]> git.ipfire.org Git - thirdparty/openssl.git/blame - test/dhtest.c
projects / thirdparty / openssl.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Fix SSL_check_chain()
[thirdparty/openssl.git] / test / dhtest.c
CommitLineData
440e5d80 1/*
83cf7abf 2 * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
d02b48c6 3 *
909f1a2e 4 * Licensed under the Apache License 2.0 (the "License"). You may not use
440e5d80
RS		 5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
d02b48c6
RE		 8 */
9
10#include <stdio.h>
11#include <stdlib.h>
12#include <string.h>
55f78baf 13
176db6dc 14#include "internal/nelem.h"
ec577822
BM		 15#include <openssl/crypto.h>
16#include <openssl/bio.h>
17#include <openssl/bn.h>
b0bb2b91 18#include <openssl/rand.h>
cb78486d 19#include <openssl/err.h>
a38c878c 20#include <openssl/obj_mac.h>
93d02986 21#include "testutil.h"
f5d7a031 22
ad887416 23#ifndef OPENSSL_NO_DH
0f113f3e 24# include <openssl/dh.h>
d02b48c6 25
6d23cf97 26static int cb(int p, int n, BN_GENCB *arg);
d02b48c6 27
93d02986 28static int dh_test(void)
0f113f3e 29{
9ba9d81b
DMSP		 30 DH *dh = NULL;
31 BIGNUM *p = NULL, *q = NULL, *g = NULL;
8a59c085 32 const BIGNUM *p2, *q2, *g2;
9ba9d81b 33 BIGNUM *priv_key = NULL;
8a59c085 34 const BIGNUM *pub_key2, *priv_key2;
f562aeda 35 BN_GENCB *_cb = NULL;
0f113f3e
MC		 36 DH *a = NULL;
37 DH *b = NULL;
7966101e 38 DH *c = NULL;
93d02986 39 const BIGNUM *ap = NULL, *ag = NULL, *apub_key = NULL;
7966101e
DB		 40 const BIGNUM *bpub_key = NULL, *bpriv_key = NULL;
41 BIGNUM *bp = NULL, *bg = NULL, *cpriv_key = NULL;
f562aeda
HZ		 42 unsigned char *abuf = NULL;
43 unsigned char *bbuf = NULL;
7966101e
DB		 44 unsigned char *cbuf = NULL;
45 int i, alen, blen, clen, aout, bout, cout;
9d9d2879 46 int ret = 0;
0f113f3e 47
8a59c085
DMSP		 48 if (!TEST_ptr(dh = DH_new())
49 || !TEST_ptr(p = BN_new())
50 || !TEST_ptr(q = BN_new())
51 || !TEST_ptr(g = BN_new())
52 || !TEST_ptr(priv_key = BN_new()))
9ba9d81b 53 goto err1;
8a59c085
DMSP		 54
55 /*
56 * I) basic tests
57 */
58
59 /* using a small predefined Sophie Germain DH group with generator 3 */
60 if (!TEST_true(BN_set_word(p, 4079L))
61 || !TEST_true(BN_set_word(q, 2039L))
62 || !TEST_true(BN_set_word(g, 3L))
63 || !TEST_true(DH_set0_pqg(dh, p, q, g)))
9ba9d81b 64 goto err1;
8a59c085 65
a38c878c
BE		 66 if (!DH_check(dh, &i))
67 goto err2;
68 if (!TEST_false(i & DH_CHECK_P_NOT_PRIME)
69 || !TEST_false(i & DH_CHECK_P_NOT_SAFE_PRIME)
70 || !TEST_false(i & DH_CHECK_INVALID_Q_VALUE)
71 || !TEST_false(i & DH_CHECK_Q_NOT_PRIME)
72 || !TEST_false(i & DH_UNABLE_TO_CHECK_GENERATOR)
73 || !TEST_false(i & DH_NOT_SUITABLE_GENERATOR)
74 || !TEST_false(i))
75 goto err2;
76
8a59c085
DMSP		 77 /* test the combined getter for p, q, and g */
78 DH_get0_pqg(dh, &p2, &q2, &g2);
79 if (!TEST_ptr_eq(p2, p)
80 || !TEST_ptr_eq(q2, q)
81 || !TEST_ptr_eq(g2, g))
9ba9d81b 82 goto err2;
8a59c085
DMSP		 83
84 /* test the simple getters for p, q, and g */
85 if (!TEST_ptr_eq(DH_get0_p(dh), p2)
86 || !TEST_ptr_eq(DH_get0_q(dh), q2)
87 || !TEST_ptr_eq(DH_get0_g(dh), g2))
9ba9d81b 88 goto err2;
8a59c085
DMSP		 89
90 /* set the private key only*/
91 if (!TEST_true(BN_set_word(priv_key, 1234L))
92 || !TEST_true(DH_set0_key(dh, NULL, priv_key)))
9ba9d81b 93 goto err2;
8a59c085
DMSP		 94
95 /* test the combined getter for pub_key and priv_key */
96 DH_get0_key(dh, &pub_key2, &priv_key2);
97 if (!TEST_ptr_eq(pub_key2, NULL)
98 || !TEST_ptr_eq(priv_key2, priv_key))
9ba9d81b 99 goto err3;
8a59c085
DMSP		 100
101 /* test the simple getters for pub_key and priv_key */
102 if (!TEST_ptr_eq(DH_get0_pub_key(dh), pub_key2)
103 || !TEST_ptr_eq(DH_get0_priv_key(dh), priv_key2))
9ba9d81b 104 goto err3;
8a59c085 105
6de1fe90
