2 * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
12 * These tests are setup to load null into the default library context.
13 * Any tests are expected to use the created 'libctx' to find algorithms.
14 * The framework runs the tests twice using the 'default' provider or
15 * 'fips' provider as inputs.
19 * DSA/DH low level APIs are deprecated for public use, but still ok for
22 #include "internal/deprecated.h"
23 #include <openssl/evp.h>
24 #include <openssl/provider.h>
25 #include <openssl/dsa.h>
26 #include <openssl/dh.h>
27 #include <openssl/safestack.h>
28 #include <openssl/core_dispatch.h>
29 #include <openssl/core_names.h>
30 #include <openssl/x509.h>
31 #include <openssl/encoder.h>
33 #include "internal/nelem.h"
34 #include "crypto/bn_dh.h" /* _bignum_ffdhe2048_p */
35 #include "../e_os.h" /* strcasecmp */
37 static OSSL_LIB_CTX
*libctx
= NULL
;
38 static OSSL_PROVIDER
*nullprov
= NULL
;
39 static OSSL_PROVIDER
*libprov
= NULL
;
40 static STACK_OF(OPENSSL_CSTRING
) *cipher_names
= NULL
;
42 typedef enum OPTION_choice
{
50 const OPTIONS
*test_get_options(void)
52 static const OPTIONS test_options
[] = {
53 OPT_TEST_OPTIONS_DEFAULT_USAGE
,
54 { "config", OPT_CONFIG_FILE
, '<',
55 "The configuration file to use for the libctx" },
56 { "provider", OPT_PROVIDER_NAME
, 's',
57 "The provider to load (The default value is 'default'" },
64 static const char *getname(int id
)
66 const char *name
[] = {"p", "q", "g" };
68 if (id
>= 0 && id
< 3)
75 * We're using some DH specific values in this test, so we skip compilation if
76 * we're in a no-dh build.
78 #if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DH)
80 static int test_dsa_param_keygen(int tstid
)
84 EVP_PKEY_CTX
*gen_ctx
= NULL
;
85 EVP_PKEY
*pkey_parm
= NULL
;
86 EVP_PKEY
*pkey
= NULL
;
89 BIGNUM
*p
= NULL
, *q
= NULL
, *g
= NULL
;
92 * Just grab some fixed dh p, q, g values for testing,
93 * these 'safe primes' should not be used normally for dsa *.
95 static const BIGNUM
*bn
[] = {
96 &ossl_bignum_dh2048_256_p
, &ossl_bignum_dh2048_256_q
,
97 &ossl_bignum_dh2048_256_g
101 * These tests are using bad values for p, q, g by reusing the values.
102 * A value of 0 uses p, 1 uses q and 2 uses g.
103 * There are 27 different combinations, with only the 1 valid combination.
106 qind
= (tstid
/ 3) % 3;
108 expected
= (pind
== 0 && qind
== 1 && gind
== 2);
110 TEST_note("Testing with (p, q, g) = (%s, %s, %s)\n", getname(pind
),
111 getname(qind
), getname(gind
));
113 if (!TEST_ptr(pkey_parm
= EVP_PKEY_new())
114 || !TEST_ptr(dsa
= DSA_new())
115 || !TEST_ptr(p
= BN_dup(bn
[pind
]))
116 || !TEST_ptr(q
= BN_dup(bn
[qind
]))
117 || !TEST_ptr(g
= BN_dup(bn
[gind
]))
118 || !TEST_true(DSA_set0_pqg(dsa
, p
, q
, g
)))
122 if (!TEST_true(EVP_PKEY_assign_DSA(pkey_parm
, dsa
)))
126 if (!TEST_ptr(gen_ctx
= EVP_PKEY_CTX_new_from_pkey(libctx
, pkey_parm
, NULL
))
127 || !TEST_int_gt(EVP_PKEY_keygen_init(gen_ctx
), 0)
128 || !TEST_int_eq(EVP_PKEY_keygen(gen_ctx
, &pkey
), expected
))
133 EVP_PKEY_CTX_free(gen_ctx
);
134 EVP_PKEY_free(pkey_parm
);
141 #endif /* OPENSSL_NO_DSA */
143 #ifndef OPENSSL_NO_DH
144 static int do_dh_param_keygen(int tstid
, const BIGNUM
**bn
)
148 EVP_PKEY_CTX
*gen_ctx
= NULL
;
149 EVP_PKEY
*pkey_parm
= NULL
;
150 EVP_PKEY
*pkey
= NULL
;
152 int pind
, qind
, gind
;
153 BIGNUM
*p
= NULL
, *q
= NULL
, *g
= NULL
;
156 * These tests are using bad values for p, q, g by reusing the values.
