2 * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
11 * A set of tests demonstrating uses cases for CAVS/ACVP testing.
13 * For examples of testing KDF's, Digests, KeyAgreement & DRBG's refer to
14 * providers/fips/self_test_kats.c
18 #include <openssl/opensslconf.h> /* To see if OPENSSL_NO_EC is defined */
19 #include <openssl/core_names.h>
20 #include <openssl/evp.h>
21 #include <openssl/ec.h>
22 #include <openssl/dh.h>
23 #include <openssl/dsa.h>
24 #include <openssl/rsa.h>
25 #include <openssl/param_build.h>
26 #include <openssl/provider.h>
27 #include <openssl/self_test.h>
29 #include "testutil/output.h"
30 #include "acvp_test.inc"
31 #include "internal/nelem.h"
33 typedef enum OPTION_choice
{
40 typedef struct st_args
{
45 static OSSL_PROVIDER
*prov_null
= NULL
;
46 static OPENSSL_CTX
*libctx
= NULL
;
47 static SELF_TEST_ARGS self_test_args
= { 0 };
48 static OSSL_CALLBACK self_test_events
;
50 const OPTIONS
*test_get_options(void)
52 static const OPTIONS test_options
[] = {
53 OPT_TEST_OPTIONS_DEFAULT_USAGE
,
54 { "config", OPT_CONFIG_FILE
, '<',
55 "The configuration file to use for the libctx" },
61 #if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DSA) \
62 || !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_RSA)
63 static int pkey_get_bn_bytes(EVP_PKEY
*pkey
, const char *name
,
64 unsigned char **out
, size_t *out_len
)
66 unsigned char *buf
= NULL
;
70 if (!EVP_PKEY_get_bn_param(pkey
, name
, &bn
))
72 sz
= BN_num_bytes(bn
);
73 buf
= OPENSSL_zalloc(sz
);
76 if (!BN_bn2binpad(bn
, buf
, sz
))
90 #if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DSA) \
91 || !defined(OPENSSL_NO_RSA)
92 static int sig_gen(EVP_PKEY
*pkey
, OSSL_PARAM
*params
, const char *digest_name
,
93 const unsigned char *msg
, size_t msg_len
,
94 unsigned char **sig_out
, size_t *sig_out_len
)
97 EVP_MD_CTX
*md_ctx
= NULL
;
98 unsigned char *sig
= NULL
;
100 size_t sz
= EVP_PKEY_size(pkey
);
102 if (!TEST_ptr(sig
= OPENSSL_malloc(sz
))
103 || !TEST_ptr(md_ctx
= EVP_MD_CTX_new())
104 || !TEST_int_eq(EVP_DigestSignInit_with_libctx(md_ctx
, NULL
,
105 digest_name
, libctx
, NULL
,
107 || !TEST_int_gt(EVP_DigestSign(md_ctx
, sig
, &sig_len
, msg
, msg_len
), 0))
110 *sig_out_len
= sig_len
;
115 EVP_MD_CTX_free(md_ctx
);
120 #ifndef OPENSSL_NO_EC
121 static int ecdsa_keygen_test(int id
)
124 EVP_PKEY_CTX
*ctx
= NULL
;
125 EVP_PKEY
*pkey
= NULL
;
126 unsigned char *priv
= NULL
;
127 unsigned char *pubx
= NULL
, *puby
= NULL
;
128 size_t priv_len
= 0, pubx_len
= 0, puby_len
= 0;
129 const struct ecdsa_keygen_st
*tst
= &ecdsa_keygen_data
[id
];
131 self_test_args
.called
= 0;
132 self_test_args
.enable
= 1;
133 if (!TEST_ptr(ctx
= EVP_PKEY_CTX_new_from_name(libctx
, "EC", NULL
))
134 || !TEST_int_gt(EVP_PKEY_keygen_init(ctx
), 0)
135 || !TEST_true(EVP_PKEY_CTX_set_group_name(ctx
, tst
->curve_name
))
136 || !TEST_int_gt(EVP_PKEY_keygen(ctx
, &pkey
), 0)
137 || !TEST_int_eq(self_test_args
.called
, 3)
138 || !TEST_true(pkey_get_bn_bytes(pkey
, OSSL_PKEY_PARAM_PRIV_KEY
, &priv
,
140 || !TEST_true(pkey_get_bn_bytes(pkey
, OSSL_PKEY_PARAM_EC_PUB_X
, &pubx
,
142 || !TEST_true(pkey_get_bn_bytes(pkey
, OSSL_PKEY_PARAM_EC_PUB_Y
, &puby
,
146 test_output_memory("qy", puby
, puby_len
);
147 test_output_memory("qx", pubx
, pubx_len
);
148 test_output_memory("d", priv
, priv_len
);
151 self_test_args
.enable
= 0;
152 self_test_args
.called
= 0;
153 OPENSSL_clear_free(priv
, priv_len
);
157 EVP_PKEY_CTX_free(ctx
);
161 static int ecdsa_create_pkey(EVP_PKEY
**pkey
, const char *curve_name
,
162 const unsigned char *pub
, size_t pub_len
,
166 EVP_PKEY_CTX
*ctx
= NULL
;
167 OSSL_PARAM_BLD
*bld
= NULL
;
168 OSSL_PARAM
*params
= NULL
;
170 if (!TEST_ptr(bld
= OSSL_PARAM_BLD_new())
171 || (curve_name
!= NULL
172 && !TEST_true(OSSL_PARAM_BLD_push_utf8_string(
173 bld
, OSSL_PKEY_PARAM_GROUP_NAME
, curve_name
, 0) > 0))
174 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld
,
175 OSSL_PKEY_PARAM_PUB_KEY
,
177 || !TEST_ptr(params
= OSSL_PARAM_BLD_to_param(bld
))
178 || !TEST_ptr(ctx
= EVP_PKEY_CTX_new_from_name(libctx
, "EC", NULL
))
179 || !TEST_true(EVP_PKEY_key_fromdata_init(ctx
))
180 || !TEST_int_eq(EVP_PKEY_fromdata(ctx
, pkey
, params
), expected
))
185 OSSL_PARAM_BLD_free_params(params
);
186 OSSL_PARAM_BLD_free(bld
);
187 EVP_PKEY_CTX_free(ctx
);
191 static int ecdsa_pub_verify_test(int id
)
193 const struct ecdsa_pub_verify_st
*tst
= &ecdsa_pv_data
[id
];
196 EVP_PKEY_CTX
*key_ctx
= NULL
;
197 EVP_PKEY
*pkey
= NULL
;
199 if (!TEST_true(ecdsa_create_pkey(&pkey
, tst
->curve_name
,
200 tst
->pub
, tst
->pub_len
, tst
->pass
)))
204 if (!TEST_ptr(key_ctx
= EVP_PKEY_CTX_new_from_pkey(libctx
, pkey
, ""))
205 || !TEST_int_eq(EVP_PKEY_public_check(key_ctx
), tst
->pass
))
211 EVP_PKEY_CTX_free(key_ctx
);
215 /* Extract r and s from a ecdsa signature */
216 static int get_ecdsa_sig_rs_bytes(const unsigned char *sig
, size_t sig_len
,
217 unsigned char **r
, unsigned char **s
,
218 size_t *rlen
, size_t *slen
)
221 unsigned char *rbuf
= NULL
, *sbuf
= NULL
;
222 size_t r1_len
, s1_len
;
223 const BIGNUM
*r1
, *s1
;
224 ECDSA_SIG
*sign
= d2i_ECDSA_SIG(NULL
, &sig
, sig_len
);
228 r1
= ECDSA_SIG_get0_r(sign
);
229 s1
= ECDSA_SIG_get0_s(sign
);
230 if (r1
== NULL
|| s1
== NULL
)
