evp_test.c 48 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166116711681169117011711172117311741175117611771178117911801181118211831184118511861187118811891190119111921193119411951196119711981199120012011202120312041205120612071208120912101211121212131214121512161217121812191220122112221223122412251226122712281229123012311232123312341235123612371238123912401241124212431244124512461247124812491250125112521253125412551256125712581259126012611262126312641265126612671268126912701271127212731274127512761277127812791280128112821283128412851286128712881289129012911292129312941295129612971298129913001301130213031304130513061307130813091310131113121313131413151316131713181319132013211322132313241325132613271328132913301331133213331334133513361337133813391340134113421343134413451346134713481349135013511352135313541355135613571358135913601361136213631364136513661367136813691370137113721373137413751376137713781379138013811382138313841385138613871388138913901391139213931394139513961397139813991400140114021403140414051406140714081409141014111412141314141415141614171418141914201421142214231424142514261427142814291430143114321433143414351436143714381439144014411442144314441445144614471448144914501451145214531454145514561457145814591460146114621463146414651466146714681469147014711472147314741475147614771478147914801481148214831484148514861487148814891490149114921493149414951496149714981499150015011502150315041505150615071508150915101511151215131514151515161517151815191520152115221523152415251526152715281529153015311532153315341535153615371538153915401541154215431544154515461547154815491550155115521553155415551556155715581559156015611562156315641565156615671568156915701571157215731574157515761577157815791580158115821583158415851586158715881589159015911592159315941595159615971598159916001601160216031604160516061607160816091610161116121613161416151616161716181619162016211622162316241625162616271628162916301631163216331634163516361637163816391640164116421643164416451646164716481649165016511652165316541655165616571658165916601661166216631664166516661667166816691670167116721673167416751676167716781679168016811682168316841685168616871688168916901691169216931694169516961697169816991700170117021703170417051706170717081709171017111712171317141715171617171718171917201721172217231724172517261727172817291730173117321733173417351736173717381739174017411742174317441745174617471748174917501751175217531754175517561757175817591760176117621763176417651766176717681769177017711772177317741775177617771778177917801781
  1. /* evp_test.c */
  2. /*
  3. * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  4. * project.
  5. */
  6. /* ====================================================================
  7. * Copyright (c) 2015 The OpenSSL Project. All rights reserved.
  8. *
  9. * Redistribution and use in source and binary forms, with or without
  10. * modification, are permitted provided that the following conditions
  11. * are met:
  12. *
  13. * 1. Redistributions of source code must retain the above copyright
  14. * notice, this list of conditions and the following disclaimer.
  15. *
  16. * 2. Redistributions in binary form must reproduce the above copyright
  17. * notice, this list of conditions and the following disclaimer in
  18. * the documentation and/or other materials provided with the
  19. * distribution.
  20. *
  21. * 3. All advertising materials mentioning features or use of this
  22. * software must display the following acknowledgment:
  23. * "This product includes software developed by the OpenSSL Project
  24. * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
  25. *
  26. * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
  27. * endorse or promote products derived from this software without
  28. * prior written permission. For written permission, please contact
  29. * licensing@OpenSSL.org.
  30. *
  31. * 5. Products derived from this software may not be called "OpenSSL"
  32. * nor may "OpenSSL" appear in their names without prior written
  33. * permission of the OpenSSL Project.
  34. *
  35. * 6. Redistributions of any form whatsoever must retain the following
  36. * acknowledgment:
  37. * "This product includes software developed by the OpenSSL Project
  38. * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
  39. *
  40. * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
  41. * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  42. * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
  43. * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
  44. * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  45. * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
  46. * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
  47. * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  48. * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
  49. * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  50. * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
  51. * OF THE POSSIBILITY OF SUCH DAMAGE.
  52. * ====================================================================
  53. */
  54. #include <stdio.h>
  55. #include <string.h>
  56. #include <stdlib.h>
  57. #include <ctype.h>
  58. #include <openssl/evp.h>
  59. #include <openssl/pem.h>
  60. #include <openssl/err.h>
  61. #include <openssl/x509v3.h>
  62. #include <openssl/pkcs12.h>
  63. #include <openssl/kdf.h>
  64. #include "internal/numbers.h"
  65. /* Remove spaces from beginning and end of a string */
  66. static void remove_space(char **pval)
  67. {
  68. unsigned char *p = (unsigned char *)*pval;
  69. while (isspace(*p))
  70. p++;
  71. *pval = (char *)p;
  72. p = p + strlen(*pval) - 1;
  73. /* Remove trailing space */
  74. while (isspace(*p))
  75. *p-- = 0;
  76. }
  77. /*
  78. * Given a line of the form:
  79. * name = value # comment
  80. * extract name and value. NB: modifies passed buffer.
  81. */
  82. static int parse_line(char **pkw, char **pval, char *linebuf)
  83. {
  84. char *p;
  85. p = linebuf + strlen(linebuf) - 1;
  86. if (*p != '\n') {
  87. fprintf(stderr, "FATAL: missing EOL\n");
  88. exit(1);
  89. }
  90. /* Look for # */
  91. p = strchr(linebuf, '#');
  92. if (p)
  93. *p = '\0';
  94. /* Look for = sign */
  95. p = strchr(linebuf, '=');
  96. /* If no '=' exit */
  97. if (!p)
  98. return 0;
  99. *p++ = '\0';
  100. *pkw = linebuf;
  101. *pval = p;
  102. /* Remove spaces from keyword and value */
  103. remove_space(pkw);
  104. remove_space(pval);
  105. return 1;
  106. }
  107. /*
  108. * Unescape some escape sequences in string literals.
  109. * Return the result in a newly allocated buffer.
  110. * Currently only supports '\n'.
  111. * If the input length is 0, returns a valid 1-byte buffer, but sets
  112. * the length to 0.
  113. */
  114. static unsigned char* unescape(const char *input, size_t input_len,
  115. size_t *out_len)
  116. {
  117. unsigned char *ret, *p;
  118. size_t i;
  119. if (input_len == 0) {
  120. *out_len = 0;
  121. return OPENSSL_zalloc(1);
  122. }
  123. /* Escaping is non-expanding; over-allocate original size for simplicity. */
  124. ret = p = OPENSSL_malloc(input_len);
  125. if (ret == NULL)
  126. return NULL;
  127. for (i = 0; i < input_len; i++) {
  128. if (input[i] == '\\') {
  129. if (i == input_len - 1 || input[i+1] != 'n')
  130. goto err;
  131. *p++ = '\n';
  132. i++;
  133. } else {
  134. *p++ = input[i];
  135. }
  136. }
  137. *out_len = p - ret;
  138. return ret;
  139. err:
  140. OPENSSL_free(ret);
  141. return NULL;
  142. }
  143. /* For a hex string "value" convert to a binary allocated buffer */
  144. static int test_bin(const char *value, unsigned char **buf, size_t *buflen)
  145. {
  146. long len;
  147. if (!*value) {
  148. /*
  149. * Don't return NULL for zero length buffer.
  150. * This is needed for some tests with empty keys: HMAC_Init_ex() expects
  151. * a non-NULL key buffer even if the key length is 0, in order to detect
  152. * key reset.
