]> git.ipfire.org Git - thirdparty/openssl.git/blob - test/acvp_test.c
projects / thirdparty / openssl.git / blob
? search:


3d4214c7844f2d0b20b0ea9cecf029c7805d92c0
[thirdparty/openssl.git] / test / acvp_test.c
1 /*
2 * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 /*
11 * A set of tests demonstrating uses cases for CAVS/ACVP testing.
12 *
13 * For examples of testing KDF's, Digests, KeyAgreement & DRBG's refer to
14 * providers/fips/self_test_kats.c
15 */
16
17 #include <string.h>
18 #include <openssl/opensslconf.h> /* To see if OPENSSL_NO_EC is defined */
19 #include <openssl/core_names.h>
20 #include <openssl/evp.h>
21 #include <openssl/ec.h>
22 #include <openssl/dh.h>
23 #include <openssl/dsa.h>
24 #include <openssl/rsa.h>
25 #include <openssl/param_build.h>
26 #include <openssl/provider.h>
27 #include <openssl/self_test.h>
28 #include "testutil.h"
29 #include "testutil/output.h"
30 #include "acvp_test.inc"
31 #include "internal/nelem.h"
32
33 typedef enum OPTION_choice {
34 OPT_ERR = -1,
35 OPT_EOF = 0,
36 OPT_CONFIG_FILE,
37 OPT_TEST_ENUM
38 } OPTION_CHOICE;
39
40 typedef struct st_args {
41 int enable;
42 int called;
43 } SELF_TEST_ARGS;
44
45 static OSSL_PROVIDER *prov_null = NULL;
46 static OSSL_LIB_CTX *libctx = NULL;
47 static SELF_TEST_ARGS self_test_args = { 0 };
48 static OSSL_CALLBACK self_test_events;
49
50 const OPTIONS *test_get_options(void)
51 {
52 static const OPTIONS test_options[] = {
53 OPT_TEST_OPTIONS_DEFAULT_USAGE,
54 { "config", OPT_CONFIG_FILE, '<',
55 "The configuration file to use for the libctx" },
56 { NULL }
57 };
58 return test_options;
59 }
60
61 static int pkey_get_bn_bytes(EVP_PKEY *pkey, const char *name,
62 unsigned char **out, size_t *out_len)
63 {
64 unsigned char *buf = NULL;
65 BIGNUM *bn = NULL;
66 int sz;
67
68 if (!EVP_PKEY_get_bn_param(pkey, name, &bn))
69 goto err;
70 sz = BN_num_bytes(bn);
71 buf = OPENSSL_zalloc(sz);
72 if (buf == NULL)
73 goto err;
74 if (!BN_bn2binpad(bn, buf, sz))
75 goto err;
76
77 *out_len = sz;
78 *out = buf;
79 BN_free(bn);
80 return 1;
81 err:
82 OPENSSL_free(buf);
83 BN_free(bn);
84 return 0;
85 }
86
87 static int sig_gen(EVP_PKEY *pkey, OSSL_PARAM *params, const char *digest_name,
88 const unsigned char *msg, size_t msg_len,
89 unsigned char **sig_out, size_t *sig_out_len)
90 {
91 int ret = 0;
92 EVP_MD_CTX *md_ctx = NULL;
93 unsigned char *sig = NULL;
94 size_t sig_len;
95 size_t sz = EVP_PKEY_size(pkey);
96
97 if (!TEST_ptr(sig = OPENSSL_malloc(sz))
98 || !TEST_ptr(md_ctx = EVP_MD_CTX_new())
99 || !TEST_int_eq(EVP_DigestSignInit_ex(md_ctx, NULL, digest_name, libctx,
100 NULL, pkey), 1)
101 || !TEST_int_gt(EVP_DigestSign(md_ctx, sig, &sig_len, msg, msg_len), 0))
102 goto err;
103 *sig_out = sig;
104 *sig_out_len = sig_len;
105 sig = NULL;
106 ret = 1;
107 err:
108 OPENSSL_free(sig);
109 EVP_MD_CTX_free(md_ctx);
110 return ret;
111 }
112
113 #ifndef OPENSSL_NO_EC
114 static int ecdsa_keygen_test(int id)
115 {
116 int ret = 0;
117 EVP_PKEY_CTX *ctx = NULL;
118 EVP_PKEY *pkey = NULL;
119 unsigned char *priv = NULL;
120 unsigned char *pubx = NULL, *puby = NULL;
121 size_t priv_len = 0, pubx_len = 0, puby_len = 0;
122 const struct ecdsa_keygen_st *tst = &ecdsa_keygen_data[id];
123
124 self_test_args.called = 0;
125 self_test_args.enable = 1;
126 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "EC", NULL))
127 || !TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
128 || !TEST_true(EVP_PKEY_CTX_set_group_name(ctx, tst->curve_name))
129 || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0)
130 || !TEST_int_eq(self_test_args.called, 3)
131 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_PRIV_KEY, &priv,
132 &priv_len))
133 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_EC_PUB_X, &pubx,
134 &pubx_len))
135 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_EC_PUB_Y, &puby,
136 &puby_len)))
137 goto err;
138
139 test_output_memory("qy", puby, puby_len);
140 test_output_memory("qx", pubx, pubx_len);
141 test_output_memory("d", priv, priv_len);
142 ret = 1;
143 err:
144 self_test_args.enable = 0;
145 self_test_args.called = 0;
146 OPENSSL_clear_free(priv, priv_len);
147 OPENSSL_free(pubx);
148 OPENSSL_free(puby);
149 EVP_PKEY_free(pkey);
150 EVP_PKEY_CTX_free(ctx);
151 return ret;
152 }
153
154 static int ecdsa_create_pkey(EVP_PKEY **pkey, const char *curve_name,
155 const unsigned char *pub, size_t pub_len,
156 int expected)
157 {
158 int ret = 0;
159 EVP_PKEY_CTX *ctx = NULL;
160 OSSL_PARAM_BLD *bld = NULL;
161 OSSL_PARAM *params = NULL;
162
163 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
164 || (curve_name != NULL
165 && !TEST_true(OSSL_PARAM_BLD_push_utf8_string(
166 bld, OSSL_PKEY_PARAM_GROUP_NAME, curve_name, 0) > 0))
167 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
168 OSSL_PKEY_PARAM_PUB_KEY,
169 pub, pub_len) > 0)
170 || !TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
171 || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "EC", NULL))
172 || !TEST_true(EVP_PKEY_key_fromdata_init(ctx))
173 || !TEST_int_eq(EVP_PKEY_fromdata(ctx, pkey, params), expected))
174 goto err;
175
176 ret = 1;
177 err:
178 OSSL_PARAM_BLD_free_params(params);
179 OSSL_PARAM_BLD_free(bld);
180 EVP_PKEY_CTX_free(ctx);
181 return ret;
182 }
183
184 static int ecdsa_pub_verify_test(int id)
185 {
186 const struct ecdsa_pub_verify_st *tst = &ecdsa_pv_data[id];
187
188 int ret = 0;
189 EVP_PKEY_CTX *key_ctx = NULL;
190 EVP_PKEY *pkey = NULL;
191
192 if (!TEST_true(ecdsa_create_pkey(&pkey, tst->curve_name,
193 tst->pub, tst->pub_len, tst->pass)))
194 goto err;
195
196 if (tst->pass) {
197 if (!TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, ""))
198 || !TEST_int_eq(EVP_PKEY_public_check(key_ctx), tst->pass))
199 goto err;
200 }
201 ret = 1;
202 err:
203 EVP_PKEY_free(pkey);
204 EVP_PKEY_CTX_free(key_ctx);
205 return ret;
