1 /*
2 * Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 /*
11 * A set of tests demonstrating uses cases for CAVS/ACVP testing.
12 *
13 * For examples of testing KDF's, Digests, KeyAgreement & DRBG's refer to
14 * providers/fips/self_test_kats.c
15 */
16
17 #include <string.h>
18 #include <openssl/opensslconf.h> /* To see if OPENSSL_NO_EC is defined */
19 #include <openssl/core_names.h>
20 #include <openssl/evp.h>
21 #include <openssl/ec.h>
22 #include <openssl/dh.h>
23 #include <openssl/dsa.h>
24 #include <openssl/rsa.h>
25 #include <openssl/param_build.h>
26 #include <openssl/provider.h>
27 #include <openssl/self_test.h>
28 #include "testutil.h"
29 #include "testutil/output.h"
30 #include "acvp_test.inc"
31 #include "internal/nelem.h"
32
33 typedef enum OPTION_choice {
34 OPT_ERR = -1,
35 OPT_EOF = 0,
36 OPT_CONFIG_FILE,
37 OPT_TEST_ENUM
38 } OPTION_CHOICE;
39
40 typedef struct st_args {
41 int enable;
42 int called;
43 } SELF_TEST_ARGS;
44
45 static OSSL_PROVIDER *prov_null = NULL;
46 static OSSL_LIB_CTX *libctx = NULL;
47 static SELF_TEST_ARGS self_test_args = { 0 };
48 static OSSL_CALLBACK self_test_events;
49 static int pass_sig_gen_params = 1;
50 static int rsa_sign_x931_pad_allowed = 1;
51 #ifndef OPENSSL_NO_DSA
52 static int dsasign_allowed = 1;
53 #endif
54 #ifndef OPENSSL_NO_EC
55 static int ec_cofactors = 1;
56 #endif
57
test_get_options(void)58 const OPTIONS *test_get_options(void)
59 {
60 static const OPTIONS test_options[] = {
61 OPT_TEST_OPTIONS_DEFAULT_USAGE,
62 { "config", OPT_CONFIG_FILE, '<',
63 "The configuration file to use for the libctx" },
64 { NULL }
65 };
66 return test_options;
67 }
68
pkey_get_bn_bytes(EVP_PKEY * pkey,const char * name,unsigned char ** out,size_t * out_len)69 static int pkey_get_bn_bytes(EVP_PKEY *pkey, const char *name,
70 unsigned char **out, size_t *out_len)
71 {
72 unsigned char *buf = NULL;
73 BIGNUM *bn = NULL;
74 int sz;
75
76 if (!EVP_PKEY_get_bn_param(pkey, name, &bn))
77 goto err;
78 sz = BN_num_bytes(bn);
79 buf = OPENSSL_zalloc(sz);
80 if (buf == NULL)
81 goto err;
82 if (BN_bn2binpad(bn, buf, sz) <= 0)
83 goto err;
84
85 *out_len = sz;
86 *out = buf;
87 BN_free(bn);
88 return 1;
89 err:
90 OPENSSL_free(buf);
91 BN_free(bn);
92 return 0;
93 }
94
sig_gen(EVP_PKEY * pkey,OSSL_PARAM * params,const char * digest_name,const unsigned char * msg,size_t msg_len,unsigned char ** sig_out,size_t * sig_out_len)95 static int sig_gen(EVP_PKEY *pkey, OSSL_PARAM *params, const char *digest_name,
96 const unsigned char *msg, size_t msg_len,
97 unsigned char **sig_out, size_t *sig_out_len)
98 {
99 int ret = 0;
100 EVP_MD_CTX *md_ctx = NULL;
101 unsigned char *sig = NULL;
102 size_t sig_len;
103 size_t sz = EVP_PKEY_get_size(pkey);
104 OSSL_PARAM *p = pass_sig_gen_params ? params : NULL;
105
106 sig_len = sz;
107 if (!TEST_ptr(sig = OPENSSL_malloc(sz))
108 || !TEST_ptr(md_ctx = EVP_MD_CTX_new())
109 || !TEST_int_eq(EVP_DigestSignInit_ex(md_ctx, NULL, digest_name, libctx,
110 NULL, pkey, p),
111 1)
112 || !TEST_int_gt(EVP_DigestSign(md_ctx, sig, &sig_len, msg, msg_len), 0))
113 goto err;
114 *sig_out = sig;
115 *sig_out_len = sig_len;
116 sig = NULL;
117 ret = 1;
118 err:
119 OPENSSL_free(sig);
120 EVP_MD_CTX_free(md_ctx);
121 return ret;
122 }
123
check_verify_message(EVP_PKEY_CTX * pkey_ctx,int expected)124 static int check_verify_message(EVP_PKEY_CTX *pkey_ctx, int expected)
125 {
126 OSSL_PARAM params[2], *p = params;
127 int verify_message = -1;
128
129 if (!OSSL_PROVIDER_available(libctx, "fips")
130 || fips_provider_version_match(libctx, "<3.4.0"))
131 return 1;
132
133 *p++ = OSSL_PARAM_construct_int(OSSL_SIGNATURE_PARAM_FIPS_VERIFY_MESSAGE,
134 &verify_message);
135 *p = OSSL_PARAM_construct_end();
136
137 if (!TEST_true(EVP_PKEY_CTX_get_params(pkey_ctx, params))
138 || !TEST_int_eq(verify_message, expected))
139 return 0;
140 return 1;
141 }
142
143 #ifndef OPENSSL_NO_EC
ecdsa_keygen_test(int id)144 static int ecdsa_keygen_test(int id)
145 {
146 int ret = 0;
147 EVP_PKEY *pkey = NULL;
148 unsigned char *priv = NULL;
149 unsigned char *pubx = NULL, *puby = NULL;
150 size_t priv_len = 0, pubx_len = 0, puby_len = 0;
151 const struct ecdsa_keygen_st *tst = &ecdsa_keygen_data[id];
152
153 self_test_args.called = 0;
154 self_test_args.enable = 1;
155 if (!TEST_ptr(pkey = EVP_PKEY_Q_keygen(libctx, NULL, "EC", tst->curve_name))
156 || !TEST_int_ge(self_test_args.called, 3)
157 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_PRIV_KEY, &priv,
158 &priv_len))
159 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_EC_PUB_X, &pubx,
160 &pubx_len))
161 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_EC_PUB_Y, &puby,
162 &puby_len)))
163 goto err;
164
165 test_output_memory("qy", puby, puby_len);
166 test_output_memory("qx", pubx, pubx_len);
167 test_output_memory("d", priv, priv_len);
168 ret = 1;
169 err:
170 self_test_args.enable = 0;
171 self_test_args.called = 0;
172 OPENSSL_clear_free(priv, priv_len);
173 OPENSSL_free(pubx);
174 OPENSSL_free(puby);
175 EVP_PKEY_free(pkey);
176 return ret;
177 }
178
ecdsa_create_pkey(EVP_PKEY ** pkey,const char * curve_name,const unsigned char * pub,size_t pub_len,int expected)179 static int ecdsa_create_pkey(EVP_PKEY **pkey, const char *curve_name,
180 const unsigned char *pub, size_t pub_len,
181 int expected)
182 {
183 int ret = 0;
184 EVP_PKEY_CTX *ctx = NULL;
185 OSSL_PARAM_BLD *bld = NULL;
186 OSSL_PARAM *params = NULL;
187
188 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
189 || (curve_name != NULL
190 && !TEST_true(OSSL_PARAM_BLD_push_utf8_string(
191 bld, OSSL_PKEY_PARAM_GROUP_NAME, curve_name, 0)
192 > 0))
193 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
194 OSSL_PKEY_PARAM_PUB_KEY,
195 pub, pub_len)
196 > 0)
197 || !TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
198 || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "EC", NULL))
199 || !TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1)
200 || !TEST_int_eq(EVP_PKEY_fromdata(ctx, pkey, EVP_PKEY_PUBLIC_KEY,
201 params),
202 expected))
203 goto err;
204
205 ret = 1;
206 err:
207 OSSL_PARAM_free(params);
208 OSSL_PARAM_BLD_free(bld);
209 EVP_PKEY_CTX_free(ctx);
210 return ret;
211 }
212
ecdsa_pub_verify_test(int id)213 static int ecdsa_pub_verify_test(int id)
214 {
215 const struct ecdsa_pub_verify_st *tst = &ecdsa_pv_data[id];
216
217 int ret = 0;
218 EVP_PKEY_CTX *key_ctx = NULL;
219 EVP_PKEY *pkey = NULL;
220
221 if (!TEST_true(ecdsa_create_pkey(&pkey, tst->curve_name,
222 tst->pub, tst->pub_len, tst->pass)))
223 goto err;
224
225 if (tst->pass) {
226 if (!TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, ""))
227 || !TEST_int_eq(EVP_PKEY_public_check(key_ctx), tst->pass))
228 goto err;
229 }
230 ret = 1;
231 err:
232 EVP_PKEY_free(pkey);
233 EVP_PKEY_CTX_free(key_ctx);
234 return ret;
235 }
236
237 /* Extract r and s from an ecdsa signature */
get_ecdsa_sig_rs_bytes(const unsigned char * sig,size_t sig_len,unsigned char ** r,unsigned char ** s,size_t * rlen,size_t * slen)238 static int get_ecdsa_sig_rs_bytes(const unsigned char *sig, size_t sig_len,
239 unsigned char **r, unsigned char **s,
240 size_t *rlen, size_t *slen)
241 {
242 int ret = 0;
243 unsigned char *rbuf = NULL, *sbuf = NULL;
244 size_t r1_len, s1_len;
245 const BIGNUM *r1, *s1;
246 ECDSA_SIG *sign = d2i_ECDSA_SIG(NULL, &sig, sig_len);
247
248 if (sign == NULL)
249 return 0;
250 r1 = ECDSA_SIG_get0_r(sign);
251 s1 = ECDSA_SIG_get0_s(sign);
252 if (r1 == NULL || s1 == NULL)
