1 /*
2 * Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 /*
11 * A set of tests demonstrating uses cases for CAVS/ACVP testing.
12 *
13 * For examples of testing KDF's, Digests, KeyAgreement & DRBG's refer to
14 * providers/fips/self_test_kats.c
15 */
16
17 #include <string.h>
18 #include <openssl/opensslconf.h> /* To see if OPENSSL_NO_EC is defined */
19 #include <openssl/core_names.h>
20 #include <openssl/evp.h>
21 #include <openssl/ec.h>
22 #include <openssl/dh.h>
23 #include <openssl/dsa.h>
24 #include <openssl/rsa.h>
25 #include <openssl/param_build.h>
26 #include <openssl/provider.h>
27 #include <openssl/self_test.h>
28 #include "testutil.h"
29 #include "testutil/output.h"
30 #include "acvp_test.inc"
31 #include "internal/nelem.h"
32
33 typedef enum OPTION_choice {
34 OPT_ERR = -1,
35 OPT_EOF = 0,
36 OPT_CONFIG_FILE,
37 OPT_TEST_ENUM
38 } OPTION_CHOICE;
39
40 typedef struct st_args {
41 int enable;
42 int called;
43 } SELF_TEST_ARGS;
44
45 static OSSL_PROVIDER *prov_null = NULL;
46 static OSSL_LIB_CTX *libctx = NULL;
47 static SELF_TEST_ARGS self_test_args = { 0 };
48 static OSSL_CALLBACK self_test_events;
49 static int pass_sig_gen_params = 1;
50 static int rsa_sign_x931_pad_allowed = 1;
51 #ifndef OPENSSL_NO_DSA
52 static int dsasign_allowed = 1;
53 #endif
54 #ifndef OPENSSL_NO_EC
55 static int ec_cofactors = 1;
56 #endif
57
test_get_options(void)58 const OPTIONS *test_get_options(void)
59 {
60 static const OPTIONS test_options[] = {
61 OPT_TEST_OPTIONS_DEFAULT_USAGE,
62 { "config", OPT_CONFIG_FILE, '<',
63 "The configuration file to use for the libctx" },
64 { NULL }
65 };
66 return test_options;
67 }
68
pkey_get_bn_bytes(EVP_PKEY * pkey,const char * name,unsigned char ** out,size_t * out_len)69 static int pkey_get_bn_bytes(EVP_PKEY *pkey, const char *name,
70 unsigned char **out, size_t *out_len)
71 {
72 unsigned char *buf = NULL;
73 BIGNUM *bn = NULL;
74 int sz;
75
76 if (!EVP_PKEY_get_bn_param(pkey, name, &bn))
77 goto err;
78 sz = BN_num_bytes(bn);
79 buf = OPENSSL_zalloc(sz);
80 if (buf == NULL)
81 goto err;
82 if (BN_bn2binpad(bn, buf, sz) <= 0)
83 goto err;
84
85 *out_len = sz;
86 *out = buf;
87 BN_free(bn);
88 return 1;
89 err:
90 OPENSSL_free(buf);
91 BN_free(bn);
92 return 0;
93 }
94
sig_gen(EVP_PKEY * pkey,OSSL_PARAM * params,const char * digest_name,const unsigned char * msg,size_t msg_len,unsigned char ** sig_out,size_t * sig_out_len)95 static int sig_gen(EVP_PKEY *pkey, OSSL_PARAM *params, const char *digest_name,
96 const unsigned char *msg, size_t msg_len,
97 unsigned char **sig_out, size_t *sig_out_len)
98 {
99 int ret = 0;
100 EVP_MD_CTX *md_ctx = NULL;
101 unsigned char *sig = NULL;
102 size_t sig_len;
103 size_t sz = EVP_PKEY_get_size(pkey);
104 OSSL_PARAM *p = pass_sig_gen_params ? params : NULL;
105
106 sig_len = sz;
107 if (!TEST_ptr(sig = OPENSSL_malloc(sz))
108 || !TEST_ptr(md_ctx = EVP_MD_CTX_new())
109 || !TEST_int_eq(EVP_DigestSignInit_ex(md_ctx, NULL, digest_name, libctx,
110 NULL, pkey, p), 1)
111 || !TEST_int_gt(EVP_DigestSign(md_ctx, sig, &sig_len, msg, msg_len), 0))
112 goto err;
113 *sig_out = sig;
114 *sig_out_len = sig_len;
115 sig = NULL;
116 ret = 1;
117 err:
118 OPENSSL_free(sig);
119 EVP_MD_CTX_free(md_ctx);
120 return ret;
121 }
122
check_verify_message(EVP_PKEY_CTX * pkey_ctx,int expected)123 static int check_verify_message(EVP_PKEY_CTX *pkey_ctx, int expected)
124 {
125 OSSL_PARAM params[2], *p = params;
126 int verify_message = -1;
127
128 if (!OSSL_PROVIDER_available(libctx, "fips")
129 || fips_provider_version_match(libctx, "<3.4.0"))
130 return 1;
131
132 *p++ = OSSL_PARAM_construct_int(OSSL_SIGNATURE_PARAM_FIPS_VERIFY_MESSAGE,
133 &verify_message);
134 *p = OSSL_PARAM_construct_end();
135
136 if (!TEST_true(EVP_PKEY_CTX_get_params(pkey_ctx, params))
137 || !TEST_int_eq(verify_message, expected))
138 return 0;
139 return 1;
140 }
141
142 #ifndef OPENSSL_NO_EC
ecdsa_keygen_test(int id)143 static int ecdsa_keygen_test(int id)
144 {
145 int ret = 0;
146 EVP_PKEY *pkey = NULL;
147 unsigned char *priv = NULL;
148 unsigned char *pubx = NULL, *puby = NULL;
149 size_t priv_len = 0, pubx_len = 0, puby_len = 0;
150 const struct ecdsa_keygen_st *tst = &ecdsa_keygen_data[id];
151
152 self_test_args.called = 0;
153 self_test_args.enable = 1;
154 if (!TEST_ptr(pkey = EVP_PKEY_Q_keygen(libctx, NULL, "EC", tst->curve_name))
155 || !TEST_int_ge(self_test_args.called, 3)
156 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_PRIV_KEY, &priv,
157 &priv_len))
158 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_EC_PUB_X, &pubx,
159 &pubx_len))
160 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_EC_PUB_Y, &puby,
161 &puby_len)))
162 goto err;
163
164 test_output_memory("qy", puby, puby_len);
165 test_output_memory("qx", pubx, pubx_len);
166 test_output_memory("d", priv, priv_len);
167 ret = 1;
168 err:
169 self_test_args.enable = 0;
170 self_test_args.called = 0;
171 OPENSSL_clear_free(priv, priv_len);
172 OPENSSL_free(pubx);
173 OPENSSL_free(puby);
174 EVP_PKEY_free(pkey);
175 return ret;
176 }
177
ecdsa_create_pkey(EVP_PKEY ** pkey,const char * curve_name,const unsigned char * pub,size_t pub_len,int expected)178 static int ecdsa_create_pkey(EVP_PKEY **pkey, const char *curve_name,
179 const unsigned char *pub, size_t pub_len,
180 int expected)
181 {
182 int ret = 0;
183 EVP_PKEY_CTX *ctx = NULL;
184 OSSL_PARAM_BLD *bld = NULL;
185 OSSL_PARAM *params = NULL;
186
187 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
188 || (curve_name != NULL
189 && !TEST_true(OSSL_PARAM_BLD_push_utf8_string(
190 bld, OSSL_PKEY_PARAM_GROUP_NAME, curve_name, 0) > 0))
191 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
192 OSSL_PKEY_PARAM_PUB_KEY,
193 pub, pub_len) > 0)
194 || !TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
195 || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "EC", NULL))
196 || !TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1)
197 || !TEST_int_eq(EVP_PKEY_fromdata(ctx, pkey, EVP_PKEY_PUBLIC_KEY,
198 params), expected))
199 goto err;
200
201 ret = 1;
202 err:
203 OSSL_PARAM_free(params);
204 OSSL_PARAM_BLD_free(bld);
205 EVP_PKEY_CTX_free(ctx);
206 return ret;
207 }
208
ecdsa_pub_verify_test(int id)209 static int ecdsa_pub_verify_test(int id)
210 {
211 const struct ecdsa_pub_verify_st *tst = &ecdsa_pv_data[id];
212
213 int ret = 0;
214 EVP_PKEY_CTX *key_ctx = NULL;
215 EVP_PKEY *pkey = NULL;
216
217 if (!TEST_true(ecdsa_create_pkey(&pkey, tst->curve_name,
218 tst->pub, tst->pub_len, tst->pass)))
219 goto err;
220
221 if (tst->pass) {
222 if (!TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, ""))
223 || !TEST_int_eq(EVP_PKEY_public_check(key_ctx), tst->pass))
224 goto err;
225 }
226 ret = 1;
227 err:
228 EVP_PKEY_free(pkey);
229 EVP_PKEY_CTX_free(key_ctx);
230 return ret;
231 }
232
233 /* Extract r and s from an ecdsa signature */
get_ecdsa_sig_rs_bytes(const unsigned char * sig,size_t sig_len,unsigned char ** r,unsigned char ** s,size_t * rlen,size_t * slen)234 static int get_ecdsa_sig_rs_bytes(const unsigned char *sig, size_t sig_len,
235 unsigned char **r, unsigned char **s,
236 size_t *rlen, size_t *slen)
237 {
238 int ret = 0;
239 unsigned char *rbuf = NULL, *sbuf = NULL;
240 size_t r1_len, s1_len;
241 const BIGNUM *r1, *s1;
242 ECDSA_SIG *sign = d2i_ECDSA_SIG(NULL, &sig, sig_len);
243
244 if (sign == NULL)
245 return 0;
246 r1 = ECDSA_SIG_get0_r(sign);
247 s1 = ECDSA_SIG_get0_s(sign);
248 if (r1 == NULL || s1 == NULL)
