1 /*
2 * Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 /*
11 * A set of tests demonstrating uses cases for CAVS/ACVP testing.
12 *
13 * For examples of testing KDF's, Digests, KeyAgreement & DRBG's refer to
14 * providers/fips/self_test_kats.c
15 */
16
17 #include <string.h>
18 #include <openssl/opensslconf.h> /* To see if OPENSSL_NO_EC is defined */
19 #include <openssl/core_names.h>
20 #include <openssl/evp.h>
21 #include <openssl/ec.h>
22 #include <openssl/dh.h>
23 #include <openssl/dsa.h>
24 #include <openssl/rsa.h>
25 #include <openssl/param_build.h>
26 #include <openssl/provider.h>
27 #include <openssl/self_test.h>
28 #include "testutil.h"
29 #include "testutil/output.h"
30 #include "acvp_test.inc"
31 #include "internal/nelem.h"
32
33 typedef enum OPTION_choice {
34 OPT_ERR = -1,
35 OPT_EOF = 0,
36 OPT_CONFIG_FILE,
37 OPT_TEST_ENUM
38 } OPTION_CHOICE;
39
40 typedef struct st_args {
41 int enable;
42 int called;
43 } SELF_TEST_ARGS;
44
45 static OSSL_PROVIDER *prov_null = NULL;
46 static OSSL_LIB_CTX *libctx = NULL;
47 static SELF_TEST_ARGS self_test_args = { 0 };
48 static OSSL_CALLBACK self_test_events;
49 static int pass_sig_gen_params = 1;
50 static int rsa_sign_x931_pad_allowed = 1;
51 #ifndef OPENSSL_NO_DSA
52 static int dsasign_allowed = 1;
53 #endif
54
test_get_options(void)55 const OPTIONS *test_get_options(void)
56 {
57 static const OPTIONS test_options[] = {
58 OPT_TEST_OPTIONS_DEFAULT_USAGE,
59 { "config", OPT_CONFIG_FILE, '<',
60 "The configuration file to use for the libctx" },
61 { NULL }
62 };
63 return test_options;
64 }
65
pkey_get_bn_bytes(EVP_PKEY * pkey,const char * name,unsigned char ** out,size_t * out_len)66 static int pkey_get_bn_bytes(EVP_PKEY *pkey, const char *name,
67 unsigned char **out, size_t *out_len)
68 {
69 unsigned char *buf = NULL;
70 BIGNUM *bn = NULL;
71 int sz;
72
73 if (!EVP_PKEY_get_bn_param(pkey, name, &bn))
74 goto err;
75 sz = BN_num_bytes(bn);
76 buf = OPENSSL_zalloc(sz);
77 if (buf == NULL)
78 goto err;
79 if (BN_bn2binpad(bn, buf, sz) <= 0)
80 goto err;
81
82 *out_len = sz;
83 *out = buf;
84 BN_free(bn);
85 return 1;
86 err:
87 OPENSSL_free(buf);
88 BN_free(bn);
89 return 0;
90 }
91
sig_gen(EVP_PKEY * pkey,OSSL_PARAM * params,const char * digest_name,const unsigned char * msg,size_t msg_len,unsigned char ** sig_out,size_t * sig_out_len)92 static int sig_gen(EVP_PKEY *pkey, OSSL_PARAM *params, const char *digest_name,
93 const unsigned char *msg, size_t msg_len,
94 unsigned char **sig_out, size_t *sig_out_len)
95 {
96 int ret = 0;
97 EVP_MD_CTX *md_ctx = NULL;
98 unsigned char *sig = NULL;
99 size_t sig_len;
100 size_t sz = EVP_PKEY_get_size(pkey);
101 OSSL_PARAM *p = pass_sig_gen_params ? params : NULL;
102
103 sig_len = sz;
104 if (!TEST_ptr(sig = OPENSSL_malloc(sz))
105 || !TEST_ptr(md_ctx = EVP_MD_CTX_new())
106 || !TEST_int_eq(EVP_DigestSignInit_ex(md_ctx, NULL, digest_name, libctx,
107 NULL, pkey, p), 1)
108 || !TEST_int_gt(EVP_DigestSign(md_ctx, sig, &sig_len, msg, msg_len), 0))
109 goto err;
110 *sig_out = sig;
111 *sig_out_len = sig_len;
112 sig = NULL;
113 ret = 1;
114 err:
115 OPENSSL_free(sig);
116 EVP_MD_CTX_free(md_ctx);
117 return ret;
118 }
119
check_verify_message(EVP_PKEY_CTX * pkey_ctx,int expected)120 static int check_verify_message(EVP_PKEY_CTX *pkey_ctx, int expected)
121 {
122 OSSL_PARAM params[2], *p = params;
123 int verify_message = -1;
124
125 if (!OSSL_PROVIDER_available(libctx, "fips")
126 || fips_provider_version_match(libctx, "<3.4.0"))
127 return 1;
128
129 *p++ = OSSL_PARAM_construct_int(OSSL_SIGNATURE_PARAM_FIPS_VERIFY_MESSAGE,
130 &verify_message);
131 *p = OSSL_PARAM_construct_end();
132
133 if (!TEST_true(EVP_PKEY_CTX_get_params(pkey_ctx, params))
134 || !TEST_int_eq(verify_message, expected))
135 return 0;
136 return 1;
137 }
138
139 #ifndef OPENSSL_NO_EC
ecdsa_keygen_test(int id)140 static int ecdsa_keygen_test(int id)
141 {
142 int ret = 0;
143 EVP_PKEY *pkey = NULL;
144 unsigned char *priv = NULL;
145 unsigned char *pubx = NULL, *puby = NULL;
146 size_t priv_len = 0, pubx_len = 0, puby_len = 0;
147 const struct ecdsa_keygen_st *tst = &ecdsa_keygen_data[id];
148
149 self_test_args.called = 0;
150 self_test_args.enable = 1;
151 if (!TEST_ptr(pkey = EVP_PKEY_Q_keygen(libctx, NULL, "EC", tst->curve_name))
152 || !TEST_int_ge(self_test_args.called, 3)
153 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_PRIV_KEY, &priv,
154 &priv_len))
155 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_EC_PUB_X, &pubx,
156 &pubx_len))
157 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_EC_PUB_Y, &puby,
158 &puby_len)))
159 goto err;
160
161 test_output_memory("qy", puby, puby_len);
162 test_output_memory("qx", pubx, pubx_len);
163 test_output_memory("d", priv, priv_len);
164 ret = 1;
165 err:
166 self_test_args.enable = 0;
167 self_test_args.called = 0;
168 OPENSSL_clear_free(priv, priv_len);
169 OPENSSL_free(pubx);
170 OPENSSL_free(puby);
171 EVP_PKEY_free(pkey);
172 return ret;
173 }
174
ecdsa_create_pkey(EVP_PKEY ** pkey,const char * curve_name,const unsigned char * pub,size_t pub_len,int expected)175 static int ecdsa_create_pkey(EVP_PKEY **pkey, const char *curve_name,
176 const unsigned char *pub, size_t pub_len,
177 int expected)
178 {
179 int ret = 0;
180 EVP_PKEY_CTX *ctx = NULL;
181 OSSL_PARAM_BLD *bld = NULL;
182 OSSL_PARAM *params = NULL;
183
184 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
185 || (curve_name != NULL
186 && !TEST_true(OSSL_PARAM_BLD_push_utf8_string(
187 bld, OSSL_PKEY_PARAM_GROUP_NAME, curve_name, 0) > 0))
188 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
189 OSSL_PKEY_PARAM_PUB_KEY,
190 pub, pub_len) > 0)
191 || !TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
192 || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "EC", NULL))
193 || !TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1)
194 || !TEST_int_eq(EVP_PKEY_fromdata(ctx, pkey, EVP_PKEY_PUBLIC_KEY,
195 params), expected))
196 goto err;
197
198 ret = 1;
199 err:
200 OSSL_PARAM_free(params);
201 OSSL_PARAM_BLD_free(bld);
202 EVP_PKEY_CTX_free(ctx);
203 return ret;
204 }
205
ecdsa_pub_verify_test(int id)206 static int ecdsa_pub_verify_test(int id)
207 {
208 const struct ecdsa_pub_verify_st *tst = &ecdsa_pv_data[id];
209
210 int ret = 0;
211 EVP_PKEY_CTX *key_ctx = NULL;
212 EVP_PKEY *pkey = NULL;
213
214 if (!TEST_true(ecdsa_create_pkey(&pkey, tst->curve_name,
215 tst->pub, tst->pub_len, tst->pass)))
216 goto err;
217
218 if (tst->pass) {
219 if (!TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, ""))
220 || !TEST_int_eq(EVP_PKEY_public_check(key_ctx), tst->pass))
221 goto err;
222 }
223 ret = 1;
224 err:
225 EVP_PKEY_free(pkey);
226 EVP_PKEY_CTX_free(key_ctx);
227 return ret;
228 }
229
230 /* Extract r and s from an ecdsa signature */
get_ecdsa_sig_rs_bytes(const unsigned char * sig,size_t sig_len,unsigned char ** r,unsigned char ** s,size_t * rlen,size_t * slen)231 static int get_ecdsa_sig_rs_bytes(const unsigned char *sig, size_t sig_len,
232 unsigned char **r, unsigned char **s,
233 size_t *rlen, size_t *slen)
234 {
235 int ret = 0;
236 unsigned char *rbuf = NULL, *sbuf = NULL;
237 size_t r1_len, s1_len;