253 goto err;
254
255 r1_len = BN_num_bytes(r1);
256 s1_len = BN_num_bytes(s1);
257 rbuf = OPENSSL_zalloc(r1_len);
258 sbuf = OPENSSL_zalloc(s1_len);
259 if (rbuf == NULL || sbuf == NULL)
260 goto err;
261 if (BN_bn2binpad(r1, rbuf, r1_len) <= 0)
262 goto err;
263 if (BN_bn2binpad(s1, sbuf, s1_len) <= 0)
264 goto err;
265 *r = rbuf;
266 *s = sbuf;
267 *rlen = r1_len;
268 *slen = s1_len;
269 ret = 1;
270 err:
271 if (ret == 0) {
272 OPENSSL_free(rbuf);
273 OPENSSL_free(sbuf);
274 }
275 ECDSA_SIG_free(sign);
276 return ret;
277 }
278
ecdsa_siggen_test(int id)279 static int ecdsa_siggen_test(int id)
280 {
281 int ret = 0;
282 EVP_PKEY *pkey = NULL;
283 size_t sig_len = 0, rlen = 0, slen = 0;
284 unsigned char *sig = NULL;
285 unsigned char *r = NULL, *s = NULL;
286 const struct ecdsa_siggen_st *tst = &ecdsa_siggen_data[id];
287
288 if (!TEST_ptr(pkey = EVP_PKEY_Q_keygen(libctx, NULL, "EC", tst->curve_name)))
289 goto err;
290
291 if (!TEST_true(sig_gen(pkey, NULL, tst->digest_alg, tst->msg, tst->msg_len,
292 &sig, &sig_len))
293 || !TEST_true(get_ecdsa_sig_rs_bytes(sig, sig_len, &r, &s, &rlen, &slen)))
294 goto err;
295 test_output_memory("r", r, rlen);
296 test_output_memory("s", s, slen);
297 ret = 1;
298 err:
299 OPENSSL_free(r);
300 OPENSSL_free(s);
301 OPENSSL_free(sig);
302 EVP_PKEY_free(pkey);
303 return ret;
304 }
305
ecdsa_sigver_test(int id)306 static int ecdsa_sigver_test(int id)
307 {
308 int ret = 0;
309 EVP_MD_CTX *md_ctx = NULL;
310 EVP_PKEY *pkey = NULL;
311 EVP_PKEY_CTX *pkey_ctx;
312 ECDSA_SIG *sign = NULL;
313 size_t sig_len;
314 unsigned char *sig = NULL;
315 BIGNUM *rbn = NULL, *sbn = NULL;
316 const struct ecdsa_sigver_st *tst = &ecdsa_sigver_data[id];
317
318 if (!TEST_true(ecdsa_create_pkey(&pkey, tst->curve_name,
319 tst->pub, tst->pub_len, 1)))
320 goto err;
321
322 if (!TEST_ptr(sign = ECDSA_SIG_new())
323 || !TEST_ptr(rbn = BN_bin2bn(tst->r, tst->r_len, NULL))
324 || !TEST_ptr(sbn = BN_bin2bn(tst->s, tst->s_len, NULL))
325 || !TEST_true(ECDSA_SIG_set0(sign, rbn, sbn)))
326 goto err;
327 rbn = sbn = NULL;
328
329 if (!TEST_int_gt((sig_len = i2d_ECDSA_SIG(sign, &sig)), 0)
330 || !TEST_ptr(md_ctx = EVP_MD_CTX_new())
331 || !TEST_true(EVP_DigestVerifyInit_ex(md_ctx, NULL, tst->digest_alg,
332 libctx, NULL, pkey, NULL))
333 || !TEST_ptr(pkey_ctx = EVP_MD_CTX_get_pkey_ctx(md_ctx))
334 || !check_verify_message(pkey_ctx, 1)
335 || !TEST_int_eq(EVP_DigestVerify(md_ctx, sig, sig_len,
336 tst->msg, tst->msg_len),
337 tst->pass)
338 || !check_verify_message(pkey_ctx, 1)
339 || !TEST_true(EVP_PKEY_verify_init(pkey_ctx))
340 || !check_verify_message(pkey_ctx, 0))
341 goto err;
342
343 ret = 1;
344 err:
345 BN_free(rbn);
346 BN_free(sbn);
347 OPENSSL_free(sig);
348 ECDSA_SIG_free(sign);
349 EVP_PKEY_free(pkey);
350 EVP_MD_CTX_free(md_ctx);
351 return ret;
352 }
353
ecdh_cofactor_derive_test(int tstid)354 static int ecdh_cofactor_derive_test(int tstid)
355 {
356 int ret = 0;
357 const struct ecdh_cofactor_derive_st *t = &ecdh_cofactor_derive_data[tstid];
358 unsigned char secret1[16];
359 size_t secret1_len = sizeof(secret1);
360 const char *curve = "K-283"; /* A curve that has a cofactor that it not 1 */
361 EVP_PKEY *peer1 = NULL, *peer2 = NULL;
362 EVP_PKEY_CTX *p1ctx = NULL;
363 OSSL_PARAM params[2], *prms = NULL;
364 int use_cofactordh = t->key_cofactor;
365 int cofactor_mode = t->derive_cofactor_mode;
366
367 if (!ec_cofactors)
368 return TEST_skip("not supported by FIPS provider version");
369
370 if (!TEST_ptr(peer1 = EVP_PKEY_Q_keygen(libctx, NULL, "EC", curve)))
371 return TEST_skip("Curve %s not supported by the FIPS provider", curve);
372
373 if (!TEST_ptr(peer2 = EVP_PKEY_Q_keygen(libctx, NULL, "EC", curve)))
374 goto err;
375
376 params[1] = OSSL_PARAM_construct_end();
377
378 prms = NULL;
379 if (t->key_cofactor != COFACTOR_NOT_SET) {
380 params[0] = OSSL_PARAM_construct_int(OSSL_PKEY_PARAM_USE_COFACTOR_ECDH,
381 &use_cofactordh);
382 prms = params;
383 }
384 if (!TEST_int_eq(EVP_PKEY_set_params(peer1, prms), 1)
385 || !TEST_ptr(p1ctx = EVP_PKEY_CTX_new_from_pkey(libctx, peer1, NULL)))
386 goto err;
387
388 prms = NULL;
389 if (t->derive_cofactor_mode != COFACTOR_NOT_SET) {
390 params[0] = OSSL_PARAM_construct_int(OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE,
391 &cofactor_mode);
392 prms = params;
393 }
394 if (!TEST_int_eq(EVP_PKEY_derive_init_ex(p1ctx, prms), 1)
395 || !TEST_int_eq(EVP_PKEY_derive_set_peer(p1ctx, peer2), 1)
396 || !TEST_int_eq(EVP_PKEY_derive(p1ctx, secret1, &secret1_len),
397 t->expected))
398 goto err;
399
400 ret = 1;
401 err:
402 if (ret == 0) {
403 static const char *state[] = { "unset", "-1", "disabled", "enabled" };
404
405 TEST_note("ECDH derive() was expected to %s if key cofactor is"
406 "%s and derive mode is %s",
407 t->expected ? "Pass" : "Fail",
408 state[2 + t->key_cofactor], state[2 + t->derive_cofactor_mode]);
409 }
410 EVP_PKEY_free(peer1);
411 EVP_PKEY_free(peer2);
412 EVP_PKEY_CTX_free(p1ctx);
413 return ret;
414 }
415
416 #endif /* OPENSSL_NO_EC */
417
418 #if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECX)
pkey_get_octet_bytes(EVP_PKEY * pkey,const char * name,unsigned char ** out,size_t * out_len)419 static int pkey_get_octet_bytes(EVP_PKEY *pkey, const char *name,
420 unsigned char **out, size_t *out_len)
421 {
422 size_t len = 0;
423 unsigned char *buf = NULL;
424
425 if (!EVP_PKEY_get_octet_string_param(pkey, name, NULL, 0, &len))
426 goto err;
427
428 buf = OPENSSL_zalloc(len);
429 if (buf == NULL)
430 goto err;
431
432 if (!EVP_PKEY_get_octet_string_param(pkey, name, buf, len, out_len))
433 goto err;
434 *out = buf;
435 return 1;
436 err:
437 OPENSSL_free(buf);
438 return 0;
439 }
440 #endif /* !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECX) */
441
442 #ifndef OPENSSL_NO_ECX
eddsa_create_pkey(EVP_PKEY ** pkey,const char * algname,const unsigned char * pub,size_t pub_len,int expected)443 static int eddsa_create_pkey(EVP_PKEY **pkey, const char *algname,
444 const unsigned char *pub, size_t pub_len,
445 int expected)
446 {
447 int ret = 0;
448 EVP_PKEY_CTX *ctx = NULL;
449 OSSL_PARAM_BLD *bld = NULL;
450 OSSL_PARAM *params = NULL;
451
452 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
453 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
454 OSSL_PKEY_PARAM_PUB_KEY,
455 pub, pub_len)
456 > 0)
457 || !TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
458 || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, algname, NULL))
459 || !TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1)
460 || !TEST_int_eq(EVP_PKEY_fromdata(ctx, pkey, EVP_PKEY_PUBLIC_KEY,
461 params),
462 expected))
463 goto err;
464
465 ret = 1;
466 err:
467 OSSL_PARAM_free(params);
468 OSSL_PARAM_BLD_free(bld);
469 EVP_PKEY_CTX_free(ctx);
470 return ret;
471 }
472
eddsa_pub_verify_test(int id)473 static int eddsa_pub_verify_test(int id)
474 {
475 const struct ecdsa_pub_verify_st *tst = &eddsa_pv_data[id];
476 int ret = 0;
477 EVP_PKEY_CTX *key_ctx = NULL;
478 EVP_PKEY *pkey = NULL;
479
480 if (!TEST_true(eddsa_create_pkey(&pkey, tst->curve_name,
481 tst->pub, tst->pub_len, 1)))
482 goto err;
483
484 if (!TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, ""))
485 || !TEST_int_eq(EVP_PKEY_public_check(key_ctx), tst->pass))
486 goto err;
487 ret = 1;
488 err:
489 EVP_PKEY_free(pkey);
490 EVP_PKEY_CTX_free(key_ctx);
491 return ret;
492 }
493
eddsa_keygen_test(int id)494 static int eddsa_keygen_test(int id)
495 {
496 int ret = 0;