BE		 106 /* now generate a key pair (expect failure since modulus is too small) */
107 if (!TEST_false(DH_generate_key(dh)))
9ba9d81b 108 goto err3;
8a59c085 109
6de1fe90
BE		 110 /* We'll have a stale error on the queue from the above test so clear it */
111 ERR_clear_error();
8a59c085
DMSP		 112
113 /*
114 * II) key generation
115 */
116
117 /* generate a DH group ... */
93d02986 118 if (!TEST_ptr(_cb = BN_GENCB_new()))
9ba9d81b 119 goto err3;
93d02986
RS		 120 BN_GENCB_set(_cb, &cb, NULL);
121 if (!TEST_ptr(a = DH_new())
6de1fe90 122 || !TEST_true(DH_generate_parameters_ex(a, 512,
93d02986 123 DH_GENERATOR_5, _cb)))
9ba9d81b 124 goto err3;
0f113f3e 125
8a59c085 126 /* ... and check whether it is valid */
0f113f3e 127 if (!DH_check(a, &i))
9ba9d81b 128 goto err3;
9d9d2879
RS		 129 if (!TEST_false(i & DH_CHECK_P_NOT_PRIME)
130 || !TEST_false(i & DH_CHECK_P_NOT_SAFE_PRIME)
131 || !TEST_false(i & DH_UNABLE_TO_CHECK_GENERATOR)
a38c878c
BE		 132 || !TEST_false(i & DH_NOT_SUITABLE_GENERATOR)
133 || !TEST_false(i))
9ba9d81b 134 goto err3;
0f113f3e 135
9d9d2879
RS		 136 DH_get0_pqg(a, &ap, NULL, &ag);
137
8a59c085 138 /* now create another copy of the DH group for the peer */
93d02986 139 if (!TEST_ptr(b = DH_new()))
9ba9d81b 140 goto err3;
93d02986
RS		 141
142 if (!TEST_ptr(bp = BN_dup(ap))
143 || !TEST_ptr(bg = BN_dup(ag))
144 || !TEST_true(DH_set0_pqg(b, bp, NULL, bg)))
9ba9d81b 145 goto err3;
0aeddcfa 146 bp = bg = NULL;
0f113f3e 147
8a59c085
DMSP		 148 /*
149 * III) simulate a key exchange
150 */
151
0f113f3e 152 if (!DH_generate_key(a))
9ba9d81b 153 goto err3;
9d9d2879 154 DH_get0_key(a, &apub_key, NULL);
0f113f3e
MC		 155
156 if (!DH_generate_key(b))
9ba9d81b 157 goto err3;
7966101e
DB		 158 DH_get0_key(b, &bpub_key, &bpriv_key);
159
160 /* Also test with a private-key-only copy of |b|. */
161 if (!TEST_ptr(c = DHparams_dup(b))
162 || !TEST_ptr(cpriv_key = BN_dup(bpriv_key))
163 || !TEST_true(DH_set0_key(c, NULL, cpriv_key)))
9ba9d81b 164 goto err3;
7966101e 165 cpriv_key = NULL;
0f113f3e
MC		 166
167 alen = DH_size(a);
93d02986 168 if (!TEST_ptr(abuf = OPENSSL_malloc(alen))
9d9d2879 169 || !TEST_true((aout = DH_compute_key(abuf, bpub_key, a)) != -1))
9ba9d81b 170 goto err3;
f562aeda 171
0f113f3e 172 blen = DH_size(b);
93d02986 173 if (!TEST_ptr(bbuf = OPENSSL_malloc(blen))
9d9d2879 174 || !TEST_true((bout = DH_compute_key(bbuf, apub_key, b)) != -1))
9ba9d81b 175 goto err3;
9d9d2879 176
7966101e
DB		 177 clen = DH_size(c);
178 if (!TEST_ptr(cbuf = OPENSSL_malloc(clen))
179 || !TEST_true((cout = DH_compute_key(cbuf, apub_key, c)) != -1))
9ba9d81b 180 goto err3;
7966101e 181
6de1fe90 182 if (!TEST_true(aout >= 20)
7966101e
DB		 183 || !TEST_mem_eq(abuf, aout, bbuf, bout)
184 || !TEST_mem_eq(abuf, aout, cbuf, cout))
9ba9d81b 185 goto err3;
9d9d2879 186
93d02986 187 ret = 1;
9ba9d81b
DMSP		 188 goto success;
189
190 err1:
191 /* an error occurred before p,q,g were assigned to dh */
192 BN_free(p);
193 BN_free(q);
194 BN_free(g);
195 err2:
68756b12 196 /* an error occurred before priv_key was assigned to dh */
9ba9d81b
DMSP		 197 BN_free(priv_key);
198 err3:
199 success:
b548a1f1
RS		 200 OPENSSL_free(abuf);
201 OPENSSL_free(bbuf);
7966101e 202 OPENSSL_free(cbuf);
d6407083
RS		 203 DH_free(b);
204 DH_free(a);
7966101e 205 DH_free(c);
0aeddcfa
MC		 206 BN_free(bp);
207 BN_free(bg);
7966101e 208 BN_free(cpriv_key);
23a1d5e9 209 BN_GENCB_free(_cb);
8a59c085
DMSP		 210 DH_free(dh);
211
93d02986 212 return ret;
0f113f3e 213}
d02b48c6 214
6d23cf97 215static int cb(int p, int n, BN_GENCB *arg)
0f113f3e 216{
0f113f3e
MC		 217 return 1;
218}
20bee968
DSH		 219
220/* Test data from RFC 5114 */
221
222static const unsigned char dhtest_1024_160_xA[] = {
0f113f3e
MC		 223 0xB9, 0xA3, 0xB3, 0xAE, 0x8F, 0xEF, 0xC1, 0xA2, 0x93, 0x04, 0x96, 0x50,
