xref: /freebsd/crypto/openssl/test/ffc_internal_test.c (revision a90b9d0159070121c221b966469c3e36d912bf82)
1 /*
2  * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
3  * Copyright (c) 2019-2020, Oracle and/or its affiliates.  All rights reserved.
4  *
5  * Licensed under the Apache License 2.0 (the "License").  You may not use
6  * this file except in compliance with the License.  You can obtain a copy
7  * in the file LICENSE in the source distribution or at
8  * https://www.openssl.org/source/license.html
9  */
10 
11 /*
12  * This is an internal test that is intentionally using internal APIs. Some of
13  * those APIs are deprecated for public use.
14  */
15 #include "internal/deprecated.h"
16 
17 #include <stdio.h>
18 #include <stdlib.h>
19 #include <string.h>
20 
21 #include "internal/nelem.h"
22 #include <openssl/crypto.h>
23 #include <openssl/bio.h>
24 #include <openssl/bn.h>
25 #include <openssl/rand.h>
26 #include <openssl/err.h>
27 #include "testutil.h"
28 
29 #include "internal/ffc.h"
30 #include "crypto/security_bits.h"
31 
32 #ifndef OPENSSL_NO_DSA
33 static const unsigned char dsa_2048_224_sha224_p[] = {
34     0x93, 0x57, 0x93, 0x62, 0x1b, 0x9a, 0x10, 0x9b, 0xc1, 0x56, 0x0f, 0x24,
35     0x71, 0x76, 0x4e, 0xd3, 0xed, 0x78, 0x78, 0x7a, 0xbf, 0x89, 0x71, 0x67,
36     0x8e, 0x03, 0xd8, 0x5b, 0xcd, 0x22, 0x8f, 0x70, 0x74, 0xff, 0x22, 0x05,
37     0x07, 0x0c, 0x4c, 0x60, 0xed, 0x41, 0xe1, 0x9e, 0x9c, 0xaa, 0x3e, 0x19,
38     0x5c, 0x3d, 0x80, 0x58, 0xb2, 0x7f, 0x5f, 0x89, 0xec, 0xb5, 0x19, 0xdb,
39     0x06, 0x11, 0xe9, 0x78, 0x5c, 0xf9, 0xa0, 0x9e, 0x70, 0x62, 0x14, 0x7b,
40     0xda, 0x92, 0xbf, 0xb2, 0x6b, 0x01, 0x6f, 0xb8, 0x68, 0x9c, 0x89, 0x36,
41     0x89, 0x72, 0x79, 0x49, 0x93, 0x3d, 0x14, 0xb2, 0x2d, 0xbb, 0xf0, 0xdf,
42     0x94, 0x45, 0x0b, 0x5f, 0xf1, 0x75, 0x37, 0xeb, 0x49, 0xb9, 0x2d, 0xce,
43     0xb7, 0xf4, 0x95, 0x77, 0xc2, 0xe9, 0x39, 0x1c, 0x4e, 0x0c, 0x40, 0x62,
44     0x33, 0x0a, 0xe6, 0x29, 0x6f, 0xba, 0xef, 0x02, 0xdd, 0x0d, 0xe4, 0x04,
45     0x01, 0x70, 0x40, 0xb9, 0xc9, 0x7e, 0x2f, 0x10, 0x37, 0xe9, 0xde, 0xb0,
46     0xf6, 0xeb, 0x71, 0x7f, 0x9c, 0x35, 0x16, 0xf3, 0x0d, 0xc4, 0xe8, 0x02,
47     0x37, 0x6c, 0xdd, 0xb3, 0x8d, 0x2d, 0x1e, 0x28, 0x13, 0x22, 0x89, 0x40,
48     0xe5, 0xfa, 0x16, 0x67, 0xd6, 0xda, 0x12, 0xa2, 0x38, 0x83, 0x25, 0xcc,
49     0x26, 0xc1, 0x27, 0x74, 0xfe, 0xf6, 0x7a, 0xb6, 0xa1, 0xe4, 0xe8, 0xdf,
50     0x5d, 0xd2, 0x9c, 0x2f, 0xec, 0xea, 0x08, 0xca, 0x48, 0xdb, 0x18, 0x4b,
51     0x12, 0xee, 0x16, 0x9b, 0xa6, 0x00, 0xa0, 0x18, 0x98, 0x7d, 0xce, 0x6c,
52     0x6d, 0xf8, 0xfc, 0x95, 0x51, 0x1b, 0x0a, 0x40, 0xb6, 0xfc, 0xe5, 0xe2,
53     0xb0, 0x26, 0x53, 0x4c, 0xd7, 0xfe, 0xaa, 0x6d, 0xbc, 0xdd, 0xc0, 0x61,
54     0x65, 0xe4, 0x89, 0x44, 0x18, 0x6f, 0xd5, 0x39, 0xcf, 0x75, 0x6d, 0x29,
55     0xcc, 0xf8, 0x40, 0xab
56 };
57 static const unsigned char dsa_2048_224_sha224_q[] = {
58     0xf2, 0x5e, 0x4e, 0x9a, 0x15, 0xa8, 0x13, 0xdf, 0xa3, 0x17, 0x90, 0xc6,
59     0xd6, 0x5e, 0xb1, 0xfb, 0x31, 0xf8, 0xb5, 0xb1, 0x4b, 0xa7, 0x6d, 0xde,
60     0x57, 0x76, 0x6f, 0x11
61 };
62 static const unsigned char dsa_2048_224_sha224_seed[] = {
63     0xd2, 0xb1, 0x36, 0xd8, 0x5b, 0x8e, 0xa4, 0xb2, 0x6a, 0xab, 0x4e, 0x85,
64     0x8b, 0x49, 0xf9, 0xdd, 0xe6, 0xa1, 0xcd, 0xad, 0x49, 0x52, 0xe9, 0xb3,
65     0x36, 0x17, 0x06, 0xcf
66 };
67 static const unsigned char dsa_2048_224_sha224_bad_seed[] = {
