xref: /openssl/test/acvp_test.c (revision ccaa754b)
1 /*
2  * Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved.
3  *
4  * Licensed under the Apache License 2.0 (the "License").  You may not use
5  * this file except in compliance with the License.  You can obtain a copy
6  * in the file LICENSE in the source distribution or at
7  * https://www.openssl.org/source/license.html
8  */
9 
10 /*
11  * A set of tests demonstrating uses cases for CAVS/ACVP testing.
12  *
13  * For examples of testing KDF's, Digests, KeyAgreement & DRBG's refer to
14  * providers/fips/self_test_kats.c
15  */
16 
17 #include <string.h>
18 #include <openssl/opensslconf.h> /* To see if OPENSSL_NO_EC is defined */
19 #include <openssl/core_names.h>
20 #include <openssl/evp.h>
21 #include <openssl/ec.h>
22 #include <openssl/dh.h>
23 #include <openssl/dsa.h>
24 #include <openssl/rsa.h>
25 #include <openssl/param_build.h>
26 #include <openssl/provider.h>
27 #include <openssl/self_test.h>
28 #include "testutil.h"
29 #include "testutil/output.h"
30 #include "acvp_test.inc"
31 #include "internal/nelem.h"
32 
33 typedef enum OPTION_choice {
34     OPT_ERR = -1,
35     OPT_EOF = 0,
36     OPT_CONFIG_FILE,
37     OPT_TEST_ENUM
38 } OPTION_CHOICE;
39 
40 typedef struct st_args {
41     int enable;
42     int called;
43 } SELF_TEST_ARGS;
44 
45 static OSSL_PROVIDER *prov_null = NULL;
46 static OSSL_LIB_CTX *libctx = NULL;
47 static SELF_TEST_ARGS self_test_args = { 0 };
48 static OSSL_CALLBACK self_test_events;
49 static int pass_sig_gen_params = 1;
50 static int rsa_sign_x931_pad_allowed = 1;
51 #ifndef OPENSSL_NO_DSA
52 static int dsasign_allowed = 1;
53 #endif
54 #ifndef OPENSSL_NO_EC
55 static int ec_cofactors = 1;
56 #endif
57 
test_get_options(void)58 const OPTIONS *test_get_options(void)
59 {
60     static const OPTIONS test_options[] = {
61         OPT_TEST_OPTIONS_DEFAULT_USAGE,
62         { "config", OPT_CONFIG_FILE, '<',
63           "The configuration file to use for the libctx" },
64         { NULL }
65     };
66     return test_options;
67 }
68 
pkey_get_bn_bytes(EVP_PKEY * pkey,const char * name,unsigned char ** out,size_t * out_len)69 static int pkey_get_bn_bytes(EVP_PKEY *pkey, const char *name,
70                              unsigned char **out, size_t *out_len)
71 {
72     unsigned char *buf = NULL;
73     BIGNUM *bn = NULL;
74     int sz;
75 
76     if (!EVP_PKEY_get_bn_param(pkey, name, &bn))
77         goto err;
78     sz = BN_num_bytes(bn);
79     buf = OPENSSL_zalloc(sz);
80     if (buf == NULL)
81         goto err;
82     if (BN_bn2binpad(bn, buf, sz) <= 0)
83         goto err;
84 
85     *out_len = sz;
86     *out = buf;
87     BN_free(bn);
88     return 1;
89 err:
90     OPENSSL_free(buf);
91     BN_free(bn);
92     return 0;
93 }
94 
sig_gen(EVP_PKEY * pkey,OSSL_PARAM * params,const char * digest_name,const unsigned char * msg,size_t msg_len,unsigned char ** sig_out,size_t * sig_out_len)95 static int sig_gen(EVP_PKEY *pkey, OSSL_PARAM *params, const char *digest_name,
96                    const unsigned char *msg, size_t msg_len,
97                    unsigned char **sig_out, size_t *sig_out_len)
98 {
99     int ret = 0;
100     EVP_MD_CTX *md_ctx = NULL;
101     unsigned char *sig = NULL;
102     size_t sig_len;
103     size_t sz = EVP_PKEY_get_size(pkey);
104     OSSL_PARAM *p = pass_sig_gen_params ? params : NULL;
105 
106     sig_len = sz;
107     if (!TEST_ptr(sig = OPENSSL_malloc(sz))
108         || !TEST_ptr(md_ctx = EVP_MD_CTX_new())
109         || !TEST_int_eq(EVP_DigestSignInit_ex(md_ctx, NULL, digest_name, libctx,
110                                               NULL, pkey, p), 1)
111         || !TEST_int_gt(EVP_DigestSign(md_ctx, sig, &sig_len, msg, msg_len), 0))
112         goto err;
113     *sig_out = sig;
114     *sig_out_len = sig_len;
115     sig = NULL;
116     ret = 1;
117 err:
118     OPENSSL_free(sig);
119     EVP_MD_CTX_free(md_ctx);
120     return ret;
121 }
122 
check_verify_message(EVP_PKEY_CTX * pkey_ctx,int expected)123 static int check_verify_message(EVP_PKEY_CTX *pkey_ctx, int expected)
124 {
125     OSSL_PARAM params[2], *p = params;
126     int verify_message = -1;
127 
128     if (!OSSL_PROVIDER_available(libctx, "fips")
129             || fips_provider_version_match(libctx, "<3.4.0"))
130         return 1;
131 
132     *p++ = OSSL_PARAM_construct_int(OSSL_SIGNATURE_PARAM_FIPS_VERIFY_MESSAGE,
133                                     &verify_message);
134     *p = OSSL_PARAM_construct_end();
135 
136     if (!TEST_true(EVP_PKEY_CTX_get_params(pkey_ctx, params))
137             || !TEST_int_eq(verify_message, expected))
138         return 0;
139     return 1;
140 }
141 
142 #ifndef OPENSSL_NO_EC
ecdsa_keygen_test(int id)143 static int ecdsa_keygen_test(int id)
144 {
145     int ret = 0;
146     EVP_PKEY *pkey = NULL;
147     unsigned char *priv = NULL;
148     unsigned char *pubx = NULL, *puby = NULL;
149     size_t priv_len = 0, pubx_len = 0, puby_len = 0;
150     const struct ecdsa_keygen_st *tst = &ecdsa_keygen_data[id];
151 
152     self_test_args.called = 0;
153     self_test_args.enable = 1;
154     if (!TEST_ptr(pkey = EVP_PKEY_Q_keygen(libctx, NULL, "EC", tst->curve_name))
155         || !TEST_int_ge(self_test_args.called, 3)
156         || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_PRIV_KEY, &priv,
157                                         &priv_len))
158         || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_EC_PUB_X, &pubx,
159                                         &pubx_len))
160         || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_EC_PUB_Y, &puby,
161                                         &puby_len)))
162         goto err;
163 
164     test_output_memory("qy", puby, puby_len);
165     test_output_memory("qx", pubx, pubx_len);
166     test_output_memory("d", priv, priv_len);
167     ret = 1;
168 err:
169     self_test_args.enable = 0;
170     self_test_args.called = 0;
171     OPENSSL_clear_free(priv, priv_len);
172     OPENSSL_free(pubx);
173     OPENSSL_free(puby);
174     EVP_PKEY_free(pkey);
175     return ret;
176 }
177 
ecdsa_create_pkey(EVP_PKEY ** pkey,const char * curve_name,const unsigned char * pub,size_t pub_len,int expected)178 static int ecdsa_create_pkey(EVP_PKEY **pkey, const char *curve_name,
179                              const unsigned char *pub, size_t pub_len,
180                              int expected)
181 {
182     int ret = 0;
183     EVP_PKEY_CTX *ctx = NULL;
184     OSSL_PARAM_BLD *bld = NULL;
185     OSSL_PARAM *params = NULL;
186 
187     if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
188         || (curve_name != NULL
189             && !TEST_true(OSSL_PARAM_BLD_push_utf8_string(
190                               bld, OSSL_PKEY_PARAM_GROUP_NAME, curve_name, 0) > 0))
191         || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
192                                                        OSSL_PKEY_PARAM_PUB_KEY,
193                                                        pub, pub_len) > 0)
194         || !TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
195         || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "EC", NULL))
196         || !TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1)
197         || !TEST_int_eq(EVP_PKEY_fromdata(ctx, pkey, EVP_PKEY_PUBLIC_KEY,
198                                           params), expected))
199     goto err;
200 
201     ret = 1;
202 err:
203     OSSL_PARAM_free(params);
204     OSSL_PARAM_BLD_free(bld);
205     EVP_PKEY_CTX_free(ctx);
206     return ret;
207 }
208 
ecdsa_pub_verify_test(int id)209 static int ecdsa_pub_verify_test(int id)
210 {
211     const struct ecdsa_pub_verify_st *tst = &ecdsa_pv_data[id];
212 
213     int ret = 0;
214     EVP_PKEY_CTX *key_ctx = NULL;
215     EVP_PKEY *pkey = NULL;
216 
217     if (!TEST_true(ecdsa_create_pkey(&pkey, tst->curve_name,
218                                      tst->pub, tst->pub_len, tst->pass)))
219         goto err;
220 
221     if (tst->pass) {
222         if (!TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, ""))
223             || !TEST_int_eq(EVP_PKEY_public_check(key_ctx), tst->pass))
224             goto err;
225     }
226     ret = 1;
227 err:
228     EVP_PKEY_free(pkey);
229     EVP_PKEY_CTX_free(key_ctx);
230     return ret;
231 }
232 
233 /* Extract r and s  from an ecdsa signature */
get_ecdsa_sig_rs_bytes(const unsigned char * sig,size_t sig_len,unsigned char ** r,unsigned char ** s,size_t * rlen,size_t * slen)234 static int get_ecdsa_sig_rs_bytes(const unsigned char *sig, size_t sig_len,
235                                   unsigned char **r, unsigned char **s,
236                                   size_t *rlen, size_t *slen)
237 {
238     int ret = 0;
239     unsigned char *rbuf = NULL, *sbuf = NULL;
240     size_t r1_len, s1_len;
241     const BIGNUM *r1, *s1;
242     ECDSA_SIG *sign = d2i_ECDSA_SIG(NULL, &sig, sig_len);
243 
244     if (sign == NULL)
245         return 0;
246     r1 = ECDSA_SIG_get0_r(sign);
247     s1 = ECDSA_SIG_get0_s(sign);
248     if (r1 == NULL || s1 == NULL)
249         goto err;
250 
251     r1_len = BN_num_bytes(r1);
252     s1_len = BN_num_bytes(s1);
253     rbuf = OPENSSL_zalloc(r1_len);
254     sbuf = OPENSSL_zalloc(s1_len);
