1 /* 2 * Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 /* 11 * A set of tests demonstrating uses cases for CAVS/ACVP testing. 12 * 13 * For examples of testing KDF's, Digests, KeyAgreement & DRBG's refer to 14 * providers/fips/self_test_kats.c 15 */ 16 17 #include <string.h> 18 #include <openssl/opensslconf.h> /* To see if OPENSSL_NO_EC is defined */ 19 #include <openssl/core_names.h> 20 #include <openssl/evp.h> 21 #include <openssl/ec.h> 22 #include <openssl/dh.h> 23 #include <openssl/dsa.h> 24 #include <openssl/rsa.h> 25 #include <openssl/param_build.h> 26 #include <openssl/provider.h> 27 #include <openssl/self_test.h> 28 #include "testutil.h" 29 #include "testutil/output.h" 30 #include "acvp_test.inc" 31 #include "internal/nelem.h" 32 33 typedef enum OPTION_choice { 34 OPT_ERR = -1, 35 OPT_EOF = 0, 36 OPT_CONFIG_FILE, 37 OPT_TEST_ENUM 38 } OPTION_CHOICE; 39 40 typedef struct st_args { 41 int enable; 42 int called; 43 } SELF_TEST_ARGS; 44 45 static OSSL_PROVIDER *prov_null = NULL; 46 static OSSL_LIB_CTX *libctx = NULL; 47 static SELF_TEST_ARGS self_test_args = { 0 }; 48 static OSSL_CALLBACK self_test_events; 49 static int pass_sig_gen_params = 1; 50 static int rsa_sign_x931_pad_allowed = 1; 51 #ifndef OPENSSL_NO_DSA 52 static int dsasign_allowed = 1; 53 #endif 54 #ifndef OPENSSL_NO_EC 55 static int ec_cofactors = 1; 56 #endif 57 58 const OPTIONS *test_get_options(void) 59 { 60 static const OPTIONS test_options[] = { 61 OPT_TEST_OPTIONS_DEFAULT_USAGE, 62 { "config", OPT_CONFIG_FILE, '<', 63 "The configuration file to use for the libctx" }, 64 { NULL } 65 }; 66 return test_options; 67 } 68 69 static int pkey_get_bn_bytes(EVP_PKEY *pkey, const char *name, 70 unsigned char **out, size_t *out_len) 71 { 72 unsigned char *buf = NULL; 73 BIGNUM *bn = NULL; 74 int sz; 75 76 if (!EVP_PKEY_get_bn_param(pkey, name, &bn)) 77 goto err; 78 sz = BN_num_bytes(bn); 79 buf = OPENSSL_zalloc(sz); 80 if (buf == NULL) 81 goto err; 82 if (BN_bn2binpad(bn, buf, sz) <= 0) 83 goto err; 84 85 *out_len = sz; 86 *out = buf; 87 BN_free(bn); 88 return 1; 89 err: 90 OPENSSL_free(buf); 91 BN_free(bn); 92 return 0; 93 } 94 95 static int sig_gen(EVP_PKEY *pkey, OSSL_PARAM *params, const char *digest_name, 96 const unsigned char *msg, size_t msg_len, 97 unsigned char **sig_out, size_t *sig_out_len) 98 { 99 int ret = 0; 100 EVP_MD_CTX *md_ctx = NULL; 101 unsigned char *sig = NULL; 102 size_t sig_len; 103 size_t sz = EVP_PKEY_get_size(pkey); 104 OSSL_PARAM *p = pass_sig_gen_params ? params : NULL; 105 106 sig_len = sz; 107 if (!TEST_ptr(sig = OPENSSL_malloc(sz)) 108 || !TEST_ptr(md_ctx = EVP_MD_CTX_new()) 109 || !TEST_int_eq(EVP_DigestSignInit_ex(md_ctx, NULL, digest_name, libctx, 110 NULL, pkey, p), 1) 111 || !TEST_int_gt(EVP_DigestSign(md_ctx, sig, &sig_len, msg, msg_len), 0)) 112 goto err; 113 *sig_out = sig; 114 *sig_out_len = sig_len; 115 sig = NULL; 116 ret = 1; 117 err: 118 OPENSSL_free(sig); 119 EVP_MD_CTX_free(md_ctx); 120 return ret; 121 } 122 123 static int check_verify_message(EVP_PKEY_CTX *pkey_ctx, int expected) 124 { 125 OSSL_PARAM params[2], *p = params; 126 int verify_message = -1; 127 128 if (!OSSL_PROVIDER_available(libctx, "fips") 129 || fips_provider_version_match(libctx, "<3.4.0")) 130 return 1; 131 132 *p++ = OSSL_PARAM_construct_int(OSSL_SIGNATURE_PARAM_FIPS_VERIFY_MESSAGE, 133 &verify_message); 134 *p = OSSL_PARAM_construct_end(); 135 136 if (!TEST_true(EVP_PKEY_CTX_get_params(pkey_ctx, params)) 137 || !TEST_int_eq(verify_message, expected)) 138 return 0; 139 return 1; 140 } 141 142 #ifndef OPENSSL_NO_EC 143 static int ecdsa_keygen_test(int id) 144 { 145 int ret = 0; 146 EVP_PKEY *pkey = NULL; 147 unsigned char *priv = NULL; 148 unsigned char *pubx = NULL, *puby = NULL; 149 size_t priv_len = 0, pubx_len = 0, puby_len = 0; 150 const struct ecdsa_keygen_st *tst = &ecdsa_keygen_data[id]; 151 152 self_test_args.called = 0; 153 self_test_args.enable = 1; 154 if (!TEST_ptr(pkey = EVP_PKEY_Q_keygen(libctx, NULL, "EC", tst->curve_name)) 155 || !TEST_int_ge(self_test_args.called, 3) 156 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_PRIV_KEY, &priv, 157 &priv_len)) 158 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_EC_PUB_X, &pubx, 159 &pubx_len)) 160 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_EC_PUB_Y, &puby, 161 &puby_len))) 162 goto err; 163 164 test_output_memory("qy", puby, puby_len); 165 test_output_memory("qx", pubx, pubx_len); 166 test_output_memory("d", priv, priv_len); 167 ret = 1; 168 err: 169 self_test_args.enable = 0; 170 self_test_args.called = 0; 171 OPENSSL_clear_free(priv, priv_len); 172 OPENSSL_free(pubx); 173 OPENSSL_free(puby); 174 EVP_PKEY_free(pkey); 175 return ret; 176 } 177 178 static int ecdsa_create_pkey(EVP_PKEY **pkey, const char *curve_name, 179 const unsigned char *pub, size_t pub_len, 180 int expected) 181 { 182 int ret = 0; 183 EVP_PKEY_CTX *ctx = NULL; 184 OSSL_PARAM_BLD *bld = NULL; 185 OSSL_PARAM *params = NULL; 186 187 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new()) 188 || (curve_name != NULL 189 && !TEST_true(OSSL_PARAM_BLD_push_utf8_string( 190 bld, OSSL_PKEY_PARAM_GROUP_NAME, curve_name, 0) > 0)) 191 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld, 192 OSSL_PKEY_PARAM_PUB_KEY, 193 pub, pub_len) > 0) 194 || !TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)) 195 || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "EC", NULL)) 196 || !TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1) 197 || !TEST_int_eq(EVP_PKEY_fromdata(ctx, pkey, EVP_PKEY_PUBLIC_KEY, 198 params), expected)) 199 goto err; 200 201 ret = 1; 202 err: 203 OSSL_PARAM_free(params); 204 OSSL_PARAM_BLD_free(bld); 205 EVP_PKEY_CTX_free(ctx); 206 return ret; 207 } 208 209 static int ecdsa_pub_verify_test(int id) 210 { 211 const struct ecdsa_pub_verify_st *tst = &ecdsa_pv_data[id]; 212 213 int ret = 0; 214 EVP_PKEY_CTX *key_ctx = NULL; 215 EVP_PKEY *pkey = NULL; 216 217 if (!TEST_true(ecdsa_create_pkey(&pkey, tst->curve_name, 218 tst->pub, tst->pub_len, tst->pass))) 219 goto err; 220 221 if (tst->pass) { 222 if (!TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, "")) 223 || !TEST_int_eq(EVP_PKEY_public_check(key_ctx), tst->pass)) 224 goto err; 225 } 226 ret = 1; 227 err: 228 EVP_PKEY_free(pkey); 229 EVP_PKEY_CTX_free(key_ctx); 230 return ret; 231 } 232 233 /* Extract r and s from an ecdsa signature */ 234 static int get_ecdsa_sig_rs_bytes(const unsigned char *sig, size_t sig_len, 235 unsigned char **r, unsigned char **s, 236 size_t *rlen, size_t *slen) 237 { 238 int ret = 0; 239 unsigned char *rbuf = NULL, *sbuf = NULL; 240 size_t r1_len, s1_len; 241 const BIGNUM *r1, *s1; 242 ECDSA_SIG *sign = d2i_ECDSA_SIG(NULL, &sig, sig_len); 243 244 if (sign == NULL) 245 return 0; 246 r1 = ECDSA_SIG_get0_r(sign); 247 s1 = ECDSA_SIG_get0_s(sign); 248 if (r1 == NULL || s1 == NULL) 249 goto err; 250 251 r1_len = BN_num_bytes(r1); 252 s1_len = BN_num_bytes(s1); 253 rbuf = OPENSSL_zalloc(r1_len); 254 sbuf = OPENSSL_zalloc(s1_len); 255 if (rbuf == NULL || sbuf == NULL) 256 goto err; 257 if (BN_bn2binpad(r1, rbuf, r1_len) <= 