1 /*
2 * Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 /*
11
12 * These tests are setup to load null into the default library context.
13 * Any tests are expected to use the created 'libctx' to find algorithms.
14 * The framework runs the tests twice using the 'default' provider or
15 * 'fips' provider as inputs.
16 */
17
18 /*
19 * DSA/DH low level APIs are deprecated for public use, but still ok for
20 * internal use.
21 */
22 #include "internal/deprecated.h"
23 #include <assert.h>
24 #include <string.h>
25 #include <openssl/evp.h>
26 #include <openssl/provider.h>
27 #include <openssl/dsa.h>
28 #include <openssl/dh.h>
29 #include <openssl/safestack.h>
30 #include <openssl/core_dispatch.h>
31 #include <openssl/core_names.h>
32 #include <openssl/x509.h>
33 #include <openssl/encoder.h>
34 #include "testutil.h"
35 #include "internal/nelem.h"
36 #include "crypto/bn_dh.h" /* _bignum_ffdhe2048_p */
37
38 static OSSL_LIB_CTX *libctx = NULL;
39 static OSSL_PROVIDER *nullprov = NULL;
40 static OSSL_PROVIDER *libprov = NULL;
41 static STACK_OF(OPENSSL_STRING) *cipher_names = NULL;
42
43 typedef enum OPTION_choice {
44 OPT_ERR = -1,
45 OPT_EOF = 0,
46 OPT_CONFIG_FILE,
47 OPT_PROVIDER_NAME,
48 OPT_TEST_ENUM
49 } OPTION_CHOICE;
50
test_get_options(void)51 const OPTIONS *test_get_options(void)
52 {
53 static const OPTIONS test_options[] = {
54 OPT_TEST_OPTIONS_DEFAULT_USAGE,
55 { "config", OPT_CONFIG_FILE, '<',
56 "The configuration file to use for the libctx" },
57 { "provider", OPT_PROVIDER_NAME, 's',
58 "The provider to load (The default value is 'default')" },
59 { NULL }
60 };
61 return test_options;
62 }
63
64 #ifndef OPENSSL_NO_DH
getname(int id)65 static const char *getname(int id)
66 {
67 const char *name[] = {"p", "q", "g" };
68
69 if (id >= 0 && id < 3)
70 return name[id];
71 return "?";
72 }
73 #endif
74
test_evp_cipher_api_safety(void)75 static int test_evp_cipher_api_safety(void)
76 {
77 int ret = 0;
78 EVP_CIPHER_CTX *ctx = NULL;
79
80 ctx = EVP_CIPHER_CTX_new();
81
82 if (!TEST_ptr(ctx))
83 goto err;
84
85 /*
86 * Ensure that EVP_CIPHER_get_block_size returns 0
87 * if we haven't initialized the cipher in this context
88 */
89 if (!TEST_int_eq(EVP_CIPHER_CTX_get_block_size(ctx), 0))
90 goto err_free;
91
92 /*
93 * Ensure that EVP_CIPHER_get_iv_length returns 0
94 * if we haven't initialized the cipher in this context
95 */
96 if (!TEST_int_eq(EVP_CIPHER_CTX_get_iv_length(ctx), 0))
97 goto err_free;
98
99 ret = 1;
100 err_free:
101 EVP_CIPHER_CTX_free(ctx);
102 err:
103 return ret;
104 }
105
106 /*
107 * We're using some DH specific values in this test, so we skip compilation if
108 * we're in a no-dh build.
109 */
110 #if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DH)
111
test_dsa_param_keygen(int tstid)112 static int test_dsa_param_keygen(int tstid)
113 {
114 int ret = 0;
115 int expected;
116 EVP_PKEY_CTX *gen_ctx = NULL;
117 EVP_PKEY *pkey_parm = NULL;
118 EVP_PKEY *pkey = NULL, *dup_pk = NULL;
119 DSA *dsa = NULL;
120 int pind, qind, gind;
121 BIGNUM *p = NULL, *q = NULL, *g = NULL;
122
123 /*
124 * Just grab some fixed dh p, q, g values for testing,
125 * these 'safe primes' should not be used normally for dsa *.
126 */
127 static const BIGNUM *bn[] = {
128 &ossl_bignum_dh2048_256_p, &ossl_bignum_dh2048_256_q,
129 &ossl_bignum_dh2048_256_g
130 };
131
132 /*
133 * These tests are using bad values for p, q, g by reusing the values.
134 * A value of 0 uses p, 1 uses q and 2 uses g.
135 * There are 27 different combinations, with only the 1 valid combination.