233 r1_len
= BN_num_bytes(r1
);
234 s1_len
= BN_num_bytes(s1
);
235 rbuf
= OPENSSL_zalloc(r1_len
);
236 sbuf
= OPENSSL_zalloc(s1_len
);
237 if (rbuf
== NULL
|| sbuf
== NULL
)
239 if (BN_bn2binpad(r1
, rbuf
, r1_len
) <= 0)
241 if (BN_bn2binpad(s1
, sbuf
, s1_len
) <= 0)
253 ECDSA_SIG_free(sign
);
257 static int ecdsa_siggen_test(int id
)
260 EVP_PKEY_CTX
*ctx
= NULL
, *key_ctx
= NULL
;
261 EVP_PKEY
*pkey
= NULL
;
262 size_t sig_len
= 0, rlen
= 0, slen
= 0;
263 unsigned char *sig
= NULL
;
264 unsigned char *r
= NULL
, *s
= NULL
;
265 const struct ecdsa_siggen_st
*tst
= &ecdsa_siggen_data
[id
];
267 if (!TEST_ptr(ctx
= EVP_PKEY_CTX_new_from_name(libctx
, "EC", NULL
))
268 || !TEST_int_gt(EVP_PKEY_keygen_init(ctx
), 0)
269 || !TEST_true(EVP_PKEY_CTX_set_group_name(ctx
, tst
->curve_name
))
270 || !TEST_int_gt(EVP_PKEY_keygen(ctx
, &pkey
), 0))
273 if (!TEST_true(sig_gen(pkey
, NULL
, tst
->digest_alg
, tst
->msg
, tst
->msg_len
,
275 || !TEST_true(get_ecdsa_sig_rs_bytes(sig
, sig_len
, &r
, &s
, &rlen
, &slen
)))
277 test_output_memory("r", r
, rlen
);
278 test_output_memory("s", s
, slen
);
285 EVP_PKEY_CTX_free(key_ctx
);
286 EVP_PKEY_CTX_free(ctx
);
290 static int ecdsa_sigver_test(int id
)
293 EVP_MD_CTX
*md_ctx
= NULL
;
294 EVP_PKEY
*pkey
= NULL
;
295 ECDSA_SIG
*sign
= NULL
;
297 unsigned char *sig
= NULL
;
298 BIGNUM
*rbn
= NULL
, *sbn
= NULL
;
299 const struct ecdsa_sigver_st
*tst
= &ecdsa_sigver_data
[id
];
301 if (!TEST_true(ecdsa_create_pkey(&pkey
, tst
->curve_name
,
302 tst
->pub
, tst
->pub_len
, 1)))
305 if (!TEST_ptr(sign
= ECDSA_SIG_new())
306 || !TEST_ptr(rbn
= BN_bin2bn(tst
->r
, tst
->r_len
, NULL
))
307 || !TEST_ptr(sbn
= BN_bin2bn(tst
->s
, tst
->s_len
, NULL
))
308 || !TEST_true(ECDSA_SIG_set0(sign
, rbn
, sbn
)))
312 ret
= TEST_int_gt((sig_len
= i2d_ECDSA_SIG(sign
, &sig
)), 0)
313 && TEST_ptr(md_ctx
= EVP_MD_CTX_new())
314 && TEST_true(EVP_DigestVerifyInit_with_libctx(md_ctx
, NULL
,
317 && TEST_int_eq(EVP_DigestVerify(md_ctx
, sig
, sig_len
,
318 tst
->msg
, tst
->msg_len
), tst
->pass
));
323 ECDSA_SIG_free(sign
);
325 EVP_MD_CTX_free(md_ctx
);
329 #endif /* OPENSSL_NO_EC */
331 #ifndef OPENSSL_NO_DSA
332 static int pkey_get_octet_bytes(EVP_PKEY
*pkey
, const char *name
,
333 unsigned char **out
, size_t *out_len
)
336 unsigned char *buf
= NULL
;
338 if (!EVP_PKEY_get_octet_string_param(pkey
, name
, NULL
, 0, &len
))
341 buf
= OPENSSL_zalloc(len
);
345 if (!EVP_PKEY_get_octet_string_param(pkey
, name
, buf
, len
, out_len
))
354 static EVP_PKEY
*dsa_paramgen(int L
, int N
)
356 EVP_PKEY_CTX
*paramgen_ctx
= NULL
;
357 EVP_PKEY
*param_key
= NULL
;
359 if (!TEST_ptr(paramgen_ctx
= EVP_PKEY_CTX_new_from_name(libctx
, "DSA", NULL
))
360 || !TEST_true(EVP_PKEY_paramgen_init(paramgen_ctx
))
361 || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_bits(paramgen_ctx
, L
))
362 || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_q_bits(paramgen_ctx
, N
))
363 || !TEST_true(EVP_PKEY_paramgen(paramgen_ctx
, ¶m_key
)))
365 EVP_PKEY_CTX_free(paramgen_ctx
);
369 static EVP_PKEY
*dsa_keygen(int L
, int N
)
371 EVP_PKEY
*param_key
= NULL
, *key
= NULL
;
372 EVP_PKEY_CTX
*keygen_ctx
= NULL
;
374 if (!TEST_ptr(param_key
= dsa_paramgen(L
, N
))
375 || !TEST_ptr(keygen_ctx
= EVP_PKEY_CTX_new_from_pkey(libctx
, param_key
,
377 || !TEST_int_gt(EVP_PKEY_keygen_init(keygen_ctx
), 0)
378 || !TEST_int_gt(EVP_PKEY_keygen(keygen_ctx
, &key
), 0))
381 EVP_PKEY_free(param_key
);
382 EVP_PKEY_CTX_free(keygen_ctx
);
386 static int dsa_keygen_test(int id
)
389 EVP_PKEY_CTX
*paramgen_ctx
= NULL
, *keygen_ctx
= NULL
;
390 EVP_PKEY
*param_key
= NULL
, *key
= NULL
;
391 unsigned char *priv
= NULL
, *pub
= NULL
;
392 size_t priv_len
= 0, pub_len
= 0;
393 const struct dsa_paramgen_st
*tst
= &dsa_keygen_data
[id
];
395 if (!TEST_ptr(param_key
= dsa_paramgen(tst
->L
, tst
->N
))
396 || !TEST_ptr(keygen_ctx
= EVP_PKEY_CTX_new_from_pkey(libctx
, param_key
,
398 || !TEST_int_gt(EVP_PKEY_keygen_init(keygen_ctx
), 0))
400 for (i
= 0; i
< 2; ++i
) {
401 if (!TEST_int_gt(EVP_PKEY_keygen(keygen_ctx
, &key
), 0)
402 || !TEST_true(pkey_get_bn_bytes(key
, OSSL_PKEY_PARAM_PRIV_KEY
,
404 || !TEST_true(pkey_get_bn_bytes(key
, OSSL_PKEY_PARAM_PUB_KEY
,
407 test_output_memory("y", pub
, pub_len
);
408 test_output_memory("x", priv
, priv_len
);
410 OPENSSL_clear_free(priv
, priv_len
);
417 OPENSSL_clear_free(priv
, priv_len
);
419 EVP_PKEY_free(param_key
);
421 EVP_PKEY_CTX_free(keygen_ctx
);
422 EVP_PKEY_CTX_free(paramgen_ctx
);
426 static int dsa_paramgen_test(int id
)
428 int ret
= 0, counter
= 0;
429 EVP_PKEY_CTX
*paramgen_ctx
= NULL
;
430 EVP_PKEY
*param_key
= NULL
;
431 unsigned char *p
= NULL
, *q
= NULL
, *seed
= NULL
;
432 size_t plen
= 0, qlen
= 0, seedlen
= 0;
433 const struct dsa_paramgen_st
*tst
= &dsa_paramgen_data
[id
];
435 if (!TEST_ptr(paramgen_ctx
= EVP_PKEY_CTX_new_from_name(libctx
, "DSA", NULL
))
436 || !TEST_true(EVP_PKEY_paramgen_init(paramgen_ctx
))
437 || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_bits(paramgen_ctx
, tst
->L
))
438 || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_q_bits(paramgen_ctx
, tst
->N
))
439 || !TEST_true(EVP_PKEY_paramgen(paramgen_ctx
, ¶m_key
))
440 || !TEST_true(pkey_get_bn_bytes(param_key
, OSSL_PKEY_PARAM_FFC_P
,
