]> git.ipfire.org Git - thirdparty/openssl.git/blame - test/dhtest.c
projects / thirdparty / openssl.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Change DH parameters to generate the order q subgroup instead of 2q
[thirdparty/openssl.git] / test / dhtest.c
CommitLineData
440e5d80 1/*
83cf7abf 2 * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
d02b48c6 3 *
909f1a2e 4 * Licensed under the Apache License 2.0 (the "License"). You may not use
440e5d80
RS		 5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
d02b48c6
RE		 8 */
9
10#include <stdio.h>
11#include <stdlib.h>
12#include <string.h>
55f78baf 13
176db6dc 14#include "internal/nelem.h"
ec577822
BM		 15#include <openssl/crypto.h>
16#include <openssl/bio.h>
17#include <openssl/bn.h>
b0bb2b91 18#include <openssl/rand.h>
cb78486d 19#include <openssl/err.h>
a38c878c 20#include <openssl/obj_mac.h>
93d02986 21#include "testutil.h"
f5d7a031 22
ad887416 23#ifndef OPENSSL_NO_DH
0f113f3e 24# include <openssl/dh.h>
d02b48c6 25
6d23cf97 26static int cb(int p, int n, BN_GENCB *arg);
d02b48c6 27
93d02986 28static int dh_test(void)
0f113f3e 29{
9ba9d81b
DMSP		 30 DH *dh = NULL;
31 BIGNUM *p = NULL, *q = NULL, *g = NULL;
8a59c085 32 const BIGNUM *p2, *q2, *g2;
9ba9d81b 33 BIGNUM *priv_key = NULL;
8a59c085 34 const BIGNUM *pub_key2, *priv_key2;
f562aeda 35 BN_GENCB *_cb = NULL;
0f113f3e
MC		 36 DH *a = NULL;
37 DH *b = NULL;
7966101e 38 DH *c = NULL;
93d02986 39 const BIGNUM *ap = NULL, *ag = NULL, *apub_key = NULL;
7966101e
DB		 40 const BIGNUM *bpub_key = NULL, *bpriv_key = NULL;
41 BIGNUM *bp = NULL, *bg = NULL, *cpriv_key = NULL;
f562aeda
HZ		 42 unsigned char *abuf = NULL;
43 unsigned char *bbuf = NULL;
7966101e
DB		 44 unsigned char *cbuf = NULL;
45 int i, alen, blen, clen, aout, bout, cout;
9d9d2879 46 int ret = 0;
0f113f3e 47
8a59c085
DMSP		 48 if (!TEST_ptr(dh = DH_new())
49 || !TEST_ptr(p = BN_new())
50 || !TEST_ptr(q = BN_new())
51 || !TEST_ptr(g = BN_new())
52 || !TEST_ptr(priv_key = BN_new()))
9ba9d81b 53 goto err1;
8a59c085
DMSP		 54
55 /*
56 * I) basic tests
57 */
58
59 /* using a small predefined Sophie Germain DH group with generator 3 */
60 if (!TEST_true(BN_set_word(p, 4079L))
61 || !TEST_true(BN_set_word(q, 2039L))
62 || !TEST_true(BN_set_word(g, 3L))
63 || !TEST_true(DH_set0_pqg(dh, p, q, g)))
9ba9d81b 64 goto err1;
8a59c085 65
a38c878c
BE		 66 if (!DH_check(dh, &i))
67 goto err2;
68 if (!TEST_false(i & DH_CHECK_P_NOT_PRIME)
69 || !TEST_false(i & DH_CHECK_P_NOT_SAFE_PRIME)
70 || !TEST_false(i & DH_CHECK_INVALID_Q_VALUE)
71 || !TEST_false(i & DH_CHECK_Q_NOT_PRIME)
72 || !TEST_false(i & DH_UNABLE_TO_CHECK_GENERATOR)
73 || !TEST_false(i & DH_NOT_SUITABLE_GENERATOR)
74 || !TEST_false(i))
75 goto err2;
76
8a59c085
DMSP		 77 /* test the combined getter for p, q, and g */
78 DH_get0_pqg(dh, &p2, &q2, &g2);
79 if (!TEST_ptr_eq(p2, p)
80 || !TEST_ptr_eq(q2, q)
81 || !TEST_ptr_eq(g2, g))
9ba9d81b 82 goto err2;
8a59c085
DMSP		 83
84 /* test the simple getters for p, q, and g */
85 if (!TEST_ptr_eq(DH_get0_p(dh), p2)
86 || !TEST_ptr_eq(DH_get0_q(dh), q2)
87 || !TEST_ptr_eq(DH_get0_g(dh), g2))
9ba9d81b 88 goto err2;
8a59c085
DMSP		 89
90 /* set the private key only*/
91 if (!TEST_true(BN_set_word(priv_key, 1234L))
92 || !TEST_true(DH_set0_key(dh, NULL, priv_key)))
9ba9d81b 93 goto err2;
8a59c085
DMSP		 94
95 /* test the combined getter for pub_key and priv_key */
96 DH_get0_key(dh, &pub_key2, &priv_key2);
97 if (!TEST_ptr_eq(pub_key2, NULL)
98 || !TEST_ptr_eq(priv_key2, priv_key))
9ba9d81b 99 goto err3;
8a59c085
DMSP		 100
101 /* test the simple getters for pub_key and priv_key */
102 if (!TEST_ptr_eq(DH_get0_pub_key(dh), pub_key2)
103 || !TEST_ptr_eq(DH_get0_priv_key(dh), priv_key2))
9ba9d81b 104 goto err3;
8a59c085
DMSP		 105
106 /* now generate a key pair ... */
107 if (!DH_generate_key(dh))