136 */
137 pind = tstid / 9;
138 qind = (tstid / 3) % 3;
139 gind = tstid % 3;
140 expected = (pind == 0 && qind == 1 && gind == 2);
141
142 TEST_note("Testing with (p, q, g) = (%s, %s, %s)\n", getname(pind),
143 getname(qind), getname(gind));
144
145 if (!TEST_ptr(pkey_parm = EVP_PKEY_new())
146 || !TEST_ptr(dsa = DSA_new())
147 || !TEST_ptr(p = BN_dup(bn[pind]))
148 || !TEST_ptr(q = BN_dup(bn[qind]))
149 || !TEST_ptr(g = BN_dup(bn[gind]))
150 || !TEST_true(DSA_set0_pqg(dsa, p, q, g)))
151 goto err;
152 p = q = g = NULL;
153
154 if (!TEST_true(EVP_PKEY_assign_DSA(pkey_parm, dsa)))
155 goto err;
156 dsa = NULL;
157
158 if (!TEST_ptr(gen_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey_parm, NULL))
159 || !TEST_int_gt(EVP_PKEY_keygen_init(gen_ctx), 0)
160 || !TEST_int_eq(EVP_PKEY_keygen(gen_ctx, &pkey), expected))
161 goto err;
162
163 if (expected) {
164 if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pkey))
165 || !TEST_int_eq(EVP_PKEY_eq(pkey, dup_pk), 1))
166 goto err;
167 }
168
169 ret = 1;
170 err:
171 EVP_PKEY_free(pkey);
172 EVP_PKEY_free(dup_pk);
173 EVP_PKEY_CTX_free(gen_ctx);
174 EVP_PKEY_free(pkey_parm);
175 DSA_free(dsa);
176 BN_free(g);
177 BN_free(q);
178 BN_free(p);
179 return ret;
180 }
181 #endif /* OPENSSL_NO_DSA */
182
183 #ifndef OPENSSL_NO_DH
do_dh_param_keygen(int tstid,const BIGNUM ** bn)184 static int do_dh_param_keygen(int tstid, const BIGNUM **bn)
185 {
186 int ret = 0;
187 int expected;
188 EVP_PKEY_CTX *gen_ctx = NULL;
189 EVP_PKEY *pkey_parm = NULL;
190 EVP_PKEY *pkey = NULL, *dup_pk = NULL;
191 DH *dh = NULL;
192 int pind, qind, gind;
193 BIGNUM *p = NULL, *q = NULL, *g = NULL;
194
195 /*
196 * These tests are using bad values for p, q, g by reusing the values.
197 * A value of 0 uses p, 1 uses q and 2 uses g.
198 * There are 27 different combinations, with only the 1 valid combination.
199 */
200 pind = tstid / 9;
201 qind = (tstid / 3) % 3;
202 gind = tstid % 3;
203 expected = (pind == 0 && qind == 1 && gind == 2);
204
205 TEST_note("Testing with (p, q, g) = (%s, %s, %s)", getname(pind),
206 getname(qind), getname(gind));
207
208 if (!TEST_ptr(pkey_parm = EVP_PKEY_new())
209 || !TEST_ptr(dh = DH_new())
210 || !TEST_ptr(p = BN_dup(bn[pind]))
211 || !TEST_ptr(q = BN_dup(bn[qind]))
212 || !TEST_ptr(g = BN_dup(bn[gind]))
213 || !TEST_true(DH_set0_pqg(dh, p, q, g)))
214 goto err;
215 p = q = g = NULL;
216
217 if (!TEST_true(EVP_PKEY_assign_DH(pkey_parm, dh)))
218 goto err;
219 dh = NULL;
220
221 if (!TEST_ptr(gen_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey_parm, NULL))
222 || !TEST_int_gt(EVP_PKEY_keygen_init(gen_ctx), 0)
223 || !TEST_int_eq(EVP_PKEY_keygen(gen_ctx, &pkey), expected))
224 goto err;
225
226 if (expected) {
227 if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pkey))
228 || !TEST_int_eq(EVP_PKEY_eq(pkey, dup_pk), 1))
229 goto err;
230 }
231
232 ret = 1;
233 err:
234 EVP_PKEY_free(pkey);
235 EVP_PKEY_free(dup_pk);
236 EVP_PKEY_CTX_free(gen_ctx);
237 EVP_PKEY_free(pkey_parm);
238 DH_free(dh);
239 BN_free(g);
240 BN_free(q);
241 BN_free(p);
242 return ret;
243 }
244
245 /*
246 * Note that we get the fips186-4 path being run for most of these cases since
247 * the internal code will detect that the p, q, g does not match a safe prime
248 * group (Except for when tstid = 5, which sets the correct p, q, g)
249 */
test_dh_safeprime_param_keygen(int tstid)250 static int test_dh_safeprime_param_keygen(int tstid)
251 {
252 static const BIGNUM *bn[] = {
253 &ossl_bignum_ffdhe2048_p, &ossl_bignum_ffdhe2048_q,
254 &ossl_bignum_const_2
255 };
256 return do_dh_param_keygen(tstid, bn);
257 }
258
dhx_cert_load(void)259 static int dhx_cert_load(void)
260 {
261 int ret = 0;
262 X509 *cert = NULL;
263 BIO *bio = NULL;
264
265 static const unsigned char dhx_cert[] = {
266 0x30,0x82,0x03,0xff,0x30,0x82,0x02,0xe7,0xa0,0x03,0x02,0x01,0x02,0x02,0x09,0x00,
