]> git.ipfire.org Git - thirdparty/openssl.git/blob - providers/fips/self_test_kats.c
projects / thirdparty / openssl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Revert "kdf: make function naming consistent."
[thirdparty/openssl.git] / providers / fips / self_test_kats.c
1 /*
2 * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 #include <string.h>
11 #include <openssl/evp.h>
12 #include <openssl/kdf.h>
13 #include <openssl/core_names.h>
14 #include <openssl/param_build.h>
15 #include "internal/cryptlib.h"
16 #include "internal/nelem.h"
17 #include "self_test.h"
18 #include "self_test_data.inc"
19
20 static int self_test_digest(const ST_KAT_DIGEST *t, OSSL_SELF_TEST *st,
21 OPENSSL_CTX *libctx)
22 {
23 int ok = 0;
24 unsigned char out[EVP_MAX_MD_SIZE];
25 unsigned int out_len = 0;
26 EVP_MD_CTX *ctx = EVP_MD_CTX_new();
27 EVP_MD *md = EVP_MD_fetch(libctx, t->algorithm, NULL);
28
29 OSSL_SELF_TEST_onbegin(st, OSSL_SELF_TEST_TYPE_KAT_DIGEST, t->desc);
30
31 if (ctx == NULL
32 || md == NULL
33 || !EVP_DigestInit_ex(ctx, md, NULL)
34 || !EVP_DigestUpdate(ctx, t->pt, t->pt_len)
35 || !EVP_DigestFinal(ctx, out, &out_len))
36 goto err;
37
38 /* Optional corruption */
39 OSSL_SELF_TEST_oncorrupt_byte(st, out);
40
41 if (out_len != t->expected_len
42 || memcmp(out, t->expected, out_len) != 0)
43 goto err;
44 ok = 1;
45 err:
46 EVP_MD_free(md);
47 EVP_MD_CTX_free(ctx);
48 OSSL_SELF_TEST_onend(st, ok);
49 return ok;
50 }
51
52 /*
53 * Helper function to setup a EVP_CipherInit
54 * Used to hide the complexity of Authenticated ciphers.
55 */
56 static int cipher_init(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
57 const ST_KAT_CIPHER *t, int enc)
58 {
59 unsigned char *in_tag = NULL;
60 int pad = 0, tmp;
61
62 /* Flag required for Key wrapping */
63 EVP_CIPHER_CTX_set_flags(ctx, EVP_CIPHER_CTX_FLAG_WRAP_ALLOW);
64 if (t->tag == NULL) {
65 /* Use a normal cipher init */
66 return EVP_CipherInit_ex(ctx, cipher, NULL, t->key, t->iv, enc)
67 && EVP_CIPHER_CTX_set_padding(ctx, pad);
68 }
69
70 /* The authenticated cipher init */
71 if (!enc)
72 in_tag = (unsigned char *)t->tag;
73
74 return EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc)
75 && EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, t->iv_len, NULL)
76 && (in_tag == NULL
77 || EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, t->tag_len,
78 in_tag))
79 && EVP_CipherInit_ex(ctx, NULL, NULL, t->key, t->iv, enc)
80 && EVP_CIPHER_CTX_set_padding(ctx, pad)
81 && EVP_CipherUpdate(ctx, NULL, &tmp, t->aad, t->aad_len);
82 }
83
84 /* Test a single KAT for encrypt/decrypt */
85 static int self_test_cipher(const ST_KAT_CIPHER *t, OSSL_SELF_TEST *st,
86 OPENSSL_CTX *libctx)
87 {
88 int ret = 0, encrypt = 1, len, ct_len = 0, pt_len = 0;
89 EVP_CIPHER_CTX *ctx = NULL;
90 EVP_CIPHER *cipher = NULL;
91 unsigned char ct_buf[256] = { 0 };
92 unsigned char pt_buf[256] = { 0 };
93
94 OSSL_SELF_TEST_onbegin(st, OSSL_SELF_TEST_TYPE_KAT_CIPHER, t->base.desc);
95
96 ctx = EVP_CIPHER_CTX_new();
97 if (ctx == NULL)
98 goto err;
99 cipher = EVP_CIPHER_fetch(libctx, t->base.algorithm, "");
100 if (cipher == NULL)
