1 /* 2 * Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the OpenSSL license (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 #include <stdio.h> 11 #include <string.h> 12 #include <stdlib.h> 13 #include <ctype.h> 14 #include <openssl/evp.h> 15 #include <openssl/pem.h> 16 #include <openssl/err.h> 17 #include <openssl/x509v3.h> 18 #include <openssl/pkcs12.h> 19 #include <openssl/kdf.h> 20 #include "internal/numbers.h" 21 #include "testutil.h" 22 #include "evp_test.h" 23 24 25 typedef struct evp_test_method_st EVP_TEST_METHOD; 26 27 /* 28 * Structure holding test information 29 */ 30 typedef struct evp_test_st { 31 STANZA s; /* Common test stanza */ 32 char *name; 33 int skip; /* Current test should be skipped */ 34 const EVP_TEST_METHOD *meth; /* method for this test */ 35 const char *err, *aux_err; /* Error string for test */ 36 char *expected_err; /* Expected error value of test */ 37 char *func; /* Expected error function string */ 38 char *reason; /* Expected error reason string */ 39 void *data; /* test specific data */ 40 } EVP_TEST; 41 42 /* 43 * Test method structure 44 */ 45 struct evp_test_method_st { 46 /* Name of test as it appears in file */ 47 const char *name; 48 /* Initialise test for "alg" */ 49 int (*init) (EVP_TEST * t, const char *alg); 50 /* Clean up method */ 51 void (*cleanup) (EVP_TEST * t); 52 /* Test specific name value pair processing */ 53 int (*parse) (EVP_TEST * t, const char *name, const char *value); 54 /* Run the test itself */ 55 int (*run_test) (EVP_TEST * t); 56 }; 57 58 59 /* 60 * Linked list of named keys. 61 */ 62 typedef struct key_list_st { 63 char *name; 64 EVP_PKEY *key; 65 struct key_list_st *next; 66 } KEY_LIST; 67 68 /* 69 * List of public and private keys 70 */ 71 static KEY_LIST *private_keys; 72 static KEY_LIST *public_keys; 73 static int find_key(EVP_PKEY **ppk, const char *name, KEY_LIST *lst); 74 75 static int parse_bin(const char *value, unsigned char **buf, size_t *buflen); 76 77 /* 78 * Compare two memory regions for equality, returning zero if they differ. 79 * However, if there is expected to be an error and the actual error 80 * matches then the memory is expected to be different so handle this 81 * case without producing unnecessary test framework output. 82 */ 83 static int memory_err_compare(EVP_TEST *t, const char *err, 84 const void *expected, size_t expected_len, 85 const void *got, size_t got_len) 86 { 87 int r; 88 89 if (t->expected_err != NULL && strcmp(t->expected_err, err) == 0) 90 r = !TEST_mem_ne(expected, expected_len, got, got_len); 91 else 92 r = TEST_mem_eq(expected, expected_len, got, got_len); 93 if (!r) 94 t->err = err; 95 return r; 96 } 97 98 /* 99 * Structure used to hold a list of blocks of memory to test 100 * calls to "update" like functions. 101 */ 102 struct evp_test_buffer_st { 103 unsigned char *buf; 104 size_t buflen; 105 size_t count; 106 int count_set; 107 }; 108 109 static void evp_test_buffer_free(EVP_TEST_BUFFER *db) 110 { 111 if (db != NULL) { 112 OPENSSL_free(db->buf); 113 OPENSSL_free(db); 114 } 115 } 116 117 /* 118 * append buffer to a list 119 */ 120 static int evp_test_buffer_append(const char *value, 121 STACK_OF(EVP_TEST_BUFFER) **sk) 122 { 123 EVP_TEST_BUFFER *db = NULL; 124 125 if (!TEST_ptr(db = OPENSSL_malloc(sizeof(*db)))) 126 goto err; 127 128 if (!parse_bin(value, &db->buf, &db->buflen)) 129 goto err; 130 db->count = 1; 131 db->count_set = 0; 132 133 if (*sk == NULL && !TEST_ptr(*sk = sk_EVP_TEST_BUFFER_new_null())) 134 goto err; 135 if (!sk_EVP_TEST_BUFFER_push(*sk, db)) 136 goto err; 137 138 return 1; 139 140 err: 141 evp_test_buffer_free(db); 142 return 0; 143 } 144 145 /* 146 * replace last buffer in list with copies of itself 147 */ 148 static int evp_test_buffer_ncopy(const char *value, 149 STACK_OF(EVP_TEST_BUFFER) *sk) 150 { 151 EVP_TEST_BUFFER *db; 152 unsigned char *tbuf, *p; 153 size_t tbuflen; 154 int ncopy = atoi(value); 155 int i; 156 157 if (ncopy <= 0) 158 return 0; 159 if (sk == NULL || sk_EVP_TEST_BUFFER_num(sk) == 0) 160 return 0; 161 db = sk_EVP_TEST_BUFFER_value(sk, sk_EVP_TEST_BUFFER_num(sk) - 1); 162 163 tbuflen = db->buflen * ncopy; 164 if (!TEST_ptr(tbuf = OPENSSL_malloc(tbuflen))) 165 return 0; 166 for (i = 0, p = tbuf; i < ncopy; i++, p += db->buflen) 167 memcpy(p, db->buf, db->buflen); 168 169 OPENSSL_free(db->buf); 170 db->buf = tbuf; 171 db->buflen = tbuflen; 172 return 1; 173 } 174 175 /* 176 * set repeat count for last buffer in list 177 */ 178 static int evp_test_buffer_set_count(const char *value, 179 STACK_OF(EVP_TEST_BUFFER) *sk) 180 { 181 EVP_TEST_BUFFER *db; 182 int count = atoi(value); 183 184 if (count <= 0) 185 return 0; 186 187 if (sk == NULL || sk_EVP_TEST_BUFFER_num(sk) == 0) 188 return 0; 189 190 db = sk_EVP_TEST_BUFFER_value(sk, sk_EVP_TEST_BUFFER_num(sk) - 1); 191 if (db->count_set != 0) 192 return 0; 193 194 db->count = (size_t)count; 195 db->count_set = 1; 196 return 1; 197 } 198 199 /* 200 * call "fn" with each element of the list in turn 201 */ 202 static int evp_test_buffer_do(STACK_OF(EVP_TEST_BUFFER) *sk, 203 int (*fn)(void *ctx, 204 const unsigned char *buf, 205 size_t buflen), 206 void *ctx) 207 { 208 int i; 209 210 for (i = 0; i < sk_EVP_TEST_BUFFER_num(sk); i++) { 211 EVP_TEST_BUFFER *tb = sk_EVP_TEST_BUFFER_value(sk, i); 212 size_t j; 213 214 for (j = 0; j < tb->count; j++) { 215 if (fn(ctx, tb->buf, tb->buflen) <= 0) 216 return 0; 217 } 218 } 219 return 1; 220 } 221 222 /* 223 * Unescape some sequences in string literals (only \n for now). 224 * Return an allocated buffer, set |out_len|. If |input_len| 225 * is zero, get an empty buffer but set length to zero. 226 */ 227 static unsigned char* unescape(const char *input, size_t input_len, 228 size_t *out_len) 229 { 230 unsigned char *ret, *p; 231 size_t i; 232 233 if (input_len == 0) { 234 *out_len = 0; 235 return OPENSSL_zalloc(1); 236 } 237 238 /* Escaping is non-expanding; over-allocate original size for simplicity. */ 239 if (!TEST_ptr(ret = p = OPENSSL_malloc(input_len))) 240 return NULL; 241 242 for (i = 0; i < input_len; i++) { 243 if (*input == '\\') { 244 if (i == input_len - 1 || *++input != 'n') { 245 TEST_error("Bad escape sequence in file"); 246 goto err; 247 } 248 *p++ = '\n'; 249 i++; 250 input++; 251 } else { 252 *p++ = *input++; 253 } 254 } 255 256 *out_len = p - ret; 257 return ret; 258 259 err: 260 OPENSSL_free(ret); 261 return NULL; 262 } 263 264 /* 265 * For a hex string "value" convert to a binary allocated buffer. 266 * Return 1 on success or 0 on failure. 267 */ 268 static int parse_bin(const char *value, unsigned char **buf, size_t *buflen) 269 { 270 long len; 271 272 /* Check for NULL literal */ 273 if (strcmp(value, "NULL") == 0) { 274 *buf = NULL; 275 *buflen = 0; 276 return 1; 277 } 278 279 /* Check for empty value */ 280 if (*value == '\0') { 281 /* 282 * Don't return NULL for zero length buffer. This is needed for 283 * some tests with empty keys: HMAC_Init_ex() expects a non-NULL key 284 * buffer even if the key length is 0, in order to detect key reset. 285 */ 286 *buf = OPENSSL_malloc(1); 287 if (*buf == NULL) 288 return 0; 289 **buf = 0; 290 *buflen = 0; 291 return 1; 292 } 293 294 /* Check for string literal */ 295 if (value[0] == '"') { 296 size_t vlen = strlen(++value); 297 298 if (vlen == 0 || value[vlen - 1] != '"') 299 return 0; 300 vlen--; 301 *buf = unescape(value, vlen, buflen); 302 return *buf == NULL ? 0 : 1; 303 } 304 305 /* Otherwise assume as hex literal and convert it to binary buffer */ 306 if (!TEST_ptr(*buf = OPENSSL_hexstr2buf(value, &len))) { 307 TEST_info("Can't convert %s", value); 308 TEST_openssl_errors(); 309 return -1; 310 } 311 /* Size of input buffer means we'll never overflow */ 312 *buflen = len; 313 return 1; 314 } 315 316 317 /** 318 *** MESSAGE DIGEST TESTS 319 **/ 320 321 typedef struct digest_data_st { 322 /* Digest this test is for */ 323 const EVP_MD *digest; 324 /* Input to digest */ 325 STACK_OF(EVP_TEST_BUFFER) *input; 326 /* Expected output */ 327 unsigned char *output; 328 size_t output_len; 329 } DIGEST_DATA; 330 331 static int digest_test_init(EVP_TEST *t, const char *alg) 332 { 333 DIGEST_DATA *mdat; 334 const EVP_MD *digest; 335 336 if ((digest = EVP_get_digestbyname(alg)) == NULL) { 337 /* If alg has an OID assume disabled algorithm */ 338 if (OBJ_sn2nid(alg) != NID_undef || OBJ_ln2nid(alg) != NID_undef) { 339 t->skip = 1; 340 return 1; 341 } 342 return 0; 343 } 344 if (!TEST_ptr(mdat = OPENSSL_zalloc(sizeof(*mdat)))) 345 return 0; 346 t->data = mdat; 347 mdat->digest = digest; 348 return 1; 349 } 350 351 static void digest_test_cleanup(EVP_TEST *t) 352 { 353 DIGEST_DATA *mdat = t->data; 354 355 sk_EVP_TEST_BUFFER_pop_free(mdat->input, evp_test_buffer_free); 356 OPENSSL_free(mdat->output); 357 } 358 359 static int digest_test_parse(EVP_TEST *t, 360 const char *keyword, const char *value) 361 { 362 DIGEST_DATA *mdata = t->data; 363 364 if (strcmp(keyword, "Input") == 0) 365 return evp_test_buffer_append(value, &mdata->input); 366 if (strcmp(keyword, "Output") == 0) 367 return parse_bin(value, &mdata->output, &mdata->output_len); 368 if (strcmp(keyword, "Count") == 0) 369 return evp_test_buffer_set_count(value, mdata->input); 370 if (strcmp(keyword, "Ncopy") == 0) 371 return evp_test_buffer_ncopy(value, mdata->input); 372 return 0; 373 } 374 375 static int digest_update_fn(void *ctx, const unsigned char *buf, size_t buflen) 376 { 377 return EVP_DigestUpdate(ctx, buf, buflen); 378 } 379 380 static int digest_test_run(EVP_TEST *t) 381 { 382 DIGEST_DATA *expected = t->data; 383 EVP_MD_CTX *mctx; 384 unsigned char *got = NULL; 385 unsigned int got_len; 386 387 t->err = "TEST_FAILURE"; 388 if (!TEST_ptr(mctx = EVP_MD_CTX_new())) 389 goto err; 390 391 got = OPENSSL_malloc(expected->output_len > EVP_MAX_MD_SIZE ? 