249 goto err;
250
251 r1_len = BN_num_bytes(r1);
252 s1_len = BN_num_bytes(s1);
253 rbuf = OPENSSL_zalloc(r1_len);
254 sbuf = OPENSSL_zalloc(s1_len);
255 if (rbuf == NULL || sbuf == NULL)
256 goto err;
257 if (BN_bn2binpad(r1, rbuf, r1_len) <= 0)
258 goto err;
259 if (BN_bn2binpad(s1, sbuf, s1_len) <= 0)
260 goto err;
261 *r = rbuf;
262 *s = sbuf;
263 *rlen = r1_len;
264 *slen = s1_len;
265 ret = 1;
266 err:
267 if (ret == 0) {
268 OPENSSL_free(rbuf);
269 OPENSSL_free(sbuf);
270 }
271 ECDSA_SIG_free(sign);
272 return ret;
273 }
274
ecdsa_siggen_test(int id)275 static int ecdsa_siggen_test(int id)
276 {
277 int ret = 0;
278 EVP_PKEY *pkey = NULL;
279 size_t sig_len = 0, rlen = 0, slen = 0;
280 unsigned char *sig = NULL;
281 unsigned char *r = NULL, *s = NULL;
282 const struct ecdsa_siggen_st *tst = &ecdsa_siggen_data[id];
283
284 if (!TEST_ptr(pkey = EVP_PKEY_Q_keygen(libctx, NULL, "EC", tst->curve_name)))
285 goto err;
286
287 if (!TEST_true(sig_gen(pkey, NULL, tst->digest_alg, tst->msg, tst->msg_len,
288 &sig, &sig_len))
289 || !TEST_true(get_ecdsa_sig_rs_bytes(sig, sig_len, &r, &s, &rlen, &slen)))
290 goto err;
291 test_output_memory("r", r, rlen);
292 test_output_memory("s", s, slen);
293 ret = 1;
294 err:
295 OPENSSL_free(r);
296 OPENSSL_free(s);
297 OPENSSL_free(sig);
298 EVP_PKEY_free(pkey);
299 return ret;
300 }
301
ecdsa_sigver_test(int id)302 static int ecdsa_sigver_test(int id)
303 {
304 int ret = 0;
305 EVP_MD_CTX *md_ctx = NULL;
306 EVP_PKEY *pkey = NULL;
307 EVP_PKEY_CTX *pkey_ctx;
308 ECDSA_SIG *sign = NULL;
309 size_t sig_len;
310 unsigned char *sig = NULL;
311 BIGNUM *rbn = NULL, *sbn = NULL;
312 const struct ecdsa_sigver_st *tst = &ecdsa_sigver_data[id];
313
314 if (!TEST_true(ecdsa_create_pkey(&pkey, tst->curve_name,
315 tst->pub, tst->pub_len, 1)))
316 goto err;
317
318 if (!TEST_ptr(sign = ECDSA_SIG_new())
319 || !TEST_ptr(rbn = BN_bin2bn(tst->r, tst->r_len, NULL))
320 || !TEST_ptr(sbn = BN_bin2bn(tst->s, tst->s_len, NULL))
321 || !TEST_true(ECDSA_SIG_set0(sign, rbn, sbn)))
322 goto err;
323 rbn = sbn = NULL;
324
325 if (!TEST_int_gt((sig_len = i2d_ECDSA_SIG(sign, &sig)), 0)
326 || !TEST_ptr(md_ctx = EVP_MD_CTX_new())
327 || !TEST_true(EVP_DigestVerifyInit_ex(md_ctx, NULL, tst->digest_alg,
328 libctx, NULL, pkey, NULL))
329 || !TEST_ptr(pkey_ctx = EVP_MD_CTX_get_pkey_ctx(md_ctx))
330 || !check_verify_message(pkey_ctx, 1)
331 || !TEST_int_eq(EVP_DigestVerify(md_ctx, sig, sig_len,
332 tst->msg, tst->msg_len), tst->pass)
333 || !check_verify_message(pkey_ctx, 1)
334 || !TEST_true(EVP_PKEY_verify_init(pkey_ctx))
335 || !check_verify_message(pkey_ctx, 0))
336 goto err;
337
338 ret = 1;
339 err:
340 BN_free(rbn);
341 BN_free(sbn);
342 OPENSSL_free(sig);
343 ECDSA_SIG_free(sign);
344 EVP_PKEY_free(pkey);
345 EVP_MD_CTX_free(md_ctx);
346 return ret;
347
348 }
349
ecdh_cofactor_derive_test(int tstid)350 static int ecdh_cofactor_derive_test(int tstid)
351 {
352 int ret = 0;
353 const struct ecdh_cofactor_derive_st *t = &ecdh_cofactor_derive_data[tstid];
354 unsigned char secret1[16];
355 size_t secret1_len = sizeof(secret1);
356 const char *curve = "K-283"; /* A curve that has a cofactor that it not 1 */
357 EVP_PKEY *peer1 = NULL, *peer2 = NULL;
358 EVP_PKEY_CTX *p1ctx = NULL;
359 OSSL_PARAM params[2], *prms = NULL;
360 int use_cofactordh = t->key_cofactor;
361 int cofactor_mode = t->derive_cofactor_mode;
362
363 if (!ec_cofactors)
364 return TEST_skip("not supported by FIPS provider version");
365
366 if (!TEST_ptr(peer1 = EVP_PKEY_Q_keygen(libctx, NULL, "EC", curve)))
367 return TEST_skip("Curve %s not supported by the FIPS provider", curve);
368
369 if (!TEST_ptr(peer2 = EVP_PKEY_Q_keygen(libctx, NULL, "EC", curve)))
370 goto err;
371
372 params[1] = OSSL_PARAM_construct_end();
373
374 prms = NULL;
375 if (t->key_cofactor != COFACTOR_NOT_SET) {
376 params[0] = OSSL_PARAM_construct_int(OSSL_PKEY_PARAM_USE_COFACTOR_ECDH,
377 &use_cofactordh);
378 prms = params;
379 }
380 if (!TEST_int_eq(EVP_PKEY_set_params(peer1, prms), 1)
381 || !TEST_ptr(p1ctx = EVP_PKEY_CTX_new_from_pkey(libctx, peer1, NULL)))
382 goto err;
383
384 prms = NULL;
385 if (t->derive_cofactor_mode != COFACTOR_NOT_SET) {
386 params[0] = OSSL_PARAM_construct_int(OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE,
387 &cofactor_mode);
388 prms = params;
389 }
390 if (!TEST_int_eq(EVP_PKEY_derive_init_ex(p1ctx, prms), 1)
391 || !TEST_int_eq(EVP_PKEY_derive_set_peer(p1ctx, peer2), 1)
392 || !TEST_int_eq(EVP_PKEY_derive(p1ctx, secret1, &secret1_len),
393 t->expected))
394 goto err;
395
396 ret = 1;
397 err:
398 if (ret == 0) {
399 static const char *state[] = { "unset", "-1", "disabled", "enabled" };
400
401 TEST_note("ECDH derive() was expected to %s if key cofactor is"
402 "%s and derive mode is %s", t->expected ? "Pass" : "Fail",
403 state[2 + t->key_cofactor], state[2 + t->derive_cofactor_mode]);
404 }
405 EVP_PKEY_free(peer1);
406 EVP_PKEY_free(peer2);
407 EVP_PKEY_CTX_free(p1ctx);
408 return ret;
409 }
410
411 #endif /* OPENSSL_NO_EC */
412
413 #if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECX)
pkey_get_octet_bytes(EVP_PKEY * pkey,const char * name,unsigned char ** out,size_t * out_len)414 static int pkey_get_octet_bytes(EVP_PKEY *pkey, const char *name,
415 unsigned char **out, size_t *out_len)
416 {
417 size_t len = 0;
418 unsigned char *buf = NULL;
419
420 if (!EVP_PKEY_get_octet_string_param(pkey, name, NULL, 0, &len))
421 goto err;
422
423 buf = OPENSSL_zalloc(len);
424 if (buf == NULL)
425 goto err;
426
427 if (!EVP_PKEY_get_octet_string_param(pkey, name, buf, len, out_len))
428 goto err;
429 *out = buf;
430 return 1;
431 err:
432 OPENSSL_free(buf);
433 return 0;
434 }
435 #endif /* !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECX) */
436
437 #ifndef OPENSSL_NO_ECX
eddsa_create_pkey(EVP_PKEY ** pkey,const char * algname,const unsigned char * pub,size_t pub_len,int expected)438 static int eddsa_create_pkey(EVP_PKEY **pkey, const char *algname,
439 const unsigned char *pub, size_t pub_len,
440 int expected)
441 {
442 int ret = 0;
443 EVP_PKEY_CTX *ctx = NULL;
444 OSSL_PARAM_BLD *bld = NULL;
445 OSSL_PARAM *params = NULL;
446
447 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
448 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
449 OSSL_PKEY_PARAM_PUB_KEY,
450 pub, pub_len) > 0)
451 || !TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
452 || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, algname, NULL))
453 || !TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1)
454 || !TEST_int_eq(EVP_PKEY_fromdata(ctx, pkey, EVP_PKEY_PUBLIC_KEY,
455 params), expected))
456 goto err;
457
458 ret = 1;
459 err:
460 OSSL_PARAM_free(params);
461 OSSL_PARAM_BLD_free(bld);
462 EVP_PKEY_CTX_free(ctx);
463 return ret;
464 }
465
eddsa_pub_verify_test(int id)466 static int eddsa_pub_verify_test(int id)
467 {
468 const struct ecdsa_pub_verify_st *tst = &eddsa_pv_data[id];
469 int ret = 0;
470 EVP_PKEY_CTX *key_ctx = NULL;
471 EVP_PKEY *pkey = NULL;
472
473 if (!TEST_true(eddsa_create_pkey(&pkey, tst->curve_name,
474 tst->pub, tst->pub_len, 1)))
475 goto err;
476
477 if (!TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, ""))
478 || !TEST_int_eq(EVP_PKEY_public_check(key_ctx), tst->pass))
479 goto err;
480 ret = 1;
481 err:
482 EVP_PKEY_free(pkey);
483 EVP_PKEY_CTX_free(key_ctx);
484 return ret;
485 }
486
eddsa_keygen_test(int id)487 static int eddsa_keygen_test(int id)
488 {
489 int ret = 0;
490 EVP_PKEY *pkey = NULL;