101 goto err;
102
103 /* Encrypt plain text message */
104 if (!cipher_init(ctx, cipher, t, encrypt)
105 || !EVP_CipherUpdate(ctx, ct_buf, &len, t->base.pt, t->base.pt_len)
106 || !EVP_CipherFinal_ex(ctx, ct_buf + len, &ct_len))
107 goto err;
108
109 OSSL_SELF_TEST_oncorrupt_byte(st, ct_buf);
110 ct_len += len;
111 if (ct_len != (int)t->base.expected_len
112 || memcmp(t->base.expected, ct_buf, ct_len) != 0)
113 goto err;
114
115 if (t->tag != NULL) {
116 unsigned char tag[16] = { 0 };
117
118 if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, t->tag_len, tag)
119 || memcmp(tag, t->tag, t->tag_len) != 0)
120 goto err;
121 }
122
123 if (!(cipher_init(ctx, cipher, t, !encrypt)
124 && EVP_CipherUpdate(ctx, pt_buf, &len, ct_buf, ct_len)
125 && EVP_CipherFinal_ex(ctx, pt_buf + len, &pt_len)))
126 goto err;
127 pt_len += len;
128
129 if (pt_len != (int)t->base.pt_len
130 || memcmp(pt_buf, t->base.pt, pt_len) != 0)
131 goto err;
132
133 ret = 1;
134 err:
135 EVP_CIPHER_free(cipher);
136 EVP_CIPHER_CTX_free(ctx);
137 OSSL_SELF_TEST_onend(st, ret);
138 return ret;
139 }
140
141 static int add_params(OSSL_PARAM_BLD *bld, const ST_KAT_PARAM *params,
142 BN_CTX *ctx)
143 {
144 int ret = 0;
145 const ST_KAT_PARAM *p;
146
147 if (params == NULL)
148 return 1;
149 for (p = params; p->data != NULL; ++p)
150 {
151 switch (p->type) {
152 case OSSL_PARAM_UNSIGNED_INTEGER: {
153 BIGNUM *bn = BN_CTX_get(ctx);
154
155 if (bn == NULL
156 || (BN_bin2bn(p->data, p->data_len, bn) == NULL)
157 || !OSSL_PARAM_BLD_push_BN(bld, p->name, bn))
158 goto err;
159 break;
160 }
161 case OSSL_PARAM_UTF8_STRING: {
162 if (!OSSL_PARAM_BLD_push_utf8_string(bld, p->name, p->data, 0))
163 goto err;
164 break;
165 }
166 case OSSL_PARAM_OCTET_STRING: {
167 if (!OSSL_PARAM_BLD_push_octet_string(bld, p->name, p->data,
168 p->data_len))
169 goto err;
170 break;
171 }
172 default:
173 break;
174 }
175 }
176 ret = 1;
177 err:
178 return ret;
179 }
180
181 static int self_test_kdf(const ST_KAT_KDF *t, OSSL_SELF_TEST *st,
182 OPENSSL_CTX *libctx)
183 {
184 int ret = 0;
185 unsigned char out[64];
186 EVP_KDF *kdf = NULL;
187 EVP_KDF_CTX *ctx = NULL;
188 BN_CTX *bnctx = NULL;
189 OSSL_PARAM *params = NULL;
190 OSSL_PARAM_BLD *bld = NULL;
191
192 OSSL_SELF_TEST_onbegin(st, OSSL_SELF_TEST_TYPE_KAT_KDF, t->desc);
193
194 bld = OSSL_PARAM_BLD_new();
195 if (bld == NULL)
196 goto err;
197
198 kdf = EVP_KDF_fetch(libctx, t->algorithm, "");
199 if (kdf == NULL)
200 goto err;
201
202 ctx = EVP_KDF_CTX_new(kdf);
203 if (ctx == NULL)
204 goto err;
205
206 bnctx = BN_CTX_new_ex(libctx);
207 if (bnctx == NULL)
208 goto err;
209 if (!add_params(bld, t->params, bnctx))
210 goto err;
211 params = OSSL_PARAM_BLD_to_param(bld);
212 if (params == NULL)
213 goto err;
214 if (!EVP_KDF_CTX_set_params(ctx, params))
215 goto err;
216
217 if (t->expected_len > sizeof(out))
218 goto err;
219 if (EVP_KDF_derive(ctx, out, t->expected_len) <= 0)
220 goto err;
221
222 OSSL_SELF_TEST_oncorrupt_byte(st, out);
223
224 if (memcmp(out, t->expected, t->expected_len) != 0)
225 goto err;
226
227 ret = 1;
228 err:
229 EVP_KDF_free(kdf);
