2 * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the OpenSSL license (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
11 #include <openssl/evp.h>
12 #include <openssl/kdf.h>
13 #include "internal/cryptlib.h"
14 #include "internal/nelem.h"
15 #include "self_test.h"
16 #include "self_test_data.inc"
18 static int self_test_digest(const ST_KAT_DIGEST
*t
, OSSL_ST_EVENT
*event
,
22 unsigned char out
[EVP_MAX_MD_SIZE
];
23 unsigned int out_len
= 0;
24 EVP_MD_CTX
*ctx
= EVP_MD_CTX_new();
25 EVP_MD
*md
= EVP_MD_fetch(libctx
, t
->algorithm
, NULL
);
27 SELF_TEST_EVENT_onbegin(event
, OSSL_SELF_TEST_TYPE_KAT_DIGEST
, t
->desc
);
31 || !EVP_DigestInit_ex(ctx
, md
, NULL
)
32 || !EVP_DigestUpdate(ctx
, t
->pt
, t
->pt_len
)
33 || !EVP_DigestFinal(ctx
, out
, &out_len
))
36 /* Optional corruption */
37 SELF_TEST_EVENT_oncorrupt_byte(event
, out
);
39 if (out_len
!= t
->expected_len
40 || memcmp(out
, t
->expected
, out_len
) != 0)
44 SELF_TEST_EVENT_onend(event
, ok
);
52 * Helper function to setup a EVP_CipherInit
53 * Used to hide the complexity of Authenticated ciphers.
55 static int cipher_init(EVP_CIPHER_CTX
*ctx
, const EVP_CIPHER
*cipher
,
56 const ST_KAT_CIPHER
*t
, int enc
)
58 unsigned char *in_tag
= NULL
;
61 /* Flag required for Key wrapping */
62 EVP_CIPHER_CTX_set_flags(ctx
, EVP_CIPHER_CTX_FLAG_WRAP_ALLOW
);
64 /* Use a normal cipher init */
65 return EVP_CipherInit_ex(ctx
, cipher
, NULL
, t
->key
, t
->iv
, enc
)
66 && EVP_CIPHER_CTX_set_padding(ctx
, pad
);
69 /* The authenticated cipher init */
71 in_tag
= (unsigned char *)t
->tag
;
73 return EVP_CipherInit_ex(ctx
, cipher
, NULL
, NULL
, NULL
, enc
)
74 && EVP_CIPHER_CTX_ctrl(ctx
, EVP_CTRL_AEAD_SET_IVLEN
, t
->iv_len
, NULL
)
76 || EVP_CIPHER_CTX_ctrl(ctx
, EVP_CTRL_AEAD_SET_TAG
, t
->tag_len
,
78 && EVP_CipherInit_ex(ctx
, NULL
, NULL
, t
->key
, t
->iv
, enc
)
79 && EVP_CIPHER_CTX_set_padding(ctx
, pad
)
80 && EVP_CipherUpdate(ctx
, NULL
, &tmp
, t
->aad
, t
->aad_len
);
83 /* Test a single KAT for encrypt/decrypt */
84 static int self_test_cipher(const ST_KAT_CIPHER
*t
, OSSL_ST_EVENT
*event
,
87 int ret
= 0, encrypt
= 1, len
, ct_len
= 0, pt_len
= 0;
88 EVP_CIPHER_CTX
*ctx
= NULL
;
89 EVP_CIPHER
*cipher
= NULL
;
90 unsigned char ct_buf
[256] = { 0 };
91 unsigned char pt_buf
[256] = { 0 };
93 SELF_TEST_EVENT_onbegin(event
, OSSL_SELF_TEST_TYPE_KAT_CIPHER
, t
->base
.desc
);
95 ctx
= EVP_CIPHER_CTX_new();
98 cipher
= EVP_CIPHER_fetch(libctx
, t
->base
.algorithm
, "");
102 /* Encrypt plain text message */
103 if (!cipher_init(ctx
, cipher
, t
, encrypt
)
104 || !EVP_CipherUpdate(ctx
, ct_buf
, &len
, t
->base
.pt
, t
->base
.pt_len
)
105 || !EVP_CipherFinal_ex(ctx
, ct_buf
+ len
, &ct_len
))
108 SELF_TEST_EVENT_oncorrupt_byte(event
, ct_buf
);
110 if (ct_len
!= (int)t
->base
.expected_len
111 || memcmp(t
->base
.expected
, ct_buf
, ct_len
) != 0)
114 if (t
->tag
!= NULL
) {
115 unsigned char tag
