dsatest.c 18 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505
  1. /*
  2. * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. /*
  10. * DSA low level APIs are deprecated for public use, but still ok for
  11. * internal use.
  12. */
  13. #include "internal/deprecated.h"
  14. #include <stdio.h>
  15. #include <stdlib.h>
  16. #include <string.h>
  17. #include <sys/types.h>
  18. #include <sys/stat.h>
  19. #include <openssl/crypto.h>
  20. #include <openssl/rand.h>
  21. #include <openssl/bn.h>
  22. #include <openssl/dsa.h>
  23. #include <openssl/evp.h>
  24. #include <openssl/core_names.h>
  25. #include "testutil.h"
  26. #include "internal/nelem.h"
  27. #ifndef OPENSSL_NO_DSA
  28. static int dsa_cb(int p, int n, BN_GENCB *arg);
  29. static unsigned char out_p[] = {
  30. 0x8d, 0xf2, 0xa4, 0x94, 0x49, 0x22, 0x76, 0xaa,
  31. 0x3d, 0x25, 0x75, 0x9b, 0xb0, 0x68, 0x69, 0xcb,
  32. 0xea, 0xc0, 0xd8, 0x3a, 0xfb, 0x8d, 0x0c, 0xf7,
  33. 0xcb, 0xb8, 0x32, 0x4f, 0x0d, 0x78, 0x82, 0xe5,
  34. 0xd0, 0x76, 0x2f, 0xc5, 0xb7, 0x21, 0x0e, 0xaf,
  35. 0xc2, 0xe9, 0xad, 0xac, 0x32, 0xab, 0x7a, 0xac,
  36. 0x49, 0x69, 0x3d, 0xfb, 0xf8, 0x37, 0x24, 0xc2,
  37. 0xec, 0x07, 0x36, 0xee, 0x31, 0xc8, 0x02, 0x91,
  38. };
  39. static unsigned char out_q[] = {
  40. 0xc7, 0x73, 0x21, 0x8c, 0x73, 0x7e, 0xc8, 0xee,
  41. 0x99, 0x3b, 0x4f, 0x2d, 0xed, 0x30, 0xf4, 0x8e,
  42. 0xda, 0xce, 0x91, 0x5f,
  43. };
  44. static unsigned char out_g[] = {
  45. 0x62, 0x6d, 0x02, 0x78, 0x39, 0xea, 0x0a, 0x13,
  46. 0x41, 0x31, 0x63, 0xa5, 0x5b, 0x4c, 0xb5, 0x00,
  47. 0x29, 0x9d, 0x55, 0x22, 0x95, 0x6c, 0xef, 0xcb,
  48. 0x3b, 0xff, 0x10, 0xf3, 0x99, 0xce, 0x2c, 0x2e,
  49. 0x71, 0xcb, 0x9d, 0xe5, 0xfa, 0x24, 0xba, 0xbf,
  50. 0x58, 0xe5, 0xb7, 0x95, 0x21, 0x92, 0x5c, 0x9c,
  51. 0xc4, 0x2e, 0x9f, 0x6f, 0x46, 0x4b, 0x08, 0x8c,
  52. 0xc5, 0x72, 0xaf, 0x53, 0xe6, 0xd7, 0x88, 0x02,
  53. };
  54. static int dsa_test(void)
  55. {
  56. BN_GENCB *cb;
  57. DSA *dsa = NULL;
  58. int counter, ret = 0, i, j;
  59. unsigned char buf[256];
  60. unsigned long h;
  61. unsigned char sig[256];
  62. unsigned int siglen;
  63. const BIGNUM *p = NULL, *q = NULL, *g = NULL;
  64. /*
  65. * seed, out_p, out_q, out_g are taken from the updated Appendix 5 to FIPS
  66. * PUB 186 and also appear in Appendix 5 to FIPS PIB 186-1
  67. */
  68. static unsigned char seed[20] = {
  69. 0xd5, 0x01, 0x4e, 0x4b, 0x60, 0xef, 0x2b, 0xa8,
  70. 0xb6, 0x21, 0x1b, 0x40, 0x62, 0xba, 0x32, 0x24,
  71. 0xe0, 0x42, 0x7d, 0xd3,
  72. };
  73. static const unsigned char str1[] = "12345678901234567890";
  74. if (!TEST_ptr(cb = BN_GENCB_new()))
