]> git.ipfire.org Git - thirdparty/openssl.git/blob - test/evp_libctx_test.c
projects / thirdparty / openssl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Deprecate EC_KEY + Update ec apps to use EVP_PKEY
[thirdparty/openssl.git] / test / evp_libctx_test.c
1 /*
2 * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 /*
11
12 * These tests are setup to load null into the default library context.
13 * Any tests are expected to use the created 'libctx' to find algorithms.
14 * The framework runs the tests twice using the 'default' provider or
15 * 'fips' provider as inputs.
16 */
17
18 /*
19 * DSA/DH low level APIs are deprecated for public use, but still ok for
20 * internal use.
21 */
22 #include "internal/deprecated.h"
23 #include <openssl/evp.h>
24 #include <openssl/provider.h>
25 #include <openssl/dsa.h>
26 #include <openssl/dh.h>
27 #include <openssl/safestack.h>
28 #include <openssl/core_dispatch.h>
29 #include <openssl/core_names.h>
30 #include <openssl/x509.h>
31 #include <openssl/encoder.h>
32 #include "testutil.h"
33 #include "internal/nelem.h"
34 #include "crypto/bn_dh.h" /* _bignum_ffdhe2048_p */
35 #include "../e_os.h" /* strcasecmp */
36
37 static OSSL_LIB_CTX *libctx = NULL;
38 static OSSL_PROVIDER *nullprov = NULL;
39 static OSSL_PROVIDER *libprov = NULL;
40 static STACK_OF(OPENSSL_CSTRING) *cipher_names = NULL;
41
42 typedef enum OPTION_choice {
43 OPT_ERR = -1,
44 OPT_EOF = 0,
45 OPT_CONFIG_FILE,
46 OPT_PROVIDER_NAME,
47 OPT_TEST_ENUM
48 } OPTION_CHOICE;
49
50 const OPTIONS *test_get_options(void)
51 {
52 static const OPTIONS test_options[] = {
53 OPT_TEST_OPTIONS_DEFAULT_USAGE,
54 { "config", OPT_CONFIG_FILE, '<',
55 "The configuration file to use for the libctx" },
56 { "provider", OPT_PROVIDER_NAME, 's',
57 "The provider to load (The default value is 'default'" },
58 { NULL }
59 };
60 return test_options;
61 }
62
63 #ifndef OPENSSL_NO_DH
64 static const char *getname(int id)
65 {
66 const char *name[] = {"p", "q", "g" };
67
68 if (id >= 0 && id < 3)
69 return name[id];
70 return "?";
71 }
72 #endif
73
74 /*
75 * We're using some DH specific values in this test, so we skip compilation if
76 * we're in a no-dh build.
77 */
78 #if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DH)
79
80 static int test_dsa_param_keygen(int tstid)
81 {
82 int ret = 0;
83 int expected;
84 EVP_PKEY_CTX *gen_ctx = NULL;
85 EVP_PKEY *pkey_parm = NULL;
86 EVP_PKEY *pkey = NULL;
87 DSA *dsa = NULL;
88 int pind, qind, gind;
89 BIGNUM *p = NULL, *q = NULL, *g = NULL;
90
91 /*
92 * Just grab some fixed dh p, q, g values for testing,
93 * these 'safe primes' should not be used normally for dsa *.
94 */
95 static const BIGNUM *bn[] = {
96 &_bignum_dh2048_256_p, &_bignum_dh2048_256_q, &_bignum_dh2048_256_g
97 };
98
99 /*
100 * These tests are using bad values for p, q, g by reusing the values.
101 * A value of 0 uses p, 1 uses q and 2 uses g.
102 * There are 27 different combinations, with only the 1 valid combination.
103 */
104 pind = tstid / 9;
105 qind = (tstid / 3) % 3;
106 gind = tstid % 3;
107 expected = (pind == 0 && qind == 1 && gind == 2);
108
109 TEST_note("Testing with (p, q, g) = (%s, %s, %s)\n", getname(pind),
110 getname(qind), getname(gind));
111
112 if (!TEST_ptr(pkey_parm = EVP_PKEY_new())
113 || !TEST_ptr(dsa = DSA_new())
114 || !TEST_ptr(p = BN_dup(bn[pind]))
115 || !TEST_ptr(q = BN_dup(bn[qind]))
116 || !TEST_ptr(g = BN_dup(bn[gind]))
117 || !TEST_true(DSA_set0_pqg(dsa, p, q, g)))
118 goto err;
119 p = q = g = NULL;
120
121 if (!TEST_true(EVP_PKEY_assign_DSA(pkey_parm, dsa)))
122 goto err;
123 dsa = NULL;
124
125 if (!TEST_ptr(gen_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey_parm, NULL))
126 || !TEST_int_gt(EVP_PKEY_keygen_init(gen_ctx), 0)
127 || !TEST_int_eq(EVP_PKEY_keygen(gen_ctx, &pkey), expected))
128 goto err;
129 ret = 1;
130 err:
131 EVP_PKEY_free(pkey);
132 EVP_PKEY_CTX_free(gen_ctx);
133 EVP_PKEY_free(pkey_parm);
134 DSA_free(dsa);
135 BN_free(g);
136 BN_free(q);
137 BN_free(p);
138 return ret;
139 }
140 #endif /* OPENSSL_NO_DSA */
141
142 #ifndef OPENSSL_NO_DH
143 static int do_dh_param_keygen(int tstid, const BIGNUM **bn)
144 {
145 int ret = 0;
146 int expected;
147 EVP_PKEY_CTX *gen_ctx = NULL;
148 EVP_PKEY *pkey_parm = NULL;
149 EVP_PKEY *pkey = NULL;
150 DH *dh = NULL;
151 int pind, qind, gind;
152 BIGNUM *p = NULL, *q = NULL, *g = NULL;
153
154 /*
155 * These tests are using bad values for p, q, g by reusing the values.
