]> git.ipfire.org Git - thirdparty/openssl.git/blob - test/evp_libctx_test.c
projects / thirdparty / openssl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Fix external symbols for bn
[thirdparty/openssl.git] / test / evp_libctx_test.c
1 /*
2 * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 /*
11
12 * These tests are setup to load null into the default library context.
13 * Any tests are expected to use the created 'libctx' to find algorithms.
14 * The framework runs the tests twice using the 'default' provider or
15 * 'fips' provider as inputs.
16 */
17
18 /*
19 * DSA/DH low level APIs are deprecated for public use, but still ok for
20 * internal use.
21 */
22 #include "internal/deprecated.h"
23 #include <openssl/evp.h>
24 #include <openssl/provider.h>
25 #include <openssl/dsa.h>
26 #include <openssl/dh.h>
27 #include <openssl/safestack.h>
28 #include <openssl/core_dispatch.h>
29 #include <openssl/core_names.h>
30 #include <openssl/x509.h>
31 #include <openssl/encoder.h>
32 #include "testutil.h"
33 #include "internal/nelem.h"
34 #include "crypto/bn_dh.h" /* _bignum_ffdhe2048_p */
35 #include "../e_os.h" /* strcasecmp */
36
37 static OSSL_LIB_CTX *libctx = NULL;
38 static OSSL_PROVIDER *nullprov = NULL;
39 static OSSL_PROVIDER *libprov = NULL;
40 static STACK_OF(OPENSSL_CSTRING) *cipher_names = NULL;
41
42 typedef enum OPTION_choice {
43 OPT_ERR = -1,
44 OPT_EOF = 0,
45 OPT_CONFIG_FILE,
46 OPT_PROVIDER_NAME,
47 OPT_TEST_ENUM
48 } OPTION_CHOICE;
49
50 const OPTIONS *test_get_options(void)
51 {
52 static const OPTIONS test_options[] = {
53 OPT_TEST_OPTIONS_DEFAULT_USAGE,
54 { "config", OPT_CONFIG_FILE, '<',
55 "The configuration file to use for the libctx" },
56 { "provider", OPT_PROVIDER_NAME, 's',
57 "The provider to load (The default value is 'default'" },
58 { NULL }
59 };
60 return test_options;
61 }
62
63 #ifndef OPENSSL_NO_DH
64 static const char *getname(int id)
65 {
66 const char *name[] = {"p", "q", "g" };
67
68 if (id >= 0 && id < 3)
69 return name[id];
70 return "?";
71 }
72 #endif
73
74 /*
75 * We're using some DH specific values in this test, so we skip compilation if
76 * we're in a no-dh build.
77 */
78 #if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DH)
79
80 static int test_dsa_param_keygen(int tstid)
81 {
82 int ret = 0;
83 int expected;
84 EVP_PKEY_CTX *gen_ctx = NULL;
85 EVP_PKEY *pkey_parm = NULL;
86 EVP_PKEY *pkey = NULL;
87 DSA *dsa = NULL;
88 int pind, qind, gind;
89 BIGNUM *p = NULL, *q = NULL, *g = NULL;
90
91 /*
92 * Just grab some fixed dh p, q, g values for testing,
93 * these 'safe primes' should not be used normally for dsa *.
94 */
95 static const BIGNUM *bn[] = {
96 &ossl_bignum_dh2048_256_p, &ossl_bignum_dh2048_256_q,
97 &ossl_bignum_dh2048_256_g
98 };
99
100 /*
101 * These tests are using bad values for p, q, g by reusing the values.
102 * A value of 0 uses p, 1 uses q and 2 uses g.
103 * There are 27 different combinations, with only the 1 valid combination.
104 */
105 pind = tstid / 9;
106 qind = (tstid / 3) % 3;
107 gind = tstid % 3;
108 expected = (pind == 0 && qind == 1 && gind == 2);
109
110 TEST_note("Testing with (p, q, g) = (%s, %s, %s)\n", getname(pind),
111 getname(qind), getname(gind));
112
113 if (!TEST_ptr(pkey_parm = EVP_PKEY_new())
114 || !TEST_ptr(dsa = DSA_new())
115 || !TEST_ptr(p = BN_dup(bn[pind]))
116 || !TEST_ptr(q = BN_dup(bn[qind]))
117 || !TEST_ptr(g = BN_dup(bn[gind]))
118 || !TEST_true(DSA_set0_pqg(dsa, p, q, g)))
119 goto err;
120 p = q = g = NULL;
121
122 if (!TEST_true(EVP_PKEY_assign_DSA(pkey_parm, dsa)))
123 goto err;
124 dsa = NULL;
125
126 if (!TEST_ptr(gen_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey_parm, NULL))
127 || !TEST_int_gt(EVP_PKEY_keygen_init(gen_ctx), 0)
128 || !TEST_int_eq(EVP_PKEY_keygen(gen_ctx, &pkey), expected))
129 goto err;
130 ret = 1;
131 err:
132 EVP_PKEY_free(pkey);
133 EVP_PKEY_CTX_free(gen_ctx);
134 EVP_PKEY_free(pkey_parm);
135 DSA_free(dsa);
136 BN_free(g);
137 BN_free(q);
138 BN_free(p);
139 return ret;
140 }
141 #endif /* OPENSSL_NO_DSA */
142
143 #ifndef OPENSSL_NO_DH
144 static int do_dh_param_keygen(int tstid, const BIGNUM **bn)
145 {
146 int ret = 0;
147 int expected;
148 EVP_PKEY_CTX *gen_ctx = NULL;
149 EVP_PKEY *pkey_parm = NULL;
150 EVP_PKEY *pkey = NULL;
151 DH *dh = NULL;
152 int pind, qind, gind;
153 BIGNUM *p = NULL, *q = NULL, *g = NULL;
154
155 /*
156 * These tests are using bad values for p, q, g by reusing the values.