230 EVP_KDF_CTX_free(ctx);
231 BN_CTX_free(bnctx);
232 OSSL_PARAM_BLD_free_params(params);
233 OSSL_PARAM_BLD_free(bld);
234 OSSL_SELF_TEST_onend(st, ret);
235 return ret;
236 }
237
238 static int self_test_drbg(const ST_KAT_DRBG *t, OSSL_SELF_TEST *st,
239 OPENSSL_CTX *libctx)
240 {
241 int ret = 0;
242 unsigned char out[256];
243 EVP_RAND *rand;
244 EVP_RAND_CTX *test = NULL, *drbg = NULL;
245 unsigned int strength = 256;
246 int prediction_resistance = 1; /* Causes a reseed */
247 OSSL_PARAM drbg_params[3] = {
248 OSSL_PARAM_END, OSSL_PARAM_END, OSSL_PARAM_END
249 };
250
251 OSSL_SELF_TEST_onbegin(st, OSSL_SELF_TEST_TYPE_DRBG, t->desc);
252
253 rand = EVP_RAND_fetch(libctx, "TEST-RAND", NULL);
254 if (rand == NULL)
255 goto err;
256
257 test = EVP_RAND_CTX_new(rand, NULL);
258 EVP_RAND_free(rand);
259 if (test == NULL)
260 goto err;
261
262 drbg_params[0] = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_STRENGTH,
263 &strength);
264 if (!EVP_RAND_set_ctx_params(test, drbg_params))
265 goto err;
266
267 rand = EVP_RAND_fetch(libctx, t->algorithm, NULL);
268 if (rand == NULL)
269 goto err;
270
271 drbg = EVP_RAND_CTX_new(rand, test);
272 EVP_RAND_free(rand);
273 if (drbg == NULL)
274 goto err;
275
276 strength = EVP_RAND_strength(drbg);
277
278 drbg_params[0] = OSSL_PARAM_construct_utf8_string(t->param_name,
279 t->param_value, 0);
280 /* This is only used by HMAC-DRBG but it is ignored by the others */
281 drbg_params[1] =
282 OSSL_PARAM_construct_utf8_string(OSSL_DRBG_PARAM_MAC, "HMAC", 0);
283 if (!EVP_RAND_set_ctx_params(drbg, drbg_params))
284 goto err;
285
286 drbg_params[0] =
287 OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY,
288 (void *)t->entropyin,
289 t->entropyinlen);
290 drbg_params[1] =
291 OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_NONCE,
292 (void *)t->nonce, t->noncelen);
293 if (!EVP_RAND_set_ctx_params(test, drbg_params)
294 || !EVP_RAND_instantiate(test, strength, 0, NULL, 0))
295 goto err;
296 if (!EVP_RAND_instantiate(drbg, strength, 0, t->persstr, t->persstrlen))
297 goto err;
298
299 drbg_params[0] =
300 OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY,
301 (void *)t->entropyinpr1,
302 t->entropyinpr1len);
303 if (!EVP_RAND_set_ctx_params(test, drbg_params))
304 goto err;
305
306 if (!EVP_RAND_generate(drbg, out, t->expectedlen, strength,
307 prediction_resistance,
308 t->entropyaddin1, t->entropyaddin1len))
309 goto err;
310
311 drbg_params[0] =
312 OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY,
313 (void *)t->entropyinpr2,
314 t->entropyinpr2len);
315 if (!EVP_RAND_set_ctx_params(test, drbg_params))
316 goto err;
317
318 /* This calls RAND_DRBG_reseed() internally when prediction_resistance = 1 */
319 if (!EVP_RAND_generate(drbg, out, t->expectedlen, strength,
320 prediction_resistance,
321 t->entropyaddin2, t->entropyaddin2len))
322 goto err;
323
324 OSSL_SELF_TEST_oncorrupt_byte(st, out);
325
326 if (memcmp(out, t->expected, t->expectedlen) != 0)
327 goto err;
328
329 if (!EVP_RAND_uninstantiate(drbg))
330 goto err;
331 /*
332 * Check that the DRBG data has been zeroized after RAND_DRBG_uninstantiate.
