]> git.ipfire.org Git - thirdparty/openssl.git/blob - test/acvp_test.c
projects / thirdparty / openssl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
threads_pthread.c: change inline to ossl_inline
[thirdparty/openssl.git] / test / acvp_test.c
1 /*
2 * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 /*
11 * A set of tests demonstrating uses cases for CAVS/ACVP testing.
12 *
13 * For examples of testing KDF's, Digests, KeyAgreement & DRBG's refer to
14 * providers/fips/self_test_kats.c
15 */
16
17 #include <string.h>
18 #include <openssl/opensslconf.h> /* To see if OPENSSL_NO_EC is defined */
19 #include <openssl/core_names.h>
20 #include <openssl/evp.h>
21 #include <openssl/ec.h>
22 #include <openssl/dh.h>
23 #include <openssl/dsa.h>
24 #include <openssl/rsa.h>
25 #include <openssl/param_build.h>
26 #include <openssl/provider.h>
27 #include <openssl/self_test.h>
28 #include "testutil.h"
29 #include "testutil/output.h"
30 #include "acvp_test.inc"
31 #include "internal/nelem.h"
32
33 typedef enum OPTION_choice {
34 OPT_ERR = -1,
35 OPT_EOF = 0,
36 OPT_CONFIG_FILE,
37 OPT_TEST_ENUM
38 } OPTION_CHOICE;
39
40 typedef struct st_args {
41 int enable;
42 int called;
43 } SELF_TEST_ARGS;
44
45 static OSSL_PROVIDER *prov_null = NULL;
46 static OSSL_LIB_CTX *libctx = NULL;
47 static SELF_TEST_ARGS self_test_args = { 0 };
48 static OSSL_CALLBACK self_test_events;
49
50 const OPTIONS *test_get_options(void)
51 {
52 static const OPTIONS test_options[] = {
53 OPT_TEST_OPTIONS_DEFAULT_USAGE,
54 { "config", OPT_CONFIG_FILE, '<',
55 "The configuration file to use for the libctx" },
56 { NULL }
57 };
58 return test_options;
59 }
60
61 static int pkey_get_bn_bytes(EVP_PKEY *pkey, const char *name,
62 unsigned char **out, size_t *out_len)
63 {
64 unsigned char *buf = NULL;
65 BIGNUM *bn = NULL;
66 int sz;
67
68 if (!EVP_PKEY_get_bn_param(pkey, name, &bn))
69 goto err;
70 sz = BN_num_bytes(bn);
71 buf = OPENSSL_zalloc(sz);
72 if (buf == NULL)
73 goto err;
74 if (BN_bn2binpad(bn, buf, sz) <= 0)
75 goto err;
76
77 *out_len = sz;
78 *out = buf;
79 BN_free(bn);
80 return 1;
81 err:
82 OPENSSL_free(buf);
83 BN_free(bn);
84 return 0;
85 }
86
87 static int sig_gen(EVP_PKEY *pkey, OSSL_PARAM *params, const char *digest_name,
88 const unsigned char *msg, size_t msg_len,
89 unsigned char **sig_out, size_t *sig_out_len)
90 {
91 int ret = 0;
92 EVP_MD_CTX *md_ctx = NULL;
93 unsigned char *sig = NULL;
94 size_t sig_len;
95 size_t sz = EVP_PKEY_get_size(pkey);
96
97 sig_len = sz;
98 if (!TEST_ptr(sig = OPENSSL_malloc(sz))
99 || !TEST_ptr(md_ctx = EVP_MD_CTX_new())
100 || !TEST_int_eq(EVP_DigestSignInit_ex(md_ctx, NULL, digest_name, libctx,
101 NULL, pkey, NULL), 1)
102 || !TEST_int_gt(EVP_DigestSign(md_ctx, sig, &sig_len, msg, msg_len), 0))
103 goto err;
104 *sig_out = sig;
105 *sig_out_len = sig_len;
106 sig = NULL;
107 ret = 1;
108 err:
109 OPENSSL_free(sig);
110 EVP_MD_CTX_free(md_ctx);
111 return ret;
112 }
113
114 #ifndef OPENSSL_NO_EC
115 static int ecdsa_keygen_test(int id)
116 {
117 int ret = 0;
118 EVP_PKEY *pkey = NULL;
119 unsigned char *priv = NULL;
120 unsigned char *pubx = NULL, *puby = NULL;
121 size_t priv_len = 0, pubx_len = 0, puby_len = 0;
122 const struct ecdsa_keygen_st *tst = &ecdsa_keygen_data[id];
123
124 self_test_args.called = 0;
125 self_test_args.enable = 1;
126 if (!TEST_ptr(pkey = EVP_PKEY_Q_keygen(libctx, NULL, "EC", tst->curve_name))
127 || !TEST_int_ge(self_test_args.called, 3)
128 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_PRIV_KEY, &priv,
129 &priv_len))
130 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_EC_PUB_X, &pubx,
131 &pubx_len))
132 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_EC_PUB_Y, &puby,
133 &puby_len)))
134 goto err;
135
136 test_output_memory("qy", puby, puby_len);
137 test_output_memory("qx", pubx, pubx_len);
138 test_output_memory("d", priv, priv_len);
139 ret = 1;
140 err:
141 self_test_args.enable = 0;
142 self_test_args.called = 0;
143 OPENSSL_clear_free(priv, priv_len);
144 OPENSSL_free(pubx);
145 OPENSSL_free(puby);
146 EVP_PKEY_free(pkey);
147 return ret;
148 }
149
150 static int ecdsa_create_pkey(EVP_PKEY **pkey, const char *curve_name,
151 const unsigned char *pub, size_t pub_len,
152 int expected)
153 {
154 int ret = 0;
155 EVP_PKEY_CTX *ctx = NULL;
156 OSSL_PARAM_BLD *bld = NULL;
157 OSSL_PARAM *params = NULL;
158
159 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
160 || (curve_name != NULL
161 && !TEST_true(OSSL_PARAM_BLD_push_utf8_string(
162 bld, OSSL_PKEY_PARAM_GROUP_NAME, curve_name, 0) > 0))
163 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
164 OSSL_PKEY_PARAM_PUB_KEY,
165 pub, pub_len) > 0)
166 || !TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
167 || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "EC", NULL))
168 || !TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1)
169 || !TEST_int_eq(EVP_PKEY_fromdata(ctx, pkey, EVP_PKEY_PUBLIC_KEY,
170 params), expected))
171 goto err;
172
173 ret = 1;
174 err:
175 OSSL_PARAM_free(params);
176 OSSL_PARAM_BLD_free(bld);
177 EVP_PKEY_CTX_free(ctx);
178 return ret;
179 }
180
181 static int ecdsa_pub_verify_test(int id)
182 {
183 const struct ecdsa_pub_verify_st *tst = &ecdsa_pv_data[id];
184
185 int ret = 0;
186 EVP_PKEY_CTX *key_ctx = NULL;
187 EVP_PKEY *pkey = NULL;
188
189 if (!TEST_true(ecdsa_create_pkey(&pkey, tst->curve_name,
190 tst->pub, tst->pub_len, tst->pass)))
191 goto err;
192
193 if (tst->pass) {
194 if (!TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, ""))
195 || !TEST_int_eq(EVP_PKEY_public_check(key_ctx), tst->pass))
196 goto err;
197 }
198 ret = 1;
199 err:
200 EVP_PKEY_free(pkey);
201 EVP_PKEY_CTX_free(key_ctx);
202 return ret;
203 }
204
205 /* Extract r and s from an ecdsa signature */
206 static int get_ecdsa_sig_rs_bytes(const unsigned char *sig, size_t sig_len,
207 unsigned char **r, unsigned char **s,
208 size_t *rlen, size_t *slen)
209 {
210 int ret = 0;
211 unsigned char *rbuf = NULL, *sbuf = NULL;