68     0xd2, 0xb1, 0x36, 0xd8, 0x5b, 0x8e, 0xa4, 0xb2, 0x6a, 0xab, 0x4e, 0x85,
69     0x8b, 0x49, 0xf9, 0xdd, 0xe6, 0xa1, 0xcd, 0xad, 0x49, 0x52, 0xe9, 0xb3,
70     0x36, 0x17, 0x06, 0xd0
71 };
72 static int dsa_2048_224_sha224_counter = 2878;
73 
74 static const unsigned char dsa_3072_256_sha512_p[] = {
75     0x9a, 0x82, 0x8b, 0x8d, 0xea, 0xd0, 0x56, 0x23, 0x88, 0x2d, 0x5d, 0x41,
76     0x42, 0x4c, 0x13, 0x5a, 0x15, 0x81, 0x59, 0x02, 0xc5, 0x00, 0x82, 0x28,
77     0x01, 0xee, 0x8f, 0x99, 0xfd, 0x6a, 0x95, 0xf2, 0x0f, 0xae, 0x34, 0x77,
78     0x29, 0xcc, 0xc7, 0x50, 0x0e, 0x03, 0xef, 0xb0, 0x4d, 0xe5, 0x10, 0x00,
79     0xa8, 0x7b, 0xce, 0x8c, 0xc6, 0xb2, 0x01, 0x74, 0x23, 0x1b, 0x7f, 0xe8,
80     0xf9, 0x71, 0x28, 0x39, 0xcf, 0x18, 0x04, 0xb2, 0x95, 0x61, 0x2d, 0x11,
81     0x71, 0x6b, 0xdd, 0x0d, 0x0b, 0xf0, 0xe6, 0x97, 0x52, 0x29, 0x9d, 0x45,
82     0xb1, 0x23, 0xda, 0xb0, 0xd5, 0xcb, 0x51, 0x71, 0x8e, 0x40, 0x9c, 0x97,
83     0x13, 0xea, 0x1f, 0x4b, 0x32, 0x5d, 0x27, 0x74, 0x81, 0x8d, 0x47, 0x8a,
84     0x08, 0xce, 0xf4, 0xd1, 0x28, 0xa2, 0x0f, 0x9b, 0x2e, 0xc9, 0xa3, 0x0e,
85     0x5d, 0xde, 0x47, 0x19, 0x6d, 0x5f, 0x98, 0xe0, 0x8e, 0x7f, 0x60, 0x8f,
86     0x25, 0xa7, 0xa4, 0xeb, 0xb9, 0xf3, 0x24, 0xa4, 0x9e, 0xc1, 0xbd, 0x14,
87     0x27, 0x7c, 0x27, 0xc8, 0x4f, 0x5f, 0xed, 0xfd, 0x86, 0xc8, 0xf1, 0xd7,
88     0x82, 0xe2, 0xeb, 0xe5, 0xd2, 0xbe, 0xb0, 0x65, 0x28, 0xab, 0x99, 0x9e,
89     0xcd, 0xd5, 0x22, 0xf8, 0x1b, 0x3b, 0x01, 0xe9, 0x20, 0x3d, 0xe4, 0x98,
90     0x22, 0xfe, 0xfc, 0x09, 0x7e, 0x95, 0x20, 0xda, 0xb6, 0x12, 0x2c, 0x94,
91     0x5c, 0xea, 0x74, 0x71, 0xbd, 0x19, 0xac, 0x78, 0x43, 0x02, 0x51, 0xb8,
92     0x5f, 0x06, 0x1d, 0xea, 0xc8, 0xa4, 0x3b, 0xc9, 0x78, 0xa3, 0x2b, 0x09,
93     0xdc, 0x76, 0x74, 0xc4, 0x23, 0x14, 0x48, 0x2e, 0x84, 0x2b, 0xa3, 0x82,
94     0xc1, 0xba, 0x0b, 0x39, 0x2a, 0x9f, 0x24, 0x7b, 0xd6, 0xc2, 0xea, 0x5a,
95     0xb6, 0xbd, 0x15, 0x82, 0x21, 0x85, 0xe0, 0x6b, 0x12, 0x4f, 0x8d, 0x64,
96     0x75, 0xeb, 0x7e, 0xa1, 0xdb, 0xe0, 0x9d, 0x25, 0xae, 0x3b, 0xe9, 0x9b,
97     0x21, 0x7f, 0x9a, 0x3d, 0x66, 0xd0, 0x52, 0x1d, 0x39, 0x8b, 0xeb, 0xfc,
98     0xec, 0xbe, 0x72, 0x20, 0x5a, 0xdf, 0x1b, 0x00, 0xf1, 0x0e, 0xed, 0xc6,
99     0x78, 0x6f, 0xc9, 0xab, 0xe4, 0xd6, 0x81, 0x8b, 0xcc, 0xf6, 0xd4, 0x6a,
100     0x31, 0x62, 0x08, 0xd9, 0x38, 0x21, 0x8f, 0xda, 0x9e, 0xb1, 0x2b, 0x9c,
101     0xc0, 0xbe, 0xf7, 0x9a, 0x43, 0x2d, 0x07, 0x59, 0x46, 0x0e, 0xd5, 0x23,
102     0x4e, 0xaa, 0x4a, 0x04, 0xc2, 0xde, 0x33, 0xa6, 0x34, 0xba, 0xac, 0x4f,
103     0x78, 0xd8, 0xca, 0x76, 0xce, 0x5e, 0xd4, 0xf6, 0x85, 0x4c, 0x6a, 0x60,
104     0x08, 0x5d, 0x0e, 0x34, 0x8b, 0xf2, 0xb6, 0xe3, 0xb7, 0x51, 0xca, 0x43,
105     0xaa, 0x68, 0x7b, 0x0a, 0x6e, 0xea, 0xce, 0x1e, 0x2c, 0x34, 0x8e, 0x0f,
106     0xe2, 0xcc, 0x38, 0xf2, 0x9a, 0x98, 0xef, 0xe6, 0x7f, 0xf6, 0x62, 0xbb
107 };
108 static const unsigned char dsa_3072_256_sha512_q[] = {
109     0xc1, 0xdb, 0xc1, 0x21, 0x50, 0x49, 0x63, 0xa3, 0x77, 0x6d, 0x4c, 0x92,
110     0xed, 0x58, 0x9e, 0x98, 0xea, 0xac, 0x7a, 0x90, 0x13, 0x24, 0xf7, 0xcd,
111     0xd7, 0xe6, 0xd4, 0x8f, 0xf0, 0x45, 0x4b, 0xf7
112 };
113 static const unsigned char dsa_3072_256_sha512_seed[] = {
114     0x35, 0x24, 0xb5, 0x59, 0xd5, 0x27, 0x58, 0x10, 0xf6, 0xa2, 0x7c, 0x9a,
115     0x0d, 0xc2, 0x70, 0x8a, 0xb0, 0x41, 0x4a, 0x84, 0x0b, 0xfe, 0x66, 0xf5,
116     0x3a, 0xbf, 0x4a, 0xa9, 0xcb, 0xfc, 0xa6, 0x22
117 };
118 static int dsa_3072_256_sha512_counter = 1604;
119 