9ba9d81b 108 goto err3;
8a59c085
DMSP		 109
110 /* ... and check whether the private key was reused: */
111
112 /* test it with the combined getter for pub_key and priv_key */
113 DH_get0_key(dh, &pub_key2, &priv_key2);
114 if (!TEST_ptr(pub_key2)
115 || !TEST_ptr_eq(priv_key2, priv_key))
9ba9d81b 116 goto err3;
8a59c085
DMSP		 117
118 /* test it the simple getters for pub_key and priv_key */
119 if (!TEST_ptr_eq(DH_get0_pub_key(dh), pub_key2)
120 || !TEST_ptr_eq(DH_get0_priv_key(dh), priv_key2))
9ba9d81b 121 goto err3;
8a59c085 122
9ba9d81b 123 /* check whether the public key was calculated correctly */
8a59c085
DMSP		 124 TEST_uint_eq(BN_get_word(pub_key2), 3331L);
125
126 /*
127 * II) key generation
128 */
129
130 /* generate a DH group ... */
93d02986 131 if (!TEST_ptr(_cb = BN_GENCB_new()))
9ba9d81b 132 goto err3;
93d02986
RS		 133 BN_GENCB_set(_cb, &cb, NULL);
134 if (!TEST_ptr(a = DH_new())
135 || !TEST_true(DH_generate_parameters_ex(a, 64,
136 DH_GENERATOR_5, _cb)))
9ba9d81b 137 goto err3;
0f113f3e 138
8a59c085 139 /* ... and check whether it is valid */
0f113f3e 140 if (!DH_check(a, &i))
9ba9d81b 141 goto err3;
9d9d2879
RS		 142 if (!TEST_false(i & DH_CHECK_P_NOT_PRIME)
143 || !TEST_false(i & DH_CHECK_P_NOT_SAFE_PRIME)
144 || !TEST_false(i & DH_UNABLE_TO_CHECK_GENERATOR)
a38c878c
BE		 145 || !TEST_false(i & DH_NOT_SUITABLE_GENERATOR)
146 || !TEST_false(i))
9ba9d81b 147 goto err3;
0f113f3e 148
9d9d2879
RS		 149 DH_get0_pqg(a, &ap, NULL, &ag);
150
8a59c085 151 /* now create another copy of the DH group for the peer */
93d02986 152 if (!TEST_ptr(b = DH_new()))
9ba9d81b 153 goto err3;
93d02986
RS		 154
155 if (!TEST_ptr(bp = BN_dup(ap))
156 || !TEST_ptr(bg = BN_dup(ag))
157 || !TEST_true(DH_set0_pqg(b, bp, NULL, bg)))
9ba9d81b 158 goto err3;
0aeddcfa 159 bp = bg = NULL;
0f113f3e 160
8a59c085
DMSP		 161 /*
162 * III) simulate a key exchange
163 */
164
0f113f3e 165 if (!DH_generate_key(a))
9ba9d81b 166 goto err3;
9d9d2879 167 DH_get0_key(a, &apub_key, NULL);
0f113f3e
MC		 168
169 if (!DH_generate_key(b))
9ba9d81b 170 goto err3;
7966101e
DB		 171 DH_get0_key(b, &bpub_key, &bpriv_key);
172
173 /* Also test with a private-key-only copy of |b|. */
174 if (!TEST_ptr(c = DHparams_dup(b))
175 || !TEST_ptr(cpriv_key = BN_dup(bpriv_key))
176 || !TEST_true(DH_set0_key(c, NULL, cpriv_key)))
9ba9d81b 177 goto err3;
7966101e 178 cpriv_key = NULL;
0f113f3e
MC		 179
180 alen = DH_size(a);
93d02986 181 if (!TEST_ptr(abuf = OPENSSL_malloc(alen))
9d9d2879 182 || !TEST_true((aout = DH_compute_key(abuf, bpub_key, a)) != -1))
9ba9d81b 183 goto err3;
f562aeda 184
0f113f3e 185 blen = DH_size(b);
93d02986 186 if (!TEST_ptr(bbuf = OPENSSL_malloc(blen))
9d9d2879 187 || !TEST_true((bout = DH_compute_key(bbuf, apub_key, b)) != -1))
9ba9d81b 188 goto err3;
9d9d2879 189
7966101e
DB		 190 clen = DH_size(c);
191 if (!TEST_ptr(cbuf = OPENSSL_malloc(clen))
192 || !TEST_true((cout = DH_compute_key(cbuf, apub_key, c)) != -1))
9ba9d81b 193 goto err3;
7966101e 194
9d9d2879 195 if (!TEST_true(aout >= 4)
7966101e
DB		 196 || !TEST_mem_eq(abuf, aout, bbuf, bout)
197 || !TEST_mem_eq(abuf, aout, cbuf, cout))
9ba9d81b 198 goto err3;
9d9d2879 199
93d02986 200 ret = 1;
9ba9d81b
DMSP		 201 goto success;
202
203 err1:
204 /* an error occurred before p,q,g were assigned to dh */
205 BN_free(p);
206 BN_free(q);
207 BN_free(g);
208 err2:
68756b12 209 /* an error occurred before priv_key was assigned to dh */
9ba9d81b
DMSP		 210 BN_free(priv_key);
211 err3:
212 success:
b548a1f1
RS		 213 OPENSSL_free(abuf);
214 OPENSSL_free(bbuf);
7966101e 215 OPENSSL_free(cbuf);
d6407083
RS		 216 DH_free(b);
217 DH_free(a);
7966101e 218 DH_free(c);
0aeddcfa
MC		 219 BN_free(bp);
220 BN_free(bg);
7966101e 221 BN_free(cpriv_key);
23a1d5e9 222 BN_GENCB_free(_cb);
8a59c085
DMSP		 223 DH_free(dh);
224