156 * A value of 0 uses p, 1 uses q and 2 uses g.
157 * There are 27 different combinations, with only the 1 valid combination.
158 */
159 pind = tstid / 9;
160 qind = (tstid / 3) % 3;
161 gind = tstid % 3;
162 expected = (pind == 0 && qind == 1 && gind == 2);
163
164 TEST_note("Testing with (p, q, g) = (%s, %s, %s)", getname(pind),
165 getname(qind), getname(gind));
166
167 if (!TEST_ptr(pkey_parm = EVP_PKEY_new())
168 || !TEST_ptr(dh = DH_new())
169 || !TEST_ptr(p = BN_dup(bn[pind]))
170 || !TEST_ptr(q = BN_dup(bn[qind]))
171 || !TEST_ptr(g = BN_dup(bn[gind]))
172 || !TEST_true(DH_set0_pqg(dh, p, q, g)))
173 goto err;
174 p = q = g = NULL;
175
176 if (!TEST_true(EVP_PKEY_assign_DH(pkey_parm, dh)))
177 goto err;
178 dh = NULL;
179
180 if (!TEST_ptr(gen_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey_parm, NULL))
181 || !TEST_int_gt(EVP_PKEY_keygen_init(gen_ctx), 0)
182 || !TEST_int_eq(EVP_PKEY_keygen(gen_ctx, &pkey), expected))
183 goto err;
184 ret = 1;
185 err:
186 EVP_PKEY_free(pkey);
187 EVP_PKEY_CTX_free(gen_ctx);
188 EVP_PKEY_free(pkey_parm);
189 DH_free(dh);
190 BN_free(g);
191 BN_free(q);
192 BN_free(p);
193 return ret;
194 }
195
196 /*
197 * Note that we get the fips186-4 path being run for most of these cases since
198 * the internal code will detect that the p, q, g does not match a safe prime
199 * group (Except for when tstid = 5, which sets the correct p, q, g)
200 */
201 static int test_dh_safeprime_param_keygen(int tstid)
202 {
203 static const BIGNUM *bn[] = {
204 &_bignum_ffdhe2048_p, &_bignum_ffdhe2048_q, &_bignum_const_2
205 };
206 return do_dh_param_keygen(tstid, bn);
207 }
208
209 static int dhx_cert_load(void)
210 {
211 int ret = 0;
212 X509 *cert = NULL;
213 BIO *bio = NULL;
214
215 static const unsigned char dhx_cert[] = {
216 0x30,0x82,0x03,0xff,0x30,0x82,0x02,0xe7,0xa0,0x03,0x02,0x01,0x02,0x02,0x09,0x00,
217 0xdb,0xf5,0x4d,0x22,0xa0,0x7a,0x67,0xa6,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,
218 0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x30,0x44,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,
219 0x04,0x06,0x13,0x02,0x55,0x4b,0x31,0x16,0x30,0x14,0x06,0x03,0x55,0x04,0x0a,0x0c,
220 0x0d,0x4f,0x70,0x65,0x6e,0x53,0x53,0x4c,0x20,0x47,0x72,0x6f,0x75,0x70,0x31,0x1d,
221 0x30,0x1b,0x06,0x03,0x55,0x04,0x03,0x0c,0x14,0x54,0x65,0x73,0x74,0x20,0x53,0x2f,
222 0x4d,0x49,0x4d,0x45,0x20,0x52,0x53,0x41,0x20,0x52,0x6f,0x6f,0x74,0x30,0x1e,0x17,
223 0x0d,0x31,0x33,0x30,0x38,0x30,0x32,0x31,0x34,0x34,0x39,0x32,0x39,0x5a,0x17,0x0d,
224 0x32,0x33,0x30,0x36,0x31,0x31,0x31,0x34,0x34,0x39,0x32,0x39,0x5a,0x30,0x44,0x31,
225 0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x4b,0x31,0x16,0x30,0x14,