224 0x70, 0x86, 0xF8, 0x45, 0x5D, 0x48, 0x94, 0x3E
20bee968 225};
0f113f3e 226
20bee968 227static const unsigned char dhtest_1024_160_yA[] = {
0f113f3e
MC		 228 0x2A, 0x85, 0x3B, 0x3D, 0x92, 0x19, 0x75, 0x01, 0xB9, 0x01, 0x5B, 0x2D,
229 0xEB, 0x3E, 0xD8, 0x4F, 0x5E, 0x02, 0x1D, 0xCC, 0x3E, 0x52, 0xF1, 0x09,
230 0xD3, 0x27, 0x3D, 0x2B, 0x75, 0x21, 0x28, 0x1C, 0xBA, 0xBE, 0x0E, 0x76,
231 0xFF, 0x57, 0x27, 0xFA, 0x8A, 0xCC, 0xE2, 0x69, 0x56, 0xBA, 0x9A, 0x1F,
232 0xCA, 0x26, 0xF2, 0x02, 0x28, 0xD8, 0x69, 0x3F, 0xEB, 0x10, 0x84, 0x1D,
233 0x84, 0xA7, 0x36, 0x00, 0x54, 0xEC, 0xE5, 0xA7, 0xF5, 0xB7, 0xA6, 0x1A,
234 0xD3, 0xDF, 0xB3, 0xC6, 0x0D, 0x2E, 0x43, 0x10, 0x6D, 0x87, 0x27, 0xDA,
235 0x37, 0xDF, 0x9C, 0xCE, 0x95, 0xB4, 0x78, 0x75, 0x5D, 0x06, 0xBC, 0xEA,
236 0x8F, 0x9D, 0x45, 0x96, 0x5F, 0x75, 0xA5, 0xF3, 0xD1, 0xDF, 0x37, 0x01,
237 0x16, 0x5F, 0xC9, 0xE5, 0x0C, 0x42, 0x79, 0xCE, 0xB0, 0x7F, 0x98, 0x95,
238 0x40, 0xAE, 0x96, 0xD5, 0xD8, 0x8E, 0xD7, 0x76
20bee968 239};
0f113f3e 240
20bee968 241static const unsigned char dhtest_1024_160_xB[] = {
0f113f3e
MC		 242 0x93, 0x92, 0xC9, 0xF9, 0xEB, 0x6A, 0x7A, 0x6A, 0x90, 0x22, 0xF7, 0xD8,
243 0x3E, 0x72, 0x23, 0xC6, 0x83, 0x5B, 0xBD, 0xDA
20bee968 244};
0f113f3e 245
20bee968 246static const unsigned char dhtest_1024_160_yB[] = {
0f113f3e
MC		 247 0x71, 0x7A, 0x6C, 0xB0, 0x53, 0x37, 0x1F, 0xF4, 0xA3, 0xB9, 0x32, 0x94,
248 0x1C, 0x1E, 0x56, 0x63, 0xF8, 0x61, 0xA1, 0xD6, 0xAD, 0x34, 0xAE, 0x66,
249 0x57, 0x6D, 0xFB, 0x98, 0xF6, 0xC6, 0xCB, 0xF9, 0xDD, 0xD5, 0xA5, 0x6C,
250 0x78, 0x33, 0xF6, 0xBC, 0xFD, 0xFF, 0x09, 0x55, 0x82, 0xAD, 0x86, 0x8E,
251 0x44, 0x0E, 0x8D, 0x09, 0xFD, 0x76, 0x9E, 0x3C, 0xEC, 0xCD, 0xC3, 0xD3,
252 0xB1, 0xE4, 0xCF, 0xA0, 0x57, 0x77, 0x6C, 0xAA, 0xF9, 0x73, 0x9B, 0x6A,
253 0x9F, 0xEE, 0x8E, 0x74, 0x11, 0xF8, 0xD6, 0xDA, 0xC0, 0x9D, 0x6A, 0x4E,
254 0xDB, 0x46, 0xCC, 0x2B, 0x5D, 0x52, 0x03, 0x09, 0x0E, 0xAE, 0x61, 0x26,
255 0x31, 0x1E, 0x53, 0xFD, 0x2C, 0x14, 0xB5, 0x74, 0xE6, 0xA3, 0x10, 0x9A,
256 0x3D, 0xA1, 0xBE, 0x41, 0xBD, 0xCE, 0xAA, 0x18, 0x6F, 0x5C, 0xE0, 0x67,
257 0x16, 0xA2, 0xB6, 0xA0, 0x7B, 0x3C, 0x33, 0xFE
20bee968 258};
0f113f3e 259
20bee968 260static const unsigned char dhtest_1024_160_Z[] = {
0f113f3e
MC		 261 0x5C, 0x80, 0x4F, 0x45, 0x4D, 0x30, 0xD9, 0xC4, 0xDF, 0x85, 0x27, 0x1F,
262 0x93, 0x52, 0x8C, 0x91, 0xDF, 0x6B, 0x48, 0xAB, 0x5F, 0x80, 0xB3, 0xB5,
263 0x9C, 0xAA, 0xC1, 0xB2, 0x8F, 0x8A, 0xCB, 0xA9, 0xCD, 0x3E, 0x39, 0xF3,
264 0xCB, 0x61, 0x45, 0x25, 0xD9, 0x52, 0x1D, 0x2E, 0x64, 0x4C, 0x53, 0xB8,
265 0x07, 0xB8, 0x10, 0xF3, 0x40, 0x06, 0x2F, 0x25, 0x7D, 0x7D, 0x6F, 0xBF,
266 0xE8, 0xD5, 0xE8, 0xF0, 0x72, 0xE9, 0xB6, 0xE9, 0xAF, 0xDA, 0x94, 0x13,
267 0xEA, 0xFB, 0x2E, 0x8B, 0x06, 0x99, 0xB1, 0xFB, 0x5A, 0x0C, 0xAC, 0xED,
268 0xDE, 0xAE, 0xAD, 0x7E, 0x9C, 0xFB, 0xB3, 0x6A, 0xE2, 0xB4, 0x20, 0x83,
269 0x5B, 0xD8, 0x3A, 0x19, 0xFB, 0x0B, 0x5E, 0x96, 0xBF, 0x8F, 0xA4, 0xD0,
270 0x9E, 0x34, 0x55, 0x25, 0x16, 0x7E, 0xCD, 0x91, 0x55, 0x41, 0x6F, 0x46,
271 0xF4, 0x08, 0xED, 0x31, 0xB6, 0x3C, 0x6E, 0x6D
20bee968 272};
0f113f3e 273
20bee968 274static const unsigned char dhtest_2048_224_xA[] = {
0f113f3e
MC		 275 0x22, 0xE6, 0x26, 0x01, 0xDB, 0xFF, 0xD0, 0x67, 0x08, 0xA6, 0x80, 0xF7,
276 0x47, 0xF3, 0x61, 0xF7, 0x6D, 0x8F, 0x4F, 0x72, 0x1A, 0x05, 0x48, 0xE4,
277 0x83, 0x29, 0x4B, 0x0C
20bee968 278};
0f113f3e 279
20bee968 280static const unsigned char dhtest_2048_224_yA[] = {
0f113f3e
MC		 281 0x1B, 0x3A, 0x63, 0x45, 0x1B, 0xD8, 0x86, 0xE6, 0x99, 0xE6, 0x7B, 0x49,
282 0x4E, 0x28, 0x8B, 0xD7, 0xF8, 0xE0, 0xD3, 0x70, 0xBA, 0xDD, 0xA7, 0xA0,
283 0xEF, 0xD2, 0xFD, 0xE7, 0xD8, 0xF6, 0x61, 0x45, 0xCC, 0x9F, 0x28, 0x04,
284 0x19, 0x97, 0x5E, 0xB8, 0x08, 0x87, 0x7C, 0x8A, 0x4C, 0x0C, 0x8E, 0x0B,