  153. */
  154. *buf = OPENSSL_malloc(1);
  155. if (!*buf)
  156. return 0;
  157. **buf = 0;
  158. *buflen = 0;
  159. return 1;
  160. }
  161. /* Check for string literal */
  162. if (value[0] == '"') {
  163. size_t vlen;
  164. value++;
  165. vlen = strlen(value);
  166. if (value[vlen - 1] != '"')
  167. return 0;
  168. vlen--;
  169. *buf = unescape(value, vlen, buflen);
  170. if (*buf == NULL)
  171. return 0;
  172. return 1;
  173. }
  174. *buf = string_to_hex(value, &len);
  175. if (!*buf) {
  176. fprintf(stderr, "Value=%s\n", value);
  177. ERR_print_errors_fp(stderr);
  178. return -1;
  179. }
  180. /* Size of input buffer means we'll never overflow */
  181. *buflen = len;
  182. return 1;
  183. }
  184. /* Parse unsigned decimal 64 bit integer value */
  185. static int test_uint64(const char *value, uint64_t *pr)
  186. {
  187. const char *p = value;
  188. if (!*p) {
  189. fprintf(stderr, "Invalid empty integer value\n");
  190. return -1;
  191. }
  192. *pr = 0;
  193. while (*p) {
  194. if (*pr > UINT64_MAX/10) {
  195. fprintf(stderr, "Integer string overflow value=%s\n", value);
  196. return -1;
  197. }
  198. *pr *= 10;
  199. if (*p < '0' || *p > '9') {
  200. fprintf(stderr, "Invalid integer string value=%s\n", value);
  201. return -1;
  202. }
  203. *pr += *p - '0';
  204. p++;
  205. }
  206. return 1;
  207. }
  208. /* Structure holding test information */
  209. struct evp_test {
  210. /* file being read */
  211. FILE *in;
  212. /* List of public and private keys */
  213. struct key_list *private;
  214. struct key_list *public;
  215. /* method for this test */
  216. const struct evp_test_method *meth;
  217. /* current line being processed */
  218. unsigned int line;
  219. /* start line of current test */
  220. unsigned int start_line;
  221. /* Error string for test */
  222. const char *err;
  223. /* Expected error value of test */
  224. char *expected_err;
  225. /* Number of tests */
  226. int ntests;
  227. /* Error count */
  228. int errors;
  229. /* Number of tests skipped */
  230. int nskip;
  231. /* If output mismatch expected and got value */
  232. unsigned char *out_received;
  233. size_t out_received_len;
  234. unsigned char *out_expected;
  235. size_t out_expected_len;
  236. /* test specific data */
  237. void *data;
  238. /* Current test should be skipped */
  239. int skip;
  240. };
  241. struct key_list {
  242. char *name;
  243. EVP_PKEY *key;
  244. struct key_list *next;
  245. };
  246. /* Test method structure */
  247. struct evp_test_method {
  248. /* Name of test as it appears in file */
  249. const char *name;
  250. /* Initialise test for "alg" */
  251. int (*init) (struct evp_test * t, const char *alg);
  252. /* Clean up method */
  253. void (*cleanup) (struct evp_test * t);
  254. /* Test specific name value pair processing */
  255. int (*parse) (struct evp_test * t, const char *name, const char *value);
  256. /* Run the test itself */
  257. int (*run_test) (struct evp_test * t);
  258. };
  259. static const struct evp_test_method digest_test_method, cipher_test_method;
  260. static const struct evp_test_method mac_test_method;
  261. static const struct evp_test_method psign_test_method, pverify_test_method;
  262. static const struct evp_test_method pdecrypt_test_method;
  263. static const struct evp_test_method pverify_recover_test_method;
  264. static const struct evp_test_method pbe_test_method;
  265. static const struct evp_test_method encode_test_method;
  266. static const struct evp_test_method kdf_test_method;
  267. static const struct evp_test_method *evp_test_list[] = {
  268. &digest_test_method,
  269. &cipher_test_method,
  270. &mac_test_method,
  271. &psign_test_method,
  272. &pverify_test_method,
  273. &pdecrypt_test_method,
  274. &pverify_recover_test_method,
  275. &pbe_test_method,
  276. &encode_test_method,
  277. &kdf_test_method,
  278. NULL
  279. };
  280. static const struct evp_test_method *evp_find_test(const char *name)
  281. {
  282. const struct evp_test_method **tt;
  283. for (tt = evp_test_list; *tt; tt++) {
  284. if (strcmp(name, (*tt)->name) == 0)
  285. return *tt;
  286. }
  287. return NULL;
  288. }
  289. static void hex_print(const char *name, const unsigned char *buf, size_t len)
  290. {
  291. size_t i;
  292. fprintf(stderr, "%s ", name);
  293. for (i = 0; i < len; i++)
  294. fprintf(stderr, "%02X", buf[i]);
  295. fputs("\n", stderr);
  296. }
  297. static void free_expected(struct evp_test *t)
  298. {
  299. OPENSSL_free(t->expected_err);
  300. t->expected_err = NULL;
  301. OPENSSL_free(t->out_expected);
  302. OPENSSL_free(t->out_received);
  303. t->out_expected = NULL;
  304. t->out_received = NULL;
  305. t->out_expected_len = 0;
  306. t->out_received_len = 0;
  307. /* Literals. */
  308. t->err = NULL;
  309. }
  310. static void print_expected(struct evp_test *t)
  311. {
  312. if (t->out_expected == NULL && t->out_received == NULL)
  313. return;
  314. hex_print("Expected:", t->out_expected, t->out_expected_len);
  315. hex_print("Got: ", t->out_received, t->out_received_len);
  316. free_expected(t);
  317. }
  318. static int check_test_error(struct evp_test *t)
  319. {
  320. if (!t->err && !t->expected_err)
  321. return 1;
  322. if (t->err && !t->expected_err) {
  323. fprintf(stderr, "Test line %d: unexpected error %s\n",
  324. t->start_line, t->err);
  325. print_expected(t);
  326. return 0;
  327. }
  328. if (!t->err && t->expected_err) {
  329. fprintf(stderr, "Test line %d: succeeded expecting %s\n",
  330. t->start_line, t->expected_err);
  331. return 0;
  332. }
  333. if (strcmp(t->err, t->expected_err) == 0)
  334. return 1;
  335. fprintf(stderr, "Test line %d: expecting %s got %s\n",
  336. t->start_line, t->expected_err, t->err);
  337. return 0;
  338. }
  339. /* Setup a new test, run any existing test */
  340. static int setup_test(struct evp_test *t, const struct evp_test_method *tmeth)
  341. {
  342. /* If we already have a test set up run it */
  343. if (t->meth) {
  344. t->ntests++;
  345. if (t->skip) {
  346. t->meth = tmeth;
  347. t->nskip++;
  348. return 1;
  349. }
  350. t->err = NULL;
  351. if (t->meth->run_test(t) != 1) {
  352. fprintf(stderr, "%s test error line %d\n",
  353. t->meth->name, t->start_line);
  354. return 0;
  355. }
  356. if (!check_test_error(t)) {
  357. if (t->err)
  358. ERR_print_errors_fp(stderr);
  359. t->errors++;
  360. }
  361. ERR_clear_error();
  362. t->meth->cleanup(t);
  363. OPENSSL_free(t->data);
  364. t->data = NULL;
  365. OPENSSL_free(t->expected_err);
  366. t->expected_err = NULL;
  367. free_expected(t);
  368. }
  369. t->meth = tmeth;
  370. return 1;