255     if (rbuf == NULL || sbuf == NULL)
256         goto err;
257     if (BN_bn2binpad(r1, rbuf, r1_len) <= 0)
258         goto err;
259     if (BN_bn2binpad(s1, sbuf, s1_len) <= 0)
260         goto err;
261     *r = rbuf;
262     *s = sbuf;
263     *rlen = r1_len;
264     *slen = s1_len;
265     ret = 1;
266 err:
267     if (ret == 0) {
268         OPENSSL_free(rbuf);
269         OPENSSL_free(sbuf);
270     }
271     ECDSA_SIG_free(sign);
272     return ret;
273 }
274 
ecdsa_siggen_test(int id)275 static int ecdsa_siggen_test(int id)
276 {
277     int ret = 0;
278     EVP_PKEY *pkey = NULL;
279     size_t sig_len = 0, rlen = 0, slen = 0;
280     unsigned char *sig = NULL;
281     unsigned char *r = NULL, *s = NULL;
282     const struct ecdsa_siggen_st *tst = &ecdsa_siggen_data[id];
283 
284     if (!TEST_ptr(pkey = EVP_PKEY_Q_keygen(libctx, NULL, "EC", tst->curve_name)))
285         goto err;
286 
287     if (!TEST_true(sig_gen(pkey, NULL, tst->digest_alg, tst->msg, tst->msg_len,
288                            &sig, &sig_len))
289         || !TEST_true(get_ecdsa_sig_rs_bytes(sig, sig_len, &r, &s, &rlen, &slen)))
290         goto err;
291     test_output_memory("r", r, rlen);
292     test_output_memory("s", s, slen);
293     ret = 1;
294 err:
295     OPENSSL_free(r);
296     OPENSSL_free(s);
297     OPENSSL_free(sig);
298     EVP_PKEY_free(pkey);
299     return ret;
300 }
301 
ecdsa_sigver_test(int id)302 static int ecdsa_sigver_test(int id)
303 {
304     int ret = 0;
305     EVP_MD_CTX *md_ctx = NULL;
306     EVP_PKEY *pkey = NULL;
307     EVP_PKEY_CTX *pkey_ctx;
308     ECDSA_SIG *sign = NULL;
309     size_t sig_len;
310     unsigned char *sig = NULL;
311     BIGNUM *rbn = NULL, *sbn = NULL;
312     const struct ecdsa_sigver_st *tst = &ecdsa_sigver_data[id];
313 
314     if (!TEST_true(ecdsa_create_pkey(&pkey, tst->curve_name,
315                                      tst->pub, tst->pub_len, 1)))
316         goto err;
317 
318     if (!TEST_ptr(sign = ECDSA_SIG_new())
319         || !TEST_ptr(rbn = BN_bin2bn(tst->r, tst->r_len, NULL))
320         || !TEST_ptr(sbn = BN_bin2bn(tst->s, tst->s_len, NULL))
321         || !TEST_true(ECDSA_SIG_set0(sign, rbn, sbn)))
322         goto err;
323     rbn = sbn = NULL;
324 
325     if (!TEST_int_gt((sig_len = i2d_ECDSA_SIG(sign, &sig)), 0)
326         || !TEST_ptr(md_ctx = EVP_MD_CTX_new())
327         || !TEST_true(EVP_DigestVerifyInit_ex(md_ctx, NULL, tst->digest_alg,
328                                               libctx, NULL, pkey, NULL))
329         || !TEST_ptr(pkey_ctx = EVP_MD_CTX_get_pkey_ctx(md_ctx))
330         || !check_verify_message(pkey_ctx, 1)
331         || !TEST_int_eq(EVP_DigestVerify(md_ctx, sig, sig_len,
332                                          tst->msg, tst->msg_len), tst->pass)
333         || !check_verify_message(pkey_ctx, 1)
334         || !TEST_true(EVP_PKEY_verify_init(pkey_ctx))
335         || !check_verify_message(pkey_ctx, 0))
336         goto err;
337 
338     ret = 1;
339 err:
340     BN_free(rbn);
341     BN_free(sbn);
342     OPENSSL_free(sig);
343     ECDSA_SIG_free(sign);
344     EVP_PKEY_free(pkey);
345     EVP_MD_CTX_free(md_ctx);
346     return ret;
347 
348 }
349 
ecdh_cofactor_derive_test(int tstid)350 static int ecdh_cofactor_derive_test(int tstid)
351 {
352     int ret = 0;
353     const struct ecdh_cofactor_derive_st *t = &ecdh_cofactor_derive_data[tstid];
354     unsigned char secret1[16];
355     size_t secret1_len = sizeof(secret1);
356     const char *curve = "K-283"; /* A curve that has a cofactor that it not 1 */
357     EVP_PKEY *peer1 = NULL, *peer2 = NULL;
358     EVP_PKEY_CTX *p1ctx = NULL;
359     OSSL_PARAM params[2], *prms = NULL;
360     int use_cofactordh = t->key_cofactor;
361     int cofactor_mode = t->derive_cofactor_mode;
362 
363     if (!ec_cofactors)
364         return TEST_skip("not supported by FIPS provider version");
365 
366     if (!TEST_ptr(peer1 = EVP_PKEY_Q_keygen(libctx, NULL, "EC", curve)))
367         return TEST_skip("Curve %s not supported by the FIPS provider", curve);
368 
369     if (!TEST_ptr(peer2 = EVP_PKEY_Q_keygen(libctx, NULL, "EC", curve)))
370         goto err;
371 
372     params[1] = OSSL_PARAM_construct_end();
373 
374     prms = NULL;
375     if (t->key_cofactor != COFACTOR_NOT_SET) {
376         params[0] = OSSL_PARAM_construct_int(OSSL_PKEY_PARAM_USE_COFACTOR_ECDH,
377                                              &use_cofactordh);
378         prms = params;
379     }
380     if (!TEST_int_eq(EVP_PKEY_set_params(peer1, prms), 1)
381             || !TEST_ptr(p1ctx = EVP_PKEY_CTX_new_from_pkey(libctx, peer1, NULL)))
382         goto err;
383 
384     prms = NULL;
385     if (t->derive_cofactor_mode != COFACTOR_NOT_SET) {
386         params[0] = OSSL_PARAM_construct_int(OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE,
387                                              &cofactor_mode);
388         prms = params;
389     }
390     if (!TEST_int_eq(EVP_PKEY_derive_init_ex(p1ctx, prms), 1)
391             || !TEST_int_eq(EVP_PKEY_derive_set_peer(p1ctx, peer2), 1)
392             || !TEST_int_eq(EVP_PKEY_derive(p1ctx, secret1, &secret1_len),
393                             t->expected))
394         goto err;
395 
396     ret = 1;
397 err:
398     if (ret == 0) {
399         static const char *state[] = { "unset", "-1", "disabled", "enabled" };
400 
401         TEST_note("ECDH derive() was expected to %s if key cofactor is"
402                   "%s and derive mode is %s", t->expected ? "Pass" : "Fail",
403                   state[2 + t->key_cofactor], state[2 + t->derive_cofactor_mode]);
404     }
405     EVP_PKEY_free(peer1);
406     EVP_PKEY_free(peer2);
407     EVP_PKEY_CTX_free(p1ctx);
408     return ret;
409 }
410 
411 #endif /* OPENSSL_NO_EC */
412 
413 #if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECX)
pkey_get_octet_bytes(EVP_PKEY * pkey,const char * name,unsigned char ** out,size_t * out_len)414 static int pkey_get_octet_bytes(EVP_PKEY *pkey, const char *name,
415                                 unsigned char **out, size_t *out_len)
416 {
417     size_t len = 0;
418     unsigned char *buf = NULL;
419 
420     if (!EVP_PKEY_get_octet_string_param(pkey, name, NULL, 0, &len))
421         goto err;
422 
423     buf = OPENSSL_zalloc(len);
424     if (buf == NULL)
425         goto err;
426 
427     if (!EVP_PKEY_get_octet_string_param(pkey, name, buf, len, out_len))
428         goto err;
429     *out = buf;
430     return 1;
431 err:
432     OPENSSL_free(buf);
433     return 0;
434 }
435 #endif /* !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECX) */
436 
437 #ifndef OPENSSL_NO_ECX
eddsa_create_pkey(EVP_PKEY ** pkey,const char * algname,const unsigned char * pub,size_t pub_len,int expected)438 static int eddsa_create_pkey(EVP_PKEY **pkey, const char *algname,
439                              const unsigned char *pub, size_t pub_len,
440                              int expected)
441 {
442     int ret = 0;
443     EVP_PKEY_CTX *ctx = NULL;
444     OSSL_PARAM_BLD *bld = NULL;
445     OSSL_PARAM *params = NULL;
446 
447     if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
448         || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
449                                                        OSSL_PKEY_PARAM_PUB_KEY,
450                                                        pub, pub_len) > 0)
451         || !TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
452         || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, algname, NULL))
453         || !TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1)
454         || !TEST_int_eq(EVP_PKEY_fromdata(ctx, pkey, EVP_PKEY_PUBLIC_KEY,
455                                           params), expected))
456         goto err;
457 
458     ret = 1;
459 err:
460     OSSL_PARAM_free(params);
461     OSSL_PARAM_BLD_free(bld);
462     EVP_PKEY_CTX_free(ctx);
463     return ret;
464 }
465 
eddsa_pub_verify_test(int id)466 static int eddsa_pub_verify_test(int id)
467 {
468     const struct ecdsa_pub_verify_st *tst = &eddsa_pv_data[id];
469     int ret = 0;
470     EVP_PKEY_CTX *key_ctx = NULL;
471     EVP_PKEY *pkey = NULL;
472 
473     if (!TEST_true(eddsa_create_pkey(&pkey, tst->curve_name,
474                                      tst->pub, tst->pub_len, 1)))
475         goto err;
476 
477     if (!TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, ""))
478             || !TEST_int_eq(EVP_PKEY_public_check(key_ctx), tst->pass))
479         goto err;
480     ret = 1;
481 err:
482     EVP_PKEY_free(pkey);
483     EVP_PKEY_CTX_free(key_ctx);
484     return ret;
485 }
486 
eddsa_keygen_test(int id)487 static int eddsa_keygen_test(int id)
488 {
489     int ret = 0;
490     EVP_PKEY *pkey = NULL;
491     unsigned char *priv = NULL, *pub = NULL;
492     size_t priv_len = 0, pub_len = 0;
493     const struct ecdsa_pub_verify_st *tst = &eddsa_pv_data[id];
494 
495     self_test_args.called = 0;
496     self_test_args.enable = 1;
497     if (!TEST_ptr(pkey = EVP_PKEY_Q_keygen(libctx, NULL, tst->curve_name))
498         || !TEST_int_ge(self_test_args.called, 3)
499         || !TEST_true(pkey_get_octet_bytes(pkey, OSSL_PKEY_PARAM_PRIV_KEY,