206 }
207
208 /* Extract r and s from a ecdsa signature */
209 static int get_ecdsa_sig_rs_bytes(const unsigned char *sig, size_t sig_len,
210 unsigned char **r, unsigned char **s,
211 size_t *rlen, size_t *slen)
212 {
213 int ret = 0;
214 unsigned char *rbuf = NULL, *sbuf = NULL;
215 size_t r1_len, s1_len;
216 const BIGNUM *r1, *s1;
217 ECDSA_SIG *sign = d2i_ECDSA_SIG(NULL, &sig, sig_len);
218
219 if (sign == NULL)
220 return 0;
221 r1 = ECDSA_SIG_get0_r(sign);
222 s1 = ECDSA_SIG_get0_s(sign);
223 if (r1 == NULL || s1 == NULL)
224 return 0;
225
226 r1_len = BN_num_bytes(r1);
227 s1_len = BN_num_bytes(s1);
228 rbuf = OPENSSL_zalloc(r1_len);
229 sbuf = OPENSSL_zalloc(s1_len);
230 if (rbuf == NULL || sbuf == NULL)
231 goto err;
232 if (BN_bn2binpad(r1, rbuf, r1_len) <= 0)
233 goto err;
234 if (BN_bn2binpad(s1, sbuf, s1_len) <= 0)
235 goto err;
236 *r = rbuf;
237 *s = sbuf;
238 *rlen = r1_len;
239 *slen = s1_len;
240 ret = 1;
241 err:
242 if (ret == 0) {
243 OPENSSL_free(rbuf);
244 OPENSSL_free(sbuf);
245 }
246 ECDSA_SIG_free(sign);
247 return ret;
248 }
249
250 static int ecdsa_siggen_test(int id)
251 {
252 int ret = 0;
253 EVP_PKEY_CTX *ctx = NULL, *key_ctx = NULL;
254 EVP_PKEY *pkey = NULL;
255 size_t sig_len = 0, rlen = 0, slen = 0;
256 unsigned char *sig = NULL;
257 unsigned char *r = NULL, *s = NULL;
258 const struct ecdsa_siggen_st *tst = &ecdsa_siggen_data[id];
259
260 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "EC", NULL))
261 || !TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
262 || !TEST_true(EVP_PKEY_CTX_set_group_name(ctx, tst->curve_name))
263 || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0))
264 goto err;
265
266 if (!TEST_true(sig_gen(pkey, NULL, tst->digest_alg, tst->msg, tst->msg_len,
267 &sig, &sig_len))
268 || !TEST_true(get_ecdsa_sig_rs_bytes(sig, sig_len, &r, &s, &rlen, &slen)))
269 goto err;
270 test_output_memory("r", r, rlen);
271 test_output_memory("s", s, slen);
272 ret = 1;
273 err:
274 OPENSSL_free(r);
275 OPENSSL_free(s);
276 OPENSSL_free(sig);
277 EVP_PKEY_free(pkey);
278 EVP_PKEY_CTX_free(key_ctx);
279 EVP_PKEY_CTX_free(ctx);
280 return ret;
281 }
282
283 static int ecdsa_sigver_test(int id)
284 {
285 int ret = 0;
286 EVP_MD_CTX *md_ctx = NULL;
287 EVP_PKEY *pkey = NULL;
288 ECDSA_SIG *sign = NULL;
289 size_t sig_len;
290 unsigned char *sig = NULL;
291 BIGNUM *rbn = NULL, *sbn = NULL;
292 const struct ecdsa_sigver_st *tst = &ecdsa_sigver_data[id];
293
294 if (!TEST_true(ecdsa_create_pkey(&pkey, tst->curve_name,
295 tst->pub, tst->pub_len, 1)))
296 goto err;
297
298 if (!TEST_ptr(sign = ECDSA_SIG_new())
299 || !TEST_ptr(rbn = BN_bin2bn(tst->r, tst->r_len, NULL))
300 || !TEST_ptr(sbn = BN_bin2bn(tst->s, tst->s_len, NULL))
301 || !TEST_true(ECDSA_SIG_set0(sign, rbn, sbn)))
302 goto err;
303 rbn = sbn = NULL;
304
305 ret = TEST_int_gt((sig_len = i2d_ECDSA_SIG(sign, &sig)), 0)
306 && TEST_ptr(md_ctx = EVP_MD_CTX_new())
307 && TEST_true(EVP_DigestVerifyInit_ex(md_ctx, NULL, tst->digest_alg,
308 libctx, NULL, pkey)
309 && TEST_int_eq(EVP_DigestVerify(md_ctx, sig, sig_len,
310 tst->msg, tst->msg_len), tst->pass));
311 err:
312 BN_free(rbn);
313 BN_free(sbn);
314 OPENSSL_free(sig);
315 ECDSA_SIG_free(sign);
316 EVP_PKEY_free(pkey);
317 EVP_MD_CTX_free(md_ctx);
318 return ret;
319
320 }
321 #endif /* OPENSSL_NO_EC */
322
323 #ifndef OPENSSL_NO_DSA
324 static int pkey_get_octet_bytes(EVP_PKEY *pkey, const char *name,
325 unsigned char **out, size_t *out_len)
326 {
327 size_t len = 0;
328 unsigned char *buf = NULL;
329
330 if (!EVP_PKEY_get_octet_string_param(pkey, name, NULL, 0, &len))
331 goto err;
332
333 buf = OPENSSL_zalloc(len);
334 if (buf == NULL)
335 goto err;
336
337 if (!EVP_PKEY_get_octet_string_param(pkey, name, buf, len, out_len))
338 goto err;
339 *out = buf;
340 return 1;
341 err:
342 OPENSSL_free(buf);
343 return 0;
344 }
345
346 static EVP_PKEY *dsa_paramgen(int L, int N)
347 {
348 EVP_PKEY_CTX *paramgen_ctx = NULL;
349 EVP_PKEY *param_key = NULL;
350
351 if (!TEST_ptr(paramgen_ctx = EVP_PKEY_CTX_new_from_name(libctx, "DSA", NULL))
352 || !TEST_true(EVP_PKEY_paramgen_init(paramgen_ctx))
353 || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_bits(paramgen_ctx, L))
354 || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_q_bits(paramgen_ctx, N))
355 || !TEST_true(EVP_PKEY_paramgen(paramgen_ctx, &param_key)))
356 return NULL;
357 EVP_PKEY_CTX_free(paramgen_ctx);
358 return param_key;
359 }
360
361 static EVP_PKEY *dsa_keygen(int L, int N)
362 {
363 EVP_PKEY *param_key = NULL, *key = NULL;
364 EVP_PKEY_CTX *keygen_ctx = NULL;
365
366 if (!TEST_ptr(param_key = dsa_paramgen(L, N))
367 || !TEST_ptr(keygen_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, param_key,
368 NULL))
369 || !TEST_int_gt(EVP_PKEY_keygen_init(keygen_ctx), 0)
370 || !TEST_int_gt(EVP_PKEY_keygen(keygen_ctx, &key), 0))
371 goto err;
372 err:
373 EVP_PKEY_free(param_key);
374 EVP_PKEY_CTX_free(keygen_ctx);
375 return key;
376 }
377
378 static int dsa_keygen_test(int id)
379 {
380 int ret = 0, i;
381 EVP_PKEY_CTX *paramgen_ctx = NULL, *keygen_ctx = NULL;
382 EVP_PKEY *param_key = NULL, *key = NULL;
383 unsigned char *priv = NULL, *pub = NULL;
384 size_t priv_len = 0, pub_len = 0;
385 const struct dsa_paramgen_st *tst = &dsa_keygen_data[id];
386
387 if (!TEST_ptr(param_key = dsa_paramgen(tst->L, tst->N))
388 || !TEST_ptr(keygen_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, param_key,
389 NULL))
390 || !TEST_int_gt(EVP_PKEY_keygen_init(keygen_ctx), 0))
391 goto err;
392 for (i = 0; i < 2; ++i) {
393 if (!TEST_int_gt(EVP_PKEY_keygen(keygen_ctx, &key), 0)
394 || !TEST_true(pkey_get_bn_bytes(key, OSSL_PKEY_PARAM_PRIV_KEY,
395 &priv, &priv_len))
396 || !TEST_true(pkey_get_bn_bytes(key, OSSL_PKEY_PARAM_PUB_KEY,
397 &pub, &pub_len)))
398 goto err;
399 test_output_memory("y", pub, pub_len);
