1 /* 2 * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 /* 11 * A set of tests demonstrating uses cases for CAVS/ACVP testing. 12 * 13 * For examples of testing KDF's, Digests, KeyAgreement & DRBG's refer to 14 * providers/fips/self_test_kats.c 15 */ 16 17 #include <string.h> 18 #include <openssl/opensslconf.h> /* To see if OPENSSL_NO_EC is defined */ 19 #include <openssl/core_names.h> 20 #include <openssl/evp.h> 21 #include <openssl/ec.h> 22 #include <openssl/dh.h> 23 #include <openssl/dsa.h> 24 #include <openssl/rsa.h> 25 #include <openssl/param_build.h> 26 #include <openssl/provider.h> 27 #include <openssl/self_test.h> 28 #include "testutil.h" 29 #include "testutil/output.h" 30 #include "acvp_test.inc" 31 #include "internal/nelem.h" 32 33 typedef enum OPTION_choice { 34 OPT_ERR = -1, 35 OPT_EOF = 0, 36 OPT_CONFIG_FILE, 37 OPT_TEST_ENUM 38 } OPTION_CHOICE; 39 40 typedef struct st_args { 41 int enable; 42 int called; 43 } SELF_TEST_ARGS; 44 45 static OSSL_PROVIDER *prov_null = NULL; 46 static OSSL_LIB_CTX *libctx = NULL; 47 static SELF_TEST_ARGS self_test_args = { 0 }; 48 static OSSL_CALLBACK self_test_events; 49 50 const OPTIONS *test_get_options(void) 51 { 52 static const OPTIONS test_options[] = { 53 OPT_TEST_OPTIONS_DEFAULT_USAGE, 54 { "config", OPT_CONFIG_FILE, '<', 55 "The configuration file to use for the libctx" }, 56 { NULL } 57 }; 58 return test_options; 59 } 60 61 static int pkey_get_bn_bytes(EVP_PKEY *pkey, const char *name, 62 unsigned char **out, size_t *out_len) 63 { 64 unsigned char *buf = NULL; 65 BIGNUM *bn = NULL; 66 int sz; 67 68 if (!EVP_PKEY_get_bn_param(pkey, name, &bn)) 69 goto err; 70 sz = BN_num_bytes(bn); 71 buf = OPENSSL_zalloc(sz); 72 if (buf == NULL) 73 goto err; 74 if (BN_bn2binpad(bn, buf, sz) <= 0) 75 goto err; 76 77 *out_len = sz; 78 *out = buf; 79 BN_free(bn); 80 return 1; 81 err: 82 OPENSSL_free(buf); 83 BN_free(bn); 84 return 0; 85 } 86 87 static int sig_gen(EVP_PKEY *pkey, OSSL_PARAM *params, const char *digest_name, 88 const unsigned char *msg, size_t msg_len, 89 unsigned char **sig_out, size_t *sig_out_len) 90 { 91 int ret = 0; 92 EVP_MD_CTX *md_ctx = NULL; 93 unsigned char *sig = NULL; 94 size_t sig_len; 95 size_t sz = EVP_PKEY_get_size(pkey); 96 97 sig_len = sz; 98 if (!TEST_ptr(sig = OPENSSL_malloc(sz)) 99 || !TEST_ptr(md_ctx = EVP_MD_CTX_new()) 100 || !TEST_int_eq(EVP_DigestSignInit_ex(md_ctx, NULL, digest_name, libctx, 101 NULL, pkey, NULL), 1) 102 || !TEST_int_gt(EVP_DigestSign(md_ctx, sig, &sig_len, msg, msg_len), 0)) 103 goto err; 104 *sig_out = sig; 105 *sig_out_len = sig_len; 106 sig = NULL; 107 ret = 1; 108 err: 109 OPENSSL_free(sig); 110 EVP_MD_CTX_free(md_ctx); 111 return ret; 112 } 113 114 #ifndef OPENSSL_NO_EC 115 static int ecdsa_keygen_test(int id) 116 { 117 int ret = 0; 118 EVP_PKEY *pkey = NULL; 119 unsigned char *priv = NULL; 120 unsigned char *pubx = NULL, *puby = NULL; 121 size_t priv_len = 0, pubx_len = 0, puby_len = 0; 122 const struct ecdsa_keygen_st *tst = &ecdsa_keygen_data[id]; 123 124 self_test_args.called = 0; 125 self_test_args.enable = 1; 126 if (!TEST_ptr(pkey = EVP_PKEY_Q_keygen(libctx, NULL, "EC", tst->curve_name)) 127 || !TEST_int_ge(self_test_args.called, 3) 128 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_PRIV_KEY, &priv, 129 &priv_len)) 130 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_EC_PUB_X, &pubx, 131 &pubx_len)) 132 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_EC_PUB_Y, &puby, 133 &puby_len))) 134 goto err; 135 136 test_output_memory("qy", puby, puby_len); 137 test_output_memory("qx", pubx, pubx_len); 138 test_output_memory("d", priv, priv_len); 139 ret = 1; 140 err: 141 self_test_args.enable = 0; 142 self_test_args.called = 0; 143 OPENSSL_clear_free(priv, priv_len); 144 OPENSSL_free(pubx); 145 OPENSSL_free(puby); 146 EVP_PKEY_free(pkey); 147 return ret; 148 } 149 150 static int ecdsa_create_pkey(EVP_PKEY **pkey, const char *curve_name, 151 const unsigned char *pub, size_t pub_len, 152 int expected) 153 { 154 int ret = 0; 155 EVP_PKEY_CTX *ctx = NULL; 156 OSSL_PARAM_BLD *bld = NULL; 157 OSSL_PARAM *params = NULL; 158 159 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new()) 160 || (curve_name != NULL 161 && !TEST_true(OSSL_PARAM_BLD_push_utf8_string( 162 bld, OSSL_PKEY_PARAM_GROUP_NAME, curve_name, 0) > 0)) 163 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld, 164 OSSL_PKEY_PARAM_PUB_KEY, 165 pub, pub_len) > 0) 166 || !TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)) 167 || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "EC", NULL)) 168 || !TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1) 169 || !TEST_int_eq(EVP_PKEY_fromdata(ctx, pkey, EVP_PKEY_PUBLIC_KEY, 170 params), expected)) 171 goto err; 172 173 ret = 1; 174 err: 175 OSSL_PARAM_free(params); 176 OSSL_PARAM_BLD_free(bld); 177 EVP_PKEY_CTX_free(ctx); 178 return ret; 179 } 180 181 static int ecdsa_pub_verify_test(int id) 182 { 183 const struct ecdsa_pub_verify_st *tst = &ecdsa_pv_data[id]; 184 185 int ret = 0; 186 EVP_PKEY_CTX *key_ctx = NULL; 187 EVP_PKEY *pkey = NULL; 188 189 if (!TEST_true(ecdsa_create_pkey(&pkey, tst->curve_name, 190 tst->pub, tst->pub_len, tst->pass))) 191 goto err; 192 193 if (tst->pass) { 194 if (!TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, "")) 195 || !TEST_int_eq(EVP_PKEY_public_check(key_ctx), tst->pass)) 196 goto err; 197 } 198 ret = 1; 199 err: 200 EVP_PKEY_free(pkey); 201 EVP_PKEY_CTX_free(key_ctx); 202 return ret; 203 } 204 205 /* Extract r and s from an ecdsa signature */ 206 static int get_ecdsa_sig_rs_bytes(const unsigned char *sig, size_t sig_len, 207 unsigned char **r, unsigned char **s, 208 size_t *rlen, size_t *slen) 209 { 210 int ret = 0; 211 unsigned char *rbuf = NULL, *sbuf = NULL; 212 size_t r1_len, s1_len; 213 const BIGNUM *r1, *s1; 214 ECDSA_SIG *sign = d2i_ECDSA_SIG(NULL, &sig, sig_len); 215 216 if (sign == NULL) 217 return 0; 218 r1 = ECDSA_SIG_get0_r(sign); 