]> git.ipfire.org Git - thirdparty/openssl.git/blame - test/acvp_test.c
projects / thirdparty / openssl.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
en EVP_PKEY_CTX_set_rsa_keygen_pubexp() BIGNUM management
[thirdparty/openssl.git] / test / acvp_test.c
CommitLineData
4f2271d5
SL		 1/*
2 * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10/*
11 * A set of tests demonstrating uses cases for CAVS/ACVP testing.
12 *
13 * For examples of testing KDF's, Digests, KeyAgreement & DRBG's refer to
14 * providers/fips/self_test_kats.c
15 */
16
f8e74747 17#include <string.h>
4f2271d5
SL		 18#include <openssl/opensslconf.h> /* To see if OPENSSL_NO_EC is defined */
19#include <openssl/core_names.h>
20#include <openssl/evp.h>
21#include <openssl/ec.h>
22#include <openssl/dh.h>
23#include <openssl/dsa.h>
24#include <openssl/rsa.h>
25#include <openssl/param_build.h>
26#include <openssl/provider.h>
f8e74747 27#include <openssl/self_test.h>
4f2271d5
SL		 28#include "testutil.h"
29#include "testutil/output.h"
30#include "acvp_test.inc"
31#include "internal/nelem.h"
32
4f2271d5
SL		 33typedef enum OPTION_choice {
34 OPT_ERR = -1,
35 OPT_EOF = 0,
36 OPT_CONFIG_FILE,
37 OPT_TEST_ENUM
38} OPTION_CHOICE;
39
f8e74747
SL		 40typedef struct st_args {
41 int enable;
42 int called;
43} SELF_TEST_ARGS;
44
45static OSSL_PROVIDER *prov_null = NULL;
46static OPENSSL_CTX *libctx = NULL;
47static SELF_TEST_ARGS self_test_args = { 0 };
48static OSSL_CALLBACK self_test_events;
49
4f2271d5
SL		 50const OPTIONS *test_get_options(void)
51{
52 static const OPTIONS test_options[] = {
53 OPT_TEST_OPTIONS_DEFAULT_USAGE,
54 { "config", OPT_CONFIG_FILE, '<',
55 "The configuration file to use for the libctx" },
56 { NULL }
57 };
58 return test_options;
59}
60
61#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DSA) \
62 || !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_RSA)
63static int pkey_get_bn_bytes(EVP_PKEY *pkey, const char *name,
64 unsigned char **out, size_t *out_len)
65{
66 unsigned char *buf = NULL;
67 BIGNUM *bn = NULL;
68 int sz;
69
70 if (!EVP_PKEY_get_bn_param(pkey, name, &bn))
71 goto err;
72 sz = BN_num_bytes(bn);
73 buf = OPENSSL_zalloc(sz);
74 if (buf == NULL)
75 goto err;
76 if (!BN_bn2binpad(bn, buf, sz))
77 goto err;
78
79 *out_len = sz;
80 *out = buf;
81 BN_free(bn);
82 return 1;
83err:
84 OPENSSL_free(buf);
85 BN_free(bn);
86 return 0;
87}
88#endif
89
90#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DSA) \
91 || !defined(OPENSSL_NO_RSA)
92static int sig_gen(EVP_PKEY *pkey, OSSL_PARAM *params, const char *digest_name,
93 const unsigned char *msg, size_t msg_len,
94 unsigned char **sig_out, size_t *sig_out_len)
95{
96 int ret = 0;
97 EVP_MD_CTX *md_ctx = NULL;
98 unsigned char *sig = NULL;
99 size_t sig_len;
100 size_t sz = EVP_PKEY_size(pkey);
101
102 if (!TEST_ptr(sig = OPENSSL_malloc(sz))
103 || !TEST_ptr(md_ctx = EVP_MD_CTX_new())
0ab18e79
SL		 104 || !TEST_int_eq(EVP_DigestSignInit_with_libctx(md_ctx, NULL,
105 digest_name, libctx, NULL,
106 pkey), 1)
4f2271d5
SL		 107 || !TEST_int_gt(EVP_DigestSign(md_ctx, sig, &sig_len, msg, msg_len), 0))
108 goto err;
109 *sig_out = sig;
110 *sig_out_len = sig_len;
111 sig = NULL;
112 ret = 1;
113err:
114 OPENSSL_free(sig);
115 EVP_MD_CTX_free(md_ctx);
116 return ret;
117}
118#endif
119
120#ifndef OPENSSL_NO_EC
121static int ecdsa_keygen_test(int id)
122{
123 int ret = 0;
124 EVP_PKEY_CTX *ctx = NULL;
125 EVP_PKEY *pkey = NULL;
126 unsigned char *priv = NULL;
127 unsigned char *pubx = NULL, *puby = NULL;
128 size_t priv_len = 0, pubx_len = 0, puby_len = 0;
129 const struct ecdsa_keygen_st *tst = &ecdsa_keygen_data[id];
130
f8e74747
SL		 131 self_test_args.called = 0;
132 self_test_args.enable = 1;
4f2271d5
SL		 133 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "EC", NULL))
134 || !TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
11a1b341 135 || !TEST_true(EVP_PKEY_CTX_set_group_name(ctx, tst->curve_name))
4f2271d5 136 || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0)
f8e74747 137 || !TEST_int_eq(self_test_args.called, 3)
4f2271d5
SL		 138 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_PRIV_KEY, &priv,
139 &priv_len))
140 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_EC_PUB_X, &pubx,
141 &pubx_len))
142 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_EC_PUB_Y, &puby,
143 &puby_len)))
144 goto err;
145
146 test_output_memory("qy", puby, puby_len);
147 test_output_memory("qx", pubx, pubx_len);
148 test_output_memory("d", priv, priv_len);
149 ret = 1;
150err:
f8e74747
SL		 151 self_test_args.enable = 0;
152 self_test_args.called = 0;
4f2271d5
SL		 153 OPENSSL_clear_free(priv, priv_len);
154 OPENSSL_free(pubx);
155 OPENSSL_free(puby);
156 EVP_PKEY_free(pkey);
157 EVP_PKEY_CTX_free(ctx);
158 return ret;
159}
160
161static int ecdsa_create_pkey(EVP_PKEY **pkey, const char *curve_name,
162 const unsigned char *pub, size_t pub_len,
163 int expected)
164{
165 int ret = 0;
166 EVP_PKEY_CTX *ctx = NULL;
167 OSSL_PARAM_BLD *bld = NULL;
168 OSSL_PARAM *params = NULL;
169
170 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
171 || (curve_name != NULL
172 && !TEST_true(OSSL_PARAM_BLD_push_utf8_string(
11a1b341 173 bld, OSSL_PKEY_PARAM_GROUP_NAME, curve_name, 0) > 0))
4f2271d5
SL		 174 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
175 OSSL_PKEY_PARAM_PUB_KEY,
176 pub, pub_len) > 0)
177 || !TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
178 || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "EC", NULL))
179 || !TEST_true(EVP_PKEY_key_fromdata_init(ctx))
180 || !TEST_int_eq(EVP_PKEY_fromdata(ctx, pkey, params), expected))
181 goto err;
182
183 ret = 1;
184err:
185 OSSL_PARAM_BLD_free_params(params);
186 OSSL_PARAM_BLD_free(bld);
187 EVP_PKEY_CTX_free(ctx);
188 return ret;
189}
190
191static int ecdsa_pub_verify_test(int id)
192{
193 const struct ecdsa_pub_verify_st *tst = &ecdsa_pv_data[id];
194
195 int ret = 0;
196 EVP_PKEY_CTX *key_ctx = NULL;
197 EVP_PKEY *pkey = NULL;
