2 * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved.
3 * Copyright (c) 2019-2020, Oracle and/or its affiliates. All rights reserved.
5 * Licensed under the Apache License 2.0 (the "License"). You may not use
6 * this file except in compliance with the License. You can obtain a copy
7 * in the file LICENSE in the source distribution or at
8 * https://www.openssl.org/source/license.html
12 * This is an internal test that is intentionally using internal APIs. Some of
13 * those APIs are deprecated for public use.
15 #include "internal/deprecated.h"
21 #include "internal/nelem.h"
22 #include <openssl/crypto.h>
23 #include <openssl/bio.h>
24 #include <openssl/bn.h>
25 #include <openssl/rand.h>
26 #include <openssl/err.h>
29 #include "internal/ffc.h"
31 #ifndef OPENSSL_NO_DSA
32 static const unsigned char dsa_2048_224_sha224_p
[] = {
33 0x93, 0x57, 0x93, 0x62, 0x1b, 0x9a, 0x10, 0x9b, 0xc1, 0x56, 0x0f, 0x24,
34 0x71, 0x76, 0x4e, 0xd3, 0xed, 0x78, 0x78, 0x7a, 0xbf, 0x89, 0x71, 0x67,
35 0x8e, 0x03, 0xd8, 0x5b, 0xcd, 0x22, 0x8f, 0x70, 0x74, 0xff, 0x22, 0x05,
36 0x07, 0x0c, 0x4c, 0x60, 0xed, 0x41, 0xe1, 0x9e, 0x9c, 0xaa, 0x3e, 0x19,
37 0x5c, 0x3d, 0x80, 0x58, 0xb2, 0x7f, 0x5f, 0x89, 0xec, 0xb5, 0x19, 0xdb,
38 0x06, 0x11, 0xe9, 0x78, 0x5c, 0xf9, 0xa0, 0x9e, 0x70, 0x62, 0x14, 0x7b,
39 0xda, 0x92, 0xbf, 0xb2, 0x6b, 0x01, 0x6f, 0xb8, 0x68, 0x9c, 0x89, 0x36,
40 0x89, 0x72, 0x79, 0x49, 0x93, 0x3d, 0x14, 0xb2, 0x2d, 0xbb, 0xf0, 0xdf,
41 0x94, 0x45, 0x0b, 0x5f, 0xf1, 0x75, 0x37, 0xeb, 0x49, 0xb9, 0x2d, 0xce,
42 0xb7, 0xf4, 0x95, 0x77, 0xc2, 0xe9, 0x39, 0x1c, 0x4e, 0x0c, 0x40, 0x62,
43 0x33, 0x0a, 0xe6, 0x29, 0x6f, 0xba, 0xef, 0x02, 0xdd, 0x0d, 0xe4, 0x04,
44 0x01, 0x70, 0x40, 0xb9, 0xc9, 0x7e, 0x2f, 0x10, 0x37, 0xe9, 0xde, 0xb0,
45 0xf6, 0xeb, 0x71, 0x7f, 0x9c, 0x35, 0x16, 0xf3, 0x0d, 0xc4, 0xe8, 0x02,
46 0x37, 0x6c, 0xdd, 0xb3, 0x8d, 0x2d, 0x1e, 0x28, 0x13, 0x22, 0x89, 0x40,
47 0xe5, 0xfa, 0x16, 0x67, 0xd6, 0xda, 0x12, 0xa2, 0x38, 0x83, 0x25, 0xcc,
48 0x26, 0xc1, 0x27, 0x74, 0xfe, 0xf6, 0x7a, 0xb6, 0xa1, 0xe4, 0xe8, 0xdf,
49 0x5d, 0xd2, 0x9c, 0x2f, 0xec, 0xea, 0x08, 0xca, 0x48, 0xdb, 0x18, 0x4b,
50 0x12, 0xee, 0x16, 0x9b, 0xa6, 0x00, 0xa0, 0x18, 0x98, 0x7d, 0xce, 0x6c,
51 0x6d, 0xf8, 0xfc, 0x95, 0x51, 0x1b, 0x0a, 0x40, 0xb6, 0xfc, 0xe5, 0xe2,
52 0xb0, 0x26, 0x53, 0x4c, 0xd7, 0xfe, 0xaa, 0x6d, 0xbc, 0xdd, 0xc0, 0x61,
53 0x65, 0xe4, 0x89, 0x44, 0x18, 0x6f, 0xd5, 0x39, 0xcf, 0x75, 0x6d, 0x29,
