2
0

evp_libctx_test.c 28 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735
  1. /*
  2. * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. /*
  10. * These tests are setup to load null into the default library context.
  11. * Any tests are expected to use the created 'libctx' to find algorithms.
  12. * The framework runs the tests twice using the 'default' provider or
  13. * 'fips' provider as inputs.
  14. */
  15. /*
  16. * DSA/DH low level APIs are deprecated for public use, but still ok for
  17. * internal use.
  18. */
  19. #include "internal/deprecated.h"
  20. #include <assert.h>
  21. #include <openssl/evp.h>
  22. #include <openssl/provider.h>
  23. #include <openssl/dsa.h>
  24. #include <openssl/dh.h>
  25. #include <openssl/safestack.h>
  26. #include <openssl/core_dispatch.h>
  27. #include <openssl/core_names.h>
  28. #include <openssl/x509.h>
  29. #include <openssl/encoder.h>
  30. #include "testutil.h"
  31. #include "internal/nelem.h"
  32. #include "crypto/bn_dh.h" /* _bignum_ffdhe2048_p */
  33. #include "../e_os.h" /* strcasecmp */
  34. static OSSL_LIB_CTX *libctx = NULL;
  35. static OSSL_PROVIDER *nullprov = NULL;
  36. static OSSL_PROVIDER *libprov = NULL;
  37. static STACK_OF(OPENSSL_STRING) *cipher_names = NULL;
  38. typedef enum OPTION_choice {
  39. OPT_ERR = -1,
  40. OPT_EOF = 0,
  41. OPT_CONFIG_FILE,
  42. OPT_PROVIDER_NAME,
  43. OPT_TEST_ENUM
  44. } OPTION_CHOICE;
  45. const OPTIONS *test_get_options(void)
  46. {
  47. static const OPTIONS test_options[] = {
  48. OPT_TEST_OPTIONS_DEFAULT_USAGE,
  49. { "config", OPT_CONFIG_FILE, '<',
  50. "The configuration file to use for the libctx" },
  51. { "provider", OPT_PROVIDER_NAME, 's',
  52. "The provider to load (The default value is 'default')" },
  53. { NULL }
  54. };
  55. return test_options;
  56. }
  57. #ifndef OPENSSL_NO_DH
  58. static const char *getname(int id)
  59. {
  60. const char *name[] = {"p", "q", "g" };
  61. if (id >= 0 && id < 3)
  62. return name[id];
  63. return "?";
  64. }
  65. #endif
  66. /*
  67. * We're using some DH specific values in this test, so we skip compilation if
  68. * we're in a no-dh build.
  69. */
  70. #if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DH)
  71. static int test_dsa_param_keygen(int tstid)
  72. {
  73. int ret = 0;
  74. int expected;
  75. EVP_PKEY_CTX *gen_ctx = NULL;
  76. EVP_PKEY *pkey_parm = NULL;
  77. EVP_PKEY *pkey = NULL, *dup_pk = NULL;
  78. DSA *dsa = NULL;
  79. int pind, qind, gind;
  80. BIGNUM *p = NULL, *q = NULL, *g = NULL;
  81. /*
  82. * Just grab some fixed dh p, q, g values for testing,
  83. * these 'safe primes' should not be used normally for dsa *.
  84. */
  85. static const BIGNUM *bn[] = {
  86. &ossl_bignum_dh2048_256_p, &ossl_bignum_dh2048_256_q,
  87. &ossl_bignum_dh2048_256_g
  88. };
  89. /*
  90. * These tests are using bad values for p, q, g by reusing the values.
  91. * A value of 0 uses p, 1 uses q and 2 uses g.
  92. * There are 27 different combinations, with only the 1 valid combination.
  93. */
  94. pind = tstid / 9;
  95. qind = (tstid / 3) % 3;
  96. gind = tstid % 3;
  97. expected = (pind == 0 && qind == 1 && gind == 2);
  98. TEST_note("Testing with (p, q, g) = (%s, %s, %s)\n", getname(pind),
  99. getname(qind), getname(gind));
  100. if (!TEST_ptr(pkey_parm = EVP_PKEY_new())
  101. || !TEST_ptr(dsa = DSA_new())
  102. || !TEST_ptr(p = BN_dup(bn[pind]))
  103. || !TEST_ptr(q = BN_dup(bn[qind]))
  104. || !TEST_ptr(g = BN_dup(bn[gind]))
  105. || !TEST_true(DSA_set0_pqg(dsa, p, q, g)))
  106. goto err;
  107. p = q = g = NULL;
  108. if (!TEST_true(EVP_PKEY_assign_DSA(pkey_parm, dsa)))
  109. goto err;
  110. dsa = NULL;
  111. if (!TEST_ptr(gen_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey_parm, NULL))
  112. || !TEST_int_gt(EVP_PKEY_keygen_init(gen_ctx), 0)
  113. || !TEST_int_eq(EVP_PKEY_keygen(gen_ctx, &pkey), expected))
  114. goto err;
  115. if (expected) {
  116. if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pkey))
  117. || !TEST_int_eq(EVP_PKEY_eq(pkey, dup_pk), 1))
  118. goto err;
  119. }
  120. ret = 1;
  121. err:
  122. EVP_PKEY_free(pkey);
  123. EVP_PKEY_free(dup_pk);
  124. EVP_PKEY_CTX_free(gen_ctx);
  125. EVP_PKEY_free(pkey_parm);
  126. DSA_free(dsa);
  127. BN_free(g);
  128. BN_free(q);
  129. BN_free(p);
  130. return ret;
  131. }
  132. #endif /* OPENSSL_NO_DSA */
  133. #ifndef OPENSSL_NO_DH
  134. static int do_dh_param_keygen(int tstid, const BIGNUM **bn)
  135. {
  136. int ret = 0;
  137. int expected;
  138. EVP_PKEY_CTX *gen_ctx = NULL;
  139. EVP_PKEY *pkey_parm = NULL;
  140. EVP_PKEY *pkey = NULL, *dup_pk = NULL;
  141. DH *dh = NULL;
  142. int pind, qind, gind;
  143. BIGNUM *p = NULL, *q = NULL, *g = NULL;
  144. /*
  145. * These tests are using bad values for p, q, g by reusing the values.