392 expected->output_len : EVP_MAX_MD_SIZE); 393 if (!TEST_ptr(got)) 394 goto err; 395 396 if (!EVP_DigestInit_ex(mctx, expected->digest, NULL)) { 397 t->err = "DIGESTINIT_ERROR"; 398 goto err; 399 } 400 if (!evp_test_buffer_do(expected->input, digest_update_fn, mctx)) { 401 t->err = "DIGESTUPDATE_ERROR"; 402 goto err; 403 } 404 405 if (EVP_MD_flags(expected->digest) & EVP_MD_FLAG_XOF) { 406 got_len = expected->output_len; 407 if (!EVP_DigestFinalXOF(mctx, got, got_len)) { 408 t->err = "DIGESTFINALXOF_ERROR"; 409 goto err; 410 } 411 } else { 412 if (!EVP_DigestFinal(mctx, got, &got_len)) { 413 t->err = "DIGESTFINAL_ERROR"; 414 goto err; 415 } 416 } 417 if (!TEST_int_eq(expected->output_len, got_len)) { 418 t->err = "DIGEST_LENGTH_MISMATCH"; 419 goto err; 420 } 421 if (!memory_err_compare(t, "DIGEST_MISMATCH", 422 expected->output, expected->output_len, 423 got, got_len)) 424 goto err; 425 426 t->err = NULL; 427 428 err: 429 OPENSSL_free(got); 430 EVP_MD_CTX_free(mctx); 431 return 1; 432 } 433 434 static const EVP_TEST_METHOD digest_test_method = { 435 "Digest", 436 digest_test_init, 437 digest_test_cleanup, 438 digest_test_parse, 439 digest_test_run 440 }; 441 442 443 /** 444 *** CIPHER TESTS 445 **/ 446 447 typedef struct cipher_data_st { 448 const EVP_CIPHER *cipher; 449 int enc; 450 /* EVP_CIPH_GCM_MODE, EVP_CIPH_CCM_MODE or EVP_CIPH_OCB_MODE if AEAD */ 451 int aead; 452 unsigned char *key; 453 size_t key_len; 454 unsigned char *iv; 455 size_t iv_len; 456 unsigned char *plaintext; 457 size_t plaintext_len; 458 unsigned char *ciphertext; 459 size_t ciphertext_len; 460 /* GCM, CCM and OCB only */ 461 unsigned char *aad; 462 size_t aad_len; 463 unsigned char *tag; 464 size_t tag_len; 465 } CIPHER_DATA; 466 467 static int cipher_test_init(EVP_TEST *t, const char *alg) 468 { 469 const EVP_CIPHER *cipher; 470 CIPHER_DATA *cdat; 471 int m; 472 473 if ((cipher = EVP_get_cipherbyname(alg)) == NULL) { 474 /* If alg has an OID assume disabled algorithm */ 475 if (OBJ_sn2nid(alg) != NID_undef || OBJ_ln2nid(alg) != NID_undef) { 476 t->skip = 1; 477 return 1; 478 } 479 return 0; 480 } 481 cdat = OPENSSL_zalloc(sizeof(*cdat)); 482 cdat->cipher = cipher; 483 cdat->enc = -1; 484 m = EVP_CIPHER_mode(cipher); 485 if (m == EVP_CIPH_GCM_MODE 486 || m == EVP_CIPH_OCB_MODE 487 || m == EVP_CIPH_CCM_MODE) 488 cdat->aead = m; 489 else if (EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) 490 cdat->aead = -1; 491 else 492 cdat->aead = 0; 493 494 t->data = cdat; 495 return 1; 496 } 497 498 static void cipher_test_cleanup(EVP_TEST *t) 499 { 500 CIPHER_DATA *cdat = t->data; 501 502 OPENSSL_free(cdat->key); 503 OPENSSL_free(cdat->iv); 504 OPENSSL_free(cdat->ciphertext); 505 OPENSSL_free(cdat->plaintext); 506 OPENSSL_free(cdat->aad); 507 OPENSSL_free(cdat->tag); 508 } 509 510 static int cipher_test_parse(EVP_TEST *t, const char *keyword, 511 const char *value) 512 { 513 CIPHER_DATA *cdat = t->data; 514 515 if (strcmp(keyword, "Key") == 0) 516 return parse_bin(value, &cdat->key, &cdat->key_len); 517 if (strcmp(keyword, "IV") == 0) 518 return parse_bin(value, &cdat->iv, &cdat->iv_len); 519 if (strcmp(keyword, "Plaintext") == 0) 520 return parse_bin(value, &cdat->plaintext, &cdat->plaintext_len); 521 if (strcmp(keyword, "Ciphertext") == 0) 522 return parse_bin(value, &cdat->ciphertext, &cdat->ciphertext_len); 523 if (cdat->aead) { 524 if (strcmp(keyword, "AAD") == 0) 525 return parse_bin(value, &cdat->aad, &cdat->aad_len); 526 if (strcmp(keyword, "Tag") == 0) 527 return parse_bin(value, &cdat->tag, &cdat->tag_len); 528 } 529 530 if (strcmp(keyword, "Operation") == 0) { 531 if (strcmp(value, "ENCRYPT") == 0) 532 cdat->enc = 1; 533 else if (strcmp(value, "DECRYPT") == 0) 534 cdat->enc = 0; 535 else 536 return 0; 537 return 1; 538 } 539 return 0; 540 } 541 542 static int cipher_test_enc(EVP_TEST *t, int enc, 543 size_t out_misalign, size_t inp_misalign, int frag) 544 { 545 CIPHER_DATA *expected = t->data; 546 unsigned char *in, *expected_out, *tmp = NULL; 547 size_t in_len, out_len, donelen = 0; 548 int ok = 0, tmplen, chunklen, tmpflen; 549 EVP_CIPHER_CTX *ctx = NULL; 550 551 t->err = "TEST_FAILURE"; 552 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) 553 goto err; 554 EVP_CIPHER_CTX_set_flags(ctx, EVP_CIPHER_CTX_FLAG_WRAP_ALLOW); 555 if (enc) { 556 in = expected->plaintext; 557 in_len = expected->plaintext_len; 558 expected_out = expected->ciphertext; 559 out_len = expected->ciphertext_len; 560 } else { 561 in = expected->ciphertext; 562 in_len = expected->ciphertext_len; 563 expected_out = expected->plaintext; 564 out_len = expected->plaintext_len; 565 } 566 if (inp_misalign == (size_t)-1) { 567 /* 568 * Exercise in-place encryption 569 */ 570 tmp = OPENSSL_malloc(out_misalign + in_len + 2 * EVP_MAX_BLOCK_LENGTH); 571 if (!tmp) 572 goto err; 573 in = memcpy(tmp + out_misalign, in, in_len); 574 } else { 575 inp_misalign += 16 - ((out_misalign + in_len) & 15); 576 /* 577 * 'tmp' will store both output and copy of input. We make the copy 578 * of input to specifically aligned part of 'tmp'. So we just 579 * figured out how much padding would ensure the required alignment, 580 * now we allocate extended buffer and finally copy the input just 581 * past inp_misalign in expression below. Output will be written 582 * past out_misalign... 583 */ 584 tmp = OPENSSL_malloc(out_misalign + in_len + 2 * EVP_MAX_BLOCK_LENGTH + 585 inp_misalign + in_len); 586 if (!tmp) 587 goto err; 588 in = memcpy(tmp + out_misalign + in_len + 2 * EVP_MAX_BLOCK_LENGTH + 589 inp_misalign, in, in_len); 590 } 591 if (!EVP_CipherInit_ex(ctx, expected->cipher, NULL, NULL, NULL, enc)) { 592 t->err = "CIPHERINIT_ERROR"; 593 goto err; 594 } 595 if (expected->iv) { 596 if (expected->aead) { 597 if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, 598 expected->iv_len, 0)) { 599 t->err = "INVALID_IV_LENGTH"; 600 goto err; 601 } 602 } else if (expected->iv_len != (size_t)EVP_CIPHER_CTX_iv_length(ctx)) { 603 t->err = "INVALID_IV_LENGTH"; 604 goto err; 605 } 606 } 607 if (expected->aead) { 608 unsigned char *tag; 609 /* 610 * If encrypting or OCB just set tag length initially, otherwise 611 * set tag length and value. 612 */ 613 if (enc || expected->aead == EVP_CIPH_OCB_MODE) { 614 t->err = "TAG_LENGTH_SET_ERROR"; 615 tag = NULL; 616 } else { 617 t->err = "TAG_SET_ERROR"; 618 tag = expected->tag; 619 } 620 if (tag || expected->aead != EVP_CIPH_GCM_MODE) { 621 if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, 622 expected->tag_len, tag)) 623 goto err; 624 } 625 } 626 627 if (!EVP_CIPHER_CTX_set_key_length(ctx, expected->key_len)) { 628 t->err = "INVALID_KEY_LENGTH"; 629 goto err; 630 } 631 if (!EVP_CipherInit_ex(ctx, NULL, NULL, expected->key, expected->iv, -1)) { 632 t->err = "KEY_SET_ERROR"; 633 goto err; 634 } 635 636 if (!enc && expected->aead == EVP_CIPH_OCB_MODE) { 637 if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, 638 expected->tag_len, expected->tag)) { 639 t->err = "TAG_SET_ERROR"; 640 goto err; 641 } 642 } 643 644 if (expected->aead == EVP_CIPH_CCM_MODE) { 645 if (!EVP_CipherUpdate(ctx, NULL, &tmplen, NULL, out_len)) { 646 t->err = "CCM_PLAINTEXT_LENGTH_SET_ERROR"; 647 goto err; 648 } 649 } 650 if (expected->aad) { 651 t->err = "AAD_SET_ERROR"; 652 if (!frag) { 653 if (!EVP_CipherUpdate(ctx, NULL, &chunklen, expected->aad, 654 expected->aad_len)) 655 goto err; 656 } else { 657 /* 658 * Supply the AAD in chunks less than the block size where possible 659 */ 660 if (expected->aad_len > 0) { 661 if (!EVP_CipherUpdate(ctx, NULL, &chunklen, expected->aad, 1)) 662 goto err; 663 donelen++; 664 } 665 if (expected->aad_len > 2) { 666 if (!EVP_CipherUpdate(ctx, NULL, &chunklen, 