  75. goto end;
  76. BN_GENCB_set(cb, dsa_cb, NULL);
  77. if (!TEST_ptr(dsa = DSA_new())
  78. || !TEST_true(DSA_generate_parameters_ex(dsa, 512, seed, 20,
  79. &counter, &h, cb)))
  80. goto end;
  81. if (!TEST_int_eq(counter, 105))
  82. goto end;
  83. if (!TEST_int_eq(h, 2))
  84. goto end;
  85. DSA_get0_pqg(dsa, &p, &q, &g);
  86. i = BN_bn2bin(q, buf);
  87. j = sizeof(out_q);
  88. if (!TEST_int_eq(i, j) || !TEST_mem_eq(buf, i, out_q, i))
  89. goto end;
  90. i = BN_bn2bin(p, buf);
  91. j = sizeof(out_p);
  92. if (!TEST_int_eq(i, j) || !TEST_mem_eq(buf, i, out_p, i))
  93. goto end;
  94. i = BN_bn2bin(g, buf);
  95. j = sizeof(out_g);
  96. if (!TEST_int_eq(i, j) || !TEST_mem_eq(buf, i, out_g, i))
  97. goto end;
  98. if (!TEST_true(DSA_generate_key(dsa)))
  99. goto end;
  100. if (!TEST_true(DSA_sign(0, str1, 20, sig, &siglen, dsa)))
  101. goto end;
  102. if (TEST_int_gt(DSA_verify(0, str1, 20, sig, siglen, dsa), 0))
  103. ret = 1;
  104. end:
  105. DSA_free(dsa);
  106. BN_GENCB_free(cb);
  107. return ret;
  108. }
  109. static int dsa_cb(int p, int n, BN_GENCB *arg)
  110. {
  111. static int ok = 0, num = 0;
  112. if (p == 0)
  113. num++;
  114. if (p == 2)
  115. ok++;
  116. if (!ok && (p == 0) && (num > 1)) {
  117. TEST_error("dsa_cb error");
  118. return 0;
  119. }
  120. return 1;
  121. }
  122. # define P 0
  123. # define Q 1
  124. # define G 2
  125. # define SEED 3
  126. # define PCOUNT 4
  127. # define GINDEX 5
  128. # define HCOUNT 6
  129. # define GROUP 7
  130. static int dsa_keygen_test(void)
  131. {
  132. int ret = 0;
  133. EVP_PKEY *param_key = NULL, *key = NULL;
  134. EVP_PKEY_CTX *pg_ctx = NULL, *kg_ctx = NULL;
  135. BIGNUM *p_in = NULL, *q_in = NULL, *g_in = NULL;
  136. BIGNUM *p_out = NULL, *q_out = NULL, *g_out = NULL;
  137. int gindex_out = 0, pcount_out = 0, hcount_out = 0;
  138. unsigned char seed_out[32];
  139. char group_out[32];
  140. size_t len = 0;
  141. const OSSL_PARAM *settables = NULL;
  142. static const unsigned char seed_data[] = {
  143. 0xa6, 0xf5, 0x28, 0x8c, 0x50, 0x77, 0xa5, 0x68,
  144. 0x6d, 0x3a, 0xf5, 0xf1, 0xc6, 0x4c, 0xdc, 0x35,
  145. 0x95, 0x26, 0x3f, 0x03, 0xdc, 0x00, 0x3f, 0x44,
  146. 0x7b, 0x2a, 0xc7, 0x29
  147. };
  148. static const unsigned char expected_p[]= {
  149. 0xdb, 0x47, 0x07, 0xaf, 0xf0, 0x06, 0x49, 0x55,
  150. 0xc9, 0xbb, 0x09, 0x41, 0xb8, 0xdb, 0x1f, 0xbc,
  151. 0xa8, 0xed, 0x12, 0x06, 0x7f, 0x88, 0x49, 0xb8,
  152. 0xc9, 0x12, 0x87, 0x21, 0xbb, 0x08, 0x6c, 0xbd,
  153. 0xf1, 0x89, 0xef, 0x84, 0xd9, 0x7a, 0x93, 0xe8,
  154. 0x45, 0x40, 0x81, 0xec, 0x37, 0x27, 0x1a, 0xa4,