238 const BIGNUM *r1, *s1;
239 ECDSA_SIG *sign = d2i_ECDSA_SIG(NULL, &sig, sig_len);
240
241 if (sign == NULL)
242 return 0;
243 r1 = ECDSA_SIG_get0_r(sign);
244 s1 = ECDSA_SIG_get0_s(sign);
245 if (r1 == NULL || s1 == NULL)
246 goto err;
247
248 r1_len = BN_num_bytes(r1);
249 s1_len = BN_num_bytes(s1);
250 rbuf = OPENSSL_zalloc(r1_len);
251 sbuf = OPENSSL_zalloc(s1_len);
252 if (rbuf == NULL || sbuf == NULL)
253 goto err;
254 if (BN_bn2binpad(r1, rbuf, r1_len) <= 0)
255 goto err;
256 if (BN_bn2binpad(s1, sbuf, s1_len) <= 0)
257 goto err;
258 *r = rbuf;
259 *s = sbuf;
260 *rlen = r1_len;
261 *slen = s1_len;
262 ret = 1;
263 err:
264 if (ret == 0) {
265 OPENSSL_free(rbuf);
266 OPENSSL_free(sbuf);
267 }
268 ECDSA_SIG_free(sign);
269 return ret;
270 }
271
ecdsa_siggen_test(int id)272 static int ecdsa_siggen_test(int id)
273 {
274 int ret = 0;
275 EVP_PKEY *pkey = NULL;
276 size_t sig_len = 0, rlen = 0, slen = 0;
277 unsigned char *sig = NULL;
278 unsigned char *r = NULL, *s = NULL;
279 const struct ecdsa_siggen_st *tst = &ecdsa_siggen_data[id];
280
281 if (!TEST_ptr(pkey = EVP_PKEY_Q_keygen(libctx, NULL, "EC", tst->curve_name)))
282 goto err;
283
284 if (!TEST_true(sig_gen(pkey, NULL, tst->digest_alg, tst->msg, tst->msg_len,
285 &sig, &sig_len))
286 || !TEST_true(get_ecdsa_sig_rs_bytes(sig, sig_len, &r, &s, &rlen, &slen)))
287 goto err;
288 test_output_memory("r", r, rlen);
289 test_output_memory("s", s, slen);
290 ret = 1;
291 err:
292 OPENSSL_free(r);
293 OPENSSL_free(s);
294 OPENSSL_free(sig);
295 EVP_PKEY_free(pkey);
296 return ret;
297 }
298
ecdsa_sigver_test(int id)299 static int ecdsa_sigver_test(int id)
300 {
301 int ret = 0;
302 EVP_MD_CTX *md_ctx = NULL;
303 EVP_PKEY *pkey = NULL;
304 EVP_PKEY_CTX *pkey_ctx;
305 ECDSA_SIG *sign = NULL;
306 size_t sig_len;
307 unsigned char *sig = NULL;
308 BIGNUM *rbn = NULL, *sbn = NULL;
309 const struct ecdsa_sigver_st *tst = &ecdsa_sigver_data[id];
310
311 if (!TEST_true(ecdsa_create_pkey(&pkey, tst->curve_name,
312 tst->pub, tst->pub_len, 1)))
313 goto err;
314
315 if (!TEST_ptr(sign = ECDSA_SIG_new())
316 || !TEST_ptr(rbn = BN_bin2bn(tst->r, tst->r_len, NULL))
317 || !TEST_ptr(sbn = BN_bin2bn(tst->s, tst->s_len, NULL))
318 || !TEST_true(ECDSA_SIG_set0(sign, rbn, sbn)))
319 goto err;
320 rbn = sbn = NULL;
321
322 if (!TEST_int_gt((sig_len = i2d_ECDSA_SIG(sign, &sig)), 0)
323 || !TEST_ptr(md_ctx = EVP_MD_CTX_new())
324 || !TEST_true(EVP_DigestVerifyInit_ex(md_ctx, NULL, tst->digest_alg,
325 libctx, NULL, pkey, NULL))
326 || !TEST_ptr(pkey_ctx = EVP_MD_CTX_get_pkey_ctx(md_ctx))
327 || !check_verify_message(pkey_ctx, 1)
328 || !TEST_int_eq(EVP_DigestVerify(md_ctx, sig, sig_len,
329 tst->msg, tst->msg_len), tst->pass)
330 || !check_verify_message(pkey_ctx, 1)
331 || !TEST_true(EVP_PKEY_verify_init(pkey_ctx))
332 || !check_verify_message(pkey_ctx, 0))
333 goto err;
334
335 ret = 1;
336 err:
337 BN_free(rbn);
338 BN_free(sbn);
339 OPENSSL_free(sig);
340 ECDSA_SIG_free(sign);
341 EVP_PKEY_free(pkey);
342 EVP_MD_CTX_free(md_ctx);
343 return ret;
344
345 }
346 #endif /* OPENSSL_NO_EC */
347
348 #if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECX)
pkey_get_octet_bytes(EVP_PKEY * pkey,const char * name,unsigned char ** out,size_t * out_len)349 static int pkey_get_octet_bytes(EVP_PKEY *pkey, const char *name,
350 unsigned char **out, size_t *out_len)
351 {
352 size_t len = 0;
353 unsigned char *buf = NULL;
354
355 if (!EVP_PKEY_get_octet_string_param(pkey, name, NULL, 0, &len))
356 goto err;
357
358 buf = OPENSSL_zalloc(len);
359 if (buf == NULL)
360 goto err;
361
362 if (!EVP_PKEY_get_octet_string_param(pkey, name, buf, len, out_len))
363 goto err;
364 *out = buf;
365 return 1;
366 err:
367 OPENSSL_free(buf);
368 return 0;
369 }
370 #endif /* !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECX) */
371
372 #ifndef OPENSSL_NO_ECX
eddsa_create_pkey(EVP_PKEY ** pkey,const char * algname,const unsigned char * pub,size_t pub_len,int expected)373 static int eddsa_create_pkey(EVP_PKEY **pkey, const char *algname,
374 const unsigned char *pub, size_t pub_len,
375 int expected)
376 {
377 int ret = 0;
378 EVP_PKEY_CTX *ctx = NULL;
379 OSSL_PARAM_BLD *bld = NULL;
380 OSSL_PARAM *params = NULL;
381
382 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
383 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
384 OSSL_PKEY_PARAM_PUB_KEY,
385 pub, pub_len) > 0)
386 || !TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
387 || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, algname, NULL))
388 || !TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1)
389 || !TEST_int_eq(EVP_PKEY_fromdata(ctx, pkey, EVP_PKEY_PUBLIC_KEY,
390 params), expected))
391 goto err;
392
393 ret = 1;
394 err:
395 OSSL_PARAM_free(params);
396 OSSL_PARAM_BLD_free(bld);
397 EVP_PKEY_CTX_free(ctx);
398 return ret;
399 }
400
eddsa_pub_verify_test(int id)401 static int eddsa_pub_verify_test(int id)
402 {
403 const struct ecdsa_pub_verify_st *tst = &eddsa_pv_data[id];
404 int ret = 0;
405 EVP_PKEY_CTX *key_ctx = NULL;
406 EVP_PKEY *pkey = NULL;
407
408 if (!TEST_true(eddsa_create_pkey(&pkey, tst->curve_name,
409 tst->pub, tst->pub_len, 1)))
410 goto err;
411
412 if (!TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, ""))
413 || !TEST_int_eq(EVP_PKEY_public_check(key_ctx), tst->pass))
414 goto err;
415 ret = 1;
416 err:
417 EVP_PKEY_free(pkey);
418 EVP_PKEY_CTX_free(key_ctx);
419 return ret;
420 }
421
eddsa_keygen_test(int id)422 static int eddsa_keygen_test(int id)
423 {
424 int ret = 0;
425 EVP_PKEY *pkey = NULL;
426 unsigned char *priv = NULL, *pub = NULL;
427 size_t priv_len = 0, pub_len = 0;
428 const struct ecdsa_pub_verify_st *tst = &eddsa_pv_data[id];
429
430 self_test_args.called = 0;
431 self_test_args.enable = 1;
432 if (!TEST_ptr(pkey = EVP_PKEY_Q_keygen(libctx, NULL, tst->curve_name))
433 || !TEST_int_ge(self_test_args.called, 3)
434 || !TEST_true(pkey_get_octet_bytes(pkey, OSSL_PKEY_PARAM_PRIV_KEY,
435 &priv, &priv_len))
436 || !TEST_true(pkey_get_octet_bytes(pkey, OSSL_PKEY_PARAM_PUB_KEY, &pub,
437 &pub_len)))
438 goto err;
439
440 test_output_memory("q", pub, pub_len);
441 test_output_memory("d", priv, priv_len);
442 ret = 1;
443 err:
444 self_test_args.enable = 0;
445 self_test_args.called = 0;
446 OPENSSL_clear_free(priv, priv_len);
447 OPENSSL_free(pub);
448 EVP_PKEY_free(pkey);
449 return ret;
450 }
451
452 #endif /* OPENSSL_NO_ECX */
453
454 #ifndef OPENSSL_NO_DSA
455
dsa_paramgen(int L,int N)456 static EVP_PKEY *dsa_paramgen(int L, int N)
457 {
458 EVP_PKEY_CTX *paramgen_ctx = NULL;
459 EVP_PKEY *param_key = NULL;
460
461 if (!TEST_ptr(paramgen_ctx = EVP_PKEY_CTX_new_from_name(libctx, "DSA", NULL))
462 || !TEST_int_gt(EVP_PKEY_paramgen_init(paramgen_ctx), 0)
463 || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_bits(paramgen_ctx, L))
464 || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_q_bits(paramgen_ctx, N))
465 || !TEST_true(EVP_PKEY_paramgen(paramgen_ctx, ¶m_key)))
466 TEST_info("dsa_paramgen failed");
467 EVP_PKEY_CTX_free(paramgen_ctx);
468 return param_key;
469 }
470
dsa_keygen(int L,int N)471 static EVP_PKEY *dsa_keygen(int L, int N)
472 {
473 EVP_PKEY *param_key = NULL, *key = NULL;