667 expected->aad + donelen, 668 expected->aad_len - 2)) 669 goto err; 670 donelen += expected->aad_len - 2; 671 } 672 if (expected->aad_len > 1 673 && !EVP_CipherUpdate(ctx, NULL, &chunklen, 674 expected->aad + donelen, 1)) 675 goto err; 676 } 677 } 678 EVP_CIPHER_CTX_set_padding(ctx, 0); 679 t->err = "CIPHERUPDATE_ERROR"; 680 tmplen = 0; 681 if (!frag) { 682 /* We supply the data all in one go */ 683 if (!EVP_CipherUpdate(ctx, tmp + out_misalign, &tmplen, in, in_len)) 684 goto err; 685 } else { 686 /* Supply the data in chunks less than the block size where possible */ 687 if (in_len > 0) { 688 if (!EVP_CipherUpdate(ctx, tmp + out_misalign, &chunklen, in, 1)) 689 goto err; 690 tmplen += chunklen; 691 in++; 692 in_len--; 693 } 694 if (in_len > 1) { 695 if (!EVP_CipherUpdate(ctx, tmp + out_misalign + tmplen, &chunklen, 696 in, in_len - 1)) 697 goto err; 698 tmplen += chunklen; 699 in += in_len - 1; 700 in_len = 1; 701 } 702 if (in_len > 0 ) { 703 if (!EVP_CipherUpdate(ctx, tmp + out_misalign + tmplen, &chunklen, 704 in, 1)) 705 goto err; 706 tmplen += chunklen; 707 } 708 } 709 if (!EVP_CipherFinal_ex(ctx, tmp + out_misalign + tmplen, &tmpflen)) { 710 t->err = "CIPHERFINAL_ERROR"; 711 goto err; 712 } 713 if (!memory_err_compare(t, "VALUE_MISMATCH", expected_out, out_len, 714 tmp + out_misalign, tmplen + tmpflen)) 715 goto err; 716 if (enc && expected->aead) { 717 unsigned char rtag[16]; 718 719 if (!TEST_size_t_le(expected->tag_len, sizeof(rtag))) { 720 t->err = "TAG_LENGTH_INTERNAL_ERROR"; 721 goto err; 722 } 723 if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, 724 expected->tag_len, rtag)) { 725 t->err = "TAG_RETRIEVE_ERROR"; 726 goto err; 727 } 728 if (!memory_err_compare(t, "TAG_VALUE_MISMATCH", 729 expected->tag, expected->tag_len, 730 rtag, expected->tag_len)) 731 goto err; 732 } 733 t->err = NULL; 734 ok = 1; 735 err: 736 OPENSSL_free(tmp); 737 EVP_CIPHER_CTX_free(ctx); 738 return ok; 739 } 740 741 static int cipher_test_run(EVP_TEST *t) 742 { 743 CIPHER_DATA *cdat = t->data; 744 int rv, frag = 0; 745 size_t out_misalign, inp_misalign; 746 747 if (!cdat->key) { 748 t->err = "NO_KEY"; 749 return 0; 750 } 751 if (!cdat->iv && EVP_CIPHER_iv_length(cdat->cipher)) { 752 /* IV is optional and usually omitted in wrap mode */ 753 if (EVP_CIPHER_mode(cdat->cipher) != EVP_CIPH_WRAP_MODE) { 754 t->err = "NO_IV"; 755 return 0; 756 } 757 } 758 if (cdat->aead && !cdat->tag) { 759 t->err = "NO_TAG"; 760 return 0; 761 } 762 for (out_misalign = 0; out_misalign <= 1;) { 763 static char aux_err[64]; 764 t->aux_err = aux_err; 765 for (inp_misalign = (size_t)-1; inp_misalign != 2; inp_misalign++) { 766 if (inp_misalign == (size_t)-1) { 767 /* kludge: inp_misalign == -1 means "exercise in-place" */ 768 BIO_snprintf(aux_err, sizeof(aux_err), 769 "%s in-place, %sfragmented", 770 out_misalign ? "misaligned" : "aligned", 771 frag ? "" : "not "); 772 } else { 773 BIO_snprintf(aux_err, sizeof(aux_err), 774 "%s output and %s input, %sfragmented", 775 out_misalign ? "misaligned" : "aligned", 776 inp_misalign ? "misaligned" : "aligned", 777 frag ? "" : "not "); 778 } 779 if (cdat->enc) { 780 rv = cipher_test_enc(t, 1, out_misalign, inp_misalign, frag); 781 /* Not fatal errors: return */ 782 if (rv != 1) { 783 if (rv < 0) 784 return 0; 785 return 1; 786 } 787 } 788 if (cdat->enc != 1) { 789 rv = cipher_test_enc(t, 0, out_misalign, inp_misalign, frag); 790 /* Not fatal errors: return */ 791 if (rv != 1) { 792 if (rv < 0) 793 return 0; 794 return 1; 795 } 796 } 797 } 798 799 if (out_misalign == 1 && frag == 0) { 800 /* 801 * XTS, CCM and Wrap modes have special requirements about input 802 * lengths so we don't fragment for those 803 */ 804 if (cdat->aead == EVP_CIPH_CCM_MODE 805 || EVP_CIPHER_mode(cdat->cipher) == EVP_CIPH_XTS_MODE 806 || EVP_CIPHER_mode(cdat->cipher) == EVP_CIPH_WRAP_MODE) 807 break; 808 out_misalign = 0; 809 frag++; 810 } else { 811 out_misalign++; 812 } 813 } 814 t->aux_err = NULL; 815 816 return 1; 817 } 818 819 static const EVP_TEST_METHOD cipher_test_method = { 820 "Cipher", 821 cipher_test_init, 822 cipher_test_cleanup, 823 cipher_test_parse, 824 cipher_test_run 825 }; 826 827 828 /** 829 *** MAC TESTS 830 **/ 831 832 typedef struct mac_data_st { 833 /* MAC type */ 834 int type; 835 /* Algorithm string for this MAC */ 836 char *alg; 837 /* MAC key */ 838 unsigned char *key; 839 size_t key_len; 840 /* Input to MAC */ 841 unsigned char *input; 842 size_t input_len; 843 /* Expected output */ 844 unsigned char *output; 845 size_t output_len; 846 /* Collection of controls */ 847 STACK_OF(OPENSSL_STRING) *controls; 848 } MAC_DATA; 849 850 static int mac_test_init(EVP_TEST *t, const char *alg) 851 { 852 int type; 853 MAC_DATA *mdat; 854 855 if (strcmp(alg, "HMAC") == 0) { 856 type = EVP_PKEY_HMAC; 857 } else if (strcmp(alg, "CMAC") == 0) { 858 #ifndef OPENSSL_NO_CMAC 859 type = EVP_PKEY_CMAC; 860 #else 861 t->skip = 1; 862 return 1; 863 #endif 864 } else if (strcmp(alg, "Poly1305") == 0) { 865 #ifndef OPENSSL_NO_POLY1305 866 type = EVP_PKEY_POLY1305; 867 #else 868 t->skip = 1; 869 return 1; 870 #endif 871 } else if (strcmp(alg, "SipHash") == 0) { 872 #ifndef OPENSSL_NO_SIPHASH 873 type = EVP_PKEY_SIPHASH; 874 #else 875 t->skip = 1; 876 return 1; 877 #endif 878 } else 879 return 0; 880 881 mdat = OPENSSL_zalloc(sizeof(*mdat)); 882 mdat->type = type; 883 mdat->controls = sk_OPENSSL_STRING_new_null(); 884 t->data = mdat; 885 return 1; 886 } 887 888 /* Because OPENSSL_free is a macro, it can't be passed as a function pointer */ 889 static void openssl_free(char *m) 890 { 891 OPENSSL_free(m); 892 } 893 894 static void mac_test_cleanup(EVP_TEST *t) 895 { 896 MAC_DATA *mdat = t->data; 897 898 sk_OPENSSL_STRING_pop_free(mdat->controls, openssl_free); 899 OPENSSL_free(mdat->alg); 900 OPENSSL_free(mdat->key); 901 OPENSSL_free(mdat->input); 902 OPENSSL_free(mdat->output); 903 } 904 905 static int mac_test_parse(EVP_TEST *t, 906 const char *keyword, const char *value) 907 { 908 MAC_DATA *mdata = t->data; 909 910 if (strcmp(keyword, "Key") == 0) 911 return parse_bin(value, &mdata->key, &mdata->key_len); 912 if (strcmp(keyword, "Algorithm") == 0) { 913 mdata->alg = OPENSSL_strdup(value); 914 if (!mdata->alg) 915 return 0; 916 return 1; 917 } 918 if (strcmp(keyword, "Input") == 0) 919 return parse_bin(value, &mdata->input, &mdata->input_len); 920 if (strcmp(keyword, "Output") == 0) 921 return parse_bin(value, &mdata->output, &mdata->output_len); 922 if (strcmp(keyword, "Ctrl") == 0) 923 return sk_OPENSSL_STRING_push(mdata->controls, 924 OPENSSL_strdup(value)) != 0; 925 return 0; 926 } 927 928 static int mac_test_ctrl_pkey(EVP_TEST *t, EVP_PKEY_CTX *pctx, 929 const char *value) 930 { 931 int rv; 932 char *p, *tmpval; 933 934 if (!TEST_ptr(tmpval = OPENSSL_strdup(value))) 935 return 0; 936 p = strchr(tmpval, ':'); 937 if (p != NULL) 938 *p++ = '\0'; 939 rv = EVP_PKEY_CTX_ctrl_str(pctx, tmpval, p); 940 if (rv == -2) 941 t->err = "PKEY_CTRL_INVALID"; 942 else if (rv <= 0) 943 t->err = "PKEY_CTRL_ERROR"; 944 else 945 rv = 1; 946 OPENSSL_free(tmpval); 947 return rv > 0; 948 } 949 950 static int mac_test_run(EVP_TEST *t) 951 { 952 MAC_DATA *expected = t->data; 953 EVP_MD_CTX *mctx = NULL; 954 EVP_PKEY_CTX *pctx = NULL, *genctx = NULL; 955 EVP_PKEY *key = NULL; 956 const EVP_MD *md = NULL; 957 unsigned char *got = NULL; 958 size_t got_len; 959 int i; 960 961 #ifdef OPENSSL_NO_DES 962 if (expected->alg != NULL && strstr(expected->alg, "DES") != NULL) { 963 /* Skip DES */ 964 t->err = NULL; 965 goto err; 966 } 967 #endif 968 969 if (expected->type == EVP_PKEY_CMAC) 970 key = EVP_PKEY_new_CMAC_key(NULL, expected->key, expected->key_len, 971 EVP_get_cipherbyname(expected->alg)); 972 else 973 key = EVP_PKEY_new_raw_private_key(expected->type, NULL, expected->key, 974 expected->key_len); 975 if (key == NULL) { 976 t->err = "MAC_KEY_CREATE_ERROR"; 977 goto err; 978 } 979 980 if (expected->type == EVP_PKEY_HMAC) { 981 if (!TEST_ptr(md = EVP_get_digestbyname(expected->alg))) { 982 t->err = "MAC_ALGORITHM_SET_ERROR"; 983 goto err; 984 } 985 } 986 if (!TEST_ptr(mctx = EVP_MD_CTX_new())) { 987 t->err = "INTERNAL_ERROR"; 988 goto err; 989 } 990 if (!EVP_DigestSignInit(mctx, &pctx, md, NULL, key)) { 991 t->err = "DIGESTSIGNINIT_ERROR"; 992 goto err; 993 } 994 for (i = 0; i < sk_OPENSSL_STRING_num(expected->controls); i++) 995 if (!mac_test_ctrl_pkey(t, pctx, 996 sk_OPENSSL_STRING_value(expected->controls, 997 i))) { 998 t->err = "EVPPKEYCTXCTRL_ERROR"; 999 goto err; 1000 } 1001 if (!EVP_DigestSignUpdate(mctx, expected->input, expected->input_len)) { 1002 t->err = "DIGESTSIGNUPDATE_ERROR"; 1003 goto err; 1004 } 1005 if (!EVP_DigestSignFinal(mctx, NULL, &got_len)) { 1006 t->err = "DIGESTSIGNFINAL_LENGTH_ERROR"; 