198
199 if (!TEST_true(ecdsa_create_pkey(&pkey, tst->curve_name,
200 tst->pub, tst->pub_len, tst->pass)))
201 goto err;
202
203 if (tst->pass) {
204 if (!TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, ""))
205 || !TEST_int_eq(EVP_PKEY_public_check(key_ctx), tst->pass))
206 goto err;
207 }
208 ret = 1;
209err:
210 EVP_PKEY_free(pkey);
211 EVP_PKEY_CTX_free(key_ctx);
212 return ret;
213}
214
215/* Extract r and s from a ecdsa signature */
216static int get_ecdsa_sig_rs_bytes(const unsigned char *sig, size_t sig_len,
217 unsigned char **r, unsigned char **s,
218 size_t *rlen, size_t *slen)
219{
220 int ret = 0;
221 unsigned char *rbuf = NULL, *sbuf = NULL;
222 size_t r1_len, s1_len;
223 const BIGNUM *r1, *s1;
224 ECDSA_SIG *sign = d2i_ECDSA_SIG(NULL, &sig, sig_len);
225
226 if (sign == NULL)
227 return 0;
228 r1 = ECDSA_SIG_get0_r(sign);
229 s1 = ECDSA_SIG_get0_s(sign);
230 if (r1 == NULL || s1 == NULL)
231 return 0;
232
233 r1_len = BN_num_bytes(r1);
234 s1_len = BN_num_bytes(s1);
235 rbuf = OPENSSL_zalloc(r1_len);
236 sbuf = OPENSSL_zalloc(s1_len);
237 if (rbuf == NULL || sbuf == NULL)
238 goto err;
239 if (BN_bn2binpad(r1, rbuf, r1_len) <= 0)
240 goto err;
241 if (BN_bn2binpad(s1, sbuf, s1_len) <= 0)
242 goto err;
243 *r = rbuf;
244 *s = sbuf;
245 *rlen = r1_len;
246 *slen = s1_len;
247 ret = 1;
248err:
249 if (ret == 0) {
250 OPENSSL_free(rbuf);
251 OPENSSL_free(sbuf);
252 }
253 ECDSA_SIG_free(sign);
254 return ret;
255}
256
257static int ecdsa_siggen_test(int id)
258{
259 int ret = 0;
260 EVP_PKEY_CTX *ctx = NULL, *key_ctx = NULL;
261 EVP_PKEY *pkey = NULL;
262 size_t sig_len = 0, rlen = 0, slen = 0;
263 unsigned char *sig = NULL;
264 unsigned char *r = NULL, *s = NULL;
265 const struct ecdsa_siggen_st *tst = &ecdsa_siggen_data[id];
266
267 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "EC", NULL))
268 || !TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
11a1b341 269 || !TEST_true(EVP_PKEY_CTX_set_group_name(ctx, tst->curve_name))
4f2271d5
SL		 270 || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0))
271 goto err;
272
273 if (!TEST_true(sig_gen(pkey, NULL, tst->digest_alg, tst->msg, tst->msg_len,
274 &sig, &sig_len))
275 || !TEST_true(get_ecdsa_sig_rs_bytes(sig, sig_len, &r, &s, &rlen, &slen)))
276 goto err;
277 test_output_memory("r", r, rlen);
278 test_output_memory("s", s, slen);
279 ret = 1;
280err:
281 OPENSSL_free(r);
282 OPENSSL_free(s);
283 OPENSSL_free(sig);
284 EVP_PKEY_free(pkey);
285 EVP_PKEY_CTX_free(key_ctx);
286 EVP_PKEY_CTX_free(ctx);
287 return ret;
288}
289
290static int ecdsa_sigver_test(int id)
291{
292 int ret = 0;
293 EVP_MD_CTX *md_ctx = NULL;
294 EVP_PKEY *pkey = NULL;
295 ECDSA_SIG *sign = NULL;
296 size_t sig_len;
297 unsigned char *sig = NULL;
298 BIGNUM *rbn = NULL, *sbn = NULL;
299 const struct ecdsa_sigver_st *tst = &ecdsa_sigver_data[id];
300
301 if (!TEST_true(ecdsa_create_pkey(&pkey, tst->curve_name,
302 tst->pub, tst->pub_len, 1)))
303 goto err;
304
305 if (!TEST_ptr(sign = ECDSA_SIG_new())
306 || !TEST_ptr(rbn = BN_bin2bn(tst->r, tst->r_len, NULL))
307 || !TEST_ptr(sbn = BN_bin2bn(tst->s, tst->s_len, NULL))
308 || !TEST_true(ECDSA_SIG_set0(sign, rbn, sbn)))
309 goto err;
310 rbn = sbn = NULL;
311
312 ret = TEST_int_gt((sig_len = i2d_ECDSA_SIG(sign, &sig)), 0)
313 && TEST_ptr(md_ctx = EVP_MD_CTX_new())
0ab18e79
SL		 314 && TEST_true(EVP_DigestVerifyInit_with_libctx(md_ctx, NULL,
315 tst->digest_alg,
316 libctx, NULL, pkey)
4f2271d5
SL		 317 && TEST_int_eq(EVP_DigestVerify(md_ctx, sig, sig_len,
318 tst->msg, tst->msg_len), tst->pass));
319err:
320 BN_free(rbn);
321 BN_free(sbn);
322 OPENSSL_free(sig);
323 ECDSA_SIG_free(sign);
324 EVP_PKEY_free(pkey);
325 EVP_MD_CTX_free(md_ctx);
326 return ret;
327
328}
329#endif /* OPENSSL_NO_EC */
330
331#ifndef OPENSSL_NO_DSA
332static int pkey_get_octet_bytes(EVP_PKEY *pkey, const char *name,
333 unsigned char **out, size_t *out_len)
334{
335 size_t len = 0;
336 unsigned char *buf = NULL;
337
338 if (!EVP_PKEY_get_octet_string_param(pkey, name, NULL, 0, &len))
339 goto err;
340
341 buf = OPENSSL_zalloc(len);
342 if (buf == NULL)
343 goto err;
344
345 if (!EVP_PKEY_get_octet_string_param(pkey, name, buf, len, out_len))
346 goto err;
347 *out = buf;
348 return 1;
349err:
350 OPENSSL_free(buf);
351 return 0;
352}
353
354static EVP_PKEY *dsa_paramgen(int L, int N)
355{
356 EVP_PKEY_CTX *paramgen_ctx = NULL;
357 EVP_PKEY *param_key = NULL;
358
359 if (!TEST_ptr(paramgen_ctx = EVP_PKEY_CTX_new_from_name(libctx, "DSA", NULL))
360 || !TEST_true(EVP_PKEY_paramgen_init(paramgen_ctx))
361 || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_bits(paramgen_ctx, L))
362 || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_q_bits(paramgen_ctx, N))
363 || !TEST_true(EVP_PKEY_paramgen(paramgen_ctx, &param_key)))
364 return NULL;
365 EVP_PKEY_CTX_free(paramgen_ctx);
366 return param_key;
367}
368
369static EVP_PKEY *dsa_keygen(int L, int N)
370{
371 EVP_PKEY *param_key = NULL, *key = NULL;
372 EVP_PKEY_CTX *keygen_ctx = NULL;
373
374 if (!TEST_ptr(param_key = dsa_paramgen(L, N))
375 || !TEST_ptr(keygen_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, param_key,
376 NULL))
377 || !TEST_int_gt(EVP_PKEY_keygen_init(keygen_ctx), 0)
378 || !TEST_int_gt(EVP_PKEY_keygen(keygen_ctx, &key), 0))
379 goto err;
380err:
381 EVP_PKEY_free(param_key);
382 EVP_PKEY_CTX_free(keygen_ctx);
383 return key;
384}
385
386static int dsa_keygen_test(int id)
387{
388 int ret = 0, i;
389 EVP_PKEY_CTX *paramgen_ctx = NULL, *keygen_ctx = NULL;
390 EVP_PKEY *param_key = NULL, *key = NULL;
391 unsigned char *priv = NULL, *pub = NULL;
392 size_t priv_len = 0, pub_len = 0;
393 const struct dsa_paramgen_st *tst = &dsa_keygen_data[id];
394
395 if (!TEST_ptr(param_key = dsa_paramgen(tst->L, tst->N))
396 || !TEST_ptr(keygen_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, param_key,
397 NULL))
398 || !TEST_int_gt(EVP_PKEY_keygen_init(keygen_ctx), 0))
399 goto err;
400 for (i = 0; i < 2; ++i) {
