self_test_kats.c 21 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725
  1. /*
  2. * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. #include <string.h>
  10. #include <openssl/evp.h>
  11. #include <openssl/kdf.h>
  12. #include <openssl/core_names.h>
  13. #include <openssl/param_build.h>
  14. #include "internal/cryptlib.h"
  15. #include "internal/nelem.h"
  16. #include "self_test.h"
  17. #include "self_test_data.inc"
  18. static int self_test_digest(const ST_KAT_DIGEST *t, OSSL_SELF_TEST *st,
  19. OSSL_LIB_CTX *libctx)
  20. {
  21. int ok = 0;
  22. unsigned char out[EVP_MAX_MD_SIZE];
  23. unsigned int out_len = 0;
  24. EVP_MD_CTX *ctx = EVP_MD_CTX_new();
  25. EVP_MD *md = EVP_MD_fetch(libctx, t->algorithm, NULL);
  26. OSSL_SELF_TEST_onbegin(st, OSSL_SELF_TEST_TYPE_KAT_DIGEST, t->desc);
  27. if (ctx == NULL
  28. || md == NULL
  29. || !EVP_DigestInit_ex(ctx, md, NULL)
  30. || !EVP_DigestUpdate(ctx, t->pt, t->pt_len)
  31. || !EVP_DigestFinal(ctx, out, &out_len))
  32. goto err;
  33. /* Optional corruption */
  34. OSSL_SELF_TEST_oncorrupt_byte(st, out);
  35. if (out_len != t->expected_len
  36. || memcmp(out, t->expected, out_len) != 0)
  37. goto err;
  38. ok = 1;
  39. err:
  40. EVP_MD_free(md);
  41. EVP_MD_CTX_free(ctx);
  42. OSSL_SELF_TEST_onend(st, ok);
  43. return ok;
  44. }
  45. /*
  46. * Helper function to setup a EVP_CipherInit
  47. * Used to hide the complexity of Authenticated ciphers.
  48. */
  49. static int cipher_init(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
  50. const ST_KAT_CIPHER *t, int enc)
  51. {
  52. unsigned char *in_tag = NULL;
  53. int pad = 0, tmp;
  54. /* Flag required for Key wrapping */
  55. EVP_CIPHER_CTX_set_flags(ctx, EVP_CIPHER_CTX_FLAG_WRAP_ALLOW);
  56. if (t->tag == NULL) {
  57. /* Use a normal cipher init */
  58. return EVP_CipherInit_ex(ctx, cipher, NULL, t->key, t->iv, enc)
  59. && EVP_CIPHER_CTX_set_padding(ctx, pad);
  60. }
  61. /* The authenticated cipher init */
  62. if (!enc)
  63. in_tag = (unsigned char *)t->tag;
  64. return EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc)
  65. && (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, t->iv_len, NULL) > 0)
  66. && (in_tag == NULL
  67. || EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, t->tag_len,
  68. in_tag) > 0)
  69. && EVP_CipherInit_ex(ctx, NULL, NULL, t->key, t->iv, enc)
  70. && EVP_CIPHER_CTX_set_padding(ctx, pad)
  71. && EVP_CipherUpdate(ctx, NULL, &tmp, t->aad, t->aad_len);
  72. }
  73. /* Test a single KAT for encrypt/decrypt */
  74. static int self_test_cipher(const ST_KAT_CIPHER *t, OSSL_SELF_TEST *st,
  75. OSSL_LIB_CTX *libctx)
  76. {
  77. int ret = 0, encrypt = 1, len = 0, ct_len = 0, pt_len = 0;
  78. EVP_CIPHER_CTX *ctx = NULL;
  79. EVP_CIPHER *cipher = NULL;
  80. unsigned char ct_buf[256] = { 0 };
  81. unsigned char pt_buf[256] = { 0 };
  82. OSSL_SELF_TEST_onbegin(st, OSSL_SELF_TEST_TYPE_KAT_CIPHER, t->base.desc);
  83. ctx = EVP_CIPHER_CTX_new();
  84. if (ctx == NULL)
  85. goto err;
  86. cipher = EVP_CIPHER_fetch(libctx, t->base.algorithm, NULL);
  87. if (cipher == NULL)
  88. goto err;
  89. /* Encrypt plain text message */
  90. if ((t->mode & CIPHER_MODE_ENCRYPT) != 0) {
  91. if (!cipher_init(ctx, cipher, t, encrypt)
  92. || !EVP_CipherUpdate(ctx, ct_buf, &len, t->base.pt,
  93. t->base.pt_len)