157 * A value of 0 uses p, 1 uses q and 2 uses g.
158 * There are 27 different combinations, with only the 1 valid combination.
159 */
160 pind = tstid / 9;
161 qind = (tstid / 3) % 3;
162 gind = tstid % 3;
163 expected = (pind == 0 && qind == 1 && gind == 2);
164
165 TEST_note("Testing with (p, q, g) = (%s, %s, %s)", getname(pind),
166 getname(qind), getname(gind));
167
168 if (!TEST_ptr(pkey_parm = EVP_PKEY_new())
169 || !TEST_ptr(dh = DH_new())
170 || !TEST_ptr(p = BN_dup(bn[pind]))
171 || !TEST_ptr(q = BN_dup(bn[qind]))
172 || !TEST_ptr(g = BN_dup(bn[gind]))
173 || !TEST_true(DH_set0_pqg(dh, p, q, g)))
174 goto err;
175 p = q = g = NULL;
176
177 if (!TEST_true(EVP_PKEY_assign_DH(pkey_parm, dh)))
178 goto err;
179 dh = NULL;
180
181 if (!TEST_ptr(gen_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey_parm, NULL))
182 || !TEST_int_gt(EVP_PKEY_keygen_init(gen_ctx), 0)
183 || !TEST_int_eq(EVP_PKEY_keygen(gen_ctx, &pkey), expected))
184 goto err;
185 ret = 1;
186 err:
187 EVP_PKEY_free(pkey);
188 EVP_PKEY_CTX_free(gen_ctx);
189 EVP_PKEY_free(pkey_parm);
190 DH_free(dh);
191 BN_free(g);
192 BN_free(q);
193 BN_free(p);
194 return ret;
195 }
196
197 /*
198 * Note that we get the fips186-4 path being run for most of these cases since
199 * the internal code will detect that the p, q, g does not match a safe prime
200 * group (Except for when tstid = 5, which sets the correct p, q, g)
201 */
202 static int test_dh_safeprime_param_keygen(int tstid)
203 {
204 static const BIGNUM *bn[] = {
205 &ossl_bignum_ffdhe2048_p, &ossl_bignum_ffdhe2048_q,
206 &ossl_bignum_const_2
207 };
208 return do_dh_param_keygen(tstid, bn);
209 }
210
211 static int dhx_cert_load(void)
212 {
213 int ret = 0;
214 X509 *cert = NULL;
215 BIO *bio = NULL;
216
217 static const unsigned char dhx_cert[] = {
218 0x30,0x82,0x03,0xff,0x30,0x82,0x02,0xe7,0xa0,0x03,0x02,0x01,0x02,0x02,0x09,0x00,
219 0xdb,0xf5,0x4d,0x22,0xa0,0x7a,0x67,0xa6,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,
220 0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x30,0x44,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,
221 0x04,0x06,0x13,0x02,0x55,0x4b,0x31,0x16,0x30,0x14,0x06,0x03,0x55,0x04,0x0a,0x0c,
222 0x0d,0x4f,0x70,0x65,0x6e,0x53,0x53,0x4c,0x20,0x47,0x72,0x6f,0x75,0x70,0x31,0x1d,
223 0x30,0x1b,0x06,0x03,0x55,0x04,0x03,0x0c,0x14,0x54,0x65,0x73,0x74,0x20,0x53,0x2f,
224 0x4d,0x49,0x4d,0x45,0x20,0x52,0x53,0x41,0x20,0x52,0x6f,0x6f,0x74,0x30,0x1e,0x17,
225 0x0d,0x31,0x33,0x30,0x38,0x30,0x32,0x31,0x34,0x34,0x39,0x32,0x39,0x5a,0x17,0x0d,
226 0x32,0x33,0x30,0x36,0x31,0x31,0x31,0x34,0x34,0x39,0x32,0x39,0x5a,0x30,0x44,0x31,
227 0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x4b,0x31,0x16,0x30,0x14,