474 EVP_PKEY_CTX *keygen_ctx = NULL;
475
476 if (!TEST_ptr(param_key = dsa_paramgen(L, N))
477 || !TEST_ptr(keygen_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, param_key,
478 NULL))
479 || !TEST_int_gt(EVP_PKEY_keygen_init(keygen_ctx), 0)
480 || !TEST_int_gt(EVP_PKEY_keygen(keygen_ctx, &key), 0))
481 goto err;
482 err:
483 EVP_PKEY_free(param_key);
484 EVP_PKEY_CTX_free(keygen_ctx);
485 return key;
486 }
487
dsa_keygen_test(int id)488 static int dsa_keygen_test(int id)
489 {
490 int ret = 0, i;
491 EVP_PKEY_CTX *paramgen_ctx = NULL, *keygen_ctx = NULL;
492 EVP_PKEY *param_key = NULL, *key = NULL;
493 unsigned char *priv = NULL, *pub = NULL;
494 size_t priv_len = 0, pub_len = 0;
495 const struct dsa_paramgen_st *tst = &dsa_keygen_data[id];
496
497 if (!dsasign_allowed) {
498 TEST_info("DSA keygen test skipped: DSA signing is not allowed");
499 return 1;
500 }
501 if (!TEST_ptr(param_key = dsa_paramgen(tst->L, tst->N))
502 || !TEST_ptr(keygen_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, param_key,
503 NULL))
504 || !TEST_int_gt(EVP_PKEY_keygen_init(keygen_ctx), 0))
505 goto err;
506 for (i = 0; i < 2; ++i) {
507 if (!TEST_int_gt(EVP_PKEY_keygen(keygen_ctx, &key), 0)
508 || !TEST_true(pkey_get_bn_bytes(key, OSSL_PKEY_PARAM_PRIV_KEY,
509 &priv, &priv_len))
510 || !TEST_true(pkey_get_bn_bytes(key, OSSL_PKEY_PARAM_PUB_KEY,
511 &pub, &pub_len)))
512 goto err;
513 test_output_memory("y", pub, pub_len);
514 test_output_memory("x", priv, priv_len);
515 EVP_PKEY_free(key);
516 OPENSSL_clear_free(priv, priv_len);
517 OPENSSL_free(pub);
518 key = NULL;
519 pub = priv = NULL;
520 }
521 ret = 1;
522 err:
523 OPENSSL_clear_free(priv, priv_len);
524 OPENSSL_free(pub);
525 EVP_PKEY_free(param_key);
526 EVP_PKEY_free(key);
527 EVP_PKEY_CTX_free(keygen_ctx);
528 EVP_PKEY_CTX_free(paramgen_ctx);
529 return ret;
530 }
531
dsa_paramgen_test(int id)532 static int dsa_paramgen_test(int id)
533 {
534 int ret = 0, counter = 0;
535 EVP_PKEY_CTX *paramgen_ctx = NULL;
536 EVP_PKEY *param_key = NULL;
537 unsigned char *p = NULL, *q = NULL, *seed = NULL;
538 size_t plen = 0, qlen = 0, seedlen = 0;
539 const struct dsa_paramgen_st *tst = &dsa_paramgen_data[id];
540
541 if (!TEST_ptr(paramgen_ctx = EVP_PKEY_CTX_new_from_name(libctx, "DSA", NULL))
542 || !TEST_int_gt(EVP_PKEY_paramgen_init(paramgen_ctx), 0)
543 || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_bits(paramgen_ctx, tst->L))
544 || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_q_bits(paramgen_ctx,
545 tst->N)))
546 goto err;
547
548 if (!dsasign_allowed) {
549 if (!TEST_false(EVP_PKEY_paramgen(paramgen_ctx, ¶m_key)))
550 goto err;
551 } else {
552 if (!TEST_true(EVP_PKEY_paramgen(paramgen_ctx, ¶m_key))
553 || !TEST_true(pkey_get_bn_bytes(param_key, OSSL_PKEY_PARAM_FFC_P,
554 &p, &plen))
555 || !TEST_true(pkey_get_bn_bytes(param_key, OSSL_PKEY_PARAM_FFC_Q,
556 &q, &qlen))
557 || !TEST_true(pkey_get_octet_bytes(param_key,
558 OSSL_PKEY_PARAM_FFC_SEED,
559 &seed, &seedlen))
560 || !TEST_true(EVP_PKEY_get_int_param(param_key,
561 OSSL_PKEY_PARAM_FFC_PCOUNTER,
562 &counter)))
563 goto err;
564 test_output_memory("p", p, plen);
565 test_output_memory("q", q, qlen);
566 test_output_memory("domainSeed", seed, seedlen);
567 test_printf_stderr("%s: %d\n", "counter", counter);
568 }
569 ret = 1;
570 err:
571 OPENSSL_free(p);
572 OPENSSL_free(q);
573 OPENSSL_free(seed);
574 EVP_PKEY_free(param_key);
575 EVP_PKEY_CTX_free(paramgen_ctx);
576 return ret;
577 }
578
dsa_create_pkey(EVP_PKEY ** pkey,const unsigned char * p,size_t p_len,const unsigned char * q,size_t q_len,const unsigned char * g,size_t g_len,const unsigned char * seed,size_t seed_len,int counter,int validate_pq,int validate_g,const unsigned char * pub,size_t pub_len,BN_CTX * bn_ctx)579 static int dsa_create_pkey(EVP_PKEY **pkey,
580 const unsigned char *p, size_t p_len,
581 const unsigned char *q, size_t q_len,
582 const unsigned char *g, size_t g_len,
583 const unsigned char *seed, size_t seed_len,
584 int counter,
585 int validate_pq, int validate_g,
586 const unsigned char *pub, size_t pub_len,
587 BN_CTX *bn_ctx)
588 {
589 int ret = 0;
590 EVP_PKEY_CTX *ctx = NULL;
591 OSSL_PARAM_BLD *bld = NULL;
592 OSSL_PARAM *params = NULL;
593 BIGNUM *p_bn = NULL, *q_bn = NULL, *g_bn = NULL, *pub_bn = NULL;
594
595 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
596 || !TEST_ptr(p_bn = BN_CTX_get(bn_ctx))
597 || !TEST_ptr(BN_bin2bn(p, p_len, p_bn))
598 || !TEST_true(OSSL_PARAM_BLD_push_int(bld,
599 OSSL_PKEY_PARAM_FFC_VALIDATE_PQ,
600 validate_pq))
601 || !TEST_true(OSSL_PARAM_BLD_push_int(bld,
602 OSSL_PKEY_PARAM_FFC_VALIDATE_G,
603 validate_g))
604 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p_bn))
605 || !TEST_ptr(q_bn = BN_CTX_get(bn_ctx))
606 || !TEST_ptr(BN_bin2bn(q, q_len, q_bn))
607 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q_bn)))
608 goto err;
609
610 if (g != NULL) {
611 if (!TEST_ptr(g_bn = BN_CTX_get(bn_ctx))
612 || !TEST_ptr(BN_bin2bn(g, g_len, g_bn))
613 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld,
614 OSSL_PKEY_PARAM_FFC_G, g_bn)))
615 goto err;
616 }
617 if (seed != NULL) {
618 if (!TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
619 OSSL_PKEY_PARAM_FFC_SEED, seed, seed_len)))
620 goto err;
621 }
622 if (counter != -1) {
623 if (!TEST_true(OSSL_PARAM_BLD_push_int(bld,
624 OSSL_PKEY_PARAM_FFC_PCOUNTER,
625 counter)))
626 goto err;
627 }
628 if (pub != NULL) {
629 if (!TEST_ptr(pub_bn = BN_CTX_get(bn_ctx))
630 || !TEST_ptr(BN_bin2bn(pub, pub_len, pub_bn))
631 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld,
632 OSSL_PKEY_PARAM_PUB_KEY,
633 pub_bn)))
634 goto err;
635 }
636 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
637 || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "DSA", NULL))
638 || !TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1)
639 || !TEST_int_eq(EVP_PKEY_fromdata(ctx, pkey, EVP_PKEY_PUBLIC_KEY,
640 params), 1))
641 goto err;
642
643 ret = 1;
644 err:
645 OSSL_PARAM_free(params);
646 OSSL_PARAM_BLD_free(bld);
647 EVP_PKEY_CTX_free(ctx);
648 return ret;
649 }
650
dsa_pqver_test(int id)651 static int dsa_pqver_test(int id)
652 {
653 int ret = 0;
654 BN_CTX *bn_ctx = NULL;
655 EVP_PKEY_CTX *key_ctx = NULL;
656 EVP_PKEY *param_key = NULL;
657 const struct dsa_pqver_st *tst = &dsa_pqver_data[id];
658
659 if (!TEST_ptr(bn_ctx = BN_CTX_new_ex(libctx))
660 || !TEST_true(dsa_create_pkey(¶m_key, tst->p, tst->p_len,
661 tst->q, tst->q_len, NULL, 0,
662 tst->seed, tst->seed_len, tst->counter,
663 1, 0,
664 NULL, 0,
665 bn_ctx))
666 || !TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, param_key,
667 NULL))
668 || !TEST_int_eq(EVP_PKEY_param_check(key_ctx), tst->pass))
669 goto err;
670
671 ret = 1;
672 err:
673 BN_CTX_free(bn_ctx);
674 EVP_PKEY_free(param_key);
675 EVP_PKEY_CTX_free(key_ctx);
676 return ret;
677 }
678
679 /* Extract r and s from a dsa signature */
get_dsa_sig_rs_bytes(const unsigned char * sig,size_t sig_len,unsigned char ** r,unsigned char ** s,size_t * r_len,size_t * s_len)680 static int get_dsa_sig_rs_bytes(const unsigned char *sig, size_t sig_len,
681 unsigned char **r, unsigned char **s,