401 if (!TEST_int_gt(EVP_PKEY_keygen(keygen_ctx, &key), 0)
402 || !TEST_true(pkey_get_bn_bytes(key, OSSL_PKEY_PARAM_PRIV_KEY,
403 &priv, &priv_len))
404 || !TEST_true(pkey_get_bn_bytes(key, OSSL_PKEY_PARAM_PUB_KEY,
405 &pub, &pub_len)))
406 goto err;
407 test_output_memory("y", pub, pub_len);
408 test_output_memory("x", priv, priv_len);
409 EVP_PKEY_free(key);
410 OPENSSL_clear_free(priv, priv_len);
411 OPENSSL_free(pub);
412 key = NULL;
413 pub = priv = NULL;
414 }
415 ret = 1;
416err:
417 OPENSSL_clear_free(priv, priv_len);
418 OPENSSL_free(pub);
419 EVP_PKEY_free(param_key);
420 EVP_PKEY_free(key);
421 EVP_PKEY_CTX_free(keygen_ctx);
422 EVP_PKEY_CTX_free(paramgen_ctx);
423 return ret;
424}
425
426static int dsa_paramgen_test(int id)
427{
428 int ret = 0, counter = 0;
429 EVP_PKEY_CTX *paramgen_ctx = NULL;
430 EVP_PKEY *param_key = NULL;
431 unsigned char *p = NULL, *q = NULL, *seed = NULL;
432 size_t plen = 0, qlen = 0, seedlen = 0;
433 const struct dsa_paramgen_st *tst = &dsa_paramgen_data[id];
434
435 if (!TEST_ptr(paramgen_ctx = EVP_PKEY_CTX_new_from_name(libctx, "DSA", NULL))
436 || !TEST_true(EVP_PKEY_paramgen_init(paramgen_ctx))
437 || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_bits(paramgen_ctx, tst->L))
438 || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_q_bits(paramgen_ctx, tst->N))
439 || !TEST_true(EVP_PKEY_paramgen(paramgen_ctx, &param_key))
440 || !TEST_true(pkey_get_bn_bytes(param_key, OSSL_PKEY_PARAM_FFC_P,
441 &p, &plen))
442 || !TEST_true(pkey_get_bn_bytes(param_key, OSSL_PKEY_PARAM_FFC_Q,
443 &q, &qlen))
444 || !TEST_true(pkey_get_octet_bytes(param_key, OSSL_PKEY_PARAM_FFC_SEED,
445 &seed, &seedlen))
446 || !TEST_true(EVP_PKEY_get_int_param(param_key,
447 OSSL_PKEY_PARAM_FFC_PCOUNTER,
448 &counter)))
449 goto err;
450
451 test_output_memory("p", p, plen);
452 test_output_memory("q", q, qlen);
453 test_output_memory("domainSeed", seed, seedlen);
454 test_printf_stderr("%s: %d\n", "counter", counter);
455 ret = 1;
456err:
457 OPENSSL_free(p);
458 OPENSSL_free(q);
459 OPENSSL_free(seed);
460 EVP_PKEY_free(param_key);
461 EVP_PKEY_CTX_free(paramgen_ctx);
462 return ret;
463}
464
465static int dsa_create_pkey(EVP_PKEY **pkey,
466 const unsigned char *p, size_t p_len,
467 const unsigned char *q, size_t q_len,
468 const unsigned char *g, size_t g_len,
469 const unsigned char *seed, size_t seed_len,
470 int counter,
471 const char *validate_type,
472 const unsigned char *pub, size_t pub_len,
473 BN_CTX *bn_ctx)
474{
475 int ret = 0;
476 EVP_PKEY_CTX *ctx = NULL;
477 OSSL_PARAM_BLD *bld = NULL;
478 OSSL_PARAM *params = NULL;
479 BIGNUM *p_bn = NULL, *q_bn = NULL, *g_bn = NULL, *pub_bn = NULL;
480
481 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
482 || !TEST_ptr(p_bn = BN_CTX_get(bn_ctx))
483 || !TEST_ptr(BN_bin2bn(p, p_len, p_bn))
484 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
485 OSSL_PKEY_PARAM_FFC_VALIDATE_TYPE,
486 validate_type, 0))
487 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p_bn))
488 || !TEST_ptr(q_bn = BN_CTX_get(bn_ctx))
489 || !TEST_ptr(BN_bin2bn(q, q_len, q_bn))
490 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q_bn)))
491 goto err;
492
493 if (g != NULL) {
494 if (!TEST_ptr(g_bn = BN_CTX_get(bn_ctx))
495 || !TEST_ptr(BN_bin2bn(g, g_len, g_bn))
496 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld,
497 OSSL_PKEY_PARAM_FFC_G, g_bn)))
498 goto err;
499 }
500 if (seed != NULL) {
501 if (!TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
502 OSSL_PKEY_PARAM_FFC_SEED, seed, seed_len)))
503 goto err;
504 }
505 if (counter != -1) {
506 if (!TEST_true(OSSL_PARAM_BLD_push_int(bld,
507 OSSL_PKEY_PARAM_FFC_PCOUNTER,
508 counter)))
509 goto err;
510 }
511 if (pub != NULL) {
512 if (!TEST_ptr(pub_bn = BN_CTX_get(bn_ctx))
513 || !TEST_ptr(BN_bin2bn(pub, pub_len, pub_bn))
514 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld,
515 OSSL_PKEY_PARAM_PUB_KEY,
516 pub_bn)))
517 goto err;
518 }
519 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
520 || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "DSA", NULL))
521 || !TEST_true(EVP_PKEY_key_fromdata_init(ctx))
522 || !TEST_true(EVP_PKEY_fromdata(ctx, pkey, params)))
523 goto err;
524
525 ret = 1;
526err:
527 OSSL_PARAM_BLD_free_params(params);
528 OSSL_PARAM_BLD_free(bld);
529 EVP_PKEY_CTX_free(ctx);
530 return ret;
531}
532
533static int dsa_pqver_test(int id)
534{
535 int ret = 0;
536 BN_CTX *bn_ctx = NULL;
537 EVP_PKEY_CTX *key_ctx = NULL;
538 EVP_PKEY *param_key = NULL;
539 const struct dsa_pqver_st *tst = &dsa_pqver_data[id];
540
541 if (!TEST_ptr(bn_ctx = BN_CTX_new_ex(libctx))
542 || !TEST_true(dsa_create_pkey(&param_key, tst->p, tst->p_len,
543 tst->q, tst->q_len, NULL, 0,
544 tst->seed, tst->seed_len, tst->counter,
545 OSSL_FFC_PARAM_VALIDATE_PQ,
546 NULL, 0,
547 bn_ctx))
548 || !TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, param_key,
549 NULL))
550 || !TEST_int_eq(EVP_PKEY_param_check(key_ctx), tst->pass))
551 goto err;
552
553 ret = 1;
554err:
555 BN_CTX_free(bn_ctx);
556 EVP_PKEY_free(param_key);
557 EVP_PKEY_CTX_free(key_ctx);
558 return ret;
559}
560
561/* Extract r and s from a dsa signature */
562static int get_dsa_sig_rs_bytes(const unsigned char *sig, size_t sig_len,
563 unsigned char **r, unsigned char **s,
564 size_t *r_len, size_t *s_len)
565{
566 int ret = 0;
567 unsigned char *rbuf = NULL, *sbuf = NULL;
568 size_t r1_len, s1_len;
569 const BIGNUM *r1, *s1;
570 DSA_SIG *sign = d2i_DSA_SIG(NULL, &sig, sig_len);
571
572 if (sign == NULL)
573 return 0;
574 DSA_SIG_get0(sign, &r1, &s1);
575 if (r1 == NULL || s1 == NULL)
576 return 0;
577
578 r1_len = BN_num_bytes(r1);
579 s1_len = BN_num_bytes(s1);
580 rbuf = OPENSSL_zalloc(r1_len);
581 sbuf = OPENSSL_zalloc(s1_len);
582 if (rbuf == NULL || sbuf == NULL)
583 goto err;
584 if (BN_bn2binpad(r1, rbuf, r1_len) <= 0)
585 goto err;
586 if (BN_bn2binpad(s1, sbuf, s1_len) <= 0)
587 goto err;
588 *r = rbuf;
589 *s = sbuf;
590 *r_len = r1_len;