497 EVP_PKEY *pkey = NULL;
498 unsigned char *priv = NULL, *pub = NULL;
499 size_t priv_len = 0, pub_len = 0;
500 const struct ecdsa_pub_verify_st *tst = &eddsa_pv_data[id];
501
502 self_test_args.called = 0;
503 self_test_args.enable = 1;
504 if (!TEST_ptr(pkey = EVP_PKEY_Q_keygen(libctx, NULL, tst->curve_name))
505 || !TEST_int_ge(self_test_args.called, 3)
506 || !TEST_true(pkey_get_octet_bytes(pkey, OSSL_PKEY_PARAM_PRIV_KEY,
507 &priv, &priv_len))
508 || !TEST_true(pkey_get_octet_bytes(pkey, OSSL_PKEY_PARAM_PUB_KEY, &pub,
509 &pub_len)))
510 goto err;
511
512 test_output_memory("q", pub, pub_len);
513 test_output_memory("d", priv, priv_len);
514 ret = 1;
515 err:
516 self_test_args.enable = 0;
517 self_test_args.called = 0;
518 OPENSSL_clear_free(priv, priv_len);
519 OPENSSL_free(pub);
520 EVP_PKEY_free(pkey);
521 return ret;
522 }
523
524 #endif /* OPENSSL_NO_ECX */
525
526 #ifndef OPENSSL_NO_DSA
527
dsa_paramgen(int L,int N)528 static EVP_PKEY *dsa_paramgen(int L, int N)
529 {
530 EVP_PKEY_CTX *paramgen_ctx = NULL;
531 EVP_PKEY *param_key = NULL;
532
533 if (!TEST_ptr(paramgen_ctx = EVP_PKEY_CTX_new_from_name(libctx, "DSA", NULL))
534 || !TEST_int_gt(EVP_PKEY_paramgen_init(paramgen_ctx), 0)
535 || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_bits(paramgen_ctx, L))
536 || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_q_bits(paramgen_ctx, N))
537 || !TEST_true(EVP_PKEY_paramgen(paramgen_ctx, ¶m_key)))
538 TEST_info("dsa_paramgen failed");
539 EVP_PKEY_CTX_free(paramgen_ctx);
540 return param_key;
541 }
542
dsa_keygen(int L,int N)543 static EVP_PKEY *dsa_keygen(int L, int N)
544 {
545 EVP_PKEY *param_key = NULL, *key = NULL;
546 EVP_PKEY_CTX *keygen_ctx = NULL;
547
548 if (!TEST_ptr(param_key = dsa_paramgen(L, N))
549 || !TEST_ptr(keygen_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, param_key,
550 NULL))
551 || !TEST_int_gt(EVP_PKEY_keygen_init(keygen_ctx), 0)
552 || !TEST_int_gt(EVP_PKEY_keygen(keygen_ctx, &key), 0))
553 goto err;
554 err:
555 EVP_PKEY_free(param_key);
556 EVP_PKEY_CTX_free(keygen_ctx);
557 return key;
558 }
559
dsa_keygen_test(int id)560 static int dsa_keygen_test(int id)
561 {
562 int ret = 0, i;
563 EVP_PKEY_CTX *paramgen_ctx = NULL, *keygen_ctx = NULL;
564 EVP_PKEY *param_key = NULL, *key = NULL;
565 unsigned char *priv = NULL, *pub = NULL;
566 size_t priv_len = 0, pub_len = 0;
567 const struct dsa_paramgen_st *tst = &dsa_keygen_data[id];
568
569 if (!dsasign_allowed)
570 return TEST_skip("DSA signing is not allowed");
571 if (!TEST_ptr(param_key = dsa_paramgen(tst->L, tst->N))
572 || !TEST_ptr(keygen_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, param_key,
573 NULL))
574 || !TEST_int_gt(EVP_PKEY_keygen_init(keygen_ctx), 0))
575 goto err;
576 for (i = 0; i < 2; ++i) {
577 if (!TEST_int_gt(EVP_PKEY_keygen(keygen_ctx, &key), 0)
578 || !TEST_true(pkey_get_bn_bytes(key, OSSL_PKEY_PARAM_PRIV_KEY,
579 &priv, &priv_len))
580 || !TEST_true(pkey_get_bn_bytes(key, OSSL_PKEY_PARAM_PUB_KEY,
581 &pub, &pub_len)))
582 goto err;
583 test_output_memory("y", pub, pub_len);
584 test_output_memory("x", priv, priv_len);
585 EVP_PKEY_free(key);
586 OPENSSL_clear_free(priv, priv_len);
587 OPENSSL_free(pub);
588 key = NULL;
589 pub = priv = NULL;
590 }
591 ret = 1;
592 err:
593 OPENSSL_clear_free(priv, priv_len);
594 OPENSSL_free(pub);
595 EVP_PKEY_free(param_key);
596 EVP_PKEY_free(key);
597 EVP_PKEY_CTX_free(keygen_ctx);
598 EVP_PKEY_CTX_free(paramgen_ctx);
599 return ret;
600 }
601
dsa_paramgen_test(int id)602 static int dsa_paramgen_test(int id)
603 {
604 int ret = 0, counter = 0;
605 EVP_PKEY_CTX *paramgen_ctx = NULL;
606 EVP_PKEY *param_key = NULL;
607 unsigned char *p = NULL, *q = NULL, *seed = NULL;
608 size_t plen = 0, qlen = 0, seedlen = 0;
609 const struct dsa_paramgen_st *tst = &dsa_paramgen_data[id];
610
611 if (!TEST_ptr(paramgen_ctx = EVP_PKEY_CTX_new_from_name(libctx, "DSA", NULL))
612 || !TEST_int_gt(EVP_PKEY_paramgen_init(paramgen_ctx), 0)
613 || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_bits(paramgen_ctx, tst->L))
614 || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_q_bits(paramgen_ctx,
615 tst->N)))
616 goto err;
617
618 if (!dsasign_allowed) {
619 if (!TEST_false(EVP_PKEY_paramgen(paramgen_ctx, ¶m_key)))
620 goto err;
621 } else {
622 if (!TEST_true(EVP_PKEY_paramgen(paramgen_ctx, ¶m_key))
623 || !TEST_true(pkey_get_bn_bytes(param_key, OSSL_PKEY_PARAM_FFC_P,
624 &p, &plen))
625 || !TEST_true(pkey_get_bn_bytes(param_key, OSSL_PKEY_PARAM_FFC_Q,
626 &q, &qlen))
627 || !TEST_true(pkey_get_octet_bytes(param_key,
628 OSSL_PKEY_PARAM_FFC_SEED,
629 &seed, &seedlen))
630 || !TEST_true(EVP_PKEY_get_int_param(param_key,
631 OSSL_PKEY_PARAM_FFC_PCOUNTER,
632 &counter)))
633 goto err;
634 test_output_memory("p", p, plen);
635 test_output_memory("q", q, qlen);
636 test_output_memory("domainSeed", seed, seedlen);
637 test_printf_stderr("%s: %d\n", "counter", counter);
638 }
639 ret = 1;
640 err:
641 OPENSSL_free(p);
642 OPENSSL_free(q);
643 OPENSSL_free(seed);
644 EVP_PKEY_free(param_key);
645 EVP_PKEY_CTX_free(paramgen_ctx);
646 return ret;
647 }
648
dsa_create_pkey(EVP_PKEY ** pkey,const unsigned char * p,size_t p_len,const unsigned char * q,size_t q_len,const unsigned char * g,size_t g_len,const unsigned char * seed,size_t seed_len,int counter,int validate_pq,int validate_g,const unsigned char * pub,size_t pub_len,BN_CTX * bn_ctx)649 static int dsa_create_pkey(EVP_PKEY **pkey,
650 const unsigned char *p, size_t p_len,
651 const unsigned char *q, size_t q_len,
652 const unsigned char *g, size_t g_len,
653 const unsigned char *seed, size_t seed_len,
654 int counter,
655 int validate_pq, int validate_g,
656 const unsigned char *pub, size_t pub_len,
657 BN_CTX *bn_ctx)
658 {
659 int ret = 0;
660 EVP_PKEY_CTX *ctx = NULL;
661 OSSL_PARAM_BLD *bld = NULL;
662 OSSL_PARAM *params = NULL;
663 BIGNUM *p_bn = NULL, *q_bn = NULL, *g_bn = NULL, *pub_bn = NULL;
664
665 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
666 || !TEST_ptr(p_bn = BN_CTX_get(bn_ctx))
667 || !TEST_ptr(BN_bin2bn(p, p_len, p_bn))
668 || !TEST_true(OSSL_PARAM_BLD_push_int(bld,
669 OSSL_PKEY_PARAM_FFC_VALIDATE_PQ,
670 validate_pq))
671 || !TEST_true(OSSL_PARAM_BLD_push_int(bld,
672 OSSL_PKEY_PARAM_FFC_VALIDATE_G,
673 validate_g))
674 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p_bn))
675 || !TEST_ptr(q_bn = BN_CTX_get(bn_ctx))
676 || !TEST_ptr(BN_bin2bn(q, q_len, q_bn))
677 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q_bn)))
678 goto err;
679
680 if (g != NULL) {
681 if (!TEST_ptr(g_bn = BN_CTX_get(bn_ctx))
682 || !TEST_ptr(BN_bin2bn(g, g_len, g_bn))
683 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld,
684 OSSL_PKEY_PARAM_FFC_G, g_bn)))
685 goto err;
686 }
687 if (seed != NULL) {
688 if (!TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
689 OSSL_PKEY_PARAM_FFC_SEED, seed, seed_len)))
690 goto err;
691 }
692 if (counter != -1) {
693 if (!TEST_true(OSSL_PARAM_BLD_push_int(bld,
694 OSSL_PKEY_PARAM_FFC_PCOUNTER,
695 counter)))
696 goto err;
697 }
698 if (pub != NULL) {
699 if (!TEST_ptr(pub_bn = BN_CTX_get(bn_ctx))
700 || !TEST_ptr(BN_bin2bn(pub, pub_len, pub_bn))
701 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld,
702 OSSL_PKEY_PARAM_PUB_KEY,
703 pub_bn)))
704 goto err;
705 }
706 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
707 || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "DSA", NULL))
708 || !TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1)