285 0xD4, 0x8D, 0x4A, 0x54, 0x01, 0xEB, 0x1E, 0x87, 0x76, 0xBF, 0xEE, 0xE1,
286 0x34, 0xC0, 0x38, 0x31, 0xAC, 0x27, 0x3C, 0xD9, 0xD6, 0x35, 0xAB, 0x0C,
287 0xE0, 0x06, 0xA4, 0x2A, 0x88, 0x7E, 0x3F, 0x52, 0xFB, 0x87, 0x66, 0xB6,
288 0x50, 0xF3, 0x80, 0x78, 0xBC, 0x8E, 0xE8, 0x58, 0x0C, 0xEF, 0xE2, 0x43,
289 0x96, 0x8C, 0xFC, 0x4F, 0x8D, 0xC3, 0xDB, 0x08, 0x45, 0x54, 0x17, 0x1D,
290 0x41, 0xBF, 0x2E, 0x86, 0x1B, 0x7B, 0xB4, 0xD6, 0x9D, 0xD0, 0xE0, 0x1E,
291 0xA3, 0x87, 0xCB, 0xAA, 0x5C, 0xA6, 0x72, 0xAF, 0xCB, 0xE8, 0xBD, 0xB9,
292 0xD6, 0x2D, 0x4C, 0xE1, 0x5F, 0x17, 0xDD, 0x36, 0xF9, 0x1E, 0xD1, 0xEE,
293 0xDD, 0x65, 0xCA, 0x4A, 0x06, 0x45, 0x5C, 0xB9, 0x4C, 0xD4, 0x0A, 0x52,
294 0xEC, 0x36, 0x0E, 0x84, 0xB3, 0xC9, 0x26, 0xE2, 0x2C, 0x43, 0x80, 0xA3,
295 0xBF, 0x30, 0x9D, 0x56, 0x84, 0x97, 0x68, 0xB7, 0xF5, 0x2C, 0xFD, 0xF6,
296 0x55, 0xFD, 0x05, 0x3A, 0x7E, 0xF7, 0x06, 0x97, 0x9E, 0x7E, 0x58, 0x06,
297 0xB1, 0x7D, 0xFA, 0xE5, 0x3A, 0xD2, 0xA5, 0xBC, 0x56, 0x8E, 0xBB, 0x52,
298 0x9A, 0x7A, 0x61, 0xD6, 0x8D, 0x25, 0x6F, 0x8F, 0xC9, 0x7C, 0x07, 0x4A,
299 0x86, 0x1D, 0x82, 0x7E, 0x2E, 0xBC, 0x8C, 0x61, 0x34, 0x55, 0x31, 0x15,
300 0xB7, 0x0E, 0x71, 0x03, 0x92, 0x0A, 0xA1, 0x6D, 0x85, 0xE5, 0x2B, 0xCB,
301 0xAB, 0x8D, 0x78, 0x6A, 0x68, 0x17, 0x8F, 0xA8, 0xFF, 0x7C, 0x2F, 0x5C,
302 0x71, 0x64, 0x8D, 0x6F
20bee968 303};
0f113f3e 304
20bee968 305static const unsigned char dhtest_2048_224_xB[] = {
0f113f3e
MC		 306 0x4F, 0xF3, 0xBC, 0x96, 0xC7, 0xFC, 0x6A, 0x6D, 0x71, 0xD3, 0xB3, 0x63,
307 0x80, 0x0A, 0x7C, 0xDF, 0xEF, 0x6F, 0xC4, 0x1B, 0x44, 0x17, 0xEA, 0x15,
308 0x35, 0x3B, 0x75, 0x90
20bee968 309};
0f113f3e 310
20bee968 311static const unsigned char dhtest_2048_224_yB[] = {
0f113f3e
MC		 312 0x4D, 0xCE, 0xE9, 0x92, 0xA9, 0x76, 0x2A, 0x13, 0xF2, 0xF8, 0x38, 0x44,
313 0xAD, 0x3D, 0x77, 0xEE, 0x0E, 0x31, 0xC9, 0x71, 0x8B, 0x3D, 0xB6, 0xC2,
314 0x03, 0x5D, 0x39, 0x61, 0x18, 0x2C, 0x3E, 0x0B, 0xA2, 0x47, 0xEC, 0x41,
315 0x82, 0xD7, 0x60, 0xCD, 0x48, 0xD9, 0x95, 0x99, 0x97, 0x06, 0x22, 0xA1,
316 0x88, 0x1B, 0xBA, 0x2D, 0xC8, 0x22, 0x93, 0x9C, 0x78, 0xC3, 0x91, 0x2C,
317 0x66, 0x61, 0xFA, 0x54, 0x38, 0xB2, 0x07, 0x66, 0x22, 0x2B, 0x75, 0xE2,
318 0x4C, 0x2E, 0x3A, 0xD0, 0xC7, 0x28, 0x72, 0x36, 0x12, 0x95, 0x25, 0xEE,
319 0x15, 0xB5, 0xDD, 0x79, 0x98, 0xAA, 0x04, 0xC4, 0xA9, 0x69, 0x6C, 0xAC,
320 0xD7, 0x17, 0x20, 0x83, 0xA9, 0x7A, 0x81, 0x66, 0x4E, 0xAD, 0x2C, 0x47,
321 0x9E, 0x44, 0x4E, 0x4C, 0x06, 0x54, 0xCC, 0x19, 0xE2, 0x8D, 0x77, 0x03,
322 0xCE, 0xE8, 0xDA, 0xCD, 0x61, 0x26, 0xF5, 0xD6, 0x65, 0xEC, 0x52, 0xC6,
323 0x72, 0x55, 0xDB, 0x92, 0x01, 0x4B, 0x03, 0x7E, 0xB6, 0x21, 0xA2, 0xAC,
324 0x8E, 0x36, 0x5D, 0xE0, 0x71, 0xFF, 0xC1, 0x40, 0x0A, 0xCF, 0x07, 0x7A,
325 0x12, 0x91, 0x3D, 0xD8, 0xDE, 0x89, 0x47, 0x34, 0x37, 0xAB, 0x7B, 0xA3,
326 0x46, 0x74, 0x3C, 0x1B, 0x21, 0x5D, 0xD9, 0xC1, 0x21, 0x64, 0xA7, 0xE4,
327 0x05, 0x31, 0x18, 0xD1, 0x99, 0xBE, 0xC8, 0xEF, 0x6F, 0xC5, 0x61, 0x17,
328 0x0C, 0x84, 0xC8, 0x7D, 0x10, 0xEE, 0x9A, 0x67, 0x4A, 0x1F, 0xA8, 0xFF,
329 0xE1, 0x3B, 0xDF, 0xBA, 0x1D, 0x44, 0xDE, 0x48, 0x94, 0x6D, 0x68, 0xDC,
330 0x0C, 0xDD, 0x77, 0x76, 0x35, 0xA7, 0xAB, 0x5B, 0xFB, 0x1E, 0x4B, 0xB7,
331 0xB8, 0x56, 0xF9, 0x68, 0x27, 0x73, 0x4C, 0x18, 0x41, 0x38, 0xE9, 0x15,
332 0xD9, 0xC3, 0x00, 0x2E, 0xBC, 0xE5, 0x31, 0x20, 0x54, 0x6A, 0x7E, 0x20,
333 0x02, 0x14, 0x2B, 0x6C
20bee968 334};
0f113f3e 335
20bee968 336static const unsigned char dhtest_2048_224_Z[] = {
0f113f3e
MC		 337 0x34, 0xD9, 0xBD, 0xDC, 0x1B, 0x42, 0x17, 0x6C, 0x31, 0x3F, 0xEA, 0x03,
338 0x4C, 0x21, 0x03, 0x4D, 0x07, 0x4A, 0x63, 0x13, 0xBB, 0x4E, 0xCD, 0xB3,
339 0x70, 0x3F, 0xFF, 0x42, 0x45, 0x67, 0xA4, 0x6B, 0xDF, 0x75, 0x53, 0x0E,
340 0xDE, 0x0A, 0x9D, 0xA5, 0x22, 0x9D, 0xE7, 0xD7, 0x67, 0x32, 0x28, 0x6C,