157 * A value of 0 uses p, 1 uses q and 2 uses g.
158 * There are 27 different combinations, with only the 1 valid combination.
161 qind
= (tstid
/ 3) % 3;
163 expected
= (pind
== 0 && qind
== 1 && gind
== 2);
165 TEST_note("Testing with (p, q, g) = (%s, %s, %s)", getname(pind
),
166 getname(qind
), getname(gind
));
168 if (!TEST_ptr(pkey_parm
= EVP_PKEY_new())
169 || !TEST_ptr(dh
= DH_new())
170 || !TEST_ptr(p
= BN_dup(bn
[pind
]))
171 || !TEST_ptr(q
= BN_dup(bn
[qind
]))
172 || !TEST_ptr(g
= BN_dup(bn
[gind
]))
173 || !TEST_true(DH_set0_pqg(dh
, p
, q
, g
)))
177 if (!TEST_true(EVP_PKEY_assign_DH(pkey_parm
, dh
)))
181 if (!TEST_ptr(gen_ctx
= EVP_PKEY_CTX_new_from_pkey(libctx
, pkey_parm
, NULL
))
182 || !TEST_int_gt(EVP_PKEY_keygen_init(gen_ctx
), 0)
183 || !TEST_int_eq(EVP_PKEY_keygen(gen_ctx
, &pkey
), expected
))
188 EVP_PKEY_CTX_free(gen_ctx
);
189 EVP_PKEY_free(pkey_parm
);
198 * Note that we get the fips186-4 path being run for most of these cases since
199 * the internal code will detect that the p, q, g does not match a safe prime
200 * group (Except for when tstid = 5, which sets the correct p, q, g)
202 static int test_dh_safeprime_param_keygen(int tstid
)
204 static const BIGNUM
*bn
[] = {
205 &ossl_bignum_ffdhe2048_p
, &ossl_bignum_ffdhe2048_q
,
208 return do_dh_param_keygen(tstid
, bn
);
211 static int dhx_cert_load(void)
217 static const unsigned char dhx_cert
[] = {
218 0x30,0x82,0x03,0xff,0x30,0x82,0x02,0xe7,0xa0,0x03,0x02,0x01,0x02,0x02,0x09,0x00,
219 0xdb,0xf5,0x4d,0x22,0xa0,0x7a,0x67,0xa6,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,
220 0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x30,0x44,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,
221 0x04,0x06,0x13,0x02,0x55,0x4b,0x31,0x16,0x30,0x14,0x06,0x03,0x55,0x04,0x0a,0x0c,
222 0x0d,0x4f,0x70,0x65,0x6e,0x53,0x53,0x4c,0x20,0x47,0x72,0x6f,0x75,0x70,0x31,0x1d,
223 0x30,0x1b,0x06,0x03,0x55,0x04,0x03,0x0c,0x14,0x54,0x65,0x73,0x74,0x20,0x53,0x2f,
224 0x4d,0x49,0x4d,0x45,0x20,0x52,0x53,0x41,0x20,0x52,0x6f,0x6f,0x74,0x30,0x1e,0x17,
225 0x0d,0x31,0x33,0x30,0x38,0x30,0x32,0x31,0x34,0x34,0x39,0x32,0x39,0x5a,0x17,0x0d,
226 0x32,0x33,0x30,0x36,0x31,0x31,0x31,0x34,0x34,0x39,0x32,0x39,0x5a,0x30,0x44,0x31,
227 0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x4b,0x31,0x16,0x30,0x14,
228 0x06,0x03,0x55,0x04,0x0a,0x0c,0x0d,0x4f,0x70,0x65,0x6e,0x53,0x53,0x4c,0x20,0x47,
229 0x72,0x6f,0x75,0x70,0x31,0x1d,0x30,0x1b,0x06,0x03,0x55,0x04,0x03,0x0c,0x14,0x54,
