acvp_test.c 47 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191119211931194119511961197119811991200120112021203120412051206120712081209121012111212121312141215121612171218121912201221122212231224122512261227122812291230123112321233123412351236123712381239124012411242124312441245124612471248124912501251125212531254125512561257125812591260126112621263126412651266126712681269127012711272127312741275127612771278127912801281128212831284128512861287128812891290129112921293129412951296129712981299130013011302130313041305130613071308130913101311131213131314131513161317131813191320132113221323132413251326132713281329133013311332133313341335133613371338133913401341134213431344134513461347134813491350135113521353135413551356135713581359136013611362136313641365
  1. /*
  2. * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. /*
  10. * A set of tests demonstrating uses cases for CAVS/ACVP testing.
  11. *
  12. * For examples of testing KDF's, Digests, KeyAgreement & DRBG's refer to
  13. * providers/fips/self_test_kats.c
  14. */
  15. #include <openssl/opensslconf.h> /* To see if OPENSSL_NO_EC is defined */
  16. #include <openssl/core_names.h>
  17. #include <openssl/evp.h>
  18. #include <openssl/ec.h>
  19. #include <openssl/dh.h>
  20. #include <openssl/dsa.h>
  21. #include <openssl/rsa.h>
  22. #include <openssl/param_build.h>
  23. #include <openssl/provider.h>
  24. #include "testutil.h"
  25. #include "testutil/output.h"
  26. #include "acvp_test.inc"
  27. #include "internal/nelem.h"
  28. static OSSL_PROVIDER *prov_null = NULL;
  29. static OPENSSL_CTX *libctx = NULL;
  30. typedef enum OPTION_choice {
  31. OPT_ERR = -1,
  32. OPT_EOF = 0,
  33. OPT_CONFIG_FILE,
  34. OPT_TEST_ENUM
  35. } OPTION_CHOICE;
  36. const OPTIONS *test_get_options(void)
  37. {
  38. static const OPTIONS test_options[] = {
  39. OPT_TEST_OPTIONS_DEFAULT_USAGE,
  40. { "config", OPT_CONFIG_FILE, '<',
  41. "The configuration file to use for the libctx" },
  42. { NULL }
  43. };
  44. return test_options;
  45. }
  46. #if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DSA) \
  47. || !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_RSA)
  48. static int pkey_get_bn_bytes(EVP_PKEY *pkey, const char *name,
  49. unsigned char **out, size_t *out_len)
  50. {
  51. unsigned char *buf = NULL;
  52. BIGNUM *bn = NULL;
  53. int sz;
  54. if (!EVP_PKEY_get_bn_param(pkey, name, &bn))
  55. goto err;
  56. sz = BN_num_bytes(bn);
  57. buf = OPENSSL_zalloc(sz);
  58. if (buf == NULL)
  59. goto err;
  60. if (!BN_bn2binpad(bn, buf, sz))
  61. goto err;
  62. *out_len = sz;
  63. *out = buf;
  64. BN_free(bn);
  65. return 1;
  66. err:
  67. OPENSSL_free(buf);
  68. BN_free(bn);
  69. return 0;
  70. }
  71. #endif
  72. #if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DSA) \
  73. || !defined(OPENSSL_NO_RSA)
  74. static int sig_gen(EVP_PKEY *pkey, OSSL_PARAM *params, const char *digest_name,
  75. const unsigned char *msg, size_t msg_len,
  76. unsigned char **sig_out, size_t *sig_out_len)
  77. {
  78. int ret = 0;
  79. EVP_MD_CTX *md_ctx = NULL;
  80. unsigned char *sig = NULL;
  81. size_t sig_len;
  82. size_t sz = EVP_PKEY_size(pkey);
  83. if (!TEST_ptr(sig = OPENSSL_malloc(sz))
  84. || !TEST_ptr(md_ctx = EVP_MD_CTX_new())
  85. || !TEST_int_eq(EVP_DigestSignInit_ex(md_ctx, NULL, digest_name, NULL,
  86. pkey, libctx), 1)
  87. || !TEST_int_gt(EVP_DigestSign(md_ctx, sig, &sig_len, msg, msg_len), 0))
  88. goto err;
  89. *sig_out = sig;
  90. *sig_out_len = sig_len;
  91. sig = NULL;
  92. ret = 1;
  93. err:
  94. OPENSSL_free(sig);
  95. EVP_MD_CTX_free(md_ctx);
  96. return ret;
  97. }
  98. #endif
  99. #ifndef OPENSSL_NO_EC
  100. static int ecdsa_keygen_test(int id)
  101. {
  102. int ret = 0;
  103. EVP_PKEY_CTX *ctx = NULL;
  104. EVP_PKEY *pkey = NULL;
  105. unsigned char *priv = NULL;
  106. unsigned char *pubx = NULL, *puby = NULL;
  107. size_t priv_len = 0, pubx_len = 0, puby_len = 0;
  108. const struct ecdsa_keygen_st *tst = &ecdsa_keygen_data[id];
  109. if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "EC", NULL))
  110. || !TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
  111. || !TEST_true(EVP_PKEY_CTX_set_group_name(ctx, tst->curve_name))
  112. || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0)
  113. || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_PRIV_KEY, &priv,
  114. &priv_len))
  115. || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_EC_PUB_X, &pubx,
  116. &pubx_len))
  117. || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_EC_PUB_Y, &puby,
  118. &puby_len)))
  119. goto err;
  120. test_output_memory("qy", puby, puby_len);
  121. test_output_memory("qx", pubx, pubx_len);
  122. test_output_memory("d", priv, priv_len);
  123. ret = 1;
  124. err:
  125. OPENSSL_clear_free(priv, priv_len);
  126. OPENSSL_free(pubx);
  127. OPENSSL_free(puby);
  128. EVP_PKEY_free(pkey);
  129. EVP_PKEY_CTX_free(ctx);
  130. return ret;
  131. }
  132. static int ecdsa_create_pkey(EVP_PKEY **pkey, const char *curve_name,
  133. const unsigned char *pub, size_t pub_len,
  134. int expected)
  135. {
  136. int ret = 0;
  137. EVP_PKEY_CTX *ctx = NULL;
  138. OSSL_PARAM_BLD *bld = NULL;
  139. OSSL_PARAM *params = NULL;
  140. if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
  141. || (curve_name != NULL
  142. && !TEST_true(OSSL_PARAM_BLD_push_utf8_string(
  143. bld, OSSL_PKEY_PARAM_GROUP_NAME, curve_name, 0) > 0))
  144. || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