1007 goto err; 1008 } 1009 if (!TEST_ptr(got = OPENSSL_malloc(got_len))) { 1010 t->err = "TEST_FAILURE"; 1011 goto err; 1012 } 1013 if (!EVP_DigestSignFinal(mctx, got, &got_len) 1014 || !memory_err_compare(t, "TEST_MAC_ERR", 1015 expected->output, expected->output_len, 1016 got, got_len)) { 1017 t->err = "TEST_MAC_ERR"; 1018 goto err; 1019 } 1020 t->err = NULL; 1021 err: 1022 EVP_MD_CTX_free(mctx); 1023 OPENSSL_free(got); 1024 EVP_PKEY_CTX_free(genctx); 1025 EVP_PKEY_free(key); 1026 return 1; 1027 } 1028 1029 static const EVP_TEST_METHOD mac_test_method = { 1030 "MAC", 1031 mac_test_init, 1032 mac_test_cleanup, 1033 mac_test_parse, 1034 mac_test_run 1035 }; 1036 1037 1038 /** 1039 *** PUBLIC KEY TESTS 1040 *** These are all very similar and share much common code. 1041 **/ 1042 1043 typedef struct pkey_data_st { 1044 /* Context for this operation */ 1045 EVP_PKEY_CTX *ctx; 1046 /* Key operation to perform */ 1047 int (*keyop) (EVP_PKEY_CTX *ctx, 1048 unsigned char *sig, size_t *siglen, 1049 const unsigned char *tbs, size_t tbslen); 1050 /* Input to MAC */ 1051 unsigned char *input; 1052 size_t input_len; 1053 /* Expected output */ 1054 unsigned char *output; 1055 size_t output_len; 1056 } PKEY_DATA; 1057 1058 /* 1059 * Perform public key operation setup: lookup key, allocated ctx and call 1060 * the appropriate initialisation function 1061 */ 1062 static int pkey_test_init(EVP_TEST *t, const char *name, 1063 int use_public, 1064 int (*keyopinit) (EVP_PKEY_CTX *ctx), 1065 int (*keyop)(EVP_PKEY_CTX *ctx, 1066 unsigned char *sig, size_t *siglen, 1067 const unsigned char *tbs, 1068 size_t tbslen)) 1069 { 1070 PKEY_DATA *kdata; 1071 EVP_PKEY *pkey = NULL; 1072 int rv = 0; 1073 1074 if (use_public) 1075 rv = find_key(&pkey, name, public_keys); 1076 if (rv == 0) 1077 rv = find_key(&pkey, name, private_keys); 1078 if (rv == 0 || pkey == NULL) { 1079 t->skip = 1; 1080 return 1; 1081 } 1082 1083 if (!TEST_ptr(kdata = OPENSSL_zalloc(sizeof(*kdata)))) { 1084 EVP_PKEY_free(pkey); 1085 return 0; 1086 } 1087 kdata->keyop = keyop; 1088 if (!TEST_ptr(kdata->ctx = EVP_PKEY_CTX_new(pkey, NULL))) { 1089 EVP_PKEY_free(pkey); 1090 OPENSSL_free(kdata); 1091 return 0; 1092 } 1093 if (keyopinit(kdata->ctx) <= 0) 1094 t->err = "KEYOP_INIT_ERROR"; 1095 t->data = kdata; 1096 return 1; 1097 } 1098 1099 static void pkey_test_cleanup(EVP_TEST *t) 1100 { 1101 PKEY_DATA *kdata = t->data; 1102 1103 OPENSSL_free(kdata->input); 1104 OPENSSL_free(kdata->output); 1105 EVP_PKEY_CTX_free(kdata->ctx); 1106 } 1107 1108 static int pkey_test_ctrl(EVP_TEST *t, EVP_PKEY_CTX *pctx, 1109 const char *value) 1110 { 1111 int rv; 1112 char *p, *tmpval; 1113 1114 if (!TEST_ptr(tmpval = OPENSSL_strdup(value))) 1115 return 0; 1116 p = strchr(tmpval, ':'); 1117 if (p != NULL) 1118 *p++ = '\0'; 1119 rv = EVP_PKEY_CTX_ctrl_str(pctx, tmpval, p); 1120 if (rv == -2) { 1121 t->err = "PKEY_CTRL_INVALID"; 1122 rv = 1; 1123 } else if (p != NULL && rv <= 0) { 1124 /* If p has an OID and lookup fails assume disabled algorithm */ 1125 int nid = OBJ_sn2nid(p); 1126 1127 if (nid == NID_undef) 1128 nid = OBJ_ln2nid(p); 1129 if (nid != NID_undef 1130 && EVP_get_digestbynid(nid) == NULL 1131 && EVP_get_cipherbynid(nid) == NULL) { 1132 t->skip = 1; 1133 rv = 1; 1134 } else { 1135 t->err = "PKEY_CTRL_ERROR"; 1136 rv = 1; 1137 } 1138 } 1139 OPENSSL_free(tmpval); 1140 return rv > 0; 1141 } 1142 1143 static int pkey_test_parse(EVP_TEST *t, 1144 const char *keyword, const char *value) 1145 { 1146 PKEY_DATA *kdata = t->data; 1147 if (strcmp(keyword, "Input") == 0) 1148 return parse_bin(value, &kdata->input, &kdata->input_len); 1149 if (strcmp(keyword, "Output") == 0) 1150 return parse_bin(value, &kdata->output, &kdata->output_len); 1151 if (strcmp(keyword, "Ctrl") == 0) 1152 return pkey_test_ctrl(t, kdata->ctx, value); 1153 return 0; 1154 } 1155 1156 static int pkey_test_run(EVP_TEST *t) 1157 { 1158 PKEY_DATA *expected = t->data; 1159 unsigned char *got = NULL; 1160 size_t got_len; 1161 1162 if (expected->keyop(expected->ctx, NULL, &got_len, 1163 expected->input, expected->input_len) <= 0 1164 || !TEST_ptr(got = OPENSSL_malloc(got_len))) { 1165 t->err = "KEYOP_LENGTH_ERROR"; 1166 goto err; 1167 } 1168 if (expected->keyop(expected->ctx, got, &got_len, 1169 expected->input, expected->input_len) <= 0) { 1170 t->err = "KEYOP_ERROR"; 1171 goto err; 1172 } 1173 if (!memory_err_compare(t, "KEYOP_MISMATCH", 1174 expected->output, expected->output_len, 1175 got, got_len)) 1176 goto err; 1177 1178 t->err = NULL; 1179 err: 1180 OPENSSL_free(got); 1181 return 1; 1182 } 1183 1184 static int sign_test_init(EVP_TEST *t, const char *name) 1185 { 1186 return pkey_test_init(t, name, 0, EVP_PKEY_sign_init, EVP_PKEY_sign); 1187 } 1188 1189 static const EVP_TEST_METHOD psign_test_method = { 1190 "Sign", 1191 sign_test_init, 1192 pkey_test_cleanup, 1193 pkey_test_parse, 1194 pkey_test_run 1195 }; 1196 1197 static int verify_recover_test_init(EVP_TEST *t, const char *name) 1198 { 1199 return pkey_test_init(t, name, 1, EVP_PKEY_verify_recover_init, 1200 EVP_PKEY_verify_recover); 1201 } 1202 1203 static const EVP_TEST_METHOD pverify_recover_test_method = { 1204 "VerifyRecover", 1205 verify_recover_test_init, 1206 pkey_test_cleanup, 1207 pkey_test_parse, 1208 pkey_test_run 1209 }; 1210 1211 static int decrypt_test_init(EVP_TEST *t, const char *name) 1212 { 1213 return pkey_test_init(t, name, 0, EVP_PKEY_decrypt_init, 1214 EVP_PKEY_decrypt); 1215 } 1216 1217 static const EVP_TEST_METHOD pdecrypt_test_method = { 1218 "Decrypt", 1219 decrypt_test_init, 1220 pkey_test_cleanup, 1221 pkey_test_parse, 1222 pkey_test_run 1223 }; 1224 1225 static int verify_test_init(EVP_TEST *t, const char *name) 1226 { 1227 return pkey_test_init(t, name, 1, EVP_PKEY_verify_init, 0); 1228 } 1229 1230 static int verify_test_run(EVP_TEST *t) 1231 { 1232 PKEY_DATA *kdata = t->data; 1233 1234 if (EVP_PKEY_verify(kdata->ctx, kdata->output, kdata->output_len, 1235 kdata->input, kdata->input_len) <= 0) 1236 t->err = "VERIFY_ERROR"; 1237 return 1; 1238 } 1239 1240 static const EVP_TEST_METHOD pverify_test_method = { 1241 "Verify", 1242 verify_test_init, 1243 pkey_test_cleanup, 1244 pkey_test_parse, 1245 verify_test_run 1246 }; 1247 1248 1249 static int pderive_test_init(EVP_TEST *t, const char *name) 1250 { 1251 return pkey_test_init(t, name, 0, EVP_PKEY_derive_init, 0); 1252 } 1253 1254 static int pderive_test_parse(EVP_TEST *t, 1255 const char *keyword, const char *value) 1256 { 1257 PKEY_DATA *kdata = t->data; 1258 1259 if (strcmp(keyword, "PeerKey") == 0) { 1260 EVP_PKEY *peer; 1261 if (find_key(&peer, value, public_keys) == 0) 1262 return 0; 1263 if (EVP_PKEY_derive_set_peer(kdata->ctx, peer) <= 0) 1264 return 0; 1265 return 1; 1266 } 1267 if (strcmp(keyword, "SharedSecret") == 0) 1268 return parse_bin(value, &kdata->output, &kdata->output_len); 1269 if (strcmp(keyword, "Ctrl") == 0) 1270 return pkey_test_ctrl(t, kdata->ctx, value); 1271 return 0; 1272 } 1273 1274 static int pderive_test_run(EVP_TEST *t) 1275 { 1276 PKEY_DATA *expected = t->data; 1277 unsigned char *got = NULL; 1278 size_t got_len; 1279 1280 if (EVP_PKEY_derive(expected->ctx, NULL, &got_len) <= 0) { 1281 t->err = "DERIVE_ERROR"; 1282 goto err; 1283 } 1284 if (!TEST_ptr(got = OPENSSL_malloc(got_len))) { 1285 t->err = "DERIVE_ERROR"; 1286 goto err; 1287 } 1288 if (EVP_PKEY_derive(expected->ctx, got, &got_len) <= 0) { 1289 t->err = "DERIVE_ERROR"; 1290 goto err; 1291 } 1292 if (!memory_err_compare(t, "SHARED_SECRET_MISMATCH", 1293 expected->output, expected->output_len, 1294 got, got_len)) 1295 goto err; 1296 1297 t->err = NULL; 1298 err: 1299 OPENSSL_free(got); 1300 return 1; 1301 } 1302 1303 static const EVP_TEST_METHOD pderive_test_method = { 1304 "Derive", 1305 pderive_test_init, 1306 pkey_test_cleanup, 1307 pderive_test_parse, 1308 pderive_test_run 1309 }; 1310 1311 1312 /** 1313 *** PBE TESTS 1314 **/ 1315 1316 typedef enum pbe_type_enum { 1317 PBE_TYPE_INVALID = 0, 1318 PBE_TYPE_SCRYPT, PBE_TYPE_PBKDF2, PBE_TYPE_PKCS12 1319 } PBE_TYPE; 1320 1321 typedef struct pbe_data_st { 1322 PBE_TYPE pbe_type; 1323 /* scrypt parameters */ 1324 uint64_t N, r, p, maxmem; 1325 /* PKCS#12 parameters */ 1326 int id, iter; 1327 const EVP_MD *md; 1328 /* password */ 1329 unsigned char *pass; 1330 size_t pass_len; 1331 /* salt */ 1332 unsigned char *salt; 1333 size_t salt_len; 1334 /* Expected output */ 1335 unsigned char *key; 1336 size_t key_len; 1337 } PBE_DATA; 1338 1339 #ifndef OPENSSL_NO_SCRYPT 1340 /* 1341 * Parse unsigned decimal 64 bit integer value 1342 */ 1343 static int parse_uint64(const char *value, uint64_t *pr) 1344 { 1345 const char *p = value; 1346 1347 if (!TEST_true(*p)) { 1348 TEST_info("Invalid empty integer value"); 