1*b0d17251Schristos /*
2*b0d17251Schristos * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved.
3*b0d17251Schristos *
4*b0d17251Schristos * Licensed under the Apache License 2.0 (the "License"). You may not use
5*b0d17251Schristos * this file except in compliance with the License. You can obtain a copy
6*b0d17251Schristos * in the file LICENSE in the source distribution or at
7*b0d17251Schristos * https://www.openssl.org/source/license.html
8*b0d17251Schristos */
9*b0d17251Schristos
10*b0d17251Schristos /*
11*b0d17251Schristos * A set of tests demonstrating uses cases for CAVS/ACVP testing.
12*b0d17251Schristos *
13*b0d17251Schristos * For examples of testing KDF's, Digests, KeyAgreement & DRBG's refer to
14*b0d17251Schristos * providers/fips/self_test_kats.c
15*b0d17251Schristos */
16*b0d17251Schristos
17*b0d17251Schristos #include <string.h>
18*b0d17251Schristos #include <openssl/opensslconf.h> /* To see if OPENSSL_NO_EC is defined */
19*b0d17251Schristos #include <openssl/core_names.h>
20*b0d17251Schristos #include <openssl/evp.h>
21*b0d17251Schristos #include <openssl/ec.h>
22*b0d17251Schristos #include <openssl/dh.h>
23*b0d17251Schristos #include <openssl/dsa.h>
24*b0d17251Schristos #include <openssl/rsa.h>
25*b0d17251Schristos #include <openssl/param_build.h>
26*b0d17251Schristos #include <openssl/provider.h>
27*b0d17251Schristos #include <openssl/self_test.h>
28*b0d17251Schristos #include "testutil.h"
29*b0d17251Schristos #include "testutil/output.h"
30*b0d17251Schristos #include "acvp_test.inc"
31*b0d17251Schristos #include "internal/nelem.h"
32*b0d17251Schristos
33*b0d17251Schristos typedef enum OPTION_choice {
34*b0d17251Schristos OPT_ERR = -1,
35*b0d17251Schristos OPT_EOF = 0,
36*b0d17251Schristos OPT_CONFIG_FILE,
37*b0d17251Schristos OPT_TEST_ENUM
38*b0d17251Schristos } OPTION_CHOICE;
39*b0d17251Schristos
40*b0d17251Schristos typedef struct st_args {
41*b0d17251Schristos int enable;
42*b0d17251Schristos int called;
43*b0d17251Schristos } SELF_TEST_ARGS;
44*b0d17251Schristos
45*b0d17251Schristos static OSSL_PROVIDER *prov_null = NULL;
46*b0d17251Schristos static OSSL_LIB_CTX *libctx = NULL;
47*b0d17251Schristos static SELF_TEST_ARGS self_test_args = { 0 };
48*b0d17251Schristos static OSSL_CALLBACK self_test_events;
49*b0d17251Schristos
test_get_options(void)50*b0d17251Schristos const OPTIONS *test_get_options(void)
51*b0d17251Schristos {
52*b0d17251Schristos static const OPTIONS test_options[] = {
53*b0d17251Schristos OPT_TEST_OPTIONS_DEFAULT_USAGE,
54*b0d17251Schristos { "config", OPT_CONFIG_FILE, '<',
55*b0d17251Schristos "The configuration file to use for the libctx" },
56*b0d17251Schristos { NULL }
57*b0d17251Schristos };
58*b0d17251Schristos return test_options;
59*b0d17251Schristos }
60*b0d17251Schristos
pkey_get_bn_bytes(EVP_PKEY * pkey,const char * name,unsigned char ** out,size_t * out_len)61*b0d17251Schristos static int pkey_get_bn_bytes(EVP_PKEY *pkey, const char *name,
62*b0d17251Schristos unsigned char **out, size_t *out_len)
63*b0d17251Schristos {
64*b0d17251Schristos unsigned char *buf = NULL;
65*b0d17251Schristos BIGNUM *bn = NULL;
66*b0d17251Schristos int sz;
67*b0d17251Schristos
68*b0d17251Schristos if (!EVP_PKEY_get_bn_param(pkey, name, &bn))
69*b0d17251Schristos goto err;
70*b0d17251Schristos sz = BN_num_bytes(bn);
71*b0d17251Schristos buf = OPENSSL_zalloc(sz);
72*b0d17251Schristos if (buf == NULL)
73*b0d17251Schristos goto err;
74*b0d17251Schristos if (BN_bn2binpad(bn, buf, sz) <= 0)
75*b0d17251Schristos goto err;
76*b0d17251Schristos
77*b0d17251Schristos *out_len = sz;
78*b0d17251Schristos *out = buf;
79*b0d17251Schristos BN_free(bn);
80*b0d17251Schristos return 1;
81*b0d17251Schristos err:
82*b0d17251Schristos OPENSSL_free(buf);
83*b0d17251Schristos BN_free(bn);
84*b0d17251Schristos return 0;
85*b0d17251Schristos }
86*b0d17251Schristos
sig_gen(EVP_PKEY * pkey,OSSL_PARAM * params,const char * digest_name,const unsigned char * msg,size_t msg_len,unsigned char ** sig_out,size_t * sig_out_len)87*b0d17251Schristos static int sig_gen(EVP_PKEY *pkey, OSSL_PARAM *params, const char *digest_name,
88*b0d17251Schristos const unsigned char *msg, size_t msg_len,
89*b0d17251Schristos unsigned char **sig_out, size_t *sig_out_len)
90*b0d17251Schristos {
91*b0d17251Schristos int ret = 0;
92*b0d17251Schristos EVP_MD_CTX *md_ctx = NULL;
93*b0d17251Schristos unsigned char *sig = NULL;
94*b0d17251Schristos size_t sig_len;
95*b0d17251Schristos size_t sz = EVP_PKEY_get_size(pkey);
96*b0d17251Schristos
97*b0d17251Schristos sig_len = sz;
98*b0d17251Schristos if (!TEST_ptr(sig = OPENSSL_malloc(sz))
99*b0d17251Schristos || !TEST_ptr(md_ctx = EVP_MD_CTX_new())
100*b0d17251Schristos || !TEST_int_eq(EVP_DigestSignInit_ex(md_ctx, NULL, digest_name, libctx,
101*b0d17251Schristos NULL, pkey, NULL), 1)
102*b0d17251Schristos || !TEST_int_gt(EVP_DigestSign(md_ctx, sig, &sig_len, msg, msg_len), 0))
103*b0d17251Schristos goto err;
104*b0d17251Schristos *sig_out = sig;
105*b0d17251Schristos *sig_out_len = sig_len;
106*b0d17251Schristos sig = NULL;
107*b0d17251Schristos ret = 1;
108*b0d17251Schristos err:
109*b0d17251Schristos OPENSSL_free(sig);
110*b0d17251Schristos EVP_MD_CTX_free(md_ctx);
111*b0d17251Schristos return ret;
112*b0d17251Schristos }
113*b0d17251Schristos
114*b0d17251Schristos #ifndef OPENSSL_NO_EC
ecdsa_keygen_test(int id)115*b0d17251Schristos static int ecdsa_keygen_test(int id)
116*b0d17251Schristos {
117*b0d17251Schristos int ret = 0;
118*b0d17251Schristos EVP_PKEY *pkey = NULL;
119*b0d17251Schristos unsigned char *priv = NULL;
120*b0d17251Schristos unsigned char *pubx = NULL, *puby = NULL;
121*b0d17251Schristos size_t priv_len = 0, pubx_len = 0, puby_len = 0;
122*b0d17251Schristos const struct ecdsa_keygen_st *tst = &ecdsa_keygen_data[id];
123*b0d17251Schristos
124*b0d17251Schristos self_test_args.called = 0;
125*b0d17251Schristos self_test_args.enable = 1;
126*b0d17251Schristos if (!TEST_ptr(pkey = EVP_PKEY_Q_keygen(libctx, NULL, "EC", tst->curve_name))
127*b0d17251Schristos || !TEST_int_ge(self_test_args.called, 3)
128*b0d17251Schristos || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_PRIV_KEY, &priv,
129*b0d17251Schristos &priv_len))
130*b0d17251Schristos || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_EC_PUB_X, &pubx,
131*b0d17251Schristos &pubx_len))
132*b0d17251Schristos || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_EC_PUB_Y, &puby,
133*b0d17251Schristos &puby_len)))
134*b0d17251Schristos goto err;
135*b0d17251Schristos
136*b0d17251Schristos test_output_memory("qy", puby, puby_len);
137*b0d17251Schristos test_output_memory("qx", pubx, pubx_len);
138*b0d17251Schristos test_output_memory("d", priv, priv_len);
139*b0d17251Schristos ret = 1;
140*b0d17251Schristos err:
141*b0d17251Schristos self_test_args.enable = 0;
142*b0d17251Schristos self_test_args.called = 0;
143*b0d17251Schristos OPENSSL_clear_free(priv, priv_len);
144*b0d17251Schristos OPENSSL_free(pubx);
145*b0d17251Schristos OPENSSL_free(puby);
146*b0d17251Schristos EVP_PKEY_free(pkey);
147*b0d17251Schristos return ret;
148*b0d17251Schristos }
149*b0d17251Schristos
ecdsa_create_pkey(EVP_PKEY ** pkey,const char * curve_name,const unsigned char * pub,size_t pub_len,int expected)150*b0d17251Schristos static int ecdsa_create_pkey(EVP_PKEY **pkey, const char *curve_name,
151*b0d17251Schristos const unsigned char *pub, size_t pub_len,
152*b0d17251Schristos int expected)
153*b0d17251Schristos {
154*b0d17251Schristos int ret = 0;
155*b0d17251Schristos EVP_PKEY_CTX *ctx = NULL;
156*b0d17251Schristos OSSL_PARAM_BLD *bld = NULL;
157*b0d17251Schristos OSSL_PARAM *params = NULL;
158*b0d17251Schristos
159*b0d17251Schristos if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
160*b0d17251Schristos || (curve_name != NULL
161*b0d17251Schristos && !TEST_true(OSSL_PARAM_BLD_push_utf8_string(
162*b0d17251Schristos bld, OSSL_PKEY_PARAM_GROUP_NAME, curve_name, 0) > 0))
163*b0d17251Schristos || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
164*b0d17251Schristos OSSL_PKEY_PARAM_PUB_KEY,
165*b0d17251Schristos pub, pub_len) > 0)
166*b0d17251Schristos || !TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
167*b0d17251Schristos || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "EC", NULL))
168*b0d17251Schristos || !TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1)
169*b0d17251Schristos || !TEST_int_eq(EVP_PKEY_fromdata(ctx, pkey, EVP_PKEY_PUBLIC_KEY,
170*b0d17251Schristos params), expected))
171*b0d17251Schristos goto err;
172*b0d17251Schristos
173*b0d17251Schristos ret = 1;
174*b0d17251Schristos err:
175*b0d17251Schristos OSSL_PARAM_free(params);
176*b0d17251Schristos OSSL_PARAM_BLD_free(bld);
177*b0d17251Schristos EVP_PKEY_CTX_free(ctx);
178*b0d17251Schristos return ret;
179*b0d17251Schristos }
180*b0d17251Schristos
ecdsa_pub_verify_test(int id)181*b0d17251Schristos static int ecdsa_pub_verify_test(int id)
182*b0d17251Schristos {
183*b0d17251Schristos const struct ecdsa_pub_verify_st *tst = &ecdsa_pv_data[id];
184*b0d17251Schristos
185*b0d17251Schristos int ret = 0;
186*b0d17251Schristos EVP_PKEY_CTX *key_ctx = NULL;
187*b0d17251Schristos EVP_PKEY *pkey = NULL;
188*b0d17251Schristos
189*b0d17251Schristos if (!TEST_true(ecdsa_create_pkey(&pkey, tst->curve_name,
190*b0d17251Schristos tst->pub, tst->pub_len, tst->pass)))
191*b0d17251Schristos goto err;
192*b0d17251Schristos
193*b0d17251Schristos if (tst->pass) {
194*b0d17251Schristos if (!TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, ""))
195*b0d17251Schristos || !TEST_int_eq(EVP_PKEY_public_check(key_ctx), tst->pass))
196*b0d17251Schristos goto err;
197*b0d17251Schristos }
198*b0d17251Schristos ret = 1;
199*b0d17251Schristos err:
200*b0d17251Schristos EVP_PKEY_free(pkey);
201*b0d17251Schristos EVP_PKEY_CTX_free(key_ctx);
202*b0d17251Schristos return ret;
203*b0d17251Schristos }
204*b0d17251Schristos
205*b0d17251Schristos /* Extract r and s from an ecdsa signature */
get_ecdsa_sig_rs_bytes(const unsigned char * sig,size_t sig_len,unsigned char ** r,unsigned char ** s,size_t * rlen,size_t * slen)206*b0d17251Schristos static int get_ecdsa_sig_rs_bytes(const unsigned char *sig, size_t sig_len,
207*b0d17251Schristos unsigned char **r, unsigned char **s,
208*b0d17251Schristos size_t *rlen, size_t *slen)
209*b0d17251Schristos {
210*b0d17251Schristos int ret = 0;
211*b0d17251Schristos unsigned char *rbuf = NULL, *sbuf = NULL;
212*b0d17251Schristos size_t r1_len, s1_len;
213*b0d17251Schristos const BIGNUM *r1, *s1;
214*b0d17251Schristos ECDSA_SIG *sign = d2i_ECDSA_SIG(NULL, &sig, sig_len);
215*b0d17251Schristos
216*b0d17251Schristos if (sign == NULL)
217*b0d17251Schristos return 0;
218*b0d17251Schristos r1 = ECDSA_SIG_get0_r(sign);
219*b0d17251Schristos s1 = ECDSA_SIG_get0_s(sign);
220*b0d17251Schristos if (r1 == NULL || s1 == NULL)
221*b0d17251Schristos goto err;
222*b0d17251Schristos
223*b0d17251Schristos r1_len = BN_num_bytes(r1);
224*b0d17251Schristos s1_len = BN_num_bytes(s1);
225*b0d17251Schristos rbuf = OPENSSL_zalloc(r1_len);
226*b0d17251Schristos sbuf = OPENSSL_zalloc(s1_len);
227*b0d17251Schristos if (rbuf == NULL || sbuf == NULL)
228*b0d17251Schristos goto err;
229*b0d17251Schristos if (BN_bn2binpad(r1, rbuf, r1_len) <= 0)
230*b0d17251Schristos goto err;
231*b0d17251Schristos if (BN_bn2binpad(s1, sbuf, s1_len) <= 0)
232*b0d17251Schristos goto err;
233*b0d17251Schristos *r = rbuf;
234*b0d17251Schristos *s = sbuf;
235*b0d17251Schristos *rlen = r1_len;
236*b0d17251Schristos *slen = s1_len;
237*b0d17251Schristos ret = 1;
238*b0d17251Schristos err:
239*b0d17251Schristos if (ret == 0) {
240*b0d17251Schristos OPENSSL_free(rbuf);
241*b0d17251Schristos OPENSSL_free(sbuf);
242*b0d17251Schristos }
243*b0d17251Schristos ECDSA_SIG_free(sign);
244*b0d17251Schristos return ret;
245*b0d17251Schristos }
246*b0d17251Schristos
ecdsa_siggen_test(int id)247*b0d17251Schristos static int ecdsa_siggen_test(int id)
248*b0d17251Schristos {
249*b0d17251Schristos int ret = 0;
250*b0d17251Schristos EVP_PKEY *pkey = NULL;
251*b0d17251Schristos size_t sig_len = 0, rlen = 0, slen = 0;
252*b0d17251Schristos unsigned char *sig = NULL;
253*b0d17251Schristos unsigned char *r = NULL, *s = NULL;
254*b0d17251Schristos const struct ecdsa_siggen_st *tst = &ecdsa_siggen_data[id];
255*b0d17251Schristos
256*b0d17251Schristos if (!TEST_ptr(pkey = EVP_PKEY_Q_keygen(libctx, NULL, "EC", tst->curve_name)))
257*b0d17251Schristos goto err;
258*b0d17251Schristos
259*b0d17251Schristos if (!TEST_true(sig_gen(pkey, NULL, tst->digest_alg, tst->msg, tst->msg_len,
260*b0d17251Schristos &sig, &sig_len))
261*b0d17251Schristos || !TEST_true(get_ecdsa_sig_rs_bytes(sig, sig_len, &r, &s, &rlen, &slen)))
262*b0d17251Schristos goto err;
263*b0d17251Schristos test_output_memory("r", r, rlen);
264*b0d17251Schristos test_output_memory("s", s, slen);
265*b0d17251Schristos ret = 1;
266*b0d17251Schristos err:
267*b0d17251Schristos OPENSSL_free(r);
268*b0d17251Schristos OPENSSL_free(s);
269*b0d17251Schristos OPENSSL_free(sig);
270*b0d17251Schristos EVP_PKEY_free(pkey);
271*b0d17251Schristos return ret;
272*b0d17251Schristos }
273*b0d17251Schristos
ecdsa_sigver_test(int id)274*b0d17251Schristos static int ecdsa_sigver_test(int id)
275*b0d17251Schristos {
276*b0d17251Schristos int ret = 0;
277*b0d17251Schristos EVP_MD_CTX *md_ctx = NULL;
278*b0d17251Schristos EVP_PKEY *pkey = NULL;
279*b0d17251Schristos ECDSA_SIG *sign = NULL;
280*b0d17251Schristos size_t sig_len;
281*b0d17251Schristos unsigned char *sig = NULL;
282*b0d17251Schristos BIGNUM *rbn = NULL, *sbn = NULL;
283*b0d17251Schristos const struct ecdsa_sigver_st *tst = &ecdsa_sigver_data[id];
284*b0d17251Schristos
285*b0d17251Schristos if (!TEST_true(ecdsa_create_pkey(&pkey, tst->curve_name,
286*b0d17251Schristos tst->pub, tst->pub_len, 1)))
287*b0d17251Schristos goto err;
288*b0d17251Schristos
289*b0d17251Schristos if (!TEST_ptr(sign = ECDSA_SIG_new())
290*b0d17251Schristos || !TEST_ptr(rbn = BN_bin2bn(tst->r, tst->r_len, NULL))
291*b0d17251Schristos || !TEST_ptr(sbn = BN_bin2bn(tst->s, tst->s_len, NULL))
292*b0d17251Schristos || !TEST_true(ECDSA_SIG_set0(sign, rbn, sbn)))
293*b0d17251Schristos goto err;
294*b0d17251Schristos rbn = sbn = NULL;
295*b0d17251Schristos
296*b0d17251Schristos ret = TEST_int_gt((sig_len = i2d_ECDSA_SIG(sign, &sig)), 0)
297*b0d17251Schristos && TEST_ptr(md_ctx = EVP_MD_CTX_new())
298*b0d17251Schristos && TEST_true(EVP_DigestVerifyInit_ex(md_ctx, NULL, tst->digest_alg,
299*b0d17251Schristos libctx, NULL, pkey, NULL)
300*b0d17251Schristos && TEST_int_eq(EVP_DigestVerify(md_ctx, sig, sig_len,
301*b0d17251Schristos tst->msg, tst->msg_len), tst->pass));
302*b0d17251Schristos err:
303*b0d17251Schristos BN_free(rbn);
304*b0d17251Schristos BN_free(sbn);
305*b0d17251Schristos OPENSSL_free(sig);
306*b0d17251Schristos ECDSA_SIG_free(sign);
307*b0d17251Schristos EVP_PKEY_free(pkey);
308*b0d17251Schristos EVP_MD_CTX_free(md_ctx);
309*b0d17251Schristos return ret;
310*b0d17251Schristos
311*b0d17251Schristos }
312*b0d17251Schristos #endif /* OPENSSL_NO_EC */
313*b0d17251Schristos
314*b0d17251Schristos #ifndef OPENSSL_NO_DSA
pkey_get_octet_bytes(EVP_PKEY * pkey,const char * name,unsigned char ** out,size_t * out_len)315*b0d17251Schristos static int pkey_get_octet_bytes(EVP_PKEY *pkey, const char *name,
316*b0d17251Schristos unsigned char **out, size_t *out_len)
317*b0d17251Schristos {
318*b0d17251Schristos size_t len = 0;
319*b0d17251Schristos unsigned char *buf = NULL;
320*b0d17251Schristos
321*b0d17251Schristos if (!EVP_PKEY_get_octet_string_param(pkey, name, NULL, 0, &len))
322*b0d17251Schristos goto err;
323*b0d17251Schristos
324*b0d17251Schristos buf = OPENSSL_zalloc(len);
325*b0d17251Schristos if (buf == NULL)
326*b0d17251Schristos goto err;
327*b0d17251Schristos
328*b0d17251Schristos if (!EVP_PKEY_get_octet_string_param(pkey, name, buf, len, out_len))
329*b0d17251Schristos goto err;
330*b0d17251Schristos *out = buf;
331*b0d17251Schristos return 1;
332*b0d17251Schristos err:
333*b0d17251Schristos OPENSSL_free(buf);
334*b0d17251Schristos return 0;
335*b0d17251Schristos }
336*b0d17251Schristos
dsa_paramgen(int L,int N)337*b0d17251Schristos static EVP_PKEY *dsa_paramgen(int L, int N)
338*b0d17251Schristos {
339*b0d17251Schristos EVP_PKEY_CTX *paramgen_ctx = NULL;
340*b0d17251Schristos EVP_PKEY *param_key = NULL;
341*b0d17251Schristos
342*b0d17251Schristos if (!TEST_ptr(paramgen_ctx = EVP_PKEY_CTX_new_from_name(libctx, "DSA", NULL))
343*b0d17251Schristos || !TEST_int_gt(EVP_PKEY_paramgen_init(paramgen_ctx), 0)
344*b0d17251Schristos || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_bits(paramgen_ctx, L))
345*b0d17251Schristos || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_q_bits(paramgen_ctx, N))
346*b0d17251Schristos || !TEST_true(EVP_PKEY_paramgen(paramgen_ctx, ¶m_key)))
347*b0d17251Schristos return NULL;
348*b0d17251Schristos EVP_PKEY_CTX_free(paramgen_ctx);
349*b0d17251Schristos return param_key;
350*b0d17251Schristos }
351*b0d17251Schristos
dsa_keygen(int L,int N)352*b0d17251Schristos static EVP_PKEY *dsa_keygen(int L, int N)
353*b0d17251Schristos {
354*b0d17251Schristos EVP_PKEY *param_key = NULL, *key = NULL;
355*b0d17251Schristos EVP_PKEY_CTX *keygen_ctx = NULL;
356*b0d17251Schristos
357*b0d17251Schristos if (!TEST_ptr(param_key = dsa_paramgen(L, N))
358*b0d17251Schristos || !TEST_ptr(keygen_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, param_key,
359*b0d17251Schristos NULL))
360*b0d17251Schristos || !TEST_int_gt(EVP_PKEY_keygen_init(keygen_ctx), 0)
361*b0d17251Schristos || !TEST_int_gt(EVP_PKEY_keygen(keygen_ctx, &key), 0))
362*b0d17251Schristos goto err;
363*b0d17251Schristos err:
364*b0d17251Schristos EVP_PKEY_free(param_key);
365*b0d17251Schristos EVP_PKEY_CTX_free(keygen_ctx);
366*b0d17251Schristos return key;
367*b0d17251Schristos }
368*b0d17251Schristos
dsa_keygen_test(int id)369*b0d17251Schristos static int dsa_keygen_test(int id)
370*b0d17251Schristos {
371*b0d17251Schristos int ret = 0, i;
372*b0d17251Schristos EVP_PKEY_CTX *paramgen_ctx = NULL, *keygen_ctx = NULL;
373*b0d17251Schristos EVP_PKEY *param_key = NULL, *key = NULL;
374*b0d17251Schristos unsigned char *priv = NULL, *pub = NULL;
375*b0d17251Schristos size_t priv_len = 0, pub_len = 0;
376*b0d17251Schristos const struct dsa_paramgen_st *tst = &dsa_keygen_data[id];
377*b0d17251Schristos
378*b0d17251Schristos if (!TEST_ptr(param_key = dsa_paramgen(tst->L, tst->N))
379*b0d17251Schristos || !TEST_ptr(keygen_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, param_key,
380*b0d17251Schristos NULL))
381*b0d17251Schristos || !TEST_int_gt(EVP_PKEY_keygen_init(keygen_ctx), 0))
382*b0d17251Schristos goto err;
383*b0d17251Schristos for (i = 0; i < 2; ++i) {
384*b0d17251Schristos if (!TEST_int_gt(EVP_PKEY_keygen(keygen_ctx, &key), 0)
385*b0d17251Schristos || !TEST_true(pkey_get_bn_bytes(key, OSSL_PKEY_PARAM_PRIV_KEY,
386*b0d17251Schristos &priv, &priv_len))
387*b0d17251Schristos || !TEST_true(pkey_get_bn_bytes(key, OSSL_PKEY_PARAM_PUB_KEY,
388*b0d17251Schristos &pub, &pub_len)))
389*b0d17251Schristos goto err;
390*b0d17251Schristos test_output_memory("y", pub, pub_len);
391*b0d17251Schristos test_output_memory("x", priv, priv_len);
392*b0d17251Schristos EVP_PKEY_free(key);
393*b0d17251Schristos OPENSSL_clear_free(priv, priv_len);
394*b0d17251Schristos OPENSSL_free(pub);
395*b0d17251Schristos key = NULL;
396*b0d17251Schristos pub = priv = NULL;
397*b0d17251Schristos }