0) 258 goto err; 259 if (BN_bn2binpad(s1, sbuf, s1_len) <= 0) 260 goto err; 261 *r = rbuf; 262 *s = sbuf; 263 *rlen = r1_len; 264 *slen = s1_len; 265 ret = 1; 266 err: 267 if (ret == 0) { 268 OPENSSL_free(rbuf); 269 OPENSSL_free(sbuf); 270 } 271 ECDSA_SIG_free(sign); 272 return ret; 273 } 274 275 static int ecdsa_siggen_test(int id) 276 { 277 int ret = 0; 278 EVP_PKEY *pkey = NULL; 279 size_t sig_len = 0, rlen = 0, slen = 0; 280 unsigned char *sig = NULL; 281 unsigned char *r = NULL, *s = NULL; 282 const struct ecdsa_siggen_st *tst = &ecdsa_siggen_data[id]; 283 284 if (!TEST_ptr(pkey = EVP_PKEY_Q_keygen(libctx, NULL, "EC", tst->curve_name))) 285 goto err; 286 287 if (!TEST_true(sig_gen(pkey, NULL, tst->digest_alg, tst->msg, tst->msg_len, 288 &sig, &sig_len)) 289 || !TEST_true(get_ecdsa_sig_rs_bytes(sig, sig_len, &r, &s, &rlen, &slen))) 290 goto err; 291 test_output_memory("r", r, rlen); 292 test_output_memory("s", s, slen); 293 ret = 1; 294 err: 295 OPENSSL_free(r); 296 OPENSSL_free(s); 297 OPENSSL_free(sig); 298 EVP_PKEY_free(pkey); 299 return ret; 300 } 301 302 static int ecdsa_sigver_test(int id) 303 { 304 int ret = 0; 305 EVP_MD_CTX *md_ctx = NULL; 306 EVP_PKEY *pkey = NULL; 307 EVP_PKEY_CTX *pkey_ctx; 308 ECDSA_SIG *sign = NULL; 309 size_t sig_len; 310 unsigned char *sig = NULL; 311 BIGNUM *rbn = NULL, *sbn = NULL; 312 const struct ecdsa_sigver_st *tst = &ecdsa_sigver_data[id]; 313 314 if (!TEST_true(ecdsa_create_pkey(&pkey, tst->curve_name, 315 tst->pub, tst->pub_len, 1))) 316 goto err; 317 318 if (!TEST_ptr(sign = ECDSA_SIG_new()) 319 || !TEST_ptr(rbn = BN_bin2bn(tst->r, tst->r_len, NULL)) 320 || !TEST_ptr(sbn = BN_bin2bn(tst->s, tst->s_len, NULL)) 321 || !TEST_true(ECDSA_SIG_set0(sign, rbn, sbn))) 322 goto err; 323 rbn = sbn = NULL; 324 325 if (!TEST_int_gt((sig_len = i2d_ECDSA_SIG(sign, &sig)), 0) 326 || !TEST_ptr(md_ctx = EVP_MD_CTX_new()) 327 || !TEST_true(EVP_DigestVerifyInit_ex(md_ctx, NULL, tst->digest_alg, 328 libctx, NULL, pkey, NULL)) 329 || !TEST_ptr(pkey_ctx = EVP_MD_CTX_get_pkey_ctx(md_ctx)) 330 || !check_verify_message(pkey_ctx, 1) 331 || !TEST_int_eq(EVP_DigestVerify(md_ctx, sig, sig_len, 332 tst->msg, tst->msg_len), tst->pass) 333 || !check_verify_message(pkey_ctx, 1) 334 || !TEST_true(EVP_PKEY_verify_init(pkey_ctx)) 335 || !check_verify_message(pkey_ctx, 0)) 336 goto err; 337 338 ret = 1; 339 err: 340 BN_free(rbn); 341 BN_free(sbn); 342 OPENSSL_free(sig); 343 ECDSA_SIG_free(sign); 344 EVP_PKEY_free(pkey); 345 EVP_MD_CTX_free(md_ctx); 346 return ret; 347 348 } 349 350 static int ecdh_cofactor_derive_test(int tstid) 351 { 352 int ret = 0; 353 const struct ecdh_cofactor_derive_st *t = &ecdh_cofactor_derive_data[tstid]; 354 unsigned char secret1[16]; 355 size_t secret1_len = sizeof(secret1); 356 const char *curve = "K-283"; /* A curve that has a cofactor that it not 1 */ 357 EVP_PKEY *peer1 = NULL, *peer2 = NULL; 358 EVP_PKEY_CTX *p1ctx = NULL; 359 OSSL_PARAM params[2], *prms = NULL; 360 int use_cofactordh = t->key_cofactor; 361 int cofactor_mode = t->derive_cofactor_mode; 362 363 if (!ec_cofactors) 364 return TEST_skip("not supported by FIPS provider version"); 365 366 if (!TEST_ptr(peer1 = EVP_PKEY_Q_keygen(libctx, NULL, "EC", curve))) 367 return TEST_skip("Curve %s not supported by the FIPS provider", curve); 368 369 if (!TEST_ptr(peer2 = EVP_PKEY_Q_keygen(libctx, NULL, "EC", curve))) 370 goto err; 371 372 params[1] = OSSL_PARAM_construct_end(); 373 374 prms = NULL; 375 if (t->key_cofactor != COFACTOR_NOT_SET) { 376 params[0] = OSSL_PARAM_construct_int(OSSL_PKEY_PARAM_USE_COFACTOR_ECDH, 377 &use_cofactordh); 378 prms = params; 379 } 380 if (!TEST_int_eq(EVP_PKEY_set_params(peer1, prms), 1) 381 || !TEST_ptr(p1ctx = EVP_PKEY_CTX_new_from_pkey(libctx, peer1, NULL))) 382 goto err; 383 384 prms = NULL; 385 if (t->derive_cofactor_mode != COFACTOR_NOT_SET) { 386 params[0] = OSSL_PARAM_construct_int(OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE, 387 &cofactor_mode); 388 prms = params; 389 } 390 if (!TEST_int_eq(EVP_PKEY_derive_init_ex(p1ctx, prms), 1) 391 || !TEST_int_eq(EVP_PKEY_derive_set_peer(p1ctx, peer2), 1) 392 || !TEST_int_eq(EVP_PKEY_derive(p1ctx, secret1, &secret1_len), 393 t->expected)) 394 goto err; 395 396 ret = 1; 397 err: 398 if (ret == 0) { 399 static const char *state[] = { "unset", "-1", "disabled", "enabled" }; 400 401 TEST_note("ECDH derive() was expected to %s if key cofactor is" 402 "%s and derive mode is %s", t->expected ? "Pass" : "Fail", 403 state[2 + t->key_cofactor], state[2 + t->derive_cofactor_mode]); 404 } 405 EVP_PKEY_free(peer1); 406 EVP_PKEY_free(peer2); 407 EVP_PKEY_CTX_free(p1ctx); 408 return ret; 409 } 410 411 #endif /* OPENSSL_NO_EC */ 412 413 #if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECX) 414 static int pkey_get_octet_bytes(EVP_PKEY *pkey, const char *name, 415 unsigned char **out, size_t *out_len) 416 { 417 size_t len = 0; 418 unsigned char *buf = NULL; 419 420 if (!EVP_PKEY_get_octet_string_param(pkey, name, NULL, 0, &len)) 421 goto err; 422 423 buf = OPENSSL_zalloc(len); 424 if (buf == NULL) 425 goto err; 426 427 if (!EVP_PKEY_get_octet_string_param(pkey, name, buf, len, out_len)) 428 goto err; 429 *out = buf; 430 return 1; 431 err: 432 OPENSSL_free(buf); 433 return 0; 434 } 435 #endif /* !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECX) */ 436 437 #ifndef OPENSSL_NO_ECX 438 static int eddsa_create_pkey(EVP_PKEY **pkey, const char *algname, 439 const unsigned char *pub, size_t pub_len, 440 int expected) 441 { 442 int ret = 0; 443 EVP_PKEY_CTX *ctx = NULL; 444 OSSL_PARAM_BLD *bld = NULL; 445 OSSL_PARAM *params = NULL; 446 447 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new()) 448 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld, 449 OSSL_PKEY_PARAM_PUB_KEY, 450 pub, pub_len) > 0) 451 || !TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)) 452 || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, algname, NULL)) 453 || !TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1) 454 || !TEST_int_eq(EVP_PKEY_fromdata(ctx, pkey, EVP_PKEY_PUBLIC_KEY, 455 params), expected)) 456 goto err; 457 458 ret = 1; 459 err: 460 OSSL_PARAM_free(params); 461 OSSL_PARAM_BLD_free(bld); 462 EVP_PKEY_CTX_free(ctx); 463 return ret; 464 } 465 466 static int eddsa_pub_verify_test(int id) 467 { 468 const struct ecdsa_pub_verify_st *tst = &eddsa_pv_data[id]; 469 int ret = 0; 470 EVP_PKEY_CTX *key_ctx = NULL; 471 EVP_PKEY *pkey = NULL; 472 473 if (!TEST_true(eddsa_create_pkey(&pkey, tst->curve_name, 474 tst->pub, tst->pub_len, 1))) 475 goto err; 476 477 if (!TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, "")) 478 || !TEST_int_eq(EVP_PKEY_public_check(key_ctx), tst->pass)) 479 goto err; 480 ret = 1; 481 err: 482 EVP_PKEY_free(pkey); 483 EVP_PKEY_CTX_free(key_ctx); 484 return ret; 485 } 486 487 static int eddsa_keygen_test(int id) 488 { 489 int ret = 0; 490 EVP_PKEY *pkey = NULL; 491 unsigned char *priv = NULL, *pub = NULL; 492 size_t priv_len = 0, pub_len = 0; 493 const struct ecdsa_pub_verify_st *tst = &eddsa_pv_data[id]; 494 495 self_test_args.called = 0; 496 self_test_args.enable = 1; 497 if (!TEST_ptr(pkey = EVP_PKEY_Q_keygen(libctx, NULL, tst->curve_name)) 498 || !TEST_int_ge(self_test_args.called, 3) 499 || !TEST_true(pkey_get_octet_bytes(pkey, OSSL_PKEY_PARAM_PRIV_KEY, 500 &priv, &priv_len)) 501 || !TEST_true(pkey_get_octet_bytes(pkey, OSSL_PKEY_PARAM_PUB_KEY, &pub, 502 &pub_len))) 503 goto err; 504 505 test_output_memory("q", pub, pub_len); 506 test_output_memory("d", priv, priv_len); 507 ret = 1; 508 err: 509 self_test_args.enable = 0; 510 self_test_args.called = 0; 511 OPENSSL_clear_free(priv, priv_len); 512 OPENSSL_free(pub); 513 EVP_PKEY_free(pkey); 514 return ret; 515 } 516 517 #endif /* OPENSSL_NO_ECX */ 518 519 #ifndef OPENSSL_NO_DSA 520 521 static EVP_PKEY *dsa_paramgen(int L, int N) 522 { 523 EVP_PKEY_CTX *paramgen_ctx = NULL; 524 EVP_PKEY *param_key = NULL; 525 526 if (!TEST_ptr(paramgen_ctx = EVP_PKEY_CTX_new_from_name(libctx, "DSA", NULL)) 527 || !TEST_int_gt(EVP_PKEY_paramgen_init(paramgen_ctx), 0) 528 || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_bits(paramgen_ctx, L)) 529 || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_q_bits(paramgen_ctx, N)) 530 || !TEST_true(EVP_PKEY_paramgen(paramgen_ctx, ¶m_key))) 531 TEST_info("dsa_paramgen failed"); 532 EVP_PKEY_CTX_free(paramgen_ctx); 533 return param_key; 534 } 535 536 static EVP_PKEY *dsa_keygen(int L, int N) 537 { 538 EVP_PKEY *param_key = NULL, *key = NULL; 539 EVP_PKEY_CTX *keygen_ctx = NULL; 540 541 if (!TEST_ptr(param_key = dsa_paramgen(L, N)) 542 || !TEST_ptr(keygen_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, param_key, 543 NULL)) 544 || !TEST_int_gt(EVP_PKEY_keygen_init(keygen_ctx), 0) 545 || !TEST_int_gt(EVP_PKEY_keygen(keygen_ctx, &key), 0)) 546 goto err; 547 err: 548 EVP_PKEY_free(param_key); 549 EVP_PKEY_CTX_free(keygen_ctx); 550 return key; 551 } 552 553 static int dsa_keygen_test(int id) 554 { 555 int ret = 0, i; 556 EVP_PKEY_CTX *paramgen_ctx = NULL, *keygen_ctx = NULL; 557 EVP_PKEY *param_key = NULL, *key = NULL; 558 unsigned char *priv = NULL, *pub = NULL; 559 size_t priv_len = 0, pub_len = 0; 560 const struct dsa_paramgen_st *tst = &dsa_keygen_data[id]; 561 562 if (!dsasign_allowed) 563 return TEST_skip("DSA signing is not allowed"); 564 if (!TEST_ptr(param_key = dsa_paramgen(tst->L, tst->N)) 565 || !TEST_ptr(keygen_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, param_key, 566 NULL)) 567 || !TEST_int_gt(EVP_PKEY_keygen_init(keygen_ctx), 0)) 568 goto err; 569 for (i = 0; i < 2; ++i) { 570 if (!TEST_int_gt(EVP_PKEY_keygen(keygen_ctx, &key), 0) 571 || !TEST_true(pkey_get_bn_bytes(key, OSSL_PKEY_PARAM_PRIV_KEY, 572 &priv, &priv_len)) 573 || !TEST_true(pkey_get_bn_bytes(key, OSSL_PKEY_PARAM_PUB_KEY, 574 &pub, &pub_len))) 575 goto err; 576 test_output_memory("y", pub, pub_len); 577 test_output_memory("x", priv, priv_len); 578 EVP_PKEY_free(key); 579 OPENSSL_clear_free(priv, priv_len); 580 OPENSSL_free(pub); 581 key = NULL; 582 pub = priv = NULL; 583 } 584 ret = 1; 585 err: 586 OPENSSL_clear_free(priv, priv_len); 587 OPENSSL_free(pub); 588 EVP_PKEY_free(param_key); 589 EVP_PKEY_free(key); 590 EVP_PKEY_CTX_free(keygen_ctx); 591 EVP_PKEY_CTX_free(paramgen_ctx); 592 return ret; 593 } 594 595 static int dsa_paramgen_test(int id) 596 { 597 int ret = 0, counter = 0; 598 EVP_PKEY_CTX *paramgen_ctx = NULL; 599 EVP_PKEY *param_key = NULL; 600 unsigned char *p = NULL, *q = NULL, *seed = NULL; 601 size_t plen = 0, qlen = 0, seedlen = 0; 602 const struct dsa_paramgen_st *tst = &dsa_paramgen_data[id]; 603 604 if (!TEST_ptr(paramgen_ctx = EVP_PKEY_CTX_new_from_name(libctx, "DSA", NULL)) 605 || !TEST_int_gt(EVP_PKEY_paramgen_init(paramgen_ctx), 0) 606 || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_bits(paramgen_ctx, tst->L)) 607 || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_q_bits(paramgen_ctx, 608 tst->N))) 609 goto err; 610 611 if (!dsasign_allowed) { 612 if (!TEST_false(EVP_PKEY_paramgen(paramgen_ctx, ¶m_key))) 613 goto err; 614 } else { 615 if (!TEST_true(EVP_PKEY_paramgen(paramgen_ctx, ¶m_key)) 616 || !TEST_true(pkey_get_bn_bytes(param_key, OSSL_PKEY_PARAM_FFC_P, 617 &p, &plen)) 618 || !TEST_true(pkey_get_bn_bytes(param_key, OSSL_PKEY_PARAM_FFC_Q, 619 &q, &qlen)) 620 || !TEST_true(pkey_get_octet_bytes(param_key, 621 OSSL_PKEY_PARAM_FFC_SEED, 622 &seed, &seedlen)) 623 || !TEST_true(EVP_PKEY_get_int_param(param_key, 624 OSSL_PKEY_PARAM_FFC_PCOUNTER, 625 &counter))) 626 goto err; 627 test_output_memory("p", p, plen); 628 test_output_memory("q", q, qlen); 629 test_output_memory("domainSeed", seed, seedlen); 630 test_printf_stderr("%s: %d\n", "counter", counter); 631 } 632 ret = 1; 633 err: 634 OPENSSL_free(p); 635 OPENSSL_free(q); 636 OPENSSL_free(seed); 637 EVP_PKEY_free(param_key); 638 EVP_PKEY_CTX_free(paramgen_ctx); 639 return ret; 640 } 641 642 static int dsa_create_pkey(EVP_PKEY **pkey, 643 const unsigned char *p, size_t p_len, 644 const unsigned char *q, size_t q_len, 645 const unsigned char *g, size_t g_len, 646 const unsigned char *seed, size_t seed_len, 647 int counter, 648 int validate_pq, int validate_g, 649 const unsigned char *pub, size_t pub_len, 650 BN_CTX *bn_ctx) 651 { 652 int ret = 0; 653 EVP_PKEY_CTX *ctx = NULL; 654 OSSL_PARAM_BLD *bld = NULL; 655 OSSL_PARAM *params = NULL; 656 BIGNUM *p_bn = NULL, *q_bn = NULL, *g_bn = NULL, *pub_bn = NULL; 657 658 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new()) 659 || !TEST_ptr(p_bn = BN_CTX_get(bn_ctx)) 660 || !TEST_ptr(BN_bin2bn(p, p_len, p_bn)) 661 || !TEST_true(OSSL_PARAM_BLD_push_int(bld, 662 OSSL_PKEY_PARAM_FFC_VALIDATE_PQ, 663 validate_pq)) 664 || !TEST_true(OSSL_PARAM_BLD_push_int(bld, 665 OSSL_PKEY_PARAM_FFC_VALIDATE_G, 666 validate_g)) 667 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p_bn)) 668 || !TEST_ptr(q_bn = BN_CTX_get(bn_ctx)) 669 || !TEST_ptr(BN_bin2bn(q, q_len, q_bn)) 670 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q_bn))) 671 goto err; 672 673 if (g != NULL) { 674 if (!TEST_ptr(g_bn = BN_CTX_get(bn_ctx)) 675 || !TEST_ptr(BN_bin2bn(g, g_len, g_bn)) 676 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, 677 OSSL_PKEY_PARAM_FFC_G, g_bn))) 678 goto err; 679 } 680 if (seed != NULL) { 681 if (!TEST_true(OSSL_PARAM_BLD_push_octet_string(bld, 682 OSSL_PKEY_PARAM_FFC_SEED, seed, seed_len))) 683 goto err; 684 } 685 if (counter != -1) { 686 if (!TEST_true(OSSL_PARAM_BLD_push_int(bld, 687 OSSL_PKEY_PARAM_FFC_PCOUNTER, 688 counter))) 689 goto err; 690 } 691 if (pub != NULL) { 692 if (!TEST_ptr(pub_bn = BN_CTX_get(bn_ctx)) 693 || !TEST_ptr(BN_bin2bn(pub, pub_len, pub_bn)) 694 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, 695 OSSL_PKEY_PARAM_PUB_KEY, 696 pub_bn))) 697 goto err; 698 } 699 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)) 700 || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "DSA", NULL)) 701 || !TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1) 702 || !TEST_int_eq(EVP_PKEY_fromdata(ctx, pkey, EVP_PKEY_PUBLIC_KEY, 703 params), 1)) 704 goto err; 705 706 ret = 1; 707 err: 708 OSSL_PARAM_free(params); 709 OSSL_PARAM_BLD_free(bld); 710 