442 || !TEST_true(pkey_get_bn_bytes(param_key
, OSSL_PKEY_PARAM_FFC_Q
,
444 || !TEST_true(pkey_get_octet_bytes(param_key
, OSSL_PKEY_PARAM_FFC_SEED
,
446 || !TEST_true(EVP_PKEY_get_int_param(param_key
,
447 OSSL_PKEY_PARAM_FFC_PCOUNTER
,
451 test_output_memory("p", p
, plen
);
452 test_output_memory("q", q
, qlen
);
453 test_output_memory("domainSeed", seed
, seedlen
);
454 test_printf_stderr("%s: %d\n", "counter", counter
);
460 EVP_PKEY_free(param_key
);
461 EVP_PKEY_CTX_free(paramgen_ctx
);
465 static int dsa_create_pkey(EVP_PKEY
**pkey
,
466 const unsigned char *p
, size_t p_len
,
467 const unsigned char *q
, size_t q_len
,
468 const unsigned char *g
, size_t g_len
,
469 const unsigned char *seed
, size_t seed_len
,
471 const char *validate_type
,
472 const unsigned char *pub
, size_t pub_len
,
476 EVP_PKEY_CTX
*ctx
= NULL
;
477 OSSL_PARAM_BLD
*bld
= NULL
;
478 OSSL_PARAM
*params
= NULL
;
479 BIGNUM
*p_bn
= NULL
, *q_bn
= NULL
, *g_bn
= NULL
, *pub_bn
= NULL
;
481 if (!TEST_ptr(bld
= OSSL_PARAM_BLD_new())
482 || !TEST_ptr(p_bn
= BN_CTX_get(bn_ctx
))
483 || !TEST_ptr(BN_bin2bn(p
, p_len
, p_bn
))
484 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld
,
485 OSSL_PKEY_PARAM_FFC_VALIDATE_TYPE
,
487 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_P
, p_bn
))
488 || !TEST_ptr(q_bn
= BN_CTX_get(bn_ctx
))
489 || !TEST_ptr(BN_bin2bn(q
, q_len
, q_bn
))
490 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_Q
, q_bn
)))
494 if (!TEST_ptr(g_bn
= BN_CTX_get(bn_ctx
))
495 || !TEST_ptr(BN_bin2bn(g
, g_len
, g_bn
))
496 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
,
497 OSSL_PKEY_PARAM_FFC_G
, g_bn
)))
501 if (!TEST_true(OSSL_PARAM_BLD_push_octet_string(bld
,
502 OSSL_PKEY_PARAM_FFC_SEED
, seed
, seed_len
)))
506 if (!TEST_true(OSSL_PARAM_BLD_push_int(bld
,
507 OSSL_PKEY_PARAM_FFC_PCOUNTER
,
512 if (!TEST_ptr(pub_bn
= BN_CTX_get(bn_ctx
))
513 || !TEST_ptr(BN_bin2bn(pub
, pub_len
, pub_bn
))
514 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
,
515 OSSL_PKEY_PARAM_PUB_KEY
,
519 if (!TEST_ptr(params
= OSSL_PARAM_BLD_to_param(bld
))
520 || !TEST_ptr(ctx
= EVP_PKEY_CTX_new_from_name(libctx
, "DSA", NULL
))
521 || !TEST_true(EVP_PKEY_key_fromdata_init(ctx
))
522 || !TEST_true(EVP_PKEY_fromdata(ctx
, pkey
, params
)))
527 OSSL_PARAM_BLD_free_params(params
);
528 OSSL_PARAM_BLD_free(bld
);
529 EVP_PKEY_CTX_free(ctx
);
533 static int dsa_pqver_test(int id
)
536 BN_CTX
*bn_ctx
= NULL
;
537 EVP_PKEY_CTX
*key_ctx
= NULL
;
538 EVP_PKEY
*param_key
= NULL
;
539 const struct dsa_pqver_st
*tst
= &dsa_pqver_data
[id
];
541 if (!TEST_ptr(bn_ctx
= BN_CTX_new_ex(libctx
))
542 || !TEST_true(dsa_create_pkey(¶m_key
, tst
->p
, tst
->p_len
,
543 tst
->q
, tst
->q_len
, NULL
, 0,
544 tst
->seed
, tst
->seed_len
, tst
->counter
,
545 OSSL_FFC_PARAM_VALIDATE_PQ
,
548 || !TEST_ptr(key_ctx
= EVP_PKEY_CTX_new_from_pkey(libctx
, param_key
,
550 || !TEST_int_eq(EVP_PKEY_param_check(key_ctx
), tst
->pass
))
556 EVP_PKEY_free(param_key
);
557 EVP_PKEY_CTX_free(key_ctx
);
561 /* Extract r and s from a dsa signature */
562 static int get_dsa_sig_rs_bytes(const unsigned char *sig
, size_t sig_len
,
563 unsigned char **r
, unsigned char **s
,
564 size_t *r_len
, size_t *s_len
)
567 unsigned char *rbuf
= NULL
, *sbuf
= NULL
;
568 size_t r1_len
, s1_len
;
569 const BIGNUM
*r1
, *s1
;
570 DSA_SIG
*sign
= d2i_DSA_SIG(NULL
, &sig
, sig_len
);
574 DSA_SIG_get0(sign
, &r1
, &s1
);
575 if (r1
== NULL
|| s1
== NULL
)
578 r1_len
= BN_num_bytes(r1
);
579 s1_len
= BN_num_bytes(s1
);
580 rbuf
= OPENSSL_zalloc(r1_len
);
581 sbuf
= OPENSSL_zalloc(s1_len
);
582 if (rbuf
== NULL
|| sbuf
== NULL
)
584 if (BN_bn2binpad(r1
, rbuf
, r1_len
) <= 0)
586 if (BN_bn2binpad(s1
, sbuf
, s1_len
) <= 0)
602 static int dsa_siggen_test(int id
)
605 EVP_PKEY
*pkey
= NULL
;
606 unsigned char *sig
= NULL
, *r
= NULL
, *s
= NULL
;
607 size_t sig_len
= 0, rlen
= 0, slen
= 0;
608 const struct dsa_siggen_st
*tst
= &dsa_siggen_data
[id
];
610 if (!TEST_ptr(pkey
= dsa_keygen(tst
->L
, tst
->N
)))
613 if (!TEST_true(sig_gen(pkey
, NULL
, tst
->digest_alg
, tst
->msg
, tst
->msg_len
,
615 || !TEST_true(get_dsa_sig_rs_bytes(sig
, sig_len
, &r
, &s
, &rlen
, &slen
)))
617 test_output_memory("r", r
, rlen
);
618 test_output_memory("s", s
, slen
);
628 static int dsa_sigver_test(int id
)
631 EVP_PKEY_CTX
*ctx
= NULL
;
632 EVP_PKEY
*pkey
= NULL
;
633 DSA_SIG
*sign
= NULL
;
635 unsigned char *sig
= NULL
;
636 BIGNUM
*rbn
= NULL
, *sbn
= NULL
;
638 unsigned char digest
[EVP_MAX_MD_SIZE
];
639 unsigned int digest_len
;
640 BN_CTX
*bn_ctx
= NULL
;
641 const struct dsa_sigver_st
*tst
= &dsa_sigver_data
[id
];
643 if (!TEST_ptr(bn_ctx
= BN_CTX_new())
644 || !TEST_true(dsa_create_pkey(&pkey
, tst
->p
, tst
->p_len
,
645 tst
->q
, tst
->q_len
, tst
->g
, tst
->g_len
,
646 NULL
, 0, 0, "", tst
->pub
, tst
->pub_len
,
650 if (!TEST_ptr(sign
= DSA_SIG_new())
651 || !TEST_ptr(rbn
= BN_bin2bn(tst
->r
, tst
->r_len
, NULL
))
652 || !TEST_ptr(sbn
= BN_bin2bn(tst
->s
, tst
->s_len
, NULL
))
653 || !TEST_true(DSA_SIG_set0(sign
, rbn
, sbn
)))
657 if (!TEST_ptr(md
= EVP_MD_fetch(libctx
, tst
->digest_alg
, ""))
658 || !TEST_true(EVP_Digest(tst
->msg
, tst
->msg_len
,
659 digest
, &digest_len
, md
, NULL
)))
662 if (!TEST_int_gt((sig_len
= i2d_DSA_SIG(sign
