2 * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
12 * These tests are setup to load null into the default library context.
13 * Any tests are expected to use the created 'libctx' to find algorithms.
14 * The framework runs the tests twice using the 'default' provider or
15 * 'fips' provider as inputs.
19 * DSA/DH low level APIs are deprecated for public use, but still ok for
22 #include "internal/deprecated.h"
23 #include <openssl/evp.h>
24 #include <openssl/provider.h>
25 #include <openssl/dsa.h>
26 #include <openssl/dh.h>
27 #include <openssl/safestack.h>
28 #include <openssl/core_names.h>
29 #include <openssl/x509.h>
31 #include "internal/nelem.h"
32 #include "crypto/bn_dh.h" /* _bignum_ffdhe2048_p */
33 #include "../e_os.h" /* strcasecmp */
35 static OPENSSL_CTX
*libctx
= NULL
;
36 static OSSL_PROVIDER
*nullprov
= NULL
;
37 static OSSL_PROVIDER
*libprov
= NULL
;
38 static STACK_OF(OPENSSL_CSTRING
) *cipher_names
= NULL
;
40 typedef enum OPTION_choice
{
48 const OPTIONS
*test_get_options(void)
50 static const OPTIONS test_options
[] = {
51 OPT_TEST_OPTIONS_DEFAULT_USAGE
,
52 { "config", OPT_CONFIG_FILE
, '<',
53 "The configuration file to use for the libctx" },
54 { "provider", OPT_PROVIDER_NAME
, 's',
55 "The provider to load (The default value is 'default'" },
62 static const char *getname(int id
)
64 const char *name
[] = {"p", "q", "g" };
66 if (id
>= 0 && id
< 3)
73 * We're using some DH specific values in this test, so we skip compilation if
74 * we're in a no-dh build.
76 #if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DH)
78 static int test_dsa_param_keygen(int tstid
)
82 EVP_PKEY_CTX
*gen_ctx
= NULL
;
83 EVP_PKEY
*pkey_parm
= NULL
;
84 EVP_PKEY
*pkey
= NULL
;
87 BIGNUM
*p
= NULL
, *q
= NULL
, *g
= NULL
;
90 * Just grab some fixed dh p, q, g values for testing,
91 * these 'safe primes' should not be used normally for dsa *.
93 static const BIGNUM
*bn
[] = {
94 &_bignum_dh2048_256_p
, &_bignum_dh2048_256_q
, &_bignum_dh2048_256_g
98 * These tests are using bad values for p, q, g by reusing the values.
99 * A value of 0 uses p, 1 uses q and 2 uses g.
100 * There are 27 different combinations, with only the 1 valid combination.
103 qind
= (tstid
/ 3) % 3;
105 expected
= (pind
== 0 && qind
== 1 && gind
== 2);
107 TEST_note("Testing with (p, q, g) = (%s, %s, %s)\n", getname(pind
),
108 getname(qind
), getname(gind
));
110 if (!TEST_ptr(pkey_parm
= EVP_PKEY_new())
111 || !TEST_ptr(dsa
= DSA_new())
112 || !TEST_ptr(p
= BN_dup(bn
[pind
]))
113 || !TEST_ptr(q
= BN_dup(bn
[qind
]))
114 || !TEST_ptr(g
= BN_dup(bn
[gind
]))
115 || !TEST_true(DSA_set0_pqg(dsa
, p
, q
, g
)))
119 if (!TEST_true(EVP_PKEY_assign_DSA(pkey_parm
, dsa
)))
123 if (!TEST_ptr(gen_ctx
= EVP_PKEY_CTX_new_from_pkey(libctx
, pkey_parm
, NULL
))
124 || !TEST_int_gt(EVP_PKEY_keygen_init(gen_ctx
), 0)
125 || !TEST_int_eq(EVP_PKEY_keygen(gen_ctx
, &pkey
), expected
))
130 EVP_PKEY_CTX_free(gen_ctx
);
131 EVP_PKEY_free(pkey_parm
);
138 #endif /* OPENSSL_NO_DSA */
140 #ifndef OPENSSL_NO_DH
141 static int do_dh_param_keygen(int tstid
, const BIGNUM
**bn
)
145 EVP_PKEY_CTX
*gen_ctx
= NULL
;
146 EVP_PKEY
*pkey_parm
= NULL
;
147 EVP_PKEY
*pkey
= NULL
;
149 int pind
, qind
, gind
;
150 BIGNUM
*p
= NULL
, *q
= NULL
, *g
= NULL
;
153 * These tests are using bad values for p, q, g by reusing the values.