682 size_t *r_len, size_t *s_len)
683 {
684 int ret = 0;
685 unsigned char *rbuf = NULL, *sbuf = NULL;
686 size_t r1_len, s1_len;
687 const BIGNUM *r1, *s1;
688 DSA_SIG *sign = d2i_DSA_SIG(NULL, &sig, sig_len);
689
690 if (sign == NULL)
691 return 0;
692 DSA_SIG_get0(sign, &r1, &s1);
693 if (r1 == NULL || s1 == NULL)
694 goto err;
695
696 r1_len = BN_num_bytes(r1);
697 s1_len = BN_num_bytes(s1);
698 rbuf = OPENSSL_zalloc(r1_len);
699 sbuf = OPENSSL_zalloc(s1_len);
700 if (rbuf == NULL || sbuf == NULL)
701 goto err;
702 if (BN_bn2binpad(r1, rbuf, r1_len) <= 0)
703 goto err;
704 if (BN_bn2binpad(s1, sbuf, s1_len) <= 0)
705 goto err;
706 *r = rbuf;
707 *s = sbuf;
708 *r_len = r1_len;
709 *s_len = s1_len;
710 ret = 1;
711 err:
712 if (ret == 0) {
713 OPENSSL_free(rbuf);
714 OPENSSL_free(sbuf);
715 }
716 DSA_SIG_free(sign);
717 return ret;
718 }
719
dsa_siggen_test(int id)720 static int dsa_siggen_test(int id)
721 {
722 int ret = 0;
723 EVP_PKEY *pkey = NULL;
724 unsigned char *sig = NULL, *r = NULL, *s = NULL;
725 size_t sig_len = 0, rlen = 0, slen = 0;
726 const struct dsa_siggen_st *tst = &dsa_siggen_data[id];
727
728 if (!dsasign_allowed) {
729 if (!TEST_ptr_null(pkey = dsa_keygen(tst->L, tst->N)))
730 goto err;
731 } else {
732 if (!TEST_ptr(pkey = dsa_keygen(tst->L, tst->N)))
733 goto err;
734 if (!TEST_true(sig_gen(pkey, NULL, tst->digest_alg, tst->msg, tst->msg_len,
735 &sig, &sig_len))
736 || !TEST_true(get_dsa_sig_rs_bytes(sig, sig_len, &r, &s, &rlen, &slen)))
737 goto err;
738 test_output_memory("r", r, rlen);
739 test_output_memory("s", s, slen);
740 }
741 ret = 1;
742 err:
743 OPENSSL_free(r);
744 OPENSSL_free(s);
745 OPENSSL_free(sig);
746 EVP_PKEY_free(pkey);
747 return ret;
748 }
749
dsa_sigver_test(int id)750 static int dsa_sigver_test(int id)
751 {
752 int ret = 0;
753 EVP_PKEY_CTX *ctx = NULL;
754 EVP_PKEY *pkey = NULL;
755 DSA_SIG *sign = NULL;
756 size_t sig_len;
757 unsigned char *sig = NULL;
758 BIGNUM *rbn = NULL, *sbn = NULL;
759 EVP_MD *md = NULL;
760 unsigned char digest[EVP_MAX_MD_SIZE];
761 unsigned int digest_len;
762 BN_CTX *bn_ctx = NULL;
763 const struct dsa_sigver_st *tst = &dsa_sigver_data[id];
764
765 if (!TEST_ptr(bn_ctx = BN_CTX_new())
766 || !TEST_true(dsa_create_pkey(&pkey, tst->p, tst->p_len,
767 tst->q, tst->q_len, tst->g, tst->g_len,
768 NULL, 0, 0, 0, 0, tst->pub, tst->pub_len,
769 bn_ctx)))
770 goto err;
771
772 if (!TEST_ptr(sign = DSA_SIG_new())
773 || !TEST_ptr(rbn = BN_bin2bn(tst->r, tst->r_len, NULL))
774 || !TEST_ptr(sbn = BN_bin2bn(tst->s, tst->s_len, NULL))
775 || !TEST_true(DSA_SIG_set0(sign, rbn, sbn)))
776 goto err;
777 rbn = sbn = NULL;
778
779 if (!TEST_ptr(md = EVP_MD_fetch(libctx, tst->digest_alg, ""))
780 || !TEST_true(EVP_Digest(tst->msg, tst->msg_len,
781 digest, &digest_len, md, NULL)))
782 goto err;
783
784 if (!TEST_int_gt((sig_len = i2d_DSA_SIG(sign, &sig)), 0)
785 || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, ""))
786 || !TEST_int_gt(EVP_PKEY_verify_init(ctx), 0)
787 || !TEST_int_eq(EVP_PKEY_verify(ctx, sig, sig_len, digest, digest_len),
788 tst->pass))
789 goto err;
790 ret = 1;
791 err:
792 EVP_PKEY_CTX_free(ctx);
793 OPENSSL_free(sig);
794 EVP_MD_free(md);
795 DSA_SIG_free(sign);
796 EVP_PKEY_free(pkey);
797 BN_free(rbn);
798 BN_free(sbn);
799 BN_CTX_free(bn_ctx);
800 return ret;
801 }
802 #endif /* OPENSSL_NO_DSA */
803
804
805 /* cipher encrypt/decrypt */
cipher_enc(const char * alg,const unsigned char * pt,size_t pt_len,const unsigned char * key,size_t key_len,const unsigned char * iv,size_t iv_len,const unsigned char * ct,size_t ct_len,int enc)806 static int cipher_enc(const char *alg,
807 const unsigned char *pt, size_t pt_len,
808 const unsigned char *key, size_t key_len,
809 const unsigned char *iv, size_t iv_len,
810 const unsigned char *ct, size_t ct_len,
811 int enc)
812 {
813 int ret = 0, out_len = 0, len = 0;
814 EVP_CIPHER_CTX *ctx = NULL;
815 EVP_CIPHER *cipher = NULL;
816 unsigned char out[256] = { 0 };
817
818 TEST_note("%s : %s", alg, enc ? "encrypt" : "decrypt");
819 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
820 || !TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, alg, ""))
821 || !TEST_true(EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, enc))
822 || !TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))
823 || !TEST_true(EVP_CipherUpdate(ctx, out, &len, pt, pt_len))
824 || !TEST_true(EVP_CipherFinal_ex(ctx, out + len, &out_len)))
825 goto err;
826 out_len += len;
827 if (!TEST_mem_eq(out, out_len, ct, ct_len))
828 goto err;
829 ret = 1;
830 err:
831 EVP_CIPHER_free(cipher);
832 EVP_CIPHER_CTX_free(ctx);
833 return ret;
834 }
835
cipher_enc_dec_test(int id)836 static int cipher_enc_dec_test(int id)
837 {
838 const struct cipher_st *tst = &cipher_enc_data[id];
839 const int enc = 1;
840
841 return TEST_true(cipher_enc(tst->alg, tst->pt, tst->pt_len,
842 tst->key, tst->key_len,
843 tst->iv, tst->iv_len,
844 tst->ct, tst->ct_len, enc))
845 && TEST_true(cipher_enc(tst->alg, tst->ct, tst->ct_len,
846 tst->key, tst->key_len,
847 tst->iv, tst->iv_len,
848 tst->pt, tst->pt_len, !enc));
849 }
850
aes_ccm_enc_dec(const char * alg,const unsigned char * pt,size_t pt_len,const unsigned char * key,size_t key_len,const unsigned char * iv,size_t iv_len,const unsigned char * aad,size_t aad_len,const unsigned char * ct,size_t ct_len,const unsigned char * tag,size_t tag_len,int enc,int pass)851 static int aes_ccm_enc_dec(const char *alg,
852 const unsigned char *pt, size_t pt_len,
853 const unsigned char *key, size_t key_len,
854 const unsigned char *iv, size_t iv_len,
855 const unsigned char *aad, size_t aad_len,
856 const unsigned char *ct, size_t ct_len,
857 const unsigned char *tag, size_t tag_len,
858 int enc, int pass)
859 {
860 int ret = 0;
861 EVP_CIPHER_CTX *ctx;
862 EVP_CIPHER *cipher = NULL;
863 int out_len, len;
864 unsigned char out[1024];
865
866 TEST_note("%s : %s : expected to %s", alg, enc ? "encrypt" : "decrypt",
867 pass ? "pass" : "fail");
868
869 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
870 || !TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, alg, ""))
871 || !TEST_true(EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc))
872 || !TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, iv_len,
873 NULL), 0)
874 || !TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, tag_len,
875 enc ? NULL : (void *)tag), 0)
876 || !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, enc))
877 || !TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))
878 || !TEST_true(EVP_CipherUpdate(ctx, NULL, &len, NULL, pt_len))
879 || !TEST_true(EVP_CipherUpdate(ctx, NULL, &len, aad, aad_len))
880 || !TEST_int_eq(EVP_CipherUpdate(ctx, out, &len, pt, pt_len), pass))
881 goto err;
882
883 if (!pass) {
884 ret = 1;
885 goto err;
886 }
887 if (!TEST_true(EVP_CipherFinal_ex(ctx, out + len, &out_len)))
888 goto err;
889 if (enc) {
890 out_len += len;
891 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG,
892 tag_len, out + out_len), 0)
893 || !TEST_mem_eq(out, out_len, ct, ct_len)
894 || !TEST_mem_eq(out + out_len, tag_len, tag, tag_len))
895 goto err;
896 } else {
897 if (!TEST_mem_eq(out, out_len + len, ct, ct_len))