709 || !TEST_int_eq(EVP_PKEY_fromdata(ctx, pkey, EVP_PKEY_PUBLIC_KEY,
710 params),
711 1))
712 goto err;
713
714 ret = 1;
715 err:
716 OSSL_PARAM_free(params);
717 OSSL_PARAM_BLD_free(bld);
718 EVP_PKEY_CTX_free(ctx);
719 return ret;
720 }
721
dsa_pqver_test(int id)722 static int dsa_pqver_test(int id)
723 {
724 int ret = 0;
725 BN_CTX *bn_ctx = NULL;
726 EVP_PKEY_CTX *key_ctx = NULL;
727 EVP_PKEY *param_key = NULL;
728 const struct dsa_pqver_st *tst = &dsa_pqver_data[id];
729
730 if (!TEST_ptr(bn_ctx = BN_CTX_new_ex(libctx))
731 || !TEST_true(dsa_create_pkey(¶m_key, tst->p, tst->p_len,
732 tst->q, tst->q_len, NULL, 0,
733 tst->seed, tst->seed_len, tst->counter,
734 1, 0,
735 NULL, 0,
736 bn_ctx))
737 || !TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, param_key,
738 NULL))
739 || !TEST_int_eq(EVP_PKEY_param_check(key_ctx), tst->pass))
740 goto err;
741
742 ret = 1;
743 err:
744 BN_CTX_free(bn_ctx);
745 EVP_PKEY_free(param_key);
746 EVP_PKEY_CTX_free(key_ctx);
747 return ret;
748 }
749
750 /* Extract r and s from a dsa signature */
get_dsa_sig_rs_bytes(const unsigned char * sig,size_t sig_len,unsigned char ** r,unsigned char ** s,size_t * r_len,size_t * s_len)751 static int get_dsa_sig_rs_bytes(const unsigned char *sig, size_t sig_len,
752 unsigned char **r, unsigned char **s,
753 size_t *r_len, size_t *s_len)
754 {
755 int ret = 0;
756 unsigned char *rbuf = NULL, *sbuf = NULL;
757 size_t r1_len, s1_len;
758 const BIGNUM *r1, *s1;
759 DSA_SIG *sign = d2i_DSA_SIG(NULL, &sig, sig_len);
760
761 if (sign == NULL)
762 return 0;
763 DSA_SIG_get0(sign, &r1, &s1);
764 if (r1 == NULL || s1 == NULL)
765 goto err;
766
767 r1_len = BN_num_bytes(r1);
768 s1_len = BN_num_bytes(s1);
769 rbuf = OPENSSL_zalloc(r1_len);
770 sbuf = OPENSSL_zalloc(s1_len);
771 if (rbuf == NULL || sbuf == NULL)
772 goto err;
773 if (BN_bn2binpad(r1, rbuf, r1_len) <= 0)
774 goto err;
775 if (BN_bn2binpad(s1, sbuf, s1_len) <= 0)
776 goto err;
777 *r = rbuf;
778 *s = sbuf;
779 *r_len = r1_len;
780 *s_len = s1_len;
781 ret = 1;
782 err:
783 if (ret == 0) {
784 OPENSSL_free(rbuf);
785 OPENSSL_free(sbuf);
786 }
787 DSA_SIG_free(sign);
788 return ret;
789 }
790
dsa_siggen_test(int id)791 static int dsa_siggen_test(int id)
792 {
793 int ret = 0;
794 EVP_PKEY *pkey = NULL;
795 unsigned char *sig = NULL, *r = NULL, *s = NULL;
796 size_t sig_len = 0, rlen = 0, slen = 0;
797 const struct dsa_siggen_st *tst = &dsa_siggen_data[id];
798
799 if (!dsasign_allowed) {
800 if (!TEST_ptr_null(pkey = dsa_keygen(tst->L, tst->N)))
801 goto err;
802 } else {
803 if (!TEST_ptr(pkey = dsa_keygen(tst->L, tst->N)))
804 goto err;
805 if (!TEST_true(sig_gen(pkey, NULL, tst->digest_alg, tst->msg, tst->msg_len,
806 &sig, &sig_len))
807 || !TEST_true(get_dsa_sig_rs_bytes(sig, sig_len, &r, &s, &rlen, &slen)))
808 goto err;
809 test_output_memory("r", r, rlen);
810 test_output_memory("s", s, slen);
811 }
812 ret = 1;
813 err:
814 OPENSSL_free(r);
815 OPENSSL_free(s);
816 OPENSSL_free(sig);
817 EVP_PKEY_free(pkey);
818 return ret;
819 }
820
dsa_sigver_test(int id)821 static int dsa_sigver_test(int id)
822 {
823 int ret = 0;
824 EVP_PKEY_CTX *ctx = NULL;
825 EVP_PKEY *pkey = NULL;
826 DSA_SIG *sign = NULL;
827 size_t sig_len;
828 unsigned char *sig = NULL;
829 BIGNUM *rbn = NULL, *sbn = NULL;
830 EVP_MD *md = NULL;
831 unsigned char digest[EVP_MAX_MD_SIZE];
832 unsigned int digest_len;
833 BN_CTX *bn_ctx = NULL;
834 const struct dsa_sigver_st *tst = &dsa_sigver_data[id];
835
836 if (!TEST_ptr(bn_ctx = BN_CTX_new())
837 || !TEST_true(dsa_create_pkey(&pkey, tst->p, tst->p_len,
838 tst->q, tst->q_len, tst->g, tst->g_len,
839 NULL, 0, 0, 0, 0, tst->pub, tst->pub_len,
840 bn_ctx)))
841 goto err;
842
843 if (!TEST_ptr(sign = DSA_SIG_new())
844 || !TEST_ptr(rbn = BN_bin2bn(tst->r, tst->r_len, NULL))
845 || !TEST_ptr(sbn = BN_bin2bn(tst->s, tst->s_len, NULL))
846 || !TEST_true(DSA_SIG_set0(sign, rbn, sbn)))
847 goto err;
848 rbn = sbn = NULL;
849
850 if (!TEST_ptr(md = EVP_MD_fetch(libctx, tst->digest_alg, ""))
851 || !TEST_true(EVP_Digest(tst->msg, tst->msg_len,
852 digest, &digest_len, md, NULL)))
853 goto err;
854
855 if (!TEST_int_gt((sig_len = i2d_DSA_SIG(sign, &sig)), 0)
856 || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, ""))
857 || !TEST_int_gt(EVP_PKEY_verify_init(ctx), 0)
858 || !TEST_int_eq(EVP_PKEY_verify(ctx, sig, sig_len, digest, digest_len),
859 tst->pass))
860 goto err;
861 ret = 1;
862 err:
863 EVP_PKEY_CTX_free(ctx);
864 OPENSSL_free(sig);
865 EVP_MD_free(md);
866 DSA_SIG_free(sign);
867 EVP_PKEY_free(pkey);
868 BN_free(rbn);
869 BN_free(sbn);
870 BN_CTX_free(bn_ctx);
871 return ret;
872 }
873 #endif /* OPENSSL_NO_DSA */
874
875 /* cipher encrypt/decrypt */
cipher_enc(const char * alg,const unsigned char * pt,size_t pt_len,const unsigned char * key,size_t key_len,const unsigned char * iv,size_t iv_len,const unsigned char * ct,size_t ct_len,int enc)876 static int cipher_enc(const char *alg,
877 const unsigned char *pt, size_t pt_len,
878 const unsigned char *key, size_t key_len,
879 const unsigned char *iv, size_t iv_len,
880 const unsigned char *ct, size_t ct_len,
881 int enc)
882 {
883 int ret = 0, out_len = 0, len = 0;
884 EVP_CIPHER_CTX *ctx = NULL;
885 EVP_CIPHER *cipher = NULL;
886 unsigned char out[256] = { 0 };
887
888 TEST_note("%s : %s", alg, enc ? "encrypt" : "decrypt");
889 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
890 || !TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, alg, ""))
891 || !TEST_true(EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, enc))
892 || !TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))
893 || !TEST_true(EVP_CipherUpdate(ctx, out, &len, pt, pt_len))
894 || !TEST_true(EVP_CipherFinal_ex(ctx, out + len, &out_len)))
895 goto err;
896 out_len += len;
897 if (!TEST_mem_eq(out, out_len, ct, ct_len))
898 goto err;
899 ret = 1;
900 err:
901 EVP_CIPHER_free(cipher);
902 EVP_CIPHER_CTX_free(ctx);
903 return ret;
904 }
905
cipher_enc_dec_test(int id)906 static int cipher_enc_dec_test(int id)
907 {
908 const struct cipher_st *tst = &cipher_enc_data[id];
909 const int enc = 1;
910
911 return TEST_true(cipher_enc(tst->alg, tst->pt, tst->pt_len,
912 tst->key, tst->key_len,
913 tst->iv, tst->iv_len,
914 tst->ct, tst->ct_len, enc))
915 && TEST_true(cipher_enc(tst->alg, tst->ct, tst->ct_len,
916 tst->key, tst->key_len,
917 tst->iv, tst->iv_len,
918 tst->pt, tst->pt_len, !enc));
919 }
920
aes_ccm_enc_dec(const char * alg,const unsigned char * pt,size_t pt_len,const unsigned char * key,size_t key_len,const unsigned char * iv,size_t iv_len,const unsigned char * aad,size_t aad_len,const unsigned char * ct,size_t ct_len,const unsigned char * tag,size_t tag_len,int enc,int pass)921 static int aes_ccm_enc_dec(const char *alg,
922 const unsigned char *pt, size_t pt_len,
923 const unsigned char *key, size_t key_len,
924 const unsigned char *iv, size_t iv_len,
925 const unsigned char *aad, size_t aad_len,
926 const unsigned char *ct, size_t ct_len,
927 const unsigned char *tag, size_t tag_len,
928 int enc, int pass)
929 {
930 int ret = 0;
931 EVP_CIPHER_CTX *ctx;
932 EVP_CIPHER *cipher = NULL;
933 int out_len, len;
934 unsigned char out[1024];
935
936 TEST_note("%s : %s : expected to %s", alg, enc ? "encrypt" : "decrypt",
937 pass ? "pass" : "fail");
938
939 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
940 || !TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, alg, ""))
941 || !TEST_true(EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc))