226 0x06,0x03,0x55,0x04,0x0a,0x0c,0x0d,0x4f,0x70,0x65,0x6e,0x53,0x53,0x4c,0x20,0x47,
227 0x72,0x6f,0x75,0x70,0x31,0x1d,0x30,0x1b,0x06,0x03,0x55,0x04,0x03,0x0c,0x14,0x54,
228 0x65,0x73,0x74,0x20,0x53,0x2f,0x4d,0x49,0x4d,0x45,0x20,0x45,0x45,0x20,0x44,0x48,
229 0x20,0x23,0x31,0x30,0x82,0x01,0xb6,0x30,0x82,0x01,0x2b,0x06,0x07,0x2a,0x86,0x48,
230 0xce,0x3e,0x02,0x01,0x30,0x82,0x01,0x1e,0x02,0x81,0x81,0x00,0xd4,0x0c,0x4a,0x0c,
231 0x04,0x72,0x71,0x19,0xdf,0x59,0x19,0xc5,0xaf,0x44,0x7f,0xca,0x8e,0x2b,0xf0,0x09,
232 0xf5,0xd3,0x25,0xb1,0x73,0x16,0x55,0x89,0xdf,0xfd,0x07,0xaf,0x19,0xd3,0x7f,0xd0,
233 0x07,0xa2,0xfe,0x3f,0x5a,0xf1,0x01,0xc6,0xf8,0x2b,0xef,0x4e,0x6d,0x03,0x38,0x42,
234 0xa1,0x37,0xd4,0x14,0xb4,0x00,0x4a,0xb1,0x86,0x5a,0x83,0xce,0xb9,0x08,0x0e,0xc1,
235 0x99,0x27,0x47,0x8d,0x0b,0x85,0xa8,0x82,0xed,0xcc,0x0d,0xb9,0xb0,0x32,0x7e,0xdf,
236 0xe8,0xe4,0xf6,0xf6,0xec,0xb3,0xee,0x7a,0x11,0x34,0x65,0x97,0xfc,0x1a,0xb0,0x95,
237 0x4b,0x19,0xb9,0xa6,0x1c,0xd9,0x01,0x32,0xf7,0x35,0x7c,0x2d,0x5d,0xfe,0xc1,0x85,
238 0x70,0x49,0xf8,0xcc,0x99,0xd0,0xbe,0xf1,0x5a,0x78,0xc8,0x03,0x02,0x81,0x80,0x69,
239 0x00,0xfd,0x66,0xf2,0xfc,0x15,0x8b,0x09,0xb8,0xdc,0x4d,0xea,0xaa,0x79,0x55,0xf9,
240 0xdf,0x46,0xa6,0x2f,0xca,0x2d,0x8f,0x59,0x2a,0xad,0x44,0xa3,0xc6,0x18,0x2f,0x95,
241 0xb6,0x16,0x20,0xe3,0xd3,0xd1,0x8f,0x03,0xce,0x71,0x7c,0xef,0x3a,0xc7,0x44,0x39,
242 0x0e,0xe2,0x1f,0xd8,0xd3,0x89,0x2b,0xe7,0x51,0xdc,0x12,0x48,0x4c,0x18,0x4d,0x99,
243 0x12,0x06,0xe4,0x17,0x02,0x03,0x8c,0x24,0x05,0x8e,0xa6,0x85,0xf2,0x69,0x1b,0xe1,
244 0x6a,0xdc,0xe2,0x04,0x3a,0x01,0x9d,0x64,0xbe,0xfe,0x45,0xf9,0x44,0x18,0x71,0xbd,
245 0x2d,0x3e,0x7a,0x6f,0x72,0x7d,0x1a,0x80,0x42,0x57,0xae,0x18,0x6f,0x91,0xd6,0x61,
246 0x03,0x8a,0x1c,0x89,0x73,0xc7,0x56,0x41,0x03,0xd3,0xf8,0xed,0x65,0xe2,0x85,0x02,
247 0x15,0x00,0x89,0x94,0xab,0x10,0x67,0x45,0x41,0xad,0x63,0xc6,0x71,0x40,0x8d,0x6b,
248 0x9e,0x19,0x5b,0xa4,0xc7,0xf5,0x03,0x81,0x84,0x00,0x02,0x81,0x80,0x2f,0x5b,0xde,
249 0x72,0x02,0x36,0x6b,0x00,0x5e,0x24,0x7f,0x14,0x2c,0x18,0x52,0x42,0x97,0x4b,0xdb,
250 0x6e,0x15,0x50,0x3c,0x45,0x3e,0x25,0xf3,0xb7,0xc5,0x6e,0xe5,0x52,0xe7,0xc4,0xfb,
251 0xf4,0xa5,0xf0,0x39,0x12,0x7f,0xbc,0x54,0x1c,0x93,0xb9,0x5e,0xee,0xe9,0x14,0xb0,
252 0xdf,0xfe,0xfc,0x36,0xe4,0xf2,0xaf,0xfb,0x13,0xc8,0xdf,0x18,0x94,0x1d,0x40,0xb9,
253 0x71,0xdd,0x4c,0x9c,0xa7,0x03,0x52,0x02,0xb5,0xed,0x71,0x80,0x3e,0x23,0xda,0x28,
254 0xe5,0xab,0xe7,0x6f,0xf2,0x0a,0x0e,0x00,0x5b,0x7d,0xc6,0x4b,0xd7,0xc7,0xb2,0xc3,
255 0xba,0x62,0x7f,0x70,0x28,0xa0,0x9d,0x71,0x13,0x70,0xd1,0x9f,0x32,0x2f,0x3e,0xd2,
256 0xcd,0x1b,0xa4,0xc6,0x72,0xa0,0x74,0x5d,0x71,0xef,0x03,0x43,0x6e,0xa3,0x60,0x30,
