2 * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
11 * A set of tests demonstrating uses cases for CAVS/ACVP testing.
13 * For examples of testing KDF's, Digests, KeyAgreement & DRBG's refer to
14 * providers/fips/self_test_kats.c
18 #include <openssl/opensslconf.h> /* To see if OPENSSL_NO_EC is defined */
19 #include <openssl/core_names.h>
20 #include <openssl/evp.h>
21 #include <openssl/ec.h>
22 #include <openssl/dh.h>
23 #include <openssl/dsa.h>
24 #include <openssl/rsa.h>
25 #include <openssl/param_build.h>
26 #include <openssl/provider.h>
27 #include <openssl/self_test.h>
29 #include "testutil/output.h"
30 #include "acvp_test.inc"
31 #include "internal/nelem.h"
33 typedef enum OPTION_choice {
40 typedef struct st_args {
45 static OSSL_PROVIDER *prov_null = NULL;
46 static OSSL_LIB_CTX *libctx = NULL;
47 static SELF_TEST_ARGS self_test_args = { 0 };
48 static OSSL_CALLBACK self_test_events;
50 const OPTIONS *test_get_options(void)
52 static const OPTIONS test_options[] = {
53 OPT_TEST_OPTIONS_DEFAULT_USAGE,
54 { "config", OPT_CONFIG_FILE, '<',
55 "The configuration file to use for the libctx" },
61 #if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DSA) \
62 || !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_RSA)
63 static int pkey_get_bn_bytes(EVP_PKEY *pkey, const char *name,
64 unsigned char **out, size_t *out_len)
66 unsigned char *buf = NULL;
70 if (!EVP_PKEY_get_bn_param(pkey, name, &bn))
72 sz = BN_num_bytes(bn);
73 buf = OPENSSL_zalloc(sz);
76 if (!BN_bn2binpad(bn, buf, sz))
90 #if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DSA) \
91 || !defined(OPENSSL_NO_RSA)
92 static int sig_gen(EVP_PKEY *pkey, OSSL_PARAM *params, const char *digest_name,
93 const unsigned char *msg, size_t msg_len,
94 unsigned char **sig_out, size_t *sig_out_len)
97 EVP_MD_CTX *md_ctx = NULL;
98 unsigned char *sig = NULL;
100 size_t sz = EVP_PKEY_size(pkey);
102 if (!TEST_ptr(sig = OPENSSL_malloc(sz))
103 || !TEST_ptr(md_ctx = EVP_MD_CTX_new())
104 || !TEST_int_eq(EVP_DigestSignInit_ex(md_ctx, NULL, digest_name, libctx,
106 || !TEST_int_gt(EVP_DigestSign(md_ctx, sig, &sig_len, msg, msg_len), 0))
109 *sig_out_len = sig_len;
114 EVP_MD_CTX_free(md_ctx);
119 #ifndef OPENSSL_NO_EC
120 static int ecdsa_keygen_test(int id)
123 EVP_PKEY_CTX *ctx = NULL;
124 EVP_PKEY *pkey = NULL;
125 unsigned char *priv = NULL;
126 unsigned char *pubx = NULL, *puby = NULL;
127 size_t priv_len = 0, pubx_len = 0, puby_len = 0;
128 const struct ecdsa_keygen_st *tst = &ecdsa_keygen_data[id];
130 self_test_args.called = 0;
131 self_test_args.enable = 1;
132 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "EC", NULL))
133 || !TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
134 || !TEST_true(EVP_PKEY_CTX_set_group_name(ctx, tst->curve_name))
135 || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0)
136 || !TEST_int_eq(self_test_args.called, 3)
137 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_PRIV_KEY, &priv,
139 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_EC_PUB_X, &pubx,
141 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_EC_PUB_Y, &puby,
145 test_output_memory("qy", puby, puby_len);
146 test_output_memory("qx", pubx, pubx_len);
147 test_output_memory("d", priv, priv_len);
150 self_test_args.enable = 0;
151 self_test_args.called = 0;
152 OPENSSL_clear_free(priv, priv_len);
156 EVP_PKEY_CTX_free(ctx);