  146. * A value of 0 uses p, 1 uses q and 2 uses g.
  147. * There are 27 different combinations, with only the 1 valid combination.
  148. */
  149. pind = tstid / 9;
  150. qind = (tstid / 3) % 3;
  151. gind = tstid % 3;
  152. expected = (pind == 0 && qind == 1 && gind == 2);
  153. TEST_note("Testing with (p, q, g) = (%s, %s, %s)", getname(pind),
  154. getname(qind), getname(gind));
  155. if (!TEST_ptr(pkey_parm = EVP_PKEY_new())
  156. || !TEST_ptr(dh = DH_new())
  157. || !TEST_ptr(p = BN_dup(bn[pind]))
  158. || !TEST_ptr(q = BN_dup(bn[qind]))
  159. || !TEST_ptr(g = BN_dup(bn[gind]))
  160. || !TEST_true(DH_set0_pqg(dh, p, q, g)))
  161. goto err;
  162. p = q = g = NULL;
  163. if (!TEST_true(EVP_PKEY_assign_DH(pkey_parm, dh)))
  164. goto err;
  165. dh = NULL;
  166. if (!TEST_ptr(gen_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey_parm, NULL))
  167. || !TEST_int_gt(EVP_PKEY_keygen_init(gen_ctx), 0)
  168. || !TEST_int_eq(EVP_PKEY_keygen(gen_ctx, &pkey), expected))
  169. goto err;
  170. if (expected) {
  171. if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pkey))
  172. || !TEST_int_eq(EVP_PKEY_eq(pkey, dup_pk), 1))
  173. goto err;
  174. }
  175. ret = 1;
  176. err:
  177. EVP_PKEY_free(pkey);
  178. EVP_PKEY_free(dup_pk);
  179. EVP_PKEY_CTX_free(gen_ctx);
  180. EVP_PKEY_free(pkey_parm);
  181. DH_free(dh);
  182. BN_free(g);
  183. BN_free(q);
  184. BN_free(p);
  185. return ret;
  186. }
  187. /*
  188. * Note that we get the fips186-4 path being run for most of these cases since
  189. * the internal code will detect that the p, q, g does not match a safe prime
  190. * group (Except for when tstid = 5, which sets the correct p, q, g)
  191. */
  192. static int test_dh_safeprime_param_keygen(int tstid)
  193. {
  194. static const BIGNUM *bn[] = {
  195. &ossl_bignum_ffdhe2048_p, &ossl_bignum_ffdhe2048_q,
  196. &ossl_bignum_const_2
  197. };
  198. return do_dh_param_keygen(tstid, bn);
  199. }
  200. static int dhx_cert_load(void)
  201. {
  202. int ret = 0;
  203. X509 *cert = NULL;
  204. BIO *bio = NULL;
  205. static const unsigned char dhx_cert[] = {
  206. 0x30,0x82,0x03,0xff,0x30,0x82,0x02,0xe7,0xa0,0x03,0x02,0x01,0x02,0x02,0x09,0x00,
  207. 0xdb,0xf5,0x4d,0x22,0xa0,0x7a,0x67,0xa6,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,
  208. 0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x30,0x44,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,
  209. 0x04,0x06,0x13,0x02,0x55,0x4b,0x31,0x16,0x30,0x14,0x06,0x03,0x55,0x04,0x0a,0x0c,
  210. 0x0d,0x4f,0x70,0x65,0x6e,0x53,0x53,0x4c,0x20,0x47,0x72,0x6f,0x75,0x70,0x31,0x1d,
  211. 0x30,0x1b,0x06,0x03,0x55,0x04,0x03,0x0c,0x14,0x54,0x65,0x73,0x74,0x20,0x53,0x2f,
  212. 0x4d,0x49,0x4d,0x45,0x20,0x52,0x53,0x41,0x20,0x52,0x6f,0x6f,0x74,0x30,0x1e,0x17,
  213. 0x0d,0x31,0x33,0x30,0x38,0x30,0x32,0x31,0x34,0x34,0x39,0x32,0x39,0x5a,0x17,0x0d,