398*b0d17251Schristos ret = 1;
399*b0d17251Schristos err:
400*b0d17251Schristos OPENSSL_clear_free(priv, priv_len);
401*b0d17251Schristos OPENSSL_free(pub);
402*b0d17251Schristos EVP_PKEY_free(param_key);
403*b0d17251Schristos EVP_PKEY_free(key);
404*b0d17251Schristos EVP_PKEY_CTX_free(keygen_ctx);
405*b0d17251Schristos EVP_PKEY_CTX_free(paramgen_ctx);
406*b0d17251Schristos return ret;
407*b0d17251Schristos }
408*b0d17251Schristos
dsa_paramgen_test(int id)409*b0d17251Schristos static int dsa_paramgen_test(int id)
410*b0d17251Schristos {
411*b0d17251Schristos int ret = 0, counter = 0;
412*b0d17251Schristos EVP_PKEY_CTX *paramgen_ctx = NULL;
413*b0d17251Schristos EVP_PKEY *param_key = NULL;
414*b0d17251Schristos unsigned char *p = NULL, *q = NULL, *seed = NULL;
415*b0d17251Schristos size_t plen = 0, qlen = 0, seedlen = 0;
416*b0d17251Schristos const struct dsa_paramgen_st *tst = &dsa_paramgen_data[id];
417*b0d17251Schristos
418*b0d17251Schristos if (!TEST_ptr(paramgen_ctx = EVP_PKEY_CTX_new_from_name(libctx, "DSA", NULL))
419*b0d17251Schristos || !TEST_int_gt(EVP_PKEY_paramgen_init(paramgen_ctx), 0)
420*b0d17251Schristos || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_bits(paramgen_ctx, tst->L))
421*b0d17251Schristos || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_q_bits(paramgen_ctx, tst->N))
422*b0d17251Schristos || !TEST_true(EVP_PKEY_paramgen(paramgen_ctx, ¶m_key))
423*b0d17251Schristos || !TEST_true(pkey_get_bn_bytes(param_key, OSSL_PKEY_PARAM_FFC_P,
424*b0d17251Schristos &p, &plen))
425*b0d17251Schristos || !TEST_true(pkey_get_bn_bytes(param_key, OSSL_PKEY_PARAM_FFC_Q,
426*b0d17251Schristos &q, &qlen))
427*b0d17251Schristos || !TEST_true(pkey_get_octet_bytes(param_key, OSSL_PKEY_PARAM_FFC_SEED,
428*b0d17251Schristos &seed, &seedlen))
429*b0d17251Schristos || !TEST_true(EVP_PKEY_get_int_param(param_key,
430*b0d17251Schristos OSSL_PKEY_PARAM_FFC_PCOUNTER,
431*b0d17251Schristos &counter)))
432*b0d17251Schristos goto err;
433*b0d17251Schristos
434*b0d17251Schristos test_output_memory("p", p, plen);
435*b0d17251Schristos test_output_memory("q", q, qlen);
436*b0d17251Schristos test_output_memory("domainSeed", seed, seedlen);
437*b0d17251Schristos test_printf_stderr("%s: %d\n", "counter", counter);
438*b0d17251Schristos ret = 1;
439*b0d17251Schristos err:
440*b0d17251Schristos OPENSSL_free(p);
441*b0d17251Schristos OPENSSL_free(q);
442*b0d17251Schristos OPENSSL_free(seed);
443*b0d17251Schristos EVP_PKEY_free(param_key);
444*b0d17251Schristos EVP_PKEY_CTX_free(paramgen_ctx);
445*b0d17251Schristos return ret;
446*b0d17251Schristos }
447*b0d17251Schristos
dsa_create_pkey(EVP_PKEY ** pkey,const unsigned char * p,size_t p_len,const unsigned char * q,size_t q_len,const unsigned char * g,size_t g_len,const unsigned char * seed,size_t seed_len,int counter,int validate_pq,int validate_g,const unsigned char * pub,size_t pub_len,BN_CTX * bn_ctx)448*b0d17251Schristos static int dsa_create_pkey(EVP_PKEY **pkey,
449*b0d17251Schristos const unsigned char *p, size_t p_len,
450*b0d17251Schristos const unsigned char *q, size_t q_len,
451*b0d17251Schristos const unsigned char *g, size_t g_len,
452*b0d17251Schristos const unsigned char *seed, size_t seed_len,
453*b0d17251Schristos int counter,
454*b0d17251Schristos int validate_pq, int validate_g,
455*b0d17251Schristos const unsigned char *pub, size_t pub_len,
456*b0d17251Schristos BN_CTX *bn_ctx)
457*b0d17251Schristos {
458*b0d17251Schristos int ret = 0;
459*b0d17251Schristos EVP_PKEY_CTX *ctx = NULL;
460*b0d17251Schristos OSSL_PARAM_BLD *bld = NULL;
461*b0d17251Schristos OSSL_PARAM *params = NULL;
462*b0d17251Schristos BIGNUM *p_bn = NULL, *q_bn = NULL, *g_bn = NULL, *pub_bn = NULL;
463*b0d17251Schristos
464*b0d17251Schristos if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
465*b0d17251Schristos || !TEST_ptr(p_bn = BN_CTX_get(bn_ctx))
466*b0d17251Schristos || !TEST_ptr(BN_bin2bn(p, p_len, p_bn))
467*b0d17251Schristos || !TEST_true(OSSL_PARAM_BLD_push_int(bld,
468*b0d17251Schristos OSSL_PKEY_PARAM_FFC_VALIDATE_PQ,
469*b0d17251Schristos validate_pq))
470*b0d17251Schristos || !TEST_true(OSSL_PARAM_BLD_push_int(bld,
471*b0d17251Schristos OSSL_PKEY_PARAM_FFC_VALIDATE_G,
472*b0d17251Schristos validate_g))
473*b0d17251Schristos || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p_bn))
474*b0d17251Schristos || !TEST_ptr(q_bn = BN_CTX_get(bn_ctx))
475*b0d17251Schristos || !TEST_ptr(BN_bin2bn(q, q_len, q_bn))
476*b0d17251Schristos || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q_bn)))
477*b0d17251Schristos goto err;
478*b0d17251Schristos
479*b0d17251Schristos if (g != NULL) {
480*b0d17251Schristos if (!TEST_ptr(g_bn = BN_CTX_get(bn_ctx))
481*b0d17251Schristos || !TEST_ptr(BN_bin2bn(g, g_len, g_bn))
482*b0d17251Schristos || !TEST_true(OSSL_PARAM_BLD_push_BN(bld,
483*b0d17251Schristos OSSL_PKEY_PARAM_FFC_G, g_bn)))
484*b0d17251Schristos goto err;
485*b0d17251Schristos }
486*b0d17251Schristos if (seed != NULL) {
487*b0d17251Schristos if (!TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
488*b0d17251Schristos OSSL_PKEY_PARAM_FFC_SEED, seed, seed_len)))
489*b0d17251Schristos goto err;
490*b0d17251Schristos }
491*b0d17251Schristos if (counter != -1) {
492*b0d17251Schristos if (!TEST_true(OSSL_PARAM_BLD_push_int(bld,
493*b0d17251Schristos OSSL_PKEY_PARAM_FFC_PCOUNTER,
494*b0d17251Schristos counter)))
495*b0d17251Schristos goto err;
496*b0d17251Schristos }
497*b0d17251Schristos if (pub != NULL) {
498*b0d17251Schristos if (!TEST_ptr(pub_bn = BN_CTX_get(bn_ctx))
499*b0d17251Schristos || !TEST_ptr(BN_bin2bn(pub, pub_len, pub_bn))
500*b0d17251Schristos || !TEST_true(OSSL_PARAM_BLD_push_BN(bld,
501*b0d17251Schristos OSSL_PKEY_PARAM_PUB_KEY,
502*b0d17251Schristos pub_bn)))
503*b0d17251Schristos goto err;
504*b0d17251Schristos }
505*b0d17251Schristos if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
506*b0d17251Schristos || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "DSA", NULL))
507*b0d17251Schristos || !TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1)
508*b0d17251Schristos || !TEST_int_eq(EVP_PKEY_fromdata(ctx, pkey, EVP_PKEY_PUBLIC_KEY,
509*b0d17251Schristos params), 1))
510*b0d17251Schristos goto err;
511*b0d17251Schristos
512*b0d17251Schristos ret = 1;
513*b0d17251Schristos err:
514*b0d17251Schristos OSSL_PARAM_free(params);
515*b0d17251Schristos OSSL_PARAM_BLD_free(bld);
516*b0d17251Schristos EVP_PKEY_CTX_free(ctx);
517*b0d17251Schristos return ret;
518*b0d17251Schristos }
519*b0d17251Schristos
dsa_pqver_test(int id)520*b0d17251Schristos static int dsa_pqver_test(int id)
521*b0d17251Schristos {
522*b0d17251Schristos int ret = 0;
523*b0d17251Schristos BN_CTX *bn_ctx = NULL;
524*b0d17251Schristos EVP_PKEY_CTX *key_ctx = NULL;
525*b0d17251Schristos EVP_PKEY *param_key = NULL;
526*b0d17251Schristos const struct dsa_pqver_st *tst = &dsa_pqver_data[id];
527*b0d17251Schristos
528*b0d17251Schristos if (!TEST_ptr(bn_ctx = BN_CTX_new_ex(libctx))
529*b0d17251Schristos || !TEST_true(dsa_create_pkey(¶m_key, tst->p, tst->p_len,
530*b0d17251Schristos tst->q, tst->q_len, NULL, 0,
531*b0d17251Schristos tst->seed, tst->seed_len, tst->counter,
532*b0d17251Schristos 1, 0,
533*b0d17251Schristos NULL, 0,
534*b0d17251Schristos bn_ctx))
535*b0d17251Schristos || !TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, param_key,
536*b0d17251Schristos NULL))
537*b0d17251Schristos || !TEST_int_eq(EVP_PKEY_param_check(key_ctx), tst->pass))
538*b0d17251Schristos goto err;
539*b0d17251Schristos
540*b0d17251Schristos ret = 1;
541*b0d17251Schristos err:
542*b0d17251Schristos BN_CTX_free(bn_ctx);
543*b0d17251Schristos EVP_PKEY_free(param_key);
544*b0d17251Schristos EVP_PKEY_CTX_free(key_ctx);
545*b0d17251Schristos return ret;
546*b0d17251Schristos }
547*b0d17251Schristos
548*b0d17251Schristos /* Extract r and s from a dsa signature */
get_dsa_sig_rs_bytes(const unsigned char * sig,size_t sig_len,unsigned char ** r,unsigned char ** s,size_t * r_len,size_t * s_len)549*b0d17251Schristos static int get_dsa_sig_rs_bytes(const unsigned char *sig, size_t sig_len,
550*b0d17251Schristos unsigned char **r, unsigned char **s,
551*b0d17251Schristos size_t *r_len, size_t *s_len)
552*b0d17251Schristos {
553*b0d17251Schristos int ret = 0;
554*b0d17251Schristos unsigned char *rbuf = NULL, *sbuf = NULL;
555*b0d17251Schristos size_t r1_len, s1_len;
556*b0d17251Schristos const BIGNUM *r1, *s1;
557*b0d17251Schristos DSA_SIG *sign = d2i_DSA_SIG(NULL, &sig, sig_len);
558*b0d17251Schristos
559*b0d17251Schristos if (sign == NULL)
560*b0d17251Schristos return 0;
561*b0d17251Schristos DSA_SIG_get0(sign, &r1, &s1);
562*b0d17251Schristos if (r1 == NULL || s1 == NULL)
563*b0d17251Schristos goto err;
564*b0d17251Schristos
565*b0d17251Schristos r1_len = BN_num_bytes(r1);
566*b0d17251Schristos s1_len = BN_num_bytes(s1);
567*b0d17251Schristos rbuf = OPENSSL_zalloc(r1_len);
568*b0d17251Schristos sbuf = OPENSSL_zalloc(s1_len);
569*b0d17251Schristos if (rbuf == NULL || sbuf == NULL)
570*b0d17251Schristos goto err;
571*b0d17251Schristos if (BN_bn2binpad(r1, rbuf, r1_len) <= 0)
572*b0d17251Schristos goto err;
573*b0d17251Schristos if (BN_bn2binpad(s1, sbuf, s1_len) <= 0)
574*b0d17251Schristos goto err;
575*b0d17251Schristos *r = rbuf;
576*b0d17251Schristos *s = sbuf;
577*b0d17251Schristos *r_len = r1_len;
578*b0d17251Schristos *s_len = s1_len;
579*b0d17251Schristos ret = 1;
580*b0d17251Schristos err:
581*b0d17251Schristos if (ret == 0) {
582*b0d17251Schristos OPENSSL_free(rbuf);
583*b0d17251Schristos OPENSSL_free(sbuf);
584*b0d17251Schristos }
585*b0d17251Schristos DSA_SIG_free(sign);
586*b0d17251Schristos return ret;
587*b0d17251Schristos }
588*b0d17251Schristos