257 0x5e,0x30,0x0c,0x06,0x03,0x55,0x1d,0x13,0x01,0x01,0xff,0x04,0x02,0x30,0x00,0x30,
258 0x0e,0x06,0x03,0x55,0x1d,0x0f,0x01,0x01,0xff,0x04,0x04,0x03,0x02,0x05,0xe0,0x30,
259 0x1d,0x06,0x03,0x55,0x1d,0x0e,0x04,0x16,0x04,0x14,0x0b,0x5a,0x4d,0x5f,0x7d,0x25,
260 0xc7,0xf2,0x9d,0xc1,0xaa,0xb7,0x63,0x82,0x2f,0xfa,0x8f,0x32,0xe7,0xc0,0x30,0x1f,
261 0x06,0x03,0x55,0x1d,0x23,0x04,0x18,0x30,0x16,0x80,0x14,0xdf,0x7e,0x5e,0x88,0x05,
262 0x24,0x33,0x08,0xdd,0x22,0x81,0x02,0x97,0xcc,0x9a,0xb7,0xb1,0x33,0x27,0x30,0x30,
263 0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x03,0x82,
264 0x01,0x01,0x00,0x5a,0xf2,0x63,0xef,0xd3,0x16,0xd7,0xf5,0xaa,0xdd,0x12,0x00,0x36,
265 0x00,0x21,0xa2,0x7b,0x08,0xd6,0x3b,0x9f,0x62,0xac,0x53,0x1f,0xed,0x4c,0xd1,0x15,
266 0x34,0x65,0x71,0xee,0x96,0x07,0xa6,0xef,0xb2,0xde,0xd8,0xbb,0x35,0x6e,0x2c,0xe2,
267 0xd1,0x26,0xef,0x7e,0x94,0xe2,0x88,0x51,0xa4,0x6c,0xaa,0x27,0x2a,0xd3,0xb6,0xc2,
268 0xf7,0xea,0xc3,0x0b,0xa9,0xb5,0x28,0x37,0xa2,0x63,0x08,0xe4,0x88,0xc0,0x1b,0x16,
269 0x1b,0xca,0xfd,0x8a,0x07,0x32,0x29,0xa7,0x53,0xb5,0x2d,0x30,0xe4,0xf5,0x16,0xc3,
270 0xe3,0xc2,0x4c,0x30,0x5d,0x35,0x80,0x1c,0xa2,0xdb,0xe3,0x4b,0x51,0x0d,0x4c,0x60,
271 0x5f,0xb9,0x46,0xac,0xa8,0x46,0xa7,0x32,0xa7,0x9c,0x76,0xf8,0xe9,0xb5,0x19,0xe2,
272 0x0c,0xe1,0x0f,0xc6,0x46,0xe2,0x38,0xa7,0x87,0x72,0x6d,0x6c,0xbc,0x88,0x2f,0x9d,
273 0x2d,0xe5,0xd0,0x7d,0x1e,0xc7,0x5d,0xf8,0x7e,0xb4,0x0b,0xa6,0xf9,0x6c,0xe3,0x7c,
274 0xb2,0x70,0x6e,0x75,0x9b,0x1e,0x63,0xe1,0x4d,0xb2,0x81,0xd3,0x55,0x38,0x94,0x1a,
275 0x7a,0xfa,0xbf,0x01,0x18,0x70,0x2d,0x35,0xd3,0xe3,0x10,0x7a,0x9a,0xa7,0x8f,0xf3,
276 0xbd,0x56,0x55,0x5e,0xd8,0xbd,0x4e,0x16,0x76,0xd0,0x48,0x4c,0xf9,0x51,0x54,0xdf,
277 0x2d,0xb0,0xc9,0xaa,0x5e,0x42,0x38,0x50,0xbf,0x0f,0xc0,0xd9,0x84,0x44,0x4b,0x42,
278 0x24,0xec,0x14,0xa3,0xde,0x11,0xdf,0x58,0x7f,0xc2,0x4d,0xb2,0xd5,0x42,0x78,0x6e,
279 0x52,0x3e,0xad,0xc3,0x5f,0x04,0xc4,0xe6,0x31,0xaa,0x81,0x06,0x8b,0x13,0x4b,0x3c,
280 0x0e,0x6a,0xb1
281 };
282
283 if (!TEST_ptr(bio = BIO_new_mem_buf(dhx_cert, sizeof(dhx_cert)))
284 || !TEST_ptr(cert = X509_new_ex(libctx, NULL))
285 || !TEST_ptr(d2i_X509_bio(bio, &cert)))
286 goto err;
287 ret = 1;
288 err:
289 X509_free(cert);
290 BIO_free(bio);
291 return ret;
292 }
293
294 #endif /* OPENSSL_NO_DH */
295
296 static int test_cipher_reinit(int test_id)
297 {
298 int ret = 0, diff, ccm, siv;
299 int out1_len = 0, out2_len = 0, out3_len = 0;
300 EVP_CIPHER *cipher = NULL;
301 EVP_CIPHER_CTX *ctx = NULL;
302 unsigned char out1[256];
303 unsigned char out2[256];
304 unsigned char out3[256];
305 unsigned char in[16] = {
306 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