212 size_t r1_len, s1_len;
213 const BIGNUM *r1, *s1;
214 ECDSA_SIG *sign = d2i_ECDSA_SIG(NULL, &sig, sig_len);
215
216 if (sign == NULL)
217 return 0;
218 r1 = ECDSA_SIG_get0_r(sign);
219 s1 = ECDSA_SIG_get0_s(sign);
220 if (r1 == NULL || s1 == NULL)
221 goto err;
222
223 r1_len = BN_num_bytes(r1);
224 s1_len = BN_num_bytes(s1);
225 rbuf = OPENSSL_zalloc(r1_len);
226 sbuf = OPENSSL_zalloc(s1_len);
227 if (rbuf == NULL || sbuf == NULL)
228 goto err;
229 if (BN_bn2binpad(r1, rbuf, r1_len) <= 0)
230 goto err;
231 if (BN_bn2binpad(s1, sbuf, s1_len) <= 0)
232 goto err;
233 *r = rbuf;
234 *s = sbuf;
235 *rlen = r1_len;
236 *slen = s1_len;
237 ret = 1;
238 err:
239 if (ret == 0) {
240 OPENSSL_free(rbuf);
241 OPENSSL_free(sbuf);
242 }
243 ECDSA_SIG_free(sign);
244 return ret;
245 }
246
247 static int ecdsa_siggen_test(int id)
248 {
249 int ret = 0;
250 EVP_PKEY *pkey = NULL;
251 size_t sig_len = 0, rlen = 0, slen = 0;
252 unsigned char *sig = NULL;
253 unsigned char *r = NULL, *s = NULL;
254 const struct ecdsa_siggen_st *tst = &ecdsa_siggen_data[id];
255
256 if (!TEST_ptr(pkey = EVP_PKEY_Q_keygen(libctx, NULL, "EC", tst->curve_name)))
257 goto err;
258
259 if (!TEST_true(sig_gen(pkey, NULL, tst->digest_alg, tst->msg, tst->msg_len,
260 &sig, &sig_len))
261 || !TEST_true(get_ecdsa_sig_rs_bytes(sig, sig_len, &r, &s, &rlen, &slen)))
262 goto err;
263 test_output_memory("r", r, rlen);
264 test_output_memory("s", s, slen);
265 ret = 1;
266 err:
267 OPENSSL_free(r);
268 OPENSSL_free(s);
269 OPENSSL_free(sig);
270 EVP_PKEY_free(pkey);
271 return ret;
272 }
273
274 static int ecdsa_sigver_test(int id)
275 {
276 int ret = 0;
277 EVP_MD_CTX *md_ctx = NULL;
278 EVP_PKEY *pkey = NULL;
279 ECDSA_SIG *sign = NULL;
280 size_t sig_len;
281 unsigned char *sig = NULL;
282 BIGNUM *rbn = NULL, *sbn = NULL;
283 const struct ecdsa_sigver_st *tst = &ecdsa_sigver_data[id];
284
285 if (!TEST_true(ecdsa_create_pkey(&pkey, tst->curve_name,
286 tst->pub, tst->pub_len, 1)))
287 goto err;
288
289 if (!TEST_ptr(sign = ECDSA_SIG_new())
290 || !TEST_ptr(rbn = BN_bin2bn(tst->r, tst->r_len, NULL))
291 || !TEST_ptr(sbn = BN_bin2bn(tst->s, tst->s_len, NULL))
292 || !TEST_true(ECDSA_SIG_set0(sign, rbn, sbn)))
293 goto err;
294 rbn = sbn = NULL;
295
296 ret = TEST_int_gt((sig_len = i2d_ECDSA_SIG(sign, &sig)), 0)
297 && TEST_ptr(md_ctx = EVP_MD_CTX_new())
298 && TEST_true(EVP_DigestVerifyInit_ex(md_ctx, NULL, tst->digest_alg,
299 libctx, NULL, pkey, NULL)
300 && TEST_int_eq(EVP_DigestVerify(md_ctx, sig, sig_len,
301 tst->msg, tst->msg_len), tst->pass));
302 err:
303 BN_free(rbn);
304 BN_free(sbn);
305 OPENSSL_free(sig);
306 ECDSA_SIG_free(sign);
307 EVP_PKEY_free(pkey);
308 EVP_MD_CTX_free(md_ctx);
309 return ret;
310
311 }
312 #endif /* OPENSSL_NO_EC */
313
314 #ifndef OPENSSL_NO_DSA
315 static int pkey_get_octet_bytes(EVP_PKEY *pkey, const char *name,
316 unsigned char **out, size_t *out_len)
317 {
318 size_t len = 0;
319 unsigned char *buf = NULL;
320
321 if (!EVP_PKEY_get_octet_string_param(pkey, name, NULL, 0, &len))
322 goto err;
323
324 buf = OPENSSL_zalloc(len);
325 if (buf == NULL)
326 goto err;
327
328 if (!EVP_PKEY_get_octet_string_param(pkey, name, buf, len, out_len))
329 goto err;
330 *out = buf;
331 return 1;
332 err:
333 OPENSSL_free(buf);
334 return 0;
335 }
336
337 static EVP_PKEY *dsa_paramgen(int L, int N)
338 {
339 EVP_PKEY_CTX *paramgen_ctx = NULL;
340 EVP_PKEY *param_key = NULL;
341
342 if (!TEST_ptr(paramgen_ctx = EVP_PKEY_CTX_new_from_name(libctx, "DSA", NULL))
343 || !TEST_int_gt(EVP_PKEY_paramgen_init(paramgen_ctx), 0)
344 || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_bits(paramgen_ctx, L))
345 || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_q_bits(paramgen_ctx, N))
346 || !TEST_true(EVP_PKEY_paramgen(paramgen_ctx, &param_key)))
347 return NULL;
348 EVP_PKEY_CTX_free(paramgen_ctx);
349 return param_key;
350 }
351
352 static EVP_PKEY *dsa_keygen(int L, int N)
353 {
354 EVP_PKEY *param_key = NULL, *key = NULL;
355 EVP_PKEY_CTX *keygen_ctx = NULL;
356
357 if (!TEST_ptr(param_key = dsa_paramgen(L, N))
358 || !TEST_ptr(keygen_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, param_key,
359 NULL))
360 || !TEST_int_gt(EVP_PKEY_keygen_init(keygen_ctx), 0)
361 || !TEST_int_gt(EVP_PKEY_keygen(keygen_ctx, &key), 0))
362 goto err;
363 err:
364 EVP_PKEY_free(param_key);
365 EVP_PKEY_CTX_free(keygen_ctx);
366 return key;
367 }
368
369 static int dsa_keygen_test(int id)
370 {
371 int ret = 0, i;
372 EVP_PKEY_CTX *paramgen_ctx = NULL, *keygen_ctx = NULL;
373 EVP_PKEY *param_key = NULL, *key = NULL;
374 unsigned char *priv = NULL, *pub = NULL;
375 size_t priv_len = 0, pub_len = 0;
376 const struct dsa_paramgen_st *tst = &dsa_keygen_data[id];
377
378 if (!TEST_ptr(param_key = dsa_paramgen(tst->L, tst->N))
379 || !TEST_ptr(keygen_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, param_key,
380 NULL))
381 || !TEST_int_gt(EVP_PKEY_keygen_init(keygen_ctx), 0))
382 goto err;
383 for (i = 0; i < 2; ++i) {
384 if (!TEST_int_gt(EVP_PKEY_keygen(keygen_ctx, &key), 0)
385 || !TEST_true(pkey_get_bn_bytes(key, OSSL_PKEY_PARAM_PRIV_KEY,
386 &priv, &priv_len))
387 || !TEST_true(pkey_get_bn_bytes(key, OSSL_PKEY_PARAM_PUB_KEY,
388 &pub, &pub_len)))
389 goto err;
390 test_output_memory("y", pub, pub_len);
391 test_output_memory("x", priv, priv_len);
392 EVP_PKEY_free(key);
393 OPENSSL_clear_free(priv, priv_len);
394 OPENSSL_free(pub);
395 key = NULL;
396 pub = priv = NULL;
397 }
398 ret = 1;
399 err:
400 OPENSSL_clear_free(priv, priv_len);
401 OPENSSL_free(pub);
402 EVP_PKEY_free(param_key);
403 EVP_PKEY_free(key);
404 EVP_PKEY_CTX_free(keygen_ctx);
405 EVP_PKEY_CTX_free(paramgen_ctx);
406 return ret;
407 }
408
409 static int dsa_paramgen_test(int id)
410 {
411 int ret = 0, counter = 0;
412 EVP_PKEY_CTX *paramgen_ctx = NULL;
413 EVP_PKEY *param_key = NULL;
414 unsigned char *p = NULL, *q = NULL, *seed = NULL;
415 size_t plen = 0, qlen = 0, seedlen = 0;