228 0x06,0x03,0x55,0x04,0x0a,0x0c,0x0d,0x4f,0x70,0x65,0x6e,0x53,0x53,0x4c,0x20,0x47,
229 0x72,0x6f,0x75,0x70,0x31,0x1d,0x30,0x1b,0x06,0x03,0x55,0x04,0x03,0x0c,0x14,0x54,
230 0x65,0x73,0x74,0x20,0x53,0x2f,0x4d,0x49,0x4d,0x45,0x20,0x45,0x45,0x20,0x44,0x48,
231 0x20,0x23,0x31,0x30,0x82,0x01,0xb6,0x30,0x82,0x01,0x2b,0x06,0x07,0x2a,0x86,0x48,
232 0xce,0x3e,0x02,0x01,0x30,0x82,0x01,0x1e,0x02,0x81,0x81,0x00,0xd4,0x0c,0x4a,0x0c,
233 0x04,0x72,0x71,0x19,0xdf,0x59,0x19,0xc5,0xaf,0x44,0x7f,0xca,0x8e,0x2b,0xf0,0x09,
234 0xf5,0xd3,0x25,0xb1,0x73,0x16,0x55,0x89,0xdf,0xfd,0x07,0xaf,0x19,0xd3,0x7f,0xd0,
235 0x07,0xa2,0xfe,0x3f,0x5a,0xf1,0x01,0xc6,0xf8,0x2b,0xef,0x4e,0x6d,0x03,0x38,0x42,
236 0xa1,0x37,0xd4,0x14,0xb4,0x00,0x4a,0xb1,0x86,0x5a,0x83,0xce,0xb9,0x08,0x0e,0xc1,
237 0x99,0x27,0x47,0x8d,0x0b,0x85,0xa8,0x82,0xed,0xcc,0x0d,0xb9,0xb0,0x32,0x7e,0xdf,
238 0xe8,0xe4,0xf6,0xf6,0xec,0xb3,0xee,0x7a,0x11,0x34,0x65,0x97,0xfc,0x1a,0xb0,0x95,
239 0x4b,0x19,0xb9,0xa6,0x1c,0xd9,0x01,0x32,0xf7,0x35,0x7c,0x2d,0x5d,0xfe,0xc1,0x85,
240 0x70,0x49,0xf8,0xcc,0x99,0xd0,0xbe,0xf1,0x5a,0x78,0xc8,0x03,0x02,0x81,0x80,0x69,
241 0x00,0xfd,0x66,0xf2,0xfc,0x15,0x8b,0x09,0xb8,0xdc,0x4d,0xea,0xaa,0x79,0x55,0xf9,
242 0xdf,0x46,0xa6,0x2f,0xca,0x2d,0x8f,0x59,0x2a,0xad,0x44,0xa3,0xc6,0x18,0x2f,0x95,
243 0xb6,0x16,0x20,0xe3,0xd3,0xd1,0x8f,0x03,0xce,0x71,0x7c,0xef,0x3a,0xc7,0x44,0x39,
244 0x0e,0xe2,0x1f,0xd8,0xd3,0x89,0x2b,0xe7,0x51,0xdc,0x12,0x48,0x4c,0x18,0x4d,0x99,
245 0x12,0x06,0xe4,0x17,0x02,0x03,0x8c,0x24,0x05,0x8e,0xa6,0x85,0xf2,0x69,0x1b,0xe1,
246 0x6a,0xdc,0xe2,0x04,0x3a,0x01,0x9d,0x64,0xbe,0xfe,0x45,0xf9,0x44,0x18,0x71,0xbd,
247 0x2d,0x3e,0x7a,0x6f,0x72,0x7d,0x1a,0x80,0x42,0x57,0xae,0x18,0x6f,0x91,0xd6,0x61,
248 0x03,0x8a,0x1c,0x89,0x73,0xc7,0x56,0x41,0x03,0xd3,0xf8,0xed,0x65,0xe2,0x85,0x02,
249 0x15,0x00,0x89,0x94,0xab,0x10,0x67,0x45,0x41,0xad,0x63,0xc6,0x71,0x40,0x8d,0x6b,
250 0x9e,0x19,0x5b,0xa4,0xc7,0xf5,0x03,0x81,0x84,0x00,0x02,0x81,0x80,0x2f,0x5b,0xde,
251 0x72,0x02,0x36,0x6b,0x00,0x5e,0x24,0x7f,0x14,0x2c,0x18,0x52,0x42,0x97,0x4b,0xdb,
252 0x6e,0x15,0x50,0x3c,0x45,0x3e,0x25,0xf3,0xb7,0xc5,0x6e,0xe5,0x52,0xe7,0xc4,0xfb,
253 0xf4,0xa5,0xf0,0x39,0x12,0x7f,0xbc,0x54,0x1c,0x93,0xb9,0x5e,0xee,0xe9,0x14,0xb0,
254 0xdf,0xfe,0xfc,0x36,0xe4,0xf2,0xaf,0xfb,0x13,0xc8,0xdf,0x18,0x94,0x1d,0x40,0xb9,
255 0x71,0xdd,0x4c,0x9c,0xa7,0x03,0x52,0x02,0xb5,0xed,0x71,0x80,0x3e,0x23,0xda,0x28,
256 0xe5,0xab,0xe7,0x6f,0xf2,0x0a,0x0e,0x00,0x5b,0x7d,0xc6,0x4b,0xd7,0xc7,0xb2,0xc3,
257 0xba,0x62,0x7f,0x70,0x28,0xa0,0x9d,0x71,0x13,0x70,0xd1,0x9f,0x32,0x2f,0x3e,0xd2,
258 0xcd,0x1b,0xa4,0xc6,0x72,0xa0,0x74,0x5d,0x71,0xef,0x03,0x43,0x6e,0xa3,0x60,0x30,