219 s1 = ECDSA_SIG_get0_s(sign); 220 if (r1 == NULL || s1 == NULL) 221 goto err; 222 223 r1_len = BN_num_bytes(r1); 224 s1_len = BN_num_bytes(s1); 225 rbuf = OPENSSL_zalloc(r1_len); 226 sbuf = OPENSSL_zalloc(s1_len); 227 if (rbuf == NULL || sbuf == NULL) 228 goto err; 229 if (BN_bn2binpad(r1, rbuf, r1_len) <= 0) 230 goto err; 231 if (BN_bn2binpad(s1, sbuf, s1_len) <= 0) 232 goto err; 233 *r = rbuf; 234 *s = sbuf; 235 *rlen = r1_len; 236 *slen = s1_len; 237 ret = 1; 238 err: 239 if (ret == 0) { 240 OPENSSL_free(rbuf); 241 OPENSSL_free(sbuf); 242 } 243 ECDSA_SIG_free(sign); 244 return ret; 245 } 246 247 static int ecdsa_siggen_test(int id) 248 { 249 int ret = 0; 250 EVP_PKEY *pkey = NULL; 251 size_t sig_len = 0, rlen = 0, slen = 0; 252 unsigned char *sig = NULL; 253 unsigned char *r = NULL, *s = NULL; 254 const struct ecdsa_siggen_st *tst = &ecdsa_siggen_data[id]; 255 256 if (!TEST_ptr(pkey = EVP_PKEY_Q_keygen(libctx, NULL, "EC", tst->curve_name))) 257 goto err; 258 259 if (!TEST_true(sig_gen(pkey, NULL, tst->digest_alg, tst->msg, tst->msg_len, 260 &sig, &sig_len)) 261 || !TEST_true(get_ecdsa_sig_rs_bytes(sig, sig_len, &r, &s, &rlen, &slen))) 262 goto err; 263 test_output_memory("r", r, rlen); 264 test_output_memory("s", s, slen); 265 ret = 1; 266 err: 267 OPENSSL_free(r); 268 OPENSSL_free(s); 269 OPENSSL_free(sig); 270 EVP_PKEY_free(pkey); 271 return ret; 272 } 273 274 static int ecdsa_sigver_test(int id) 275 { 276 int ret = 0; 277 EVP_MD_CTX *md_ctx = NULL; 278 EVP_PKEY *pkey = NULL; 279 ECDSA_SIG *sign = NULL; 280 size_t sig_len; 281 unsigned char *sig = NULL; 282 BIGNUM *rbn = NULL, *sbn = NULL; 283 const struct ecdsa_sigver_st *tst = &ecdsa_sigver_data[id]; 284 285 if (!TEST_true(ecdsa_create_pkey(&pkey, tst->curve_name, 286 tst->pub, tst->pub_len, 1))) 287 goto err; 288 289 if (!TEST_ptr(sign = ECDSA_SIG_new()) 290 || !TEST_ptr(rbn = BN_bin2bn(tst->r, tst->r_len, NULL)) 291 || !TEST_ptr(sbn = BN_bin2bn(tst->s, tst->s_len, NULL)) 292 || !TEST_true(ECDSA_SIG_set0(sign, rbn, sbn))) 293 goto err; 294 rbn = sbn = NULL; 295 296 ret = TEST_int_gt((sig_len = i2d_ECDSA_SIG(sign, &sig)), 0) 297 && TEST_ptr(md_ctx = EVP_MD_CTX_new()) 298 && TEST_true(EVP_DigestVerifyInit_ex(md_ctx, NULL, tst->digest_alg, 299 libctx, NULL, pkey, NULL) 300 && TEST_int_eq(EVP_DigestVerify(md_ctx, sig, sig_len, 301 tst->msg, tst->msg_len), tst->pass)); 302 err: 303 BN_free(rbn); 304 BN_free(sbn); 305 OPENSSL_free(sig); 306 ECDSA_SIG_free(sign); 307 EVP_PKEY_free(pkey); 308 EVP_MD_CTX_free(md_ctx); 309 return ret; 310 311 } 312 #endif /* OPENSSL_NO_EC */ 313 314 #ifndef OPENSSL_NO_DSA 315 static int pkey_get_octet_bytes(EVP_PKEY *pkey, const char *name, 316 unsigned char **out, size_t *out_len) 317 { 318 size_t len = 0; 319 unsigned char *buf = NULL; 320 321 if (!EVP_PKEY_get_octet_string_param(pkey, name, NULL, 0, &len)) 322 goto err; 323 324 buf = OPENSSL_zalloc(len); 325 if (buf == NULL) 326 goto err; 327 328 if (!EVP_PKEY_get_octet_string_param(pkey, name, buf, len, out_len)) 329 goto err; 330 *out = buf; 331 return 1; 332 err: 333 OPENSSL_free(buf); 334 return 0; 335 } 336 337 static EVP_PKEY *dsa_paramgen(int L, int N) 338 { 339 EVP_PKEY_CTX *paramgen_ctx = NULL; 340 EVP_PKEY *param_key = NULL; 341 342 if (!TEST_ptr(paramgen_ctx = EVP_PKEY_CTX_new_from_name(libctx, "DSA", NULL)) 343 || !TEST_int_gt(EVP_PKEY_paramgen_init(paramgen_ctx), 0) 344 || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_bits(paramgen_ctx, L)) 345 || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_q_bits(paramgen_ctx, N)) 346 || !TEST_true(EVP_PKEY_paramgen(paramgen_ctx, ¶m_key))) 347 return NULL; 348 EVP_PKEY_CTX_free(paramgen_ctx); 349 return param_key; 350 } 351 352 static EVP_PKEY *dsa_keygen(int L, int N) 353 { 354 EVP_PKEY *param_key = NULL, *key = NULL; 355 EVP_PKEY_CTX *keygen_ctx = NULL; 356 357 if (!TEST_ptr(param_key = dsa_paramgen(L, N)) 358 || !TEST_ptr(keygen_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, param_key, 359 NULL)) 360 || !TEST_int_gt(EVP_PKEY_keygen_init(keygen_ctx), 0) 361 || !TEST_int_gt(EVP_PKEY_keygen(keygen_ctx, &key), 0)) 362 goto err; 363 err: 364 EVP_PKEY_free(param_key); 365 EVP_PKEY_CTX_free(keygen_ctx); 366 return key; 367 } 368 369 static int dsa_keygen_test(int id) 370 { 371 int ret = 0, i; 372 EVP_PKEY_CTX *paramgen_ctx = NULL, *keygen_ctx = NULL; 373 EVP_PKEY *param_key = NULL, *key = NULL; 374 unsigned char *priv = NULL, *pub = NULL; 375 size_t priv_len = 0, pub_len = 0; 376 const struct dsa_paramgen_st *tst = &dsa_keygen_data[id]; 377 378 if (!TEST_ptr(param_key = dsa_paramgen(tst->L, tst->N)) 379 || !TEST_ptr(keygen_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, param_key, 380 NULL)) 381 || !TEST_int_gt(EVP_PKEY_keygen_init(keygen_ctx), 0)) 382 goto err; 383 for (i = 0; i < 2; ++i) { 384 if (!TEST_int_gt(EVP_PKEY_keygen(keygen_ctx, &key), 0) 385 || !TEST_true(pkey_get_bn_bytes(key, OSSL_PKEY_PARAM_PRIV_KEY, 386 &priv, &priv_len)) 387 || !TEST_true(pkey_get_bn_bytes(key, OSSL_PKEY_PARAM_PUB_KEY, 388 &pub, &pub_len))) 389 goto err; 390 test_output_memory("y", pub, pub_len); 391 test_output_memory("x", priv, priv_len); 392 EVP_PKEY_free(key); 393 OPENSSL_clear_free(priv, priv_len); 394 OPENSSL_free(pub); 395 key = NULL; 396 pub = priv = NULL; 397 } 398 ret = 1; 399 err: 400 OPENSSL_clear_free(priv, priv_len); 401 OPENSSL_free(pub); 402 EVP_PKEY_free(param_key); 403 EVP_PKEY_free(key); 404 EVP_PKEY_CTX_free(keygen_ctx); 405 EVP_PKEY_CTX_free(paramgen_ctx); 406 return ret; 407 } 408 409 static int dsa_paramgen_test(int id) 410 { 411 int ret = 0, counter = 0; 412 EVP_PKEY_CTX *paramgen_ctx = NULL; 413 EVP_PKEY *param_key = NULL; 414 unsigned char *p = NULL, *q = NULL, *seed = NULL; 415 size_t plen = 0, qlen = 0, seedlen = 0; 416 const struct dsa_paramgen_st *tst = &dsa_paramgen_data[id]; 417 418 if (!TEST_ptr(paramgen_ctx = EVP_PKEY_CTX_new_from_name(libctx, "DSA", NULL)) 419 || !TEST_int_gt(EVP_PKEY_paramgen_init(paramgen_ctx), 0) 420 || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_bits(paramgen_ctx, tst->L)) 421 || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_q_bits(paramgen_ctx, tst->N)) 422 || !TEST_true(EVP_PKEY_paramgen(paramgen_ctx, ¶m_key)) 423 || !TEST_true(pkey_get_bn_bytes(param_key, OSSL_PKEY_PARAM_FFC_P, 424 &p, &plen)) 425 || !TEST_true(pkey_get_bn_bytes(param_key, OSSL_PKEY_PARAM_FFC_Q, 426 &q, &qlen)) 427 || !TEST_true(pkey_get_octet_bytes(param_key, OSSL_PKEY_PARAM_FFC_SEED, 428 &seed, &seedlen)) 429 || !TEST_true(EVP_PKEY_get_int_param(param_key, 430 OSSL_PKEY_PARAM_FFC_PCOUNTER, 431 &counter))) 432 goto err; 433 434 test_output_memory("p", p, plen); 435 test_output_memory("q", q, qlen); 436 test_output_memory("domainSeed", seed, seedlen); 437 test_printf_stderr("%s: %d\n", "counter", counter); 438 ret = 1; 439 err: 440 OPENSSL_free(p); 441 OPENSSL_free(q); 442 OPENSSL_free(seed); 443 EVP_PKEY_free(param_key); 444 EVP_PKEY_CTX_free(paramgen_ctx); 445 return ret; 446 } 447 448 static int dsa_create_pkey(EVP_PKEY **pkey, 449 const unsigned char *p, size_t p_len, 450 const unsigned char *q, size_t q_len, 451 const unsigned char *g, size_t g_len, 452 const unsigned char *seed, size_t seed_len, 453 int counter, 454 int validate_pq, int validate_g, 455 const unsigned char *pub, size_t pub_len, 456 BN_CTX *bn_ctx) 457 { 458 int ret = 0; 459 EVP_PKEY_CTX *ctx = NULL; 460 OSSL_PARAM_BLD *bld = NULL; 461 OSSL_PARAM *params = NULL; 462 BIGNUM *p_bn = NULL, *q_bn = NULL, *g_bn = NULL, *pub_bn = NULL; 463 464 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new()) 465 || !TEST_ptr(p_bn = BN_CTX_get(bn_ctx)) 466 || !TEST_ptr(BN_bin2bn(p, p_len, p_bn)) 467 || !TEST_true(OSSL_PARAM_BLD_push_int(bld, 468 OSSL_PKEY_PARAM_FFC_VALIDATE_PQ, 469 validate_pq)) 470 || !TEST_true(OSSL_PARAM_BLD_push_int(bld, 471 OSSL_PKEY_PARAM_FFC_VALIDATE_G, 472 validate_g)) 473 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p_bn)) 474 || !TEST_ptr(q_bn = BN_CTX_get(bn_ctx)) 475 || !TEST_ptr(BN_bin2bn(q, q_len, q_bn)) 476 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q_bn))) 477 goto err; 478 479 if (g != NULL) { 480 if (!TEST_ptr(g_bn = BN_CTX_get(bn_ctx)) 481 || !TEST_ptr(BN_bin2bn(g, g_len, g_bn)) 482 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, 483 OSSL_PKEY_PARAM_FFC_G, g_bn))) 484 goto err; 485 } 486 if (seed != NULL) { 487 if (!TEST_true(OSSL_PARAM_BLD_push_octet_string(bld, 488 OSSL_PKEY_PARAM_FFC_SEED, seed, seed_len))) 489 goto err; 490 } 491 if (counter != -1) { 492 if (!TEST_true(OSSL_PARAM_BLD_push_int(bld, 493 OSSL_PKEY_PARAM_FFC_PCOUNTER, 494 counter))) 495 goto err; 496 } 497 if (pub != NULL) { 498 if (!TEST_ptr(pub_bn = BN_CTX_get(bn_ctx)) 499 || !TEST_ptr(BN_bin2bn(pub, pub_len, pub_bn)) 500 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, 501 OSSL_PKEY_PARAM_PUB_KEY, 502 pub_bn))) 503 goto err; 504 } 505 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)) 506 || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "DSA", NULL)) 507 || !TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1) 508 || !TEST_int_eq(EVP_PKEY_fromdata(ctx, pkey, EVP_PKEY_PUBLIC_KEY, 509 params), 1)) 510 goto err; 511 512 ret = 1; 513 err: 514 OSSL_PARAM_free(params); 515 OSSL_PARAM_BLD_free(bld); 516 EVP_PKEY_CTX_free(ctx); 517 return ret; 518 } 519 520 static int dsa_pqver_test(int id) 521 { 522 int ret = 0; 523 BN_CTX *bn_ctx = NULL; 524 EVP_PKEY_CTX *key_ctx = NULL; 525 EVP_PKEY *param_key = NULL; 526 const struct dsa_pqver_st *tst = &dsa_pqver_data[id]; 527 528 if (!TEST_ptr(bn_ctx = BN_CTX_new_ex(libctx)) 529 || !TEST_true(dsa_create_pkey(¶m_key, tst->p, tst->p_len, 530 tst->q, tst->q_len, NULL, 0, 531 tst->seed, tst->seed_len, tst->counter, 532 1, 0, 533 NULL, 0, 534 bn_ctx)) 535 || !TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, param_key, 536 NULL)) 537 || !TEST_int_eq(EVP_PKEY_param_check(key_ctx), tst->pass)) 538 goto err; 539 540 ret = 1; 541 err: 542 BN_CTX_free(bn_ctx); 543 EVP_PKEY_free(param_key); 544 EVP_PKEY_CTX_free(key_ctx); 545 return ret; 546 } 547 548 /* Extract r and s from a dsa signature */ 549 static int get_dsa_sig_rs_bytes(const unsigned char *sig, size_t sig_len, 550 unsigned char **r, unsigned char **s, 551 size_t *r_len, size_t *s_len) 552 { 553 int ret = 0; 554 unsigned char *rbuf = NULL, *sbuf = NULL; 555 size_t r1_len, s1_len; 556 const BIGNUM *r1, *s1; 557 DSA_SIG *sign = d2i_DSA_SIG(NULL, &sig, sig_len); 558 559 if (sign == NULL) 560 return 0; 561 DSA_SIG_get0(sign, &r1, &s1); 562 if (r1 == NULL || s1 == NULL) 563 goto err; 564 565 r1_len = BN_num_bytes(r1); 566 s1_len = BN_num_bytes(s1); 567 rbuf = OPENSSL_zalloc(r1_len); 568 sbuf = OPENSSL_zalloc(s1_len); 569 if (rbuf == NULL || sbuf == NULL) 570 goto err; 571 if (BN_bn2binpad(r1, rbuf, r1_len) <= 0) 572 goto err; 573 if (BN_bn2binpad(s1, sbuf, s1_len) <= 0) 574 goto err; 575 *r = rbuf; 576 *s = sbuf; 577 *r_len = r1_len; 578 *s_len = s1_len; 579 ret = 1; 580 err: 581 if (ret == 0) { 582 OPENSSL_free(rbuf); 583 OPENSSL_free(sbuf); 584 } 585 DSA_SIG_free(sign); 586 return ret; 587 } 588 589 static int dsa_siggen_test(int id) 590 { 591 int ret = 0; 592 EVP_PKEY *pkey = NULL; 593 unsigned char *sig = NULL, *r = NULL, *s = NULL; 594 size_t sig_len = 0, rlen = 0, slen = 0; 595 const struct dsa_siggen_st *tst = &dsa_siggen_data[id]; 596 597 if (!TEST_ptr(pkey = dsa_keygen(tst->L, tst->N))) 598 goto err; 599 600 if (!TEST_true(sig_gen(pkey, NULL, tst->digest_alg, tst->msg, tst->msg_len, 601 &sig, &sig_len)) 602 || !TEST_true(get_dsa_sig_rs_bytes(sig, sig_len, &r, &s, &rlen, &slen))) 603 goto err; 604 test_output_memory("r", r, rlen); 605 test_output_memory("s", s, slen); 606 ret = 1; 607 err: 608 OPENSSL_free(r); 609 OPENSSL_free(s); 610 OPENSSL_free(sig); 611 EVP_PKEY_free(pkey); 612 return ret; 613 } 614 615 static int dsa_sigver_test(int id) 616 { 617 int ret = 0; 618 EVP_PKEY_CTX *ctx = NULL; 619 EVP_PKEY *pkey = NULL; 620 DSA_SIG *sign = NULL; 621 size_t sig_len; 622 unsigned char *sig = NULL; 623 BIGNUM *rbn = NULL, *sbn = NULL; 624 EVP_MD *md = NULL; 625 unsigned char digest[EVP_MAX_MD_SIZE]; 626 unsigned int digest_len; 627 BN_CTX *bn_ctx = NULL; 628 const struct dsa_sigver_st *tst = &dsa_sigver_data[id]; 629 630 if (!TEST_ptr(bn_ctx = BN_CTX_new()) 631 || !TEST_true(dsa_create_pkey(&pkey, tst->p, tst->p_len, 632 tst->q, tst->q_len, tst->g, tst->g_len, 633 NULL, 0, 0, 0, 0, tst->pub, tst->pub_len, 634 bn_ctx))) 635 goto err; 636 637 if (!TEST_ptr(sign = DSA_SIG_new()) 638 || !TEST_ptr(rbn = BN_bin2bn(tst->r, tst->r_len, NULL)) 639 || !TEST_ptr(sbn = BN_bin2bn(tst->s, tst->s_len, NULL)) 640 || !TEST_true(DSA_SIG_set0(sign, rbn, sbn))) 641 goto err; 642 rbn = sbn = NULL; 643 644 if (!TEST_ptr(md = EVP_MD_fetch(libctx, tst->digest_alg, "")) 645 || !TEST_true(EVP_Digest(tst->msg, tst->msg_len, 646 digest, &digest_len, md, NULL))) 647 goto err; 648 649 if (!TEST_int_gt((sig_len = i2d_DSA_SIG(sign, &sig)), 0) 650 || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, "")) 651 || !TEST_int_gt(EVP_PKEY_verify_init(ctx), 0) 652 || !TEST_int_eq(EVP_PKEY_verify(ctx, sig, sig_len, digest, digest_len), 653 tst->pass)) 654 goto err; 655 ret = 1; 656 err: 657 EVP_PKEY_CTX_free(ctx); 658 OPENSSL_free(sig); 659 EVP_MD_free(md); 660 DSA_SIG_free(sign); 661 EVP_PKEY_free(pkey); 662 BN_free(rbn); 663 BN_free(sbn); 664 BN_CTX_free(bn_ctx); 665 return ret; 666 } 667 #endif /* OPENSSL_NO_DSA */ 668 669 670 /* cipher encrypt/decrypt */ 671 static int cipher_enc(const char *alg, 672 const unsigned char *pt, size_t pt_len, 673 const unsigned char *key, size_t key_len, 674 const unsigned char *iv, size_t iv_len, 675 const unsigned char *ct, size_t ct_len, 676 int enc) 677 { 678 int ret = 0, out_len = 0, len = 0; 679 EVP_CIPHER_CTX *ctx = NULL; 680 EVP_CIPHER *cipher = NULL; 681 unsigned char out[256] = { 0 }; 682 683 TEST_note("%s : %s", alg, enc ? "encrypt" : "decrypt"); 684 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()) 685 || !TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, alg, "")) 686 || !TEST_true(EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, enc)) 687 || !TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0)) 688 || !TEST_true(EVP_CipherUpdate(ctx, out, &len, pt, pt_len)) 689 || !TEST_true(EVP_CipherFinal_ex(ctx, out + len, &out_len))) 690 goto err; 691 out_len += len; 692 if (!TEST_mem_eq(out, out_len, ct, ct_len)) 693 goto err; 694 ret = 1; 695 err: 696 EVP_CIPHER_free(cipher); 697 EVP_CIPHER_CTX_free(ctx); 698 return ret; 699 } 700 701 static int cipher_enc_dec_test(int id) 702 { 703 const struct cipher_st *tst = &cipher_enc_data[id]; 704 const int enc = 1; 705 706 return TEST_true(cipher_enc(tst->alg, tst->pt, tst->pt_len, 707 tst->key, tst->key_len, 708 tst->iv, tst->iv_len, 709 tst->ct, tst->ct_len, enc)) 710 && TEST_true(cipher_enc(tst->alg, tst->ct, tst->ct_len, 711 tst->key, tst->key_len, 712 tst->iv, tst->iv_len, 713 tst->pt, tst->pt_len, !enc)); 714 } 715 716 static int aes_ccm_enc_dec(const char *alg, 717 const unsigned char *pt, size_t pt_len, 718 const unsigned char *key, size_t key_len, 719 const unsigned char *iv, size_t iv_len, 720 const unsigned char *aad, size_t aad_len, 721 const unsigned char *ct, size_t ct_len, 722 const unsigned char *tag, size_t tag_len, 723 int enc, int pass) 724 { 725 int ret = 0; 726 EVP_CIPHER_CTX *ctx; 727 EVP_CIPHER *cipher = NULL; 728 int out_len, len; 729 unsigned char out[1024]; 730 731 TEST_note("%s : %s : expected to %s", alg, enc ? "encrypt" : "decrypt", 732 pass ? "pass" : "fail"); 733 734 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()) 735 || !TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, alg, "")) 736 || !TEST_true(EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc)) 737 || !TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, iv_len, 738 NULL), 0) 739 || !TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, tag_len, 740 enc ? NULL : (void *)tag), 0) 741 || !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, enc)) 742 || !TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0)) 743 || !TEST_true(EVP_CipherUpdate(ctx, NULL, &len, NULL, pt_len)) 744 || !TEST_true(EVP_CipherUpdate(ctx, NULL, &len, aad, aad_len)) 745 || !TEST_int_eq(EVP_CipherUpdate(ctx, out, &len, pt, pt_len), pass)) 746 goto err; 747 748 if (!pass) { 749 ret = 1; 750 goto err; 751 } 752 if (!TEST_true(EVP_CipherFinal_ex(ctx, out + len, &out_len))) 753 goto err; 754 if (enc) { 755 out_len += len; 756 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, 757 tag_len, out + out_len), 0) 758 || !TEST_mem_eq(out, out_len, ct, ct_len) 759 || !TEST_mem_eq(out + out_len, tag_len, tag, tag_len)) 760 goto err; 761 } else { 762 if (!TEST_mem_eq(out, out_len + len, ct, ct_len)) 763 goto err; 764 } 765 766 ret = 1; 767 err: 768 EVP_CIPHER_free(cipher); 769 EVP_CIPHER_CTX_free(ctx); 770 return ret; 771 } 772 773 static int aes_ccm_enc_dec_test(int id) 774 { 775 const struct cipher_ccm_st *tst = &aes_ccm_enc_data[id]; 776 777 /* The tag is on the end of the cipher text */ 778 const size_t tag_len = tst->ct_len - tst->pt_len; 779 const size_t ct_len = tst->ct_len - tag_len; 780 const unsigned char *tag = tst->ct + ct_len; 781 const int enc = 1; 782 const int pass = 1; 783 784 if (ct_len < 1) 785 return 0; 786 787 return aes_ccm_enc_dec(tst->alg, tst->pt, tst->pt_len, 788 tst->key, tst->key_len, 789 tst->iv, tst->iv_len, tst->aad, tst->aad_len, 790 tst->ct, ct_len, tag, tag_len, enc, pass) 791 && aes_ccm_enc_dec(tst->alg, tst->ct, ct_len, 792 tst->key, tst->key_len, 793 tst->iv, tst->iv_len, tst->aad, tst->aad_len, 794 tst->pt, tst->pt_len, tag, tag_len, !enc, pass) 795 /* test that it fails if the tag is incorrect */ 796 && aes_ccm_enc_dec(tst->alg, tst->ct, ct_len, 797 tst->key, tst->key_len, 798 tst->iv, tst->iv_len, tst->aad, tst->aad_len, 