500                                            &priv, &priv_len))
501         || !TEST_true(pkey_get_octet_bytes(pkey, OSSL_PKEY_PARAM_PUB_KEY, &pub,
502                                            &pub_len)))
503         goto err;
504 
505     test_output_memory("q", pub, pub_len);
506     test_output_memory("d", priv, priv_len);
507     ret = 1;
508 err:
509     self_test_args.enable = 0;
510     self_test_args.called = 0;
511     OPENSSL_clear_free(priv, priv_len);
512     OPENSSL_free(pub);
513     EVP_PKEY_free(pkey);
514     return ret;
515 }
516 
517 #endif /* OPENSSL_NO_ECX */
518 
519 #ifndef OPENSSL_NO_DSA
520 
dsa_paramgen(int L,int N)521 static EVP_PKEY *dsa_paramgen(int L, int N)
522 {
523     EVP_PKEY_CTX *paramgen_ctx = NULL;
524     EVP_PKEY *param_key = NULL;
525 
526     if (!TEST_ptr(paramgen_ctx = EVP_PKEY_CTX_new_from_name(libctx, "DSA", NULL))
527         || !TEST_int_gt(EVP_PKEY_paramgen_init(paramgen_ctx), 0)
528         || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_bits(paramgen_ctx, L))
529         || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_q_bits(paramgen_ctx, N))
530         || !TEST_true(EVP_PKEY_paramgen(paramgen_ctx, &param_key)))
531         TEST_info("dsa_paramgen failed");
532     EVP_PKEY_CTX_free(paramgen_ctx);
533     return param_key;
534 }
535 
dsa_keygen(int L,int N)536 static EVP_PKEY *dsa_keygen(int L, int N)
537 {
538     EVP_PKEY *param_key = NULL, *key = NULL;
539     EVP_PKEY_CTX *keygen_ctx = NULL;
540 
541     if (!TEST_ptr(param_key = dsa_paramgen(L, N))
542         || !TEST_ptr(keygen_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, param_key,
543                                                              NULL))
544         || !TEST_int_gt(EVP_PKEY_keygen_init(keygen_ctx), 0)
545         || !TEST_int_gt(EVP_PKEY_keygen(keygen_ctx, &key), 0))
546         goto err;
547 err:
548     EVP_PKEY_free(param_key);
549     EVP_PKEY_CTX_free(keygen_ctx);
550     return key;
551 }
552 
dsa_keygen_test(int id)553 static int dsa_keygen_test(int id)
554 {
555     int ret = 0, i;
556     EVP_PKEY_CTX *paramgen_ctx = NULL, *keygen_ctx = NULL;
557     EVP_PKEY *param_key = NULL, *key = NULL;
558     unsigned char *priv = NULL, *pub = NULL;
559     size_t priv_len = 0, pub_len = 0;
560     const struct dsa_paramgen_st *tst = &dsa_keygen_data[id];
561 
562     if (!dsasign_allowed)
563         return TEST_skip("DSA signing is not allowed");
564     if (!TEST_ptr(param_key = dsa_paramgen(tst->L, tst->N))
565         || !TEST_ptr(keygen_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, param_key,
566                                                              NULL))
567         || !TEST_int_gt(EVP_PKEY_keygen_init(keygen_ctx), 0))
568         goto err;
569     for (i = 0; i < 2; ++i) {
570         if (!TEST_int_gt(EVP_PKEY_keygen(keygen_ctx, &key), 0)
571             || !TEST_true(pkey_get_bn_bytes(key, OSSL_PKEY_PARAM_PRIV_KEY,
572                                             &priv, &priv_len))
573             || !TEST_true(pkey_get_bn_bytes(key, OSSL_PKEY_PARAM_PUB_KEY,
574                                             &pub, &pub_len)))
575             goto err;
576         test_output_memory("y", pub, pub_len);
577         test_output_memory("x", priv, priv_len);
578         EVP_PKEY_free(key);
579         OPENSSL_clear_free(priv, priv_len);
580         OPENSSL_free(pub);
581         key = NULL;
582         pub = priv = NULL;
583     }
584     ret = 1;
585 err:
586     OPENSSL_clear_free(priv, priv_len);
587     OPENSSL_free(pub);
588     EVP_PKEY_free(param_key);
589     EVP_PKEY_free(key);
590     EVP_PKEY_CTX_free(keygen_ctx);
591     EVP_PKEY_CTX_free(paramgen_ctx);
592     return ret;
593 }
594 
dsa_paramgen_test(int id)595 static int dsa_paramgen_test(int id)
596 {
597     int ret = 0, counter = 0;
598     EVP_PKEY_CTX *paramgen_ctx = NULL;
599     EVP_PKEY *param_key = NULL;
600     unsigned char *p = NULL, *q = NULL, *seed = NULL;
601     size_t plen = 0, qlen = 0, seedlen = 0;
602     const struct dsa_paramgen_st *tst = &dsa_paramgen_data[id];
603 
604     if (!TEST_ptr(paramgen_ctx = EVP_PKEY_CTX_new_from_name(libctx, "DSA", NULL))
605         || !TEST_int_gt(EVP_PKEY_paramgen_init(paramgen_ctx), 0)
606         || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_bits(paramgen_ctx, tst->L))
607         || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_q_bits(paramgen_ctx,
608                                                            tst->N)))
609         goto err;
610 
611     if (!dsasign_allowed) {
612         if (!TEST_false(EVP_PKEY_paramgen(paramgen_ctx, &param_key)))
613             goto err;
614     } else {
615         if (!TEST_true(EVP_PKEY_paramgen(paramgen_ctx, &param_key))
616             || !TEST_true(pkey_get_bn_bytes(param_key, OSSL_PKEY_PARAM_FFC_P,
617                                             &p, &plen))
618             || !TEST_true(pkey_get_bn_bytes(param_key, OSSL_PKEY_PARAM_FFC_Q,
619                                             &q, &qlen))
620             || !TEST_true(pkey_get_octet_bytes(param_key,
621                                                OSSL_PKEY_PARAM_FFC_SEED,
622                                                &seed, &seedlen))
623             || !TEST_true(EVP_PKEY_get_int_param(param_key,
624                                                  OSSL_PKEY_PARAM_FFC_PCOUNTER,
625                                                  &counter)))
626             goto err;
627         test_output_memory("p", p, plen);
628         test_output_memory("q", q, qlen);
629         test_output_memory("domainSeed", seed, seedlen);
630         test_printf_stderr("%s: %d\n", "counter", counter);
631     }
632     ret = 1;
633 err:
634     OPENSSL_free(p);
635     OPENSSL_free(q);
636     OPENSSL_free(seed);
637     EVP_PKEY_free(param_key);
638     EVP_PKEY_CTX_free(paramgen_ctx);
639     return ret;
640 }
641 
dsa_create_pkey(EVP_PKEY ** pkey,const unsigned char * p,size_t p_len,const unsigned char * q,size_t q_len,const unsigned char * g,size_t g_len,const unsigned char * seed,size_t seed_len,int counter,int validate_pq,int validate_g,const unsigned char * pub,size_t pub_len,BN_CTX * bn_ctx)642 static int dsa_create_pkey(EVP_PKEY **pkey,
643                            const unsigned char *p, size_t p_len,
644                            const unsigned char *q, size_t q_len,
645                            const unsigned char *g, size_t g_len,
646                            const unsigned char *seed, size_t seed_len,
647                            int counter,
648                            int validate_pq, int validate_g,
649                            const unsigned char *pub, size_t pub_len,
650                            BN_CTX *bn_ctx)
651 {
652     int ret = 0;
653     EVP_PKEY_CTX *ctx = NULL;
654     OSSL_PARAM_BLD *bld = NULL;
655     OSSL_PARAM *params = NULL;
656     BIGNUM *p_bn = NULL, *q_bn = NULL, *g_bn = NULL, *pub_bn = NULL;
657 
658     if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
659         || !TEST_ptr(p_bn = BN_CTX_get(bn_ctx))
660         || !TEST_ptr(BN_bin2bn(p, p_len, p_bn))
661         || !TEST_true(OSSL_PARAM_BLD_push_int(bld,
662                                               OSSL_PKEY_PARAM_FFC_VALIDATE_PQ,
663                                               validate_pq))
664         || !TEST_true(OSSL_PARAM_BLD_push_int(bld,
665                                               OSSL_PKEY_PARAM_FFC_VALIDATE_G,
666                                               validate_g))
667         || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p_bn))
668         || !TEST_ptr(q_bn = BN_CTX_get(bn_ctx))
669         || !TEST_ptr(BN_bin2bn(q, q_len, q_bn))
670         || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q_bn)))
671         goto err;
672 
673      if (g != NULL) {
674          if (!TEST_ptr(g_bn = BN_CTX_get(bn_ctx))
675              || !TEST_ptr(BN_bin2bn(g, g_len, g_bn))
676              || !TEST_true(OSSL_PARAM_BLD_push_BN(bld,
677                                                   OSSL_PKEY_PARAM_FFC_G, g_bn)))
678              goto err;
679      }
680      if (seed != NULL) {
681          if (!TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
682                             OSSL_PKEY_PARAM_FFC_SEED, seed, seed_len)))
683              goto err;
684      }
685      if (counter != -1) {
686          if (!TEST_true(OSSL_PARAM_BLD_push_int(bld,
687                                                 OSSL_PKEY_PARAM_FFC_PCOUNTER,
688                                                 counter)))
689              goto err;
690      }
691      if (pub != NULL) {
692          if (!TEST_ptr(pub_bn = BN_CTX_get(bn_ctx))
693              || !TEST_ptr(BN_bin2bn(pub, pub_len, pub_bn))
694              || !TEST_true(OSSL_PARAM_BLD_push_BN(bld,
695                                                   OSSL_PKEY_PARAM_PUB_KEY,
696                                                   pub_bn)))
697              goto err;
698      }
699      if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
700          || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "DSA", NULL))
701          || !TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1)
702          || !TEST_int_eq(EVP_PKEY_fromdata(ctx, pkey, EVP_PKEY_PUBLIC_KEY,