93d02986 225 return ret;
0f113f3e 226}
d02b48c6 227
6d23cf97 228static int cb(int p, int n, BN_GENCB *arg)
0f113f3e 229{
0f113f3e
MC		 230 return 1;
231}
20bee968
DSH		 232
233/* Test data from RFC 5114 */
234
235static const unsigned char dhtest_1024_160_xA[] = {
0f113f3e
MC		 236 0xB9, 0xA3, 0xB3, 0xAE, 0x8F, 0xEF, 0xC1, 0xA2, 0x93, 0x04, 0x96, 0x50,
237 0x70, 0x86, 0xF8, 0x45, 0x5D, 0x48, 0x94, 0x3E
20bee968 238};
0f113f3e 239
20bee968 240static const unsigned char dhtest_1024_160_yA[] = {
0f113f3e
MC		 241 0x2A, 0x85, 0x3B, 0x3D, 0x92, 0x19, 0x75, 0x01, 0xB9, 0x01, 0x5B, 0x2D,
242 0xEB, 0x3E, 0xD8, 0x4F, 0x5E, 0x02, 0x1D, 0xCC, 0x3E, 0x52, 0xF1, 0x09,
243 0xD3, 0x27, 0x3D, 0x2B, 0x75, 0x21, 0x28, 0x1C, 0xBA, 0xBE, 0x0E, 0x76,
244 0xFF, 0x57, 0x27, 0xFA, 0x8A, 0xCC, 0xE2, 0x69, 0x56, 0xBA, 0x9A, 0x1F,
245 0xCA, 0x26, 0xF2, 0x02, 0x28, 0xD8, 0x69, 0x3F, 0xEB, 0x10, 0x84, 0x1D,
246 0x84, 0xA7, 0x36, 0x00, 0x54, 0xEC, 0xE5, 0xA7, 0xF5, 0xB7, 0xA6, 0x1A,
247 0xD3, 0xDF, 0xB3, 0xC6, 0x0D, 0x2E, 0x43, 0x10, 0x6D, 0x87, 0x27, 0xDA,
248 0x37, 0xDF, 0x9C, 0xCE, 0x95, 0xB4, 0x78, 0x75, 0x5D, 0x06, 0xBC, 0xEA,
249 0x8F, 0x9D, 0x45, 0x96, 0x5F, 0x75, 0xA5, 0xF3, 0xD1, 0xDF, 0x37, 0x01,
250 0x16, 0x5F, 0xC9, 0xE5, 0x0C, 0x42, 0x79, 0xCE, 0xB0, 0x7F, 0x98, 0x95,
251 0x40, 0xAE, 0x96, 0xD5, 0xD8, 0x8E, 0xD7, 0x76
20bee968 252};
0f113f3e 253
20bee968 254static const unsigned char dhtest_1024_160_xB[] = {
0f113f3e
MC		 255 0x93, 0x92, 0xC9, 0xF9, 0xEB, 0x6A, 0x7A, 0x6A, 0x90, 0x22, 0xF7, 0xD8,
256 0x3E, 0x72, 0x23, 0xC6, 0x83, 0x5B, 0xBD, 0xDA
20bee968 257};
0f113f3e 258
20bee968 259static const unsigned char dhtest_1024_160_yB[] = {
0f113f3e
MC		 260 0x71, 0x7A, 0x6C, 0xB0, 0x53, 0x37, 0x1F, 0xF4, 0xA3, 0xB9, 0x32, 0x94,
261 0x1C, 0x1E, 0x56, 0x63, 0xF8, 0x61, 0xA1, 0xD6, 0xAD, 0x34, 0xAE, 0x66,
262 0x57, 0x6D, 0xFB, 0x98, 0xF6, 0xC6, 0xCB, 0xF9, 0xDD, 0xD5, 0xA5, 0x6C,
263 0x78, 0x33, 0xF6, 0xBC, 0xFD, 0xFF, 0x09, 0x55, 0x82, 0xAD, 0x86, 0x8E,
264 0x44, 0x0E, 0x8D, 0x09, 0xFD, 0x76, 0x9E, 0x3C, 0xEC, 0xCD, 0xC3, 0xD3,
265 0xB1, 0xE4, 0xCF, 0xA0, 0x57, 0x77, 0x6C, 0xAA, 0xF9, 0x73, 0x9B, 0x6A,
266 0x9F, 0xEE, 0x8E, 0x74, 0x11, 0xF8, 0xD6, 0xDA, 0xC0, 0x9D, 0x6A, 0x4E,
267 0xDB, 0x46, 0xCC, 0x2B, 0x5D, 0x52, 0x03, 0x09, 0x0E, 0xAE, 0x61, 0x26,
268 0x31, 0x1E, 0x53, 0xFD, 0x2C, 0x14, 0xB5, 0x74, 0xE6, 0xA3, 0x10, 0x9A,
269 0x3D, 0xA1, 0xBE, 0x41, 0xBD, 0xCE, 0xAA, 0x18, 0x6F, 0x5C, 0xE0, 0x67,
270 0x16, 0xA2, 0xB6, 0xA0, 0x7B, 0x3C, 0x33, 0xFE
20bee968 271};
0f113f3e 272
20bee968 273static const unsigned char dhtest_1024_160_Z[] = {
0f113f3e
MC		 274 0x5C, 0x80, 0x4F, 0x45, 0x4D, 0x30, 0xD9, 0xC4, 0xDF, 0x85, 0x27, 0x1F,
275 0x93, 0x52, 0x8C, 0x91, 0xDF, 0x6B, 0x48, 0xAB, 0x5F, 0x80, 0xB3, 0xB5,
276 0x9C, 0xAA, 0xC1, 0xB2, 0x8F, 0x8A, 0xCB, 0xA9, 0xCD, 0x3E, 0x39, 0xF3,
277 0xCB, 0x61, 0x45, 0x25, 0xD9, 0x52, 0x1D, 0x2E, 0x64, 0x4C, 0x53, 0xB8,
278 0x07, 0xB8, 0x10, 0xF3, 0x40, 0x06, 0x2F, 0x25, 0x7D, 0x7D, 0x6F, 0xBF,
279 0xE8, 0xD5, 0xE8, 0xF0, 0x72, 0xE9, 0xB6, 0xE9, 0xAF, 0xDA, 0x94, 0x13,
280 0xEA, 0xFB, 0x2E, 0x8B, 0x06, 0x99, 0xB1, 0xFB, 0x5A, 0x0C, 0xAC, 0xED,
281 0xDE, 0xAE, 0xAD, 0x7E, 0x9C, 0xFB, 0xB3, 0x6A, 0xE2, 0xB4, 0x20, 0x83,
282 0x5B, 0xD8, 0x3A, 0x19, 0xFB, 0x0B, 0x5E, 0x96, 0xBF, 0x8F, 0xA4, 0xD0,
283 0x9E, 0x34, 0x55, 0x25, 0x16, 0x7E, 0xCD, 0x91, 0x55, 0x41, 0x6F, 0x46,
284 0xF4, 0x08, 0xED, 0x31, 0xB6, 0x3C, 0x6E, 0x6D
20bee968 285};
0f113f3e 286
20bee968 287static const unsigned char dhtest_2048_224_xA[] = {
0f113f3e
MC		 288 0x22, 0xE6, 0x26, 0x01, 0xDB, 0xFF, 0xD0, 0x67, 0x08, 0xA6, 0x80, 0xF7,
289 0x47, 0xF3, 0x61, 0xF7, 0x6D, 0x8F, 0x4F, 0x72, 0x1A, 0x05, 0x48, 0xE4,
290 0x83, 0x29, 0x4B, 0x0C
20bee968 291};
0f113f3e 292
20bee968 293static const unsigned char dhtest_2048_224_yA[] = {
0f113f3e
MC		 294 0x1B, 0x3A, 0x63, 0x45, 0x1B, 0xD8, 0x86, 0xE6, 0x99, 0xE6, 0x7B, 0x49,