54 0xcc, 0xf8, 0x40, 0xab
56 static const unsigned char dsa_2048_224_sha224_q
[] = {
57 0xf2, 0x5e, 0x4e, 0x9a, 0x15, 0xa8, 0x13, 0xdf, 0xa3, 0x17, 0x90, 0xc6,
58 0xd6, 0x5e, 0xb1, 0xfb, 0x31, 0xf8, 0xb5, 0xb1, 0x4b, 0xa7, 0x6d, 0xde,
59 0x57, 0x76, 0x6f, 0x11
61 static const unsigned char dsa_2048_224_sha224_seed
[] = {
62 0xd2, 0xb1, 0x36, 0xd8, 0x5b, 0x8e, 0xa4, 0xb2, 0x6a, 0xab, 0x4e, 0x85,
63 0x8b, 0x49, 0xf9, 0xdd, 0xe6, 0xa1, 0xcd, 0xad, 0x49, 0x52, 0xe9, 0xb3,
64 0x36, 0x17, 0x06, 0xcf
66 static const unsigned char dsa_2048_224_sha224_bad_seed
[] = {
67 0xd2, 0xb1, 0x36, 0xd8, 0x5b, 0x8e, 0xa4, 0xb2, 0x6a, 0xab, 0x4e, 0x85,
68 0x8b, 0x49, 0xf9, 0xdd, 0xe6, 0xa1, 0xcd, 0xad, 0x49, 0x52, 0xe9, 0xb3,
69 0x36, 0x17, 0x06, 0xd0
71 static int dsa_2048_224_sha224_counter
= 2878;
73 static const unsigned char dsa_3072_256_sha512_p
[] = {
74 0x9a, 0x82, 0x8b, 0x8d, 0xea, 0xd0, 0x56, 0x23, 0x88, 0x2d, 0x5d, 0x41,
75 0x42, 0x4c, 0x13, 0x5a, 0x15, 0x81, 0x59, 0x02, 0xc5, 0x00, 0x82, 0x28,
76 0x01, 0xee, 0x8f, 0x99, 0xfd, 0x6a, 0x95, 0xf2, 0x0f, 0xae, 0x34, 0x77,
77 0x29, 0xcc, 0xc7, 0x50, 0x0e, 0x03, 0xef, 0xb0, 0x4d, 0xe5, 0x10, 0x00,
78 0xa8, 0x7b, 0xce, 0x8c, 0xc6, 0xb2, 0x01, 0x74, 0x23, 0x1b, 0x7f, 0xe8,
79 0xf9, 0x71, 0x28, 0x39, 0xcf, 0x18, 0x04, 0xb2, 0x95, 0x61, 0x2d, 0x11,
80 0x71, 0x6b, 0xdd, 0x0d, 0x0b, 0xf0, 0xe6, 0x97, 0x52, 0x29, 0x9d, 0x45,
81 0xb1, 0x23, 0xda, 0xb0, 0xd5, 0xcb, 0x51, 0x71, 0x8e, 0x40, 0x9c, 0x97,
82 0x13, 0xea, 0x1f, 0x4b, 0x32, 0x5d, 0x27, 0x74, 0x81, 0x8d, 0x47, 0x8a,
83 0x08, 0xce, 0xf4, 0xd1, 0x28, 0xa2, 0x0f, 0x9b, 0x2e, 0xc9, 0xa3, 0x0e,
84 0x5d, 0xde, 0x47, 0x19, 0x6d, 0x5f, 0x98, 0xe0, 0x8e, 0x7f, 0x60, 0x8f,
85 0x25, 0xa7, 0xa4, 0xeb, 0xb9, 0xf3, 0x24, 0xa4, 0x9e, 0xc1, 0xbd, 0x14,
86 0x27, 0x7c, 0x27, 0xc8, 0x4f, 0x5f, 0xed, 0xfd, 0x86, 0xc8, 0xf1, 0xd7,
87 0x82, 0xe2, 0xeb, 0xe5, 0xd2, 0xbe, 0xb0, 0x65, 0x28, 0xab, 0x99, 0x9e,
88 0xcd, 0xd5, 0x22, 0xf8, 0x1b, 0x3b, 0x01, 0xe9, 0x20, 0x3d, 0xe4, 0x98,
89 0x22, 0xfe, 0xfc, 0x09, 0x7e, 0x95, 0x20, 0xda, 0xb6, 0x12, 0x2c, 0x94,
90 0x5c, 0xea, 0x74, 0x71, 0xbd, 0x19, 0xac, 0x78, 0x43, 0x02, 0x51, 0xb8,
91 0x5f, 0x06, 0x1d, 0xea, 0xc8, 0xa4, 0x3b, 0xc9, 0x78, 0xa3, 0x2b, 0x09,
92 0xdc, 0x76, 0x74, 0xc4, 0x23, 0x14, 0x48, 0x2e, 0x84, 0x2b, 0xa3, 0x82,
93 0xc1, 0xba, 0x0b, 0x39, 0x2a, 0x9f, 0x24, 0x7b, 0xd6, 0xc2, 0xea, 0x5a,