259 0x5e,0x30,0x0c,0x06,0x03,0x55,0x1d,0x13,0x01,0x01,0xff,0x04,0x02,0x30,0x00,0x30,
260 0x0e,0x06,0x03,0x55,0x1d,0x0f,0x01,0x01,0xff,0x04,0x04,0x03,0x02,0x05,0xe0,0x30,
261 0x1d,0x06,0x03,0x55,0x1d,0x0e,0x04,0x16,0x04,0x14,0x0b,0x5a,0x4d,0x5f,0x7d,0x25,
262 0xc7,0xf2,0x9d,0xc1,0xaa,0xb7,0x63,0x82,0x2f,0xfa,0x8f,0x32,0xe7,0xc0,0x30,0x1f,
263 0x06,0x03,0x55,0x1d,0x23,0x04,0x18,0x30,0x16,0x80,0x14,0xdf,0x7e,0x5e,0x88,0x05,
264 0x24,0x33,0x08,0xdd,0x22,0x81,0x02,0x97,0xcc,0x9a,0xb7,0xb1,0x33,0x27,0x30,0x30,
265 0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x03,0x82,
266 0x01,0x01,0x00,0x5a,0xf2,0x63,0xef,0xd3,0x16,0xd7,0xf5,0xaa,0xdd,0x12,0x00,0x36,
267 0x00,0x21,0xa2,0x7b,0x08,0xd6,0x3b,0x9f,0x62,0xac,0x53,0x1f,0xed,0x4c,0xd1,0x15,
268 0x34,0x65,0x71,0xee,0x96,0x07,0xa6,0xef,0xb2,0xde,0xd8,0xbb,0x35,0x6e,0x2c,0xe2,
269 0xd1,0x26,0xef,0x7e,0x94,0xe2,0x88,0x51,0xa4,0x6c,0xaa,0x27,0x2a,0xd3,0xb6,0xc2,
270 0xf7,0xea,0xc3,0x0b,0xa9,0xb5,0x28,0x37,0xa2,0x63,0x08,0xe4,0x88,0xc0,0x1b,0x16,
271 0x1b,0xca,0xfd,0x8a,0x07,0x32,0x29,0xa7,0x53,0xb5,0x2d,0x30,0xe4,0xf5,0x16,0xc3,
272 0xe3,0xc2,0x4c,0x30,0x5d,0x35,0x80,0x1c,0xa2,0xdb,0xe3,0x4b,0x51,0x0d,0x4c,0x60,
273 0x5f,0xb9,0x46,0xac,0xa8,0x46,0xa7,0x32,0xa7,0x9c,0x76,0xf8,0xe9,0xb5,0x19,0xe2,
274 0x0c,0xe1,0x0f,0xc6,0x46,0xe2,0x38,0xa7,0x87,0x72,0x6d,0x6c,0xbc,0x88,0x2f,0x9d,
275 0x2d,0xe5,0xd0,0x7d,0x1e,0xc7,0x5d,0xf8,0x7e,0xb4,0x0b,0xa6,0xf9,0x6c,0xe3,0x7c,
276 0xb2,0x70,0x6e,0x75,0x9b,0x1e,0x63,0xe1,0x4d,0xb2,0x81,0xd3,0x55,0x38,0x94,0x1a,
277 0x7a,0xfa,0xbf,0x01,0x18,0x70,0x2d,0x35,0xd3,0xe3,0x10,0x7a,0x9a,0xa7,0x8f,0xf3,
278 0xbd,0x56,0x55,0x5e,0xd8,0xbd,0x4e,0x16,0x76,0xd0,0x48,0x4c,0xf9,0x51,0x54,0xdf,
279 0x2d,0xb0,0xc9,0xaa,0x5e,0x42,0x38,0x50,0xbf,0x0f,0xc0,0xd9,0x84,0x44,0x4b,0x42,
280 0x24,0xec,0x14,0xa3,0xde,0x11,0xdf,0x58,0x7f,0xc2,0x4d,0xb2,0xd5,0x42,0x78,0x6e,
281 0x52,0x3e,0xad,0xc3,0x5f,0x04,0xc4,0xe6,0x31,0xaa,0x81,0x06,0x8b,0x13,0x4b,0x3c,
282 0x0e,0x6a,0xb1
283 };
284
285 if (!TEST_ptr(bio = BIO_new_mem_buf(dhx_cert, sizeof(dhx_cert)))
286 || !TEST_ptr(cert = X509_new_ex(libctx, NULL))
287 || !TEST_ptr(d2i_X509_bio(bio, &cert)))
288 goto err;
289 ret = 1;
290 err:
291 X509_free(cert);
292 BIO_free(bio);
293 return ret;
294 }
295
296 #endif /* OPENSSL_NO_DH */
297
298 static int test_cipher_reinit(int test_id)
299 {
300 int ret = 0, diff, ccm, siv;
301 int out1_len = 0, out2_len = 0, out3_len = 0;
302 EVP_CIPHER *cipher = NULL;
303 EVP_CIPHER_CTX *ctx = NULL;
304 unsigned char out1[256];
305 unsigned char out2[256];
306 unsigned char out3[256];
307 unsigned char in[16] = {
308 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