1349 return -1; 1350 } 1351 for (*pr = 0; *p; ) { 1352 if (*pr > UINT64_MAX / 10) { 1353 TEST_error("Integer overflow in string %s", value); 1354 return -1; 1355 } 1356 *pr *= 10; 1357 if (!TEST_true(isdigit((unsigned char)*p))) { 1358 TEST_error("Invalid character in string %s", value); 1359 return -1; 1360 } 1361 *pr += *p - '0'; 1362 p++; 1363 } 1364 return 1; 1365 } 1366 1367 static int scrypt_test_parse(EVP_TEST *t, 1368 const char *keyword, const char *value) 1369 { 1370 PBE_DATA *pdata = t->data; 1371 1372 if (strcmp(keyword, "N") == 0) 1373 return parse_uint64(value, &pdata->N); 1374 if (strcmp(keyword, "p") == 0) 1375 return parse_uint64(value, &pdata->p); 1376 if (strcmp(keyword, "r") == 0) 1377 return parse_uint64(value, &pdata->r); 1378 if (strcmp(keyword, "maxmem") == 0) 1379 return parse_uint64(value, &pdata->maxmem); 1380 return 0; 1381 } 1382 #endif 1383 1384 static int pbkdf2_test_parse(EVP_TEST *t, 1385 const char *keyword, const char *value) 1386 { 1387 PBE_DATA *pdata = t->data; 1388 1389 if (strcmp(keyword, "iter") == 0) { 1390 pdata->iter = atoi(value); 1391 if (pdata->iter <= 0) 1392 return -1; 1393 return 1; 1394 } 1395 if (strcmp(keyword, "MD") == 0) { 1396 pdata->md = EVP_get_digestbyname(value); 1397 if (pdata->md == NULL) 1398 return -1; 1399 return 1; 1400 } 1401 return 0; 1402 } 1403 1404 static int pkcs12_test_parse(EVP_TEST *t, 1405 const char *keyword, const char *value) 1406 { 1407 PBE_DATA *pdata = t->data; 1408 1409 if (strcmp(keyword, "id") == 0) { 1410 pdata->id = atoi(value); 1411 if (pdata->id <= 0) 1412 return -1; 1413 return 1; 1414 } 1415 return pbkdf2_test_parse(t, keyword, value); 1416 } 1417 1418 static int pbe_test_init(EVP_TEST *t, const char *alg) 1419 { 1420 PBE_DATA *pdat; 1421 PBE_TYPE pbe_type = PBE_TYPE_INVALID; 1422 1423 if (strcmp(alg, "scrypt") == 0) { 1424 #ifndef OPENSSL_NO_SCRYPT 1425 pbe_type = PBE_TYPE_SCRYPT; 1426 #else 1427 t->skip = 1; 1428 return 1; 1429 #endif 1430 } else if (strcmp(alg, "pbkdf2") == 0) { 1431 pbe_type = PBE_TYPE_PBKDF2; 1432 } else if (strcmp(alg, "pkcs12") == 0) { 1433 pbe_type = PBE_TYPE_PKCS12; 1434 } else { 1435 TEST_error("Unknown pbe algorithm %s", alg); 1436 } 1437 pdat = OPENSSL_zalloc(sizeof(*pdat)); 1438 pdat->pbe_type = pbe_type; 1439 t->data = pdat; 1440 return 1; 1441 } 1442 1443 static void pbe_test_cleanup(EVP_TEST *t) 1444 { 1445 PBE_DATA *pdat = t->data; 1446 1447 OPENSSL_free(pdat->pass); 1448 OPENSSL_free(pdat->salt); 1449 OPENSSL_free(pdat->key); 1450 } 1451 1452 static int pbe_test_parse(EVP_TEST *t, 1453 const char *keyword, const char *value) 1454 { 1455 PBE_DATA *pdata = t->data; 1456 1457 if (strcmp(keyword, "Password") == 0) 1458 return parse_bin(value, &pdata->pass, &pdata->pass_len); 1459 if (strcmp(keyword, "Salt") == 0) 1460 return parse_bin(value, &pdata->salt, &pdata->salt_len); 1461 if (strcmp(keyword, "Key") == 0) 1462 return parse_bin(value, &pdata->key, &pdata->key_len); 1463 if (pdata->pbe_type == PBE_TYPE_PBKDF2) 1464 return pbkdf2_test_parse(t, keyword, value); 1465 else if (pdata->pbe_type == PBE_TYPE_PKCS12) 1466 return pkcs12_test_parse(t, keyword, value); 1467 #ifndef OPENSSL_NO_SCRYPT 1468 else if (pdata->pbe_type == PBE_TYPE_SCRYPT) 1469 return scrypt_test_parse(t, keyword, value); 1470 #endif 1471 return 0; 1472 } 1473 1474 static int pbe_test_run(EVP_TEST *t) 1475 { 1476 PBE_DATA *expected = t->data; 1477 unsigned char *key; 1478 1479 if (!TEST_ptr(key = OPENSSL_malloc(expected->key_len))) { 1480 t->err = "INTERNAL_ERROR"; 1481 goto err; 1482 } 1483 if (expected->pbe_type == PBE_TYPE_PBKDF2) { 1484 if (PKCS5_PBKDF2_HMAC((char *)expected->pass, expected->pass_len, 1485 expected->salt, expected->salt_len, 1486 expected->iter, expected->md, 1487 expected->key_len, key) == 0) { 1488 t->err = "PBKDF2_ERROR"; 1489 goto err; 1490 } 1491 #ifndef OPENSSL_NO_SCRYPT 1492 } else if (expected->pbe_type == PBE_TYPE_SCRYPT) { 1493 if (EVP_PBE_scrypt((const char *)expected->pass, expected->pass_len, 1494 expected->salt, expected->salt_len, expected->N, 1495 expected->r, expected->p, expected->maxmem, 1496 key, expected->key_len) == 0) { 1497 t->err = "SCRYPT_ERROR"; 1498 goto err; 1499 } 1500 #endif 1501 } else if (expected->pbe_type == PBE_TYPE_PKCS12) { 1502 if (PKCS12_key_gen_uni(expected->pass, expected->pass_len, 1503 expected->salt, expected->salt_len, 1504 expected->id, expected->iter, expected->key_len, 1505 key, expected->md) == 0) { 1506 t->err = "PKCS12_ERROR"; 1507 goto err; 1508 } 1509 } 1510 if (!memory_err_compare(t, "KEY_MISMATCH", expected->key, expected->key_len, 1511 key, expected->key_len)) 1512 goto err; 1513 1514 t->err = NULL; 1515 err: 1516 OPENSSL_free(key); 1517 return 1; 1518 } 1519 1520 static const EVP_TEST_METHOD pbe_test_method = { 1521 "PBE", 1522 pbe_test_init, 1523 pbe_test_cleanup, 1524 pbe_test_parse, 1525 pbe_test_run 1526 }; 1527 1528 1529 /** 1530 *** BASE64 TESTS 1531 **/ 1532 1533 typedef enum { 1534 BASE64_CANONICAL_ENCODING = 0, 1535 BASE64_VALID_ENCODING = 1, 1536 BASE64_INVALID_ENCODING = 2 1537 } base64_encoding_type; 1538 1539 typedef struct encode_data_st { 1540 /* Input to encoding */ 1541 unsigned char *input; 1542 size_t input_len; 1543 /* Expected output */ 1544 unsigned char *output; 1545 size_t output_len; 1546 base64_encoding_type encoding; 1547 } ENCODE_DATA; 1548 1549 static int encode_test_init(EVP_TEST *t, const char *encoding) 1550 { 1551 ENCODE_DATA *edata; 1552 1553 if (!TEST_ptr(edata = OPENSSL_zalloc(sizeof(*edata)))) 1554 return 0; 1555 if (strcmp(encoding, "canonical") == 0) { 1556 edata->encoding = BASE64_CANONICAL_ENCODING; 1557 } else if (strcmp(encoding, "valid") == 0) { 1558 edata->encoding = BASE64_VALID_ENCODING; 1559 } else if (strcmp(encoding, "invalid") == 0) { 1560 edata->encoding = BASE64_INVALID_ENCODING; 1561 if (!TEST_ptr(t->expected_err = OPENSSL_strdup("DECODE_ERROR"))) 1562 goto err; 1563 } else { 1564 TEST_error("Bad encoding: %s." 1565 " Should be one of {canonical, valid, invalid}", 1566 encoding); 1567 goto err; 1568 } 1569 t->data = edata; 1570 return 1; 1571 err: 1572 OPENSSL_free(edata); 1573 return 0; 1574 } 1575 1576 static void encode_test_cleanup(EVP_TEST *t) 1577 { 1578 ENCODE_DATA *edata = t->data; 1579 1580 OPENSSL_free(edata->input); 1581 OPENSSL_free(edata->output); 1582 memset(edata, 0, sizeof(*edata)); 1583 } 1584 1585 static int encode_test_parse(EVP_TEST *t, 1586 const char *keyword, const char *value) 1587 { 1588 ENCODE_DATA *edata = t->data; 1589 1590 if (strcmp(keyword, "Input") == 0) 1591 return parse_bin(value, &edata->input, &edata->input_len); 1592 if (strcmp(keyword, "Output") == 0) 1593 return parse_bin(value, &edata->output, &edata->output_len); 1594 return 0; 1595 } 1596 1597 static int encode_test_run(EVP_TEST *t) 1598 { 1599 ENCODE_DATA *expected = t->data; 1600 unsigned char *encode_out = NULL, *decode_out = NULL; 1601 int output_len, chunk_len; 1602 EVP_ENCODE_CTX *decode_ctx = NULL, *encode_ctx = NULL; 1603 1604 if (!TEST_ptr(decode_ctx = EVP_ENCODE_CTX_new())) { 1605 t->err = "INTERNAL_ERROR"; 1606 goto err; 1607 } 1608 1609 if (expected->encoding == BASE64_CANONICAL_ENCODING) { 1610 1611 if (!TEST_ptr(encode_ctx = EVP_ENCODE_CTX_new()) 1612 || !TEST_ptr(encode_out = 1613 OPENSSL_malloc(EVP_ENCODE_LENGTH(expected->input_len)))) 1614 goto err; 1615 1616 EVP_EncodeInit(encode_ctx); 1617 if (!TEST_true(EVP_EncodeUpdate(encode_ctx, encode_out, &chunk_len, 1618 expected->input, expected->input_len))) 1619 goto err; 1620 1621 output_len = chunk_len; 1622 1623 EVP_EncodeFinal(encode_ctx, encode_out + chunk_len, &chunk_len); 1624 output_len += chunk_len; 1625 1626 if (!memory_err_compare(t, "BAD_ENCODING", 1627 expected->output, expected->output_len, 1628 encode_out, output_len)) 1629 goto err; 1630 } 1631 1632 if (!TEST_ptr(decode_out = 1633 OPENSSL_malloc(EVP_DECODE_LENGTH(expected->output_len)))) 1634 goto err; 1635 1636 EVP_DecodeInit(decode_ctx); 1637 if (EVP_DecodeUpdate(decode_ctx, decode_out, &chunk_len, expected->output, 1638 expected->output_len) < 0) { 1639 t->err = "DECODE_ERROR"; 1640 goto err; 1641 } 1642 output_len = chunk_len; 1643 1644 if (EVP_DecodeFinal(decode_ctx, decode_out + chunk_len, &chunk_len) != 1) { 1645 t->err = "DECODE_ERROR"; 1646 goto err; 1647 } 1648 output_len += chunk_len; 1649 1650 if (expected->encoding != BASE64_INVALID_ENCODING 1651 && !memory_err_compare(t, "BAD_DECODING", 1652 expected->input, expected->input_len, 1653 decode_out, output_len)) { 1654 t->err = "BAD_DECODING"; 1655 goto err; 1656 } 1657 1658 t->err = NULL; 1659 err: 1660 OPENSSL_free(encode_out); 1661 OPENSSL_free(decode_out); 1662 EVP_ENCODE_CTX_free(decode_ctx); 1663 EVP_ENCODE_CTX_free(encode_ctx); 1664 return 1; 1665 } 1666 1667 static