, &sig
)), 0)
663 || !TEST_ptr(ctx
= EVP_PKEY_CTX_new_from_pkey(libctx
, pkey
, ""))
664 || !TEST_int_gt(EVP_PKEY_verify_init(ctx
), 0)
665 || !TEST_int_eq(EVP_PKEY_verify(ctx
, sig
, sig_len
, digest
, digest_len
),
670 EVP_PKEY_CTX_free(ctx
);
680 #endif /* OPENSSL_NO_DSA */
683 /* cipher encrypt/decrypt */
684 static int cipher_enc(const char *alg
,
685 const unsigned char *pt
, size_t pt_len
,
686 const unsigned char *key
, size_t key_len
,
687 const unsigned char *iv
, size_t iv_len
,
688 const unsigned char *ct
, size_t ct_len
,
691 int ret
= 0, out_len
= 0, len
= 0;
692 EVP_CIPHER_CTX
*ctx
= NULL
;
693 EVP_CIPHER
*cipher
= NULL
;
694 unsigned char out
[256] = { 0 };
696 TEST_note("%s : %s", alg
, enc
? "encrypt" : "decrypt");
697 if (!TEST_ptr(ctx
= EVP_CIPHER_CTX_new())
698 || !TEST_ptr(cipher
= EVP_CIPHER_fetch(libctx
, alg
, ""))
699 || !TEST_true(EVP_CipherInit_ex(ctx
, cipher
, NULL
, key
, iv
, enc
))
700 || !TEST_true(EVP_CIPHER_CTX_set_padding(ctx
, 0))
701 || !TEST_true(EVP_CipherUpdate(ctx
, out
, &len
, pt
, pt_len
))
702 || !TEST_true(EVP_CipherFinal_ex(ctx
, out
+ len
, &out_len
)))
705 if (!TEST_mem_eq(out
, out_len
, ct
, ct_len
))
709 EVP_CIPHER_free(cipher
);
710 EVP_CIPHER_CTX_free(ctx
);
714 static int cipher_enc_dec_test(int id
)
716 const struct cipher_st
*tst
= &cipher_enc_data
[id
];
719 return TEST_true(cipher_enc(tst
->alg
, tst
->pt
, tst
->pt_len
,
720 tst
->key
, tst
->key_len
,
721 tst
->iv
, tst
->iv_len
,
722 tst
->ct
, tst
->ct_len
, enc
))
723 && TEST_true(cipher_enc(tst
->alg
, tst
->ct
, tst
->ct_len
,
724 tst
->key
, tst
->key_len
,
725 tst
->iv
, tst
->iv_len
,
726 tst
->pt
, tst
->pt_len
, !enc
));
729 static int aes_ccm_enc_dec(const char *alg
,
730 const unsigned char *pt
, size_t pt_len
,
731 const unsigned char *key
, size_t key_len
,
732 const unsigned char *iv
, size_t iv_len
,
733 const unsigned char *aad
, size_t aad_len
,
734 const unsigned char *ct
, size_t ct_len
,
735 const unsigned char *tag
, size_t tag_len
,
740 EVP_CIPHER
*cipher
= NULL
;
742 unsigned char out
[1024];
744 TEST_note("%s : %s : expected to %s", alg
, enc
? "encrypt" : "decrypt",
745 pass
? "pass" : "fail");
747 if (!TEST_ptr(ctx
= EVP_CIPHER_CTX_new())
748 || !TEST_ptr(cipher
= EVP_CIPHER_fetch(libctx
, alg
, ""))
749 || !TEST_true(EVP_CipherInit_ex(ctx
, cipher
, NULL
, NULL
, NULL
, enc
))
750 || !TEST_true(EVP_CIPHER_CTX_ctrl(ctx
, EVP_CTRL_AEAD_SET_IVLEN
, iv_len
,
752 || !TEST_true(EVP_CIPHER_CTX_ctrl(ctx
, EVP_CTRL_AEAD_SET_TAG
, tag_len
,
753 enc
? NULL
: (void *)tag
))
754 || !TEST_true(EVP_CipherInit_ex(ctx
, NULL
, NULL
, key
, iv
, enc
))
755 || !TEST_true(EVP_CIPHER_CTX_set_padding(ctx
, 0))
756 || !TEST_true(EVP_CipherUpdate(ctx
, NULL
, &len
, NULL
, pt_len
))
757 || !TEST_true(EVP_CipherUpdate(ctx
, NULL
, &len
, aad
, aad_len
))
758 || !TEST_int_eq(EVP_CipherUpdate(ctx
, out
, &len
, pt
, pt_len
), pass
))
765 if (!TEST_true(EVP_CipherFinal_ex(ctx
, out
+ len
, &out_len
)))
769 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx
, EVP_CTRL_AEAD_GET_TAG
,
770 tag_len
, out
+ out_len
))
771 || !TEST_mem_eq(out
, out_len
, ct
, ct_len
)
772 || !TEST_mem_eq(out
+ out_len
, tag_len
, tag
, tag_len
))
775 if (!TEST_mem_eq(out
, out_len
+ len
, ct
, ct_len
))
781 EVP_CIPHER_free(cipher
);
782 EVP_CIPHER_CTX_free(ctx
);
786 static int aes_ccm_enc_dec_test(int id
)
788 const struct cipher_ccm_st
*tst
= &aes_ccm_enc_data
[id
];
790 /* The tag is on the end of the cipher text */
791 const size_t tag_len
= tst
->ct_len
- tst
->pt_len
;
792 const size_t ct_len
= tst
->ct_len
- tag_len
;
793 const unsigned char *tag
= tst
->ct
+ ct_len
;
800 return aes_ccm_enc_dec(tst
->alg
, tst
->pt
, tst
->pt_len
,
801 tst
->key
, tst
->key_len
,
802 tst
->iv
, tst
->iv_len
, tst
->aad
, tst
->aad_len
,
803 tst
->ct
, ct_len
, tag
, tag_len
, enc
, pass
)
804 && aes_ccm_enc_dec(tst
->alg
, tst
->ct
, ct_len
,
805 tst
->key
, tst
->key_len
,
806 tst
->iv
, tst
->iv_len
, tst
->aad
, tst
->aad_len
,
807 tst
->pt
, tst
->pt_len
, tag
, tag_len
, !enc
, pass
)
808 /* test that it fails if the tag is incorrect */
809 && aes_ccm_enc_dec(tst
->alg
, tst
->ct
, ct_len
,
810 tst
->key
, tst
->key_len
,
811 tst
->iv
, tst
->iv_len
, tst
->aad
, tst
->aad_len
,
812 tst
->pt
, tst
->pt_len
,
813 tag
- 1, tag_len
, !enc
, !pass
);
816 static int aes_gcm_enc_dec(const char *alg
,
817 const unsigned char *pt
, size_t pt_len
,
818 const unsigned char *key
, size_t key_len
,
819 const unsigned char *iv
, size_t iv_len
,
820 const unsigned char *aad
, size_t aad_len
,
821 const unsigned char *ct
, size_t ct_len
,
822 const unsigned char *tag
, size_t tag_len
,
827 EVP_CIPHER
*cipher
= NULL
;
829 unsigned char out
[1024];
831 TEST_note("%s : %s : expected to %s", alg
, enc
? "encrypt" : "decrypt",
832 pass
? "pass" : "fail");
834 if (!TEST_ptr(ctx
= EVP_CIPHER_CTX_new())
835 || !TEST_ptr(cipher
= EVP_CIPHER_fetch(libctx
, alg
, ""))
836 || !TEST_true(EVP_CipherInit_ex(ctx
, cipher
, NULL
, NULL
, NULL
, enc
))
837 || !TEST_true(EVP_CIPHER_CTX_ctrl(ctx
, EVP_CTRL_AEAD_SET_IVLEN
, iv_len
,
842 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx
, EVP_CTRL_AEAD_SET_TAG
, tag_len
,
847 * TODO(3.0): The IV should not be set outside the boundary as it is now.