154 * A value of 0 uses p, 1 uses q and 2 uses g.
155 * There are 27 different combinations, with only the 1 valid combination.
158 qind
= (tstid
/ 3) % 3;
160 expected
= (pind
== 0 && qind
== 1 && gind
== 2);
162 TEST_note("Testing with (p, q, g) = (%s, %s, %s)", getname(pind
),
163 getname(qind
), getname(gind
));
165 if (!TEST_ptr(pkey_parm
= EVP_PKEY_new())
166 || !TEST_ptr(dh
= DH_new())
167 || !TEST_ptr(p
= BN_dup(bn
[pind
]))
168 || !TEST_ptr(q
= BN_dup(bn
[qind
]))
169 || !TEST_ptr(g
= BN_dup(bn
[gind
]))
170 || !TEST_true(DH_set0_pqg(dh
, p
, q
, g
)))
174 if (!TEST_true(EVP_PKEY_assign_DH(pkey_parm
, dh
)))
178 if (!TEST_ptr(gen_ctx
= EVP_PKEY_CTX_new_from_pkey(libctx
, pkey_parm
, NULL
))
179 || !TEST_int_gt(EVP_PKEY_keygen_init(gen_ctx
), 0)
180 || !TEST_int_eq(EVP_PKEY_keygen(gen_ctx
, &pkey
), expected
))
185 EVP_PKEY_CTX_free(gen_ctx
);
186 EVP_PKEY_free(pkey_parm
);
195 * Note that we get the fips186-4 path being run for most of these cases since
196 * the internal code will detect that the p, q, g does not match a safe prime
197 * group (Except for when tstid = 5, which sets the correct p, q, g)
199 static int test_dh_safeprime_param_keygen(int tstid
)
201 static const BIGNUM
*bn
[] = {
202 &_bignum_ffdhe2048_p
, &_bignum_ffdhe2048_q
, &_bignum_const_2
204 return do_dh_param_keygen(tstid
, bn
);
207 static int dhx_cert_load(void)
213 static const unsigned char dhx_cert
[] = {
214 0x30,0x82,0x03,0xff,0x30,0x82,0x02,0xe7,0xa0,0x03,0x02,0x01,0x02,0x02,0x09,0x00,
215 0xdb,0xf5,0x4d,0x22,0xa0,0x7a,0x67,0xa6,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,
216 0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x30,0x44,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,
217 0x04,0x06,0x13,0x02,0x55,0x4b,0x31,0x16,0x30,0x14,0x06,0x03,0x55,0x04,0x0a,0x0c,
218 0x0d,0x4f,0x70,0x65,0x6e,0x53,0x53,0x4c,0x20,0x47,0x72,0x6f,0x75,0x70,0x31,0x1d,
219 0x30,0x1b,0x06,0x03,0x55,0x04,0x03,0x0c,0x14,0x54,0x65,0x73,0x74,0x20,0x53,0x2f,
220 0x4d,0x49,0x4d,0x45,0x20,0x52,0x53,0x41,0x20,0x52,0x6f,0x6f,0x74,0x30,0x1e,0x17,
221 0x0d,0x31,0x33,0x30,0x38,0x30,0x32,0x31,0x34,0x34,0x39,0x32,0x39,0x5a,0x17,0x0d,
222 0x32,0x33,0x30,0x36,0x31,0x31,0x31,0x34,0x34,0x39,0x32,0x39,0x5a,0x30,0x44,0x31,
223 0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x4b,0x31,0x16,0x30,0x14,
224 0x06,0x03,0x55,0x04,0x0a,0x0c,0x0d,0x4f,0x70,0x65,0x6e,0x53,0x53,0x4c,0x20,0x47,
225 0x72,0x6f,0x75,0x70,0x31,0x1d,0x30,0x1b,0x06,0x03,0x55,0x04,0x03,0x0c,0x14,0x54,
226 0x65,0x73,0x74,0x20,0x53,0x2f,0x4d,0x49,0x4d,0x45,0x20,0x45,0x45,0x20,0x44,0x48,
227 0x20,0x23,0x31,0x30,0x82,0x01,0xb6,0x30,0x82,0x01,0x2b,0x06,0x07,0x2a,0x86,0x48,
228 0xce,0x3e,0x02,0x01,0x30,0x82,0x01,0x1e,0x02,0x81,0x81,0x00,0xd4,0x0c,0x4a,0x0c,
229 0x04,0x72,0x71,0x19,0xdf,0x59,0x19,0xc5,0xaf,0x44,0x7f,0xca,0x8e,0x2b,0xf0,0x09,
230 0xf5,0xd3,0x25,0xb1,0x73,0x16,0x55,0x89,0xdf,0xfd,0x07,0xaf,0x19,0xd3,0x7f,0xd0,