307 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10
308 };
309 unsigned char key[64] = {
310 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
311 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
312 0x01, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
313 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
314 0x02, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
315 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
316 0x03, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
317 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
318 };
319 unsigned char iv[16] = {
320 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08,
321 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00
322 };
323 const char *name = sk_OPENSSL_CSTRING_value(cipher_names, test_id);
324
325 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()))
326 goto err;
327
328 TEST_note("Fetching %s\n", name);
329 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, name, NULL)))
330 goto err;
331
332 /* ccm fails on the second update - this matches OpenSSL 1_1_1 behaviour */
333 ccm = (EVP_CIPHER_mode(cipher) == EVP_CIPH_CCM_MODE);
334
335 /* siv cannot be called with NULL key as the iv is irrelevant */
336 siv = (EVP_CIPHER_mode(cipher) == EVP_CIPH_SIV_MODE);
337
338 /* DES3-WRAP uses random every update - so it will give a different value */
339 diff = EVP_CIPHER_is_a(cipher, "DES3-WRAP");
340
341 if (!TEST_true(EVP_EncryptInit_ex(ctx, cipher, NULL, key, iv))
342 || !TEST_true(EVP_EncryptUpdate(ctx, out1, &out1_len, in, sizeof(in)))
343 || !TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv))
344 || !TEST_int_eq(EVP_EncryptUpdate(ctx, out2, &out2_len, in, sizeof(in)),
345 ccm ? 0 : 1)
346 || !TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv))
347 || !TEST_int_eq(EVP_EncryptUpdate(ctx, out3, &out3_len, in, sizeof(in)),
348 ccm || siv ? 0 : 1))
349 goto err;
350
351 if (ccm == 0) {
352 if (diff) {
353 if (!TEST_mem_ne(out1, out1_len, out2, out2_len)
354 || !TEST_mem_ne(out1, out1_len, out3, out3_len)
355 || !TEST_mem_ne(out2, out2_len, out3, out3_len))
356 goto err;
357 } else {
358 if (!TEST_mem_eq(out1, out1_len, out2, out2_len)
359 || (!siv && !TEST_mem_eq(out1, out1_len, out3, out3_len)))
360 goto err;
361 }
362 }
363 ret = 1;
364 err:
365 EVP_CIPHER_free(cipher);
366 EVP_CIPHER_CTX_free(ctx);
367 return ret;
368 }
369
370 /*
371 * This test only uses a partial block (half the block size) of input for each
372 * EVP_EncryptUpdate() in order to test that the second init/update is not using
373 * a leftover buffer from the first init/update.
374 * Note: some ciphers don't need a full block to produce output.