848 * It needs to be fed in via a dummy entropy source for this test.
850 if (!TEST_true(EVP_CipherInit_ex(ctx
, NULL
, NULL
, key
, iv
, enc
))
851 || !TEST_true(EVP_CIPHER_CTX_set_padding(ctx
, 0))
852 || !TEST_true(EVP_CipherUpdate(ctx
, NULL
, &len
, aad
, aad_len
))
853 || !TEST_true(EVP_CipherUpdate(ctx
, out
, &len
, pt
, pt_len
)))
856 if (!TEST_int_eq(EVP_CipherFinal_ex(ctx
, out
+ len
, &out_len
), pass
))
864 if (!TEST_mem_eq(out
, out_len
, ct
, ct_len
)
865 || !TEST_true(EVP_CIPHER_CTX_ctrl(ctx
, EVP_CTRL_AEAD_GET_TAG
,
866 tag_len
, out
+ out_len
))
867 || !TEST_mem_eq(out
+ out_len
, tag_len
, tag
, tag_len
))
870 if (!TEST_mem_eq(out
, out_len
, ct
, ct_len
))
876 EVP_CIPHER_free(cipher
);
877 EVP_CIPHER_CTX_free(ctx
);
881 static int aes_gcm_enc_dec_test(int id
)
883 const struct cipher_gcm_st
*tst
= &aes_gcm_enc_data
[id
];
887 return aes_gcm_enc_dec(tst
->alg
, tst
->pt
, tst
->pt_len
,
888 tst
->key
, tst
->key_len
,
889 tst
->iv
, tst
->iv_len
, tst
->aad
, tst
->aad_len
,
890 tst
->ct
, tst
->ct_len
, tst
->tag
, tst
->tag_len
,
892 && aes_gcm_enc_dec(tst
->alg
, tst
->ct
, tst
->ct_len
,
893 tst
->key
, tst
->key_len
,
894 tst
->iv
, tst
->iv_len
, tst
->aad
, tst
->aad_len
,
895 tst
->pt
, tst
->pt_len
, tst
->tag
, tst
->tag_len
,
897 /* Fail if incorrect tag passed to decrypt */
898 && aes_gcm_enc_dec(tst
->alg
, tst
->ct
, tst
->ct_len
,
899 tst
->key
, tst
->key_len
,
900 tst
->iv
, tst
->iv_len
, tst
->aad
, tst
->aad_len
,
901 tst
->pt
, tst
->pt_len
, tst
->aad
, tst
->tag_len
,
905 #ifndef OPENSSL_NO_DH
906 static int dh_create_pkey(EVP_PKEY
**pkey
, const char *group_name
,
907 const unsigned char *pub
, size_t pub_len
,
908 const unsigned char *priv
, size_t priv_len
,
909 BN_CTX
*bn_ctx
, int pass
)
912 EVP_PKEY_CTX
*ctx
= NULL
;
913 OSSL_PARAM_BLD
*bld
= NULL
;
914 OSSL_PARAM
*params
= NULL
;
915 BIGNUM
*pub_bn
= NULL
, *priv_bn
= NULL
;
917 if (!TEST_ptr(bld
= OSSL_PARAM_BLD_new())
918 || (group_name
!= NULL
919 && !TEST_int_gt(OSSL_PARAM_BLD_push_utf8_string(
920 bld
, OSSL_PKEY_PARAM_GROUP_NAME
,
925 if (!TEST_ptr(pub_bn
= BN_CTX_get(bn_ctx
))
926 || !TEST_ptr(BN_bin2bn(pub
, pub_len
, pub_bn
))
927 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_PUB_KEY
,
932 if (!TEST_ptr(priv_bn
= BN_CTX_get(bn_ctx
))
933 || !TEST_ptr(BN_bin2bn(priv
, priv_len
, priv_bn
))
934 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_PRIV_KEY
,
939 if (!TEST_ptr(params
= OSSL_PARAM_BLD_to_param(bld
))
940 || !TEST_ptr(ctx
= EVP_PKEY_CTX_new_from_name(libctx
, "DH", NULL
))
941 || !TEST_true(EVP_PKEY_key_fromdata_init(ctx
))
942 || !TEST_int_eq(EVP_PKEY_fromdata(ctx
, pkey
, params
), pass
))
947 OSSL_PARAM_BLD_free_params(params
);
948 OSSL_PARAM_BLD_free(bld
);
949 EVP_PKEY_CTX_free(ctx
);
953 static int dh_safe_prime_keygen_test(int id
)
956 EVP_PKEY_CTX
*ctx
= NULL
;
957 EVP_PKEY
*pkey
= NULL
;
958 unsigned char *priv
= NULL
;
959 unsigned char *pub
= NULL
;
960 size_t priv_len
= 0, pub_len
= 0;
961 OSSL_PARAM params
[2];
962 const struct dh_safe_prime_keygen_st
*tst
= &dh_safe_prime_keygen_data
[id
];
964 params
[0] = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME
,
965 (char *)tst
->group_name
, 0);
966 params
[1] = OSSL_PARAM_construct_end();
968 if (!TEST_ptr(ctx
= EVP_PKEY_CTX_new_from_name(libctx
, "DH", NULL
))
969 || !TEST_int_gt(EVP_PKEY_keygen_init(ctx
), 0)
970 || !TEST_true(EVP_PKEY_CTX_set_params(ctx
, params
))
971 || !TEST_int_gt(EVP_PKEY_keygen(ctx
, &pkey
), 0)
972 || !TEST_true(pkey_get_bn_bytes(pkey
, OSSL_PKEY_PARAM_PRIV_KEY
,
974 || !TEST_true(pkey_get_bn_bytes(pkey
, OSSL_PKEY_PARAM_PUB_KEY
,
978 test_output_memory("x", priv
, priv_len
);
979 test_output_memory("y", pub
, pub_len
);
982 OPENSSL_clear_free(priv
, priv_len
);
985 EVP_PKEY_CTX_free(ctx
);
989 static int dh_safe_prime_keyver_test(int id
)
992 BN_CTX
*bn_ctx
= NULL
;
993 EVP_PKEY_CTX
*key_ctx
= NULL
;
994 EVP_PKEY
*pkey
= NULL
;
995 const struct dh_safe_prime_keyver_st
*tst
= &dh_safe_prime_keyver_data
[id
];
997 if (!TEST_ptr(bn_ctx
= BN_CTX_new_ex(libctx
))
998 || !TEST_true(dh_create_pkey(&pkey
, tst
->group_name
,
999 tst
->pub
, tst
->pub_len
,
1000 tst
->priv
, tst
->priv_len
, bn_ctx
, 1))
1001 || !TEST_ptr(key_ctx
= EVP_PKEY_CTX_new_from_pkey(libctx
, pkey
, ""))
1002 || !TEST_int_eq(EVP_PKEY_check(key_ctx
), tst
->pass
))
1007 EVP_PKEY_free(pkey
);
1008 EVP_PKEY_CTX_free(key_ctx
);
1009 BN_CTX_free(bn_ctx
);
1012 #endif /* OPENSSL_NO_DH */
1015 #ifndef OPENSSL_NO_RSA
1016 static EVP_PKEY
*rsa_keygen(int bits
)
1018 EVP_PKEY
*key
= NULL
;
1019 EVP_PKEY_CTX
*keygen_ctx
= NULL
;
1021 if (!TEST_ptr(keygen_ctx
= EVP_PKEY_CTX_new_from_name(libctx
, "RSA", NULL
))
1022 || !TEST_int_gt(EVP_PKEY_keygen_init(keygen_ctx