dsa_siggen_test(int id)589*b0d17251Schristos static int dsa_siggen_test(int id)
590*b0d17251Schristos {
591*b0d17251Schristos int ret = 0;
592*b0d17251Schristos EVP_PKEY *pkey = NULL;
593*b0d17251Schristos unsigned char *sig = NULL, *r = NULL, *s = NULL;
594*b0d17251Schristos size_t sig_len = 0, rlen = 0, slen = 0;
595*b0d17251Schristos const struct dsa_siggen_st *tst = &dsa_siggen_data[id];
596*b0d17251Schristos
597*b0d17251Schristos if (!TEST_ptr(pkey = dsa_keygen(tst->L, tst->N)))
598*b0d17251Schristos goto err;
599*b0d17251Schristos
600*b0d17251Schristos if (!TEST_true(sig_gen(pkey, NULL, tst->digest_alg, tst->msg, tst->msg_len,
601*b0d17251Schristos &sig, &sig_len))
602*b0d17251Schristos || !TEST_true(get_dsa_sig_rs_bytes(sig, sig_len, &r, &s, &rlen, &slen)))
603*b0d17251Schristos goto err;
604*b0d17251Schristos test_output_memory("r", r, rlen);
605*b0d17251Schristos test_output_memory("s", s, slen);
606*b0d17251Schristos ret = 1;
607*b0d17251Schristos err:
608*b0d17251Schristos OPENSSL_free(r);
609*b0d17251Schristos OPENSSL_free(s);
610*b0d17251Schristos OPENSSL_free(sig);
611*b0d17251Schristos EVP_PKEY_free(pkey);
612*b0d17251Schristos return ret;
613*b0d17251Schristos }
614*b0d17251Schristos
dsa_sigver_test(int id)615*b0d17251Schristos static int dsa_sigver_test(int id)
616*b0d17251Schristos {
617*b0d17251Schristos int ret = 0;
618*b0d17251Schristos EVP_PKEY_CTX *ctx = NULL;
619*b0d17251Schristos EVP_PKEY *pkey = NULL;
620*b0d17251Schristos DSA_SIG *sign = NULL;
621*b0d17251Schristos size_t sig_len;
622*b0d17251Schristos unsigned char *sig = NULL;
623*b0d17251Schristos BIGNUM *rbn = NULL, *sbn = NULL;
624*b0d17251Schristos EVP_MD *md = NULL;
625*b0d17251Schristos unsigned char digest[EVP_MAX_MD_SIZE];
626*b0d17251Schristos unsigned int digest_len;
627*b0d17251Schristos BN_CTX *bn_ctx = NULL;
628*b0d17251Schristos const struct dsa_sigver_st *tst = &dsa_sigver_data[id];
629*b0d17251Schristos
630*b0d17251Schristos if (!TEST_ptr(bn_ctx = BN_CTX_new())
631*b0d17251Schristos || !TEST_true(dsa_create_pkey(&pkey, tst->p, tst->p_len,
632*b0d17251Schristos tst->q, tst->q_len, tst->g, tst->g_len,
633*b0d17251Schristos NULL, 0, 0, 0, 0, tst->pub, tst->pub_len,
634*b0d17251Schristos bn_ctx)))
635*b0d17251Schristos goto err;
636*b0d17251Schristos
637*b0d17251Schristos if (!TEST_ptr(sign = DSA_SIG_new())
638*b0d17251Schristos || !TEST_ptr(rbn = BN_bin2bn(tst->r, tst->r_len, NULL))
639*b0d17251Schristos || !TEST_ptr(sbn = BN_bin2bn(tst->s, tst->s_len, NULL))
640*b0d17251Schristos || !TEST_true(DSA_SIG_set0(sign, rbn, sbn)))
641*b0d17251Schristos goto err;
642*b0d17251Schristos rbn = sbn = NULL;
643*b0d17251Schristos
644*b0d17251Schristos if (!TEST_ptr(md = EVP_MD_fetch(libctx, tst->digest_alg, ""))
645*b0d17251Schristos || !TEST_true(EVP_Digest(tst->msg, tst->msg_len,
646*b0d17251Schristos digest, &digest_len, md, NULL)))
647*b0d17251Schristos goto err;
648*b0d17251Schristos
649*b0d17251Schristos if (!TEST_int_gt((sig_len = i2d_DSA_SIG(sign, &sig)), 0)
650*b0d17251Schristos || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, ""))
651*b0d17251Schristos || !TEST_int_gt(EVP_PKEY_verify_init(ctx), 0)
652*b0d17251Schristos || !TEST_int_eq(EVP_PKEY_verify(ctx, sig, sig_len, digest, digest_len),
653*b0d17251Schristos tst->pass))
654*b0d17251Schristos goto err;
655*b0d17251Schristos ret = 1;
656*b0d17251Schristos err:
657*b0d17251Schristos EVP_PKEY_CTX_free(ctx);
658*b0d17251Schristos OPENSSL_free(sig);
659*b0d17251Schristos EVP_MD_free(md);
660*b0d17251Schristos DSA_SIG_free(sign);
661*b0d17251Schristos EVP_PKEY_free(pkey);
662*b0d17251Schristos BN_free(rbn);
663*b0d17251Schristos BN_free(sbn);
664*b0d17251Schristos BN_CTX_free(bn_ctx);
665*b0d17251Schristos return ret;
666*b0d17251Schristos }
667*b0d17251Schristos #endif /* OPENSSL_NO_DSA */
668*b0d17251Schristos
669*b0d17251Schristos
670*b0d17251Schristos /* cipher encrypt/decrypt */
cipher_enc(const char * alg,const unsigned char * pt,size_t pt_len,const unsigned char * key,size_t key_len,const unsigned char * iv,size_t iv_len,const unsigned char * ct,size_t ct_len,int enc)671*b0d17251Schristos static int cipher_enc(const char *alg,
672*b0d17251Schristos const unsigned char *pt, size_t pt_len,
673*b0d17251Schristos const unsigned char *key, size_t key_len,
674*b0d17251Schristos const unsigned char *iv, size_t iv_len,
675*b0d17251Schristos const unsigned char *ct, size_t ct_len,
676*b0d17251Schristos int enc)
677*b0d17251Schristos {
678*b0d17251Schristos int ret = 0, out_len = 0, len = 0;
679*b0d17251Schristos EVP_CIPHER_CTX *ctx = NULL;
680*b0d17251Schristos EVP_CIPHER *cipher = NULL;
681*b0d17251Schristos unsigned char out[256] = { 0 };
682*b0d17251Schristos
683*b0d17251Schristos TEST_note("%s : %s", alg, enc ? "encrypt" : "decrypt");
684*b0d17251Schristos if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
685*b0d17251Schristos || !TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, alg, ""))
686*b0d17251Schristos || !TEST_true(EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, enc))
687*b0d17251Schristos || !TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))
688*b0d17251Schristos || !TEST_true(EVP_CipherUpdate(ctx, out, &len, pt, pt_len))
689*b0d17251Schristos || !TEST_true(EVP_CipherFinal_ex(ctx, out + len, &out_len)))
690*b0d17251Schristos goto err;
691*b0d17251Schristos out_len += len;
692*b0d17251Schristos if (!TEST_mem_eq(out, out_len, ct, ct_len))
693*b0d17251Schristos goto err;
694*b0d17251Schristos ret = 1;
695*b0d17251Schristos err:
696*b0d17251Schristos EVP_CIPHER_free(cipher);
697*b0d17251Schristos EVP_CIPHER_CTX_free(ctx);
698*b0d17251Schristos return ret;
699*b0d17251Schristos }
700*b0d17251Schristos
cipher_enc_dec_test(int id)701*b0d17251Schristos static int cipher_enc_dec_test(int id)
702*b0d17251Schristos {
703*b0d17251Schristos const struct cipher_st *tst = &cipher_enc_data[id];
704*b0d17251Schristos const int enc = 1;
705*b0d17251Schristos
706*b0d17251Schristos return TEST_true(cipher_enc(tst->alg, tst->pt, tst->pt_len,
707*b0d17251Schristos tst->key, tst->key_len,
708*b0d17251Schristos tst->iv, tst->iv_len,
709*b0d17251Schristos tst->ct, tst->ct_len, enc))
710*b0d17251Schristos && TEST_true(cipher_enc(tst->alg, tst->ct, tst->ct_len,
711*b0d17251Schristos tst->key, tst->key_len,
712*b0d17251Schristos tst->iv, tst->iv_len,
713*b0d17251Schristos tst->pt, tst->pt_len, !enc));
714*b0d17251Schristos }
715*b0d17251Schristos
aes_ccm_enc_dec(const char * alg,const unsigned char * pt,size_t pt_len,const unsigned char * key,size_t key_len,const unsigned char * iv,size_t iv_len,const unsigned char * aad,size_t aad_len,const unsigned char * ct,size_t ct_len,const unsigned char * tag,size_t tag_len,int enc,int pass)716*b0d17251Schristos static int aes_ccm_enc_dec(const char *alg,
717*b0d17251Schristos const unsigned char *pt, size_t pt_len,
718*b0d17251Schristos const unsigned char *key, size_t key_len,
719*b0d17251Schristos const unsigned char *iv, size_t iv_len,
720*b0d17251Schristos const unsigned char *aad, size_t aad_len,
721*b0d17251Schristos const unsigned char *ct, size_t ct_len,
722*b0d17251Schristos const unsigned char *tag, size_t tag_len,
723*b0d17251Schristos int enc, int pass)
724*b0d17251Schristos {
725*b0d17251Schristos int ret = 0;
726*b0d17251Schristos EVP_CIPHER_CTX *ctx;
727*b0d17251Schristos EVP_CIPHER *cipher = NULL;
728*b0d17251Schristos int out_len, len;
729*b0d17251Schristos unsigned char out[1024];
730*b0d17251Schristos
731*b0d17251Schristos TEST_note("%s : %s : expected to %s", alg, enc ? "encrypt" : "decrypt",
732*b0d17251Schristos pass ? "pass" : "fail");
733*b0d17251Schristos
734*b0d17251Schristos if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
735*b0d17251Schristos || !TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, alg, ""))
736*b0d17251Schristos || !TEST_true(EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc))
737*b0d17251Schristos || !TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, iv_len,
738*b0d17251Schristos NULL), 0)
739*b0d17251Schristos || !TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, tag_len,
740*b0d17251Schristos enc ? NULL : (void *)tag), 0)
741*b0d17251Schristos || !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, enc))
742*b0d17251Schristos || !TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))
743*b0d17251Schristos || !TEST_true(EVP_CipherUpdate(ctx, NULL, &len, NULL, pt_len))
744*b0d17251Schristos || !TEST_true(EVP_CipherUpdate(ctx, NULL, &len, aad, aad_len))
745*b0d17251Schristos || !TEST_int_eq(EVP_CipherUpdate(ctx, out, &len, pt, pt_len), pass))
746*b0d17251Schristos goto err;
747*b0d17251Schristos
748*b0d17251Schristos if (!pass) {
749*b0d17251Schristos ret = 1;
750*b0d17251Schristos goto err;
751*b0d17251Schristos }
752*b0d17251Schristos if (!TEST_true(EVP_CipherFinal_ex(ctx, out + len, &out_len)))
753*b0d17251Schristos goto err;
754*b0d17251Schristos if (enc) {
755*b0d17251Schristos out_len += len;
756*b0d17251Schristos if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG,
757*b0d17251Schristos tag_len, out + out_len), 0)
758*b0d17251Schristos || !TEST_mem_eq(out, out_len, ct, ct_len)
759*b0d17251Schristos || !TEST_mem_eq(out + out_len, tag_len, tag, tag_len))
760*b0d17251Schristos goto err;
761*b0d17251Schristos } else {
762*b0d17251Schristos if (!TEST_mem_eq(out, out_len + len, ct, ct_len))
763*b0d17251Schristos goto err;
764*b0d17251Schristos }
765*b0d17251Schristos
766*b0d17251Schristos ret = 1;
767*b0d17251Schristos err:
768*b0d17251Schristos EVP_CIPHER_free(cipher);
769*b0d17251Schristos EVP_CIPHER_CTX_free(ctx);
770*b0d17251Schristos return ret;
771*b0d17251Schristos }
772*b0d17251Schristos
aes_ccm_enc_dec_test(int id)773*b0d17251Schristos static int aes_ccm_enc_dec_test(int id)