  145. OSSL_PKEY_PARAM_PUB_KEY,
  146. pub, pub_len) > 0)
  147. || !TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
  148. || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "EC", NULL))
  149. || !TEST_true(EVP_PKEY_key_fromdata_init(ctx))
  150. || !TEST_int_eq(EVP_PKEY_fromdata(ctx, pkey, params), expected))
  151. goto err;
  152. ret = 1;
  153. err:
  154. OSSL_PARAM_BLD_free_params(params);
  155. OSSL_PARAM_BLD_free(bld);
  156. EVP_PKEY_CTX_free(ctx);
  157. return ret;
  158. }
  159. static int ecdsa_pub_verify_test(int id)
  160. {
  161. const struct ecdsa_pub_verify_st *tst = &ecdsa_pv_data[id];
  162. int ret = 0;
  163. EVP_PKEY_CTX *key_ctx = NULL;
  164. EVP_PKEY *pkey = NULL;
  165. if (!TEST_true(ecdsa_create_pkey(&pkey, tst->curve_name,
  166. tst->pub, tst->pub_len, tst->pass)))
  167. goto err;
  168. if (tst->pass) {
  169. if (!TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, ""))
  170. || !TEST_int_eq(EVP_PKEY_public_check(key_ctx), tst->pass))
  171. goto err;
  172. }
  173. ret = 1;
  174. err:
  175. EVP_PKEY_free(pkey);
  176. EVP_PKEY_CTX_free(key_ctx);
  177. return ret;
  178. }
  179. /* Extract r and s from a ecdsa signature */
  180. static int get_ecdsa_sig_rs_bytes(const unsigned char *sig, size_t sig_len,
  181. unsigned char **r, unsigned char **s,
  182. size_t *rlen, size_t *slen)
  183. {
  184. int ret = 0;
  185. unsigned char *rbuf = NULL, *sbuf = NULL;
  186. size_t r1_len, s1_len;
  187. const BIGNUM *r1, *s1;
  188. ECDSA_SIG *sign = d2i_ECDSA_SIG(NULL, &sig, sig_len);
  189. if (sign == NULL)
  190. return 0;
  191. r1 = ECDSA_SIG_get0_r(sign);
  192. s1 = ECDSA_SIG_get0_s(sign);
  193. if (r1 == NULL || s1 == NULL)
  194. return 0;
  195. r1_len = BN_num_bytes(r1);
  196. s1_len = BN_num_bytes(s1);
  197. rbuf = OPENSSL_zalloc(r1_len);
  198. sbuf = OPENSSL_zalloc(s1_len);
  199. if (rbuf == NULL || sbuf == NULL)
  200. goto err;
  201. if (BN_bn2binpad(r1, rbuf, r1_len) <= 0)
  202. goto err;
  203. if (BN_bn2binpad(s1, sbuf, s1_len) <= 0)
  204. goto err;
  205. *r = rbuf;
  206. *s = sbuf;
  207. *rlen = r1_len;
  208. *slen = s1_len;
  209. ret = 1;
  210. err:
  211. if (ret == 0) {
  212. OPENSSL_free(rbuf);
  213. OPENSSL_free(sbuf);
  214. }
  215. ECDSA_SIG_free(sign);
  216. return ret;
  217. }
  218. static int ecdsa_siggen_test(int id)
  219. {
  220. int ret = 0;
  221. EVP_PKEY_CTX *ctx = NULL, *key_ctx = NULL;
  222. EVP_PKEY *pkey = NULL;
  223. size_t sig_len = 0, rlen = 0, slen = 0;
  224. unsigned char *sig = NULL;
  225. unsigned char *r = NULL, *s = NULL;
  226. const struct ecdsa_siggen_st *tst = &ecdsa_siggen_data[id];
  227. if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "EC", NULL))
  228. || !TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
  229. || !TEST_true(EVP_PKEY_CTX_set_group_name(ctx, tst->curve_name))
  230. || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0))
  231. goto err;
  232. if (!TEST_true(sig_gen(pkey, NULL, tst->digest_alg, tst->msg, tst->msg_len,
  233. &sig, &sig_len))
  234. || !TEST_true(get_ecdsa_sig_rs_bytes(sig, sig_len, &r, &s, &rlen, &slen)))
  235. goto err;
  236. test_output_memory("r", r, rlen);
  237. test_output_memory("s", s, slen);
  238. ret = 1;
  239. err:
  240. OPENSSL_free(r);
  241. OPENSSL_free(s);
  242. OPENSSL_free(sig);
  243. EVP_PKEY_free(pkey);
  244. EVP_PKEY_CTX_free(key_ctx);
  245. EVP_PKEY_CTX_free(ctx);
  246. return ret;
  247. }
  248. static int ecdsa_sigver_test(int id)
  249. {
  250. int ret = 0;
  251. EVP_MD_CTX *md_ctx = NULL;
  252. EVP_PKEY *pkey = NULL;
  253. ECDSA_SIG *sign = NULL;
  254. size_t sig_len;
  255. unsigned char *sig = NULL;
  256. BIGNUM *rbn = NULL, *sbn = NULL;
  257. const struct ecdsa_sigver_st *tst = &ecdsa_sigver_data[id];
  258. if (!TEST_true(ecdsa_create_pkey(&pkey, tst->curve_name,
  259. tst->pub, tst->pub_len, 1)))
  260. goto err;
  261. if (!TEST_ptr(sign = ECDSA_SIG_new())
  262. || !TEST_ptr(rbn = BN_bin2bn(tst->r, tst->r_len, NULL))
  263. || !TEST_ptr(sbn = BN_bin2bn(tst->s, tst->s_len, NULL))
  264. || !TEST_true(ECDSA_SIG_set0(sign, rbn, sbn)))
  265. goto err;
  266. rbn = sbn = NULL;
  267. ret = TEST_int_gt((sig_len = i2d_ECDSA_SIG(sign, &sig)), 0)
  268. && TEST_ptr(md_ctx = EVP_MD_CTX_new())
  269. && TEST_true(EVP_DigestVerifyInit_ex(md_ctx, NULL, tst->digest_alg,
  270. NULL, pkey, libctx)
  271. && TEST_int_eq(EVP_DigestVerify(md_ctx, sig, sig_len,
  272. tst->msg, tst->msg_len), tst->pass));
  273. err:
  274. BN_free(rbn);
  275. BN_free(sbn);
  276. OPENSSL_free(sig);
  277. ECDSA_SIG_free(sign);
  278. EVP_PKEY_free(pkey);
  279. EVP_MD_CTX_free(md_ctx);
  280. return ret;
  281. }
  282. #endif /* OPENSSL_NO_EC */
  283. #ifndef OPENSSL_NO_DSA
  284. static int pkey_get_octet_bytes(EVP_PKEY *pkey, const char *name,
  285. unsigned char **out, size_t *out_len)
  286. {
  287. size_t len = 0;
  288. unsigned char *buf = NULL;
  289. if (!EVP_PKEY_get_octet_string_param(pkey, name, NULL, 0, &len))
  290. goto err;
  291. buf = OPENSSL_zalloc(len);
  292. if (buf == NULL)
  293. goto err;
  294. if (!EVP_PKEY_get_octet_string_param(pkey, name, buf, len, out_len))
  295. goto err;
  296. *out = buf;
  297. return 1;
  298. err:
  299. OPENSSL_free(buf);
  300. return 0;
  301. }
  302. static EVP_PKEY *dsa_paramgen(int L, int N)
  303. {
  304. EVP_PKEY_CTX *paramgen_ctx = NULL;
  305. EVP_PKEY *param_key = NULL;
  306. if (!TEST_ptr(paramgen_ctx = EVP_PKEY_CTX_new_from_name(libctx, "DSA", NULL))
  307. || !TEST_true(EVP_PKEY_paramgen_init(paramgen_ctx))