491 unsigned char *priv = NULL, *pub = NULL;
492 size_t priv_len = 0, pub_len = 0;
493 const struct ecdsa_pub_verify_st *tst = &eddsa_pv_data[id];
494
495 self_test_args.called = 0;
496 self_test_args.enable = 1;
497 if (!TEST_ptr(pkey = EVP_PKEY_Q_keygen(libctx, NULL, tst->curve_name))
498 || !TEST_int_ge(self_test_args.called, 3)
499 || !TEST_true(pkey_get_octet_bytes(pkey, OSSL_PKEY_PARAM_PRIV_KEY,
500 &priv, &priv_len))
501 || !TEST_true(pkey_get_octet_bytes(pkey, OSSL_PKEY_PARAM_PUB_KEY, &pub,
502 &pub_len)))
503 goto err;
504
505 test_output_memory("q", pub, pub_len);
506 test_output_memory("d", priv, priv_len);
507 ret = 1;
508 err:
509 self_test_args.enable = 0;
510 self_test_args.called = 0;
511 OPENSSL_clear_free(priv, priv_len);
512 OPENSSL_free(pub);
513 EVP_PKEY_free(pkey);
514 return ret;
515 }
516
517 #endif /* OPENSSL_NO_ECX */
518
519 #ifndef OPENSSL_NO_DSA
520
dsa_paramgen(int L,int N)521 static EVP_PKEY *dsa_paramgen(int L, int N)
522 {
523 EVP_PKEY_CTX *paramgen_ctx = NULL;
524 EVP_PKEY *param_key = NULL;
525
526 if (!TEST_ptr(paramgen_ctx = EVP_PKEY_CTX_new_from_name(libctx, "DSA", NULL))
527 || !TEST_int_gt(EVP_PKEY_paramgen_init(paramgen_ctx), 0)
528 || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_bits(paramgen_ctx, L))
529 || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_q_bits(paramgen_ctx, N))
530 || !TEST_true(EVP_PKEY_paramgen(paramgen_ctx, ¶m_key)))
531 TEST_info("dsa_paramgen failed");
532 EVP_PKEY_CTX_free(paramgen_ctx);
533 return param_key;
534 }
535
dsa_keygen(int L,int N)536 static EVP_PKEY *dsa_keygen(int L, int N)
537 {
538 EVP_PKEY *param_key = NULL, *key = NULL;
539 EVP_PKEY_CTX *keygen_ctx = NULL;
540
541 if (!TEST_ptr(param_key = dsa_paramgen(L, N))
542 || !TEST_ptr(keygen_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, param_key,
543 NULL))
544 || !TEST_int_gt(EVP_PKEY_keygen_init(keygen_ctx), 0)
545 || !TEST_int_gt(EVP_PKEY_keygen(keygen_ctx, &key), 0))
546 goto err;
547 err:
548 EVP_PKEY_free(param_key);
549 EVP_PKEY_CTX_free(keygen_ctx);
550 return key;
551 }
552
dsa_keygen_test(int id)553 static int dsa_keygen_test(int id)
554 {
555 int ret = 0, i;
556 EVP_PKEY_CTX *paramgen_ctx = NULL, *keygen_ctx = NULL;
557 EVP_PKEY *param_key = NULL, *key = NULL;
558 unsigned char *priv = NULL, *pub = NULL;
559 size_t priv_len = 0, pub_len = 0;
560 const struct dsa_paramgen_st *tst = &dsa_keygen_data[id];
561
562 if (!dsasign_allowed)
563 return TEST_skip("DSA signing is not allowed");
564 if (!TEST_ptr(param_key = dsa_paramgen(tst->L, tst->N))
565 || !TEST_ptr(keygen_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, param_key,
566 NULL))
567 || !TEST_int_gt(EVP_PKEY_keygen_init(keygen_ctx), 0))
568 goto err;
569 for (i = 0; i < 2; ++i) {
570 if (!TEST_int_gt(EVP_PKEY_keygen(keygen_ctx, &key), 0)
571 || !TEST_true(pkey_get_bn_bytes(key, OSSL_PKEY_PARAM_PRIV_KEY,
572 &priv, &priv_len))
573 || !TEST_true(pkey_get_bn_bytes(key, OSSL_PKEY_PARAM_PUB_KEY,
574 &pub, &pub_len)))
575 goto err;
576 test_output_memory("y", pub, pub_len);
577 test_output_memory("x", priv, priv_len);
578 EVP_PKEY_free(key);
579 OPENSSL_clear_free(priv, priv_len);
580 OPENSSL_free(pub);
581 key = NULL;
582 pub = priv = NULL;
583 }
584 ret = 1;
585 err:
586 OPENSSL_clear_free(priv, priv_len);
587 OPENSSL_free(pub);
588 EVP_PKEY_free(param_key);
589 EVP_PKEY_free(key);
590 EVP_PKEY_CTX_free(keygen_ctx);
591 EVP_PKEY_CTX_free(paramgen_ctx);
592 return ret;
593 }
594
dsa_paramgen_test(int id)595 static int dsa_paramgen_test(int id)
596 {
597 int ret = 0, counter = 0;
598 EVP_PKEY_CTX *paramgen_ctx = NULL;
599 EVP_PKEY *param_key = NULL;
600 unsigned char *p = NULL, *q = NULL, *seed = NULL;
601 size_t plen = 0, qlen = 0, seedlen = 0;
602 const struct dsa_paramgen_st *tst = &dsa_paramgen_data[id];
603
604 if (!TEST_ptr(paramgen_ctx = EVP_PKEY_CTX_new_from_name(libctx, "DSA", NULL))
605 || !TEST_int_gt(EVP_PKEY_paramgen_init(paramgen_ctx), 0)
606 || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_bits(paramgen_ctx, tst->L))
607 || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_q_bits(paramgen_ctx,
608 tst->N)))
609 goto err;
610
611 if (!dsasign_allowed) {
612 if (!TEST_false(EVP_PKEY_paramgen(paramgen_ctx, ¶m_key)))
613 goto err;
614 } else {
615 if (!TEST_true(EVP_PKEY_paramgen(paramgen_ctx, ¶m_key))
616 || !TEST_true(pkey_get_bn_bytes(param_key, OSSL_PKEY_PARAM_FFC_P,
617 &p, &plen))
618 || !TEST_true(pkey_get_bn_bytes(param_key, OSSL_PKEY_PARAM_FFC_Q,
619 &q, &qlen))
620 || !TEST_true(pkey_get_octet_bytes(param_key,
621 OSSL_PKEY_PARAM_FFC_SEED,
622 &seed, &seedlen))
623 || !TEST_true(EVP_PKEY_get_int_param(param_key,
624 OSSL_PKEY_PARAM_FFC_PCOUNTER,
625 &counter)))
626 goto err;
627 test_output_memory("p", p, plen);
628 test_output_memory("q", q, qlen);
629 test_output_memory("domainSeed", seed, seedlen);
630 test_printf_stderr("%s: %d\n", "counter", counter);
631 }
632 ret = 1;
633 err:
634 OPENSSL_free(p);
635 OPENSSL_free(q);
636 OPENSSL_free(seed);
637 EVP_PKEY_free(param_key);
638 EVP_PKEY_CTX_free(paramgen_ctx);
639 return ret;
640 }
641
dsa_create_pkey(EVP_PKEY ** pkey,const unsigned char * p,size_t p_len,const unsigned char * q,size_t q_len,const unsigned char * g,size_t g_len,const unsigned char * seed,size_t seed_len,int counter,int validate_pq,int validate_g,const unsigned char * pub,size_t pub_len,BN_CTX * bn_ctx)642 static int dsa_create_pkey(EVP_PKEY **pkey,
643 const unsigned char *p, size_t p_len,
644 const unsigned char *q, size_t q_len,
645 const unsigned char *g, size_t g_len,
646 const unsigned char *seed, size_t seed_len,
647 int counter,
648 int validate_pq, int validate_g,
649 const unsigned char *pub, size_t pub_len,
650 BN_CTX *bn_ctx)
651 {
652 int ret = 0;
653 EVP_PKEY_CTX *ctx = NULL;
654 OSSL_PARAM_BLD *bld = NULL;
655 OSSL_PARAM *params = NULL;
656 BIGNUM *p_bn = NULL, *q_bn = NULL, *g_bn = NULL, *pub_bn = NULL;
657
658 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
659 || !TEST_ptr(p_bn = BN_CTX_get(bn_ctx))
660 || !TEST_ptr(BN_bin2bn(p, p_len, p_bn))
661 || !TEST_true(OSSL_PARAM_BLD_push_int(bld,
662 OSSL_PKEY_PARAM_FFC_VALIDATE_PQ,
663 validate_pq))
664 || !TEST_true(OSSL_PARAM_BLD_push_int(bld,
665 OSSL_PKEY_PARAM_FFC_VALIDATE_G,
666 validate_g))
667 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p_bn))
668 || !TEST_ptr(q_bn = BN_CTX_get(bn_ctx))
669 || !TEST_ptr(BN_bin2bn(q, q_len, q_bn))
670 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q_bn)))
671 goto err;
672
673 if (g != NULL) {
674 if (!TEST_ptr(g_bn = BN_CTX_get(bn_ctx))
675 || !TEST_ptr(BN_bin2bn(g, g_len, g_bn))
676 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld,
677 OSSL_PKEY_PARAM_FFC_G, g_bn)))
678 goto err;
679 }
680 if (seed != NULL) {
681 if (!TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
682 OSSL_PKEY_PARAM_FFC_SEED, seed, seed_len)))
683 goto err;
684 }
685 if (counter != -1) {
686 if (!TEST_true(OSSL_PARAM_BLD_push_int(bld,
687 OSSL_PKEY_PARAM_FFC_PCOUNTER,
688 counter)))
689 goto err;
690 }
691 if (pub != NULL) {
692 if (!TEST_ptr(pub_bn = BN_CTX_get(bn_ctx))
693 || !TEST_ptr(BN_bin2bn(pub, pub_len, pub_bn))
694 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld,
695 OSSL_PKEY_PARAM_PUB_KEY,
696 pub_bn)))
697 goto err;
698 }
699 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
700 || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "DSA", NULL))
701 || !TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1)