230 0x65,0x73,0x74,0x20,0x53,0x2f,0x4d,0x49,0x4d,0x45,0x20,0x45,0x45,0x20,0x44,0x48,
231 0x20,0x23,0x31,0x30,0x82,0x01,0xb6,0x30,0x82,0x01,0x2b,0x06,0x07,0x2a,0x86,0x48,
232 0xce,0x3e,0x02,0x01,0x30,0x82,0x01,0x1e,0x02,0x81,0x81,0x00,0xd4,0x0c,0x4a,0x0c,
233 0x04,0x72,0x71,0x19,0xdf,0x59,0x19,0xc5,0xaf,0x44,0x7f,0xca,0x8e,0x2b,0xf0,0x09,
234 0xf5,0xd3,0x25,0xb1,0x73,0x16,0x55,0x89,0xdf,0xfd,0x07,0xaf,0x19,0xd3,0x7f,0xd0,
235 0x07,0xa2,0xfe,0x3f,0x5a,0xf1,0x01,0xc6,0xf8,0x2b,0xef,0x4e,0x6d,0x03,0x38,0x42,
236 0xa1,0x37,0xd4,0x14,0xb4,0x00,0x4a,0xb1,0x86,0x5a,0x83,0xce,0xb9,0x08,0x0e,0xc1,
237 0x99,0x27,0x47,0x8d,0x0b,0x85,0xa8,0x82,0xed,0xcc,0x0d,0xb9,0xb0,0x32,0x7e,0xdf,
238 0xe8,0xe4,0xf6,0xf6,0xec,0xb3,0xee,0x7a,0x11,0x34,0x65,0x97,0xfc,0x1a,0xb0,0x95,
239 0x4b,0x19,0xb9,0xa6,0x1c,0xd9,0x01,0x32,0xf7,0x35,0x7c,0x2d,0x5d,0xfe,0xc1,0x85,
240 0x70,0x49,0xf8,0xcc,0x99,0xd0,0xbe,0xf1,0x5a,0x78,0xc8,0x03,0x02,0x81,0x80,0x69,
241 0x00,0xfd,0x66,0xf2,0xfc,0x15,0x8b,0x09,0xb8,0xdc,0x4d,0xea,0xaa,0x79,0x55,0xf9,
242 0xdf,0x46,0xa6,0x2f,0xca,0x2d,0x8f,0x59,0x2a,0xad,0x44,0xa3,0xc6,0x18,0x2f,0x95,
243 0xb6,0x16,0x20,0xe3,0xd3,0xd1,0x8f,0x03,0xce,0x71,0x7c,0xef,0x3a,0xc7,0x44,0x39,
244 0x0e,0xe2,0x1f,0xd8,0xd3,0x89,0x2b,0xe7,0x51,0xdc,0x12,0x48,0x4c,0x18,0x4d,0x99,
245 0x12,0x06,0xe4,0x17,0x02,0x03,0x8c,0x24,0x05,0x8e,0xa6,0x85,0xf2,0x69,0x1b,0xe1,
246 0x6a,0xdc,0xe2,0x04,0x3a,0x01,0x9d,0x64,0xbe,0xfe,0x45,0xf9,0x44,0x18,0x71,0xbd,
247 0x2d,0x3e,0x7a,0x6f,0x72,0x7d,0x1a,0x80,0x42,0x57,0xae,0x18,0x6f,0x91,0xd6,0x61,
248 0x03,0x8a,0x1c,0x89,0x73,0xc7,0x56,0x41,0x03,0xd3,0xf8,0xed,0x65,0xe2,0x85,0x02,
249 0x15,0x00,0x89,0x94,0xab,0x10,0x67,0x45,0x41,0xad,0x63,0xc6,0x71,0x40,0x8d,0x6b,
250 0x9e,0x19,0x5b,0xa4,0xc7,0xf5,0x03,0x81,0x84,0x00,0x02,0x81,0x80,0x2f,0x5b,0xde,
251 0x72,0x02,0x36,0x6b,0x00,0x5e,0x24,0x7f,0x14,0x2c,0x18,0x52,0x42,0x97,0x4b,0xdb,
252 0x6e,0x15,0x50,0x3c,0x45,0x3e,0x25,0xf3,0xb7,0xc5,0x6e,0xe5,0x52,0xe7,0xc4,0xfb,
253 0xf4,0xa5,0xf0,0x39,0x12,0x7f,0xbc,0x54,0x1c,0x93,0xb9,0x5e,0xee,0xe9,0x14,0xb0,
254 0xdf,0xfe,0xfc,0x36,0xe4,0xf2,0xaf,0xfb,0x13,0xc8,0xdf,0x18,0x94,0x1d,0x40,0xb9,
255 0x71,0xdd,0x4c,0x9c,0xa7,0x03,0x52,0x02,0xb5,0xed,0x71,0x80,0x3e,0x23,0xda,0x28,
256 0xe5,0xab,0xe7,0x6f,0xf2,0x0a,0x0e,0x00,0x5b,0x7d,0xc6,0x4b,0xd7,0xc7,0xb2,0xc3,
257 0xba,0x62,0x7f,0x70,0x28,0xa0,0x9d,0x71,0x13,0x70,0xd1,0x9f,0x32,0x2f,0x3e,0xd2,
258 0xcd,0x1b,0xa4,0xc6,0x72,0xa0,0x74,0x5d,0x71,0xef,0x03,0x43,0x6e,0xa3,0x60,0x30,