160 static int ecdsa_create_pkey(EVP_PKEY **pkey, const char *curve_name,
161 const unsigned char *pub, size_t pub_len,
165 EVP_PKEY_CTX *ctx = NULL;
166 OSSL_PARAM_BLD *bld = NULL;
167 OSSL_PARAM *params = NULL;
169 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
170 || (curve_name != NULL
171 && !TEST_true(OSSL_PARAM_BLD_push_utf8_string(
172 bld, OSSL_PKEY_PARAM_GROUP_NAME, curve_name, 0) > 0))
173 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
174 OSSL_PKEY_PARAM_PUB_KEY,
176 || !TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
177 || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "EC", NULL))
178 || !TEST_true(EVP_PKEY_key_fromdata_init(ctx))
179 || !TEST_int_eq(EVP_PKEY_fromdata(ctx, pkey, params), expected))
184 OSSL_PARAM_BLD_free_params(params);
185 OSSL_PARAM_BLD_free(bld);
186 EVP_PKEY_CTX_free(ctx);
190 static int ecdsa_pub_verify_test(int id)
192 const struct ecdsa_pub_verify_st *tst = &ecdsa_pv_data[id];
195 EVP_PKEY_CTX *key_ctx = NULL;
196 EVP_PKEY *pkey = NULL;
198 if (!TEST_true(ecdsa_create_pkey(&pkey, tst->curve_name,
199 tst->pub, tst->pub_len, tst->pass)))
203 if (!TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, ""))
204 || !TEST_int_eq(EVP_PKEY_public_check(key_ctx), tst->pass))
210 EVP_PKEY_CTX_free(key_ctx);
214 /* Extract r and s from a ecdsa signature */
215 static int get_ecdsa_sig_rs_bytes(const unsigned char *sig, size_t sig_len,
216 unsigned char **r, unsigned char **s,
217 size_t *rlen, size_t *slen)
220 unsigned char *rbuf = NULL, *sbuf = NULL;
221 size_t r1_len, s1_len;
222 const BIGNUM *r1, *s1;
223 ECDSA_SIG *sign = d2i_ECDSA_SIG(NULL, &sig, sig_len);
227 r1 = ECDSA_SIG_get0_r(sign);
228 s1 = ECDSA_SIG_get0_s(sign);
229 if (r1 == NULL || s1 == NULL)
232 r1_len = BN_num_bytes(r1);
233 s1_len = BN_num_bytes(s1);
234 rbuf = OPENSSL_zalloc(r1_len);
235 sbuf = OPENSSL_zalloc(s1_len);
236 if (rbuf == NULL || sbuf == NULL)
238 if (BN_bn2binpad(r1, rbuf, r1_len) <= 0)
240 if (BN_bn2binpad(s1, sbuf, s1_len) <= 0)
252 ECDSA_SIG_free(sign);
256 static int ecdsa_siggen_test(int id)
259 EVP_PKEY_CTX *ctx = NULL, *key_ctx = NULL;
260 EVP_PKEY *pkey = NULL;
261 size_t sig_len = 0, rlen = 0, slen = 0;
262 unsigned char *sig = NULL;
263 unsigned char *r = NULL, *s = NULL;
264 const struct ecdsa_siggen_st *tst = &ecdsa_siggen_data[id];
266 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "EC", NULL))
267 || !TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
268 || !TEST_true(EVP_PKEY_CTX_set_group_name(ctx, tst->curve_name))
269 || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0))
272 if (!TEST_true(sig_gen(pkey, NULL, tst->digest_alg, tst->msg, tst->msg_len,
274 || !TEST_true(get_ecdsa_sig_rs_bytes(sig, sig_len, &r, &s, &rlen, &slen)))
276 test_output_memory("r", r, rlen);
277 test_output_memory("s", s, slen);
284 EVP_PKEY_CTX_free(key_ctx);
285 EVP_PKEY_CTX_free(ctx);
289 static int ecdsa_sigver_test(int id)
292 EVP_MD_CTX *md_ctx = NULL;
293 EVP_PKEY *pkey = NULL;
294 ECDSA_SIG *sign = NULL;
296 unsigned char *sig = NULL;
297 BIGNUM *rbn = NULL, *sbn = NULL;
298 const struct ecdsa_sigver_st *tst = &ecdsa_sigver_data[id];
300 if (!TEST_true(ecdsa_create_pkey(&pkey, tst->curve_name,
301 tst->pub, tst->pub_len, 1)))
304 if (!TEST_ptr(sign = ECDSA_SIG_new())
305 || !TEST_ptr(rbn = BN_bin2bn(tst->r, tst->r_len, NULL))
306 || !TEST_ptr(sbn = BN_bin2bn(tst->s, tst->s_len, NULL))