  155. 0x22, 0x51, 0x99, 0xf0, 0xde, 0x04, 0xdb, 0xea,
  156. 0xa1, 0xf9, 0x37, 0x83, 0x80, 0x96, 0x36, 0x53,
  157. 0xf6, 0xae, 0x14, 0x73, 0x33, 0x0f, 0xdf, 0x0b,
  158. 0xf9, 0x2f, 0x08, 0x46, 0x31, 0xf9, 0x66, 0xcd,
  159. 0x5a, 0xeb, 0x6c, 0xf3, 0xbb, 0x74, 0xf3, 0x88,
  160. 0xf0, 0x31, 0x5c, 0xa4, 0xc8, 0x0f, 0x86, 0xf3,
  161. 0x0f, 0x9f, 0xc0, 0x8c, 0x57, 0xe4, 0x7f, 0x95,
  162. 0xb3, 0x62, 0xc8, 0x4e, 0xae, 0xf3, 0xd8, 0x14,
  163. 0xcc, 0x47, 0xc2, 0x4b, 0x4f, 0xef, 0xaf, 0xcd,
  164. 0xcf, 0xb2, 0xbb, 0xe8, 0xbe, 0x08, 0xca, 0x15,
  165. 0x90, 0x59, 0x35, 0xef, 0x35, 0x1c, 0xfe, 0xeb,
  166. 0x33, 0x2e, 0x25, 0x22, 0x57, 0x9c, 0x55, 0x23,
  167. 0x0c, 0x6f, 0xed, 0x7c, 0xb6, 0xc7, 0x36, 0x0b,
  168. 0xcb, 0x2b, 0x6a, 0x21, 0xa1, 0x1d, 0x55, 0x77,
  169. 0xd9, 0x91, 0xcd, 0xc1, 0xcd, 0x3d, 0x82, 0x16,
  170. 0x9c, 0xa0, 0x13, 0xa5, 0x83, 0x55, 0x3a, 0x73,
  171. 0x7e, 0x2c, 0x44, 0x3e, 0x70, 0x2e, 0x50, 0x91,
  172. 0x6e, 0xca, 0x3b, 0xef, 0xff, 0x85, 0x35, 0x70,
  173. 0xff, 0x61, 0x0c, 0xb1, 0xb2, 0xb7, 0x94, 0x6f,
  174. 0x65, 0xa4, 0x57, 0x62, 0xef, 0x21, 0x83, 0x0f,
  175. 0x3e, 0x71, 0xae, 0x7d, 0xe4, 0xad, 0xfb, 0xe3,
  176. 0xdd, 0xd6, 0x03, 0xda, 0x9a, 0xd8, 0x8f, 0x2d,
  177. 0xbb, 0x90, 0x87, 0xf8, 0xdb, 0xdc, 0xec, 0x71,
  178. 0xf2, 0xdb, 0x0b, 0x8e, 0xfc, 0x1a, 0x7e, 0x79,
  179. 0xb1, 0x1b, 0x0d, 0xfc, 0x70, 0xec, 0x85, 0xc2,
  180. 0xc5, 0xba, 0xb9, 0x69, 0x3f, 0x88, 0xbc, 0xcb
  181. };
  182. static const unsigned char expected_q[]= {
  183. 0x99, 0xb6, 0xa0, 0xee, 0xb3, 0xa6, 0x99, 0x1a,
  184. 0xb6, 0x67, 0x8d, 0xc1, 0x2b, 0x9b, 0xce, 0x2b,
  185. 0x01, 0x72, 0x5a, 0x65, 0x76, 0x3d, 0x93, 0x69,
  186. 0xe2, 0x56, 0xae, 0xd7
  187. };
  188. static const unsigned char expected_g[]= {
  189. 0x63, 0xf8, 0xb6, 0xee, 0x2a, 0x27, 0xaf, 0x4f,
  190. 0x4c, 0xf6, 0x08, 0x28, 0x87, 0x4a, 0xe7, 0x1f,
  191. 0x45, 0x46, 0x27, 0x52, 0x3b, 0x7f, 0x6f, 0xd2,
  192. 0x29, 0xcb, 0xe8, 0x11, 0x19, 0x25, 0x35, 0x76,
  193. 0x99, 0xcb, 0x4f, 0x1b, 0xe0, 0xed, 0x32, 0x9e,
  194. 0x05, 0xb5, 0xbe, 0xd7, 0xf6, 0x5a, 0xb2, 0xf6,
  195. 0x0e, 0x0c, 0x7e, 0xf5, 0xe1, 0x05, 0xfe, 0xda,
  196. 0xaf, 0x0f, 0x27, 0x1e, 0x40, 0x2a, 0xf7, 0xa7,
  197. 0x23, 0x49, 0x2c, 0xd9, 0x1b, 0x0a, 0xbe, 0xff,
  198. 0xc7, 0x7c, 0x7d, 0x60, 0xca, 0xa3, 0x19, 0xc3,
  199. 0xb7, 0xe4, 0x43, 0xb0, 0xf5, 0x75, 0x44, 0x90,
  200. 0x46, 0x47, 0xb1, 0xa6, 0x48, 0x0b, 0x21, 0x8e,
  201. 0xee, 0x75, 0xe6, 0x3d, 0xa7, 0xd3, 0x7b, 0x31,
  202. 0xd1, 0xd2, 0x9d, 0xe2, 0x8a, 0xfc, 0x57, 0xfd,
  203. 0x8a, 0x10, 0x31, 0xeb, 0x87, 0x36, 0x3f, 0x65,
  204. 0x72, 0x23, 0x2c, 0xd3, 0xd6, 0x17, 0xa5, 0x62,