375 */
376 static int test_cipher_reinit_partialupdate(int test_id)
377 {
378 int ret = 0, in_len;
379 int out1_len = 0, out2_len = 0, out3_len = 0;
380 EVP_CIPHER *cipher = NULL;
381 EVP_CIPHER_CTX *ctx = NULL;
382 unsigned char out1[256];
383 unsigned char out2[256];
384 unsigned char out3[256];
385 static const unsigned char in[32] = {
386 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
387 0xba, 0xbe, 0xba, 0xbe, 0x00, 0x00, 0xba, 0xbe,
388 0x01, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
389 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
390 };
391 static const unsigned char key[64] = {
392 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
393 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
394 0x01, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
395 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
396 0x02, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
397 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
398 0x03, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
399 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
400 };
401 static const unsigned char iv[16] = {
402 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08,
403 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00
404 };
405 const char *name = sk_OPENSSL_CSTRING_value(cipher_names, test_id);
406
407 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()))
408 goto err;
409
410 TEST_note("Fetching %s\n", name);
411 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, name, NULL)))
412 goto err;
413
414 in_len = EVP_CIPHER_block_size(cipher) / 2;
415
416 /* skip any ciphers that don't allow partial updates */
417 if (((EVP_CIPHER_flags(cipher)
418 & (EVP_CIPH_FLAG_CTS | EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK)) != 0)
419 || EVP_CIPHER_mode(cipher) == EVP_CIPH_CCM_MODE
420 || EVP_CIPHER_mode(cipher) == EVP_CIPH_XTS_MODE
421 || EVP_CIPHER_mode(cipher) == EVP_CIPH_WRAP_MODE) {
422 ret = 1;
423 goto err;
424 }
425
426 if (!TEST_true(EVP_EncryptInit_ex(ctx, cipher, NULL, key, iv))
427 || !TEST_true(EVP_EncryptUpdate(ctx, out1, &out1_len, in, in_len))
428 || !TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv))
429 || !TEST_true(EVP_EncryptUpdate(ctx, out2, &out2_len, in, in_len)))
430 goto err;
431
432 if (!TEST_mem_eq(out1, out1_len, out2, out2_len))
433 goto err;
434
435 if (EVP_CIPHER_mode(cipher) != EVP_CIPH_SIV_MODE) {
436 if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv))
437 || !TEST_true(EVP_EncryptUpdate(ctx, out3, &out3_len, in, in_len)))
438 goto err;
439
440 if (!TEST_mem_eq(out1, out1_len, out3, out3_len))
441 goto err;
442 }
443 ret = 1;
444 err:
445 EVP_CIPHER_free(cipher);
446 EVP_CIPHER_CTX_free(ctx);
447 return ret;
448 }
449
450
451 static int name_cmp(const char * const *a, const char * const *b)
452 {
453 return strcasecmp(*a, *b);
454 }
455
456 static void collect_cipher_names(EVP_CIPHER *cipher, void *cipher_names_list)
457 {
458 STACK_OF(OPENSSL_CSTRING) *names = cipher_names_list;
459
460 sk_OPENSSL_CSTRING_push(names, EVP_CIPHER_name(cipher));
461 }
462
463 static int rsa_keygen(int bits, EVP_PKEY **pub, EVP_PKEY **priv)
464 {
465 int ret = 0;
466 EVP_PKEY_CTX *keygen_ctx = NULL;
467 unsigned char *pub_der = NULL;
468 const unsigned char *pp = NULL;
469 size_t len = 0;
470 OSSL_ENCODER_CTX *ectx = NULL;
471
472 if (!TEST_ptr(keygen_ctx = EVP_PKEY_CTX_new_from_name(libctx, "RSA", NULL))
473 || !TEST_int_gt(EVP_PKEY_keygen_init(keygen_ctx), 0)
474 || !TEST_true(EVP_PKEY_CTX_set_rsa_keygen_bits(keygen_ctx, bits))
475 || !TEST_int_gt(EVP_PKEY_keygen(keygen_ctx, priv), 0)
476 || !TEST_ptr(ectx =
477 OSSL_ENCODER_CTX_new_by_EVP_PKEY(*priv,
478 EVP_PKEY_PUBLIC_KEY,
479 "DER", "type-specific",
480 NULL))
481 || !TEST_true(OSSL_ENCODER_to_data(ectx, &pub_der, &len)))
482 goto err;
483 pp = pub_der;
484 if (!TEST_ptr(d2i_PublicKey(EVP_PKEY_RSA, pub, &pp, len)))
485 goto err;
486 ret = 1;
487 err:
488 OSSL_ENCODER_CTX_free(ectx);
489 OPENSSL_free(pub_der);
490 EVP_PKEY_CTX_free(keygen_ctx);