120 static const unsigned char dsa_2048_224_sha256_p[] = {
121     0xe9, 0x13, 0xbc, 0xf2, 0x14, 0x5d, 0xf9, 0x79, 0xd6, 0x6d, 0xf5, 0xc5,
122     0xbe, 0x7b, 0x6f, 0x90, 0x63, 0xd0, 0xfd, 0xee, 0x4f, 0xc4, 0x65, 0x83,
123     0xbf, 0xec, 0xc3, 0x2c, 0x5d, 0x30, 0xc8, 0xa4, 0x3b, 0x2f, 0x3b, 0x29,
124     0x43, 0x69, 0xfb, 0x6e, 0xa9, 0xa4, 0x07, 0x6c, 0xcd, 0xb0, 0xd2, 0xd9,
125     0xd3, 0xe6, 0xf4, 0x87, 0x16, 0xb7, 0xe5, 0x06, 0xb9, 0xba, 0xd6, 0x87,
126     0xbc, 0x01, 0x9e, 0xba, 0xc2, 0xcf, 0x39, 0xb6, 0xec, 0xdc, 0x75, 0x07,
127     0xc1, 0x39, 0x2d, 0x6a, 0x95, 0x31, 0x97, 0xda, 0x54, 0x20, 0x29, 0xe0,
128     0x1b, 0xf9, 0x74, 0x65, 0xaa, 0xc1, 0x47, 0xd3, 0x9e, 0xb4, 0x3c, 0x1d,
129     0xe0, 0xdc, 0x2d, 0x21, 0xab, 0x12, 0x3b, 0xa5, 0x51, 0x1e, 0xc6, 0xbc,
130     0x6b, 0x4c, 0x22, 0xd1, 0x7c, 0xc6, 0xce, 0xcb, 0x8c, 0x1d, 0x1f, 0xce,
131     0x1c, 0xe2, 0x75, 0x49, 0x6d, 0x2c, 0xee, 0x7f, 0x5f, 0xb8, 0x74, 0x42,
132     0x5c, 0x96, 0x77, 0x13, 0xff, 0x80, 0xf3, 0x05, 0xc7, 0xfe, 0x08, 0x3b,
133     0x25, 0x36, 0x46, 0xa2, 0xc4, 0x26, 0xb4, 0xb0, 0x3b, 0xd5, 0xb2, 0x4c,
134     0x13, 0x29, 0x0e, 0x47, 0x31, 0x66, 0x7d, 0x78, 0x57, 0xe6, 0xc2, 0xb5,
135     0x9f, 0x46, 0x17, 0xbc, 0xa9, 0x9a, 0x49, 0x1c, 0x0f, 0x45, 0xe0, 0x88,
136     0x97, 0xa1, 0x30, 0x7c, 0x42, 0xb7, 0x2c, 0x0a, 0xce, 0xb3, 0xa5, 0x7a,
137     0x61, 0x8e, 0xab, 0x44, 0xc1, 0xdc, 0x70, 0xe5, 0xda, 0x78, 0x2a, 0xb4,
138     0xe6, 0x3c, 0xa0, 0x58, 0xda, 0x62, 0x0a, 0xb2, 0xa9, 0x3d, 0xaa, 0x49,
139     0x7e, 0x7f, 0x9a, 0x19, 0x67, 0xee, 0xd6, 0xe3, 0x67, 0x13, 0xe8, 0x6f,
140     0x79, 0x50, 0x76, 0xfc, 0xb3, 0x9d, 0x7e, 0x9e, 0x3e, 0x6e, 0x47, 0xb1,
141     0x11, 0x5e, 0xc8, 0x83, 0x3a, 0x3c, 0xfc, 0x82, 0x5c, 0x9d, 0x34, 0x65,
142     0x73, 0xb4, 0x56, 0xd5
143 };
144 static const unsigned char dsa_2048_224_sha256_q[] = {
145     0xb0, 0xdf, 0xa1, 0x7b, 0xa4, 0x77, 0x64, 0x0e, 0xb9, 0x28, 0xbb, 0xbc,
146     0xd4, 0x60, 0x02, 0xaf, 0x21, 0x8c, 0xb0, 0x69, 0x0f, 0x8a, 0x7b, 0xc6,
147     0x80, 0xcb, 0x0a, 0x45
148 };
149 static const unsigned char dsa_2048_224_sha256_g[] = {
150     0x11, 0x7c, 0x5f, 0xf6, 0x99, 0x44, 0x67, 0x5b, 0x69, 0xa3, 0x83, 0xef,
151     0xb5, 0x85, 0xa2, 0x19, 0x35, 0x18, 0x2a, 0xf2, 0x58, 0xf4, 0xc9, 0x58,
152     0x9e, 0xb9, 0xe8, 0x91, 0x17, 0x2f, 0xb0, 0x60, 0x85, 0x95, 0xa6, 0x62,
153     0x36, 0xd0, 0xff, 0x94, 0xb9, 0xa6, 0x50, 0xad, 0xa6, 0xf6, 0x04, 0x28,
154     0xc2, 0xc9, 0xb9, 0x75, 0xf3, 0x66, 0xb4, 0xeb, 0xf6, 0xd5, 0x06, 0x13,
155     0x01, 0x64, 0x82, 0xa9, 0xf1, 0xd5, 0x41, 0xdc, 0xf2, 0x08, 0xfc, 0x2f,
156     0xc4, 0xa1, 0x21, 0xee, 0x7d, 0xbc, 0xda, 0x5a, 0xa4, 0xa2, 0xb9, 0x68,
157     0x87, 0x36, 0xba, 0x53, 0x9e, 0x14, 0x4e, 0x76, 0x5c, 0xba, 0x79, 0x3d,
158     0x0f, 0xe5, 0x99, 0x1c, 0x27, 0xfc, 0xaf, 0x10, 0x63, 0x87, 0x68, 0x0e,
159     0x3e, 0x6e, 0xaa, 0xf3, 0xdf, 0x76, 0x7e, 0x02, 0x9a, 0x41, 0x96, 0xa1,
160     0x6c, 0xbb, 0x67, 0xee, 0x0c, 0xad, 0x72, 0x65, 0xf1, 0x70, 0xb0, 0x39,
161     0x9b, 0x54, 0x5f, 0xd7, 0x6c, 0xc5, 0x9a, 0x90, 0x53, 0x18, 0xde, 0x5e,
162     0x62, 0x89, 0xb9, 0x2f, 0x66, 0x59, 0x3a, 0x3d, 0x10, 0xeb, 0xa5, 0x99,
163     0xf6, 0x21, 0x7d, 0xf2, 0x7b, 0x42, 0x15, 0x1c, 0x55, 0x79, 0x15, 0xaa,
164     0xa4, 0x17, 0x2e, 0x48, 0xc3, 0xa8, 0x36, 0xf5, 0x1a, 0x97, 0xce, 0xbd,
165     0x72, 0xef, 0x1d, 0x50, 0x5b, 0xb1, 0x60, 0x0a, 0x5c, 0x0b, 0xa6, 0x21,
166     0x38, 0x28, 0x4e, 0x89, 0x33, 0x1d, 0xb5, 0x7e, 0x5c, 0xf1, 0x6b, 0x2c,