898 goto err;
899 }
900
901 ret = 1;
902 err:
903 EVP_CIPHER_free(cipher);
904 EVP_CIPHER_CTX_free(ctx);
905 return ret;
906 }
907
aes_ccm_enc_dec_test(int id)908 static int aes_ccm_enc_dec_test(int id)
909 {
910 const struct cipher_ccm_st *tst = &aes_ccm_enc_data[id];
911
912 /* The tag is on the end of the cipher text */
913 const size_t tag_len = tst->ct_len - tst->pt_len;
914 const size_t ct_len = tst->ct_len - tag_len;
915 const unsigned char *tag = tst->ct + ct_len;
916 const int enc = 1;
917 const int pass = 1;
918
919 if (ct_len < 1)
920 return 0;
921
922 return aes_ccm_enc_dec(tst->alg, tst->pt, tst->pt_len,
923 tst->key, tst->key_len,
924 tst->iv, tst->iv_len, tst->aad, tst->aad_len,
925 tst->ct, ct_len, tag, tag_len, enc, pass)
926 && aes_ccm_enc_dec(tst->alg, tst->ct, ct_len,
927 tst->key, tst->key_len,
928 tst->iv, tst->iv_len, tst->aad, tst->aad_len,
929 tst->pt, tst->pt_len, tag, tag_len, !enc, pass)
930 /* test that it fails if the tag is incorrect */
931 && aes_ccm_enc_dec(tst->alg, tst->ct, ct_len,
932 tst->key, tst->key_len,
933 tst->iv, tst->iv_len, tst->aad, tst->aad_len,
934 tst->pt, tst->pt_len,
935 tag - 1, tag_len, !enc, !pass);
936 }
937
aes_gcm_enc_dec(const char * alg,const unsigned char * pt,size_t pt_len,const unsigned char * key,size_t key_len,const unsigned char * iv,size_t iv_len,const unsigned char * aad,size_t aad_len,const unsigned char * ct,size_t ct_len,const unsigned char * tag,size_t tag_len,int enc,int pass,unsigned char * out,int * out_len,unsigned char * outiv)938 static int aes_gcm_enc_dec(const char *alg,
939 const unsigned char *pt, size_t pt_len,
940 const unsigned char *key, size_t key_len,
941 const unsigned char *iv, size_t iv_len,
942 const unsigned char *aad, size_t aad_len,
943 const unsigned char *ct, size_t ct_len,
944 const unsigned char *tag, size_t tag_len,
945 int enc, int pass,
946 unsigned char *out, int *out_len,
947 unsigned char *outiv)
948 {
949 int ret = 0;
950 EVP_CIPHER_CTX *ctx;
951 EVP_CIPHER *cipher = NULL;
952 int olen, len;
953
954 TEST_note("%s : %s : expected to %s", alg, enc ? "encrypt" : "decrypt",
955 pass ? "pass" : "fail");
956
957 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
958 || !TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, alg, ""))
959 || !TEST_true(EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc))
960 || !TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, iv_len,
961 NULL), 0))
962 goto err;
963
964 if (!enc) {
965 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, tag_len,
966 (void *)tag), 0))
967 goto err;
968 }
969 /*
970 * For testing purposes the IV may be passed in here. In a compliant
971 * application the IV would be generated internally. A fake entropy source
972 * could also be used to feed in the random IV bytes (see fake_random.c)
973 */
974 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, enc))
975 || !TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))
976 || !TEST_true(EVP_CipherUpdate(ctx, NULL, &len, aad, aad_len))
977 || !TEST_true(EVP_CipherUpdate(ctx, out, &len, pt, pt_len)))
978 goto err;
979
980 if (!TEST_int_eq(EVP_CipherFinal_ex(ctx, out + len, &olen), pass))
981 goto err;
982 if (!pass) {
983 ret = 1;
984 goto err;
985 }
986 olen += len;
987 if (enc) {
988 if ((ct != NULL && !TEST_mem_eq(out, olen, ct, ct_len))
989 || !TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG,
990 tag_len, out + olen), 0)
991 || (tag != NULL
992 && !TEST_mem_eq(out + olen, tag_len, tag, tag_len)))
993 goto err;
994 } else {
995 if (ct != NULL && !TEST_mem_eq(out, olen, ct, ct_len))
996 goto err;
997 }
998
999 {
1000 OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END, OSSL_PARAM_END };
1001 OSSL_PARAM *p = params;
1002 unsigned int iv_generated = -1;
1003 const OSSL_PARAM *gettables = EVP_CIPHER_CTX_gettable_params(ctx);
1004 const char *ivgenkey = OSSL_CIPHER_PARAM_AEAD_IV_GENERATED;
1005 int ivgen = (OSSL_PARAM_locate_const(gettables, ivgenkey) != NULL);
1006
1007 if (ivgen != 0)
1008 *p++ = OSSL_PARAM_construct_uint(ivgenkey, &iv_generated);
1009 if (outiv != NULL)
1010 *p = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_IV,
1011 outiv, iv_len);
1012 if (!TEST_true(EVP_CIPHER_CTX_get_params(ctx, params)))
1013 goto err;
1014 if (ivgen != 0
1015 && !TEST_uint_eq(iv_generated, (enc == 0 || iv != NULL ? 0 : 1)))
1016 goto err;
1017 }
1018 if (out_len != NULL)
1019 *out_len = olen;
1020
1021 ret = 1;
1022 err:
1023 EVP_CIPHER_free(cipher);
1024 EVP_CIPHER_CTX_free(ctx);
1025 return ret;
1026 }
1027
aes_gcm_enc_dec_test(int id)1028 static int aes_gcm_enc_dec_test(int id)
1029 {
1030 const struct cipher_gcm_st *tst = &aes_gcm_enc_data[id];
1031 int enc = 1;
1032 int pass = 1;
1033 unsigned char out[1024];
1034
1035 return aes_gcm_enc_dec(tst->alg, tst->pt, tst->pt_len,
1036 tst->key, tst->key_len,
1037 tst->iv, tst->iv_len, tst->aad, tst->aad_len,
1038 tst->ct, tst->ct_len, tst->tag, tst->tag_len,
1039 enc, pass, out, NULL, NULL)
1040 && aes_gcm_enc_dec(tst->alg, tst->ct, tst->ct_len,
1041 tst->key, tst->key_len,
1042 tst->iv, tst->iv_len, tst->aad, tst->aad_len,
1043 tst->pt, tst->pt_len, tst->tag, tst->tag_len,
1044 !enc, pass, out, NULL, NULL)
1045 /* Fail if incorrect tag passed to decrypt */
1046 && aes_gcm_enc_dec(tst->alg, tst->ct, tst->ct_len,
1047 tst->key, tst->key_len,
1048 tst->iv, tst->iv_len, tst->aad, tst->aad_len,
1049 tst->pt, tst->pt_len, tst->aad, tst->tag_len,
1050 !enc, !pass, out, NULL, NULL);
1051 }
1052
aes_gcm_gen_iv_internal_test(void)1053 static int aes_gcm_gen_iv_internal_test(void)
1054 {
1055 const struct cipher_gcm_st *tst = &aes_gcm_enc_data[0];
1056 int enc = 1;
1057 int pass = 1;
1058 int out_len = 0;
1059 unsigned char out[1024];
1060 unsigned char iv[16];
1061
1062 return aes_gcm_enc_dec(tst->alg, tst->pt, tst->pt_len,
1063 tst->key, tst->key_len,
1064 NULL, tst->iv_len, tst->aad, tst->aad_len,
1065 NULL, tst->ct_len, NULL, tst->tag_len,
1066 enc, pass, out, &out_len, iv)
1067 && aes_gcm_enc_dec(tst->alg, out, out_len,
1068 tst->key, tst->key_len,
1069 iv, tst->iv_len, tst->aad, tst->aad_len,
1070 tst->pt, tst->pt_len, out + out_len, tst->tag_len,
1071 !enc, pass, out, NULL, NULL);
1072 }
1073
1074 #ifndef OPENSSL_NO_DH
dh_create_pkey(EVP_PKEY ** pkey,const char * group_name,const unsigned char * pub,size_t pub_len,const unsigned char * priv,size_t priv_len,BN_CTX * bn_ctx,int pass)1075 static int dh_create_pkey(EVP_PKEY **pkey, const char *group_name,
1076 const unsigned char *pub, size_t pub_len,
1077 const unsigned char *priv, size_t priv_len,
1078 BN_CTX *bn_ctx, int pass)
1079 {
1080 int ret = 0;
1081 EVP_PKEY_CTX *ctx = NULL;
1082 OSSL_PARAM_BLD *bld = NULL;
1083 OSSL_PARAM *params = NULL;
1084 BIGNUM *pub_bn = NULL, *priv_bn = NULL;
1085
1086 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
1087 || (group_name != NULL
1088 && !TEST_int_gt(OSSL_PARAM_BLD_push_utf8_string(
1089 bld, OSSL_PKEY_PARAM_GROUP_NAME,
1090 group_name, 0), 0)))
1091 goto err;
1092
1093 if (pub != NULL) {
1094 if (!TEST_ptr(pub_bn = BN_CTX_get(bn_ctx))
1095 || !TEST_ptr(BN_bin2bn(pub, pub_len, pub_bn))
1096 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