EVP_PKEY_CTX_free(ctx); 711 return ret; 712 } 713 714 static int dsa_pqver_test(int id) 715 { 716 int ret = 0; 717 BN_CTX *bn_ctx = NULL; 718 EVP_PKEY_CTX *key_ctx = NULL; 719 EVP_PKEY *param_key = NULL; 720 const struct dsa_pqver_st *tst = &dsa_pqver_data[id]; 721 722 if (!TEST_ptr(bn_ctx = BN_CTX_new_ex(libctx)) 723 || !TEST_true(dsa_create_pkey(¶m_key, tst->p, tst->p_len, 724 tst->q, tst->q_len, NULL, 0, 725 tst->seed, tst->seed_len, tst->counter, 726 1, 0, 727 NULL, 0, 728 bn_ctx)) 729 || !TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, param_key, 730 NULL)) 731 || !TEST_int_eq(EVP_PKEY_param_check(key_ctx), tst->pass)) 732 goto err; 733 734 ret = 1; 735 err: 736 BN_CTX_free(bn_ctx); 737 EVP_PKEY_free(param_key); 738 EVP_PKEY_CTX_free(key_ctx); 739 return ret; 740 } 741 742 /* Extract r and s from a dsa signature */ 743 static int get_dsa_sig_rs_bytes(const unsigned char *sig, size_t sig_len, 744 unsigned char **r, unsigned char **s, 745 size_t *r_len, size_t *s_len) 746 { 747 int ret = 0; 748 unsigned char *rbuf = NULL, *sbuf = NULL; 749 size_t r1_len, s1_len; 750 const BIGNUM *r1, *s1; 751 DSA_SIG *sign = d2i_DSA_SIG(NULL, &sig, sig_len); 752 753 if (sign == NULL) 754 return 0; 755 DSA_SIG_get0(sign, &r1, &s1); 756 if (r1 == NULL || s1 == NULL) 757 goto err; 758 759 r1_len = BN_num_bytes(r1); 760 s1_len = BN_num_bytes(s1); 761 rbuf = OPENSSL_zalloc(r1_len); 762 sbuf = OPENSSL_zalloc(s1_len); 763 if (rbuf == NULL || sbuf == NULL) 764 goto err; 765 if (BN_bn2binpad(r1, rbuf, r1_len) <= 0) 766 goto err; 767 if (BN_bn2binpad(s1, sbuf, s1_len) <= 0) 768 goto err; 769 *r = rbuf; 770 *s = sbuf; 771 *r_len = r1_len; 772 *s_len = s1_len; 773 ret = 1; 774 err: 775 if (ret == 0) { 776 OPENSSL_free(rbuf); 777 OPENSSL_free(sbuf); 778 } 779 DSA_SIG_free(sign); 780 return ret; 781 } 782 783 static int dsa_siggen_test(int id) 784 { 785 int ret = 0; 786 EVP_PKEY *pkey = NULL; 787 unsigned char *sig = NULL, *r = NULL, *s = NULL; 788 size_t sig_len = 0, rlen = 0, slen = 0; 789 const struct dsa_siggen_st *tst = &dsa_siggen_data[id]; 790 791 if (!dsasign_allowed) { 792 if (!TEST_ptr_null(pkey = dsa_keygen(tst->L, tst->N))) 793 goto err; 794 } else { 795 if (!TEST_ptr(pkey = dsa_keygen(tst->L, tst->N))) 796 goto err; 797 if (!TEST_true(sig_gen(pkey, NULL, tst->digest_alg, tst->msg, tst->msg_len, 798 &sig, &sig_len)) 799 || !TEST_true(get_dsa_sig_rs_bytes(sig, sig_len, &r, &s, &rlen, &slen))) 800 goto err; 801 test_output_memory("r", r, rlen); 802 test_output_memory("s", s, slen); 803 } 804 ret = 1; 805 err: 806 OPENSSL_free(r); 807 OPENSSL_free(s); 808 OPENSSL_free(sig); 809 EVP_PKEY_free(pkey); 810 return ret; 811 } 812 813 static int dsa_sigver_test(int id) 814 { 815 int ret = 0; 816 EVP_PKEY_CTX *ctx = NULL; 817 EVP_PKEY *pkey = NULL; 818 DSA_SIG *sign = NULL; 819 size_t sig_len; 820 unsigned char *sig = NULL; 821 BIGNUM *rbn = NULL, *sbn = NULL; 822 EVP_MD *md = NULL; 823 unsigned char digest[EVP_MAX_MD_SIZE]; 824 unsigned int digest_len; 825 BN_CTX *bn_ctx = NULL; 826 const struct dsa_sigver_st *tst = &dsa_sigver_data[id]; 827 828 if (!TEST_ptr(bn_ctx = BN_CTX_new()) 829 || !TEST_true(dsa_create_pkey(&pkey, tst->p, tst->p_len, 830 tst->q, tst->q_len, tst->g, tst->g_len, 831 NULL, 0, 0, 0, 0, tst->pub, tst->pub_len, 832 bn_ctx))) 833 goto err; 834 835 if (!TEST_ptr(sign = DSA_SIG_new()) 836 || !TEST_ptr(rbn = BN_bin2bn(tst->r, tst->r_len, NULL)) 837 || !TEST_ptr(sbn = BN_bin2bn(tst->s, tst->s_len, NULL)) 838 || !TEST_true(DSA_SIG_set0(sign, rbn, sbn))) 839 goto err; 840 rbn = sbn = NULL; 841 842 if (!TEST_ptr(md = EVP_MD_fetch(libctx, tst->digest_alg, "")) 843 || !TEST_true(EVP_Digest(tst->msg, tst->msg_len, 844 digest, &digest_len, md, NULL))) 845 goto err; 846 847 if (!TEST_int_gt((sig_len = i2d_DSA_SIG(sign, &sig)), 0) 848 || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, "")) 849 || !TEST_int_gt(EVP_PKEY_verify_init(ctx), 0) 850 || !TEST_int_eq(EVP_PKEY_verify(ctx, sig, sig_len, digest, digest_len), 851 tst->pass)) 852 goto err; 853 ret = 1; 854 err: 855 EVP_PKEY_CTX_free(ctx); 856 OPENSSL_free(sig); 857 EVP_MD_free(md); 858 DSA_SIG_free(sign); 859 EVP_PKEY_free(pkey); 860 BN_free(rbn); 861 BN_free(sbn); 862 BN_CTX_free(bn_ctx); 863 return ret; 864 } 865 #endif /* OPENSSL_NO_DSA */ 866 867 868 /* cipher encrypt/decrypt */ 869 static int cipher_enc(const char *alg, 870 const unsigned char *pt, size_t pt_len, 871 const unsigned char *key, size_t key_len, 872 const unsigned char *iv, size_t iv_len, 873 const unsigned char *ct, size_t ct_len, 874 int enc) 875 { 876 int ret = 0, out_len = 0, len = 0; 877 EVP_CIPHER_CTX *ctx = NULL; 878 EVP_CIPHER *cipher = NULL; 879 unsigned char out[256] = { 0 }; 880 881 TEST_note("%s : %s", alg, enc ? "encrypt" : "decrypt"); 882 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()) 883 || !TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, alg, "")) 884 || !TEST_true(EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, enc)) 885 || !TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0)) 886 || !TEST_true(EVP_CipherUpdate(ctx, out, &len, pt, pt_len)) 887 || !TEST_true(EVP_CipherFinal_ex(ctx, out + len, &out_len))) 888 goto err; 889 out_len += len; 890 if (!TEST_mem_eq(out, out_len, ct, ct_len)) 891 goto err; 892 ret = 1; 893 err: 894 EVP_CIPHER_free(cipher); 895 EVP_CIPHER_CTX_free(ctx); 896 return ret; 897 } 898 899 static int cipher_enc_dec_test(int id) 900 { 901 const struct cipher_st *tst = &cipher_enc_data[id]; 902 const int enc = 1; 903 904 return TEST_true(cipher_enc(tst->alg, tst->pt, tst->pt_len, 905 tst->key, tst->key_len, 906 tst->iv, tst->iv_len, 907 tst->ct, tst->ct_len, enc)) 908 && TEST_true(cipher_enc(tst->alg, tst->ct, tst->ct_len, 909 tst->key, tst->key_len, 910 tst->iv, tst->iv_len, 911 tst->pt, tst->pt_len, !enc)); 912 } 913 914 static int aes_ccm_enc_dec(const char *alg, 915 const unsigned char *pt, size_t pt_len, 916 const unsigned char *key, size_t key_len, 917 const unsigned char *iv, size_t iv_len, 918 const unsigned char *aad, size_t aad_len, 919 const unsigned char *ct, size_t ct_len, 920 const unsigned char *tag, size_t tag_len, 921 int enc, int pass) 922 { 923 int ret = 0; 924 EVP_CIPHER_CTX *ctx; 925 EVP_CIPHER *cipher = NULL; 926 int out_len, len; 927 unsigned char out[1024]; 928 929 TEST_note("%s : %s : expected to %s", alg, enc ? "encrypt" : "decrypt", 930 pass ? "pass" : "fail"); 931 932 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()) 933 || !TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, alg, "")) 934 || !TEST_true(EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc)) 935 || !TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, iv_len, 936 NULL), 0) 937 || !TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, tag_len, 938 enc ? NULL : (void *)tag), 0) 939 || !