), 0)
1023 || !TEST_true(EVP_PKEY_CTX_set_rsa_keygen_bits(keygen_ctx
, bits
))
1024 || !TEST_int_gt(EVP_PKEY_keygen(keygen_ctx
, &key
), 0))
1027 EVP_PKEY_CTX_free(keygen_ctx
);
1031 static int rsa_create_pkey(EVP_PKEY
**pkey
,
1032 const unsigned char *n
, size_t n_len
,
1033 const unsigned char *e
, size_t e_len
,
1034 const unsigned char *d
, size_t d_len
,
1038 EVP_PKEY_CTX
*ctx
= NULL
;
1039 OSSL_PARAM_BLD
*bld
= NULL
;
1040 OSSL_PARAM
*params
= NULL
;
1041 BIGNUM
*e_bn
= NULL
, *d_bn
= NULL
, *n_bn
= NULL
;
1043 if (!TEST_ptr(bld
= OSSL_PARAM_BLD_new())
1044 || !TEST_ptr(n_bn
= BN_CTX_get(bn_ctx
))
1045 || !TEST_ptr(BN_bin2bn(n
, n_len
, n_bn
))
1046 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_RSA_N
, n_bn
)))
1050 if (!TEST_ptr(e_bn
= BN_CTX_get(bn_ctx
))
1051 || !TEST_ptr(BN_bin2bn(e
, e_len
, e_bn
))
1052 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_RSA_E
,
1057 if (!TEST_ptr(d_bn
= BN_CTX_get(bn_ctx
))
1058 || !TEST_ptr(BN_bin2bn(d
, d_len
, d_bn
))
1059 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_RSA_D
,
1063 if (!TEST_ptr(params
= OSSL_PARAM_BLD_to_param(bld
))
1064 || !TEST_ptr(ctx
= EVP_PKEY_CTX_new_from_name(libctx
, "RSA", NULL
))
1065 || !TEST_true(EVP_PKEY_key_fromdata_init(ctx
))
1066 || !TEST_true(EVP_PKEY_fromdata(ctx
, pkey
, params
)))
1071 OSSL_PARAM_BLD_free_params(params
);
1072 OSSL_PARAM_BLD_free(bld
);
1073 EVP_PKEY_CTX_free(ctx
);
1077 static int rsa_keygen_test(int id
)
1080 EVP_PKEY_CTX
*ctx
= NULL
;
1081 EVP_PKEY
*pkey
= NULL
;
1082 BIGNUM
*e_bn
= NULL
;
1083 BIGNUM
*xp1_bn
= NULL
, *xp2_bn
= NULL
, *xp_bn
= NULL
;
1084 BIGNUM
*xq1_bn
= NULL
, *xq2_bn
= NULL
, *xq_bn
= NULL
;
1085 unsigned char *n
= NULL
, *d
= NULL
;
1086 unsigned char *p
= NULL
, *p1
= NULL
, *p2
= NULL
;
1087 unsigned char *q
= NULL
, *q1
= NULL
, *q2
= NULL
;
1088 size_t n_len
= 0, d_len
= 0;
1089 size_t p_len
= 0, p1_len
= 0, p2_len
= 0;
1090 size_t q_len
= 0, q1_len
= 0, q2_len
= 0;
1091 OSSL_PARAM_BLD
*bld
= NULL
;
1092 OSSL_PARAM
*params
= NULL
;
1093 const struct rsa_keygen_st
*tst
= &rsa_keygen_data
[id
];
1095 if (!TEST_ptr(bld
= OSSL_PARAM_BLD_new())
1096 || !TEST_ptr(xp1_bn
= BN_bin2bn(tst
->xp1
, tst
->xp1_len
, NULL
))
1097 || !TEST_ptr(xp2_bn
= BN_bin2bn(tst
->xp2
, tst
->xp2_len
, NULL
))
1098 || !TEST_ptr(xp_bn
= BN_bin2bn(tst
->xp
, tst
->xp_len
, NULL
))
1099 || !TEST_ptr(xq1_bn
= BN_bin2bn(tst
->xq1
, tst
->xq1_len
, NULL
))
1100 || !TEST_ptr(xq2_bn
= BN_bin2bn(tst
->xq2
, tst
->xq2_len
, NULL
))
1101 || !TEST_ptr(xq_bn
= BN_bin2bn(tst
->xq
, tst
->xq_len
, NULL
))
1102 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_RSA_TEST_XP1
,
1104 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_RSA_TEST_XP2
,
1106 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_RSA_TEST_XP
,
1108 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_RSA_TEST_XQ1
,
1110 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_RSA_TEST_XQ2
,
1112 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_RSA_TEST_XQ
,
1114 || !TEST_ptr(params
= OSSL_PARAM_BLD_to_param(bld
)))
1117 if (!TEST_ptr(ctx
= EVP_PKEY_CTX_new_from_name(libctx
, "RSA", NULL
))
1118 || !TEST_ptr(e_bn
= BN_bin2bn(tst
->e
, tst
->e_len
, NULL
))
1119 || !TEST_int_gt(EVP_PKEY_keygen_init(ctx
), 0)
1120 || !TEST_true(EVP_PKEY_CTX_set_params(ctx
, params
))
1121 || !TEST_true(EVP_PKEY_CTX_set_rsa_keygen_bits(ctx
, tst
->mod
))
1122 || !TEST_true(EVP_PKEY_CTX_set1_rsa_keygen_pubexp(ctx
, e_bn
))
1123 || !TEST_int_gt(EVP_PKEY_keygen(ctx
, &pkey
), 0)
1124 || !TEST_true(pkey_get_bn_bytes(pkey
, OSSL_PKEY_PARAM_RSA_TEST_P1
,
1126 || !TEST_true(pkey_get_bn_bytes(pkey
, OSSL_PKEY_PARAM_RSA_TEST_P2
,
1128 || !TEST_true(pkey_get_bn_bytes(pkey
, OSSL_PKEY_PARAM_RSA_TEST_Q1
,
1130 || !TEST_true(pkey_get_bn_bytes(pkey
, OSSL_PKEY_PARAM_RSA_TEST_Q2
,
1132 || !TEST_true(pkey_get_bn_bytes(pkey
, OSSL_PKEY_PARAM_RSA_FACTOR1
,
1134 || !TEST_true(pkey_get_bn_bytes(pkey
, OSSL_PKEY_PARAM_RSA_FACTOR2
,
1136 || !TEST_true(pkey_get_bn_bytes(pkey
, OSSL_PKEY_PARAM_RSA_N
,
1138 || !TEST_true(pkey_get_bn_bytes(pkey
, OSSL_PKEY_PARAM_RSA_D
,
1142 if (!TEST_mem_eq(tst
->p1
, tst
->p1_len
, p1
, p1_len
)
1143 || !TEST_mem_eq(tst
->p2
, tst
->p2_len
, p2
, p2_len
)
1144 || !TEST_mem_eq(tst
->p
, tst
->p_len
, p
, p_len
)
1145 || !TEST_mem_eq(tst
->q1
, tst
->q1_len
, q1
, q1_len
)
1146 || !TEST_mem_eq(tst
->q2
, tst
->q2_len
, q2
, q2_len
)
1147 || !TEST_mem_eq(tst
->q
, tst
->q_len
, q
, q_len
)
1148 || !TEST_mem_eq(tst
->n
, tst
->n_len
, n
, n_len
)
1149 || !TEST_mem_eq(tst
->d
, tst
->d_len
, d
, d_len
))
1152 test_output_memory("p1", p1
, p1_len
);
1153 test_output_memory("p2", p2
, p2_len
);
1154 test_output_memory("p", p
, p_len
);
1155 test_output_memory("q1", q1