295 0x4E, 0x28, 0x8B, 0xD7, 0xF8, 0xE0, 0xD3, 0x70, 0xBA, 0xDD, 0xA7, 0xA0,
296 0xEF, 0xD2, 0xFD, 0xE7, 0xD8, 0xF6, 0x61, 0x45, 0xCC, 0x9F, 0x28, 0x04,
297 0x19, 0x97, 0x5E, 0xB8, 0x08, 0x87, 0x7C, 0x8A, 0x4C, 0x0C, 0x8E, 0x0B,
298 0xD4, 0x8D, 0x4A, 0x54, 0x01, 0xEB, 0x1E, 0x87, 0x76, 0xBF, 0xEE, 0xE1,
299 0x34, 0xC0, 0x38, 0x31, 0xAC, 0x27, 0x3C, 0xD9, 0xD6, 0x35, 0xAB, 0x0C,
300 0xE0, 0x06, 0xA4, 0x2A, 0x88, 0x7E, 0x3F, 0x52, 0xFB, 0x87, 0x66, 0xB6,
301 0x50, 0xF3, 0x80, 0x78, 0xBC, 0x8E, 0xE8, 0x58, 0x0C, 0xEF, 0xE2, 0x43,
302 0x96, 0x8C, 0xFC, 0x4F, 0x8D, 0xC3, 0xDB, 0x08, 0x45, 0x54, 0x17, 0x1D,
303 0x41, 0xBF, 0x2E, 0x86, 0x1B, 0x7B, 0xB4, 0xD6, 0x9D, 0xD0, 0xE0, 0x1E,
304 0xA3, 0x87, 0xCB, 0xAA, 0x5C, 0xA6, 0x72, 0xAF, 0xCB, 0xE8, 0xBD, 0xB9,
305 0xD6, 0x2D, 0x4C, 0xE1, 0x5F, 0x17, 0xDD, 0x36, 0xF9, 0x1E, 0xD1, 0xEE,
306 0xDD, 0x65, 0xCA, 0x4A, 0x06, 0x45, 0x5C, 0xB9, 0x4C, 0xD4, 0x0A, 0x52,
307 0xEC, 0x36, 0x0E, 0x84, 0xB3, 0xC9, 0x26, 0xE2, 0x2C, 0x43, 0x80, 0xA3,
308 0xBF, 0x30, 0x9D, 0x56, 0x84, 0x97, 0x68, 0xB7, 0xF5, 0x2C, 0xFD, 0xF6,
309 0x55, 0xFD, 0x05, 0x3A, 0x7E, 0xF7, 0x06, 0x97, 0x9E, 0x7E, 0x58, 0x06,
310 0xB1, 0x7D, 0xFA, 0xE5, 0x3A, 0xD2, 0xA5, 0xBC, 0x56, 0x8E, 0xBB, 0x52,
311 0x9A, 0x7A, 0x61, 0xD6, 0x8D, 0x25, 0x6F, 0x8F, 0xC9, 0x7C, 0x07, 0x4A,
312 0x86, 0x1D, 0x82, 0x7E, 0x2E, 0xBC, 0x8C, 0x61, 0x34, 0x55, 0x31, 0x15,
313 0xB7, 0x0E, 0x71, 0x03, 0x92, 0x0A, 0xA1, 0x6D, 0x85, 0xE5, 0x2B, 0xCB,
314 0xAB, 0x8D, 0x78, 0x6A, 0x68, 0x17, 0x8F, 0xA8, 0xFF, 0x7C, 0x2F, 0x5C,
315 0x71, 0x64, 0x8D, 0x6F
20bee968 316};
0f113f3e 317
20bee968 318static const unsigned char dhtest_2048_224_xB[] = {
0f113f3e
MC		 319 0x4F, 0xF3, 0xBC, 0x96, 0xC7, 0xFC, 0x6A, 0x6D, 0x71, 0xD3, 0xB3, 0x63,
320 0x80, 0x0A, 0x7C, 0xDF, 0xEF, 0x6F, 0xC4, 0x1B, 0x44, 0x17, 0xEA, 0x15,
321 0x35, 0x3B, 0x75, 0x90
20bee968 322};
0f113f3e 323
20bee968 324static const unsigned char dhtest_2048_224_yB[] = {
0f113f3e
MC		 325 0x4D, 0xCE, 0xE9, 0x92, 0xA9, 0x76, 0x2A, 0x13, 0xF2, 0xF8, 0x38, 0x44,
326 0xAD, 0x3D, 0x77, 0xEE, 0x0E, 0x31, 0xC9, 0x71, 0x8B, 0x3D, 0xB6, 0xC2,
327 0x03, 0x5D, 0x39, 0x61, 0x18, 0x2C, 0x3E, 0x0B, 0xA2, 0x47, 0xEC, 0x41,
328 0x82, 0xD7, 0x60, 0xCD, 0x48, 0xD9, 0x95, 0x99, 0x97, 0x06, 0x22, 0xA1,
329 0x88, 0x1B, 0xBA, 0x2D, 0xC8, 0x22, 0x93, 0x9C, 0x78, 0xC3, 0x91, 0x2C,
330 0x66, 0x61, 0xFA, 0x54, 0x38, 0xB2, 0x07, 0x66, 0x22, 0x2B, 0x75, 0xE2,
331 0x4C, 0x2E, 0x3A, 0xD0, 0xC7, 0x28, 0x72, 0x36, 0x12, 0x95, 0x25, 0xEE,
332 0x15, 0xB5, 0xDD, 0x79, 0x98, 0xAA, 0x04, 0xC4, 0xA9, 0x69, 0x6C, 0xAC,
333 0xD7, 0x17, 0x20, 0x83, 0xA9, 0x7A, 0x81, 0x66, 0x4E, 0xAD, 0x2C, 0x47,
334 0x9E, 0x44, 0x4E, 0x4C, 0x06, 0x54, 0xCC, 0x19, 0xE2, 0x8D, 0x77, 0x03,
335 0xCE, 0xE8, 0xDA, 0xCD, 0x61, 0x26, 0xF5, 0xD6, 0x65, 0xEC, 0x52, 0xC6,
336 0x72, 0x55, 0xDB, 0x92, 0x01, 0x4B, 0x03, 0x7E, 0xB6, 0x21, 0xA2, 0xAC,
337 0x8E, 0x36, 0x5D, 0xE0, 0x71, 0xFF, 0xC1, 0x40, 0x0A, 0xCF, 0x07, 0x7A,
338 0x12, 0x91, 0x3D, 0xD8, 0xDE, 0x89, 0x47, 0x34, 0x37, 0xAB, 0x7B, 0xA3,
339 0x46, 0x74, 0x3C, 0x1B, 0x21, 0x5D, 0xD9, 0xC1, 0x21, 0x64, 0xA7, 0xE4,
340 0x05, 0x31, 0x18, 0xD1, 0x99, 0xBE, 0xC8, 0xEF, 0x6F, 0xC5, 0x61, 0x17,
341 0x0C, 0x84, 0xC8, 0x7D, 0x10, 0xEE, 0x9A, 0x67, 0x4A, 0x1F, 0xA8, 0xFF,
342 0xE1, 0x3B, 0xDF, 0xBA, 0x1D, 0x44, 0xDE, 0x48, 0x94, 0x6D, 0x68, 0xDC,
343 0x0C, 0xDD, 0x77, 0x76, 0x35, 0xA7, 0xAB, 0x5B, 0xFB, 0x1E, 0x4B, 0xB7,
344 0xB8, 0x56, 0xF9, 0x68, 0x27, 0x73, 0x4C, 0x18, 0x41, 0x38, 0xE9, 0x15,
345 0xD9, 0xC3, 0x00, 0x2E, 0xBC, 0xE5, 0x31, 0x20, 0x54, 0x6A, 0x7E, 0x20,
346 0x02, 0x14, 0x2B, 0x6C
20bee968 347};
0f113f3e 348
20bee968 349static const unsigned char dhtest_2048_224_Z[] = {
0f113f3e
MC		 350 0x34, 0xD9, 0xBD, 0xDC, 0x1B, 0x42, 0x17, 0x6C, 0x31, 0x3F, 0xEA, 0x03,
