2 * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
11 * A set of tests demonstrating uses cases for CAVS/ACVP testing.
13 * For examples of testing KDF's, Digests, KeyAgreement & DRBG's refer to
14 * providers/fips/self_test_kats.c
18 #include <openssl/opensslconf.h> /* To see if OPENSSL_NO_EC is defined */
19 #include <openssl/core_names.h>
20 #include <openssl/evp.h>
21 #include <openssl/ec.h>
22 #include <openssl/dh.h>
23 #include <openssl/dsa.h>
24 #include <openssl/rsa.h>
25 #include <openssl/param_build.h>
26 #include <openssl/provider.h>
27 #include <openssl/self_test.h>
29 #include "testutil/output.h"
30 #include "acvp_test.inc"
31 #include "internal/nelem.h"
33 typedef enum OPTION_choice
{
40 typedef struct st_args
{
45 static OSSL_PROVIDER
*prov_null
= NULL
;
46 static OSSL_LIB_CTX
*libctx
= NULL
;
47 static SELF_TEST_ARGS self_test_args
= { 0 };
48 static OSSL_CALLBACK self_test_events
;
50 const OPTIONS
*test_get_options(void)
52 static const OPTIONS test_options
[] = {
53 OPT_TEST_OPTIONS_DEFAULT_USAGE
,
54 { "config", OPT_CONFIG_FILE
, '<',
55 "The configuration file to use for the libctx" },
61 static int pkey_get_bn_bytes(EVP_PKEY
*pkey
, const char *name
,
62 unsigned char **out
, size_t *out_len
)
64 unsigned char *buf
= NULL
;
68 if (!EVP_PKEY_get_bn_param(pkey
, name
, &bn
))
70 sz
= BN_num_bytes(bn
);
71 buf
= OPENSSL_zalloc(sz
);
74 if (BN_bn2binpad(bn
, buf
, sz
) <= 0)
87 static int sig_gen(EVP_PKEY
*pkey
, OSSL_PARAM
*params
, const char *digest_name
,
88 const unsigned char *msg
, size_t msg_len
,
89 unsigned char **sig_out
, size_t *sig_out_len
)
92 EVP_MD_CTX
*md_ctx
= NULL
;
93 unsigned char *sig
= NULL
;
95 size_t sz
= EVP_PKEY_get_size(pkey
);
98 if (!TEST_ptr(sig
= OPENSSL_malloc(sz
))
99 || !TEST_ptr(md_ctx
= EVP_MD_CTX_new())
100 || !TEST_int_eq(EVP_DigestSignInit_ex(md_ctx
, NULL
, digest_name
, libctx
,
101 NULL
, pkey
, NULL
), 1)
102 || !TEST_int_gt(EVP_DigestSign(md_ctx
, sig
, &sig_len
, msg
, msg_len
), 0))
105 *sig_out_len
= sig_len
;
110 EVP_MD_CTX_free(md_ctx
);
114 #ifndef OPENSSL_NO_EC
115 static int ecdsa_keygen_test(int id
)
118 EVP_PKEY
*pkey
= NULL
;
119 unsigned char *priv
= NULL
;
120 unsigned char *pubx
= NULL
, *puby
= NULL
;
121 size_t priv_len
= 0, pubx_len
= 0, puby_len
= 0;
122 const struct ecdsa_keygen_st
*tst
= &ecdsa_keygen_data
[id
];
124 self_test_args
.called
= 0;
125 self_test_args
.enable
= 1;
126 if (!TEST_ptr(pkey
= EVP_PKEY_Q_keygen(libctx
, NULL
, "EC", tst
->curve_name
))
127 || !TEST_int_ge(self_test_args
.called
, 3)
128 || !TEST_true(pkey_get_bn_bytes(pkey
, OSSL_PKEY_PARAM_PRIV_KEY
, &priv
,
130 || !TEST_true(pkey_get_bn_bytes(pkey
, OSSL_PKEY_PARAM_EC_PUB_X
, &pubx
,
132 || !TEST_true(pkey_get_bn_bytes(pkey
, OSSL_PKEY_PARAM_EC_PUB_Y
, &puby
,
136 test_output_memory("qy", puby
, puby_len
);
137 test_output_memory("qx", pubx
, pubx_len
);
138 test_output_memory("d", priv
, priv_len
);
141 self_test_args
.enable
= 0;
142 self_test_args
.called
= 0;
143 OPENSSL_clear_free(priv
, priv_len
);
150 static int ecdsa_create_pkey(EVP_PKEY
**pkey
, const char *curve_name
,
151 const unsigned char *pub
, size_t pub_len
,
155 EVP_PKEY_CTX
*ctx
= NULL
;
156 OSSL_PARAM_BLD
*bld
= NULL
;
157 OSSL_PARAM
*params
= NULL
;
159 if (!TEST_ptr(bld
= OSSL_PARAM_BLD_new())
160 || (curve_name
!= NULL
161 && !TEST_true(OSSL_PARAM_BLD_push_utf8_string(
162 bld
, OSSL_PKEY_PARAM_GROUP_NAME
, curve_name
, 0) > 0))
163 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld
,
164 OSSL_PKEY_PARAM_PUB_KEY
,
166 || !TEST_ptr(params
= OSSL_PARAM_BLD_to_param(bld
))
167 || !TEST_ptr(ctx
= EVP_PKEY_CTX_new_from_name(libctx
, "EC", NULL
))
168 || !TEST_int_eq(EVP_PKEY_fromdata_init(ctx
), 1)
169 || !TEST_int_eq(EVP_PKEY_fromdata(ctx
, pkey
, EVP_PKEY_PUBLIC_KEY
,
175 OSSL_PARAM_free(params
);
176 OSSL_PARAM_BLD_free(bld
);
177 EVP_PKEY_CTX_free(ctx
);
181 static int ecdsa_pub_verify_test(int id
)
183 const struct ecdsa_pub_verify_st
*tst
= &ecdsa_pv_data
[id
];
186 EVP_PKEY_CTX
*key_ctx
= NULL
;
187 EVP_PKEY
*pkey
= NULL
;
189 if (!TEST_true(ecdsa_create_pkey(&pkey
, tst
->curve_name
,
190 tst
->pub
, tst
->pub_len
, tst
->pass
)))
194 if (!TEST_ptr(key_ctx
= EVP_PKEY_CTX_new_from_pkey(libctx
, pkey
, ""))
195 || !TEST_int_eq(EVP_PKEY_public_check(key_ctx
), tst
->pass
))
201 EVP_PKEY_CTX_free(key_ctx
);
205 /* Extract r and s from an ecdsa signature */
206 static int get_ecdsa_sig_rs_bytes(const unsigned char *sig
, size_t sig_len
,
207 unsigned char **r
, unsigned char **s
,
208 size_t *rlen
, size_t *slen
)
211 unsigned char *rbuf
= NULL
, *sbuf
= NULL
;
212 size_t r1_len
, s1_len
;
213 const BIGNUM
*r1
, *s1
;
214 ECDSA_SIG
*sign
= d2i_ECDSA_SIG(NULL
, &sig
, sig_len
);
218 r1
= ECDSA_SIG_get0_r(sign
);
219 s1
= ECDSA_SIG_get0_s(sign
);
220 if (r1
== NULL
|| s1
== NULL
)
223 r1_len
= BN_num_bytes(r1
);
224 s1_len
= BN_num_bytes(s1
);
225 rbuf
= OPENSSL_zalloc(r1_len
);
226 sbuf
= OPENSSL_zalloc(s1_len
);
227 if (rbuf
== NULL
|| sbuf
== NULL
)
229 if (BN_bn2binpad(r1
, rbuf