  308. || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_bits(paramgen_ctx, L))
  309. || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_q_bits(paramgen_ctx, N))
  310. || !TEST_true(EVP_PKEY_paramgen(paramgen_ctx, &param_key)))
  311. return NULL;
  312. EVP_PKEY_CTX_free(paramgen_ctx);
  313. return param_key;
  314. }
  315. static EVP_PKEY *dsa_keygen(int L, int N)
  316. {
  317. EVP_PKEY *param_key = NULL, *key = NULL;
  318. EVP_PKEY_CTX *keygen_ctx = NULL;
  319. if (!TEST_ptr(param_key = dsa_paramgen(L, N))
  320. || !TEST_ptr(keygen_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, param_key,
  321. NULL))
  322. || !TEST_int_gt(EVP_PKEY_keygen_init(keygen_ctx), 0)
  323. || !TEST_int_gt(EVP_PKEY_keygen(keygen_ctx, &key), 0))
  324. goto err;
  325. err:
  326. EVP_PKEY_free(param_key);
  327. EVP_PKEY_CTX_free(keygen_ctx);
  328. return key;
  329. }
  330. static int dsa_keygen_test(int id)
  331. {
  332. int ret = 0, i;
  333. EVP_PKEY_CTX *paramgen_ctx = NULL, *keygen_ctx = NULL;
  334. EVP_PKEY *param_key = NULL, *key = NULL;
  335. unsigned char *priv = NULL, *pub = NULL;
  336. size_t priv_len = 0, pub_len = 0;
  337. const struct dsa_paramgen_st *tst = &dsa_keygen_data[id];
  338. if (!TEST_ptr(param_key = dsa_paramgen(tst->L, tst->N))
  339. || !TEST_ptr(keygen_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, param_key,
  340. NULL))
  341. || !TEST_int_gt(EVP_PKEY_keygen_init(keygen_ctx), 0))
  342. goto err;
  343. for (i = 0; i < 2; ++i) {
  344. if (!TEST_int_gt(EVP_PKEY_keygen(keygen_ctx, &key), 0)
  345. || !TEST_true(pkey_get_bn_bytes(key, OSSL_PKEY_PARAM_PRIV_KEY,
  346. &priv, &priv_len))
  347. || !TEST_true(pkey_get_bn_bytes(key, OSSL_PKEY_PARAM_PUB_KEY,
  348. &pub, &pub_len)))
  349. goto err;
  350. test_output_memory("y", pub, pub_len);
  351. test_output_memory("x", priv, priv_len);
  352. EVP_PKEY_free(key);
  353. OPENSSL_clear_free(priv, priv_len);
  354. OPENSSL_free(pub);
  355. key = NULL;
  356. pub = priv = NULL;
  357. }
  358. ret = 1;
  359. err:
  360. OPENSSL_clear_free(priv, priv_len);
  361. OPENSSL_free(pub);
  362. EVP_PKEY_free(param_key);
  363. EVP_PKEY_free(key);
  364. EVP_PKEY_CTX_free(keygen_ctx);
  365. EVP_PKEY_CTX_free(paramgen_ctx);
  366. return ret;
  367. }
  368. static int dsa_paramgen_test(int id)
  369. {
  370. int ret = 0, counter = 0;
  371. EVP_PKEY_CTX *paramgen_ctx = NULL;
  372. EVP_PKEY *param_key = NULL;
  373. unsigned char *p = NULL, *q = NULL, *seed = NULL;
  374. size_t plen = 0, qlen = 0, seedlen = 0;
  375. const struct dsa_paramgen_st *tst = &dsa_paramgen_data[id];
  376. if (!TEST_ptr(paramgen_ctx = EVP_PKEY_CTX_new_from_name(libctx, "DSA", NULL))
  377. || !TEST_true(EVP_PKEY_paramgen_init(paramgen_ctx))
  378. || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_bits(paramgen_ctx, tst->L))
  379. || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_q_bits(paramgen_ctx, tst->N))
  380. || !TEST_true(EVP_PKEY_paramgen(paramgen_ctx, &param_key))
  381. || !TEST_true(pkey_get_bn_bytes(param_key, OSSL_PKEY_PARAM_FFC_P,
  382. &p, &plen))
  383. || !TEST_true(pkey_get_bn_bytes(param_key, OSSL_PKEY_PARAM_FFC_Q,
  384. &q, &qlen))
  385. || !TEST_true(pkey_get_octet_bytes(param_key, OSSL_PKEY_PARAM_FFC_SEED,
  386. &seed, &seedlen))
  387. || !TEST_true(EVP_PKEY_get_int_param(param_key,
  388. OSSL_PKEY_PARAM_FFC_PCOUNTER,
  389. &counter)))
  390. goto err;
  391. test_output_memory("p", p, plen);
  392. test_output_memory("q", q, qlen);
  393. test_output_memory("domainSeed", seed, seedlen);
  394. test_printf_stderr("%s: %d\n", "counter", counter);
  395. ret = 1;
  396. err:
  397. OPENSSL_free(p);
  398. OPENSSL_free(q);
  399. OPENSSL_free(seed);
  400. EVP_PKEY_free(param_key);
  401. EVP_PKEY_CTX_free(paramgen_ctx);
  402. return ret;
  403. }
  404. static int dsa_create_pkey(EVP_PKEY **pkey,
  405. const unsigned char *p, size_t p_len,
  406. const unsigned char *q, size_t q_len,
  407. const unsigned char *g, size_t g_len,
  408. const unsigned char *seed, size_t seed_len,
  409. int counter,
  410. const char *validate_type,
  411. const unsigned char *pub, size_t pub_len,
  412. BN_CTX *bn_ctx)
  413. {
  414. int ret = 0;
  415. EVP_PKEY_CTX *ctx = NULL;
  416. OSSL_PARAM_BLD *bld = NULL;
  417. OSSL_PARAM *params = NULL;
  418. BIGNUM *p_bn = NULL, *q_bn = NULL, *g_bn = NULL, *pub_bn = NULL;
  419. if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
  420. || !TEST_ptr(p_bn = BN_CTX_get(bn_ctx))
  421. || !TEST_ptr(BN_bin2bn(p, p_len, p_bn))
  422. || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
  423. OSSL_PKEY_PARAM_FFC_VALIDATE_TYPE,
  424. validate_type, 0))
  425. || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p_bn))
  426. || !TEST_ptr(q_bn = BN_CTX_get(bn_ctx))
  427. || !TEST_ptr(BN_bin2bn(q, q_len, q_bn))
  428. || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q_bn)))
  429. goto err;
  430. if (g != NULL) {
  431. if (!TEST_ptr(g_bn = BN_CTX_get(bn_ctx))
  432. || !TEST_ptr(BN_bin2bn(g, g_len, g_bn))
  433. || !TEST_true(OSSL_PARAM_BLD_push_BN(bld,
  434. OSSL_PKEY_PARAM_FFC_G, g_bn)))
  435. goto err;
  436. }
  437. if (seed != NULL) {
  438. if (!TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
  439. OSSL_PKEY_PARAM_FFC_SEED, seed, seed_len)))
  440. goto err;
  441. }
  442. if (counter != -1) {
  443. if (!TEST_true(OSSL_PARAM_BLD_push_int(bld,
  444. OSSL_PKEY_PARAM_FFC_PCOUNTER,
  445. counter)))
  446. goto err;
  447. }
  448. if (pub != NULL) {
  449. if (!TEST_ptr(pub_bn = BN_CTX_get(bn_ctx))