  94. || !EVP_CipherFinal_ex(ctx, ct_buf + len, &ct_len))
  95. goto err;
  96. OSSL_SELF_TEST_oncorrupt_byte(st, ct_buf);
  97. ct_len += len;
  98. if (ct_len != (int)t->base.expected_len
  99. || memcmp(t->base.expected, ct_buf, ct_len) != 0)
  100. goto err;
  101. if (t->tag != NULL) {
  102. unsigned char tag[16] = { 0 };
  103. if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, t->tag_len,
  104. tag) <= 0
  105. || memcmp(tag, t->tag, t->tag_len) != 0)
  106. goto err;
  107. }
  108. }
  109. /* Decrypt cipher text */
  110. if ((t->mode & CIPHER_MODE_DECRYPT) != 0) {
  111. if (!(cipher_init(ctx, cipher, t, !encrypt)
  112. && EVP_CipherUpdate(ctx, pt_buf, &len,
  113. t->base.expected, t->base.expected_len)
  114. && EVP_CipherFinal_ex(ctx, pt_buf + len, &pt_len)))
  115. goto err;
  116. OSSL_SELF_TEST_oncorrupt_byte(st, pt_buf);
  117. pt_len += len;
  118. if (pt_len != (int)t->base.pt_len
  119. || memcmp(pt_buf, t->base.pt, pt_len) != 0)
  120. goto err;
  121. }
  122. ret = 1;
  123. err:
  124. EVP_CIPHER_free(cipher);
  125. EVP_CIPHER_CTX_free(ctx);
  126. OSSL_SELF_TEST_onend(st, ret);
  127. return ret;
  128. }
  129. static int add_params(OSSL_PARAM_BLD *bld, const ST_KAT_PARAM *params,
  130. BN_CTX *ctx)
  131. {
  132. int ret = 0;
  133. const ST_KAT_PARAM *p;
  134. if (params == NULL)
  135. return 1;
  136. for (p = params; p->data != NULL; ++p)
  137. {
  138. switch (p->type) {
  139. case OSSL_PARAM_UNSIGNED_INTEGER: {
  140. BIGNUM *bn = BN_CTX_get(ctx);
  141. if (bn == NULL
  142. || (BN_bin2bn(p->data, p->data_len, bn) == NULL)
  143. || !OSSL_PARAM_BLD_push_BN(bld, p->name, bn))
  144. goto err;
  145. break;
  146. }
  147. case OSSL_PARAM_UTF8_STRING: {
  148. if (!OSSL_PARAM_BLD_push_utf8_string(bld, p->name, p->data,
  149. p->data_len))
  150. goto err;
  151. break;
  152. }
  153. case OSSL_PARAM_OCTET_STRING: {
  154. if (!OSSL_PARAM_BLD_push_octet_string(bld, p->name, p->data,
  155. p->data_len))
  156. goto err;
  157. break;
  158. }
  159. case OSSL_PARAM_INTEGER: {
  160. if (!OSSL_PARAM_BLD_push_int(bld, p->name, *(int *)p->data))
  161. goto err;
  162. break;
  163. }
  164. default:
  165. break;
  166. }
  167. }
  168. ret = 1;
  169. err:
  170. return ret;
  171. }
  172. static int self_test_kdf(const ST_KAT_KDF *t, OSSL_SELF_TEST *st,
  173. OSSL_LIB_CTX *libctx)
  174. {
  175. int ret = 0;
  176. unsigned char out[128];
  177. EVP_KDF *kdf = NULL;
  178. EVP_KDF_CTX *ctx = NULL;
  179. BN_CTX *bnctx = NULL;
  180. OSSL_PARAM *params = NULL;
  181. OSSL_PARAM_BLD *bld = NULL;
  182. OSSL_SELF_TEST_onbegin(st, OSSL_SELF_TEST_TYPE_KAT_KDF, t->desc);
  183. bld = OSSL_PARAM_BLD_new();
  184. if (bld == NULL)
  185. goto err;
  186. kdf = EVP_KDF_fetch(libctx, t->algorithm, "");
  187. if (kdf == NULL)
  188. goto err;
  189. ctx = EVP_KDF_CTX_new(kdf);
  190. if (ctx == NULL)
  191. goto err;
  192. bnctx = BN_CTX_new_ex(libctx);
  193. if (bnctx == NULL)
  194. goto err;
  195. if (!add_params(bld, t->params, bnctx))
  196. goto err;
  197. params = OSSL_PARAM_BLD_to_param(bld);
  198. if (params == NULL)
  199. goto err;
  200. if (t->expected_len > sizeof(out))
  201. goto err;
  202. if (EVP_KDF_derive(ctx, out, t->expected_len, params) <= 0)
  203. goto err;
  204. OSSL_SELF_TEST_oncorrupt_byte(st, out);
  205. if (memcmp(out, t->expected, t->expected_len) != 0)
  206. goto err;