351 0x4C, 0x21, 0x03, 0x4D, 0x07, 0x4A, 0x63, 0x13, 0xBB, 0x4E, 0xCD, 0xB3,
352 0x70, 0x3F, 0xFF, 0x42, 0x45, 0x67, 0xA4, 0x6B, 0xDF, 0x75, 0x53, 0x0E,
353 0xDE, 0x0A, 0x9D, 0xA5, 0x22, 0x9D, 0xE7, 0xD7, 0x67, 0x32, 0x28, 0x6C,
354 0xBC, 0x0F, 0x91, 0xDA, 0x4C, 0x3C, 0x85, 0x2F, 0xC0, 0x99, 0xC6, 0x79,
355 0x53, 0x1D, 0x94, 0xC7, 0x8A, 0xB0, 0x3D, 0x9D, 0xEC, 0xB0, 0xA4, 0xE4,
356 0xCA, 0x8B, 0x2B, 0xB4, 0x59, 0x1C, 0x40, 0x21, 0xCF, 0x8C, 0xE3, 0xA2,
357 0x0A, 0x54, 0x1D, 0x33, 0x99, 0x40, 0x17, 0xD0, 0x20, 0x0A, 0xE2, 0xC9,
358 0x51, 0x6E, 0x2F, 0xF5, 0x14, 0x57, 0x79, 0x26, 0x9E, 0x86, 0x2B, 0x0F,
359 0xB4, 0x74, 0xA2, 0xD5, 0x6D, 0xC3, 0x1E, 0xD5, 0x69, 0xA7, 0x70, 0x0B,
360 0x4C, 0x4A, 0xB1, 0x6B, 0x22, 0xA4, 0x55, 0x13, 0x53, 0x1E, 0xF5, 0x23,
361 0xD7, 0x12, 0x12, 0x07, 0x7B, 0x5A, 0x16, 0x9B, 0xDE, 0xFF, 0xAD, 0x7A,
362 0xD9, 0x60, 0x82, 0x84, 0xC7, 0x79, 0x5B, 0x6D, 0x5A, 0x51, 0x83, 0xB8,
363 0x70, 0x66, 0xDE, 0x17, 0xD8, 0xD6, 0x71, 0xC9, 0xEB, 0xD8, 0xEC, 0x89,
364 0x54, 0x4D, 0x45, 0xEC, 0x06, 0x15, 0x93, 0xD4, 0x42, 0xC6, 0x2A, 0xB9,
365 0xCE, 0x3B, 0x1C, 0xB9, 0x94, 0x3A, 0x1D, 0x23, 0xA5, 0xEA, 0x3B, 0xCF,
366 0x21, 0xA0, 0x14, 0x71, 0xE6, 0x7E, 0x00, 0x3E, 0x7F, 0x8A, 0x69, 0xC7,
367 0x28, 0xBE, 0x49, 0x0B, 0x2F, 0xC8, 0x8C, 0xFE, 0xB9, 0x2D, 0xB6, 0xA2,
368 0x15, 0xE5, 0xD0, 0x3C, 0x17, 0xC4, 0x64, 0xC9, 0xAC, 0x1A, 0x46, 0xE2,
369 0x03, 0xE1, 0x3F, 0x95, 0x29, 0x95, 0xFB, 0x03, 0xC6, 0x9D, 0x3C, 0xC4,
370 0x7F, 0xCB, 0x51, 0x0B, 0x69, 0x98, 0xFF, 0xD3, 0xAA, 0x6D, 0xE7, 0x3C,
371 0xF9, 0xF6, 0x38, 0x69
20bee968 372};
0f113f3e 373
20bee968 374static const unsigned char dhtest_2048_256_xA[] = {
0f113f3e
MC		 375 0x08, 0x81, 0x38, 0x2C, 0xDB, 0x87, 0x66, 0x0C, 0x6D, 0xC1, 0x3E, 0x61,
376 0x49, 0x38, 0xD5, 0xB9, 0xC8, 0xB2, 0xF2, 0x48, 0x58, 0x1C, 0xC5, 0xE3,
377 0x1B, 0x35, 0x45, 0x43, 0x97, 0xFC, 0xE5, 0x0E
20bee968 378};
0f113f3e 379
20bee968 380static const unsigned char dhtest_2048_256_yA[] = {
0f113f3e
MC		 381 0x2E, 0x93, 0x80, 0xC8, 0x32, 0x3A, 0xF9, 0x75, 0x45, 0xBC, 0x49, 0x41,
382 0xDE, 0xB0, 0xEC, 0x37, 0x42, 0xC6, 0x2F, 0xE0, 0xEC, 0xE8, 0x24, 0xA6,
383 0xAB, 0xDB, 0xE6, 0x6C, 0x59, 0xBE, 0xE0, 0x24, 0x29, 0x11, 0xBF, 0xB9,
384 0x67, 0x23, 0x5C, 0xEB, 0xA3, 0x5A, 0xE1, 0x3E, 0x4E, 0xC7, 0x52, 0xBE,
385 0x63, 0x0B, 0x92, 0xDC, 0x4B, 0xDE, 0x28, 0x47, 0xA9, 0xC6, 0x2C, 0xB8,
386 0x15, 0x27, 0x45, 0x42, 0x1F, 0xB7, 0xEB, 0x60, 0xA6, 0x3C, 0x0F, 0xE9,
387 0x15, 0x9F, 0xCC, 0xE7, 0x26, 0xCE, 0x7C, 0xD8, 0x52, 0x3D, 0x74, 0x50,
388 0x66, 0x7E, 0xF8, 0x40, 0xE4, 0x91, 0x91, 0x21, 0xEB, 0x5F, 0x01, 0xC8,
389 0xC9, 0xB0, 0xD3, 0xD6, 0x48, 0xA9, 0x3B, 0xFB, 0x75, 0x68, 0x9E, 0x82,
390 0x44, 0xAC, 0x13, 0x4A, 0xF5, 0x44, 0x71, 0x1C, 0xE7, 0x9A, 0x02, 0xDC,
391 0xC3, 0x42, 0x26, 0x68, 0x47, 0x80, 0xDD, 0xDC, 0xB4, 0x98, 0x59, 0x41,
392 0x06, 0xC3, 0x7F, 0x5B, 0xC7, 0x98, 0x56, 0x48, 0x7A, 0xF5, 0xAB, 0x02,
393 0x2A, 0x2E, 0x5E, 0x42, 0xF0, 0x98, 0x97, 0xC1, 0xA8, 0x5A, 0x11, 0xEA,
394 0x02, 0x12, 0xAF, 0x04, 0xD9, 0xB4, 0xCE, 0xBC, 0x93, 0x7C, 0x3C, 0x1A,
395 0x3E, 0x15, 0xA8, 0xA0, 0x34, 0x2E, 0x33, 0x76, 0x15, 0xC8, 0x4E, 0x7F,
396 0xE3, 0xB8, 0xB9, 0xB8, 0x7F, 0xB1, 0xE7, 0x3A, 0x15, 0xAF, 0x12, 0xA3,
397 0x0D, 0x74, 0x6E, 0x06, 0xDF, 0xC3, 0x4F, 0x29, 0x0D, 0x79, 0x7C, 0xE5,
398 0x1A, 0xA1, 0x3A, 0xA7, 0x85, 0xBF, 0x66, 0x58, 0xAF, 0xF5, 0xE4, 0xB0,
399 0x93, 0x00, 0x3C, 0xBE, 0xAF, 0x66, 0x5B, 0x3C, 0x2E, 0x11, 0x3A, 0x3A,
400 0x4E, 0x90, 0x52, 0x69, 0x34, 0x1D, 0xC0, 0x71, 0x14, 0x26, 0x68, 0x5F,
401 0x4E, 0xF3, 0x7E, 0x86, 0x8A, 0x81, 0x26, 0xFF, 0x3F, 0x22, 0x79, 0xB5,
402 0x7C, 0xA6, 0x7E, 0x29
20bee968 403};
0f113f3e 404
20bee968 405static const unsigned char dhtest_2048_256_xB[] = {
0f113f3e
MC		 406 0x7D, 0x62, 0xA7, 0xE3, 0xEF, 0x36, 0xDE, 0x61, 0x7B, 0x13, 0xD1, 0xAF,
407 0xB8, 0x2C, 0x78, 0x0D, 0x83, 0xA2, 0x3B, 0xD4, 0xEE, 0x67, 0x05, 0x64,