259 0x5e,0x30,0x0c,0x06,0x03,0x55,0x1d,0x13,0x01,0x01,0xff,0x04,0x02,0x30,0x00,0x30,
260 0x0e,0x06,0x03,0x55,0x1d,0x0f,0x01,0x01,0xff,0x04,0x04,0x03,0x02,0x05,0xe0,0x30,
261 0x1d,0x06,0x03,0x55,0x1d,0x0e,0x04,0x16,0x04,0x14,0x0b,0x5a,0x4d,0x5f,0x7d,0x25,
262 0xc7,0xf2,0x9d,0xc1,0xaa,0xb7,0x63,0x82,0x2f,0xfa,0x8f,0x32,0xe7,0xc0,0x30,0x1f,
263 0x06,0x03,0x55,0x1d,0x23,0x04,0x18,0x30,0x16,0x80,0x14,0xdf,0x7e,0x5e,0x88,0x05,
264 0x24,0x33,0x08,0xdd,0x22,0x81,0x02,0x97,0xcc,0x9a,0xb7,0xb1,0x33,0x27,0x30,0x30,
265 0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x03,0x82,
266 0x01,0x01,0x00,0x5a,0xf2,0x63,0xef,0xd3,0x16,0xd7,0xf5,0xaa,0xdd,0x12,0x00,0x36,
267 0x00,0x21,0xa2,0x7b,0x08,0xd6,0x3b,0x9f,0x62,0xac,0x53,0x1f,0xed,0x4c,0xd1,0x15,
268 0x34,0x65,0x71,0xee,0x96,0x07,0xa6,0xef,0xb2,0xde,0xd8,0xbb,0x35,0x6e,0x2c,0xe2,
269 0xd1,0x26,0xef,0x7e,0x94,0xe2,0x88,0x51,0xa4,0x6c,0xaa,0x27,0x2a,0xd3,0xb6,0xc2,
270 0xf7,0xea,0xc3,0x0b,0xa9,0xb5,0x28,0x37,0xa2,0x63,0x08,0xe4,0x88,0xc0,0x1b,0x16,
271 0x1b,0xca,0xfd,0x8a,0x07,0x32,0x29,0xa7,0x53,0xb5,0x2d,0x30,0xe4,0xf5,0x16,0xc3,
272 0xe3,0xc2,0x4c,0x30,0x5d,0x35,0x80,0x1c,0xa2,0xdb,0xe3,0x4b,0x51,0x0d,0x4c,0x60,
273 0x5f,0xb9,0x46,0xac,0xa8,0x46,0xa7,0x32,0xa7,0x9c,0x76,0xf8,0xe9,0xb5,0x19,0xe2,
274 0x0c,0xe1,0x0f,0xc6,0x46,0xe2,0x38,0xa7,0x87,0x72,0x6d,0x6c,0xbc,0x88,0x2f,0x9d,
275 0x2d,0xe5,0xd0,0x7d,0x1e,0xc7,0x5d,0xf8,0x7e,0xb4,0x0b,0xa6,0xf9,0x6c,0xe3,0x7c,
276 0xb2,0x70,0x6e,0x75,0x9b,0x1e,0x63,0xe1,0x4d,0xb2,0x81,0xd3,0x55,0x38,0x94,0x1a,
277 0x7a,0xfa,0xbf,0x01,0x18,0x70,0x2d,0x35,0xd3,0xe3,0x10,0x7a,0x9a,0xa7,0x8f,0xf3,
278 0xbd,0x56,0x55,0x5e,0xd8,0xbd,0x4e,0x16,0x76,0xd0,0x48,0x4c,0xf9,0x51,0x54,0xdf,
279 0x2d,0xb0,0xc9,0xaa,0x5e,0x42,0x38,0x50,0xbf,0x0f,0xc0,0xd9,0x84,0x44,0x4b,0x42,
280 0x24,0xec,0x14,0xa3,0xde,0x11,0xdf,0x58,0x7f,0xc2,0x4d,0xb2,0xd5,0x42,0x78,0x6e,
281 0x52,0x3e,0xad,0xc3,0x5f,0x04,0xc4,0xe6,0x31,0xaa,0x81,0x06,0x8b,0x13,0x4b,0x3c,
285 if (!TEST_ptr(bio
= BIO_new_mem_buf(dhx_cert
, sizeof(dhx_cert
)))
286 || !TEST_ptr(cert
= X509_new_ex(libctx
, NULL
))
287 || !TEST_ptr(d2i_X509_bio(bio
, &cert
)))
296 #endif /* OPENSSL_NO_DH */
298 static int test_cipher_reinit(int test_id
)
300 int ret
= 0, diff
, ccm
, siv
;
301 int out1_len
= 0, out2_len
= 0, out3_len
= 0;
302 EVP_CIPHER
*cipher
= NULL
;
303 EVP_CIPHER_CTX
*ctx
= NULL
;
304 unsigned char out1
[256];
305 unsigned char out2
[256];
306 unsigned char out3
[256];
307 unsigned char in
[16] = {