267 0xdb,0xf5,0x4d,0x22,0xa0,0x7a,0x67,0xa6,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,
268 0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x30,0x44,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,
269 0x04,0x06,0x13,0x02,0x55,0x4b,0x31,0x16,0x30,0x14,0x06,0x03,0x55,0x04,0x0a,0x0c,
270 0x0d,0x4f,0x70,0x65,0x6e,0x53,0x53,0x4c,0x20,0x47,0x72,0x6f,0x75,0x70,0x31,0x1d,
271 0x30,0x1b,0x06,0x03,0x55,0x04,0x03,0x0c,0x14,0x54,0x65,0x73,0x74,0x20,0x53,0x2f,
272 0x4d,0x49,0x4d,0x45,0x20,0x52,0x53,0x41,0x20,0x52,0x6f,0x6f,0x74,0x30,0x1e,0x17,
273 0x0d,0x31,0x33,0x30,0x38,0x30,0x32,0x31,0x34,0x34,0x39,0x32,0x39,0x5a,0x17,0x0d,
274 0x32,0x33,0x30,0x36,0x31,0x31,0x31,0x34,0x34,0x39,0x32,0x39,0x5a,0x30,0x44,0x31,
275 0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x4b,0x31,0x16,0x30,0x14,
276 0x06,0x03,0x55,0x04,0x0a,0x0c,0x0d,0x4f,0x70,0x65,0x6e,0x53,0x53,0x4c,0x20,0x47,
277 0x72,0x6f,0x75,0x70,0x31,0x1d,0x30,0x1b,0x06,0x03,0x55,0x04,0x03,0x0c,0x14,0x54,
278 0x65,0x73,0x74,0x20,0x53,0x2f,0x4d,0x49,0x4d,0x45,0x20,0x45,0x45,0x20,0x44,0x48,
279 0x20,0x23,0x31,0x30,0x82,0x01,0xb6,0x30,0x82,0x01,0x2b,0x06,0x07,0x2a,0x86,0x48,
280 0xce,0x3e,0x02,0x01,0x30,0x82,0x01,0x1e,0x02,0x81,0x81,0x00,0xd4,0x0c,0x4a,0x0c,
281 0x04,0x72,0x71,0x19,0xdf,0x59,0x19,0xc5,0xaf,0x44,0x7f,0xca,0x8e,0x2b,0xf0,0x09,
282 0xf5,0xd3,0x25,0xb1,0x73,0x16,0x55,0x89,0xdf,0xfd,0x07,0xaf,0x19,0xd3,0x7f,0xd0,
283 0x07,0xa2,0xfe,0x3f,0x5a,0xf1,0x01,0xc6,0xf8,0x2b,0xef,0x4e,0x6d,0x03,0x38,0x42,
284 0xa1,0x37,0xd4,0x14,0xb4,0x00,0x4a,0xb1,0x86,0x5a,0x83,0xce,0xb9,0x08,0x0e,0xc1,
285 0x99,0x27,0x47,0x8d,0x0b,0x85,0xa8,0x82,0xed,0xcc,0x0d,0xb9,0xb0,0x32,0x7e,0xdf,
286 0xe8,0xe4,0xf6,0xf6,0xec,0xb3,0xee,0x7a,0x11,0x34,0x65,0x97,0xfc,0x1a,0xb0,0x95,
287 0x4b,0x19,0xb9,0xa6,0x1c,0xd9,0x01,0x32,0xf7,0x35,0x7c,0x2d,0x5d,0xfe,0xc1,0x85,
288 0x70,0x49,0xf8,0xcc,0x99,0xd0,0xbe,0xf1,0x5a,0x78,0xc8,0x03,0x02,0x81,0x80,0x69,
289 0x00,0xfd,0x66,0xf2,0xfc,0x15,0x8b,0x09,0xb8,0xdc,0x4d,0xea,0xaa,0x79,0x55,0xf9,
290 0xdf,0x46,0xa6,0x2f,0xca,0x2d,0x8f,0x59,0x2a,0xad,0x44,0xa3,0xc6,0x18,0x2f,0x95,
291 0xb6,0x16,0x20,0xe3,0xd3,0xd1,0x8f,0x03,0xce,0x71,0x7c,0xef,0x3a,0xc7,0x44,0x39,
292 0x0e,0xe2,0x1f,0xd8,0xd3,0x89,0x2b,0xe7,0x51,0xdc,0x12,0x48,0x4c,0x18,0x4d,0x99,
293 0x12,0x06,0xe4,0x17,0x02,0x03,0x8c,0x24,0x05,0x8e,0xa6,0x85,0xf2,0x69,0x1b,0xe1,
294 0x6a,0xdc,0xe2,0x04,0x3a,0x01,0x9d,0x64,0xbe,0xfe,0x45,0xf9,0x44,0x18,0x71,0xbd,
295 0x2d,0x3e,0x7a,0x6f,0x72,0x7d,0x1a,0x80,0x42,0x57,0xae,0x18,0x6f,0x91,0xd6,0x61,
296 0x03,0x8a,0x1c,0x89,0x73,0xc7,0x56,0x41,0x03,0xd3,0xf8,0xed,0x65,0xe2,0x85,0x02,
297 0x15,0x00,0x89,0x94,0xab,0x10,0x67,0x45,0x41,0xad,0x63,0xc6,0x71,0x40,0x8d,0x6b,
298 0x9e,0x19,0x5b,0xa4,0xc7,0xf5,0x03,0x81,0x84,0x00,0x02,0x81,0x80,0x2f,0x5b,0xde,
299 0x72,0x02,0x36,0x6b,0x00,0x5e,0x24,0x7f,0x14,0x2c,0x18,0x52,0x42,0x97,0x4b,0xdb,
300 0x6e,0x15,0x50,0x3c,0x45,0x3e,0x25,0xf3,0xb7,0xc5,0x6e,0xe5,0x52,0xe7,0xc4,0xfb,
301 0xf4,0xa5,0xf0,0x39,0x12,0x7f,0xbc,0x54,0x1c,0x93,0xb9,0x5e,0xee,0xe9,0x14,0xb0,
302 0xdf,0xfe,0xfc,0x36,0xe4,0xf2,0xaf,0xfb,0x13,0xc8,0xdf,0x18,0x94,0x1d,0x40,0xb9,
303 0x71,0xdd,0x4c,0x9c,0xa7,0x03,0x52,0x02,0xb5,0xed,0x71,0x80,0x3e,0x23,0xda,0x28,
304 0xe5,0xab,0xe7,0x6f,0xf2,0x0a,0x0e,0x00,0x5b,0x7d,0xc6,0x4b,0xd7,0xc7,0xb2,0xc3,
305 0xba,0x62,0x7f,0x70,0x28,0xa0,0x9d,0x71,0x13,0x70,0xd1,0x9f,0x32,0x2f,0x3e,0xd2,
306 0xcd,0x1b,0xa4,0xc6,0x72,0xa0,0x74,0x5d,0x71,0xef,0x03,0x43,0x6e,0xa3,0x60,0x30,
307 0x5e,0x30,0x0c,0x06,0x03,0x55,0x1d,0x13,0x01,0x01,0xff,0x04,0x02,0x30,0x00,0x30,
308 0x0e,0x06,0x03,0x55,0x1d,0x0f,0x01,0x01,0xff,0x04,0x04,0x03,0x02,0x05,0xe0,0x30,
309 0x1d,0x06,0x03,0x55,0x1d,0x0e,0x04,0x16,0x04,0x14,0x0b,0x5a,0x4d,0x5f,0x7d,0x25,
310 0xc7,0xf2,0x9d,0xc1,0xaa,0xb7,0x63,0x82,0x2f,0xfa,0x8f,0x32,0xe7,0xc0,0x30,0x1f,
311 0x06,0x03,0x55,0x1d,0x23,0x04,0x18,0x30,0x16,0x80,0x14,0xdf,0x7e,0x5e,0x88,0x05,