  371. }
  372. static int find_key(EVP_PKEY **ppk, const char *name, struct key_list *lst)
  373. {
  374. for (; lst; lst = lst->next) {
  375. if (strcmp(lst->name, name) == 0) {
  376. if (ppk)
  377. *ppk = lst->key;
  378. return 1;
  379. }
  380. }
  381. return 0;
  382. }
  383. static void free_key_list(struct key_list *lst)
  384. {
  385. while (lst != NULL) {
  386. struct key_list *ltmp;
  387. EVP_PKEY_free(lst->key);
  388. OPENSSL_free(lst->name);
  389. ltmp = lst->next;
  390. OPENSSL_free(lst);
  391. lst = ltmp;
  392. }
  393. }
  394. static int check_unsupported()
  395. {
  396. long err = ERR_peek_error();
  397. if (ERR_GET_LIB(err) == ERR_LIB_EVP
  398. && ERR_GET_REASON(err) == EVP_R_UNSUPPORTED_ALGORITHM) {
  399. ERR_clear_error();
  400. return 1;
  401. }
  402. return 0;
  403. }
  404. static int process_test(struct evp_test *t, char *buf, int verbose)
  405. {
  406. char *keyword = NULL, *value = NULL;
  407. int rv = 0, add_key = 0;
  408. long save_pos = 0;
  409. struct key_list **lst = NULL, *key = NULL;
  410. EVP_PKEY *pk = NULL;
  411. const struct evp_test_method *tmeth = NULL;
  412. if (verbose)
  413. fputs(buf, stdout);
  414. if (!parse_line(&keyword, &value, buf))
  415. return 1;
  416. if (strcmp(keyword, "PrivateKey") == 0) {
  417. save_pos = ftell(t->in);
  418. pk = PEM_read_PrivateKey(t->in, NULL, 0, NULL);
  419. if (pk == NULL && !check_unsupported()) {
  420. fprintf(stderr, "Error reading private key %s\n", value);
  421. ERR_print_errors_fp(stderr);
  422. return 0;
  423. }
  424. lst = &t->private;
  425. add_key = 1;
  426. }
  427. if (strcmp(keyword, "PublicKey") == 0) {
  428. save_pos = ftell(t->in);
  429. pk = PEM_read_PUBKEY(t->in, NULL, 0, NULL);
  430. if (pk == NULL && !check_unsupported()) {
  431. fprintf(stderr, "Error reading public key %s\n", value);
  432. ERR_print_errors_fp(stderr);
  433. return 0;
  434. }
  435. lst = &t->public;
  436. add_key = 1;
  437. }
  438. /* If we have a key add to list */
  439. if (add_key) {
  440. char tmpbuf[80];
  441. if (find_key(NULL, value, *lst)) {
  442. fprintf(stderr, "Duplicate key %s\n", value);
  443. return 0;
  444. }
  445. key = OPENSSL_malloc(sizeof(*key));
  446. if (!key)
  447. return 0;
  448. key->name = OPENSSL_strdup(value);
  449. key->key = pk;
  450. key->next = *lst;
  451. *lst = key;
  452. /* Rewind input, read to end and update line numbers */
  453. fseek(t->in, save_pos, SEEK_SET);
  454. while (fgets(tmpbuf, sizeof(tmpbuf), t->in)) {
  455. t->line++;
  456. if (strncmp(tmpbuf, "-----END", 8) == 0)
  457. return 1;
  458. }
  459. fprintf(stderr, "Can't find key end\n");
  460. return 0;
  461. }
  462. /* See if keyword corresponds to a test start */
  463. tmeth = evp_find_test(keyword);
  464. if (tmeth) {
  465. if (!setup_test(t, tmeth))
  466. return 0;
  467. t->start_line = t->line;
  468. t->skip = 0;
  469. if (!tmeth->init(t, value)) {
  470. fprintf(stderr, "Unknown %s: %s\n", keyword, value);
  471. return 0;
  472. }
  473. return 1;
  474. } else if (t->skip) {
  475. return 1;
  476. } else if (strcmp(keyword, "Result") == 0) {
  477. if (t->expected_err) {
  478. fprintf(stderr, "Line %d: multiple result lines\n", t->line);
  479. return 0;
  480. }
  481. t->expected_err = OPENSSL_strdup(value);
  482. if (!t->expected_err)
  483. return 0;
  484. } else {
  485. /* Must be test specific line: try to parse it */
  486. if (t->meth)
  487. rv = t->meth->parse(t, keyword, value);
  488. if (rv == 0)
  489. fprintf(stderr, "line %d: unexpected keyword %s\n",
  490. t->line, keyword);
  491. if (rv < 0)
  492. fprintf(stderr, "line %d: error processing keyword %s\n",
  493. t->line, keyword);
  494. if (rv <= 0)
  495. return 0;
  496. }
  497. return 1;
  498. }
  499. static int check_var_length_output(struct evp_test *t,
  500. const unsigned char *expected,
  501. size_t expected_len,
  502. const unsigned char *received,
  503. size_t received_len)
  504. {
  505. if (expected_len == received_len &&
  506. memcmp(expected, received, expected_len) == 0) {
  507. return 0;
  508. }
  509. /* The result printing code expects a non-NULL buffer. */
  510. t->out_expected = OPENSSL_memdup(expected, expected_len ? expected_len : 1);
  511. t->out_expected_len = expected_len;
  512. t->out_received = OPENSSL_memdup(received, received_len ? received_len : 1);
  513. t->out_received_len = received_len;
  514. if (t->out_expected == NULL || t->out_received == NULL) {
  515. fprintf(stderr, "Memory allocation error!\n");
  516. exit(1);
  517. }
  518. return 1;
  519. }
  520. static int check_output(struct evp_test *t,
  521. const unsigned char *expected,
  522. const unsigned char *received,
  523. size_t len)
  524. {
  525. return check_var_length_output(t, expected, len, received, len);
  526. }
  527. int main(int argc, char **argv)
  528. {
  529. FILE *in = NULL;
  530. char buf[10240];
  531. struct evp_test t;
  532. if (argc != 2) {
  533. fprintf(stderr, "usage: evp_test testfile.txt\n");
  534. return 1;
  535. }
  536. CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
  537. ERR_load_crypto_strings();
  538. OpenSSL_add_all_algorithms();
  539. memset(&t, 0, sizeof(t));
  540. t.start_line = -1;
  541. in = fopen(argv[1], "r");
  542. t.in = in;
  543. while (fgets(buf, sizeof(buf), in)) {
  544. t.line++;
  545. if (!process_test(&t, buf, 0))
  546. exit(1);
  547. }
  548. /* Run any final test we have */
  549. if (!setup_test(&t, NULL))
  550. exit(1);
  551. fprintf(stderr, "%d tests completed with %d errors, %d skipped\n",
  552. t.ntests, t.errors, t.nskip);
  553. free_key_list(t.public);
  554. free_key_list(t.private);
  555. fclose(in);
  556. EVP_cleanup();
  557. CRYPTO_cleanup_all_ex_data();
  558. ERR_remove_thread_state(NULL);
  559. ERR_free_strings();
  560. #ifndef OPENSSL_NO_CRYPTO_MDEBUG
  561. CRYPTO_mem_leaks_fp(stderr);
  562. #endif
  563. if (t.errors)
  564. return 1;
  565. return 0;
  566. }
  567. static void test_free(void *d)
  568. {
  569. OPENSSL_free(d);
  570. }
  571. /* Message digest tests */
  572. struct digest_data {
  573. /* Digest this test is for */
  574. const EVP_MD *digest;
  575. /* Input to digest */
  576. unsigned char *input;
  577. size_t input_len;
  578. /* Repeat count for input */
  579. size_t nrpt;
  580. /* Expected output */
  581. unsigned char *output;
  582. size_t output_len;
  583. };
  584. static int digest_test_init(struct evp_test *t, const char *alg)
  585. {
  586. const EVP_MD *digest;
  587. struct digest_data *mdat;
  588. digest = EVP_get_digestbyname(alg);
  589. if (!digest) {
  590. /* If alg has an OID assume disabled algorithm */