94 0xb6, 0xbd, 0x15, 0x82, 0x21, 0x85, 0xe0, 0x6b, 0x12, 0x4f, 0x8d, 0x64,
95 0x75, 0xeb, 0x7e, 0xa1, 0xdb, 0xe0, 0x9d, 0x25, 0xae, 0x3b, 0xe9, 0x9b,
96 0x21, 0x7f, 0x9a, 0x3d, 0x66, 0xd0, 0x52, 0x1d, 0x39, 0x8b, 0xeb, 0xfc,
97 0xec, 0xbe, 0x72, 0x20, 0x5a, 0xdf, 0x1b, 0x00, 0xf1, 0x0e, 0xed, 0xc6,
98 0x78, 0x6f, 0xc9, 0xab, 0xe4, 0xd6, 0x81, 0x8b, 0xcc, 0xf6, 0xd4, 0x6a,
99 0x31, 0x62, 0x08, 0xd9, 0x38, 0x21, 0x8f, 0xda, 0x9e, 0xb1, 0x2b, 0x9c,
100 0xc0, 0xbe, 0xf7, 0x9a, 0x43, 0x2d, 0x07, 0x59, 0x46, 0x0e, 0xd5, 0x23,
101 0x4e, 0xaa, 0x4a, 0x04, 0xc2, 0xde, 0x33, 0xa6, 0x34, 0xba, 0xac, 0x4f,
102 0x78, 0xd8, 0xca, 0x76, 0xce, 0x5e, 0xd4, 0xf6, 0x85, 0x4c, 0x6a, 0x60,
103 0x08, 0x5d, 0x0e, 0x34, 0x8b, 0xf2, 0xb6, 0xe3, 0xb7, 0x51, 0xca, 0x43,
104 0xaa, 0x68, 0x7b, 0x0a, 0x6e, 0xea, 0xce, 0x1e, 0x2c, 0x34, 0x8e, 0x0f,
105 0xe2, 0xcc, 0x38, 0xf2, 0x9a, 0x98, 0xef, 0xe6, 0x7f, 0xf6, 0x62, 0xbb
107 static const unsigned char dsa_3072_256_sha512_q
[] = {
108 0xc1, 0xdb, 0xc1, 0x21, 0x50, 0x49, 0x63, 0xa3, 0x77, 0x6d, 0x4c, 0x92,
109 0xed, 0x58, 0x9e, 0x98, 0xea, 0xac, 0x7a, 0x90, 0x13, 0x24, 0xf7, 0xcd,
110 0xd7, 0xe6, 0xd4, 0x8f, 0xf0, 0x45, 0x4b, 0xf7
112 static const unsigned char dsa_3072_256_sha512_seed
[] = {
113 0x35, 0x24, 0xb5, 0x59, 0xd5, 0x27, 0x58, 0x10, 0xf6, 0xa2, 0x7c, 0x9a,
114 0x0d, 0xc2, 0x70, 0x8a, 0xb0, 0x41, 0x4a, 0x84, 0x0b, 0xfe, 0x66, 0xf5,
115 0x3a, 0xbf, 0x4a, 0xa9, 0xcb, 0xfc, 0xa6, 0x22
117 static int dsa_3072_256_sha512_counter
= 1604;
119 static const unsigned char dsa_2048_224_sha256_p
[] = {
120 0xe9, 0x13, 0xbc, 0xf2, 0x14, 0x5d, 0xf9, 0x79, 0xd6, 0x6d, 0xf5, 0xc5,
121 0xbe, 0x7b, 0x6f, 0x90, 0x63, 0xd0, 0xfd, 0xee, 0x4f, 0xc4, 0x65, 0x83,
122 0xbf, 0xec, 0xc3, 0x2c, 0x5d, 0x30, 0xc8, 0xa4, 0x3b, 0x2f, 0x3b, 0x29,
123 0x43, 0x69, 0xfb, 0x6e, 0xa9, 0xa4, 0x07, 0x6c, 0xcd, 0xb0, 0xd2, 0xd9,
124 0xd3, 0xe6, 0xf4, 0x87, 0x16, 0xb7, 0xe5, 0x06, 0xb9, 0xba, 0xd6, 0x87,
125 0xbc, 0x01, 0x9e, 0xba, 0xc2, 0xcf, 0x39, 0xb6, 0xec, 0xdc, 0x75, 0x07,
126 0xc1, 0x39, 0x2d, 0x6a, 0x95, 0x31, 0x97, 0xda, 0x54, 0x20, 0x29, 0xe0,
127 0x1b, 0xf9, 0x74, 0x65, 0xaa, 0xc1, 0x47, 0xd3, 0x9e, 0xb4, 0x3c, 0x1d,
128 0xe0, 0xdc, 0x2d, 0x21, 0xab, 0x12, 0x3b, 0xa5, 0x51, 0x1e, 0xc6, 0xbc,
129 0x6b, 0x4c, 0x22, 0xd1, 0x7c, 0xc6, 0xce, 0xcb, 0x8c, 0x1d, 0x1f, 0xce,
130 0x1c, 0xe2, 0x75, 0x49, 0x6d, 0x2c, 0xee, 0x7f, 0x5f, 0xb8, 0x74, 0x42,
131 0x5c, 0x96, 0x77, 0x13, 0xff, 0x80, 0xf3, 0x05, 0xc7, 0xfe, 0x08, 0x3b,