  207. ret = 1;
  208. err:
  209. EVP_KDF_free(kdf);
  210. EVP_KDF_CTX_free(ctx);
  211. BN_CTX_free(bnctx);
  212. OSSL_PARAM_free(params);
  213. OSSL_PARAM_BLD_free(bld);
  214. OSSL_SELF_TEST_onend(st, ret);
  215. return ret;
  216. }
  217. static int self_test_drbg(const ST_KAT_DRBG *t, OSSL_SELF_TEST *st,
  218. OSSL_LIB_CTX *libctx)
  219. {
  220. int ret = 0;
  221. unsigned char out[256];
  222. EVP_RAND *rand;
  223. EVP_RAND_CTX *test = NULL, *drbg = NULL;
  224. unsigned int strength = 256;
  225. int prediction_resistance = 1; /* Causes a reseed */
  226. OSSL_PARAM drbg_params[3] = {
  227. OSSL_PARAM_END, OSSL_PARAM_END, OSSL_PARAM_END
  228. };
  229. OSSL_SELF_TEST_onbegin(st, OSSL_SELF_TEST_TYPE_DRBG, t->desc);
  230. rand = EVP_RAND_fetch(libctx, "TEST-RAND", NULL);
  231. if (rand == NULL)
  232. goto err;
  233. test = EVP_RAND_CTX_new(rand, NULL);
  234. EVP_RAND_free(rand);
  235. if (test == NULL)
  236. goto err;
  237. drbg_params[0] = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_STRENGTH,
  238. &strength);
  239. if (!EVP_RAND_CTX_set_params(test, drbg_params))
  240. goto err;
  241. rand = EVP_RAND_fetch(libctx, t->algorithm, NULL);
  242. if (rand == NULL)
  243. goto err;
  244. drbg = EVP_RAND_CTX_new(rand, test);
  245. EVP_RAND_free(rand);
  246. if (drbg == NULL)
  247. goto err;
  248. strength = EVP_RAND_get_strength(drbg);
  249. drbg_params[0] = OSSL_PARAM_construct_utf8_string(t->param_name,
  250. t->param_value, 0);
  251. /* This is only used by HMAC-DRBG but it is ignored by the others */
  252. drbg_params[1] =
  253. OSSL_PARAM_construct_utf8_string(OSSL_DRBG_PARAM_MAC, "HMAC", 0);
  254. if (!EVP_RAND_CTX_set_params(drbg, drbg_params))
  255. goto err;
  256. drbg_params[0] =
  257. OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY,
  258. (void *)t->entropyin,
  259. t->entropyinlen);
  260. drbg_params[1] =
  261. OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_NONCE,
  262. (void *)t->nonce, t->noncelen);
  263. if (!EVP_RAND_instantiate(test, strength, 0, NULL, 0, drbg_params))
  264. goto err;
  265. if (!EVP_RAND_instantiate(drbg, strength, 0, t->persstr, t->persstrlen,
  266. NULL))
  267. goto err;
  268. drbg_params[0] =
  269. OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY,
  270. (void *)t->entropyinpr1,
  271. t->entropyinpr1len);
  272. if (!EVP_RAND_CTX_set_params(test, drbg_params))
  273. goto err;
  274. if (!EVP_RAND_generate(drbg, out, t->expectedlen, strength,
  275. prediction_resistance,
  276. t->entropyaddin1, t->entropyaddin1len))
  277. goto err;
  278. drbg_params[0] =
  279. OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY,
  280. (void *)t->entropyinpr2,
  281. t->entropyinpr2len);
  282. if (!EVP_RAND_CTX_set_params(test, drbg_params))
  283. goto err;
  284. /*
  285. * This calls ossl_prov_drbg_reseed() internally when
  286. * prediction_resistance = 1
  287. */
  288. if (!EVP_RAND_generate(drbg, out, t->expectedlen, strength,
  289. prediction_resistance,
  290. t->entropyaddin2, t->entropyaddin2len))
  291. goto err;
  292. OSSL_SELF_TEST_oncorrupt_byte(st, out);
  293. if (memcmp(out, t->expected, t->expectedlen) != 0)
  294. goto err;
  295. if (!EVP_RAND_uninstantiate(drbg))
  296. goto err;
  297. /*
  298. * Check that the DRBG data has been zeroized after
  299. * ossl_prov_drbg_uninstantiate.