309 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10
310 };
311 unsigned char key[64] = {
312 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
313 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
314 0x01, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
315 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
316 0x02, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
317 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
318 0x03, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
319 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
320 };
321 unsigned char iv[16] = {
322 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08,
323 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00
324 };
325 const char *name = sk_OPENSSL_CSTRING_value(cipher_names, test_id);
326
327 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()))
328 goto err;
329
330 TEST_note("Fetching %s\n", name);
331 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, name, NULL)))
332 goto err;
333
334 /* ccm fails on the second update - this matches OpenSSL 1_1_1 behaviour */
335 ccm = (EVP_CIPHER_mode(cipher) == EVP_CIPH_CCM_MODE);
336
337 /* siv cannot be called with NULL key as the iv is irrelevant */
338 siv = (EVP_CIPHER_mode(cipher) == EVP_CIPH_SIV_MODE);
339
340 /* DES3-WRAP uses random every update - so it will give a different value */
341 diff = EVP_CIPHER_is_a(cipher, "DES3-WRAP");
342
343 if (!TEST_true(EVP_EncryptInit_ex(ctx, cipher, NULL, key, iv))
344 || !TEST_true(EVP_EncryptUpdate(ctx, out1, &out1_len, in, sizeof(in)))
345 || !TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv))
346 || !TEST_int_eq(EVP_EncryptUpdate(ctx, out2, &out2_len, in, sizeof(in)),
347 ccm ? 0 : 1)
348 || !TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv))
349 || !TEST_int_eq(EVP_EncryptUpdate(ctx, out3, &out3_len, in, sizeof(in)),
350 ccm || siv ? 0 : 1))
351 goto err;
352
353 if (ccm == 0) {
354 if (diff) {
355 if (!TEST_mem_ne(out1, out1_len, out2, out2_len)
356 || !TEST_mem_ne(out1, out1_len, out3, out3_len)
357 || !TEST_mem_ne(out2, out2_len, out3, out3_len))
358 goto err;
359 } else {
360 if (!TEST_mem_eq(out1, out1_len, out2, out2_len)
361 || (!siv && !TEST_mem_eq(out1, out1_len, out3, out3_len)))
362 goto err;
363 }
364 }
365 ret = 1;
366 err:
367 EVP_CIPHER_free(cipher);
368 EVP_CIPHER_CTX_free(ctx);
369 return ret;
370 }
371
372 /*
373 * This test only uses a partial block (half the block size) of input for each
374 * EVP_EncryptUpdate() in order to test that the second init/update is not using
375 * a leftover buffer from the first init/update.
376 * Note: some ciphers don't need a full block to produce output.