942 || !TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, iv_len,
943 NULL),
944 0)
945 || !TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, tag_len,
946 enc ? NULL : (void *)tag),
947 0)
948 || !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, enc))
949 || !TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))
950 || !TEST_true(EVP_CipherUpdate(ctx, NULL, &len, NULL, pt_len))
951 || !TEST_true(EVP_CipherUpdate(ctx, NULL, &len, aad, aad_len))
952 || !TEST_int_eq(EVP_CipherUpdate(ctx, out, &len, pt, pt_len), pass))
953 goto err;
954
955 if (!pass) {
956 ret = 1;
957 goto err;
958 }
959 if (!TEST_true(EVP_CipherFinal_ex(ctx, out + len, &out_len)))
960 goto err;
961 if (enc) {
962 out_len += len;
963 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG,
964 tag_len, out + out_len),
965 0)
966 || !TEST_mem_eq(out, out_len, ct, ct_len)
967 || !TEST_mem_eq(out + out_len, tag_len, tag, tag_len))
968 goto err;
969 } else {
970 if (!TEST_mem_eq(out, out_len + len, ct, ct_len))
971 goto err;
972 }
973
974 ret = 1;
975 err:
976 EVP_CIPHER_free(cipher);
977 EVP_CIPHER_CTX_free(ctx);
978 return ret;
979 }
980
aes_ccm_enc_dec_test(int id)981 static int aes_ccm_enc_dec_test(int id)
982 {
983 const struct cipher_ccm_st *tst = &aes_ccm_enc_data[id];
984
985 /* The tag is on the end of the cipher text */
986 const size_t tag_len = tst->ct_len - tst->pt_len;
987 const size_t ct_len = tst->ct_len - tag_len;
988 const unsigned char *tag = tst->ct + ct_len;
989 const int enc = 1;
990 const int pass = 1;
991
992 if (ct_len < 1)
993 return 0;
994
995 return aes_ccm_enc_dec(tst->alg, tst->pt, tst->pt_len,
996 tst->key, tst->key_len,
997 tst->iv, tst->iv_len, tst->aad, tst->aad_len,
998 tst->ct, ct_len, tag, tag_len, enc, pass)
999 && aes_ccm_enc_dec(tst->alg, tst->ct, ct_len,
1000 tst->key, tst->key_len,
1001 tst->iv, tst->iv_len, tst->aad, tst->aad_len,
1002 tst->pt, tst->pt_len, tag, tag_len, !enc, pass)
1003 /* test that it fails if the tag is incorrect */
1004 && aes_ccm_enc_dec(tst->alg, tst->ct, ct_len,
1005 tst->key, tst->key_len,
1006 tst->iv, tst->iv_len, tst->aad, tst->aad_len,
1007 tst->pt, tst->pt_len,
1008 tag - 1, tag_len, !enc, !pass);
1009 }
1010
aes_gcm_enc_dec(const char * alg,const unsigned char * pt,size_t pt_len,const unsigned char * key,size_t key_len,const unsigned char * iv,size_t iv_len,const unsigned char * aad,size_t aad_len,const unsigned char * ct,size_t ct_len,const unsigned char * tag,size_t tag_len,int enc,int pass,unsigned char * out,int * out_len,unsigned char * outiv)1011 static int aes_gcm_enc_dec(const char *alg,
1012 const unsigned char *pt, size_t pt_len,
1013 const unsigned char *key, size_t key_len,
1014 const unsigned char *iv, size_t iv_len,
1015 const unsigned char *aad, size_t aad_len,
1016 const unsigned char *ct, size_t ct_len,
1017 const unsigned char *tag, size_t tag_len,
1018 int enc, int pass,
1019 unsigned char *out, int *out_len,
1020 unsigned char *outiv)
1021 {
1022 int ret = 0;
1023 EVP_CIPHER_CTX *ctx;
1024 EVP_CIPHER *cipher = NULL;
1025 int olen, len;
1026
1027 TEST_note("%s : %s : expected to %s", alg, enc ? "encrypt" : "decrypt",
1028 pass ? "pass" : "fail");
1029
1030 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
1031 || !TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, alg, ""))
1032 || !TEST_true(EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc))
1033 || !TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, iv_len,
1034 NULL),
1035 0))
1036 goto err;
1037
1038 if (!enc) {
1039 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, tag_len,
1040 (void *)tag),
1041 0))
1042 goto err;
1043 }
1044 /*
1045 * For testing purposes the IV may be passed in here. In a compliant
1046 * application the IV would be generated internally. A fake entropy source
1047 * could also be used to feed in the random IV bytes (see fake_random.c)
1048 */
1049 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, enc))
1050 || !TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))
1051 || !TEST_true(EVP_CipherUpdate(ctx, NULL, &len, aad, aad_len))
1052 || !TEST_true(EVP_CipherUpdate(ctx, out, &len, pt, pt_len)))
1053 goto err;
1054
1055 if (!TEST_int_eq(EVP_CipherFinal_ex(ctx, out + len, &olen), pass))
1056 goto err;
1057 if (!pass) {
1058 ret = 1;
1059 goto err;
1060 }
1061 olen += len;
1062 if (enc) {
1063 if ((ct != NULL && !TEST_mem_eq(out, olen, ct, ct_len))
1064 || !TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG,
1065 tag_len, out + olen),
1066 0)
1067 || (tag != NULL
1068 && !TEST_mem_eq(out + olen, tag_len, tag, tag_len)))
1069 goto err;
1070 } else {
1071 if (ct != NULL && !TEST_mem_eq(out, olen, ct, ct_len))
1072 goto err;
1073 }
1074
1075 {
1076 OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END, OSSL_PARAM_END };
1077 OSSL_PARAM *p = params;
1078 unsigned int iv_generated = -1;
1079 const OSSL_PARAM *gettables = EVP_CIPHER_CTX_gettable_params(ctx);
1080 const char *ivgenkey = OSSL_CIPHER_PARAM_AEAD_IV_GENERATED;
1081 int ivgen = (OSSL_PARAM_locate_const(gettables, ivgenkey) != NULL);
1082
1083 if (ivgen != 0)
1084 *p++ = OSSL_PARAM_construct_uint(ivgenkey, &iv_generated);
1085 if (outiv != NULL)
1086 *p = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_IV,
1087 outiv, iv_len);
1088 if (!TEST_true(EVP_CIPHER_CTX_get_params(ctx, params)))
1089 goto err;
1090 if (ivgen != 0
1091 && !TEST_uint_eq(iv_generated, (enc == 0 || iv != NULL ? 0 : 1)))
1092 goto err;
1093 }
1094 if (out_len != NULL)
1095 *out_len = olen;
1096
1097 ret = 1;
1098 err:
1099 EVP_CIPHER_free(cipher);
1100 EVP_CIPHER_CTX_free(ctx);
1101 return ret;
1102 }
1103
aes_gcm_enc_dec_test(int id)1104 static int aes_gcm_enc_dec_test(int id)
1105 {
1106 const struct cipher_gcm_st *tst = &aes_gcm_enc_data[id];
1107 int enc = 1;
1108 int pass = 1;
1109 unsigned char out[1024];
1110
1111 return aes_gcm_enc_dec(tst->alg, tst->pt, tst->pt_len,
1112 tst->key, tst->key_len,
1113 tst->iv, tst->iv_len, tst->aad, tst->aad_len,
1114 tst->ct, tst->ct_len, tst->tag, tst->tag_len,
1115 enc, pass, out, NULL, NULL)
1116 && aes_gcm_enc_dec(tst->alg, tst->ct, tst->ct_len,
1117 tst->key, tst->key_len,
1118 tst->iv, tst->iv_len, tst->aad, tst->aad_len,
1119 tst->pt, tst->pt_len, tst->tag, tst->tag_len,
1120 !enc, pass, out, NULL, NULL)
1121 /* Fail if incorrect tag passed to decrypt */
1122 && aes_gcm_enc_dec(tst->alg, tst->ct, tst->ct_len,
1123 tst->key, tst->key_len,
1124 tst->iv, tst->iv_len, tst->aad, tst->aad_len,
1125 tst->pt, tst->pt_len, tst->aad, tst->tag_len,
1126 !enc, !pass, out, NULL, NULL);
1127 }
1128
aes_gcm_gen_iv_internal_test(void)1129 static int aes_gcm_gen_iv_internal_test(void)
1130 {
1131 const struct cipher_gcm_st *tst = &aes_gcm_enc_data[0];
1132 int enc = 1;
1133 int pass = 1;
1134 int out_len = 0;
1135 unsigned char out[1024];
1136 unsigned char iv[16];
1137
1138 return aes_gcm_enc_dec(tst->alg, tst->pt, tst->pt_len,
1139 tst->key, tst->key_len,
1140 NULL, tst->iv_len, tst->aad, tst->aad_len,
1141 NULL, tst->ct_len, NULL, tst->tag_len,
1142 enc, pass, out, &out_len, iv)
1143 && aes_gcm_enc_dec(tst->alg, out, out_len,
1144 tst->key, tst->key_len,
1145 iv, tst->iv_len, tst->aad, tst->aad_len,
1146 tst->pt, tst->pt_len, out + out_len, tst->tag_len,
1147 !enc, pass, out, NULL, NULL);
1148 }
1149
1150 #ifndef OPENSSL_NO_DH
dh_create_pkey(EVP_PKEY ** pkey,const char * group_name,const unsigned char * pub,size_t pub_len,const unsigned char * priv,size_t priv_len,BN_CTX * bn_ctx,int pass)1151 static int dh_create_pkey(EVP_PKEY **pkey, const char *group_name,