  300. */
  301. if (!EVP_RAND_verify_zeroization(drbg))
  302. goto err;
  303. ret = 1;
  304. err:
  305. EVP_RAND_CTX_free(drbg);
  306. EVP_RAND_CTX_free(test);
  307. OSSL_SELF_TEST_onend(st, ret);
  308. return ret;
  309. }
  310. #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)
  311. static int self_test_ka(const ST_KAT_KAS *t,
  312. OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx)
  313. {
  314. int ret = 0;
  315. EVP_PKEY_CTX *kactx = NULL, *dctx = NULL;
  316. EVP_PKEY *pkey = NULL, *peerkey = NULL;
  317. OSSL_PARAM *params = NULL;
  318. OSSL_PARAM *params_peer = NULL;
  319. unsigned char secret[256];
  320. size_t secret_len = sizeof(secret);
  321. OSSL_PARAM_BLD *bld = NULL;
  322. BN_CTX *bnctx = NULL;
  323. OSSL_SELF_TEST_onbegin(st, OSSL_SELF_TEST_TYPE_KAT_KA, t->desc);
  324. bnctx = BN_CTX_new_ex(libctx);
  325. if (bnctx == NULL)
  326. goto err;
  327. bld = OSSL_PARAM_BLD_new();
  328. if (bld == NULL)
  329. goto err;
  330. if (!add_params(bld, t->key_group, bnctx)
  331. || !add_params(bld, t->key_host_data, bnctx))
  332. goto err;
  333. params = OSSL_PARAM_BLD_to_param(bld);
  334. if (!add_params(bld, t->key_group, bnctx)
  335. || !add_params(bld, t->key_peer_data, bnctx))
  336. goto err;
  337. params_peer = OSSL_PARAM_BLD_to_param(bld);
  338. if (params == NULL || params_peer == NULL)
  339. goto err;
  340. /* Create a EVP_PKEY_CTX to load the DH keys into */
  341. kactx = EVP_PKEY_CTX_new_from_name(libctx, t->algorithm, "");
  342. if (kactx == NULL)
  343. goto err;
  344. if (EVP_PKEY_fromdata_init(kactx) <= 0
  345. || EVP_PKEY_fromdata(kactx, &pkey, EVP_PKEY_KEYPAIR, params) <= 0)
  346. goto err;
  347. if (EVP_PKEY_fromdata_init(kactx) <= 0
  348. || EVP_PKEY_fromdata(kactx, &peerkey, EVP_PKEY_KEYPAIR, params_peer) <= 0)
  349. goto err;
  350. /* Create a EVP_PKEY_CTX to perform key derivation */
  351. dctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, NULL);
  352. if (dctx == NULL)
  353. goto err;
  354. if (EVP_PKEY_derive_init(dctx) <= 0
  355. || EVP_PKEY_derive_set_peer(dctx, peerkey) <= 0
  356. || EVP_PKEY_derive(dctx, secret, &secret_len) <= 0)
  357. goto err;
  358. OSSL_SELF_TEST_oncorrupt_byte(st, secret);
  359. if (secret_len != t->expected_len
  360. || memcmp(secret, t->expected, t->expected_len) != 0)
  361. goto err;
  362. ret = 1;
  363. err:
  364. BN_CTX_free(bnctx);
  365. EVP_PKEY_free(pkey);
  366. EVP_PKEY_free(peerkey);
  367. EVP_PKEY_CTX_free(kactx);
  368. EVP_PKEY_CTX_free(dctx);