703                                            params), 1))
704          goto err;
705 
706     ret = 1;
707 err:
708     OSSL_PARAM_free(params);
709     OSSL_PARAM_BLD_free(bld);
710     EVP_PKEY_CTX_free(ctx);
711     return ret;
712 }
713 
dsa_pqver_test(int id)714 static int dsa_pqver_test(int id)
715 {
716     int ret = 0;
717     BN_CTX *bn_ctx = NULL;
718     EVP_PKEY_CTX *key_ctx = NULL;
719     EVP_PKEY *param_key = NULL;
720     const struct dsa_pqver_st *tst = &dsa_pqver_data[id];
721 
722     if (!TEST_ptr(bn_ctx = BN_CTX_new_ex(libctx))
723         || !TEST_true(dsa_create_pkey(&param_key, tst->p, tst->p_len,
724                                       tst->q, tst->q_len, NULL, 0,
725                                       tst->seed, tst->seed_len, tst->counter,
726                                       1, 0,
727                                       NULL, 0,
728                                       bn_ctx))
729         || !TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, param_key,
730                                                           NULL))
731         || !TEST_int_eq(EVP_PKEY_param_check(key_ctx), tst->pass))
732         goto err;
733 
734     ret = 1;
735 err:
736     BN_CTX_free(bn_ctx);
737     EVP_PKEY_free(param_key);
738     EVP_PKEY_CTX_free(key_ctx);
739     return ret;
740 }
741 
742 /* Extract r and s from a dsa signature */
get_dsa_sig_rs_bytes(const unsigned char * sig,size_t sig_len,unsigned char ** r,unsigned char ** s,size_t * r_len,size_t * s_len)743 static int get_dsa_sig_rs_bytes(const unsigned char *sig, size_t sig_len,
744                                 unsigned char **r, unsigned char **s,
745                                 size_t *r_len, size_t *s_len)
746 {
747     int ret = 0;
748     unsigned char *rbuf = NULL, *sbuf = NULL;
749     size_t r1_len, s1_len;
750     const BIGNUM *r1, *s1;
751     DSA_SIG *sign = d2i_DSA_SIG(NULL, &sig, sig_len);
752 
753     if (sign == NULL)
754         return 0;
755     DSA_SIG_get0(sign, &r1, &s1);
756     if (r1 == NULL || s1 == NULL)
757         goto err;
758 
759     r1_len = BN_num_bytes(r1);
760     s1_len = BN_num_bytes(s1);
761     rbuf = OPENSSL_zalloc(r1_len);
762     sbuf = OPENSSL_zalloc(s1_len);
763     if (rbuf == NULL || sbuf == NULL)
764         goto err;
765     if (BN_bn2binpad(r1, rbuf, r1_len) <= 0)
766         goto err;
767     if (BN_bn2binpad(s1, sbuf, s1_len) <= 0)
768         goto err;
769     *r = rbuf;
770     *s = sbuf;
771     *r_len = r1_len;
772     *s_len = s1_len;
773     ret = 1;
774 err:
775     if (ret == 0) {
776         OPENSSL_free(rbuf);
777         OPENSSL_free(sbuf);
778     }
779     DSA_SIG_free(sign);
780     return ret;
781 }
782 
dsa_siggen_test(int id)783 static int dsa_siggen_test(int id)
784 {
785     int ret = 0;
786     EVP_PKEY *pkey = NULL;
787     unsigned char *sig = NULL, *r = NULL, *s = NULL;
788     size_t sig_len = 0, rlen = 0, slen = 0;
789     const struct dsa_siggen_st *tst = &dsa_siggen_data[id];
790 
791     if (!dsasign_allowed) {
792         if (!TEST_ptr_null(pkey = dsa_keygen(tst->L, tst->N)))
793             goto err;
794     } else {
795         if (!TEST_ptr(pkey = dsa_keygen(tst->L, tst->N)))
796             goto err;
797         if (!TEST_true(sig_gen(pkey, NULL, tst->digest_alg, tst->msg, tst->msg_len,
798                                &sig, &sig_len))
799             || !TEST_true(get_dsa_sig_rs_bytes(sig, sig_len, &r, &s, &rlen, &slen)))
800             goto err;
801         test_output_memory("r", r, rlen);
802         test_output_memory("s", s, slen);
803     }
804     ret = 1;
805 err:
806     OPENSSL_free(r);
807     OPENSSL_free(s);
808     OPENSSL_free(sig);
809     EVP_PKEY_free(pkey);
810     return ret;
811 }
812 
dsa_sigver_test(int id)813 static int dsa_sigver_test(int id)
814 {
815     int ret = 0;
816     EVP_PKEY_CTX *ctx = NULL;
817     EVP_PKEY *pkey = NULL;
818     DSA_SIG *sign = NULL;
819     size_t sig_len;
820     unsigned char *sig = NULL;
821     BIGNUM *rbn = NULL, *sbn = NULL;
822     EVP_MD *md = NULL;
823     unsigned char digest[EVP_MAX_MD_SIZE];
824     unsigned int digest_len;
825     BN_CTX *bn_ctx = NULL;
826     const struct dsa_sigver_st *tst  = &dsa_sigver_data[id];
827 
828     if (!TEST_ptr(bn_ctx = BN_CTX_new())
829         || !TEST_true(dsa_create_pkey(&pkey, tst->p, tst->p_len,
830                                       tst->q, tst->q_len, tst->g, tst->g_len,
831                                       NULL, 0, 0, 0, 0, tst->pub, tst->pub_len,
832                                       bn_ctx)))
833         goto err;
834 
835     if (!TEST_ptr(sign = DSA_SIG_new())
836         || !TEST_ptr(rbn = BN_bin2bn(tst->r, tst->r_len, NULL))
837         || !TEST_ptr(sbn = BN_bin2bn(tst->s, tst->s_len, NULL))
838         || !TEST_true(DSA_SIG_set0(sign, rbn, sbn)))
839         goto err;
840     rbn = sbn = NULL;
841 
842     if (!TEST_ptr(md = EVP_MD_fetch(libctx, tst->digest_alg, ""))
843         || !TEST_true(EVP_Digest(tst->msg, tst->msg_len,
844                                  digest, &digest_len, md, NULL)))
845         goto err;
846 
847     if (!TEST_int_gt((sig_len = i2d_DSA_SIG(sign, &sig)), 0)
848         || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, ""))
849         || !TEST_int_gt(EVP_PKEY_verify_init(ctx), 0)
850         || !TEST_int_eq(EVP_PKEY_verify(ctx, sig, sig_len, digest, digest_len),
851                         tst->pass))
852         goto err;
853     ret = 1;
854 err:
855     EVP_PKEY_CTX_free(ctx);
856     OPENSSL_free(sig);
857     EVP_MD_free(md);
858     DSA_SIG_free(sign);
859     EVP_PKEY_free(pkey);
860     BN_free(rbn);
861     BN_free(sbn);
862     BN_CTX_free(bn_ctx);
863     return ret;
864 }
865 #endif /* OPENSSL_NO_DSA */
866 
867 
868 /* cipher encrypt/decrypt */
cipher_enc(const char * alg,const unsigned char * pt,size_t pt_len,const unsigned char * key,size_t key_len,const unsigned char * iv,size_t iv_len,const unsigned char * ct,size_t ct_len,int enc)869 static int cipher_enc(const char *alg,
870                       const unsigned char *pt, size_t pt_len,
871                       const unsigned char *key, size_t key_len,
872                       const unsigned char *iv, size_t iv_len,
873                       const unsigned char *ct, size_t ct_len,
874                       int enc)
875 {
876     int ret = 0, out_len = 0, len = 0;
877     EVP_CIPHER_CTX *ctx = NULL;
878     EVP_CIPHER *cipher = NULL;
879     unsigned char out[256] = { 0 };
880 
881     TEST_note("%s : %s", alg, enc ? "encrypt" : "decrypt");
882     if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
883         || !TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, alg, ""))
884         || !TEST_true(EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, enc))
885         || !TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))
886         || !TEST_true(EVP_CipherUpdate(ctx, out, &len, pt, pt_len))
887         || !TEST_true(EVP_CipherFinal_ex(ctx, out + len, &out_len)))
888         goto err;
889     out_len += len;
890     if (!TEST_mem_eq(out, out_len, ct, ct_len))
891         goto err;
892     ret = 1;
893 err:
894     EVP_CIPHER_free(cipher);
895     EVP_CIPHER_CTX_free(ctx);
896     return ret;
897 }
898 
cipher_enc_dec_test(int id)899 static int cipher_enc_dec_test(int id)
900 {
901     const struct cipher_st *tst = &cipher_enc_data[id];
902     const int enc = 1;
903 
904     return TEST_true(cipher_enc(tst->alg, tst->pt, tst->pt_len,
905                                 tst->key, tst->key_len,
906                                 tst->iv, tst->iv_len,
907                                 tst->ct, tst->ct_len, enc))
908            && TEST_true(cipher_enc(tst->alg, tst->ct, tst->ct_len,
909                                    tst->key, tst->key_len,
910                                    tst->iv, tst->iv_len,
911                                    tst->pt, tst->pt_len, !enc));
912 }
913 
aes_ccm_enc_dec(const char * alg,const unsigned char * pt,size_t pt_len,const unsigned char * key,size_t key_len,const unsigned char * iv,size_t iv_len,const unsigned char * aad,size_t aad_len,const unsigned char * ct,size_t ct_len,const unsigned char * tag,size_t tag_len,int enc,int pass)914 static int aes_ccm_enc_dec(const char *alg,
915                            const unsigned char *pt, size_t pt_len,
916                            const unsigned char *key, size_t key_len,
917                            const unsigned char *iv, size_t iv_len,
918                            const unsigned char *aad, size_t aad_len,
919                            const unsigned char *ct, size_t ct_len,
920                            const unsigned char *tag, size_t tag_len,
921                            int enc, int pass)
922 {
923     int ret = 0;
924     EVP_CIPHER_CTX *ctx;
925     EVP_CIPHER *cipher = NULL;
926     int out_len, len;
927     unsigned char out[1024];
928 
929     TEST_note("%s : %s : expected to %s", alg, enc ? "encrypt" : "decrypt",
930               pass ? "pass" : "fail");
931 
932     if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
933         || !TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, alg, ""))
