2 * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the OpenSSL license (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
11 #include <openssl/evp.h>
12 #include <openssl/kdf.h>
13 #include "internal/nelem.h"
14 #include "self_test.h"
15 #include "self_test_data.inc"
17 static int self_test_digest(const ST_KAT_DIGEST
*t
, OSSL_ST_EVENT
*event
,
21 unsigned char out
[EVP_MAX_MD_SIZE
];
22 unsigned int out_len
= 0;
23 EVP_MD_CTX
*ctx
= EVP_MD_CTX_new();
24 EVP_MD
*md
= EVP_MD_fetch(libctx
, t
->algorithm
, NULL
);
26 SELF_TEST_EVENT_onbegin(event
, OSSL_SELF_TEST_TYPE_KAT_DIGEST
, t
->desc
);
30 || !EVP_DigestInit_ex(ctx
, md
, NULL
)
31 || !EVP_DigestUpdate(ctx
, t
->pt
, t
->pt_len
)
32 || !EVP_DigestFinal(ctx
, out
, &out_len
))
35 /* Optional corruption */
36 SELF_TEST_EVENT_oncorrupt_byte(event
, out
);
38 if (out_len
!= t
->expected_len
39 || memcmp(out
, t
->expected
, out_len
) != 0)
43 SELF_TEST_EVENT_onend(event
, ok
);
51 * Helper function to setup a EVP_CipherInit
52 * Used to hide the complexity of Authenticated ciphers.
54 static int cipher_init(EVP_CIPHER_CTX
*ctx
, const EVP_CIPHER
*cipher
,
55 const ST_KAT_CIPHER
*t
, int enc
)
57 unsigned char *in_tag
= NULL
;
60 /* Flag required for Key wrapping */
61 EVP_CIPHER_CTX_set_flags(ctx
, EVP_CIPHER_CTX_FLAG_WRAP_ALLOW
);
63 /* Use a normal cipher init */
64 return EVP_CipherInit_ex(ctx
, cipher
, NULL
, t
->key
, t
->iv
, enc
)
65 && EVP_CIPHER_CTX_set_padding(ctx
, pad
);
68 /* The authenticated cipher init */
70 in_tag
= (unsigned char *)t
->tag
;
72 return EVP_CipherInit_ex(ctx
, cipher
, NULL
, NULL
, NULL
, enc
)
73 && EVP_CIPHER_CTX_ctrl(ctx
, EVP_CTRL_AEAD_SET_IVLEN
, t
->iv_len
, NULL
)
75 || EVP_CIPHER_CTX_ctrl(ctx
, EVP_CTRL_AEAD_SET_TAG
, t
->tag_len
,
77 && EVP_CipherInit_ex(ctx
, NULL
, NULL
, t
->key
, t
->iv
, enc
)
78 && EVP_CIPHER_CTX_set_padding(ctx
, pad
)
79 && EVP_CipherUpdate(ctx
, NULL
, &tmp
, t
->aad
, t
->aad_len
);
82 /* Test a single KAT for encrypt/decrypt */
83 static int self_test_cipher(const ST_KAT_CIPHER
*t
, OSSL_ST_EVENT
*event
,
86 int ret
= 0, encrypt
= 1, len
, ct_len
= 0, pt_len
= 0;
87 EVP_CIPHER_CTX
*ctx
= NULL
;
88 EVP_CIPHER
*cipher
= NULL
;
89 unsigned char ct_buf
[256] = { 0 };
90 unsigned char pt_buf
[256] = { 0 };
92 SELF_TEST_EVENT_onbegin(event
, OSSL_SELF_TEST_TYPE_KAT_CIPHER
, t
->base
.desc
);
94 ctx
= EVP_CIPHER_CTX_new();
97 cipher
= EVP_CIPHER_fetch(libctx
, t
->base
.algorithm
, "");
101 /* Encrypt plain text message */
102 if (!cipher_init(ctx
, cipher
, t
, encrypt
)
103 || !EVP_CipherUpdate(ctx
, ct_buf
, &len
, t
->base
.pt
, t
->base
.pt_len
)
104 || !EVP_CipherFinal_ex(ctx
, ct_buf
+ len
, &ct_len
))
107 SELF_TEST_EVENT_oncorrupt_byte(event
, ct_buf
);
109 if (ct_len
!= (int)t
->base
.expected_len
110 || memcmp(t
->base
.expected
, ct_buf