132 0x25, 0x36, 0x46, 0xa2, 0xc4, 0x26, 0xb4, 0xb0, 0x3b, 0xd5, 0xb2, 0x4c,
133 0x13, 0x29, 0x0e, 0x47, 0x31, 0x66, 0x7d, 0x78, 0x57, 0xe6, 0xc2, 0xb5,
134 0x9f, 0x46, 0x17, 0xbc, 0xa9, 0x9a, 0x49, 0x1c, 0x0f, 0x45, 0xe0, 0x88,
135 0x97, 0xa1, 0x30, 0x7c, 0x42, 0xb7, 0x2c, 0x0a, 0xce, 0xb3, 0xa5, 0x7a,
136 0x61, 0x8e, 0xab, 0x44, 0xc1, 0xdc, 0x70, 0xe5, 0xda, 0x78, 0x2a, 0xb4,
137 0xe6, 0x3c, 0xa0, 0x58, 0xda, 0x62, 0x0a, 0xb2, 0xa9, 0x3d, 0xaa, 0x49,
138 0x7e, 0x7f, 0x9a, 0x19, 0x67, 0xee, 0xd6, 0xe3, 0x67, 0x13, 0xe8, 0x6f,
139 0x79, 0x50, 0x76, 0xfc, 0xb3, 0x9d, 0x7e, 0x9e, 0x3e, 0x6e, 0x47, 0xb1,
140 0x11, 0x5e, 0xc8, 0x83, 0x3a, 0x3c, 0xfc, 0x82, 0x5c, 0x9d, 0x34, 0x65,
141 0x73, 0xb4, 0x56, 0xd5
143 static const unsigned char dsa_2048_224_sha256_q
[] = {
144 0xb0, 0xdf, 0xa1, 0x7b, 0xa4, 0x77, 0x64, 0x0e, 0xb9, 0x28, 0xbb, 0xbc,
145 0xd4, 0x60, 0x02, 0xaf, 0x21, 0x8c, 0xb0, 0x69, 0x0f, 0x8a, 0x7b, 0xc6,
146 0x80, 0xcb, 0x0a, 0x45
148 static const unsigned char dsa_2048_224_sha256_g
[] = {
149 0x11, 0x7c, 0x5f, 0xf6, 0x99, 0x44, 0x67, 0x5b, 0x69, 0xa3, 0x83, 0xef,
150 0xb5, 0x85, 0xa2, 0x19, 0x35, 0x18, 0x2a, 0xf2, 0x58, 0xf4, 0xc9, 0x58,
151 0x9e, 0xb9, 0xe8, 0x91, 0x17, 0x2f, 0xb0, 0x60, 0x85, 0x95, 0xa6, 0x62,
152 0x36, 0xd0, 0xff, 0x94, 0xb9, 0xa6, 0x50, 0xad, 0xa6, 0xf6, 0x04, 0x28,
153 0xc2, 0xc9, 0xb9, 0x75, 0xf3, 0x66, 0xb4, 0xeb, 0xf6, 0xd5, 0x06, 0x13,
154 0x01, 0x64, 0x82, 0xa9, 0xf1, 0xd5, 0x41, 0xdc, 0xf2, 0x08, 0xfc, 0x2f,
155 0xc4, 0xa1, 0x21, 0xee, 0x7d, 0xbc, 0xda, 0x5a, 0xa4, 0xa2, 0xb9, 0x68,
156 0x87, 0x36, 0xba, 0x53, 0x9e, 0x14, 0x4e, 0x76, 0x5c, 0xba, 0x79, 0x3d,
157 0x0f, 0xe5, 0x99, 0x1c, 0x27, 0xfc, 0xaf, 0x10, 0x63, 0x87, 0x68, 0x0e,
158 0x3e, 0x6e, 0xaa, 0xf3, 0xdf, 0x76, 0x7e, 0x02, 0x9a, 0x41, 0x96, 0xa1,
159 0x6c, 0xbb, 0x67, 0xee, 0x0c, 0xad, 0x72, 0x65, 0xf1, 0x70, 0xb0, 0x39,
160 0x9b, 0x54, 0x5f, 0xd7, 0x6c, 0xc5, 0x9a, 0x90, 0x53, 0x18, 0xde, 0x5e,
161 0x62, 0x89, 0xb9, 0x2f, 0x66, 0x59, 0x3a, 0x3d, 0x10, 0xeb, 0xa5, 0x99,
162 0xf6, 0x21, 0x7d, 0xf2, 0x7b, 0x42, 0x15, 0x1c, 0x55, 0x79, 0x15, 0xaa,
163 0xa4, 0x17, 0x2e, 0x48, 0xc3, 0xa8, 0x36, 0xf5, 0x1a, 0x97, 0xce, 0xbd,
164 0x72, 0xef, 0x1d, 0x50, 0x5b, 0xb1, 0x60, 0x0a, 0x5c, 0x0b, 0xa6, 0x21,
165 0x38, 0x28, 0x4e, 0x89, 0x33, 0x1d, 0xb5, 0x7e, 0x5c, 0xf1, 0x6b, 0x2c,
166 0xbd, 0xad, 0x84, 0xb2, 0x8e, 0x96, 0xe2, 0x30, 0xe7, 0x54, 0xb8, 0xc9,