702 || !TEST_int_eq(EVP_PKEY_fromdata(ctx, pkey, EVP_PKEY_PUBLIC_KEY,
703 params), 1))
704 goto err;
705
706 ret = 1;
707 err:
708 OSSL_PARAM_free(params);
709 OSSL_PARAM_BLD_free(bld);
710 EVP_PKEY_CTX_free(ctx);
711 return ret;
712 }
713
dsa_pqver_test(int id)714 static int dsa_pqver_test(int id)
715 {
716 int ret = 0;
717 BN_CTX *bn_ctx = NULL;
718 EVP_PKEY_CTX *key_ctx = NULL;
719 EVP_PKEY *param_key = NULL;
720 const struct dsa_pqver_st *tst = &dsa_pqver_data[id];
721
722 if (!TEST_ptr(bn_ctx = BN_CTX_new_ex(libctx))
723 || !TEST_true(dsa_create_pkey(¶m_key, tst->p, tst->p_len,
724 tst->q, tst->q_len, NULL, 0,
725 tst->seed, tst->seed_len, tst->counter,
726 1, 0,
727 NULL, 0,
728 bn_ctx))
729 || !TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, param_key,
730 NULL))
731 || !TEST_int_eq(EVP_PKEY_param_check(key_ctx), tst->pass))
732 goto err;
733
734 ret = 1;
735 err:
736 BN_CTX_free(bn_ctx);
737 EVP_PKEY_free(param_key);
738 EVP_PKEY_CTX_free(key_ctx);
739 return ret;
740 }
741
742 /* Extract r and s from a dsa signature */
get_dsa_sig_rs_bytes(const unsigned char * sig,size_t sig_len,unsigned char ** r,unsigned char ** s,size_t * r_len,size_t * s_len)743 static int get_dsa_sig_rs_bytes(const unsigned char *sig, size_t sig_len,
744 unsigned char **r, unsigned char **s,
745 size_t *r_len, size_t *s_len)
746 {
747 int ret = 0;
748 unsigned char *rbuf = NULL, *sbuf = NULL;
749 size_t r1_len, s1_len;
750 const BIGNUM *r1, *s1;
751 DSA_SIG *sign = d2i_DSA_SIG(NULL, &sig, sig_len);
752
753 if (sign == NULL)
754 return 0;
755 DSA_SIG_get0(sign, &r1, &s1);
756 if (r1 == NULL || s1 == NULL)
757 goto err;
758
759 r1_len = BN_num_bytes(r1);
760 s1_len = BN_num_bytes(s1);
761 rbuf = OPENSSL_zalloc(r1_len);
762 sbuf = OPENSSL_zalloc(s1_len);
763 if (rbuf == NULL || sbuf == NULL)
764 goto err;
765 if (BN_bn2binpad(r1, rbuf, r1_len) <= 0)
766 goto err;
767 if (BN_bn2binpad(s1, sbuf, s1_len) <= 0)
768 goto err;
769 *r = rbuf;
770 *s = sbuf;
771 *r_len = r1_len;
772 *s_len = s1_len;
773 ret = 1;
774 err:
775 if (ret == 0) {
776 OPENSSL_free(rbuf);
777 OPENSSL_free(sbuf);
778 }
779 DSA_SIG_free(sign);
780 return ret;
781 }
782
dsa_siggen_test(int id)783 static int dsa_siggen_test(int id)
784 {
785 int ret = 0;
786 EVP_PKEY *pkey = NULL;
787 unsigned char *sig = NULL, *r = NULL, *s = NULL;
788 size_t sig_len = 0, rlen = 0, slen = 0;
789 const struct dsa_siggen_st *tst = &dsa_siggen_data[id];
790
791 if (!dsasign_allowed) {
792 if (!TEST_ptr_null(pkey = dsa_keygen(tst->L, tst->N)))
793 goto err;
794 } else {
795 if (!TEST_ptr(pkey = dsa_keygen(tst->L, tst->N)))
796 goto err;
797 if (!TEST_true(sig_gen(pkey, NULL, tst->digest_alg, tst->msg, tst->msg_len,
798 &sig, &sig_len))
799 || !TEST_true(get_dsa_sig_rs_bytes(sig, sig_len, &r, &s, &rlen, &slen)))
800 goto err;
801 test_output_memory("r", r, rlen);
802 test_output_memory("s", s, slen);
803 }
804 ret = 1;
805 err:
806 OPENSSL_free(r);
807 OPENSSL_free(s);
808 OPENSSL_free(sig);
809 EVP_PKEY_free(pkey);
810 return ret;
811 }
812
dsa_sigver_test(int id)813 static int dsa_sigver_test(int id)
814 {
815 int ret = 0;
816 EVP_PKEY_CTX *ctx = NULL;
817 EVP_PKEY *pkey = NULL;
818 DSA_SIG *sign = NULL;
819 size_t sig_len;
820 unsigned char *sig = NULL;
821 BIGNUM *rbn = NULL, *sbn = NULL;
822 EVP_MD *md = NULL;
823 unsigned char digest[EVP_MAX_MD_SIZE];
824 unsigned int digest_len;
825 BN_CTX *bn_ctx = NULL;
826 const struct dsa_sigver_st *tst = &dsa_sigver_data[id];
827
828 if (!TEST_ptr(bn_ctx = BN_CTX_new())
829 || !TEST_true(dsa_create_pkey(&pkey, tst->p, tst->p_len,
830 tst->q, tst->q_len, tst->g, tst->g_len,
831 NULL, 0, 0, 0, 0, tst->pub, tst->pub_len,
832 bn_ctx)))
833 goto err;
834
835 if (!TEST_ptr(sign = DSA_SIG_new())
836 || !TEST_ptr(rbn = BN_bin2bn(tst->r, tst->r_len, NULL))
837 || !TEST_ptr(sbn = BN_bin2bn(tst->s, tst->s_len, NULL))
838 || !TEST_true(DSA_SIG_set0(sign, rbn, sbn)))
839 goto err;
840 rbn = sbn = NULL;
841
842 if (!TEST_ptr(md = EVP_MD_fetch(libctx, tst->digest_alg, ""))
843 || !TEST_true(EVP_Digest(tst->msg, tst->msg_len,
844 digest, &digest_len, md, NULL)))
845 goto err;
846
847 if (!TEST_int_gt((sig_len = i2d_DSA_SIG(sign, &sig)), 0)
848 || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, ""))
849 || !TEST_int_gt(EVP_PKEY_verify_init(ctx), 0)
850 || !TEST_int_eq(EVP_PKEY_verify(ctx, sig, sig_len, digest, digest_len),
851 tst->pass))
852 goto err;
853 ret = 1;
854 err:
855 EVP_PKEY_CTX_free(ctx);
856 OPENSSL_free(sig);
857 EVP_MD_free(md);
858 DSA_SIG_free(sign);
859 EVP_PKEY_free(pkey);
860 BN_free(rbn);
861 BN_free(sbn);
862 BN_CTX_free(bn_ctx);
863 return ret;
864 }
865 #endif /* OPENSSL_NO_DSA */
866
867
868 /* cipher encrypt/decrypt */
cipher_enc(const char * alg,const unsigned char * pt,size_t pt_len,const unsigned char * key,size_t key_len,const unsigned char * iv,size_t iv_len,const unsigned char * ct,size_t ct_len,int enc)869 static int cipher_enc(const char *alg,
870 const unsigned char *pt, size_t pt_len,
871 const unsigned char *key, size_t key_len,
872 const unsigned char *iv, size_t iv_len,
873 const unsigned char *ct, size_t ct_len,
874 int enc)
875 {
876 int ret = 0, out_len = 0, len = 0;
877 EVP_CIPHER_CTX *ctx = NULL;
878 EVP_CIPHER *cipher = NULL;
879 unsigned char out[256] = { 0 };
880
881 TEST_note("%s : %s", alg, enc ? "encrypt" : "decrypt");
882 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
883 || !TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, alg, ""))
884 || !TEST_true(EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, enc))
885 || !TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))
886 || !TEST_true(EVP_CipherUpdate(ctx, out, &len, pt, pt_len))
887 || !TEST_true(EVP_CipherFinal_ex(ctx, out + len, &out_len)))
888 goto err;
889 out_len += len;
890 if (!TEST_mem_eq(out, out_len, ct, ct_len))
891 goto err;
892 ret = 1;
893 err:
894 EVP_CIPHER_free(cipher);
895 EVP_CIPHER_CTX_free(ctx);
896 return ret;
897 }
898
cipher_enc_dec_test(int id)899 static int cipher_enc_dec_test(int id)
900 {
901 const struct cipher_st *tst = &cipher_enc_data[id];
902 const int enc = 1;
903
904 return TEST_true(cipher_enc(tst->alg, tst->pt, tst->pt_len,
905 tst->key, tst->key_len,
906 tst->iv, tst->iv_len,
907 tst->ct, tst->ct_len, enc))
908 && TEST_true(cipher_enc(tst->alg, tst->ct, tst->ct_len,
909 tst->key, tst->key_len,
910 tst->iv, tst->iv_len,
911 tst->pt, tst->pt_len, !enc));
912 }
913
aes_ccm_enc_dec(const char * alg,const unsigned char * pt,size_t pt_len,const unsigned char * key,size_t key_len,const unsigned char * iv,size_t iv_len,const unsigned char * aad,size_t aad_len,const unsigned char * ct,size_t ct_len,const unsigned char * tag,size_t tag_len,int enc,int pass)914 static int aes_ccm_enc_dec(const char *alg,
915 const unsigned char *pt, size_t pt_len,
916 const unsigned char *key, size_t key_len,
917 const unsigned char *iv, size_t iv_len,
918 const unsigned char *aad, size_t aad_len,
919 const unsigned char *ct, size_t ct_len,
920 const unsigned char *tag, size_t tag_len,
921 int enc, int pass)
922 {
923 int ret = 0;
924 EVP_CIPHER_CTX *ctx;
925 EVP_CIPHER *cipher = NULL;
926 int out_len, len;
927 unsigned char out[1024];
928
929 TEST_note("%s : %s : expected to %s", alg, enc ? "encrypt" : "decrypt",
930 pass ? "pass" : "fail");
931
932 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
933 || !TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, alg, ""))
934 || !TEST_true(EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc))