408 0x51, 0x21, 0xF3, 0x71, 0xF5, 0x46, 0xA5, 0x3D
20bee968 409};
0f113f3e 410
20bee968 411static const unsigned char dhtest_2048_256_yB[] = {
0f113f3e
MC		 412 0x57, 0x5F, 0x03, 0x51, 0xBD, 0x2B, 0x1B, 0x81, 0x74, 0x48, 0xBD, 0xF8,
413 0x7A, 0x6C, 0x36, 0x2C, 0x1E, 0x28, 0x9D, 0x39, 0x03, 0xA3, 0x0B, 0x98,
414 0x32, 0xC5, 0x74, 0x1F, 0xA2, 0x50, 0x36, 0x3E, 0x7A, 0xCB, 0xC7, 0xF7,
415 0x7F, 0x3D, 0xAC, 0xBC, 0x1F, 0x13, 0x1A, 0xDD, 0x8E, 0x03, 0x36, 0x7E,
416 0xFF, 0x8F, 0xBB, 0xB3, 0xE1, 0xC5, 0x78, 0x44, 0x24, 0x80, 0x9B, 0x25,
417 0xAF, 0xE4, 0xD2, 0x26, 0x2A, 0x1A, 0x6F, 0xD2, 0xFA, 0xB6, 0x41, 0x05,
418 0xCA, 0x30, 0xA6, 0x74, 0xE0, 0x7F, 0x78, 0x09, 0x85, 0x20, 0x88, 0x63,
419 0x2F, 0xC0, 0x49, 0x23, 0x37, 0x91, 0xAD, 0x4E, 0xDD, 0x08, 0x3A, 0x97,
420 0x8B, 0x88, 0x3E, 0xE6, 0x18, 0xBC, 0x5E, 0x0D, 0xD0, 0x47, 0x41, 0x5F,
421 0x2D, 0x95, 0xE6, 0x83, 0xCF, 0x14, 0x82, 0x6B, 0x5F, 0xBE, 0x10, 0xD3,
422 0xCE, 0x41, 0xC6, 0xC1, 0x20, 0xC7, 0x8A, 0xB2, 0x00, 0x08, 0xC6, 0x98,
423 0xBF, 0x7F, 0x0B, 0xCA, 0xB9, 0xD7, 0xF4, 0x07, 0xBE, 0xD0, 0xF4, 0x3A,
424 0xFB, 0x29, 0x70, 0xF5, 0x7F, 0x8D, 0x12, 0x04, 0x39, 0x63, 0xE6, 0x6D,
425 0xDD, 0x32, 0x0D, 0x59, 0x9A, 0xD9, 0x93, 0x6C, 0x8F, 0x44, 0x13, 0x7C,
426 0x08, 0xB1, 0x80, 0xEC, 0x5E, 0x98, 0x5C, 0xEB, 0xE1, 0x86, 0xF3, 0xD5,
427 0x49, 0x67, 0x7E, 0x80, 0x60, 0x73, 0x31, 0xEE, 0x17, 0xAF, 0x33, 0x80,
428 0xA7, 0x25, 0xB0, 0x78, 0x23, 0x17, 0xD7, 0xDD, 0x43, 0xF5, 0x9D, 0x7A,
429 0xF9, 0x56, 0x8A, 0x9B, 0xB6, 0x3A, 0x84, 0xD3, 0x65, 0xF9, 0x22, 0x44,
430 0xED, 0x12, 0x09, 0x88, 0x21, 0x93, 0x02, 0xF4, 0x29, 0x24, 0xC7, 0xCA,
431 0x90, 0xB8, 0x9D, 0x24, 0xF7, 0x1B, 0x0A, 0xB6, 0x97, 0x82, 0x3D, 0x7D,
432 0xEB, 0x1A, 0xFF, 0x5B, 0x0E, 0x8E, 0x4A, 0x45, 0xD4, 0x9F, 0x7F, 0x53,
433 0x75, 0x7E, 0x19, 0x13
20bee968 434};
0f113f3e 435
20bee968 436static const unsigned char dhtest_2048_256_Z[] = {
0f113f3e
MC		 437 0x86, 0xC7, 0x0B, 0xF8, 0xD0, 0xBB, 0x81, 0xBB, 0x01, 0x07, 0x8A, 0x17,
438 0x21, 0x9C, 0xB7, 0xD2, 0x72, 0x03, 0xDB, 0x2A, 0x19, 0xC8, 0x77, 0xF1,
439 0xD1, 0xF1, 0x9F, 0xD7, 0xD7, 0x7E, 0xF2, 0x25, 0x46, 0xA6, 0x8F, 0x00,
440 0x5A, 0xD5, 0x2D, 0xC8, 0x45, 0x53, 0xB7, 0x8F, 0xC6, 0x03, 0x30, 0xBE,
441 0x51, 0xEA, 0x7C, 0x06, 0x72, 0xCA, 0xC1, 0x51, 0x5E, 0x4B, 0x35, 0xC0,
442 0x47, 0xB9, 0xA5, 0x51, 0xB8, 0x8F, 0x39, 0xDC, 0x26, 0xDA, 0x14, 0xA0,
443 0x9E, 0xF7, 0x47, 0x74, 0xD4, 0x7C, 0x76, 0x2D, 0xD1, 0x77, 0xF9, 0xED,
444 0x5B, 0xC2, 0xF1, 0x1E, 0x52, 0xC8, 0x79, 0xBD, 0x95, 0x09, 0x85, 0x04,
445 0xCD, 0x9E, 0xEC, 0xD8, 0xA8, 0xF9, 0xB3, 0xEF, 0xBD, 0x1F, 0x00, 0x8A,
446 0xC5, 0x85, 0x30, 0x97, 0xD9, 0xD1, 0x83, 0x7F, 0x2B, 0x18, 0xF7, 0x7C,
447 0xD7, 0xBE, 0x01, 0xAF, 0x80, 0xA7, 0xC7, 0xB5, 0xEA, 0x3C, 0xA5, 0x4C,
448 0xC0, 0x2D, 0x0C, 0x11, 0x6F, 0xEE, 0x3F, 0x95, 0xBB, 0x87, 0x39, 0x93,
449 0x85, 0x87, 0x5D, 0x7E, 0x86, 0x74, 0x7E, 0x67, 0x6E, 0x72, 0x89, 0x38,
450 0xAC, 0xBF, 0xF7, 0x09, 0x8E, 0x05, 0xBE, 0x4D, 0xCF, 0xB2, 0x40, 0x52,
451 0xB8, 0x3A, 0xEF, 0xFB, 0x14, 0x78, 0x3F, 0x02, 0x9A, 0xDB, 0xDE, 0x7F,
452 0x53, 0xFA, 0xE9, 0x20, 0x84, 0x22, 0x40, 0x90, 0xE0, 0x07, 0xCE, 0xE9,
453 0x4D, 0x4B, 0xF2, 0xBA, 0xCE, 0x9F, 0xFD, 0x4B, 0x57, 0xD2, 0xAF, 0x7C,
454 0x72, 0x4D, 0x0C, 0xAA, 0x19, 0xBF, 0x05, 0x01, 0xF6, 0xF1, 0x7B, 0x4A,
455 0xA1, 0x0F, 0x42, 0x5E, 0x3E, 0xA7, 0x60, 0x80, 0xB4, 0xB9, 0xD6, 0xB3,
456 0xCE, 0xFE, 0xA1, 0x15, 0xB2, 0xCE, 0xB8, 0x78, 0x9B, 0xB8, 0xA3, 0xB0,
457 0xEA, 0x87, 0xFE, 0xBE, 0x63, 0xB6, 0xC8, 0xF8, 0x46, 0xEC, 0x6D, 0xB0,
458 0xC2, 0x6C, 0x5D, 0x7C
20bee968
DSH		 459};
460
e729aac1
MC		 461static const unsigned char dhtest_rfc5114_2048_224_bad_y[] = {
462 0x45, 0x32, 0x5F, 0x51, 0x07, 0xE5, 0xDF, 0x1C, 0xD6, 0x02, 0x82, 0xB3,
463 0x32, 0x8F, 0xA4, 0x0F, 0x87, 0xB8, 0x41, 0xFE, 0xB9, 0x35, 0xDE, 0xAD,
464 0xC6, 0x26, 0x85, 0xB4, 0xFF, 0x94, 0x8C, 0x12, 0x4C, 0xBF, 0x5B, 0x20,