591 *s_len = s1_len;
592 ret = 1;
593err:
594 if (ret == 0) {
595 OPENSSL_free(rbuf);
596 OPENSSL_free(sbuf);
597 }
598 DSA_SIG_free(sign);
599 return ret;
600}
601
602static int dsa_siggen_test(int id)
603{
604 int ret = 0;
605 EVP_PKEY *pkey = NULL;
606 unsigned char *sig = NULL, *r = NULL, *s = NULL;
607 size_t sig_len = 0, rlen = 0, slen = 0;
608 const struct dsa_siggen_st *tst = &dsa_siggen_data[id];
609
610 if (!TEST_ptr(pkey = dsa_keygen(tst->L, tst->N)))
611 goto err;
612
613 if (!TEST_true(sig_gen(pkey, NULL, tst->digest_alg, tst->msg, tst->msg_len,
614 &sig, &sig_len))
615 || !TEST_true(get_dsa_sig_rs_bytes(sig, sig_len, &r, &s, &rlen, &slen)))
616 goto err;
617 test_output_memory("r", r, rlen);
618 test_output_memory("s", s, slen);
619 ret = 1;
620err:
621 OPENSSL_free(r);
622 OPENSSL_free(s);
623 OPENSSL_free(sig);
624 EVP_PKEY_free(pkey);
625 return ret;
626}
627
628static int dsa_sigver_test(int id)
629{
630 int ret = 0;
631 EVP_PKEY_CTX *ctx = NULL;
632 EVP_PKEY *pkey = NULL;
633 DSA_SIG *sign = NULL;
634 size_t sig_len;
635 unsigned char *sig = NULL;
636 BIGNUM *rbn = NULL, *sbn = NULL;
637 EVP_MD *md = NULL;
638 unsigned char digest[EVP_MAX_MD_SIZE];
639 unsigned int digest_len;
640 BN_CTX *bn_ctx = NULL;
641 const struct dsa_sigver_st *tst = &dsa_sigver_data[id];
642
643 if (!TEST_ptr(bn_ctx = BN_CTX_new())
644 || !TEST_true(dsa_create_pkey(&pkey, tst->p, tst->p_len,
645 tst->q, tst->q_len, tst->g, tst->g_len,
646 NULL, 0, 0, "", tst->pub, tst->pub_len,
647 bn_ctx)))
648 goto err;
649
650 if (!TEST_ptr(sign = DSA_SIG_new())
651 || !TEST_ptr(rbn = BN_bin2bn(tst->r, tst->r_len, NULL))
652 || !TEST_ptr(sbn = BN_bin2bn(tst->s, tst->s_len, NULL))
653 || !TEST_true(DSA_SIG_set0(sign, rbn, sbn)))
654 goto err;
655 rbn = sbn = NULL;
656
657 if (!TEST_ptr(md = EVP_MD_fetch(libctx, tst->digest_alg, ""))
658 || !TEST_true(EVP_Digest(tst->msg, tst->msg_len,
659 digest, &digest_len, md, NULL)))
660 goto err;
661
662 if (!TEST_int_gt((sig_len = i2d_DSA_SIG(sign, &sig)), 0)
663 || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, ""))
664 || !TEST_int_gt(EVP_PKEY_verify_init(ctx), 0)
665 || !TEST_int_eq(EVP_PKEY_verify(ctx, sig, sig_len, digest, digest_len),
666 tst->pass))
667 goto err;
668 ret = 1;
669err:
670 EVP_PKEY_CTX_free(ctx);
671 OPENSSL_free(sig);
672 EVP_MD_free(md);
673 DSA_SIG_free(sign);
674 EVP_PKEY_free(pkey);
675 BN_free(rbn);
676 BN_free(sbn);
677 BN_CTX_free(bn_ctx);
678 return ret;
679}
680#endif /* OPENSSL_NO_DSA */
681
682
683/* cipher encrypt/decrypt */
684static int cipher_enc(const char *alg,
685 const unsigned char *pt, size_t pt_len,
686 const unsigned char *key, size_t key_len,
687 const unsigned char *iv, size_t iv_len,
688 const unsigned char *ct, size_t ct_len,
689 int enc)
690{
691 int ret = 0, out_len = 0, len = 0;
692 EVP_CIPHER_CTX *ctx = NULL;
693 EVP_CIPHER *cipher = NULL;
694 unsigned char out[256] = { 0 };
695
696 TEST_note("%s : %s", alg, enc ? "encrypt" : "decrypt");
697 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
698 || !TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, alg, ""))
699 || !TEST_true(EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, enc))
700 || !TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))
701 || !TEST_true(EVP_CipherUpdate(ctx, out, &len, pt, pt_len))
702 || !TEST_true(EVP_CipherFinal_ex(ctx, out + len, &out_len)))
703 goto err;
704 out_len += len;
705 if (!TEST_mem_eq(out, out_len, ct, ct_len))
706 goto err;
707 ret = 1;
708err:
709 EVP_CIPHER_free(cipher);
710 EVP_CIPHER_CTX_free(ctx);
711 return ret;
712}
713
714static int cipher_enc_dec_test(int id)
715{
716 const struct cipher_st *tst = &cipher_enc_data[id];
717 const int enc = 1;
718
719 return TEST_true(cipher_enc(tst->alg, tst->pt, tst->pt_len,
720 tst->key, tst->key_len,
721 tst->iv, tst->iv_len,
722 tst->ct, tst->ct_len, enc))
723 && TEST_true(cipher_enc(tst->alg, tst->ct, tst->ct_len,
724 tst->key, tst->key_len,
725 tst->iv, tst->iv_len,
726 tst->pt, tst->pt_len, !enc));
727}
728
729static int aes_ccm_enc_dec(const char *alg,
730 const unsigned char *pt, size_t pt_len,
731 const unsigned char *key, size_t key_len,
732 const unsigned char *iv, size_t iv_len,
733 const unsigned char *aad, size_t aad_len,
734 const unsigned char *ct, size_t ct_len,
735 const unsigned char *tag, size_t tag_len,
736 int enc, int pass)
737{
738 int ret = 0;
739 EVP_CIPHER_CTX *ctx;
740 EVP_CIPHER *cipher = NULL;
741 int out_len, len;
742 unsigned char out[1024];
743
744 TEST_note("%s : %s : expected to %s", alg, enc ? "encrypt" : "decrypt",
745 pass ? "pass" : "fail");
746
747 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
748 || !TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, alg, ""))
749 || !TEST_true(EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc))
750 || !TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, iv_len,
751 NULL))
752 || !TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, tag_len,
753 enc ? NULL : (void *)tag))
754 || !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, enc))
755 || !TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))
756 || !TEST_true(EVP_CipherUpdate(ctx, NULL, &len, NULL, pt_len))
757 || !TEST_true(EVP_CipherUpdate(ctx, NULL, &len, aad, aad_len))
758 || !TEST_int_eq(EVP_CipherUpdate(ctx, out, &len, pt, pt_len), pass))
759 goto err;
760
761 if (!pass) {
762 ret = 1;
763 goto err;
764 }
765 if (!TEST_true(EVP_CipherFinal_ex(ctx, out + len, &out_len)))
766 goto err;
767 if (enc) {
768 out_len += len;
769 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG,
770 tag_len, out + out_len))
771 || !TEST_mem_eq(out, out_len, ct, ct_len)
772 || !TEST_mem_eq(out + out_len, tag_len, tag, tag_len))
773 goto err;
774 } else {
775 if (!TEST_mem_eq(out, out_len + len, ct, ct_len))
776 goto err;
777 }
778
779 ret = 1;
780err:
781 EVP_CIPHER_free(cipher);
782 EVP_CIPHER_CTX_free(ctx);
783 return ret;
784}
785
786static int aes_ccm_enc_dec_test(int id)
787{