231 0x07,0xa2,0xfe,0x3f,0x5a,0xf1,0x01,0xc6,0xf8,0x2b,0xef,0x4e,0x6d,0x03,0x38,0x42,
232 0xa1,0x37,0xd4,0x14,0xb4,0x00,0x4a,0xb1,0x86,0x5a,0x83,0xce,0xb9,0x08,0x0e,0xc1,
233 0x99,0x27,0x47,0x8d,0x0b,0x85,0xa8,0x82,0xed,0xcc,0x0d,0xb9,0xb0,0x32,0x7e,0xdf,
234 0xe8,0xe4,0xf6,0xf6,0xec,0xb3,0xee,0x7a,0x11,0x34,0x65,0x97,0xfc,0x1a,0xb0,0x95,
235 0x4b,0x19,0xb9,0xa6,0x1c,0xd9,0x01,0x32,0xf7,0x35,0x7c,0x2d,0x5d,0xfe,0xc1,0x85,
236 0x70,0x49,0xf8,0xcc,0x99,0xd0,0xbe,0xf1,0x5a,0x78,0xc8,0x03,0x02,0x81,0x80,0x69,
237 0x00,0xfd,0x66,0xf2,0xfc,0x15,0x8b,0x09,0xb8,0xdc,0x4d,0xea,0xaa,0x79,0x55,0xf9,
238 0xdf,0x46,0xa6,0x2f,0xca,0x2d,0x8f,0x59,0x2a,0xad,0x44,0xa3,0xc6,0x18,0x2f,0x95,
239 0xb6,0x16,0x20,0xe3,0xd3,0xd1,0x8f,0x03,0xce,0x71,0x7c,0xef,0x3a,0xc7,0x44,0x39,
240 0x0e,0xe2,0x1f,0xd8,0xd3,0x89,0x2b,0xe7,0x51,0xdc,0x12,0x48,0x4c,0x18,0x4d,0x99,
241 0x12,0x06,0xe4,0x17,0x02,0x03,0x8c,0x24,0x05,0x8e,0xa6,0x85,0xf2,0x69,0x1b,0xe1,
242 0x6a,0xdc,0xe2,0x04,0x3a,0x01,0x9d,0x64,0xbe,0xfe,0x45,0xf9,0x44,0x18,0x71,0xbd,
243 0x2d,0x3e,0x7a,0x6f,0x72,0x7d,0x1a,0x80,0x42,0x57,0xae,0x18,0x6f,0x91,0xd6,0x61,
244 0x03,0x8a,0x1c,0x89,0x73,0xc7,0x56,0x41,0x03,0xd3,0xf8,0xed,0x65,0xe2,0x85,0x02,
245 0x15,0x00,0x89,0x94,0xab,0x10,0x67,0x45,0x41,0xad,0x63,0xc6,0x71,0x40,0x8d,0x6b,
246 0x9e,0x19,0x5b,0xa4,0xc7,0xf5,0x03,0x81,0x84,0x00,0x02,0x81,0x80,0x2f,0x5b,0xde,
247 0x72,0x02,0x36,0x6b,0x00,0x5e,0x24,0x7f,0x14,0x2c,0x18,0x52,0x42,0x97,0x4b,0xdb,
248 0x6e,0x15,0x50,0x3c,0x45,0x3e,0x25,0xf3,0xb7,0xc5,0x6e,0xe5,0x52,0xe7,0xc4,0xfb,
249 0xf4,0xa5,0xf0,0x39,0x12,0x7f,0xbc,0x54,0x1c,0x93,0xb9,0x5e,0xee,0xe9,0x14,0xb0,
250 0xdf,0xfe,0xfc,0x36,0xe4,0xf2,0xaf,0xfb,0x13,0xc8,0xdf,0x18,0x94,0x1d,0x40,0xb9,
251 0x71,0xdd,0x4c,0x9c,0xa7,0x03,0x52,0x02,0xb5,0xed,0x71,0x80,0x3e,0x23,0xda,0x28,
252 0xe5,0xab,0xe7,0x6f,0xf2,0x0a,0x0e,0x00,0x5b,0x7d,0xc6,0x4b,0xd7,0xc7,0xb2,0xc3,
253 0xba,0x62,0x7f,0x70,0x28,0xa0,0x9d,0x71,0x13,0x70,0xd1,0x9f,0x32,0x2f,0x3e,0xd2,
254 0xcd,0x1b,0xa4,0xc6,0x72,0xa0,0x74,0x5d,0x71,0xef,0x03,0x43,0x6e,0xa3,0x60,0x30,
255 0x5e,0x30,0x0c,0x06,0x03,0x55,0x1d,0x13,0x01,0x01,0xff,0x04,0x02,0x30,0x00,0x30,
256 0x0e,0x06,0x03,0x55,0x1d,0x0f,0x01,0x01,0xff,0x04,0x04,0x03,0x02,0x05,0xe0,0x30,
257 0x1d,0x06,0x03,0x55,0x1d,0x0e,0x04,0x16,0x04,0x14,0x0b,0x5a,0x4d,0x5f,0x7d,0x25,
258 0xc7,0xf2,0x9d,0xc1,0xaa,0xb7,0x63,0x82,0x2f,0xfa,0x8f,0x32,0xe7,0xc0,0x30,0x1f,
259 0x06,0x03,0x55,0x1d,0x23,0x04,0x18,0x30,0x16,0x80,0x14,0xdf,0x7e,0x5e,0x88,0x05,
260 0x24,0x33,0x08,0xdd,0x22,0x81,0x02,0x97,0xcc,0x9a,0xb7,0xb1,0x33,0x27,0x30,0x30,
261 0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x03,0x82,
262 0x01,0x01,0x00,0x5a,0xf2,0x63,0xef,0xd3,0x16,0xd7,0xf5,0xaa,0xdd,0x12,0x00,0x36,
263 0x00,0x21,0xa2,0x7b,0x08,0xd6,0x3b,0x9f,0x62,0xac,0x53,0x1f,0xed,0x4c,0xd1,0x15,
264 0x34,0x65,0x71,0xee,0x96,0x07,0xa6,0xef,0xb2,0xde,0xd8,0xbb,0x35,0x6e,0x2c,0xe2,
265 0xd1,0x26,0xef,0x7e,0x94,0xe2,0x88,0x51,0xa4,0x6c,0xaa,0x27,0x2a,0xd3,0xb6,0xc2,