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, enc)) 940 || !TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0)) 941 || !TEST_true(EVP_CipherUpdate(ctx, NULL, &len, NULL, pt_len)) 942 || !TEST_true(EVP_CipherUpdate(ctx, NULL, &len, aad, aad_len)) 943 || !TEST_int_eq(EVP_CipherUpdate(ctx, out, &len, pt, pt_len), pass)) 944 goto err; 945 946 if (!pass) { 947 ret = 1; 948 goto err; 949 } 950 if (!TEST_true(EVP_CipherFinal_ex(ctx, out + len, &out_len))) 951 goto err; 952 if (enc) { 953 out_len += len; 954 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, 955 tag_len, out + out_len), 0) 956 || !TEST_mem_eq(out, out_len, ct, ct_len) 957 || !TEST_mem_eq(out + out_len, tag_len, tag, tag_len)) 958 goto err; 959 } else { 960 if (!TEST_mem_eq(out, out_len + len, ct, ct_len)) 961 goto err; 962 } 963 964 ret = 1; 965 err: 966 EVP_CIPHER_free(cipher); 967 EVP_CIPHER_CTX_free(ctx); 968 return ret; 969 } 970 971 static int aes_ccm_enc_dec_test(int id) 972 { 973 const struct cipher_ccm_st *tst = &aes_ccm_enc_data[id]; 974 975 /* The tag is on the end of the cipher text */ 976 const size_t tag_len = tst->ct_len - tst->pt_len; 977 const size_t ct_len = tst->ct_len - tag_len; 978 const unsigned char *tag = tst->ct + ct_len; 979 const int enc = 1; 980 const int pass = 1; 981 982 if (ct_len < 1) 983 return 0; 984 985 return aes_ccm_enc_dec(tst->alg, tst->pt, tst->pt_len, 986 tst->key, tst->key_len, 987 tst->iv, tst->iv_len, tst->aad, tst->aad_len, 988 tst->ct, ct_len, tag, tag_len, enc, pass) 989 && aes_ccm_enc_dec(tst->alg, tst->ct, ct_len, 990 tst->key, tst->key_len, 991 tst->iv, tst->iv_len, tst->aad, tst->aad_len, 992 tst->pt, tst->pt_len, tag, tag_len, !enc, pass) 993 /* test that it fails if the tag is incorrect */ 994 && aes_ccm_enc_dec(tst->alg, tst->ct, ct_len, 995 tst->key, tst->key_len, 996 tst->iv, tst->iv_len, tst->aad, tst->aad_len, 997 tst->pt, tst->pt_len, 998 tag - 1, tag_len, !enc, !pass); 999 } 1000 1001 static int aes_gcm_enc_dec(const char *alg, 1002 const unsigned char *pt, size_t pt_len, 1003 const unsigned char *key, size_t key_len, 1004 const unsigned char *iv, size_t iv_len, 1005 const unsigned char *aad, size_t aad_len, 1006 const unsigned char *ct, size_t ct_len, 1007 const unsigned char *tag, size_t tag_len, 1008 int enc, int pass, 1009 unsigned char *out, int *out_len, 1010 unsigned char *outiv) 1011 { 1012 int ret = 0; 1013 EVP_CIPHER_CTX *ctx; 1014 EVP_CIPHER *cipher = NULL; 1015 int olen, len; 1016 1017 TEST_note("%s : %s : expected to %s", alg, enc ? "encrypt" : "decrypt", 1018 pass ? "pass" : "fail"); 1019 1020 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()) 1021 || !TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, alg, "")) 1022 || !TEST_true(EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc)) 1023 || !TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, iv_len, 1024 NULL), 0)) 1025 goto err; 1026 1027 if (!enc) { 1028 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, tag_len, 1029 (void *)tag), 0)) 1030 goto err; 1031 } 1032 /* 1033 * For testing purposes the IV may be passed in here. In a compliant 1034 * application the IV would be generated internally. A fake entropy source 1035 * could also be used to feed in the random IV bytes (see fake_random.c) 1036 */ 1037 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, enc)) 1038 || !TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0)) 1039 || !TEST_true(EVP_CipherUpdate(ctx, NULL, &len, aad, aad_len)) 1040 || !TEST_true(EVP_CipherUpdate(ctx, out, &len, pt, pt_len))) 1041 goto err; 1042 1043 if (!TEST_int_eq(EVP_CipherFinal_ex(ctx, out + len, &olen), pass)) 1044 goto err; 1045 if (!pass) { 1046 ret = 1; 1047 goto err; 1048 } 1049 olen += len; 1050 if (enc) { 1051 if ((ct != NULL && !TEST_mem_eq(out, olen, ct, ct_len)) 1052 || !TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, 1053 tag_len, out + olen), 0) 1054 || (tag != NULL 1055 && !TEST_mem_eq(out + olen, tag_len, tag, tag_len))) 1056 goto err; 1057 } else { 1058 if (ct != NULL && !TEST_mem_eq(out, olen, ct, ct_len)) 1059 goto err; 1060 } 1061 1062 { 1063 OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END, OSSL_PARAM_END }; 1064 OSSL_PARAM *p = params; 1065 unsigned int iv_generated = -1; 1066 const OSSL_PARAM *gettables = EVP_CIPHER_CTX_gettable_params(ctx); 1067 const char *ivgenkey = OSSL_CIPHER_PARAM_AEAD_IV_GENERATED; 1068 int ivgen = (OSSL_PARAM_locate_const(gettables, ivgenkey) != NULL); 1069 1070 if (ivgen != 0) 1071 *p++ = OSSL_PARAM_construct_uint(ivgenkey, &iv_generated); 1072 if (outiv != NULL) 1073 *p = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_IV, 1074 outiv, iv_len); 1075 if (!TEST_true(EVP_CIPHER_CTX_get_params(ctx, params))) 1076 goto err; 1077 if (ivgen != 0 1078 && !TEST_uint_eq(iv_generated, (enc == 0 || iv != NULL ? 0 : 1))) 1079 goto err; 1080 } 1081 if (out_len != NULL) 1082 *out_len = olen; 1083 1084 ret = 1; 1085 err: 1086 EVP_CIPHER_free(cipher); 1087 EVP_CIPHER_CTX_free(ctx); 1088 return ret; 1089 } 1090 1091 static int aes_gcm_enc_dec_test(int id) 1092 { 1093 const struct cipher_gcm_st *tst = &aes_gcm_enc_data[id]; 1094 int enc = 1; 1095 int pass = 1; 1096 unsigned char out[1024]; 1097 1098 return aes_gcm_enc_dec(tst->alg, tst->pt, tst->pt_len, 1099 tst->key, tst->key_len, 1100 tst->iv, tst->iv_len, tst->aad, tst->aad_len, 1101 tst->ct, tst->ct_len, tst->tag, tst->tag_len, 1102 enc, pass, out, NULL, NULL) 1103 && aes_gcm_enc_dec(tst->alg, tst->ct, tst->ct_len, 1104 tst->key, tst->key_len, 1105 tst->iv, tst->iv_len, tst->aad, tst->aad_len, 1106 tst->pt, tst->pt_len, tst->tag, tst->tag_len, 1107 !enc, pass, out, NULL, NULL) 1108 /* Fail if incorrect tag passed to decrypt */ 1109 && aes_gcm_enc_dec(tst->alg, tst->ct, tst->ct_len, 1110 tst->key, tst->key_len, 1111 tst->iv, tst->iv_len, tst->aad, tst->aad_len, 1112 tst->pt, tst->pt_len, tst->aad, tst->tag_len, 1113 !enc, !pass, out, NULL, NULL); 1114 } 1115 1116 static int aes_gcm_gen_iv_internal_test(void) 1117 { 1118 const struct cipher_gcm_st *tst = &aes_gcm_enc_data[0]; 1119 int enc = 1; 1120 int pass = 1; 1121 int out_len = 0; 1122 unsigned char out[1024]; 1123 unsigned char iv[16]; 1124 1125 return aes_gcm_enc_dec(tst->alg, tst->pt, tst->pt_len, 1126 tst->key, tst->key_len, 1127 NULL, tst->iv_len, tst->aad, tst->aad_len, 1128 NULL, tst->ct_len, NULL, tst->tag_len, 1129 enc, pass, out, &out_len, iv) 1130 && aes_gcm_enc_dec(tst->alg, out, out_len, 1131 tst->key, tst->key_len, 1132 iv, tst->iv_len, tst->aad, tst->aad_len, 1133 tst->pt, tst->pt_len, out + out_len, tst->tag_len, 1134 !enc, pass, out, NULL, NULL); 1135 } 1136 1137 #ifndef OPENSSL_NO_DH 1138 static int dh_create_pkey(EVP_PKEY **pkey, const char *group_name, 1139 const unsigned char *pub, size_t pub_len, 1140 const unsigned char *priv, size_t priv_len, 1141 BN_CTX *bn_ctx, int pass) 1142 { 1143 int ret = 0; 1144 EVP_PKEY_CTX *ctx = NULL; 1145 OSSL_PARAM_BLD *bld = NULL; 1146 OSSL_PARAM *params = NULL; 1147 BIGNUM *pub_bn = NULL, *priv_bn = NULL; 1148 1149 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new()) 1150 || (group_name != NULL 1151 && !TEST_int_gt(OSSL_PARAM_BLD_push_utf8_string( 1152 bld, OSSL_PKEY_PARAM_GROUP_NAME, 1153 group_name, 0), 0))) 1154 goto err; 1155 1156 if (pub != NULL) { 1157 if (!TEST_ptr(pub_bn = BN_CTX_get(bn_ctx)) 1158 || !TEST_ptr(BN_bin2bn(pub, pub_len, pub_bn)) 