  214. 0x32,0x33,0x30,0x36,0x31,0x31,0x31,0x34,0x34,0x39,0x32,0x39,0x5a,0x30,0x44,0x31,
  215. 0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x4b,0x31,0x16,0x30,0x14,
  216. 0x06,0x03,0x55,0x04,0x0a,0x0c,0x0d,0x4f,0x70,0x65,0x6e,0x53,0x53,0x4c,0x20,0x47,
  217. 0x72,0x6f,0x75,0x70,0x31,0x1d,0x30,0x1b,0x06,0x03,0x55,0x04,0x03,0x0c,0x14,0x54,
  218. 0x65,0x73,0x74,0x20,0x53,0x2f,0x4d,0x49,0x4d,0x45,0x20,0x45,0x45,0x20,0x44,0x48,
  219. 0x20,0x23,0x31,0x30,0x82,0x01,0xb6,0x30,0x82,0x01,0x2b,0x06,0x07,0x2a,0x86,0x48,
  220. 0xce,0x3e,0x02,0x01,0x30,0x82,0x01,0x1e,0x02,0x81,0x81,0x00,0xd4,0x0c,0x4a,0x0c,
  221. 0x04,0x72,0x71,0x19,0xdf,0x59,0x19,0xc5,0xaf,0x44,0x7f,0xca,0x8e,0x2b,0xf0,0x09,
  222. 0xf5,0xd3,0x25,0xb1,0x73,0x16,0x55,0x89,0xdf,0xfd,0x07,0xaf,0x19,0xd3,0x7f,0xd0,
  223. 0x07,0xa2,0xfe,0x3f,0x5a,0xf1,0x01,0xc6,0xf8,0x2b,0xef,0x4e,0x6d,0x03,0x38,0x42,
  224. 0xa1,0x37,0xd4,0x14,0xb4,0x00,0x4a,0xb1,0x86,0x5a,0x83,0xce,0xb9,0x08,0x0e,0xc1,
  225. 0x99,0x27,0x47,0x8d,0x0b,0x85,0xa8,0x82,0xed,0xcc,0x0d,0xb9,0xb0,0x32,0x7e,0xdf,
  226. 0xe8,0xe4,0xf6,0xf6,0xec,0xb3,0xee,0x7a,0x11,0x34,0x65,0x97,0xfc,0x1a,0xb0,0x95,
  227. 0x4b,0x19,0xb9,0xa6,0x1c,0xd9,0x01,0x32,0xf7,0x35,0x7c,0x2d,0x5d,0xfe,0xc1,0x85,
  228. 0x70,0x49,0xf8,0xcc,0x99,0xd0,0xbe,0xf1,0x5a,0x78,0xc8,0x03,0x02,0x81,0x80,0x69,
  229. 0x00,0xfd,0x66,0xf2,0xfc,0x15,0x8b,0x09,0xb8,0xdc,0x4d,0xea,0xaa,0x79,0x55,0xf9,
  230. 0xdf,0x46,0xa6,0x2f,0xca,0x2d,0x8f,0x59,0x2a,0xad,0x44,0xa3,0xc6,0x18,0x2f,0x95,
  231. 0xb6,0x16,0x20,0xe3,0xd3,0xd1,0x8f,0x03,0xce,0x71,0x7c,0xef,0x3a,0xc7,0x44,0x39,
  232. 0x0e,0xe2,0x1f,0xd8,0xd3,0x89,0x2b,0xe7,0x51,0xdc,0x12,0x48,0x4c,0x18,0x4d,0x99,
  233. 0x12,0x06,0xe4,0x17,0x02,0x03,0x8c,0x24,0x05,0x8e,0xa6,0x85,0xf2,0x69,0x1b,0xe1,
  234. 0x6a,0xdc,0xe2,0x04,0x3a,0x01,0x9d,0x64,0xbe,0xfe,0x45,0xf9,0x44,0x18,0x71,0xbd,
  235. 0x2d,0x3e,0x7a,0x6f,0x72,0x7d,0x1a,0x80,0x42,0x57,0xae,0x18,0x6f,0x91,0xd6,0x61,
  236. 0x03,0x8a,0x1c,0x89,0x73,0xc7,0x56,0x41,0x03,0xd3,0xf8,0xed,0x65,0xe2,0x85,0x02,
  237. 0x15,0x00,0x89,0x94,0xab,0x10,0x67,0x45,0x41,0xad,0x63,0xc6,0x71,0x40,0x8d,0x6b,
  238. 0x9e,0x19,0x5b,0xa4,0xc7,0xf5,0x03,0x81,0x84,0x00,0x02,0x81,0x80,0x2f,0x5b,0xde,
  239. 0x72,0x02,0x36,0x6b,0x00,0x5e,0x24,0x7f,0x14,0x2c,0x18,0x52,0x42,0x97,0x4b,0xdb,
  240. 0x6e,0x15,0x50,0x3c,0x45,0x3e,0x25,0xf3,0xb7,0xc5,0x6e,0xe5,0x52,0xe7,0xc4,0xfb,
  241. 0xf4,0xa5,0xf0,0x39,0x12,0x7f,0xbc,0x54,0x1c,0x93,0xb9,0x5e,0xee,0xe9,0x14,0xb0,
  242. 0xdf,0xfe,0xfc,0x36,0xe4,0xf2,0xaf,0xfb,0x13,0xc8,0xdf,0x18,0x94,0x1d,0x40,0xb9,
  243. 0x71,0xdd,0x4c,0x9c,0xa7,0x03,0x52,0x02,0xb5,0xed,0x71,0x80,0x3e,0x23,0xda,0x28,
  244. 0xe5,0xab,0xe7,0x6f,0xf2,0x0a,0x0e,0x00,0x5b,0x7d,0xc6,0x4b,0xd7,0xc7,0xb2,0xc3,
  245. 0xba,0x62,0x7f,0x70,0x28,0xa0,0x9d,0x71,0x13,0x70,0xd1,0x9f,0x32,0x2f,0x3e,0xd2,
  246. 0xcd,0x1b,0xa4,0xc6,0x72,0xa0,0x74,0x5d,0x71,0xef,0x03,0x43,0x6e,0xa3,0x60,0x30,
  247. 0x5e,0x30,0x0c,0x06,0x03,0x55,0x1d,0x13,0x01,0x01,0xff,0x04,0x02,0x30,0x00,0x30,