266 0xf7,0xea,0xc3,0x0b,0xa9,0xb5,0x28,0x37,0xa2,0x63,0x08,0xe4,0x88,0xc0,0x1b,0x16,
267 0x1b,0xca,0xfd,0x8a,0x07,0x32,0x29,0xa7,0x53,0xb5,0x2d,0x30,0xe4,0xf5,0x16,0xc3,
268 0xe3,0xc2,0x4c,0x30,0x5d,0x35,0x80,0x1c,0xa2,0xdb,0xe3,0x4b,0x51,0x0d,0x4c,0x60,
269 0x5f,0xb9,0x46,0xac,0xa8,0x46,0xa7,0x32,0xa7,0x9c,0x76,0xf8,0xe9,0xb5,0x19,0xe2,
270 0x0c,0xe1,0x0f,0xc6,0x46,0xe2,0x38,0xa7,0x87,0x72,0x6d,0x6c,0xbc,0x88,0x2f,0x9d,
271 0x2d,0xe5,0xd0,0x7d,0x1e,0xc7,0x5d,0xf8,0x7e,0xb4,0x0b,0xa6,0xf9,0x6c,0xe3,0x7c,
272 0xb2,0x70,0x6e,0x75,0x9b,0x1e,0x63,0xe1,0x4d,0xb2,0x81,0xd3,0x55,0x38,0x94,0x1a,
273 0x7a,0xfa,0xbf,0x01,0x18,0x70,0x2d,0x35,0xd3,0xe3,0x10,0x7a,0x9a,0xa7,0x8f,0xf3,
274 0xbd,0x56,0x55,0x5e,0xd8,0xbd,0x4e,0x16,0x76,0xd0,0x48,0x4c,0xf9,0x51,0x54,0xdf,
275 0x2d,0xb0,0xc9,0xaa,0x5e,0x42,0x38,0x50,0xbf,0x0f,0xc0,0xd9,0x84,0x44,0x4b,0x42,
276 0x24,0xec,0x14,0xa3,0xde,0x11,0xdf,0x58,0x7f,0xc2,0x4d,0xb2,0xd5,0x42,0x78,0x6e,
277 0x52,0x3e,0xad,0xc3,0x5f,0x04,0xc4,0xe6,0x31,0xaa,0x81,0x06,0x8b,0x13,0x4b,0x3c,
281 if (!TEST_ptr(bio
= BIO_new_mem_buf(dhx_cert
, sizeof(dhx_cert
)))
282 || !TEST_ptr(cert
= X509_new_with_libctx(libctx
, NULL
))
283 || !TEST_ptr(d2i_X509_bio(bio
, &cert
)))
292 #endif /* OPENSSL_NO_DH */
294 static int test_cipher_reinit(int test_id
)
296 int ret
= 0, out1_len
= 0, out2_len
= 0, diff
, ccm
;
297 EVP_CIPHER
*cipher
= NULL
;
298 EVP_CIPHER_CTX
*ctx
= NULL
;
299 unsigned char out1
[256];
300 unsigned char out2
[256];
301 unsigned char in
[16] = {
302 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
303 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10
305 unsigned char key
[64] = {
306 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
307 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
308 0x01, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
309 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
310 0x02, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
311 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
312 0x03, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
313 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
315 unsigned char iv
[16] = {
316 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08,
317 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00
319 const char *name
= sk_OPENSSL_CSTRING_value(cipher_names
, test_id
);
321 if (!TEST_ptr(ctx
= EVP_CIPHER_CTX_new()))
324 TEST_note("Fetching %s\n", name
);
325 if (!TEST_ptr(cipher
= EVP_CIPHER_fetch(libctx
, name
, NULL
)))
328 /* ccm fails on the second update - this matches OpenSSL 1_1_1 behaviour */
329 ccm
= (EVP_CIPHER_mode(cipher
) == EVP_CIPH_CCM_MODE
);
331 /* DES3-WRAP uses random every update - so it will give a different value */
332 diff
= EVP_CIPHER_is_a(cipher
, "DES3-WRAP");
334 if (!TEST_true(EVP_EncryptInit_ex(ctx
, cipher
, NULL
, key
, iv
))
335 || !TEST_true(EVP_EncryptUpdate(ctx
, out1
, &out1_len
, in
, sizeof(in
)))