377 */
378 static int test_cipher_reinit_partialupdate(int test_id)
379 {
380 int ret = 0, in_len;
381 int out1_len = 0, out2_len = 0, out3_len = 0;
382 EVP_CIPHER *cipher = NULL;
383 EVP_CIPHER_CTX *ctx = NULL;
384 unsigned char out1[256];
385 unsigned char out2[256];
386 unsigned char out3[256];
387 static const unsigned char in[32] = {
388 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
389 0xba, 0xbe, 0xba, 0xbe, 0x00, 0x00, 0xba, 0xbe,
390 0x01, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
391 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
392 };
393 static const unsigned char key[64] = {
394 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
395 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
396 0x01, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
397 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
398 0x02, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
399 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
400 0x03, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
401 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
402 };
403 static const unsigned char iv[16] = {
404 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08,
405 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00
406 };
407 const char *name = sk_OPENSSL_CSTRING_value(cipher_names, test_id);
408
409 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()))
410 goto err;
411
412 TEST_note("Fetching %s\n", name);
413 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, name, NULL)))
414 goto err;
415
416 in_len = EVP_CIPHER_block_size(cipher) / 2;
417
418 /* skip any ciphers that don't allow partial updates */
419 if (((EVP_CIPHER_flags(cipher)
420 & (EVP_CIPH_FLAG_CTS | EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK)) != 0)
421 || EVP_CIPHER_mode(cipher) == EVP_CIPH_CCM_MODE
422 || EVP_CIPHER_mode(cipher) == EVP_CIPH_XTS_MODE
423 || EVP_CIPHER_mode(cipher) == EVP_CIPH_WRAP_MODE) {
424 ret = 1;
425 goto err;
426 }
427
428 if (!TEST_true(EVP_EncryptInit_ex(ctx, cipher, NULL, key, iv))
429 || !TEST_true(EVP_EncryptUpdate(ctx, out1, &out1_len, in, in_len))
430 || !TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv))
431 || !TEST_true(EVP_EncryptUpdate(ctx, out2, &out2_len, in, in_len)))
432 goto err;
433
434 if (!TEST_mem_eq(out1, out1_len, out2, out2_len))
435 goto err;
436
437 if (EVP_CIPHER_mode(cipher) != EVP_CIPH_SIV_MODE) {
438 if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv))
439 || !TEST_true(EVP_EncryptUpdate(ctx, out3, &out3_len, in, in_len)))
440 goto err;
441
442 if (!TEST_mem_eq(out1, out1_len, out3, out3_len))
443 goto err;
444 }
445 ret = 1;
446 err:
447 EVP_CIPHER_free(cipher);
448 EVP_CIPHER_CTX_free(ctx);
449 return ret;
450 }
451
452
453 static int name_cmp(const char * const *a, const char * const *b)
454 {
455 return strcasecmp(*a, *b);
456 }
457
458 static void collect_cipher_names(EVP_CIPHER *cipher, void *cipher_names_list)
459 {
460 STACK_OF(OPENSSL_CSTRING) *names = cipher_names_list;
461
462 sk_OPENSSL_CSTRING_push(names, EVP_CIPHER_name(cipher));
463 }
464
465 static int rsa_keygen(int bits, EVP_PKEY **pub, EVP_PKEY **priv)
466 {
467 int ret = 0;
468 EVP_PKEY_CTX *keygen_ctx = NULL;
469 unsigned char *pub_der = NULL;
470 const unsigned char *pp = NULL;
471 size_t len = 0;
472 OSSL_ENCODER_CTX *ectx = NULL;
473
474 if (!TEST_ptr(keygen_ctx = EVP_PKEY_CTX_new_from_name(libctx, "RSA", NULL))
475 || !TEST_int_gt(EVP_PKEY_keygen_init(keygen_ctx), 0)
476 || !TEST_true(EVP_PKEY_CTX_set_rsa_keygen_bits(keygen_ctx, bits))
477 || !TEST_int_gt(EVP_PKEY_keygen(keygen_ctx, priv), 0)
478 || !TEST_ptr(ectx =
479 OSSL_ENCODER_CTX_new_for_pkey(*priv,
480 EVP_PKEY_PUBLIC_KEY,
481 "DER", "type-specific",
482 NULL))
483 || !TEST_true(OSSL_ENCODER_to_data(ectx, &pub_der, &len)))
484 goto err;
485 pp = pub_der;
486 if (!TEST_ptr(d2i_PublicKey(EVP_PKEY_RSA, pub, &pp, len)))
487 goto err;
488 ret = 1;
489 err:
490 OSSL_ENCODER_CTX_free(ectx);
491 OPENSSL_free(pub_der);
492 EVP_PKEY_CTX_free(keygen_ctx);