, q1_len
);
1156 test_output_memory("q2", q2
, q2_len
);
1157 test_output_memory("q", q
, q_len
);
1158 test_output_memory("n", n
, n_len
);
1159 test_output_memory("d", d
, d_len
);
1177 EVP_PKEY_free(pkey
);
1178 EVP_PKEY_CTX_free(ctx
);
1179 OSSL_PARAM_BLD_free_params(params
);
1180 OSSL_PARAM_BLD_free(bld
);
1184 static int rsa_siggen_test(int id
)
1187 EVP_PKEY
*pkey
= NULL
;
1188 unsigned char *sig
= NULL
, *n
= NULL
, *e
= NULL
;
1189 size_t sig_len
= 0, n_len
= 0, e_len
= 0;
1190 OSSL_PARAM params
[4], *p
;
1191 const struct rsa_siggen_st
*tst
= &rsa_siggen_data
[id
];
1193 TEST_note("RSA %s signature generation", tst
->sig_pad_mode
);
1196 *p
++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_PAD_MODE
,
1197 (char *)tst
->sig_pad_mode
, 0);
1198 *p
++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST
,
1199 (char *)tst
->digest_alg
, 0);
1200 if (tst
->pss_salt_len
>= 0) {
1201 int salt_len
= tst
->pss_salt_len
;
1203 *p
++ = OSSL_PARAM_construct_int(OSSL_SIGNATURE_PARAM_PSS_SALTLEN
,
1206 *p
++ = OSSL_PARAM_construct_end();
1208 if (!TEST_ptr(pkey
= rsa_keygen(tst
->mod
))
1209 || !TEST_true(pkey_get_bn_bytes(pkey
, OSSL_PKEY_PARAM_RSA_N
, &n
, &n_len
))
1210 || !TEST_true(pkey_get_bn_bytes(pkey
, OSSL_PKEY_PARAM_RSA_E
, &e
, &e_len
))
1211 || !TEST_true(sig_gen(pkey
, params
, tst
->digest_alg
,
1212 tst
->msg
, tst
->msg_len
,
1215 test_output_memory("n", n
, n_len
);
1216 test_output_memory("e", e
, e_len
);
1217 test_output_memory("sig", sig
, sig_len
);
1223 EVP_PKEY_free(pkey
);
1227 static int rsa_sigver_test(int id
)
1230 EVP_PKEY_CTX
*pkey_ctx
= NULL
;
1231 EVP_PKEY
*pkey
= NULL
;
1232 EVP_MD_CTX
*md_ctx
= NULL
;
1233 BN_CTX
*bn_ctx
= NULL
;
1234 OSSL_PARAM params
[4], *p
;
1235 const struct rsa_sigver_st
*tst
= &rsa_sigver_data
[id
];
1237 TEST_note("RSA %s Signature Verify : expected to %s ", tst
->sig_pad_mode
,
1238 tst
->pass
== PASS
? "pass" : "fail");
1241 *p
++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_PAD_MODE
,
1242 (char *)tst
->sig_pad_mode
, 0);
1243 *p
++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST
,
1244 (char *)tst
->digest_alg
, 0);
1245 if (tst
->pss_salt_len
>= 0) {
1246 int salt_len
= tst
->pss_salt_len
;
1248 *p
++ = OSSL_PARAM_construct_int(OSSL_SIGNATURE_PARAM_PSS_SALTLEN
,
1251 *p
++ = OSSL_PARAM_construct_end();
1253 if (!TEST_ptr(bn_ctx
= BN_CTX_new())
1254 || !TEST_true(rsa_create_pkey(&pkey
, tst
->n
, tst
->n_len
,
1255 tst
->e
, tst
->e_len
, NULL
, 0, bn_ctx
))
1256 || !TEST_ptr(md_ctx
= EVP_MD_CTX_new())
1257 || !TEST_true(EVP_DigestVerifyInit_with_libctx(md_ctx
, &pkey_ctx
,
1260 || !TEST_true(EVP_PKEY_CTX_set_params(pkey_ctx
, params
))
1261 || !TEST_int_eq(EVP_DigestVerify(md_ctx
, tst
->sig
, tst
->sig_len
,
1262 tst
->msg
, tst
->msg_len
), tst
->pass
)))
1266 EVP_PKEY_free(pkey
);
1267 BN_CTX_free(bn_ctx
);
1268 EVP_MD_CTX_free(md_ctx
);
1272 static int rsa_decryption_primitive_test(int id
)
1275 EVP_PKEY_CTX
*ctx
= NULL
;
1276 EVP_PKEY
*pkey
= NULL
;
1277 unsigned char pt
[2048];
1278 size_t pt_len
= sizeof(pt
);
1279 unsigned char *n
= NULL
, *e
= NULL
;
1280 size_t n_len
= 0, e_len
= 0;
1281 BN_CTX
*bn_ctx
= NULL
;
1282 const struct rsa_decrypt_prim_st
*tst
= &rsa_decrypt_prim_data
[id
];
1284 if (!TEST_ptr(pkey
= rsa_keygen(2048))
1285 || !TEST_true(pkey_get_bn_bytes(pkey
, OSSL_PKEY_PARAM_RSA_N
, &n
, &n_len
))
1286 || !TEST_true(pkey_get_bn_bytes(pkey
, OSSL_PKEY_PARAM_RSA_E
, &e
, &e_len
))
1287 || !TEST_ptr(ctx
= EVP_PKEY_CTX_new_from_pkey(libctx
, pkey
, ""))
1288 || !TEST_int_gt(EVP_PKEY_decrypt_init(ctx
), 0)
1289 || !TEST_int_gt(EVP_PKEY_CTX_set_rsa_padding(ctx
, RSA_NO_PADDING
), 0))
1292 test_output_memory("n", n
, n_len
);
1293 test_output_memory("e", e
, e_len
);
1294 if (!EVP_PKEY_decrypt(ctx
, pt
, &pt_len
, tst
->ct
, tst
->ct_len
))
1295 TEST_note("Decryption Failed");
1297 test_output_memory("pt", pt
, pt_len
);
1302 EVP_PKEY_CTX_free(ctx
);
1303 EVP_PKEY_free(pkey
);
1304 BN_CTX_free(bn_ctx
);
1307 #endif /* OPENSSL_NO_RSA */
1309 static int self_test_events(const OSSL_PARAM params
[], void *varg
)
1311 SELF_TEST_ARGS
*args
= varg
;
1312 const OSSL_PARAM
*p
= NULL
;
1313 const char *phase
= NULL
, *type
= NULL
, *desc
= NULL
;
1320 p
= OSSL_PARAM_locate_const(params
, OSSL_PROV_PARAM_SELF_TEST_PHASE
);
1321 if (p
== NULL
|| p
->data_type
!= OSSL_PARAM_UTF8_STRING
)
1323 phase
= (const char *)p
->data
;
1325 p
= OSSL_PARAM_locate_const(params
, OSSL_PROV_PARAM_SELF_TEST_DESC
);
1326 if (p
== NULL
|| p
->data_type
!= OSSL_PARAM_UTF8_STRING
)
1328 desc
= (const char *)p
->data
;
1330 p
= OSSL_PARAM_locate_const(params
, OSSL_PROV_PARAM_SELF_TEST_TYPE
);
1331 if (p
== NULL
|| p
->data_type
!= OSSL_PARAM_UTF8_STRING
)
1333 type