const EVP_TEST_METHOD encode_test_method = { 1668 "Encoding", 1669 encode_test_init, 1670 encode_test_cleanup, 1671 encode_test_parse, 1672 encode_test_run, 1673 }; 1674 1675 /** 1676 *** KDF TESTS 1677 **/ 1678 1679 typedef struct kdf_data_st { 1680 /* Context for this operation */ 1681 EVP_PKEY_CTX *ctx; 1682 /* Expected output */ 1683 unsigned char *output; 1684 size_t output_len; 1685 } KDF_DATA; 1686 1687 /* 1688 * Perform public key operation setup: lookup key, allocated ctx and call 1689 * the appropriate initialisation function 1690 */ 1691 static int kdf_test_init(EVP_TEST *t, const char *name) 1692 { 1693 KDF_DATA *kdata; 1694 int kdf_nid = OBJ_sn2nid(name); 1695 1696 #ifdef OPENSSL_NO_SCRYPT 1697 if (strcmp(name, "scrypt") == 0) { 1698 t->skip = 1; 1699 return 1; 1700 } 1701 #endif 1702 1703 if (kdf_nid == NID_undef) 1704 kdf_nid = OBJ_ln2nid(name); 1705 1706 if (!TEST_ptr(kdata = OPENSSL_zalloc(sizeof(*kdata)))) 1707 return 0; 1708 kdata->ctx = EVP_PKEY_CTX_new_id(kdf_nid, NULL); 1709 if (kdata->ctx == NULL) { 1710 OPENSSL_free(kdata); 1711 return 0; 1712 } 1713 if (EVP_PKEY_derive_init(kdata->ctx) <= 0) { 1714 EVP_PKEY_CTX_free(kdata->ctx); 1715 OPENSSL_free(kdata); 1716 return 0; 1717 } 1718 t->data = kdata; 1719 return 1; 1720 } 1721 1722 static void kdf_test_cleanup(EVP_TEST *t) 1723 { 1724 KDF_DATA *kdata = t->data; 1725 OPENSSL_free(kdata->output); 1726 EVP_PKEY_CTX_free(kdata->ctx); 1727 } 1728 1729 static int kdf_test_parse(EVP_TEST *t, 1730 const char *keyword, const char *value) 1731 { 1732 KDF_DATA *kdata = t->data; 1733 1734 if (strcmp(keyword, "Output") == 0) 1735 return parse_bin(value, &kdata->output, &kdata->output_len); 1736 if (strncmp(keyword, "Ctrl", 4) == 0) 1737 return pkey_test_ctrl(t, kdata->ctx, value); 1738 return 0; 1739 } 1740 1741 static int kdf_test_run(EVP_TEST *t) 1742 { 1743 KDF_DATA *expected = t->data; 1744 unsigned char *got = NULL; 1745 size_t got_len = expected->output_len; 1746 1747 if (!TEST_ptr(got = OPENSSL_malloc(got_len))) { 1748 t->err = "INTERNAL_ERROR"; 1749 goto err; 1750 } 1751 if (EVP_PKEY_derive(expected->ctx, got, &got_len) <= 0) { 1752 t->err = "KDF_DERIVE_ERROR"; 1753 goto err; 1754 } 1755 if (!memory_err_compare(t, "KDF_MISMATCH", 1756 expected->output, expected->output_len, 1757 got, got_len)) 1758 goto err; 1759 1760 t->err = NULL; 1761 1762 err: 1763 OPENSSL_free(got); 1764 return 1; 1765 } 1766 1767 static const EVP_TEST_METHOD kdf_test_method = { 1768 "KDF", 1769 kdf_test_init, 1770 kdf_test_cleanup, 1771 kdf_test_parse, 1772 kdf_test_run 1773 }; 1774 1775 1776 /** 1777 *** KEYPAIR TESTS 1778 **/ 1779 1780 typedef struct keypair_test_data_st { 1781 EVP_PKEY *privk; 1782 EVP_PKEY *pubk; 1783 } KEYPAIR_TEST_DATA; 1784 1785 static int keypair_test_init(EVP_TEST *t, const char *pair) 1786 { 1787 KEYPAIR_TEST_DATA *data; 1788 int rv = 0; 1789 EVP_PKEY *pk = NULL, *pubk = NULL; 1790 char *pub, *priv = NULL; 1791 1792 /* Split private and public names. */ 1793 if (!TEST_ptr(priv = OPENSSL_strdup(pair)) 1794 || !TEST_ptr(pub = strchr(priv, ':'))) { 1795 t->err = "PARSING_ERROR"; 1796 goto end; 1797 } 1798 *pub++ = '\0'; 1799 1800 if (!TEST_true(find_key(&pk, priv, private_keys))) { 1801 TEST_info("Can't find private key: %s", priv); 1802 t->err = "MISSING_PRIVATE_KEY"; 1803 goto end; 1804 } 1805 if (!TEST_true(find_key(&pubk, pub, public_keys))) { 1806 TEST_info("Can't find public key: %s", pub); 1807 t->err = "MISSING_PUBLIC_KEY"; 1808 goto end; 1809 } 1810 1811 if (pk == NULL && pubk == NULL) { 1812 /* Both keys are listed but unsupported: skip this test */ 1813 t->skip = 1; 1814 rv = 1; 1815 goto end; 1816 } 1817 1818 if (!TEST_ptr(data = OPENSSL_malloc(sizeof(*data)))) 1819 goto end; 1820 data->privk = pk; 1821 data->pubk = pubk; 1822 t->data = data; 1823 rv = 1; 1824 t->err = NULL; 1825 1826 end: 1827 OPENSSL_free(priv); 1828 return rv; 1829 } 1830 1831 static void keypair_test_cleanup(EVP_TEST *t) 1832 { 1833 OPENSSL_free(t->data); 1834 t->data = NULL; 1835 } 1836 1837 /* 1838 * For tests that do not accept any custom keywords. 1839 */ 1840 static int void_test_parse(EVP_TEST *t, const char *keyword, const char *value) 1841 { 1842 return 0; 1843 } 1844 1845 static int keypair_test_run(EVP_TEST *t) 1846 { 1847 int rv = 0; 1848 const KEYPAIR_TEST_DATA *pair = t->data; 1849 1850 if (pair->privk == NULL || pair->pubk == NULL) { 1851 /* 1852 * this can only happen if only one of the keys is not set 1853 * which means that one of them was unsupported while the 1854 * other isn't: hence a key type mismatch. 1855 */ 1856 t->err = "KEYPAIR_TYPE_MISMATCH"; 1857 rv = 1; 1858 goto end; 1859 } 1860 1861 if ((rv = EVP_PKEY_cmp(pair->privk, pair->pubk)) != 1 ) { 1862 if ( 0 == rv ) { 1863 t->err = "KEYPAIR_MISMATCH"; 1864 } else if ( -1 == rv ) { 1865 t->err = "KEYPAIR_TYPE_MISMATCH"; 1866 } else if ( -2 == rv ) { 1867 t->err = "UNSUPPORTED_KEY_COMPARISON"; 1868 } else { 1869 TEST_error("Unexpected error in key comparison"); 1870 rv = 0; 1871 goto end; 1872 } 1873 rv = 1; 1874 goto end; 1875 } 1876 1877 rv = 1; 1878 t->err = NULL; 1879 1880 end: 1881 return rv; 1882 } 1883 1884 static const EVP_TEST_METHOD keypair_test_method = { 1885 "PrivPubKeyPair", 1886 keypair_test_init, 1887 keypair_test_cleanup, 1888 void_test_parse, 1889 keypair_test_run 1890 }; 1891 1892 /** 1893 *** KEYGEN TEST 1894 **/ 1895 1896 typedef struct keygen_test_data_st { 1897 EVP_PKEY_CTX *genctx; /* Keygen context to use */ 1898 char *keyname; /* Key name to store key or NULL */ 1899 } KEYGEN_TEST_DATA; 1900 1901 static int keygen_test_init(EVP_TEST *t, const char *alg) 1902 { 1903 KEYGEN_TEST_DATA *data; 1904 EVP_PKEY_CTX *genctx; 1905 int nid = OBJ_sn2nid(alg); 1906 1907 if (nid == NID_undef) { 1908 nid = OBJ_ln2nid(alg); 1909 if (nid == NID_undef) 1910 return 0; 1911 } 1912 1913 if (!TEST_ptr(genctx = EVP_PKEY_CTX_new_id(nid, NULL))) { 1914 /* assume algorithm disabled */ 1915 t->skip = 1; 1916 return 1; 1917 } 1918 1919 if (EVP_PKEY_keygen_init(genctx) <= 0) { 1920 t->err = "KEYGEN_INIT_ERROR"; 1921 goto err; 1922 } 1923 1924 if (!TEST_ptr(data = OPENSSL_malloc(sizeof(*data)))) 1925 goto err; 1926 data->genctx = genctx; 1927 data->keyname = NULL; 1928 t->data = data; 1929 t->err = NULL; 1930 return 1; 1931 1932 err: 1933 EVP_PKEY_CTX_free(genctx); 1934 return 0; 1935 } 1936 1937 static void keygen_test_cleanup(EVP_TEST *t) 1938 { 1939 KEYGEN_TEST_DATA *keygen = t->data; 1940 1941 EVP_PKEY_CTX_free(keygen->genctx); 1942 OPENSSL_free(keygen->keyname); 1943 OPENSSL_free(t->data); 1944 t->data = NULL; 1945 } 1946 1947 static int keygen_test_parse(EVP_TEST *t, 1948 const char *keyword, const char *value) 1949 { 1950 KEYGEN_TEST_DATA *keygen = t->data; 1951 1952 if (strcmp(keyword, "KeyName") == 0) 1953 return TEST_ptr(keygen->keyname = OPENSSL_strdup(value)); 1954 if (strcmp(keyword, "Ctrl") == 0) 1955 return pkey_test_ctrl(t, keygen->genctx, value); 1956 return 0; 1957 } 1958 1959 static int keygen_test_run(EVP_TEST *t) 1960 { 1961 KEYGEN_TEST_DATA *keygen = t->data; 1962 EVP_PKEY *pkey = NULL; 1963 1964 t->err = NULL; 1965 if (EVP_PKEY_keygen(keygen->genctx, &pkey) <= 0) { 1966 t->err = "KEYGEN_GENERATE_ERROR"; 1967 goto err; 1968 } 1969 1970 if (keygen->keyname != NULL) { 1971 KEY_LIST *key; 1972 1973 if (find_key(NULL, keygen->keyname, private_keys)) { 1974 TEST_info("Duplicate key %s", keygen->keyname); 1975 goto err; 1976 } 1977 1978 if (!TEST_ptr(key = OPENSSL_malloc(sizeof(*key)))) 1979 goto err; 1980 key->name = keygen->keyname; 1981 keygen->keyname = NULL; 1982 key->key = pkey; 1983 key->next = private_keys; 1984 private_keys = key; 1985 } else { 1986 EVP_PKEY_free(pkey); 1987 } 1988 1989 return 1; 1990 1991 err: 1992 EVP_PKEY_free(pkey); 1993 return 0; 1994 } 1995 1996 static const EVP_TEST_METHOD keygen_test_method = { 1997 "KeyGen", 1998 keygen_test_init, 1999 keygen_test_cleanup, 2000 keygen_test_parse, 2001 keygen_test_run, 2002 }; 2003 2004 /** 2005 *** DIGEST SIGN+VERIFY TESTS 2006 **/ 2007 2008 typedef struct { 2009 int is_verify; /* Set to 1 if verifying */ 2010 int is_oneshot; /* Set to 1 for one shot operation */ 2011 const EVP_MD *md; /* Digest to use */ 2012 EVP_MD_CTX *ctx; /* Digest context */ 2013 EVP_PKEY_CTX *pctx; 2014 STACK_OF(EVP_TEST_BUFFER) *input; /* Input data: streaming */ 2015 unsigned char *osin; /* Input data if one shot */ 2016 size_t osin_len; /* Input length data if one shot */ 2017 unsigned char *output; /* Expected output */ 2018 size_t output_len; /* Expected output length */ 2019 } DIGESTSIGN_DATA; 2020 2021 static int digestsigver_test_init(EVP_TEST *t, const char *alg, int is_verify, 2022 int is_oneshot) 2023 { 2024 const EVP_MD *md = NULL; 2025 DIGESTSIGN_DATA *mdat; 2026 2027 if (strcmp(alg, "NULL") != 