493 return ret;
494 }
495
496 static int kem_rsa_gen_recover(void)
497 {
498 int ret = 0;
499 EVP_PKEY *pub = NULL;
500 EVP_PKEY *priv = NULL;
501 EVP_PKEY_CTX *sctx = NULL, *rctx = NULL;
502 unsigned char secret[256] = { 0, };
503 unsigned char ct[256] = { 0, };
504 unsigned char unwrap[256] = { 0, };
505 size_t ctlen = 0, unwraplen = 0, secretlen = 0;
506
507 ret = TEST_true(rsa_keygen(2048, &pub, &priv))
508 && TEST_ptr(sctx = EVP_PKEY_CTX_new_from_pkey(libctx, pub, NULL))
509 && TEST_int_eq(EVP_PKEY_encapsulate_init(sctx), 1)
510 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(sctx, "RSASVE"), 1)
511 && TEST_int_eq(EVP_PKEY_encapsulate(sctx, NULL, &ctlen, NULL,
512 &secretlen), 1)
513 && TEST_int_eq(ctlen, secretlen)
514 && TEST_int_eq(ctlen, 2048 / 8)
515 && TEST_int_eq(EVP_PKEY_encapsulate(sctx, ct, &ctlen, secret,
516 &secretlen), 1)
517 && TEST_ptr(rctx = EVP_PKEY_CTX_new_from_pkey(libctx, priv, NULL))
518 && TEST_int_eq(EVP_PKEY_decapsulate_init(rctx), 1)
519 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(rctx, "RSASVE"), 1)
520 && TEST_int_eq(EVP_PKEY_decapsulate(rctx, NULL, &unwraplen,
521 ct, ctlen), 1)
522 && TEST_int_eq(EVP_PKEY_decapsulate(rctx, unwrap, &unwraplen,
523 ct, ctlen), 1)
524 && TEST_mem_eq(unwrap, unwraplen, secret, secretlen);
525 EVP_PKEY_free(pub);
526 EVP_PKEY_free(priv);
527 EVP_PKEY_CTX_free(rctx);
528 EVP_PKEY_CTX_free(sctx);
529 return ret;
530 }
531
532 static int kem_rsa_params(void)
533 {
534 int ret = 0;
535 EVP_PKEY *pub = NULL;
536 EVP_PKEY *priv = NULL;
537 EVP_PKEY_CTX *pubctx = NULL, *privctx = NULL;
538 unsigned char secret[256] = { 0, };
539 unsigned char ct[256] = { 0, };
540 size_t ctlen = 0, secretlen = 0;
541
542 ret = TEST_true(rsa_keygen(2048, &pub, &priv))
543 && TEST_ptr(pubctx = EVP_PKEY_CTX_new_from_pkey(libctx, pub, NULL))
544 && TEST_ptr(privctx = EVP_PKEY_CTX_new_from_pkey(libctx, priv, NULL))
545 /* Test setting kem op before the init fails */
546 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx, "RSASVE"), -2)
547 /* Test NULL ctx passed */
548 && TEST_int_eq(EVP_PKEY_encapsulate_init(NULL), 0)
549 && TEST_int_eq(EVP_PKEY_encapsulate(NULL, NULL, NULL, NULL, NULL), 0)
550 && TEST_int_eq(EVP_PKEY_decapsulate_init(NULL), 0)
551 && TEST_int_eq(EVP_PKEY_decapsulate(NULL, NULL, NULL, NULL, 0), 0)
552 /* Test Invalid operation */
553 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, NULL, NULL, NULL), -1)
554 && TEST_int_eq(EVP_PKEY_decapsulate(privctx, NULL, NULL, NULL, 0), 0)
555 /* Wrong key component - no secret should be returned on failure */
556 && TEST_int_eq(EVP_PKEY_decapsulate_init(pubctx), 1)
557 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx, "RSASVE"), 1)
558 && TEST_int_eq(EVP_PKEY_decapsulate(pubctx, secret, &secretlen, ct,
559 sizeof(ct)), 0)
560 && TEST_uchar_eq(secret[0], 0)
561 /* Test encapsulate fails if the mode is not set */
562 && TEST_int_eq(EVP_PKEY_encapsulate_init(pubctx), 1)
563 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, ct, &ctlen, secret, &secretlen), -2)
564 /* Test setting a bad kem ops fail */
565 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx, "RSA"), 0)
566 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx, NULL), 0)
567 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(NULL, "RSASVE"), 0)
568 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(NULL, NULL), 0)
569 /* Test secretlen is optional */
570 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx, "RSASVE"), 1)
571 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, ct, &ctlen, secret, NULL), 1)
572 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, &ctlen, NULL, NULL), 1)
573 /* Test outlen is optional */
574 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, NULL, NULL, &secretlen), 1)
575 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, ct, NULL, secret, &secretlen), 1)
576 /* test that either len must be set if out is NULL */
577 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, NULL, NULL, NULL), 0)