  450. || !TEST_ptr(BN_bin2bn(pub, pub_len, pub_bn))
  451. || !TEST_true(OSSL_PARAM_BLD_push_BN(bld,
  452. OSSL_PKEY_PARAM_PUB_KEY,
  453. pub_bn)))
  454. goto err;
  455. }
  456. if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
  457. || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "DSA", NULL))
  458. || !TEST_true(EVP_PKEY_key_fromdata_init(ctx))
  459. || !TEST_true(EVP_PKEY_fromdata(ctx, pkey, params)))
  460. goto err;
  461. ret = 1;
  462. err:
  463. OSSL_PARAM_BLD_free_params(params);
  464. OSSL_PARAM_BLD_free(bld);
  465. EVP_PKEY_CTX_free(ctx);
  466. return ret;
  467. }
  468. static int dsa_pqver_test(int id)
  469. {
  470. int ret = 0;
  471. BN_CTX *bn_ctx = NULL;
  472. EVP_PKEY_CTX *key_ctx = NULL;
  473. EVP_PKEY *param_key = NULL;
  474. const struct dsa_pqver_st *tst = &dsa_pqver_data[id];
  475. if (!TEST_ptr(bn_ctx = BN_CTX_new_ex(libctx))
  476. || !TEST_true(dsa_create_pkey(&param_key, tst->p, tst->p_len,
  477. tst->q, tst->q_len, NULL, 0,
  478. tst->seed, tst->seed_len, tst->counter,
  479. OSSL_FFC_PARAM_VALIDATE_PQ,
  480. NULL, 0,
  481. bn_ctx))
  482. || !TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, param_key,
  483. NULL))
  484. || !TEST_int_eq(EVP_PKEY_param_check(key_ctx), tst->pass))
  485. goto err;
  486. ret = 1;
  487. err:
  488. BN_CTX_free(bn_ctx);
  489. EVP_PKEY_free(param_key);
  490. EVP_PKEY_CTX_free(key_ctx);
  491. return ret;
  492. }
  493. /* Extract r and s from a dsa signature */
  494. static int get_dsa_sig_rs_bytes(const unsigned char *sig, size_t sig_len,
  495. unsigned char **r, unsigned char **s,
  496. size_t *r_len, size_t *s_len)
  497. {
  498. int ret = 0;
  499. unsigned char *rbuf = NULL, *sbuf = NULL;
  500. size_t r1_len, s1_len;
  501. const BIGNUM *r1, *s1;
  502. DSA_SIG *sign = d2i_DSA_SIG(NULL, &sig, sig_len);
  503. if (sign == NULL)
  504. return 0;
  505. DSA_SIG_get0(sign, &r1, &s1);
  506. if (r1 == NULL || s1 == NULL)
  507. return 0;
  508. r1_len = BN_num_bytes(r1);
  509. s1_len = BN_num_bytes(s1);
  510. rbuf = OPENSSL_zalloc(r1_len);
  511. sbuf = OPENSSL_zalloc(s1_len);
  512. if (rbuf == NULL || sbuf == NULL)
  513. goto err;
  514. if (BN_bn2binpad(r1, rbuf, r1_len) <= 0)
  515. goto err;
  516. if (BN_bn2binpad(s1, sbuf, s1_len) <= 0)
  517. goto err;
  518. *r = rbuf;
  519. *s = sbuf;
  520. *r_len = r1_len;
  521. *s_len = s1_len;
  522. ret = 1;
  523. err:
  524. if (ret == 0) {
  525. OPENSSL_free(rbuf);
  526. OPENSSL_free(sbuf);
  527. }
  528. DSA_SIG_free(sign);
  529. return ret;
  530. }
  531. static int dsa_siggen_test(int id)
  532. {
  533. int ret = 0;
  534. EVP_PKEY *pkey = NULL;
  535. unsigned char *sig = NULL, *r = NULL, *s = NULL;
  536. size_t sig_len = 0, rlen = 0, slen = 0;
  537. const struct dsa_siggen_st *tst = &dsa_siggen_data[id];
  538. if (!TEST_ptr(pkey = dsa_keygen(tst->L, tst->N)))
  539. goto err;
  540. if (!TEST_true(sig_gen(pkey, NULL, tst->digest_alg, tst->msg, tst->msg_len,
  541. &sig, &sig_len))
  542. || !TEST_true(get_dsa_sig_rs_bytes(sig, sig_len, &r, &s, &rlen, &slen)))
  543. goto err;
  544. test_output_memory("r", r, rlen);
  545. test_output_memory("s", s, slen);
  546. ret = 1;
  547. err:
  548. OPENSSL_free(r);
  549. OPENSSL_free(s);
  550. OPENSSL_free(sig);
  551. EVP_PKEY_free(pkey);
  552. return ret;
  553. }
  554. static int dsa_sigver_test(int id)
  555. {
  556. int ret = 0;
  557. EVP_PKEY_CTX *ctx = NULL;
  558. EVP_PKEY *pkey = NULL;
  559. DSA_SIG *sign = NULL;
  560. size_t sig_len;
  561. unsigned char *sig = NULL;
  562. BIGNUM *rbn = NULL, *sbn = NULL;
  563. EVP_MD *md = NULL;
  564. unsigned char digest[EVP_MAX_MD_SIZE];
  565. unsigned int digest_len;
  566. BN_CTX *bn_ctx = NULL;
  567. const struct dsa_sigver_st *tst = &dsa_sigver_data[id];
  568. if (!TEST_ptr(bn_ctx = BN_CTX_new())
  569. || !TEST_true(dsa_create_pkey(&pkey, tst->p, tst->p_len,
  570. tst->q, tst->q_len, tst->g, tst->g_len,
  571. NULL, 0, 0, "", tst->pub, tst->pub_len,
  572. bn_ctx)))
  573. goto err;
  574. if (!TEST_ptr(sign = DSA_SIG_new())
  575. || !TEST_ptr(rbn = BN_bin2bn(tst->r, tst->r_len, NULL))
  576. || !TEST_ptr(sbn = BN_bin2bn(tst->s, tst->s_len, NULL))
  577. || !TEST_true(DSA_SIG_set0(sign, rbn, sbn)))
  578. goto err;
  579. rbn = sbn = NULL;
  580. if (!TEST_ptr(md = EVP_MD_fetch(libctx, tst->digest_alg, ""))
  581. || !TEST_true(EVP_Digest(tst->msg, tst->msg_len,
  582. digest, &digest_len, md, NULL)))
  583. goto err;
  584. if (!TEST_int_gt((sig_len = i2d_DSA_SIG(sign, &sig)), 0)
  585. || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, ""))
  586. || !TEST_int_gt(EVP_PKEY_verify_init(ctx), 0)
  587. || !TEST_int_eq(EVP_PKEY_verify(ctx, sig, sig_len, digest, digest_len),
  588. tst->pass))
  589. goto err;
  590. ret = 1;
  591. err:
  592. EVP_PKEY_CTX_free(ctx);
  593. OPENSSL_free(sig);
  594. EVP_MD_free(md);
  595. DSA_SIG_free(sign);
  596. EVP_PKEY_free(pkey);
  597. BN_free(rbn);
  598. BN_free(sbn);
  599. BN_CTX_free(bn_ctx);
  600. return ret;
  601. }
  602. #endif /* OPENSSL_NO_DSA */
  603. /* cipher encrypt/decrypt */
  604. static int cipher_enc(const char *alg,
  605. const unsigned char *pt, size_t pt_len,
  606. const unsigned char *key, size_t key_len,
  607. const unsigned char *iv, size_t iv_len,
  608. const unsigned char *ct, size_t ct_len,
  609. int enc)
  610. {
  611. int ret = 0, out_len = 0, len = 0;
  612. EVP_CIPHER_CTX *ctx = NULL;
  613. EVP_CIPHER *cipher = NULL;
  614. unsigned char out[256] = { 0 };