  591. if (OBJ_sn2nid(alg) != NID_undef || OBJ_ln2nid(alg) != NID_undef) {
  592. t->skip = 1;
  593. return 1;
  594. }
  595. return 0;
  596. }
  597. mdat = OPENSSL_malloc(sizeof(*mdat));
  598. mdat->digest = digest;
  599. mdat->input = NULL;
  600. mdat->output = NULL;
  601. mdat->nrpt = 1;
  602. t->data = mdat;
  603. return 1;
  604. }
  605. static void digest_test_cleanup(struct evp_test *t)
  606. {
  607. struct digest_data *mdat = t->data;
  608. test_free(mdat->input);
  609. test_free(mdat->output);
  610. }
  611. static int digest_test_parse(struct evp_test *t,
  612. const char *keyword, const char *value)
  613. {
  614. struct digest_data *mdata = t->data;
  615. if (strcmp(keyword, "Input") == 0)
  616. return test_bin(value, &mdata->input, &mdata->input_len);
  617. if (strcmp(keyword, "Output") == 0)
  618. return test_bin(value, &mdata->output, &mdata->output_len);
  619. if (strcmp(keyword, "Count") == 0) {
  620. long nrpt = atoi(value);
  621. if (nrpt <= 0)
  622. return 0;
  623. mdata->nrpt = (size_t)nrpt;
  624. return 1;
  625. }
  626. return 0;
  627. }
  628. static int digest_test_run(struct evp_test *t)
  629. {
  630. struct digest_data *mdata = t->data;
  631. size_t i;
  632. const char *err = "INTERNAL_ERROR";
  633. EVP_MD_CTX *mctx;
  634. unsigned char md[EVP_MAX_MD_SIZE];
  635. unsigned int md_len;
  636. mctx = EVP_MD_CTX_new();
  637. if (!mctx)
  638. goto err;
  639. err = "DIGESTINIT_ERROR";
  640. if (!EVP_DigestInit_ex(mctx, mdata->digest, NULL))
  641. goto err;
  642. err = "DIGESTUPDATE_ERROR";
  643. for (i = 0; i < mdata->nrpt; i++) {
  644. if (!EVP_DigestUpdate(mctx, mdata->input, mdata->input_len))
  645. goto err;
  646. }
  647. err = "DIGESTFINAL_ERROR";
  648. if (!EVP_DigestFinal(mctx, md, &md_len))
  649. goto err;
  650. err = "DIGEST_LENGTH_MISMATCH";
  651. if (md_len != mdata->output_len)
  652. goto err;
  653. err = "DIGEST_MISMATCH";
  654. if (check_output(t, mdata->output, md, md_len))
  655. goto err;
  656. err = NULL;
  657. err:
  658. EVP_MD_CTX_free(mctx);
  659. t->err = err;
  660. return 1;
  661. }
  662. static const struct evp_test_method digest_test_method = {
  663. "Digest",
  664. digest_test_init,
  665. digest_test_cleanup,
  666. digest_test_parse,
  667. digest_test_run
  668. };
  669. /* Cipher tests */
  670. struct cipher_data {
  671. const EVP_CIPHER *cipher;
  672. int enc;
  673. /* EVP_CIPH_GCM_MODE, EVP_CIPH_CCM_MODE or EVP_CIPH_OCB_MODE if AEAD */
  674. int aead;
  675. unsigned char *key;
  676. size_t key_len;
  677. unsigned char *iv;
  678. size_t iv_len;
  679. unsigned char *plaintext;
  680. size_t plaintext_len;
  681. unsigned char *ciphertext;
  682. size_t ciphertext_len;
  683. /* GCM, CCM only */
  684. unsigned char *aad;
  685. size_t aad_len;
  686. unsigned char *tag;
  687. size_t tag_len;
  688. };
  689. static int cipher_test_init(struct evp_test *t, const char *alg)
  690. {
  691. const EVP_CIPHER *cipher;
  692. struct cipher_data *cdat = t->data;
  693. cipher = EVP_get_cipherbyname(alg);
  694. if (!cipher) {
  695. /* If alg has an OID assume disabled algorithm */
  696. if (OBJ_sn2nid(alg) != NID_undef || OBJ_ln2nid(alg) != NID_undef) {
  697. t->skip = 1;
  698. return 1;
  699. }
  700. return 0;
  701. }
  702. cdat = OPENSSL_malloc(sizeof(*cdat));
  703. cdat->cipher = cipher;
  704. cdat->enc = -1;
  705. cdat->key = NULL;
  706. cdat->iv = NULL;
  707. cdat->ciphertext = NULL;
  708. cdat->plaintext = NULL;
  709. cdat->aad = NULL;
  710. cdat->tag = NULL;
  711. t->data = cdat;
  712. if (EVP_CIPHER_mode(cipher) == EVP_CIPH_GCM_MODE
  713. || EVP_CIPHER_mode(cipher) == EVP_CIPH_OCB_MODE
  714. || EVP_CIPHER_mode(cipher) == EVP_CIPH_CCM_MODE)
  715. cdat->aead = EVP_CIPHER_mode(cipher);
  716. else if (EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER)
  717. cdat->aead = -1;
  718. else
  719. cdat->aead = 0;
  720. return 1;
  721. }
  722. static void cipher_test_cleanup(struct evp_test *t)
  723. {
  724. struct cipher_data *cdat = t->data;
  725. test_free(cdat->key);
  726. test_free(cdat->iv);
  727. test_free(cdat->ciphertext);
  728. test_free(cdat->plaintext);
  729. test_free(cdat->aad);
  730. test_free(cdat->tag);
  731. }
  732. static int cipher_test_parse(struct evp_test *t, const char *keyword,
  733. const char *value)
  734. {
  735. struct cipher_data *cdat = t->data;
  736. if (strcmp(keyword, "Key") == 0)
  737. return test_bin(value, &cdat->key, &cdat->key_len);
  738. if (strcmp(keyword, "IV") == 0)
  739. return test_bin(value, &cdat->iv, &cdat->iv_len);
  740. if (strcmp(keyword, "Plaintext") == 0)
  741. return test_bin(value, &cdat->plaintext, &cdat->plaintext_len);
  742. if (strcmp(keyword, "Ciphertext") == 0)
  743. return test_bin(value, &cdat->ciphertext, &cdat->ciphertext_len);
  744. if (cdat->aead) {
  745. if (strcmp(keyword, "AAD") == 0)
  746. return test_bin(value, &cdat->aad, &cdat->aad_len);
  747. if (strcmp(keyword, "Tag") == 0)
  748. return test_bin(value, &cdat->tag, &cdat->tag_len);
  749. }
  750. if (strcmp(keyword, "Operation") == 0) {
  751. if (strcmp(value, "ENCRYPT") == 0)
  752. cdat->enc = 1;
  753. else if (strcmp(value, "DECRYPT") == 0)
  754. cdat->enc = 0;
  755. else
  756. return 0;
  757. return 1;
  758. }
  759. return 0;
  760. }
  761. static int cipher_test_enc(struct evp_test *t, int enc)
  762. {
  763. struct cipher_data *cdat = t->data;
  764. unsigned char *in, *out, *tmp = NULL;
  765. size_t in_len, out_len;
  766. int tmplen, tmpflen;
  767. EVP_CIPHER_CTX *ctx = NULL;
  768. const char *err;
  769. err = "INTERNAL_ERROR";
  770. ctx = EVP_CIPHER_CTX_new();
  771. if (!ctx)
  772. goto err;
  773. EVP_CIPHER_CTX_set_flags(ctx, EVP_CIPHER_CTX_FLAG_WRAP_ALLOW);
  774. if (enc) {
  775. in = cdat->plaintext;
  776. in_len = cdat->plaintext_len;
  777. out = cdat->ciphertext;
  778. out_len = cdat->ciphertext_len;
  779. } else {
  780. in = cdat->ciphertext;
  781. in_len = cdat->ciphertext_len;
  782. out = cdat->plaintext;
  783. out_len = cdat->plaintext_len;
  784. }
  785. tmp = OPENSSL_malloc(in_len + 2 * EVP_MAX_BLOCK_LENGTH);
  786. if (!tmp)
  787. goto err;
  788. err = "CIPHERINIT_ERROR";
  789. if (!EVP_CipherInit_ex(ctx, cdat->cipher, NULL, NULL, NULL, enc))
  790. goto err;
  791. err = "INVALID_IV_LENGTH";
  792. if (cdat->iv) {
  793. if (cdat->aead) {
  794. if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN,
  795. cdat->iv_len, 0))
  796. goto err;
  797. } else if (cdat->iv_len != (size_t)EVP_CIPHER_CTX_iv_length(ctx))
  798. goto err;
  799. }
  800. if (cdat->aead) {
  801. unsigned char *tag;
  802. /*
  803. * If encrypting or OCB just set tag length initially, otherwise
  804. * set tag length and value.