, r1_len
) <= 0)
231 if (BN_bn2binpad(s1
, sbuf
, s1_len
) <= 0)
243 ECDSA_SIG_free(sign
);
247 static int ecdsa_siggen_test(int id
)
250 EVP_PKEY
*pkey
= NULL
;
251 size_t sig_len
= 0, rlen
= 0, slen
= 0;
252 unsigned char *sig
= NULL
;
253 unsigned char *r
= NULL
, *s
= NULL
;
254 const struct ecdsa_siggen_st
*tst
= &ecdsa_siggen_data
[id
];
256 if (!TEST_ptr(pkey
= EVP_PKEY_Q_keygen(libctx
, NULL
, "EC", tst
->curve_name
)))
259 if (!TEST_true(sig_gen(pkey
, NULL
, tst
->digest_alg
, tst
->msg
, tst
->msg_len
,
261 || !TEST_true(get_ecdsa_sig_rs_bytes(sig
, sig_len
, &r
, &s
, &rlen
, &slen
)))
263 test_output_memory("r", r
, rlen
);
264 test_output_memory("s", s
, slen
);
274 static int ecdsa_sigver_test(int id
)
277 EVP_MD_CTX
*md_ctx
= NULL
;
278 EVP_PKEY
*pkey
= NULL
;
279 ECDSA_SIG
*sign
= NULL
;
281 unsigned char *sig
= NULL
;
282 BIGNUM
*rbn
= NULL
, *sbn
= NULL
;
283 const struct ecdsa_sigver_st
*tst
= &ecdsa_sigver_data
[id
];
285 if (!TEST_true(ecdsa_create_pkey(&pkey
, tst
->curve_name
,
286 tst
->pub
, tst
->pub_len
, 1)))
289 if (!TEST_ptr(sign
= ECDSA_SIG_new())
290 || !TEST_ptr(rbn
= BN_bin2bn(tst
->r
, tst
->r_len
, NULL
))
291 || !TEST_ptr(sbn
= BN_bin2bn(tst
->s
, tst
->s_len
, NULL
))
292 || !TEST_true(ECDSA_SIG_set0(sign
, rbn
, sbn
)))
296 ret
= TEST_int_gt((sig_len
= i2d_ECDSA_SIG(sign
, &sig
)), 0)
297 && TEST_ptr(md_ctx
= EVP_MD_CTX_new())
298 && TEST_true(EVP_DigestVerifyInit_ex(md_ctx
, NULL
, tst
->digest_alg
,
299 libctx
, NULL
, pkey
, NULL
)
300 && TEST_int_eq(EVP_DigestVerify(md_ctx
, sig
, sig_len
,
301 tst
->msg
, tst
->msg_len
), tst
->pass
));
306 ECDSA_SIG_free(sign
);
308 EVP_MD_CTX_free(md_ctx
);
312 #endif /* OPENSSL_NO_EC */
314 #ifndef OPENSSL_NO_DSA
315 static int pkey_get_octet_bytes(EVP_PKEY
*pkey
, const char *name
,
316 unsigned char **out
, size_t *out_len
)
319 unsigned char *buf
= NULL
;
321 if (!EVP_PKEY_get_octet_string_param(pkey
, name
, NULL
, 0, &len
))
324 buf
= OPENSSL_zalloc(len
);
328 if (!EVP_PKEY_get_octet_string_param(pkey
, name
, buf
, len
, out_len
))
337 static EVP_PKEY
*dsa_paramgen(int L
, int N
)
339 EVP_PKEY_CTX
*paramgen_ctx
= NULL
;
340 EVP_PKEY
*param_key
= NULL
;
342 if (!TEST_ptr(paramgen_ctx
= EVP_PKEY_CTX_new_from_name(libctx
, "DSA", NULL
))
343 || !TEST_int_gt(EVP_PKEY_paramgen_init(paramgen_ctx
), 0)
344 || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_bits(paramgen_ctx
, L
))
345 || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_q_bits(paramgen_ctx
, N
))
346 || !TEST_true(EVP_PKEY_paramgen(paramgen_ctx
, ¶m_key
)))
348 EVP_PKEY_CTX_free(paramgen_ctx
);
352 static EVP_PKEY
*dsa_keygen(int L
, int N
)
354 EVP_PKEY
*param_key
= NULL
, *key
= NULL
;
355 EVP_PKEY_CTX
*keygen_ctx
= NULL
;
357 if (!TEST_ptr(param_key
= dsa_paramgen(L
, N
))
358 || !TEST_ptr(keygen_ctx
= EVP_PKEY_CTX_new_from_pkey(libctx
, param_key
,
360 || !TEST_int_gt(EVP_PKEY_keygen_init(keygen_ctx
), 0)
361 || !TEST_int_gt(EVP_PKEY_keygen(keygen_ctx
, &key
), 0))
364 EVP_PKEY_free(param_key
);
365 EVP_PKEY_CTX_free(keygen_ctx
);
369 static int dsa_keygen_test(int id
)
372 EVP_PKEY_CTX
*paramgen_ctx
= NULL
, *keygen_ctx
= NULL
;
373 EVP_PKEY
*param_key
= NULL
, *key
= NULL
;
374 unsigned char *priv
= NULL
, *pub
= NULL
;
375 size_t priv_len
= 0, pub_len
= 0;
376 const struct dsa_paramgen_st
*tst
= &dsa_keygen_data
[id
];
378 if (!TEST_ptr(param_key
= dsa_paramgen(tst
->L
, tst
->N
))
379 || !TEST_ptr(keygen_ctx
= EVP_PKEY_CTX_new_from_pkey(libctx
, param_key
,
381 || !TEST_int_gt(EVP_PKEY_keygen_init(keygen_ctx
), 0))
383 for (i
= 0; i
< 2; ++i
) {
384 if (!TEST_int_gt(EVP_PKEY_keygen(keygen_ctx
, &key
), 0)
385 || !TEST_true(pkey_get_bn_bytes(key
, OSSL_PKEY_PARAM_PRIV_KEY
,
387 || !TEST_true(pkey_get_bn_bytes(key
, OSSL_PKEY_PARAM_PUB_KEY
,
390 test_output_memory("y", pub
, pub_len
);
391 test_output_memory("x", priv
, priv_len
);
393 OPENSSL_clear_free(priv
, priv_len
);
400 OPENSSL_clear_free(priv
, priv_len
);
402 EVP_PKEY_free(param_key
);
404 EVP_PKEY_CTX_free(keygen_ctx
);
405 EVP_PKEY_CTX_free(paramgen_ctx
);
409 static int dsa_paramgen_test(int id
)
411 int ret
= 0, counter
= 0;
412 EVP_PKEY_CTX
*paramgen_ctx
= NULL
;
413 EVP_PKEY
*param_key
= NULL
;
414 unsigned char *p
= NULL
, *q
= NULL
, *seed
= NULL
;
415 size_t plen
= 0, qlen
= 0, seedlen
= 0;
416 const struct dsa_paramgen_st
*tst
= &dsa_paramgen_data
[id
];
418 if (!TEST_ptr(paramgen_ctx
= EVP_PKEY_CTX_new_from_name(libctx
, "DSA", NULL
))
419 || !TEST_int_gt(EVP_PKEY_paramgen_init(paramgen_ctx
), 0)
420 || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_bits(paramgen_ctx
, tst
->L
))
421 || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_q_bits(paramgen_ctx
, tst
->N
))
422 || !TEST_true(EVP_PKEY_paramgen(paramgen_ctx
, ¶m_key
))
423 || !TEST_true(pkey_get_bn_bytes(param_key
, OSSL_PKEY_PARAM_FFC_P
,
425 || !TEST_true(pkey_get_bn_bytes(param_key
, OSSL_PKEY_PARAM_FFC_Q
,
427 || !TEST_true(pkey_get_octet_bytes(param_key
, OSSL_PKEY_PARAM_FFC_SEED
,
429 || !TEST_true(EVP_PKEY_get_int_param(param_key