333 */
334 if (!EVP_RAND_verify_zeroization(drbg))
335 goto err;
336
337 ret = 1;
338 err:
339 EVP_RAND_CTX_free(drbg);
340 EVP_RAND_CTX_free(test);
341 OSSL_SELF_TEST_onend(st, ret);
342 return ret;
343 }
344
345
346
347 static int self_test_ka(const ST_KAT_KAS *t,
348 OSSL_SELF_TEST *st, OPENSSL_CTX *libctx)
349 {
350 int ret = 0;
351 EVP_PKEY_CTX *kactx = NULL, *dctx = NULL;
352 EVP_PKEY *pkey = NULL, *peerkey = NULL;
353 OSSL_PARAM *params = NULL;
354 OSSL_PARAM *params_peer = NULL;
355 unsigned char secret[256];
356 size_t secret_len;
357 OSSL_PARAM_BLD *bld = NULL;
358 BN_CTX *bnctx = NULL;
359
360 OSSL_SELF_TEST_onbegin(st, OSSL_SELF_TEST_TYPE_KAT_KA, t->desc);
361
362 bnctx = BN_CTX_new_ex(libctx);
363 if (bnctx == NULL)
364 goto err;
365
366 bld = OSSL_PARAM_BLD_new();
367 if (bld == NULL)
368 goto err;
369
370 if (!add_params(bld, t->key_group, bnctx)
371 || !add_params(bld, t->key_host_data, bnctx))
372 goto err;
373 params = OSSL_PARAM_BLD_to_param(bld);
374
375 if (!add_params(bld, t->key_group, bnctx)
376 || !add_params(bld, t->key_peer_data, bnctx))
377 goto err;
378
379 params_peer = OSSL_PARAM_BLD_to_param(bld);
380 if (params == NULL || params_peer == NULL)
381 goto err;
382
383 /* Create a EVP_PKEY_CTX to load the DH keys into */
384 kactx = EVP_PKEY_CTX_new_from_name(libctx, t->algorithm, "");
385 if (kactx == NULL)
386 goto err;
387 if (EVP_PKEY_key_fromdata_init(kactx) <= 0
388 || EVP_PKEY_fromdata(kactx, &pkey, params) <= 0)
389 goto err;
390 if (EVP_PKEY_key_fromdata_init(kactx) <= 0
391 || EVP_PKEY_fromdata(kactx, &peerkey, params_peer) <= 0)
392 goto err;
393
394 /* Create a EVP_PKEY_CTX to perform key derivation */
395 dctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, NULL);
396 if (dctx == NULL)
397 goto err;
398
399 if (EVP_PKEY_derive_init(dctx) <= 0
400 || EVP_PKEY_derive_set_peer(dctx, peerkey) <= 0
401 || EVP_PKEY_derive(dctx, secret, &secret_len) <= 0)
402 goto err;
403
404 OSSL_SELF_TEST_oncorrupt_byte(st, secret);
405
406 if (secret_len != t->expected_len
407 || memcmp(secret, t->expected, t->expected_len) != 0)
408 goto err;
409 ret = 1;
410 err:
411 BN_CTX_free(bnctx);
412 EVP_PKEY_free(pkey);
413 EVP_PKEY_free(peerkey);
414 EVP_PKEY_CTX_free(kactx);