774*b0d17251Schristos {
775*b0d17251Schristos const struct cipher_ccm_st *tst = &aes_ccm_enc_data[id];
776*b0d17251Schristos
777*b0d17251Schristos /* The tag is on the end of the cipher text */
778*b0d17251Schristos const size_t tag_len = tst->ct_len - tst->pt_len;
779*b0d17251Schristos const size_t ct_len = tst->ct_len - tag_len;
780*b0d17251Schristos const unsigned char *tag = tst->ct + ct_len;
781*b0d17251Schristos const int enc = 1;
782*b0d17251Schristos const int pass = 1;
783*b0d17251Schristos
784*b0d17251Schristos if (ct_len < 1)
785*b0d17251Schristos return 0;
786*b0d17251Schristos
787*b0d17251Schristos return aes_ccm_enc_dec(tst->alg, tst->pt, tst->pt_len,
788*b0d17251Schristos tst->key, tst->key_len,
789*b0d17251Schristos tst->iv, tst->iv_len, tst->aad, tst->aad_len,
790*b0d17251Schristos tst->ct, ct_len, tag, tag_len, enc, pass)
791*b0d17251Schristos && aes_ccm_enc_dec(tst->alg, tst->ct, ct_len,
792*b0d17251Schristos tst->key, tst->key_len,
793*b0d17251Schristos tst->iv, tst->iv_len, tst->aad, tst->aad_len,
794*b0d17251Schristos tst->pt, tst->pt_len, tag, tag_len, !enc, pass)
795*b0d17251Schristos /* test that it fails if the tag is incorrect */
796*b0d17251Schristos && aes_ccm_enc_dec(tst->alg, tst->ct, ct_len,
797*b0d17251Schristos tst->key, tst->key_len,
798*b0d17251Schristos tst->iv, tst->iv_len, tst->aad, tst->aad_len,
799*b0d17251Schristos tst->pt, tst->pt_len,
800*b0d17251Schristos tag - 1, tag_len, !enc, !pass);
801*b0d17251Schristos }
802*b0d17251Schristos
aes_gcm_enc_dec(const char * alg,const unsigned char * pt,size_t pt_len,const unsigned char * key,size_t key_len,const unsigned char * iv,size_t iv_len,const unsigned char * aad,size_t aad_len,const unsigned char * ct,size_t ct_len,const unsigned char * tag,size_t tag_len,int enc,int pass)803*b0d17251Schristos static int aes_gcm_enc_dec(const char *alg,
804*b0d17251Schristos const unsigned char *pt, size_t pt_len,
805*b0d17251Schristos const unsigned char *key, size_t key_len,
806*b0d17251Schristos const unsigned char *iv, size_t iv_len,
807*b0d17251Schristos const unsigned char *aad, size_t aad_len,
808*b0d17251Schristos const unsigned char *ct, size_t ct_len,
809*b0d17251Schristos const unsigned char *tag, size_t tag_len,
810*b0d17251Schristos int enc, int pass)
811*b0d17251Schristos {
812*b0d17251Schristos int ret = 0;
813*b0d17251Schristos EVP_CIPHER_CTX *ctx;
814*b0d17251Schristos EVP_CIPHER *cipher = NULL;
815*b0d17251Schristos int out_len, len;
816*b0d17251Schristos unsigned char out[1024];
817*b0d17251Schristos
818*b0d17251Schristos TEST_note("%s : %s : expected to %s", alg, enc ? "encrypt" : "decrypt",
819*b0d17251Schristos pass ? "pass" : "fail");
820*b0d17251Schristos
821*b0d17251Schristos if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
822*b0d17251Schristos || !TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, alg, ""))
823*b0d17251Schristos || !TEST_true(EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc))
824*b0d17251Schristos || !TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, iv_len,
825*b0d17251Schristos NULL), 0))
826*b0d17251Schristos goto err;
827*b0d17251Schristos
828*b0d17251Schristos if (!enc) {
829*b0d17251Schristos if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, tag_len,
830*b0d17251Schristos (void *)tag), 0))
831*b0d17251Schristos goto err;
832*b0d17251Schristos }
833*b0d17251Schristos /*
834*b0d17251Schristos * For testing purposes the IV it being set here. In a compliant application
835*b0d17251Schristos * the IV would be generated internally. A fake entropy source could also
836*b0d17251Schristos * be used to feed in the random IV bytes (see fake_random.c)
837*b0d17251Schristos */
838*b0d17251Schristos if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, enc))
839*b0d17251Schristos || !TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))
840*b0d17251Schristos || !TEST_true(EVP_CipherUpdate(ctx, NULL, &len, aad, aad_len))
841*b0d17251Schristos || !TEST_true(EVP_CipherUpdate(ctx, out, &len, pt, pt_len)))
842*b0d17251Schristos goto err;
843*b0d17251Schristos
844*b0d17251Schristos if (!TEST_int_eq(EVP_CipherFinal_ex(ctx, out + len, &out_len), pass))
845*b0d17251Schristos goto err;
846*b0d17251Schristos if (!pass) {
847*b0d17251Schristos ret = 1;
848*b0d17251Schristos goto err;
849*b0d17251Schristos }
850*b0d17251Schristos out_len += len;
851*b0d17251Schristos if (enc) {
852*b0d17251Schristos if (!TEST_mem_eq(out, out_len, ct, ct_len)
853*b0d17251Schristos || !TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG,
854*b0d17251Schristos tag_len, out + out_len), 0)
855*b0d17251Schristos || !TEST_mem_eq(out + out_len, tag_len, tag, tag_len))
856*b0d17251Schristos goto err;
857*b0d17251Schristos } else {
858*b0d17251Schristos if (!TEST_mem_eq(out, out_len, ct, ct_len))
859*b0d17251Schristos goto err;
860*b0d17251Schristos }
861*b0d17251Schristos
862*b0d17251Schristos ret = 1;
863*b0d17251Schristos err:
864*b0d17251Schristos EVP_CIPHER_free(cipher);
865*b0d17251Schristos EVP_CIPHER_CTX_free(ctx);
866*b0d17251Schristos return ret;
867*b0d17251Schristos }
868*b0d17251Schristos
aes_gcm_enc_dec_test(int id)869*b0d17251Schristos static int aes_gcm_enc_dec_test(int id)
870*b0d17251Schristos {
871*b0d17251Schristos const struct cipher_gcm_st *tst = &aes_gcm_enc_data[id];
872*b0d17251Schristos int enc = 1;
873*b0d17251Schristos int pass = 1;
874*b0d17251Schristos
875*b0d17251Schristos return aes_gcm_enc_dec(tst->alg, tst->pt, tst->pt_len,
876*b0d17251Schristos tst->key, tst->key_len,
877*b0d17251Schristos tst->iv, tst->iv_len, tst->aad, tst->aad_len,
878*b0d17251Schristos tst->ct, tst->ct_len, tst->tag, tst->tag_len,
879*b0d17251Schristos enc, pass)
880*b0d17251Schristos && aes_gcm_enc_dec(tst->alg, tst->ct, tst->ct_len,
881*b0d17251Schristos tst->key, tst->key_len,
882*b0d17251Schristos tst->iv, tst->iv_len, tst->aad, tst->aad_len,
883*b0d17251Schristos tst->pt, tst->pt_len, tst->tag, tst->tag_len,
884*b0d17251Schristos !enc, pass)
885*b0d17251Schristos /* Fail if incorrect tag passed to decrypt */
886*b0d17251Schristos && aes_gcm_enc_dec(tst->alg, tst->ct, tst->ct_len,
887*b0d17251Schristos tst->key, tst->key_len,
888*b0d17251Schristos tst->iv, tst->iv_len, tst->aad, tst->aad_len,
889*b0d17251Schristos tst->pt, tst->pt_len, tst->aad, tst->tag_len,
890*b0d17251Schristos !enc, !pass);
891*b0d17251Schristos }
892*b0d17251Schristos
893*b0d17251Schristos #ifndef OPENSSL_NO_DH
dh_create_pkey(EVP_PKEY ** pkey,const char * group_name,const unsigned char * pub,size_t pub_len,const unsigned char * priv,size_t priv_len,BN_CTX * bn_ctx,int pass)894*b0d17251Schristos static int dh_create_pkey(EVP_PKEY **pkey, const char *group_name,
895*b0d17251Schristos const unsigned char *pub, size_t pub_len,
896*b0d17251Schristos const unsigned char *priv, size_t priv_len,
897*b0d17251Schristos BN_CTX *bn_ctx, int pass)
898*b0d17251Schristos {
899*b0d17251Schristos int ret = 0;
900*b0d17251Schristos EVP_PKEY_CTX *ctx = NULL;
901*b0d17251Schristos OSSL_PARAM_BLD *bld = NULL;
902*b0d17251Schristos OSSL_PARAM *params = NULL;
903*b0d17251Schristos BIGNUM *pub_bn = NULL, *priv_bn = NULL;
904*b0d17251Schristos
905*b0d17251Schristos if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
906*b0d17251Schristos || (group_name != NULL
907*b0d17251Schristos && !TEST_int_gt(OSSL_PARAM_BLD_push_utf8_string(
908*b0d17251Schristos bld, OSSL_PKEY_PARAM_GROUP_NAME,
909*b0d17251Schristos group_name, 0), 0)))
910*b0d17251Schristos goto err;
911*b0d17251Schristos
912*b0d17251Schristos if (pub != NULL) {
913*b0d17251Schristos if (!TEST_ptr(pub_bn = BN_CTX_get(bn_ctx))
914*b0d17251Schristos || !TEST_ptr(BN_bin2bn(pub, pub_len, pub_bn))
915*b0d17251Schristos || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
916*b0d17251Schristos pub_bn)))
917*b0d17251Schristos goto err;
918*b0d17251Schristos }
919*b0d17251Schristos if (priv != NULL) {
920*b0d17251Schristos if (!TEST_ptr(priv_bn = BN_CTX_get(bn_ctx))
921*b0d17251Schristos || !TEST_ptr(BN_bin2bn(priv, priv_len, priv_bn))
922*b0d17251Schristos || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
923*b0d17251Schristos priv_bn)))
924*b0d17251Schristos goto err;
925*b0d17251Schristos }
926*b0d17251Schristos
927*b0d17251Schristos if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
928*b0d17251Schristos || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "DH", NULL))
929*b0d17251Schristos || !TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1)
930*b0d17251Schristos || !TEST_int_eq(EVP_PKEY_fromdata(ctx, pkey, EVP_PKEY_KEYPAIR, params),
931*b0d17251Schristos pass))
932*b0d17251Schristos goto err;
933*b0d17251Schristos
934*b0d17251Schristos ret = 1;
935*b0d17251Schristos err:
936*b0d17251Schristos OSSL_PARAM_free(params);
937*b0d17251Schristos OSSL_PARAM_BLD_free(bld);
938*b0d17251Schristos EVP_PKEY_CTX_free(ctx);
939*b0d17251Schristos return ret;
940*b0d17251Schristos }
941*b0d17251Schristos
dh_safe_prime_keygen_test(int id)942*b0d17251Schristos static int dh_safe_prime_keygen_test(int id)
943*b0d17251Schristos {
944*b0d17251Schristos int ret = 0;
945*b0d17251Schristos EVP_PKEY_CTX *ctx = NULL;
946*b0d17251Schristos EVP_PKEY *pkey = NULL;
947*b0d17251Schristos unsigned char *priv = NULL;
948*b0d17251Schristos unsigned char *pub = NULL;
949*b0d17251Schristos size_t priv_len = 0, pub_len = 0;
950*b0d17251Schristos OSSL_PARAM params[2];
951*b0d17251Schristos const struct dh_safe_prime_keygen_st *tst = &dh_safe_prime_keygen_data[id];
952*b0d17251Schristos
953*b0d17251Schristos params[0] = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME,
954*b0d17251Schristos (char *)tst->group_name, 0);
955*b0d17251Schristos params[1] = OSSL_PARAM_construct_end();