  805. */
  806. if (enc || cdat->aead == EVP_CIPH_OCB_MODE) {
  807. err = "TAG_LENGTH_SET_ERROR";
  808. tag = NULL;
  809. } else {
  810. err = "TAG_SET_ERROR";
  811. tag = cdat->tag;
  812. }
  813. if (tag || cdat->aead != EVP_CIPH_GCM_MODE) {
  814. if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
  815. cdat->tag_len, tag))
  816. goto err;
  817. }
  818. }
  819. err = "INVALID_KEY_LENGTH";
  820. if (!EVP_CIPHER_CTX_set_key_length(ctx, cdat->key_len))
  821. goto err;
  822. err = "KEY_SET_ERROR";
  823. if (!EVP_CipherInit_ex(ctx, NULL, NULL, cdat->key, cdat->iv, -1))
  824. goto err;
  825. if (!enc && cdat->aead == EVP_CIPH_OCB_MODE) {
  826. if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
  827. cdat->tag_len, cdat->tag)) {
  828. err = "TAG_SET_ERROR";
  829. goto err;
  830. }
  831. }
  832. if (cdat->aead == EVP_CIPH_CCM_MODE) {
  833. if (!EVP_CipherUpdate(ctx, NULL, &tmplen, NULL, out_len)) {
  834. err = "CCM_PLAINTEXT_LENGTH_SET_ERROR";
  835. goto err;
  836. }
  837. }
  838. if (cdat->aad) {
  839. if (!EVP_CipherUpdate(ctx, NULL, &tmplen, cdat->aad, cdat->aad_len)) {
  840. err = "AAD_SET_ERROR";
  841. goto err;
  842. }
  843. }
  844. EVP_CIPHER_CTX_set_padding(ctx, 0);
  845. err = "CIPHERUPDATE_ERROR";
  846. if (!EVP_CipherUpdate(ctx, tmp, &tmplen, in, in_len))
  847. goto err;
  848. if (cdat->aead == EVP_CIPH_CCM_MODE)
  849. tmpflen = 0;
  850. else {
  851. err = "CIPHERFINAL_ERROR";
  852. if (!EVP_CipherFinal_ex(ctx, tmp + tmplen, &tmpflen))
  853. goto err;
  854. }
  855. err = "LENGTH_MISMATCH";
  856. if (out_len != (size_t)(tmplen + tmpflen))
  857. goto err;
  858. err = "VALUE_MISMATCH";
  859. if (check_output(t, out, tmp, out_len))
  860. goto err;
  861. if (enc && cdat->aead) {
  862. unsigned char rtag[16];
  863. if (cdat->tag_len > sizeof(rtag)) {
  864. err = "TAG_LENGTH_INTERNAL_ERROR";
  865. goto err;
  866. }
  867. if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG,
  868. cdat->tag_len, rtag)) {
  869. err = "TAG_RETRIEVE_ERROR";
  870. goto err;
  871. }
  872. if (check_output(t, cdat->tag, rtag, cdat->tag_len)) {
  873. err = "TAG_VALUE_MISMATCH";
  874. goto err;
  875. }
  876. }
  877. err = NULL;
  878. err:
  879. OPENSSL_free(tmp);
  880. EVP_CIPHER_CTX_free(ctx);
  881. t->err = err;
  882. return err ? 0 : 1;
  883. }
  884. static int cipher_test_run(struct evp_test *t)
  885. {
  886. struct cipher_data *cdat = t->data;
  887. int rv;
  888. if (!cdat->key) {
  889. t->err = "NO_KEY";
  890. return 0;
  891. }
  892. if (!cdat->iv && EVP_CIPHER_iv_length(cdat->cipher)) {
  893. /* IV is optional and usually omitted in wrap mode */
  894. if (EVP_CIPHER_mode(cdat->cipher) != EVP_CIPH_WRAP_MODE) {
  895. t->err = "NO_IV";
  896. return 0;
  897. }
  898. }
  899. if (cdat->aead && !cdat->tag) {
  900. t->err = "NO_TAG";
  901. return 0;
  902. }
  903. if (cdat->enc) {
  904. rv = cipher_test_enc(t, 1);
  905. /* Not fatal errors: return */
  906. if (rv != 1) {
  907. if (rv < 0)
  908. return 0;
  909. return 1;
  910. }
  911. }
  912. if (cdat->enc != 1) {
  913. rv = cipher_test_enc(t, 0);
  914. /* Not fatal errors: return */
  915. if (rv != 1) {
  916. if (rv < 0)
  917. return 0;
  918. return 1;
  919. }
  920. }
  921. return 1;
  922. }
  923. static const struct evp_test_method cipher_test_method = {
  924. "Cipher",
  925. cipher_test_init,
  926. cipher_test_cleanup,
  927. cipher_test_parse,
  928. cipher_test_run
  929. };
  930. struct mac_data {
  931. /* MAC type */
  932. int type;
  933. /* Algorithm string for this MAC */
  934. char *alg;
  935. /* MAC key */
  936. unsigned char *key;
  937. size_t key_len;
  938. /* Input to MAC */
  939. unsigned char *input;
  940. size_t input_len;
  941. /* Expected output */
  942. unsigned char *output;
  943. size_t output_len;
  944. };
  945. static int mac_test_init(struct evp_test *t, const char *alg)
  946. {
  947. int type;
  948. struct mac_data *mdat;
  949. if (strcmp(alg, "HMAC") == 0)
  950. type = EVP_PKEY_HMAC;
  951. else if (strcmp(alg, "CMAC") == 0)
  952. type = EVP_PKEY_CMAC;
  953. else
  954. return 0;
  955. mdat = OPENSSL_malloc(sizeof(*mdat));
  956. mdat->type = type;
  957. mdat->alg = NULL;
  958. mdat->key = NULL;
  959. mdat->input = NULL;
  960. mdat->output = NULL;
  961. t->data = mdat;
  962. return 1;
  963. }
  964. static void mac_test_cleanup(struct evp_test *t)
  965. {
  966. struct mac_data *mdat = t->data;
  967. test_free(mdat->alg);
  968. test_free(mdat->key);
  969. test_free(mdat->input);
  970. test_free(mdat->output);
  971. }
  972. static int mac_test_parse(struct evp_test *t,
  973. const char *keyword, const char *value)
  974. {
  975. struct mac_data *mdata = t->data;
  976. if (strcmp(keyword, "Key") == 0)
  977. return test_bin(value, &mdata->key, &mdata->key_len);
  978. if (strcmp(keyword, "Algorithm") == 0) {
  979. mdata->alg = OPENSSL_strdup(value);
  980. if (!mdata->alg)
  981. return 0;
  982. return 1;
  983. }
  984. if (strcmp(keyword, "Input") == 0)
  985. return test_bin(value, &mdata->input, &mdata->input_len);
  986. if (strcmp(keyword, "Output") == 0)
  987. return test_bin(value, &mdata->output, &mdata->output_len);
  988. return 0;
  989. }
  990. static int mac_test_run(struct evp_test *t)
  991. {
  992. struct mac_data *mdata = t->data;
  993. const char *err = "INTERNAL_ERROR";
  994. EVP_MD_CTX *mctx = NULL;
  995. EVP_PKEY_CTX *pctx = NULL, *genctx = NULL;
  996. EVP_PKEY *key = NULL;
  997. const EVP_MD *md = NULL;
  998. unsigned char *mac = NULL;
  999. size_t mac_len;
  1000. err = "MAC_PKEY_CTX_ERROR";
  1001. genctx = EVP_PKEY_CTX_new_id(mdata->type, NULL);
  1002. if (!genctx)
  1003. goto err;
  1004. err = "MAC_KEYGEN_INIT_ERROR";
  1005. if (EVP_PKEY_keygen_init(genctx) <= 0)
  1006. goto err;
  1007. if (mdata->type == EVP_PKEY_CMAC) {
  1008. err = "MAC_ALGORITHM_SET_ERROR";
  1009. if (EVP_PKEY_CTX_ctrl_str(genctx, "cipher", mdata->alg) <= 0)
  1010. goto err;
  1011. }
  1012. err = "MAC_KEY_SET_ERROR";
  1013. if (EVP_PKEY_CTX_set_mac_key(genctx, mdata->key, mdata->key_len) <= 0)
  1014. goto err;
  1015. err = "MAC_KEY_GENERATE_ERROR";
  1016. if (EVP_PKEY_keygen(genctx, &key) <= 0)
  1017. goto err;
  1018. if (mdata->type == EVP_PKEY_HMAC) {
  1019. err = "MAC_ALGORITHM_SET_ERROR";
  1020. md = EVP_get_digestbyname(mdata->alg);
  1021. if (!md)
  1022. goto err;
  1023. }
  1024. mctx = EVP_MD_CTX_new();
  1025. if (!mctx)
  1026. goto err;
  1027. err = "DIGESTSIGNINIT_ERROR";
  1028. if (!EVP_DigestSignInit(mctx, &pctx, md, NULL, key))
  1029. goto err;
  1030. err = "DIGESTSIGNUPDATE_ERROR";
  1031. if (!EVP_DigestSignUpdate(mctx, mdata->input, mdata->input_len))
  1032. goto err;
  1033. err = "DIGESTSIGNFINAL_LENGTH_ERROR";
  1034. if (!EVP_DigestSignFinal(mctx, NULL, &mac_len))
  1035. goto err;
  1036. mac = OPENSSL_malloc(mac_len);
  1037. if (!mac) {
  1038. fprintf(stderr, "Error allocating mac buffer!\n");
  1039. exit(1);
  1040. }
  1041. if (!EVP_DigestSignFinal(mctx, mac, &mac_len))
  1042. goto err;
  1043. err = "MAC_LENGTH_MISMATCH";
  1044. if (mac_len != mdata->output_len)
  1045. goto err;
  1046. err = "MAC_MISMATCH";
  1047. if (check_output(t, mdata->output, mac, mac_len))
  1048. goto err;
  1049. err = NULL;
  1050. err:
  1051. EVP_MD_CTX_free(mctx);
  1052. OPENSSL_free(mac);
  1053. EVP_PKEY_CTX_free(genctx);
  1054. EVP_PKEY_free(key);
  1055. t->err = err;
  1056. return 1;
  1057. }
  1058. static const struct evp_test_method mac_test_method = {
  1059. "MAC",
  1060. mac_test_init,
  1061. mac_test_cleanup,
  1062. mac_test_parse,
  1063. mac_test_run
  1064. };
  1065. /*
  1066. * Public key operations. These are all very similar and can share
  1067. * a lot of common code.