  615. TEST_note("%s : %s", alg, enc ? "encrypt" : "decrypt");
  616. if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
  617. || !TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, alg, ""))
  618. || !TEST_true(EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, enc))
  619. || !TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))
  620. || !TEST_true(EVP_CipherUpdate(ctx, out, &len, pt, pt_len))
  621. || !TEST_true(EVP_CipherFinal_ex(ctx, out + len, &out_len)))
  622. goto err;
  623. out_len += len;
  624. if (!TEST_mem_eq(out, out_len, ct, ct_len))
  625. goto err;
  626. ret = 1;
  627. err:
  628. EVP_CIPHER_free(cipher);
  629. EVP_CIPHER_CTX_free(ctx);
  630. return ret;
  631. }
  632. static int cipher_enc_dec_test(int id)
  633. {
  634. const struct cipher_st *tst = &cipher_enc_data[id];
  635. const int enc = 1;
  636. return TEST_true(cipher_enc(tst->alg, tst->pt, tst->pt_len,
  637. tst->key, tst->key_len,
  638. tst->iv, tst->iv_len,
  639. tst->ct, tst->ct_len, enc))
  640. && TEST_true(cipher_enc(tst->alg, tst->ct, tst->ct_len,
  641. tst->key, tst->key_len,
  642. tst->iv, tst->iv_len,
  643. tst->pt, tst->pt_len, !enc));
  644. }
  645. static int aes_ccm_enc_dec(const char *alg,
  646. const unsigned char *pt, size_t pt_len,
  647. const unsigned char *key, size_t key_len,
  648. const unsigned char *iv, size_t iv_len,
  649. const unsigned char *aad, size_t aad_len,
  650. const unsigned char *ct, size_t ct_len,
  651. const unsigned char *tag, size_t tag_len,
  652. int enc, int pass)
  653. {
  654. int ret = 0;
  655. EVP_CIPHER_CTX *ctx;
  656. EVP_CIPHER *cipher = NULL;
  657. int out_len, len;
  658. unsigned char out[1024];
  659. TEST_note("%s : %s : expected to %s", alg, enc ? "encrypt" : "decrypt",
  660. pass ? "pass" : "fail");
  661. if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
  662. || !TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, alg, ""))
  663. || !TEST_true(EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc))
  664. || !TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, iv_len,
  665. NULL))
  666. || !TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, tag_len,
  667. enc ? NULL : (void *)tag))
  668. || !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, enc))
  669. || !TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))
  670. || !TEST_true(EVP_CipherUpdate(ctx, NULL, &len, NULL, pt_len))
  671. || !TEST_true(EVP_CipherUpdate(ctx, NULL, &len, aad, aad_len))
  672. || !TEST_int_eq(EVP_CipherUpdate(ctx, out, &len, pt, pt_len), pass))
  673. goto err;
  674. if (!pass) {
  675. ret = 1;
  676. goto err;
  677. }
  678. if (!TEST_true(EVP_CipherFinal_ex(ctx, out + len, &out_len)))
  679. goto err;
  680. if (enc) {
  681. out_len += len;
  682. if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG,
  683. tag_len, out + out_len))
  684. || !TEST_mem_eq(out, out_len, ct, ct_len)
  685. || !TEST_mem_eq(out + out_len, tag_len, tag, tag_len))
  686. goto err;
  687. } else {
  688. if (!TEST_mem_eq(out, out_len + len, ct, ct_len))
  689. goto err;
  690. }
  691. ret = 1;
  692. err:
  693. EVP_CIPHER_free(cipher);
  694. EVP_CIPHER_CTX_free(ctx);
  695. return ret;
  696. }
  697. static int aes_ccm_enc_dec_test(int id)
  698. {
  699. const struct cipher_ccm_st *tst = &aes_ccm_enc_data[id];
  700. /* The tag is on the end of the cipher text */
  701. const size_t tag_len = tst->ct_len - tst->pt_len;
  702. const size_t ct_len = tst->ct_len - tag_len;
  703. const unsigned char *tag = tst->ct + ct_len;
  704. const int enc = 1;
  705. const int pass = 1;
  706. if (ct_len < 1)
  707. return 0;
  708. return aes_ccm_enc_dec(tst->alg, tst->pt, tst->pt_len,
  709. tst->key, tst->key_len,
  710. tst->iv, tst->iv_len, tst->aad, tst->aad_len,
  711. tst->ct, ct_len, tag, tag_len, enc, pass)
  712. && aes_ccm_enc_dec(tst->alg, tst->ct, ct_len,
  713. tst->key, tst->key_len,
  714. tst->iv, tst->iv_len, tst->aad, tst->aad_len,
  715. tst->pt, tst->pt_len, tag, tag_len, !enc, pass)
  716. /* test that it fails if the tag is incorrect */
  717. && aes_ccm_enc_dec(tst->alg, tst->ct, ct_len,
  718. tst->key, tst->key_len,
  719. tst->iv, tst->iv_len, tst->aad, tst->aad_len,
  720. tst->pt, tst->pt_len,
  721. tag - 1, tag_len, !enc, !pass);
  722. }
  723. static int aes_gcm_enc_dec(const char *alg,
  724. const unsigned char *pt, size_t pt_len,
  725. const unsigned char *key, size_t key_len,
  726. const unsigned char *iv, size_t iv_len,
  727. const unsigned char *aad, size_t aad_len,
  728. const unsigned char *ct, size_t ct_len,
  729. const unsigned char *tag, size_t tag_len,
  730. int enc, int pass)
  731. {
  732. int ret = 0;
  733. EVP_CIPHER_CTX *ctx;
  734. EVP_CIPHER *cipher = NULL;
  735. int out_len, len;
  736. unsigned char out[1024];
  737. TEST_note("%s : %s : expected to %s", alg, enc ? "encrypt" : "decrypt",
  738. pass ? "pass" : "fail");
  739. if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
  740. || !TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, alg, ""))
  741. || !TEST_true(EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc))
  742. || !TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, iv_len,
  743. NULL)))
  744. goto err;
  745. if (!enc) {
  746. if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, tag_len,
  747. (void *)tag)))
  748. goto err;
  749. }
  750. /*
  751. * TODO(3.0): The IV should not be set outside the boundary as it is now.
  752. * It needs to be fed in via a dummy entropy source for this test.