336 || !TEST_true(EVP_EncryptInit_ex(ctx
, NULL
, NULL
, key
, iv
))
337 || !TEST_int_eq(EVP_EncryptUpdate(ctx
, out2
, &out2_len
, in
, sizeof(in
)),
343 if (!TEST_mem_ne(out1
, out1_len
, out2
, out2_len
))
346 if (!TEST_mem_eq(out1
, out1_len
, out2
, out2_len
))
352 EVP_CIPHER_free(cipher
);
353 EVP_CIPHER_CTX_free(ctx
);
358 * This test only uses a partial block (half the block size) of input for each
359 * EVP_EncryptUpdate() in order to test that the second init/update is not using
360 * a leftover buffer from the first init/update.
361 * Note: some ciphers don't need a full block to produce output.
363 static int test_cipher_reinit_partialupdate(int test_id
)
365 int ret
= 0, out1_len
= 0, out2_len
= 0, in_len
;
366 EVP_CIPHER
*cipher
= NULL
;
367 EVP_CIPHER_CTX
*ctx
= NULL
;
368 unsigned char out1
[256];
369 unsigned char out2
[256];
370 static const unsigned char in
[32] = {
371 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
372 0xba, 0xbe, 0xba, 0xbe, 0x00, 0x00, 0xba, 0xbe,
373 0x01, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
374 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
376 static const unsigned char key
[64] = {
377 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
378 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
379 0x01, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
380 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
381 0x02, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
382 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
383 0x03, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
384 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
386 static const unsigned char iv
[16] = {
387 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08,
388 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00
390 const char *name
= sk_OPENSSL_CSTRING_value(cipher_names
, test_id
);
392 if (!TEST_ptr(ctx
= EVP_CIPHER_CTX_new()))
395 TEST_note("Fetching %s\n", name
);
396 if (!TEST_ptr(cipher
= EVP_CIPHER_fetch(libctx
, name
, NULL
)))
399 in_len
= EVP_CIPHER_block_size(cipher
) / 2;
401 /* skip any ciphers that don't allow partial updates */
402 if (((EVP_CIPHER_flags(cipher
)
403 & (EVP_CIPH_FLAG_CTS
| EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK
)) != 0)
404 || EVP_CIPHER_mode(cipher
) == EVP_CIPH_CCM_MODE
405 || EVP_CIPHER_mode(cipher
) == EVP_CIPH_XTS_MODE
406 || EVP_CIPHER_mode(cipher
) == EVP_CIPH_WRAP_MODE
) {
411 if (!TEST_true(EVP_EncryptInit_ex(ctx
, cipher
, NULL
, key
, iv
))
412 || !TEST_true(EVP_EncryptUpdate(ctx
, out1
, &out1_len
, in
, in_len
))
413 || !TEST_true(EVP_EncryptInit_ex(ctx
, NULL
, NULL
, key
, iv
))
414 || !TEST_true(EVP_EncryptUpdate(ctx
, out2
, &out2_len
, in
, in_len
)))
417 /* DES3-WRAP uses random every update - so it will give a different value */
418 if (EVP_CIPHER_is_a(cipher
, "DES3-WRAP")) {
419 if (!TEST_mem_ne(out1
, out1_len
, out2
, out2_len
))
422 if (!TEST_mem_eq(out1