  205. 0x58, 0x65, 0x57, 0x6a, 0xd4, 0xa8, 0xfe, 0xec,
  206. 0x57, 0x76, 0x0c, 0xb1, 0x4c, 0x93, 0xed, 0xb0,
  207. 0xb4, 0xf9, 0x45, 0xb3, 0x3e, 0xdd, 0x47, 0xf1,
  208. 0xfb, 0x7d, 0x25, 0x79, 0x3d, 0xfc, 0xa7, 0x39,
  209. 0x90, 0x68, 0x6a, 0x6b, 0xae, 0xf2, 0x6e, 0x64,
  210. 0x8c, 0xfb, 0xb8, 0xdd, 0x76, 0x4e, 0x4a, 0x69,
  211. 0x8c, 0x97, 0x15, 0x77, 0xb2, 0x67, 0xdc, 0xeb,
  212. 0x4a, 0x40, 0x6b, 0xb9, 0x47, 0x8f, 0xa6, 0xab,
  213. 0x6e, 0x98, 0xc0, 0x97, 0x9a, 0x0c, 0xea, 0x00,
  214. 0xfd, 0x56, 0x1a, 0x74, 0x9a, 0x32, 0x6b, 0xfe,
  215. 0xbd, 0xdf, 0x6c, 0x82, 0x54, 0x53, 0x4d, 0x70,
  216. 0x65, 0xe3, 0x8b, 0x37, 0xb8, 0xe4, 0x70, 0x08,
  217. 0xb7, 0x3b, 0x30, 0x27, 0xaf, 0x1c, 0x77, 0xf3,
  218. 0x62, 0xd4, 0x9a, 0x59, 0xba, 0xd1, 0x6e, 0x89,
  219. 0x5c, 0x34, 0x9a, 0xa1, 0xb7, 0x4f, 0x7d, 0x8c,
  220. 0xdc, 0xbc, 0x74, 0x25, 0x5e, 0xbf, 0x77, 0x46
  221. };
  222. int expected_c = 1316;
  223. int expected_h = 2;
  224. if (!TEST_ptr(p_in = BN_bin2bn(expected_p, sizeof(expected_p), NULL))
  225. || !TEST_ptr(q_in = BN_bin2bn(expected_q, sizeof(expected_q), NULL))
  226. || !TEST_ptr(g_in = BN_bin2bn(expected_g, sizeof(expected_g), NULL)))
  227. goto end;
  228. if (!TEST_ptr(pg_ctx = EVP_PKEY_CTX_new_from_name(NULL, "DSA", NULL))
  229. || !TEST_int_gt(EVP_PKEY_paramgen_init(pg_ctx), 0)
  230. || !TEST_ptr_null(EVP_PKEY_CTX_gettable_params(pg_ctx))
  231. || !TEST_ptr(settables = EVP_PKEY_CTX_settable_params(pg_ctx))
  232. || !TEST_ptr(OSSL_PARAM_locate_const(settables,
  233. OSSL_PKEY_PARAM_FFC_PBITS))
  234. || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_type(pg_ctx, "fips186_4"))
  235. || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_bits(pg_ctx, 2048))
  236. || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_q_bits(pg_ctx, 224))
  237. || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_seed(pg_ctx, seed_data,
  238. sizeof(seed_data)))
  239. || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_md_props(pg_ctx, "SHA256",
  240. ""))
  241. || !TEST_int_gt(EVP_PKEY_generate(pg_ctx, &param_key), 0)
  242. || !TEST_ptr(kg_ctx = EVP_PKEY_CTX_new_from_pkey(NULL, param_key, NULL))
  243. || !TEST_int_gt(EVP_PKEY_keygen_init(kg_ctx), 0)
  244. || !TEST_int_gt(EVP_PKEY_generate(kg_ctx, &key), 0))
  245. goto end;
  246. if (!TEST_true(EVP_PKEY_get_bn_param(key, OSSL_PKEY_PARAM_FFC_P, &p_out))
  247. || !TEST_BN_eq(p_in, p_out)
  248. || !TEST_true(EVP_PKEY_get_bn_param(key, OSSL_PKEY_PARAM_FFC_Q, &q_out))
  249. || !TEST_BN_eq(q_in, q_out)
  250. || !TEST_true(EVP_PKEY_get_bn_param(key, OSSL_PKEY_PARAM_FFC_G, &g_out))
  251. || !TEST_BN_eq(g_in, g_out)