0) { 2028 if ((md = EVP_get_digestbyname(alg)) == NULL) { 2029 /* If alg has an OID assume disabled algorithm */ 2030 if (OBJ_sn2nid(alg) != NID_undef || OBJ_ln2nid(alg) != NID_undef) { 2031 t->skip = 1; 2032 return 1; 2033 } 2034 return 0; 2035 } 2036 } 2037 if (!TEST_ptr(mdat = OPENSSL_zalloc(sizeof(*mdat)))) 2038 return 0; 2039 mdat->md = md; 2040 if (!TEST_ptr(mdat->ctx = EVP_MD_CTX_new())) { 2041 OPENSSL_free(mdat); 2042 return 0; 2043 } 2044 mdat->is_verify = is_verify; 2045 mdat->is_oneshot = is_oneshot; 2046 t->data = mdat; 2047 return 1; 2048 } 2049 2050 static int digestsign_test_init(EVP_TEST *t, const char *alg) 2051 { 2052 return digestsigver_test_init(t, alg, 0, 0); 2053 } 2054 2055 static void digestsigver_test_cleanup(EVP_TEST *t) 2056 { 2057 DIGESTSIGN_DATA *mdata = t->data; 2058 2059 EVP_MD_CTX_free(mdata->ctx); 2060 sk_EVP_TEST_BUFFER_pop_free(mdata->input, evp_test_buffer_free); 2061 OPENSSL_free(mdata->osin); 2062 OPENSSL_free(mdata->output); 2063 OPENSSL_free(mdata); 2064 t->data = NULL; 2065 } 2066 2067 static int digestsigver_test_parse(EVP_TEST *t, 2068 const char *keyword, const char *value) 2069 { 2070 DIGESTSIGN_DATA *mdata = t->data; 2071 2072 if (strcmp(keyword, "Key") == 0) { 2073 EVP_PKEY *pkey = NULL; 2074 int rv = 0; 2075 2076 if (mdata->is_verify) 2077 rv = find_key(&pkey, value, public_keys); 2078 if (rv == 0) 2079 rv = find_key(&pkey, value, private_keys); 2080 if (rv == 0 || pkey == NULL) { 2081 t->skip = 1; 2082 return 1; 2083 } 2084 if (mdata->is_verify) { 2085 if (!EVP_DigestVerifyInit(mdata->ctx, &mdata->pctx, mdata->md, 2086 NULL, pkey)) 2087 t->err = "DIGESTVERIFYINIT_ERROR"; 2088 return 1; 2089 } 2090 if (!EVP_DigestSignInit(mdata->ctx, &mdata->pctx, mdata->md, NULL, 2091 pkey)) 2092 t->err = "DIGESTSIGNINIT_ERROR"; 2093 return 1; 2094 } 2095 2096 if (strcmp(keyword, "Input") == 0) { 2097 if (mdata->is_oneshot) 2098 return parse_bin(value, &mdata->osin, &mdata->osin_len); 2099 return evp_test_buffer_append(value, &mdata->input); 2100 } 2101 if (strcmp(keyword, "Output") == 0) 2102 return parse_bin(value, &mdata->output, &mdata->output_len); 2103 2104 if (!mdata->is_oneshot) { 2105 if (strcmp(keyword, "Count") == 0) 2106 return evp_test_buffer_set_count(value, mdata->input); 2107 if (strcmp(keyword, "Ncopy") == 0) 2108 return evp_test_buffer_ncopy(value, mdata->input); 2109 } 2110 if (strcmp(keyword, "Ctrl") == 0) { 2111 if (mdata->pctx == NULL) 2112 return 0; 2113 return pkey_test_ctrl(t, mdata->pctx, value); 2114 } 2115 return 0; 2116 } 2117 2118 static int digestsign_update_fn(void *ctx, const unsigned char *buf, 2119 size_t buflen) 2120 { 2121 return EVP_DigestSignUpdate(ctx, buf, buflen); 2122 } 2123 2124 static int digestsign_test_run(EVP_TEST *t) 2125 { 2126 DIGESTSIGN_DATA *expected = t->data; 2127 unsigned char *got = NULL; 2128 size_t got_len; 2129 2130 if (!evp_test_buffer_do(expected->input, digestsign_update_fn, 2131 expected->ctx)) { 2132 t->err = "DIGESTUPDATE_ERROR"; 2133 goto err; 2134 } 2135 2136 if (!EVP_DigestSignFinal(expected->ctx, NULL, &got_len)) { 2137 t->err = "DIGESTSIGNFINAL_LENGTH_ERROR"; 2138 goto err; 2139 } 2140 if (!TEST_ptr(got = OPENSSL_malloc(got_len))) { 2141 t->err = "MALLOC_FAILURE"; 2142 goto err; 2143 } 2144 if (!EVP_DigestSignFinal(expected->ctx, got, &got_len)) { 2145 t->err = "DIGESTSIGNFINAL_ERROR"; 2146 goto err; 2147 } 2148 if (!memory_err_compare(t, "SIGNATURE_MISMATCH", 2149 expected->output, expected->output_len, 2150 got, got_len)) 2151 goto err; 2152 2153 t->err = NULL; 2154 err: 2155 OPENSSL_free(got); 2156 return 1; 2157 } 2158 2159 static const EVP_TEST_METHOD digestsign_test_method = { 2160 "DigestSign", 2161 digestsign_test_init, 2162 digestsigver_test_cleanup, 2163 digestsigver_test_parse, 2164 digestsign_test_run 2165 }; 2166 2167 static int digestverify_test_init(EVP_TEST *t, const char *alg) 2168 { 2169 return digestsigver_test_init(t, alg, 1, 0); 2170 } 2171 2172 static int digestverify_update_fn(void *ctx, const unsigned char *buf, 2173 size_t buflen) 2174 { 2175 return EVP_DigestVerifyUpdate(ctx, buf, buflen); 2176 } 2177 2178 static int digestverify_test_run(EVP_TEST *t) 2179 { 2180 DIGESTSIGN_DATA *mdata = t->data; 2181 2182 if (!evp_test_buffer_do(mdata->input, digestverify_update_fn, mdata->ctx)) { 2183 t->err = "DIGESTUPDATE_ERROR"; 2184 return 1; 2185 } 2186 2187 if (EVP_DigestVerifyFinal(mdata->ctx, mdata->output, 2188 mdata->output_len) <= 0) 2189 t->err = "VERIFY_ERROR"; 2190 return 1; 2191 } 2192 2193 static const EVP_TEST_METHOD digestverify_test_method = { 2194 "DigestVerify", 2195 digestverify_test_init, 2196 digestsigver_test_cleanup, 2197 digestsigver_test_parse, 2198 digestverify_test_run 2199 }; 2200 2201 static int oneshot_digestsign_test_init(EVP_TEST *t, const char *alg) 2202 { 2203 return digestsigver_test_init(t, alg, 0, 1); 2204 } 2205 2206 static int oneshot_digestsign_test_run(EVP_TEST *t) 2207 { 2208 DIGESTSIGN_DATA *expected = t->data; 2209 unsigned char *got = NULL; 2210 size_t got_len; 2211 2212 if (!EVP_DigestSign(expected->ctx, NULL, &got_len, 2213 expected->osin, expected->osin_len)) { 2214 t->err = "DIGESTSIGN_LENGTH_ERROR"; 2215 goto err; 2216 } 2217 if (!TEST_ptr(got = OPENSSL_malloc(got_len))) { 2218 t->err = "MALLOC_FAILURE"; 2219 goto err; 2220 } 2221 if (!EVP_DigestSign(expected->ctx, got, &got_len, 2222 expected->osin, expected->osin_len)) { 2223 t->err = "DIGESTSIGN_ERROR"; 2224 goto err; 2225 } 2226 if (!memory_err_compare(t, "SIGNATURE_MISMATCH", 2227 expected->output, expected->output_len, 2228 got, got_len)) 2229 goto err; 2230 2231 t->err = NULL; 2232 err: 2233 OPENSSL_free(got); 2234 return 1; 2235 } 2236 2237 static const EVP_TEST_METHOD oneshot_digestsign_test_method = { 2238 "OneShotDigestSign", 2239 oneshot_digestsign_test_init, 2240 digestsigver_test_cleanup, 2241 digestsigver_test_parse, 2242 oneshot_digestsign_test_run 2243 }; 2244 2245 static int oneshot_digestverify_test_init(EVP_TEST *t, const char *alg) 2246 { 2247 return digestsigver_test_init(t, alg, 1, 1); 2248 } 2249 2250 static int oneshot_digestverify_test_run(EVP_TEST *t) 2251 { 2252 DIGESTSIGN_DATA *mdata = t->data; 2253 2254 if (EVP_DigestVerify(mdata->ctx, mdata->output, mdata->output_len, 2255 mdata->osin, mdata->osin_len) <= 0) 2256 t->err = "VERIFY_ERROR"; 2257 return 1; 2258 } 2259 2260 static const EVP_TEST_METHOD oneshot_digestverify_test_method = { 2261 "OneShotDigestVerify", 2262 oneshot_digestverify_test_init, 2263 digestsigver_test_cleanup, 2264 digestsigver_test_parse, 2265 oneshot_digestverify_test_run 2266 }; 2267 2268 2269 /** 2270 *** PARSING AND DISPATCH 2271 **/ 2272 2273 static const EVP_TEST_METHOD *evp_test_list[] = { 2274 &cipher_test_method, 2275 &digest_test_method, 2276 &digestsign_test_method, 2277 &digestverify_test_method, 2278 &encode_test_method, 2279 &kdf_test_method, 2280 &keypair_test_method, 2281 &keygen_test_method, 2282 &mac_test_method, 2283 &oneshot_digestsign_test_method, 2284 &oneshot_digestverify_test_method, 2285 &pbe_test_method, 2286 &pdecrypt_test_method, 2287 &pderive_test_method, 2288 &psign_test_method, 2289 &pverify_recover_test_method, 2290 &pverify_test_method, 2291 NULL 2292 }; 2293 2294 static const EVP_TEST_METHOD *find_test(const char *name) 2295 { 2296 const EVP_TEST_METHOD **tt; 2297 2298 for (tt = evp_test_list; *tt; tt++) { 2299 if (strcmp(name, (*tt)->name) == 0) 2300 return *tt; 2301 } 2302 return NULL; 2303 } 2304 2305 static void clear_test(EVP_TEST *t) 2306 { 2307 test_clearstanza(&t->s); 2308 ERR_clear_error(); 2309 if (t->data != NULL) { 2310 if (t->meth != NULL) 2311 t->meth->cleanup(t); 2312 OPENSSL_free(t->data); 2313 t->data = NULL; 2314 } 2315 OPENSSL_free(t->expected_err); 2316 t->expected_err = NULL; 2317 OPENSSL_free(t->func); 2318 t->func = NULL; 2319 OPENSSL_free(t->reason); 2320 t->reason = NULL; 2321 2322 /* Text literal. */ 2323 t->err = NULL; 2324 t->skip = 0; 2325 t->meth = NULL; 2326 } 2327 2328 /* 2329 * Check for errors in the test structure; return 1 if okay, else 0. 