, out1_len
, out2
, out2_len
))
427 EVP_CIPHER_free(cipher
);
428 EVP_CIPHER_CTX_free(ctx
);
433 static int name_cmp(const char * const *a
, const char * const *b
)
435 return strcasecmp(*a
, *b
);
438 static void collect_cipher_names(EVP_CIPHER
*cipher
, void *cipher_names_list
)
440 STACK_OF(OPENSSL_CSTRING
) *names
= cipher_names_list
;
442 sk_OPENSSL_CSTRING_push(names
, EVP_CIPHER_name(cipher
));
445 static int rsa_keygen(int bits
, EVP_PKEY
**pub
, EVP_PKEY
**priv
)
448 EVP_PKEY_CTX
*keygen_ctx
= NULL
;
449 unsigned char *pub_der
= NULL
;
450 const unsigned char *pp
= NULL
;
453 if (!TEST_ptr(keygen_ctx
= EVP_PKEY_CTX_new_from_name(libctx
, "RSA", NULL
))
454 || !TEST_int_gt(EVP_PKEY_keygen_init(keygen_ctx
), 0)
455 || !TEST_true(EVP_PKEY_CTX_set_rsa_keygen_bits(keygen_ctx
, bits
))
456 || !TEST_int_gt(EVP_PKEY_keygen(keygen_ctx
, priv
), 0)
457 || !TEST_int_gt(len
= i2d_PublicKey(*priv
, &pub_der
), 0))
460 if (!TEST_ptr(d2i_PublicKey(EVP_PKEY_RSA
, pub
, &pp
, len
)))
464 OPENSSL_free(pub_der
);
465 EVP_PKEY_CTX_free(keygen_ctx
);
469 static int kem_rsa_gen_recover(void)
472 EVP_PKEY
*pub
= NULL
;
473 EVP_PKEY
*priv
= NULL
;
474 EVP_PKEY_CTX
*sctx
= NULL
, *rctx
= NULL
;
475 unsigned char secret
[256] = { 0, };
476 unsigned char ct
[256] = { 0, };
477 unsigned char unwrap
[256] = { 0, };
478 size_t ctlen
= 0, unwraplen
= 0, secretlen
= 0;
480 ret
= TEST_true(rsa_keygen(2048, &pub
, &priv
))
481 && TEST_ptr(sctx
= EVP_PKEY_CTX_new_from_pkey(libctx
, pub
, NULL
))
482 && TEST_int_eq(EVP_PKEY_encapsulate_init(sctx
), 1)
483 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(sctx
, "RSASVE"), 1)
484 && TEST_int_eq(EVP_PKEY_encapsulate(sctx
, NULL
, &ctlen
, NULL
,
486 && TEST_int_eq(ctlen
, secretlen
)
487 && TEST_int_eq(ctlen
, 2048 / 8)
488 && TEST_int_eq(EVP_PKEY_encapsulate(sctx
, ct
, &ctlen
, secret
,
490 && TEST_ptr(rctx
= EVP_PKEY_CTX_new_from_pkey(libctx
, priv
, NULL
))
491 && TEST_int_eq(EVP_PKEY_decapsulate_init(rctx
), 1)
492 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(rctx
, "RSASVE"), 1)
493 && TEST_int_eq(EVP_PKEY_decapsulate(rctx
, NULL
, &unwraplen
,
495 && TEST_int_eq(EVP_PKEY_decapsulate(rctx
, unwrap
, &unwraplen
,
497 && TEST_mem_eq(unwrap
, unwraplen
, secret
, secretlen
);
500 EVP_PKEY_CTX_free(rctx
);
501 EVP_PKEY_CTX_free(sctx
);
505 static int kem_rsa_params(void)
508 EVP_PKEY
*pub
= NULL
;
509 EVP_PKEY
*priv
= NULL
;
510 EVP_PKEY_CTX
*pubctx
= NULL
, *privctx
= NULL
;
511 unsigned char secret
[256] = { 0, };
512 unsigned char ct
[256] = { 0, };
513 size_t ctlen
= 0, secretlen
= 0;
515 ret
= TEST_true(rsa_keygen(2048, &pub
, &priv
))
516 && TEST_ptr(pubctx
= EVP_PKEY_CTX_new_from_pkey(libctx
, pub
, NULL
))
517 && TEST_ptr(privctx
= EVP_PKEY_CTX_new_from_pkey(libctx
, priv
, NULL
))
518 /* Test setting kem op before the init fails */
519 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx
, "RSASVE"), -2)
520 /* Test NULL ctx passed */