, ct_len
) != 0)
113 if (t
->tag
!= NULL
) {
114 unsigned char tag
[16] = { 0 };
116 if (!EVP_CIPHER_CTX_ctrl(ctx
, EVP_CTRL_AEAD_GET_TAG
, t
->tag_len
, tag
)
117 || memcmp(tag
, t
->tag
, t
->tag_len
) != 0)
121 if (!(cipher_init(ctx
, cipher
, t
, !encrypt
)
122 && EVP_CipherUpdate(ctx
, pt_buf
, &len
, ct_buf
, ct_len
)
123 && EVP_CipherFinal_ex(ctx
, pt_buf
+ len
, &pt_len
)))
127 if (pt_len
!= (int)t
->base
.pt_len
128 || memcmp(pt_buf
, t
->base
.pt
, pt_len
) != 0)
133 EVP_CIPHER_free(cipher
);
134 EVP_CIPHER_CTX_free(ctx
);
135 SELF_TEST_EVENT_onend(event
, ret
);
139 static int self_test_kdf(const ST_KAT_KDF
*t
, OSSL_ST_EVENT
*event
,
144 unsigned char out
[64];
146 EVP_KDF_CTX
*ctx
= NULL
;
147 OSSL_PARAM params
[16];
148 const OSSL_PARAM
*settables
= NULL
;
150 SELF_TEST_EVENT_onbegin(event
, OSSL_SELF_TEST_TYPE_KAT_KDF
, t
->desc
);
152 kdf
= EVP_KDF_fetch(libctx
, t
->algorithm
, "");
153 ctx
= EVP_KDF_CTX_new(kdf
);
157 settables
= EVP_KDF_settable_ctx_params(kdf
);
158 for (i
= 0; t
->ctrls
[i
].name
!= NULL
; ++i
) {
159 if (!OSSL_PARAM_allocate_from_text(¶ms
[i
], settables
,
162 strlen(t
->ctrls
[i
].value
)))
165 params
[i
] = OSSL_PARAM_construct_end();
166 if (!EVP_KDF_CTX_set_params(ctx
, params
))
169 if (t
->expected_len
> sizeof(out
))
171 if (EVP_KDF_derive(ctx
, out
, t
->expected_len
) <= 0)
174 SELF_TEST_EVENT_oncorrupt_byte(event
, out
);
176 if (memcmp(out
, t
->expected
, t
->expected_len
) != 0)
181 for (i
= 0; params
[i
].key
!= NULL
; ++i
)
182 OPENSSL_free(params
[i
].data
);
184 EVP_KDF_CTX_free(ctx
);
185 SELF_TEST_EVENT_onend(event
, ret
);
190 * Test a data driven list of KAT's for digest algorithms.
191 * All tests are run regardless of if they fail or not.
192 * Return 0 if any test fails.
194 static int self_test_digests(OSSL_ST_EVENT
*event
, OPENSSL_CTX
*libctx
)
198 for (i
= 0; i
< (int)OSSL_NELEM(st_kat_digest_tests
); ++i
) {
199 if (!self_test_digest(&st_kat_digest_tests
[i
], event
, libctx
))
205 static int self_test_ciphers(OSSL_ST_EVENT
*event
, OPENSSL_CTX
*libctx
)
209 for (i
= 0; i
< (int)OSSL_NELEM(st_kat_cipher_tests
); ++i
) {
210 if (!self_test_cipher(&st_kat_cipher_tests
[i
], event
, libctx
))
216 static int self_test_kdfs(OSSL_ST_EVENT
*event
, OPENSSL_CTX
*libctx
)
220 for (i
= 0; i
< (int)OSSL_NELEM(st_kat_kdf_tests
); ++i
) {
221 if (!self_test_kdf(&st_kat_kdf_tests
[i
], event
, libctx
))
228 * Run the algorithm KAT's.
229 * Return 1 is successful, otherwise return 0.
230 * This runs all the tests regardless of if any fail.
232 * TODO(3.0) Add self tests for KA, DRBG, Sign/Verify when they become available
234 int SELF_TEST_kats(OSSL_ST_EVENT
*event
, OPENSSL_CTX
*libctx
)
238 if (!self_test_digests(event
, libctx
))
240 if (!self_test_ciphers(event
, libctx
))
242 if (!self_test_kdfs(event
, libctx
))