  753. */
  754. if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, enc))
  755. || !TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))
  756. || !TEST_true(EVP_CipherUpdate(ctx, NULL, &len, aad, aad_len))
  757. || !TEST_true(EVP_CipherUpdate(ctx, out, &len, pt, pt_len)))
  758. goto err;
  759. if (!TEST_int_eq(EVP_CipherFinal_ex(ctx, out + len, &out_len), pass))
  760. goto err;
  761. if (!pass) {
  762. ret = 1;
  763. goto err;
  764. }
  765. out_len += len;
  766. if (enc) {
  767. if (!TEST_mem_eq(out, out_len, ct, ct_len)
  768. || !TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG,
  769. tag_len, out + out_len))
  770. || !TEST_mem_eq(out + out_len, tag_len, tag, tag_len))
  771. goto err;
  772. } else {
  773. if (!TEST_mem_eq(out, out_len, ct, ct_len))
  774. goto err;
  775. }
  776. ret = 1;
  777. err:
  778. EVP_CIPHER_free(cipher);
  779. EVP_CIPHER_CTX_free(ctx);
  780. return ret;
  781. }
  782. static int aes_gcm_enc_dec_test(int id)
  783. {
  784. const struct cipher_gcm_st *tst = &aes_gcm_enc_data[id];
  785. int enc = 1;
  786. int pass = 1;
  787. return aes_gcm_enc_dec(tst->alg, tst->pt, tst->pt_len,
  788. tst->key, tst->key_len,
  789. tst->iv, tst->iv_len, tst->aad, tst->aad_len,
  790. tst->ct, tst->ct_len, tst->tag, tst->tag_len,
  791. enc, pass)
  792. && aes_gcm_enc_dec(tst->alg, tst->ct, tst->ct_len,
  793. tst->key, tst->key_len,
  794. tst->iv, tst->iv_len, tst->aad, tst->aad_len,
  795. tst->pt, tst->pt_len, tst->tag, tst->tag_len,
  796. !enc, pass)
  797. /* Fail if incorrect tag passed to decrypt */
  798. && aes_gcm_enc_dec(tst->alg, tst->ct, tst->ct_len,
  799. tst->key, tst->key_len,
  800. tst->iv, tst->iv_len, tst->aad, tst->aad_len,
  801. tst->pt, tst->pt_len, tst->aad, tst->tag_len,
  802. !enc, !pass);
  803. }
  804. #ifndef OPENSSL_NO_DH
  805. static int dh_create_pkey(EVP_PKEY **pkey, const char *group_name,
  806. const unsigned char *pub, size_t pub_len,
  807. const unsigned char *priv, size_t priv_len,
  808. BN_CTX *bn_ctx, int pass)
  809. {
  810. int ret = 0;
  811. EVP_PKEY_CTX *ctx = NULL;
  812. OSSL_PARAM_BLD *bld = NULL;
  813. OSSL_PARAM *params = NULL;
  814. BIGNUM *pub_bn = NULL, *priv_bn = NULL;
  815. if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
  816. || (group_name != NULL
  817. && !TEST_int_gt(OSSL_PARAM_BLD_push_utf8_string(
  818. bld, OSSL_PKEY_PARAM_GROUP_NAME,
  819. group_name, 0), 0)))
  820. goto err;
  821. if (pub != NULL) {
  822. if (!TEST_ptr(pub_bn = BN_CTX_get(bn_ctx))
  823. || !TEST_ptr(BN_bin2bn(pub, pub_len, pub_bn))
  824. || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
  825. pub_bn)))
  826. goto err;
  827. }
  828. if (priv != NULL) {
  829. if (!TEST_ptr(priv_bn = BN_CTX_get(bn_ctx))
  830. || !TEST_ptr(BN_bin2bn(priv, priv_len, priv_bn))
  831. || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
  832. priv_bn)))
  833. goto err;
  834. }
  835. if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
  836. || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "DH", NULL))
  837. || !TEST_true(EVP_PKEY_key_fromdata_init(ctx))
  838. || !TEST_int_eq(EVP_PKEY_fromdata(ctx, pkey, params), pass))
  839. goto err;
  840. ret = 1;
  841. err:
  842. OSSL_PARAM_BLD_free_params(params);
  843. OSSL_PARAM_BLD_free(bld);
  844. EVP_PKEY_CTX_free(ctx);
  845. return ret;
  846. }
  847. static int dh_safe_prime_keygen_test(int id)
  848. {
  849. int ret = 0;
  850. EVP_PKEY_CTX *ctx = NULL;
  851. EVP_PKEY *pkey = NULL;
  852. unsigned char *priv = NULL;
  853. unsigned char *pub = NULL;
  854. size_t priv_len = 0, pub_len = 0;
  855. OSSL_PARAM params[2];
  856. const struct dh_safe_prime_keygen_st *tst = &dh_safe_prime_keygen_data[id];
  857. params[0] = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME,
  858. (char *)tst->group_name, 0);
  859. params[1] = OSSL_PARAM_construct_end();
  860. if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "DH", NULL))
  861. || !TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
  862. || !TEST_true(EVP_PKEY_CTX_set_params(ctx, params))
  863. || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0)
  864. || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_PRIV_KEY,
  865. &priv, &priv_len))
  866. || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_PUB_KEY,
  867. &pub, &pub_len)))
  868. goto err;
  869. test_output_memory("x", priv, priv_len);
  870. test_output_memory("y", pub, pub_len);
  871. ret = 1;
  872. err:
  873. OPENSSL_clear_free(priv, priv_len);
  874. OPENSSL_free(pub);
  875. EVP_PKEY_free(pkey);
  876. EVP_PKEY_CTX_free(ctx);
  877. return ret;
  878. }
  879. static int dh_safe_prime_keyver_test(int id)
  880. {
  881. int ret = 0;
  882. BN_CTX *bn_ctx = NULL;
  883. EVP_PKEY_CTX *key_ctx = NULL;
  884. EVP_PKEY *pkey = NULL;
  885. const struct dh_safe_prime_keyver_st *tst = &dh_safe_prime_keyver_data[id];
  886. if (!TEST_ptr(bn_ctx = BN_CTX_new_ex(libctx))
  887. || !TEST_true(dh_create_pkey(&pkey, tst->group_name,
  888. tst->pub, tst->pub_len,
  889. tst->priv, tst->priv_len, bn_ctx, 1))
  890. || !TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, ""))
  891. || !TEST_int_eq(EVP_PKEY_check(key_ctx), tst->pass))
  892. goto err;
  893. ret = 1;
  894. err:
  895. EVP_PKEY_free(pkey);
  896. EVP_PKEY_CTX_free(key_ctx);
  897. BN_CTX_free(bn_ctx);
  898. return ret;
  899. }
  900. #endif /* OPENSSL_NO_DH */
  901. #ifndef OPENSSL_NO_RSA
  902. static EVP_PKEY *rsa_keygen(int bits)
  903. {
  904. EVP_PKEY *key = NULL;
  905. EVP_PKEY_CTX *keygen_ctx = NULL;
  906. if (!TEST_ptr(keygen_ctx = EVP_PKEY_CTX_new_from_name(libctx, "RSA", NULL))
  907. || !TEST_int_gt(EVP_PKEY_keygen_init(keygen_ctx), 0)
  908. || !TEST_true(EVP_PKEY_CTX_set_rsa_keygen_bits(keygen_ctx, bits))
  909. || !TEST_int_gt(EVP_PKEY_keygen(keygen_ctx, &key), 0))
  910. goto err;
  911. err:
  912. EVP_PKEY_CTX_free(keygen_ctx);
  913. return key;
  914. }
  915. static int rsa_create_pkey(EVP_PKEY **pkey,
  916. const unsigned char *n, size_t n_len,
  917. const unsigned char *e, size_t e_len,
  918. const unsigned char *d, size_t d_len,
  919. BN_CTX *bn_ctx)
  920. {
  921. int ret = 0;
  922. EVP_PKEY_CTX *ctx = NULL;
  923. OSSL_PARAM_BLD *bld = NULL;
  924. OSSL_PARAM *params = NULL;