167 0x70, 0xcb, 0x10, 0x30, 0x63, 0x90, 0xf4, 0x45, 0x64, 0x93, 0x09, 0x38,
168 0x6a, 0x47, 0x58, 0x31, 0x04, 0x1a, 0x18, 0x04, 0x1a, 0xe0, 0xd7, 0x0b,
169 0x3c, 0xbe, 0x2a, 0x9c, 0xec, 0xcc, 0x0d, 0x0c, 0xed, 0xde, 0x54, 0xbc,
170 0xe6, 0x93, 0x59, 0xfc
173 static int ffc_params_validate_g_unverified_test(void)
177 BIGNUM
*p
= NULL
, *q
= NULL
, *g
= NULL
;
178 BIGNUM
*p1
= NULL
, *g1
= NULL
;
180 ossl_ffc_params_init(¶ms
);
182 if (!TEST_ptr(p
= BN_bin2bn(dsa_2048_224_sha256_p
,
183 sizeof(dsa_2048_224_sha256_p
), NULL
)))
186 if (!TEST_ptr(q
= BN_bin2bn(dsa_2048_224_sha256_q
,
187 sizeof(dsa_2048_224_sha256_q
), NULL
)))
189 if (!TEST_ptr(g
= BN_bin2bn(dsa_2048_224_sha256_g
,
190 sizeof(dsa_2048_224_sha256_g
), NULL
)))
194 /* Fail if g is NULL */
195 ossl_ffc_params_set0_pqg(¶ms
, p
, q
, NULL
);
198 ossl_ffc_params_set_flags(¶ms
, FFC_PARAM_FLAG_VALIDATE_G
);
199 ossl_ffc_set_digest(¶ms
, "SHA256", NULL
);
201 if (!TEST_false(ossl_ffc_params_FIPS186_4_validate(NULL
, ¶ms
,
206 ossl_ffc_params_set0_pqg(¶ms
, p
, q
, g
);
208 if (!TEST_true(ossl_ffc_params_FIPS186_4_validate(NULL
, ¶ms
,
215 if (!TEST_false(ossl_ffc_params_FIPS186_4_validate(NULL
, ¶ms
,
222 if (!TEST_false(ossl_ffc_params_FIPS186_4_validate(NULL
, ¶ms
,
229 if (!TEST_false(ossl_ffc_params_FIPS186_4_validate(NULL
, ¶ms
,
236 ossl_ffc_params_cleanup(¶ms
);
243 static int ffc_params_validate_pq_test(void)
245 int ret
= 0, res
= -1;
247 BIGNUM
*p
= NULL
, *q
= NULL
;
249 ossl_ffc_params_init(¶ms
);
250 if (!TEST_ptr(p
= BN_bin2bn(dsa_2048_224_sha224_p
,
251 sizeof(dsa_2048_224_sha224_p
),
254 if (!TEST_ptr(q
= BN_bin2bn(dsa_2048_224_sha224_q
,
255 sizeof(dsa_2048_224_sha224_q
),
260 ossl_ffc_params_set0_pqg(¶ms
, NULL
, q
, NULL
);
262 ossl_ffc_params_set_flags(¶ms
, FFC_PARAM_FLAG_VALIDATE_PQ
);
263 ossl_ffc_set_digest(¶ms
, "SHA224", NULL
);
265 if (!TEST_false(ossl_ffc_params_FIPS186_4_validate(NULL
, ¶ms
,
270 /* Test valid case */
271 ossl_ffc_params_set0_pqg(¶ms
, p
, NULL
, NULL
);
273 ossl_ffc_params_set_validate_params(¶ms
, dsa_2048_224_sha224_seed
,
274 sizeof(dsa_2048_224_sha224_seed
),
275 dsa_2048_224_sha224_counter
);
276 if (!TEST_true(ossl_ffc_params_FIPS186_4_validate(NULL
, ¶ms
,
281 /* Bad counter - so p is not prime */
282 ossl_ffc_params_set_validate_params(¶ms
, dsa_2048_224_sha224_seed
,
283 sizeof(dsa_2048_224_sha224_seed
),
285 if (!TEST_false(ossl_ffc_params_FIPS186_4_validate(NULL