341 0xBC, 0x0F, 0x91, 0xDA, 0x4C, 0x3C, 0x85, 0x2F, 0xC0, 0x99, 0xC6, 0x79,
342 0x53, 0x1D, 0x94, 0xC7, 0x8A, 0xB0, 0x3D, 0x9D, 0xEC, 0xB0, 0xA4, 0xE4,
343 0xCA, 0x8B, 0x2B, 0xB4, 0x59, 0x1C, 0x40, 0x21, 0xCF, 0x8C, 0xE3, 0xA2,
344 0x0A, 0x54, 0x1D, 0x33, 0x99, 0x40, 0x17, 0xD0, 0x20, 0x0A, 0xE2, 0xC9,
345 0x51, 0x6E, 0x2F, 0xF5, 0x14, 0x57, 0x79, 0x26, 0x9E, 0x86, 0x2B, 0x0F,
346 0xB4, 0x74, 0xA2, 0xD5, 0x6D, 0xC3, 0x1E, 0xD5, 0x69, 0xA7, 0x70, 0x0B,
347 0x4C, 0x4A, 0xB1, 0x6B, 0x22, 0xA4, 0x55, 0x13, 0x53, 0x1E, 0xF5, 0x23,
348 0xD7, 0x12, 0x12, 0x07, 0x7B, 0x5A, 0x16, 0x9B, 0xDE, 0xFF, 0xAD, 0x7A,
349 0xD9, 0x60, 0x82, 0x84, 0xC7, 0x79, 0x5B, 0x6D, 0x5A, 0x51, 0x83, 0xB8,
350 0x70, 0x66, 0xDE, 0x17, 0xD8, 0xD6, 0x71, 0xC9, 0xEB, 0xD8, 0xEC, 0x89,
351 0x54, 0x4D, 0x45, 0xEC, 0x06, 0x15, 0x93, 0xD4, 0x42, 0xC6, 0x2A, 0xB9,
352 0xCE, 0x3B, 0x1C, 0xB9, 0x94, 0x3A, 0x1D, 0x23, 0xA5, 0xEA, 0x3B, 0xCF,
353 0x21, 0xA0, 0x14, 0x71, 0xE6, 0x7E, 0x00, 0x3E, 0x7F, 0x8A, 0x69, 0xC7,
354 0x28, 0xBE, 0x49, 0x0B, 0x2F, 0xC8, 0x8C, 0xFE, 0xB9, 0x2D, 0xB6, 0xA2,
355 0x15, 0xE5, 0xD0, 0x3C, 0x17, 0xC4, 0x64, 0xC9, 0xAC, 0x1A, 0x46, 0xE2,
356 0x03, 0xE1, 0x3F, 0x95, 0x29, 0x95, 0xFB, 0x03, 0xC6, 0x9D, 0x3C, 0xC4,
357 0x7F, 0xCB, 0x51, 0x0B, 0x69, 0x98, 0xFF, 0xD3, 0xAA, 0x6D, 0xE7, 0x3C,
358 0xF9, 0xF6, 0x38, 0x69
20bee968 359};
0f113f3e 360
20bee968 361static const unsigned char dhtest_2048_256_xA[] = {
0f113f3e
MC		 362 0x08, 0x81, 0x38, 0x2C, 0xDB, 0x87, 0x66, 0x0C, 0x6D, 0xC1, 0x3E, 0x61,
363 0x49, 0x38, 0xD5, 0xB9, 0xC8, 0xB2, 0xF2, 0x48, 0x58, 0x1C, 0xC5, 0xE3,
364 0x1B, 0x35, 0x45, 0x43, 0x97, 0xFC, 0xE5, 0x0E
20bee968 365};
0f113f3e 366
20bee968 367static const unsigned char dhtest_2048_256_yA[] = {
0f113f3e
MC		 368 0x2E, 0x93, 0x80, 0xC8, 0x32, 0x3A, 0xF9, 0x75, 0x45, 0xBC, 0x49, 0x41,
369 0xDE, 0xB0, 0xEC, 0x37, 0x42, 0xC6, 0x2F, 0xE0, 0xEC, 0xE8, 0x24, 0xA6,
370 0xAB, 0xDB, 0xE6, 0x6C, 0x59, 0xBE, 0xE0, 0x24, 0x29, 0x11, 0xBF, 0xB9,
371 0x67, 0x23, 0x5C, 0xEB, 0xA3, 0x5A, 0xE1, 0x3E, 0x4E, 0xC7, 0x52, 0xBE,
372 0x63, 0x0B, 0x92, 0xDC, 0x4B, 0xDE, 0x28, 0x47, 0xA9, 0xC6, 0x2C, 0xB8,
373 0x15, 0x27, 0x45, 0x42, 0x1F, 0xB7, 0xEB, 0x60, 0xA6, 0x3C, 0x0F, 0xE9,
374 0x15, 0x9F, 0xCC, 0xE7, 0x26, 0xCE, 0x7C, 0xD8, 0x52, 0x3D, 0x74, 0x50,
375 0x66, 0x7E, 0xF8, 0x40, 0xE4, 0x91, 0x91, 0x21, 0xEB, 0x5F, 0x01, 0xC8,
376 0xC9, 0xB0, 0xD3, 0xD6, 0x48, 0xA9, 0x3B, 0xFB, 0x75, 0x68, 0x9E, 0x82,
377 0x44, 0xAC, 0x13, 0x4A, 0xF5, 0x44, 0x71, 0x1C, 0xE7, 0x9A, 0x02, 0xDC,
378 0xC3, 0x42, 0x26, 0x68, 0x47, 0x80, 0xDD, 0xDC, 0xB4, 0x98, 0x59, 0x41,
379 0x06, 0xC3, 0x7F, 0x5B, 0xC7, 0x98, 0x56, 0x48, 0x7A, 0xF5, 0xAB, 0x02,
380 0x2A, 0x2E, 0x5E, 0x42, 0xF0, 0x98, 0x97, 0xC1, 0xA8, 0x5A, 0x11, 0xEA,
381 0x02, 0x12, 0xAF, 0x04, 0xD9, 0xB4, 0xCE, 0xBC, 0x93, 0x7C, 0x3C, 0x1A,
382 0x3E, 0x15, 0xA8, 0xA0, 0x34, 0x2E, 0x33, 0x76, 0x15, 0xC8, 0x4E, 0x7F,
383 0xE3, 0xB8, 0xB9, 0xB8, 0x7F, 0xB1, 0xE7, 0x3A, 0x15, 0xAF, 0x12, 0xA3,
384 0x0D, 0x74, 0x6E, 0x06, 0xDF, 0xC3, 0x4F, 0x29, 0x0D, 0x79, 0x7C, 0xE5,
385 0x1A, 0xA1, 0x3A, 0xA7, 0x85, 0xBF, 0x66, 0x58, 0xAF, 0xF5, 0xE4, 0xB0,
386 0x93, 0x00, 0x3C, 0xBE, 0xAF, 0x66, 0x5B, 0x3C, 0x2E, 0x11, 0x3A, 0x3A,
387 0x4E, 0x90, 0x52, 0x69, 0x34, 0x1D, 0xC0, 0x71, 0x14, 0x26, 0x68, 0x5F,
388 0x4E, 0xF3, 0x7E, 0x86, 0x8A, 0x81, 0x26, 0xFF, 0x3F, 0x22, 0x79, 0xB5,
389 0x7C, 0xA6, 0x7E, 0x29
20bee968 390};
0f113f3e 391
20bee968 392static const unsigned char dhtest_2048_256_xB[] = {
0f113f3e
MC		 393 0x7D, 0x62, 0xA7, 0xE3, 0xEF, 0x36, 0xDE, 0x61, 0x7B, 0x13, 0xD1, 0xAF,
394 0xB8, 0x2C, 0x78, 0x0D, 0x83, 0xA2, 0x3B, 0xD4, 0xEE, 0x67, 0x05, 0x64,
395 0x51, 0x21, 0xF3, 0x71, 0xF5, 0x46, 0xA5, 0x3D
20bee968 396};
0f113f3e 397
20bee968 398static const unsigned char dhtest_2048_256_yB[] = {