  925. BIGNUM *e_bn = NULL, *d_bn = NULL, *n_bn = NULL;
  926. if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
  927. || !TEST_ptr(n_bn = BN_CTX_get(bn_ctx))
  928. || !TEST_ptr(BN_bin2bn(n, n_len, n_bn))
  929. || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_N, n_bn)))
  930. goto err;
  931. if (e != NULL) {
  932. if (!TEST_ptr(e_bn = BN_CTX_get(bn_ctx))
  933. || !TEST_ptr(BN_bin2bn(e, e_len, e_bn))
  934. || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_E,
  935. e_bn)))
  936. goto err;
  937. }
  938. if (d != NULL) {
  939. if (!TEST_ptr(d_bn = BN_CTX_get(bn_ctx))
  940. || !TEST_ptr(BN_bin2bn(d, d_len, d_bn))
  941. || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_D,
  942. d_bn)))
  943. goto err;
  944. }
  945. if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
  946. || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "RSA", NULL))
  947. || !TEST_true(EVP_PKEY_key_fromdata_init(ctx))
  948. || !TEST_true(EVP_PKEY_fromdata(ctx, pkey, params)))
  949. goto err;
  950. ret = 1;
  951. err:
  952. OSSL_PARAM_BLD_free_params(params);
  953. OSSL_PARAM_BLD_free(bld);
  954. EVP_PKEY_CTX_free(ctx);
  955. return ret;
  956. }
  957. static int rsa_keygen_test(int id)
  958. {
  959. int ret = 0;
  960. EVP_PKEY_CTX *ctx = NULL;
  961. EVP_PKEY *pkey = NULL;
  962. BIGNUM *e_bn = NULL;
  963. BIGNUM *xp1_bn = NULL, *xp2_bn = NULL, *xp_bn = NULL;
  964. BIGNUM *xq1_bn = NULL, *xq2_bn = NULL, *xq_bn = NULL;
  965. unsigned char *n = NULL, *d = NULL;
  966. unsigned char *p = NULL, *p1 = NULL, *p2 = NULL;
  967. unsigned char *q = NULL, *q1 = NULL, *q2 = NULL;
  968. size_t n_len = 0, d_len = 0;
  969. size_t p_len = 0, p1_len = 0, p2_len = 0;
  970. size_t q_len = 0, q1_len = 0, q2_len = 0;
  971. OSSL_PARAM_BLD *bld = NULL;
  972. OSSL_PARAM *params = NULL;
  973. const struct rsa_keygen_st *tst = &rsa_keygen_data[id];
  974. if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
  975. || !TEST_ptr(xp1_bn = BN_bin2bn(tst->xp1, tst->xp1_len, NULL))
  976. || !TEST_ptr(xp2_bn = BN_bin2bn(tst->xp2, tst->xp2_len, NULL))
  977. || !TEST_ptr(xp_bn = BN_bin2bn(tst->xp, tst->xp_len, NULL))
  978. || !TEST_ptr(xq1_bn = BN_bin2bn(tst->xq1, tst->xq1_len, NULL))
  979. || !TEST_ptr(xq2_bn = BN_bin2bn(tst->xq2, tst->xq2_len, NULL))
  980. || !TEST_ptr(xq_bn = BN_bin2bn(tst->xq, tst->xq_len, NULL))
  981. || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_TEST_XP1,
  982. xp1_bn))
  983. || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_TEST_XP2,
  984. xp2_bn))
  985. || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_TEST_XP,
  986. xp_bn))
  987. || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_TEST_XQ1,
  988. xq1_bn))
  989. || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_TEST_XQ2,
  990. xq2_bn))
  991. || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_TEST_XQ,
  992. xq_bn))
  993. || !TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
  994. goto err;
  995. if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "RSA", NULL))
  996. || !TEST_ptr(e_bn = BN_bin2bn(tst->e, tst->e_len, NULL))
  997. || !TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
  998. || !TEST_true(EVP_PKEY_CTX_set_params(ctx, params))
  999. || !TEST_true(EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, tst->mod))
  1000. || !TEST_true(EVP_PKEY_CTX_set_rsa_keygen_pubexp(ctx, e_bn))
  1001. || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0)
  1002. || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_TEST_P1,
  1003. &p1, &p1_len))
  1004. || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_TEST_P2,
  1005. &p2, &p2_len))
  1006. || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_TEST_Q1,
  1007. &q1, &q1_len))
  1008. || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_TEST_Q2,
  1009. &q2, &q2_len))
  1010. || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_FACTOR1,
  1011. &p, &p_len))
  1012. || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_FACTOR2,
  1013. &q, &q_len))
  1014. || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_N,
  1015. &n, &n_len))
  1016. || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_D,
  1017. &d, &d_len)))
  1018. goto err;
  1019. if (!TEST_mem_eq(tst->p1, tst->p1_len, p1, p1_len)
  1020. || !TEST_mem_eq(tst->p2, tst->p2_len, p2, p2_len)
  1021. || !TEST_mem_eq(tst->p, tst->p_len, p, p_len)
  1022. || !TEST_mem_eq(tst->q1, tst->q1_len, q1, q1_len)
  1023. || !TEST_mem_eq(tst->q2, tst->q2_len, q2, q2_len)
  1024. || !TEST_mem_eq(tst->q, tst->q_len, q, q_len)
  1025. || !TEST_mem_eq(tst->n, tst->n_len, n, n_len)
  1026. || !TEST_mem_eq(tst->d, tst->d_len, d, d_len))
  1027. goto err;
  1028. test_output_memory("p1", p1, p1_len);
  1029. test_output_memory("p2", p2, p2_len);
  1030. test_output_memory("p", p, p_len);
  1031. test_output_memory("q1", q1, q1_len);
  1032. test_output_memory("q2", q2, q2_len);
  1033. test_output_memory("q", q, q_len);
  1034. test_output_memory("n", n, n_len);
  1035. test_output_memory("d", d, d_len);
  1036. ret = 1;
  1037. err:
  1038. BN_free(xp1_bn);
  1039. BN_free(xp2_bn);
  1040. BN_free(xp_bn);
  1041. BN_free(xq1_bn);
  1042. BN_free(xq2_bn);
  1043. BN_free(xq_bn);
  1044. BN_free(e_bn);
  1045. OPENSSL_free(p1);
  1046. OPENSSL_free(p2);
  1047. OPENSSL_free(q1);
  1048. OPENSSL_free(q2);
  1049. OPENSSL_free(p);
  1050. OPENSSL_free(q);
  1051. OPENSSL_free(n);
  1052. OPENSSL_free(d);
  1053. EVP_PKEY_free(pkey);
  1054. EVP_PKEY_CTX_free(ctx);
  1055. OSSL_PARAM_BLD_free_params(params);
  1056. OSSL_PARAM_BLD_free(bld);
  1057. return ret;
  1058. }
  1059. static int rsa_siggen_test(int id)
  1060. {
  1061. int ret = 0;
  1062. EVP_PKEY *pkey = NULL;
  1063. unsigned char *sig = NULL, *n = NULL, *e = NULL;
  1064. size_t sig_len = 0, n_len = 0, e_len = 0;
  1065. OSSL_PARAM params[4], *p;
  1066. const struct rsa_siggen_st *tst = &rsa_siggen_data[id];
  1067. TEST_note("RSA %s signature generation", tst->sig_pad_mode);
  1068. p = params;
  1069. *p++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_PAD_MODE,
  1070. (char *)tst->sig_pad_mode, 0);
  1071. *p++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
  1072. (char *)tst->digest_alg, 0);
  1073. if (tst->pss_salt_len >= 0) {