788 const struct cipher_ccm_st *tst = &aes_ccm_enc_data[id];
789
790 /* The tag is on the end of the cipher text */
791 const size_t tag_len = tst->ct_len - tst->pt_len;
792 const size_t ct_len = tst->ct_len - tag_len;
793 const unsigned char *tag = tst->ct + ct_len;
794 const int enc = 1;
795 const int pass = 1;
796
797 if (ct_len < 1)
798 return 0;
799
800 return aes_ccm_enc_dec(tst->alg, tst->pt, tst->pt_len,
801 tst->key, tst->key_len,
802 tst->iv, tst->iv_len, tst->aad, tst->aad_len,
803 tst->ct, ct_len, tag, tag_len, enc, pass)
804 && aes_ccm_enc_dec(tst->alg, tst->ct, ct_len,
805 tst->key, tst->key_len,
806 tst->iv, tst->iv_len, tst->aad, tst->aad_len,
807 tst->pt, tst->pt_len, tag, tag_len, !enc, pass)
808 /* test that it fails if the tag is incorrect */
809 && aes_ccm_enc_dec(tst->alg, tst->ct, ct_len,
810 tst->key, tst->key_len,
811 tst->iv, tst->iv_len, tst->aad, tst->aad_len,
812 tst->pt, tst->pt_len,
813 tag - 1, tag_len, !enc, !pass);
814}
815
816static int aes_gcm_enc_dec(const char *alg,
817 const unsigned char *pt, size_t pt_len,
818 const unsigned char *key, size_t key_len,
819 const unsigned char *iv, size_t iv_len,
820 const unsigned char *aad, size_t aad_len,
821 const unsigned char *ct, size_t ct_len,
822 const unsigned char *tag, size_t tag_len,
823 int enc, int pass)
824{
825 int ret = 0;
826 EVP_CIPHER_CTX *ctx;
827 EVP_CIPHER *cipher = NULL;
828 int out_len, len;
829 unsigned char out[1024];
830
831 TEST_note("%s : %s : expected to %s", alg, enc ? "encrypt" : "decrypt",
832 pass ? "pass" : "fail");
833
834 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
835 || !TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, alg, ""))
836 || !TEST_true(EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc))
837 || !TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, iv_len,
838 NULL)))
839 goto err;
840
841 if (!enc) {
842 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, tag_len,
843 (void *)tag)))
844 goto err;
845 }
846 /*
847 * TODO(3.0): The IV should not be set outside the boundary as it is now.
848 * It needs to be fed in via a dummy entropy source for this test.
849 */
850 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, enc))
851 || !TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))
852 || !TEST_true(EVP_CipherUpdate(ctx, NULL, &len, aad, aad_len))
853 || !TEST_true(EVP_CipherUpdate(ctx, out, &len, pt, pt_len)))
854 goto err;
855
856 if (!TEST_int_eq(EVP_CipherFinal_ex(ctx, out + len, &out_len), pass))
857 goto err;
858 if (!pass) {
859 ret = 1;
860 goto err;
861 }
862 out_len += len;
863 if (enc) {
864 if (!TEST_mem_eq(out, out_len, ct, ct_len)
865 || !TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG,
866 tag_len, out + out_len))
867 || !TEST_mem_eq(out + out_len, tag_len, tag, tag_len))
868 goto err;
869 } else {
870 if (!TEST_mem_eq(out, out_len, ct, ct_len))
871 goto err;
872 }
873
874 ret = 1;
875err:
876 EVP_CIPHER_free(cipher);
877 EVP_CIPHER_CTX_free(ctx);
878 return ret;
879}
880
881static int aes_gcm_enc_dec_test(int id)
882{
883 const struct cipher_gcm_st *tst = &aes_gcm_enc_data[id];
884 int enc = 1;
885 int pass = 1;
886
887 return aes_gcm_enc_dec(tst->alg, tst->pt, tst->pt_len,
888 tst->key, tst->key_len,
889 tst->iv, tst->iv_len, tst->aad, tst->aad_len,
890 tst->ct, tst->ct_len, tst->tag, tst->tag_len,
891 enc, pass)
892 && aes_gcm_enc_dec(tst->alg, tst->ct, tst->ct_len,
893 tst->key, tst->key_len,
894 tst->iv, tst->iv_len, tst->aad, tst->aad_len,
895 tst->pt, tst->pt_len, tst->tag, tst->tag_len,
896 !enc, pass)
897 /* Fail if incorrect tag passed to decrypt */
898 && aes_gcm_enc_dec(tst->alg, tst->ct, tst->ct_len,
899 tst->key, tst->key_len,
900 tst->iv, tst->iv_len, tst->aad, tst->aad_len,
901 tst->pt, tst->pt_len, tst->aad, tst->tag_len,
902 !enc, !pass);
903}
904
905#ifndef OPENSSL_NO_DH
906static int dh_create_pkey(EVP_PKEY **pkey, const char *group_name,
907 const unsigned char *pub, size_t pub_len,
908 const unsigned char *priv, size_t priv_len,
909 BN_CTX *bn_ctx, int pass)
910{
911 int ret = 0;
912 EVP_PKEY_CTX *ctx = NULL;
913 OSSL_PARAM_BLD *bld = NULL;
914 OSSL_PARAM *params = NULL;
915 BIGNUM *pub_bn = NULL, *priv_bn = NULL;
916
917 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
918 || (group_name != NULL
919 && !TEST_int_gt(OSSL_PARAM_BLD_push_utf8_string(
023b188c 920 bld, OSSL_PKEY_PARAM_GROUP_NAME,
4f2271d5
SL		 921 group_name, 0), 0)))
922 goto err;
923
924 if (pub != NULL) {
925 if (!TEST_ptr(pub_bn = BN_CTX_get(bn_ctx))
926 || !TEST_ptr(BN_bin2bn(pub, pub_len, pub_bn))
927 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
928 pub_bn)))
929 goto err;
930 }
931 if (priv != NULL) {
932 if (!TEST_ptr(priv_bn = BN_CTX_get(bn_ctx))
933 || !TEST_ptr(BN_bin2bn(priv, priv_len, priv_bn))
934 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
935 priv_bn)))
936 goto err;
937 }
938
939 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
940 || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "DH", NULL))
941 || !TEST_true(EVP_PKEY_key_fromdata_init(ctx))
942 || !TEST_int_eq(EVP_PKEY_fromdata(ctx, pkey, params), pass))
943 goto err;
944
945 ret = 1;
946err:
947 OSSL_PARAM_BLD_free_params(params);
948 OSSL_PARAM_BLD_free(bld);
949 EVP_PKEY_CTX_free(ctx);
950 return ret;
951}
952
953static int dh_safe_prime_keygen_test(int id)
954{
955 int ret = 0;
956 EVP_PKEY_CTX *ctx = NULL;
957 EVP_PKEY *pkey = NULL;
958 unsigned char *priv = NULL;
959 unsigned char *pub = NULL;
960 size_t priv_len = 0, pub_len = 0;
961 OSSL_PARAM params[2];
962 const struct dh_safe_prime_keygen_st *tst = &dh_safe_prime_keygen_data[id];
963
023b188c 964 params[0] = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME,
4f2271d5
SL		 965 (char *)tst->group_name, 0);
966 params[1] = OSSL_PARAM_construct_end();
967
968 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "DH", NULL))
969 || !TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
970 || !TEST_true(EVP_PKEY_CTX_set_params(ctx, params))