  252. || !TEST_true(EVP_PKEY_get_octet_string_param(
  253. key, OSSL_PKEY_PARAM_FFC_SEED, seed_out,
  254. sizeof(seed_out), &len))
  255. || !TEST_mem_eq(seed_out, len, seed_data, sizeof(seed_data))
  256. || !TEST_true(EVP_PKEY_get_int_param(key, OSSL_PKEY_PARAM_FFC_GINDEX,
  257. &gindex_out))
  258. || !TEST_int_eq(gindex_out, -1)
  259. || !TEST_true(EVP_PKEY_get_int_param(key, OSSL_PKEY_PARAM_FFC_H,
  260. &hcount_out))
  261. || !TEST_int_eq(hcount_out, expected_h)
  262. || !TEST_true(EVP_PKEY_get_int_param(key,
  263. OSSL_PKEY_PARAM_FFC_PCOUNTER,
  264. &pcount_out))
  265. || !TEST_int_eq(pcount_out, expected_c)
  266. || !TEST_false(EVP_PKEY_get_utf8_string_param(key,
  267. OSSL_PKEY_PARAM_GROUP_NAME,
  268. group_out,
  269. sizeof(group_out), &len)))
  270. goto end;
  271. ret = 1;
  272. end:
  273. BN_free(p_in);
  274. BN_free(q_in);
  275. BN_free(g_in);
  276. BN_free(p_out);
  277. BN_free(q_out);
  278. BN_free(g_out);
  279. EVP_PKEY_free(param_key);
  280. EVP_PKEY_free(key);
  281. EVP_PKEY_CTX_free(kg_ctx);
  282. EVP_PKEY_CTX_free(pg_ctx);
  283. return ret;
  284. }
  285. static int test_dsa_default_paramgen_validate(int i)
  286. {
  287. int ret;
  288. EVP_PKEY_CTX *gen_ctx = NULL;
  289. EVP_PKEY_CTX *check_ctx = NULL;
  290. EVP_PKEY *params = NULL;
  291. ret = TEST_ptr(gen_ctx = EVP_PKEY_CTX_new_from_name(NULL, "DSA", NULL))
  292. && TEST_int_gt(EVP_PKEY_paramgen_init(gen_ctx), 0)
  293. && (i == 0
  294. || TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_bits(gen_ctx, 512)))
  295. && TEST_int_gt(EVP_PKEY_generate(gen_ctx, &params), 0)
  296. && TEST_ptr(check_ctx = EVP_PKEY_CTX_new_from_pkey(NULL, params, NULL))
  297. && TEST_int_gt(EVP_PKEY_param_check(check_ctx), 0);
  298. EVP_PKEY_free(params);
  299. EVP_PKEY_CTX_free(check_ctx);
  300. EVP_PKEY_CTX_free(gen_ctx);
  301. return ret;
  302. }
  303. static int test_dsa_sig_infinite_loop(void)
  304. {
  305. int ret = 0;
  306. DSA *dsa = NULL;
  307. BIGNUM *p = NULL, *q = NULL, *g = NULL, *priv = NULL, *pub = NULL, *priv2 = NULL;
  308. BIGNUM *badq = NULL, *badpriv = NULL;
  309. const unsigned char msg[] = { 0x00 };
  310. unsigned int signature_len0;
  311. unsigned int signature_len;
  312. unsigned char signature[64];
  313. static unsigned char out_priv[] = {
  314. 0x17, 0x00, 0xb2, 0x8d, 0xcb, 0x24, 0xc9, 0x98,
  315. 0xd0, 0x7f, 0x1f, 0x83, 0x1a, 0xa1, 0xc4, 0xa4,
  316. 0xf8, 0x0f, 0x7f, 0x12
  317. };
  318. static unsigned char out_pub[] = {
  319. 0x04, 0x72, 0xee, 0x8d, 0xaa, 0x4d, 0x89, 0x60,
  320. 0x0e, 0xb2, 0xd4, 0x38, 0x84, 0xa2, 0x2a, 0x60,