  1074. int salt_len = tst->pss_salt_len;
  1075. *p++ = OSSL_PARAM_construct_int(OSSL_SIGNATURE_PARAM_PSS_SALTLEN,
  1076. &salt_len);
  1077. }
  1078. *p++ = OSSL_PARAM_construct_end();
  1079. if (!TEST_ptr(pkey = rsa_keygen(tst->mod))
  1080. || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_N, &n, &n_len))
  1081. || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_E, &e, &e_len))
  1082. || !TEST_true(sig_gen(pkey, params, tst->digest_alg,
  1083. tst->msg, tst->msg_len,
  1084. &sig, &sig_len)))
  1085. goto err;
  1086. test_output_memory("n", n, n_len);
  1087. test_output_memory("e", e, e_len);
  1088. test_output_memory("sig", sig, sig_len);
  1089. ret = 1;
  1090. err:
  1091. OPENSSL_free(n);
  1092. OPENSSL_free(e);
  1093. OPENSSL_free(sig);
  1094. EVP_PKEY_free(pkey);
  1095. return ret;
  1096. }
  1097. static int rsa_sigver_test(int id)
  1098. {
  1099. int ret = 0;
  1100. EVP_PKEY_CTX *pkey_ctx = NULL;
  1101. EVP_PKEY *pkey = NULL;
  1102. EVP_MD_CTX *md_ctx = NULL;
  1103. BN_CTX *bn_ctx = NULL;
  1104. OSSL_PARAM params[4], *p;
  1105. const struct rsa_sigver_st *tst = &rsa_sigver_data[id];
  1106. TEST_note("RSA %s Signature Verify : expected to %s ", tst->sig_pad_mode,
  1107. tst->pass == PASS ? "pass" : "fail");
  1108. p = params;
  1109. *p++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_PAD_MODE,
  1110. (char *)tst->sig_pad_mode, 0);
  1111. *p++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
  1112. (char *)tst->digest_alg, 0);
  1113. if (tst->pss_salt_len >= 0) {
  1114. int salt_len = tst->pss_salt_len;
  1115. *p++ = OSSL_PARAM_construct_int(OSSL_SIGNATURE_PARAM_PSS_SALTLEN,
  1116. &salt_len);
  1117. }
  1118. *p++ = OSSL_PARAM_construct_end();
  1119. if (!TEST_ptr(bn_ctx = BN_CTX_new())
  1120. || !TEST_true(rsa_create_pkey(&pkey, tst->n, tst->n_len,
  1121. tst->e, tst->e_len, NULL, 0, bn_ctx))
  1122. || !TEST_ptr(md_ctx = EVP_MD_CTX_new())
  1123. || !TEST_true(EVP_DigestVerifyInit_ex(md_ctx, &pkey_ctx, tst->digest_alg,
  1124. NULL, pkey, libctx)
  1125. || !TEST_true(EVP_PKEY_CTX_set_params(pkey_ctx, params))
  1126. || !TEST_int_eq(EVP_DigestVerify(md_ctx, tst->sig, tst->sig_len,
  1127. tst->msg, tst->msg_len), tst->pass)))
  1128. goto err;
  1129. ret = 1;
  1130. err:
  1131. EVP_PKEY_free(pkey);
  1132. BN_CTX_free(bn_ctx);
  1133. EVP_MD_CTX_free(md_ctx);
  1134. return ret;
  1135. }
  1136. static int rsa_decryption_primitive_test(int id)
  1137. {
  1138. int ret = 0;
  1139. EVP_PKEY_CTX *ctx = NULL;
  1140. EVP_PKEY *pkey = NULL;
  1141. unsigned char pt[2048];
  1142. size_t pt_len = sizeof(pt);
  1143. unsigned char *n = NULL, *e = NULL;
  1144. size_t n_len = 0, e_len = 0;
  1145. BN_CTX *bn_ctx = NULL;
  1146. const struct rsa_decrypt_prim_st *tst = &rsa_decrypt_prim_data[id];
  1147. if (!TEST_ptr(pkey = rsa_keygen(2048))
  1148. || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_N, &n, &n_len))
  1149. || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_E, &e, &e_len))
  1150. || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, ""))
  1151. || !TEST_int_gt(EVP_PKEY_decrypt_init(ctx), 0)
  1152. || !TEST_int_gt(EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_NO_PADDING), 0))
  1153. goto err;
  1154. test_output_memory("n", n, n_len);
  1155. test_output_memory("e", e, e_len);
  1156. if (!EVP_PKEY_decrypt(ctx, pt, &pt_len, tst->ct, tst->ct_len))
  1157. TEST_note("Decryption Failed");
  1158. else
  1159. test_output_memory("pt", pt, pt_len);
  1160. ret = 1;
  1161. err:
  1162. OPENSSL_free(n);
  1163. OPENSSL_free(e);
  1164. EVP_PKEY_CTX_free(ctx);
  1165. EVP_PKEY_free(pkey);
  1166. BN_CTX_free(bn_ctx);
  1167. return ret;
  1168. }
  1169. #endif /* OPENSSL_NO_RSA */
  1170. int setup_tests(void)
  1171. {
  1172. char *config_file = NULL;
  1173. OPTION_CHOICE o;
  1174. while ((o = opt_next()) != OPT_EOF) {
  1175. switch (o) {
  1176. case OPT_CONFIG_FILE:
  1177. config_file = opt_arg();
  1178. break;
  1179. case OPT_TEST_CASES:
  1180. break;
  1181. default:
  1182. case OPT_ERR:
  1183. return 0;
  1184. }
  1185. }
  1186. prov_null = OSSL_PROVIDER_load(NULL, "null");
  1187. if (prov_null == NULL) {
  1188. opt_printf_stderr("Failed to load null provider into default libctx\n");
  1189. return 0;
  1190. }
  1191. libctx = OPENSSL_CTX_new();
  1192. if (libctx == NULL
  1193. || !OPENSSL_CTX_load_config(libctx, config_file)) {
  1194. opt_printf_stderr("Failed to load config\n");
  1195. return 0;
  1196. }
  1197. ADD_ALL_TESTS(cipher_enc_dec_test, OSSL_NELEM(cipher_enc_data));
  1198. ADD_ALL_TESTS(aes_ccm_enc_dec_test, OSSL_NELEM(aes_ccm_enc_data));
  1199. ADD_ALL_TESTS(aes_gcm_enc_dec_test, OSSL_NELEM(aes_gcm_enc_data));
  1200. #ifndef OPENSSL_NO_RSA
  1201. ADD_ALL_TESTS(rsa_keygen_test, OSSL_NELEM(rsa_keygen_data));
  1202. ADD_ALL_TESTS(rsa_siggen_test, OSSL_NELEM(rsa_siggen_data));
  1203. ADD_ALL_TESTS(rsa_sigver_test, OSSL_NELEM(rsa_sigver_data));
  1204. ADD_ALL_TESTS(rsa_decryption_primitive_test,
  1205. OSSL_NELEM(rsa_decrypt_prim_data));
  1206. #endif /* OPENSSL_NO_RSA */
  1207. #ifndef OPENSSL_NO_DH
  1208. ADD_ALL_TESTS(dh_safe_prime_keygen_test,
  1209. OSSL_NELEM(dh_safe_prime_keygen_data));
  1210. ADD_ALL_TESTS(dh_safe_prime_keyver_test,
  1211. OSSL_NELEM(dh_safe_prime_keyver_data));
  1212. #endif /* OPENSSL_NO_DH */
  1213. #ifndef OPENSSL_NO_DSA
  1214. ADD_ALL_TESTS(dsa_keygen_test, OSSL_NELEM(dsa_keygen_data));
  1215. ADD_ALL_TESTS(dsa_paramgen_test, OSSL_NELEM(dsa_paramgen_data));
  1216. ADD_ALL_TESTS(dsa_pqver_test, OSSL_NELEM(dsa_pqver_data));
  1217. ADD_ALL_TESTS(dsa_siggen_test, OSSL_NELEM(dsa_siggen_data));
  1218. ADD_ALL_TESTS(dsa_sigver_test, OSSL_NELEM(dsa_sigver_data));
  1219. #endif /* OPENSSL_NO_DSA */
  1220. #ifndef OPENSSL_NO_EC
  1221. ADD_ALL_TESTS(ecdsa_keygen_test, OSSL_NELEM(ecdsa_keygen_data));
  1222. ADD_ALL_TESTS(ecdsa_pub_verify_test, OSSL_NELEM(ecdsa_pv_data));
  1223. ADD_ALL_TESTS(ecdsa_siggen_test, OSSL_NELEM(ecdsa_siggen_data));
  1224. ADD_ALL_TESTS(ecdsa_sigver_test, OSSL_NELEM(ecdsa_sigver_data));
  1225. #endif /* OPENSSL_NO_EC */
  1226. return 1;
  1227. }
  1228. void cleanup_tests(void)
  1229. {
  1230. OSSL_PROVIDER_unload(prov_null);
  1231. OPENSSL_CTX_free(libctx);
  1232. }