971 || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0)
972 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_PRIV_KEY,
973 &priv, &priv_len))
974 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_PUB_KEY,
975 &pub, &pub_len)))
976 goto err;
977
978 test_output_memory("x", priv, priv_len);
979 test_output_memory("y", pub, pub_len);
980 ret = 1;
981err:
982 OPENSSL_clear_free(priv, priv_len);
983 OPENSSL_free(pub);
984 EVP_PKEY_free(pkey);
985 EVP_PKEY_CTX_free(ctx);
986 return ret;
987}
988
989static int dh_safe_prime_keyver_test(int id)
990{
991 int ret = 0;
992 BN_CTX *bn_ctx = NULL;
993 EVP_PKEY_CTX *key_ctx = NULL;
994 EVP_PKEY *pkey = NULL;
995 const struct dh_safe_prime_keyver_st *tst = &dh_safe_prime_keyver_data[id];
996
997 if (!TEST_ptr(bn_ctx = BN_CTX_new_ex(libctx))
998 || !TEST_true(dh_create_pkey(&pkey, tst->group_name,
999 tst->pub, tst->pub_len,
1000 tst->priv, tst->priv_len, bn_ctx, 1))
1001 || !TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, ""))
1002 || !TEST_int_eq(EVP_PKEY_check(key_ctx), tst->pass))
1003 goto err;
1004
1005 ret = 1;
1006err:
1007 EVP_PKEY_free(pkey);
1008 EVP_PKEY_CTX_free(key_ctx);
1009 BN_CTX_free(bn_ctx);
1010 return ret;
1011}
1012#endif /* OPENSSL_NO_DH */
1013
1014
1015#ifndef OPENSSL_NO_RSA
1016static EVP_PKEY *rsa_keygen(int bits)
1017{
1018 EVP_PKEY *key = NULL;
1019 EVP_PKEY_CTX *keygen_ctx = NULL;
1020
1021 if (!TEST_ptr(keygen_ctx = EVP_PKEY_CTX_new_from_name(libctx, "RSA", NULL))
1022 || !TEST_int_gt(EVP_PKEY_keygen_init(keygen_ctx), 0)
1023 || !TEST_true(EVP_PKEY_CTX_set_rsa_keygen_bits(keygen_ctx, bits))
1024 || !TEST_int_gt(EVP_PKEY_keygen(keygen_ctx, &key), 0))
1025 goto err;
1026err:
1027 EVP_PKEY_CTX_free(keygen_ctx);
1028 return key;
1029}
1030
1031static int rsa_create_pkey(EVP_PKEY **pkey,
1032 const unsigned char *n, size_t n_len,
1033 const unsigned char *e, size_t e_len,
1034 const unsigned char *d, size_t d_len,
1035 BN_CTX *bn_ctx)
1036{
1037 int ret = 0;
1038 EVP_PKEY_CTX *ctx = NULL;
1039 OSSL_PARAM_BLD *bld = NULL;
1040 OSSL_PARAM *params = NULL;
1041 BIGNUM *e_bn = NULL, *d_bn = NULL, *n_bn = NULL;
1042
1043 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
1044 || !TEST_ptr(n_bn = BN_CTX_get(bn_ctx))
1045 || !TEST_ptr(BN_bin2bn(n, n_len, n_bn))
1046 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_N, n_bn)))
1047 goto err;
1048
1049 if (e != NULL) {
1050 if (!TEST_ptr(e_bn = BN_CTX_get(bn_ctx))
1051 || !TEST_ptr(BN_bin2bn(e, e_len, e_bn))
1052 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_E,
1053 e_bn)))
1054 goto err;
1055 }
1056 if (d != NULL) {
1057 if (!TEST_ptr(d_bn = BN_CTX_get(bn_ctx))
1058 || !TEST_ptr(BN_bin2bn(d, d_len, d_bn))
1059 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_D,
1060 d_bn)))
1061 goto err;
1062 }
1063 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
1064 || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "RSA", NULL))
1065 || !TEST_true(EVP_PKEY_key_fromdata_init(ctx))
1066 || !TEST_true(EVP_PKEY_fromdata(ctx, pkey, params)))
1067 goto err;
1068
1069 ret = 1;
1070err:
1071 OSSL_PARAM_BLD_free_params(params);
1072 OSSL_PARAM_BLD_free(bld);
1073 EVP_PKEY_CTX_free(ctx);
1074 return ret;
1075}
1076
1077static int rsa_keygen_test(int id)
1078{
1079 int ret = 0;
1080 EVP_PKEY_CTX *ctx = NULL;
1081 EVP_PKEY *pkey = NULL;
1082 BIGNUM *e_bn = NULL;
1083 BIGNUM *xp1_bn = NULL, *xp2_bn = NULL, *xp_bn = NULL;
1084 BIGNUM *xq1_bn = NULL, *xq2_bn = NULL, *xq_bn = NULL;
1085 unsigned char *n = NULL, *d = NULL;
1086 unsigned char *p = NULL, *p1 = NULL, *p2 = NULL;
1087 unsigned char *q = NULL, *q1 = NULL, *q2 = NULL;
1088 size_t n_len = 0, d_len = 0;
1089 size_t p_len = 0, p1_len = 0, p2_len = 0;
1090 size_t q_len = 0, q1_len = 0, q2_len = 0;
1091 OSSL_PARAM_BLD *bld = NULL;
1092 OSSL_PARAM *params = NULL;
1093 const struct rsa_keygen_st *tst = &rsa_keygen_data[id];
1094
1095 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
1096 || !TEST_ptr(xp1_bn = BN_bin2bn(tst->xp1, tst->xp1_len, NULL))
1097 || !TEST_ptr(xp2_bn = BN_bin2bn(tst->xp2, tst->xp2_len, NULL))
1098 || !TEST_ptr(xp_bn = BN_bin2bn(tst->xp, tst->xp_len, NULL))
1099 || !TEST_ptr(xq1_bn = BN_bin2bn(tst->xq1, tst->xq1_len, NULL))
1100 || !TEST_ptr(xq2_bn = BN_bin2bn(tst->xq2, tst->xq2_len, NULL))
1101 || !TEST_ptr(xq_bn = BN_bin2bn(tst->xq, tst->xq_len, NULL))
1102 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_TEST_XP1,
1103 xp1_bn))
1104 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_TEST_XP2,
1105 xp2_bn))
1106 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_TEST_XP,
1107 xp_bn))
1108 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_TEST_XQ1,
1109 xq1_bn))
1110 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_TEST_XQ2,
1111 xq2_bn))
1112 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_TEST_XQ,
1113 xq_bn))
1114 || !TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
1115 goto err;
1116
1117 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "RSA", NULL))
1118 || !TEST_ptr(e_bn = BN_bin2bn(tst->e, tst->e_len, NULL))
1119 || !TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
1120 || !TEST_true(EVP_PKEY_CTX_set_params(ctx, params))
1121 || !TEST_true(EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, tst->mod))
3786d748 1122 || !TEST_true(EVP_PKEY_CTX_set1_rsa_keygen_pubexp(ctx, e_bn))
4f2271d5
SL		 1123 || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0)
1124 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_TEST_P1,
1125 &p1, &p1_len))
1126 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_TEST_P2,
1127 &p2, &p2_len))
1128 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_TEST_Q1,
1129 &q1, &q1_len))
1130 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_TEST_Q2,
1131 &q2, &q2_len))
1132 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_FACTOR1,
1133 &p, &p_len))
1134 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_FACTOR2,
1135 &q, &q_len))