  248. 0x0e,0x06,0x03,0x55,0x1d,0x0f,0x01,0x01,0xff,0x04,0x04,0x03,0x02,0x05,0xe0,0x30,
  249. 0x1d,0x06,0x03,0x55,0x1d,0x0e,0x04,0x16,0x04,0x14,0x0b,0x5a,0x4d,0x5f,0x7d,0x25,
  250. 0xc7,0xf2,0x9d,0xc1,0xaa,0xb7,0x63,0x82,0x2f,0xfa,0x8f,0x32,0xe7,0xc0,0x30,0x1f,
  251. 0x06,0x03,0x55,0x1d,0x23,0x04,0x18,0x30,0x16,0x80,0x14,0xdf,0x7e,0x5e,0x88,0x05,
  252. 0x24,0x33,0x08,0xdd,0x22,0x81,0x02,0x97,0xcc,0x9a,0xb7,0xb1,0x33,0x27,0x30,0x30,
  253. 0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x03,0x82,
  254. 0x01,0x01,0x00,0x5a,0xf2,0x63,0xef,0xd3,0x16,0xd7,0xf5,0xaa,0xdd,0x12,0x00,0x36,
  255. 0x00,0x21,0xa2,0x7b,0x08,0xd6,0x3b,0x9f,0x62,0xac,0x53,0x1f,0xed,0x4c,0xd1,0x15,
  256. 0x34,0x65,0x71,0xee,0x96,0x07,0xa6,0xef,0xb2,0xde,0xd8,0xbb,0x35,0x6e,0x2c,0xe2,
  257. 0xd1,0x26,0xef,0x7e,0x94,0xe2,0x88,0x51,0xa4,0x6c,0xaa,0x27,0x2a,0xd3,0xb6,0xc2,
  258. 0xf7,0xea,0xc3,0x0b,0xa9,0xb5,0x28,0x37,0xa2,0x63,0x08,0xe4,0x88,0xc0,0x1b,0x16,
  259. 0x1b,0xca,0xfd,0x8a,0x07,0x32,0x29,0xa7,0x53,0xb5,0x2d,0x30,0xe4,0xf5,0x16,0xc3,
  260. 0xe3,0xc2,0x4c,0x30,0x5d,0x35,0x80,0x1c,0xa2,0xdb,0xe3,0x4b,0x51,0x0d,0x4c,0x60,
  261. 0x5f,0xb9,0x46,0xac,0xa8,0x46,0xa7,0x32,0xa7,0x9c,0x76,0xf8,0xe9,0xb5,0x19,0xe2,
  262. 0x0c,0xe1,0x0f,0xc6,0x46,0xe2,0x38,0xa7,0x87,0x72,0x6d,0x6c,0xbc,0x88,0x2f,0x9d,
  263. 0x2d,0xe5,0xd0,0x7d,0x1e,0xc7,0x5d,0xf8,0x7e,0xb4,0x0b,0xa6,0xf9,0x6c,0xe3,0x7c,
  264. 0xb2,0x70,0x6e,0x75,0x9b,0x1e,0x63,0xe1,0x4d,0xb2,0x81,0xd3,0x55,0x38,0x94,0x1a,
  265. 0x7a,0xfa,0xbf,0x01,0x18,0x70,0x2d,0x35,0xd3,0xe3,0x10,0x7a,0x9a,0xa7,0x8f,0xf3,
  266. 0xbd,0x56,0x55,0x5e,0xd8,0xbd,0x4e,0x16,0x76,0xd0,0x48,0x4c,0xf9,0x51,0x54,0xdf,
  267. 0x2d,0xb0,0xc9,0xaa,0x5e,0x42,0x38,0x50,0xbf,0x0f,0xc0,0xd9,0x84,0x44,0x4b,0x42,
  268. 0x24,0xec,0x14,0xa3,0xde,0x11,0xdf,0x58,0x7f,0xc2,0x4d,0xb2,0xd5,0x42,0x78,0x6e,
  269. 0x52,0x3e,0xad,0xc3,0x5f,0x04,0xc4,0xe6,0x31,0xaa,0x81,0x06,0x8b,0x13,0x4b,0x3c,
  270. 0x0e,0x6a,0xb1
  271. };
  272. if (!TEST_ptr(bio = BIO_new_mem_buf(dhx_cert, sizeof(dhx_cert)))
  273. || !TEST_ptr(cert = X509_new_ex(libctx, NULL))
  274. || !TEST_ptr(d2i_X509_bio(bio, &cert)))
  275. goto err;
  276. ret = 1;
  277. err:
  278. X509_free(cert);
  279. BIO_free(bio);
  280. return ret;
  281. }
  282. #endif /* OPENSSL_NO_DH */
  283. static int test_cipher_reinit(int test_id)
  284. {
  285. int ret = 0, diff, ccm, siv, no_null_key;
  286. int out1_len = 0, out2_len = 0, out3_len = 0;
  287. EVP_CIPHER *cipher = NULL;
  288. EVP_CIPHER_CTX *ctx = NULL;
  289. unsigned char out1[256];
  290. unsigned char out2[256];
  291. unsigned char out3[256];
  292. unsigned char in[16] = {
  293. 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
  294. 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10
  295. };
  296. unsigned char key[64] = {
  297. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  298. 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