400 test_output_memory("x", priv, priv_len);
401 EVP_PKEY_free(key);
402 OPENSSL_clear_free(priv, priv_len);
403 OPENSSL_free(pub);
404 key = NULL;
405 pub = priv = NULL;
406 }
407 ret = 1;
408 err:
409 OPENSSL_clear_free(priv, priv_len);
410 OPENSSL_free(pub);
411 EVP_PKEY_free(param_key);
412 EVP_PKEY_free(key);
413 EVP_PKEY_CTX_free(keygen_ctx);
414 EVP_PKEY_CTX_free(paramgen_ctx);
415 return ret;
416 }
417
418 static int dsa_paramgen_test(int id)
419 {
420 int ret = 0, counter = 0;
421 EVP_PKEY_CTX *paramgen_ctx = NULL;
422 EVP_PKEY *param_key = NULL;
423 unsigned char *p = NULL, *q = NULL, *seed = NULL;
424 size_t plen = 0, qlen = 0, seedlen = 0;
425 const struct dsa_paramgen_st *tst = &dsa_paramgen_data[id];
426
427 if (!TEST_ptr(paramgen_ctx = EVP_PKEY_CTX_new_from_name(libctx, "DSA", NULL))
428 || !TEST_true(EVP_PKEY_paramgen_init(paramgen_ctx))
429 || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_bits(paramgen_ctx, tst->L))
430 || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_q_bits(paramgen_ctx, tst->N))
431 || !TEST_true(EVP_PKEY_paramgen(paramgen_ctx, &param_key))
432 || !TEST_true(pkey_get_bn_bytes(param_key, OSSL_PKEY_PARAM_FFC_P,
433 &p, &plen))
434 || !TEST_true(pkey_get_bn_bytes(param_key, OSSL_PKEY_PARAM_FFC_Q,
435 &q, &qlen))
436 || !TEST_true(pkey_get_octet_bytes(param_key, OSSL_PKEY_PARAM_FFC_SEED,
437 &seed, &seedlen))
438 || !TEST_true(EVP_PKEY_get_int_param(param_key,
439 OSSL_PKEY_PARAM_FFC_PCOUNTER,
440 &counter)))
441 goto err;
442
443 test_output_memory("p", p, plen);
444 test_output_memory("q", q, qlen);
445 test_output_memory("domainSeed", seed, seedlen);
446 test_printf_stderr("%s: %d\n", "counter", counter);
447 ret = 1;
448 err:
449 OPENSSL_free(p);
450 OPENSSL_free(q);
451 OPENSSL_free(seed);
452 EVP_PKEY_free(param_key);
453 EVP_PKEY_CTX_free(paramgen_ctx);
454 return ret;
455 }
456
457 static int dsa_create_pkey(EVP_PKEY **pkey,
458 const unsigned char *p, size_t p_len,
459 const unsigned char *q, size_t q_len,
460 const unsigned char *g, size_t g_len,
461 const unsigned char *seed, size_t seed_len,
462 int counter,
463 const char *validate_type,
464 const unsigned char *pub, size_t pub_len,
465 BN_CTX *bn_ctx)
466 {
467 int ret = 0;
468 EVP_PKEY_CTX *ctx = NULL;
469 OSSL_PARAM_BLD *bld = NULL;
470 OSSL_PARAM *params = NULL;
471 BIGNUM *p_bn = NULL, *q_bn = NULL, *g_bn = NULL, *pub_bn = NULL;
472
473 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
474 || !TEST_ptr(p_bn = BN_CTX_get(bn_ctx))
475 || !TEST_ptr(BN_bin2bn(p, p_len, p_bn))
476 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
477 OSSL_PKEY_PARAM_FFC_VALIDATE_TYPE,
478 validate_type, 0))
479 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p_bn))
480 || !TEST_ptr(q_bn = BN_CTX_get(bn_ctx))
481 || !TEST_ptr(BN_bin2bn(q, q_len, q_bn))
482 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q_bn)))
483 goto err;
484
485 if (g != NULL) {
486 if (!TEST_ptr(g_bn = BN_CTX_get(bn_ctx))
487 || !TEST_ptr(BN_bin2bn(g, g_len, g_bn))
488 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld,
489 OSSL_PKEY_PARAM_FFC_G, g_bn)))
490 goto err;
491 }
492 if (seed != NULL) {
493 if (!TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
494 OSSL_PKEY_PARAM_FFC_SEED, seed, seed_len)))
495 goto err;
496 }
497 if (counter != -1) {
498 if (!TEST_true(OSSL_PARAM_BLD_push_int(bld,
499 OSSL_PKEY_PARAM_FFC_PCOUNTER,
500 counter)))
501 goto err;
502 }
503 if (pub != NULL) {
504 if (!TEST_ptr(pub_bn = BN_CTX_get(bn_ctx))
505 || !TEST_ptr(BN_bin2bn(pub, pub_len, pub_bn))
506 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld,
507 OSSL_PKEY_PARAM_PUB_KEY,
508 pub_bn)))
509 goto err;
510 }
511 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
512 || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "DSA", NULL))
513 || !TEST_true(EVP_PKEY_key_fromdata_init(ctx))
514 || !TEST_true(EVP_PKEY_fromdata(ctx, pkey, params)))
515 goto err;
516
517 ret = 1;
518 err:
519 OSSL_PARAM_BLD_free_params(params);
520 OSSL_PARAM_BLD_free(bld);
521 EVP_PKEY_CTX_free(ctx);
522 return ret;
523 }
524
525 static int dsa_pqver_test(int id)
526 {
527 int ret = 0;
528 BN_CTX *bn_ctx = NULL;
529 EVP_PKEY_CTX *key_ctx = NULL;
530 EVP_PKEY *param_key = NULL;
531 const struct dsa_pqver_st *tst = &dsa_pqver_data[id];
532
533 if (!TEST_ptr(bn_ctx = BN_CTX_new_ex(libctx))
534 || !TEST_true(dsa_create_pkey(&param_key, tst->p, tst->p_len,
535 tst->q, tst->q_len, NULL, 0,
536 tst->seed, tst->seed_len, tst->counter,
537 OSSL_FFC_PARAM_VALIDATE_PQ,
538 NULL, 0,
539 bn_ctx))
540 || !TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, param_key,
541 NULL))
542 || !TEST_int_eq(EVP_PKEY_param_check(key_ctx), tst->pass))
543 goto err;
544
545 ret = 1;
546 err:
547 BN_CTX_free(bn_ctx);
548 EVP_PKEY_free(param_key);
549 EVP_PKEY_CTX_free(key_ctx);
550 return ret;
551 }
552
553 /* Extract r and s from a dsa signature */
554 static int get_dsa_sig_rs_bytes(const unsigned char *sig, size_t sig_len,
555 unsigned char **r, unsigned char **s,
556 size_t *r_len, size_t *s_len)
557 {
558 int ret = 0;
559 unsigned char *rbuf = NULL, *sbuf = NULL;
560 size_t r1_len, s1_len;
561 const BIGNUM *r1, *s1;
562 DSA_SIG *sign = d2i_DSA_SIG(NULL, &sig, sig_len);
563
564 if (sign == NULL)
565 return 0;
566 DSA_SIG_get0(sign, &r1, &s1);
567 if (r1 == NULL || s1 == NULL)
568 return 0;
569
570 r1_len = BN_num_bytes(r1);
571 s1_len = BN_num_bytes(s1);
572 rbuf = OPENSSL_zalloc(r1_len);
573 sbuf = OPENSSL_zalloc(s1_len);
574 if (rbuf == NULL || sbuf == NULL)
575 goto err;
576 if (BN_bn2binpad(r1, rbuf, r1_len) <= 0)
577 goto err;
578 if (BN_bn2binpad(s1, sbuf, s1_len) <= 0)
579 goto err;
580 *r = rbuf;
581 *s = sbuf;
582 *r_len = r1_len;
583 *s_len = s1_len;
584 ret = 1;
585 err:
586 if (ret == 0) {
587 OPENSSL_free(rbuf);
588 OPENSSL_free(sbuf);
589 }
590 DSA_SIG_free(sign);
