xref: /freebsd/crypto/openssl/test/pairwise_fail_test.c (revision f1c4c3daccbaf3820f0e2224de53df12fc952fcc) 
1 /*
2  * Copyright 2023-2025 The OpenSSL Project Authors. All Rights Reserved.
3  *
4  * Licensed under the Apache License 2.0 (the "License").  You may not use
5  * this file except in compliance with the License.  You can obtain a copy
6  * in the file LICENSE in the source distribution or at
7  * https://www.openssl.org/source/license.html
8  */
9 
10 #include <openssl/pem.h>
11 #include <openssl/core_names.h>
12 #include <openssl/self_test.h>
13 #include "testutil.h"
14 
15 typedef enum OPTION_choice {
16     OPT_ERR = -1,
17     OPT_EOF = 0,
18     OPT_PROVIDER_NAME,
19     OPT_CONFIG_FILE,
20     OPT_PAIRWISETEST,
21     OPT_DSAPARAM,
22     OPT_TEST_ENUM
23 } OPTION_CHOICE;
24 
25 struct self_test_arg {
26     const char *type;
27 };
28 
29 static OSSL_LIB_CTX *libctx = NULL;
30 static char *pairwise_name = NULL;
31 static char *dsaparam_file = NULL;
32 static struct self_test_arg self_test_args = { 0 };
33 
34 const OPTIONS *test_get_options(void)
35 {
36     static const OPTIONS test_options[] = {
37         OPT_TEST_OPTIONS_DEFAULT_USAGE,
38         { "config", OPT_CONFIG_FILE, '<',
39           "The configuration file to use for the libctx" },
40         { "pairwise", OPT_PAIRWISETEST, 's',
41           "Test keygen pairwise test failures" },
42         { "dsaparam", OPT_DSAPARAM, 's', "DSA param file" },
43         { NULL }
44     };
45     return test_options;
46 }
47 
48 static int self_test_on_pairwise_fail(const OSSL_PARAM params[], void *arg)
49 {
50     struct self_test_arg *args = arg;
51     const OSSL_PARAM *p = NULL;
52     const char *type = NULL, *phase = NULL;
53 
54     p = OSSL_PARAM_locate_const(params, OSSL_PROV_PARAM_SELF_TEST_PHASE);
55     if (p == NULL || p->data_type != OSSL_PARAM_UTF8_STRING)
56         return 0;
57     phase = (const char *)p->data;
58     if (strcmp(phase, OSSL_SELF_TEST_PHASE_CORRUPT) == 0) {
59         p = OSSL_PARAM_locate_const(params, OSSL_PROV_PARAM_SELF_TEST_TYPE);
60         if (p == NULL || p->data_type != OSSL_PARAM_UTF8_STRING)
61             return 0;
62         type = (const char *)p->data;
63         if (strcmp(type, args->type) == 0)
64             return 0;
65     }
66     return 1;
67 }
68 
69 static int setup_selftest_pairwise_failure(const char *type)
70 {
71     int ret = 0;
72     OSSL_PROVIDER *prov = NULL;
73 
74     if (!TEST_ptr(prov = OSSL_PROVIDER_load(libctx, "fips")))
75         goto err;
76 
77     /* Setup a callback that corrupts the pairwise self tests and causes failures */
78     self_test_args.type = type;
79     OSSL_SELF_TEST_set_callback(libctx, self_test_on_pairwise_fail, &self_test_args);
80 
81     ret = 1;
82 err:
83     OSSL_PROVIDER_unload(prov);
84     return ret;
85 }
86 
87 static int test_keygen_pairwise_failure(void)
88 {
89     BIO *bio = NULL;
90     EVP_PKEY_CTX *ctx = NULL;
91     EVP_PKEY *pParams = NULL;
92     EVP_PKEY *pkey = NULL;
93     const char *type = OSSL_SELF_TEST_TYPE_PCT;
94     int ret = 0;
95 
96     if (strcmp(pairwise_name, "rsa") == 0) {
97         if (!TEST_true(setup_selftest_pairwise_failure(type)))
98             goto err;
99         if (!TEST_ptr_null(pkey = EVP_PKEY_Q_keygen(libctx, NULL, "RSA", (size_t)2048)))
100             goto err;
101     } else if (strncmp(pairwise_name, "ec", 2) == 0) {
102         if (strcmp(pairwise_name, "eckat") == 0)
103             type = OSSL_SELF_TEST_TYPE_PCT_KAT;
104         if (!TEST_true(setup_selftest_pairwise_failure(type)))
105             goto err;
106         if (!TEST_ptr_null(pkey = EVP_PKEY_Q_keygen(libctx, NULL, "EC", "P-256")))
107             goto err;
108     } else if (strncmp(pairwise_name, "dsa", 3) == 0) {
109         if (strcmp(pairwise_name, "dsakat") == 0)
110             type = OSSL_SELF_TEST_TYPE_PCT_KAT;