,
430 OSSL_PKEY_PARAM_FFC_PCOUNTER
,
434 test_output_memory("p", p
, plen
);
435 test_output_memory("q", q
, qlen
);
436 test_output_memory("domainSeed", seed
, seedlen
);
437 test_printf_stderr("%s: %d\n", "counter", counter
);
443 EVP_PKEY_free(param_key
);
444 EVP_PKEY_CTX_free(paramgen_ctx
);
448 static int dsa_create_pkey(EVP_PKEY
**pkey
,
449 const unsigned char *p
, size_t p_len
,
450 const unsigned char *q
, size_t q_len
,
451 const unsigned char *g
, size_t g_len
,
452 const unsigned char *seed
, size_t seed_len
,
454 int validate_pq
, int validate_g
,
455 const unsigned char *pub
, size_t pub_len
,
459 EVP_PKEY_CTX
*ctx
= NULL
;
460 OSSL_PARAM_BLD
*bld
= NULL
;
461 OSSL_PARAM
*params
= NULL
;
462 BIGNUM
*p_bn
= NULL
, *q_bn
= NULL
, *g_bn
= NULL
, *pub_bn
= NULL
;
464 if (!TEST_ptr(bld
= OSSL_PARAM_BLD_new())
465 || !TEST_ptr(p_bn
= BN_CTX_get(bn_ctx
))
466 || !TEST_ptr(BN_bin2bn(p
, p_len
, p_bn
))
467 || !TEST_true(OSSL_PARAM_BLD_push_int(bld
,
468 OSSL_PKEY_PARAM_FFC_VALIDATE_PQ
,
470 || !TEST_true(OSSL_PARAM_BLD_push_int(bld
,
471 OSSL_PKEY_PARAM_FFC_VALIDATE_G
,
473 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_P
, p_bn
))
474 || !TEST_ptr(q_bn
= BN_CTX_get(bn_ctx
))
475 || !TEST_ptr(BN_bin2bn(q
, q_len
, q_bn
))
476 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_Q
, q_bn
)))
480 if (!TEST_ptr(g_bn
= BN_CTX_get(bn_ctx
))
481 || !TEST_ptr(BN_bin2bn(g
, g_len
, g_bn
))
482 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
,
483 OSSL_PKEY_PARAM_FFC_G
, g_bn
)))
487 if (!TEST_true(OSSL_PARAM_BLD_push_octet_string(bld
,
488 OSSL_PKEY_PARAM_FFC_SEED
, seed
, seed_len
)))
492 if (!TEST_true(OSSL_PARAM_BLD_push_int(bld
,
493 OSSL_PKEY_PARAM_FFC_PCOUNTER
,
498 if (!TEST_ptr(pub_bn
= BN_CTX_get(bn_ctx
))
499 || !TEST_ptr(BN_bin2bn(pub
, pub_len
, pub_bn
))
500 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
,
501 OSSL_PKEY_PARAM_PUB_KEY
,
505 if (!TEST_ptr(params
= OSSL_PARAM_BLD_to_param(bld
))
506 || !TEST_ptr(ctx
= EVP_PKEY_CTX_new_from_name(libctx
, "DSA", NULL
))
507 || !TEST_int_eq(EVP_PKEY_fromdata_init(ctx
), 1)
508 || !TEST_int_eq(EVP_PKEY_fromdata(ctx
, pkey
, EVP_PKEY_PUBLIC_KEY
,
514 OSSL_PARAM_free(params
);
515 OSSL_PARAM_BLD_free(bld
);
516 EVP_PKEY_CTX_free(ctx
);
520 static int dsa_pqver_test(int id
)
523 BN_CTX
*bn_ctx
= NULL
;
524 EVP_PKEY_CTX
*key_ctx
= NULL
;
525 EVP_PKEY
*param_key
= NULL
;
526 const struct dsa_pqver_st
*tst
= &dsa_pqver_data
[id
];
528 if (!TEST_ptr(bn_ctx
= BN_CTX_new_ex(libctx
))
529 || !TEST_true(dsa_create_pkey(¶m_key
, tst
->p
, tst
->p_len
,
530 tst
->q
, tst
->q_len
, NULL
, 0,
531 tst
->seed
, tst
->seed_len
, tst
->counter
,
535 || !TEST_ptr(key_ctx
= EVP_PKEY_CTX_new_from_pkey(libctx
, param_key
,
537 || !TEST_int_eq(EVP_PKEY_param_check(key_ctx
), tst
->pass
))
543 EVP_PKEY_free(param_key
);
544 EVP_PKEY_CTX_free(key_ctx
);
548 /* Extract r and s from a dsa signature */
549 static int get_dsa_sig_rs_bytes(const unsigned char *sig
, size_t sig_len
,
550 unsigned char **r
, unsigned char **s
,
551 size_t *r_len
, size_t *s_len
)
554 unsigned char *rbuf
= NULL
, *sbuf
= NULL
;
555 size_t r1_len
, s1_len
;
556 const BIGNUM
*r1
, *s1
;
557 DSA_SIG
*sign
= d2i_DSA_SIG(NULL
, &sig
, sig_len
);
561 DSA_SIG_get0(sign
, &r1
, &s1
);
562 if (r1
== NULL
|| s1
== NULL
)
565 r1_len
= BN_num_bytes(r1
);
566 s1_len
= BN_num_bytes(s1
);
567 rbuf
= OPENSSL_zalloc(r1_len
);
568 sbuf
= OPENSSL_zalloc(s1_len
);
569 if (rbuf
== NULL
|| sbuf
== NULL
)
571 if (BN_bn2binpad(r1
, rbuf
, r1_len
) <= 0)
573 if (BN_bn2binpad(s1
, sbuf
, s1_len
) <= 0)
589 static int dsa_siggen_test(int id
)
592 EVP_PKEY
*pkey
= NULL
;
593 unsigned char *sig
= NULL
, *r
= NULL
, *s
= NULL
;
594 size_t sig_len
= 0, rlen
= 0, slen
= 0;
595 const struct dsa_siggen_st
*tst
= &dsa_siggen_data
[id
];
597 if (!TEST_ptr(pkey
= dsa_keygen(tst
->L
, tst
->N
)))
600 if (!TEST_true(sig_gen(pkey
, NULL
, tst
->digest_alg
, tst
->msg
, tst
->msg_len
,
602 || !TEST_true(get_dsa_sig_rs_bytes(sig
, sig_len
, &r
, &s
, &rlen
, &slen
)))
604 test_output_memory("r", r
, rlen
);
605 test_output_memory("s", s
, slen
);
615 static int dsa_sigver_test(int id
)
618 EVP_PKEY_CTX
*ctx
= NULL
;
619 EVP_PKEY
*pkey
= NULL
;
620 DSA_SIG
*sign
= NULL
;
622 unsigned char *sig
= NULL
;
623 BIGNUM
*rbn
= NULL
, *sbn
= NULL
;
625 unsigned char digest
[EVP_MAX_MD_SIZE
];
626 unsigned int digest_len
;
627 BN_CTX
*bn_ctx
= NULL
;
628 const struct dsa_sigver_st
*tst
= &dsa_sigver_data
[id
];
630 if (!TEST_ptr(bn_ctx
= BN_CTX_new())
631 || !TEST_true(dsa_create_pkey(&pkey
, tst
->p
, tst
->p_len
,
632 tst
->q
, tst
->q_len
, tst
->g
, tst
->g_len
,
633 NULL
, 0, 0, 0, 0, tst
->pub
, tst
->pub_len
,
637 if (!TEST_ptr(sign
= DSA_SIG_new())
638 || !TEST_ptr(rbn
= BN_bin2bn(tst
->r
, tst
->r_len
, NULL
))
639 || !TEST_ptr(sbn
= BN_bin2bn(tst
->s
, tst
->s_len
, NULL
))
640 || !TEST_true(DSA_SIG_set0(sign
, rbn
, sbn
)))
644 if (!TEST_ptr(md
= EVP_MD_fetch(libctx
, tst
->digest_alg
, ""))
645 || !TEST_true(EVP_Digest(tst