  1068. */
  1069. struct pkey_data {
  1070. /* Context for this operation */
  1071. EVP_PKEY_CTX *ctx;
  1072. /* Key operation to perform */
  1073. int (*keyop) (EVP_PKEY_CTX *ctx,
  1074. unsigned char *sig, size_t *siglen,
  1075. const unsigned char *tbs, size_t tbslen);
  1076. /* Input to MAC */
  1077. unsigned char *input;
  1078. size_t input_len;
  1079. /* Expected output */
  1080. unsigned char *output;
  1081. size_t output_len;
  1082. };
  1083. /*
  1084. * Perform public key operation setup: lookup key, allocated ctx and call
  1085. * the appropriate initialisation function
  1086. */
  1087. static int pkey_test_init(struct evp_test *t, const char *name,
  1088. int use_public,
  1089. int (*keyopinit) (EVP_PKEY_CTX *ctx),
  1090. int (*keyop) (EVP_PKEY_CTX *ctx,
  1091. unsigned char *sig, size_t *siglen,
  1092. const unsigned char *tbs,
  1093. size_t tbslen)
  1094. )
  1095. {
  1096. struct pkey_data *kdata;
  1097. EVP_PKEY *pkey = NULL;
  1098. int rv = 0;
  1099. if (use_public)
  1100. rv = find_key(&pkey, name, t->public);
  1101. if (!rv)
  1102. rv = find_key(&pkey, name, t->private);
  1103. if (!rv)
  1104. return 0;
  1105. if (!pkey) {
  1106. t->skip = 1;
  1107. return 1;
  1108. }
  1109. kdata = OPENSSL_malloc(sizeof(*kdata));
  1110. if (!kdata) {
  1111. EVP_PKEY_free(pkey);
  1112. return 0;
  1113. }
  1114. kdata->ctx = NULL;
  1115. kdata->input = NULL;
  1116. kdata->output = NULL;
  1117. kdata->keyop = keyop;
  1118. t->data = kdata;
  1119. kdata->ctx = EVP_PKEY_CTX_new(pkey, NULL);
  1120. if (!kdata->ctx)
  1121. return 0;
  1122. if (keyopinit(kdata->ctx) <= 0)
  1123. return 0;
  1124. return 1;
  1125. }
  1126. static void pkey_test_cleanup(struct evp_test *t)
  1127. {
  1128. struct pkey_data *kdata = t->data;
  1129. OPENSSL_free(kdata->input);
  1130. OPENSSL_free(kdata->output);
  1131. EVP_PKEY_CTX_free(kdata->ctx);
  1132. }
  1133. static int pkey_test_parse(struct evp_test *t,
  1134. const char *keyword, const char *value)
  1135. {
  1136. struct pkey_data *kdata = t->data;
  1137. if (strcmp(keyword, "Input") == 0)
  1138. return test_bin(value, &kdata->input, &kdata->input_len);
  1139. if (strcmp(keyword, "Output") == 0)
  1140. return test_bin(value, &kdata->output, &kdata->output_len);
  1141. if (strcmp(keyword, "Ctrl") == 0) {
  1142. char *p = strchr(value, ':');
  1143. if (p)
  1144. *p++ = 0;
  1145. if (EVP_PKEY_CTX_ctrl_str(kdata->ctx, value, p) <= 0)
  1146. return 0;
  1147. return 1;
  1148. }
  1149. return 0;
  1150. }
  1151. static int pkey_test_run(struct evp_test *t)
  1152. {
  1153. struct pkey_data *kdata = t->data;
  1154. unsigned char *out = NULL;
  1155. size_t out_len;
  1156. const char *err = "KEYOP_LENGTH_ERROR";
  1157. if (kdata->keyop(kdata->ctx, NULL, &out_len, kdata->input,
  1158. kdata->input_len) <= 0)
  1159. goto err;
  1160. out = OPENSSL_malloc(out_len);
  1161. if (!out) {
  1162. fprintf(stderr, "Error allocating output buffer!\n");
  1163. exit(1);
  1164. }
  1165. err = "KEYOP_ERROR";
  1166. if (kdata->keyop
  1167. (kdata->ctx, out, &out_len, kdata->input, kdata->input_len) <= 0)
  1168. goto err;
  1169. err = "KEYOP_LENGTH_MISMATCH";
  1170. if (out_len != kdata->output_len)
  1171. goto err;
  1172. err = "KEYOP_MISMATCH";
  1173. if (check_output(t, kdata->output, out, out_len))
  1174. goto err;
  1175. err = NULL;
  1176. err:
  1177. OPENSSL_free(out);
  1178. t->err = err;
  1179. return 1;
  1180. }
  1181. static int sign_test_init(struct evp_test *t, const char *name)
  1182. {
  1183. return pkey_test_init(t, name, 0, EVP_PKEY_sign_init, EVP_PKEY_sign);
  1184. }
  1185. static const struct evp_test_method psign_test_method = {
  1186. "Sign",
  1187. sign_test_init,
  1188. pkey_test_cleanup,
  1189. pkey_test_parse,
  1190. pkey_test_run
  1191. };
  1192. static int verify_recover_test_init(struct evp_test *t, const char *name)
  1193. {
  1194. return pkey_test_init(t, name, 1, EVP_PKEY_verify_recover_init,
  1195. EVP_PKEY_verify_recover);
  1196. }
  1197. static const struct evp_test_method pverify_recover_test_method = {
  1198. "VerifyRecover",
  1199. verify_recover_test_init,
  1200. pkey_test_cleanup,
  1201. pkey_test_parse,
  1202. pkey_test_run
  1203. };
  1204. static int decrypt_test_init(struct evp_test *t, const char *name)
  1205. {
  1206. return pkey_test_init(t, name, 0, EVP_PKEY_decrypt_init,
  1207. EVP_PKEY_decrypt);
  1208. }
  1209. static const struct evp_test_method pdecrypt_test_method = {
  1210. "Decrypt",
  1211. decrypt_test_init,
  1212. pkey_test_cleanup,
  1213. pkey_test_parse,
  1214. pkey_test_run
  1215. };
  1216. static int verify_test_init(struct evp_test *t, const char *name)
  1217. {
  1218. return pkey_test_init(t, name, 1, EVP_PKEY_verify_init, 0);
  1219. }
  1220. static int verify_test_run(struct evp_test *t)
  1221. {
  1222. struct pkey_data *kdata = t->data;
  1223. if (EVP_PKEY_verify(kdata->ctx, kdata->output, kdata->output_len,
  1224. kdata->input, kdata->input_len) <= 0)
  1225. t->err = "VERIFY_ERROR";
  1226. return 1;
  1227. }
  1228. static const struct evp_test_method pverify_test_method = {
  1229. "Verify",
  1230. verify_test_init,
  1231. pkey_test_cleanup,
  1232. pkey_test_parse,
  1233. verify_test_run
  1234. };
  1235. /* PBE tests */
  1236. #define PBE_TYPE_SCRYPT 1
  1237. #define PBE_TYPE_PBKDF2 2
  1238. #define PBE_TYPE_PKCS12 3
  1239. struct pbe_data {
  1240. int pbe_type;
  1241. /* scrypt parameters */
  1242. uint64_t N, r, p, maxmem;
  1243. /* PKCS#12 parameters */
  1244. int id, iter;
  1245. const EVP_MD *md;
  1246. /* password */
  1247. unsigned char *pass;
  1248. size_t pass_len;
  1249. /* salt */
  1250. unsigned char *salt;
  1251. size_t salt_len;
  1252. /* Expected output */
  1253. unsigned char *key;
  1254. size_t key_len;
  1255. };
  1256. #ifndef OPENSSL_NO_SCRYPT
  1257. static int scrypt_test_parse(struct evp_test *t,
  1258. const char *keyword, const char *value)
  1259. {
  1260. struct pbe_data *pdata = t->data;
  1261. if (strcmp(keyword, "N") == 0)