111         if (!TEST_true(setup_selftest_pairwise_failure(type)))
112             goto err;
113         if (!TEST_ptr(bio = BIO_new_file(dsaparam_file, "r")))
114             goto err;
115         if (!TEST_ptr(pParams = PEM_read_bio_Parameters_ex(bio, NULL, libctx, NULL)))
116             goto err;
117         if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pParams, NULL)))
118             goto err;
119         if (!TEST_int_eq(EVP_PKEY_keygen_init(ctx), 1))
120             goto err;
121         if (!TEST_int_le(EVP_PKEY_keygen(ctx, &pkey), 0))
122             goto err;
123         if (!TEST_ptr_null(pkey))
124             goto err;
125     } else if (strncmp(pairwise_name, "eddsa", 5) == 0) {
126         if (!TEST_true(setup_selftest_pairwise_failure(type)))
127             goto err;
128         if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "ED25519", NULL)))
129             goto err;
130         if (!TEST_int_eq(EVP_PKEY_keygen_init(ctx), 1))
131             goto err;
132         if (!TEST_int_le(EVP_PKEY_keygen(ctx, &pkey), 0))
133             goto err;
134         if (!TEST_ptr_null(pkey))
135             goto err;
136     } else if (strncmp(pairwise_name, "ml-dsa", 6) == 0) {
137         if (!TEST_true(setup_selftest_pairwise_failure(type)))
138             goto err;
139         if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "ML-DSA-87", NULL)))
140             goto err;
141         if (!TEST_int_eq(EVP_PKEY_keygen_init(ctx), 1))
142             goto err;
143         if (!TEST_int_le(EVP_PKEY_keygen(ctx, &pkey), 0))
144             goto err;
145         if (!TEST_ptr_null(pkey))
146             goto err;
147     } else if (strncmp(pairwise_name, "slh-dsa", 7) == 0) {
148         if (!TEST_true(setup_selftest_pairwise_failure(type)))
149             goto err;
150         if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "SLH-DSA-SHA2-256f", NULL)))
151             goto err;
152         if (!TEST_int_eq(EVP_PKEY_keygen_init(ctx), 1))
153             goto err;
154         if (!TEST_int_le(EVP_PKEY_keygen(ctx, &pkey), 0))
155             goto err;
156         if (!TEST_ptr_null(pkey))
157             goto err;
158     } else if (strncmp(pairwise_name, "ml-kem", 6) == 0) {
159         if (!TEST_true(setup_selftest_pairwise_failure(type)))
160             goto err;
161         if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "ML-KEM-1024", NULL)))
162             goto err;
163         if (!TEST_int_eq(EVP_PKEY_keygen_init(ctx), 1))
164             goto err;
165         if (!TEST_int_le(EVP_PKEY_keygen(ctx, &pkey), 0))
166             goto err;
167         if (!TEST_ptr_null(pkey))
168             goto err;
169     }
170     ret = 1;
171 err:
172     EVP_PKEY_free(pkey);
173     EVP_PKEY_CTX_free(ctx);
174     BIO_free(bio);
175     EVP_PKEY_free(pParams);
176     return ret;
177 }
178 
179 int setup_tests(void)
180 {
181     OPTION_CHOICE o;
182     char *config_file = NULL;
183 
184     while ((o = opt_next()) != OPT_EOF) {
185         switch (o) {
186         case OPT_CONFIG_FILE:
187             config_file = opt_arg();
188             break;
189         case OPT_PAIRWISETEST:
190             pairwise_name = opt_arg();
191             break;
192         case OPT_DSAPARAM:
193             dsaparam_file = opt_arg();
194             break;
195         case OPT_TEST_CASES:
196            break;
197         default:
198         case OPT_ERR:
199             return 0;
200         }
201     }
202 
203     libctx = OSSL_LIB_CTX_new();
204     if (libctx == NULL)
205         return 0;
206     if (!OSSL_LIB_CTX_load_config(libctx, config_file)) {
207         opt_printf_stderr("Failed to load config\n");
208         return 0;
209     }
210     ADD_TEST(test_keygen_pairwise_failure);
211     return 1;
212 }
213 
214 void cleanup_tests(void)
215 {
216     OSSL_LIB_CTX_free(libctx);
217 }
218