799 tst->pt, tst->pt_len, 800 tag - 1, tag_len, !enc, !pass); 801 } 802 803 static int aes_gcm_enc_dec(const char *alg, 804 const unsigned char *pt, size_t pt_len, 805 const unsigned char *key, size_t key_len, 806 const unsigned char *iv, size_t iv_len, 807 const unsigned char *aad, size_t aad_len, 808 const unsigned char *ct, size_t ct_len, 809 const unsigned char *tag, size_t tag_len, 810 int enc, int pass) 811 { 812 int ret = 0; 813 EVP_CIPHER_CTX *ctx; 814 EVP_CIPHER *cipher = NULL; 815 int out_len, len; 816 unsigned char out[1024]; 817 818 TEST_note("%s : %s : expected to %s", alg, enc ? "encrypt" : "decrypt", 819 pass ? "pass" : "fail"); 820 821 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()) 822 || !TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, alg, "")) 823 || !TEST_true(EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc)) 824 || !TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, iv_len, 825 NULL), 0)) 826 goto err; 827 828 if (!enc) { 829 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, tag_len, 830 (void *)tag), 0)) 831 goto err; 832 } 833 /* 834 * For testing purposes the IV it being set here. In a compliant application 835 * the IV would be generated internally. A fake entropy source could also 836 * be used to feed in the random IV bytes (see fake_random.c) 837 */ 838 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, enc)) 839 || !TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0)) 840 || !TEST_true(EVP_CipherUpdate(ctx, NULL, &len, aad, aad_len)) 841 || !TEST_true(EVP_CipherUpdate(ctx, out, &len, pt, pt_len))) 842 goto err; 843 844 if (!TEST_int_eq(EVP_CipherFinal_ex(ctx, out + len, &out_len), pass)) 845 goto err; 846 if (!pass) { 847 ret = 1; 848 goto err; 849 } 850 out_len += len; 851 if (enc) { 852 if (!TEST_mem_eq(out, out_len, ct, ct_len) 853 || !TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, 854 tag_len, out + out_len), 0) 855 || !TEST_mem_eq(out + out_len, tag_len, tag, tag_len)) 856 goto err; 857 } else { 858 if (!TEST_mem_eq(out, out_len, ct, ct_len)) 859 goto err; 860 } 861 862 ret = 1; 863 err: 864 EVP_CIPHER_free(cipher); 865 EVP_CIPHER_CTX_free(ctx); 866 return ret; 867 } 868 869 static int aes_gcm_enc_dec_test(int id) 870 { 871 const struct cipher_gcm_st *tst = &aes_gcm_enc_data[id]; 872 int enc = 1; 873 int pass = 1; 874 875 return aes_gcm_enc_dec(tst->alg, tst->pt, tst->pt_len, 876 tst->key, tst->key_len, 877 tst->iv, tst->iv_len, tst->aad, tst->aad_len, 878 tst->ct, tst->ct_len, tst->tag, tst->tag_len, 879 enc, pass) 880 && aes_gcm_enc_dec(tst->alg, tst->ct, tst->ct_len, 881 tst->key, tst->key_len, 882 tst->iv, tst->iv_len, tst->aad, tst->aad_len, 883 tst->pt, tst->pt_len, tst->tag, tst->tag_len, 884 !enc, pass) 885 /* Fail if incorrect tag passed to decrypt */ 886 && aes_gcm_enc_dec(tst->alg, tst->ct, tst->ct_len, 887 tst->key, tst->key_len, 888 tst->iv, tst->iv_len, tst->aad, tst->aad_len, 889 tst->pt, tst->pt_len, tst->aad, tst->tag_len, 890 !enc, !pass); 891 } 892 893 #ifndef OPENSSL_NO_DH 894 static int dh_create_pkey(EVP_PKEY **pkey, const char *group_name, 895 const unsigned char *pub, size_t pub_len, 896 const unsigned char *priv, size_t priv_len, 897 BN_CTX *bn_ctx, int pass) 898 { 899 int ret = 0; 900 EVP_PKEY_CTX *ctx = NULL; 901 OSSL_PARAM_BLD *bld = NULL; 902 OSSL_PARAM *params = NULL; 903 BIGNUM *pub_bn = NULL, *priv_bn = NULL; 904 905 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new()) 906 || (group_name != NULL 907 && !TEST_int_gt(OSSL_PARAM_BLD_push_utf8_string( 908 bld, OSSL_PKEY_PARAM_GROUP_NAME, 909 group_name, 0), 0))) 910 goto err; 911 912 if (pub != NULL) { 913 if (!TEST_ptr(pub_bn = BN_CTX_get(bn_ctx)) 914 || !TEST_ptr(BN_bin2bn(pub, pub_len, pub_bn)) 915 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY, 916 pub_bn))) 917 goto err; 918 } 919 if (priv != NULL) { 920 if (!TEST_ptr(priv_bn = BN_CTX_get(bn_ctx)) 921 || !TEST_ptr(BN_bin2bn(priv, priv_len, priv_bn)) 922 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY, 923 priv_bn))) 924 goto err; 925 } 926 927 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)) 928 || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "DH", NULL)) 929 || !TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1) 930 || !TEST_int_eq(EVP_PKEY_fromdata(ctx, pkey, EVP_PKEY_KEYPAIR, params), 931 pass)) 932 goto err; 933 934 ret = 1; 935 err: 936 OSSL_PARAM_free(params); 937 OSSL_PARAM_BLD_free(bld); 938 EVP_PKEY_CTX_free(ctx); 939 return ret; 940 } 941 942 static int dh_safe_prime_keygen_test(int id) 943 { 944 int ret = 0; 945 EVP_PKEY_CTX *ctx = NULL; 946 EVP_PKEY *pkey = NULL; 947 unsigned char *priv = NULL; 948 unsigned char *pub = NULL; 949 size_t priv_len = 0, pub_len = 0; 950 OSSL_PARAM params[2]; 951 const struct dh_safe_prime_keygen_st *tst = &dh_safe_prime_keygen_data[id]; 952 953 params[0] = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME, 954 (char *)tst->group_name, 0); 955 params[1] = OSSL_PARAM_construct_end(); 956 957 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "DH", NULL)) 958 || !TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0) 959 || !TEST_true(EVP_PKEY_CTX_set_params(ctx, params)) 960 || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0) 961 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_PRIV_KEY, 962 &priv, &priv_len)) 963 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_PUB_KEY, 964 &pub, &pub_len))) 965 goto err; 966 967 test_output_memory("x", priv, priv_len); 968 test_output_memory("y", pub, pub_len); 969 ret = 1; 970 err: 971 OPENSSL_clear_free(priv, priv_len); 972 OPENSSL_free(pub); 973 EVP_PKEY_free(pkey); 974 EVP_PKEY_CTX_free(ctx); 975 return ret; 976 } 977 978 static int dh_safe_prime_keyver_test(int id) 979 { 980 int ret = 0; 981 BN_CTX *bn_ctx = NULL; 982 EVP_PKEY_CTX *key_ctx = NULL; 983 EVP_PKEY *pkey = NULL; 984 const struct dh_safe_prime_keyver_st *tst = &dh_safe_prime_keyver_data[id]; 