465 0xC4, 0x46, 0xA3, 0x26, 0xEB, 0xA4, 0x25, 0xB7, 0x68, 0x8E, 0xCC, 0x67,
466 0xBA, 0xEA, 0x58, 0xD0, 0xF2, 0xE9, 0xD2, 0x24, 0x72, 0x60, 0xDA, 0x88,
467 0x18, 0x9C, 0xE0, 0x31, 0x6A, 0xAD, 0x50, 0x6D, 0x94, 0x35, 0x8B, 0x83,
468 0x4A, 0x6E, 0xFA, 0x48, 0x73, 0x0F, 0x83, 0x87, 0xFF, 0x6B, 0x66, 0x1F,
469 0xA8, 0x82, 0xC6, 0x01, 0xE5, 0x80, 0xB5, 0xB0, 0x52, 0xD0, 0xE9, 0xD8,
470 0x72, 0xF9, 0x7D, 0x5B, 0x8B, 0xA5, 0x4C, 0xA5, 0x25, 0x95, 0x74, 0xE2,
471 0x7A, 0x61, 0x4E, 0xA7, 0x8F, 0x12, 0xE2, 0xD2, 0x9D, 0x8C, 0x02, 0x70,
472 0x34, 0x44, 0x32, 0xC7, 0xB2, 0xF3, 0xB9, 0xFE, 0x17, 0x2B, 0xD6, 0x1F,
473 0x8B, 0x7E, 0x4A, 0xFA, 0xA3, 0xB5, 0x3E, 0x7A, 0x81, 0x9A, 0x33, 0x66,
474 0x62, 0xA4, 0x50, 0x18, 0x3E, 0xA2, 0x5F, 0x00, 0x07, 0xD8, 0x9B, 0x22,
475 0xE4, 0xEC, 0x84, 0xD5, 0xEB, 0x5A, 0xF3, 0x2A, 0x31, 0x23, 0xD8, 0x44,
476 0x22, 0x2A, 0x8B, 0x37, 0x44, 0xCC, 0xC6, 0x87, 0x4B, 0xBE, 0x50, 0x9D,
477 0x4A, 0xC4, 0x8E, 0x45, 0xCF, 0x72, 0x4D, 0xC0, 0x89, 0xB3, 0x72, 0xED,
478 0x33, 0x2C, 0xBC, 0x7F, 0x16, 0x39, 0x3B, 0xEB, 0xD2, 0xDD, 0xA8, 0x01,
479 0x73, 0x84, 0x62, 0xB9, 0x29, 0xD2, 0xC9, 0x51, 0x32, 0x9E, 0x7A, 0x6A,
480 0xCF, 0xC1, 0x0A, 0xDB, 0x0E, 0xE0, 0x62, 0x77, 0x6F, 0x59, 0x62, 0x72,
481 0x5A, 0x69, 0xA6, 0x5B, 0x70, 0xCA, 0x65, 0xC4, 0x95, 0x6F, 0x9A, 0xC2,
482 0xDF, 0x72, 0x6D, 0xB1, 0x1E, 0x54, 0x7B, 0x51, 0xB4, 0xEF, 0x7F, 0x89,
483 0x93, 0x74, 0x89, 0x59
484};
485
0f113f3e
MC		 486typedef struct {
487 DH *(*get_param) (void);
488 const unsigned char *xA;
489 size_t xA_len;
490 const unsigned char *yA;
491 size_t yA_len;
492 const unsigned char *xB;
493 size_t xB_len;
494 const unsigned char *yB;
495 size_t yB_len;
496 const unsigned char *Z;
497 size_t Z_len;
498} rfc5114_td;
499
500# define make_rfc5114_td(pre) { \
501 DH_get_##pre, \
502 dhtest_##pre##_xA, sizeof(dhtest_##pre##_xA), \
503 dhtest_##pre##_yA, sizeof(dhtest_##pre##_yA), \
504 dhtest_##pre##_xB, sizeof(dhtest_##pre##_xB), \
505 dhtest_##pre##_yB, sizeof(dhtest_##pre##_yB), \
506 dhtest_##pre##_Z, sizeof(dhtest_##pre##_Z) \
507 }
20bee968
DSH		 508
509static const rfc5114_td rfctd[] = {
0f113f3e
MC		 510 make_rfc5114_td(1024_160),
511 make_rfc5114_td(2048_224),
512 make_rfc5114_td(2048_256)
20bee968
DSH		 513};
514
93d02986 515static int rfc5114_test(void)
0f113f3e
MC		 516{
517 int i;
f562aeda
HZ		 518 DH *dhA = NULL;
519 DH *dhB = NULL;
520 unsigned char *Z1 = NULL;
521 unsigned char *Z2 = NULL;
522 const rfc5114_td *td = NULL;
0aeddcfa 523 BIGNUM *bady = NULL, *priv_key = NULL, *pub_key = NULL;
b84e1226 524 const BIGNUM *pub_key_tmp;
f562aeda 525
bdcb1a2c 526 for (i = 0; i < (int)OSSL_NELEM(rfctd); i++) {
f562aeda 527 td = rfctd + i;
0f113f3e 528 /* Set up DH structures setting key components */
93d02986
RS		 529 if (!TEST_ptr(dhA = td->get_param())
530 || !TEST_ptr(dhB = td->get_param()))
0f113f3e
MC		 531 goto bad_err;
532
93d02986
RS		 533 if (!TEST_ptr(priv_key = BN_bin2bn(td->xA, td->xA_len, NULL))
534 || !TEST_ptr(pub_key = BN_bin2bn(td->yA, td->yA_len, NULL))
535 || !TEST_true(DH_set0_key(dhA, pub_key, priv_key)))
0aeddcfa 536 goto bad_err;
0f113f3e 537
93d02986
RS		 538 if (!TEST_ptr(priv_key = BN_bin2bn(td->xB, td->xB_len, NULL))
539 || !TEST_ptr(pub_key = BN_bin2bn(td->yB, td->yB_len, NULL))
540 || !TEST_true( DH_set0_key(dhB, pub_key, priv_key)))
0f113f3e 541 goto bad_err;
0aeddcfa 542 priv_key = pub_key = NULL;
0f113f3e 543
93d02986
RS		 544 if (!TEST_uint_eq(td->Z_len, (size_t)DH_size(dhA))
545 || !TEST_uint_eq(td->Z_len, (size_t)DH_size(dhB)))
0f113f3e
MC		 546 goto err;
547
93d02986
RS		 548 if (!TEST_ptr(Z1 = OPENSSL_malloc(DH_size(dhA)))
549 || !TEST_ptr(Z2 = OPENSSL_malloc(DH_size(dhB))))
f562aeda 550 goto bad_err;
0f113f3e
MC		 551 /*
552 * Work out shared secrets using both sides and compare with expected
553 * values.