415 EVP_PKEY_CTX_free(dctx);
416 OSSL_PARAM_BLD_free_params(params_peer);
417 OSSL_PARAM_BLD_free_params(params);
418 OSSL_PARAM_BLD_free(bld);
419 OSSL_SELF_TEST_onend(st, ret);
420 return ret;
421 }
422
423 static int self_test_sign(const ST_KAT_SIGN *t,
424 OSSL_SELF_TEST *st, OPENSSL_CTX *libctx)
425 {
426 int ret = 0;
427 OSSL_PARAM *params = NULL, *params_sig = NULL;
428 OSSL_PARAM_BLD *bld = NULL;
429 EVP_PKEY_CTX *sctx = NULL, *kctx = NULL;
430 EVP_PKEY *pkey = NULL;
431 unsigned char sig[256];
432 BN_CTX *bnctx = NULL;
433 size_t siglen = 0;
434 static const unsigned char dgst[] = {
435 0x7f, 0x83, 0xb1, 0x65, 0x7f, 0xf1, 0xfc, 0x53, 0xb9, 0x2d, 0xc1, 0x81,
436 0x48, 0xa1, 0xd6, 0x5d, 0xfc, 0x2d, 0x4b, 0x1f, 0xa3, 0xd6, 0x77, 0x28,
437 0x4a, 0xdd, 0xd2, 0x00, 0x12, 0x6d, 0x90, 0x69
438 };
439
440 OSSL_SELF_TEST_onbegin(st, OSSL_SELF_TEST_TYPE_KAT_SIGNATURE, t->desc);
441
442 bnctx = BN_CTX_new_ex(libctx);
443 if (bnctx == NULL)
444 goto err;
445
446 bld = OSSL_PARAM_BLD_new();
447 if (bld == NULL)
448 goto err;
449
450 if (!add_params(bld, t->key, bnctx))
451 goto err;
452 params = OSSL_PARAM_BLD_to_param(bld);
453
454 /* Create a EVP_PKEY_CTX to load the DSA key into */
455 kctx = EVP_PKEY_CTX_new_from_name(libctx, t->algorithm, "");
456 if (kctx == NULL || params == NULL)
457 goto err;
458 if (EVP_PKEY_key_fromdata_init(kctx) <= 0
459 || EVP_PKEY_fromdata(kctx, &pkey, params) <= 0)
460 goto err;
461
462 /* Create a EVP_PKEY_CTX to use for the signing operation */
463 sctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, NULL);
464 if (sctx == NULL
465 || EVP_PKEY_sign_init(sctx) <= 0)
466 goto err;
467
468 /* set signature parameters */
469 if (!OSSL_PARAM_BLD_push_utf8_string(bld, OSSL_SIGNATURE_PARAM_DIGEST,
470 t->mdalgorithm,
471 strlen(t->mdalgorithm) + 1))
472 goto err;
473 params_sig = OSSL_PARAM_BLD_to_param(bld);
474 if (EVP_PKEY_CTX_set_params(sctx, params_sig) <= 0)
475 goto err;
476
477 if (EVP_PKEY_sign(sctx, sig, &siglen, dgst, sizeof(dgst)) <= 0
478 || EVP_PKEY_verify_init(sctx) <= 0
479 || EVP_PKEY_CTX_set_params(sctx, params_sig) <= 0)
480 goto err;
481
482 /*
483 * Used by RSA, for other key types where the signature changes, we
484 * can only use the verify.