312 0x24,0x33,0x08,0xdd,0x22,0x81,0x02,0x97,0xcc,0x9a,0xb7,0xb1,0x33,0x27,0x30,0x30,
313 0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x03,0x82,
314 0x01,0x01,0x00,0x5a,0xf2,0x63,0xef,0xd3,0x16,0xd7,0xf5,0xaa,0xdd,0x12,0x00,0x36,
315 0x00,0x21,0xa2,0x7b,0x08,0xd6,0x3b,0x9f,0x62,0xac,0x53,0x1f,0xed,0x4c,0xd1,0x15,
316 0x34,0x65,0x71,0xee,0x96,0x07,0xa6,0xef,0xb2,0xde,0xd8,0xbb,0x35,0x6e,0x2c,0xe2,
317 0xd1,0x26,0xef,0x7e,0x94,0xe2,0x88,0x51,0xa4,0x6c,0xaa,0x27,0x2a,0xd3,0xb6,0xc2,
318 0xf7,0xea,0xc3,0x0b,0xa9,0xb5,0x28,0x37,0xa2,0x63,0x08,0xe4,0x88,0xc0,0x1b,0x16,
319 0x1b,0xca,0xfd,0x8a,0x07,0x32,0x29,0xa7,0x53,0xb5,0x2d,0x30,0xe4,0xf5,0x16,0xc3,
320 0xe3,0xc2,0x4c,0x30,0x5d,0x35,0x80,0x1c,0xa2,0xdb,0xe3,0x4b,0x51,0x0d,0x4c,0x60,
321 0x5f,0xb9,0x46,0xac,0xa8,0x46,0xa7,0x32,0xa7,0x9c,0x76,0xf8,0xe9,0xb5,0x19,0xe2,
322 0x0c,0xe1,0x0f,0xc6,0x46,0xe2,0x38,0xa7,0x87,0x72,0x6d,0x6c,0xbc,0x88,0x2f,0x9d,
323 0x2d,0xe5,0xd0,0x7d,0x1e,0xc7,0x5d,0xf8,0x7e,0xb4,0x0b,0xa6,0xf9,0x6c,0xe3,0x7c,
324 0xb2,0x70,0x6e,0x75,0x9b,0x1e,0x63,0xe1,0x4d,0xb2,0x81,0xd3,0x55,0x38,0x94,0x1a,
325 0x7a,0xfa,0xbf,0x01,0x18,0x70,0x2d,0x35,0xd3,0xe3,0x10,0x7a,0x9a,0xa7,0x8f,0xf3,
326 0xbd,0x56,0x55,0x5e,0xd8,0xbd,0x4e,0x16,0x76,0xd0,0x48,0x4c,0xf9,0x51,0x54,0xdf,
327 0x2d,0xb0,0xc9,0xaa,0x5e,0x42,0x38,0x50,0xbf,0x0f,0xc0,0xd9,0x84,0x44,0x4b,0x42,
328 0x24,0xec,0x14,0xa3,0xde,0x11,0xdf,0x58,0x7f,0xc2,0x4d,0xb2,0xd5,0x42,0x78,0x6e,
329 0x52,0x3e,0xad,0xc3,0x5f,0x04,0xc4,0xe6,0x31,0xaa,0x81,0x06,0x8b,0x13,0x4b,0x3c,
330 0x0e,0x6a,0xb1
331 };
332
333 if (!TEST_ptr(bio = BIO_new_mem_buf(dhx_cert, sizeof(dhx_cert)))
334 || !TEST_ptr(cert = X509_new_ex(libctx, NULL))
335 || !TEST_ptr(d2i_X509_bio(bio, &cert)))
336 goto err;
337 ret = 1;
338 err:
339 X509_free(cert);
340 BIO_free(bio);
341 return ret;
342 }
343
344 #endif /* OPENSSL_NO_DH */
345
test_cipher_reinit(int test_id)346 static int test_cipher_reinit(int test_id)
347 {
348 int ret = 0, diff, ccm, siv, no_null_key;
349 int out1_len = 0, out2_len = 0, out3_len = 0;
350 EVP_CIPHER *cipher = NULL;
351 EVP_CIPHER_CTX *ctx = NULL;
352 unsigned char out1[256];
353 unsigned char out2[256];
354 unsigned char out3[256];
355 unsigned char in[16] = {
356 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
357 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10
358 };
359 unsigned char key[64] = {
360 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
361 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
362 0x01, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
363 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
364 0x02, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
365 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
366 0x03, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
367 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
368 };
369 unsigned char iv[48] = {
370 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08,
371 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00,
372 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08,
373 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00,
374 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08,
375 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00
376 };
377 const char *name = sk_OPENSSL_STRING_value(cipher_names, test_id);
378
379 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()))
380 goto err;
381
382 TEST_note("Fetching %s\n", name);
383 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, name, NULL)))
384 goto err;
385
386 /* ccm fails on the second update - this matches OpenSSL 1_1_1 behaviour */
387 ccm = (EVP_CIPHER_get_mode(cipher) == EVP_CIPH_CCM_MODE);
388
389 /* siv cannot be called with NULL key as the iv is irrelevant */
390 siv = (EVP_CIPHER_get_mode(cipher) == EVP_CIPH_SIV_MODE);
391
392 /*
393 * Skip init call with a null key for RC4 as the stream cipher does not
394 * handle reinit (1.1.1 behaviour).