491 return ret;
492 }
493
494 static int kem_rsa_gen_recover(void)
495 {
496 int ret = 0;
497 EVP_PKEY *pub = NULL;
498 EVP_PKEY *priv = NULL;
499 EVP_PKEY_CTX *sctx = NULL, *rctx = NULL;
500 unsigned char secret[256] = { 0, };
501 unsigned char ct[256] = { 0, };
502 unsigned char unwrap[256] = { 0, };
503 size_t ctlen = 0, unwraplen = 0, secretlen = 0;
504
505 ret = TEST_true(rsa_keygen(2048, &pub, &priv))
506 && TEST_ptr(sctx = EVP_PKEY_CTX_new_from_pkey(libctx, pub, NULL))
507 && TEST_int_eq(EVP_PKEY_encapsulate_init(sctx), 1)
508 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(sctx, "RSASVE"), 1)
509 && TEST_int_eq(EVP_PKEY_encapsulate(sctx, NULL, &ctlen, NULL,
510 &secretlen), 1)
511 && TEST_int_eq(ctlen, secretlen)
512 && TEST_int_eq(ctlen, 2048 / 8)
513 && TEST_int_eq(EVP_PKEY_encapsulate(sctx, ct, &ctlen, secret,
514 &secretlen), 1)
515 && TEST_ptr(rctx = EVP_PKEY_CTX_new_from_pkey(libctx, priv, NULL))
516 && TEST_int_eq(EVP_PKEY_decapsulate_init(rctx), 1)
517 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(rctx, "RSASVE"), 1)
518 && TEST_int_eq(EVP_PKEY_decapsulate(rctx, NULL, &unwraplen,
519 ct, ctlen), 1)
520 && TEST_int_eq(EVP_PKEY_decapsulate(rctx, unwrap, &unwraplen,
521 ct, ctlen), 1)
522 && TEST_mem_eq(unwrap, unwraplen, secret, secretlen);
523 EVP_PKEY_free(pub);
524 EVP_PKEY_free(priv);
525 EVP_PKEY_CTX_free(rctx);
526 EVP_PKEY_CTX_free(sctx);
527 return ret;
528 }
529
530 static int kem_rsa_params(void)
531 {
532 int ret = 0;
533 EVP_PKEY *pub = NULL;
534 EVP_PKEY *priv = NULL;
535 EVP_PKEY_CTX *pubctx = NULL, *privctx = NULL;
536 unsigned char secret[256] = { 0, };
537 unsigned char ct[256] = { 0, };
538 size_t ctlen = 0, secretlen = 0;
539
540 ret = TEST_true(rsa_keygen(2048, &pub, &priv))
541 && TEST_ptr(pubctx = EVP_PKEY_CTX_new_from_pkey(libctx, pub, NULL))
542 && TEST_ptr(privctx = EVP_PKEY_CTX_new_from_pkey(libctx, priv, NULL))
543 /* Test setting kem op before the init fails */
544 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx, "RSASVE"), -2)
545 /* Test NULL ctx passed */
546 && TEST_int_eq(EVP_PKEY_encapsulate_init(NULL), 0)
547 && TEST_int_eq(EVP_PKEY_encapsulate(NULL, NULL, NULL, NULL, NULL), 0)
548 && TEST_int_eq(EVP_PKEY_decapsulate_init(NULL), 0)
549 && TEST_int_eq(EVP_PKEY_decapsulate(NULL, NULL, NULL, NULL, 0), 0)
550 /* Test Invalid operation */
551 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, NULL, NULL, NULL), -1)
552 && TEST_int_eq(EVP_PKEY_decapsulate(privctx, NULL, NULL, NULL, 0), 0)
553 /* Wrong key component - no secret should be returned on failure */
554 && TEST_int_eq(EVP_PKEY_decapsulate_init(pubctx), 1)
555 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx, "RSASVE"), 1)
556 && TEST_int_eq(EVP_PKEY_decapsulate(pubctx, secret, &secretlen, ct,
557 sizeof(ct)), 0)
558 && TEST_uchar_eq(secret[0], 0)
559 /* Test encapsulate fails if the mode is not set */
560 && TEST_int_eq(EVP_PKEY_encapsulate_init(pubctx), 1)
561 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, ct, &ctlen, secret, &secretlen), -2)
562 /* Test setting a bad kem ops fail */
563 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx, "RSA"), 0)
564 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx, NULL), 0)
565 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(NULL, "RSASVE"), 0)
566 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(NULL, NULL), 0)
567 /* Test secretlen is optional */
568 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx, "RSASVE"), 1)
569 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, ct, &ctlen, secret, NULL), 1)
570 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, &ctlen, NULL, NULL), 1)
571 /* Test outlen is optional */
572 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, NULL, NULL, &secretlen), 1)
573 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, ct, NULL, secret, &secretlen), 1)
574 /* test that either len must be set if out is NULL */
575 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, NULL, NULL, NULL), 0)