416 const struct dsa_paramgen_st *tst = &dsa_paramgen_data[id];
417
418 if (!TEST_ptr(paramgen_ctx = EVP_PKEY_CTX_new_from_name(libctx, "DSA", NULL))
419 || !TEST_int_gt(EVP_PKEY_paramgen_init(paramgen_ctx), 0)
420 || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_bits(paramgen_ctx, tst->L))
421 || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_q_bits(paramgen_ctx, tst->N))
422 || !TEST_true(EVP_PKEY_paramgen(paramgen_ctx, &param_key))
423 || !TEST_true(pkey_get_bn_bytes(param_key, OSSL_PKEY_PARAM_FFC_P,
424 &p, &plen))
425 || !TEST_true(pkey_get_bn_bytes(param_key, OSSL_PKEY_PARAM_FFC_Q,
426 &q, &qlen))
427 || !TEST_true(pkey_get_octet_bytes(param_key, OSSL_PKEY_PARAM_FFC_SEED,
428 &seed, &seedlen))
429 || !TEST_true(EVP_PKEY_get_int_param(param_key,
430 OSSL_PKEY_PARAM_FFC_PCOUNTER,
431 &counter)))
432 goto err;
433
434 test_output_memory("p", p, plen);
435 test_output_memory("q", q, qlen);
436 test_output_memory("domainSeed", seed, seedlen);
437 test_printf_stderr("%s: %d\n", "counter", counter);
438 ret = 1;
439 err:
440 OPENSSL_free(p);
441 OPENSSL_free(q);
442 OPENSSL_free(seed);
443 EVP_PKEY_free(param_key);
444 EVP_PKEY_CTX_free(paramgen_ctx);
445 return ret;
446 }
447
448 static int dsa_create_pkey(EVP_PKEY **pkey,
449 const unsigned char *p, size_t p_len,
450 const unsigned char *q, size_t q_len,
451 const unsigned char *g, size_t g_len,
452 const unsigned char *seed, size_t seed_len,
453 int counter,
454 int validate_pq, int validate_g,
455 const unsigned char *pub, size_t pub_len,
456 BN_CTX *bn_ctx)
457 {
458 int ret = 0;
459 EVP_PKEY_CTX *ctx = NULL;
460 OSSL_PARAM_BLD *bld = NULL;
461 OSSL_PARAM *params = NULL;
462 BIGNUM *p_bn = NULL, *q_bn = NULL, *g_bn = NULL, *pub_bn = NULL;
463
464 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
465 || !TEST_ptr(p_bn = BN_CTX_get(bn_ctx))
466 || !TEST_ptr(BN_bin2bn(p, p_len, p_bn))
467 || !TEST_true(OSSL_PARAM_BLD_push_int(bld,
468 OSSL_PKEY_PARAM_FFC_VALIDATE_PQ,
469 validate_pq))
470 || !TEST_true(OSSL_PARAM_BLD_push_int(bld,
471 OSSL_PKEY_PARAM_FFC_VALIDATE_G,
472 validate_g))
473 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p_bn))
474 || !TEST_ptr(q_bn = BN_CTX_get(bn_ctx))
475 || !TEST_ptr(BN_bin2bn(q, q_len, q_bn))
476 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q_bn)))
477 goto err;
478
479 if (g != NULL) {
480 if (!TEST_ptr(g_bn = BN_CTX_get(bn_ctx))
481 || !TEST_ptr(BN_bin2bn(g, g_len, g_bn))
482 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld,
483 OSSL_PKEY_PARAM_FFC_G, g_bn)))
484 goto err;
485 }
486 if (seed != NULL) {
487 if (!TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
488 OSSL_PKEY_PARAM_FFC_SEED, seed, seed_len)))
489 goto err;
490 }
491 if (counter != -1) {
492 if (!TEST_true(OSSL_PARAM_BLD_push_int(bld,
493 OSSL_PKEY_PARAM_FFC_PCOUNTER,
494 counter)))
495 goto err;
496 }
497 if (pub != NULL) {
498 if (!TEST_ptr(pub_bn = BN_CTX_get(bn_ctx))
499 || !TEST_ptr(BN_bin2bn(pub, pub_len, pub_bn))
500 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld,
501 OSSL_PKEY_PARAM_PUB_KEY,
502 pub_bn)))
503 goto err;
504 }
505 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
506 || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "DSA", NULL))
507 || !TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1)
508 || !TEST_int_eq(EVP_PKEY_fromdata(ctx, pkey, EVP_PKEY_PUBLIC_KEY,
509 params), 1))
510 goto err;
511
512 ret = 1;
513 err:
514 OSSL_PARAM_free(params);
515 OSSL_PARAM_BLD_free(bld);
516 EVP_PKEY_CTX_free(ctx);
517 return ret;
518 }
519
520 static int dsa_pqver_test(int id)
521 {
522 int ret = 0;
523 BN_CTX *bn_ctx = NULL;
524 EVP_PKEY_CTX *key_ctx = NULL;
525 EVP_PKEY *param_key = NULL;
526 const struct dsa_pqver_st *tst = &dsa_pqver_data[id];
527
528 if (!TEST_ptr(bn_ctx = BN_CTX_new_ex(libctx))
529 || !TEST_true(dsa_create_pkey(&param_key, tst->p, tst->p_len,
530 tst->q, tst->q_len, NULL, 0,
531 tst->seed, tst->seed_len, tst->counter,
532 1, 0,
533 NULL, 0,
534 bn_ctx))
535 || !TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, param_key,
536 NULL))
537 || !TEST_int_eq(EVP_PKEY_param_check(key_ctx), tst->pass))
538 goto err;
539
540 ret = 1;
541 err:
542 BN_CTX_free(bn_ctx);
543 EVP_PKEY_free(param_key);
544 EVP_PKEY_CTX_free(key_ctx);
545 return ret;
546 }
547
548 /* Extract r and s from a dsa signature */
549 static int get_dsa_sig_rs_bytes(const unsigned char *sig, size_t sig_len,
550 unsigned char **r, unsigned char **s,
551 size_t *r_len, size_t *s_len)
552 {
553 int ret = 0;
554 unsigned char *rbuf = NULL, *sbuf = NULL;
555 size_t r1_len, s1_len;
556 const BIGNUM *r1, *s1;
557 DSA_SIG *sign = d2i_DSA_SIG(NULL, &sig, sig_len);
558
559 if (sign == NULL)
560 return 0;
561 DSA_SIG_get0(sign, &r1, &s1);
562 if (r1 == NULL || s1 == NULL)
563 goto err;
564
565 r1_len = BN_num_bytes(r1);
566 s1_len = BN_num_bytes(s1);
567 rbuf = OPENSSL_zalloc(r1_len);
568 sbuf = OPENSSL_zalloc(s1_len);
569 if (rbuf == NULL || sbuf == NULL)
570 goto err;
571 if (BN_bn2binpad(r1, rbuf, r1_len) <= 0)
572 goto err;
573 if (BN_bn2binpad(s1, sbuf, s1_len) <= 0)
574 goto err;
575 *r = rbuf;
576 *s = sbuf;
577 *r_len = r1_len;
578 *s_len = s1_len;
579 ret = 1;
580 err:
581 if (ret == 0) {
582 OPENSSL_free(rbuf);
583 OPENSSL_free(sbuf);
584 }
585 DSA_SIG_free(sign);
586 return ret;
587 }
588
589 static int dsa_siggen_test(int id)
590 {
591 int ret = 0;
592 EVP_PKEY *pkey = NULL;
593 unsigned char *sig = NULL, *r = NULL, *s = NULL;
594 size_t sig_len = 0, rlen = 0, slen = 0;
595 const struct dsa_siggen_st *tst = &dsa_siggen_data[id];
596
597 if (!TEST_ptr(pkey = dsa_keygen(tst->L, tst->N)))
598 goto err;
599
600 if (!TEST_true(sig_gen(pkey, NULL, tst->digest_alg, tst->msg, tst->msg_len,
601 &sig, &sig_len))
602 || !TEST_true(get_dsa_sig_rs_bytes(sig, sig_len, &r, &s, &rlen, &slen)))
603 goto err;
604 test_output_memory("r", r, rlen);
605 test_output_memory("s", s, slen);
606 ret = 1;
607 err:
608 OPENSSL_free(r);
609 OPENSSL_free(s);
610 OPENSSL_free(sig);
611 EVP_PKEY_free(pkey);