934         || !TEST_true(EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc))
935         || !TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, iv_len,
936                                           NULL), 0)
937         || !TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, tag_len,
938                                           enc ? NULL : (void *)tag), 0)
939         || !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, enc))
940         || !TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))
941         || !TEST_true(EVP_CipherUpdate(ctx, NULL, &len, NULL, pt_len))
942         || !TEST_true(EVP_CipherUpdate(ctx, NULL, &len, aad, aad_len))
943         || !TEST_int_eq(EVP_CipherUpdate(ctx, out, &len, pt, pt_len), pass))
944         goto err;
945 
946     if (!pass) {
947         ret = 1;
948         goto err;
949     }
950     if (!TEST_true(EVP_CipherFinal_ex(ctx, out + len, &out_len)))
951         goto err;
952     if (enc) {
953         out_len += len;
954         if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG,
955                                            tag_len, out + out_len), 0)
956             || !TEST_mem_eq(out, out_len, ct, ct_len)
957             || !TEST_mem_eq(out + out_len, tag_len, tag, tag_len))
958             goto err;
959     } else {
960         if (!TEST_mem_eq(out, out_len + len, ct, ct_len))
961             goto err;
962     }
963 
964     ret = 1;
965 err:
966     EVP_CIPHER_free(cipher);
967     EVP_CIPHER_CTX_free(ctx);
968     return ret;
969 }
970 
aes_ccm_enc_dec_test(int id)971 static int aes_ccm_enc_dec_test(int id)
972 {
973     const struct cipher_ccm_st *tst = &aes_ccm_enc_data[id];
974 
975     /* The tag is on the end of the cipher text */
976     const size_t tag_len = tst->ct_len - tst->pt_len;
977     const size_t ct_len = tst->ct_len - tag_len;
978     const unsigned char *tag = tst->ct + ct_len;
979     const int enc = 1;
980     const int pass = 1;
981 
982     if (ct_len < 1)
983         return 0;
984 
985     return aes_ccm_enc_dec(tst->alg, tst->pt, tst->pt_len,
986                            tst->key, tst->key_len,
987                            tst->iv, tst->iv_len, tst->aad, tst->aad_len,
988                            tst->ct, ct_len, tag, tag_len, enc, pass)
989             && aes_ccm_enc_dec(tst->alg, tst->ct, ct_len,
990                                tst->key, tst->key_len,
991                                tst->iv, tst->iv_len, tst->aad, tst->aad_len,
992                                tst->pt, tst->pt_len, tag, tag_len, !enc, pass)
993             /* test that it fails if the tag is incorrect */
994             && aes_ccm_enc_dec(tst->alg, tst->ct, ct_len,
995                                tst->key, tst->key_len,
996                                tst->iv, tst->iv_len, tst->aad, tst->aad_len,
997                                tst->pt, tst->pt_len,
998                                tag - 1, tag_len, !enc, !pass);
999 }
1000 
aes_gcm_enc_dec(const char * alg,const unsigned char * pt,size_t pt_len,const unsigned char * key,size_t key_len,const unsigned char * iv,size_t iv_len,const unsigned char * aad,size_t aad_len,const unsigned char * ct,size_t ct_len,const unsigned char * tag,size_t tag_len,int enc,int pass,unsigned char * out,int * out_len,unsigned char * outiv)1001 static int aes_gcm_enc_dec(const char *alg,
1002                            const unsigned char *pt, size_t pt_len,
1003                            const unsigned char *key, size_t key_len,
1004                            const unsigned char *iv, size_t iv_len,
1005                            const unsigned char *aad, size_t aad_len,
1006                            const unsigned char *ct, size_t ct_len,
1007                            const unsigned char *tag, size_t tag_len,
1008                            int enc, int pass,
1009                            unsigned char *out, int *out_len,
1010                            unsigned char *outiv)
1011 {
1012     int ret = 0;
1013     EVP_CIPHER_CTX *ctx;
1014     EVP_CIPHER *cipher = NULL;
1015     int olen, len;
1016 
1017     TEST_note("%s : %s : expected to %s", alg, enc ? "encrypt" : "decrypt",
1018               pass ? "pass" : "fail");
1019 
1020     if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
1021         || !TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, alg, ""))
1022         || !TEST_true(EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc))
1023         || !TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, iv_len,
1024                                           NULL), 0))
1025         goto err;
1026 
1027     if (!enc) {
1028         if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, tag_len,
1029                                            (void *)tag), 0))
1030             goto err;
1031     }
1032     /*
1033      * For testing purposes the IV may be passed in here. In a compliant
1034      * application the IV would be generated internally. A fake entropy source
1035      * could also be used to feed in the random IV bytes (see fake_random.c)
1036      */
1037     if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, enc))
1038         || !TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))
1039         || !TEST_true(EVP_CipherUpdate(ctx, NULL, &len, aad, aad_len))
1040         || !TEST_true(EVP_CipherUpdate(ctx, out, &len, pt, pt_len)))
1041         goto err;
1042 
1043     if (!TEST_int_eq(EVP_CipherFinal_ex(ctx, out + len, &olen), pass))
1044         goto err;
1045     if (!pass) {
1046         ret = 1;
1047         goto err;
1048     }
1049     olen += len;
1050     if (enc) {
1051         if ((ct != NULL && !TEST_mem_eq(out, olen, ct, ct_len))
1052                 || !TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG,
1053                                                     tag_len, out + olen), 0)
1054                 || (tag != NULL
1055                     && !TEST_mem_eq(out + olen, tag_len, tag, tag_len)))
1056             goto err;
1057     } else {
1058         if (ct != NULL && !TEST_mem_eq(out, olen, ct, ct_len))
1059             goto err;
1060     }
1061 
1062     {
1063         OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END, OSSL_PARAM_END };
1064         OSSL_PARAM *p = params;
1065         unsigned int iv_generated = -1;
1066         const OSSL_PARAM *gettables = EVP_CIPHER_CTX_gettable_params(ctx);
1067         const char *ivgenkey = OSSL_CIPHER_PARAM_AEAD_IV_GENERATED;
1068         int ivgen = (OSSL_PARAM_locate_const(gettables, ivgenkey) != NULL);
1069 
1070         if (ivgen != 0)
1071             *p++ = OSSL_PARAM_construct_uint(ivgenkey, &iv_generated);
1072         if (outiv != NULL)
1073             *p = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_IV,
1074                                                    outiv, iv_len);
1075         if (!TEST_true(EVP_CIPHER_CTX_get_params(ctx, params)))
1076             goto err;
1077         if (ivgen != 0
1078                 && !TEST_uint_eq(iv_generated, (enc == 0 || iv != NULL ? 0 : 1)))
1079             goto err;
1080     }
1081     if (out_len != NULL)
1082         *out_len = olen;
1083 
1084     ret = 1;
1085 err:
1086     EVP_CIPHER_free(cipher);
1087     EVP_CIPHER_CTX_free(ctx);
1088     return ret;
1089 }
1090 
aes_gcm_enc_dec_test(int id)1091 static int aes_gcm_enc_dec_test(int id)
1092 {
1093     const struct cipher_gcm_st *tst = &aes_gcm_enc_data[id];
1094     int enc = 1;
1095     int pass = 1;
1096     unsigned char out[1024];
1097 
1098     return aes_gcm_enc_dec(tst->alg, tst->pt, tst->pt_len,
1099                            tst->key, tst->key_len,
1100                            tst->iv, tst->iv_len, tst->aad, tst->aad_len,
1101                            tst->ct, tst->ct_len, tst->tag, tst->tag_len,
1102                            enc, pass, out, NULL, NULL)
1103             && aes_gcm_enc_dec(tst->alg, tst->ct, tst->ct_len,
1104                                tst->key, tst->key_len,
1105                                tst->iv, tst->iv_len, tst->aad, tst->aad_len,
1106                                tst->pt, tst->pt_len, tst->tag, tst->tag_len,
1107                                !enc, pass, out, NULL, NULL)
1108             /* Fail if incorrect tag passed to decrypt */
1109             && aes_gcm_enc_dec(tst->alg, tst->ct, tst->ct_len,
1110                                tst->key, tst->key_len,
1111                                tst->iv, tst->iv_len, tst->aad, tst->aad_len,
1112                                tst->pt, tst->pt_len, tst->aad, tst->tag_len,
1113                                !enc, !pass, out, NULL, NULL);
1114 }
1115 
aes_gcm_gen_iv_internal_test(void)1116 static int aes_gcm_gen_iv_internal_test(void)
1117 {
1118     const struct cipher_gcm_st *tst = &aes_gcm_enc_data[0];
1119     int enc = 1;
1120     int pass = 1;
1121     int out_len = 0;
1122     unsigned char out[1024];
1123     unsigned char iv[16];
1124 
1125     return aes_gcm_enc_dec(tst->alg, tst->pt, tst->pt_len,
1126                            tst->key, tst->key_len,
1127                            NULL, tst->iv_len, tst->aad, tst->aad_len,
1128                            NULL, tst->ct_len, NULL, tst->tag_len,
1129                            enc, pass, out, &out_len, iv)