956*b0d17251Schristos
957*b0d17251Schristos if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "DH", NULL))
958*b0d17251Schristos || !TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
959*b0d17251Schristos || !TEST_true(EVP_PKEY_CTX_set_params(ctx, params))
960*b0d17251Schristos || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0)
961*b0d17251Schristos || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_PRIV_KEY,
962*b0d17251Schristos &priv, &priv_len))
963*b0d17251Schristos || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_PUB_KEY,
964*b0d17251Schristos &pub, &pub_len)))
965*b0d17251Schristos goto err;
966*b0d17251Schristos
967*b0d17251Schristos test_output_memory("x", priv, priv_len);
968*b0d17251Schristos test_output_memory("y", pub, pub_len);
969*b0d17251Schristos ret = 1;
970*b0d17251Schristos err:
971*b0d17251Schristos OPENSSL_clear_free(priv, priv_len);
972*b0d17251Schristos OPENSSL_free(pub);
973*b0d17251Schristos EVP_PKEY_free(pkey);
974*b0d17251Schristos EVP_PKEY_CTX_free(ctx);
975*b0d17251Schristos return ret;
976*b0d17251Schristos }
977*b0d17251Schristos
dh_safe_prime_keyver_test(int id)978*b0d17251Schristos static int dh_safe_prime_keyver_test(int id)
979*b0d17251Schristos {
980*b0d17251Schristos int ret = 0;
981*b0d17251Schristos BN_CTX *bn_ctx = NULL;
982*b0d17251Schristos EVP_PKEY_CTX *key_ctx = NULL;
983*b0d17251Schristos EVP_PKEY *pkey = NULL;
984*b0d17251Schristos const struct dh_safe_prime_keyver_st *tst = &dh_safe_prime_keyver_data[id];
985*b0d17251Schristos
986*b0d17251Schristos if (!TEST_ptr(bn_ctx = BN_CTX_new_ex(libctx))
987*b0d17251Schristos || !TEST_true(dh_create_pkey(&pkey, tst->group_name,
988*b0d17251Schristos tst->pub, tst->pub_len,
989*b0d17251Schristos tst->priv, tst->priv_len, bn_ctx, 1))
990*b0d17251Schristos || !TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, ""))
991*b0d17251Schristos || !TEST_int_eq(EVP_PKEY_check(key_ctx), tst->pass))
992*b0d17251Schristos goto err;
993*b0d17251Schristos
994*b0d17251Schristos ret = 1;
995*b0d17251Schristos err:
996*b0d17251Schristos EVP_PKEY_free(pkey);
997*b0d17251Schristos EVP_PKEY_CTX_free(key_ctx);
998*b0d17251Schristos BN_CTX_free(bn_ctx);
999*b0d17251Schristos return ret;
1000*b0d17251Schristos }
1001*b0d17251Schristos #endif /* OPENSSL_NO_DH */
1002*b0d17251Schristos
1003*b0d17251Schristos
rsa_create_pkey(EVP_PKEY ** pkey,const unsigned char * n,size_t n_len,const unsigned char * e,size_t e_len,const unsigned char * d,size_t d_len,BN_CTX * bn_ctx)1004*b0d17251Schristos static int rsa_create_pkey(EVP_PKEY **pkey,
1005*b0d17251Schristos const unsigned char *n, size_t n_len,
1006*b0d17251Schristos const unsigned char *e, size_t e_len,
1007*b0d17251Schristos const unsigned char *d, size_t d_len,
1008*b0d17251Schristos BN_CTX *bn_ctx)
1009*b0d17251Schristos {
1010*b0d17251Schristos int ret = 0;
1011*b0d17251Schristos EVP_PKEY_CTX *ctx = NULL;
1012*b0d17251Schristos OSSL_PARAM_BLD *bld = NULL;
1013*b0d17251Schristos OSSL_PARAM *params = NULL;
1014*b0d17251Schristos BIGNUM *e_bn = NULL, *d_bn = NULL, *n_bn = NULL;
1015*b0d17251Schristos
1016*b0d17251Schristos if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
1017*b0d17251Schristos || !TEST_ptr(n_bn = BN_CTX_get(bn_ctx))
1018*b0d17251Schristos || !TEST_ptr(BN_bin2bn(n, n_len, n_bn))
1019*b0d17251Schristos || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_N, n_bn)))
1020*b0d17251Schristos goto err;
1021*b0d17251Schristos
1022*b0d17251Schristos if (e != NULL) {
1023*b0d17251Schristos if (!TEST_ptr(e_bn = BN_CTX_get(bn_ctx))
1024*b0d17251Schristos || !TEST_ptr(BN_bin2bn(e, e_len, e_bn))
1025*b0d17251Schristos || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_E,
1026*b0d17251Schristos e_bn)))
1027*b0d17251Schristos goto err;
1028*b0d17251Schristos }
1029*b0d17251Schristos if (d != NULL) {
1030*b0d17251Schristos if (!TEST_ptr(d_bn = BN_CTX_get(bn_ctx))
1031*b0d17251Schristos || !TEST_ptr(BN_bin2bn(d, d_len, d_bn))
1032*b0d17251Schristos || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_D,
1033*b0d17251Schristos d_bn)))
1034*b0d17251Schristos goto err;
1035*b0d17251Schristos }
1036*b0d17251Schristos if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
1037*b0d17251Schristos || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "RSA", NULL))
1038*b0d17251Schristos || !TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1)
1039*b0d17251Schristos || !TEST_int_eq(EVP_PKEY_fromdata(ctx, pkey, EVP_PKEY_KEYPAIR, params),
1040*b0d17251Schristos 1))
1041*b0d17251Schristos goto err;
1042*b0d17251Schristos
1043*b0d17251Schristos ret = 1;
1044*b0d17251Schristos err:
1045*b0d17251Schristos OSSL_PARAM_free(params);
1046*b0d17251Schristos OSSL_PARAM_BLD_free(bld);
1047*b0d17251Schristos EVP_PKEY_CTX_free(ctx);
1048*b0d17251Schristos return ret;
1049*b0d17251Schristos }
1050*b0d17251Schristos
rsa_keygen_test(int id)1051*b0d17251Schristos static int rsa_keygen_test(int id)
1052*b0d17251Schristos {
1053*b0d17251Schristos int ret = 0;
1054*b0d17251Schristos EVP_PKEY_CTX *ctx = NULL;
1055*b0d17251Schristos EVP_PKEY *pkey = NULL;
1056*b0d17251Schristos BIGNUM *e_bn = NULL;
1057*b0d17251Schristos BIGNUM *xp1_bn = NULL, *xp2_bn = NULL, *xp_bn = NULL;
1058*b0d17251Schristos BIGNUM *xq1_bn = NULL, *xq2_bn = NULL, *xq_bn = NULL;
1059*b0d17251Schristos unsigned char *n = NULL, *d = NULL;
1060*b0d17251Schristos unsigned char *p = NULL, *p1 = NULL, *p2 = NULL;
1061*b0d17251Schristos unsigned char *q = NULL, *q1 = NULL, *q2 = NULL;
1062*b0d17251Schristos size_t n_len = 0, d_len = 0;
1063*b0d17251Schristos size_t p_len = 0, p1_len = 0, p2_len = 0;
1064*b0d17251Schristos size_t q_len = 0, q1_len = 0, q2_len = 0;
1065*b0d17251Schristos OSSL_PARAM_BLD *bld = NULL;
1066*b0d17251Schristos OSSL_PARAM *params = NULL;
1067*b0d17251Schristos const struct rsa_keygen_st *tst = &rsa_keygen_data[id];
1068*b0d17251Schristos
1069*b0d17251Schristos if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
1070*b0d17251Schristos || !TEST_ptr(xp1_bn = BN_bin2bn(tst->xp1, tst->xp1_len, NULL))
1071*b0d17251Schristos || !TEST_ptr(xp2_bn = BN_bin2bn(tst->xp2, tst->xp2_len, NULL))
1072*b0d17251Schristos || !TEST_ptr(xp_bn = BN_bin2bn(tst->xp, tst->xp_len, NULL))
1073*b0d17251Schristos || !TEST_ptr(xq1_bn = BN_bin2bn(tst->xq1, tst->xq1_len, NULL))
1074*b0d17251Schristos || !TEST_ptr(xq2_bn = BN_bin2bn(tst->xq2, tst->xq2_len, NULL))
1075*b0d17251Schristos || !TEST_ptr(xq_bn = BN_bin2bn(tst->xq, tst->xq_len, NULL))
1076*b0d17251Schristos || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_TEST_XP1,
1077*b0d17251Schristos xp1_bn))
1078*b0d17251Schristos || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_TEST_XP2,
1079*b0d17251Schristos xp2_bn))
1080*b0d17251Schristos || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_TEST_XP,
1081*b0d17251Schristos xp_bn))
1082*b0d17251Schristos || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_TEST_XQ1,
1083*b0d17251Schristos xq1_bn))
1084*b0d17251Schristos || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_TEST_XQ2,
1085*b0d17251Schristos xq2_bn))
1086*b0d17251Schristos || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_TEST_XQ,
1087*b0d17251Schristos xq_bn))
1088*b0d17251Schristos || !TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
1089*b0d17251Schristos goto err;
1090*b0d17251Schristos
1091*b0d17251Schristos if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "RSA", NULL))
1092*b0d17251Schristos || !TEST_ptr(e_bn = BN_bin2bn(tst->e, tst->e_len, NULL))
1093*b0d17251Schristos || !TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
1094*b0d17251Schristos || !TEST_int_gt(EVP_PKEY_CTX_set_params(ctx, params), 0)
1095*b0d17251Schristos || !TEST_int_gt(EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, tst->mod), 0)
1096*b0d17251Schristos || !TEST_int_gt(EVP_PKEY_CTX_set1_rsa_keygen_pubexp(ctx, e_bn), 0)
1097*b0d17251Schristos || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0)
1098*b0d17251Schristos || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_TEST_P1,
1099*b0d17251Schristos &p1, &p1_len))
1100*b0d17251Schristos || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_TEST_P2,
1101*b0d17251Schristos &p2, &p2_len))
1102*b0d17251Schristos || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_TEST_Q1,
1103*b0d17251Schristos &q1, &q1_len))
1104*b0d17251Schristos || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_TEST_Q2,
1105*b0d17251Schristos &q2, &q2_len))
1106*b0d17251Schristos || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_FACTOR1,
1107*b0d17251Schristos &p, &p_len))
1108*b0d17251Schristos || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_FACTOR2,
1109*b0d17251Schristos &q, &q_len))
1110*b0d17251Schristos || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_N,
1111*b0d17251Schristos &n, &n_len))
1112*b0d17251Schristos || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_D,
1113*b0d17251Schristos &d, &d_len)))
1114*b0d17251Schristos goto err;
1115*b0d17251Schristos
1116*b0d17251Schristos if (!TEST_mem_eq(tst->p1, tst->p1_len, p1, p1_len)
1117*b0d17251Schristos || !TEST_mem_eq(tst->p2, tst->p2_len, p2, p2_len)
1118*b0d17251Schristos || !TEST_mem_eq(tst->p, tst->p_len, p, p_len)
1119*b0d17251Schristos || !TEST_mem_eq(tst->q1, tst->q1_len, q1, q1_len)
1120*b0d17251Schristos || !TEST_mem_eq(tst->q2, tst->q2_len, q2, q2_len)
1121*b0d17251Schristos || !TEST_mem_eq(tst->q, tst->q_len, q, q_len)
1122*b0d17251Schristos || !TEST_mem_eq(tst->n, tst->n_len, n, n_len)
1123*b0d17251Schristos || !TEST_mem_eq(tst->d, tst->d_len, d, d_len))
1124*b0d17251Schristos goto err;
1125*b0d17251Schristos
1126*b0d17251Schristos test_output_memory("p1", p1, p1_len);