1159 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY, 1160 pub_bn))) 1161 goto err; 1162 } 1163 if (priv != NULL) { 1164 if (!TEST_ptr(priv_bn = BN_CTX_get(bn_ctx)) 1165 || !TEST_ptr(BN_bin2bn(priv, priv_len, priv_bn)) 1166 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY, 1167 priv_bn))) 1168 goto err; 1169 } 1170 1171 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)) 1172 || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "DH", NULL)) 1173 || !TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1) 1174 || !TEST_int_eq(EVP_PKEY_fromdata(ctx, pkey, EVP_PKEY_KEYPAIR, params), 1175 pass)) 1176 goto err; 1177 1178 ret = 1; 1179 err: 1180 OSSL_PARAM_free(params); 1181 OSSL_PARAM_BLD_free(bld); 1182 EVP_PKEY_CTX_free(ctx); 1183 return ret; 1184 } 1185 1186 static int dh_safe_prime_keygen_test(int id) 1187 { 1188 int ret = 0; 1189 EVP_PKEY_CTX *ctx = NULL; 1190 EVP_PKEY *pkey = NULL; 1191 unsigned char *priv = NULL; 1192 unsigned char *pub = NULL; 1193 size_t priv_len = 0, pub_len = 0; 1194 OSSL_PARAM params[2]; 1195 const struct dh_safe_prime_keygen_st *tst = &dh_safe_prime_keygen_data[id]; 1196 1197 params[0] = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME, 1198 (char *)tst->group_name, 0); 1199 params[1] = OSSL_PARAM_construct_end(); 1200 1201 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "DH", NULL)) 1202 || !TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0) 1203 || !TEST_true(EVP_PKEY_CTX_set_params(ctx, params)) 1204 || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0) 1205 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_PRIV_KEY, 1206 &priv, &priv_len)) 1207 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_PUB_KEY, 1208 &pub, &pub_len))) 1209 goto err; 1210 1211 test_output_memory("x", priv, priv_len); 1212 test_output_memory("y", pub, pub_len); 1213 ret = 1; 1214 err: 1215 OPENSSL_clear_free(priv, priv_len); 1216 OPENSSL_free(pub); 1217 EVP_PKEY_free(pkey); 1218 EVP_PKEY_CTX_free(ctx); 1219 return ret; 1220 } 1221 1222 static int dh_safe_prime_keyver_test(int id) 1223 { 1224 int ret = 0; 1225 BN_CTX *bn_ctx = NULL; 1226 EVP_PKEY_CTX *key_ctx = NULL; 1227 EVP_PKEY *pkey = NULL; 1228 const struct dh_safe_prime_keyver_st *tst = &dh_safe_prime_keyver_data[id]; 1229 1230 if (!TEST_ptr(bn_ctx = BN_CTX_new_ex(libctx)) 1231 || !TEST_true(dh_create_pkey(&pkey, tst->group_name, 1232 tst->pub, tst->pub_len, 1233 tst->priv, tst->priv_len, bn_ctx, 1)) 1234 || !TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, "")) 1235 || !TEST_int_eq(EVP_PKEY_check(key_ctx), tst->pass)) 1236 goto err; 1237 1238 ret = 1; 1239 err: 1240 EVP_PKEY_free(pkey); 1241 EVP_PKEY_CTX_free(key_ctx); 1242 BN_CTX_free(bn_ctx); 1243 return ret; 1244 } 1245 #endif /* OPENSSL_NO_DH */ 1246 1247 1248 static int rsa_create_pkey(EVP_PKEY **pkey, 1249 const unsigned char *n, size_t n_len, 1250 const unsigned char *e, size_t e_len, 1251 const unsigned char *d, size_t d_len, 1252 BN_CTX *bn_ctx) 1253 { 1254 int ret = 0; 1255 EVP_PKEY_CTX *ctx = NULL; 1256 OSSL_PARAM_BLD *bld = NULL; 1257 OSSL_PARAM *params = NULL; 1258 BIGNUM *e_bn = NULL, *d_bn = NULL, *n_bn = NULL; 1259 1260 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new()) 1261 || !TEST_ptr(n_bn = BN_CTX_get(bn_ctx)) 1262 || !TEST_ptr(BN_bin2bn(n, n_len, n_bn)) 1263 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_N, n_bn))) 1264 goto err; 1265 1266 if (e != NULL) { 1267 if (!TEST_ptr(e_bn = BN_CTX_get(bn_ctx)) 1268 || !TEST_ptr(BN_bin2bn(e, e_len, e_bn)) 1269 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_E, 1270 e_bn))) 1271 goto err; 1272 } 1273 if (d != NULL) { 1274 if (!TEST_ptr(d_bn = BN_CTX_get(bn_ctx)) 1275 || !TEST_ptr(BN_bin2bn(d, d_len, d_bn)) 1276 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_D, 1277 d_bn))) 1278 goto err; 1279 } 1280 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)) 1281 || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "RSA", NULL)) 1282 || !TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1) 1283 || !TEST_int_eq(EVP_PKEY_fromdata(ctx, pkey, EVP_PKEY_KEYPAIR, params), 1284 1)) 1285 goto err; 1286 1287 ret = 1; 1288 err: 1289 OSSL_PARAM_free(params); 1290 OSSL_PARAM_BLD_free(bld); 1291 EVP_PKEY_CTX_free(ctx); 1292 return ret; 1293 } 1294 1295 static int rsa_keygen_test(int id) 1296 { 1297 int ret = 0; 1298 EVP_PKEY_CTX *ctx = NULL; 1299 EVP_PKEY *pkey = NULL; 1300 BIGNUM *e_bn = NULL; 1301 BIGNUM *xp1_bn = NULL, *xp2_bn = NULL, *xp_bn = NULL; 1302 BIGNUM *xq1_bn = NULL, *xq2_bn = NULL, *xq_bn = NULL; 1303 unsigned char *n = NULL, *d = NULL; 1304 unsigned char *p = NULL, *p1 = NULL, *p2 = NULL; 1305 unsigned char *q = NULL, *q1 = NULL, *q2 = NULL; 1306 size_t n_len = 0, d_len = 0; 1307 size_t p_len = 0, p1_len = 0, p2_len = 0; 1308 size_t q_len = 0, q1_len = 0, q2_len = 0; 1309 OSSL_PARAM_BLD *bld = NULL; 1310 OSSL_PARAM *params = NULL; 1311 const struct rsa_keygen_st *tst = &rsa_keygen_data[id]; 1312 1313 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new()) 1314 || !TEST_ptr(xp1_bn = BN_bin2bn(tst->xp1, tst->xp1_len, NULL)) 1315 || !TEST_ptr(xp2_bn = BN_bin2bn(tst->xp2, tst->xp2_len, NULL)) 1316 || !TEST_ptr(xp_bn = BN_bin2bn(tst->xp, tst->xp_len, NULL)) 1317 || !TEST_ptr(xq1_bn = BN_bin2bn(tst->xq1, tst->xq1_len, NULL)) 1318 || !TEST_ptr(xq2_bn = BN_bin2bn(tst->xq2, tst->xq2_len, NULL)) 1319 || !TEST_ptr(xq_bn = BN_bin2bn(tst->xq, tst->xq_len, NULL)) 1320 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_TEST_XP1, 1321 xp1_bn)) 1322 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_TEST_XP2, 1323 xp2_bn)) 1324 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_TEST_XP, 1325 xp_bn)) 1326 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_TEST_XQ1, 1327 xq1_bn)) 1328 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_TEST_XQ2, 1329 xq2_bn)) 1330 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_TEST_XQ, 1331 xq_bn)) 1332 || !TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))) 1333 goto err; 1334 1335 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "RSA", NULL)) 1336 || !TEST_ptr(e_bn = BN_bin2bn(tst->e, tst->e_len, NULL)) 1337 || !TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0) 1338 || !TEST_int_gt(EVP_PKEY_CTX_set_params(ctx, params), 0) 1339 || !TEST_int_gt(EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, tst->mod), 0) 1340 || !TEST_int_gt(EVP_PKEY_CTX_set1_rsa_keygen_pubexp(ctx, e_bn), 0) 1341 || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0) 1342 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_TEST_P1, 1343 &p1, &p1_len)) 1344 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_TEST_P2, 1345 &p2, &p2_len)) 1346 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_TEST_Q1, 1347 &q1, &q1_len)) 1348 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_TEST_Q2, 1349 &q2, &q2_len)) 1350 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_FACTOR1, 1351 &p, &p_len)) 1352 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_FACTOR2, 1353 &q, &q_len)) 1354 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_N, 