2 * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
12 * These tests are setup to load null into the default library context.
13 * Any tests are expected to use the created 'libctx' to find algorithms.
14 * The framework runs the tests twice using the 'default' provider or
15 * 'fips' provider as inputs.
19 * DSA/DH low level APIs are deprecated for public use, but still ok for
22 #include "internal/deprecated.h"
23 #include <openssl/evp.h>
24 #include <openssl/provider.h>
25 #include <openssl/dsa.h>
26 #include <openssl/dh.h>
27 #include <openssl/safestack.h>
29 #include "internal/nelem.h"
30 #include "crypto/bn_dh.h" /* _bignum_ffdhe2048_p */
31 #include "../e_os.h" /* strcasecmp */
33 DEFINE_STACK_OF_CSTRING()
35 static OPENSSL_CTX *libctx = NULL;
36 static OSSL_PROVIDER *nullprov = NULL;
37 static OSSL_PROVIDER *libprov = NULL;
38 static STACK_OF(OPENSSL_CSTRING) *cipher_names = NULL;
40 typedef enum OPTION_choice {
48 const OPTIONS *test_get_options(void)
50 static const OPTIONS test_options[] = {
51 OPT_TEST_OPTIONS_DEFAULT_USAGE,
52 { "config", OPT_CONFIG_FILE, '<',
53 "The configuration file to use for the libctx" },
54 { "provider", OPT_PROVIDER_NAME, 's',
55 "The provider to load (The default value is 'default'" },
62 static const char *getname(int id)
64 const char *name[] = {"p", "q", "g" };
66 if (id >= 0 && id < 3)
73 * We're using some DH specific values in this test, so we skip compilation if
74 * we're in a no-dh build.
76 #if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DH)
78 static int test_dsa_param_keygen(int tstid)
82 EVP_PKEY_CTX *gen_ctx = NULL;
83 EVP_PKEY *pkey_parm = NULL;
84 EVP_PKEY *pkey = NULL;
87 BIGNUM *p = NULL, *q = NULL, *g = NULL;
90 * Just grab some fixed dh p, q, g values for testing,
91 * these 'safe primes' should not be used normally for dsa *.
93 static const BIGNUM *bn[] = {
94 &_bignum_dh2048_256_p, &_bignum_dh2048_256_q, &_bignum_dh2048_256_g
98 * These tests are using bad values for p, q, g by reusing the values.
99 * A value of 0 uses p, 1 uses q and 2 uses g.
100 * There are 27 different combinations, with only the 1 valid combination.
103 qind = (tstid / 3) % 3;
105 expected = (pind == 0 && qind == 1 && gind == 2);
107 TEST_note("Testing with (p, q, g) = (%s, %s, %s)\n", getname(pind),
108 getname(qind), getname(gind));
110 if (!TEST_ptr(pkey_parm = EVP_PKEY_new())
111 || !TEST_ptr(dsa = DSA_new())
112 || !TEST_ptr(p = BN_dup(bn[pind]))
113 || !TEST_ptr(q = BN_dup(bn[qind]))
114 || !TEST_ptr(g = BN_dup(bn[gind]))
115 || !TEST_true(DSA_set0_pqg(dsa, p, q, g)))
119 if (!TEST_true(EVP_PKEY_assign_DSA(pkey_parm, dsa)))
123 if (!TEST_ptr(gen_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey_parm, NULL))
124 || !TEST_int_gt(EVP_PKEY_keygen_init(gen_ctx), 0)
125 || !TEST_int_eq(EVP_PKEY_keygen(gen_ctx, &pkey), expected))
130 EVP_PKEY_CTX_free(gen_ctx);
131 EVP_PKEY_free(pkey_parm);
138 #endif /* OPENSSL_NO_DSA */
140 #ifndef OPENSSL_NO_DH
141 static int do_dh_param_keygen(int tstid, const BIGNUM **bn)
145 EVP_PKEY_CTX *gen_ctx = NULL;
146 EVP_PKEY *pkey_parm = NULL;
147 EVP_PKEY *pkey = NULL;
149 int pind, qind, gind;
150 BIGNUM *p = NULL, *q = NULL, *g = NULL;
153 * These tests are using bad values for p, q, g by reusing the values.
154 * A value of 0 uses p, 1 uses q and 2 uses g.
155 * There are 27 different combinations, with only the 1 valid combination.