167     0xbd, 0xad, 0x84, 0xb2, 0x8e, 0x96, 0xe2, 0x30, 0xe7, 0x54, 0xb8, 0xc9,
168     0x70, 0xcb, 0x10, 0x30, 0x63, 0x90, 0xf4, 0x45, 0x64, 0x93, 0x09, 0x38,
169     0x6a, 0x47, 0x58, 0x31, 0x04, 0x1a, 0x18, 0x04, 0x1a, 0xe0, 0xd7, 0x0b,
170     0x3c, 0xbe, 0x2a, 0x9c, 0xec, 0xcc, 0x0d, 0x0c, 0xed, 0xde, 0x54, 0xbc,
171     0xe6, 0x93, 0x59, 0xfc
172 };
173 
174 static int ffc_params_validate_g_unverified_test(void)
175 {
176     int ret = 0, res;
177     FFC_PARAMS params;
178     BIGNUM *p = NULL, *q = NULL, *g = NULL;
179     BIGNUM *p1 = NULL, *g1 = NULL;
180 
181     ossl_ffc_params_init(&params);
182 
183     if (!TEST_ptr(p = BN_bin2bn(dsa_2048_224_sha256_p,
184                                 sizeof(dsa_2048_224_sha256_p), NULL)))
185         goto err;
186     p1 = p;
187     if (!TEST_ptr(q = BN_bin2bn(dsa_2048_224_sha256_q,
188                                 sizeof(dsa_2048_224_sha256_q), NULL)))
189         goto err;
190     if (!TEST_ptr(g = BN_bin2bn(dsa_2048_224_sha256_g,
191                                 sizeof(dsa_2048_224_sha256_g), NULL)))
192         goto err;
193     g1 = g;
194 
195     /* Fail if g is NULL */
196     ossl_ffc_params_set0_pqg(&params, p, q, NULL);
197     p = NULL;
198     q = NULL;
199     ossl_ffc_params_set_flags(&params, FFC_PARAM_FLAG_VALIDATE_G);
200     ossl_ffc_set_digest(&params, "SHA256", NULL);
201 
202     if (!TEST_false(ossl_ffc_params_FIPS186_4_validate(NULL, &params,
203                                                        FFC_PARAM_TYPE_DSA,
204                                                        &res, NULL)))
205         goto err;
206 
207     ossl_ffc_params_set0_pqg(&params, p, q, g);
208     g = NULL;
209     if (!TEST_true(ossl_ffc_params_FIPS186_4_validate(NULL, &params,
210                                                       FFC_PARAM_TYPE_DSA,
211                                                       &res, NULL)))
212         goto err;
213 
214     /* incorrect g */
215     BN_add_word(g1, 1);
216     if (!TEST_false(ossl_ffc_params_FIPS186_4_validate(NULL, &params,
217                                                        FFC_PARAM_TYPE_DSA,
218                                                        &res, NULL)))
219         goto err;
220 
221     /* fail if g < 2 */
222     BN_set_word(g1, 1);
223     if (!TEST_false(ossl_ffc_params_FIPS186_4_validate(NULL, &params,
224                                                        FFC_PARAM_TYPE_DSA,
225                                                        &res, NULL)))
226         goto err;
227 
228     BN_copy(g1, p1);
229     /* Fail if g >= p */
230     if (!TEST_false(ossl_ffc_params_FIPS186_4_validate(NULL, &params,
231                                                        FFC_PARAM_TYPE_DSA,
232                                                        &res, NULL)))
233         goto err;
234 
235     ret = 1;
236 err:
237     ossl_ffc_params_cleanup(&params);
238     BN_free(p);
239     BN_free(q);
240     BN_free(g);
241     return ret;
242 }
243 
244 static int ffc_params_validate_pq_test(void)
245 {
246     int ret = 0, res = -1;
247     FFC_PARAMS params;
248     BIGNUM *p = NULL, *q = NULL;
249 
250     ossl_ffc_params_init(&params);
251     if (!TEST_ptr(p = BN_bin2bn(dsa_2048_224_sha224_p,
252                                    sizeof(dsa_2048_224_sha224_p),
253                                    NULL)))
254         goto err;