1097 pub_bn)))
1098 goto err;
1099 }
1100 if (priv != NULL) {
1101 if (!TEST_ptr(priv_bn = BN_CTX_get(bn_ctx))
1102 || !TEST_ptr(BN_bin2bn(priv, priv_len, priv_bn))
1103 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
1104 priv_bn)))
1105 goto err;
1106 }
1107
1108 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
1109 || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "DH", NULL))
1110 || !TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1)
1111 || !TEST_int_eq(EVP_PKEY_fromdata(ctx, pkey, EVP_PKEY_KEYPAIR, params),
1112 pass))
1113 goto err;
1114
1115 ret = 1;
1116 err:
1117 OSSL_PARAM_free(params);
1118 OSSL_PARAM_BLD_free(bld);
1119 EVP_PKEY_CTX_free(ctx);
1120 return ret;
1121 }
1122
dh_safe_prime_keygen_test(int id)1123 static int dh_safe_prime_keygen_test(int id)
1124 {
1125 int ret = 0;
1126 EVP_PKEY_CTX *ctx = NULL;
1127 EVP_PKEY *pkey = NULL;
1128 unsigned char *priv = NULL;
1129 unsigned char *pub = NULL;
1130 size_t priv_len = 0, pub_len = 0;
1131 OSSL_PARAM params[2];
1132 const struct dh_safe_prime_keygen_st *tst = &dh_safe_prime_keygen_data[id];
1133
1134 params[0] = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME,
1135 (char *)tst->group_name, 0);
1136 params[1] = OSSL_PARAM_construct_end();
1137
1138 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "DH", NULL))
1139 || !TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
1140 || !TEST_true(EVP_PKEY_CTX_set_params(ctx, params))
1141 || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0)
1142 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_PRIV_KEY,
1143 &priv, &priv_len))
1144 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_PUB_KEY,
1145 &pub, &pub_len)))
1146 goto err;
1147
1148 test_output_memory("x", priv, priv_len);
1149 test_output_memory("y", pub, pub_len);
1150 ret = 1;
1151 err:
1152 OPENSSL_clear_free(priv, priv_len);
1153 OPENSSL_free(pub);
1154 EVP_PKEY_free(pkey);
1155 EVP_PKEY_CTX_free(ctx);
1156 return ret;
1157 }
1158
dh_safe_prime_keyver_test(int id)1159 static int dh_safe_prime_keyver_test(int id)
1160 {
1161 int ret = 0;
1162 BN_CTX *bn_ctx = NULL;
1163 EVP_PKEY_CTX *key_ctx = NULL;
1164 EVP_PKEY *pkey = NULL;
1165 const struct dh_safe_prime_keyver_st *tst = &dh_safe_prime_keyver_data[id];
1166
1167 if (!TEST_ptr(bn_ctx = BN_CTX_new_ex(libctx))
1168 || !TEST_true(dh_create_pkey(&pkey, tst->group_name,
1169 tst->pub, tst->pub_len,
1170 tst->priv, tst->priv_len, bn_ctx, 1))
1171 || !TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, ""))
1172 || !TEST_int_eq(EVP_PKEY_check(key_ctx), tst->pass))
1173 goto err;
1174
1175 ret = 1;
1176 err:
1177 EVP_PKEY_free(pkey);
1178 EVP_PKEY_CTX_free(key_ctx);
1179 BN_CTX_free(bn_ctx);
1180 return ret;
1181 }
1182 #endif /* OPENSSL_NO_DH */
1183
1184
rsa_create_pkey(EVP_PKEY ** pkey,const unsigned char * n,size_t n_len,const unsigned char * e,size_t e_len,const unsigned char * d,size_t d_len,BN_CTX * bn_ctx)1185 static int rsa_create_pkey(EVP_PKEY **pkey,
1186 const unsigned char *n, size_t n_len,
1187 const unsigned char *e, size_t e_len,
1188 const unsigned char *d, size_t d_len,
1189 BN_CTX *bn_ctx)
1190 {
1191 int ret = 0;
1192 EVP_PKEY_CTX *ctx = NULL;
1193 OSSL_PARAM_BLD *bld = NULL;
1194 OSSL_PARAM *params = NULL;
1195 BIGNUM *e_bn = NULL, *d_bn = NULL, *n_bn = NULL;
1196
1197 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
1198 || !TEST_ptr(n_bn = BN_CTX_get(bn_ctx))
1199 || !TEST_ptr(BN_bin2bn(n, n_len, n_bn))
1200 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_N, n_bn)))
1201 goto err;
1202
1203 if (e != NULL) {
1204 if (!TEST_ptr(e_bn = BN_CTX_get(bn_ctx))
1205 || !TEST_ptr(BN_bin2bn(e, e_len, e_bn))
1206 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_E,
1207 e_bn)))
1208 goto err;
1209 }
1210 if (d != NULL) {
1211 if (!TEST_ptr(d_bn = BN_CTX_get(bn_ctx))
1212 || !TEST_ptr(BN_bin2bn(d, d_len, d_bn))
1213 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_D,
1214 d_bn)))
1215 goto err;
1216 }
1217 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
1218 || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "RSA", NULL))
1219 || !TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1)
1220 || !TEST_int_eq(EVP_PKEY_fromdata(ctx, pkey, EVP_PKEY_KEYPAIR, params),
1221 1))
1222 goto err;
1223
1224 ret = 1;
1225 err:
1226 OSSL_PARAM_free(params);
1227 OSSL_PARAM_BLD_free(bld);
1228 EVP_PKEY_CTX_free(ctx);
1229 return ret;
1230 }
1231
rsa_keygen_test(int id)1232 static int rsa_keygen_test(int id)
1233 {
1234 int ret = 0;
1235 EVP_PKEY_CTX *ctx = NULL;
1236 EVP_PKEY *pkey = NULL;
1237 BIGNUM *e_bn = NULL;
1238 BIGNUM *xp1_bn = NULL, *xp2_bn = NULL, *xp_bn = NULL;
1239 BIGNUM *xq1_bn = NULL, *xq2_bn = NULL, *xq_bn = NULL;
1240 unsigned char *n = NULL, *d = NULL;
1241 unsigned char *p = NULL, *p1 = NULL, *p2 = NULL;
1242 unsigned char *q = NULL, *q1 = NULL, *q2 = NULL;
1243 size_t n_len = 0, d_len = 0;
1244 size_t p_len = 0, p1_len = 0, p2_len = 0;
1245 size_t q_len = 0, q1_len = 0, q2_len = 0;
1246 OSSL_PARAM_BLD *bld = NULL;
1247 OSSL_PARAM *params = NULL;
1248 const struct rsa_keygen_st *tst = &rsa_keygen_data[id];
1249
1250 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
1251 || !TEST_ptr(xp1_bn = BN_bin2bn(tst->xp1, tst->xp1_len, NULL))
1252 || !TEST_ptr(xp2_bn = BN_bin2bn(tst->xp2, tst->xp2_len, NULL))
1253 || !TEST_ptr(xp_bn = BN_bin2bn(tst->xp, tst->xp_len, NULL))
1254 || !TEST_ptr(xq1_bn = BN_bin2bn(tst->xq1, tst->xq1_len, NULL))
1255 || !TEST_ptr(xq2_bn = BN_bin2bn(tst->xq2, tst->xq2_len, NULL))
1256 || !TEST_ptr(xq_bn = BN_bin2bn(tst->xq, tst->xq_len, NULL))
1257 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_TEST_XP1,
1258 xp1_bn))
1259 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_TEST_XP2,
1260 xp2_bn))
1261 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_TEST_XP,
1262 xp_bn))
1263 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_TEST_XQ1,
1264 xq1_bn))
1265 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_TEST_XQ2,
1266 xq2_bn))
1267 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_TEST_XQ,
1268 xq_bn))
1269 || !TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
1270 goto err;
1271
1272 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "RSA", NULL))
1273 || !TEST_ptr(e_bn = BN_bin2bn(tst->e, tst->e_len, NULL))
1274 || !TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
1275 || !TEST_int_gt(EVP_PKEY_CTX_set_params(ctx, params), 0)
1276 || !TEST_int_gt(EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, tst->mod), 0)
1277 || !TEST_int_gt(EVP_PKEY_CTX_set1_rsa_keygen_pubexp(ctx, e_bn), 0)
1278 || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0)
1279 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_TEST_P1,
1280 &p1, &p1_len))
1281 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_TEST_P2,
1282 &p2, &p2_len))
1283 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_TEST_Q1,
1284 &q1, &q1_len))
1285 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_TEST_Q2,
1286 &q2, &q2_len))
1287 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_FACTOR1,
1288 &p, &p_len))
1289 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_FACTOR2,
1290 &q, &q_len))