= (const char *)p
->data
;
1335 BIO_printf(bio_out
, "%s %s %s\n", phase
, desc
, type
);
1341 static int drbg_test(int id
)
1343 OSSL_PARAM params
[3];
1344 EVP_RAND
*rand
= NULL
;
1345 EVP_RAND_CTX
*ctx
= NULL
, *parent
= NULL
;
1346 unsigned char returned_bits
[64];
1347 const size_t returned_bits_len
= sizeof(returned_bits
);
1348 unsigned int strength
= 256;
1349 const struct drbg_st
*tst
= &drbg_data
[id
];
1352 /* Create the seed source */
1353 if (!TEST_ptr(rand
= EVP_RAND_fetch(libctx
, "TEST-RAND", "-fips"))
1354 || !TEST_ptr(parent
= EVP_RAND_CTX_new(rand
, NULL
)))
1356 EVP_RAND_free(rand
);
1359 params
[0] = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_STRENGTH
, &strength
);
1360 params
[1] = OSSL_PARAM_construct_end();
1361 if (!TEST_true(EVP_RAND_set_ctx_params(parent
, params
)))
1365 if (!TEST_ptr(rand
= EVP_RAND_fetch(libctx
, tst
->drbg_name
, ""))
1366 || !TEST_ptr(ctx
= EVP_RAND_CTX_new(rand
, parent
)))
1369 /* Set the DRBG up */
1370 params
[0] = OSSL_PARAM_construct_int(OSSL_DRBG_PARAM_USE_DF
,
1371 (int *)&tst
->use_df
);
1372 params
[1] = OSSL_PARAM_construct_utf8_string(OSSL_DRBG_PARAM_CIPHER
,
1373 (char *)tst
->cipher
, 0);
1374 params
[2] = OSSL_PARAM_construct_end();
1375 if (!TEST_true(EVP_RAND_set_ctx_params(ctx
, params
)))
1378 /* Feed in the entropy and nonce */
1379 params
[0] = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY
,
1380 (void *)tst
->entropy_input
,
1381 tst
->entropy_input_len
);
1382 params
[1] = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_NONCE
,
1385 params
[2] = OSSL_PARAM_construct_end();
1386 if (!TEST_true(EVP_RAND_set_ctx_params(parent
, params
)))
1391 * A NULL personalisation string defaults to the built in so something
1392 * non-NULL is needed if there is no personalisation string
1394 if (!TEST_true(EVP_RAND_instantiate(ctx
, 0, 0, (void *)"", 0))
1395 || !TEST_true(EVP_RAND_generate(ctx
, returned_bits
, returned_bits_len
,
1397 || !TEST_true(EVP_RAND_generate(ctx
, returned_bits
, returned_bits_len
,
1401 test_output_memory("returned bits", returned_bits
, returned_bits_len
);
1404 if (!TEST_true(EVP_RAND_uninstantiate(ctx
))
1405 || !TEST_true(EVP_RAND_uninstantiate(parent
)))
1408 /* Verify the output */
1409 if (!TEST_mem_eq(returned_bits
, returned_bits_len
,
1410 tst
->returned_bits
, tst
->returned_bits_len
))
1414 EVP_RAND_CTX_free(ctx
);
1415 EVP_RAND_CTX_free(parent
);
1416 EVP_RAND_free(rand
);
1420 int setup_tests(void)
1422 char *config_file
= NULL
;
1426 while ((o
= opt_next()) != OPT_EOF
) {
1428 case OPT_CONFIG_FILE
:
1429 config_file
= opt_arg();
1431 case OPT_TEST_CASES
:
1439 prov_null
= OSSL_PROVIDER_load(NULL
, "null");
1440 if (prov_null
== NULL
) {
1441 opt_printf_stderr("Failed to load null provider into default libctx\n");
1445 libctx
= OPENSSL_CTX_new();
1447 || !OPENSSL_CTX_load_config(libctx
, config_file
)) {
1448 opt_printf_stderr("Failed to load config\n");
1451 OSSL_SELF_TEST_set_callback(libctx
, self_test_events
, &self_test_args
);
1453 ADD_ALL_TESTS(cipher_enc_dec_test
, OSSL_NELEM(cipher_enc_data
));
1454 ADD_ALL_TESTS(aes_ccm_enc_dec_test
, OSSL_NELEM(aes_ccm_enc_data
));
1455 ADD_ALL_TESTS(aes_gcm_enc_dec_test
, OSSL_NELEM(aes_gcm_enc_data
));
1457 #ifndef OPENSSL_NO_RSA
1458 ADD_ALL_TESTS(rsa_keygen_test
, OSSL_NELEM(rsa_keygen_data
));
1459 ADD_ALL_TESTS(rsa_siggen_test
, OSSL_NELEM(rsa_siggen_data
));
1460 ADD_ALL_TESTS(rsa_sigver_test
, OSSL_NELEM(rsa_sigver_data
));
1461 ADD_ALL_TESTS(rsa_decryption_primitive_test
,
1462 OSSL_NELEM(rsa_decrypt_prim_data
));
1463 #endif /* OPENSSL_NO_RSA */
1465 #ifndef OPENSSL_NO_DH
1466 ADD_ALL_TESTS(dh_safe_prime_keygen_test
,
1467 OSSL_NELEM(dh_safe_prime_keygen_data
));
1468 ADD_ALL_TESTS(dh_safe_prime_keyver_test
,
1469 OSSL_NELEM(dh_safe_prime_keyver_data
));
1470 #endif /* OPENSSL_NO_DH */
1472 #ifndef OPENSSL_NO_DSA
1473 ADD_ALL_TESTS(dsa_keygen_test
, OSSL_NELEM(dsa_keygen_data
));
1474 ADD_ALL_TESTS(dsa_paramgen_test
, OSSL_NELEM(dsa_paramgen_data
));
1475 ADD_ALL_TESTS(dsa_pqver_test
, OSSL_NELEM(dsa_pqver_data
));
1476 ADD_ALL_TESTS(dsa_siggen_test
, OSSL_NELEM(dsa_siggen_data
));
1477 ADD_ALL_TESTS(dsa_sigver_test
, OSSL_NELEM(dsa_sigver_data
));
1478 #endif /* OPENSSL_NO_DSA */
1480 #ifndef OPENSSL_NO_EC
1481 ADD_ALL_TESTS(ecdsa_keygen_test
, OSSL_NELEM(ecdsa_keygen_data
));
1482 ADD_ALL_TESTS(ecdsa_pub_verify_test
, OSSL_NELEM(ecdsa_pv_data
));
1483 ADD_ALL_TESTS(ecdsa_siggen_test
, OSSL_NELEM(ecdsa_siggen_data
));
1484 ADD_ALL_TESTS(ecdsa_sigver_test
, OSSL_NELEM(ecdsa_sigver_data
));
1485 #endif /* OPENSSL_NO_EC */
1487 ADD_ALL_TESTS(drbg_test
, OSSL_NELEM(drbg_data
));
1491 void cleanup_tests(void)
1493 OSSL_PROVIDER_unload(prov_null
);
1494 OPENSSL_CTX_free(libctx
);