1152 const unsigned char *pub, size_t pub_len,
1153 const unsigned char *priv, size_t priv_len,
1154 BN_CTX *bn_ctx, int pass)
1155 {
1156 int ret = 0;
1157 EVP_PKEY_CTX *ctx = NULL;
1158 OSSL_PARAM_BLD *bld = NULL;
1159 OSSL_PARAM *params = NULL;
1160 BIGNUM *pub_bn = NULL, *priv_bn = NULL;
1161
1162 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
1163 || (group_name != NULL
1164 && !TEST_int_gt(OSSL_PARAM_BLD_push_utf8_string(
1165 bld, OSSL_PKEY_PARAM_GROUP_NAME,
1166 group_name, 0),
1167 0)))
1168 goto err;
1169
1170 if (pub != NULL) {
1171 if (!TEST_ptr(pub_bn = BN_CTX_get(bn_ctx))
1172 || !TEST_ptr(BN_bin2bn(pub, pub_len, pub_bn))
1173 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
1174 pub_bn)))
1175 goto err;
1176 }
1177 if (priv != NULL) {
1178 if (!TEST_ptr(priv_bn = BN_CTX_get(bn_ctx))
1179 || !TEST_ptr(BN_bin2bn(priv, priv_len, priv_bn))
1180 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
1181 priv_bn)))
1182 goto err;
1183 }
1184
1185 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
1186 || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "DH", NULL))
1187 || !TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1)
1188 || !TEST_int_eq(EVP_PKEY_fromdata(ctx, pkey, EVP_PKEY_KEYPAIR, params),
1189 pass))
1190 goto err;
1191
1192 ret = 1;
1193 err:
1194 OSSL_PARAM_free(params);
1195 OSSL_PARAM_BLD_free(bld);
1196 EVP_PKEY_CTX_free(ctx);
1197 return ret;
1198 }
1199
dh_safe_prime_keygen_test(int id)1200 static int dh_safe_prime_keygen_test(int id)
1201 {
1202 int ret = 0;
1203 EVP_PKEY_CTX *ctx = NULL;
1204 EVP_PKEY *pkey = NULL;
1205 unsigned char *priv = NULL;
1206 unsigned char *pub = NULL;
1207 size_t priv_len = 0, pub_len = 0;
1208 OSSL_PARAM params[2];
1209 const struct dh_safe_prime_keygen_st *tst = &dh_safe_prime_keygen_data[id];
1210
1211 params[0] = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME,
1212 (char *)tst->group_name, 0);
1213 params[1] = OSSL_PARAM_construct_end();
1214
1215 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "DH", NULL))
1216 || !TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
1217 || !TEST_true(EVP_PKEY_CTX_set_params(ctx, params))
1218 || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0)
1219 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_PRIV_KEY,
1220 &priv, &priv_len))
1221 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_PUB_KEY,
1222 &pub, &pub_len)))
1223 goto err;
1224
1225 test_output_memory("x", priv, priv_len);
1226 test_output_memory("y", pub, pub_len);
1227 ret = 1;
1228 err:
1229 OPENSSL_clear_free(priv, priv_len);
1230 OPENSSL_free(pub);
1231 EVP_PKEY_free(pkey);
1232 EVP_PKEY_CTX_free(ctx);
1233 return ret;
1234 }
1235
dh_safe_prime_keyver_test(int id)1236 static int dh_safe_prime_keyver_test(int id)
1237 {
1238 int ret = 0;
1239 BN_CTX *bn_ctx = NULL;
1240 EVP_PKEY_CTX *key_ctx = NULL;
1241 EVP_PKEY *pkey = NULL;
1242 const struct dh_safe_prime_keyver_st *tst = &dh_safe_prime_keyver_data[id];
1243
1244 if (!TEST_ptr(bn_ctx = BN_CTX_new_ex(libctx))
1245 || !TEST_true(dh_create_pkey(&pkey, tst->group_name,
1246 tst->pub, tst->pub_len,
1247 tst->priv, tst->priv_len, bn_ctx, 1))
1248 || !TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, ""))
1249 || !TEST_int_eq(EVP_PKEY_check(key_ctx), tst->pass))
1250 goto err;
1251
1252 ret = 1;
1253 err:
1254 EVP_PKEY_free(pkey);
1255 EVP_PKEY_CTX_free(key_ctx);
1256 BN_CTX_free(bn_ctx);
1257 return ret;
1258 }
1259 #endif /* OPENSSL_NO_DH */
1260
rsa_create_pkey(EVP_PKEY ** pkey,const unsigned char * n,size_t n_len,const unsigned char * e,size_t e_len,const unsigned char * d,size_t d_len,BN_CTX * bn_ctx)1261 static int rsa_create_pkey(EVP_PKEY **pkey,
1262 const unsigned char *n, size_t n_len,
1263 const unsigned char *e, size_t e_len,
1264 const unsigned char *d, size_t d_len,
1265 BN_CTX *bn_ctx)
1266 {
1267 int ret = 0;
1268 EVP_PKEY_CTX *ctx = NULL;
1269 OSSL_PARAM_BLD *bld = NULL;
1270 OSSL_PARAM *params = NULL;
1271 BIGNUM *e_bn = NULL, *d_bn = NULL, *n_bn = NULL;
1272
1273 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
1274 || !TEST_ptr(n_bn = BN_CTX_get(bn_ctx))
1275 || !TEST_ptr(BN_bin2bn(n, n_len, n_bn))
1276 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_N, n_bn)))
1277 goto err;
1278
1279 if (e != NULL) {
1280 if (!TEST_ptr(e_bn = BN_CTX_get(bn_ctx))
1281 || !TEST_ptr(BN_bin2bn(e, e_len, e_bn))
1282 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_E,
1283 e_bn)))
1284 goto err;
1285 }
1286 if (d != NULL) {
1287 if (!TEST_ptr(d_bn = BN_CTX_get(bn_ctx))
1288 || !TEST_ptr(BN_bin2bn(d, d_len, d_bn))
1289 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_D,
1290 d_bn)))
1291 goto err;
1292 }
1293 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
1294 || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "RSA", NULL))
1295 || !TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1)
1296 || !TEST_int_eq(EVP_PKEY_fromdata(ctx, pkey, EVP_PKEY_KEYPAIR, params),
1297 1))
1298 goto err;
1299
1300 ret = 1;
1301 err:
1302 OSSL_PARAM_free(params);
1303 OSSL_PARAM_BLD_free(bld);
1304 EVP_PKEY_CTX_free(ctx);
1305 return ret;
1306 }
1307
rsa_keygen_test(int id)1308 static int rsa_keygen_test(int id)
1309 {
1310 int ret = 0;
1311 EVP_PKEY_CTX *ctx = NULL;
1312 EVP_PKEY *pkey = NULL;
1313 BIGNUM *e_bn = NULL;
1314 BIGNUM *xp1_bn = NULL, *xp2_bn = NULL, *xp_bn = NULL;
1315 BIGNUM *xq1_bn = NULL, *xq2_bn = NULL, *xq_bn = NULL;
1316 unsigned char *n = NULL, *d = NULL;
1317 unsigned char *p = NULL, *p1 = NULL, *p2 = NULL;
1318 unsigned char *q = NULL, *q1 = NULL, *q2 = NULL;
1319 size_t n_len = 0, d_len = 0;
1320 size_t p_len = 0, p1_len = 0, p2_len = 0;
1321 size_t q_len = 0, q1_len = 0, q2_len = 0;
1322 OSSL_PARAM_BLD *bld = NULL;
1323 OSSL_PARAM *params = NULL;
1324 const struct rsa_keygen_st *tst = &rsa_keygen_data[id];
1325
1326 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
1327 || !TEST_ptr(xp1_bn = BN_bin2bn(tst->xp1, tst->xp1_len, NULL))
1328 || !TEST_ptr(xp2_bn = BN_bin2bn(tst->xp2, tst->xp2_len, NULL))
1329 || !TEST_ptr(xp_bn = BN_bin2bn(tst->xp, tst->xp_len, NULL))
1330 || !TEST_ptr(xq1_bn = BN_bin2bn(tst->xq1, tst->xq1_len, NULL))
1331 || !TEST_ptr(xq2_bn = BN_bin2bn(tst->xq2, tst->xq2_len, NULL))
1332 || !TEST_ptr(xq_bn = BN_bin2bn(tst->xq, tst->xq_len, NULL))
1333 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_TEST_XP1,
1334 xp1_bn))
1335 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_TEST_XP2,
1336 xp2_bn))
1337 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_TEST_XP,
1338 xp_bn))
1339 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_TEST_XQ1,
1340 xq1_bn))
1341 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_TEST_XQ2,
1342 xq2_bn))
1343 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_TEST_XQ,
1344 xq_bn))
1345 || !TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
1346 goto err;
1347
1348 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "RSA", NULL))
1349 || !TEST_ptr(e_bn = BN_bin2bn(tst->e, tst->e_len, NULL))
1350 || !TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
1351 || !TEST_int_gt(EVP_PKEY_CTX_set_params(ctx, params), 0)
1352 || !TEST_int_gt(EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, tst->mod), 0)
1353 || !TEST_int_gt(EVP_PKEY_CTX_set1_rsa_keygen_pubexp(ctx, e_bn), 0)
1354 || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0)