591 return ret;
592 }
593
594 static int dsa_siggen_test(int id)
595 {
596 int ret = 0;
597 EVP_PKEY *pkey = NULL;
598 unsigned char *sig = NULL, *r = NULL, *s = NULL;
599 size_t sig_len = 0, rlen = 0, slen = 0;
600 const struct dsa_siggen_st *tst = &dsa_siggen_data[id];
601
602 if (!TEST_ptr(pkey = dsa_keygen(tst->L, tst->N)))
603 goto err;
604
605 if (!TEST_true(sig_gen(pkey, NULL, tst->digest_alg, tst->msg, tst->msg_len,
606 &sig, &sig_len))
607 || !TEST_true(get_dsa_sig_rs_bytes(sig, sig_len, &r, &s, &rlen, &slen)))
608 goto err;
609 test_output_memory("r", r, rlen);
610 test_output_memory("s", s, slen);
611 ret = 1;
612 err:
613 OPENSSL_free(r);
614 OPENSSL_free(s);
615 OPENSSL_free(sig);
616 EVP_PKEY_free(pkey);
617 return ret;
618 }
619
620 static int dsa_sigver_test(int id)
621 {
622 int ret = 0;
623 EVP_PKEY_CTX *ctx = NULL;
624 EVP_PKEY *pkey = NULL;
625 DSA_SIG *sign = NULL;
626 size_t sig_len;
627 unsigned char *sig = NULL;
628 BIGNUM *rbn = NULL, *sbn = NULL;
629 EVP_MD *md = NULL;
630 unsigned char digest[EVP_MAX_MD_SIZE];
631 unsigned int digest_len;
632 BN_CTX *bn_ctx = NULL;
633 const struct dsa_sigver_st *tst = &dsa_sigver_data[id];
634
635 if (!TEST_ptr(bn_ctx = BN_CTX_new())
636 || !TEST_true(dsa_create_pkey(&pkey, tst->p, tst->p_len,
637 tst->q, tst->q_len, tst->g, tst->g_len,
638 NULL, 0, 0, "", tst->pub, tst->pub_len,
639 bn_ctx)))
640 goto err;
641
642 if (!TEST_ptr(sign = DSA_SIG_new())
643 || !TEST_ptr(rbn = BN_bin2bn(tst->r, tst->r_len, NULL))
644 || !TEST_ptr(sbn = BN_bin2bn(tst->s, tst->s_len, NULL))
645 || !TEST_true(DSA_SIG_set0(sign, rbn, sbn)))
646 goto err;
647 rbn = sbn = NULL;
648
649 if (!TEST_ptr(md = EVP_MD_fetch(libctx, tst->digest_alg, ""))
650 || !TEST_true(EVP_Digest(tst->msg, tst->msg_len,
651 digest, &digest_len, md, NULL)))
652 goto err;
653
654 if (!TEST_int_gt((sig_len = i2d_DSA_SIG(sign, &sig)), 0)
655 || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, ""))
656 || !TEST_int_gt(EVP_PKEY_verify_init(ctx), 0)
657 || !TEST_int_eq(EVP_PKEY_verify(ctx, sig, sig_len, digest, digest_len),
658 tst->pass))
659 goto err;
660 ret = 1;
661 err:
662 EVP_PKEY_CTX_free(ctx);
663 OPENSSL_free(sig);
664 EVP_MD_free(md);
665 DSA_SIG_free(sign);
666 EVP_PKEY_free(pkey);
667 BN_free(rbn);
668 BN_free(sbn);
669 BN_CTX_free(bn_ctx);
670 return ret;
671 }
672 #endif /* OPENSSL_NO_DSA */
673
674
675 /* cipher encrypt/decrypt */
676 static int cipher_enc(const char *alg,
677 const unsigned char *pt, size_t pt_len,
678 const unsigned char *key, size_t key_len,
679 const unsigned char *iv, size_t iv_len,
680 const unsigned char *ct, size_t ct_len,
681 int enc)
682 {
683 int ret = 0, out_len = 0, len = 0;
684 EVP_CIPHER_CTX *ctx = NULL;
685 EVP_CIPHER *cipher = NULL;
686 unsigned char out[256] = { 0 };
687
688 TEST_note("%s : %s", alg, enc ? "encrypt" : "decrypt");
689 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
690 || !TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, alg, ""))
691 || !TEST_true(EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, enc))
692 || !TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))
693 || !TEST_true(EVP_CipherUpdate(ctx, out, &len, pt, pt_len))
694 || !TEST_true(EVP_CipherFinal_ex(ctx, out + len, &out_len)))
695 goto err;
696 out_len += len;
697 if (!TEST_mem_eq(out, out_len, ct, ct_len))
698 goto err;
699 ret = 1;
700 err:
701 EVP_CIPHER_free(cipher);
702 EVP_CIPHER_CTX_free(ctx);
703 return ret;
704 }
705
706 static int cipher_enc_dec_test(int id)
707 {
708 const struct cipher_st *tst = &cipher_enc_data[id];
709 const int enc = 1;
710
711 return TEST_true(cipher_enc(tst->alg, tst->pt, tst->pt_len,
712 tst->key, tst->key_len,
713 tst->iv, tst->iv_len,
714 tst->ct, tst->ct_len, enc))
715 && TEST_true(cipher_enc(tst->alg, tst->ct, tst->ct_len,
716 tst->key, tst->key_len,
717 tst->iv, tst->iv_len,
718 tst->pt, tst->pt_len, !enc));
719 }
720
721 static int aes_ccm_enc_dec(const char *alg,
722 const unsigned char *pt, size_t pt_len,
723 const unsigned char *key, size_t key_len,
724 const unsigned char *iv, size_t iv_len,
725 const unsigned char *aad, size_t aad_len,
726 const unsigned char *ct, size_t ct_len,
727 const unsigned char *tag, size_t tag_len,
728 int enc, int pass)
729 {
730 int ret = 0;
731 EVP_CIPHER_CTX *ctx;
732 EVP_CIPHER *cipher = NULL;
733 int out_len, len;
734 unsigned char out[1024];
735
736 TEST_note("%s : %s : expected to %s", alg, enc ? "encrypt" : "decrypt",
737 pass ? "pass" : "fail");
738
739 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
740 || !TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, alg, ""))
741 || !TEST_true(EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc))
742 || !TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, iv_len,
743 NULL))
744 || !TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, tag_len,
745 enc ? NULL : (void *)tag))
746 || !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, enc))
747 || !TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))
748 || !TEST_true(EVP_CipherUpdate(ctx, NULL, &len, NULL, pt_len))
749 || !TEST_true(EVP_CipherUpdate(ctx, NULL, &len, aad, aad_len))
750 || !TEST_int_eq(EVP_CipherUpdate(ctx, out, &len, pt, pt_len), pass))
751 goto err;
752
753 if (!pass) {
754 ret = 1;
755 goto err;
756 }
757 if (!TEST_true(EVP_CipherFinal_ex(ctx, out + len, &out_len)))
758 goto err;
759 if (enc) {
760 out_len += len;
761 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG,
762 tag_len, out + out_len))
763 || !TEST_mem_eq(out, out_len, ct, ct_len)
764 || !TEST_mem_eq(out + out_len, tag_len, tag, tag_len))
765 goto err;
766 } else {
767 if (!TEST_mem_eq(out, out_len + len, ct, ct_len))
768 goto err;
769 }
770
771 ret = 1;
772 err:
773 EVP_CIPHER_free(cipher);
774 EVP_CIPHER_CTX_free(ctx);
775 return ret;
776 }
777
778 static int aes_ccm_enc_dec_test(int id)