  299. 0x01, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  300. 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
  301. 0x02, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  302. 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
  303. 0x03, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  304. 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
  305. };
  306. unsigned char iv[16] = {
  307. 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08,
  308. 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00
  309. };
  310. const char *name = sk_OPENSSL_STRING_value(cipher_names, test_id);
  311. if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()))
  312. goto err;
  313. TEST_note("Fetching %s\n", name);
  314. if (!TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, name, NULL)))
  315. goto err;
  316. /* ccm fails on the second update - this matches OpenSSL 1_1_1 behaviour */
  317. ccm = (EVP_CIPHER_get_mode(cipher) == EVP_CIPH_CCM_MODE);
  318. /* siv cannot be called with NULL key as the iv is irrelevant */
  319. siv = (EVP_CIPHER_get_mode(cipher) == EVP_CIPH_SIV_MODE);
  320. /*
  321. * Skip init call with a null key for RC4 as the stream cipher does not
  322. * handle reinit (1.1.1 behaviour).
  323. */
  324. no_null_key = EVP_CIPHER_is_a(cipher, "RC4")
  325. || EVP_CIPHER_is_a(cipher, "RC4-40")
  326. || EVP_CIPHER_is_a(cipher, "RC4-HMAC-MD5");
  327. /* DES3-WRAP uses random every update - so it will give a different value */
  328. diff = EVP_CIPHER_is_a(cipher, "DES3-WRAP");
  329. if (!TEST_true(EVP_EncryptInit_ex(ctx, cipher, NULL, key, iv))
  330. || !TEST_true(EVP_EncryptUpdate(ctx, out1, &out1_len, in, sizeof(in)))
  331. || !TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv))
  332. || !TEST_int_eq(EVP_EncryptUpdate(ctx, out2, &out2_len, in, sizeof(in)),
  333. ccm ? 0 : 1)
  334. || (!no_null_key
  335. && (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv))
  336. || !TEST_int_eq(EVP_EncryptUpdate(ctx, out3, &out3_len, in, sizeof(in)),
  337. ccm || siv ? 0 : 1))))
  338. goto err;
  339. if (ccm == 0) {
  340. if (diff) {
  341. if (!TEST_mem_ne(out1, out1_len, out2, out2_len)
  342. || !TEST_mem_ne(out1, out1_len, out3, out3_len)
  343. || !TEST_mem_ne(out2, out2_len, out3, out3_len))
  344. goto err;
  345. } else {
  346. if (!TEST_mem_eq(out1, out1_len, out2, out2_len)
  347. || (!siv && !no_null_key && !TEST_mem_eq(out1, out1_len, out3, out3_len)))
  348. goto err;
  349. }
  350. }
  351. ret = 1;
  352. err:
  353. EVP_CIPHER_free(cipher);
  354. EVP_CIPHER_CTX_free(ctx);
  355. return ret;
  356. }
  357. /*
  358. * This test only uses a partial block (half the block size) of input for each
  359. * EVP_EncryptUpdate() in order to test that the second init/update is not using
  360. * a leftover buffer from the first init/update.
  361. * Note: some ciphers don't need a full block to produce output.