1130             && aes_gcm_enc_dec(tst->alg, out, out_len,
1131                                tst->key, tst->key_len,
1132                                iv, tst->iv_len, tst->aad, tst->aad_len,
1133                                tst->pt, tst->pt_len, out + out_len, tst->tag_len,
1134                                !enc, pass, out, NULL, NULL);
1135 }
1136 
1137 #ifndef OPENSSL_NO_DH
dh_create_pkey(EVP_PKEY ** pkey,const char * group_name,const unsigned char * pub,size_t pub_len,const unsigned char * priv,size_t priv_len,BN_CTX * bn_ctx,int pass)1138 static int dh_create_pkey(EVP_PKEY **pkey, const char *group_name,
1139                           const unsigned char *pub, size_t pub_len,
1140                           const unsigned char *priv, size_t priv_len,
1141                           BN_CTX *bn_ctx, int pass)
1142 {
1143     int ret = 0;
1144     EVP_PKEY_CTX *ctx = NULL;
1145     OSSL_PARAM_BLD *bld = NULL;
1146     OSSL_PARAM *params = NULL;
1147     BIGNUM *pub_bn = NULL, *priv_bn = NULL;
1148 
1149     if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
1150         || (group_name != NULL
1151             && !TEST_int_gt(OSSL_PARAM_BLD_push_utf8_string(
1152                               bld, OSSL_PKEY_PARAM_GROUP_NAME,
1153                               group_name, 0), 0)))
1154         goto err;
1155 
1156     if (pub != NULL) {
1157         if (!TEST_ptr(pub_bn = BN_CTX_get(bn_ctx))
1158             || !TEST_ptr(BN_bin2bn(pub, pub_len, pub_bn))
1159             || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
1160                                                  pub_bn)))
1161             goto err;
1162     }
1163     if (priv != NULL) {
1164         if (!TEST_ptr(priv_bn = BN_CTX_get(bn_ctx))
1165             || !TEST_ptr(BN_bin2bn(priv, priv_len, priv_bn))
1166             || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
1167                                                  priv_bn)))
1168             goto err;
1169     }
1170 
1171     if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
1172         || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "DH", NULL))
1173         || !TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1)
1174         || !TEST_int_eq(EVP_PKEY_fromdata(ctx, pkey, EVP_PKEY_KEYPAIR, params),
1175                         pass))
1176     goto err;
1177 
1178     ret = 1;
1179 err:
1180     OSSL_PARAM_free(params);
1181     OSSL_PARAM_BLD_free(bld);
1182     EVP_PKEY_CTX_free(ctx);
1183     return ret;
1184 }
1185 
dh_safe_prime_keygen_test(int id)1186 static int dh_safe_prime_keygen_test(int id)
1187 {
1188     int ret = 0;
1189     EVP_PKEY_CTX *ctx = NULL;
1190     EVP_PKEY *pkey = NULL;
1191     unsigned char *priv = NULL;
1192     unsigned char *pub = NULL;
1193     size_t priv_len = 0, pub_len = 0;
1194     OSSL_PARAM params[2];
1195     const struct dh_safe_prime_keygen_st *tst = &dh_safe_prime_keygen_data[id];
1196 
1197     params[0] = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME,
1198                                                  (char *)tst->group_name, 0);
1199     params[1] = OSSL_PARAM_construct_end();
1200 
1201     if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "DH", NULL))
1202         || !TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
1203         || !TEST_true(EVP_PKEY_CTX_set_params(ctx, params))
1204         || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0)
1205         || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_PRIV_KEY,
1206                                         &priv, &priv_len))
1207         || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_PUB_KEY,
1208                                         &pub, &pub_len)))
1209         goto err;
1210 
1211     test_output_memory("x", priv, priv_len);
1212     test_output_memory("y", pub, pub_len);
1213     ret = 1;
1214 err:
1215     OPENSSL_clear_free(priv, priv_len);
1216     OPENSSL_free(pub);
1217     EVP_PKEY_free(pkey);
1218     EVP_PKEY_CTX_free(ctx);
1219     return ret;
1220 }
1221 
dh_safe_prime_keyver_test(int id)1222 static int dh_safe_prime_keyver_test(int id)
1223 {
1224     int ret = 0;
1225     BN_CTX *bn_ctx = NULL;
1226     EVP_PKEY_CTX *key_ctx = NULL;
1227     EVP_PKEY *pkey = NULL;
1228     const struct dh_safe_prime_keyver_st *tst = &dh_safe_prime_keyver_data[id];
1229 
1230     if (!TEST_ptr(bn_ctx = BN_CTX_new_ex(libctx))
1231         || !TEST_true(dh_create_pkey(&pkey, tst->group_name,
1232                                      tst->pub, tst->pub_len,
1233                                      tst->priv, tst->priv_len, bn_ctx, 1))
1234         || !TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, ""))
1235         || !TEST_int_eq(EVP_PKEY_check(key_ctx), tst->pass))
1236         goto err;
1237 
1238     ret = 1;
1239 err:
1240     EVP_PKEY_free(pkey);
1241     EVP_PKEY_CTX_free(key_ctx);
1242     BN_CTX_free(bn_ctx);
1243     return ret;
1244 }
1245 #endif /* OPENSSL_NO_DH */
1246 
1247 
rsa_create_pkey(EVP_PKEY ** pkey,const unsigned char * n,size_t n_len,const unsigned char * e,size_t e_len,const unsigned char * d,size_t d_len,BN_CTX * bn_ctx)1248 static int rsa_create_pkey(EVP_PKEY **pkey,
1249                            const unsigned char *n, size_t n_len,
1250                            const unsigned char *e, size_t e_len,
1251                            const unsigned char *d, size_t d_len,
1252                            BN_CTX *bn_ctx)
1253 {
1254     int ret = 0;
1255     EVP_PKEY_CTX *ctx = NULL;
1256     OSSL_PARAM_BLD *bld = NULL;
1257     OSSL_PARAM *params = NULL;
1258     BIGNUM *e_bn = NULL, *d_bn = NULL, *n_bn = NULL;
1259 
1260     if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
1261         || !TEST_ptr(n_bn = BN_CTX_get(bn_ctx))
1262         || !TEST_ptr(BN_bin2bn(n, n_len, n_bn))
1263         || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_N, n_bn)))
1264         goto err;
1265 
1266     if (e != NULL) {
1267         if (!TEST_ptr(e_bn = BN_CTX_get(bn_ctx))
1268             || !TEST_ptr(BN_bin2bn(e, e_len, e_bn))
1269             || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_E,
1270                           e_bn)))
1271             goto err;
1272     }
1273     if (d != NULL) {
1274         if (!TEST_ptr(d_bn = BN_CTX_get(bn_ctx))
1275             || !TEST_ptr(BN_bin2bn(d, d_len, d_bn))
1276             || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_D,
1277                           d_bn)))
1278             goto err;
1279     }
1280     if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
1281         || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "RSA", NULL))
1282         || !TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1)
1283         || !TEST_int_eq(EVP_PKEY_fromdata(ctx, pkey, EVP_PKEY_KEYPAIR, params),
1284                         1))
1285         goto err;
1286 
1287     ret = 1;
1288 err:
1289     OSSL_PARAM_free(params);
1290     OSSL_PARAM_BLD_free(bld);
1291     EVP_PKEY_CTX_free(ctx);
1292     return ret;
1293 }
1294 
rsa_keygen_test(int id)1295 static int rsa_keygen_test(int id)
1296 {
1297     int ret = 0;
1298     EVP_PKEY_CTX *ctx = NULL;
1299     EVP_PKEY *pkey = NULL;
1300     BIGNUM *e_bn = NULL;
1301     BIGNUM *xp1_bn = NULL, *xp2_bn = NULL, *xp_bn = NULL;
1302     BIGNUM *xq1_bn = NULL, *xq2_bn = NULL, *xq_bn = NULL;
1303     unsigned char *n = NULL, *d = NULL;
1304     unsigned char *p = NULL, *p1 = NULL, *p2 = NULL;
1305     unsigned char *q = NULL, *q1 = NULL, *q2 = NULL;
1306     size_t n_len = 0, d_len = 0;
1307     size_t p_len = 0, p1_len = 0, p2_len = 0;
1308     size_t q_len = 0, q1_len = 0, q2_len = 0;
1309     OSSL_PARAM_BLD *bld = NULL;
1310     OSSL_PARAM *params = NULL;
1311     const struct rsa_keygen_st *tst = &rsa_keygen_data[id];
1312 
1313     if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
1314         || !TEST_ptr(xp1_bn = BN_bin2bn(tst->xp1, tst->xp1_len, NULL))
1315         || !TEST_ptr(xp2_bn = BN_bin2bn(tst->xp2, tst->xp2_len, NULL))
1316         || !TEST_ptr(xp_bn = BN_bin2bn(tst->xp, tst->xp_len, NULL))
1317         || !TEST_ptr(xq1_bn = BN_bin2bn(tst->xq1, tst->xq1_len, NULL))
1318         || !TEST_ptr(xq2_bn = BN_bin2bn(tst->xq2, tst->xq2_len, NULL))
1319         || !TEST_ptr(xq_bn = BN_bin2bn(tst->xq, tst->xq_len, NULL))
1320         || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_TEST_XP1,
1321                                              xp1_bn))
1322         || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_TEST_XP2,
1323                                              xp2_bn))
1324         || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_TEST_XP,
1325                                              xp_bn))
1326         || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_TEST_XQ1,
1327                                              xq1_bn))
1328         || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_TEST_XQ2,
1329                                              xq2_bn))
1330         || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_TEST_XQ,
1331                                              xq_bn))
1332         || !TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
1333         goto err;
1334 