612 return ret;
613 }
614
615 static int dsa_sigver_test(int id)
616 {
617 int ret = 0;
618 EVP_PKEY_CTX *ctx = NULL;
619 EVP_PKEY *pkey = NULL;
620 DSA_SIG *sign = NULL;
621 size_t sig_len;
622 unsigned char *sig = NULL;
623 BIGNUM *rbn = NULL, *sbn = NULL;
624 EVP_MD *md = NULL;
625 unsigned char digest[EVP_MAX_MD_SIZE];
626 unsigned int digest_len;
627 BN_CTX *bn_ctx = NULL;
628 const struct dsa_sigver_st *tst = &dsa_sigver_data[id];
629
630 if (!TEST_ptr(bn_ctx = BN_CTX_new())
631 || !TEST_true(dsa_create_pkey(&pkey, tst->p, tst->p_len,
632 tst->q, tst->q_len, tst->g, tst->g_len,
633 NULL, 0, 0, 0, 0, tst->pub, tst->pub_len,
634 bn_ctx)))
635 goto err;
636
637 if (!TEST_ptr(sign = DSA_SIG_new())
638 || !TEST_ptr(rbn = BN_bin2bn(tst->r, tst->r_len, NULL))
639 || !TEST_ptr(sbn = BN_bin2bn(tst->s, tst->s_len, NULL))
640 || !TEST_true(DSA_SIG_set0(sign, rbn, sbn)))
641 goto err;
642 rbn = sbn = NULL;
643
644 if (!TEST_ptr(md = EVP_MD_fetch(libctx, tst->digest_alg, ""))
645 || !TEST_true(EVP_Digest(tst->msg, tst->msg_len,
646 digest, &digest_len, md, NULL)))
647 goto err;
648
649 if (!TEST_int_gt((sig_len = i2d_DSA_SIG(sign, &sig)), 0)
650 || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, ""))
651 || !TEST_int_gt(EVP_PKEY_verify_init(ctx), 0)
652 || !TEST_int_eq(EVP_PKEY_verify(ctx, sig, sig_len, digest, digest_len),
653 tst->pass))
654 goto err;
655 ret = 1;
656 err:
657 EVP_PKEY_CTX_free(ctx);
658 OPENSSL_free(sig);
659 EVP_MD_free(md);
660 DSA_SIG_free(sign);
661 EVP_PKEY_free(pkey);
662 BN_free(rbn);
663 BN_free(sbn);
664 BN_CTX_free(bn_ctx);
665 return ret;
666 }
667 #endif /* OPENSSL_NO_DSA */
668
669
670 /* cipher encrypt/decrypt */
671 static int cipher_enc(const char *alg,
672 const unsigned char *pt, size_t pt_len,
673 const unsigned char *key, size_t key_len,
674 const unsigned char *iv, size_t iv_len,
675 const unsigned char *ct, size_t ct_len,
676 int enc)
677 {
678 int ret = 0, out_len = 0, len = 0;
679 EVP_CIPHER_CTX *ctx = NULL;
680 EVP_CIPHER *cipher = NULL;
681 unsigned char out[256] = { 0 };
682
683 TEST_note("%s : %s", alg, enc ? "encrypt" : "decrypt");
684 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
685 || !TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, alg, ""))
686 || !TEST_true(EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, enc))
687 || !TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))
688 || !TEST_true(EVP_CipherUpdate(ctx, out, &len, pt, pt_len))
689 || !TEST_true(EVP_CipherFinal_ex(ctx, out + len, &out_len)))
690 goto err;
691 out_len += len;
692 if (!TEST_mem_eq(out, out_len, ct, ct_len))
693 goto err;
694 ret = 1;
695 err:
696 EVP_CIPHER_free(cipher);
697 EVP_CIPHER_CTX_free(ctx);
698 return ret;
699 }
700
701 static int cipher_enc_dec_test(int id)
702 {
703 const struct cipher_st *tst = &cipher_enc_data[id];
704 const int enc = 1;
705
706 return TEST_true(cipher_enc(tst->alg, tst->pt, tst->pt_len,
707 tst->key, tst->key_len,
708 tst->iv, tst->iv_len,
709 tst->ct, tst->ct_len, enc))
710 && TEST_true(cipher_enc(tst->alg, tst->ct, tst->ct_len,
711 tst->key, tst->key_len,
712 tst->iv, tst->iv_len,
713 tst->pt, tst->pt_len, !enc));
714 }
715
716 static int aes_ccm_enc_dec(const char *alg,
717 const unsigned char *pt, size_t pt_len,
718 const unsigned char *key, size_t key_len,
719 const unsigned char *iv, size_t iv_len,
720 const unsigned char *aad, size_t aad_len,
721 const unsigned char *ct, size_t ct_len,
722 const unsigned char *tag, size_t tag_len,
723 int enc, int pass)
724 {
725 int ret = 0;
726 EVP_CIPHER_CTX *ctx;
727 EVP_CIPHER *cipher = NULL;
728 int out_len, len;
729 unsigned char out[1024];
730
731 TEST_note("%s : %s : expected to %s", alg, enc ? "encrypt" : "decrypt",
732 pass ? "pass" : "fail");
733
734 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
735 || !TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, alg, ""))
736 || !TEST_true(EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc))
737 || !TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, iv_len,
738 NULL), 0)
739 || !TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, tag_len,
740 enc ? NULL : (void *)tag), 0)
741 || !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, enc))
742 || !TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))
743 || !TEST_true(EVP_CipherUpdate(ctx, NULL, &len, NULL, pt_len))
744 || !TEST_true(EVP_CipherUpdate(ctx, NULL, &len, aad, aad_len))
745 || !TEST_int_eq(EVP_CipherUpdate(ctx, out, &len, pt, pt_len), pass))
746 goto err;
747
748 if (!pass) {
749 ret = 1;
750 goto err;
751 }
752 if (!TEST_true(EVP_CipherFinal_ex(ctx, out + len, &out_len)))
753 goto err;
754 if (enc) {
755 out_len += len;
756 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG,
757 tag_len, out + out_len), 0)
758 || !TEST_mem_eq(out, out_len, ct, ct_len)
759 || !TEST_mem_eq(out + out_len, tag_len, tag, tag_len))
760 goto err;
761 } else {
762 if (!TEST_mem_eq(out, out_len + len, ct, ct_len))
763 goto err;
764 }
765
766 ret = 1;
767 err:
768 EVP_CIPHER_free(cipher);
769 EVP_CIPHER_CTX_free(ctx);
770 return ret;
771 }
772
773 static int aes_ccm_enc_dec_test(int id)
774 {
775 const struct cipher_ccm_st *tst = &aes_ccm_enc_data[id];
776
777 /* The tag is on the end of the cipher text */
778 const size_t tag_len = tst->ct_len - tst->pt_len;
779 const size_t ct_len = tst->ct_len - tag_len;
780 const unsigned char *tag = tst->ct + ct_len;
781 const int enc = 1;
782 const int pass = 1;
783
784 if (ct_len < 1)
785 return 0;
786
787 return aes_ccm_enc_dec(tst->alg, tst->pt, tst->pt_len,
788 tst->key, tst->key_len,
789 tst->iv, tst->iv_len, tst->aad, tst->aad_len,
790 tst->ct, ct_len, tag, tag_len, enc, pass)
791 && aes_ccm_enc_dec(tst->alg, tst->ct, ct_len,
792 tst->key, tst->key_len,
793 tst->iv, tst->iv_len, tst->aad, tst->aad_len,
794 tst->pt, tst->pt_len, tag, tag_len, !enc, pass)
795 /* test that it fails if the tag is incorrect */
796 && aes_ccm_enc_dec(tst->alg, tst->ct, ct_len,