->msg
, tst
->msg_len
,
646 digest
, &digest_len
, md
, NULL
)))
649 if (!TEST_int_gt((sig_len
= i2d_DSA_SIG(sign
, &sig
)), 0)
650 || !TEST_ptr(ctx
= EVP_PKEY_CTX_new_from_pkey(libctx
, pkey
, ""))
651 || !TEST_int_gt(EVP_PKEY_verify_init(ctx
), 0)
652 || !TEST_int_eq(EVP_PKEY_verify(ctx
, sig
, sig_len
, digest
, digest_len
),
657 EVP_PKEY_CTX_free(ctx
);
667 #endif /* OPENSSL_NO_DSA */
670 /* cipher encrypt/decrypt */
671 static int cipher_enc(const char *alg
,
672 const unsigned char *pt
, size_t pt_len
,
673 const unsigned char *key
, size_t key_len
,
674 const unsigned char *iv
, size_t iv_len
,
675 const unsigned char *ct
, size_t ct_len
,
678 int ret
= 0, out_len
= 0, len
= 0;
679 EVP_CIPHER_CTX
*ctx
= NULL
;
680 EVP_CIPHER
*cipher
= NULL
;
681 unsigned char out
[256] = { 0 };
683 TEST_note("%s : %s", alg
, enc
? "encrypt" : "decrypt");
684 if (!TEST_ptr(ctx
= EVP_CIPHER_CTX_new())
685 || !TEST_ptr(cipher
= EVP_CIPHER_fetch(libctx
, alg
, ""))
686 || !TEST_true(EVP_CipherInit_ex(ctx
, cipher
, NULL
, key
, iv
, enc
))
687 || !TEST_true(EVP_CIPHER_CTX_set_padding(ctx
, 0))
688 || !TEST_true(EVP_CipherUpdate(ctx
, out
, &len
, pt
, pt_len
))
689 || !TEST_true(EVP_CipherFinal_ex(ctx
, out
+ len
, &out_len
)))
692 if (!TEST_mem_eq(out
, out_len
, ct
, ct_len
))
696 EVP_CIPHER_free(cipher
);
697 EVP_CIPHER_CTX_free(ctx
);
701 static int cipher_enc_dec_test(int id
)
703 const struct cipher_st
*tst
= &cipher_enc_data
[id
];
706 return TEST_true(cipher_enc(tst
->alg
, tst
->pt
, tst
->pt_len
,
707 tst
->key
, tst
->key_len
,
708 tst
->iv
, tst
->iv_len
,
709 tst
->ct
, tst
->ct_len
, enc
))
710 && TEST_true(cipher_enc(tst
->alg
, tst
->ct
, tst
->ct_len
,
711 tst
->key
, tst
->key_len
,
712 tst
->iv
, tst
->iv_len
,
713 tst
->pt
, tst
->pt_len
, !enc
));
716 static int aes_ccm_enc_dec(const char *alg
,
717 const unsigned char *pt
, size_t pt_len
,
718 const unsigned char *key
, size_t key_len
,
719 const unsigned char *iv
, size_t iv_len
,
720 const unsigned char *aad
, size_t aad_len
,
721 const unsigned char *ct
, size_t ct_len
,
722 const unsigned char *tag
, size_t tag_len
,
727 EVP_CIPHER
*cipher
= NULL
;
729 unsigned char out
[1024];
731 TEST_note("%s : %s : expected to %s", alg
, enc
? "encrypt" : "decrypt",
732 pass
? "pass" : "fail");
734 if (!TEST_ptr(ctx
= EVP_CIPHER_CTX_new())
735 || !TEST_ptr(cipher
= EVP_CIPHER_fetch(libctx
, alg
, ""))
736 || !TEST_true(EVP_CipherInit_ex(ctx
, cipher
, NULL
, NULL
, NULL
, enc
))
737 || !TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx
, EVP_CTRL_AEAD_SET_IVLEN
, iv_len
,
739 || !TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx
, EVP_CTRL_AEAD_SET_TAG
, tag_len
,
740 enc
? NULL
: (void *)tag
), 0)
741 || !TEST_true(EVP_CipherInit_ex(ctx
, NULL
, NULL
, key
, iv
, enc
))
742 || !TEST_true(EVP_CIPHER_CTX_set_padding(ctx
, 0))
743 || !TEST_true(EVP_CipherUpdate(ctx
, NULL
, &len
, NULL
, pt_len
))
744 || !TEST_true(EVP_CipherUpdate(ctx
, NULL
, &len
, aad
, aad_len
))
745 || !TEST_int_eq(EVP_CipherUpdate(ctx
, out
, &len
, pt
, pt_len
), pass
))
752 if (!TEST_true(EVP_CipherFinal_ex(ctx
, out
+ len
, &out_len
)))
756 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx
, EVP_CTRL_AEAD_GET_TAG
,
757 tag_len
, out
+ out_len
), 0)
758 || !TEST_mem_eq(out
, out_len
, ct
, ct_len
)
759 || !TEST_mem_eq(out
+ out_len
, tag_len
, tag
, tag_len
))
762 if (!TEST_mem_eq(out
, out_len
+ len
, ct
, ct_len
))
768 EVP_CIPHER_free(cipher
);
769 EVP_CIPHER_CTX_free(ctx
);
773 static int aes_ccm_enc_dec_test(int id
)
775 const struct cipher_ccm_st
*tst
= &aes_ccm_enc_data
[id
];
777 /* The tag is on the end of the cipher text */
778 const size_t tag_len
= tst
->ct_len
- tst
->pt_len
;
779 const size_t ct_len
= tst
->ct_len
- tag_len
;
780 const unsigned char *tag
= tst
->ct
+ ct_len
;
787 return aes_ccm_enc_dec(tst
->alg
, tst
->pt
, tst
->pt_len
,
788 tst
->key
, tst
->key_len
,
789 tst
->iv
, tst
->iv_len
, tst
->aad
, tst
->aad_len
,
790 tst
->ct
, ct_len
, tag
, tag_len
, enc
, pass
)
791 && aes_ccm_enc_dec(tst
->alg
, tst
->ct
, ct_len
,
792 tst
->key
, tst
->key_len
,
793 tst
->iv
, tst
->iv_len
, tst
->aad
, tst
->aad_len
,
794 tst
->pt
, tst
->pt_len
, tag
, tag_len
, !enc
, pass
)
795 /* test that it fails if the tag is incorrect */
796 && aes_ccm_enc_dec(tst
->alg
, tst
->ct
, ct_len
,
797 tst
->key
, tst
->key_len
,
798 tst
->iv
, tst
->iv_len
, tst
->aad
, tst
->aad_len
,
799 tst
->pt
, tst
->pt_len
,
800 tag
- 1, tag_len
, !enc
, !pass
);
803 static int aes_gcm_enc_dec(const char *alg
,
804 const unsigned char *pt
, size_t pt_len
,
805 const unsigned char *key
, size_t key_len
,
806 const unsigned char *iv
, size_t iv_len
,
807 const unsigned char *aad
, size_t aad_len
,
808 const unsigned char *ct
, size_t ct_len
,
809 const unsigned char *tag
, size_t tag_len
,
814 EVP_CIPHER
*cipher
= NULL
;
816 unsigned char out
[1024];
818 TEST_note("%s : %s : expected to %s", alg
, enc
? "encrypt" : "decrypt",
819 pass
? "pass" : "fail");
821 if (!TEST_ptr(ctx