[16] = { 0 };
117 if (!EVP_CIPHER_CTX_ctrl(ctx
, EVP_CTRL_AEAD_GET_TAG
, t
->tag_len
, tag
)
118 || memcmp(tag
, t
->tag
, t
->tag_len
) != 0)
122 if (!(cipher_init(ctx
, cipher
, t
, !encrypt
)
123 && EVP_CipherUpdate(ctx
, pt_buf
, &len
, ct_buf
, ct_len
)
124 && EVP_CipherFinal_ex(ctx
, pt_buf
+ len
, &pt_len
)))
128 if (pt_len
!= (int)t
->base
.pt_len
129 || memcmp(pt_buf
, t
->base
.pt
, pt_len
) != 0)
134 EVP_CIPHER_free(cipher
);
135 EVP_CIPHER_CTX_free(ctx
);
136 SELF_TEST_EVENT_onend(event
, ret
);
140 static int self_test_kdf(const ST_KAT_KDF
*t
, OSSL_ST_EVENT
*event
,
145 unsigned char out
[64];
147 EVP_KDF_CTX
*ctx
= NULL
;
148 OSSL_PARAM params
[16];
149 const OSSL_PARAM
*settables
= NULL
;
151 numparams
= OSSL_NELEM(params
);
152 SELF_TEST_EVENT_onbegin(event
, OSSL_SELF_TEST_TYPE_KAT_KDF
, t
->desc
);
154 /* Zeroize the params array to avoid mem leaks on error */
155 for (i
= 0; i
< numparams
; ++i
)
156 params
[i
] = OSSL_PARAM_construct_end();
158 kdf
= EVP_KDF_fetch(libctx
, t
->algorithm
, "");
159 ctx
= EVP_KDF_CTX_new(kdf
);
163 settables
= EVP_KDF_settable_ctx_params(kdf
);
164 for (i
= 0; t
->ctrls
[i
].name
!= NULL
; ++i
) {
165 if (!ossl_assert(i
< (numparams
- 1)))
167 if (!OSSL_PARAM_allocate_from_text(¶ms
[i
], settables
,
170 strlen(t
->ctrls
[i
].value
)))
173 if (!EVP_KDF_CTX_set_params(ctx
, params
))
176 if (t
->expected_len
> sizeof(out
))
178 if (EVP_KDF_derive(ctx
, out
, t
->expected_len
) <= 0)
181 SELF_TEST_EVENT_oncorrupt_byte(event
, out
);
183 if (memcmp(out
, t
->expected
, t
->expected_len
) != 0)
188 for (i
= 0; params
[i
].key
!= NULL
; ++i
)
189 OPENSSL_free(params
[i
].data
);
191 EVP_KDF_CTX_free(ctx
);
192 SELF_TEST_EVENT_onend(event
, ret
);
197 * Test a data driven list of KAT's for digest algorithms.
198 * All tests are run regardless of if they fail or not.
199 * Return 0 if any test fails.
201 static int self_test_digests(OSSL_ST_EVENT
*event
, OPENSSL_CTX
*libctx
)
205 for (i
= 0; i
< (int)OSSL_NELEM(st_kat_digest_tests
); ++i
) {
206 if (!self_test_digest(&st_kat_digest_tests
[i
], event
, libctx
))
212 static int self_test_ciphers(OSSL_ST_EVENT
*event
, OPENSSL_CTX
*libctx
)
216 for (i
= 0; i
< (int)OSSL_NELEM(st_kat_cipher_tests
); ++i
) {
217 if (!self_test_cipher(&st_kat_cipher_tests
[i
], event
, libctx
))
223 static int self_test_kdfs(OSSL_ST_EVENT
*event
, OPENSSL_CTX
*libctx
)
227 for (i
= 0; i
< (int)OSSL_NELEM(st_kat_kdf_tests
); ++i
) {
228 if (!self_test_kdf(&st_kat_kdf_tests
[i
], event
, libctx
))
235 * Run the algorithm KAT's.
236 * Return 1 is successful, otherwise return 0.
237 * This runs all the tests regardless of if any fail.
239 * TODO(3.0) Add self tests for KA, DRBG, Sign/Verify when they become available
241 int SELF_TEST_kats(OSSL_ST_EVENT
*event
, OPENSSL_CTX
*libctx
)
245 if (!self_test_digests(event
, libctx
))
247 if (!self_test_ciphers(event
, libctx
))
249 if (!self_test_kdfs(event
, libctx
))