0f113f3e
MC		 399 0x57, 0x5F, 0x03, 0x51, 0xBD, 0x2B, 0x1B, 0x81, 0x74, 0x48, 0xBD, 0xF8,
400 0x7A, 0x6C, 0x36, 0x2C, 0x1E, 0x28, 0x9D, 0x39, 0x03, 0xA3, 0x0B, 0x98,
401 0x32, 0xC5, 0x74, 0x1F, 0xA2, 0x50, 0x36, 0x3E, 0x7A, 0xCB, 0xC7, 0xF7,
402 0x7F, 0x3D, 0xAC, 0xBC, 0x1F, 0x13, 0x1A, 0xDD, 0x8E, 0x03, 0x36, 0x7E,
403 0xFF, 0x8F, 0xBB, 0xB3, 0xE1, 0xC5, 0x78, 0x44, 0x24, 0x80, 0x9B, 0x25,
404 0xAF, 0xE4, 0xD2, 0x26, 0x2A, 0x1A, 0x6F, 0xD2, 0xFA, 0xB6, 0x41, 0x05,
405 0xCA, 0x30, 0xA6, 0x74, 0xE0, 0x7F, 0x78, 0x09, 0x85, 0x20, 0x88, 0x63,
406 0x2F, 0xC0, 0x49, 0x23, 0x37, 0x91, 0xAD, 0x4E, 0xDD, 0x08, 0x3A, 0x97,
407 0x8B, 0x88, 0x3E, 0xE6, 0x18, 0xBC, 0x5E, 0x0D, 0xD0, 0x47, 0x41, 0x5F,
408 0x2D, 0x95, 0xE6, 0x83, 0xCF, 0x14, 0x82, 0x6B, 0x5F, 0xBE, 0x10, 0xD3,
409 0xCE, 0x41, 0xC6, 0xC1, 0x20, 0xC7, 0x8A, 0xB2, 0x00, 0x08, 0xC6, 0x98,
410 0xBF, 0x7F, 0x0B, 0xCA, 0xB9, 0xD7, 0xF4, 0x07, 0xBE, 0xD0, 0xF4, 0x3A,
411 0xFB, 0x29, 0x70, 0xF5, 0x7F, 0x8D, 0x12, 0x04, 0x39, 0x63, 0xE6, 0x6D,
412 0xDD, 0x32, 0x0D, 0x59, 0x9A, 0xD9, 0x93, 0x6C, 0x8F, 0x44, 0x13, 0x7C,
413 0x08, 0xB1, 0x80, 0xEC, 0x5E, 0x98, 0x5C, 0xEB, 0xE1, 0x86, 0xF3, 0xD5,
414 0x49, 0x67, 0x7E, 0x80, 0x60, 0x73, 0x31, 0xEE, 0x17, 0xAF, 0x33, 0x80,
415 0xA7, 0x25, 0xB0, 0x78, 0x23, 0x17, 0xD7, 0xDD, 0x43, 0xF5, 0x9D, 0x7A,
416 0xF9, 0x56, 0x8A, 0x9B, 0xB6, 0x3A, 0x84, 0xD3, 0x65, 0xF9, 0x22, 0x44,
417 0xED, 0x12, 0x09, 0x88, 0x21, 0x93, 0x02, 0xF4, 0x29, 0x24, 0xC7, 0xCA,
418 0x90, 0xB8, 0x9D, 0x24, 0xF7, 0x1B, 0x0A, 0xB6, 0x97, 0x82, 0x3D, 0x7D,
419 0xEB, 0x1A, 0xFF, 0x5B, 0x0E, 0x8E, 0x4A, 0x45, 0xD4, 0x9F, 0x7F, 0x53,
420 0x75, 0x7E, 0x19, 0x13
20bee968 421};
0f113f3e 422
20bee968 423static const unsigned char dhtest_2048_256_Z[] = {
0f113f3e
MC		 424 0x86, 0xC7, 0x0B, 0xF8, 0xD0, 0xBB, 0x81, 0xBB, 0x01, 0x07, 0x8A, 0x17,
425 0x21, 0x9C, 0xB7, 0xD2, 0x72, 0x03, 0xDB, 0x2A, 0x19, 0xC8, 0x77, 0xF1,
426 0xD1, 0xF1, 0x9F, 0xD7, 0xD7, 0x7E, 0xF2, 0x25, 0x46, 0xA6, 0x8F, 0x00,
427 0x5A, 0xD5, 0x2D, 0xC8, 0x45, 0x53, 0xB7, 0x8F, 0xC6, 0x03, 0x30, 0xBE,
428 0x51, 0xEA, 0x7C, 0x06, 0x72, 0xCA, 0xC1, 0x51, 0x5E, 0x4B, 0x35, 0xC0,
429 0x47, 0xB9, 0xA5, 0x51, 0xB8, 0x8F, 0x39, 0xDC, 0x26, 0xDA, 0x14, 0xA0,
430 0x9E, 0xF7, 0x47, 0x74, 0xD4, 0x7C, 0x76, 0x2D, 0xD1, 0x77, 0xF9, 0xED,
431 0x5B, 0xC2, 0xF1, 0x1E, 0x52, 0xC8, 0x79, 0xBD, 0x95, 0x09, 0x85, 0x04,
432 0xCD, 0x9E, 0xEC, 0xD8, 0xA8, 0xF9, 0xB3, 0xEF, 0xBD, 0x1F, 0x00, 0x8A,
433 0xC5, 0x85, 0x30, 0x97, 0xD9, 0xD1, 0x83, 0x7F, 0x2B, 0x18, 0xF7, 0x7C,
434 0xD7, 0xBE, 0x01, 0xAF, 0x80, 0xA7, 0xC7, 0xB5, 0xEA, 0x3C, 0xA5, 0x4C,
435 0xC0, 0x2D, 0x0C, 0x11, 0x6F, 0xEE, 0x3F, 0x95, 0xBB, 0x87, 0x39, 0x93,
436 0x85, 0x87, 0x5D, 0x7E, 0x86, 0x74, 0x7E, 0x67, 0x6E, 0x72, 0x89, 0x38,
437 0xAC, 0xBF, 0xF7, 0x09, 0x8E, 0x05, 0xBE, 0x4D, 0xCF, 0xB2, 0x40, 0x52,
438 0xB8, 0x3A, 0xEF, 0xFB, 0x14, 0x78, 0x3F, 0x02, 0x9A, 0xDB, 0xDE, 0x7F,
439 0x53, 0xFA, 0xE9, 0x20, 0x84, 0x22, 0x40, 0x90, 0xE0, 0x07, 0xCE, 0xE9,
440 0x4D, 0x4B, 0xF2, 0xBA, 0xCE, 0x9F, 0xFD, 0x4B, 0x57, 0xD2, 0xAF, 0x7C,
441 0x72, 0x4D, 0x0C, 0xAA, 0x19, 0xBF, 0x05, 0x01, 0xF6, 0xF1, 0x7B, 0x4A,
442 0xA1, 0x0F, 0x42, 0x5E, 0x3E, 0xA7, 0x60, 0x80, 0xB4, 0xB9, 0xD6, 0xB3,
443 0xCE, 0xFE, 0xA1, 0x15, 0xB2, 0xCE, 0xB8, 0x78, 0x9B, 0xB8, 0xA3, 0xB0,
444 0xEA, 0x87, 0xFE, 0xBE, 0x63, 0xB6, 0xC8, 0xF8, 0x46, 0xEC, 0x6D, 0xB0,
445 0xC2, 0x6C, 0x5D, 0x7C
20bee968
DSH		 446};
447
e729aac1
MC		 448static const unsigned char dhtest_rfc5114_2048_224_bad_y[] = {
449 0x45, 0x32, 0x5F, 0x51, 0x07, 0xE5, 0xDF, 0x1C, 0xD6, 0x02, 0x82, 0xB3,
450 0x32, 0x8F, 0xA4, 0x0F, 0x87, 0xB8, 0x41, 0xFE, 0xB9, 0x35, 0xDE, 0xAD,
451 0xC6, 0x26, 0x85, 0xB4, 0xFF, 0x94, 0x8C, 0x12, 0x4C, 0xBF, 0x5B, 0x20,
452 0xC4, 0x46, 0xA3, 0x26, 0xEB, 0xA4, 0x25, 0xB7, 0x68, 0x8E, 0xCC, 0x67,