255     if (!TEST_ptr(q = BN_bin2bn(dsa_2048_224_sha224_q,
256                                    sizeof(dsa_2048_224_sha224_q),
257                                    NULL)))
258         goto err;
259 
260     /* No p */
261     ossl_ffc_params_set0_pqg(&params, NULL, q, NULL);
262     q = NULL;
263     ossl_ffc_params_set_flags(&params, FFC_PARAM_FLAG_VALIDATE_PQ);
264     ossl_ffc_set_digest(&params, "SHA224", NULL);
265 
266     if (!TEST_false(ossl_ffc_params_FIPS186_4_validate(NULL, &params,
267                                                        FFC_PARAM_TYPE_DSA,
268                                                        &res, NULL)))
269         goto err;
270 
271     /* Test valid case */
272     ossl_ffc_params_set0_pqg(&params, p, NULL, NULL);
273     p = NULL;
274     ossl_ffc_params_set_validate_params(&params, dsa_2048_224_sha224_seed,
275                                         sizeof(dsa_2048_224_sha224_seed),
276                                         dsa_2048_224_sha224_counter);
277     if (!TEST_true(ossl_ffc_params_FIPS186_4_validate(NULL, &params,
278                                                       FFC_PARAM_TYPE_DSA,
279                                                       &res, NULL)))
280         goto err;
281 
282     /* Bad counter - so p is not prime */
283     ossl_ffc_params_set_validate_params(&params, dsa_2048_224_sha224_seed,
284                                         sizeof(dsa_2048_224_sha224_seed),
285                                         1);
286     if (!TEST_false(ossl_ffc_params_FIPS186_4_validate(NULL, &params,
287                                                        FFC_PARAM_TYPE_DSA,
288                                                        &res, NULL)))
289         goto err;
290 
291     /* seedlen smaller than N */
292     ossl_ffc_params_set_validate_params(&params, dsa_2048_224_sha224_seed,
293                                         sizeof(dsa_2048_224_sha224_seed)-1,
294                                         dsa_2048_224_sha224_counter);
295     if (!TEST_false(ossl_ffc_params_FIPS186_4_validate(NULL, &params,
296                                                        FFC_PARAM_TYPE_DSA,
297                                                        &res, NULL)))
298         goto err;
299 
300     /* Provided seed doesnt produce a valid prime q */
301     ossl_ffc_params_set_validate_params(&params, dsa_2048_224_sha224_bad_seed,
302                                         sizeof(dsa_2048_224_sha224_bad_seed),
303                                         dsa_2048_224_sha224_counter);
304     if (!TEST_false(ossl_ffc_params_FIPS186_4_validate(NULL, &params,
305                                                        FFC_PARAM_TYPE_DSA,
306                                                        &res, NULL)))
307         goto err;
308 
309     if (!TEST_ptr(p = BN_bin2bn(dsa_3072_256_sha512_p,
310                                 sizeof(dsa_3072_256_sha512_p), NULL)))
311         goto err;
312     if (!TEST_ptr(q = BN_bin2bn(dsa_3072_256_sha512_q,
313                                 sizeof(dsa_3072_256_sha512_q),
314                                 NULL)))
315         goto err;
316 
317 
318     ossl_ffc_params_set0_pqg(&params, p, q, NULL);
319     p = q  = NULL;
320     ossl_ffc_set_digest(&params, "SHA512", NULL);
321     ossl_ffc_params_set_validate_params(&params, dsa_3072_256_sha512_seed,
322                                         sizeof(dsa_3072_256_sha512_seed),