= EVP_CIPHER_CTX_new())
822 || !TEST_ptr(cipher
= EVP_CIPHER_fetch(libctx
, alg
, ""))
823 || !TEST_true(EVP_CipherInit_ex(ctx
, cipher
, NULL
, NULL
, NULL
, enc
))
824 || !TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx
, EVP_CTRL_AEAD_SET_IVLEN
, iv_len
,
829 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx
, EVP_CTRL_AEAD_SET_TAG
, tag_len
,
834 * For testing purposes the IV it being set here. In a compliant application
835 * the IV would be generated internally. A fake entropy source could also
836 * be used to feed in the random IV bytes (see fake_random.c)
838 if (!TEST_true(EVP_CipherInit_ex(ctx
, NULL
, NULL
, key
, iv
, enc
))
839 || !TEST_true(EVP_CIPHER_CTX_set_padding(ctx
, 0))
840 || !TEST_true(EVP_CipherUpdate(ctx
, NULL
, &len
, aad
, aad_len
))
841 || !TEST_true(EVP_CipherUpdate(ctx
, out
, &len
, pt
, pt_len
)))
844 if (!TEST_int_eq(EVP_CipherFinal_ex(ctx
, out
+ len
, &out_len
), pass
))
852 if (!TEST_mem_eq(out
, out_len
, ct
, ct_len
)
853 || !TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx
, EVP_CTRL_AEAD_GET_TAG
,
854 tag_len
, out
+ out_len
), 0)
855 || !TEST_mem_eq(out
+ out_len
, tag_len
, tag
, tag_len
))
858 if (!TEST_mem_eq(out
, out_len
, ct
, ct_len
))
864 EVP_CIPHER_free(cipher
);
865 EVP_CIPHER_CTX_free(ctx
);
869 static int aes_gcm_enc_dec_test(int id
)
871 const struct cipher_gcm_st
*tst
= &aes_gcm_enc_data
[id
];
875 return aes_gcm_enc_dec(tst
->alg
, tst
->pt
, tst
->pt_len
,
876 tst
->key
, tst
->key_len
,
877 tst
->iv
, tst
->iv_len
, tst
->aad
, tst
->aad_len
,
878 tst
->ct
, tst
->ct_len
, tst
->tag
, tst
->tag_len
,
880 && aes_gcm_enc_dec(tst
->alg
, tst
->ct
, tst
->ct_len
,
881 tst
->key
, tst
->key_len
,
882 tst
->iv
, tst
->iv_len
, tst
->aad
, tst
->aad_len
,
883 tst
->pt
, tst
->pt_len
, tst
->tag
, tst
->tag_len
,
885 /* Fail if incorrect tag passed to decrypt */
886 && aes_gcm_enc_dec(tst
->alg
, tst
->ct
, tst
->ct_len
,
887 tst
->key
, tst
->key_len
,
888 tst
->iv
, tst
->iv_len
, tst
->aad
, tst
->aad_len
,
889 tst
->pt
, tst
->pt_len
, tst
->aad
, tst
->tag_len
,
893 #ifndef OPENSSL_NO_DH
894 static int dh_create_pkey(EVP_PKEY
**pkey
, const char *group_name
,
895 const unsigned char *pub
, size_t pub_len
,
896 const unsigned char *priv
, size_t priv_len
,
897 BN_CTX
*bn_ctx
, int pass
)
900 EVP_PKEY_CTX
*ctx
= NULL
;
901 OSSL_PARAM_BLD
*bld
= NULL
;
902 OSSL_PARAM
*params
= NULL
;
903 BIGNUM
*pub_bn
= NULL
, *priv_bn
= NULL
;
905 if (!TEST_ptr(bld
= OSSL_PARAM_BLD_new())
906 || (group_name
!= NULL
907 && !TEST_int_gt(OSSL_PARAM_BLD_push_utf8_string(
908 bld
, OSSL_PKEY_PARAM_GROUP_NAME
,
913 if (!TEST_ptr(pub_bn
= BN_CTX_get(bn_ctx
))
914 || !TEST_ptr(BN_bin2bn(pub
, pub_len
, pub_bn
))
915 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_PUB_KEY
,
920 if (!TEST_ptr(priv_bn
= BN_CTX_get(bn_ctx
))
921 || !TEST_ptr(BN_bin2bn(priv
, priv_len
, priv_bn
))
922 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_PRIV_KEY
,
927 if (!TEST_ptr(params
= OSSL_PARAM_BLD_to_param(bld
))
928 || !TEST_ptr(ctx
= EVP_PKEY_CTX_new_from_name(libctx
, "DH", NULL
))
929 || !TEST_int_eq(EVP_PKEY_fromdata_init(ctx
), 1)
930 || !TEST_int_eq(EVP_PKEY_fromdata(ctx
, pkey
, EVP_PKEY_KEYPAIR
, params
),
936 OSSL_PARAM_free(params
);
937 OSSL_PARAM_BLD_free(bld
);
938 EVP_PKEY_CTX_free(ctx
);
942 static int dh_safe_prime_keygen_test(int id
)
945 EVP_PKEY_CTX
*ctx
= NULL
;
946 EVP_PKEY
*pkey
= NULL
;
947 unsigned char *priv
= NULL
;
948 unsigned char *pub
= NULL
;
949 size_t priv_len
= 0, pub_len
= 0;
950 OSSL_PARAM params
[2];
951 const struct dh_safe_prime_keygen_st
*tst
= &dh_safe_prime_keygen_data
[id
];
953 params
[0] = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME
,
954 (char *)tst
->group_name
, 0);
955 params
[1] = OSSL_PARAM_construct_end();
957 if (!TEST_ptr(ctx
= EVP_PKEY_CTX_new_from_name(libctx
, "DH", NULL
))
958 || !TEST_int_gt(EVP_PKEY_keygen_init(ctx
), 0)
959 || !TEST_true(EVP_PKEY_CTX_set_params(ctx
, params
))
960 || !TEST_int_gt(EVP_PKEY_keygen(ctx
, &pkey
), 0)
961 || !TEST_true(pkey_get_bn_bytes(pkey
, OSSL_PKEY_PARAM_PRIV_KEY
,
963 || !TEST_true(pkey_get_bn_bytes(pkey
, OSSL_PKEY_PARAM_PUB_KEY
,
967 test_output_memory("x", priv
, priv_len
);
968 test_output_memory("y", pub
, pub_len
);
971 OPENSSL_clear_free(priv
, priv_len
);
974 EVP_PKEY_CTX_free(ctx
);
978 static int dh_safe_prime_keyver_test(int id
)
981 BN_CTX
*bn_ctx
= NULL
;
982 EVP_PKEY_CTX
*key_ctx
= NULL
;
983 EVP_PKEY
*pkey
= NULL
;
984 const struct dh_safe_prime_keyver_st
*tst
= &dh_safe_prime_keyver_data
[id
];
986 if (!TEST_ptr(bn_ctx
= BN_CTX_new_ex(libctx
))
987 || !TEST_true(dh_create_pkey(&pkey
, tst
->group_name
,
988 tst
->pub
, tst
->pub_len
,
989 tst
->priv
, tst
->priv_len
, bn_ctx
, 1))
990 || !TEST_ptr(key_ctx
= EVP_PKEY_CTX_new_from_pkey(libctx
, pkey
, ""))
991 || !TEST_int_eq(EVP_PKEY_check(key_ctx
), tst
->pass
))
997 EVP_PKEY_CTX_free(key_ctx
);
1001 #endif /* OPENSSL_NO_DH */
1004 static int rsa_create_pkey(EVP_PKEY
**pkey
,
1005 const unsigned char *n