308 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
309 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10
311 unsigned char key
[64] = {
312 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
313 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
314 0x01, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
315 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
316 0x02, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
317 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
318 0x03, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
319 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
321 unsigned char iv
[16] = {
322 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08,
323 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00
325 const char *name
= sk_OPENSSL_CSTRING_value(cipher_names
, test_id
);
327 if (!TEST_ptr(ctx
= EVP_CIPHER_CTX_new()))
330 TEST_note("Fetching %s\n", name
);
331 if (!TEST_ptr(cipher
= EVP_CIPHER_fetch(libctx
, name
, NULL
)))
334 /* ccm fails on the second update - this matches OpenSSL 1_1_1 behaviour */
335 ccm
= (EVP_CIPHER_mode(cipher
) == EVP_CIPH_CCM_MODE
);
337 /* siv cannot be called with NULL key as the iv is irrelevant */
338 siv
= (EVP_CIPHER_mode(cipher
) == EVP_CIPH_SIV_MODE
);
340 /* DES3-WRAP uses random every update - so it will give a different value */
341 diff
= EVP_CIPHER_is_a(cipher
, "DES3-WRAP");
343 if (!TEST_true(EVP_EncryptInit_ex(ctx
, cipher
, NULL
, key
, iv
))
344 || !TEST_true(EVP_EncryptUpdate(ctx
, out1
, &out1_len
, in
, sizeof(in
)))
345 || !TEST_true(EVP_EncryptInit_ex(ctx
, NULL
, NULL
, key
, iv
))
346 || !TEST_int_eq(EVP_EncryptUpdate(ctx
, out2
, &out2_len
, in
, sizeof(in
)),
348 || !TEST_true(EVP_EncryptInit_ex(ctx
, NULL
, NULL
, NULL
, iv
))
349 || !TEST_int_eq(EVP_EncryptUpdate(ctx
, out3
, &out3_len
, in
, sizeof(in
)),
355 if (!TEST_mem_ne(out1
, out1_len
, out2
, out2_len
)
356 || !TEST_mem_ne(out1
, out1_len
, out3
, out3_len
)
357 || !TEST_mem_ne(out2
, out2_len
, out3
, out3_len
))
360 if (!TEST_mem_eq(out1
, out1_len
, out2
, out2_len
)
361 || (!siv
&& !TEST_mem_eq(out1
, out1_len
, out3
, out3_len
)))
367 EVP_CIPHER_free(cipher
);
368 EVP_CIPHER_CTX_free(ctx
);
373 * This test only uses a partial block (half the block size) of input for each
374 * EVP_EncryptUpdate() in order to test that the second init/update is not using
375 * a leftover buffer from the first init/update.
376 * Note: some ciphers don't need a full block to produce output.