323                                         dsa_3072_256_sha512_counter);
324     /* Q doesn't div P-1 */
325     if (!TEST_false(ossl_ffc_params_FIPS186_4_validate(NULL, &params,
326                                                        FFC_PARAM_TYPE_DSA,
327                                                        &res, NULL)))
328         goto err;
329 
330     /* Bad L/N for FIPS DH */
331     if (!TEST_false(ossl_ffc_params_FIPS186_4_validate(NULL, &params,
332                                                        FFC_PARAM_TYPE_DH,
333                                                        &res, NULL)))
334         goto err;
335 
336     ret = 1;
337 err:
338     ossl_ffc_params_cleanup(&params);
339     BN_free(p);
340     BN_free(q);
341     return ret;
342 }
343 #endif /* OPENSSL_NO_DSA */
344 
345 #ifndef OPENSSL_NO_DH
346 static int ffc_params_gen_test(void)
347 {
348     int ret = 0, res = -1;
349     FFC_PARAMS params;
350 
351     ossl_ffc_params_init(&params);
352     if (!TEST_true(ossl_ffc_params_FIPS186_4_generate(NULL, &params,
353                                                       FFC_PARAM_TYPE_DH,
354                                                       2048, 256, &res, NULL)))
355         goto err;
356     if (!TEST_true(ossl_ffc_params_FIPS186_4_validate(NULL, &params,
357                                                       FFC_PARAM_TYPE_DH,
358                                                       &res, NULL)))
359         goto err;
360 
361     ret = 1;
362 err:
363     ossl_ffc_params_cleanup(&params);
364     return ret;
365 }
366 
367 static int ffc_params_gen_canonicalg_test(void)
368 {
369     int ret = 0, res = -1;
370     FFC_PARAMS params;
371 
372     ossl_ffc_params_init(&params);
373     params.gindex = 1;
374     if (!TEST_true(ossl_ffc_params_FIPS186_4_generate(NULL, &params,
375                                                       FFC_PARAM_TYPE_DH,
376                                                       2048, 256, &res, NULL)))
377         goto err;
378     if (!TEST_true(ossl_ffc_params_FIPS186_4_validate(NULL, &params,
379                                                       FFC_PARAM_TYPE_DH,
380                                                       &res, NULL)))
381         goto err;
382 
383     if (!TEST_true(ossl_ffc_params_print(bio_out, &params, 4)))
384         goto err;
385 
386     ret = 1;
387 err:
388     ossl_ffc_params_cleanup(&params);
389     return ret;
390 }
391 
392 static int ffc_params_fips186_2_gen_validate_test(void)
393 {
394     int ret = 0, res = -1;
395     FFC_PARAMS params;
396     BIGNUM *bn = NULL;
397 
398     ossl_ffc_params_init(&params);
399     if (!TEST_ptr(bn = BN_new()))
400         goto err;
401     if (!TEST_true(ossl_ffc_params_FIPS186_2_generate(NULL, &params,
402                                                       FFC_PARAM_TYPE_DH,
403                                                       1024, 160, &res, NULL)))
404         goto err;
405     if (!TEST_true(ossl_ffc_params_FIPS186_2_validate(NULL, &params,
406                                                       FFC_PARAM_TYPE_DH,
407                                                       &res, NULL)))
408         goto err;
409 
410     /*
411      * The fips186-2 generation should produce a different q compared to
412      * fips 186-4 given the same seed value. So validation of q will fail.