  1262. return test_uint64(value, &pdata->N);
  1263. if (strcmp(keyword, "p") == 0)
  1264. return test_uint64(value, &pdata->p);
  1265. if (strcmp(keyword, "r") == 0)
  1266. return test_uint64(value, &pdata->r);
  1267. if (strcmp(keyword, "maxmem") == 0)
  1268. return test_uint64(value, &pdata->maxmem);
  1269. return 0;
  1270. }
  1271. #endif
  1272. static int pbkdf2_test_parse(struct evp_test *t,
  1273. const char *keyword, const char *value)
  1274. {
  1275. struct pbe_data *pdata = t->data;
  1276. if (strcmp(keyword, "iter") == 0) {
  1277. pdata->iter = atoi(value);
  1278. if (pdata->iter <= 0)
  1279. return 0;
  1280. return 1;
  1281. }
  1282. if (strcmp(keyword, "MD") == 0) {
  1283. pdata->md = EVP_get_digestbyname(value);
  1284. if (pdata->md == NULL)
  1285. return 0;
  1286. return 1;
  1287. }
  1288. return 0;
  1289. }
  1290. static int pkcs12_test_parse(struct evp_test *t,
  1291. const char *keyword, const char *value)
  1292. {
  1293. struct pbe_data *pdata = t->data;
  1294. if (strcmp(keyword, "id") == 0) {
  1295. pdata->id = atoi(value);
  1296. if (pdata->id <= 0)
  1297. return 0;
  1298. return 1;
  1299. }
  1300. return pbkdf2_test_parse(t, keyword, value);
  1301. }
  1302. static int pbe_test_init(struct evp_test *t, const char *alg)
  1303. {
  1304. struct pbe_data *pdat;
  1305. int pbe_type = 0;
  1306. #ifndef OPENSSL_NO_SCRYPT
  1307. if (strcmp(alg, "scrypt") == 0)
  1308. pbe_type = PBE_TYPE_SCRYPT;
  1309. #endif
  1310. else if (strcmp(alg, "pbkdf2") == 0)
  1311. pbe_type = PBE_TYPE_PBKDF2;
  1312. else if (strcmp(alg, "pkcs12") == 0)
  1313. pbe_type = PBE_TYPE_PKCS12;
  1314. else
  1315. fprintf(stderr, "Unknown pbe algorithm %s\n", alg);
  1316. pdat = OPENSSL_malloc(sizeof(*pdat));
  1317. pdat->pbe_type = pbe_type;
  1318. pdat->pass = NULL;
  1319. pdat->salt = NULL;
  1320. pdat->N = 0;
  1321. pdat->r = 0;
  1322. pdat->p = 0;
  1323. pdat->maxmem = 0;
  1324. pdat->id = 0;
  1325. pdat->iter = 0;
  1326. pdat->md = NULL;
  1327. t->data = pdat;
  1328. return 1;
  1329. }
  1330. static void pbe_test_cleanup(struct evp_test *t)
  1331. {
  1332. struct pbe_data *pdat = t->data;
  1333. test_free(pdat->pass);
  1334. test_free(pdat->salt);
  1335. test_free(pdat->key);
  1336. }
  1337. static int pbe_test_parse(struct evp_test *t,
  1338. const char *keyword, const char *value)
  1339. {
  1340. struct pbe_data *pdata = t->data;
  1341. if (strcmp(keyword, "Password") == 0)
  1342. return test_bin(value, &pdata->pass, &pdata->pass_len);
  1343. if (strcmp(keyword, "Salt") == 0)
  1344. return test_bin(value, &pdata->salt, &pdata->salt_len);
  1345. if (strcmp(keyword, "Key") == 0)
  1346. return test_bin(value, &pdata->key, &pdata->key_len);
  1347. if (pdata->pbe_type == PBE_TYPE_PBKDF2)
  1348. return pbkdf2_test_parse(t, keyword, value);
  1349. else if (pdata->pbe_type == PBE_TYPE_PKCS12)
  1350. return pkcs12_test_parse(t, keyword, value);
  1351. #ifndef OPENSSL_NO_SCRYPT
  1352. else if (pdata->pbe_type == PBE_TYPE_SCRYPT)
  1353. return scrypt_test_parse(t, keyword, value);
  1354. #endif
  1355. return 0;
  1356. }
  1357. static int pbe_test_run(struct evp_test *t)
  1358. {
  1359. struct pbe_data *pdata = t->data;
  1360. const char *err = "INTERNAL_ERROR";
  1361. unsigned char *key;
  1362. key = OPENSSL_malloc(pdata->key_len);
  1363. if (!key)
  1364. goto err;
  1365. if (pdata->pbe_type == PBE_TYPE_PBKDF2) {
  1366. err = "PBKDF2_ERROR";
  1367. if (PKCS5_PBKDF2_HMAC((char *)pdata->pass, pdata->pass_len,
  1368. pdata->salt, pdata->salt_len,
  1369. pdata->iter, pdata->md,
  1370. pdata->key_len, key) == 0)
  1371. goto err;
  1372. #ifndef OPENSSL_NO_SCRYPT
  1373. } else if (pdata->pbe_type == PBE_TYPE_SCRYPT) {
  1374. err = "SCRYPT_ERROR";
  1375. if (EVP_PBE_scrypt((const char *)pdata->pass, pdata->pass_len,
  1376. pdata->salt, pdata->salt_len,
  1377. pdata->N, pdata->r, pdata->p, pdata->maxmem,
  1378. key, pdata->key_len) == 0)
  1379. goto err;
  1380. #endif
  1381. } else if (pdata->pbe_type == PBE_TYPE_PKCS12) {
  1382. err = "PKCS12_ERROR";
  1383. if (PKCS12_key_gen_uni(pdata->pass, pdata->pass_len,
  1384. pdata->salt, pdata->salt_len,
  1385. pdata->id, pdata->iter, pdata->key_len,
  1386. key, pdata->md) == 0)
  1387. goto err;
  1388. }
  1389. err = "KEY_MISMATCH";
  1390. if (check_output(t, pdata->key, key, pdata->key_len))
  1391. goto err;
  1392. err = NULL;
  1393. err:
  1394. OPENSSL_free(key);
  1395. t->err = err;
  1396. return 1;
  1397. }
  1398. static const struct evp_test_method pbe_test_method = {
  1399. "PBE",
  1400. pbe_test_init,
  1401. pbe_test_cleanup,
  1402. pbe_test_parse,
  1403. pbe_test_run
  1404. };
  1405. /* Base64 tests */
  1406. typedef enum {
  1407. BASE64_CANONICAL_ENCODING = 0,
  1408. BASE64_VALID_ENCODING = 1,
  1409. BASE64_INVALID_ENCODING = 2
  1410. } base64_encoding_type;
  1411. struct encode_data {
  1412. /* Input to encoding */
  1413. unsigned char *input;
  1414. size_t input_len;
  1415. /* Expected output */
  1416. unsigned char *output;
  1417. size_t output_len;
  1418. base64_encoding_type encoding;
  1419. };
  1420. static int encode_test_init(struct evp_test *t, const char *encoding)
  1421. {
  1422. struct encode_data *edata = OPENSSL_zalloc(sizeof(*edata));
  1423. if (strcmp(encoding, "canonical") == 0) {
  1424. edata->encoding = BASE64_CANONICAL_ENCODING;
  1425. } else if (strcmp(encoding, "valid") == 0) {
  1426. edata->encoding = BASE64_VALID_ENCODING;
  1427. } else if (strcmp(encoding, "invalid") == 0) {
  1428. edata->encoding = BASE64_INVALID_ENCODING;
  1429. t->expected_err = OPENSSL_strdup("DECODE_ERROR");
  1430. if (t->expected_err == NULL)
  1431. return 0;
  1432. } else {
  1433. fprintf(stderr, "Bad encoding: %s. Should be one of "
  1434. "{canonical, valid, invalid}\n", encoding);
  1435. return 0;
  1436. }
  1437. t->data = edata;
  1438. return 1;
  1439. }
  1440. static void encode_test_cleanup(struct evp_test *t)
  1441. {
  1442. struct encode_data *edata = t->data;
  1443. test_free(edata->input);