576 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, &ctlen, NULL, NULL), 1)
577 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, NULL, NULL, &secretlen), 1)
578 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, &ctlen, NULL, &secretlen), 1)
579 /* Secret buffer should be set if there is an output buffer */
580 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, ct, &ctlen, NULL, NULL), 0)
581 /* Test that lengths are optional if ct is not NULL */
582 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, ct, NULL, secret, NULL), 1)
583 /* Pass if secret or secret length are not NULL */
584 && TEST_int_eq(EVP_PKEY_decapsulate_init(privctx), 1)
585 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(privctx, "RSASVE"), 1)
586 && TEST_int_eq(EVP_PKEY_decapsulate(privctx, secret, NULL, ct, sizeof(ct)), 1)
587 && TEST_int_eq(EVP_PKEY_decapsulate(privctx, NULL, &secretlen, ct, sizeof(ct)), 1)
588 && TEST_int_eq(secretlen, 256)
589 /* Fail if passed NULL arguments */
590 && TEST_int_eq(EVP_PKEY_decapsulate(privctx, NULL, NULL, ct, sizeof(ct)), 0)
591 && TEST_int_eq(EVP_PKEY_decapsulate(privctx, secret, &secretlen, NULL, 0), 0)
592 && TEST_int_eq(EVP_PKEY_decapsulate(privctx, secret, &secretlen, NULL, sizeof(ct)), 0)
593 && TEST_int_eq(EVP_PKEY_decapsulate(privctx, secret, &secretlen, ct, 0), 0);
594
595 EVP_PKEY_free(pub);
596 EVP_PKEY_free(priv);
597 EVP_PKEY_CTX_free(pubctx);
598 EVP_PKEY_CTX_free(privctx);
599 return ret;
600 }
601
602 #ifndef OPENSSL_NO_DH
603 static EVP_PKEY *gen_dh_key(void)
604 {
605 EVP_PKEY_CTX *gctx = NULL;
606 EVP_PKEY *pkey = NULL;
607 OSSL_PARAM params[2];
608
609 params[0] = OSSL_PARAM_construct_utf8_string("group", "ffdhe2048", 0);
610 params[1] = OSSL_PARAM_construct_end();
611
612 if (!TEST_ptr(gctx = EVP_PKEY_CTX_new_from_name(libctx, "DH", NULL))
613 || !TEST_true(EVP_PKEY_keygen_init(gctx))
614 || !TEST_true(EVP_PKEY_CTX_set_params(gctx, params))
615 || !TEST_true(EVP_PKEY_keygen(gctx, &pkey)))
616 goto err;
617 err:
618 EVP_PKEY_CTX_free(gctx);
619 return pkey;
620 }
621
622 /* Fail if we try to use a dh key */
623 static int kem_invalid_keytype(void)
624 {
625 int ret = 0;
626 EVP_PKEY *key = NULL;
627 EVP_PKEY_CTX *sctx = NULL;
628
629 if (!TEST_ptr(key = gen_dh_key()))
630 goto done;
631
632 if (!TEST_ptr(sctx = EVP_PKEY_CTX_new_from_pkey(libctx, key, NULL)))
633 goto done;
634 if (!TEST_int_eq(EVP_PKEY_encapsulate_init(sctx), -2))
635 goto done;
636
637 ret = 1;
638 done:
639 EVP_PKEY_free(key);
640 EVP_PKEY_CTX_free(sctx);
641 return ret;
642 }
643 #endif /* OPENSSL_NO_DH */
644
645 int setup_tests(void)
646 {
647 const char *prov_name = "default";
648 char *config_file = NULL;
649 OPTION_CHOICE o;
650
651 while ((o = opt_next()) != OPT_EOF) {
652 switch (o) {
653 case OPT_PROVIDER_NAME:
654 prov_name = opt_arg();
655 break;
656 case OPT_CONFIG_FILE:
657 config_file = opt_arg();
658 break;
659 case OPT_TEST_CASES:
660 break;
661 default:
662 case OPT_ERR:
663 return 0;
664 }
665 }
666
667 if (!test_get_libctx(&libctx, &nullprov, config_file, &libprov, prov_name))
668 return 0;
669
670 #if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DH)
671 ADD_ALL_TESTS(test_dsa_param_keygen, 3 * 3 * 3);
672 #endif
673 #ifndef OPENSSL_NO_DH
674 ADD_ALL_TESTS(test_dh_safeprime_param_keygen, 3 * 3 * 3);
675 ADD_TEST(dhx_cert_load);
676 #endif
677
678 if (!TEST_ptr(cipher_names = sk_OPENSSL_CSTRING_new(name_cmp)))
679 return 0;
680 EVP_CIPHER_do_all_provided(libctx, collect_cipher_names, cipher_names);
681
682 ADD_ALL_TESTS(test_cipher_reinit, sk_OPENSSL_CSTRING_num(cipher_names));
683 ADD_ALL_TESTS(test_cipher_reinit_partialupdate,
684 sk_OPENSSL_CSTRING_num(cipher_names));
685 ADD_TEST(kem_rsa_gen_recover);
686 ADD_TEST(kem_rsa_params);
687 #ifndef OPENSSL_NO_DH
688 ADD_TEST(kem_invalid_keytype);
689 #endif
690 return 1;
691 }
692
693 void cleanup_tests(void)
694 {
695 sk_OPENSSL_CSTRING_free(cipher_names);
696 OSSL_PROVIDER_unload(libprov);
697 OSSL_LIB_CTX_free(libctx);
698 OSSL_PROVIDER_unload(nullprov);
699 }
A mirror of the official openssl repository