521 && TEST_int_eq(EVP_PKEY_encapsulate_init(NULL
), 0)
522 && TEST_int_eq(EVP_PKEY_encapsulate(NULL
, NULL
, NULL
, NULL
, NULL
), 0)
523 && TEST_int_eq(EVP_PKEY_decapsulate_init(NULL
), 0)
524 && TEST_int_eq(EVP_PKEY_decapsulate(NULL
, NULL
, NULL
, NULL
, 0), 0)
525 /* Test Invalid operation */
526 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx
, NULL
, NULL
, NULL
, NULL
), -1)
527 && TEST_int_eq(EVP_PKEY_decapsulate(privctx
, NULL
, NULL
, NULL
, 0), 0)
528 /* Wrong key component - no secret should be returned on failure */
529 && TEST_int_eq(EVP_PKEY_decapsulate_init(pubctx
), 1)
530 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx
, "RSASVE"), 1)
531 && TEST_int_eq(EVP_PKEY_decapsulate(pubctx
, secret
, &secretlen
, ct
,
533 && TEST_uchar_eq(secret
[0], 0)
534 /* Test encapsulate fails if the mode is not set */
535 && TEST_int_eq(EVP_PKEY_encapsulate_init(pubctx
), 1)
536 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx
, ct
, &ctlen
, secret
, &secretlen
), -2)
537 /* Test setting a bad kem ops fail */
538 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx
, "RSA"), 0)
539 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx
, NULL
), 0)
540 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(NULL
, "RSASVE"), 0)
541 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(NULL
, NULL
), 0)
542 /* Test secretlen is optional */
543 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx
, "RSASVE"), 1)
544 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx
, ct
, &ctlen
, secret
, NULL
), 1)
545 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx
, NULL
, &ctlen
, NULL
, NULL
), 1)
546 /* Test outlen is optional */
547 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx
, NULL
, NULL
, NULL
, &secretlen
), 1)
548 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx
, ct
, NULL
, secret
, &secretlen
), 1)
549 /* test that either len must be set if out is NULL */
550 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx
, NULL
, NULL
, NULL
, NULL
), 0)
551 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx
, NULL
, &ctlen
, NULL
, NULL
), 1)
552 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx
, NULL
, NULL
, NULL
, &secretlen
), 1)
553 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx
, NULL
, &ctlen
, NULL
, &secretlen
), 1)
554 /* Secret buffer should be set if there is an output buffer */
555 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx
, ct
, &ctlen
, NULL
, NULL
), 0)
556 /* Test that lengths are optional if ct is not NULL */
557 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx
, ct
, NULL
, secret
, NULL
), 1)
558 /* Pass if secret or secret length are not NULL */
559 && TEST_int_eq(EVP_PKEY_decapsulate_init(privctx
), 1)
560 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(privctx
, "RSASVE"), 1)
561 && TEST_int_eq(EVP_PKEY_decapsulate(privctx
, secret
, NULL
, ct
, sizeof(ct
)), 1)