  369. OSSL_PARAM_free(params_peer);
  370. OSSL_PARAM_free(params);
  371. OSSL_PARAM_BLD_free(bld);
  372. OSSL_SELF_TEST_onend(st, ret);
  373. return ret;
  374. }
  375. #endif /* !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC) */
  376. static int self_test_sign(const ST_KAT_SIGN *t,
  377. OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx)
  378. {
  379. int ret = 0;
  380. OSSL_PARAM *params = NULL, *params_sig = NULL;
  381. OSSL_PARAM_BLD *bld = NULL;
  382. EVP_PKEY_CTX *sctx = NULL, *kctx = NULL;
  383. EVP_PKEY *pkey = NULL;
  384. unsigned char sig[256];
  385. BN_CTX *bnctx = NULL;
  386. size_t siglen = sizeof(sig);
  387. static const unsigned char dgst[] = {
  388. 0x7f, 0x83, 0xb1, 0x65, 0x7f, 0xf1, 0xfc, 0x53, 0xb9, 0x2d, 0xc1, 0x81,
  389. 0x48, 0xa1, 0xd6, 0x5d, 0xfc, 0x2d, 0x4b, 0x1f, 0xa3, 0xd6, 0x77, 0x28,
  390. 0x4a, 0xdd, 0xd2, 0x00, 0x12, 0x6d, 0x90, 0x69
  391. };
  392. const char *typ = OSSL_SELF_TEST_TYPE_KAT_SIGNATURE;
  393. if (t->sig_expected == NULL)
  394. typ = OSSL_SELF_TEST_TYPE_PCT_SIGNATURE;
  395. OSSL_SELF_TEST_onbegin(st, typ, t->desc);
  396. bnctx = BN_CTX_new_ex(libctx);
  397. if (bnctx == NULL)
  398. goto err;
  399. bld = OSSL_PARAM_BLD_new();
  400. if (bld == NULL)
  401. goto err;
  402. if (!add_params(bld, t->key, bnctx))
  403. goto err;
  404. params = OSSL_PARAM_BLD_to_param(bld);
  405. /* Create a EVP_PKEY_CTX to load the DSA key into */
  406. kctx = EVP_PKEY_CTX_new_from_name(libctx, t->algorithm, "");
  407. if (kctx == NULL || params == NULL)
  408. goto err;
  409. if (EVP_PKEY_fromdata_init(kctx) <= 0
  410. || EVP_PKEY_fromdata(kctx, &pkey, EVP_PKEY_KEYPAIR, params) <= 0)
  411. goto err;
  412. /* Create a EVP_PKEY_CTX to use for the signing operation */
  413. sctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, NULL);
  414. if (sctx == NULL
  415. || EVP_PKEY_sign_init(sctx) <= 0)
  416. goto err;
  417. /* set signature parameters */
  418. if (!OSSL_PARAM_BLD_push_utf8_string(bld, OSSL_SIGNATURE_PARAM_DIGEST,
  419. t->mdalgorithm,
  420. strlen(t->mdalgorithm) + 1))
  421. goto err;
  422. params_sig = OSSL_PARAM_BLD_to_param(bld);
  423. if (EVP_PKEY_CTX_set_params(sctx, params_sig) <= 0)
  424. goto err;
  425. if (EVP_PKEY_sign(sctx, sig, &siglen, dgst, sizeof(dgst)) <= 0
  426. || EVP_PKEY_verify_init(sctx) <= 0
  427. || EVP_PKEY_CTX_set_params(sctx, params_sig) <= 0)
  428. goto err;
  429. /*
  430. * Used by RSA, for other key types where the signature changes, we
  431. * can only use the verify.