935 || !TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, iv_len,
936 NULL), 0)
937 || !TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, tag_len,
938 enc ? NULL : (void *)tag), 0)
939 || !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, enc))
940 || !TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))
941 || !TEST_true(EVP_CipherUpdate(ctx, NULL, &len, NULL, pt_len))
942 || !TEST_true(EVP_CipherUpdate(ctx, NULL, &len, aad, aad_len))
943 || !TEST_int_eq(EVP_CipherUpdate(ctx, out, &len, pt, pt_len), pass))
944 goto err;
945
946 if (!pass) {
947 ret = 1;
948 goto err;
949 }
950 if (!TEST_true(EVP_CipherFinal_ex(ctx, out + len, &out_len)))
951 goto err;
952 if (enc) {
953 out_len += len;
954 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG,
955 tag_len, out + out_len), 0)
956 || !TEST_mem_eq(out, out_len, ct, ct_len)
957 || !TEST_mem_eq(out + out_len, tag_len, tag, tag_len))
958 goto err;
959 } else {
960 if (!TEST_mem_eq(out, out_len + len, ct, ct_len))
961 goto err;
962 }
963
964 ret = 1;
965 err:
966 EVP_CIPHER_free(cipher);
967 EVP_CIPHER_CTX_free(ctx);
968 return ret;
969 }
970
aes_ccm_enc_dec_test(int id)971 static int aes_ccm_enc_dec_test(int id)
972 {
973 const struct cipher_ccm_st *tst = &aes_ccm_enc_data[id];
974
975 /* The tag is on the end of the cipher text */
976 const size_t tag_len = tst->ct_len - tst->pt_len;
977 const size_t ct_len = tst->ct_len - tag_len;
978 const unsigned char *tag = tst->ct + ct_len;
979 const int enc = 1;
980 const int pass = 1;
981
982 if (ct_len < 1)
983 return 0;
984
985 return aes_ccm_enc_dec(tst->alg, tst->pt, tst->pt_len,
986 tst->key, tst->key_len,
987 tst->iv, tst->iv_len, tst->aad, tst->aad_len,
988 tst->ct, ct_len, tag, tag_len, enc, pass)
989 && aes_ccm_enc_dec(tst->alg, tst->ct, ct_len,
990 tst->key, tst->key_len,
991 tst->iv, tst->iv_len, tst->aad, tst->aad_len,
992 tst->pt, tst->pt_len, tag, tag_len, !enc, pass)
993 /* test that it fails if the tag is incorrect */
994 && aes_ccm_enc_dec(tst->alg, tst->ct, ct_len,
995 tst->key, tst->key_len,
996 tst->iv, tst->iv_len, tst->aad, tst->aad_len,
997 tst->pt, tst->pt_len,
998 tag - 1, tag_len, !enc, !pass);
999 }
1000
aes_gcm_enc_dec(const char * alg,const unsigned char * pt,size_t pt_len,const unsigned char * key,size_t key_len,const unsigned char * iv,size_t iv_len,const unsigned char * aad,size_t aad_len,const unsigned char * ct,size_t ct_len,const unsigned char * tag,size_t tag_len,int enc,int pass,unsigned char * out,int * out_len,unsigned char * outiv)1001 static int aes_gcm_enc_dec(const char *alg,
1002 const unsigned char *pt, size_t pt_len,
1003 const unsigned char *key, size_t key_len,
1004 const unsigned char *iv, size_t iv_len,
1005 const unsigned char *aad, size_t aad_len,
1006 const unsigned char *ct, size_t ct_len,
1007 const unsigned char *tag, size_t tag_len,
1008 int enc, int pass,
1009 unsigned char *out, int *out_len,
1010 unsigned char *outiv)
1011 {
1012 int ret = 0;
1013 EVP_CIPHER_CTX *ctx;
1014 EVP_CIPHER *cipher = NULL;
1015 int olen, len;
1016
1017 TEST_note("%s : %s : expected to %s", alg, enc ? "encrypt" : "decrypt",
1018 pass ? "pass" : "fail");
1019
1020 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
1021 || !TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, alg, ""))
1022 || !TEST_true(EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc))
1023 || !TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, iv_len,
1024 NULL), 0))
1025 goto err;
1026
1027 if (!enc) {
1028 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, tag_len,
1029 (void *)tag), 0))
1030 goto err;
1031 }
1032 /*
1033 * For testing purposes the IV may be passed in here. In a compliant
1034 * application the IV would be generated internally. A fake entropy source
1035 * could also be used to feed in the random IV bytes (see fake_random.c)
1036 */
1037 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, enc))
1038 || !TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))
1039 || !TEST_true(EVP_CipherUpdate(ctx, NULL, &len, aad, aad_len))
1040 || !TEST_true(EVP_CipherUpdate(ctx, out, &len, pt, pt_len)))
1041 goto err;
1042
1043 if (!TEST_int_eq(EVP_CipherFinal_ex(ctx, out + len, &olen), pass))
1044 goto err;
1045 if (!pass) {
1046 ret = 1;
1047 goto err;
1048 }
1049 olen += len;
1050 if (enc) {
1051 if ((ct != NULL && !TEST_mem_eq(out, olen, ct, ct_len))
1052 || !TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG,
1053 tag_len, out + olen), 0)
1054 || (tag != NULL
1055 && !TEST_mem_eq(out + olen, tag_len, tag, tag_len)))
1056 goto err;
1057 } else {
1058 if (ct != NULL && !TEST_mem_eq(out, olen, ct, ct_len))
1059 goto err;
1060 }
1061
1062 {
1063 OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END, OSSL_PARAM_END };
1064 OSSL_PARAM *p = params;
1065 unsigned int iv_generated = -1;
1066 const OSSL_PARAM *gettables = EVP_CIPHER_CTX_gettable_params(ctx);
1067 const char *ivgenkey = OSSL_CIPHER_PARAM_AEAD_IV_GENERATED;
1068 int ivgen = (OSSL_PARAM_locate_const(gettables, ivgenkey) != NULL);
1069
1070 if (ivgen != 0)
1071 *p++ = OSSL_PARAM_construct_uint(ivgenkey, &iv_generated);
1072 if (outiv != NULL)
1073 *p = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_IV,
1074 outiv, iv_len);
1075 if (!TEST_true(EVP_CIPHER_CTX_get_params(ctx, params)))
1076 goto err;
1077 if (ivgen != 0
1078 && !TEST_uint_eq(iv_generated, (enc == 0 || iv != NULL ? 0 : 1)))
1079 goto err;
1080 }
1081 if (out_len != NULL)
1082 *out_len = olen;
1083
1084 ret = 1;
1085 err:
1086 EVP_CIPHER_free(cipher);
1087 EVP_CIPHER_CTX_free(ctx);
1088 return ret;
1089 }
1090
aes_gcm_enc_dec_test(int id)1091 static int aes_gcm_enc_dec_test(int id)
1092 {
1093 const struct cipher_gcm_st *tst = &aes_gcm_enc_data[id];
1094 int enc = 1;
1095 int pass = 1;
1096 unsigned char out[1024];
1097
1098 return aes_gcm_enc_dec(tst->alg, tst->pt, tst->pt_len,
1099 tst->key, tst->key_len,
1100 tst->iv, tst->iv_len, tst->aad, tst->aad_len,
1101 tst->ct, tst->ct_len, tst->tag, tst->tag_len,
1102 enc, pass, out, NULL, NULL)
1103 && aes_gcm_enc_dec(tst->alg, tst->ct, tst->ct_len,
1104 tst->key, tst->key_len,
1105 tst->iv, tst->iv_len, tst->aad, tst->aad_len,
1106 tst->pt, tst->pt_len, tst->tag, tst->tag_len,
1107 !enc, pass, out, NULL, NULL)
1108 /* Fail if incorrect tag passed to decrypt */
1109 && aes_gcm_enc_dec(tst->alg, tst->ct, tst->ct_len,
1110 tst->key, tst->key_len,
1111 tst->iv, tst->iv_len, tst->aad, tst->aad_len,
1112 tst->pt, tst->pt_len, tst->aad, tst->tag_len,
1113 !enc, !pass, out, NULL, NULL);
1114 }
1115
aes_gcm_gen_iv_internal_test(void)1116 static int aes_gcm_gen_iv_internal_test(void)
1117 {
1118 const struct cipher_gcm_st *tst = &aes_gcm_enc_data[0];
1119 int enc = 1;
1120 int pass = 1;
1121 int out_len = 0;
1122 unsigned char out[1024];
1123 unsigned char iv[16];
1124
1125 return aes_gcm_enc_dec(tst->alg, tst->pt, tst->pt_len,
1126 tst->key, tst->key_len,
1127 NULL, tst->iv_len, tst->aad, tst->aad_len,
1128 NULL, tst->ct_len, NULL, tst->tag_len,
1129 enc, pass, out, &out_len, iv)
1130 && aes_gcm_enc_dec(tst->alg, out, out_len,
1131 tst->key, tst->key_len,
1132 iv, tst->iv_len, tst->aad, tst->aad_len,
1133 tst->pt, tst->pt_len, out + out_len, tst->tag_len,
1134 !enc, pass, out, NULL, NULL);
1135 }
1136
1137 #ifndef OPENSSL_NO_DH
dh_create_pkey(EVP_PKEY ** pkey,const char * group_name,const unsigned char * pub,size_t pub_len,const unsigned char * priv,size_t priv_len,BN_CTX * bn_ctx,int pass)1138 static int dh_create_pkey(EVP_PKEY **pkey, const char *group_name,