395 */
396 no_null_key = EVP_CIPHER_is_a(cipher, "RC4")
397 || EVP_CIPHER_is_a(cipher, "RC4-40")
398 || EVP_CIPHER_is_a(cipher, "RC4-HMAC-MD5");
399
400 /* DES3-WRAP uses random every update - so it will give a different value */
401 diff = EVP_CIPHER_is_a(cipher, "DES3-WRAP");
402 if (!TEST_true(EVP_EncryptInit_ex(ctx, cipher, NULL, key, iv))
403 || !TEST_true(EVP_EncryptUpdate(ctx, out1, &out1_len, in, sizeof(in)))
404 || !TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv))
405 || !TEST_int_eq(EVP_EncryptUpdate(ctx, out2, &out2_len, in, sizeof(in)),
406 ccm ? 0 : 1)
407 || (!no_null_key
408 && (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv))
409 || !TEST_int_eq(EVP_EncryptUpdate(ctx, out3, &out3_len, in, sizeof(in)),
410 ccm || siv ? 0 : 1))))
411 goto err;
412
413 if (ccm == 0) {
414 if (diff) {
415 if (!TEST_mem_ne(out1, out1_len, out2, out2_len)
416 || !TEST_mem_ne(out1, out1_len, out3, out3_len)
417 || !TEST_mem_ne(out2, out2_len, out3, out3_len))
418 goto err;
419 } else {
420 if (!TEST_mem_eq(out1, out1_len, out2, out2_len)
421 || (!siv && !no_null_key && !TEST_mem_eq(out1, out1_len, out3, out3_len)))
422 goto err;
423 }
424 }
425 ret = 1;
426 err:
427 EVP_CIPHER_free(cipher);
428 EVP_CIPHER_CTX_free(ctx);
429 return ret;
430 }
431
432 /*
433 * This test only uses a partial block (half the block size) of input for each
434 * EVP_EncryptUpdate() in order to test that the second init/update is not using
435 * a leftover buffer from the first init/update.
436 * Note: some ciphers don't need a full block to produce output.
437 */
test_cipher_reinit_partialupdate(int test_id)438 static int test_cipher_reinit_partialupdate(int test_id)
439 {
440 int ret = 0, in_len;
441 int out1_len = 0, out2_len = 0, out3_len = 0;
442 EVP_CIPHER *cipher = NULL;
443 EVP_CIPHER_CTX *ctx = NULL;
444 unsigned char out1[256];
445 unsigned char out2[256];
446 unsigned char out3[256];
447 static const unsigned char in[32] = {
448 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
449 0xba, 0xbe, 0xba, 0xbe, 0x00, 0x00, 0xba, 0xbe,
450 0x01, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
451 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
452 };
453 static const unsigned char key[64] = {
454 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
455 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
456 0x01, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
457 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
458 0x02, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
459 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
460 0x03, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
461 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
462 };
463 static const unsigned char iv[48] = {
464 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08,
465 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00,
466 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08,
467 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00,
468 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08,
469 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00
470 };
471 const char *name = sk_OPENSSL_STRING_value(cipher_names, test_id);
472
473 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()))
474 goto err;
475
476 TEST_note("Fetching %s\n", name);
477 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, name, NULL)))
478 goto err;
479
480 in_len = EVP_CIPHER_get_block_size(cipher);
481 if (!TEST_int_gt(in_len, 0))
482 goto err;
483 if (in_len > 1)
484 in_len /= 2;
485
486 /* skip any ciphers that don't allow partial updates */
487 if (((EVP_CIPHER_get_flags(cipher)
488 & (EVP_CIPH_FLAG_CTS | EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK)) != 0)
489 || EVP_CIPHER_get_mode(cipher) == EVP_CIPH_CCM_MODE
490 || EVP_CIPHER_get_mode(cipher) == EVP_CIPH_XTS_MODE
491 || EVP_CIPHER_get_mode(cipher) == EVP_CIPH_WRAP_MODE) {
492 ret = 1;
493 goto err;
494 }
495
496 if (!TEST_true(EVP_EncryptInit_ex(ctx, cipher, NULL, key, iv))
497 || !TEST_true(EVP_EncryptUpdate(ctx, out1, &out1_len, in, in_len))