1355 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_TEST_P1,
1356 &p1, &p1_len))
1357 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_TEST_P2,
1358 &p2, &p2_len))
1359 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_TEST_Q1,
1360 &q1, &q1_len))
1361 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_TEST_Q2,
1362 &q2, &q2_len))
1363 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_FACTOR1,
1364 &p, &p_len))
1365 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_FACTOR2,
1366 &q, &q_len))
1367 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_N,
1368 &n, &n_len))
1369 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_D,
1370 &d, &d_len)))
1371 goto err;
1372
1373 if (!TEST_mem_eq(tst->p1, tst->p1_len, p1, p1_len)
1374 || !TEST_mem_eq(tst->p2, tst->p2_len, p2, p2_len)
1375 || !TEST_mem_eq(tst->p, tst->p_len, p, p_len)
1376 || !TEST_mem_eq(tst->q1, tst->q1_len, q1, q1_len)
1377 || !TEST_mem_eq(tst->q2, tst->q2_len, q2, q2_len)
1378 || !TEST_mem_eq(tst->q, tst->q_len, q, q_len)
1379 || !TEST_mem_eq(tst->n, tst->n_len, n, n_len)
1380 || !TEST_mem_eq(tst->d, tst->d_len, d, d_len))
1381 goto err;
1382
1383 test_output_memory("p1", p1, p1_len);
1384 test_output_memory("p2", p2, p2_len);
1385 test_output_memory("p", p, p_len);
1386 test_output_memory("q1", q1, q1_len);
1387 test_output_memory("q2", q2, q2_len);
1388 test_output_memory("q", q, q_len);
1389 test_output_memory("n", n, n_len);
1390 test_output_memory("d", d, d_len);
1391 ret = 1;
1392 err:
1393 BN_free(xp1_bn);
1394 BN_free(xp2_bn);
1395 BN_free(xp_bn);
1396 BN_free(xq1_bn);
1397 BN_free(xq2_bn);
1398 BN_free(xq_bn);
1399 BN_free(e_bn);
1400 OPENSSL_free(p1);
1401 OPENSSL_free(p2);
1402 OPENSSL_free(q1);
1403 OPENSSL_free(q2);
1404 OPENSSL_free(p);
1405 OPENSSL_free(q);
1406 OPENSSL_free(n);
1407 OPENSSL_free(d);
1408 EVP_PKEY_free(pkey);
1409 EVP_PKEY_CTX_free(ctx);
1410 OSSL_PARAM_free(params);
1411 OSSL_PARAM_BLD_free(bld);
1412 return ret;
1413 }
1414
rsa_siggen_test(int id)1415 static int rsa_siggen_test(int id)
1416 {
1417 int ret = 0;
1418 EVP_PKEY *pkey = NULL;
1419 unsigned char *sig = NULL, *n = NULL, *e = NULL;
1420 size_t sig_len = 0, n_len = 0, e_len = 0;
1421 OSSL_PARAM params[4], *p;
1422 const struct rsa_siggen_st *tst = &rsa_siggen_data[id];
1423 int salt_len = tst->pss_salt_len;
1424
1425 if (!rsa_sign_x931_pad_allowed
1426 && (strcmp(tst->sig_pad_mode, OSSL_PKEY_RSA_PAD_MODE_X931) == 0))
1427 return TEST_skip("x931 signing is not allowed");
1428
1429 TEST_note("RSA %s signature generation", tst->sig_pad_mode);
1430
1431 p = params;
1432 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_PAD_MODE,
1433 (char *)tst->sig_pad_mode, 0);
1434 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
1435 (char *)tst->digest_alg, 0);
1436 if (salt_len >= 0)
1437 *p++ = OSSL_PARAM_construct_int(OSSL_SIGNATURE_PARAM_PSS_SALTLEN,
1438 &salt_len);
1439 *p++ = OSSL_PARAM_construct_end();
1440
1441 if (!TEST_ptr(pkey = EVP_PKEY_Q_keygen(libctx, NULL, "RSA", tst->mod))
1442 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_N, &n, &n_len))
1443 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_E, &e, &e_len))
1444 || !TEST_true(sig_gen(pkey, params, tst->digest_alg,
1445 tst->msg, tst->msg_len,
1446 &sig, &sig_len)))
1447 goto err;
1448 test_output_memory("n", n, n_len);
1449 test_output_memory("e", e, e_len);
1450 test_output_memory("sig", sig, sig_len);
1451 ret = 1;
1452 err:
1453 OPENSSL_free(n);
1454 OPENSSL_free(e);
1455 OPENSSL_free(sig);
1456 EVP_PKEY_free(pkey);
1457 return ret;
1458 }
1459
rsa_sigver_test(int id)1460 static int rsa_sigver_test(int id)
1461 {
1462 int ret = 0;
1463 EVP_PKEY_CTX *pkey_ctx = NULL;
1464 EVP_PKEY *pkey = NULL;
1465 EVP_MD_CTX *md_ctx = NULL;
1466 BN_CTX *bn_ctx = NULL;
1467 OSSL_PARAM params[4], *p;
1468 const struct rsa_sigver_st *tst = &rsa_sigver_data[id];
1469 int salt_len = tst->pss_salt_len;
1470
1471 TEST_note("RSA %s Signature Verify : expected to %s ", tst->sig_pad_mode,
1472 tst->pass == PASS ? "pass" : "fail");
1473
1474 p = params;
1475 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_PAD_MODE,
1476 (char *)tst->sig_pad_mode, 0);
1477 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
1478 (char *)tst->digest_alg, 0);
1479 if (salt_len >= 0)
1480 *p++ = OSSL_PARAM_construct_int(OSSL_SIGNATURE_PARAM_PSS_SALTLEN,
1481 &salt_len);
1482 *p = OSSL_PARAM_construct_end();
1483
1484 if (!TEST_ptr(bn_ctx = BN_CTX_new())
1485 || !TEST_true(rsa_create_pkey(&pkey, tst->n, tst->n_len,
1486 tst->e, tst->e_len, NULL, 0, bn_ctx))
1487 || !TEST_ptr(md_ctx = EVP_MD_CTX_new())
1488 || !TEST_true(EVP_DigestVerifyInit_ex(md_ctx, &pkey_ctx,
1489 tst->digest_alg, libctx, NULL,
1490 pkey, NULL))
1491 || !check_verify_message(pkey_ctx, 1)
1492 || !TEST_true(EVP_PKEY_CTX_set_params(pkey_ctx, params))
1493 || !TEST_int_eq(EVP_DigestVerify(md_ctx, tst->sig, tst->sig_len,
1494 tst->msg, tst->msg_len),
1495 tst->pass)
1496 || !check_verify_message(pkey_ctx, 1)
1497 || !TEST_true(EVP_PKEY_verify_init(pkey_ctx))
1498 || !check_verify_message(pkey_ctx, 0))
1499 goto err;
1500
1501 ret = 1;
1502 err:
1503 EVP_PKEY_free(pkey);
1504 BN_CTX_free(bn_ctx);
1505 EVP_MD_CTX_free(md_ctx);
1506 return ret;
1507 }
1508
rsa_decryption_primitive_test(int id)1509 static int rsa_decryption_primitive_test(int id)
1510 {
1511 int ret = 0;
1512 EVP_PKEY_CTX *ctx = NULL;
1513 EVP_PKEY *pkey = NULL;
1514 unsigned char pt[2048];
1515 size_t pt_len = sizeof(pt);
1516 unsigned char *n = NULL, *e = NULL;
1517 size_t n_len = 0, e_len = 0;
1518 BN_CTX *bn_ctx = NULL;
1519 const struct rsa_decrypt_prim_st *tst = &rsa_decrypt_prim_data[id];
1520
1521 if (!TEST_ptr(pkey = EVP_PKEY_Q_keygen(libctx, NULL, "RSA", (size_t)2048))
1522 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_N, &n, &n_len))
1523 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_E, &e, &e_len))
1524 || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, ""))
1525 || !TEST_int_gt(EVP_PKEY_decrypt_init(ctx), 0)
1526 || !TEST_int_gt(EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_NO_PADDING), 0))
1527 goto err;
1528
1529 test_output_memory("n", n, n_len);
1530 test_output_memory("e", e, e_len);
1531 if (EVP_PKEY_decrypt(ctx, pt, &pt_len, tst->ct, tst->ct_len) <= 0)
1532 TEST_note("Decryption Failed");
1533 else
1534 test_output_memory("pt", pt, pt_len);
1535 ret = 1;
1536 err:
1537 OPENSSL_free(n);
1538 OPENSSL_free(e);
1539 EVP_PKEY_CTX_free(ctx);
1540 EVP_PKEY_free(pkey);
1541 BN_CTX_free(bn_ctx);
1542 return ret;
1543 }
1544
self_test_events(const OSSL_PARAM params[],void * varg)1545 static int self_test_events(const OSSL_PARAM params[], void *varg)
1546 {
1547 SELF_TEST_ARGS *args = varg;
1548 const OSSL_PARAM *p = NULL;
1549 const char *phase = NULL, *type = NULL, *desc = NULL;
1550 int ret = 0;
1551
1552 if (!args->enable)
1553 return 1;
1554
1555 args->called++;
1556 p = OSSL_PARAM_locate_const(params, OSSL_PROV_PARAM_SELF_TEST_PHASE);
1557 if (p == NULL || p->data_type != OSSL_PARAM_UTF8_STRING)
1558 goto err;
1559 phase = (const char *)p->data;
1560
1561 p = OSSL_PARAM_locate_const(params, OSSL_PROV_PARAM_SELF_TEST_DESC);
1562 if (p == NULL || p->data_type != OSSL_PARAM_UTF8_STRING)
1563 goto err;
1564 desc = (const char *)p->data;
1565
1566 p = OSSL_PARAM_locate_const(params, OSSL_PROV_PARAM_SELF_TEST_TYPE);
1567 if (p == NULL || p->data_type != OSSL_PARAM_UTF8_STRING)
1568 goto err;
1569 type = (const char *)p->data;
1570
1571 BIO_printf(bio_out, "%s %s %s\n", phase, desc, type);