797 tst->key, tst->key_len,
798 tst->iv, tst->iv_len, tst->aad, tst->aad_len,
799 tst->pt, tst->pt_len,
800 tag - 1, tag_len, !enc, !pass);
801 }
802
803 static int aes_gcm_enc_dec(const char *alg,
804 const unsigned char *pt, size_t pt_len,
805 const unsigned char *key, size_t key_len,
806 const unsigned char *iv, size_t iv_len,
807 const unsigned char *aad, size_t aad_len,
808 const unsigned char *ct, size_t ct_len,
809 const unsigned char *tag, size_t tag_len,
810 int enc, int pass)
811 {
812 int ret = 0;
813 EVP_CIPHER_CTX *ctx;
814 EVP_CIPHER *cipher = NULL;
815 int out_len, len;
816 unsigned char out[1024];
817
818 TEST_note("%s : %s : expected to %s", alg, enc ? "encrypt" : "decrypt",
819 pass ? "pass" : "fail");
820
821 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
822 || !TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, alg, ""))
823 || !TEST_true(EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc))
824 || !TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, iv_len,
825 NULL), 0))
826 goto err;
827
828 if (!enc) {
829 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, tag_len,
830 (void *)tag), 0))
831 goto err;
832 }
833 /*
834 * For testing purposes the IV it being set here. In a compliant application
835 * the IV would be generated internally. A fake entropy source could also
836 * be used to feed in the random IV bytes (see fake_random.c)
837 */
838 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, enc))
839 || !TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))
840 || !TEST_true(EVP_CipherUpdate(ctx, NULL, &len, aad, aad_len))
841 || !TEST_true(EVP_CipherUpdate(ctx, out, &len, pt, pt_len)))
842 goto err;
843
844 if (!TEST_int_eq(EVP_CipherFinal_ex(ctx, out + len, &out_len), pass))
845 goto err;
846 if (!pass) {
847 ret = 1;
848 goto err;
849 }
850 out_len += len;
851 if (enc) {
852 if (!TEST_mem_eq(out, out_len, ct, ct_len)
853 || !TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG,
854 tag_len, out + out_len), 0)
855 || !TEST_mem_eq(out + out_len, tag_len, tag, tag_len))
856 goto err;
857 } else {
858 if (!TEST_mem_eq(out, out_len, ct, ct_len))
859 goto err;
860 }
861
862 ret = 1;
863 err:
864 EVP_CIPHER_free(cipher);
865 EVP_CIPHER_CTX_free(ctx);
866 return ret;
867 }
868
869 static int aes_gcm_enc_dec_test(int id)
870 {
871 const struct cipher_gcm_st *tst = &aes_gcm_enc_data[id];
872 int enc = 1;
873 int pass = 1;
874
875 return aes_gcm_enc_dec(tst->alg, tst->pt, tst->pt_len,
876 tst->key, tst->key_len,
877 tst->iv, tst->iv_len, tst->aad, tst->aad_len,
878 tst->ct, tst->ct_len, tst->tag, tst->tag_len,
879 enc, pass)
880 && aes_gcm_enc_dec(tst->alg, tst->ct, tst->ct_len,
881 tst->key, tst->key_len,
882 tst->iv, tst->iv_len, tst->aad, tst->aad_len,
883 tst->pt, tst->pt_len, tst->tag, tst->tag_len,
884 !enc, pass)
885 /* Fail if incorrect tag passed to decrypt */
886 && aes_gcm_enc_dec(tst->alg, tst->ct, tst->ct_len,
887 tst->key, tst->key_len,
888 tst->iv, tst->iv_len, tst->aad, tst->aad_len,
889 tst->pt, tst->pt_len, tst->aad, tst->tag_len,
890 !enc, !pass);
891 }
892
893 #ifndef OPENSSL_NO_DH
894 static int dh_create_pkey(EVP_PKEY **pkey, const char *group_name,
895 const unsigned char *pub, size_t pub_len,
896 const unsigned char *priv, size_t priv_len,
897 BN_CTX *bn_ctx, int pass)
898 {
899 int ret = 0;
900 EVP_PKEY_CTX *ctx = NULL;
901 OSSL_PARAM_BLD *bld = NULL;
902 OSSL_PARAM *params = NULL;
903 BIGNUM *pub_bn = NULL, *priv_bn = NULL;
904
905 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
906 || (group_name != NULL
907 && !TEST_int_gt(OSSL_PARAM_BLD_push_utf8_string(
908 bld, OSSL_PKEY_PARAM_GROUP_NAME,
909 group_name, 0), 0)))
910 goto err;
911
912 if (pub != NULL) {
913 if (!TEST_ptr(pub_bn = BN_CTX_get(bn_ctx))
914 || !TEST_ptr(BN_bin2bn(pub, pub_len, pub_bn))
915 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
916 pub_bn)))
917 goto err;
918 }
919 if (priv != NULL) {
920 if (!TEST_ptr(priv_bn = BN_CTX_get(bn_ctx))
921 || !TEST_ptr(BN_bin2bn(priv, priv_len, priv_bn))
922 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
923 priv_bn)))
924 goto err;
925 }
926
927 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
928 || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "DH", NULL))
929 || !TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1)
930 || !TEST_int_eq(EVP_PKEY_fromdata(ctx, pkey, EVP_PKEY_KEYPAIR, params),
931 pass))
932 goto err;
933
934 ret = 1;
935 err:
936 OSSL_PARAM_free(params);
937 OSSL_PARAM_BLD_free(bld);
938 EVP_PKEY_CTX_free(ctx);
939 return ret;
940 }
941
942 static int dh_safe_prime_keygen_test(int id)
943 {
944 int ret = 0;
945 EVP_PKEY_CTX *ctx = NULL;
946 EVP_PKEY *pkey = NULL;
947 unsigned char *priv = NULL;
948 unsigned char *pub = NULL;
949 size_t priv_len = 0, pub_len = 0;
950 OSSL_PARAM params[2];
951 const struct dh_safe_prime_keygen_st *tst = &dh_safe_prime_keygen_data[id];
952
953 params[0] = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME,
954 (char *)tst->group_name, 0);
955 params[1] = OSSL_PARAM_construct_end();
956
957 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "DH", NULL))
958 || !TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
959 || !TEST_true(EVP_PKEY_CTX_set_params(ctx, params))
960 || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0)
961 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_PRIV_KEY,
962 &priv, &priv_len))
963 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_PUB_KEY,
964 &pub, &pub_len)))
965 goto err;
966
967 test_output_memory("x", priv, priv_len);
968 test_output_memory("y", pub, pub_len);
969 ret = 1;
970 err:
971 OPENSSL_clear_free(priv, priv_len);
972 OPENSSL_free(pub);
973 EVP_PKEY_free(pkey);
974 EVP_PKEY_CTX_free(ctx);
975 return ret;
976 }
977
978 static int dh_safe_prime_keyver_test(int id)
979 {
980 int ret = 0;
981 BN_CTX *bn_ctx = NULL;
982 EVP_PKEY_CTX *key_ctx = NULL;
983 EVP_PKEY *pkey = NULL;
984 const struct dh_safe_prime_keyver_st *tst = &dh_safe_prime_keyver_data[id];