554 */
b84e1226 555 DH_get0_key(dhB, &pub_key_tmp, NULL);
93d02986 556 if (!TEST_int_ne(DH_compute_key(Z1, pub_key_tmp, dhA), -1))
0f113f3e 557 goto bad_err;
b84e1226
MC		 558
559 DH_get0_key(dhA, &pub_key_tmp, NULL);
93d02986 560 if (!TEST_int_ne(DH_compute_key(Z2, pub_key_tmp, dhB), -1))
0f113f3e
MC		 561 goto bad_err;
562
93d02986
RS		 563 if (!TEST_mem_eq(Z1, td->Z_len, td->Z, td->Z_len)
564 || !TEST_mem_eq(Z2, td->Z_len, td->Z, td->Z_len))
0f113f3e 565 goto err;
0f113f3e
MC		 566
567 DH_free(dhA);
e729aac1 568 dhA = NULL;
93d02986 569 DH_free(dhB);
e729aac1 570 dhB = NULL;
93d02986 571 OPENSSL_free(Z1);
e729aac1 572 Z1 = NULL;
93d02986 573 OPENSSL_free(Z2);
e729aac1
MC		 574 Z2 = NULL;
575 }
0f113f3e 576
e729aac1
MC		 577 /* Now i == OSSL_NELEM(rfctd) */
578 /* RFC5114 uses unsafe primes, so now test an invalid y value */
93d02986
RS		 579 if (!TEST_ptr(dhA = DH_get_2048_224())
580 || !TEST_ptr(Z1 = OPENSSL_malloc(DH_size(dhA))))
e729aac1
MC		 581 goto bad_err;
582
93d02986
RS		 583 if (!TEST_ptr(bady = BN_bin2bn(dhtest_rfc5114_2048_224_bad_y,
584 sizeof(dhtest_rfc5114_2048_224_bad_y),
585 NULL)))
e729aac1
MC		 586 goto bad_err;
587
588 if (!DH_generate_key(dhA))
589 goto bad_err;
590
591 if (DH_compute_key(Z1, bady, dhA) != -1) {
592 /*
593 * DH_compute_key should fail with -1. If we get here we unexpectedly
594 * allowed an invalid y value
595 */
596 goto err;
0f113f3e 597 }
e729aac1
MC		 598 /* We'll have a stale error on the queue from the above test so clear it */
599 ERR_clear_error();
e729aac1
MC		 600 BN_free(bady);
601 DH_free(dhA);
602 OPENSSL_free(Z1);
0f113f3e 603 return 1;
93d02986 604
0f113f3e 605 bad_err:
e729aac1 606 BN_free(bady);
f562aeda
HZ		 607 DH_free(dhA);
608 DH_free(dhB);
0aeddcfa
MC		 609 BN_free(pub_key);
610 BN_free(priv_key);
f562aeda
HZ		 611 OPENSSL_free(Z1);
612 OPENSSL_free(Z2);
93d02986 613 TEST_error("Initialisation error RFC5114 set %d\n", i + 1);
0f113f3e 614 return 0;
93d02986 615
0f113f3e 616 err:
e729aac1 617 BN_free(bady);
f562aeda
HZ		 618 DH_free(dhA);
619 DH_free(dhB);
620 OPENSSL_free(Z1);
621 OPENSSL_free(Z2);
93d02986 622 TEST_error("Test failed RFC5114 set %d\n", i + 1);
0f113f3e
MC		 623 return 0;
624}
a38c878c
BE		 625
626static int rfc7919_test(void)
627{
628 DH *a = NULL, *b = NULL;
629 const BIGNUM *apub_key = NULL, *bpub_key = NULL;
630 unsigned char *abuf = NULL;
631 unsigned char *bbuf = NULL;
632 int i, alen, blen, aout, bout;
633 int ret = 0;
634
635 if (!TEST_ptr(a = DH_new_by_nid(NID_ffdhe2048)))
636 goto err;
637
638 if (!DH_check(a, &i))
639 goto err;
640 if (!TEST_false(i & DH_CHECK_P_NOT_PRIME)
641 || !TEST_false(i & DH_CHECK_P_NOT_SAFE_PRIME)
642 || !TEST_false(i & DH_UNABLE_TO_CHECK_GENERATOR)
643 || !TEST_false(i & DH_NOT_SUITABLE_GENERATOR)
644 || !TEST_false(i))
645 goto err;
646
647 if (!DH_generate_key(a))
648 goto err;
649 DH_get0_key(a, &apub_key, NULL);
650
651 /* now create another copy of the DH group for the peer */
652 if (!TEST_ptr(b = DH_new_by_nid(NID_ffdhe2048)))
653 goto err;
654
655 if (!DH_generate_key(b))
656 goto err;
657 DH_get0_key(b, &bpub_key, NULL);
658
659 alen = DH_size(a);
660 if (!TEST_ptr(abuf = OPENSSL_malloc(alen))
661 || !TEST_true((aout = DH_compute_key(abuf, bpub_key, a)) != -1))
662 goto err;
663
664 blen = DH_size(b);
665 if (!TEST_ptr(bbuf = OPENSSL_malloc(blen))
666 || !TEST_true((bout = DH_compute_key(bbuf, apub_key, b)) != -1))
667 goto err;
668
669 if (!TEST_true(aout >= 20)
670 || !TEST_mem_eq(abuf, aout, bbuf, bout))
671 goto err;
672
673 ret = 1;
674
675 err:
676 OPENSSL_free(abuf);
677 OPENSSL_free(bbuf);
678 DH_free(a);
679 DH_free(b);
680 return ret;
681}
ad887416 682#endif
20bee968 683
93d02986 684
ad887416 685int setup_tests(void)
93d02986 686{
ad887416
P		 687#ifdef OPENSSL_NO_DH
688 TEST_note("No DH support");
689#else
93d02986
RS		 690 ADD_TEST(dh_test);
691 ADD_TEST(rfc5114_test);
a38c878c 692 ADD_TEST(rfc7919_test);
f5d7a031 693#endif
ad887416
P		 694 return 1;
695}
A mirror of the official openssl repository