  1444. test_free(edata->output);
  1445. memset(edata, 0, sizeof(*edata));
  1446. }
  1447. static int encode_test_parse(struct evp_test *t,
  1448. const char *keyword, const char *value)
  1449. {
  1450. struct encode_data *edata = t->data;
  1451. if (strcmp(keyword, "Input") == 0)
  1452. return test_bin(value, &edata->input, &edata->input_len);
  1453. if (strcmp(keyword, "Output") == 0)
  1454. return test_bin(value, &edata->output, &edata->output_len);
  1455. return 0;
  1456. }
  1457. static int encode_test_run(struct evp_test *t)
  1458. {
  1459. struct encode_data *edata = t->data;
  1460. unsigned char *encode_out = NULL, *decode_out = NULL;
  1461. int output_len, chunk_len;
  1462. const char *err = "INTERNAL_ERROR";
  1463. EVP_ENCODE_CTX *decode_ctx = EVP_ENCODE_CTX_new();
  1464. if (decode_ctx == NULL)
  1465. goto err;
  1466. if (edata->encoding == BASE64_CANONICAL_ENCODING) {
  1467. EVP_ENCODE_CTX *encode_ctx = EVP_ENCODE_CTX_new();
  1468. if (encode_ctx == NULL)
  1469. goto err;
  1470. encode_out = OPENSSL_malloc(EVP_ENCODE_LENGTH(edata->input_len));
  1471. if (encode_out == NULL)
  1472. goto err;
  1473. EVP_EncodeInit(encode_ctx);
  1474. EVP_EncodeUpdate(encode_ctx, encode_out, &chunk_len,
  1475. edata->input, edata->input_len);
  1476. output_len = chunk_len;
  1477. EVP_EncodeFinal(encode_ctx, encode_out + chunk_len, &chunk_len);
  1478. output_len += chunk_len;
  1479. EVP_ENCODE_CTX_free(encode_ctx);
  1480. if (check_var_length_output(t, edata->output, edata->output_len,
  1481. encode_out, output_len)) {
  1482. err = "BAD_ENCODING";
  1483. goto err;
  1484. }
  1485. }
  1486. decode_out = OPENSSL_malloc(EVP_DECODE_LENGTH(edata->output_len));
  1487. if (decode_out == NULL)
  1488. goto err;
  1489. EVP_DecodeInit(decode_ctx);
  1490. if (EVP_DecodeUpdate(decode_ctx, decode_out, &chunk_len, edata->output,
  1491. edata->output_len) < 0) {
  1492. err = "DECODE_ERROR";
  1493. goto err;
  1494. }
  1495. output_len = chunk_len;
  1496. if (EVP_DecodeFinal(decode_ctx, decode_out + chunk_len, &chunk_len) != 1) {
  1497. err = "DECODE_ERROR";
  1498. goto err;
  1499. }
  1500. output_len += chunk_len;
  1501. if (edata->encoding != BASE64_INVALID_ENCODING &&
  1502. check_var_length_output(t, edata->input, edata->input_len,
  1503. decode_out, output_len)) {
  1504. err = "BAD_DECODING";
  1505. goto err;
  1506. }
  1507. err = NULL;
  1508. err:
  1509. t->err = err;
  1510. OPENSSL_free(encode_out);
  1511. OPENSSL_free(decode_out);
  1512. EVP_ENCODE_CTX_free(decode_ctx);
  1513. return 1;
  1514. }
  1515. static const struct evp_test_method encode_test_method = {
  1516. "Encoding",
  1517. encode_test_init,
  1518. encode_test_cleanup,
  1519. encode_test_parse,
  1520. encode_test_run,
  1521. };
  1522. /*
  1523. * KDF operations: initially just TLS1 PRF but can be adapted.
  1524. */
  1525. struct kdf_data {
  1526. /* Context for this operation */
  1527. EVP_PKEY_CTX *ctx;
  1528. /* Expected output */
  1529. unsigned char *output;
  1530. size_t output_len;
  1531. };
  1532. /*
  1533. * Perform public key operation setup: lookup key, allocated ctx and call
  1534. * the appropriate initialisation function
  1535. */
  1536. static int kdf_test_init(struct evp_test *t, const char *name)
  1537. {
  1538. struct kdf_data *kdata;
  1539. kdata = OPENSSL_malloc(sizeof(*kdata));
  1540. if (kdata == NULL)
  1541. return 0;
  1542. kdata->ctx = NULL;
  1543. kdata->output = NULL;
  1544. t->data = kdata;
  1545. kdata->ctx = EVP_PKEY_CTX_new_id(OBJ_sn2nid(name), NULL);
  1546. if (kdata->ctx == NULL)
  1547. return 0;
  1548. if (EVP_PKEY_derive_init(kdata->ctx) <= 0)
  1549. return 0;
  1550. return 1;
  1551. }
  1552. static void kdf_test_cleanup(struct evp_test *t)
  1553. {
  1554. struct kdf_data *kdata = t->data;
  1555. OPENSSL_free(kdata->output);
  1556. EVP_PKEY_CTX_free(kdata->ctx);
  1557. }
  1558. static int kdf_ctrl(EVP_PKEY_CTX *ctx, int op, const char *value)
  1559. {
  1560. unsigned char *buf = NULL;
  1561. size_t buf_len;
  1562. int rv = 0;
  1563. if (test_bin(value, &buf, &buf_len) == 0)
  1564. return 0;
  1565. if (EVP_PKEY_CTX_ctrl(ctx, -1, -1, op, buf_len, buf) <= 0)
  1566. goto err;
  1567. rv = 1;
  1568. err:
  1569. OPENSSL_free(buf);
  1570. return rv;
  1571. }
  1572. static int kdf_test_parse(struct evp_test *t,
  1573. const char *keyword, const char *value)
  1574. {
  1575. struct kdf_data *kdata = t->data;
  1576. if (strcmp(keyword, "Output") == 0)
  1577. return test_bin(value, &kdata->output, &kdata->output_len);
  1578. else if (strcmp(keyword, "MD") == 0) {
  1579. const EVP_MD *md = EVP_get_digestbyname(value);
  1580. if (md == NULL)
  1581. return 0;
  1582. if (EVP_PKEY_CTX_set_tls1_prf_md(kdata->ctx, md) <= 0)
  1583. return 0;
  1584. return 1;
  1585. } else if (strcmp(keyword, "Secret") == 0) {
  1586. return kdf_ctrl(kdata->ctx, EVP_PKEY_CTRL_TLS_SECRET, value);
  1587. } else if (strncmp("Seed", keyword, 4) == 0) {
  1588. return kdf_ctrl(kdata->ctx, EVP_PKEY_CTRL_TLS_SEED, value);
  1589. }
  1590. return 0;
  1591. }
  1592. static int kdf_test_run(struct evp_test *t)
  1593. {
  1594. struct kdf_data *kdata = t->data;
  1595. unsigned char *out = NULL;
  1596. size_t out_len = kdata->output_len;
  1597. const char *err = "INTERNAL_ERROR";
  1598. out = OPENSSL_malloc(out_len);
  1599. if (!out) {
  1600. fprintf(stderr, "Error allocating output buffer!\n");
  1601. exit(1);
  1602. }
  1603. err = "KDF_DERIVE_ERROR";
  1604. if (EVP_PKEY_derive(kdata->ctx, out, &out_len) <= 0)
  1605. goto err;
  1606. err = "KDF_LENGTH_MISMATCH";
  1607. if (out_len != kdata->output_len)
  1608. goto err;
  1609. err = "KDF_MISMATCH";
  1610. if (check_output(t, kdata->output, out, out_len))
  1611. goto err;
  1612. err = NULL;
  1613. err:
  1614. OPENSSL_free(out);
  1615. t->err = err;
  1616. return 1;
  1617. }
  1618. static const struct evp_test_method kdf_test_method = {
  1619. "KDF",
  1620. kdf_test_init,
  1621. kdf_test_cleanup,
  1622. kdf_test_parse,
  1623. kdf_test_run
  1624. };