779 {
780 const struct cipher_ccm_st *tst = &aes_ccm_enc_data[id];
781
782 /* The tag is on the end of the cipher text */
783 const size_t tag_len = tst->ct_len - tst->pt_len;
784 const size_t ct_len = tst->ct_len - tag_len;
785 const unsigned char *tag = tst->ct + ct_len;
786 const int enc = 1;
787 const int pass = 1;
788
789 if (ct_len < 1)
790 return 0;
791
792 return aes_ccm_enc_dec(tst->alg, tst->pt, tst->pt_len,
793 tst->key, tst->key_len,
794 tst->iv, tst->iv_len, tst->aad, tst->aad_len,
795 tst->ct, ct_len, tag, tag_len, enc, pass)
796 && aes_ccm_enc_dec(tst->alg, tst->ct, ct_len,
797 tst->key, tst->key_len,
798 tst->iv, tst->iv_len, tst->aad, tst->aad_len,
799 tst->pt, tst->pt_len, tag, tag_len, !enc, pass)
800 /* test that it fails if the tag is incorrect */
801 && aes_ccm_enc_dec(tst->alg, tst->ct, ct_len,
802 tst->key, tst->key_len,
803 tst->iv, tst->iv_len, tst->aad, tst->aad_len,
804 tst->pt, tst->pt_len,
805 tag - 1, tag_len, !enc, !pass);
806 }
807
808 static int aes_gcm_enc_dec(const char *alg,
809 const unsigned char *pt, size_t pt_len,
810 const unsigned char *key, size_t key_len,
811 const unsigned char *iv, size_t iv_len,
812 const unsigned char *aad, size_t aad_len,
813 const unsigned char *ct, size_t ct_len,
814 const unsigned char *tag, size_t tag_len,
815 int enc, int pass)
816 {
817 int ret = 0;
818 EVP_CIPHER_CTX *ctx;
819 EVP_CIPHER *cipher = NULL;
820 int out_len, len;
821 unsigned char out[1024];
822
823 TEST_note("%s : %s : expected to %s", alg, enc ? "encrypt" : "decrypt",
824 pass ? "pass" : "fail");
825
826 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
827 || !TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, alg, ""))
828 || !TEST_true(EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc))
829 || !TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, iv_len,
830 NULL)))
831 goto err;
832
833 if (!enc) {
834 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, tag_len,
835 (void *)tag)))
836 goto err;
837 }
838 /*
839 * TODO(3.0): The IV should not be set outside the boundary as it is now.
840 * It needs to be fed in via a dummy entropy source for this test.
841 */
842 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, enc))
843 || !TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))
844 || !TEST_true(EVP_CipherUpdate(ctx, NULL, &len, aad, aad_len))
845 || !TEST_true(EVP_CipherUpdate(ctx, out, &len, pt, pt_len)))
846 goto err;
847
848 if (!TEST_int_eq(EVP_CipherFinal_ex(ctx, out + len, &out_len), pass))
849 goto err;
850 if (!pass) {
851 ret = 1;
852 goto err;
853 }
854 out_len += len;
855 if (enc) {
856 if (!TEST_mem_eq(out, out_len, ct, ct_len)
857 || !TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG,
858 tag_len, out + out_len))
859 || !TEST_mem_eq(out + out_len, tag_len, tag, tag_len))
860 goto err;
861 } else {
862 if (!TEST_mem_eq(out, out_len, ct, ct_len))
863 goto err;
864 }
865
866 ret = 1;
867 err:
868 EVP_CIPHER_free(cipher);
869 EVP_CIPHER_CTX_free(ctx);
870 return ret;
871 }
872
873 static int aes_gcm_enc_dec_test(int id)
874 {
875 const struct cipher_gcm_st *tst = &aes_gcm_enc_data[id];
876 int enc = 1;
877 int pass = 1;
878
879 return aes_gcm_enc_dec(tst->alg, tst->pt, tst->pt_len,
880 tst->key, tst->key_len,
881 tst->iv, tst->iv_len, tst->aad, tst->aad_len,
882 tst->ct, tst->ct_len, tst->tag, tst->tag_len,
883 enc, pass)
884 && aes_gcm_enc_dec(tst->alg, tst->ct, tst->ct_len,
885 tst->key, tst->key_len,
886 tst->iv, tst->iv_len, tst->aad, tst->aad_len,
887 tst->pt, tst->pt_len, tst->tag, tst->tag_len,
888 !enc, pass)
889 /* Fail if incorrect tag passed to decrypt */
890 && aes_gcm_enc_dec(tst->alg, tst->ct, tst->ct_len,
891 tst->key, tst->key_len,
892 tst->iv, tst->iv_len, tst->aad, tst->aad_len,
893 tst->pt, tst->pt_len, tst->aad, tst->tag_len,
894 !enc, !pass);
895 }
896
897 #ifndef OPENSSL_NO_DH
898 static int dh_create_pkey(EVP_PKEY **pkey, const char *group_name,
899 const unsigned char *pub, size_t pub_len,
900 const unsigned char *priv, size_t priv_len,
901 BN_CTX *bn_ctx, int pass)
902 {
903 int ret = 0;
904 EVP_PKEY_CTX *ctx = NULL;
905 OSSL_PARAM_BLD *bld = NULL;
906 OSSL_PARAM *params = NULL;
907 BIGNUM *pub_bn = NULL, *priv_bn = NULL;
908
909 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
910 || (group_name != NULL
911 && !TEST_int_gt(OSSL_PARAM_BLD_push_utf8_string(
912 bld, OSSL_PKEY_PARAM_GROUP_NAME,
913 group_name, 0), 0)))
914 goto err;
915
916 if (pub != NULL) {
917 if (!TEST_ptr(pub_bn = BN_CTX_get(bn_ctx))
918 || !TEST_ptr(BN_bin2bn(pub, pub_len, pub_bn))
919 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
920 pub_bn)))
921 goto err;
922 }
923 if (priv != NULL) {
924 if (!TEST_ptr(priv_bn = BN_CTX_get(bn_ctx))
925 || !TEST_ptr(BN_bin2bn(priv, priv_len, priv_bn))
926 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
927 priv_bn)))
928 goto err;
929 }
930
931 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
932 || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "DH", NULL))
933 || !TEST_true(EVP_PKEY_key_fromdata_init(ctx))
934 || !TEST_int_eq(EVP_PKEY_fromdata(ctx, pkey, params), pass))
935 goto err;
936
937 ret = 1;
938 err:
939 OSSL_PARAM_BLD_free_params(params);
940 OSSL_PARAM_BLD_free(bld);
941 EVP_PKEY_CTX_free(ctx);
942 return ret;
943 }
944
945 static int dh_safe_prime_keygen_test(int id)
946 {
947 int ret = 0;
948 EVP_PKEY_CTX *ctx = NULL;
949 EVP_PKEY *pkey = NULL;
950 unsigned char *priv = NULL;
951 unsigned char *pub = NULL;
952 size_t priv_len = 0, pub_len = 0;
953 OSSL_PARAM params[2];
954 const struct dh_safe_prime_keygen_st *tst = &dh_safe_prime_keygen_data[id];
955
956 params[0] = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME,
957 (char *)tst->group_name, 0);
958 params[1] = OSSL_PARAM_construct_end();
959
960 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "DH", NULL))