453 0xBA, 0xEA, 0x58, 0xD0, 0xF2, 0xE9, 0xD2, 0x24, 0x72, 0x60, 0xDA, 0x88,
454 0x18, 0x9C, 0xE0, 0x31, 0x6A, 0xAD, 0x50, 0x6D, 0x94, 0x35, 0x8B, 0x83,
455 0x4A, 0x6E, 0xFA, 0x48, 0x73, 0x0F, 0x83, 0x87, 0xFF, 0x6B, 0x66, 0x1F,
456 0xA8, 0x82, 0xC6, 0x01, 0xE5, 0x80, 0xB5, 0xB0, 0x52, 0xD0, 0xE9, 0xD8,
457 0x72, 0xF9, 0x7D, 0x5B, 0x8B, 0xA5, 0x4C, 0xA5, 0x25, 0x95, 0x74, 0xE2,
458 0x7A, 0x61, 0x4E, 0xA7, 0x8F, 0x12, 0xE2, 0xD2, 0x9D, 0x8C, 0x02, 0x70,
459 0x34, 0x44, 0x32, 0xC7, 0xB2, 0xF3, 0xB9, 0xFE, 0x17, 0x2B, 0xD6, 0x1F,
460 0x8B, 0x7E, 0x4A, 0xFA, 0xA3, 0xB5, 0x3E, 0x7A, 0x81, 0x9A, 0x33, 0x66,
461 0x62, 0xA4, 0x50, 0x18, 0x3E, 0xA2, 0x5F, 0x00, 0x07, 0xD8, 0x9B, 0x22,
462 0xE4, 0xEC, 0x84, 0xD5, 0xEB, 0x5A, 0xF3, 0x2A, 0x31, 0x23, 0xD8, 0x44,
463 0x22, 0x2A, 0x8B, 0x37, 0x44, 0xCC, 0xC6, 0x87, 0x4B, 0xBE, 0x50, 0x9D,
464 0x4A, 0xC4, 0x8E, 0x45, 0xCF, 0x72, 0x4D, 0xC0, 0x89, 0xB3, 0x72, 0xED,
465 0x33, 0x2C, 0xBC, 0x7F, 0x16, 0x39, 0x3B, 0xEB, 0xD2, 0xDD, 0xA8, 0x01,
466 0x73, 0x84, 0x62, 0xB9, 0x29, 0xD2, 0xC9, 0x51, 0x32, 0x9E, 0x7A, 0x6A,
467 0xCF, 0xC1, 0x0A, 0xDB, 0x0E, 0xE0, 0x62, 0x77, 0x6F, 0x59, 0x62, 0x72,
468 0x5A, 0x69, 0xA6, 0x5B, 0x70, 0xCA, 0x65, 0xC4, 0x95, 0x6F, 0x9A, 0xC2,
469 0xDF, 0x72, 0x6D, 0xB1, 0x1E, 0x54, 0x7B, 0x51, 0xB4, 0xEF, 0x7F, 0x89,
470 0x93, 0x74, 0x89, 0x59
471};
472
0f113f3e
MC		 473typedef struct {
474 DH *(*get_param) (void);
475 const unsigned char *xA;
476 size_t xA_len;
477 const unsigned char *yA;
478 size_t yA_len;
479 const unsigned char *xB;
480 size_t xB_len;
481 const unsigned char *yB;
482 size_t yB_len;
483 const unsigned char *Z;
484 size_t Z_len;
485} rfc5114_td;
486
487# define make_rfc5114_td(pre) { \
488 DH_get_##pre, \
489 dhtest_##pre##_xA, sizeof(dhtest_##pre##_xA), \
490 dhtest_##pre##_yA, sizeof(dhtest_##pre##_yA), \
491 dhtest_##pre##_xB, sizeof(dhtest_##pre##_xB), \
492 dhtest_##pre##_yB, sizeof(dhtest_##pre##_yB), \
493 dhtest_##pre##_Z, sizeof(dhtest_##pre##_Z) \
494 }
20bee968
DSH		 495
496static const rfc5114_td rfctd[] = {
0f113f3e
MC		 497 make_rfc5114_td(1024_160),
498 make_rfc5114_td(2048_224),
499 make_rfc5114_td(2048_256)
20bee968
DSH		 500};
501
93d02986 502static int rfc5114_test(void)
0f113f3e
MC		 503{
504 int i;
f562aeda
HZ		 505 DH *dhA = NULL;
506 DH *dhB = NULL;
507 unsigned char *Z1 = NULL;
508 unsigned char *Z2 = NULL;
509 const rfc5114_td *td = NULL;
0aeddcfa 510 BIGNUM *bady = NULL, *priv_key = NULL, *pub_key = NULL;
b84e1226 511 const BIGNUM *pub_key_tmp;
f562aeda 512
bdcb1a2c 513 for (i = 0; i < (int)OSSL_NELEM(rfctd); i++) {
f562aeda 514 td = rfctd + i;
0f113f3e 515 /* Set up DH structures setting key components */
93d02986
RS		 516 if (!TEST_ptr(dhA = td->get_param())
517 || !TEST_ptr(dhB = td->get_param()))
0f113f3e
MC		 518 goto bad_err;
519
93d02986
RS		 520 if (!TEST_ptr(priv_key = BN_bin2bn(td->xA, td->xA_len, NULL))
521 || !TEST_ptr(pub_key = BN_bin2bn(td->yA, td->yA_len, NULL))
522 || !TEST_true(DH_set0_key(dhA, pub_key, priv_key)))
0aeddcfa 523 goto bad_err;
0f113f3e 524
93d02986
RS		 525 if (!TEST_ptr(priv_key = BN_bin2bn(td->xB, td->xB_len, NULL))
526 || !TEST_ptr(pub_key = BN_bin2bn(td->yB, td->yB_len, NULL))
527 || !TEST_true( DH_set0_key(dhB, pub_key, priv_key)))
0f113f3e 528 goto bad_err;
0aeddcfa 529 priv_key = pub_key = NULL;
0f113f3e 530
93d02986
RS		 531 if (!TEST_uint_eq(td->Z_len, (size_t)DH_size(dhA))
532 || !TEST_uint_eq(td->Z_len, (size_t)DH_size(dhB)))
0f113f3e
MC		 533 goto err;
534
93d02986
RS		 535 if (!TEST_ptr(Z1 = OPENSSL_malloc(DH_size(dhA)))
536 || !TEST_ptr(Z2 = OPENSSL_malloc(DH_size(dhB))))
f562aeda 537 goto bad_err;
0f113f3e
MC		 538 /*
539 * Work out shared secrets using both sides and compare with expected
540 * values.