  432. */
  433. if (t->sig_expected != NULL
  434. && (siglen != t->sig_expected_len
  435. || memcmp(sig, t->sig_expected, t->sig_expected_len) != 0))
  436. goto err;
  437. OSSL_SELF_TEST_oncorrupt_byte(st, sig);
  438. if (EVP_PKEY_verify(sctx, sig, siglen, dgst, sizeof(dgst)) <= 0)
  439. goto err;
  440. ret = 1;
  441. err:
  442. BN_CTX_free(bnctx);
  443. EVP_PKEY_free(pkey);
  444. EVP_PKEY_CTX_free(kctx);
  445. EVP_PKEY_CTX_free(sctx);
  446. OSSL_PARAM_free(params);
  447. OSSL_PARAM_free(params_sig);
  448. OSSL_PARAM_BLD_free(bld);
  449. OSSL_SELF_TEST_onend(st, ret);
  450. return ret;
  451. }
  452. /*
  453. * Test an encrypt or decrypt KAT..
  454. *
  455. * FIPS 140-2 IG D.9 states that separate KAT tests are needed for encrypt
  456. * and decrypt..
  457. */
  458. static int self_test_asym_cipher(const ST_KAT_ASYM_CIPHER *t, OSSL_SELF_TEST *st,
  459. OSSL_LIB_CTX *libctx)
  460. {
  461. int ret = 0;
  462. OSSL_PARAM *keyparams = NULL, *initparams = NULL;
  463. OSSL_PARAM_BLD *keybld = NULL, *initbld = NULL;
  464. EVP_PKEY_CTX *encctx = NULL, *keyctx = NULL;
  465. EVP_PKEY *key = NULL;
  466. BN_CTX *bnctx = NULL;
  467. unsigned char out[256];
  468. size_t outlen = sizeof(out);
  469. OSSL_SELF_TEST_onbegin(st, OSSL_SELF_TEST_TYPE_KAT_ASYM_CIPHER, t->desc);
  470. bnctx = BN_CTX_new_ex(libctx);
  471. if (bnctx == NULL)
  472. goto err;
  473. /* Load a public or private key from data */
  474. keybld = OSSL_PARAM_BLD_new();
  475. if (keybld == NULL
  476. || !add_params(keybld, t->key, bnctx))
  477. goto err;
  478. keyparams = OSSL_PARAM_BLD_to_param(keybld);
  479. keyctx = EVP_PKEY_CTX_new_from_name(libctx, t->algorithm, NULL);
  480. if (keyctx == NULL || keyparams == NULL)
  481. goto err;
  482. if (EVP_PKEY_fromdata_init(keyctx) <= 0
  483. || EVP_PKEY_fromdata(keyctx, &key, EVP_PKEY_KEYPAIR, keyparams) <= 0)
  484. goto err;
  485. /* Create a EVP_PKEY_CTX to use for the encrypt or decrypt operation */
  486. encctx = EVP_PKEY_CTX_new_from_pkey(libctx, key, NULL);
  487. if (encctx == NULL
  488. || (t->encrypt && EVP_PKEY_encrypt_init(encctx) <= 0)
  489. || (!t->encrypt && EVP_PKEY_decrypt_init(encctx) <= 0))
  490. goto err;
  491. /* Add any additional parameters such as padding */
  492. if (t->postinit != NULL) {
  493. initbld = OSSL_PARAM_BLD_new();
  494. if (initbld == NULL)
  495. goto err;
  496. if (!add_params(initbld, t->postinit, bnctx))
  497. goto err;
  498. initparams = OSSL_PARAM_BLD_to_param(initbld);
  499. if (initparams == NULL)
  500. goto err;
  501. if (EVP_PKEY_CTX_set_params(encctx, initparams) <= 0)
  502. goto err;
  503. }
  504. if (t->encrypt) {
  505. if (EVP_PKEY_encrypt(encctx, out, &outlen,
  506. t->in, t->in_len) <= 0)
  507. goto err;
  508. } else {
  509. if (EVP_PKEY_decrypt(encctx, out, &outlen,
  510. t->in, t->in_len) <= 0)
  511. goto err;
  512. }
  513. /* Check the KAT */
  514. OSSL_SELF_TEST_oncorrupt_byte(st, out);
  515. if (outlen != t->expected_len
  516. || memcmp(out, t->expected, t->expected_len) != 0)
  517. goto err;
  518. ret = 1;
  519. err:
  520. BN_CTX_free(bnctx);
  521. EVP_PKEY_free(key);
  522. EVP_PKEY_CTX_free(encctx);
  523. EVP_PKEY_CTX_free(keyctx);
  524. OSSL_PARAM_free(keyparams);
  525. OSSL_PARAM_BLD_free(keybld);
  526. OSSL_PARAM_free(initparams);
  527. OSSL_PARAM_BLD_free(initbld);
  528. OSSL_SELF_TEST_onend(st, ret);
  529. return ret;
  530. }
  531. /*
  532. * Test a data driven list of KAT's for digest algorithms.