, ¶ms
,
290 /* seedlen smaller than N */
291 ossl_ffc_params_set_validate_params(¶ms
, dsa_2048_224_sha224_seed
,
292 sizeof(dsa_2048_224_sha224_seed
)-1,
293 dsa_2048_224_sha224_counter
);
294 if (!TEST_false(ossl_ffc_params_FIPS186_4_validate(NULL
, ¶ms
,
299 /* Provided seed doesnt produce a valid prime q */
300 ossl_ffc_params_set_validate_params(¶ms
, dsa_2048_224_sha224_bad_seed
,
301 sizeof(dsa_2048_224_sha224_bad_seed
),
302 dsa_2048_224_sha224_counter
);
303 if (!TEST_false(ossl_ffc_params_FIPS186_4_validate(NULL
, ¶ms
,
308 if (!TEST_ptr(p
= BN_bin2bn(dsa_3072_256_sha512_p
,
309 sizeof(dsa_3072_256_sha512_p
), NULL
)))
311 if (!TEST_ptr(q
= BN_bin2bn(dsa_3072_256_sha512_q
,
312 sizeof(dsa_3072_256_sha512_q
),
317 ossl_ffc_params_set0_pqg(¶ms
, p
, q
, NULL
);
319 ossl_ffc_set_digest(¶ms
, "SHA512", NULL
);
320 ossl_ffc_params_set_validate_params(¶ms
, dsa_3072_256_sha512_seed
,
321 sizeof(dsa_3072_256_sha512_seed
),
322 dsa_3072_256_sha512_counter
);
323 /* Q doesn't div P-1 */
324 if (!TEST_false(ossl_ffc_params_FIPS186_4_validate(NULL
, ¶ms
,
329 /* Bad L/N for FIPS DH */
330 if (!TEST_false(ossl_ffc_params_FIPS186_4_validate(NULL
, ¶ms
,
337 ossl_ffc_params_cleanup(¶ms
);
342 #endif /* OPENSSL_NO_DSA */
344 #ifndef OPENSSL_NO_DH
345 static int ffc_params_gen_test(void)
347 int ret
= 0, res
= -1;
350 ossl_ffc_params_init(¶ms
);
351 if (!TEST_true(ossl_ffc_params_FIPS186_4_generate(NULL
, ¶ms
,
353 2048, 256, &res
, NULL
)))
355 if (!TEST_true(ossl_ffc_params_FIPS186_4_validate(NULL
, ¶ms
,
362 ossl_ffc_params_cleanup(¶ms
);
366 static int ffc_params_gen_canonicalg_test(void)
368 int ret
= 0, res
= -1;
371 ossl_ffc_params_init(¶ms
);
373 if (!TEST_true(ossl_ffc_params_FIPS186_4_generate(NULL
, ¶ms
,
375 2048, 256, &res
, NULL
)))
377 if (!TEST_true(ossl_ffc_params_FIPS186_4_validate(NULL
, ¶ms
,
382 if (!TEST_true(ossl_ffc_params_print(bio_out
, ¶ms
, 4)))
387 ossl_ffc_params_cleanup(¶ms
);
391 static int ffc_params_fips186_2_gen_validate_test(void)
393 int ret
= 0, res
= -1;
397 ossl_ffc_params_init(¶ms
);
398 if (!TEST_ptr(bn
= BN_new()))
400 if (!TEST_true(ossl_ffc_params_FIPS186_2_generate(NULL
, ¶ms
,
402 1024, 160, &res
, NULL
)))
404 if (!TEST_true(ossl_ffc_params_FIPS186_2_validate(NULL
, ¶ms
,
410 * The fips186-2 generation should produce a different q compared to
411 * fips 186-4 given the same seed value. So validation of q will fail.