498 || !TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv))
499 || !TEST_true(EVP_EncryptUpdate(ctx, out2, &out2_len, in, in_len)))
500 goto err;
501
502 if (EVP_CIPHER_get_iv_length(cipher) != 0)
503 if (!TEST_mem_eq(out1, out1_len, out2, out2_len))
504 goto err;
505
506 if (EVP_CIPHER_get_mode(cipher) != EVP_CIPH_SIV_MODE) {
507 if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv))
508 || !TEST_true(EVP_EncryptUpdate(ctx, out3, &out3_len, in, in_len)))
509 goto err;
510
511 if (EVP_CIPHER_get_iv_length(cipher) != 0)
512 if (!TEST_mem_eq(out1, out1_len, out3, out3_len))
513 goto err;
514 }
515 ret = 1;
516 err:
517 EVP_CIPHER_free(cipher);
518 EVP_CIPHER_CTX_free(ctx);
519 return ret;
520 }
521
name_cmp(const char * const * a,const char * const * b)522 static int name_cmp(const char * const *a, const char * const *b)
523 {
524 return OPENSSL_strcasecmp(*a, *b);
525 }
526
collect_cipher_names(EVP_CIPHER * cipher,void * cipher_names_list)527 static void collect_cipher_names(EVP_CIPHER *cipher, void *cipher_names_list)
528 {
529 STACK_OF(OPENSSL_STRING) *names = cipher_names_list;
530 const char *name = EVP_CIPHER_get0_name(cipher);
531 char *namedup = NULL;
532
533 /* Skip Triple-DES encryption operations in FIPS mode */
534 if (OSSL_PROVIDER_available(libctx, "fips")
535 && strncmp(name, "DES", 3) == 0)
536 return;
537 assert(name != NULL);
538 /* the cipher will be freed after returning, strdup is needed */
539 if ((namedup = OPENSSL_strdup(name)) != NULL
540 && !sk_OPENSSL_STRING_push(names, namedup))
541 OPENSSL_free(namedup);
542 }
543
rsa_keygen(int bits,EVP_PKEY ** pub,EVP_PKEY ** priv)544 static int rsa_keygen(int bits, EVP_PKEY **pub, EVP_PKEY **priv)
545 {
546 int ret = 0;
547 unsigned char *pub_der = NULL;
548 const unsigned char *pp = NULL;
549 size_t len = 0;
550 OSSL_ENCODER_CTX *ectx = NULL;
551
552 if (!TEST_ptr(*priv = EVP_PKEY_Q_keygen(libctx, NULL, "RSA", bits))
553 || !TEST_ptr(ectx =
554 OSSL_ENCODER_CTX_new_for_pkey(*priv,
555 EVP_PKEY_PUBLIC_KEY,
556 "DER", "type-specific",
557 NULL))
558 || !TEST_true(OSSL_ENCODER_to_data(ectx, &pub_der, &len)))
559 goto err;
560 pp = pub_der;
561 if (!TEST_ptr(d2i_PublicKey(EVP_PKEY_RSA, pub, &pp, len)))
562 goto err;
563 ret = 1;
564 err:
565 OSSL_ENCODER_CTX_free(ectx);
566 OPENSSL_free(pub_der);
567 return ret;
568 }
569
kem_rsa_gen_recover(void)570 static int kem_rsa_gen_recover(void)
571 {
572 int ret = 0;
573 EVP_PKEY *pub = NULL;
574 EVP_PKEY *priv = NULL;
575 EVP_PKEY_CTX *sctx = NULL, *rctx = NULL, *dctx = NULL;
576 unsigned char secret[256] = { 0, };
577 unsigned char ct[256] = { 0, };
578 unsigned char unwrap[256] = { 0, };
579 size_t ctlen = 0, unwraplen = 0, secretlen = 0;
580 int bits = 2048;
581
582 ret = TEST_true(rsa_keygen(bits, &pub, &priv))
583 && TEST_ptr(sctx = EVP_PKEY_CTX_new_from_pkey(libctx, pub, NULL))
584 && TEST_int_eq(EVP_PKEY_encapsulate_init(sctx, NULL), 1)
585 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(sctx, "RSASVE"), 1)
586 && TEST_ptr(dctx = EVP_PKEY_CTX_dup(sctx))
587 && TEST_int_eq(EVP_PKEY_encapsulate(dctx, NULL, &ctlen, NULL,
588 &secretlen), 1)
589 && TEST_int_eq(ctlen, secretlen)
590 && TEST_int_eq(ctlen, bits / 8)
591 && TEST_int_eq(EVP_PKEY_encapsulate(dctx, ct, &ctlen, secret,
592 &secretlen), 1)
593 && TEST_ptr(rctx = EVP_PKEY_CTX_new_from_pkey(libctx, priv, NULL))
594 && TEST_int_eq(EVP_PKEY_decapsulate_init(rctx, NULL), 1)
595 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(rctx, "RSASVE"), 1)
596 && TEST_int_eq(EVP_PKEY_decapsulate(rctx, NULL, &unwraplen,
597 ct, ctlen), 1)
598 && TEST_int_eq(EVP_PKEY_decapsulate(rctx, unwrap, &unwraplen,
599 ct, ctlen), 1)
600 && TEST_mem_eq(unwrap, unwraplen, secret, secretlen);
601 EVP_PKEY_free(pub);
602 EVP_PKEY_free(priv);
603 EVP_PKEY_CTX_free(rctx);
604 EVP_PKEY_CTX_free(dctx);
605 EVP_PKEY_CTX_free(sctx);
606 return ret;
607 }
608
609 #ifndef OPENSSL_NO_DES
610 /*
611 * This test makes sure that EVP_CIPHER_CTX_rand_key() works correctly
612 * For fips mode this code would produce an error if the flag is not set.