378 static int test_cipher_reinit_partialupdate(int test_id
)
381 int out1_len
= 0, out2_len
= 0, out3_len
= 0;
382 EVP_CIPHER
*cipher
= NULL
;
383 EVP_CIPHER_CTX
*ctx
= NULL
;
384 unsigned char out1
[256];
385 unsigned char out2
[256];
386 unsigned char out3
[256];
387 static const unsigned char in
[32] = {
388 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
389 0xba, 0xbe, 0xba, 0xbe, 0x00, 0x00, 0xba, 0xbe,
390 0x01, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
391 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
393 static const unsigned char key
[64] = {
394 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
395 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
396 0x01, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
397 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
398 0x02, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
399 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
400 0x03, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
401 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
403 static const unsigned char iv
[16] = {
404 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08,
405 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00
407 const char *name
= sk_OPENSSL_CSTRING_value(cipher_names
, test_id
);
409 if (!TEST_ptr(ctx
= EVP_CIPHER_CTX_new()))
412 TEST_note("Fetching %s\n", name
);
413 if (!TEST_ptr(cipher
= EVP_CIPHER_fetch(libctx
, name
, NULL
)))
416 in_len
= EVP_CIPHER_block_size(cipher
) / 2;
418 /* skip any ciphers that don't allow partial updates */
419 if (((EVP_CIPHER_flags(cipher
)
420 & (EVP_CIPH_FLAG_CTS
| EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK
)) != 0)
421 || EVP_CIPHER_mode(cipher
) == EVP_CIPH_CCM_MODE
422 || EVP_CIPHER_mode(cipher
) == EVP_CIPH_XTS_MODE
423 || EVP_CIPHER_mode(cipher
) == EVP_CIPH_WRAP_MODE
) {
428 if (!TEST_true(EVP_EncryptInit_ex(ctx
, cipher
, NULL
, key
, iv
))
429 || !TEST_true(EVP_EncryptUpdate(ctx
, out1
, &out1_len
, in
, in_len
))
430 || !TEST_true(EVP_EncryptInit_ex(ctx
, NULL
, NULL
, key
, iv
))
431 || !TEST_true(EVP_EncryptUpdate(ctx
, out2
, &out2_len
, in
, in_len
)))
434 if (!TEST_mem_eq(out1
, out1_len
, out2
, out2_len
))
437 if (EVP_CIPHER_mode(cipher
) != EVP_CIPH_SIV_MODE
) {
438 if (!TEST_true(EVP_EncryptInit_ex(ctx
, NULL
, NULL
, NULL
, iv
))
439 || !TEST_true(EVP_EncryptUpdate(ctx
, out3
, &out3_len
, in
, in_len
)))
442 if (!TEST_mem_eq(out1
, out1_len
, out3
, out3_len
))
447 EVP_CIPHER_free(cipher
);
448 EVP_CIPHER_CTX_free(ctx
);
453 static int name_cmp(const char * const *a
, const char * const *b
)
455 return strcasecmp(*a
, *b
);
458 static void collect_cipher_names(EVP_CIPHER
*cipher
, void *cipher_names_list
)
460 STACK_OF(OPENSSL_CSTRING
) *names
= cipher_names_list
;
462 sk_OPENSSL_CSTRING_push(names
, EVP_CIPHER_name(cipher
));
465 static int rsa_keygen(int bits
, EVP_PKEY
**pub
, EVP_PKEY
**priv
)
468 EVP_PKEY_CTX
*keygen_ctx
= NULL
;
469 unsigned char *pub_der
= NULL
;
470 const unsigned char *pp
= NULL
;
472 OSSL_ENCODER_CTX
*ectx
= NULL
;
474 if (!TEST_ptr(keygen_ctx
= EVP_PKEY_CTX_new_from_name(libctx
, "RSA", NULL
))
475 || !TEST_int_gt(EVP_PKEY_keygen_init(keygen_ctx
), 0)
476 || !TEST_true(EVP_PKEY_CTX_set_rsa_keygen_bits(keygen_ctx
, bits
))
477 || !TEST_int_gt(EVP_PKEY_keygen(keygen_ctx
, priv
), 0)
479 OSSL_ENCODER_CTX_new_for_pkey(*priv
,
481 "DER", "type-specific",
483 || !TEST_true(OSSL_ENCODER_to_data(ectx
, &pub_der
, &len
)))
486 if (!TEST_ptr(d2i_PublicKey(EVP_PKEY_RSA
, pub
, &pp
, len
)))
490 OSSL_ENCODER_CTX_free(ectx
);
491 OPENSSL_free(pub_der
);
492 EVP_PKEY_CTX_free(keygen_ctx
);
496 static int kem_rsa_gen_recover(void)
499 EVP_PKEY
*pub
= NULL
;