985
986 if (!TEST_ptr(bn_ctx = BN_CTX_new_ex(libctx))
987 || !TEST_true(dh_create_pkey(&pkey, tst->group_name,
988 tst->pub, tst->pub_len,
989 tst->priv, tst->priv_len, bn_ctx, 1))
990 || !TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, ""))
991 || !TEST_int_eq(EVP_PKEY_check(key_ctx), tst->pass))
992 goto err;
993
994 ret = 1;
995 err:
996 EVP_PKEY_free(pkey);
997 EVP_PKEY_CTX_free(key_ctx);
998 BN_CTX_free(bn_ctx);
999 return ret;
1000 }
1001 #endif /* OPENSSL_NO_DH */
1002
1003
1004 static int rsa_create_pkey(EVP_PKEY **pkey,
1005 const unsigned char *n, size_t n_len,
1006 const unsigned char *e, size_t e_len,
1007 const unsigned char *d, size_t d_len,
1008 BN_CTX *bn_ctx)
1009 {
1010 int ret = 0;
1011 EVP_PKEY_CTX *ctx = NULL;
1012 OSSL_PARAM_BLD *bld = NULL;
1013 OSSL_PARAM *params = NULL;
1014 BIGNUM *e_bn = NULL, *d_bn = NULL, *n_bn = NULL;
1015
1016 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
1017 || !TEST_ptr(n_bn = BN_CTX_get(bn_ctx))
1018 || !TEST_ptr(BN_bin2bn(n, n_len, n_bn))
1019 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_N, n_bn)))
1020 goto err;
1021
1022 if (e != NULL) {
1023 if (!TEST_ptr(e_bn = BN_CTX_get(bn_ctx))
1024 || !TEST_ptr(BN_bin2bn(e, e_len, e_bn))
1025 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_E,
1026 e_bn)))
1027 goto err;
1028 }
1029 if (d != NULL) {
1030 if (!TEST_ptr(d_bn = BN_CTX_get(bn_ctx))
1031 || !TEST_ptr(BN_bin2bn(d, d_len, d_bn))
1032 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_D,
1033 d_bn)))
1034 goto err;
1035 }
1036 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
1037 || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "RSA", NULL))
1038 || !TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1)
1039 || !TEST_int_eq(EVP_PKEY_fromdata(ctx, pkey, EVP_PKEY_KEYPAIR, params),
1040 1))
1041 goto err;
1042
1043 ret = 1;
1044 err:
1045 OSSL_PARAM_free(params);
1046 OSSL_PARAM_BLD_free(bld);
1047 EVP_PKEY_CTX_free(ctx);
1048 return ret;
1049 }
1050
1051 static int rsa_keygen_test(int id)
1052 {
1053 int ret = 0;
1054 EVP_PKEY_CTX *ctx = NULL;
1055 EVP_PKEY *pkey = NULL;
1056 BIGNUM *e_bn = NULL;
1057 BIGNUM *xp1_bn = NULL, *xp2_bn = NULL, *xp_bn = NULL;
1058 BIGNUM *xq1_bn = NULL, *xq2_bn = NULL, *xq_bn = NULL;
1059 unsigned char *n = NULL, *d = NULL;
1060 unsigned char *p = NULL, *p1 = NULL, *p2 = NULL;
1061 unsigned char *q = NULL, *q1 = NULL, *q2 = NULL;
1062 size_t n_len = 0, d_len = 0;
1063 size_t p_len = 0, p1_len = 0, p2_len = 0;
1064 size_t q_len = 0, q1_len = 0, q2_len = 0;
1065 OSSL_PARAM_BLD *bld = NULL;
1066 OSSL_PARAM *params = NULL;
1067 const struct rsa_keygen_st *tst = &rsa_keygen_data[id];
1068
1069 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
1070 || !TEST_ptr(xp1_bn = BN_bin2bn(tst->xp1, tst->xp1_len, NULL))
1071 || !TEST_ptr(xp2_bn = BN_bin2bn(tst->xp2, tst->xp2_len, NULL))
1072 || !TEST_ptr(xp_bn = BN_bin2bn(tst->xp, tst->xp_len, NULL))
1073 || !TEST_ptr(xq1_bn = BN_bin2bn(tst->xq1, tst->xq1_len, NULL))
1074 || !TEST_ptr(xq2_bn = BN_bin2bn(tst->xq2, tst->xq2_len, NULL))
1075 || !TEST_ptr(xq_bn = BN_bin2bn(tst->xq, tst->xq_len, NULL))
1076 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_TEST_XP1,
1077 xp1_bn))
1078 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_TEST_XP2,
1079 xp2_bn))
1080 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_TEST_XP,
1081 xp_bn))
1082 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_TEST_XQ1,
1083 xq1_bn))
1084 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_TEST_XQ2,
1085 xq2_bn))
1086 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_TEST_XQ,
1087 xq_bn))
1088 || !TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
1089 goto err;
1090
1091 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "RSA", NULL))
1092 || !TEST_ptr(e_bn = BN_bin2bn(tst->e, tst->e_len, NULL))
1093 || !TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
1094 || !TEST_int_gt(EVP_PKEY_CTX_set_params(ctx, params), 0)
1095 || !TEST_int_gt(EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, tst->mod), 0)
1096 || !TEST_int_gt(EVP_PKEY_CTX_set1_rsa_keygen_pubexp(ctx, e_bn), 0)
1097 || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0)
1098 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_TEST_P1,
1099 &p1, &p1_len))
1100 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_TEST_P2,
1101 &p2, &p2_len))
1102 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_TEST_Q1,
1103 &q1, &q1_len))
1104 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_TEST_Q2,
1105 &q2, &q2_len))
1106 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_FACTOR1,
1107 &p, &p_len))
1108 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_FACTOR2,
1109 &q, &q_len))
1110 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_N,
1111 &n, &n_len))
1112 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_D,
1113 &d, &d_len)))
1114 goto err;
1115
1116 if (!TEST_mem_eq(tst->p1, tst->p1_len, p1, p1_len)
1117 || !TEST_mem_eq(tst->p2, tst->p2_len, p2, p2_len)
1118 || !TEST_mem_eq(tst->p, tst->p_len, p, p_len)
1119 || !TEST_mem_eq(tst->q1, tst->q1_len, q1, q1_len)
1120 || !TEST_mem_eq(tst->q2, tst->q2_len, q2, q2_len)
1121 || !TEST_mem_eq(tst->q, tst->q_len, q, q_len)
1122 || !TEST_mem_eq(tst->n, tst->n_len, n, n_len)
1123 || !TEST_mem_eq(tst->d, tst->d_len, d, d_len))
1124 goto err;
1125
1126 test_output_memory("p1", p1, p1_len);
1127 test_output_memory("p2", p2, p2_len);
1128 test_output_memory("p", p, p_len);
1129 test_output_memory("q1", q1, q1_len);
1130 test_output_memory("q2", q2, q2_len);
1131 test_output_memory("q", q, q_len);
1132 test_output_memory("n", n, n_len);
1133 test_output_memory("d", d, d_len);
1134 ret = 1;
1135 err:
1136 BN_free(xp1_bn);
1137 BN_free(xp2_bn);
1138 BN_free(xp_bn);
1139 BN_free(xq1_bn);
1140 BN_free(xq2_bn);
1141 BN_free(xq_bn);
1142 BN_free(e_bn);
1143 OPENSSL_free(p1);
1144 OPENSSL_free(p2);
1145 OPENSSL_free(q1);
1146 OPENSSL_free(q2);
1147 OPENSSL_free(p);