  533. * All tests are run regardless of if they fail or not.
  534. * Return 0 if any test fails.
  535. */
  536. static int self_test_digests(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx)
  537. {
  538. int i, ret = 1;
  539. for (i = 0; i < (int)OSSL_NELEM(st_kat_digest_tests); ++i) {
  540. if (!self_test_digest(&st_kat_digest_tests[i], st, libctx))
  541. ret = 0;
  542. }
  543. return ret;
  544. }
  545. static int self_test_ciphers(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx)
  546. {
  547. int i, ret = 1;
  548. for (i = 0; i < (int)OSSL_NELEM(st_kat_cipher_tests); ++i) {
  549. if (!self_test_cipher(&st_kat_cipher_tests[i], st, libctx))
  550. ret = 0;
  551. }
  552. return ret;
  553. }
  554. static int self_test_asym_ciphers(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx)
  555. {
  556. int i, ret = 1;
  557. for (i = 0; i < (int)OSSL_NELEM(st_kat_asym_cipher_tests); ++i) {
  558. if (!self_test_asym_cipher(&st_kat_asym_cipher_tests[i], st, libctx))
  559. ret = 0;
  560. }
  561. return ret;
  562. }
  563. static int self_test_kdfs(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx)
  564. {
  565. int i, ret = 1;
  566. for (i = 0; i < (int)OSSL_NELEM(st_kat_kdf_tests); ++i) {
  567. if (!self_test_kdf(&st_kat_kdf_tests[i], st, libctx))
  568. ret = 0;
  569. }
  570. return ret;
  571. }
  572. static int self_test_drbgs(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx)
  573. {
  574. int i, ret = 1;
  575. for (i = 0; i < (int)OSSL_NELEM(st_kat_drbg_tests); ++i) {
  576. if (!self_test_drbg(&st_kat_drbg_tests[i], st, libctx))
  577. ret = 0;
  578. }
  579. return ret;
  580. }
  581. static int self_test_kas(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx)
  582. {
  583. int ret = 1;
  584. #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)
  585. int i;
  586. for (i = 0; i < (int)OSSL_NELEM(st_kat_kas_tests); ++i) {
  587. if (!self_test_ka(&st_kat_kas_tests[i], st, libctx))
  588. ret = 0;
  589. }
  590. #endif
  591. return ret;
  592. }
  593. static int self_test_signatures(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx)
  594. {
  595. int i, ret = 1;
  596. for (i = 0; i < (int)OSSL_NELEM(st_kat_sign_tests); ++i) {
  597. if (!self_test_sign(&st_kat_sign_tests[i], st, libctx))
  598. ret = 0;
  599. }
  600. return ret;
  601. }
  602. /*
  603. * Run the algorithm KAT's.
  604. * Return 1 is successful, otherwise return 0.
  605. * This runs all the tests regardless of if any fail.
  606. */
  607. int SELF_TEST_kats(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx)
  608. {
  609. int ret = 1;
  610. if (!self_test_digests(st, libctx))
  611. ret = 0;
  612. if (!self_test_ciphers(st, libctx))
  613. ret = 0;
  614. if (!self_test_signatures(st, libctx))
  615. ret = 0;
  616. if (!self_test_kdfs(st, libctx))
  617. ret = 0;
  618. if (!self_test_drbgs(st, libctx))
  619. ret = 0;
  620. if (!self_test_kas(st, libctx))
  621. ret = 0;
  622. if (!self_test_asym_ciphers(st, libctx))
  623. ret = 0;
  624. return ret;
  625. }