500 EVP_PKEY
*priv
= NULL
;
501 EVP_PKEY_CTX
*sctx
= NULL
, *rctx
= NULL
;
502 unsigned char secret
[256] = { 0, };
503 unsigned char ct
[256] = { 0, };
504 unsigned char unwrap
[256] = { 0, };
505 size_t ctlen
= 0, unwraplen
= 0, secretlen
= 0;
507 ret
= TEST_true(rsa_keygen(2048, &pub
, &priv
))
508 && TEST_ptr(sctx
= EVP_PKEY_CTX_new_from_pkey(libctx
, pub
, NULL
))
509 && TEST_int_eq(EVP_PKEY_encapsulate_init(sctx
), 1)
510 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(sctx
, "RSASVE"), 1)
511 && TEST_int_eq(EVP_PKEY_encapsulate(sctx
, NULL
, &ctlen
, NULL
,
513 && TEST_int_eq(ctlen
, secretlen
)
514 && TEST_int_eq(ctlen
, 2048 / 8)
515 && TEST_int_eq(EVP_PKEY_encapsulate(sctx
, ct
, &ctlen
, secret
,
517 && TEST_ptr(rctx
= EVP_PKEY_CTX_new_from_pkey(libctx
, priv
, NULL
))
518 && TEST_int_eq(EVP_PKEY_decapsulate_init(rctx
), 1)
519 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(rctx
, "RSASVE"), 1)
520 && TEST_int_eq(EVP_PKEY_decapsulate(rctx
, NULL
, &unwraplen
,
522 && TEST_int_eq(EVP_PKEY_decapsulate(rctx
, unwrap
, &unwraplen
,
524 && TEST_mem_eq(unwrap
, unwraplen
, secret
, secretlen
);
527 EVP_PKEY_CTX_free(rctx
);
528 EVP_PKEY_CTX_free(sctx
);
532 static int kem_rsa_params(void)
535 EVP_PKEY
*pub
= NULL
;
536 EVP_PKEY
*priv
= NULL
;
537 EVP_PKEY_CTX
*pubctx
= NULL
, *privctx
= NULL
;
538 unsigned char secret
[256] = { 0, };
539 unsigned char ct
[256] = { 0, };
540 size_t ctlen
= 0, secretlen
= 0;
542 ret
= TEST_true(rsa_keygen(2048, &pub
, &priv
))
543 && TEST_ptr(pubctx
= EVP_PKEY_CTX_new_from_pkey(libctx
, pub
, NULL
))
544 && TEST_ptr(privctx
= EVP_PKEY_CTX_new_from_pkey(libctx
, priv
, NULL
))
545 /* Test setting kem op before the init fails */
546 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx
, "RSASVE"), -2)
547 /* Test NULL ctx passed */
548 && TEST_int_eq(EVP_PKEY_encapsulate_init(NULL
), 0)
549 && TEST_int_eq(EVP_PKEY_encapsulate(NULL
, NULL
, NULL
, NULL
, NULL
), 0)
550 && TEST_int_eq(EVP_PKEY_decapsulate_init(NULL
), 0)
551 && TEST_int_eq(EVP_PKEY_decapsulate(NULL
, NULL
, NULL
, NULL
, 0), 0)
552 /* Test Invalid operation */
553 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx
, NULL
, NULL
, NULL
, NULL
), -1)
554 && TEST_int_eq(EVP_PKEY_decapsulate(privctx
, NULL
, NULL
, NULL
, 0), 0)
555 /* Wrong key component - no secret should be returned on failure */
556 && TEST_int_eq(EVP_PKEY_decapsulate_init(pubctx
), 1)
557 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx
, "RSASVE"), 1)
558 && TEST_int_eq(EVP_PKEY_decapsulate(pubctx
, secret
, &secretlen
, ct
,
560 && TEST_uchar_eq(secret
[0], 0)
561 /* Test encapsulate fails if the mode is not set */
562 && TEST_int_eq(EVP_PKEY_encapsulate_init(pubctx
), 1)
563 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx
, ct
, &ctlen
, secret
, &secretlen
), -2)
564 /* Test setting a bad kem ops fail */
565 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx
, "RSA"), 0)
566 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx
, NULL
), 0)
567 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(NULL
, "RSASVE"), 0)
568 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(NULL
, NULL
), 0)
569 /* Test secretlen is optional */
570 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx
, "RSASVE"), 1)
571 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx
, ct
, &ctlen
, secret
, NULL
), 1)
572 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx
, NULL
, &ctlen
, NULL
, NULL
), 1)
573 /* Test outlen is optional */
574 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx
, NULL
, NULL
, NULL
, &secretlen
), 1)
575 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx
, ct
, NULL
, secret
, &secretlen
), 1)