1148 OPENSSL_free(q);
1149 OPENSSL_free(n);
1150 OPENSSL_free(d);
1151 EVP_PKEY_free(pkey);
1152 EVP_PKEY_CTX_free(ctx);
1153 OSSL_PARAM_free(params);
1154 OSSL_PARAM_BLD_free(bld);
1155 return ret;
1156 }
1157
1158 static int rsa_siggen_test(int id)
1159 {
1160 int ret = 0;
1161 EVP_PKEY *pkey = NULL;
1162 unsigned char *sig = NULL, *n = NULL, *e = NULL;
1163 size_t sig_len = 0, n_len = 0, e_len = 0;
1164 OSSL_PARAM params[4], *p;
1165 const struct rsa_siggen_st *tst = &rsa_siggen_data[id];
1166 int salt_len = tst->pss_salt_len;
1167
1168 TEST_note("RSA %s signature generation", tst->sig_pad_mode);
1169
1170 p = params;
1171 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_PAD_MODE,
1172 (char *)tst->sig_pad_mode, 0);
1173 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
1174 (char *)tst->digest_alg, 0);
1175 if (salt_len >= 0)
1176 *p++ = OSSL_PARAM_construct_int(OSSL_SIGNATURE_PARAM_PSS_SALTLEN,
1177 &salt_len);
1178 *p++ = OSSL_PARAM_construct_end();
1179
1180 if (!TEST_ptr(pkey = EVP_PKEY_Q_keygen(libctx, NULL, "RSA", tst->mod))
1181 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_N, &n, &n_len))
1182 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_E, &e, &e_len))
1183 || !TEST_true(sig_gen(pkey, params, tst->digest_alg,
1184 tst->msg, tst->msg_len,
1185 &sig, &sig_len)))
1186 goto err;
1187 test_output_memory("n", n, n_len);
1188 test_output_memory("e", e, e_len);
1189 test_output_memory("sig", sig, sig_len);
1190 ret = 1;
1191 err:
1192 OPENSSL_free(n);
1193 OPENSSL_free(e);
1194 OPENSSL_free(sig);
1195 EVP_PKEY_free(pkey);
1196 return ret;
1197 }
1198
1199 static int rsa_sigver_test(int id)
1200 {
1201 int ret = 0;
1202 EVP_PKEY_CTX *pkey_ctx = NULL;
1203 EVP_PKEY *pkey = NULL;
1204 EVP_MD_CTX *md_ctx = NULL;
1205 BN_CTX *bn_ctx = NULL;
1206 OSSL_PARAM params[4], *p;
1207 const struct rsa_sigver_st *tst = &rsa_sigver_data[id];
1208 int salt_len = tst->pss_salt_len;
1209
1210 TEST_note("RSA %s Signature Verify : expected to %s ", tst->sig_pad_mode,
1211 tst->pass == PASS ? "pass" : "fail");
1212
1213 p = params;
1214 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_PAD_MODE,
1215 (char *)tst->sig_pad_mode, 0);
1216 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
1217 (char *)tst->digest_alg, 0);
1218 if (salt_len >= 0)
1219 *p++ = OSSL_PARAM_construct_int(OSSL_SIGNATURE_PARAM_PSS_SALTLEN,
1220 &salt_len);
1221 *p++ = OSSL_PARAM_construct_end();
1222
1223 if (!TEST_ptr(bn_ctx = BN_CTX_new())
1224 || !TEST_true(rsa_create_pkey(&pkey, tst->n, tst->n_len,
1225 tst->e, tst->e_len, NULL, 0, bn_ctx))
1226 || !TEST_ptr(md_ctx = EVP_MD_CTX_new())
1227 || !TEST_true(EVP_DigestVerifyInit_ex(md_ctx, &pkey_ctx,
1228 tst->digest_alg, libctx, NULL,
1229 pkey, NULL))
1230 || !TEST_true(EVP_PKEY_CTX_set_params(pkey_ctx, params))
1231 || !TEST_int_eq(EVP_DigestVerify(md_ctx, tst->sig, tst->sig_len,
1232 tst->msg, tst->msg_len), tst->pass))
1233 goto err;
1234 ret = 1;
1235 err:
1236 EVP_PKEY_free(pkey);
1237 BN_CTX_free(bn_ctx);
1238 EVP_MD_CTX_free(md_ctx);
1239 return ret;
1240 }
1241
1242 static int rsa_decryption_primitive_test(int id)
1243 {
1244 int ret = 0;
1245 EVP_PKEY_CTX *ctx = NULL;
1246 EVP_PKEY *pkey = NULL;
1247 unsigned char pt[2048];
1248 size_t pt_len = sizeof(pt);
1249 unsigned char *n = NULL, *e = NULL;
1250 size_t n_len = 0, e_len = 0;
1251 BN_CTX *bn_ctx = NULL;
1252 const struct rsa_decrypt_prim_st *tst = &rsa_decrypt_prim_data[id];
1253
1254 if (!TEST_ptr(pkey = EVP_PKEY_Q_keygen(libctx, NULL, "RSA", 2048))
1255 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_N, &n, &n_len))
1256 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_E, &e, &e_len))
1257 || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, ""))
1258 || !TEST_int_gt(EVP_PKEY_decrypt_init(ctx), 0)
1259 || !TEST_int_gt(EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_NO_PADDING), 0))
1260 goto err;
1261
1262 test_output_memory("n", n, n_len);
1263 test_output_memory("e", e, e_len);
1264 if (EVP_PKEY_decrypt(ctx, pt, &pt_len, tst->ct, tst->ct_len) <= 0)
1265 TEST_note("Decryption Failed");
1266 else
1267 test_output_memory("pt", pt, pt_len);
1268 ret = 1;
1269 err:
1270 OPENSSL_free(n);
1271 OPENSSL_free(e);
1272 EVP_PKEY_CTX_free(ctx);
1273 EVP_PKEY_free(pkey);
1274 BN_CTX_free(bn_ctx);
1275 return ret;
1276 }
1277
1278 static int self_test_events(const OSSL_PARAM params[], void *varg)
1279 {
1280 SELF_TEST_ARGS *args = varg;
1281 const OSSL_PARAM *p = NULL;
1282 const char *phase = NULL, *type = NULL, *desc = NULL;
1283 int ret = 0;
1284
1285 if (!args->enable)
1286 return 1;
1287
1288 args->called++;
1289 p = OSSL_PARAM_locate_const(params, OSSL_PROV_PARAM_SELF_TEST_PHASE);
1290 if (p == NULL || p->data_type != OSSL_PARAM_UTF8_STRING)
1291 goto err;
1292 phase = (const char *)p->data;
1293
1294 p = OSSL_PARAM_locate_const(params, OSSL_PROV_PARAM_SELF_TEST_DESC);
1295 if (p == NULL || p->data_type != OSSL_PARAM_UTF8_STRING)
1296 goto err;
1297 desc = (const char *)p->data;
1298
1299 p = OSSL_PARAM_locate_const(params, OSSL_PROV_PARAM_SELF_TEST_TYPE);
1300 if (p == NULL || p->data_type != OSSL_PARAM_UTF8_STRING)
1301 goto err;
1302 type = (const char *)p->data;
1303
1304 BIO_printf(bio_out, "%s %s %s\n", phase, desc, type);
1305 ret = 1;
1306 err:
1307 return ret;
1308 }
1309
1310 static int drbg_test(int id)
1311 {
1312 OSSL_PARAM params[3];
1313 EVP_RAND *rand = NULL;
1314 EVP_RAND_CTX *ctx = NULL, *parent = NULL;
1315 unsigned char returned_bits[64];
1316 const size_t returned_bits_len = sizeof(returned_bits);
1317 unsigned int strength = 256;
1318 const struct drbg_st *tst = &drbg_data[id];
1319 int res = 0;
1320
1321 /* Create the seed source */
1322 if (!TEST_ptr(rand = EVP_RAND_fetch(libctx, "TEST-RAND", "-fips"))
1323 || !TEST_ptr(parent = EVP_RAND_CTX_new(rand, NULL)))
1324 goto err;
1325 EVP_RAND_free(rand);
1326 rand = NULL;
1327
1328 params[0] = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_STRENGTH, &strength);