541 */
b84e1226 542 DH_get0_key(dhB, &pub_key_tmp, NULL);
93d02986 543 if (!TEST_int_ne(DH_compute_key(Z1, pub_key_tmp, dhA), -1))
0f113f3e 544 goto bad_err;
b84e1226
MC		 545
546 DH_get0_key(dhA, &pub_key_tmp, NULL);
93d02986 547 if (!TEST_int_ne(DH_compute_key(Z2, pub_key_tmp, dhB), -1))
0f113f3e
MC		 548 goto bad_err;
549
93d02986
RS		 550 if (!TEST_mem_eq(Z1, td->Z_len, td->Z, td->Z_len)
551 || !TEST_mem_eq(Z2, td->Z_len, td->Z, td->Z_len))
0f113f3e 552 goto err;
0f113f3e
MC		 553
554 DH_free(dhA);
e729aac1 555 dhA = NULL;
93d02986 556 DH_free(dhB);
e729aac1 557 dhB = NULL;
93d02986 558 OPENSSL_free(Z1);
e729aac1 559 Z1 = NULL;
93d02986 560 OPENSSL_free(Z2);
e729aac1
MC		 561 Z2 = NULL;
562 }
0f113f3e 563
e729aac1
MC		 564 /* Now i == OSSL_NELEM(rfctd) */
565 /* RFC5114 uses unsafe primes, so now test an invalid y value */
93d02986
RS		 566 if (!TEST_ptr(dhA = DH_get_2048_224())
567 || !TEST_ptr(Z1 = OPENSSL_malloc(DH_size(dhA))))
e729aac1
MC		 568 goto bad_err;
569
93d02986
RS		 570 if (!TEST_ptr(bady = BN_bin2bn(dhtest_rfc5114_2048_224_bad_y,
571 sizeof(dhtest_rfc5114_2048_224_bad_y),
572 NULL)))
e729aac1
MC		 573 goto bad_err;
574
575 if (!DH_generate_key(dhA))
576 goto bad_err;
577
578 if (DH_compute_key(Z1, bady, dhA) != -1) {
579 /*
580 * DH_compute_key should fail with -1. If we get here we unexpectedly
581 * allowed an invalid y value
582 */
583 goto err;
0f113f3e 584 }
e729aac1
MC		 585 /* We'll have a stale error on the queue from the above test so clear it */
586 ERR_clear_error();
e729aac1
MC		 587 BN_free(bady);
588 DH_free(dhA);
589 OPENSSL_free(Z1);
0f113f3e 590 return 1;
93d02986 591
0f113f3e 592 bad_err:
e729aac1 593 BN_free(bady);
f562aeda
HZ		 594 DH_free(dhA);
595 DH_free(dhB);
0aeddcfa
MC		 596 BN_free(pub_key);
597 BN_free(priv_key);
f562aeda
HZ		 598 OPENSSL_free(Z1);
599 OPENSSL_free(Z2);
93d02986 600 TEST_error("Initialisation error RFC5114 set %d\n", i + 1);
0f113f3e 601 return 0;
93d02986 602
0f113f3e 603 err:
e729aac1 604 BN_free(bady);
f562aeda
HZ		 605 DH_free(dhA);
606 DH_free(dhB);
607 OPENSSL_free(Z1);
608 OPENSSL_free(Z2);
93d02986 609 TEST_error("Test failed RFC5114 set %d\n", i + 1);
0f113f3e
MC		 610 return 0;
611}
a38c878c
BE		 612
613static int rfc7919_test(void)
614{
615 DH *a = NULL, *b = NULL;
616 const BIGNUM *apub_key = NULL, *bpub_key = NULL;
617 unsigned char *abuf = NULL;
618 unsigned char *bbuf = NULL;
619 int i, alen, blen, aout, bout;
620 int ret = 0;
621
622 if (!TEST_ptr(a = DH_new_by_nid(NID_ffdhe2048)))
623 goto err;
624
625 if (!DH_check(a, &i))
626 goto err;
627 if (!TEST_false(i & DH_CHECK_P_NOT_PRIME)
628 || !TEST_false(i & DH_CHECK_P_NOT_SAFE_PRIME)
629 || !TEST_false(i & DH_UNABLE_TO_CHECK_GENERATOR)
630 || !TEST_false(i & DH_NOT_SUITABLE_GENERATOR)
631 || !TEST_false(i))
632 goto err;
633
634 if (!DH_generate_key(a))
635 goto err;
636 DH_get0_key(a, &apub_key, NULL);
637
638 /* now create another copy of the DH group for the peer */
639 if (!TEST_ptr(b = DH_new_by_nid(NID_ffdhe2048)))
640 goto err;
641
642 if (!DH_generate_key(b))
643 goto err;
644 DH_get0_key(b, &bpub_key, NULL);
645
646 alen = DH_size(a);
647 if (!TEST_ptr(abuf = OPENSSL_malloc(alen))
648 || !TEST_true((aout = DH_compute_key(abuf, bpub_key, a)) != -1))
649 goto err;
650
651 blen = DH_size(b);
652 if (!TEST_ptr(bbuf = OPENSSL_malloc(blen))
653 || !TEST_true((bout = DH_compute_key(bbuf, apub_key, b)) != -1))
654 goto err;
655
656 if (!TEST_true(aout >= 20)
657 || !TEST_mem_eq(abuf, aout, bbuf, bout))
658 goto err;
659
660 ret = 1;
661
662 err:
663 OPENSSL_free(abuf);
664 OPENSSL_free(bbuf);
665 DH_free(a);
666 DH_free(b);
667 return ret;
668}
ad887416 669#endif
20bee968 670
93d02986 671
ad887416 672int setup_tests(void)
93d02986 673{
ad887416
P		 674#ifdef OPENSSL_NO_DH
675 TEST_note("No DH support");
676#else
93d02986
RS		 677 ADD_TEST(dh_test);
678 ADD_TEST(rfc5114_test);
a38c878c 679 ADD_TEST(rfc7919_test);
f5d7a031 680#endif
ad887416
P		 681 return 1;
682}
A mirror of the official openssl repository