_CTX_free(privctx);
619 return ret;
620}
621
622#ifndef OPENSSL_NO_DH
623static EVP_PKEY *gen_dh_key(void)
624{
625 EVP_PKEY_CTX *gctx = NULL;
626 EVP_PKEY *pkey = NULL;
627 OSSL_PARAM params[2];
628
629 params[0] = OSSL_PARAM_construct_utf8_string("group", "ffdhe2048", 0);
630 params[1] = OSSL_PARAM_construct_end();
631
632 if (!TEST_ptr(gctx = EVP_PKEY_CTX_new_from_name(libctx, "DH", NULL))
633 || !TEST_true(EVP_PKEY_keygen_init(gctx))
634 || !TEST_true(EVP_PKEY_CTX_set_params(gctx, params))
635 || !TEST_true(EVP_PKEY_keygen(gctx, &pkey)))
636 goto err;
637err:
638 EVP_PKEY_CTX_free(gctx);
639 return pkey;
640}
641
642/* Fail if we try to use a dh key */
643static int kem_invalid_keytype(void)
644{
645 int ret = 0;
646 EVP_PKEY *key = NULL;
647 EVP_PKEY_CTX *sctx = NULL;
648
649 if (!TEST_ptr(key = gen_dh_key()))
650 goto done;
651
652 if (!TEST_ptr(sctx = EVP_PKEY_CTX_new_from_pkey(libctx, key, NULL)))
653 goto done;
af6171b3 654 if (!TEST_int_eq(EVP_PKEY_encapsulate_init(sctx, NULL), -2))
80f4fd18
SL		 655 goto done;
656
657 ret = 1;
658done:
659 EVP_PKEY_free(key);
660 EVP_PKEY_CTX_free(sctx);
661 return ret;
662}
663#endif /* OPENSSL_NO_DH */
664
63794b04
SL		 665int setup_tests(void)
666{
667 const char *prov_name = "default";
668 char *config_file = NULL;
669 OPTION_CHOICE o;
670
671 while ((o = opt_next()) != OPT_EOF) {
672 switch (o) {
673 case OPT_PROVIDER_NAME:
674 prov_name = opt_arg();
675 break;
676 case OPT_CONFIG_FILE:
677 config_file = opt_arg();
678 break;
679 case OPT_TEST_CASES:
680 break;
681 default:
682 case OPT_ERR:
683 return 0;
684 }
685 }
686
bca7ad6e 687 if (!test_get_libctx(&libctx, &nullprov, config_file, &libprov, prov_name))
63794b04
SL		 688 return 0;
689
fcdd228b 690#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DH)
63794b04
SL		 691 ADD_ALL_TESTS(test_dsa_param_keygen, 3 * 3 * 3);
692#endif
693#ifndef OPENSSL_NO_DH
694 ADD_ALL_TESTS(test_dh_safeprime_param_keygen, 3 * 3 * 3);
116d2510 695 ADD_TEST(dhx_cert_load);
63794b04 696#endif
90409da6 697
6c9bc258 698 if (!TEST_ptr(cipher_names = sk_OPENSSL_STRING_new(name_cmp)))
90409da6
SL		 699 return 0;
700 EVP_CIPHER_do_all_provided(libctx, collect_cipher_names, cipher_names);
701
6c9bc258 702 ADD_ALL_TESTS(test_cipher_reinit, sk_OPENSSL_STRING_num(cipher_names));
914f97ee 703 ADD_ALL_TESTS(test_cipher_reinit_partialupdate,
6c9bc258 704 sk_OPENSSL_STRING_num(cipher_names));
80f4fd18
SL		 705 ADD_TEST(kem_rsa_gen_recover);
706 ADD_TEST(kem_rsa_params);
707#ifndef OPENSSL_NO_DH
708 ADD_TEST(kem_invalid_keytype);
709#endif
63794b04
SL		 710 return 1;
711}
712
6c9bc258
TM		 713/* Because OPENSSL_free is a macro, it can't be passed as a function pointer */
714static void string_free(char *m)
715{
716 OPENSSL_free(m);
717}
718
63794b04
SL		 719void cleanup_tests(void)
720{
6c9bc258 721 sk_OPENSSL_STRING_pop_free(cipher_names, string_free);
63794b04 722 OSSL_PROVIDER_unload(libprov);
b4250010 723 OSSL_LIB_CTX_free(libctx);
63794b04
SL		 724 OSSL_PROVIDER_unload(nullprov);
725}
A mirror of the official openssl repository