1291 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_N,
1292 &n, &n_len))
1293 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_D,
1294 &d, &d_len)))
1295 goto err;
1296
1297 if (!TEST_mem_eq(tst->p1, tst->p1_len, p1, p1_len)
1298 || !TEST_mem_eq(tst->p2, tst->p2_len, p2, p2_len)
1299 || !TEST_mem_eq(tst->p, tst->p_len, p, p_len)
1300 || !TEST_mem_eq(tst->q1, tst->q1_len, q1, q1_len)
1301 || !TEST_mem_eq(tst->q2, tst->q2_len, q2, q2_len)
1302 || !TEST_mem_eq(tst->q, tst->q_len, q, q_len)
1303 || !TEST_mem_eq(tst->n, tst->n_len, n, n_len)
1304 || !TEST_mem_eq(tst->d, tst->d_len, d, d_len))
1305 goto err;
1306
1307 test_output_memory("p1", p1, p1_len);
1308 test_output_memory("p2", p2, p2_len);
1309 test_output_memory("p", p, p_len);
1310 test_output_memory("q1", q1, q1_len);
1311 test_output_memory("q2", q2, q2_len);
1312 test_output_memory("q", q, q_len);
1313 test_output_memory("n", n, n_len);
1314 test_output_memory("d", d, d_len);
1315 ret = 1;
1316 err:
1317 BN_free(xp1_bn);
1318 BN_free(xp2_bn);
1319 BN_free(xp_bn);
1320 BN_free(xq1_bn);
1321 BN_free(xq2_bn);
1322 BN_free(xq_bn);
1323 BN_free(e_bn);
1324 OPENSSL_free(p1);
1325 OPENSSL_free(p2);
1326 OPENSSL_free(q1);
1327 OPENSSL_free(q2);
1328 OPENSSL_free(p);
1329 OPENSSL_free(q);
1330 OPENSSL_free(n);
1331 OPENSSL_free(d);
1332 EVP_PKEY_free(pkey);
1333 EVP_PKEY_CTX_free(ctx);
1334 OSSL_PARAM_free(params);
1335 OSSL_PARAM_BLD_free(bld);
1336 return ret;
1337 }
1338
rsa_siggen_test(int id)1339 static int rsa_siggen_test(int id)
1340 {
1341 int ret = 0;
1342 EVP_PKEY *pkey = NULL;
1343 unsigned char *sig = NULL, *n = NULL, *e = NULL;
1344 size_t sig_len = 0, n_len = 0, e_len = 0;
1345 OSSL_PARAM params[4], *p;
1346 const struct rsa_siggen_st *tst = &rsa_siggen_data[id];
1347 int salt_len = tst->pss_salt_len;
1348
1349 if (!rsa_sign_x931_pad_allowed
1350 && (strcmp(tst->sig_pad_mode, OSSL_PKEY_RSA_PAD_MODE_X931) == 0)) {
1351 TEST_info("RSA x931 signature generation skipped: x931 signing is not allowed");
1352 return 1;
1353 }
1354
1355 TEST_note("RSA %s signature generation", tst->sig_pad_mode);
1356
1357 p = params;
1358 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_PAD_MODE,
1359 (char *)tst->sig_pad_mode, 0);
1360 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
1361 (char *)tst->digest_alg, 0);
1362 if (salt_len >= 0)
1363 *p++ = OSSL_PARAM_construct_int(OSSL_SIGNATURE_PARAM_PSS_SALTLEN,
1364 &salt_len);
1365 *p++ = OSSL_PARAM_construct_end();
1366
1367 if (!TEST_ptr(pkey = EVP_PKEY_Q_keygen(libctx, NULL, "RSA", tst->mod))
1368 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_N, &n, &n_len))
1369 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_E, &e, &e_len))
1370 || !TEST_true(sig_gen(pkey, params, tst->digest_alg,
1371 tst->msg, tst->msg_len,
1372 &sig, &sig_len)))
1373 goto err;
1374 test_output_memory("n", n, n_len);
1375 test_output_memory("e", e, e_len);
1376 test_output_memory("sig", sig, sig_len);
1377 ret = 1;
1378 err:
1379 OPENSSL_free(n);
1380 OPENSSL_free(e);
1381 OPENSSL_free(sig);
1382 EVP_PKEY_free(pkey);
1383 return ret;
1384 }
1385
rsa_sigver_test(int id)1386 static int rsa_sigver_test(int id)
1387 {
1388 int ret = 0;
1389 EVP_PKEY_CTX *pkey_ctx = NULL;
1390 EVP_PKEY *pkey = NULL;
1391 EVP_MD_CTX *md_ctx = NULL;
1392 BN_CTX *bn_ctx = NULL;
1393 OSSL_PARAM params[4], *p;
1394 const struct rsa_sigver_st *tst = &rsa_sigver_data[id];
1395 int salt_len = tst->pss_salt_len;
1396
1397 TEST_note("RSA %s Signature Verify : expected to %s ", tst->sig_pad_mode,
1398 tst->pass == PASS ? "pass" : "fail");
1399
1400 p = params;
1401 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_PAD_MODE,
1402 (char *)tst->sig_pad_mode, 0);
1403 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
1404 (char *)tst->digest_alg, 0);
1405 if (salt_len >= 0)
1406 *p++ = OSSL_PARAM_construct_int(OSSL_SIGNATURE_PARAM_PSS_SALTLEN,
1407 &salt_len);
1408 *p = OSSL_PARAM_construct_end();
1409
1410 if (!TEST_ptr(bn_ctx = BN_CTX_new())
1411 || !TEST_true(rsa_create_pkey(&pkey, tst->n, tst->n_len,
1412 tst->e, tst->e_len, NULL, 0, bn_ctx))
1413 || !TEST_ptr(md_ctx = EVP_MD_CTX_new())
1414 || !TEST_true(EVP_DigestVerifyInit_ex(md_ctx, &pkey_ctx,
1415 tst->digest_alg, libctx, NULL,
1416 pkey, NULL))
1417 || !check_verify_message(pkey_ctx, 1)
1418 || !TEST_true(EVP_PKEY_CTX_set_params(pkey_ctx, params))
1419 || !TEST_int_eq(EVP_DigestVerify(md_ctx, tst->sig, tst->sig_len,
1420 tst->msg, tst->msg_len), tst->pass)
1421 || !check_verify_message(pkey_ctx, 1)
1422 || !TEST_true(EVP_PKEY_verify_init(pkey_ctx))
1423 || !check_verify_message(pkey_ctx, 0))
1424 goto err;
1425
1426 ret = 1;
1427 err:
1428 EVP_PKEY_free(pkey);
1429 BN_CTX_free(bn_ctx);
1430 EVP_MD_CTX_free(md_ctx);
1431 return ret;
1432 }
1433
rsa_decryption_primitive_test(int id)1434 static int rsa_decryption_primitive_test(int id)
1435 {
1436 int ret = 0;
1437 EVP_PKEY_CTX *ctx = NULL;
1438 EVP_PKEY *pkey = NULL;
1439 unsigned char pt[2048];
1440 size_t pt_len = sizeof(pt);
1441 unsigned char *n = NULL, *e = NULL;
1442 size_t n_len = 0, e_len = 0;
1443 BN_CTX *bn_ctx = NULL;
1444 const struct rsa_decrypt_prim_st *tst = &rsa_decrypt_prim_data[id];
1445
1446 if (!TEST_ptr(pkey = EVP_PKEY_Q_keygen(libctx, NULL, "RSA", 2048))
1447 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_N, &n, &n_len))
1448 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_E, &e, &e_len))
1449 || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, ""))
1450 || !TEST_int_gt(EVP_PKEY_decrypt_init(ctx), 0)
1451 || !TEST_int_gt(EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_NO_PADDING), 0))
1452 goto err;
1453
1454 test_output_memory("n", n, n_len);
1455 test_output_memory("e", e, e_len);
1456 if (EVP_PKEY_decrypt(ctx, pt, &pt_len, tst->ct, tst->ct_len) <= 0)
1457 TEST_note("Decryption Failed");
1458 else
1459 test_output_memory("pt", pt, pt_len);
1460 ret = 1;
1461 err:
1462 OPENSSL_free(n);
1463 OPENSSL_free(e);
1464 EVP_PKEY_CTX_free(ctx);
1465 EVP_PKEY_free(pkey);
1466 BN_CTX_free(bn_ctx);
1467 return ret;
1468 }
1469
self_test_events(const OSSL_PARAM params[],void * varg)1470 static int self_test_events(const OSSL_PARAM params[], void *varg)
1471 {
1472 SELF_TEST_ARGS *args = varg;
1473 const OSSL_PARAM *p = NULL;
1474 const char *phase = NULL, *type = NULL, *desc = NULL;
1475 int ret = 0;
1476
1477 if (!args->enable)
1478 return 1;
1479
1480 args->called++;
1481 p = OSSL_PARAM_locate_const(params, OSSL_PROV_PARAM_SELF_TEST_PHASE);
1482 if (p == NULL || p->data_type != OSSL_PARAM_UTF8_STRING)
1483 goto err;
1484 phase = (const char *)p->data;
1485
1486 p = OSSL_PARAM_locate_const(params, OSSL_PROV_PARAM_SELF_TEST_DESC);
1487 if (p == NULL || p->data_type != OSSL_PARAM_UTF8_STRING)
1488 goto err;
1489 desc = (const char *)p->data;
1490
1491 p = OSSL_PARAM_locate_const(params, OSSL_PROV_PARAM_SELF_TEST_TYPE);
1492 if (p == NULL || p->data_type != OSSL_PARAM_UTF8_STRING)
1493 goto err;
1494 type = (const char *)p->data;
1495
1496 BIO_printf(bio_out, "%s %s %s\n", phase, desc, type);
1497 ret = 1;
1498 err:
1499 return ret;
1500 }
1501
drbg_test(int id)1502 static int drbg_test(int id)
1503 {