1572 ret = 1;
1573 err:
1574 return ret;
1575 }
1576
drbg_test(int id)1577 static int drbg_test(int id)
1578 {
1579 OSSL_PARAM params[3];
1580 EVP_RAND *rand = NULL;
1581 EVP_RAND_CTX *ctx = NULL, *parent = NULL;
1582 unsigned char returned_bits[64];
1583 const size_t returned_bits_len = sizeof(returned_bits);
1584 unsigned int strength = 256;
1585 const struct drbg_st *tst = &drbg_data[id];
1586 int res = 0;
1587
1588 /* Create the seed source */
1589 if (!TEST_ptr(rand = EVP_RAND_fetch(libctx, "TEST-RAND", "-fips"))
1590 || !TEST_ptr(parent = EVP_RAND_CTX_new(rand, NULL)))
1591 goto err;
1592 EVP_RAND_free(rand);
1593 rand = NULL;
1594
1595 params[0] = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_STRENGTH, &strength);
1596 params[1] = OSSL_PARAM_construct_end();
1597 if (!TEST_true(EVP_RAND_CTX_set_params(parent, params)))
1598 goto err;
1599
1600 /* Get the DRBG */
1601 if (!TEST_ptr(rand = EVP_RAND_fetch(libctx, tst->drbg_name, ""))
1602 || !TEST_ptr(ctx = EVP_RAND_CTX_new(rand, parent)))
1603 goto err;
1604
1605 /* Set the DRBG up */
1606 params[0] = OSSL_PARAM_construct_int(OSSL_DRBG_PARAM_USE_DF,
1607 (int *)&tst->use_df);
1608 params[1] = OSSL_PARAM_construct_utf8_string(OSSL_DRBG_PARAM_CIPHER,
1609 (char *)tst->cipher, 0);
1610 params[2] = OSSL_PARAM_construct_end();
1611 if (!TEST_true(EVP_RAND_CTX_set_params(ctx, params)))
1612 goto err;
1613
1614 /* Feed in the entropy and nonce */
1615 params[0] = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY,
1616 (void *)tst->entropy_input,
1617 tst->entropy_input_len);
1618 params[1] = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_NONCE,
1619 (void *)tst->nonce,
1620 tst->nonce_len);
1621 params[2] = OSSL_PARAM_construct_end();
1622 if (!TEST_true(EVP_RAND_CTX_set_params(parent, params)))
1623 goto err;
1624
1625 /*
1626 * Run the test
1627 * A NULL personalisation string defaults to the built in so something
1628 * non-NULL is needed if there is no personalisation string
1629 */
1630 if (!TEST_true(EVP_RAND_instantiate(ctx, 0, 0, (void *)"", 0, NULL))
1631 || !TEST_true(EVP_RAND_generate(ctx, returned_bits, returned_bits_len,
1632 0, 0, NULL, 0))
1633 || !TEST_true(EVP_RAND_generate(ctx, returned_bits, returned_bits_len,
1634 0, 0, NULL, 0)))
1635 goto err;
1636
1637 test_output_memory("returned bits", returned_bits, returned_bits_len);
1638
1639 /* Clean up */
1640 if (!TEST_true(EVP_RAND_uninstantiate(ctx))
1641 || !TEST_true(EVP_RAND_uninstantiate(parent)))
1642 goto err;
1643
1644 /* Verify the output */
1645 if (!TEST_mem_eq(returned_bits, returned_bits_len,
1646 tst->returned_bits, tst->returned_bits_len))
1647 goto err;
1648 res = 1;
1649 err:
1650 EVP_RAND_CTX_free(ctx);
1651 /* Coverity is confused by the upref/free in EVP_RAND_CTX_new() subdue it */
1652 /* coverity[pass_freed_arg] */
1653 EVP_RAND_CTX_free(parent);
1654 EVP_RAND_free(rand);
1655 return res;
1656 }
1657
aes_cfb1_bits_test(void)1658 static int aes_cfb1_bits_test(void)
1659 {
1660 int ret = 0;
1661 EVP_CIPHER *cipher = NULL;
1662 EVP_CIPHER_CTX *ctx = NULL;
1663 unsigned char out[16] = { 0 };
1664 int outlen;
1665 const OSSL_PARAM *params, *p;
1666
1667 static const unsigned char key[] = {
1668 0x12, 0x22, 0x58, 0x2F, 0x1C, 0x1A, 0x8A, 0x88,
1669 0x30, 0xFC, 0x18, 0xB7, 0x24, 0x89, 0x7F, 0xC0
1670 };
1671 static const unsigned char iv[] = {
1672 0x05, 0x28, 0xB5, 0x2B, 0x58, 0x27, 0x63, 0x5C,
1673 0x81, 0x86, 0xD3, 0x63, 0x60, 0xB0, 0xAA, 0x2B
1674 };
1675 static const unsigned char pt[] = {
1676 0xB4
1677 };
1678 static const unsigned char expected[] = {
1679 0x6C
1680 };
1681
1682 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, "AES-128-CFB1", "fips=yes")))
1683 goto err;
1684 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()))
1685 goto err;
1686 if (!TEST_int_gt(EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, 1), 0))
1687 goto err;
1688 if (!TEST_ptr(params = EVP_CIPHER_CTX_settable_params(ctx))
1689 || !TEST_ptr(p = OSSL_PARAM_locate_const(params,
1690 OSSL_CIPHER_PARAM_USE_BITS)))
1691 goto err;
1692 EVP_CIPHER_CTX_set_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS);
1693 if (!TEST_int_gt(EVP_CipherUpdate(ctx, out, &outlen, pt, 7), 0))
1694 goto err;
1695 if (!TEST_int_eq(outlen, 7))
1696 goto err;
1697 if (!TEST_mem_eq(out, (outlen + 7) / 8, expected, sizeof(expected)))
1698 goto err;
1699 ret = 1;
1700 err:
1701 EVP_CIPHER_free(cipher);
1702 EVP_CIPHER_CTX_free(ctx);
1703 return ret;
1704 }
1705
setup_tests(void)1706 int setup_tests(void)
1707 {
1708 char *config_file = NULL;
1709
1710 OPTION_CHOICE o;
1711
1712 while ((o = opt_next()) != OPT_EOF) {
1713 switch (o) {
1714 case OPT_CONFIG_FILE:
1715 config_file = opt_arg();
1716 break;
1717 case OPT_TEST_CASES:
1718 break;
1719 default:
1720 case OPT_ERR:
1721 return 0;
1722 }
1723 }
1724
1725 if (!test_get_libctx(&libctx, &prov_null, config_file, NULL, NULL))
1726 return 0;
1727
1728 OSSL_SELF_TEST_set_callback(libctx, self_test_events, &self_test_args);
1729
1730 ADD_TEST(aes_cfb1_bits_test);
1731 ADD_ALL_TESTS(cipher_enc_dec_test, OSSL_NELEM(cipher_enc_data));
1732 ADD_ALL_TESTS(aes_ccm_enc_dec_test, OSSL_NELEM(aes_ccm_enc_data));
1733 ADD_ALL_TESTS(aes_gcm_enc_dec_test, OSSL_NELEM(aes_gcm_enc_data));
1734 if (fips_provider_version_ge(libctx, 3, 4, 0))
1735 ADD_TEST(aes_gcm_gen_iv_internal_test);
1736
1737 pass_sig_gen_params = fips_provider_version_ge(libctx, 3, 4, 0);
1738 rsa_sign_x931_pad_allowed = fips_provider_version_lt(libctx, 3, 4, 0);
1739 ADD_ALL_TESTS(rsa_keygen_test, OSSL_NELEM(rsa_keygen_data));
1740 ADD_ALL_TESTS(rsa_siggen_test, OSSL_NELEM(rsa_siggen_data));
1741 ADD_ALL_TESTS(rsa_sigver_test, OSSL_NELEM(rsa_sigver_data));
1742 ADD_ALL_TESTS(rsa_decryption_primitive_test,
1743 OSSL_NELEM(rsa_decrypt_prim_data));
1744
1745 #ifndef OPENSSL_NO_DH
1746 ADD_ALL_TESTS(dh_safe_prime_keygen_test,
1747 OSSL_NELEM(dh_safe_prime_keygen_data));
1748 ADD_ALL_TESTS(dh_safe_prime_keyver_test,
1749 OSSL_NELEM(dh_safe_prime_keyver_data));
1750 #endif /* OPENSSL_NO_DH */
1751
1752 #ifndef OPENSSL_NO_DSA
1753 dsasign_allowed = fips_provider_version_lt(libctx, 3, 4, 0);
1754 ADD_ALL_TESTS(dsa_keygen_test, OSSL_NELEM(dsa_keygen_data));
1755 ADD_ALL_TESTS(dsa_paramgen_test, OSSL_NELEM(dsa_paramgen_data));
1756 ADD_ALL_TESTS(dsa_pqver_test, OSSL_NELEM(dsa_pqver_data));
1757 ADD_ALL_TESTS(dsa_siggen_test, OSSL_NELEM(dsa_siggen_data));
1758 ADD_ALL_TESTS(dsa_sigver_test, OSSL_NELEM(dsa_sigver_data));
1759 #endif /* OPENSSL_NO_DSA */
1760
1761 #ifndef OPENSSL_NO_EC
1762 ec_cofactors = fips_provider_version_ge(libctx, 3, 4, 0);
1763 ADD_ALL_TESTS(ecdsa_keygen_test, OSSL_NELEM(ecdsa_keygen_data));
1764 ADD_ALL_TESTS(ecdsa_pub_verify_test, OSSL_NELEM(ecdsa_pv_data));
1765 ADD_ALL_TESTS(ecdsa_siggen_test, OSSL_NELEM(ecdsa_siggen_data));
1766 ADD_ALL_TESTS(ecdsa_sigver_test, OSSL_NELEM(ecdsa_sigver_data));
1767 ADD_ALL_TESTS(ecdh_cofactor_derive_test,
1768 OSSL_NELEM(ecdh_cofactor_derive_data));
1769 #endif /* OPENSSL_NO_EC */
1770
1771 #ifndef OPENSSL_NO_ECX
1772 if (fips_provider_version_ge(libctx, 3, 4, 0)) {
1773 ADD_ALL_TESTS(eddsa_keygen_test, OSSL_NELEM(eddsa_pv_data));
1774 ADD_ALL_TESTS(eddsa_pub_verify_test, OSSL_NELEM(eddsa_pv_data));
1775 }
1776 #endif
1777 ADD_ALL_TESTS(drbg_test, OSSL_NELEM(drbg_data));
1778 return 1;
1779 }
1780
cleanup_tests(void)1781 void cleanup_tests(void)
1782 {
1783 OSSL_PROVIDER_unload(prov_null);
1784 OSSL_LIB_CTX_free(libctx);
1785 }
1786