307 || !TEST_true(ECDSA_SIG_set0(sign, rbn, sbn)))
311 ret = TEST_int_gt((sig_len = i2d_ECDSA_SIG(sign, &sig)), 0)
312 && TEST_ptr(md_ctx = EVP_MD_CTX_new())
313 && TEST_true(EVP_DigestVerifyInit_ex(md_ctx, NULL, tst->digest_alg,
315 && TEST_int_eq(EVP_DigestVerify(md_ctx, sig, sig_len,
316 tst->msg, tst->msg_len), tst->pass));
321 ECDSA_SIG_free(sign);
323 EVP_MD_CTX_free(md_ctx);
327 #endif /* OPENSSL_NO_EC */
329 #ifndef OPENSSL_NO_DSA
330 static int pkey_get_octet_bytes(EVP_PKEY *pkey, const char *name,
331 unsigned char **out, size_t *out_len)
334 unsigned char *buf = NULL;
336 if (!EVP_PKEY_get_octet_string_param(pkey, name, NULL, 0, &len))
339 buf = OPENSSL_zalloc(len);
343 if (!EVP_PKEY_get_octet_string_param(pkey, name, buf, len, out_len))
352 static EVP_PKEY *dsa_paramgen(int L, int N)
354 EVP_PKEY_CTX *paramgen_ctx = NULL;
355 EVP_PKEY *param_key = NULL;
357 if (!TEST_ptr(paramgen_ctx = EVP_PKEY_CTX_new_from_name(libctx, "DSA", NULL))
358 || !TEST_true(EVP_PKEY_paramgen_init(paramgen_ctx))
359 || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_bits(paramgen_ctx, L))
360 || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_q_bits(paramgen_ctx, N))
361 || !TEST_true(EVP_PKEY_paramgen(paramgen_ctx, ¶m_key)))
363 EVP_PKEY_CTX_free(paramgen_ctx);
367 static EVP_PKEY *dsa_keygen(int L, int N)
369 EVP_PKEY *param_key = NULL, *key = NULL;
370 EVP_PKEY_CTX *keygen_ctx = NULL;
372 if (!TEST_ptr(param_key = dsa_paramgen(L, N))
373 || !TEST_ptr(keygen_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, param_key,
375 || !TEST_int_gt(EVP_PKEY_keygen_init(keygen_ctx), 0)
376 || !TEST_int_gt(EVP_PKEY_keygen(keygen_ctx, &key), 0))
379 EVP_PKEY_free(param_key);
380 EVP_PKEY_CTX_free(keygen_ctx);
384 static int dsa_keygen_test(int id)
387 EVP_PKEY_CTX *paramgen_ctx = NULL, *keygen_ctx = NULL;
388 EVP_PKEY *param_key = NULL, *key = NULL;
389 unsigned char *priv = NULL, *pub = NULL;
390 size_t priv_len = 0, pub_len = 0;
391 const struct dsa_paramgen_st *tst = &dsa_keygen_data[id];
393 if (!TEST_ptr(param_key = dsa_paramgen(tst->L, tst->N))
394 || !TEST_ptr(keygen_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, param_key,
396 || !TEST_int_gt(EVP_PKEY_keygen_init(keygen_ctx), 0))
398 for (i = 0; i < 2; ++i) {
399 if (!TEST_int_gt(EVP_PKEY_keygen(keygen_ctx, &key), 0)
400 || !TEST_true(pkey_get_bn_bytes(key, OSSL_PKEY_PARAM_PRIV_KEY,
402 || !TEST_true(pkey_get_bn_bytes(key, OSSL_PKEY_PARAM_PUB_KEY,
405 test_output_memory("y", pub, pub_len);
406 test_output_memory("x", priv, priv_len);
408 OPENSSL_clear_free(priv, priv_len);
415 OPENSSL_clear_free(priv, priv_len);
417 EVP_PKEY_free(param_key);
419 EVP_PKEY_CTX_free(keygen_ctx);
420 EVP_PKEY_CTX_free(paramgen_ctx);
424 static int dsa_paramgen_test(int id)
426 int ret = 0, counter = 0;
427 EVP_PKEY_CTX *paramgen_ctx = NULL;
428 EVP_PKEY *param_key = NULL;
429 unsigned char *p = NULL, *q = NULL, *seed = NULL;
430 size_t plen = 0, qlen = 0, seedlen = 0;
431 const struct dsa_paramgen_st *tst = &dsa_paramgen_data[id];
433 if (!TEST_ptr(paramgen_ctx = EVP_PKEY_CTX_new_from_name(libctx, "DSA", NULL))
434 || !TEST_true(EVP_PKEY_paramgen_init(paramgen_ctx))
435 || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_bits(paramgen_ctx, tst->L))
436 || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_q_bits(paramgen_ctx, tst->N))
437 || !TEST_true(EVP_PKEY_paramgen(paramgen_ctx, ¶m_key))