  362. */
  363. static int test_cipher_reinit_partialupdate(int test_id)
  364. {
  365. int ret = 0, in_len;
  366. int out1_len = 0, out2_len = 0, out3_len = 0;
  367. EVP_CIPHER *cipher = NULL;
  368. EVP_CIPHER_CTX *ctx = NULL;
  369. unsigned char out1[256];
  370. unsigned char out2[256];
  371. unsigned char out3[256];
  372. static const unsigned char in[32] = {
  373. 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
  374. 0xba, 0xbe, 0xba, 0xbe, 0x00, 0x00, 0xba, 0xbe,
  375. 0x01, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  376. 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
  377. };
  378. static const unsigned char key[64] = {
  379. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  380. 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
  381. 0x01, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  382. 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
  383. 0x02, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  384. 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
  385. 0x03, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  386. 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
  387. };
  388. static const unsigned char iv[16] = {
  389. 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08,
  390. 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00
  391. };
  392. const char *name = sk_OPENSSL_STRING_value(cipher_names, test_id);
  393. if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()))
  394. goto err;
  395. TEST_note("Fetching %s\n", name);
  396. if (!TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, name, NULL)))
  397. goto err;
  398. in_len = EVP_CIPHER_get_block_size(cipher) / 2;
  399. /* skip any ciphers that don't allow partial updates */
  400. if (((EVP_CIPHER_get_flags(cipher)
  401. & (EVP_CIPH_FLAG_CTS | EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK)) != 0)
  402. || EVP_CIPHER_get_mode(cipher) == EVP_CIPH_CCM_MODE
  403. || EVP_CIPHER_get_mode(cipher) == EVP_CIPH_XTS_MODE
  404. || EVP_CIPHER_get_mode(cipher) == EVP_CIPH_WRAP_MODE) {
  405. ret = 1;
  406. goto err;
  407. }
  408. if (!TEST_true(EVP_EncryptInit_ex(ctx, cipher, NULL, key, iv))
  409. || !TEST_true(EVP_EncryptUpdate(ctx, out1, &out1_len, in, in_len))
  410. || !TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv))
  411. || !TEST_true(EVP_EncryptUpdate(ctx, out2, &out2_len, in, in_len)))
  412. goto err;
  413. if (!TEST_mem_eq(out1, out1_len, out2, out2_len))
  414. goto err;
  415. if (EVP_CIPHER_get_mode(cipher) != EVP_CIPH_SIV_MODE) {
  416. if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv))
  417. || !TEST_true(EVP_EncryptUpdate(ctx, out3, &out3_len, in, in_len)))
  418. goto err;
  419. if (!TEST_mem_eq(out1, out1_len, out3, out3_len))
  420. goto err;
  421. }
  422. ret = 1;
  423. err:
  424. EVP_CIPHER_free(cipher);
  425. EVP_CIPHER_CTX_free(ctx);
  426. return ret;
  427. }
  428. static int name_cmp(const char * const *a, const char * const *b)
  429. {
  430. return strcasecmp(*a, *b);
  431. }
  432. static void collect_cipher_names(EVP_CIPHER *cipher, void *cipher_names_list)
  433. {
  434. STACK_OF(OPENSSL_STRING) *names = cipher_names_list;
  435. const char *name = EVP_CIPHER_get0_name(cipher);
  436. char *namedup = NULL;
  437. assert(name != NULL);
  438. /* the cipher will be freed after returning, strdup is needed */
  439. if ((namedup = OPENSSL_strdup(name)) != NULL
  440. && !sk_OPENSSL_STRING_push(names, namedup))
  441. OPENSSL_free(namedup);
  442. }
  443. static int rsa_keygen(int bits, EVP_PKEY **pub, EVP_PKEY **priv)
  444. {
  445. int ret = 0;
  446. unsigned char *pub_der = NULL;
  447. const unsigned char *pp = NULL;
  448. size_t len = 0;
  449. OSSL_ENCODER_CTX *ectx = NULL;
  450. if (!TEST_ptr(*priv = EVP_PKEY_Q_keygen(libctx, NULL, "RSA", bits))
  451. || !TEST_ptr(ectx =
  452. OSSL_ENCODER_CTX_new_for_pkey(*priv,
  453. EVP_PKEY_PUBLIC_KEY,
  454. "DER", "type-specific",
  455. NULL))
  456. || !TEST_true(OSSL_ENCODER_to_data(ectx, &pub_der, &len)))
  457. goto err;
  458. pp = pub_der;
  459. if (!TEST_ptr(d2i_PublicKey(EVP_PKEY_RSA, pub, &pp, len)))
  460. goto err;
  461. ret = 1;
  462. err:
  463. OSSL_ENCODER_CTX_free(ectx);
  464. OPENSSL_free(pub_der);
  465. return ret;
  466. }
  467. static int kem_rsa_gen_recover(void)
  468. {