413 if (!TEST_false(ossl_ffc_params_FIPS186_4_validate(NULL
, ¶ms
,
417 /* As the params are randomly generated the error is one of the following */
418 if (!TEST_true(res
== FFC_CHECK_Q_MISMATCH
|| res
== FFC_CHECK_Q_NOT_PRIME
))
421 ossl_ffc_params_set_flags(¶ms
, FFC_PARAM_FLAG_VALIDATE_G
);
422 /* Partially valid g test will still pass */
423 if (!TEST_int_eq(ossl_ffc_params_FIPS186_4_validate(NULL
, ¶ms
,
428 if (!TEST_true(ossl_ffc_params_print(bio_out
, ¶ms
, 4)))
434 ossl_ffc_params_cleanup(¶ms
);
438 extern FFC_PARAMS
*dh_get0_params(DH
*dh
);
440 static int ffc_public_validate_test(void)
442 int ret
= 0, res
= -1;
447 if (!TEST_ptr(pub
= BN_new()))
450 if (!TEST_ptr(dh
= DH_new_by_nid(NID_ffdhe2048
)))
452 params
= dh_get0_params(dh
);
454 if (!TEST_true(BN_set_word(pub
, 1)))
456 BN_set_negative(pub
, 1);
457 /* Fail if public key is negative */
458 if (!TEST_false(ossl_ffc_validate_public_key(params
, pub
, &res
)))
460 if (!TEST_int_eq(FFC_ERROR_PUBKEY_TOO_SMALL
, res
))
462 if (!TEST_true(BN_set_word(pub
, 0)))
464 if (!TEST_int_eq(FFC_ERROR_PUBKEY_TOO_SMALL
, res
))
466 /* Fail if public key is zero */
467 if (!TEST_false(ossl_ffc_validate_public_key(params
, pub
, &res
)))
469 if (!TEST_int_eq(FFC_ERROR_PUBKEY_TOO_SMALL
, res
))
471 /* Fail if public key is 1 */
472 if (!TEST_false(ossl_ffc_validate_public_key(params
, BN_value_one(), &res
)))
474 if (!TEST_int_eq(FFC_ERROR_PUBKEY_TOO_SMALL
, res
))
476 if (!TEST_true(BN_add_word(pub
, 2)))
478 /* Pass if public key >= 2 */
479 if (!TEST_true(ossl_ffc_validate_public_key(params
, pub
, &res
)))
482 if (!TEST_ptr(BN_copy(pub
, params
->p
)))
484 /* Fail if public key = p */
485 if (!TEST_false(ossl_ffc_validate_public_key(params
, pub
, &res
)))
487 if (!TEST_int_eq(FFC_ERROR_PUBKEY_TOO_LARGE
, res
))
490 if (!TEST_true(BN_sub_word(pub
, 1)))
492 /* Fail if public key = p - 1 */
493 if (!TEST_false(ossl_ffc_validate_public_key(params
, pub
, &res
)))
495 if (!TEST_int_eq(FFC_ERROR_PUBKEY_TOO_LARGE
, res
))
498 if (!TEST_true(BN_sub_word(pub
, 1)))
500 /* Fail if public key is not related to p & q */
501 if (!TEST_false(ossl_ffc_validate_public_key(params
, pub
, &res
)))
503 if (!TEST_int_eq(FFC_ERROR_PUBKEY_INVALID
, res
))
506 if (!TEST_true(BN_sub_word(pub
, 5)))
508 /* Pass if public key is valid */
509 if (!TEST_true(ossl_ffc_validate_public_key(params
, pub
, &res
)))
519 static int ffc_private_validate_test(void)
521 int ret
= 0, res
= -1;
526 if (!TEST_ptr(priv
= BN_new()))
529 if (!TEST_ptr(dh
= DH_new_by_nid(NID_ffdhe2048
)))
531 params
= dh_get0_params(dh
);
533 if (!TEST_true(BN_set_word(priv