2330 */ 2331 static int check_test_error(EVP_TEST *t) 2332 { 2333 unsigned long err; 2334 const char *func; 2335 const char *reason; 2336 2337 if (t->err == NULL && t->expected_err == NULL) 2338 return 1; 2339 if (t->err != NULL && t->expected_err == NULL) { 2340 if (t->aux_err != NULL) { 2341 TEST_info("%s:%d: Source of above error (%s); unexpected error %s", 2342 t->s.test_file, t->s.start, t->aux_err, t->err); 2343 } else { 2344 TEST_info("%s:%d: Source of above error; unexpected error %s", 2345 t->s.test_file, t->s.start, t->err); 2346 } 2347 return 0; 2348 } 2349 if (t->err == NULL && t->expected_err != NULL) { 2350 TEST_info("%s:%d: Succeeded but was expecting %s", 2351 t->s.test_file, t->s.start, t->expected_err); 2352 return 0; 2353 } 2354 2355 if (strcmp(t->err, t->expected_err) != 0) { 2356 TEST_info("%s:%d: Expected %s got %s", 2357 t->s.test_file, t->s.start, t->expected_err, t->err); 2358 return 0; 2359 } 2360 2361 if (t->func == NULL && t->reason == NULL) 2362 return 1; 2363 2364 if (t->func == NULL || t->reason == NULL) { 2365 TEST_info("%s:%d: Test is missing function or reason code", 2366 t->s.test_file, t->s.start); 2367 return 0; 2368 } 2369 2370 err = ERR_peek_error(); 2371 if (err == 0) { 2372 TEST_info("%s:%d: Expected error \"%s:%s\" not set", 2373 t->s.test_file, t->s.start, t->func, t->reason); 2374 return 0; 2375 } 2376 2377 func = ERR_func_error_string(err); 2378 reason = ERR_reason_error_string(err); 2379 if (func == NULL && reason == NULL) { 2380 TEST_info("%s:%d: Expected error \"%s:%s\", no strings available." 2381 " Assuming ok.", 2382 t->s.test_file, t->s.start, t->func, t->reason); 2383 return 1; 2384 } 2385 2386 if (strcmp(func, t->func) == 0 && strcmp(reason, t->reason) == 0) 2387 return 1; 2388 2389 TEST_info("%s:%d: Expected error \"%s:%s\", got \"%s:%s\"", 2390 t->s.test_file, t->s.start, t->func, t->reason, func, reason); 2391 2392 return 0; 2393 } 2394 2395 /* 2396 * Run a parsed test. Log a message and return 0 on error. 2397 */ 2398 static int run_test(EVP_TEST *t) 2399 { 2400 if (t->meth == NULL) 2401 return 1; 2402 t->s.numtests++; 2403 if (t->skip) { 2404 t->s.numskip++; 2405 } else { 2406 /* run the test */ 2407 if (t->err == NULL && t->meth->run_test(t) != 1) { 2408 TEST_info("%s:%d %s error", 2409 t->s.test_file, t->s.start, t->meth->name); 2410 return 0; 2411 } 2412 if (!check_test_error(t)) { 2413 TEST_openssl_errors(); 2414 t->s.errors++; 2415 } 2416 } 2417 2418 /* clean it up */ 2419 return 1; 2420 } 2421 2422 static int find_key(EVP_PKEY **ppk, const char *name, KEY_LIST *lst) 2423 { 2424 for (; lst != NULL; lst = lst->next) { 2425 if (strcmp(lst->name, name) == 0) { 2426 if (ppk != NULL) 2427 *ppk = lst->key; 2428 return 1; 2429 } 2430 } 2431 return 0; 2432 } 2433 2434 static void free_key_list(KEY_LIST *lst) 2435 { 2436 while (lst != NULL) { 2437 KEY_LIST *next = lst->next; 2438 2439 EVP_PKEY_free(lst->key); 2440 OPENSSL_free(lst->name); 2441 OPENSSL_free(lst); 2442 lst = next; 2443 } 2444 } 2445 2446 /* 2447 * Is the key type an unsupported algorithm? 2448 */ 2449 static int key_unsupported(void) 2450 { 2451 long err = ERR_peek_error(); 2452 2453 if (ERR_GET_LIB(err) == ERR_LIB_EVP 2454 && ERR_GET_REASON(err) == EVP_R_UNSUPPORTED_ALGORITHM) { 2455 ERR_clear_error(); 2456 return 1; 2457 } 2458 #ifndef OPENSSL_NO_EC 2459 /* 2460 * If EC support is enabled we should catch also EC_R_UNKNOWN_GROUP as an 2461 * hint to an unsupported algorithm/curve (e.g. if binary EC support is 2462 * disabled). 2463 */ 2464 if (ERR_GET_LIB(err) == ERR_LIB_EC 2465 && ERR_GET_REASON(err) == EC_R_UNKNOWN_GROUP) { 2466 ERR_clear_error(); 2467 return 1; 2468 } 2469 #endif /* OPENSSL_NO_EC */ 2470 return 0; 2471 } 2472 2473 /* 2474 * NULL out the value from |pp| but return it. This "steals" a pointer. 2475 */ 2476 static char *take_value(PAIR *pp) 2477 { 2478 char *p = pp->value; 2479 2480 pp->value = NULL; 2481 return p; 2482 } 2483 2484 /* 2485 * Read and parse one test. Return 0 if failure, 1 if okay. 2486 */ 2487 static int parse(EVP_TEST *t) 2488 { 2489 KEY_LIST *key, **klist; 2490 EVP_PKEY *pkey; 2491 PAIR *pp; 2492 int i; 2493 2494 top: 2495 do { 2496 if (BIO_eof(t->s.fp)) 2497 return EOF; 2498 clear_test(t); 2499 if (!test_readstanza(&t->s)) 2500 return 0; 2501 } while (t->s.numpairs == 0); 2502 pp = &t->s.pairs[0]; 2503 2504 /* Are we adding a key? */ 2505 klist = NULL; 2506 pkey = NULL; 2507 if (strcmp(pp->key, "PrivateKey") == 0) { 2508 pkey = PEM_read_bio_PrivateKey(t->s.key, NULL, 0, NULL); 2509 if (pkey == NULL && !key_unsupported()) { 2510 EVP_PKEY_free(pkey); 2511 TEST_info("Can't read private key %s", pp->value); 2512 TEST_openssl_errors(); 2513 return 0; 2514 } 2515 klist = &private_keys; 2516 } else if (strcmp(pp->key, "PublicKey") == 0) { 2517 pkey = PEM_read_bio_PUBKEY(t->s.key, NULL, 0, NULL); 2518 if (pkey == NULL && !key_unsupported()) { 2519 EVP_PKEY_free(pkey); 2520 TEST_info("Can't read public key %s", pp->value); 2521 TEST_openssl_errors(); 2522 return 0; 2523 } 2524 klist = &public_keys; 2525 } else if (strcmp(pp->key, "PrivateKeyRaw") == 0 2526 || strcmp(pp->key, "PublicKeyRaw") == 0 ) { 2527 char *strnid = NULL, *keydata = NULL; 2528 unsigned char *keybin; 2529 size_t keylen; 2530 int nid; 2531 2532 if (strcmp(pp->key, "PrivateKeyRaw") == 0) 2533 klist = &private_keys; 2534 else 2535 klist = &public_keys; 2536 2537 strnid = strchr(pp->value, ':'); 2538 if (strnid != NULL) { 2539 *strnid++ = '\0'; 2540 keydata = strchr(strnid, ':'); 2541 if (keydata != NULL) 2542 *keydata++ = '\0'; 2543 } 2544 if (keydata == NULL) { 2545 TEST_info("Failed to parse %s value", pp->key); 2546 return 0; 2547 } 2548 2549 nid = OBJ_txt2nid(strnid); 2550 if (nid == NID_undef) { 2551 TEST_info("Uncrecognised algorithm NID"); 2552 return 0; 2553 } 2554 if (!parse_bin(keydata, &keybin, &keylen)) { 2555 TEST_info("Failed to create binary key"); 2556 return 0; 2557 } 2558 if (klist == &private_keys) 2559 pkey = EVP_PKEY_new_raw_private_key(nid, NULL, keybin, keylen); 2560 else 2561 pkey = EVP_PKEY_new_raw_public_key(nid, NULL, keybin, keylen); 2562 if (pkey == NULL && !key_unsupported()) { 2563 TEST_info("Can't read %s data", pp->key); 2564 OPENSSL_free(keybin); 2565 TEST_openssl_errors(); 2566 return 0; 2567 } 2568 OPENSSL_free(keybin); 2569 } 2570 2571 /* If we have a key add to list */ 2572 if (klist != NULL) { 2573 if (find_key(NULL, pp->value, *klist)) { 2574 TEST_info("Duplicate key %s", pp->value); 2575 return 0; 2576 } 2577 if (!TEST_ptr(key = OPENSSL_malloc(sizeof(*key)))) 2578 return 0; 2579 key->name = take_value(pp); 2580 2581 /* Hack to detect SM2 keys */ 2582 if(pkey != NULL && strstr(key->name, "SM2") != NULL) { 2583 #ifdef OPENSSL_NO_SM2 2584 EVP_PKEY_free(pkey); 2585 pkey = NULL; 2586 #else 2587 EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2); 2588 #endif 2589 } 2590 2591 key->key = pkey; 2592 key->next = *klist; 2593 *klist = key; 2594 2595 /* Go back and start a new stanza. */ 2596 if (t->s.numpairs != 1) 2597 TEST_info("Line %d: missing blank line\n", t->s.curr); 2598 goto top; 2599 } 2600 2601 /* Find the test, based on first keyword. */ 2602 if (!TEST_ptr(t->meth = find_test(pp->key))) 2603 return 0; 2604 if (!t->meth->init(t, pp->value)) { 2605 TEST_error("unknown %s: %s\n", pp->key, pp->value); 2606 return 0; 2607 } 2608 if (t->skip == 1) { 2609 /* TEST_info("skipping %s %s", pp->key, pp->value); */ 2610 return 0; 2611 } 2612 2613 for (pp++, i = 1; i < t->s.numpairs; pp++, i++) { 2614 if (strcmp(pp->key, "Result") == 0) { 2615 if (t->expected_err != NULL) { 2616 TEST_info("Line %d: multiple result lines", t->s.curr); 2617 return 0; 2618 } 2619 t->expected_err = take_value(pp); 2620 } else if (strcmp(pp->key, "Function") == 0) { 2621 if (t->func != NULL) { 2622 TEST_info("Line %d: multiple function lines\n", t->s.curr); 2623 return 0; 2624 } 2625 t->func = take_value(pp); 2626 } else if (strcmp(pp->key, "Reason") == 0) { 2627 if (t->reason != NULL) { 2628 TEST_info("Line %d: multiple reason lines", t->s.curr); 2629 return 0; 2630 } 2631 t->reason = take_value(pp); 2632 } else { 2633 /* Must be test specific line: try to parse it */ 2634 int rv = t->meth->parse(t, pp->key, pp->value); 2635 2636 if (rv == 0) { 2637 TEST_info("Line %d: unknown keyword %s", t->s.curr, pp->key); 2638 return 0; 2639 } 2640 if (rv < 0) { 2641 TEST_info("Line %d: error processing keyword %s = %s\n", 2642 t->s.curr, pp->key, pp->value); 2643 return 0; 2644 } 2645 } 2646 } 2647 2648 return 1; 2649 } 2650 2651 static int run_file_tests(int i) 2652 { 2653 EVP_TEST *t; 2654 const char *testfile = test_get_argument(i); 2655 int c; 2656 2657 if (!TEST_ptr(t = OPENSSL_zalloc(sizeof(*t)))) 2658 return 0; 2659 if (!test_start_file(&t->s, testfile)) { 2660 OPENSSL_free(t); 2661 return 0; 2662 } 2663 2664 while (!BIO_eof(t->s.fp)) { 2665 c = parse(t); 2666 if (t->skip) 2667 continue; 2668 if (c == 0 || !run_test(t)) { 2669 t->s.errors++; 2670 break; 2671 } 2672 } 2673 test_end_file(&t->s); 2674 clear_test(t); 2675 2676 free_key_list(public_keys); 2677 free_key_list(private_keys); 2678 BIO_free(t->s.key); 2679 c = t->s.errors; 2680 OPENSSL_free(t); 2681 return c == 0; 2682 } 2683 2684 int setup_tests(void) 2685 { 2686 size_t n = test_get_argument_count(); 2687 2688 if (n == 0) { 2689 TEST_error("Usage: %s file...", test_get_program_name()); 2690 return 0; 2691 } 2692 2693 ADD_ALL_TESTS(run_file_tests, n); 2694 return 1; 2695 } 2696