985 986 if (!TEST_ptr(bn_ctx = BN_CTX_new_ex(libctx)) 987 || !TEST_true(dh_create_pkey(&pkey, tst->group_name, 988 tst->pub, tst->pub_len, 989 tst->priv, tst->priv_len, bn_ctx, 1)) 990 || !TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, "")) 991 || !TEST_int_eq(EVP_PKEY_check(key_ctx), tst->pass)) 992 goto err; 993 994 ret = 1; 995 err: 996 EVP_PKEY_free(pkey); 997 EVP_PKEY_CTX_free(key_ctx); 998 BN_CTX_free(bn_ctx); 999 return ret; 1000 } 1001 #endif /* OPENSSL_NO_DH */ 1002 1003 1004 static int rsa_create_pkey(EVP_PKEY **pkey, 1005 const unsigned char *n, size_t n_len, 1006 const unsigned char *e, size_t e_len, 1007 const unsigned char *d, size_t d_len, 1008 BN_CTX *bn_ctx) 1009 { 1010 int ret = 0; 1011 EVP_PKEY_CTX *ctx = NULL; 1012 OSSL_PARAM_BLD *bld = NULL; 1013 OSSL_PARAM *params = NULL; 1014 BIGNUM *e_bn = NULL, *d_bn = NULL, *n_bn = NULL; 1015 1016 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new()) 1017 || !TEST_ptr(n_bn = BN_CTX_get(bn_ctx)) 1018 || !TEST_ptr(BN_bin2bn(n, n_len, n_bn)) 1019 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_N, n_bn))) 1020 goto err; 1021 1022 if (e != NULL) { 1023 if (!TEST_ptr(e_bn = BN_CTX_get(bn_ctx)) 1024 || !TEST_ptr(BN_bin2bn(e, e_len, e_bn)) 1025 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_E, 1026 e_bn))) 1027 goto err; 1028 } 1029 if (d != NULL) { 1030 if (!TEST_ptr(d_bn = BN_CTX_get(bn_ctx)) 1031 || !TEST_ptr(BN_bin2bn(d, d_len, d_bn)) 1032 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_D, 1033 d_bn))) 1034 goto err; 1035 } 1036 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)) 1037 || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "RSA", NULL)) 1038 || !TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1) 1039 || !TEST_int_eq(EVP_PKEY_fromdata(ctx, pkey, EVP_PKEY_KEYPAIR, params), 1040 1)) 1041 goto err; 1042 1043 ret = 1; 1044 err: 1045 OSSL_PARAM_free(params); 1046 OSSL_PARAM_BLD_free(bld); 1047 EVP_PKEY_CTX_free(ctx); 1048 return ret; 1049 } 1050 1051 static int rsa_keygen_test(int id) 1052 { 1053 int ret = 0; 1054 EVP_PKEY_CTX *ctx = NULL; 1055 EVP_PKEY *pkey = NULL; 1056 BIGNUM *e_bn = NULL; 1057 BIGNUM *xp1_bn = NULL, *xp2_bn = NULL, *xp_bn = NULL; 1058 BIGNUM *xq1_bn = NULL, *xq2_bn = NULL, *xq_bn = NULL; 1059 unsigned char *n = NULL, *d = NULL; 1060 unsigned char *p = NULL, *p1 = NULL, *p2 = NULL; 1061 unsigned char *q = NULL, *q1 = NULL, *q2 = NULL; 1062 size_t n_len = 0, d_len = 0; 1063 size_t p_len = 0, p1_len = 0, p2_len = 0; 1064 size_t q_len = 0, q1_len = 0, q2_len = 0; 1065 OSSL_PARAM_BLD *bld = NULL; 1066 OSSL_PARAM *params = NULL; 1067 const struct rsa_keygen_st *tst = &rsa_keygen_data[id]; 1068 1069 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new()) 1070 || !TEST_ptr(xp1_bn = BN_bin2bn(tst->xp1, tst->xp1_len, NULL)) 1071 || !TEST_ptr(xp2_bn = BN_bin2bn(tst->xp2, tst->xp2_len, NULL)) 1072 || !TEST_ptr(xp_bn = BN_bin2bn(tst->xp, tst->xp_len, NULL)) 1073 || !TEST_ptr(xq1_bn = BN_bin2bn(tst->xq1, tst->xq1_len, NULL)) 1074 || !TEST_ptr(xq2_bn = BN_bin2bn(tst->xq2, tst->xq2_len, NULL)) 1075 || !TEST_ptr(xq_bn = BN_bin2bn(tst->xq, tst->xq_len, NULL)) 1076 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_TEST_XP1, 1077 xp1_bn)) 1078 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_TEST_XP2, 1079 xp2_bn)) 1080 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_TEST_XP, 1081 xp_bn)) 1082 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_TEST_XQ1, 1083 xq1_bn)) 1084 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_TEST_XQ2, 1085 xq2_bn)) 1086 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_TEST_XQ, 1087 xq_bn)) 1088 || !TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))) 1089 goto err; 1090 1091 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "RSA", NULL)) 1092 || !TEST_ptr(e_bn = BN_bin2bn(tst->e, tst->e_len, NULL)) 1093 || !TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0) 1094 || !TEST_int_gt(EVP_PKEY_CTX_set_params(ctx, params), 0) 1095 || !TEST_int_gt(EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, tst->mod), 0) 1096 || !TEST_int_gt(EVP_PKEY_CTX_set1_rsa_keygen_pubexp(ctx, e_bn), 0) 1097 || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0) 1098 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_TEST_P1, 1099 &p1, &p1_len)) 1100 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_TEST_P2, 1101 &p2, &p2_len)) 1102 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_TEST_Q1, 1103 &q1, &q1_len)) 1104 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_TEST_Q2, 1105 &q2, &q2_len)) 1106 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_FACTOR1, 1107 &p, &p_len)) 1108 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_FACTOR2, 1109 &q, &q_len)) 1110 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_N, 1111 &n, &n_len)) 1112 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_D, 1113 &d, &d_len))) 1114 goto err; 1115 1116 if (!TEST_mem_eq(tst->p1, tst->p1_len, p1, p1_len) 1117 || !TEST_mem_eq(tst->p2, tst->p2_len, p2, p2_len) 1118 || !TEST_mem_eq(tst->p, tst->p_len, p, p_len) 1119 || !TEST_mem_eq(tst->q1, tst->q1_len, q1, q1_len) 1120 || !TEST_mem_eq(tst->q2, tst->q2_len, q2, q2_len) 1121 || !TEST_mem_eq(tst->q, tst->q_len, q, q_len) 1122 || !TEST_mem_eq(tst->n, tst->n_len, n, n_len) 1123 || !TEST_mem_eq(tst->d, tst->d_len, d, d_len)) 1124 goto err; 1125 1126 test_output_memory("p1", p1, p1_len); 1127 test_output_memory("p2", p2, p2_len); 1128 test_output_memory("p", p, p_len); 1129 test_output_memory("q1", q1, q1_len); 1130 test_output_memory("q2", q2, q2_len); 1131 test_output_memory("q", q, q_len); 1132 test_output_memory("n", n, n_len); 1133 test_output_memory("d", d, d_len); 1134 ret = 1; 1135 err: 1136 BN_free(xp1_bn); 1137 BN_free(xp2_bn); 1138 BN_free(xp_bn); 1139 BN_free(xq1_bn); 1140 BN_free(xq2_bn); 1141 BN_free(xq_bn); 1142 BN_free(e_bn); 1143 OPENSSL_free(p1); 1144 OPENSSL_free(p2); 1145 