158 qind = (tstid / 3) % 3;
160 expected = (pind == 0 && qind == 1 && gind == 2);
162 TEST_note("Testing with (p, q, g) = (%s, %s, %s)", getname(pind),
163 getname(qind), getname(gind));
165 if (!TEST_ptr(pkey_parm = EVP_PKEY_new())
166 || !TEST_ptr(dh = DH_new())
167 || !TEST_ptr(p = BN_dup(bn[pind]))
168 || !TEST_ptr(q = BN_dup(bn[qind]))
169 || !TEST_ptr(g = BN_dup(bn[gind]))
170 || !TEST_true(DH_set0_pqg(dh, p, q, g)))
174 if (!TEST_true(EVP_PKEY_assign_DH(pkey_parm, dh)))
178 if (!TEST_ptr(gen_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey_parm, NULL))
179 || !TEST_int_gt(EVP_PKEY_keygen_init(gen_ctx), 0)
180 || !TEST_int_eq(EVP_PKEY_keygen(gen_ctx, &pkey), expected))
185 EVP_PKEY_CTX_free(gen_ctx);
186 EVP_PKEY_free(pkey_parm);
195 * Note that we get the fips186-4 path being run for most of these cases since
196 * the internal code will detect that the p, q, g does not match a safe prime
197 * group (Except for when tstid = 5, which sets the correct p, q, g)
199 static int test_dh_safeprime_param_keygen(int tstid)
201 static const BIGNUM *bn[] = {
202 &_bignum_ffdhe2048_p, &_bignum_ffdhe2048_q, &_bignum_const_2
204 return do_dh_param_keygen(tstid, bn);
206 #endif /* OPENSSL_NO_DH */
208 static int test_cipher_reinit(int test_id)
210 int ret = 0, out1_len = 0, out2_len = 0, diff, ccm;
211 EVP_CIPHER *cipher = NULL;
212 EVP_CIPHER_CTX *ctx = NULL;
213 unsigned char out1[256];
214 unsigned char out2[256];
215 unsigned char in[16] = {
216 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
217 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10
219 unsigned char key[64] = {
220 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
221 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
222 0x01, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
223 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
224 0x02, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
225 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
226 0x03, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
227 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
229 unsigned char iv[16] = {
230 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08,
231 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00
233 const char *name = sk_OPENSSL_CSTRING_value(cipher_names, test_id);
235 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()))
238 TEST_note("Fetching %s\n", name);
239 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, name, NULL)))
242 /* ccm fails on the second update - this matches OpenSSL 1_1_1 behaviour */
243 ccm = (EVP_CIPHER_mode(cipher) == EVP_CIPH_CCM_MODE);
245 /* DES3-WRAP uses random every update - so it will give a different value */
246 diff = EVP_CIPHER_is_a(cipher, "DES3-WRAP");
248 if (!TEST_true(EVP_EncryptInit_ex(ctx, cipher, NULL, key, iv))
249 || !TEST_true(EVP_EncryptUpdate(ctx, out1, &out1_len, in, sizeof(in)))
250 || !TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv))
251 || !TEST_int_eq(EVP_EncryptUpdate(ctx, out2, &out2_len, in, sizeof(in)),
257 if (!TEST_mem_ne(out1, out1_len, out2, out2_len))
260 if (!TEST_mem_eq(out1, out1_len, out2, out2_len))
266 EVP_CIPHER_free(cipher);
267 EVP_CIPHER_CTX_free(ctx);
271 static int name_cmp(const char * const *a, const char * const *b)
273 return strcasecmp(*a, *b);
276 static void collect_cipher_names(EVP_CIPHER *cipher, void *cipher_names_list)
278 STACK_OF(OPENSSL_CSTRING) *names = cipher_names_list;
280 sk_OPENSSL_CSTRING_push(names, EVP_CIPHER_name(cipher));
283 int setup_tests(void)
285 const char *prov_name = "default";
286 char *config_file = NULL;
289 while ((o = opt_next()) != OPT_EOF) {
291 case OPT_PROVIDER_NAME:
292 prov_name = opt_arg();
294 case OPT_CONFIG_FILE:
295 config_file = opt_arg();
305 nullprov = OSSL_PROVIDER_load(NULL, "null");
306 if (!TEST_ptr(nullprov))
309 libctx = OPENSSL_CTX_new();
311 if (!TEST_ptr(libctx))
314 if (config_file != NULL) {
315 if (!TEST_true(OPENSSL_CTX_load_config(libctx, config_file)))
319 libprov = OSSL_PROVIDER_load(libctx, prov_name);
320 if (!TEST_ptr(libprov))
323 #if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DH)
324 ADD_ALL_TESTS(test_dsa_param_keygen, 3 * 3 * 3);
326 #ifndef OPENSSL_NO_DH
327 ADD_ALL_TESTS(test_dh_safeprime_param_keygen, 3 * 3 * 3);
330 if (!TEST_ptr(cipher_names = sk_OPENSSL_CSTRING_new(name_cmp)))
332 EVP_CIPHER_do_all_provided(libctx, collect_cipher_names, cipher_names);
334 ADD_ALL_TESTS(test_cipher_reinit, sk_OPENSSL_CSTRING_num(cipher_names));
338 void cleanup_tests(void)
340 sk_OPENSSL_CSTRING_free(cipher_names);
341 OSSL_PROVIDER_unload(libprov);
342 OPENSSL_CTX_free(libctx);
343 OSSL_PROVIDER_unload(nullprov);