578 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, &ctlen, NULL, NULL), 1)
579 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, NULL, NULL, &secretlen), 1)
580 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, &ctlen, NULL, &secretlen), 1)
581 /* Secret buffer should be set if there is an output buffer */
582 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, ct, &ctlen, NULL, NULL), 0)
583 /* Test that lengths are optional if ct is not NULL */
584 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, ct, NULL, secret, NULL), 1)
585 /* Pass if secret or secret length are not NULL */
586 && TEST_int_eq(EVP_PKEY_decapsulate_init(privctx), 1)
587 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(privctx, "RSASVE"), 1)
588 && TEST_int_eq(EVP_PKEY_decapsulate(privctx, secret, NULL, ct, sizeof(ct)), 1)
589 && TEST_int_eq(EVP_PKEY_decapsulate(privctx, NULL, &secretlen, ct, sizeof(ct)), 1)
590 && TEST_int_eq(secretlen, 256)
591 /* Fail if passed NULL arguments */
592 && TEST_int_eq(EVP_PKEY_decapsulate(privctx, NULL, NULL, ct, sizeof(ct)), 0)
593 && TEST_int_eq(EVP_PKEY_decapsulate(privctx, secret, &secretlen, NULL, 0), 0)
594 && TEST_int_eq(EVP_PKEY_decapsulate(privctx, secret, &secretlen, NULL, sizeof(ct)), 0)
595 && TEST_int_eq(EVP_PKEY_decapsulate(privctx, secret, &secretlen, ct, 0), 0);
596
597 EVP_PKEY_free(pub);
598 EVP_PKEY_free(priv);
599 EVP_PKEY_CTX_free(pubctx);
600 EVP_PKEY_CTX_free(privctx);
601 return ret;
602 }
603
604 #ifndef OPENSSL_NO_DH
605 static EVP_PKEY *gen_dh_key(void)
606 {
607 EVP_PKEY_CTX *gctx = NULL;
608 EVP_PKEY *pkey = NULL;
609 OSSL_PARAM params[2];
610
611 params[0] = OSSL_PARAM_construct_utf8_string("group", "ffdhe2048", 0);
612 params[1] = OSSL_PARAM_construct_end();
613
614 if (!TEST_ptr(gctx = EVP_PKEY_CTX_new_from_name(libctx, "DH", NULL))
615 || !TEST_true(EVP_PKEY_keygen_init(gctx))
616 || !TEST_true(EVP_PKEY_CTX_set_params(gctx, params))
617 || !TEST_true(EVP_PKEY_keygen(gctx, &pkey)))
618 goto err;
619 err:
620 EVP_PKEY_CTX_free(gctx);
621 return pkey;
622 }
623
624 /* Fail if we try to use a dh key */
625 static int kem_invalid_keytype(void)
626 {
627 int ret = 0;
628 EVP_PKEY *key = NULL;
629 EVP_PKEY_CTX *sctx = NULL;
630
631 if (!TEST_ptr(key = gen_dh_key()))
632 goto done;
633
634 if (!TEST_ptr(sctx = EVP_PKEY_CTX_new_from_pkey(libctx, key, NULL)))
635 goto done;
636 if (!TEST_int_eq(EVP_PKEY_encapsulate_init(sctx), -2))
637 goto done;
638
639 ret = 1;
640 done:
641 EVP_PKEY_free(key);
642 EVP_PKEY_CTX_free(sctx);
643 return ret;
644 }
645 #endif /* OPENSSL_NO_DH */
646
647 int setup_tests(void)
648 {
649 const char *prov_name = "default";
650 char *config_file = NULL;
651 OPTION_CHOICE o;
652
653 while ((o = opt_next()) != OPT_EOF) {
654 switch (o) {
655 case OPT_PROVIDER_NAME:
656 prov_name = opt_arg();
657 break;
658 case OPT_CONFIG_FILE:
659 config_file = opt_arg();
660 break;
661 case OPT_TEST_CASES:
662 break;
663 default:
664 case OPT_ERR:
665 return 0;
666 }
667 }
668
669 if (!test_get_libctx(&libctx, &nullprov, config_file, &libprov, prov_name))
670 return 0;
671
672 #if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DH)
673 ADD_ALL_TESTS(test_dsa_param_keygen, 3 * 3 * 3);
674 #endif
675 #ifndef OPENSSL_NO_DH
676 ADD_ALL_TESTS(test_dh_safeprime_param_keygen, 3 * 3 * 3);
677 ADD_TEST(dhx_cert_load);
678 #endif
679
680 if (!TEST_ptr(cipher_names = sk_OPENSSL_CSTRING_new(name_cmp)))
681 return 0;
682 EVP_CIPHER_do_all_provided(libctx, collect_cipher_names, cipher_names);
683
684 ADD_ALL_TESTS(test_cipher_reinit, sk_OPENSSL_CSTRING_num(cipher_names));
685 ADD_ALL_TESTS(test_cipher_reinit_partialupdate,
686 sk_OPENSSL_CSTRING_num(cipher_names));
687 ADD_TEST(kem_rsa_gen_recover);
688 ADD_TEST(kem_rsa_params);
689 #ifndef OPENSSL_NO_DH
690 ADD_TEST(kem_invalid_keytype);
691 #endif
692 return 1;
693 }
694
695 void cleanup_tests(void)
696 {
697 sk_OPENSSL_CSTRING_free(cipher_names);
698 OSSL_PROVIDER_unload(libprov);
699 OSSL_LIB_CTX_free(libctx);
700 OSSL_PROVIDER_unload(nullprov);
701 }
A mirror of the official openssl repository