613 */
test_cipher_tdes_randkey(void)614 static int test_cipher_tdes_randkey(void)
615 {
616 int ret;
617 EVP_CIPHER_CTX *ctx = NULL;
618 EVP_CIPHER *tdes_cipher = NULL, *aes_cipher = NULL;
619 unsigned char key[24] = { 0 };
620 OSSL_PARAM params[2];
621 int check = 0;
622
623 params[0] = OSSL_PARAM_construct_int("encrypt-check", &check);
624 params[1] = OSSL_PARAM_construct_end();
625 ret = TEST_ptr(aes_cipher = EVP_CIPHER_fetch(libctx, "AES-256-CBC", NULL))
626 && TEST_int_eq(EVP_CIPHER_get_flags(aes_cipher) & EVP_CIPH_RAND_KEY, 0)
627 && TEST_ptr(tdes_cipher = EVP_CIPHER_fetch(libctx, "DES-EDE3-CBC", NULL))
628 && TEST_int_ne(EVP_CIPHER_get_flags(tdes_cipher) & EVP_CIPH_RAND_KEY, 0)
629 && TEST_ptr(ctx = EVP_CIPHER_CTX_new())
630 && TEST_true(EVP_CipherInit_ex2(ctx, tdes_cipher, NULL, NULL, 1,
631 params))
632 && TEST_int_gt(EVP_CIPHER_CTX_rand_key(ctx, key), 0);
633
634 EVP_CIPHER_CTX_free(ctx);
635 EVP_CIPHER_free(tdes_cipher);
636 EVP_CIPHER_free(aes_cipher);
637 return ret;
638 }
639 #endif /* OPENSSL_NO_DES */
640
kem_rsa_params(void)641 static int kem_rsa_params(void)
642 {
643 int ret = 0;
644 EVP_PKEY *pub = NULL;
645 EVP_PKEY *priv = NULL;
646 EVP_PKEY_CTX *pubctx = NULL, *privctx = NULL;
647 unsigned char secret[256] = { 0, };
648 unsigned char ct[256] = { 0, };
649 size_t ctlen = 0, secretlen = 0;
650
651 ret = TEST_true(rsa_keygen(2048, &pub, &priv))
652 && TEST_ptr(pubctx = EVP_PKEY_CTX_new_from_pkey(libctx, pub, NULL))
653 && TEST_ptr(privctx = EVP_PKEY_CTX_new_from_pkey(libctx, priv, NULL))
654 /* Test setting kem op before the init fails */
655 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx, "RSASVE"), -2)
656 /* Test NULL ctx passed */
657 && TEST_int_eq(EVP_PKEY_encapsulate_init(NULL, NULL), 0)
658 && TEST_int_eq(EVP_PKEY_encapsulate(NULL, NULL, NULL, NULL, NULL), 0)
659 && TEST_int_eq(EVP_PKEY_decapsulate_init(NULL, NULL), 0)
660 && TEST_int_eq(EVP_PKEY_decapsulate(NULL, NULL, NULL, NULL, 0), 0)
661 /* Test Invalid operation */
662 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, NULL, NULL, NULL), -1)
663 && TEST_int_eq(EVP_PKEY_decapsulate(privctx, NULL, NULL, NULL, 0), 0)
664 /* Wrong key component - no secret should be returned on failure */
665 && TEST_int_eq(EVP_PKEY_decapsulate_init(pubctx, NULL), 1)
666 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx, "RSASVE"), 1)
667 && TEST_int_eq(EVP_PKEY_decapsulate(pubctx, secret, &secretlen, ct,
668 sizeof(ct)), 0)
669 && TEST_uchar_eq(secret[0], 0)
670 /* Test encapsulate fails if the mode is not set */
671 && TEST_int_eq(EVP_PKEY_encapsulate_init(pubctx, NULL), 1)
672 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, ct, &ctlen, secret, &secretlen), -2)
673 /* Test setting a bad kem ops fail */
674 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx, "RSA"), 0)
675 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx, NULL), 0)
676 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(NULL, "RSASVE"), 0)
677 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(NULL, NULL), 0)
678 /* Test secretlen is optional */
679 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx, "RSASVE"), 1)
680 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, ct, &ctlen, secret, NULL), 1)
681 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, &ctlen, NULL, NULL), 1)
682 /* Test outlen is optional */
683 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, NULL, NULL, &secretlen), 1)
684 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, ct, NULL, secret, &secretlen), 1)
685 /* test that either len must be set if out is NULL */
686 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, NULL, NULL, NULL), 0)
687 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, &ctlen, NULL, NULL), 1)
688 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, NULL, NULL, &secretlen), 1)
689 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, &ctlen, NULL, &secretlen), 1)
690 /* Secret buffer should be set if there is an output buffer */
691 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, ct, &ctlen, NULL, NULL), 0)