485 */
486 if (t->sig_expected != NULL
487 && (siglen != t->sig_expected_len
488 || memcmp(sig, t->sig_expected, t->sig_expected_len) != 0))
489 goto err;
490
491 OSSL_SELF_TEST_oncorrupt_byte(st, sig);
492 if (EVP_PKEY_verify(sctx, sig, siglen, dgst, sizeof(dgst)) <= 0)
493 goto err;
494 ret = 1;
495 err:
496 BN_CTX_free(bnctx);
497 EVP_PKEY_free(pkey);
498 EVP_PKEY_CTX_free(kctx);
499 EVP_PKEY_CTX_free(sctx);
500 OSSL_PARAM_BLD_free_params(params);
501 OSSL_PARAM_BLD_free_params(params_sig);
502 OSSL_PARAM_BLD_free(bld);
503 OSSL_SELF_TEST_onend(st, ret);
504 return ret;
505 }
506
507 /*
508 * Test a data driven list of KAT's for digest algorithms.
509 * All tests are run regardless of if they fail or not.
510 * Return 0 if any test fails.
511 */
512 static int self_test_digests(OSSL_SELF_TEST *st, OPENSSL_CTX *libctx)
513 {
514 int i, ret = 1;
515
516 for (i = 0; i < (int)OSSL_NELEM(st_kat_digest_tests); ++i) {
517 if (!self_test_digest(&st_kat_digest_tests[i], st, libctx))
518 ret = 0;
519 }
520 return ret;
521 }
522
523 static int self_test_ciphers(OSSL_SELF_TEST *st, OPENSSL_CTX *libctx)
524 {
525 int i, ret = 1;
526
527 for (i = 0; i < (int)OSSL_NELEM(st_kat_cipher_tests); ++i) {
528 if (!self_test_cipher(&st_kat_cipher_tests[i], st, libctx))
529 ret = 0;
530 }
531 return ret;
532 }
533
534 static int self_test_kdfs(OSSL_SELF_TEST *st, OPENSSL_CTX *libctx)
535 {
536 int i, ret = 1;
537
538 for (i = 0; i < (int)OSSL_NELEM(st_kat_kdf_tests); ++i) {
539 if (!self_test_kdf(&st_kat_kdf_tests[i], st, libctx))
540 ret = 0;
541 }
542 return ret;
543 }
544
545 static int self_test_drbgs(OSSL_SELF_TEST *st, OPENSSL_CTX *libctx)
546 {
547 int i, ret = 1;
548
549 for (i = 0; i < (int)OSSL_NELEM(st_kat_drbg_tests); ++i) {
550 if (!self_test_drbg(&st_kat_drbg_tests[i], st, libctx))
551 ret = 0;
552 }
553 return ret;
554 }
555
556 static int self_test_kas(OSSL_SELF_TEST *st, OPENSSL_CTX *libctx)
557 {
558 int i, ret = 1;
559
560 for (i = 0; i < (int)OSSL_NELEM(st_kat_kas_tests); ++i) {
561 if (!self_test_ka(&st_kat_kas_tests[i], st, libctx))
562 ret = 0;
563 }
564 return ret;
565 }
566
567 static int self_test_signatures(OSSL_SELF_TEST *st, OPENSSL_CTX *libctx)
568 {
569 int i, ret = 1;
570
571 for (i = 0; i < (int)OSSL_NELEM(st_kat_sign_tests); ++i) {
572 if (!self_test_sign(&st_kat_sign_tests[i], st, libctx))
573 ret = 0;
574 }
575 return ret;
576 }
577
578 /*
579 * Run the algorithm KAT's.
580 * Return 1 is successful, otherwise return 0.
581 * This runs all the tests regardless of if any fail.
582 */
583 int SELF_TEST_kats(OSSL_SELF_TEST *st, OPENSSL_CTX *libctx)
584 {
585 int ret = 1;
586
587 if (!self_test_digests(st, libctx))
588 ret = 0;
589 if (!self_test_ciphers(st, libctx))
590 ret = 0;
591 if (!self_test_signatures(st, libctx))
592 ret = 0;
593 if (!self_test_kdfs(st, libctx))
594 ret = 0;
595 if (!self_test_drbgs(st, libctx))
596 ret = 0;
597 if (!self_test_kas(st, libctx))
598 ret = 0;
599
600 return ret;
601 }
A mirror of the official openssl repository