413      */
414     if (!TEST_false(ossl_ffc_params_FIPS186_4_validate(NULL, &params,
415                                                        FFC_PARAM_TYPE_DSA,
416                                                        &res, NULL)))
417         goto err;
418     /* As the params are randomly generated the error is one of the following */
419     if (!TEST_true(res == FFC_CHECK_Q_MISMATCH || res == FFC_CHECK_Q_NOT_PRIME))
420         goto err;
421 
422     ossl_ffc_params_set_flags(&params, FFC_PARAM_FLAG_VALIDATE_G);
423     /* Partially valid g test will still pass */
424     if (!TEST_int_eq(ossl_ffc_params_FIPS186_4_validate(NULL, &params,
425                                                         FFC_PARAM_TYPE_DSA,
426                                                         &res, NULL), 2))
427         goto err;
428 
429     if (!TEST_true(ossl_ffc_params_print(bio_out, &params, 4)))
430         goto err;
431 
432     ret = 1;
433 err:
434     BN_free(bn);
435     ossl_ffc_params_cleanup(&params);
436     return ret;
437 }
438 
439 extern FFC_PARAMS *ossl_dh_get0_params(DH *dh);
440 
441 static int ffc_public_validate_test(void)
442 {
443     int ret = 0, res = -1;
444     FFC_PARAMS *params;
445     BIGNUM *pub = NULL;
446     DH *dh = NULL;
447 
448     if (!TEST_ptr(pub = BN_new()))
449         goto err;
450 
451     if (!TEST_ptr(dh = DH_new_by_nid(NID_ffdhe2048)))
452         goto err;
453     params = ossl_dh_get0_params(dh);
454 
455     if (!TEST_true(BN_set_word(pub, 1)))
456         goto err;
457     BN_set_negative(pub, 1);
458     /* Check must succeed but set res if public key is negative */
459     if (!TEST_true(ossl_ffc_validate_public_key(params, pub, &res)))
460         goto err;
461     if (!TEST_int_eq(FFC_ERROR_PUBKEY_TOO_SMALL, res))
462         goto err;
463     if (!TEST_true(BN_set_word(pub, 0)))
464         goto err;
465     /* Check must succeed but set res if public key is zero */
466     if (!TEST_true(ossl_ffc_validate_public_key(params, pub, &res)))
467         goto err;
468     if (!TEST_int_eq(FFC_ERROR_PUBKEY_TOO_SMALL, res))
469         goto err;
470     /* Check must succeed but set res if public key is 1 */
471     if (!TEST_true(ossl_ffc_validate_public_key(params, BN_value_one(), &res)))
472         goto err;
473     if (!TEST_int_eq(FFC_ERROR_PUBKEY_TOO_SMALL, res))
474         goto err;
475     if (!TEST_true(BN_add_word(pub, 2)))
476         goto err;
477     /* Pass if public key >= 2 */
478     if (!TEST_true(ossl_ffc_validate_public_key(params, pub, &res)))
479         goto err;
480 
481     if (!TEST_ptr(BN_copy(pub, params->p)))
482         goto err;
483     /* Check must succeed but set res if public key = p */
484     if (!TEST_true(ossl_ffc_validate_public_key(params, pub, &res)))
485         goto err;
486     if (!TEST_int_eq(FFC_ERROR_PUBKEY_TOO_LARGE, res))
487         goto err;
488 
489     if (!TEST_true(BN_sub_word(pub, 1)))
490         goto err;
491     /* Check must succeed but set res if public key = p - 1 */
492     if (!TEST_true(ossl_ffc_validate_public_key(params, pub, &res)))
493         goto err;
494     if (!TEST_int_eq(FFC_ERROR_PUBKEY_TOO_LARGE, res))
495         goto err;
496 
497     if (!TEST_true(BN_sub_word(pub, 1)))
498         goto err;
499     /* Check must succeed but set res if public key is not related to p & q */
500     if (!TEST_true(ossl_ffc_validate_public_key(params, pub, &res)))
501         goto err;
502     if (!TEST_int_eq(FFC_ERROR_PUBKEY_INVALID, res))
503         goto err;
504 
505     if (!TEST_true(BN_sub_word(pub, 5)))
506         goto err;
507     /* Pass if public key is valid */
508     if (!TEST_true(ossl_ffc_validate_public_key(params, pub, &res)))
509         goto err;
510 
511     /* Check must succeed but set res if params is NULL */
512     if (!TEST_true(ossl_ffc_validate_public_key(NULL, pub, &res)))
513         goto err;
514     if (!TEST_int_eq(FFC_ERROR_PASSED_NULL_PARAM, res))
515         goto err;
516     res = -1;
517     /* Check must succeed but set res if pubkey is NULL */
518     if (!TEST_true(ossl_ffc_validate_public_key(params, NULL, &res)))
519         goto err;
520     if (!TEST_int_eq(FFC_ERROR_PASSED_NULL_PARAM, res))
521         goto err;
522     res = -1;
523 
524     BN_free(params->p);
525     params->p = NULL;
526     /* Check must succeed but set res if params->p is NULL */
527     if (!TEST_true(ossl_ffc_validate_public_key(params, pub, &res)))
528         goto err;
529     if (!TEST_int_eq(FFC_ERROR_PASSED_NULL_PARAM, res))
530         goto err;
531 
532     ret = 1;
533 err:
534     DH_free(dh);
535     BN_free(pub);
536     return ret;
537 }
538 
539 static int ffc_private_validate_test(void)
540 {
541     int ret = 0, res = -1;
542     FFC_PARAMS *params;
543     BIGNUM *priv = NULL;
544     DH *dh = NULL;
545 
546     if (!TEST_ptr(priv = BN_new()))
547         goto err;
548 
549     if (!TEST_ptr(dh = DH_new_by_nid(NID_ffdhe2048)))
550         goto err;
551     params = ossl_dh_get0_params(dh);
552 
553     if (!TEST_true(BN_set_word(priv, 1)))
554         goto err;
555     BN_set_negative(priv, 1);
556     /* Fail if priv key is negative */