438 || !TEST_true(pkey_get_bn_bytes(param_key, OSSL_PKEY_PARAM_FFC_P,
440 || !TEST_true(pkey_get_bn_bytes(param_key, OSSL_PKEY_PARAM_FFC_Q,
442 || !TEST_true(pkey_get_octet_bytes(param_key, OSSL_PKEY_PARAM_FFC_SEED,
444 || !TEST_true(EVP_PKEY_get_int_param(param_key,
445 OSSL_PKEY_PARAM_FFC_PCOUNTER,
449 test_output_memory("p", p, plen);
450 test_output_memory("q", q, qlen);
451 test_output_memory("domainSeed", seed, seedlen);
452 test_printf_stderr("%s: %d\n", "counter", counter);
458 EVP_PKEY_free(param_key);
459 EVP_PKEY_CTX_free(paramgen_ctx);
463 static int dsa_create_pkey(EVP_PKEY **pkey,
464 const unsigned char *p, size_t p_len,
465 const unsigned char *q, size_t q_len,
466 const unsigned char *g, size_t g_len,
467 const unsigned char *seed, size_t seed_len,
469 const char *validate_type,
470 const unsigned char *pub, size_t pub_len,
474 EVP_PKEY_CTX *ctx = NULL;
475 OSSL_PARAM_BLD *bld = NULL;
476 OSSL_PARAM *params = NULL;
477 BIGNUM *p_bn = NULL, *q_bn = NULL, *g_bn = NULL, *pub_bn = NULL;
479 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
480 || !TEST_ptr(p_bn = BN_CTX_get(bn_ctx))
481 || !TEST_ptr(BN_bin2bn(p, p_len, p_bn))
482 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
483 OSSL_PKEY_PARAM_FFC_VALIDATE_TYPE,
485 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p_bn))
486 || !TEST_ptr(q_bn = BN_CTX_get(bn_ctx))
487 || !TEST_ptr(BN_bin2bn(q, q_len, q_bn))
488 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q_bn)))
492 if (!TEST_ptr(g_bn = BN_CTX_get(bn_ctx))
493 || !TEST_ptr(BN_bin2bn(g, g_len, g_bn))
494 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld,
495 OSSL_PKEY_PARAM_FFC_G, g_bn)))
499 if (!TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
500 OSSL_PKEY_PARAM_FFC_SEED, seed, seed_len)))
504 if (!TEST_true(OSSL_PARAM_BLD_push_int(bld,
505 OSSL_PKEY_PARAM_FFC_PCOUNTER,
510 if (!TEST_ptr(pub_bn = BN_CTX_get(bn_ctx))
511 || !TEST_ptr(BN_bin2bn(pub, pub_len, pub_bn))
512 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld,
513 OSSL_PKEY_PARAM_PUB_KEY,
517 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
518 || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "DSA", NULL))
519 || !TEST_true(EVP_PKEY_key_fromdata_init(ctx))
520 || !TEST_true(EVP_PKEY_fromdata(ctx, pkey, params)))
525 OSSL_PARAM_BLD_free_params(params);
526 OSSL_PARAM_BLD_free(bld);
527 EVP_PKEY_CTX_free(ctx);
531 static int dsa_pqver_test(int id)
534 BN_CTX *bn_ctx = NULL;
535 EVP_PKEY_CTX *key_ctx = NULL;
536 EVP_PKEY *param_key = NULL;
537 const struct dsa_pqver_st *tst = &dsa_pqver_data[id];
539 if (!TEST_ptr(bn_ctx = BN_CTX_new_ex(libctx))
540 || !TEST_true(dsa_create_pkey(¶m_key, tst->p, tst->p_len,
541 tst->q, tst->q_len, NULL, 0,
542 tst->seed, tst->seed_len, tst->counter,
543 OSSL_FFC_PARAM_VALIDATE_PQ,
546 || !TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, param_key,
548 || !TEST_int_eq(EVP_PKEY_param_check(key_ctx), tst->pass))
554 EVP_PKEY_free(param_key);
555 EVP_PKEY_CTX_free(key_ctx);
559 /* Extract r and s from a dsa signature */
560 static int get_dsa_sig_rs_bytes(const unsigned char *sig, size_t sig_len,
561 unsigned char **r, unsigned char **s,
562 size_t *r_len, size_t *s_len)
565 unsigned char *rbuf = NULL, *sbuf = NULL;
566 size_t r1_len, s1_len;
567 const BIGNUM *r1, *s1;
568 DSA_SIG *sign = d2i_DSA_SIG(NULL, &sig, sig_len);
572 DSA_SIG_get0(sign, &r1, &s1);