, size_t n_len
,
1006 const unsigned char *e
, size_t e_len
,
1007 const unsigned char *d
, size_t d_len
,
1011 EVP_PKEY_CTX
*ctx
= NULL
;
1012 OSSL_PARAM_BLD
*bld
= NULL
;
1013 OSSL_PARAM
*params
= NULL
;
1014 BIGNUM
*e_bn
= NULL
, *d_bn
= NULL
, *n_bn
= NULL
;
1016 if (!TEST_ptr(bld
= OSSL_PARAM_BLD_new())
1017 || !TEST_ptr(n_bn
= BN_CTX_get(bn_ctx
))
1018 || !TEST_ptr(BN_bin2bn(n
, n_len
, n_bn
))
1019 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_RSA_N
, n_bn
)))
1023 if (!TEST_ptr(e_bn
= BN_CTX_get(bn_ctx
))
1024 || !TEST_ptr(BN_bin2bn(e
, e_len
, e_bn
))
1025 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_RSA_E
,
1030 if (!TEST_ptr(d_bn
= BN_CTX_get(bn_ctx
))
1031 || !TEST_ptr(BN_bin2bn(d
, d_len
, d_bn
))
1032 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_RSA_D
,
1036 if (!TEST_ptr(params
= OSSL_PARAM_BLD_to_param(bld
))
1037 || !TEST_ptr(ctx
= EVP_PKEY_CTX_new_from_name(libctx
, "RSA", NULL
))
1038 || !TEST_int_eq(EVP_PKEY_fromdata_init(ctx
), 1)
1039 || !TEST_int_eq(EVP_PKEY_fromdata(ctx
, pkey
, EVP_PKEY_KEYPAIR
, params
),
1045 OSSL_PARAM_free(params
);
1046 OSSL_PARAM_BLD_free(bld
);
1047 EVP_PKEY_CTX_free(ctx
);
1051 static int rsa_keygen_test(int id
)
1054 EVP_PKEY_CTX
*ctx
= NULL
;
1055 EVP_PKEY
*pkey
= NULL
;
1056 BIGNUM
*e_bn
= NULL
;
1057 BIGNUM
*xp1_bn
= NULL
, *xp2_bn
= NULL
, *xp_bn
= NULL
;
1058 BIGNUM
*xq1_bn
= NULL
, *xq2_bn
= NULL
, *xq_bn
= NULL
;
1059 unsigned char *n
= NULL
, *d
= NULL
;
1060 unsigned char *p
= NULL
, *p1
= NULL
, *p2
= NULL
;
1061 unsigned char *q
= NULL
, *q1
= NULL
, *q2
= NULL
;
1062 size_t n_len
= 0, d_len
= 0;
1063 size_t p_len
= 0, p1_len
= 0, p2_len
= 0;
1064 size_t q_len
= 0, q1_len
= 0, q2_len
= 0;
1065 OSSL_PARAM_BLD
*bld
= NULL
;
1066 OSSL_PARAM
*params
= NULL
;
1067 const struct rsa_keygen_st
*tst
= &rsa_keygen_data
[id
];
1069 if (!TEST_ptr(bld
= OSSL_PARAM_BLD_new())
1070 || !TEST_ptr(xp1_bn
= BN_bin2bn(tst
->xp1
, tst
->xp1_len
, NULL
))
1071 || !TEST_ptr(xp2_bn
= BN_bin2bn(tst
->xp2
, tst
->xp2_len
, NULL
))
1072 || !TEST_ptr(xp_bn
= BN_bin2bn(tst
->xp
, tst
->xp_len
, NULL
))
1073 || !TEST_ptr(xq1_bn
= BN_bin2bn(tst
->xq1
, tst
->xq1_len
, NULL
))
1074 || !TEST_ptr(xq2_bn
= BN_bin2bn(tst
->xq2
, tst
->xq2_len
, NULL
))
1075 || !TEST_ptr(xq_bn
= BN_bin2bn(tst
->xq
, tst
->xq_len
, NULL
))
1076 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_RSA_TEST_XP1
,
1078 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_RSA_TEST_XP2
,
1080 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_RSA_TEST_XP
,
1082 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_RSA_TEST_XQ1
,
1084 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_RSA_TEST_XQ2
,
1086 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_RSA_TEST_XQ
,
1088 || !TEST_ptr(params
= OSSL_PARAM_BLD_to_param(bld
)))
1091 if (!TEST_ptr(ctx
= EVP_PKEY_CTX_new_from_name(libctx
, "RSA", NULL
))
1092 || !TEST_ptr(e_bn
= BN_bin2bn(tst
->e
, tst
->e_len
, NULL
))
1093 || !TEST_int_gt(EVP_PKEY_keygen_init(ctx
), 0)
1094 || !TEST_true(EVP_PKEY_CTX_set_params(ctx
, params
))
1095 || !TEST_true(EVP_PKEY_CTX_set_rsa_keygen_bits(ctx
, tst
->mod
))
1096 || !TEST_true(EVP_PKEY_CTX_set1_rsa_keygen_pubexp(ctx
, e_bn
))
1097 || !TEST_int_gt(EVP_PKEY_keygen(ctx
, &pkey
), 0)
1098 || !TEST_true(pkey_get_bn_bytes(pkey
, OSSL_PKEY_PARAM_RSA_TEST_P1
,
1100 || !TEST_true(pkey_get_bn_bytes(pkey
, OSSL_PKEY_PARAM_RSA_TEST_P2
,
1102 || !TEST_true(pkey_get_bn_bytes(pkey
, OSSL_PKEY_PARAM_RSA_TEST_Q1
,
1104 || !TEST_true(pkey_get_bn_bytes(pkey
, OSSL_PKEY_PARAM_RSA_TEST_Q2
,
1106 || !TEST_true(pkey_get_bn_bytes(pkey
, OSSL_PKEY_PARAM_RSA_FACTOR1
,
1108 || !TEST_true(pkey_get_bn_bytes(pkey
, OSSL_PKEY_PARAM_RSA_FACTOR2
,
1110 || !TEST_true(pkey_get_bn_bytes(pkey
, OSSL_PKEY_PARAM_RSA_N
,
1112 || !TEST_true(pkey_get_bn_bytes(pkey
, OSSL_PKEY_PARAM_RSA_D
,
1116 if (!TEST_mem_eq(tst
->p1
, tst
->p1_len
, p1
, p1_len
)
1117 || !TEST_mem_eq(tst
->p2
, tst
->p2_len
, p2
, p2_len
)
1118 || !TEST_mem_eq(tst
->p
, tst
->p_len
, p
, p_len
)
1119 || !TEST_mem_eq(tst
->q1
, tst
->q1_len
, q1
, q1_len
)
1120 || !TEST_mem_eq(tst
->q2
, tst
->q2_len
, q2
, q2_len
)
1121 || !TEST_mem_eq(tst
->q
, tst
->q_len
, q
, q_len
)
1122 || !TEST_mem_eq(tst
->n
, tst
->n_len
, n
, n_len
)
1123 || !TEST_mem_eq(tst
->d
, tst
->d_len
, d
, d_len
))
1126 test_output_memory("p1", p1
, p1_len
);
1127 test_output_memory("p2", p2
, p2_len
);
1128 test_output_memory("p", p
, p_len
);
1129 test_output_memory("q1", q1
, q1_len
);
1130 test_output_memory("q2", q2
, q2_len
);
1131 test_output_memory("q", q
, q_len
);
1132 test_output_memory("n", n
, n_len
);
1133 test_output_memory("d", d
, d_len
);
1151 EVP_PKEY_free(pkey
);
1152 EVP_PKEY_CTX_free(ctx
);
1153 OSSL_PARAM_free(params
);
1154 OSSL_PARAM_BLD_free(bld
);
1158 static int rsa_siggen_test(int id
)
1161 EVP_PKEY
*pkey
= NULL
;
1162 unsigned char *sig
= NULL
, *n
= NULL
, *e
= NULL
;
1163 size_t sig_len
= 0, n_len
= 0, e_len
= 0;
1164 OSSL_PARAM params
[4], *p
;
1165 const struct rsa_siggen_st