1139 const unsigned char *pub, size_t pub_len,
1140 const unsigned char *priv, size_t priv_len,
1141 BN_CTX *bn_ctx, int pass)
1142 {
1143 int ret = 0;
1144 EVP_PKEY_CTX *ctx = NULL;
1145 OSSL_PARAM_BLD *bld = NULL;
1146 OSSL_PARAM *params = NULL;
1147 BIGNUM *pub_bn = NULL, *priv_bn = NULL;
1148
1149 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
1150 || (group_name != NULL
1151 && !TEST_int_gt(OSSL_PARAM_BLD_push_utf8_string(
1152 bld, OSSL_PKEY_PARAM_GROUP_NAME,
1153 group_name, 0), 0)))
1154 goto err;
1155
1156 if (pub != NULL) {
1157 if (!TEST_ptr(pub_bn = BN_CTX_get(bn_ctx))
1158 || !TEST_ptr(BN_bin2bn(pub, pub_len, pub_bn))
1159 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
1160 pub_bn)))
1161 goto err;
1162 }
1163 if (priv != NULL) {
1164 if (!TEST_ptr(priv_bn = BN_CTX_get(bn_ctx))
1165 || !TEST_ptr(BN_bin2bn(priv, priv_len, priv_bn))
1166 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
1167 priv_bn)))
1168 goto err;
1169 }
1170
1171 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
1172 || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "DH", NULL))
1173 || !TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1)
1174 || !TEST_int_eq(EVP_PKEY_fromdata(ctx, pkey, EVP_PKEY_KEYPAIR, params),
1175 pass))
1176 goto err;
1177
1178 ret = 1;
1179 err:
1180 OSSL_PARAM_free(params);
1181 OSSL_PARAM_BLD_free(bld);
1182 EVP_PKEY_CTX_free(ctx);
1183 return ret;
1184 }
1185
dh_safe_prime_keygen_test(int id)1186 static int dh_safe_prime_keygen_test(int id)
1187 {
1188 int ret = 0;
1189 EVP_PKEY_CTX *ctx = NULL;
1190 EVP_PKEY *pkey = NULL;
1191 unsigned char *priv = NULL;
1192 unsigned char *pub = NULL;
1193 size_t priv_len = 0, pub_len = 0;
1194 OSSL_PARAM params[2];
1195 const struct dh_safe_prime_keygen_st *tst = &dh_safe_prime_keygen_data[id];
1196
1197 params[0] = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME,
1198 (char *)tst->group_name, 0);
1199 params[1] = OSSL_PARAM_construct_end();
1200
1201 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "DH", NULL))
1202 || !TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
1203 || !TEST_true(EVP_PKEY_CTX_set_params(ctx, params))
1204 || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0)
1205 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_PRIV_KEY,
1206 &priv, &priv_len))
1207 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_PUB_KEY,
1208 &pub, &pub_len)))
1209 goto err;
1210
1211 test_output_memory("x", priv, priv_len);
1212 test_output_memory("y", pub, pub_len);
1213 ret = 1;
1214 err:
1215 OPENSSL_clear_free(priv, priv_len);
1216 OPENSSL_free(pub);
1217 EVP_PKEY_free(pkey);
1218 EVP_PKEY_CTX_free(ctx);
1219 return ret;
1220 }
1221
dh_safe_prime_keyver_test(int id)1222 static int dh_safe_prime_keyver_test(int id)
1223 {
1224 int ret = 0;
1225 BN_CTX *bn_ctx = NULL;
1226 EVP_PKEY_CTX *key_ctx = NULL;
1227 EVP_PKEY *pkey = NULL;
1228 const struct dh_safe_prime_keyver_st *tst = &dh_safe_prime_keyver_data[id];
1229
1230 if (!TEST_ptr(bn_ctx = BN_CTX_new_ex(libctx))
1231 || !TEST_true(dh_create_pkey(&pkey, tst->group_name,
1232 tst->pub, tst->pub_len,
1233 tst->priv, tst->priv_len, bn_ctx, 1))
1234 || !TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, ""))
1235 || !TEST_int_eq(EVP_PKEY_check(key_ctx), tst->pass))
1236 goto err;
1237
1238 ret = 1;
1239 err:
1240 EVP_PKEY_free(pkey);
1241 EVP_PKEY_CTX_free(key_ctx);
1242 BN_CTX_free(bn_ctx);
1243 return ret;
1244 }
1245 #endif /* OPENSSL_NO_DH */
1246
1247
rsa_create_pkey(EVP_PKEY ** pkey,const unsigned char * n,size_t n_len,const unsigned char * e,size_t e_len,const unsigned char * d,size_t d_len,BN_CTX * bn_ctx)1248 static int rsa_create_pkey(EVP_PKEY **pkey,
1249 const unsigned char *n, size_t n_len,
1250 const unsigned char *e, size_t e_len,
1251 const unsigned char *d, size_t d_len,
1252 BN_CTX *bn_ctx)
1253 {
1254 int ret = 0;
1255 EVP_PKEY_CTX *ctx = NULL;
1256 OSSL_PARAM_BLD *bld = NULL;
1257 OSSL_PARAM *params = NULL;
1258 BIGNUM *e_bn = NULL, *d_bn = NULL, *n_bn = NULL;
1259
1260 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
1261 || !TEST_ptr(n_bn = BN_CTX_get(bn_ctx))
1262 || !TEST_ptr(BN_bin2bn(n, n_len, n_bn))
1263 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_N, n_bn)))
1264 goto err;
1265
1266 if (e != NULL) {
1267 if (!TEST_ptr(e_bn = BN_CTX_get(bn_ctx))
1268 || !TEST_ptr(BN_bin2bn(e, e_len, e_bn))
1269 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_E,
1270 e_bn)))
1271 goto err;
1272 }
1273 if (d != NULL) {
1274 if (!TEST_ptr(d_bn = BN_CTX_get(bn_ctx))
1275 || !TEST_ptr(BN_bin2bn(d, d_len, d_bn))
1276 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_D,
1277 d_bn)))
1278 goto err;
1279 }
1280 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
1281 || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "RSA", NULL))
1282 || !TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1)
1283 || !TEST_int_eq(EVP_PKEY_fromdata(ctx, pkey, EVP_PKEY_KEYPAIR, params),
1284 1))
1285 goto err;
1286
1287 ret = 1;
1288 err:
1289 OSSL_PARAM_free(params);
1290 OSSL_PARAM_BLD_free(bld);
1291 EVP_PKEY_CTX_free(ctx);
1292 return ret;
1293 }
1294
rsa_keygen_test(int id)1295 static int rsa_keygen_test(int id)
1296 {
1297 int ret = 0;
1298 EVP_PKEY_CTX *ctx = NULL;
1299 EVP_PKEY *pkey = NULL;
1300 BIGNUM *e_bn = NULL;
1301 BIGNUM *xp1_bn = NULL, *xp2_bn = NULL, *xp_bn = NULL;
1302 BIGNUM *xq1_bn = NULL, *xq2_bn = NULL, *xq_bn = NULL;
1303 unsigned char *n = NULL, *d = NULL;
1304 unsigned char *p = NULL, *p1 = NULL, *p2 = NULL;
1305 unsigned char *q = NULL, *q1 = NULL, *q2 = NULL;
1306 size_t n_len = 0, d_len = 0;
1307 size_t p_len = 0, p1_len = 0, p2_len = 0;
1308 size_t q_len = 0, q1_len = 0, q2_len = 0;
1309 OSSL_PARAM_BLD *bld = NULL;
1310 OSSL_PARAM *params = NULL;
1311 const struct rsa_keygen_st *tst = &rsa_keygen_data[id];
1312
1313 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
1314 || !TEST_ptr(xp1_bn = BN_bin2bn(tst->xp1, tst->xp1_len, NULL))
1315 || !TEST_ptr(xp2_bn = BN_bin2bn(tst->xp2, tst->xp2_len, NULL))
1316 || !TEST_ptr(xp_bn = BN_bin2bn(tst->xp, tst->xp_len, NULL))
1317 || !TEST_ptr(xq1_bn = BN_bin2bn(tst->xq1, tst->xq1_len, NULL))
1318 || !TEST_ptr(xq2_bn = BN_bin2bn(tst->xq2, tst->xq2_len, NULL))
1319 || !TEST_ptr(xq_bn = BN_bin2bn(tst->xq, tst->xq_len, NULL))
1320 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_TEST_XP1,
1321 xp1_bn))
1322 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_TEST_XP2,
1323 xp2_bn))
1324 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_TEST_XP,
1325 xp_bn))
1326 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_TEST_XQ1,
1327 xq1_bn))
1328 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_TEST_XQ2,
1329 xq2_bn))
1330 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_TEST_XQ,
1331 xq_bn))
1332 || !TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
1333 goto err;
1334
1335 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "RSA", NULL))
1336 || !TEST_ptr(e_bn = BN_bin2bn(tst->e, tst->e_len, NULL))
1337 || !TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
1338 || !TEST_int_gt(EVP_PKEY_CTX_set_params(ctx, params), 0)
1339 || !TEST_int_gt(EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, tst->mod), 0)
1340 || !TEST_int_gt(EVP_PKEY_CTX_set1_rsa_keygen_pubexp(ctx, e_bn), 0)
1341 || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0)