573 if (r1 == NULL || s1 == NULL)
576 r1_len = BN_num_bytes(r1);
577 s1_len = BN_num_bytes(s1);
578 rbuf = OPENSSL_zalloc(r1_len);
579 sbuf = OPENSSL_zalloc(s1_len);
580 if (rbuf == NULL || sbuf == NULL)
582 if (BN_bn2binpad(r1, rbuf, r1_len) <= 0)
584 if (BN_bn2binpad(s1, sbuf, s1_len) <= 0)
600 static int dsa_siggen_test(int id)
603 EVP_PKEY *pkey = NULL;
604 unsigned char *sig = NULL, *r = NULL, *s = NULL;
605 size_t sig_len = 0, rlen = 0, slen = 0;
606 const struct dsa_siggen_st *tst = &dsa_siggen_data[id];
608 if (!TEST_ptr(pkey = dsa_keygen(tst->L, tst->N)))
611 if (!TEST_true(sig_gen(pkey, NULL, tst->digest_alg, tst->msg, tst->msg_len,
613 || !TEST_true(get_dsa_sig_rs_bytes(sig, sig_len, &r, &s, &rlen, &slen)))
615 test_output_memory("r", r, rlen);
616 test_output_memory("s", s, slen);
626 static int dsa_sigver_test(int id)
629 EVP_PKEY_CTX *ctx = NULL;
630 EVP_PKEY *pkey = NULL;
631 DSA_SIG *sign = NULL;
633 unsigned char *sig = NULL;
634 BIGNUM *rbn = NULL, *sbn = NULL;
636 unsigned char digest[EVP_MAX_MD_SIZE];
637 unsigned int digest_len;
638 BN_CTX *bn_ctx = NULL;
639 const struct dsa_sigver_st *tst = &dsa_sigver_data[id];
641 if (!TEST_ptr(bn_ctx = BN_CTX_new())
642 || !TEST_true(dsa_create_pkey(&pkey, tst->p, tst->p_len,
643 tst->q, tst->q_len, tst->g, tst->g_len,
644 NULL, 0, 0, "", tst->pub, tst->pub_len,
648 if (!TEST_ptr(sign = DSA_SIG_new())
649 || !TEST_ptr(rbn = BN_bin2bn(tst->r, tst->r_len, NULL))
650 || !TEST_ptr(sbn = BN_bin2bn(tst->s, tst->s_len, NULL))
651 || !TEST_true(DSA_SIG_set0(sign, rbn, sbn)))
655 if (!TEST_ptr(md = EVP_MD_fetch(libctx, tst->digest_alg, ""))
656 || !TEST_true(EVP_Digest(tst->msg, tst->msg_len,
657 digest, &digest_len, md, NULL)))
660 if (!TEST_int_gt((sig_len = i2d_DSA_SIG(sign, &sig)), 0)
661 || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, ""))
662 || !TEST_int_gt(EVP_PKEY_verify_init(ctx), 0)
663 || !TEST_int_eq(EVP_PKEY_verify(ctx, sig, sig_len, digest, digest_len),
668 EVP_PKEY_CTX_free(ctx);
678 #endif /* OPENSSL_NO_DSA */
681 /* cipher encrypt/decrypt */
682 static int cipher_enc(const char *alg,
683 const unsigned char *pt, size_t pt_len,
684 const unsigned char *key, size_t key_len,
685 const unsigned char *iv, size_t iv_len,
686 const unsigned char *ct, size_t ct_len,
689 int ret = 0, out_len = 0, len = 0;
690 EVP_CIPHER_CTX *ctx = NULL;
691 EVP_CIPHER *cipher = NULL;
692 unsigned char out[256] = { 0 };
694 TEST_note("%s : %s", alg, enc ? "encrypt" : "decrypt");
695 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
696 || !TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, alg, ""))
697 || !TEST_true(EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, enc))
698 || !TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))
699 || !TEST_true(EVP_CipherUpdate(ctx, out, &len, pt, pt_len))
700 || !TEST_true(EVP_CipherFinal_ex(ctx, out + len, &out_len)))
703 if (!TEST_mem_eq(out, out_len, ct, ct_len))
707 EVP_CIPHER_free(cipher);
708 EVP_CIPHER_CTX_free(ctx);
712 static int cipher_enc_dec_test(int id)
714 const struct cipher_st *tst = &cipher_enc_data[id];
717 return TEST_true(cipher_enc(tst->alg, tst->pt, tst->pt_len,
718 tst->key, tst->key_len,
719 tst->iv, tst->iv_len,
720 tst->ct, tst->ct_len, enc))
721 && TEST_true(cipher_enc(tst->alg, tst->ct, tst->ct_len,
722 tst->key, tst->key_len,
723 tst->iv, tst->iv_len,
724 tst->pt, tst->pt_len, !enc));