*tst
= &rsa_siggen_data
[id
];
1166 int salt_len
= tst
->pss_salt_len
;
1168 TEST_note("RSA %s signature generation", tst
->sig_pad_mode
);
1171 *p
++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_PAD_MODE
,
1172 (char *)tst
->sig_pad_mode
, 0);
1173 *p
++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST
,
1174 (char *)tst
->digest_alg
, 0);
1176 *p
++ = OSSL_PARAM_construct_int(OSSL_SIGNATURE_PARAM_PSS_SALTLEN
,
1178 *p
++ = OSSL_PARAM_construct_end();
1180 if (!TEST_ptr(pkey
= EVP_PKEY_Q_keygen(libctx
, NULL
, "RSA", tst
->mod
))
1181 || !TEST_true(pkey_get_bn_bytes(pkey
, OSSL_PKEY_PARAM_RSA_N
, &n
, &n_len
))
1182 || !TEST_true(pkey_get_bn_bytes(pkey
, OSSL_PKEY_PARAM_RSA_E
, &e
, &e_len
))
1183 || !TEST_true(sig_gen(pkey
, params
, tst
->digest_alg
,
1184 tst
->msg
, tst
->msg_len
,
1187 test_output_memory("n", n
, n_len
);
1188 test_output_memory("e", e
, e_len
);
1189 test_output_memory("sig", sig
, sig_len
);
1195 EVP_PKEY_free(pkey
);
1199 static int rsa_sigver_test(int id
)
1202 EVP_PKEY_CTX
*pkey_ctx
= NULL
;
1203 EVP_PKEY
*pkey
= NULL
;
1204 EVP_MD_CTX
*md_ctx
= NULL
;
1205 BN_CTX
*bn_ctx
= NULL
;
1206 OSSL_PARAM params
[4], *p
;
1207 const struct rsa_sigver_st
*tst
= &rsa_sigver_data
[id
];
1208 int salt_len
= tst
->pss_salt_len
;
1210 TEST_note("RSA %s Signature Verify : expected to %s ", tst
->sig_pad_mode
,
1211 tst
->pass
== PASS
? "pass" : "fail");
1214 *p
++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_PAD_MODE
,
1215 (char *)tst
->sig_pad_mode
, 0);
1216 *p
++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST
,
1217 (char *)tst
->digest_alg
, 0);
1219 *p
++ = OSSL_PARAM_construct_int(OSSL_SIGNATURE_PARAM_PSS_SALTLEN
,
1221 *p
++ = OSSL_PARAM_construct_end();
1223 if (!TEST_ptr(bn_ctx
= BN_CTX_new())
1224 || !TEST_true(rsa_create_pkey(&pkey
, tst
->n
, tst
->n_len
,
1225 tst
->e
, tst
->e_len
, NULL
, 0, bn_ctx
))
1226 || !TEST_ptr(md_ctx
= EVP_MD_CTX_new())
1227 || !TEST_true(EVP_DigestVerifyInit_ex(md_ctx
, &pkey_ctx
,
1228 tst
->digest_alg
, libctx
, NULL
,
1230 || !TEST_true(EVP_PKEY_CTX_set_params(pkey_ctx
, params
))
1231 || !TEST_int_eq(EVP_DigestVerify(md_ctx
, tst
->sig
, tst
->sig_len
,
1232 tst
->msg
, tst
->msg_len
), tst
->pass
))
1236 EVP_PKEY_free(pkey
);
1237 BN_CTX_free(bn_ctx
);
1238 EVP_MD_CTX_free(md_ctx
);
1242 static int rsa_decryption_primitive_test(int id
)
1245 EVP_PKEY_CTX
*ctx
= NULL
;
1246 EVP_PKEY
*pkey
= NULL
;
1247 unsigned char pt
[2048];
1248 size_t pt_len
= sizeof(pt
);
1249 unsigned char *n
= NULL
, *e
= NULL
;
1250 size_t n_len
= 0, e_len
= 0;
1251 BN_CTX
*bn_ctx
= NULL
;
1252 const struct rsa_decrypt_prim_st
*tst
= &rsa_decrypt_prim_data
[id
];
1254 if (!TEST_ptr(pkey
= EVP_PKEY_Q_keygen(libctx
, NULL
, "RSA", 2048))
1255 || !TEST_true(pkey_get_bn_bytes(pkey
, OSSL_PKEY_PARAM_RSA_N
, &n
, &n_len
))
1256 || !TEST_true(pkey_get_bn_bytes(pkey
, OSSL_PKEY_PARAM_RSA_E
, &e
, &e_len
))
1257 || !TEST_ptr(ctx
= EVP_PKEY_CTX_new_from_pkey(libctx
, pkey
, ""))
1258 || !TEST_int_gt(EVP_PKEY_decrypt_init(ctx
), 0)
1259 || !TEST_int_gt(EVP_PKEY_CTX_set_rsa_padding(ctx
, RSA_NO_PADDING
), 0))
1262 test_output_memory("n", n
, n_len
);
1263 test_output_memory("e", e
, e_len
);
1264 if (EVP_PKEY_decrypt(ctx
, pt
, &pt_len
, tst
->ct
, tst
->ct_len
) <= 0)
1265 TEST_note("Decryption Failed");
1267 test_output_memory("pt", pt
, pt_len
);
1272 EVP_PKEY_CTX_free(ctx
);
1273 EVP_PKEY_free(pkey
);
1274 BN_CTX_free(bn_ctx
);
1278 static int self_test_events(const OSSL_PARAM params
[], void *varg
)
1280 SELF_TEST_ARGS
*args
= varg
;
1281 const OSSL_PARAM
*p
= NULL
;
1282 const char *phase
= NULL
, *type
= NULL
, *desc
= NULL
;
1289 p
= OSSL_PARAM_locate_const(params
, OSSL_PROV_PARAM_SELF_TEST_PHASE
);
1290 if (p
== NULL
|| p
->data_type
!= OSSL_PARAM_UTF8_STRING
)
1292 phase
= (const char *)p
->data
;
1294 p
= OSSL_PARAM_locate_const(params
, OSSL_PROV_PARAM_SELF_TEST_DESC
);
1295 if (p
== NULL
|| p
->data_type
!= OSSL_PARAM_UTF8_STRING
)
1297 desc
= (const char *)p
->data
;
1299 p
= OSSL_PARAM_locate_const(params
, OSSL_PROV_PARAM_SELF_TEST_TYPE
);
1300 if (p
== NULL
|| p
->data_type
!= OSSL_PARAM_UTF8_STRING
)
1302 type
= (const char *)p
->data
;
1304 BIO_printf(bio_out
, "%s %s %s\n", phase
, desc
, type
);
1310 static int drbg_test(int id
)
1312 OSSL_PARAM params
[3];
1313 EVP_RAND
*rand
= NULL
;
1314 EVP_RAND_CTX
*ctx
= NULL
, *parent
= NULL
;
1315 unsigned char returned_bits
[64];
1316 const size_t returned_bits_len
= sizeof(returned_bits
);
1317 unsigned int strength
= 256;
1318 const struct drbg_st
*tst
= &drbg_data
[id
];
1321 /* Create the seed source */
1322 if (!TEST_ptr(rand
= EVP_RAND_fetch(libctx
, "TEST-RAND", "-fips"))
1323 || !TEST_ptr(parent
= EVP_RAND_CTX_new(rand
, NULL
)))
1325 EVP_RAND_free(rand
);
1328 params
[0] = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_STRENGTH
, &strength
);
1329 params
[1] = OSSL_PARAM_construct_end();
1330 if (!TEST_true(EVP_RAND_CTX_set_params(parent
, params
)))
1334 if (!TEST_ptr(rand