, 1)))
535 BN_set_negative(priv
, 1);
536 /* Fail if priv key is negative */
537 if (!TEST_false(ossl_ffc_validate_private_key(params
->q
, priv
, &res
)))
539 if (!TEST_int_eq(FFC_ERROR_PRIVKEY_TOO_SMALL
, res
))
542 if (!TEST_true(BN_set_word(priv
, 0)))
544 /* Fail if priv key is zero */
545 if (!TEST_false(ossl_ffc_validate_private_key(params
->q
, priv
, &res
)))
547 if (!TEST_int_eq(FFC_ERROR_PRIVKEY_TOO_SMALL
, res
))
550 /* Pass if priv key >= 1 */
551 if (!TEST_true(ossl_ffc_validate_private_key(params
->q
, BN_value_one(),
555 if (!TEST_ptr(BN_copy(priv
, params
->q
)))
557 /* Fail if priv key = upper */
558 if (!TEST_false(ossl_ffc_validate_private_key(params
->q
, priv
, &res
)))
560 if (!TEST_int_eq(FFC_ERROR_PRIVKEY_TOO_LARGE
, res
))
563 if (!TEST_true(BN_sub_word(priv
, 1)))
565 /* Pass if priv key <= upper - 1 */
566 if (!TEST_true(ossl_ffc_validate_private_key(params
->q
, priv
, &res
)))
576 static int ffc_private_gen_test(int index
)
578 int ret
= 0, res
= -1, N
;
584 if (!TEST_ptr(ctx
= BN_CTX_new_ex(NULL
)))
587 if (!TEST_ptr(priv
= BN_new()))
590 if (!TEST_ptr(dh
= DH_new_by_nid(NID_ffdhe2048
)))
592 params
= dh_get0_params(dh
);
594 N
= BN_num_bits(params
->q
);
595 /* Fail since N < 2*s - where s = 112*/
596 if (!TEST_false(ossl_ffc_generate_private_key(ctx
, params
, 220, 112, priv
)))
598 /* fail since N > len(q) */
599 if (!TEST_false(ossl_ffc_generate_private_key(ctx
, params
, N
+ 1, 112, priv
)))
601 /* pass since 2s <= N <= len(q) */
602 if (!TEST_true(ossl_ffc_generate_private_key(ctx
, params
, N
, 112, priv
)))
604 /* pass since N = len(q) */
605 if (!TEST_true(ossl_ffc_validate_private_key(params
->q
, priv
, &res
)))
607 /* pass since 2s <= N < len(q) */
608 if (!TEST_true(ossl_ffc_generate_private_key(ctx
, params
, N
/ 2, 112, priv
)))
610 if (!TEST_true(ossl_ffc_validate_private_key(params
->q
, priv
, &res
)))
613 /* N and s are ignored in this case */
614 if (!TEST_true(ossl_ffc_generate_private_key(ctx
, params
, 0, 0, priv
)))
616 if (!TEST_true(ossl_ffc_validate_private_key(params
->q
, priv
, &res
)))
626 #endif /* OPENSSL_NO_DH */
628 int setup_tests(void)
630 #ifndef OPENSSL_NO_DSA
631 ADD_TEST(ffc_params_validate_pq_test
);
632 ADD_TEST(ffc_params_validate_g_unverified_test
);
633 #endif /* OPENSSL_NO_DSA */
634 #ifndef OPENSSL_NO_DH
635 ADD_TEST(ffc_params_gen_test
);
636 ADD_TEST(ffc_params_gen_canonicalg_test
);
637 ADD_TEST(ffc_params_fips186_2_gen_validate_test
);
638 ADD_TEST(ffc_public_validate_test
);
639 ADD_TEST(ffc_private_validate_test
);
640 ADD_ALL_TESTS(ffc_private_gen_test
, 10);
641 #endif /* OPENSSL_NO_DH */