1342 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_TEST_P1,
1343 &p1, &p1_len))
1344 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_TEST_P2,
1345 &p2, &p2_len))
1346 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_TEST_Q1,
1347 &q1, &q1_len))
1348 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_TEST_Q2,
1349 &q2, &q2_len))
1350 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_FACTOR1,
1351 &p, &p_len))
1352 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_FACTOR2,
1353 &q, &q_len))
1354 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_N,
1355 &n, &n_len))
1356 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_D,
1357 &d, &d_len)))
1358 goto err;
1359
1360 if (!TEST_mem_eq(tst->p1, tst->p1_len, p1, p1_len)
1361 || !TEST_mem_eq(tst->p2, tst->p2_len, p2, p2_len)
1362 || !TEST_mem_eq(tst->p, tst->p_len, p, p_len)
1363 || !TEST_mem_eq(tst->q1, tst->q1_len, q1, q1_len)
1364 || !TEST_mem_eq(tst->q2, tst->q2_len, q2, q2_len)
1365 || !TEST_mem_eq(tst->q, tst->q_len, q, q_len)
1366 || !TEST_mem_eq(tst->n, tst->n_len, n, n_len)
1367 || !TEST_mem_eq(tst->d, tst->d_len, d, d_len))
1368 goto err;
1369
1370 test_output_memory("p1", p1, p1_len);
1371 test_output_memory("p2", p2, p2_len);
1372 test_output_memory("p", p, p_len);
1373 test_output_memory("q1", q1, q1_len);
1374 test_output_memory("q2", q2, q2_len);
1375 test_output_memory("q", q, q_len);
1376 test_output_memory("n", n, n_len);
1377 test_output_memory("d", d, d_len);
1378 ret = 1;
1379 err:
1380 BN_free(xp1_bn);
1381 BN_free(xp2_bn);
1382 BN_free(xp_bn);
1383 BN_free(xq1_bn);
1384 BN_free(xq2_bn);
1385 BN_free(xq_bn);
1386 BN_free(e_bn);
1387 OPENSSL_free(p1);
1388 OPENSSL_free(p2);
1389 OPENSSL_free(q1);
1390 OPENSSL_free(q2);
1391 OPENSSL_free(p);
1392 OPENSSL_free(q);
1393 OPENSSL_free(n);
1394 OPENSSL_free(d);
1395 EVP_PKEY_free(pkey);
1396 EVP_PKEY_CTX_free(ctx);
1397 OSSL_PARAM_free(params);
1398 OSSL_PARAM_BLD_free(bld);
1399 return ret;
1400 }
1401
rsa_siggen_test(int id)1402 static int rsa_siggen_test(int id)
1403 {
1404 int ret = 0;
1405 EVP_PKEY *pkey = NULL;
1406 unsigned char *sig = NULL, *n = NULL, *e = NULL;
1407 size_t sig_len = 0, n_len = 0, e_len = 0;
1408 OSSL_PARAM params[4], *p;
1409 const struct rsa_siggen_st *tst = &rsa_siggen_data[id];
1410 int salt_len = tst->pss_salt_len;
1411
1412 if (!rsa_sign_x931_pad_allowed
1413 && (strcmp(tst->sig_pad_mode, OSSL_PKEY_RSA_PAD_MODE_X931) == 0))
1414 return TEST_skip("x931 signing is not allowed");
1415
1416 TEST_note("RSA %s signature generation", tst->sig_pad_mode);
1417
1418 p = params;
1419 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_PAD_MODE,
1420 (char *)tst->sig_pad_mode, 0);
1421 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
1422 (char *)tst->digest_alg, 0);
1423 if (salt_len >= 0)
1424 *p++ = OSSL_PARAM_construct_int(OSSL_SIGNATURE_PARAM_PSS_SALTLEN,
1425 &salt_len);
1426 *p++ = OSSL_PARAM_construct_end();
1427
1428 if (!TEST_ptr(pkey = EVP_PKEY_Q_keygen(libctx, NULL, "RSA", tst->mod))
1429 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_N, &n, &n_len))
1430 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_E, &e, &e_len))
1431 || !TEST_true(sig_gen(pkey, params, tst->digest_alg,
1432 tst->msg, tst->msg_len,
1433 &sig, &sig_len)))
1434 goto err;
1435 test_output_memory("n", n, n_len);
1436 test_output_memory("e", e, e_len);
1437 test_output_memory("sig", sig, sig_len);
1438 ret = 1;
1439 err:
1440 OPENSSL_free(n);
1441 OPENSSL_free(e);
1442 OPENSSL_free(sig);
1443 EVP_PKEY_free(pkey);
1444 return ret;
1445 }
1446
rsa_sigver_test(int id)1447 static int rsa_sigver_test(int id)
1448 {
1449 int ret = 0;
1450 EVP_PKEY_CTX *pkey_ctx = NULL;
1451 EVP_PKEY *pkey = NULL;
1452 EVP_MD_CTX *md_ctx = NULL;
1453 BN_CTX *bn_ctx = NULL;
1454 OSSL_PARAM params[4], *p;
1455 const struct rsa_sigver_st *tst = &rsa_sigver_data[id];
1456 int salt_len = tst->pss_salt_len;
1457
1458 TEST_note("RSA %s Signature Verify : expected to %s ", tst->sig_pad_mode,
1459 tst->pass == PASS ? "pass" : "fail");
1460
1461 p = params;
1462 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_PAD_MODE,
1463 (char *)tst->sig_pad_mode, 0);
1464 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
1465 (char *)tst->digest_alg, 0);
1466 if (salt_len >= 0)
1467 *p++ = OSSL_PARAM_construct_int(OSSL_SIGNATURE_PARAM_PSS_SALTLEN,
1468 &salt_len);
1469 *p = OSSL_PARAM_construct_end();
1470
1471 if (!TEST_ptr(bn_ctx = BN_CTX_new())
1472 || !TEST_true(rsa_create_pkey(&pkey, tst->n, tst->n_len,
1473 tst->e, tst->e_len, NULL, 0, bn_ctx))
1474 || !TEST_ptr(md_ctx = EVP_MD_CTX_new())
1475 || !TEST_true(EVP_DigestVerifyInit_ex(md_ctx, &pkey_ctx,
1476 tst->digest_alg, libctx, NULL,
1477 pkey, NULL))
1478 || !check_verify_message(pkey_ctx, 1)
1479 || !TEST_true(EVP_PKEY_CTX_set_params(pkey_ctx, params))
1480 || !TEST_int_eq(EVP_DigestVerify(md_ctx, tst->sig, tst->sig_len,
1481 tst->msg, tst->msg_len), tst->pass)
1482 || !check_verify_message(pkey_ctx, 1)
1483 || !TEST_true(EVP_PKEY_verify_init(pkey_ctx))
1484 || !check_verify_message(pkey_ctx, 0))
1485 goto err;
1486
1487 ret = 1;
1488 err:
1489 EVP_PKEY_free(pkey);
1490 BN_CTX_free(bn_ctx);
1491 EVP_MD_CTX_free(md_ctx);
1492 return ret;
1493 }
1494
rsa_decryption_primitive_test(int id)1495 static int rsa_decryption_primitive_test(int id)
1496 {
1497 int ret = 0;
1498 EVP_PKEY_CTX *ctx = NULL;
1499 EVP_PKEY *pkey = NULL;
1500 unsigned char pt[2048];
1501 size_t pt_len = sizeof(pt);
1502 unsigned char *n = NULL, *e = NULL;
1503 size_t n_len = 0, e_len = 0;
1504 BN_CTX *bn_ctx = NULL;
1505 const struct rsa_decrypt_prim_st *tst = &rsa_decrypt_prim_data[id];
1506
1507 if (!TEST_ptr(pkey = EVP_PKEY_Q_keygen(libctx, NULL, "RSA", (size_t)2048))
1508 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_N, &n, &n_len))
1509 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_E, &e, &e_len))
1510 || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, ""))
1511 || !TEST_int_gt(EVP_PKEY_decrypt_init(ctx), 0)
1512 || !TEST_int_gt(EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_NO_PADDING), 0))
1513 goto err;
1514
1515 test_output_memory("n", n, n_len);
1516 test_output_memory("e", e, e_len);
1517 if (EVP_PKEY_decrypt(ctx, pt, &pt_len, tst->ct, tst->ct_len) <= 0)
1518 TEST_note("Decryption Failed");
1519 else
1520 test_output_memory("pt", pt, pt_len);
1521 ret = 1;
1522 err:
1523 OPENSSL_free(n);
1524 OPENSSL_free(e);
1525 EVP_PKEY_CTX_free(ctx);
1526 EVP_PKEY_free(pkey);
1527 BN_CTX_free(bn_ctx);
1528 return ret;
1529 }
1530
self_test_events(const OSSL_PARAM params[],void * varg)1531 static int self_test_events(const OSSL_PARAM params[], void *varg)
1532 {
1533 SELF_TEST_ARGS *args = varg;
1534 const OSSL_PARAM *p = NULL;
1535 const char *phase = NULL, *type = NULL, *desc = NULL;
1536 int ret = 0;
1537
1538 if (!args->enable)
1539 return 1;
1540
1541 args->called++;
1542 p = OSSL_PARAM_locate_const(params, OSSL_PROV_PARAM_SELF_TEST_PHASE);
1543 if (p == NULL || p->data_type != OSSL_PARAM_UTF8_STRING)
1544 goto err;
1545 phase = (const char *)p->data;
1546
1547 p = OSSL_PARAM_locate_const(params, OSSL_PROV_PARAM_SELF_TEST_DESC);
1548 if (p == NULL || p->data_type != OSSL_PARAM_UTF8_STRING)
1549 goto err;
1550 desc = (const char *)p->data;
1551
1552 p = OSSL_PARAM_locate_const(params, OSSL_PROV_PARAM_SELF_TEST_TYPE);
1553 if (p == NULL || p->data_type != OSSL_PARAM_UTF8_STRING)
1554 goto err;
1555 type = (const char *)p->data;
1556
1557 BIO_printf(bio_out, "%s %s %s\n", phase, desc, type);