1355 &n, &n_len)) 1356 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_D, 1357 &d, &d_len))) 1358 goto err; 1359 1360 if (!TEST_mem_eq(tst->p1, tst->p1_len, p1, p1_len) 1361 || !TEST_mem_eq(tst->p2, tst->p2_len, p2, p2_len) 1362 || !TEST_mem_eq(tst->p, tst->p_len, p, p_len) 1363 || !TEST_mem_eq(tst->q1, tst->q1_len, q1, q1_len) 1364 || !TEST_mem_eq(tst->q2, tst->q2_len, q2, q2_len) 1365 || !TEST_mem_eq(tst->q, tst->q_len, q, q_len) 1366 || !TEST_mem_eq(tst->n, tst->n_len, n, n_len) 1367 || !TEST_mem_eq(tst->d, tst->d_len, d, d_len)) 1368 goto err; 1369 1370 test_output_memory("p1", p1, p1_len); 1371 test_output_memory("p2", p2, p2_len); 1372 test_output_memory("p", p, p_len); 1373 test_output_memory("q1", q1, q1_len); 1374 test_output_memory("q2", q2, q2_len); 1375 test_output_memory("q", q, q_len); 1376 test_output_memory("n", n, n_len); 1377 test_output_memory("d", d, d_len); 1378 ret = 1; 1379 err: 1380 BN_free(xp1_bn); 1381 BN_free(xp2_bn); 1382 BN_free(xp_bn); 1383 BN_free(xq1_bn); 1384 BN_free(xq2_bn); 1385 BN_free(xq_bn); 1386 BN_free(e_bn); 1387 OPENSSL_free(p1); 1388 OPENSSL_free(p2); 1389 OPENSSL_free(q1); 1390 OPENSSL_free(q2); 1391 OPENSSL_free(p); 1392 OPENSSL_free(q); 1393 OPENSSL_free(n); 1394 OPENSSL_free(d); 1395 EVP_PKEY_free(pkey); 1396 EVP_PKEY_CTX_free(ctx); 1397 OSSL_PARAM_free(params); 1398 OSSL_PARAM_BLD_free(bld); 1399 return ret; 1400 } 1401 1402 static int rsa_siggen_test(int id) 1403 { 1404 int ret = 0; 1405 EVP_PKEY *pkey = NULL; 1406 unsigned char *sig = NULL, *n = NULL, *e = NULL; 1407 size_t sig_len = 0, n_len = 0, e_len = 0; 1408 OSSL_PARAM params[4], *p; 1409 const struct rsa_siggen_st *tst = &rsa_siggen_data[id]; 1410 int salt_len = tst->pss_salt_len; 1411 1412 if (!rsa_sign_x931_pad_allowed 1413 && (strcmp(tst->sig_pad_mode, OSSL_PKEY_RSA_PAD_MODE_X931) == 0)) 1414 return TEST_skip("x931 signing is not allowed"); 1415 1416 TEST_note("RSA %s signature generation", tst->sig_pad_mode); 1417 1418 p = params; 1419 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_PAD_MODE, 1420 (char *)tst->sig_pad_mode, 0); 1421 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST, 1422 (char *)tst->digest_alg, 0); 1423 if (salt_len >= 0) 1424 *p++ = OSSL_PARAM_construct_int(OSSL_SIGNATURE_PARAM_PSS_SALTLEN, 1425 &salt_len); 1426 *p++ = OSSL_PARAM_construct_end(); 1427 1428 if (!TEST_ptr(pkey = EVP_PKEY_Q_keygen(libctx, NULL, "RSA", tst->mod)) 1429 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_N, &n, &n_len)) 1430 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_E, &e, &e_len)) 1431 || !TEST_true(sig_gen(pkey, params, tst->digest_alg, 1432 tst->msg, tst->msg_len, 1433 &sig, &sig_len))) 1434 goto err; 1435 test_output_memory("n", n, n_len); 1436 test_output_memory("e", e, e_len); 1437 test_output_memory("sig", sig, sig_len); 1438 ret = 1; 1439 err: 1440 OPENSSL_free(n); 1441 OPENSSL_free(e); 1442 OPENSSL_free(sig); 1443 EVP_PKEY_free(pkey); 1444 return ret; 1445 } 1446 1447 static int rsa_sigver_test(int id) 1448 { 1449 int ret = 0; 1450 EVP_PKEY_CTX *pkey_ctx = NULL; 1451 EVP_PKEY *pkey = NULL; 1452 EVP_MD_CTX *md_ctx = NULL; 1453 BN_CTX *bn_ctx = NULL; 1454 OSSL_PARAM params[4], *p; 1455 const struct rsa_sigver_st *tst = &rsa_sigver_data[id]; 1456 int salt_len = tst->pss_salt_len; 1457 1458 TEST_note("RSA %s Signature Verify : expected to %s ", tst->sig_pad_mode, 1459 tst->pass == PASS ? "pass" : "fail"); 1460 1461 p = params; 1462 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_PAD_MODE, 1463 (char *)tst->sig_pad_mode, 0); 1464 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST, 1465 (char *)tst->digest_alg, 0); 1466 if (salt_len >= 0) 1467 *p++ = OSSL_PARAM_construct_int(OSSL_SIGNATURE_PARAM_PSS_SALTLEN, 1468 &salt_len); 1469 *p = OSSL_PARAM_construct_end(); 1470 1471 if (!TEST_ptr(bn_ctx = BN_CTX_new()) 1472 || !TEST_true(rsa_create_pkey(&pkey, tst->n, tst->n_len, 1473 tst->e, tst->e_len, NULL, 0, bn_ctx)) 1474 || !TEST_ptr(md_ctx = EVP_MD_CTX_new()) 1475 || !TEST_true(EVP_DigestVerifyInit_ex(md_ctx, &pkey_ctx, 1476 tst->digest_alg, libctx, NULL, 1477 pkey, NULL)) 1478 || !check_verify_message(pkey_ctx, 1) 1479 || !TEST_true(EVP_PKEY_CTX_set_params(pkey_ctx, params)) 1480 || !TEST_int_eq(EVP_DigestVerify(md_ctx, tst->sig, tst->sig_len, 1481 tst->msg, tst->msg_len), tst->pass) 1482 || !check_verify_message(pkey_ctx, 1) 1483 || !TEST_true(EVP_PKEY_verify_init(pkey_ctx)) 1484 || !check_verify_message(pkey_ctx, 0)) 1485 goto err; 1486 1487 ret = 1; 1488 err: 1489 EVP_PKEY_free(pkey); 1490 BN_CTX_free(bn_ctx); 1491 EVP_MD_CTX_free(md_ctx); 1492 return ret; 1493 } 1494 1495 static int rsa_decryption_primitive_test(int id) 1496 { 1497 int ret = 0; 1498 EVP_PKEY_CTX *ctx = NULL; 1499 EVP_PKEY *pkey = NULL; 1500 unsigned char pt[2048]; 1501 size_t pt_len = sizeof(pt); 1502 unsigned char *n = NULL, *e = NULL; 1503 size_t n_len = 0, e_len = 0; 1504 BN_CTX *bn_ctx = NULL; 1505 const struct rsa_decrypt_prim_st *tst = &rsa_decrypt_prim_data[id]; 1506 1507 if (!TEST_ptr(pkey = EVP_PKEY_Q_keygen(libctx, NULL, "RSA", (size_t)2048)) 1508 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_N, &n, &n_len)) 1509 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_E, &e, &e_len)) 1510 || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, "")) 1511 || !TEST_int_gt(EVP_PKEY_decrypt_init(ctx), 0) 1512 || !TEST_int_gt(EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_NO_PADDING), 0)) 1513 goto err; 1514 1515 test_output_memory("n", n, n_len); 1516 test_output_memory("e", e, e_len); 1517 if (EVP_PKEY_decrypt(ctx, pt, &pt_len, tst->ct, tst->ct_len) <= 0) 1518 TEST_note("Decryption Failed"); 1519 else 1520 test_output_memory("pt", pt, pt_len); 1521 ret = 1; 1522 err: 1523 OPENSSL_free(n); 1524 OPENSSL_free(e); 1525 EVP_PKEY_CTX_free(ctx); 1526 EVP_PKEY_free(pkey); 1527 BN_CTX_free(bn_ctx); 1528 return ret; 1529 } 1530 1531 static int self_test_events(const OSSL_PARAM params[], void *varg) 1532 { 1533 SELF_TEST_ARGS *args = varg; 1534 const OSSL_PARAM *p = NULL; 1535 const char *phase = NULL, *type = NULL, *desc = NULL; 1536 int ret = 0; 1537 1538 if (!args->enable) 1539 return 1; 1540 1541 args->called++; 1542 p = OSSL_PARAM_locate_const(params, OSSL_PROV_PARAM_SELF_TEST_PHASE); 1543 if (p == NULL || p->data_type != OSSL_PARAM_UTF8_STRING) 1544 goto err; 1545 phase = (const char *)p->data; 1546 1547 p = OSSL_PARAM_locate_const(params, OSSL_PROV_PARAM_SELF_TEST_DESC); 1548 if (p == NULL || p->data_type != OSSL_PARAM_UTF8_STRING) 1549 goto err; 1550 desc = (const char *)p->data; 1551 1552 p = OSSL_PARAM_locate_const(params, OSSL_PROV_PARAM_SELF_TEST_TYPE); 1553 if (p == NULL || p->data_type != OSSL_PARAM_UTF8_STRING) 1554 goto err; 1555 type = (const char *)p->data; 1556 1557 BIO_printf(bio_out, "%s %s %s\n", phase, desc, type); 1558 ret = 1; 1559 err: 1560 return ret; 1561 } 1562 1563 static int drbg_test(int id) 1564 { 1565 OSSL_PARAM params[3]; 1566 EVP_RAND *rand = NULL; 1567 EVP_RAND_CTX *ctx = NULL, *parent = NULL; 1568 unsigned char returned_bits[64]; 1569 const size_t returned_bits_len = sizeof(returned_bits); 