692 /* Test that lengths are optional if ct is not NULL */
693 && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, ct, NULL, secret, NULL), 1)
694 /* Pass if secret or secret length are not NULL */
695 && TEST_int_eq(EVP_PKEY_decapsulate_init(privctx, NULL), 1)
696 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(privctx, "RSASVE"), 1)
697 && TEST_int_eq(EVP_PKEY_decapsulate(privctx, secret, NULL, ct, sizeof(ct)), 1)
698 && TEST_int_eq(EVP_PKEY_decapsulate(privctx, NULL, &secretlen, ct, sizeof(ct)), 1)
699 && TEST_int_eq(secretlen, 256)
700 /* Fail if passed NULL arguments */
701 && TEST_int_eq(EVP_PKEY_decapsulate(privctx, NULL, NULL, ct, sizeof(ct)), 0)
702 && TEST_int_eq(EVP_PKEY_decapsulate(privctx, secret, &secretlen, NULL, 0), 0)
703 && TEST_int_eq(EVP_PKEY_decapsulate(privctx, secret, &secretlen, NULL, sizeof(ct)), 0)
704 && TEST_int_eq(EVP_PKEY_decapsulate(privctx, secret, &secretlen, ct, 0), 0);
705
706 EVP_PKEY_free(pub);
707 EVP_PKEY_free(priv);
708 EVP_PKEY_CTX_free(pubctx);
709 EVP_PKEY_CTX_free(privctx);
710 return ret;
711 }
712
713 #ifndef OPENSSL_NO_DH
gen_dh_key(void)714 static EVP_PKEY *gen_dh_key(void)
715 {
716 EVP_PKEY_CTX *gctx = NULL;
717 EVP_PKEY *pkey = NULL;
718 OSSL_PARAM params[2];
719
720 params[0] = OSSL_PARAM_construct_utf8_string("group", "ffdhe2048", 0);
721 params[1] = OSSL_PARAM_construct_end();
722
723 if (!TEST_ptr(gctx = EVP_PKEY_CTX_new_from_name(libctx, "DH", NULL))
724 || !TEST_int_gt(EVP_PKEY_keygen_init(gctx), 0)
725 || !TEST_true(EVP_PKEY_CTX_set_params(gctx, params))
726 || !TEST_true(EVP_PKEY_keygen(gctx, &pkey)))
727 goto err;
728 err:
729 EVP_PKEY_CTX_free(gctx);
730 return pkey;
731 }
732
733 /* Fail if we try to use a dh key */
kem_invalid_keytype(void)734 static int kem_invalid_keytype(void)
735 {
736 int ret = 0;
737 EVP_PKEY *key = NULL;
738 EVP_PKEY_CTX *sctx = NULL;
739
740 if (!TEST_ptr(key = gen_dh_key()))
741 goto done;
742
743 if (!TEST_ptr(sctx = EVP_PKEY_CTX_new_from_pkey(libctx, key, NULL)))
744 goto done;
745 if (!TEST_int_eq(EVP_PKEY_encapsulate_init(sctx, NULL), -2))
746 goto done;
747
748 ret = 1;
749 done:
750 EVP_PKEY_free(key);
751 EVP_PKEY_CTX_free(sctx);
752 return ret;
753 }
754 #endif /* OPENSSL_NO_DH */
755
setup_tests(void)756 int setup_tests(void)
757 {
758 const char *prov_name = "default";
759 char *config_file = NULL;
760 OPTION_CHOICE o;
761
762 while ((o = opt_next()) != OPT_EOF) {
763 switch (o) {
764 case OPT_PROVIDER_NAME:
765 prov_name = opt_arg();
766 break;
767 case OPT_CONFIG_FILE:
768 config_file = opt_arg();
769 break;
770 case OPT_TEST_CASES:
771 break;
772 default:
773 case OPT_ERR:
774 return 0;
775 }
776 }
777
778 if (!test_get_libctx(&libctx, &nullprov, config_file, &libprov, prov_name))
779 return 0;
780
781 ADD_TEST(test_evp_cipher_api_safety);
782
783 #if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DH)
784 if (strcmp(prov_name, "fips") != 0
785 || fips_provider_version_lt(libctx, 3, 4, 0))
786 ADD_ALL_TESTS(test_dsa_param_keygen, 3 * 3 * 3);
787 #endif
788 #ifndef OPENSSL_NO_DH
789 ADD_ALL_TESTS(test_dh_safeprime_param_keygen, 3 * 3 * 3);
790 ADD_TEST(dhx_cert_load);
791 #endif
792
793 if (!TEST_ptr(cipher_names = sk_OPENSSL_STRING_new(name_cmp)))
794 return 0;
795 EVP_CIPHER_do_all_provided(libctx, collect_cipher_names, cipher_names);
796
797 ADD_ALL_TESTS(test_cipher_reinit, sk_OPENSSL_STRING_num(cipher_names));
798 ADD_ALL_TESTS(test_cipher_reinit_partialupdate,
799 sk_OPENSSL_STRING_num(cipher_names));
800 ADD_TEST(kem_rsa_gen_recover);
801 ADD_TEST(kem_rsa_params);
802 #ifndef OPENSSL_NO_DH
803 ADD_TEST(kem_invalid_keytype);
804 #endif
805 #ifndef OPENSSL_NO_DES
806 ADD_TEST(test_cipher_tdes_randkey);
807 #endif
808 return 1;
809 }
810
811 /* Because OPENSSL_free is a macro, it can't be passed as a function pointer */
string_free(char * m)812 static void string_free(char *m)
813 {
814 OPENSSL_free(m);
815 }
816
cleanup_tests(void)817 void cleanup_tests(void)
818 {
819 sk_OPENSSL_STRING_pop_free(cipher_names, string_free);
820 OSSL_PROVIDER_unload(libprov);
821 OSSL_LIB_CTX_free(libctx);
822 OSSL_PROVIDER_unload(nullprov);
823 }
824