1558 ret = 1;
1559 err:
1560 return ret;
1561 }
1562
drbg_test(int id)1563 static int drbg_test(int id)
1564 {
1565 OSSL_PARAM params[3];
1566 EVP_RAND *rand = NULL;
1567 EVP_RAND_CTX *ctx = NULL, *parent = NULL;
1568 unsigned char returned_bits[64];
1569 const size_t returned_bits_len = sizeof(returned_bits);
1570 unsigned int strength = 256;
1571 const struct drbg_st *tst = &drbg_data[id];
1572 int res = 0;
1573
1574 /* Create the seed source */
1575 if (!TEST_ptr(rand = EVP_RAND_fetch(libctx, "TEST-RAND", "-fips"))
1576 || !TEST_ptr(parent = EVP_RAND_CTX_new(rand, NULL)))
1577 goto err;
1578 EVP_RAND_free(rand);
1579 rand = NULL;
1580
1581 params[0] = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_STRENGTH, &strength);
1582 params[1] = OSSL_PARAM_construct_end();
1583 if (!TEST_true(EVP_RAND_CTX_set_params(parent, params)))
1584 goto err;
1585
1586 /* Get the DRBG */
1587 if (!TEST_ptr(rand = EVP_RAND_fetch(libctx, tst->drbg_name, ""))
1588 || !TEST_ptr(ctx = EVP_RAND_CTX_new(rand, parent)))
1589 goto err;
1590
1591 /* Set the DRBG up */
1592 params[0] = OSSL_PARAM_construct_int(OSSL_DRBG_PARAM_USE_DF,
1593 (int *)&tst->use_df);
1594 params[1] = OSSL_PARAM_construct_utf8_string(OSSL_DRBG_PARAM_CIPHER,
1595 (char *)tst->cipher, 0);
1596 params[2] = OSSL_PARAM_construct_end();
1597 if (!TEST_true(EVP_RAND_CTX_set_params(ctx, params)))
1598 goto err;
1599
1600 /* Feed in the entropy and nonce */
1601 params[0] = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY,
1602 (void *)tst->entropy_input,
1603 tst->entropy_input_len);
1604 params[1] = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_NONCE,
1605 (void *)tst->nonce,
1606 tst->nonce_len);
1607 params[2] = OSSL_PARAM_construct_end();
1608 if (!TEST_true(EVP_RAND_CTX_set_params(parent, params)))
1609 goto err;
1610
1611 /*
1612 * Run the test
1613 * A NULL personalisation string defaults to the built in so something
1614 * non-NULL is needed if there is no personalisation string
1615 */
1616 if (!TEST_true(EVP_RAND_instantiate(ctx, 0, 0, (void *)"", 0, NULL))
1617 || !TEST_true(EVP_RAND_generate(ctx, returned_bits, returned_bits_len,
1618 0, 0, NULL, 0))
1619 || !TEST_true(EVP_RAND_generate(ctx, returned_bits, returned_bits_len,
1620 0, 0, NULL, 0)))
1621 goto err;
1622
1623 test_output_memory("returned bits", returned_bits, returned_bits_len);
1624
1625 /* Clean up */
1626 if (!TEST_true(EVP_RAND_uninstantiate(ctx))
1627 || !TEST_true(EVP_RAND_uninstantiate(parent)))
1628 goto err;
1629
1630 /* Verify the output */
1631 if (!TEST_mem_eq(returned_bits, returned_bits_len,
1632 tst->returned_bits, tst->returned_bits_len))
1633 goto err;
1634 res = 1;
1635 err:
1636 EVP_RAND_CTX_free(ctx);
1637 /* Coverity is confused by the upref/free in EVP_RAND_CTX_new() subdue it */
1638 /* coverity[pass_freed_arg] */
1639 EVP_RAND_CTX_free(parent);
1640 EVP_RAND_free(rand);
1641 return res;
1642 }
1643
aes_cfb1_bits_test(void)1644 static int aes_cfb1_bits_test(void)
1645 {
1646 int ret = 0;
1647 EVP_CIPHER *cipher = NULL;
1648 EVP_CIPHER_CTX *ctx = NULL;
1649 unsigned char out[16] = { 0 };
1650 int outlen;
1651 const OSSL_PARAM *params, *p;
1652
1653 static const unsigned char key[] = {
1654 0x12, 0x22, 0x58, 0x2F, 0x1C, 0x1A, 0x8A, 0x88,
1655 0x30, 0xFC, 0x18, 0xB7, 0x24, 0x89, 0x7F, 0xC0
1656 };
1657 static const unsigned char iv[] = {
1658 0x05, 0x28, 0xB5, 0x2B, 0x58, 0x27, 0x63, 0x5C,
1659 0x81, 0x86, 0xD3, 0x63, 0x60, 0xB0, 0xAA, 0x2B
1660 };
1661 static const unsigned char pt[] = {
1662 0xB4
1663 };
1664 static const unsigned char expected[] = {
1665 0x6C
1666 };
1667
1668 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, "AES-128-CFB1", "fips=yes")))
1669 goto err;
1670 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()))
1671 goto err;
1672 if (!TEST_int_gt(EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, 1), 0))
1673 goto err;
1674 if (!TEST_ptr(params = EVP_CIPHER_CTX_settable_params(ctx))
1675 || !TEST_ptr(p = OSSL_PARAM_locate_const(params,
1676 OSSL_CIPHER_PARAM_USE_BITS)))
1677 goto err;
1678 EVP_CIPHER_CTX_set_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS);
1679 if (!TEST_int_gt(EVP_CipherUpdate(ctx, out, &outlen, pt, 7), 0))
1680 goto err;
1681 if (!TEST_int_eq(outlen, 7))
1682 goto err;
1683 if (!TEST_mem_eq(out, (outlen + 7) / 8, expected, sizeof(expected)))
1684 goto err;
1685 ret = 1;
1686 err:
1687 EVP_CIPHER_free(cipher);
1688 EVP_CIPHER_CTX_free(ctx);
1689 return ret;
1690 }
1691
setup_tests(void)1692 int setup_tests(void)
1693 {
1694 char *config_file = NULL;
1695
1696 OPTION_CHOICE o;
1697
1698 while ((o = opt_next()) != OPT_EOF) {
1699 switch (o) {
1700 case OPT_CONFIG_FILE:
1701 config_file = opt_arg();
1702 break;
1703 case OPT_TEST_CASES:
1704 break;
1705 default:
1706 case OPT_ERR:
1707 return 0;
1708 }
1709 }
1710
1711 if (!test_get_libctx(&libctx, &prov_null, config_file, NULL, NULL))
1712 return 0;
1713
1714 OSSL_SELF_TEST_set_callback(libctx, self_test_events, &self_test_args);
1715
1716 ADD_TEST(aes_cfb1_bits_test);
1717 ADD_ALL_TESTS(cipher_enc_dec_test, OSSL_NELEM(cipher_enc_data));
1718 ADD_ALL_TESTS(aes_ccm_enc_dec_test, OSSL_NELEM(aes_ccm_enc_data));
1719 ADD_ALL_TESTS(aes_gcm_enc_dec_test, OSSL_NELEM(aes_gcm_enc_data));
1720 if (fips_provider_version_ge(libctx, 3, 4, 0))
1721 ADD_TEST(aes_gcm_gen_iv_internal_test);
1722
1723 pass_sig_gen_params = fips_provider_version_ge(libctx, 3, 4, 0);
1724 rsa_sign_x931_pad_allowed = fips_provider_version_lt(libctx, 3, 4, 0);
1725 ADD_ALL_TESTS(rsa_keygen_test, OSSL_NELEM(rsa_keygen_data));
1726 ADD_ALL_TESTS(rsa_siggen_test, OSSL_NELEM(rsa_siggen_data));
1727 ADD_ALL_TESTS(rsa_sigver_test, OSSL_NELEM(rsa_sigver_data));
1728 ADD_ALL_TESTS(rsa_decryption_primitive_test,
1729 OSSL_NELEM(rsa_decrypt_prim_data));
1730
1731 #ifndef OPENSSL_NO_DH
1732 ADD_ALL_TESTS(dh_safe_prime_keygen_test,
1733 OSSL_NELEM(dh_safe_prime_keygen_data));
1734 ADD_ALL_TESTS(dh_safe_prime_keyver_test,
1735 OSSL_NELEM(dh_safe_prime_keyver_data));
1736 #endif /* OPENSSL_NO_DH */
1737
1738 #ifndef OPENSSL_NO_DSA
1739 dsasign_allowed = fips_provider_version_lt(libctx, 3, 4, 0);
1740 ADD_ALL_TESTS(dsa_keygen_test, OSSL_NELEM(dsa_keygen_data));
1741 ADD_ALL_TESTS(dsa_paramgen_test, OSSL_NELEM(dsa_paramgen_data));
1742 ADD_ALL_TESTS(dsa_pqver_test, OSSL_NELEM(dsa_pqver_data));
1743 ADD_ALL_TESTS(dsa_siggen_test, OSSL_NELEM(dsa_siggen_data));
1744 ADD_ALL_TESTS(dsa_sigver_test, OSSL_NELEM(dsa_sigver_data));
1745 #endif /* OPENSSL_NO_DSA */
1746
1747 #ifndef OPENSSL_NO_EC
1748 ec_cofactors = fips_provider_version_ge(libctx, 3, 4, 0);
1749 ADD_ALL_TESTS(ecdsa_keygen_test, OSSL_NELEM(ecdsa_keygen_data));
1750 ADD_ALL_TESTS(ecdsa_pub_verify_test, OSSL_NELEM(ecdsa_pv_data));
1751 ADD_ALL_TESTS(ecdsa_siggen_test, OSSL_NELEM(ecdsa_siggen_data));
1752 ADD_ALL_TESTS(ecdsa_sigver_test, OSSL_NELEM(ecdsa_sigver_data));
1753 ADD_ALL_TESTS(ecdh_cofactor_derive_test,
1754 OSSL_NELEM(ecdh_cofactor_derive_data));
1755 #endif /* OPENSSL_NO_EC */
1756
1757 #ifndef OPENSSL_NO_ECX
1758 if (fips_provider_version_ge(libctx, 3, 4, 0)) {
1759 ADD_ALL_TESTS(eddsa_keygen_test, OSSL_NELEM(eddsa_pv_data));
1760 ADD_ALL_TESTS(eddsa_pub_verify_test, OSSL_NELEM(eddsa_pv_data));
1761 }
1762 #endif
1763 ADD_ALL_TESTS(drbg_test, OSSL_NELEM(drbg_data));
1764 return 1;
1765 }
1766
cleanup_tests(void)1767 void cleanup_tests(void)
1768 {
1769 OSSL_PROVIDER_unload(prov_null);
1770 OSSL_LIB_CTX_free(libctx);
1771 }
1772