1570 unsigned int strength = 256; 1571 const struct drbg_st *tst = &drbg_data[id]; 1572 int res = 0; 1573 1574 /* Create the seed source */ 1575 if (!TEST_ptr(rand = EVP_RAND_fetch(libctx, "TEST-RAND", "-fips")) 1576 || !TEST_ptr(parent = EVP_RAND_CTX_new(rand, NULL))) 1577 goto err; 1578 EVP_RAND_free(rand); 1579 rand = NULL; 1580 1581 params[0] = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_STRENGTH, &strength); 1582 params[1] = OSSL_PARAM_construct_end(); 1583 if (!TEST_true(EVP_RAND_CTX_set_params(parent, params))) 1584 goto err; 1585 1586 /* Get the DRBG */ 1587 if (!TEST_ptr(rand = EVP_RAND_fetch(libctx, tst->drbg_name, "")) 1588 || !TEST_ptr(ctx = EVP_RAND_CTX_new(rand, parent))) 1589 goto err; 1590 1591 /* Set the DRBG up */ 1592 params[0] = OSSL_PARAM_construct_int(OSSL_DRBG_PARAM_USE_DF, 1593 (int *)&tst->use_df); 1594 params[1] = OSSL_PARAM_construct_utf8_string(OSSL_DRBG_PARAM_CIPHER, 1595 (char *)tst->cipher, 0); 1596 params[2] = OSSL_PARAM_construct_end(); 1597 if (!TEST_true(EVP_RAND_CTX_set_params(ctx, params))) 1598 goto err; 1599 1600 /* Feed in the entropy and nonce */ 1601 params[0] = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY, 1602 (void *)tst->entropy_input, 1603 tst->entropy_input_len); 1604 params[1] = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_NONCE, 1605 (void *)tst->nonce, 1606 tst->nonce_len); 1607 params[2] = OSSL_PARAM_construct_end(); 1608 if (!TEST_true(EVP_RAND_CTX_set_params(parent, params))) 1609 goto err; 1610 1611 /* 1612 * Run the test 1613 * A NULL personalisation string defaults to the built in so something 1614 * non-NULL is needed if there is no personalisation string 1615 */ 1616 if (!TEST_true(EVP_RAND_instantiate(ctx, 0, 0, (void *)"", 0, NULL)) 1617 || !TEST_true(EVP_RAND_generate(ctx, returned_bits, returned_bits_len, 1618 0, 0, NULL, 0)) 1619 || !TEST_true(EVP_RAND_generate(ctx, returned_bits, returned_bits_len, 1620 0, 0, NULL, 0))) 1621 goto err; 1622 1623 test_output_memory("returned bits", returned_bits, returned_bits_len); 1624 1625 /* Clean up */ 1626 if (!TEST_true(EVP_RAND_uninstantiate(ctx)) 1627 || !TEST_true(EVP_RAND_uninstantiate(parent))) 1628 goto err; 1629 1630 /* Verify the output */ 1631 if (!TEST_mem_eq(returned_bits, returned_bits_len, 1632 tst->returned_bits, tst->returned_bits_len)) 1633 goto err; 1634 res = 1; 1635 err: 1636 EVP_RAND_CTX_free(ctx); 1637 /* Coverity is confused by the upref/free in EVP_RAND_CTX_new() subdue it */ 1638 /* coverity[pass_freed_arg] */ 1639 EVP_RAND_CTX_free(parent); 1640 EVP_RAND_free(rand); 1641 return res; 1642 } 1643 1644 static int aes_cfb1_bits_test(void) 1645 { 1646 int ret = 0; 1647 EVP_CIPHER *cipher = NULL; 1648 EVP_CIPHER_CTX *ctx = NULL; 1649 unsigned char out[16] = { 0 }; 1650 int outlen; 1651 const OSSL_PARAM *params, *p; 1652 1653 static const unsigned char key[] = { 1654 0x12, 0x22, 0x58, 0x2F, 0x1C, 0x1A, 0x8A, 0x88, 1655 0x30, 0xFC, 0x18, 0xB7, 0x24, 0x89, 0x7F, 0xC0 1656 }; 1657 static const unsigned char iv[] = { 1658 0x05, 0x28, 0xB5, 0x2B, 0x58, 0x27, 0x63, 0x5C, 1659 0x81, 0x86, 0xD3, 0x63, 0x60, 0xB0, 0xAA, 0x2B 1660 }; 1661 static const unsigned char pt[] = { 1662 0xB4 1663 }; 1664 static const unsigned char expected[] = { 1665 0x6C 1666 }; 1667 1668 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, "AES-128-CFB1", "fips=yes"))) 1669 goto err; 1670 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) 1671 goto err; 1672 if (!TEST_int_gt(EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, 1), 0)) 1673 goto err; 1674 if (!TEST_ptr(params = EVP_CIPHER_CTX_settable_params(ctx)) 1675 || !TEST_ptr(p = OSSL_PARAM_locate_const(params, 1676 OSSL_CIPHER_PARAM_USE_BITS))) 1677 goto err; 1678 EVP_CIPHER_CTX_set_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS); 1679 if (!TEST_int_gt(EVP_CipherUpdate(ctx, out, &outlen, pt, 7), 0)) 1680 goto err; 1681 if (!TEST_int_eq(outlen, 7)) 1682 goto err; 1683 if (!TEST_mem_eq(out, (outlen + 7) / 8, expected, sizeof(expected))) 1684 goto err; 1685 ret = 1; 1686 err: 1687 EVP_CIPHER_free(cipher); 1688 EVP_CIPHER_CTX_free(ctx); 1689 return ret; 1690 } 1691 1692 int setup_tests(void) 1693 { 1694 char *config_file = NULL; 1695 1696 OPTION_CHOICE o; 1697 1698 while ((o = opt_next()) != OPT_EOF) { 1699 switch (o) { 1700 case OPT_CONFIG_FILE: 1701 config_file = opt_arg(); 1702 break; 1703 case OPT_TEST_CASES: 1704 break; 1705 default: 1706 case OPT_ERR: 1707 return 0; 1708 } 1709 } 1710 1711 if (!test_get_libctx(&libctx, &prov_null, config_file, NULL, NULL)) 1712 return 0; 1713 1714 OSSL_SELF_TEST_set_callback(libctx, self_test_events, &self_test_args); 1715 1716 ADD_TEST(aes_cfb1_bits_test); 1717 ADD_ALL_TESTS(cipher_enc_dec_test, OSSL_NELEM(cipher_enc_data)); 1718 ADD_ALL_TESTS(aes_ccm_enc_dec_test, OSSL_NELEM(aes_ccm_enc_data)); 1719 ADD_ALL_TESTS(aes_gcm_enc_dec_test, OSSL_NELEM(aes_gcm_enc_data)); 1720 if (fips_provider_version_ge(libctx, 3, 4, 0)) 1721 ADD_TEST(aes_gcm_gen_iv_internal_test); 1722 1723 pass_sig_gen_params = fips_provider_version_ge(libctx, 3, 4, 0); 1724 rsa_sign_x931_pad_allowed = fips_provider_version_lt(libctx, 3, 4, 0); 1725 ADD_ALL_TESTS(rsa_keygen_test, OSSL_NELEM(rsa_keygen_data)); 1726 ADD_ALL_TESTS(rsa_siggen_test, OSSL_NELEM(rsa_siggen_data)); 1727 ADD_ALL_TESTS(rsa_sigver_test, OSSL_NELEM(rsa_sigver_data)); 1728 ADD_ALL_TESTS(rsa_decryption_primitive_test, 1729 OSSL_NELEM(rsa_decrypt_prim_data)); 1730 1731 #ifndef OPENSSL_NO_DH 1732 ADD_ALL_TESTS(dh_safe_prime_keygen_test, 1733 OSSL_NELEM(dh_safe_prime_keygen_data)); 1734 ADD_ALL_TESTS(dh_safe_prime_keyver_test, 1735 OSSL_NELEM(dh_safe_prime_keyver_data)); 1736 #endif /* OPENSSL_NO_DH */ 1737 1738 #ifndef OPENSSL_NO_DSA 1739 dsasign_allowed = fips_provider_version_lt(libctx, 3, 4, 0); 1740 ADD_ALL_TESTS(dsa_keygen_test, OSSL_NELEM(dsa_keygen_data)); 1741 ADD_ALL_TESTS(dsa_paramgen_test, OSSL_NELEM(dsa_paramgen_data)); 1742 ADD_ALL_TESTS(dsa_pqver_test, OSSL_NELEM(dsa_pqver_data)); 1743 ADD_ALL_TESTS(dsa_siggen_test, OSSL_NELEM(dsa_siggen_data)); 1744 ADD_ALL_TESTS(dsa_sigver_test, OSSL_NELEM(dsa_sigver_data)); 1745 #endif /* OPENSSL_NO_DSA */ 1746 1747 #ifndef OPENSSL_NO_EC 1748 ec_cofactors = fips_provider_version_ge(libctx, 3, 4, 0); 1749 ADD_ALL_TESTS(ecdsa_keygen_test, OSSL_NELEM(ecdsa_keygen_data)); 1750 ADD_ALL_TESTS(ecdsa_pub_verify_test, OSSL_NELEM(ecdsa_pv_data)); 1751 ADD_ALL_TESTS(ecdsa_siggen_test, OSSL_NELEM(ecdsa_siggen_data)); 1752 ADD_ALL_TESTS(ecdsa_sigver_test, OSSL_NELEM(ecdsa_sigver_data)); 1753 ADD_ALL_TESTS(ecdh_cofactor_derive_test, 1754 OSSL_NELEM(ecdh_cofactor_derive_data)); 1755 #endif /* OPENSSL_NO_EC */ 1756 1757 #ifndef OPENSSL_NO_ECX 1758 if (fips_provider_version_ge(libctx, 3, 4, 0)) { 1759 ADD_ALL_TESTS(eddsa_keygen_test, OSSL_NELEM(eddsa_pv_data)); 1760 ADD_ALL_TESTS(eddsa_pub_verify_test, OSSL_NELEM(eddsa_pv_data)); 1761 } 1762 #endif 1763 ADD_ALL_TESTS(drbg_test, OSSL_NELEM(drbg_data)); 1764 return 1; 1765 } 1766 1767 void cleanup_tests(void) 1768 { 1769 OSSL_PROVIDER_unload(prov_null); 1770 OSSL_LIB_CTX_free(libctx); 1771 } 1772