1329 params[1] = OSSL_PARAM_construct_end();
1330 if (!TEST_true(EVP_RAND_CTX_set_params(parent, params)))
1331 goto err;
1332
1333 /* Get the DRBG */
1334 if (!TEST_ptr(rand = EVP_RAND_fetch(libctx, tst->drbg_name, ""))
1335 || !TEST_ptr(ctx = EVP_RAND_CTX_new(rand, parent)))
1336 goto err;
1337
1338 /* Set the DRBG up */
1339 params[0] = OSSL_PARAM_construct_int(OSSL_DRBG_PARAM_USE_DF,
1340 (int *)&tst->use_df);
1341 params[1] = OSSL_PARAM_construct_utf8_string(OSSL_DRBG_PARAM_CIPHER,
1342 (char *)tst->cipher, 0);
1343 params[2] = OSSL_PARAM_construct_end();
1344 if (!TEST_true(EVP_RAND_CTX_set_params(ctx, params)))
1345 goto err;
1346
1347 /* Feed in the entropy and nonce */
1348 params[0] = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY,
1349 (void *)tst->entropy_input,
1350 tst->entropy_input_len);
1351 params[1] = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_NONCE,
1352 (void *)tst->nonce,
1353 tst->nonce_len);
1354 params[2] = OSSL_PARAM_construct_end();
1355 if (!TEST_true(EVP_RAND_CTX_set_params(parent, params)))
1356 goto err;
1357
1358 /*
1359 * Run the test
1360 * A NULL personalisation string defaults to the built in so something
1361 * non-NULL is needed if there is no personalisation string
1362 */
1363 if (!TEST_true(EVP_RAND_instantiate(ctx, 0, 0, (void *)"", 0, NULL))
1364 || !TEST_true(EVP_RAND_generate(ctx, returned_bits, returned_bits_len,
1365 0, 0, NULL, 0))
1366 || !TEST_true(EVP_RAND_generate(ctx, returned_bits, returned_bits_len,
1367 0, 0, NULL, 0)))
1368 goto err;
1369
1370 test_output_memory("returned bits", returned_bits, returned_bits_len);
1371
1372 /* Clean up */
1373 if (!TEST_true(EVP_RAND_uninstantiate(ctx))
1374 || !TEST_true(EVP_RAND_uninstantiate(parent)))
1375 goto err;
1376
1377 /* Verify the output */
1378 if (!TEST_mem_eq(returned_bits, returned_bits_len,
1379 tst->returned_bits, tst->returned_bits_len))
1380 goto err;
1381 res = 1;
1382 err:
1383 EVP_RAND_CTX_free(ctx);
1384 /* Coverity is confused by the upref/free in EVP_RAND_CTX_new() subdue it */
1385 /* coverity[pass_freed_arg] */
1386 EVP_RAND_CTX_free(parent);
1387 EVP_RAND_free(rand);
1388 return res;
1389 }
1390
1391 static int aes_cfb1_bits_test(void)
1392 {
1393 int ret = 0;
1394 EVP_CIPHER *cipher = NULL;
1395 EVP_CIPHER_CTX *ctx = NULL;
1396 unsigned char out[16] = { 0 };
1397 int outlen;
1398 const OSSL_PARAM *params, *p;
1399
1400 static const unsigned char key[] = {
1401 0x12, 0x22, 0x58, 0x2F, 0x1C, 0x1A, 0x8A, 0x88,
1402 0x30, 0xFC, 0x18, 0xB7, 0x24, 0x89, 0x7F, 0xC0
1403 };
1404 static const unsigned char iv[] = {
1405 0x05, 0x28, 0xB5, 0x2B, 0x58, 0x27, 0x63, 0x5C,
1406 0x81, 0x86, 0xD3, 0x63, 0x60, 0xB0, 0xAA, 0x2B
1407 };
1408 static const unsigned char pt[] = {
1409 0xB4
1410 };
1411 static const unsigned char expected[] = {
1412 0x6C
1413 };
1414
1415 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, "AES-128-CFB1", "fips=yes")))
1416 goto err;
1417 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()))
1418 goto err;
1419 if (!TEST_int_gt(EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, 1), 0))
1420 goto err;
1421 if (!TEST_ptr(params = EVP_CIPHER_CTX_settable_params(ctx))
1422 || !TEST_ptr(p = OSSL_PARAM_locate_const(params,
1423 OSSL_CIPHER_PARAM_USE_BITS)))
1424 goto err;
1425 EVP_CIPHER_CTX_set_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS);
1426 if (!TEST_int_gt(EVP_CipherUpdate(ctx, out, &outlen, pt, 7), 0))
1427 goto err;
1428 if (!TEST_int_eq(outlen, 7))
1429 goto err;
1430 if (!TEST_mem_eq(out, (outlen + 7) / 8, expected, sizeof(expected)))
1431 goto err;
1432 ret = 1;
1433 err:
1434 EVP_CIPHER_free(cipher);
1435 EVP_CIPHER_CTX_free(ctx);
1436 return ret;
1437 }
1438
1439 int setup_tests(void)
1440 {
1441 char *config_file = NULL;
1442
1443 OPTION_CHOICE o;
1444
1445 while ((o = opt_next()) != OPT_EOF) {
1446 switch (o) {
1447 case OPT_CONFIG_FILE:
1448 config_file = opt_arg();
1449 break;
1450 case OPT_TEST_CASES:
1451 break;
1452 default:
1453 case OPT_ERR:
1454 return 0;
1455 }
1456 }
1457
1458 if (!test_get_libctx(&libctx, &prov_null, config_file, NULL, NULL))
1459 return 0;
1460
1461 OSSL_SELF_TEST_set_callback(libctx, self_test_events, &self_test_args);
1462
1463 ADD_TEST(aes_cfb1_bits_test);
1464 ADD_ALL_TESTS(cipher_enc_dec_test, OSSL_NELEM(cipher_enc_data));
1465 ADD_ALL_TESTS(aes_ccm_enc_dec_test, OSSL_NELEM(aes_ccm_enc_data));
1466 ADD_ALL_TESTS(aes_gcm_enc_dec_test, OSSL_NELEM(aes_gcm_enc_data));
1467
1468 ADD_ALL_TESTS(rsa_keygen_test, OSSL_NELEM(rsa_keygen_data));
1469 ADD_ALL_TESTS(rsa_siggen_test, OSSL_NELEM(rsa_siggen_data));
1470 ADD_ALL_TESTS(rsa_sigver_test, OSSL_NELEM(rsa_sigver_data));
1471 ADD_ALL_TESTS(rsa_decryption_primitive_test,
1472 OSSL_NELEM(rsa_decrypt_prim_data));
1473
1474 #ifndef OPENSSL_NO_DH
1475 ADD_ALL_TESTS(dh_safe_prime_keygen_test,
1476 OSSL_NELEM(dh_safe_prime_keygen_data));
1477 ADD_ALL_TESTS(dh_safe_prime_keyver_test,
1478 OSSL_NELEM(dh_safe_prime_keyver_data));
1479 #endif /* OPENSSL_NO_DH */
1480
1481 #ifndef OPENSSL_NO_DSA
1482 ADD_ALL_TESTS(dsa_keygen_test, OSSL_NELEM(dsa_keygen_data));
1483 ADD_ALL_TESTS(dsa_paramgen_test, OSSL_NELEM(dsa_paramgen_data));
1484 ADD_ALL_TESTS(dsa_pqver_test, OSSL_NELEM(dsa_pqver_data));
1485 ADD_ALL_TESTS(dsa_siggen_test, OSSL_NELEM(dsa_siggen_data));
1486 ADD_ALL_TESTS(dsa_sigver_test, OSSL_NELEM(dsa_sigver_data));
1487 #endif /* OPENSSL_NO_DSA */
1488
1489 #ifndef OPENSSL_NO_EC
1490 ADD_ALL_TESTS(ecdsa_keygen_test, OSSL_NELEM(ecdsa_keygen_data));
1491 ADD_ALL_TESTS(ecdsa_pub_verify_test, OSSL_NELEM(ecdsa_pv_data));
1492 ADD_ALL_TESTS(ecdsa_siggen_test, OSSL_NELEM(ecdsa_siggen_data));
1493 ADD_ALL_TESTS(ecdsa_sigver_test, OSSL_NELEM(ecdsa_sigver_data));
1494 #endif /* OPENSSL_NO_EC */
1495
1496 ADD_ALL_TESTS(drbg_test, OSSL_NELEM(drbg_data));
1497 return 1;
1498 }
1499
1500 void cleanup_tests(void)
1501 {
1502 OSSL_PROVIDER_unload(prov_null);
1503 OSSL_LIB_CTX_free(libctx);
1504 }
A mirror of the official openssl repository