  469. int ret = 0;
  470. EVP_PKEY *pub = NULL;
  471. EVP_PKEY *priv = NULL;
  472. EVP_PKEY_CTX *sctx = NULL, *rctx = NULL;
  473. unsigned char secret[256] = { 0, };
  474. unsigned char ct[256] = { 0, };
  475. unsigned char unwrap[256] = { 0, };
  476. size_t ctlen = 0, unwraplen = 0, secretlen = 0;
  477. int bits = 2048;
  478. ret = TEST_true(rsa_keygen(bits, &pub, &priv))
  479. && TEST_ptr(sctx = EVP_PKEY_CTX_new_from_pkey(libctx, pub, NULL))
  480. && TEST_int_eq(EVP_PKEY_encapsulate_init(sctx, NULL), 1)
  481. && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(sctx, "RSASVE"), 1)
  482. && TEST_int_eq(EVP_PKEY_encapsulate(sctx, NULL, &ctlen, NULL,
  483. &secretlen), 1)
  484. && TEST_int_eq(ctlen, secretlen)
  485. && TEST_int_eq(ctlen, bits / 8)
  486. && TEST_int_eq(EVP_PKEY_encapsulate(sctx, ct, &ctlen, secret,
  487. &secretlen), 1)
  488. && TEST_ptr(rctx = EVP_PKEY_CTX_new_from_pkey(libctx, priv, NULL))
  489. && TEST_int_eq(EVP_PKEY_decapsulate_init(rctx, NULL), 1)
  490. && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(rctx, "RSASVE"), 1)
  491. && TEST_int_eq(EVP_PKEY_decapsulate(rctx, NULL, &unwraplen,
  492. ct, ctlen), 1)
  493. && TEST_int_eq(EVP_PKEY_decapsulate(rctx, unwrap, &unwraplen,
  494. ct, ctlen), 1)
  495. && TEST_mem_eq(unwrap, unwraplen, secret, secretlen);
  496. EVP_PKEY_free(pub);
  497. EVP_PKEY_free(priv);
  498. EVP_PKEY_CTX_free(rctx);
  499. EVP_PKEY_CTX_free(sctx);
  500. return ret;
  501. }
  502. static int kem_rsa_params(void)
  503. {
  504. int ret = 0;
  505. EVP_PKEY *pub = NULL;
  506. EVP_PKEY *priv = NULL;
  507. EVP_PKEY_CTX *pubctx = NULL, *privctx = NULL;
  508. unsigned char secret[256] = { 0, };
  509. unsigned char ct[256] = { 0, };
  510. size_t ctlen = 0, secretlen = 0;
  511. ret = TEST_true(rsa_keygen(2048, &pub, &priv))
  512. && TEST_ptr(pubctx = EVP_PKEY_CTX_new_from_pkey(libctx, pub, NULL))
  513. && TEST_ptr(privctx = EVP_PKEY_CTX_new_from_pkey(libctx, priv, NULL))
  514. /* Test setting kem op before the init fails */
  515. && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx, "RSASVE"), -2)
  516. /* Test NULL ctx passed */
  517. && TEST_int_eq(EVP_PKEY_encapsulate_init(NULL, NULL), 0)
  518. && TEST_int_eq(EVP_PKEY_encapsulate(NULL, NULL, NULL, NULL, NULL), 0)
  519. && TEST_int_eq(EVP_PKEY_decapsulate_init(NULL, NULL), 0)
  520. && TEST_int_eq(EVP_PKEY_decapsulate(NULL, NULL, NULL, NULL, 0), 0)
  521. /* Test Invalid operation */
  522. && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, NULL, NULL, NULL), -1)
  523. && TEST_int_eq(EVP_PKEY_decapsulate(privctx, NULL, NULL, NULL, 0), 0)
  524. /* Wrong key component - no secret should be returned on failure */
  525. && TEST_int_eq(EVP_PKEY_decapsulate_init(pubctx, NULL), 1)
  526. && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx, "RSASVE"), 1)
  527. && TEST_int_eq(EVP_PKEY_decapsulate(pubctx, secret, &secretlen, ct,
  528. sizeof(ct)), 0)
  529. && TEST_uchar_eq(secret[0], 0)
  530. /* Test encapsulate fails if the mode is not set */
  531. && TEST_int_eq(EVP_PKEY_encapsulate_init(pubctx, NULL), 1)
  532. && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, ct, &ctlen, secret, &secretlen), -2)
  533. /* Test setting a bad kem ops fail */
  534. && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx, "RSA"), 0)
  535. && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx, NULL), 0)
  536. && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(NULL, "RSASVE"), 0)
  537. && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(NULL, NULL), 0)
  538. /* Test secretlen is optional */
  539. && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx, "RSASVE"), 1)
  540. && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, ct, &ctlen, secret, NULL), 1)
  541. && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, &ctlen, NULL, NULL), 1)
  542. /* Test outlen is optional */
  543. && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, NULL, NULL, &secretlen), 1)
  544. && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, ct, NULL, secret, &secretlen), 1)
  545. /* test that either len must be set if out is NULL */
  546. && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, NULL, NULL, NULL), 0)
  547. && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, &ctlen, NULL, NULL), 1)