557     if (!TEST_false(ossl_ffc_validate_private_key(params->q, priv, &res)))
558         goto err;
559     if (!TEST_int_eq(FFC_ERROR_PRIVKEY_TOO_SMALL, res))
560         goto err;
561 
562     if (!TEST_true(BN_set_word(priv, 0)))
563         goto err;
564     /* Fail if priv key is zero */
565     if (!TEST_false(ossl_ffc_validate_private_key(params->q, priv, &res)))
566         goto err;
567     if (!TEST_int_eq(FFC_ERROR_PRIVKEY_TOO_SMALL, res))
568         goto err;
569 
570     /* Pass if priv key >= 1 */
571     if (!TEST_true(ossl_ffc_validate_private_key(params->q, BN_value_one(),
572                                                  &res)))
573         goto err;
574 
575     if (!TEST_ptr(BN_copy(priv, params->q)))
576         goto err;
577     /* Fail if priv key = upper */
578     if (!TEST_false(ossl_ffc_validate_private_key(params->q, priv, &res)))
579         goto err;
580     if (!TEST_int_eq(FFC_ERROR_PRIVKEY_TOO_LARGE, res))
581         goto err;
582 
583     if (!TEST_true(BN_sub_word(priv, 1)))
584         goto err;
585     /* Pass if priv key <= upper - 1 */
586     if (!TEST_true(ossl_ffc_validate_private_key(params->q, priv, &res)))
587         goto err;
588 
589     if (!TEST_false(ossl_ffc_validate_private_key(NULL, priv, &res)))
590         goto err;
591     if (!TEST_int_eq(FFC_ERROR_PASSED_NULL_PARAM, res))
592         goto err;
593     res = -1;
594     if (!TEST_false(ossl_ffc_validate_private_key(params->q, NULL, &res)))
595         goto err;
596     if (!TEST_int_eq(FFC_ERROR_PASSED_NULL_PARAM, res))
597         goto err;
598 
599     ret = 1;
600 err:
601     DH_free(dh);
602     BN_free(priv);
603     return ret;
604 }
605 
606 static int ffc_private_gen_test(int index)
607 {
608     int ret = 0, res = -1, N;
609     FFC_PARAMS *params;
610     BIGNUM *priv = NULL;
611     DH *dh = NULL;
612     BN_CTX *ctx = NULL;
613 
614     if (!TEST_ptr(ctx = BN_CTX_new_ex(NULL)))
615         goto err;
616 
617     if (!TEST_ptr(priv = BN_new()))
618         goto err;
619 
620     if (!TEST_ptr(dh = DH_new_by_nid(NID_ffdhe2048)))
621         goto err;
622     params = ossl_dh_get0_params(dh);
623 
624     N = BN_num_bits(params->q);
625     /* Fail since N < 2*s - where s = 112*/
626     if (!TEST_false(ossl_ffc_generate_private_key(ctx, params, 220, 112, priv)))
627         goto err;
628     /* fail since N > len(q) */
629     if (!TEST_false(ossl_ffc_generate_private_key(ctx, params, N + 1, 112, priv)))
630         goto err;
631     /* s must be always set */
632     if (!TEST_false(ossl_ffc_generate_private_key(ctx, params, N, 0, priv)))
633         goto err;
634     /* pass since 2s <= N <= len(q) */
635     if (!TEST_true(ossl_ffc_generate_private_key(ctx, params, N, 112, priv)))
636         goto err;
637     /* pass since N = len(q) */
638     if (!TEST_true(ossl_ffc_validate_private_key(params->q, priv, &res)))
639         goto err;
640     /* pass since 2s <= N < len(q) */
641     if (!TEST_true(ossl_ffc_generate_private_key(ctx, params, N / 2, 112, priv)))
642         goto err;
643     if (!TEST_true(ossl_ffc_validate_private_key(params->q, priv, &res)))
644         goto err;
645     /* N is ignored in this case */
646     if (!TEST_true(ossl_ffc_generate_private_key(ctx, params, 0,
647                                                  ossl_ifc_ffc_compute_security_bits(BN_num_bits(params->p)),
648                                                  priv)))
649         goto err;
650     if (!TEST_int_le(BN_num_bits(priv), 225))
651         goto err;
652     if (!TEST_true(ossl_ffc_validate_private_key(params->q, priv, &res)))
653         goto err;
654 
655     ret = 1;
656 err:
657     DH_free(dh);
658     BN_free(priv);
659     BN_CTX_free(ctx);
660     return ret;
661 }
662 
663 static int ffc_params_copy_test(void)
664 {
665     int ret = 0;
666     DH *dh = NULL;
667     FFC_PARAMS *params, copy;
668 
669     ossl_ffc_params_init(&copy);
670 
671     if (!TEST_ptr(dh = DH_new_by_nid(NID_ffdhe3072)))
672         goto err;
673     params = ossl_dh_get0_params(dh);
674 
675     if (!TEST_int_eq(params->keylength, 275))
676         goto err;
677 
678     if (!TEST_true(ossl_ffc_params_copy(&copy, params)))
679         goto err;
680 
681     if (!TEST_int_eq(copy.keylength, 275))
682         goto err;
683 
684     if (!TEST_true(ossl_ffc_params_cmp(&copy, params, 0)))
685         goto err;
686 
687     ret = 1;
688 err:
689     ossl_ffc_params_cleanup(&copy);
690     DH_free(dh);
691     return ret;
692 }
693 #endif /* OPENSSL_NO_DH */
694 
695 int setup_tests(void)
696 {
697 #ifndef OPENSSL_NO_DSA
698     ADD_TEST(ffc_params_validate_pq_test);
699     ADD_TEST(ffc_params_validate_g_unverified_test);
700 #endif /* OPENSSL_NO_DSA */
701 #ifndef OPENSSL_NO_DH
702     ADD_TEST(ffc_params_gen_test);
703     ADD_TEST(ffc_params_gen_canonicalg_test);
704     ADD_TEST(ffc_params_fips186_2_gen_validate_test);
705     ADD_TEST(ffc_public_validate_test);
706     ADD_TEST(ffc_private_validate_test);
707     ADD_ALL_TESTS(ffc_private_gen_test, 10);
708     ADD_TEST(ffc_params_copy_test);
709 #endif /* OPENSSL_NO_DH */
710     return 1;
711 }
712