1136 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_N,
1137 &n, &n_len))
1138 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_D,
1139 &d, &d_len)))
1140 goto err;
1141
1142 if (!TEST_mem_eq(tst->p1, tst->p1_len, p1, p1_len)
1143 || !TEST_mem_eq(tst->p2, tst->p2_len, p2, p2_len)
1144 || !TEST_mem_eq(tst->p, tst->p_len, p, p_len)
1145 || !TEST_mem_eq(tst->q1, tst->q1_len, q1, q1_len)
1146 || !TEST_mem_eq(tst->q2, tst->q2_len, q2, q2_len)
1147 || !TEST_mem_eq(tst->q, tst->q_len, q, q_len)
1148 || !TEST_mem_eq(tst->n, tst->n_len, n, n_len)
1149 || !TEST_mem_eq(tst->d, tst->d_len, d, d_len))
1150 goto err;
1151
1152 test_output_memory("p1", p1, p1_len);
1153 test_output_memory("p2", p2, p2_len);
1154 test_output_memory("p", p, p_len);
1155 test_output_memory("q1", q1, q1_len);
1156 test_output_memory("q2", q2, q2_len);
1157 test_output_memory("q", q, q_len);
1158 test_output_memory("n", n, n_len);
1159 test_output_memory("d", d, d_len);
1160 ret = 1;
1161err:
1162 BN_free(xp1_bn);
1163 BN_free(xp2_bn);
1164 BN_free(xp_bn);
1165 BN_free(xq1_bn);
1166 BN_free(xq2_bn);
1167 BN_free(xq_bn);
1168 BN_free(e_bn);
1169 OPENSSL_free(p1);
1170 OPENSSL_free(p2);
1171 OPENSSL_free(q1);
1172 OPENSSL_free(q2);
1173 OPENSSL_free(p);
1174 OPENSSL_free(q);
1175 OPENSSL_free(n);
1176 OPENSSL_free(d);
1177 EVP_PKEY_free(pkey);
1178 EVP_PKEY_CTX_free(ctx);
1179 OSSL_PARAM_BLD_free_params(params);
1180 OSSL_PARAM_BLD_free(bld);
1181 return ret;
1182}
1183
1184static int rsa_siggen_test(int id)
1185{
1186 int ret = 0;
1187 EVP_PKEY *pkey = NULL;
1188 unsigned char *sig = NULL, *n = NULL, *e = NULL;
1189 size_t sig_len = 0, n_len = 0, e_len = 0;
1190 OSSL_PARAM params[4], *p;
1191 const struct rsa_siggen_st *tst = &rsa_siggen_data[id];
1192
1193 TEST_note("RSA %s signature generation", tst->sig_pad_mode);
1194
1195 p = params;
1196 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_PAD_MODE,
1197 (char *)tst->sig_pad_mode, 0);
1198 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
1199 (char *)tst->digest_alg, 0);
1200 if (tst->pss_salt_len >= 0) {
1201 int salt_len = tst->pss_salt_len;
1202
1203 *p++ = OSSL_PARAM_construct_int(OSSL_SIGNATURE_PARAM_PSS_SALTLEN,
1204 &salt_len);
1205 }
1206 *p++ = OSSL_PARAM_construct_end();
1207
1208 if (!TEST_ptr(pkey = rsa_keygen(tst->mod))
1209 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_N, &n, &n_len))
1210 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_E, &e, &e_len))
1211 || !TEST_true(sig_gen(pkey, params, tst->digest_alg,
1212 tst->msg, tst->msg_len,
1213 &sig, &sig_len)))
1214 goto err;
1215 test_output_memory("n", n, n_len);
1216 test_output_memory("e", e, e_len);
1217 test_output_memory("sig", sig, sig_len);
1218 ret = 1;
1219err:
1220 OPENSSL_free(n);
1221 OPENSSL_free(e);
1222 OPENSSL_free(sig);
1223 EVP_PKEY_free(pkey);
1224 return ret;
1225}
1226
1227static int rsa_sigver_test(int id)
1228{
1229 int ret = 0;
1230 EVP_PKEY_CTX *pkey_ctx = NULL;
1231 EVP_PKEY *pkey = NULL;
1232 EVP_MD_CTX *md_ctx = NULL;
1233 BN_CTX *bn_ctx = NULL;
1234 OSSL_PARAM params[4], *p;
1235 const struct rsa_sigver_st *tst = &rsa_sigver_data[id];
1236
1237 TEST_note("RSA %s Signature Verify : expected to %s ", tst->sig_pad_mode,
1238 tst->pass == PASS ? "pass" : "fail");
1239
1240 p = params;
1241 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_PAD_MODE,
1242 (char *)tst->sig_pad_mode, 0);
1243 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
1244 (char *)tst->digest_alg, 0);
1245 if (tst->pss_salt_len >= 0) {
1246 int salt_len = tst->pss_salt_len;
1247
1248 *p++ = OSSL_PARAM_construct_int(OSSL_SIGNATURE_PARAM_PSS_SALTLEN,
1249 &salt_len);
1250 }
1251 *p++ = OSSL_PARAM_construct_end();
1252
1253 if (!TEST_ptr(bn_ctx = BN_CTX_new())
1254 || !TEST_true(rsa_create_pkey(&pkey, tst->n, tst->n_len,
1255 tst->e, tst->e_len, NULL, 0, bn_ctx))
1256 || !TEST_ptr(md_ctx = EVP_MD_CTX_new())
0ab18e79
SL		 1257 || !TEST_true(EVP_DigestVerifyInit_with_libctx(md_ctx, &pkey_ctx,
1258 tst->digest_alg,
1259 libctx, NULL, pkey)
4f2271d5
SL		 1260 || !TEST_true(EVP_PKEY_CTX_set_params(pkey_ctx, params))
1261 || !TEST_int_eq(EVP_DigestVerify(md_ctx, tst->sig, tst->sig_len,
1262 tst->msg, tst->msg_len), tst->pass)))
1263 goto err;
1264 ret = 1;
1265err:
1266 EVP_PKEY_free(pkey);
1267 BN_CTX_free(bn_ctx);
1268 EVP_MD_CTX_free(md_ctx);
1269 return ret;
1270}
1271
1272static int rsa_decryption_primitive_test(int id)
1273{
1274 int ret = 0;
1275 EVP_PKEY_CTX *ctx = NULL;
1276 EVP_PKEY *pkey = NULL;
1277 unsigned char pt[2048];
1278 size_t pt_len = sizeof(pt);
1279 unsigned char *n = NULL, *e = NULL;
1280 size_t n_len = 0, e_len = 0;
1281 BN_CTX *bn_ctx = NULL;
1282 const struct rsa_decrypt_prim_st *tst = &rsa_decrypt_prim_data[id];
1283
1284 if (!TEST_ptr(pkey = rsa_keygen(2048))
1285 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_N, &n, &n_len))
1286 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_E, &e, &e_len))
1287 || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, ""))
1288 || !TEST_int_gt(EVP_PKEY_decrypt_init(ctx), 0)
1289 || !TEST_int_gt(EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_NO_PADDING), 0))
1290 goto err;
1291
1292 test_output_memory("n", n, n_len);
1293 test_output_memory("e", e, e_len);
1294 if (!EVP_PKEY_decrypt(ctx, pt, &pt_len, tst->ct, tst->ct_len))
1295 TEST_note("Decryption Failed");
1296 else
1297 test_output_memory("pt", pt, pt_len);
1298 ret = 1;
1299err:
1300 OPENSSL_free(n);
1301 OPENSSL_free(e);
1302 EVP_PKEY_CTX_free(ctx);
1303 EVP_PKEY_free(pkey);
1304 BN_CTX_free(bn_ctx);
1305 return ret;
1306}
1307#endif /* OPENSSL_NO_RSA */
1308
f8e74747
SL		 1309static int self_test_events(const OSSL_PARAM params[], void *varg)
1310{
1311 SELF_TEST_ARGS *args = varg;
1312 const OSSL_PARAM *p = NULL;
1313 const char *phase = NULL, *type = NULL, *desc = NULL;
1314 int ret = 0;
1315
1316 if (!args->enable)
1317 return 1;
1318
1319 args->called++;
1320 p = OSSL_PARAM_locate_const(params, OSSL_PROV_PARAM_SELF_TEST_PHASE);