  548. && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, NULL, NULL, &secretlen), 1)
  549. && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, &ctlen, NULL, &secretlen), 1)
  550. /* Secret buffer should be set if there is an output buffer */
  551. && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, ct, &ctlen, NULL, NULL), 0)
  552. /* Test that lengths are optional if ct is not NULL */
  553. && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, ct, NULL, secret, NULL), 1)
  554. /* Pass if secret or secret length are not NULL */
  555. && TEST_int_eq(EVP_PKEY_decapsulate_init(privctx, NULL), 1)
  556. && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(privctx, "RSASVE"), 1)
  557. && TEST_int_eq(EVP_PKEY_decapsulate(privctx, secret, NULL, ct, sizeof(ct)), 1)
  558. && TEST_int_eq(EVP_PKEY_decapsulate(privctx, NULL, &secretlen, ct, sizeof(ct)), 1)
  559. && TEST_int_eq(secretlen, 256)
  560. /* Fail if passed NULL arguments */
  561. && TEST_int_eq(EVP_PKEY_decapsulate(privctx, NULL, NULL, ct, sizeof(ct)), 0)
  562. && TEST_int_eq(EVP_PKEY_decapsulate(privctx, secret, &secretlen, NULL, 0), 0)
  563. && TEST_int_eq(EVP_PKEY_decapsulate(privctx, secret, &secretlen, NULL, sizeof(ct)), 0)
  564. && TEST_int_eq(EVP_PKEY_decapsulate(privctx, secret, &secretlen, ct, 0), 0);
  565. EVP_PKEY_free(pub);
  566. EVP_PKEY_free(priv);
  567. EVP_PKEY_CTX_free(pubctx);
  568. EVP_PKEY_CTX_free(privctx);
  569. return ret;
  570. }
  571. #ifndef OPENSSL_NO_DH
  572. static EVP_PKEY *gen_dh_key(void)
  573. {
  574. EVP_PKEY_CTX *gctx = NULL;
  575. EVP_PKEY *pkey = NULL;
  576. OSSL_PARAM params[2];
  577. params[0] = OSSL_PARAM_construct_utf8_string("group", "ffdhe2048", 0);
  578. params[1] = OSSL_PARAM_construct_end();
  579. if (!TEST_ptr(gctx = EVP_PKEY_CTX_new_from_name(libctx, "DH", NULL))
  580. || !TEST_true(EVP_PKEY_keygen_init(gctx))
  581. || !TEST_true(EVP_PKEY_CTX_set_params(gctx, params))
  582. || !TEST_true(EVP_PKEY_keygen(gctx, &pkey)))
  583. goto err;
  584. err:
  585. EVP_PKEY_CTX_free(gctx);
  586. return pkey;
  587. }
  588. /* Fail if we try to use a dh key */
  589. static int kem_invalid_keytype(void)
  590. {
  591. int ret = 0;
  592. EVP_PKEY *key = NULL;
  593. EVP_PKEY_CTX *sctx = NULL;
  594. if (!TEST_ptr(key = gen_dh_key()))
  595. goto done;
  596. if (!TEST_ptr(sctx = EVP_PKEY_CTX_new_from_pkey(libctx, key, NULL)))
  597. goto done;
  598. if (!TEST_int_eq(EVP_PKEY_encapsulate_init(sctx, NULL), -2))
  599. goto done;
  600. ret = 1;
  601. done:
  602. EVP_PKEY_free(key);
  603. EVP_PKEY_CTX_free(sctx);
  604. return ret;
  605. }
  606. #endif /* OPENSSL_NO_DH */
  607. int setup_tests(void)
  608. {
  609. const char *prov_name = "default";
  610. char *config_file = NULL;
  611. OPTION_CHOICE o;
  612. while ((o = opt_next()) != OPT_EOF) {
  613. switch (o) {
  614. case OPT_PROVIDER_NAME:
  615. prov_name = opt_arg();
  616. break;
  617. case OPT_CONFIG_FILE:
  618. config_file = opt_arg();
  619. break;
  620. case OPT_TEST_CASES:
  621. break;
  622. default:
  623. case OPT_ERR:
  624. return 0;
  625. }
  626. }
  627. if (!test_get_libctx(&libctx, &nullprov, config_file, &libprov, prov_name))
  628. return 0;
  629. #if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DH)
  630. ADD_ALL_TESTS(test_dsa_param_keygen, 3 * 3 * 3);
  631. #endif
  632. #ifndef OPENSSL_NO_DH
  633. ADD_ALL_TESTS(test_dh_safeprime_param_keygen, 3 * 3 * 3);
  634. ADD_TEST(dhx_cert_load);
  635. #endif
  636. if (!TEST_ptr(cipher_names = sk_OPENSSL_STRING_new(name_cmp)))
  637. return 0;
  638. EVP_CIPHER_do_all_provided(libctx, collect_cipher_names, cipher_names);
  639. ADD_ALL_TESTS(test_cipher_reinit, sk_OPENSSL_STRING_num(cipher_names));
  640. ADD_ALL_TESTS(test_cipher_reinit_partialupdate,
  641. sk_OPENSSL_STRING_num(cipher_names));
  642. ADD_TEST(kem_rsa_gen_recover);
  643. ADD_TEST(kem_rsa_params);
  644. #ifndef OPENSSL_NO_DH
  645. ADD_TEST(kem_invalid_keytype);
  646. #endif
  647. return 1;
  648. }
  649. /* Because OPENSSL_free is a macro, it can't be passed as a function pointer */
  650. static void string_free(char *m)
  651. {
  652. OPENSSL_free(m);
  653. }
  654. void cleanup_tests(void)
  655. {
  656. sk_OPENSSL_STRING_pop_free(cipher_names, string_free);
  657. OSSL_PROVIDER_unload(libprov);
  658. OSSL_LIB_CTX_free(libctx);
  659. OSSL_PROVIDER_unload(nullprov);
  660. }