576 /* test that either len must be set if out is NULL */
577 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx
, NULL
, NULL
, NULL
, NULL
), 0)
578 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx
, NULL
, &ctlen
, NULL
, NULL
), 1)
579 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx
, NULL
, NULL
, NULL
, &secretlen
), 1)
580 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx
, NULL
, &ctlen
, NULL
, &secretlen
), 1)
581 /* Secret buffer should be set if there is an output buffer */
582 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx
, ct
, &ctlen
, NULL
, NULL
), 0)
583 /* Test that lengths are optional if ct is not NULL */
584 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx
, ct
, NULL
, secret
, NULL
), 1)
585 /* Pass if secret or secret length are not NULL */
586 && TEST_int_eq(EVP_PKEY_decapsulate_init(privctx
), 1)
587 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(privctx
, "RSASVE"), 1)
588 && TEST_int_eq(EVP_PKEY_decapsulate(privctx
, secret
, NULL
, ct
, sizeof(ct
)), 1)
589 && TEST_int_eq(EVP_PKEY_decapsulate(privctx
, NULL
, &secretlen
, ct
, sizeof(ct
)), 1)
590 && TEST_int_eq(secretlen
, 256)
591 /* Fail if passed NULL arguments */
592 && TEST_int_eq(EVP_PKEY_decapsulate(privctx
, NULL
, NULL
, ct
, sizeof(ct
)), 0)
593 && TEST_int_eq(EVP_PKEY_decapsulate(privctx
, secret
, &secretlen
, NULL
, 0), 0)
594 && TEST_int_eq(EVP_PKEY_decapsulate(privctx
, secret
, &secretlen
, NULL
, sizeof(ct
)), 0)
595 && TEST_int_eq(EVP_PKEY_decapsulate(privctx
, secret
, &secretlen
, ct
, 0), 0);
599 EVP_PKEY_CTX_free(pubctx
);
600 EVP_PKEY_CTX_free(privctx
);
604 #ifndef OPENSSL_NO_DH
605 static EVP_PKEY
*gen_dh_key(void)
607 EVP_PKEY_CTX
*gctx
= NULL
;
608 EVP_PKEY
*pkey
= NULL
;
609 OSSL_PARAM params
[2];
611 params
[0] = OSSL_PARAM_construct_utf8_string("group", "ffdhe2048", 0);
612 params
[1] = OSSL_PARAM_construct_end();
614 if (!TEST_ptr(gctx
= EVP_PKEY_CTX_new_from_name(libctx
, "DH", NULL
))
615 || !TEST_true(EVP_PKEY_keygen_init(gctx
))
616 || !TEST_true(EVP_PKEY_CTX_set_params(gctx
, params
))
617 || !TEST_true(EVP_PKEY_keygen(gctx
, &pkey
)))
620 EVP_PKEY_CTX_free(gctx
);
624 /* Fail if we try to use a dh key */
625 static int kem_invalid_keytype(void)
628 EVP_PKEY
*key
= NULL
;
629 EVP_PKEY_CTX
*sctx
= NULL
;
631 if (!TEST_ptr(key
= gen_dh_key()))
634 if (!TEST_ptr(sctx
= EVP_PKEY_CTX_new_from_pkey(libctx
, key
, NULL
)))
636 if (!TEST_int_eq(EVP_PKEY_encapsulate_init(sctx
), -2))
642 EVP_PKEY_CTX_free(sctx
);
645 #endif /* OPENSSL_NO_DH */
647 int setup_tests(void)
649 const char *prov_name
= "default";
650 char *config_file
= NULL
;
653 while ((o
= opt_next()) != OPT_EOF
) {
655 case OPT_PROVIDER_NAME
:
656 prov_name
= opt_arg();
658 case OPT_CONFIG_FILE
:
659 config_file
= opt_arg();
669 if (!test_get_libctx(&libctx
, &nullprov
, config_file
, &libprov
, prov_name
))
672 #if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DH)
673 ADD_ALL_TESTS(test_dsa_param_keygen
, 3 * 3 * 3);
675 #ifndef OPENSSL_NO_DH
676 ADD_ALL_TESTS(test_dh_safeprime_param_keygen
, 3 * 3 * 3);
677 ADD_TEST(dhx_cert_load
);
680 if (!TEST_ptr(cipher_names
= sk_OPENSSL_CSTRING_new(name_cmp
)))
682 EVP_CIPHER_do_all_provided(libctx
, collect_cipher_names
, cipher_names
);
684 ADD_ALL_TESTS(test_cipher_reinit
, sk_OPENSSL_CSTRING_num(cipher_names
));
685 ADD_ALL_TESTS(test_cipher_reinit_partialupdate
,
686 sk_OPENSSL_CSTRING_num(cipher_names
));
687 ADD_TEST(kem_rsa_gen_recover
);
688 ADD_TEST(kem_rsa_params
);
689 #ifndef OPENSSL_NO_DH
690 ADD_TEST(kem_invalid_keytype
);
695 void cleanup_tests(void)
697 sk_OPENSSL_CSTRING_free(cipher_names
);
698 OSSL_PROVIDER_unload(libprov
);
699 OSSL_LIB_CTX_free(libctx
);
700 OSSL_PROVIDER_unload(nullprov
);