1321 if (p == NULL || p->data_type != OSSL_PARAM_UTF8_STRING)
1322 goto err;
1323 phase = (const char *)p->data;
1324
1325 p = OSSL_PARAM_locate_const(params, OSSL_PROV_PARAM_SELF_TEST_DESC);
1326 if (p == NULL || p->data_type != OSSL_PARAM_UTF8_STRING)
1327 goto err;
1328 desc = (const char *)p->data;
1329
1330 p = OSSL_PARAM_locate_const(params, OSSL_PROV_PARAM_SELF_TEST_TYPE);
1331 if (p == NULL || p->data_type != OSSL_PARAM_UTF8_STRING)
1332 goto err;
1333 type = (const char *)p->data;
1334
1335 BIO_printf(bio_out, "%s %s %s\n", phase, desc, type);
1336 ret = 1;
1337err:
1338 return ret;
1339}
4f2271d5 1340
254b5dca
P		 1341static int drbg_test(int id)
1342{
1343 OSSL_PARAM params[3];
1344 EVP_RAND *rand = NULL;
1345 EVP_RAND_CTX *ctx = NULL, *parent = NULL;
1346 unsigned char returned_bits[64];
1347 const size_t returned_bits_len = sizeof(returned_bits);
1348 unsigned int strength = 256;
1349 const struct drbg_st *tst = &drbg_data[id];
1350 int res = 0;
1351
1352 /* Create the seed source */
1353 if (!TEST_ptr(rand = EVP_RAND_fetch(libctx, "TEST-RAND", "-fips"))
1354 || !TEST_ptr(parent = EVP_RAND_CTX_new(rand, NULL)))
1355 goto err;
1356 EVP_RAND_free(rand);
1357 rand = NULL;
1358
1359 params[0] = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_STRENGTH, &strength);
1360 params[1] = OSSL_PARAM_construct_end();
1361 if (!TEST_true(EVP_RAND_set_ctx_params(parent, params)))
1362 goto err;
1363
1364 /* Get the DRBG */
1365 if (!TEST_ptr(rand = EVP_RAND_fetch(libctx, tst->drbg_name, ""))
1366 || !TEST_ptr(ctx = EVP_RAND_CTX_new(rand, parent)))
1367 goto err;
1368
1369 /* Set the DRBG up */
1370 params[0] = OSSL_PARAM_construct_int(OSSL_DRBG_PARAM_USE_DF,
1371 (int *)&tst->use_df);
1372 params[1] = OSSL_PARAM_construct_utf8_string(OSSL_DRBG_PARAM_CIPHER,
1373 (char *)tst->cipher, 0);
1374 params[2] = OSSL_PARAM_construct_end();
1375 if (!TEST_true(EVP_RAND_set_ctx_params(ctx, params)))
1376 goto err;
1377
1378 /* Feed in the entropy and nonce */
1379 params[0] = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY,
1380 (void *)tst->entropy_input,
1381 tst->entropy_input_len);
1382 params[1] = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_NONCE,
1383 (void *)tst->nonce,
1384 tst->nonce_len);
1385 params[2] = OSSL_PARAM_construct_end();
1386 if (!TEST_true(EVP_RAND_set_ctx_params(parent, params)))
1387 goto err;
1388
1389 /*
1390 * Run the test
1391 * A NULL personalisation string defaults to the built in so something
1392 * non-NULL is needed if there is no personalisation string
1393 */
1394 if (!TEST_true(EVP_RAND_instantiate(ctx, 0, 0, (void *)"", 0))
1395 || !TEST_true(EVP_RAND_generate(ctx, returned_bits, returned_bits_len,
1396 0, 0, NULL, 0))
1397 || !TEST_true(EVP_RAND_generate(ctx, returned_bits, returned_bits_len,
1398 0, 0, NULL, 0)))
1399 goto err;
1400
1401 test_output_memory("returned bits", returned_bits, returned_bits_len);
1402
1403 /* Clean up */
1404 if (!TEST_true(EVP_RAND_uninstantiate(ctx))
1405 || !TEST_true(EVP_RAND_uninstantiate(parent)))
1406 goto err;
1407
1408 /* Verify the output */
1409 if (!TEST_mem_eq(returned_bits, returned_bits_len,
1410 tst->returned_bits, tst->returned_bits_len))
1411 goto err;
1412 res = 1;
1413err:
1414 EVP_RAND_CTX_free(ctx);
1415 EVP_RAND_CTX_free(parent);
1416 EVP_RAND_free(rand);
1417 return res;
1418}
1419
4f2271d5
SL		 1420int setup_tests(void)
1421{
1422 char *config_file = NULL;
1423
1424 OPTION_CHOICE o;
1425
1426 while ((o = opt_next()) != OPT_EOF) {
1427 switch (o) {
1428 case OPT_CONFIG_FILE:
1429 config_file = opt_arg();
1430 break;
1431 case OPT_TEST_CASES:
1432 break;
1433 default:
1434 case OPT_ERR:
1435 return 0;
1436 }
1437 }
1438
1439 prov_null = OSSL_PROVIDER_load(NULL, "null");
1440 if (prov_null == NULL) {
1441 opt_printf_stderr("Failed to load null provider into default libctx\n");
1442 return 0;
1443 }
1444
1445 libctx = OPENSSL_CTX_new();
1446 if (libctx == NULL
1447 || !OPENSSL_CTX_load_config(libctx, config_file)) {
1448 opt_printf_stderr("Failed to load config\n");
1449 return 0;
1450 }
f8e74747 1451 OSSL_SELF_TEST_set_callback(libctx, self_test_events, &self_test_args);
4f2271d5
SL		 1452
1453 ADD_ALL_TESTS(cipher_enc_dec_test, OSSL_NELEM(cipher_enc_data));
1454 ADD_ALL_TESTS(aes_ccm_enc_dec_test, OSSL_NELEM(aes_ccm_enc_data));
1455 ADD_ALL_TESTS(aes_gcm_enc_dec_test, OSSL_NELEM(aes_gcm_enc_data));
1456
1457#ifndef OPENSSL_NO_RSA
1458 ADD_ALL_TESTS(rsa_keygen_test, OSSL_NELEM(rsa_keygen_data));
1459 ADD_ALL_TESTS(rsa_siggen_test, OSSL_NELEM(rsa_siggen_data));
1460 ADD_ALL_TESTS(rsa_sigver_test, OSSL_NELEM(rsa_sigver_data));
1461 ADD_ALL_TESTS(rsa_decryption_primitive_test,
1462 OSSL_NELEM(rsa_decrypt_prim_data));
1463#endif /* OPENSSL_NO_RSA */
1464
1465#ifndef OPENSSL_NO_DH
1466 ADD_ALL_TESTS(dh_safe_prime_keygen_test,
1467 OSSL_NELEM(dh_safe_prime_keygen_data));
1468 ADD_ALL_TESTS(dh_safe_prime_keyver_test,
1469 OSSL_NELEM(dh_safe_prime_keyver_data));
1470#endif /* OPENSSL_NO_DH */
1471
1472#ifndef OPENSSL_NO_DSA
1473 ADD_ALL_TESTS(dsa_keygen_test, OSSL_NELEM(dsa_keygen_data));
1474 ADD_ALL_TESTS(dsa_paramgen_test, OSSL_NELEM(dsa_paramgen_data));
1475 ADD_ALL_TESTS(dsa_pqver_test, OSSL_NELEM(dsa_pqver_data));
1476 ADD_ALL_TESTS(dsa_siggen_test, OSSL_NELEM(dsa_siggen_data));
1477 ADD_ALL_TESTS(dsa_sigver_test, OSSL_NELEM(dsa_sigver_data));
1478#endif /* OPENSSL_NO_DSA */
1479
1480#ifndef OPENSSL_NO_EC
1481 ADD_ALL_TESTS(ecdsa_keygen_test, OSSL_NELEM(ecdsa_keygen_data));
1482 ADD_ALL_TESTS(ecdsa_pub_verify_test, OSSL_NELEM(ecdsa_pv_data));
1483 ADD_ALL_TESTS(ecdsa_siggen_test, OSSL_NELEM(ecdsa_siggen_data));
1484 ADD_ALL_TESTS(ecdsa_sigver_test, OSSL_NELEM(ecdsa_sigver_data));
1485#endif /* OPENSSL_NO_EC */
254b5dca
P		 1486
1487 ADD_ALL_TESTS(drbg_test, OSSL_NELEM(drbg_data));
4f2271d5
SL		 1488 return 1;
1489}
1490
1491void cleanup_tests(void)
1492{
1493 OSSL_PROVIDER_unload(prov_null);
1494 OPENSSL_CTX_free(libctx);
1495}
A mirror of the official openssl repository