  321. 0x5f, 0x67, 0xd7, 0x9e, 0x24, 0xdd, 0xe8, 0x50,
  322. 0xf2, 0x23, 0x71, 0x55, 0x53, 0x94, 0x0d, 0x6b,
  323. 0x2e, 0xcd, 0x30, 0xda, 0x6f, 0x1e, 0x2c, 0xcf,
  324. 0x59, 0xbe, 0x05, 0x6c, 0x07, 0x0e, 0xc6, 0x38,
  325. 0x05, 0xcb, 0x0c, 0x44, 0x0a, 0x08, 0x13, 0xb6,
  326. 0x0f, 0x14, 0xde, 0x4a, 0xf6, 0xed, 0x4e, 0xc3
  327. };
  328. if (!TEST_ptr(p = BN_bin2bn(out_p, sizeof(out_p), NULL))
  329. || !TEST_ptr(q = BN_bin2bn(out_q, sizeof(out_q), NULL))
  330. || !TEST_ptr(g = BN_bin2bn(out_g, sizeof(out_g), NULL))
  331. || !TEST_ptr(pub = BN_bin2bn(out_pub, sizeof(out_pub), NULL))
  332. || !TEST_ptr(priv = BN_bin2bn(out_priv, sizeof(out_priv), NULL))
  333. || !TEST_ptr(priv2 = BN_dup(priv))
  334. || !TEST_ptr(badq = BN_new())
  335. || !TEST_true(BN_set_word(badq, 1))
  336. || !TEST_ptr(badpriv = BN_new())
  337. || !TEST_true(BN_set_word(badpriv, 0))
  338. || !TEST_ptr(dsa = DSA_new()))
  339. goto err;
  340. if (!TEST_true(DSA_set0_pqg(dsa, p, q, g)))
  341. goto err;
  342. p = q = g = NULL;
  343. if (!TEST_true(DSA_set0_key(dsa, pub, priv)))
  344. goto err;
  345. pub = priv = NULL;
  346. if (!TEST_int_le(DSA_size(dsa), sizeof(signature)))
  347. goto err;
  348. /* Test passing signature as NULL */
  349. if (!TEST_true(DSA_sign(0, msg, sizeof(msg), NULL, &signature_len0, dsa))
  350. || !TEST_int_gt(signature_len0, 0))
  351. goto err;
  352. if (!TEST_true(DSA_sign(0, msg, sizeof(msg), signature, &signature_len, dsa))
  353. || !TEST_int_gt(signature_len, 0)
  354. || !TEST_int_le(signature_len, signature_len0))
  355. goto err;
  356. /* Test using a private key of zero fails - this causes an infinite loop without the retry test */
  357. if (!TEST_true(DSA_set0_key(dsa, NULL, badpriv)))
  358. goto err;
  359. badpriv = NULL;
  360. if (!TEST_false(DSA_sign(0, msg, sizeof(msg), signature, &signature_len, dsa)))
  361. goto err;
  362. /* Restore private and set a bad q - this caused an infinite loop in the setup */
  363. if (!TEST_true(DSA_set0_key(dsa, NULL, priv2)))
  364. goto err;
  365. priv2 = NULL;
  366. if (!TEST_true(DSA_set0_pqg(dsa, NULL, badq, NULL)))
  367. goto err;
  368. badq = NULL;
  369. if (!TEST_false(DSA_sign(0, msg, sizeof(msg), signature, &signature_len, dsa)))
  370. goto err;
  371. ret = 1;
  372. err:
  373. BN_free(badq);
  374. BN_free(badpriv);
  375. BN_free(pub);
  376. BN_free(priv);
  377. BN_free(priv2);
  378. BN_free(g);
  379. BN_free(q);
  380. BN_free(p);
  381. DSA_free(dsa);
  382. return ret;
  383. }
  384. static int test_dsa_sig_neg_param(void)
  385. {
  386. int ret = 0, setpqg = 0;
  387. DSA *dsa = NULL;