1335     if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "RSA", NULL))
1336         || !TEST_ptr(e_bn = BN_bin2bn(tst->e, tst->e_len, NULL))
1337         || !TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
1338         || !TEST_int_gt(EVP_PKEY_CTX_set_params(ctx, params), 0)
1339         || !TEST_int_gt(EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, tst->mod), 0)
1340         || !TEST_int_gt(EVP_PKEY_CTX_set1_rsa_keygen_pubexp(ctx, e_bn), 0)
1341         || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0)
1342         || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_TEST_P1,
1343                                         &p1, &p1_len))
1344         || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_TEST_P2,
1345                                         &p2, &p2_len))
1346         || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_TEST_Q1,
1347                                         &q1, &q1_len))
1348         || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_TEST_Q2,
1349                                         &q2, &q2_len))
1350         || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_FACTOR1,
1351                                         &p, &p_len))
1352         || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_FACTOR2,
1353                                         &q, &q_len))
1354         || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_N,
1355                                         &n, &n_len))
1356         || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_D,
1357                                         &d, &d_len)))
1358         goto err;
1359 
1360     if (!TEST_mem_eq(tst->p1, tst->p1_len, p1, p1_len)
1361         || !TEST_mem_eq(tst->p2, tst->p2_len, p2, p2_len)
1362         || !TEST_mem_eq(tst->p, tst->p_len, p, p_len)
1363         || !TEST_mem_eq(tst->q1, tst->q1_len, q1, q1_len)
1364         || !TEST_mem_eq(tst->q2, tst->q2_len, q2, q2_len)
1365         || !TEST_mem_eq(tst->q, tst->q_len, q, q_len)
1366         || !TEST_mem_eq(tst->n, tst->n_len, n, n_len)
1367         || !TEST_mem_eq(tst->d, tst->d_len, d, d_len))
1368         goto err;
1369 
1370     test_output_memory("p1", p1, p1_len);
1371     test_output_memory("p2", p2, p2_len);
1372     test_output_memory("p", p, p_len);
1373     test_output_memory("q1", q1, q1_len);
1374     test_output_memory("q2", q2, q2_len);
1375     test_output_memory("q", q, q_len);
1376     test_output_memory("n", n, n_len);
1377     test_output_memory("d", d, d_len);
1378     ret = 1;
1379 err:
1380     BN_free(xp1_bn);
1381     BN_free(xp2_bn);
1382     BN_free(xp_bn);
1383     BN_free(xq1_bn);
1384     BN_free(xq2_bn);
1385     BN_free(xq_bn);
1386     BN_free(e_bn);
1387     OPENSSL_free(p1);
1388     OPENSSL_free(p2);
1389     OPENSSL_free(q1);
1390     OPENSSL_free(q2);
1391     OPENSSL_free(p);
1392     OPENSSL_free(q);
1393     OPENSSL_free(n);
1394     OPENSSL_free(d);
1395     EVP_PKEY_free(pkey);
1396     EVP_PKEY_CTX_free(ctx);
1397     OSSL_PARAM_free(params);
1398     OSSL_PARAM_BLD_free(bld);
1399     return ret;
1400 }
1401 
rsa_siggen_test(int id)1402 static int rsa_siggen_test(int id)
1403 {
1404     int ret = 0;
1405     EVP_PKEY *pkey = NULL;
1406     unsigned char *sig = NULL, *n = NULL, *e = NULL;
1407     size_t sig_len = 0, n_len = 0, e_len = 0;
1408     OSSL_PARAM params[4], *p;
1409     const struct rsa_siggen_st *tst = &rsa_siggen_data[id];
1410     int salt_len = tst->pss_salt_len;
1411 
1412     if (!rsa_sign_x931_pad_allowed
1413             && (strcmp(tst->sig_pad_mode, OSSL_PKEY_RSA_PAD_MODE_X931) == 0))
1414         return TEST_skip("x931 signing is not allowed");
1415 
1416     TEST_note("RSA %s signature generation", tst->sig_pad_mode);
1417 
1418     p = params;
1419     *p++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_PAD_MODE,
1420                                             (char *)tst->sig_pad_mode, 0);
1421     *p++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
1422                                             (char *)tst->digest_alg, 0);
1423     if (salt_len >= 0)
1424         *p++ = OSSL_PARAM_construct_int(OSSL_SIGNATURE_PARAM_PSS_SALTLEN,
1425                                         &salt_len);
1426     *p++ = OSSL_PARAM_construct_end();
1427 
1428     if (!TEST_ptr(pkey = EVP_PKEY_Q_keygen(libctx, NULL, "RSA", tst->mod))
1429         || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_N, &n, &n_len))
1430         || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_E, &e, &e_len))
1431         || !TEST_true(sig_gen(pkey, params, tst->digest_alg,
1432                               tst->msg, tst->msg_len,
1433                               &sig, &sig_len)))
1434         goto err;
1435     test_output_memory("n", n, n_len);
1436     test_output_memory("e", e, e_len);
1437     test_output_memory("sig", sig, sig_len);
1438     ret = 1;
1439 err:
1440     OPENSSL_free(n);
1441     OPENSSL_free(e);
1442     OPENSSL_free(sig);
1443     EVP_PKEY_free(pkey);
1444     return ret;
1445 }
1446 
rsa_sigver_test(int id)1447 static int rsa_sigver_test(int id)
1448 {
1449     int ret = 0;
1450     EVP_PKEY_CTX *pkey_ctx = NULL;
1451     EVP_PKEY *pkey = NULL;
1452     EVP_MD_CTX *md_ctx = NULL;
1453     BN_CTX *bn_ctx = NULL;
1454     OSSL_PARAM params[4], *p;
1455     const struct rsa_sigver_st *tst  = &rsa_sigver_data[id];
1456     int salt_len = tst->pss_salt_len;
1457 
1458     TEST_note("RSA %s Signature Verify : expected to %s ", tst->sig_pad_mode,
1459                tst->pass == PASS ? "pass" : "fail");
1460 
1461     p = params;
1462     *p++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_PAD_MODE,
1463                                             (char *)tst->sig_pad_mode, 0);
1464     *p++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
1465                                             (char *)tst->digest_alg, 0);
1466     if (salt_len >= 0)
1467         *p++ = OSSL_PARAM_construct_int(OSSL_SIGNATURE_PARAM_PSS_SALTLEN,
1468                                         &salt_len);
1469     *p = OSSL_PARAM_construct_end();
1470 
1471     if (!TEST_ptr(bn_ctx = BN_CTX_new())
1472         || !TEST_true(rsa_create_pkey(&pkey, tst->n, tst->n_len,
1473                                       tst->e, tst->e_len, NULL, 0, bn_ctx))
1474         || !TEST_ptr(md_ctx = EVP_MD_CTX_new())
1475         || !TEST_true(EVP_DigestVerifyInit_ex(md_ctx, &pkey_ctx,
1476                                               tst->digest_alg, libctx, NULL,
1477                                               pkey, NULL))
1478         || !check_verify_message(pkey_ctx, 1)
1479         || !TEST_true(EVP_PKEY_CTX_set_params(pkey_ctx, params))
1480         || !TEST_int_eq(EVP_DigestVerify(md_ctx, tst->sig, tst->sig_len,
1481                                          tst->msg, tst->msg_len), tst->pass)
1482         || !check_verify_message(pkey_ctx, 1)
1483         || !TEST_true(EVP_PKEY_verify_init(pkey_ctx))
1484         || !check_verify_message(pkey_ctx, 0))
1485         goto err;
1486 
1487     ret = 1;
1488 err:
1489     EVP_PKEY_free(pkey);
1490     BN_CTX_free(bn_ctx);
1491     EVP_MD_CTX_free(md_ctx);
1492     return ret;
1493 }
1494 
rsa_decryption_primitive_test(int id)1495 static int rsa_decryption_primitive_test(int id)
1496 {
1497     int ret = 0;
1498     EVP_PKEY_CTX *ctx = NULL;
1499     EVP_PKEY *pkey = NULL;
1500     unsigned char pt[2048];
1501     size_t pt_len = sizeof(pt);
1502     unsigned char *n = NULL, *e = NULL;
1503     size_t n_len = 0, e_len = 0;
1504     BN_CTX *bn_ctx = NULL;
1505     const struct rsa_decrypt_prim_st *tst  = &rsa_decrypt_prim_data[id];
1506 
1507     if (!TEST_ptr(pkey = EVP_PKEY_Q_keygen(libctx, NULL, "RSA", (size_t)2048))
1508         || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_N, &n, &n_len))
1509         || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_E, &e, &e_len))
1510         || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, ""))
1511         || !TEST_int_gt(EVP_PKEY_decrypt_init(ctx), 0)
1512         || !TEST_int_gt(EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_NO_PADDING), 0))
1513         goto err;
1514 
1515     test_output_memory("n", n, n_len);
1516     test_output_memory("e", e, e_len);
1517     if (EVP_PKEY_decrypt(ctx, pt, &pt_len, tst->ct, tst->ct_len) <= 0)
1518         TEST_note("Decryption Failed");
1519     else
1520         test_output_memory("pt", pt, pt_len);
1521     ret = 1;
1522 err:
1523     OPENSSL_free(n);
1524     OPENSSL_free(e);
1525     EVP_PKEY_CTX_free(ctx);
1526     EVP_PKEY_free(pkey);
1527     BN_CTX_free(bn_ctx);
1528     return ret;
1529 }
1530 
self_test_events(const OSSL_PARAM params[],void * varg)1531 static int self_test_events(const OSSL_PARAM params[], void *varg)
1532 {
1533     SELF_TEST_ARGS *args = varg;
1534     const OSSL_PARAM *p = NULL;
1535     const char *phase = NULL, *type = NULL, *desc = NULL;
1536     int ret = 0;
1537 
1538     if (!args->enable)
1539         return 1;
1540 
1541     args->called++;
1542     p = OSSL_PARAM_locate_const(params, OSSL_PROV_PARAM_SELF_TEST_PHASE);
1543     if (p == NULL || p->data_type != OSSL_PARAM_UTF8_STRING)
1544         goto err;
1545     phase = (const char *)p->data;