961 || !TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
962 || !TEST_true(EVP_PKEY_CTX_set_params(ctx, params))
963 || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0)
964 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_PRIV_KEY,
965 &priv, &priv_len))
966 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_PUB_KEY,
967 &pub, &pub_len)))
968 goto err;
969
970 test_output_memory("x", priv, priv_len);
971 test_output_memory("y", pub, pub_len);
972 ret = 1;
973 err:
974 OPENSSL_clear_free(priv, priv_len);
975 OPENSSL_free(pub);
976 EVP_PKEY_free(pkey);
977 EVP_PKEY_CTX_free(ctx);
978 return ret;
979 }
980
981 static int dh_safe_prime_keyver_test(int id)
982 {
983 int ret = 0;
984 BN_CTX *bn_ctx = NULL;
985 EVP_PKEY_CTX *key_ctx = NULL;
986 EVP_PKEY *pkey = NULL;
987 const struct dh_safe_prime_keyver_st *tst = &dh_safe_prime_keyver_data[id];
988
989 if (!TEST_ptr(bn_ctx = BN_CTX_new_ex(libctx))
990 || !TEST_true(dh_create_pkey(&pkey, tst->group_name,
991 tst->pub, tst->pub_len,
992 tst->priv, tst->priv_len, bn_ctx, 1))
993 || !TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, ""))
994 || !TEST_int_eq(EVP_PKEY_check(key_ctx), tst->pass))
995 goto err;
996
997 ret = 1;
998 err:
999 EVP_PKEY_free(pkey);
1000 EVP_PKEY_CTX_free(key_ctx);
1001 BN_CTX_free(bn_ctx);
1002 return ret;
1003 }
1004 #endif /* OPENSSL_NO_DH */
1005
1006
1007 static EVP_PKEY *rsa_keygen(int bits)
1008 {
1009 EVP_PKEY *key = NULL;
1010 EVP_PKEY_CTX *keygen_ctx = NULL;
1011
1012 if (!TEST_ptr(keygen_ctx = EVP_PKEY_CTX_new_from_name(libctx, "RSA", NULL))
1013 || !TEST_int_gt(EVP_PKEY_keygen_init(keygen_ctx), 0)
1014 || !TEST_true(EVP_PKEY_CTX_set_rsa_keygen_bits(keygen_ctx, bits))
1015 || !TEST_int_gt(EVP_PKEY_keygen(keygen_ctx, &key), 0))
1016 goto err;
1017 err:
1018 EVP_PKEY_CTX_free(keygen_ctx);
1019 return key;
1020 }
1021
1022 static int rsa_create_pkey(EVP_PKEY **pkey,
1023 const unsigned char *n, size_t n_len,
1024 const unsigned char *e, size_t e_len,
1025 const unsigned char *d, size_t d_len,
1026 BN_CTX *bn_ctx)
1027 {
1028 int ret = 0;
1029 EVP_PKEY_CTX *ctx = NULL;
1030 OSSL_PARAM_BLD *bld = NULL;
1031 OSSL_PARAM *params = NULL;
1032 BIGNUM *e_bn = NULL, *d_bn = NULL, *n_bn = NULL;
1033
1034 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
1035 || !TEST_ptr(n_bn = BN_CTX_get(bn_ctx))
1036 || !TEST_ptr(BN_bin2bn(n, n_len, n_bn))
1037 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_N, n_bn)))
1038 goto err;
1039
1040 if (e != NULL) {
1041 if (!TEST_ptr(e_bn = BN_CTX_get(bn_ctx))
1042 || !TEST_ptr(BN_bin2bn(e, e_len, e_bn))
1043 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_E,
1044 e_bn)))
1045 goto err;
1046 }
1047 if (d != NULL) {
1048 if (!TEST_ptr(d_bn = BN_CTX_get(bn_ctx))
1049 || !TEST_ptr(BN_bin2bn(d, d_len, d_bn))
1050 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_D,
1051 d_bn)))
1052 goto err;
1053 }
1054 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
1055 || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "RSA", NULL))
1056 || !TEST_true(EVP_PKEY_key_fromdata_init(ctx))
1057 || !TEST_true(EVP_PKEY_fromdata(ctx, pkey, params)))
1058 goto err;
1059
1060 ret = 1;
1061 err:
1062 OSSL_PARAM_BLD_free_params(params);
1063 OSSL_PARAM_BLD_free(bld);
1064 EVP_PKEY_CTX_free(ctx);
1065 return ret;
1066 }
1067
1068 static int rsa_keygen_test(int id)
1069 {
1070 int ret = 0;
1071 EVP_PKEY_CTX *ctx = NULL;
1072 EVP_PKEY *pkey = NULL;
1073 BIGNUM *e_bn = NULL;
1074 BIGNUM *xp1_bn = NULL, *xp2_bn = NULL, *xp_bn = NULL;
1075 BIGNUM *xq1_bn = NULL, *xq2_bn = NULL, *xq_bn = NULL;
1076 unsigned char *n = NULL, *d = NULL;
1077 unsigned char *p = NULL, *p1 = NULL, *p2 = NULL;
1078 unsigned char *q = NULL, *q1 = NULL, *q2 = NULL;
1079 size_t n_len = 0, d_len = 0;
1080 size_t p_len = 0, p1_len = 0, p2_len = 0;
1081 size_t q_len = 0, q1_len = 0, q2_len = 0;
1082 OSSL_PARAM_BLD *bld = NULL;
1083 OSSL_PARAM *params = NULL;
1084 const struct rsa_keygen_st *tst = &rsa_keygen_data[id];
1085
1086 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
1087 || !TEST_ptr(xp1_bn = BN_bin2bn(tst->xp1, tst->xp1_len, NULL))
1088 || !TEST_ptr(xp2_bn = BN_bin2bn(tst->xp2, tst->xp2_len, NULL))
1089 || !TEST_ptr(xp_bn = BN_bin2bn(tst->xp, tst->xp_len, NULL))
1090 || !TEST_ptr(xq1_bn = BN_bin2bn(tst->xq1, tst->xq1_len, NULL))
1091 || !TEST_ptr(xq2_bn = BN_bin2bn(tst->xq2, tst->xq2_len, NULL))
1092 || !TEST_ptr(xq_bn = BN_bin2bn(tst->xq, tst->xq_len, NULL))
1093 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_TEST_XP1,
1094 xp1_bn))
1095 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_TEST_XP2,
1096 xp2_bn))
1097 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_TEST_XP,
1098 xp_bn))
1099 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_TEST_XQ1,
1100 xq1_bn))
1101 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_TEST_XQ2,
1102 xq2_bn))
1103 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_TEST_XQ,
1104 xq_bn))
1105 || !TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
1106 goto err;
1107
1108 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "RSA", NULL))
1109 || !TEST_ptr(e_bn = BN_bin2bn(tst->e, tst->e_len, NULL))
1110 || !TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
1111 || !TEST_true(EVP_PKEY_CTX_set_params(ctx, params))
1112 || !TEST_true(EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, tst->mod))
1113 || !TEST_true(EVP_PKEY_CTX_set1_rsa_keygen_pubexp(ctx, e_bn))
1114 || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0)
1115 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_TEST_P1,
1116 &p1, &p1_len))
1117 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_TEST_P2,
1118 &p2, &p2_len))
1119 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_TEST_Q1,
1120 &q1, &q1_len))
1121 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_TEST_Q2,
1122 &q2, &q2_len))