OPENSSL_free(q1); 1146 OPENSSL_free(q2); 1147 OPENSSL_free(p); 1148 OPENSSL_free(q); 1149 OPENSSL_free(n); 1150 OPENSSL_free(d); 1151 EVP_PKEY_free(pkey); 1152 EVP_PKEY_CTX_free(ctx); 1153 OSSL_PARAM_free(params); 1154 OSSL_PARAM_BLD_free(bld); 1155 return ret; 1156 } 1157 1158 static int rsa_siggen_test(int id) 1159 { 1160 int ret = 0; 1161 EVP_PKEY *pkey = NULL; 1162 unsigned char *sig = NULL, *n = NULL, *e = NULL; 1163 size_t sig_len = 0, n_len = 0, e_len = 0; 1164 OSSL_PARAM params[4], *p; 1165 const struct rsa_siggen_st *tst = &rsa_siggen_data[id]; 1166 int salt_len = tst->pss_salt_len; 1167 1168 TEST_note("RSA %s signature generation", tst->sig_pad_mode); 1169 1170 p = params; 1171 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_PAD_MODE, 1172 (char *)tst->sig_pad_mode, 0); 1173 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST, 1174 (char *)tst->digest_alg, 0); 1175 if (salt_len >= 0) 1176 *p++ = OSSL_PARAM_construct_int(OSSL_SIGNATURE_PARAM_PSS_SALTLEN, 1177 &salt_len); 1178 *p++ = OSSL_PARAM_construct_end(); 1179 1180 if (!TEST_ptr(pkey = EVP_PKEY_Q_keygen(libctx, NULL, "RSA", tst->mod)) 1181 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_N, &n, &n_len)) 1182 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_E, &e, &e_len)) 1183 || !TEST_true(sig_gen(pkey, params, tst->digest_alg, 1184 tst->msg, tst->msg_len, 1185 &sig, &sig_len))) 1186 goto err; 1187 test_output_memory("n", n, n_len); 1188 test_output_memory("e", e, e_len); 1189 test_output_memory("sig", sig, sig_len); 1190 ret = 1; 1191 err: 1192 OPENSSL_free(n); 1193 OPENSSL_free(e); 1194 OPENSSL_free(sig); 1195 EVP_PKEY_free(pkey); 1196 return ret; 1197 } 1198 1199 static int rsa_sigver_test(int id) 1200 { 1201 int ret = 0; 1202 EVP_PKEY_CTX *pkey_ctx = NULL; 1203 EVP_PKEY *pkey = NULL; 1204 EVP_MD_CTX *md_ctx = NULL; 1205 BN_CTX *bn_ctx = NULL; 1206 OSSL_PARAM params[4], *p; 1207 const struct rsa_sigver_st *tst = &rsa_sigver_data[id]; 1208 int salt_len = tst->pss_salt_len; 1209 1210 TEST_note("RSA %s Signature Verify : expected to %s ", tst->sig_pad_mode, 1211 tst->pass == PASS ? "pass" : "fail"); 1212 1213 p = params; 1214 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_PAD_MODE, 1215 (char *)tst->sig_pad_mode, 0); 1216 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST, 1217 (char *)tst->digest_alg, 0); 1218 if (salt_len >= 0) 1219 *p++ = OSSL_PARAM_construct_int(OSSL_SIGNATURE_PARAM_PSS_SALTLEN, 1220 &salt_len); 1221 *p++ = OSSL_PARAM_construct_end(); 1222 1223 if (!TEST_ptr(bn_ctx = BN_CTX_new()) 1224 || !TEST_true(rsa_create_pkey(&pkey, tst->n, tst->n_len, 1225 tst->e, tst->e_len, NULL, 0, bn_ctx)) 1226 || !TEST_ptr(md_ctx = EVP_MD_CTX_new()) 1227 || !TEST_true(EVP_DigestVerifyInit_ex(md_ctx, &pkey_ctx, 1228 tst->digest_alg, libctx, NULL, 1229 pkey, NULL)) 1230 || !TEST_true(EVP_PKEY_CTX_set_params(pkey_ctx, params)) 1231 || !TEST_int_eq(EVP_DigestVerify(md_ctx, tst->sig, tst->sig_len, 1232 tst->msg, tst->msg_len), tst->pass)) 1233 goto err; 1234 ret = 1; 1235 err: 1236 EVP_PKEY_free(pkey); 1237 BN_CTX_free(bn_ctx); 1238 EVP_MD_CTX_free(md_ctx); 1239 return ret; 1240 } 1241 1242 static int rsa_decryption_primitive_test(int id) 1243 { 1244 int ret = 0; 1245 EVP_PKEY_CTX *ctx = NULL; 1246 EVP_PKEY *pkey = NULL; 1247 unsigned char pt[2048]; 1248 size_t pt_len = sizeof(pt); 1249 unsigned char *n = NULL, *e = NULL; 1250 size_t n_len = 0, e_len = 0; 1251 BN_CTX *bn_ctx = NULL; 1252 const struct rsa_decrypt_prim_st *tst = &rsa_decrypt_prim_data[id]; 1253 1254 if (!TEST_ptr(pkey = EVP_PKEY_Q_keygen(libctx, NULL, "RSA", 2048)) 1255 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_N, &n, &n_len)) 1256 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_E, &e, &e_len)) 1257 || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, "")) 1258 || !TEST_int_gt(EVP_PKEY_decrypt_init(ctx), 0) 1259 || !TEST_int_gt(EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_NO_PADDING), 0)) 1260 goto err; 1261 1262 test_output_memory("n", n, n_len); 1263 test_output_memory("e", e, e_len); 1264 if (EVP_PKEY_decrypt(ctx, pt, &pt_len, tst->ct, tst->ct_len) <= 0) 1265 TEST_note("Decryption Failed"); 1266 else 1267 test_output_memory("pt", pt, pt_len); 1268 ret = 1; 1269 err: 1270 OPENSSL_free(n); 1271 OPENSSL_free(e); 1272 EVP_PKEY_CTX_free(ctx); 1273 EVP_PKEY_free(pkey); 1274 BN_CTX_free(bn_ctx); 1275 return ret; 1276 } 1277 1278 static int self_test_events(const OSSL_PARAM params[], void *varg) 1279 { 1280 SELF_TEST_ARGS *args = varg; 1281 const OSSL_PARAM *p = NULL; 1282 const char *phase = NULL, *type = NULL, *desc = NULL; 1283 int ret = 0; 1284 1285 if (!args->enable) 1286 return 1; 1287 1288 args->called++; 1289 p = OSSL_PARAM_locate_const(params, OSSL_PROV_PARAM_SELF_TEST_PHASE); 1290 if (p == NULL || p->data_type != OSSL_PARAM_UTF8_STRING) 1291 goto err; 1292 phase = (const char *)p->data; 1293 1294 p = OSSL_PARAM_locate_const(params, OSSL_PROV_PARAM_SELF_TEST_DESC); 1295 if (p == NULL || p->data_type != OSSL_PARAM_UTF8_STRING) 1296 goto err; 1297 desc = (const char *)p->data; 1298 1299 p = OSSL_PARAM_locate_const(params, OSSL_PROV_PARAM_SELF_TEST_TYPE); 1300 if (p == NULL || p->data_type != OSSL_PARAM_UTF8_STRING) 1301 goto err; 1302 type = (const char *)p->data; 1303 1304 BIO_printf(bio_out, "%s %s %s\n", phase, desc, type); 1305 ret = 1; 1306 err: 1307 return ret; 1308 } 1309 1310 static int drbg_test(int id) 1311 { 1312 OSSL_PARAM params[3]; 1313 EVP_RAND *rand = NULL; 1314 EVP_RAND_CTX *ctx = NULL, *parent = NULL; 1315 unsigned char returned_bits[64]; 1316 const size_t returned_bits_len = sizeof(returned_bits); 1317 unsigned int strength = 256; 1318 const struct drbg_st *tst = &drbg_data[id]; 1319 int res = 0; 1320 1321 /* Create the seed source */ 1322 if (!TEST_ptr(rand = EVP_RAND_fetch(libctx, "TEST-RAND", "-fips")) 1323 || !TEST_ptr(parent = EVP_RAND_CTX_new(rand, NULL))) 1324 goto err; 1325 EVP_RAND_free(rand); 1326 rand = NULL; 1327 1328 params[0] = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_STRENGTH, &strength); 1329 params[1] = OSSL_PARAM_construct_end(); 1330 if (!TEST_true(EVP_RAND_CTX_set_params(parent, params))) 1331 goto err; 1332 1333 /* Get the DRBG */ 1334 if (!TEST_ptr(rand = EVP_RAND_fetch(libctx, tst->drbg_name, "")) 1335 || !TEST_ptr(ctx = EVP_RAND_CTX_new(rand, parent))) 1336 goto err; 1337 1338 /* Set the DRBG up */ 1339 params[0] = OSSL_PARAM_construct_int(OSSL_DRBG_PARAM_USE_DF, 1340 (int *)&tst->use_df); 1341 params[1] = OSSL_PARAM_construct_utf8_string(OSSL_DRBG_PARAM_CIPHER, 1342 (char *)tst->cipher, 0); 1343 params[2] = OSSL_PARAM_construct_end(); 1344 if (!TEST_true(EVP_RAND_CTX_set_params(ctx, params))) 1345 goto err; 1346 1347 /* Feed in the entropy and nonce */ 1348 params[0] = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY, 1349 (void *)tst->entropy_input, 1350 tst->entropy_input_len); 1351 params[1] = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_NONCE, 1352 (void *)tst->nonce, 1353 tst->nonce_len); 1354 params[2] = OSSL_PARAM_construct_end(); 1355 if (!TEST_true(EVP_RAND_CTX_set_params(parent, params))) 1356 goto err; 1357 1358 /* 1359 * Run the test 1360 * A NULL personalisation string defaults to the built in so something 1361 * non-NULL is needed if there is no personalisation string 1362 */ 1363 if (!TEST_true(EVP_RAND_instantiate(ctx, 0, 0, (void *)"", 0, NULL)) 1364 || !TEST_true(EVP_RAND_generate(ctx, returned_bits, returned_bits_len, 1365 0, 0, NULL, 0)) 1366 || !TEST_true(EVP_RAND_generate(ctx, returned_bits, returned_bits_len, 1367 0, 0, NULL, 0))) 1368 goto err; 1369 1370 test_output_memory("returned bits", returned_bits, returned_bits_len); 1371 1372 /* Clean up */ 1373 if (!TEST_true(EVP_RAND_uninstantiate(ctx)) 1374 || !TEST_true(EVP_RAND_uninstantiate(parent))) 1375 goto err; 1376 1377 /* Verify the output */ 1378 if (!TEST_mem_eq(returned_bits, returned_bits_len, 1379 tst->returned_bits, tst->returned_bits_len)) 1380 goto err; 1381 res = 1; 1382 err: 1383 EVP_RAND_CTX_free(ctx); 1384 EVP_RAND_CTX_free(parent); 1385 EVP_RAND_free(rand); 1386 return res; 1387 } 1388 1389 static int aes_cfb1_bits_test(void) 1390 { 1391 int ret = 0; 1392 EVP_CIPHER *cipher = NULL; 1393 EVP_CIPHER_CTX *ctx = NULL; 1394 unsigned char out[16] = { 0 }; 1395 int outlen; 1396 const OSSL_PARAM *params, *p; 1397 1398 static const unsigned char key[] = { 1399 0x12, 0x22, 0x58, 0x2F, 0x1C, 0x1A, 0x8A, 0x88, 1400 0x30, 0xFC, 0x18, 0xB7, 0x24, 0x89, 0x7F, 0xC0 1401 }; 1402 static const unsigned char iv[] = { 1403 0x05, 0x28, 0xB5, 0x2B, 0x58, 0x27, 0x63, 0x5C, 1404 0x81, 0x86, 0xD3, 0x63, 0x60, 0xB0, 0xAA, 0x2B 1405 }; 1406 static const unsigned char pt[] = { 1407 0xB4 1408 }; 1409 static const unsigned char expected[] = { 1410 0x6C 1411 }; 1412 1413 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, "AES-128-CFB1", "fips=yes"))) 1414 goto err; 1415 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) 1416 goto err; 1417 if (!TEST_int_gt(EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, 1), 0)) 1418 goto err; 1419 if (!TEST_ptr(params = EVP_CIPHER_CTX_settable_params(ctx)) 1420 || !TEST_ptr(p = OSSL_PARAM_locate_const(params, 1421 OSSL_CIPHER_PARAM_USE_BITS))) 1422 goto err; 1423 EVP_CIPHER_CTX_set_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS); 1424 if (!TEST_int_gt(EVP_CipherUpdate(ctx, out, &outlen, pt, 7), 0)) 1425 goto err; 1426 if (!TEST_int_eq(outlen, 7)) 1427 goto err; 1428 if (!TEST_mem_eq(out, (outlen + 7) / 8, expected, sizeof(expected))) 1429 goto err; 1430 ret = 1; 1431 err: 1432 EVP_CIPHER_free(cipher); 1433 EVP_CIPHER_CTX_free(ctx); 1434 return ret; 1435 } 1436 1437 int setup_tests(void) 1438 { 1439 char *config_file = NULL; 1440 1441 OPTION_CHOICE o; 1442 1443 while ((o = opt_next()) != OPT_EOF) { 1444 switch (o) { 1445 case OPT_CONFIG_FILE: 1446 config_file = opt_arg(); 1447 break; 1448 case OPT_TEST_CASES: 1449 break; 1450 default: 1451 case OPT_ERR: 1452 return 0; 1453 } 1454 } 1455 1456 if (!test_get_libctx(&libctx, &prov_null, config_file, NULL, NULL)) 1457 return 0; 1458 1459 OSSL_SELF_TEST_set_callback(libctx, self_test_events, &self_test_args); 1460 1461 ADD_TEST(aes_cfb1_bits_test); 1462 ADD_ALL_TESTS(cipher_enc_dec_test, OSSL_NELEM(cipher_enc_data)); 1463 ADD_ALL_TESTS(aes_ccm_enc_dec_test, OSSL_NELEM(aes_ccm_enc_data)); 1464 ADD_ALL_TESTS(aes_gcm_enc_dec_test, OSSL_NELEM(aes_gcm_enc_data)); 1465 1466 ADD_ALL_TESTS(rsa_keygen_test, OSSL_NELEM(rsa_keygen_data)); 1467 ADD_ALL_TESTS(rsa_siggen_test, OSSL_NELEM(rsa_siggen_data)); 1468 ADD_ALL_TESTS(rsa_sigver_test, OSSL_NELEM(rsa_sigver_data)); 1469 ADD_ALL_TESTS(rsa_decryption_primitive_test, 1470 OSSL_NELEM(rsa_decrypt_prim_data)); 1471 1472 #ifndef OPENSSL_NO_DH 1473 ADD_ALL_TESTS(dh_safe_prime_keygen_test, 1474 OSSL_NELEM(dh_safe_prime_keygen_data)); 1475 ADD_ALL_TESTS(dh_safe_prime_keyver_test, 1476 OSSL_NELEM(dh_safe_prime_keyver_data)); 1477 #endif /* OPENSSL_NO_DH */ 1478 1479 #ifndef OPENSSL_NO_DSA 1480 ADD_ALL_TESTS(dsa_keygen_test, OSSL_NELEM(dsa_keygen_data)); 1481 ADD_ALL_TESTS(dsa_paramgen_test, OSSL_NELEM(dsa_paramgen_data)); 1482 ADD_ALL_TESTS(dsa_pqver_test, OSSL_NELEM(dsa_pqver_data)); 1483 ADD_ALL_TESTS(dsa_siggen_test, OSSL_NELEM(dsa_siggen_data)); 1484 ADD_ALL_TESTS(dsa_sigver_test, OSSL_NELEM(dsa_sigver_data)); 1485 #endif /* OPENSSL_NO_DSA */ 1486 1487 #ifndef OPENSSL_NO_EC 1488 ADD_ALL_TESTS(ecdsa_keygen_test, OSSL_NELEM(ecdsa_keygen_data)); 1489 ADD_ALL_TESTS(ecdsa_pub_verify_test, OSSL_NELEM(ecdsa_pv_data)); 1490 ADD_ALL_TESTS(ecdsa_siggen_test, OSSL_NELEM(ecdsa_siggen_data)); 1491 ADD_ALL_TESTS(ecdsa_sigver_test, OSSL_NELEM(ecdsa_sigver_data)); 1492 #endif /* OPENSSL_NO_EC */ 1493 1494 ADD_ALL_TESTS(drbg_test, OSSL_NELEM(drbg_data)); 1495 return 1; 1496 } 1497 1498 void cleanup_tests(void) 1499 { 1500 OSSL_PROVIDER_unload(prov_null); 1501 OSSL_LIB_CTX_free(libctx); 1502 } 1503