1504 OSSL_PARAM params[3];
1505 EVP_RAND *rand = NULL;
1506 EVP_RAND_CTX *ctx = NULL, *parent = NULL;
1507 unsigned char returned_bits[64];
1508 const size_t returned_bits_len = sizeof(returned_bits);
1509 unsigned int strength = 256;
1510 const struct drbg_st *tst = &drbg_data[id];
1511 int res = 0;
1512
1513 /* Create the seed source */
1514 if (!TEST_ptr(rand = EVP_RAND_fetch(libctx, "TEST-RAND", "-fips"))
1515 || !TEST_ptr(parent = EVP_RAND_CTX_new(rand, NULL)))
1516 goto err;
1517 EVP_RAND_free(rand);
1518 rand = NULL;
1519
1520 params[0] = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_STRENGTH, &strength);
1521 params[1] = OSSL_PARAM_construct_end();
1522 if (!TEST_true(EVP_RAND_CTX_set_params(parent, params)))
1523 goto err;
1524
1525 /* Get the DRBG */
1526 if (!TEST_ptr(rand = EVP_RAND_fetch(libctx, tst->drbg_name, ""))
1527 || !TEST_ptr(ctx = EVP_RAND_CTX_new(rand, parent)))
1528 goto err;
1529
1530 /* Set the DRBG up */
1531 params[0] = OSSL_PARAM_construct_int(OSSL_DRBG_PARAM_USE_DF,
1532 (int *)&tst->use_df);
1533 params[1] = OSSL_PARAM_construct_utf8_string(OSSL_DRBG_PARAM_CIPHER,
1534 (char *)tst->cipher, 0);
1535 params[2] = OSSL_PARAM_construct_end();
1536 if (!TEST_true(EVP_RAND_CTX_set_params(ctx, params)))
1537 goto err;
1538
1539 /* Feed in the entropy and nonce */
1540 params[0] = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY,
1541 (void *)tst->entropy_input,
1542 tst->entropy_input_len);
1543 params[1] = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_NONCE,
1544 (void *)tst->nonce,
1545 tst->nonce_len);
1546 params[2] = OSSL_PARAM_construct_end();
1547 if (!TEST_true(EVP_RAND_CTX_set_params(parent, params)))
1548 goto err;
1549
1550 /*
1551 * Run the test
1552 * A NULL personalisation string defaults to the built in so something
1553 * non-NULL is needed if there is no personalisation string
1554 */
1555 if (!TEST_true(EVP_RAND_instantiate(ctx, 0, 0, (void *)"", 0, NULL))
1556 || !TEST_true(EVP_RAND_generate(ctx, returned_bits, returned_bits_len,
1557 0, 0, NULL, 0))
1558 || !TEST_true(EVP_RAND_generate(ctx, returned_bits, returned_bits_len,
1559 0, 0, NULL, 0)))
1560 goto err;
1561
1562 test_output_memory("returned bits", returned_bits, returned_bits_len);
1563
1564 /* Clean up */
1565 if (!TEST_true(EVP_RAND_uninstantiate(ctx))
1566 || !TEST_true(EVP_RAND_uninstantiate(parent)))
1567 goto err;
1568
1569 /* Verify the output */
1570 if (!TEST_mem_eq(returned_bits, returned_bits_len,
1571 tst->returned_bits, tst->returned_bits_len))
1572 goto err;
1573 res = 1;
1574 err:
1575 EVP_RAND_CTX_free(ctx);
1576 /* Coverity is confused by the upref/free in EVP_RAND_CTX_new() subdue it */
1577 /* coverity[pass_freed_arg] */
1578 EVP_RAND_CTX_free(parent);
1579 EVP_RAND_free(rand);
1580 return res;
1581 }
1582
aes_cfb1_bits_test(void)1583 static int aes_cfb1_bits_test(void)
1584 {
1585 int ret = 0;
1586 EVP_CIPHER *cipher = NULL;
1587 EVP_CIPHER_CTX *ctx = NULL;
1588 unsigned char out[16] = { 0 };
1589 int outlen;
1590 const OSSL_PARAM *params, *p;
1591
1592 static const unsigned char key[] = {
1593 0x12, 0x22, 0x58, 0x2F, 0x1C, 0x1A, 0x8A, 0x88,
1594 0x30, 0xFC, 0x18, 0xB7, 0x24, 0x89, 0x7F, 0xC0
1595 };
1596 static const unsigned char iv[] = {
1597 0x05, 0x28, 0xB5, 0x2B, 0x58, 0x27, 0x63, 0x5C,
1598 0x81, 0x86, 0xD3, 0x63, 0x60, 0xB0, 0xAA, 0x2B
1599 };
1600 static const unsigned char pt[] = {
1601 0xB4
1602 };
1603 static const unsigned char expected[] = {
1604 0x6C
1605 };
1606
1607 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, "AES-128-CFB1", "fips=yes")))
1608 goto err;
1609 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()))
1610 goto err;
1611 if (!TEST_int_gt(EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, 1), 0))
1612 goto err;
1613 if (!TEST_ptr(params = EVP_CIPHER_CTX_settable_params(ctx))
1614 || !TEST_ptr(p = OSSL_PARAM_locate_const(params,
1615 OSSL_CIPHER_PARAM_USE_BITS)))
1616 goto err;
1617 EVP_CIPHER_CTX_set_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS);
1618 if (!TEST_int_gt(EVP_CipherUpdate(ctx, out, &outlen, pt, 7), 0))
1619 goto err;
1620 if (!TEST_int_eq(outlen, 7))
1621 goto err;
1622 if (!TEST_mem_eq(out, (outlen + 7) / 8, expected, sizeof(expected)))
1623 goto err;
1624 ret = 1;
1625 err:
1626 EVP_CIPHER_free(cipher);
1627 EVP_CIPHER_CTX_free(ctx);
1628 return ret;
1629 }
1630
setup_tests(void)1631 int setup_tests(void)
1632 {
1633 char *config_file = NULL;
1634
1635 OPTION_CHOICE o;
1636
1637 while ((o = opt_next()) != OPT_EOF) {
1638 switch (o) {
1639 case OPT_CONFIG_FILE:
1640 config_file = opt_arg();
1641 break;
1642 case OPT_TEST_CASES:
1643 break;
1644 default:
1645 case OPT_ERR:
1646 return 0;
1647 }
1648 }
1649
1650 if (!test_get_libctx(&libctx, &prov_null, config_file, NULL, NULL))
1651 return 0;
1652
1653 OSSL_SELF_TEST_set_callback(libctx, self_test_events, &self_test_args);
1654
1655 ADD_TEST(aes_cfb1_bits_test);
1656 ADD_ALL_TESTS(cipher_enc_dec_test, OSSL_NELEM(cipher_enc_data));
1657 ADD_ALL_TESTS(aes_ccm_enc_dec_test, OSSL_NELEM(aes_ccm_enc_data));
1658 ADD_ALL_TESTS(aes_gcm_enc_dec_test, OSSL_NELEM(aes_gcm_enc_data));
1659 if (fips_provider_version_ge(libctx, 3, 4, 0))
1660 ADD_TEST(aes_gcm_gen_iv_internal_test);
1661
1662 pass_sig_gen_params = fips_provider_version_ge(libctx, 3, 4, 0);
1663 rsa_sign_x931_pad_allowed = fips_provider_version_lt(libctx, 3, 4, 0);
1664 ADD_ALL_TESTS(rsa_keygen_test, OSSL_NELEM(rsa_keygen_data));
1665 ADD_ALL_TESTS(rsa_siggen_test, OSSL_NELEM(rsa_siggen_data));
1666 ADD_ALL_TESTS(rsa_sigver_test, OSSL_NELEM(rsa_sigver_data));
1667 ADD_ALL_TESTS(rsa_decryption_primitive_test,
1668 OSSL_NELEM(rsa_decrypt_prim_data));
1669
1670 #ifndef OPENSSL_NO_DH
1671 ADD_ALL_TESTS(dh_safe_prime_keygen_test,
1672 OSSL_NELEM(dh_safe_prime_keygen_data));
1673 ADD_ALL_TESTS(dh_safe_prime_keyver_test,
1674 OSSL_NELEM(dh_safe_prime_keyver_data));
1675 #endif /* OPENSSL_NO_DH */
1676
1677 #ifndef OPENSSL_NO_DSA
1678 dsasign_allowed = fips_provider_version_lt(libctx, 3, 4, 0);
1679 ADD_ALL_TESTS(dsa_keygen_test, OSSL_NELEM(dsa_keygen_data));
1680 ADD_ALL_TESTS(dsa_paramgen_test, OSSL_NELEM(dsa_paramgen_data));
1681 ADD_ALL_TESTS(dsa_pqver_test, OSSL_NELEM(dsa_pqver_data));
1682 ADD_ALL_TESTS(dsa_siggen_test, OSSL_NELEM(dsa_siggen_data));
1683 ADD_ALL_TESTS(dsa_sigver_test, OSSL_NELEM(dsa_sigver_data));
1684 #endif /* OPENSSL_NO_DSA */
1685
1686 #ifndef OPENSSL_NO_EC
1687 ADD_ALL_TESTS(ecdsa_keygen_test, OSSL_NELEM(ecdsa_keygen_data));
1688 ADD_ALL_TESTS(ecdsa_pub_verify_test, OSSL_NELEM(ecdsa_pv_data));
1689 ADD_ALL_TESTS(ecdsa_siggen_test, OSSL_NELEM(ecdsa_siggen_data));
1690 ADD_ALL_TESTS(ecdsa_sigver_test, OSSL_NELEM(ecdsa_sigver_data));
1691 #endif /* OPENSSL_NO_EC */
1692
1693 #ifndef OPENSSL_NO_ECX
1694 if (fips_provider_version_ge(libctx, 3, 4, 0)) {
1695 ADD_ALL_TESTS(eddsa_keygen_test, OSSL_NELEM(eddsa_pv_data));
1696 ADD_ALL_TESTS(eddsa_pub_verify_test, OSSL_NELEM(eddsa_pv_data));
1697 }
1698 #endif
1699 ADD_ALL_TESTS(drbg_test, OSSL_NELEM(drbg_data));
1700 return 1;
1701 }
1702
cleanup_tests(void)1703 void cleanup_tests(void)
1704 {
1705 OSSL_PROVIDER_unload(prov_null);
1706 OSSL_LIB_CTX_free(libctx);
1707 }
1708