1123 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_FACTOR1,
1124 &p, &p_len))
1125 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_FACTOR2,
1126 &q, &q_len))
1127 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_N,
1128 &n, &n_len))
1129 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_D,
1130 &d, &d_len)))
1131 goto err;
1132
1133 if (!TEST_mem_eq(tst->p1, tst->p1_len, p1, p1_len)
1134 || !TEST_mem_eq(tst->p2, tst->p2_len, p2, p2_len)
1135 || !TEST_mem_eq(tst->p, tst->p_len, p, p_len)
1136 || !TEST_mem_eq(tst->q1, tst->q1_len, q1, q1_len)
1137 || !TEST_mem_eq(tst->q2, tst->q2_len, q2, q2_len)
1138 || !TEST_mem_eq(tst->q, tst->q_len, q, q_len)
1139 || !TEST_mem_eq(tst->n, tst->n_len, n, n_len)
1140 || !TEST_mem_eq(tst->d, tst->d_len, d, d_len))
1141 goto err;
1142
1143 test_output_memory("p1", p1, p1_len);
1144 test_output_memory("p2", p2, p2_len);
1145 test_output_memory("p", p, p_len);
1146 test_output_memory("q1", q1, q1_len);
1147 test_output_memory("q2", q2, q2_len);
1148 test_output_memory("q", q, q_len);
1149 test_output_memory("n", n, n_len);
1150 test_output_memory("d", d, d_len);
1151 ret = 1;
1152 err:
1153 BN_free(xp1_bn);
1154 BN_free(xp2_bn);
1155 BN_free(xp_bn);
1156 BN_free(xq1_bn);
1157 BN_free(xq2_bn);
1158 BN_free(xq_bn);
1159 BN_free(e_bn);
1160 OPENSSL_free(p1);
1161 OPENSSL_free(p2);
1162 OPENSSL_free(q1);
1163 OPENSSL_free(q2);
1164 OPENSSL_free(p);
1165 OPENSSL_free(q);
1166 OPENSSL_free(n);
1167 OPENSSL_free(d);
1168 EVP_PKEY_free(pkey);
1169 EVP_PKEY_CTX_free(ctx);
1170 OSSL_PARAM_BLD_free_params(params);
1171 OSSL_PARAM_BLD_free(bld);
1172 return ret;
1173 }
1174
1175 static int rsa_siggen_test(int id)
1176 {
1177 int ret = 0;
1178 EVP_PKEY *pkey = NULL;
1179 unsigned char *sig = NULL, *n = NULL, *e = NULL;
1180 size_t sig_len = 0, n_len = 0, e_len = 0;
1181 OSSL_PARAM params[4], *p;
1182 const struct rsa_siggen_st *tst = &rsa_siggen_data[id];
1183
1184 TEST_note("RSA %s signature generation", tst->sig_pad_mode);
1185
1186 p = params;
1187 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_PAD_MODE,
1188 (char *)tst->sig_pad_mode, 0);
1189 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
1190 (char *)tst->digest_alg, 0);
1191 if (tst->pss_salt_len >= 0) {
1192 int salt_len = tst->pss_salt_len;
1193
1194 *p++ = OSSL_PARAM_construct_int(OSSL_SIGNATURE_PARAM_PSS_SALTLEN,
1195 &salt_len);
1196 }
1197 *p++ = OSSL_PARAM_construct_end();
1198
1199 if (!TEST_ptr(pkey = rsa_keygen(tst->mod))
1200 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_N, &n, &n_len))
1201 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_E, &e, &e_len))
1202 || !TEST_true(sig_gen(pkey, params, tst->digest_alg,
1203 tst->msg, tst->msg_len,
1204 &sig, &sig_len)))
1205 goto err;
1206 test_output_memory("n", n, n_len);
1207 test_output_memory("e", e, e_len);
1208 test_output_memory("sig", sig, sig_len);
1209 ret = 1;
1210 err:
1211 OPENSSL_free(n);
1212 OPENSSL_free(e);
1213 OPENSSL_free(sig);
1214 EVP_PKEY_free(pkey);
1215 return ret;
1216 }
1217
1218 static int rsa_sigver_test(int id)
1219 {
1220 int ret = 0;
1221 EVP_PKEY_CTX *pkey_ctx = NULL;
1222 EVP_PKEY *pkey = NULL;
1223 EVP_MD_CTX *md_ctx = NULL;
1224 BN_CTX *bn_ctx = NULL;
1225 OSSL_PARAM params[4], *p;
1226 const struct rsa_sigver_st *tst = &rsa_sigver_data[id];
1227
1228 TEST_note("RSA %s Signature Verify : expected to %s ", tst->sig_pad_mode,
1229 tst->pass == PASS ? "pass" : "fail");
1230
1231 p = params;
1232 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_PAD_MODE,
1233 (char *)tst->sig_pad_mode, 0);
1234 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
1235 (char *)tst->digest_alg, 0);
1236 if (tst->pss_salt_len >= 0) {
1237 int salt_len = tst->pss_salt_len;
1238
1239 *p++ = OSSL_PARAM_construct_int(OSSL_SIGNATURE_PARAM_PSS_SALTLEN,
1240 &salt_len);
1241 }
1242 *p++ = OSSL_PARAM_construct_end();
1243
1244 if (!TEST_ptr(bn_ctx = BN_CTX_new())
1245 || !TEST_true(rsa_create_pkey(&pkey, tst->n, tst->n_len,
1246 tst->e, tst->e_len, NULL, 0, bn_ctx))
1247 || !TEST_ptr(md_ctx = EVP_MD_CTX_new())
1248 || !TEST_true(EVP_DigestVerifyInit_ex(md_ctx, &pkey_ctx,
1249 tst->digest_alg, libctx, NULL,
1250 pkey)
1251 || !TEST_true(EVP_PKEY_CTX_set_params(pkey_ctx, params))
1252 || !TEST_int_eq(EVP_DigestVerify(md_ctx, tst->sig, tst->sig_len,
1253 tst->msg, tst->msg_len), tst->pass)))
1254 goto err;
1255 ret = 1;
1256 err:
1257 EVP_PKEY_free(pkey);
1258 BN_CTX_free(bn_ctx);
1259 EVP_MD_CTX_free(md_ctx);
1260 return ret;
1261 }
1262
1263 static int rsa_decryption_primitive_test(int id)
1264 {
1265 int ret = 0;
1266 EVP_PKEY_CTX *ctx = NULL;
1267 EVP_PKEY *pkey = NULL;
1268 unsigned char pt[2048];
1269 size_t pt_len = sizeof(pt);
1270 unsigned char *n = NULL, *e = NULL;
1271 size_t n_len = 0, e_len = 0;
1272 BN_CTX *bn_ctx = NULL;
1273 const struct rsa_decrypt_prim_st *tst = &rsa_decrypt_prim_data[id];
1274
1275 if (!TEST_ptr(pkey = rsa_keygen(2048))
1276 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_N, &n, &n_len))
1277 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_E, &e, &e_len))
1278 || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, ""))
1279 || !TEST_int_gt(EVP_PKEY_decrypt_init(ctx), 0)
1280 || !TEST_int_gt(EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_NO_PADDING), 0))
1281 goto err;
1282
1283 test_output_memory("n", n, n_len);
1284 test_output_memory("e", e, e_len);
1285 if (!EVP_PKEY_decrypt(ctx, pt, &pt_len, tst->ct, tst->ct_len))
1286 TEST_note("Decryption Failed");
1287 else
1288 test_output_memory("pt", pt, pt_len);
1289 ret = 1;
1290 err:
1291 OPENSSL_free(n);
1292 OPENSSL_free(e);
1293 EVP_PKEY_CTX_free(ctx);
1294 EVP_PKEY_free(pkey);
1295 BN_CTX_free(bn_ctx);
1296 return ret;
1297 }
1298
1299 static int self_test_events(const OSSL_PARAM params[], void *varg)
1300 {
1301 SELF_TEST_ARGS *args = varg;