  388. BIGNUM *p = NULL, *q = NULL, *g = NULL, *priv = NULL, *pub = NULL;
  389. const unsigned char msg[] = { 0x00 };
  390. unsigned int signature_len;
  391. unsigned char signature[64];
  392. static unsigned char out_priv[] = {
  393. 0x17, 0x00, 0xb2, 0x8d, 0xcb, 0x24, 0xc9, 0x98,
  394. 0xd0, 0x7f, 0x1f, 0x83, 0x1a, 0xa1, 0xc4, 0xa4,
  395. 0xf8, 0x0f, 0x7f, 0x12
  396. };
  397. static unsigned char out_pub[] = {
  398. 0x04, 0x72, 0xee, 0x8d, 0xaa, 0x4d, 0x89, 0x60,
  399. 0x0e, 0xb2, 0xd4, 0x38, 0x84, 0xa2, 0x2a, 0x60,
  400. 0x5f, 0x67, 0xd7, 0x9e, 0x24, 0xdd, 0xe8, 0x50,
  401. 0xf2, 0x23, 0x71, 0x55, 0x53, 0x94, 0x0d, 0x6b,
  402. 0x2e, 0xcd, 0x30, 0xda, 0x6f, 0x1e, 0x2c, 0xcf,
  403. 0x59, 0xbe, 0x05, 0x6c, 0x07, 0x0e, 0xc6, 0x38,
  404. 0x05, 0xcb, 0x0c, 0x44, 0x0a, 0x08, 0x13, 0xb6,
  405. 0x0f, 0x14, 0xde, 0x4a, 0xf6, 0xed, 0x4e, 0xc3
  406. };
  407. if (!TEST_ptr(p = BN_bin2bn(out_p, sizeof(out_p), NULL))
  408. || !TEST_ptr(q = BN_bin2bn(out_q, sizeof(out_q), NULL))
  409. || !TEST_ptr(g = BN_bin2bn(out_g, sizeof(out_g), NULL))
  410. || !TEST_ptr(pub = BN_bin2bn(out_pub, sizeof(out_pub), NULL))
  411. || !TEST_ptr(priv = BN_bin2bn(out_priv, sizeof(out_priv), NULL))
  412. || !TEST_ptr(dsa = DSA_new()))
  413. goto err;
  414. if (!TEST_true(DSA_set0_pqg(dsa, p, q, g)))
  415. goto err;
  416. setpqg = 1;
  417. if (!TEST_true(DSA_set0_key(dsa, pub, priv)))
  418. goto err;
  419. pub = priv = NULL;
  420. BN_set_negative(p, 1);
  421. if (!TEST_false(DSA_sign(0, msg, sizeof(msg), signature, &signature_len, dsa)))
  422. goto err;
  423. BN_set_negative(p, 0);
  424. BN_set_negative(q, 1);
  425. if (!TEST_false(DSA_sign(0, msg, sizeof(msg), signature, &signature_len, dsa)))
  426. goto err;
  427. BN_set_negative(q, 0);
  428. BN_set_negative(g, 1);
  429. if (!TEST_false(DSA_sign(0, msg, sizeof(msg), signature, &signature_len, dsa)))
  430. goto err;
  431. BN_set_negative(p, 1);
  432. BN_set_negative(q, 1);
  433. BN_set_negative(g, 1);
  434. if (!TEST_false(DSA_sign(0, msg, sizeof(msg), signature, &signature_len, dsa)))
  435. goto err;
  436. ret = 1;
  437. err:
  438. BN_free(pub);
  439. BN_free(priv);
  440. if (setpqg == 0) {
  441. BN_free(g);
  442. BN_free(q);
  443. BN_free(p);
  444. }
  445. DSA_free(dsa);
  446. return ret;
  447. }
  448. #endif /* OPENSSL_NO_DSA */
  449. int setup_tests(void)
  450. {
  451. #ifndef OPENSSL_NO_DSA
  452. ADD_TEST(dsa_test);
  453. ADD_TEST(dsa_keygen_test);
  454. ADD_TEST(test_dsa_sig_infinite_loop);
  455. ADD_TEST(test_dsa_sig_neg_param);
  456. ADD_ALL_TESTS(test_dsa_default_paramgen_validate, 2);
  457. #endif
  458. return 1;
  459. }