= EVP_RAND_fetch(libctx
, tst
->drbg_name
, ""))
1335 || !TEST_ptr(ctx
= EVP_RAND_CTX_new(rand
, parent
)))
1338 /* Set the DRBG up */
1339 params
[0] = OSSL_PARAM_construct_int(OSSL_DRBG_PARAM_USE_DF
,
1340 (int *)&tst
->use_df
);
1341 params
[1] = OSSL_PARAM_construct_utf8_string(OSSL_DRBG_PARAM_CIPHER
,
1342 (char *)tst
->cipher
, 0);
1343 params
[2] = OSSL_PARAM_construct_end();
1344 if (!TEST_true(EVP_RAND_CTX_set_params(ctx
, params
)))
1347 /* Feed in the entropy and nonce */
1348 params
[0] = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY
,
1349 (void *)tst
->entropy_input
,
1350 tst
->entropy_input_len
);
1351 params
[1] = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_NONCE
,
1354 params
[2] = OSSL_PARAM_construct_end();
1355 if (!TEST_true(EVP_RAND_CTX_set_params(parent
, params
)))
1360 * A NULL personalisation string defaults to the built in so something
1361 * non-NULL is needed if there is no personalisation string
1363 if (!TEST_true(EVP_RAND_instantiate(ctx
, 0, 0, (void *)"", 0, NULL
))
1364 || !TEST_true(EVP_RAND_generate(ctx
, returned_bits
, returned_bits_len
,
1366 || !TEST_true(EVP_RAND_generate(ctx
, returned_bits
, returned_bits_len
,
1370 test_output_memory("returned bits", returned_bits
, returned_bits_len
);
1373 if (!TEST_true(EVP_RAND_uninstantiate(ctx
))
1374 || !TEST_true(EVP_RAND_uninstantiate(parent
)))
1377 /* Verify the output */
1378 if (!TEST_mem_eq(returned_bits
, returned_bits_len
,
1379 tst
->returned_bits
, tst
->returned_bits_len
))
1383 EVP_RAND_CTX_free(ctx
);
1384 /* Coverity is confused by the upref/free in EVP_RAND_CTX_new() subdue it */
1385 /* coverity[pass_freed_arg] */
1386 EVP_RAND_CTX_free(parent
);
1387 EVP_RAND_free(rand
);
1391 static int aes_cfb1_bits_test(void)
1394 EVP_CIPHER
*cipher
= NULL
;
1395 EVP_CIPHER_CTX
*ctx
= NULL
;
1396 unsigned char out
[16] = { 0 };
1398 const OSSL_PARAM
*params
, *p
;
1400 static const unsigned char key
[] = {
1401 0x12, 0x22, 0x58, 0x2F, 0x1C, 0x1A, 0x8A, 0x88,
1402 0x30, 0xFC, 0x18, 0xB7, 0x24, 0x89, 0x7F, 0xC0
1404 static const unsigned char iv
[] = {
1405 0x05, 0x28, 0xB5, 0x2B, 0x58, 0x27, 0x63, 0x5C,
1406 0x81, 0x86, 0xD3, 0x63, 0x60, 0xB0, 0xAA, 0x2B
1408 static const unsigned char pt
[] = {
1411 static const unsigned char expected
[] = {
1415 if (!TEST_ptr(cipher
= EVP_CIPHER_fetch(libctx
, "AES-128-CFB1", "fips=yes")))
1417 if (!TEST_ptr(ctx
= EVP_CIPHER_CTX_new()))
1419 if (!TEST_int_gt(EVP_CipherInit_ex(ctx
, cipher
, NULL
, key
, iv
, 1), 0))
1421 if (!TEST_ptr(params
= EVP_CIPHER_CTX_settable_params(ctx
))
1422 || !TEST_ptr(p
= OSSL_PARAM_locate_const(params
,
1423 OSSL_CIPHER_PARAM_USE_BITS
)))
1425 EVP_CIPHER_CTX_set_flags(ctx
, EVP_CIPH_FLAG_LENGTH_BITS
);
1426 if (!TEST_int_gt(EVP_CipherUpdate(ctx
, out
, &outlen
, pt
, 7), 0))
1428 if (!TEST_int_eq(outlen
, 7))
1430 if (!TEST_mem_eq(out
, (outlen
+ 7) / 8, expected
, sizeof(expected
)))
1434 EVP_CIPHER_free(cipher
);
1435 EVP_CIPHER_CTX_free(ctx
);
1439 int setup_tests(void)
1441 char *config_file
= NULL
;
1445 while ((o
= opt_next()) != OPT_EOF
) {
1447 case OPT_CONFIG_FILE
:
1448 config_file
= opt_arg();
1450 case OPT_TEST_CASES
:
1458 if (!test_get_libctx(&libctx
, &prov_null
, config_file
, NULL
, NULL
))
1461 OSSL_SELF_TEST_set_callback(libctx
, self_test_events
, &self_test_args
);
1463 ADD_TEST(aes_cfb1_bits_test
);
1464 ADD_ALL_TESTS(cipher_enc_dec_test
, OSSL_NELEM(cipher_enc_data
));
1465 ADD_ALL_TESTS(aes_ccm_enc_dec_test
, OSSL_NELEM(aes_ccm_enc_data
));
1466 ADD_ALL_TESTS(aes_gcm_enc_dec_test
, OSSL_NELEM(aes_gcm_enc_data
));
1468 ADD_ALL_TESTS(rsa_keygen_test
, OSSL_NELEM(rsa_keygen_data
));
1469 ADD_ALL_TESTS(rsa_siggen_test
, OSSL_NELEM(rsa_siggen_data
));
1470 ADD_ALL_TESTS(rsa_sigver_test
, OSSL_NELEM(rsa_sigver_data
));
1471 ADD_ALL_TESTS(rsa_decryption_primitive_test
,
1472 OSSL_NELEM(rsa_decrypt_prim_data
));
1474 #ifndef OPENSSL_NO_DH
1475 ADD_ALL_TESTS(dh_safe_prime_keygen_test
,
1476 OSSL_NELEM(dh_safe_prime_keygen_data
));
1477 ADD_ALL_TESTS(dh_safe_prime_keyver_test
,
1478 OSSL_NELEM(dh_safe_prime_keyver_data
));
1479 #endif /* OPENSSL_NO_DH */
1481 #ifndef OPENSSL_NO_DSA
1482 ADD_ALL_TESTS(dsa_keygen_test
, OSSL_NELEM(dsa_keygen_data
));
1483 ADD_ALL_TESTS(dsa_paramgen_test
, OSSL_NELEM(dsa_paramgen_data
));
1484 ADD_ALL_TESTS(dsa_pqver_test
, OSSL_NELEM(dsa_pqver_data
));
1485 ADD_ALL_TESTS(dsa_siggen_test
, OSSL_NELEM(dsa_siggen_data
));
1486 ADD_ALL_TESTS(dsa_sigver_test
, OSSL_NELEM(dsa_sigver_data
));
1487 #endif /* OPENSSL_NO_DSA */
1489 #ifndef OPENSSL_NO_EC
1490 ADD_ALL_TESTS(ecdsa_keygen_test
, OSSL_NELEM(ecdsa_keygen_data
));
1491 ADD_ALL_TESTS(ecdsa_pub_verify_test
, OSSL_NELEM(ecdsa_pv_data
));
1492 ADD_ALL_TESTS(ecdsa_siggen_test
, OSSL_NELEM(ecdsa_siggen_data
));
1493 ADD_ALL_TESTS(ecdsa_sigver_test
, OSSL_NELEM(ecdsa_sigver_data
));
1494 #endif /* OPENSSL_NO_EC */
1496 ADD_ALL_TESTS(drbg_test
, OSSL_NELEM(drbg_data
));
1500 void cleanup_tests(void)
1502 OSSL_PROVIDER_unload(prov_null
);
1503 OSSL_LIB_CTX_free(libctx
);