1302 const OSSL_PARAM *p = NULL;
1303 const char *phase = NULL, *type = NULL, *desc = NULL;
1304 int ret = 0;
1305
1306 if (!args->enable)
1307 return 1;
1308
1309 args->called++;
1310 p = OSSL_PARAM_locate_const(params, OSSL_PROV_PARAM_SELF_TEST_PHASE);
1311 if (p == NULL || p->data_type != OSSL_PARAM_UTF8_STRING)
1312 goto err;
1313 phase = (const char *)p->data;
1314
1315 p = OSSL_PARAM_locate_const(params, OSSL_PROV_PARAM_SELF_TEST_DESC);
1316 if (p == NULL || p->data_type != OSSL_PARAM_UTF8_STRING)
1317 goto err;
1318 desc = (const char *)p->data;
1319
1320 p = OSSL_PARAM_locate_const(params, OSSL_PROV_PARAM_SELF_TEST_TYPE);
1321 if (p == NULL || p->data_type != OSSL_PARAM_UTF8_STRING)
1322 goto err;
1323 type = (const char *)p->data;
1324
1325 BIO_printf(bio_out, "%s %s %s\n", phase, desc, type);
1326 ret = 1;
1327 err:
1328 return ret;
1329 }
1330
1331 static int drbg_test(int id)
1332 {
1333 OSSL_PARAM params[3];
1334 EVP_RAND *rand = NULL;
1335 EVP_RAND_CTX *ctx = NULL, *parent = NULL;
1336 unsigned char returned_bits[64];
1337 const size_t returned_bits_len = sizeof(returned_bits);
1338 unsigned int strength = 256;
1339 const struct drbg_st *tst = &drbg_data[id];
1340 int res = 0;
1341
1342 /* Create the seed source */
1343 if (!TEST_ptr(rand = EVP_RAND_fetch(libctx, "TEST-RAND", "-fips"))
1344 || !TEST_ptr(parent = EVP_RAND_CTX_new(rand, NULL)))
1345 goto err;
1346 EVP_RAND_free(rand);
1347 rand = NULL;
1348
1349 params[0] = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_STRENGTH, &strength);
1350 params[1] = OSSL_PARAM_construct_end();
1351 if (!TEST_true(EVP_RAND_set_ctx_params(parent, params)))
1352 goto err;
1353
1354 /* Get the DRBG */
1355 if (!TEST_ptr(rand = EVP_RAND_fetch(libctx, tst->drbg_name, ""))
1356 || !TEST_ptr(ctx = EVP_RAND_CTX_new(rand, parent)))
1357 goto err;
1358
1359 /* Set the DRBG up */
1360 params[0] = OSSL_PARAM_construct_int(OSSL_DRBG_PARAM_USE_DF,
1361 (int *)&tst->use_df);
1362 params[1] = OSSL_PARAM_construct_utf8_string(OSSL_DRBG_PARAM_CIPHER,
1363 (char *)tst->cipher, 0);
1364 params[2] = OSSL_PARAM_construct_end();
1365 if (!TEST_true(EVP_RAND_set_ctx_params(ctx, params)))
1366 goto err;
1367
1368 /* Feed in the entropy and nonce */
1369 params[0] = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY,
1370 (void *)tst->entropy_input,
1371 tst->entropy_input_len);
1372 params[1] = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_NONCE,
1373 (void *)tst->nonce,
1374 tst->nonce_len);
1375 params[2] = OSSL_PARAM_construct_end();
1376 if (!TEST_true(EVP_RAND_set_ctx_params(parent, params)))
1377 goto err;
1378
1379 /*
1380 * Run the test
1381 * A NULL personalisation string defaults to the built in so something
1382 * non-NULL is needed if there is no personalisation string
1383 */
1384 if (!TEST_true(EVP_RAND_instantiate(ctx, 0, 0, (void *)"", 0))
1385 || !TEST_true(EVP_RAND_generate(ctx, returned_bits, returned_bits_len,
1386 0, 0, NULL, 0))
1387 || !TEST_true(EVP_RAND_generate(ctx, returned_bits, returned_bits_len,
1388 0, 0, NULL, 0)))
1389 goto err;
1390
1391 test_output_memory("returned bits", returned_bits, returned_bits_len);
1392
1393 /* Clean up */
1394 if (!TEST_true(EVP_RAND_uninstantiate(ctx))
1395 || !TEST_true(EVP_RAND_uninstantiate(parent)))
1396 goto err;
1397
1398 /* Verify the output */
1399 if (!TEST_mem_eq(returned_bits, returned_bits_len,
1400 tst->returned_bits, tst->returned_bits_len))
1401 goto err;
1402 res = 1;
1403 err:
1404 EVP_RAND_CTX_free(ctx);
1405 EVP_RAND_CTX_free(parent);
1406 EVP_RAND_free(rand);
1407 return res;
1408 }
1409
1410 int setup_tests(void)
1411 {
1412 char *config_file = NULL;
1413
1414 OPTION_CHOICE o;
1415
1416 while ((o = opt_next()) != OPT_EOF) {
1417 switch (o) {
1418 case OPT_CONFIG_FILE:
1419 config_file = opt_arg();
1420 break;
1421 case OPT_TEST_CASES:
1422 break;
1423 default:
1424 case OPT_ERR:
1425 return 0;
1426 }
1427 }
1428
1429 if (!test_get_libctx(&libctx, &prov_null, config_file, NULL, NULL))
1430 return 0;
1431
1432 OSSL_SELF_TEST_set_callback(libctx, self_test_events, &self_test_args);
1433
1434 ADD_ALL_TESTS(cipher_enc_dec_test, OSSL_NELEM(cipher_enc_data));
1435 ADD_ALL_TESTS(aes_ccm_enc_dec_test, OSSL_NELEM(aes_ccm_enc_data));
1436 ADD_ALL_TESTS(aes_gcm_enc_dec_test, OSSL_NELEM(aes_gcm_enc_data));
1437
1438 ADD_ALL_TESTS(rsa_keygen_test, OSSL_NELEM(rsa_keygen_data));
1439 ADD_ALL_TESTS(rsa_siggen_test, OSSL_NELEM(rsa_siggen_data));
1440 ADD_ALL_TESTS(rsa_sigver_test, OSSL_NELEM(rsa_sigver_data));
1441 ADD_ALL_TESTS(rsa_decryption_primitive_test,
1442 OSSL_NELEM(rsa_decrypt_prim_data));
1443
1444 #ifndef OPENSSL_NO_DH
1445 ADD_ALL_TESTS(dh_safe_prime_keygen_test,
1446 OSSL_NELEM(dh_safe_prime_keygen_data));
1447 ADD_ALL_TESTS(dh_safe_prime_keyver_test,
1448 OSSL_NELEM(dh_safe_prime_keyver_data));
1449 #endif /* OPENSSL_NO_DH */
1450
1451 #ifndef OPENSSL_NO_DSA
1452 ADD_ALL_TESTS(dsa_keygen_test, OSSL_NELEM(dsa_keygen_data));
1453 ADD_ALL_TESTS(dsa_paramgen_test, OSSL_NELEM(dsa_paramgen_data));
1454 ADD_ALL_TESTS(dsa_pqver_test, OSSL_NELEM(dsa_pqver_data));
1455 ADD_ALL_TESTS(dsa_siggen_test, OSSL_NELEM(dsa_siggen_data));
1456 ADD_ALL_TESTS(dsa_sigver_test, OSSL_NELEM(dsa_sigver_data));
1457 #endif /* OPENSSL_NO_DSA */
1458
1459 #ifndef OPENSSL_NO_EC
1460 ADD_ALL_TESTS(ecdsa_keygen_test, OSSL_NELEM(ecdsa_keygen_data));
1461 ADD_ALL_TESTS(ecdsa_pub_verify_test, OSSL_NELEM(ecdsa_pv_data));
1462 ADD_ALL_TESTS(ecdsa_siggen_test, OSSL_NELEM(ecdsa_siggen_data));
1463 ADD_ALL_TESTS(ecdsa_sigver_test, OSSL_NELEM(ecdsa_sigver_data));
1464 #endif /* OPENSSL_NO_EC */
1465
1466 ADD_ALL_TESTS(drbg_test, OSSL_NELEM(drbg_data));
1467 return 1;
1468 }
1469
1470 void cleanup_tests(void)
1471 {
1472 OSSL_PROVIDER_unload(prov_null);
1473 OSSL_LIB_CTX_free(libctx);
1474 }
A mirror of the official openssl repository