562 && TEST_int_eq(EVP_PKEY_decapsulate(privctx
, NULL
, &secretlen
, ct
, sizeof(ct
)), 1)
563 && TEST_int_eq(secretlen
, 256)
564 /* Fail if passed NULL arguments */
565 && TEST_int_eq(EVP_PKEY_decapsulate(privctx
, NULL
, NULL
, ct
, sizeof(ct
)), 0)
566 && TEST_int_eq(EVP_PKEY_decapsulate(privctx
, secret
, &secretlen
, NULL
, 0), 0)
567 && TEST_int_eq(EVP_PKEY_decapsulate(privctx
, secret
, &secretlen
, NULL
, sizeof(ct
)), 0)
568 && TEST_int_eq(EVP_PKEY_decapsulate(privctx
, secret
, &secretlen
, ct
, 0), 0);
572 EVP_PKEY_CTX_free(pubctx
);
573 EVP_PKEY_CTX_free(privctx
);
577 #ifndef OPENSSL_NO_DH
578 static EVP_PKEY
*gen_dh_key(void)
580 EVP_PKEY_CTX
*gctx
= NULL
;
581 EVP_PKEY
*pkey
= NULL
;
582 OSSL_PARAM params
[2];
584 params
[0] = OSSL_PARAM_construct_utf8_string("group", "ffdhe2048", 0);
585 params
[1] = OSSL_PARAM_construct_end();
587 if (!TEST_ptr(gctx
= EVP_PKEY_CTX_new_from_name(libctx
, "DH", NULL
))
588 || !TEST_true(EVP_PKEY_keygen_init(gctx
))
589 || !TEST_true(EVP_PKEY_CTX_set_params(gctx
, params
))
590 || !TEST_true(EVP_PKEY_keygen(gctx
, &pkey
)))
593 EVP_PKEY_CTX_free(gctx
);
597 /* Fail if we try to use a dh key */
598 static int kem_invalid_keytype(void)
601 EVP_PKEY
*key
= NULL
;
602 EVP_PKEY_CTX
*sctx
= NULL
;
604 if (!TEST_ptr(key
= gen_dh_key()))
607 if (!TEST_ptr(sctx
= EVP_PKEY_CTX_new_from_pkey(libctx
, key
, NULL
)))
609 if (!TEST_int_eq(EVP_PKEY_encapsulate_init(sctx
), -2))
615 EVP_PKEY_CTX_free(sctx
);
618 #endif /* OPENSSL_NO_DH */
620 int setup_tests(void)
622 const char *prov_name
= "default";
623 char *config_file
= NULL
;
626 while ((o
= opt_next()) != OPT_EOF
) {
628 case OPT_PROVIDER_NAME
:
629 prov_name
= opt_arg();
631 case OPT_CONFIG_FILE
:
632 config_file
= opt_arg();
642 nullprov
= OSSL_PROVIDER_load(NULL
, "null");
643 if (!TEST_ptr(nullprov
))
646 libctx
= OPENSSL_CTX_new();
648 if (!TEST_ptr(libctx
))
651 if (config_file
!= NULL
) {
652 if (!TEST_true(OPENSSL_CTX_load_config(libctx
, config_file
)))
656 libprov
= OSSL_PROVIDER_load(libctx
, prov_name
);
657 if (!TEST_ptr(libprov
))
660 #if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DH)
661 ADD_ALL_TESTS(test_dsa_param_keygen
, 3 * 3 * 3);
663 #ifndef OPENSSL_NO_DH
664 ADD_ALL_TESTS(test_dh_safeprime_param_keygen
, 3 * 3 * 3);
665 ADD_TEST(dhx_cert_load
);
668 if (!TEST_ptr(cipher_names
= sk_OPENSSL_CSTRING_new(name_cmp
)))
670 EVP_CIPHER_do_all_provided(libctx
, collect_cipher_names
, cipher_names
);
672 ADD_ALL_TESTS(test_cipher_reinit
, sk_OPENSSL_CSTRING_num(cipher_names
));
673 ADD_ALL_TESTS(test_cipher_reinit_partialupdate
,
674 sk_OPENSSL_CSTRING_num(cipher_names
));
675 ADD_TEST(kem_rsa_gen_recover
);
676 ADD_TEST(kem_rsa_params
);
677 #ifndef OPENSSL_NO_DH
678 ADD_TEST(kem_invalid_keytype
);
683 void cleanup_tests(void)
685 sk_OPENSSL_CSTRING_free(cipher_names
);
686 OSSL_PROVIDER_unload(libprov
);
687 OPENSSL_CTX_free(libctx
);
688 OSSL_PROVIDER_unload(nullprov
);