1127*b0d17251Schristos test_output_memory("p2", p2, p2_len);
1128*b0d17251Schristos test_output_memory("p", p, p_len);
1129*b0d17251Schristos test_output_memory("q1", q1, q1_len);
1130*b0d17251Schristos test_output_memory("q2", q2, q2_len);
1131*b0d17251Schristos test_output_memory("q", q, q_len);
1132*b0d17251Schristos test_output_memory("n", n, n_len);
1133*b0d17251Schristos test_output_memory("d", d, d_len);
1134*b0d17251Schristos ret = 1;
1135*b0d17251Schristos err:
1136*b0d17251Schristos BN_free(xp1_bn);
1137*b0d17251Schristos BN_free(xp2_bn);
1138*b0d17251Schristos BN_free(xp_bn);
1139*b0d17251Schristos BN_free(xq1_bn);
1140*b0d17251Schristos BN_free(xq2_bn);
1141*b0d17251Schristos BN_free(xq_bn);
1142*b0d17251Schristos BN_free(e_bn);
1143*b0d17251Schristos OPENSSL_free(p1);
1144*b0d17251Schristos OPENSSL_free(p2);
1145*b0d17251Schristos OPENSSL_free(q1);
1146*b0d17251Schristos OPENSSL_free(q2);
1147*b0d17251Schristos OPENSSL_free(p);
1148*b0d17251Schristos OPENSSL_free(q);
1149*b0d17251Schristos OPENSSL_free(n);
1150*b0d17251Schristos OPENSSL_free(d);
1151*b0d17251Schristos EVP_PKEY_free(pkey);
1152*b0d17251Schristos EVP_PKEY_CTX_free(ctx);
1153*b0d17251Schristos OSSL_PARAM_free(params);
1154*b0d17251Schristos OSSL_PARAM_BLD_free(bld);
1155*b0d17251Schristos return ret;
1156*b0d17251Schristos }
1157*b0d17251Schristos
rsa_siggen_test(int id)1158*b0d17251Schristos static int rsa_siggen_test(int id)
1159*b0d17251Schristos {
1160*b0d17251Schristos int ret = 0;
1161*b0d17251Schristos EVP_PKEY *pkey = NULL;
1162*b0d17251Schristos unsigned char *sig = NULL, *n = NULL, *e = NULL;
1163*b0d17251Schristos size_t sig_len = 0, n_len = 0, e_len = 0;
1164*b0d17251Schristos OSSL_PARAM params[4], *p;
1165*b0d17251Schristos const struct rsa_siggen_st *tst = &rsa_siggen_data[id];
1166*b0d17251Schristos int salt_len = tst->pss_salt_len;
1167*b0d17251Schristos
1168*b0d17251Schristos TEST_note("RSA %s signature generation", tst->sig_pad_mode);
1169*b0d17251Schristos
1170*b0d17251Schristos p = params;
1171*b0d17251Schristos *p++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_PAD_MODE,
1172*b0d17251Schristos (char *)tst->sig_pad_mode, 0);
1173*b0d17251Schristos *p++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
1174*b0d17251Schristos (char *)tst->digest_alg, 0);
1175*b0d17251Schristos if (salt_len >= 0)
1176*b0d17251Schristos *p++ = OSSL_PARAM_construct_int(OSSL_SIGNATURE_PARAM_PSS_SALTLEN,
1177*b0d17251Schristos &salt_len);
1178*b0d17251Schristos *p++ = OSSL_PARAM_construct_end();
1179*b0d17251Schristos
1180*b0d17251Schristos if (!TEST_ptr(pkey = EVP_PKEY_Q_keygen(libctx, NULL, "RSA", tst->mod))
1181*b0d17251Schristos || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_N, &n, &n_len))
1182*b0d17251Schristos || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_E, &e, &e_len))
1183*b0d17251Schristos || !TEST_true(sig_gen(pkey, params, tst->digest_alg,
1184*b0d17251Schristos tst->msg, tst->msg_len,
1185*b0d17251Schristos &sig, &sig_len)))
1186*b0d17251Schristos goto err;
1187*b0d17251Schristos test_output_memory("n", n, n_len);
1188*b0d17251Schristos test_output_memory("e", e, e_len);
1189*b0d17251Schristos test_output_memory("sig", sig, sig_len);
1190*b0d17251Schristos ret = 1;
1191*b0d17251Schristos err:
1192*b0d17251Schristos OPENSSL_free(n);
1193*b0d17251Schristos OPENSSL_free(e);
1194*b0d17251Schristos OPENSSL_free(sig);
1195*b0d17251Schristos EVP_PKEY_free(pkey);
1196*b0d17251Schristos return ret;
1197*b0d17251Schristos }
1198*b0d17251Schristos
rsa_sigver_test(int id)1199*b0d17251Schristos static int rsa_sigver_test(int id)
1200*b0d17251Schristos {
1201*b0d17251Schristos int ret = 0;
1202*b0d17251Schristos EVP_PKEY_CTX *pkey_ctx = NULL;
1203*b0d17251Schristos EVP_PKEY *pkey = NULL;
1204*b0d17251Schristos EVP_MD_CTX *md_ctx = NULL;
1205*b0d17251Schristos BN_CTX *bn_ctx = NULL;
1206*b0d17251Schristos OSSL_PARAM params[4], *p;
1207*b0d17251Schristos const struct rsa_sigver_st *tst = &rsa_sigver_data[id];
1208*b0d17251Schristos int salt_len = tst->pss_salt_len;
1209*b0d17251Schristos
1210*b0d17251Schristos TEST_note("RSA %s Signature Verify : expected to %s ", tst->sig_pad_mode,
1211*b0d17251Schristos tst->pass == PASS ? "pass" : "fail");
1212*b0d17251Schristos
1213*b0d17251Schristos p = params;
1214*b0d17251Schristos *p++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_PAD_MODE,
1215*b0d17251Schristos (char *)tst->sig_pad_mode, 0);
1216*b0d17251Schristos *p++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
1217*b0d17251Schristos (char *)tst->digest_alg, 0);
1218*b0d17251Schristos if (salt_len >= 0)
1219*b0d17251Schristos *p++ = OSSL_PARAM_construct_int(OSSL_SIGNATURE_PARAM_PSS_SALTLEN,
1220*b0d17251Schristos &salt_len);
1221*b0d17251Schristos *p++ = OSSL_PARAM_construct_end();
1222*b0d17251Schristos
1223*b0d17251Schristos if (!TEST_ptr(bn_ctx = BN_CTX_new())
1224*b0d17251Schristos || !TEST_true(rsa_create_pkey(&pkey, tst->n, tst->n_len,
1225*b0d17251Schristos tst->e, tst->e_len, NULL, 0, bn_ctx))
1226*b0d17251Schristos || !TEST_ptr(md_ctx = EVP_MD_CTX_new())
1227*b0d17251Schristos || !TEST_true(EVP_DigestVerifyInit_ex(md_ctx, &pkey_ctx,
1228*b0d17251Schristos tst->digest_alg, libctx, NULL,
1229*b0d17251Schristos pkey, NULL))
1230*b0d17251Schristos || !TEST_true(EVP_PKEY_CTX_set_params(pkey_ctx, params))
1231*b0d17251Schristos || !TEST_int_eq(EVP_DigestVerify(md_ctx, tst->sig, tst->sig_len,
1232*b0d17251Schristos tst->msg, tst->msg_len), tst->pass))
1233*b0d17251Schristos goto err;
1234*b0d17251Schristos ret = 1;
1235*b0d17251Schristos err:
1236*b0d17251Schristos EVP_PKEY_free(pkey);
1237*b0d17251Schristos BN_CTX_free(bn_ctx);
1238*b0d17251Schristos EVP_MD_CTX_free(md_ctx);
1239*b0d17251Schristos return ret;
1240*b0d17251Schristos }
1241*b0d17251Schristos
rsa_decryption_primitive_test(int id)1242*b0d17251Schristos static int rsa_decryption_primitive_test(int id)
1243*b0d17251Schristos {
1244*b0d17251Schristos int ret = 0;
1245*b0d17251Schristos EVP_PKEY_CTX *ctx = NULL;
1246*b0d17251Schristos EVP_PKEY *pkey = NULL;
1247*b0d17251Schristos unsigned char pt[2048];
1248*b0d17251Schristos size_t pt_len = sizeof(pt);
1249*b0d17251Schristos unsigned char *n = NULL, *e = NULL;
1250*b0d17251Schristos size_t n_len = 0, e_len = 0;
1251*b0d17251Schristos BN_CTX *bn_ctx = NULL;
1252*b0d17251Schristos const struct rsa_decrypt_prim_st *tst = &rsa_decrypt_prim_data[id];
1253*b0d17251Schristos
1254*b0d17251Schristos if (!TEST_ptr(pkey = EVP_PKEY_Q_keygen(libctx, NULL, "RSA", 2048))
1255*b0d17251Schristos || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_N, &n, &n_len))
1256*b0d17251Schristos || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_E, &e, &e_len))
1257*b0d17251Schristos || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, ""))
1258*b0d17251Schristos || !TEST_int_gt(EVP_PKEY_decrypt_init(ctx), 0)
1259*b0d17251Schristos || !TEST_int_gt(EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_NO_PADDING), 0))
1260*b0d17251Schristos goto err;
1261*b0d17251Schristos
1262*b0d17251Schristos test_output_memory("n", n, n_len);
1263*b0d17251Schristos test_output_memory("e", e, e_len);
1264*b0d17251Schristos if (EVP_PKEY_decrypt(ctx, pt, &pt_len, tst->ct, tst->ct_len) <= 0)
1265*b0d17251Schristos TEST_note("Decryption Failed");
1266*b0d17251Schristos else
1267*b0d17251Schristos test_output_memory("pt", pt, pt_len);
1268*b0d17251Schristos ret = 1;
1269*b0d17251Schristos err:
1270*b0d17251Schristos OPENSSL_free(n);
1271*b0d17251Schristos OPENSSL_free(e);
1272*b0d17251Schristos EVP_PKEY_CTX_free(ctx);
1273*b0d17251Schristos EVP_PKEY_free(pkey);
1274*b0d17251Schristos BN_CTX_free(bn_ctx);
1275*b0d17251Schristos return ret;
1276*b0d17251Schristos }
1277*b0d17251Schristos
self_test_events(const OSSL_PARAM params[],void * varg)1278*b0d17251Schristos static int self_test_events(const OSSL_PARAM params[], void *varg)
1279*b0d17251Schristos {
1280*b0d17251Schristos SELF_TEST_ARGS *args = varg;
1281*b0d17251Schristos const OSSL_PARAM *p = NULL;
1282*b0d17251Schristos const char *phase = NULL, *type = NULL, *desc = NULL;
1283*b0d17251Schristos int ret = 0;
1284*b0d17251Schristos
1285*b0d17251Schristos if (!args->enable)
1286*b0d17251Schristos return 1;
1287*b0d17251Schristos
1288*b0d17251Schristos args->called++;
1289*b0d17251Schristos p = OSSL_PARAM_locate_const(params, OSSL_PROV_PARAM_SELF_TEST_PHASE);
1290*b0d17251Schristos if (p == NULL || p->data_type != OSSL_PARAM_UTF8_STRING)
1291*b0d17251Schristos goto err;
1292*b0d17251Schristos phase = (const char *)p->data;
1293*b0d17251Schristos
1294*b0d17251Schristos p = OSSL_PARAM_locate_const(params, OSSL_PROV_PARAM_SELF_TEST_DESC);
1295*b0d17251Schristos if (p == NULL || p->data_type != OSSL_PARAM_UTF8_STRING)
1296*b0d17251Schristos goto err;
1297*b0d17251Schristos desc = (const char *)p->data;
1298*b0d17251Schristos
1299*b0d17251Schristos p = OSSL_PARAM_locate_const(params, OSSL_PROV_PARAM_SELF_TEST_TYPE);
1300*b0d17251Schristos if (p == NULL || p->data_type != OSSL_PARAM_UTF8_STRING)
1301*b0d17251Schristos goto err;
1302*b0d17251Schristos type = (const char *)p->data;
1303*b0d17251Schristos
1304*b0d17251Schristos BIO_printf(bio_out, "%s %s %s\n", phase, desc, type);
1305*b0d17251Schristos ret = 1;
1306*b0d17251Schristos err:
1307*b0d17251Schristos return ret;
1308*b0d17251Schristos }
1309*b0d17251Schristos
drbg_test(int id)1310*b0d17251Schristos static int drbg_test(int id)
1311*b0d17251Schristos {
1312*b0d17251Schristos OSSL_PARAM params[3];
1313*b0d17251Schristos EVP_RAND *rand = NULL;
1314*b0d17251Schristos EVP_RAND_CTX *ctx = NULL, *parent = NULL;
1315*b0d17251Schristos unsigned char returned_bits[64];
1316*b0d17251Schristos const size_t returned_bits_len = sizeof(returned_bits);