727 static int aes_ccm_enc_dec(const char *alg,
728 const unsigned char *pt, size_t pt_len,
729 const unsigned char *key, size_t key_len,
730 const unsigned char *iv, size_t iv_len,
731 const unsigned char *aad, size_t aad_len,
732 const unsigned char *ct, size_t ct_len,
733 const unsigned char *tag, size_t tag_len,
738 EVP_CIPHER *cipher = NULL;
740 unsigned char out[1024];
742 TEST_note("%s : %s : expected to %s", alg, enc ? "encrypt" : "decrypt",
743 pass ? "pass" : "fail");
745 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
746 || !TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, alg, ""))
747 || !TEST_true(EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc))
748 || !TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, iv_len,
750 || !TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, tag_len,
751 enc ? NULL : (void *)tag))
752 || !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, enc))
753 || !TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))
754 || !TEST_true(EVP_CipherUpdate(ctx, NULL, &len, NULL, pt_len))
755 || !TEST_true(EVP_CipherUpdate(ctx, NULL, &len, aad, aad_len))
756 || !TEST_int_eq(EVP_CipherUpdate(ctx, out, &len, pt, pt_len), pass))
763 if (!TEST_true(EVP_CipherFinal_ex(ctx, out + len, &out_len)))
767 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG,
768 tag_len, out + out_len))
769 || !TEST_mem_eq(out, out_len, ct, ct_len)
770 || !TEST_mem_eq(out + out_len, tag_len, tag, tag_len))
773 if (!TEST_mem_eq(out, out_len + len, ct, ct_len))
779 EVP_CIPHER_free(cipher);
780 EVP_CIPHER_CTX_free(ctx);
784 static int aes_ccm_enc_dec_test(int id)
786 const struct cipher_ccm_st *tst = &aes_ccm_enc_data[id];
788 /* The tag is on the end of the cipher text */
789 const size_t tag_len = tst->ct_len - tst->pt_len;
790 const size_t ct_len = tst->ct_len - tag_len;
791 const unsigned char *tag = tst->ct + ct_len;
798 return aes_ccm_enc_dec(tst->alg, tst->pt, tst->pt_len,
799 tst->key, tst->key_len,
800 tst->iv, tst->iv_len, tst->aad, tst->aad_len,
801 tst->ct, ct_len, tag, tag_len, enc, pass)
802 && aes_ccm_enc_dec(tst->alg, tst->ct, ct_len,
803 tst->key, tst->key_len,
804 tst->iv, tst->iv_len, tst->aad, tst->aad_len,
805 tst->pt, tst->pt_len, tag, tag_len, !enc, pass)
806 /* test that it fails if the tag is incorrect */
807 && aes_ccm_enc_dec(tst->alg, tst->ct, ct_len,
808 tst->key, tst->key_len,
809 tst->iv, tst->iv_len, tst->aad, tst->aad_len,
810 tst->pt, tst->pt_len,
811 tag - 1, tag_len, !enc, !pass);
814 static int aes_gcm_enc_dec(const char *alg,
815 const unsigned char *pt, size_t pt_len,
816 const unsigned char *key, size_t key_len,
817 const unsigned char *iv, size_t iv_len,
818 const unsigned char *aad, size_t aad_len,
819 const unsigned char *ct, size_t ct_len,
820 const unsigned char *tag, size_t tag_len,
825 EVP_CIPHER *cipher = NULL;
827 unsigned char out[1024];
829 TEST_note("%s : %s : expected to %s", alg, enc ? "encrypt" : "decrypt",
830 pass ? "pass" : "fail");
832 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
833 || !TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, alg, ""))
834 || !TEST_true(EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc))
835 || !TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, iv_len,
840 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, tag_len,
845 * TODO(3.0): The IV should not be set outside the boundary as it is now.