1546 
1547     p = OSSL_PARAM_locate_const(params, OSSL_PROV_PARAM_SELF_TEST_DESC);
1548     if (p == NULL || p->data_type != OSSL_PARAM_UTF8_STRING)
1549         goto err;
1550     desc = (const char *)p->data;
1551 
1552     p = OSSL_PARAM_locate_const(params, OSSL_PROV_PARAM_SELF_TEST_TYPE);
1553     if (p == NULL || p->data_type != OSSL_PARAM_UTF8_STRING)
1554         goto err;
1555     type = (const char *)p->data;
1556 
1557     BIO_printf(bio_out, "%s %s %s\n", phase, desc, type);
1558     ret = 1;
1559 err:
1560     return ret;
1561 }
1562 
drbg_test(int id)1563 static int drbg_test(int id)
1564 {
1565     OSSL_PARAM params[3];
1566     EVP_RAND *rand = NULL;
1567     EVP_RAND_CTX *ctx = NULL, *parent = NULL;
1568     unsigned char returned_bits[64];
1569     const size_t returned_bits_len = sizeof(returned_bits);
1570     unsigned int strength = 256;
1571     const struct drbg_st *tst  = &drbg_data[id];
1572     int res = 0;
1573 
1574     /* Create the seed source */
1575     if (!TEST_ptr(rand = EVP_RAND_fetch(libctx, "TEST-RAND", "-fips"))
1576         || !TEST_ptr(parent = EVP_RAND_CTX_new(rand, NULL)))
1577         goto err;
1578     EVP_RAND_free(rand);
1579     rand = NULL;
1580 
1581     params[0] = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_STRENGTH, &strength);
1582     params[1] = OSSL_PARAM_construct_end();
1583     if (!TEST_true(EVP_RAND_CTX_set_params(parent, params)))
1584         goto err;
1585 
1586     /* Get the DRBG */
1587     if (!TEST_ptr(rand = EVP_RAND_fetch(libctx, tst->drbg_name, ""))
1588         || !TEST_ptr(ctx = EVP_RAND_CTX_new(rand, parent)))
1589         goto err;
1590 
1591     /* Set the DRBG up */
1592     params[0] = OSSL_PARAM_construct_int(OSSL_DRBG_PARAM_USE_DF,
1593                                          (int *)&tst->use_df);
1594     params[1] = OSSL_PARAM_construct_utf8_string(OSSL_DRBG_PARAM_CIPHER,
1595                                                  (char *)tst->cipher, 0);
1596     params[2] = OSSL_PARAM_construct_end();
1597     if (!TEST_true(EVP_RAND_CTX_set_params(ctx, params)))
1598         goto err;
1599 
1600     /* Feed in the entropy and nonce */
1601     params[0] = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY,
1602                                                   (void *)tst->entropy_input,
1603                                                   tst->entropy_input_len);
1604     params[1] = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_NONCE,
1605                                                   (void *)tst->nonce,
1606                                                   tst->nonce_len);
1607     params[2] = OSSL_PARAM_construct_end();
1608     if (!TEST_true(EVP_RAND_CTX_set_params(parent, params)))
1609         goto err;
1610 
1611     /*
1612      * Run the test
1613      * A NULL personalisation string defaults to the built in so something
1614      * non-NULL is needed if there is no personalisation string
1615      */
1616     if (!TEST_true(EVP_RAND_instantiate(ctx, 0, 0, (void *)"", 0, NULL))
1617         || !TEST_true(EVP_RAND_generate(ctx, returned_bits, returned_bits_len,
1618                                         0, 0, NULL, 0))
1619         || !TEST_true(EVP_RAND_generate(ctx, returned_bits, returned_bits_len,
1620                                         0, 0, NULL, 0)))
1621         goto err;
1622 
1623     test_output_memory("returned bits", returned_bits, returned_bits_len);
1624 
1625     /* Clean up */
1626     if (!TEST_true(EVP_RAND_uninstantiate(ctx))
1627         || !TEST_true(EVP_RAND_uninstantiate(parent)))
1628         goto err;
1629 
1630     /* Verify the output */
1631     if (!TEST_mem_eq(returned_bits, returned_bits_len,
1632                      tst->returned_bits, tst->returned_bits_len))
1633         goto err;
1634     res = 1;
1635 err:
1636     EVP_RAND_CTX_free(ctx);
1637     /* Coverity is confused by the upref/free in EVP_RAND_CTX_new() subdue it */
1638     /* coverity[pass_freed_arg] */
1639     EVP_RAND_CTX_free(parent);
1640     EVP_RAND_free(rand);
1641     return res;
1642 }
1643 
aes_cfb1_bits_test(void)1644 static int aes_cfb1_bits_test(void)
1645 {
1646     int ret = 0;
1647     EVP_CIPHER *cipher = NULL;
1648     EVP_CIPHER_CTX *ctx = NULL;
1649     unsigned char out[16] = { 0 };
1650     int outlen;
1651     const OSSL_PARAM *params, *p;
1652 
1653     static const unsigned char key[] = {
1654         0x12, 0x22, 0x58, 0x2F, 0x1C, 0x1A, 0x8A, 0x88,
1655         0x30, 0xFC, 0x18, 0xB7, 0x24, 0x89, 0x7F, 0xC0
1656     };
1657     static const unsigned char iv[] = {
1658         0x05, 0x28, 0xB5, 0x2B, 0x58, 0x27, 0x63, 0x5C,
1659         0x81, 0x86, 0xD3, 0x63, 0x60, 0xB0, 0xAA, 0x2B
1660     };
1661     static const unsigned char pt[] = {
1662         0xB4
1663     };
1664     static const unsigned char expected[] = {
1665         0x6C
1666     };
1667 
1668     if (!TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, "AES-128-CFB1", "fips=yes")))
1669         goto err;
1670     if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()))
1671         goto err;
1672     if (!TEST_int_gt(EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, 1), 0))
1673         goto err;
1674     if (!TEST_ptr(params = EVP_CIPHER_CTX_settable_params(ctx))
1675         || !TEST_ptr(p = OSSL_PARAM_locate_const(params,
1676                                                  OSSL_CIPHER_PARAM_USE_BITS)))
1677         goto err;
1678     EVP_CIPHER_CTX_set_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS);
1679     if (!TEST_int_gt(EVP_CipherUpdate(ctx, out, &outlen, pt, 7), 0))
1680         goto err;
1681     if (!TEST_int_eq(outlen, 7))
1682         goto err;
1683     if (!TEST_mem_eq(out, (outlen + 7) / 8, expected, sizeof(expected)))
1684         goto err;
1685     ret = 1;
1686 err:
1687     EVP_CIPHER_free(cipher);
1688     EVP_CIPHER_CTX_free(ctx);
1689     return ret;
1690 }
1691 
setup_tests(void)1692 int setup_tests(void)
1693 {
1694     char *config_file = NULL;
1695 
1696     OPTION_CHOICE o;
1697 
1698     while ((o = opt_next()) != OPT_EOF) {
1699         switch (o) {
1700         case OPT_CONFIG_FILE:
1701             config_file = opt_arg();
1702             break;
1703         case OPT_TEST_CASES:
1704            break;
1705         default:
1706         case OPT_ERR:
1707             return 0;
1708         }
1709     }
1710 
1711     if (!test_get_libctx(&libctx, &prov_null, config_file, NULL, NULL))
1712         return 0;
1713 
1714     OSSL_SELF_TEST_set_callback(libctx, self_test_events, &self_test_args);
1715 
1716     ADD_TEST(aes_cfb1_bits_test);
1717     ADD_ALL_TESTS(cipher_enc_dec_test, OSSL_NELEM(cipher_enc_data));
1718     ADD_ALL_TESTS(aes_ccm_enc_dec_test, OSSL_NELEM(aes_ccm_enc_data));
1719     ADD_ALL_TESTS(aes_gcm_enc_dec_test, OSSL_NELEM(aes_gcm_enc_data));
1720     if (fips_provider_version_ge(libctx, 3, 4, 0))
1721         ADD_TEST(aes_gcm_gen_iv_internal_test);
1722 
1723     pass_sig_gen_params = fips_provider_version_ge(libctx, 3, 4, 0);
1724     rsa_sign_x931_pad_allowed = fips_provider_version_lt(libctx, 3, 4, 0);
1725     ADD_ALL_TESTS(rsa_keygen_test, OSSL_NELEM(rsa_keygen_data));
1726     ADD_ALL_TESTS(rsa_siggen_test, OSSL_NELEM(rsa_siggen_data));
1727     ADD_ALL_TESTS(rsa_sigver_test, OSSL_NELEM(rsa_sigver_data));
1728     ADD_ALL_TESTS(rsa_decryption_primitive_test,
1729                   OSSL_NELEM(rsa_decrypt_prim_data));
1730 
1731 #ifndef OPENSSL_NO_DH
1732     ADD_ALL_TESTS(dh_safe_prime_keygen_test,
1733                   OSSL_NELEM(dh_safe_prime_keygen_data));
1734     ADD_ALL_TESTS(dh_safe_prime_keyver_test,
1735                   OSSL_NELEM(dh_safe_prime_keyver_data));
1736 #endif /* OPENSSL_NO_DH */
1737 
1738 #ifndef OPENSSL_NO_DSA
1739     dsasign_allowed = fips_provider_version_lt(libctx, 3, 4, 0);
1740     ADD_ALL_TESTS(dsa_keygen_test, OSSL_NELEM(dsa_keygen_data));
1741     ADD_ALL_TESTS(dsa_paramgen_test, OSSL_NELEM(dsa_paramgen_data));
1742     ADD_ALL_TESTS(dsa_pqver_test, OSSL_NELEM(dsa_pqver_data));
1743     ADD_ALL_TESTS(dsa_siggen_test, OSSL_NELEM(dsa_siggen_data));
1744     ADD_ALL_TESTS(dsa_sigver_test, OSSL_NELEM(dsa_sigver_data));
1745 #endif /* OPENSSL_NO_DSA */
1746 
1747 #ifndef OPENSSL_NO_EC
1748     ec_cofactors = fips_provider_version_ge(libctx, 3, 4, 0);
1749     ADD_ALL_TESTS(ecdsa_keygen_test, OSSL_NELEM(ecdsa_keygen_data));
1750     ADD_ALL_TESTS(ecdsa_pub_verify_test, OSSL_NELEM(ecdsa_pv_data));
1751     ADD_ALL_TESTS(ecdsa_siggen_test, OSSL_NELEM(ecdsa_siggen_data));
1752     ADD_ALL_TESTS(ecdsa_sigver_test, OSSL_NELEM(ecdsa_sigver_data));
1753     ADD_ALL_TESTS(ecdh_cofactor_derive_test,
1754                   OSSL_NELEM(ecdh_cofactor_derive_data));
1755 #endif /* OPENSSL_NO_EC */
1756 
1757 #ifndef OPENSSL_NO_ECX
1758     if (fips_provider_version_ge(libctx, 3, 4, 0)) {
1759         ADD_ALL_TESTS(eddsa_keygen_test, OSSL_NELEM(eddsa_pv_data));
1760         ADD_ALL_TESTS(eddsa_pub_verify_test, OSSL_NELEM(eddsa_pv_data));
1761     }
1762 #endif
1763     ADD_ALL_TESTS(drbg_test, OSSL_NELEM(drbg_data));
1764     return 1;
1765 }
1766 
cleanup_tests(void)1767 void cleanup_tests(void)
1768 {
1769     OSSL_PROVIDER_unload(prov_null);
1770     OSSL_LIB_CTX_free(libctx);
1771 }
1772