1317*b0d17251Schristos unsigned int strength = 256;
1318*b0d17251Schristos const struct drbg_st *tst = &drbg_data[id];
1319*b0d17251Schristos int res = 0;
1320*b0d17251Schristos
1321*b0d17251Schristos /* Create the seed source */
1322*b0d17251Schristos if (!TEST_ptr(rand = EVP_RAND_fetch(libctx, "TEST-RAND", "-fips"))
1323*b0d17251Schristos || !TEST_ptr(parent = EVP_RAND_CTX_new(rand, NULL)))
1324*b0d17251Schristos goto err;
1325*b0d17251Schristos EVP_RAND_free(rand);
1326*b0d17251Schristos rand = NULL;
1327*b0d17251Schristos
1328*b0d17251Schristos params[0] = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_STRENGTH, &strength);
1329*b0d17251Schristos params[1] = OSSL_PARAM_construct_end();
1330*b0d17251Schristos if (!TEST_true(EVP_RAND_CTX_set_params(parent, params)))
1331*b0d17251Schristos goto err;
1332*b0d17251Schristos
1333*b0d17251Schristos /* Get the DRBG */
1334*b0d17251Schristos if (!TEST_ptr(rand = EVP_RAND_fetch(libctx, tst->drbg_name, ""))
1335*b0d17251Schristos || !TEST_ptr(ctx = EVP_RAND_CTX_new(rand, parent)))
1336*b0d17251Schristos goto err;
1337*b0d17251Schristos
1338*b0d17251Schristos /* Set the DRBG up */
1339*b0d17251Schristos params[0] = OSSL_PARAM_construct_int(OSSL_DRBG_PARAM_USE_DF,
1340*b0d17251Schristos (int *)&tst->use_df);
1341*b0d17251Schristos params[1] = OSSL_PARAM_construct_utf8_string(OSSL_DRBG_PARAM_CIPHER,
1342*b0d17251Schristos (char *)tst->cipher, 0);
1343*b0d17251Schristos params[2] = OSSL_PARAM_construct_end();
1344*b0d17251Schristos if (!TEST_true(EVP_RAND_CTX_set_params(ctx, params)))
1345*b0d17251Schristos goto err;
1346*b0d17251Schristos
1347*b0d17251Schristos /* Feed in the entropy and nonce */
1348*b0d17251Schristos params[0] = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY,
1349*b0d17251Schristos (void *)tst->entropy_input,
1350*b0d17251Schristos tst->entropy_input_len);
1351*b0d17251Schristos params[1] = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_NONCE,
1352*b0d17251Schristos (void *)tst->nonce,
1353*b0d17251Schristos tst->nonce_len);
1354*b0d17251Schristos params[2] = OSSL_PARAM_construct_end();
1355*b0d17251Schristos if (!TEST_true(EVP_RAND_CTX_set_params(parent, params)))
1356*b0d17251Schristos goto err;
1357*b0d17251Schristos
1358*b0d17251Schristos /*
1359*b0d17251Schristos * Run the test
1360*b0d17251Schristos * A NULL personalisation string defaults to the built in so something
1361*b0d17251Schristos * non-NULL is needed if there is no personalisation string
1362*b0d17251Schristos */
1363*b0d17251Schristos if (!TEST_true(EVP_RAND_instantiate(ctx, 0, 0, (void *)"", 0, NULL))
1364*b0d17251Schristos || !TEST_true(EVP_RAND_generate(ctx, returned_bits, returned_bits_len,
1365*b0d17251Schristos 0, 0, NULL, 0))
1366*b0d17251Schristos || !TEST_true(EVP_RAND_generate(ctx, returned_bits, returned_bits_len,
1367*b0d17251Schristos 0, 0, NULL, 0)))
1368*b0d17251Schristos goto err;
1369*b0d17251Schristos
1370*b0d17251Schristos test_output_memory("returned bits", returned_bits, returned_bits_len);
1371*b0d17251Schristos
1372*b0d17251Schristos /* Clean up */
1373*b0d17251Schristos if (!TEST_true(EVP_RAND_uninstantiate(ctx))
1374*b0d17251Schristos || !TEST_true(EVP_RAND_uninstantiate(parent)))
1375*b0d17251Schristos goto err;
1376*b0d17251Schristos
1377*b0d17251Schristos /* Verify the output */
1378*b0d17251Schristos if (!TEST_mem_eq(returned_bits, returned_bits_len,
1379*b0d17251Schristos tst->returned_bits, tst->returned_bits_len))
1380*b0d17251Schristos goto err;
1381*b0d17251Schristos res = 1;
1382*b0d17251Schristos err:
1383*b0d17251Schristos EVP_RAND_CTX_free(ctx);
1384*b0d17251Schristos EVP_RAND_CTX_free(parent);
1385*b0d17251Schristos EVP_RAND_free(rand);
1386*b0d17251Schristos return res;
1387*b0d17251Schristos }
1388*b0d17251Schristos
aes_cfb1_bits_test(void)1389*b0d17251Schristos static int aes_cfb1_bits_test(void)
1390*b0d17251Schristos {
1391*b0d17251Schristos int ret = 0;
1392*b0d17251Schristos EVP_CIPHER *cipher = NULL;
1393*b0d17251Schristos EVP_CIPHER_CTX *ctx = NULL;
1394*b0d17251Schristos unsigned char out[16] = { 0 };
1395*b0d17251Schristos int outlen;
1396*b0d17251Schristos const OSSL_PARAM *params, *p;
1397*b0d17251Schristos
1398*b0d17251Schristos static const unsigned char key[] = {
1399*b0d17251Schristos 0x12, 0x22, 0x58, 0x2F, 0x1C, 0x1A, 0x8A, 0x88,
1400*b0d17251Schristos 0x30, 0xFC, 0x18, 0xB7, 0x24, 0x89, 0x7F, 0xC0
1401*b0d17251Schristos };
1402*b0d17251Schristos static const unsigned char iv[] = {
1403*b0d17251Schristos 0x05, 0x28, 0xB5, 0x2B, 0x58, 0x27, 0x63, 0x5C,
1404*b0d17251Schristos 0x81, 0x86, 0xD3, 0x63, 0x60, 0xB0, 0xAA, 0x2B
1405*b0d17251Schristos };
1406*b0d17251Schristos static const unsigned char pt[] = {
1407*b0d17251Schristos 0xB4
1408*b0d17251Schristos };
1409*b0d17251Schristos static const unsigned char expected[] = {
1410*b0d17251Schristos 0x6C
1411*b0d17251Schristos };
1412*b0d17251Schristos
1413*b0d17251Schristos if (!TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, "AES-128-CFB1", "fips=yes")))
1414*b0d17251Schristos goto err;
1415*b0d17251Schristos if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()))
1416*b0d17251Schristos goto err;
1417*b0d17251Schristos if (!TEST_int_gt(EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, 1), 0))
1418*b0d17251Schristos goto err;
1419*b0d17251Schristos if (!TEST_ptr(params = EVP_CIPHER_CTX_settable_params(ctx))
1420*b0d17251Schristos || !TEST_ptr(p = OSSL_PARAM_locate_const(params,
1421*b0d17251Schristos OSSL_CIPHER_PARAM_USE_BITS)))
1422*b0d17251Schristos goto err;
1423*b0d17251Schristos EVP_CIPHER_CTX_set_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS);
1424*b0d17251Schristos if (!TEST_int_gt(EVP_CipherUpdate(ctx, out, &outlen, pt, 7), 0))
1425*b0d17251Schristos goto err;
1426*b0d17251Schristos if (!TEST_int_eq(outlen, 7))
1427*b0d17251Schristos goto err;
1428*b0d17251Schristos if (!TEST_mem_eq(out, (outlen + 7) / 8, expected, sizeof(expected)))
1429*b0d17251Schristos goto err;
1430*b0d17251Schristos ret = 1;
1431*b0d17251Schristos err:
1432*b0d17251Schristos EVP_CIPHER_free(cipher);
1433*b0d17251Schristos EVP_CIPHER_CTX_free(ctx);
1434*b0d17251Schristos return ret;
1435*b0d17251Schristos }
1436*b0d17251Schristos
setup_tests(void)1437*b0d17251Schristos int setup_tests(void)
1438*b0d17251Schristos {
1439*b0d17251Schristos char *config_file = NULL;
1440*b0d17251Schristos
1441*b0d17251Schristos OPTION_CHOICE o;
1442*b0d17251Schristos
1443*b0d17251Schristos while ((o = opt_next()) != OPT_EOF) {
1444*b0d17251Schristos switch (o) {
1445*b0d17251Schristos case OPT_CONFIG_FILE:
1446*b0d17251Schristos config_file = opt_arg();
1447*b0d17251Schristos break;
1448*b0d17251Schristos case OPT_TEST_CASES:
1449*b0d17251Schristos break;
1450*b0d17251Schristos default:
1451*b0d17251Schristos case OPT_ERR:
1452*b0d17251Schristos return 0;
1453*b0d17251Schristos }
1454*b0d17251Schristos }
1455*b0d17251Schristos
1456*b0d17251Schristos if (!test_get_libctx(&libctx, &prov_null, config_file, NULL, NULL))
1457*b0d17251Schristos return 0;
1458*b0d17251Schristos
1459*b0d17251Schristos OSSL_SELF_TEST_set_callback(libctx, self_test_events, &self_test_args);
1460*b0d17251Schristos
1461*b0d17251Schristos ADD_TEST(aes_cfb1_bits_test);
1462*b0d17251Schristos ADD_ALL_TESTS(cipher_enc_dec_test, OSSL_NELEM(cipher_enc_data));
1463*b0d17251Schristos ADD_ALL_TESTS(aes_ccm_enc_dec_test, OSSL_NELEM(aes_ccm_enc_data));
1464*b0d17251Schristos ADD_ALL_TESTS(aes_gcm_enc_dec_test, OSSL_NELEM(aes_gcm_enc_data));
1465*b0d17251Schristos
1466*b0d17251Schristos ADD_ALL_TESTS(rsa_keygen_test, OSSL_NELEM(rsa_keygen_data));
1467*b0d17251Schristos ADD_ALL_TESTS(rsa_siggen_test, OSSL_NELEM(rsa_siggen_data));
1468*b0d17251Schristos ADD_ALL_TESTS(rsa_sigver_test, OSSL_NELEM(rsa_sigver_data));
1469*b0d17251Schristos ADD_ALL_TESTS(rsa_decryption_primitive_test,
1470*b0d17251Schristos OSSL_NELEM(rsa_decrypt_prim_data));
1471*b0d17251Schristos
1472*b0d17251Schristos #ifndef OPENSSL_NO_DH
1473*b0d17251Schristos ADD_ALL_TESTS(dh_safe_prime_keygen_test,
1474*b0d17251Schristos OSSL_NELEM(dh_safe_prime_keygen_data));
1475*b0d17251Schristos ADD_ALL_TESTS(dh_safe_prime_keyver_test,
1476*b0d17251Schristos OSSL_NELEM(dh_safe_prime_keyver_data));
1477*b0d17251Schristos #endif /* OPENSSL_NO_DH */
1478*b0d17251Schristos
1479*b0d17251Schristos #ifndef OPENSSL_NO_DSA
1480*b0d17251Schristos ADD_ALL_TESTS(dsa_keygen_test, OSSL_NELEM(dsa_keygen_data));
1481*b0d17251Schristos ADD_ALL_TESTS(dsa_paramgen_test, OSSL_NELEM(dsa_paramgen_data));
1482*b0d17251Schristos ADD_ALL_TESTS(dsa_pqver_test, OSSL_NELEM(dsa_pqver_data));
1483*b0d17251Schristos ADD_ALL_TESTS(dsa_siggen_test, OSSL_NELEM(dsa_siggen_data));
1484*b0d17251Schristos ADD_ALL_TESTS(dsa_sigver_test, OSSL_NELEM(dsa_sigver_data));
1485*b0d17251Schristos #endif /* OPENSSL_NO_DSA */
1486*b0d17251Schristos
1487*b0d17251Schristos #ifndef OPENSSL_NO_EC
1488*b0d17251Schristos ADD_ALL_TESTS(ecdsa_keygen_test, OSSL_NELEM(ecdsa_keygen_data));
1489*b0d17251Schristos ADD_ALL_TESTS(ecdsa_pub_verify_test, OSSL_NELEM(ecdsa_pv_data));
1490*b0d17251Schristos ADD_ALL_TESTS(ecdsa_siggen_test, OSSL_NELEM(ecdsa_siggen_data));
1491*b0d17251Schristos ADD_ALL_TESTS(ecdsa_sigver_test, OSSL_NELEM(ecdsa_sigver_data));
1492*b0d17251Schristos #endif /* OPENSSL_NO_EC */
1493*b0d17251Schristos
1494*b0d17251Schristos ADD_ALL_TESTS(drbg_test, OSSL_NELEM(drbg_data));
1495*b0d17251Schristos return 1;
1496*b0d17251Schristos }
1497*b0d17251Schristos
cleanup_tests(void)1498*b0d17251Schristos void cleanup_tests(void)
1499*b0d17251Schristos {
1500*b0d17251Schristos OSSL_PROVIDER_unload(prov_null);
1501*b0d17251Schristos OSSL_LIB_CTX_free(libctx);
1502*b0d17251Schristos }
1503