846 * It needs to be fed in via a dummy entropy source for this test.
848 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, enc))
849 || !TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))
850 || !TEST_true(EVP_CipherUpdate(ctx, NULL, &len, aad, aad_len))
851 || !TEST_true(EVP_CipherUpdate(ctx, out, &len, pt, pt_len)))
854 if (!TEST_int_eq(EVP_CipherFinal_ex(ctx, out + len, &out_len), pass))
862 if (!TEST_mem_eq(out, out_len, ct, ct_len)
863 || !TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG,
864 tag_len, out + out_len))
865 || !TEST_mem_eq(out + out_len, tag_len, tag, tag_len))
868 if (!TEST_mem_eq(out, out_len, ct, ct_len))
874 EVP_CIPHER_free(cipher);
875 EVP_CIPHER_CTX_free(ctx);
879 static int aes_gcm_enc_dec_test(int id)
881 const struct cipher_gcm_st *tst = &aes_gcm_enc_data[id];
885 return aes_gcm_enc_dec(tst->alg, tst->pt, tst->pt_len,
886 tst->key, tst->key_len,
887 tst->iv, tst->iv_len, tst->aad, tst->aad_len,
888 tst->ct, tst->ct_len, tst->tag, tst->tag_len,
890 && aes_gcm_enc_dec(tst->alg, tst->ct, tst->ct_len,
891 tst->key, tst->key_len,
892 tst->iv, tst->iv_len, tst->aad, tst->aad_len,
893 tst->pt, tst->pt_len, tst->tag, tst->tag_len,
895 /* Fail if incorrect tag passed to decrypt */
896 && aes_gcm_enc_dec(tst->alg, tst->ct, tst->ct_len,
897 tst->key, tst->key_len,
898 tst->iv, tst->iv_len, tst->aad, tst->aad_len,
899 tst->pt, tst->pt_len, tst->aad, tst->tag_len,
903 #ifndef OPENSSL_NO_DH
904 static int dh_create_pkey(EVP_PKEY **pkey, const char *group_name,
905 const unsigned char *pub, size_t pub_len,
906 const unsigned char *priv, size_t priv_len,
907 BN_CTX *bn_ctx, int pass)
910 EVP_PKEY_CTX *ctx = NULL;
911 OSSL_PARAM_BLD *bld = NULL;
912 OSSL_PARAM *params = NULL;
913 BIGNUM *pub_bn = NULL, *priv_bn = NULL;
915 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
916 || (group_name != NULL
917 && !TEST_int_gt(OSSL_PARAM_BLD_push_utf8_string(
918 bld, OSSL_PKEY_PARAM_GROUP_NAME,
923 if (!TEST_ptr(pub_bn = BN_CTX_get(bn_ctx))
924 || !TEST_ptr(BN_bin2bn(pub, pub_len, pub_bn))
925 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
930 if (!TEST_ptr(priv_bn = BN_CTX_get(bn_ctx))
931 || !TEST_ptr(BN_bin2bn(priv, priv_len, priv_bn))
932 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
937 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
938 || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "DH", NULL))
939 || !TEST_true(EVP_PKEY_key_fromdata_init(ctx))
940 || !TEST_int_eq(EVP_PKEY_fromdata(ctx, pkey, params), pass))
945 OSSL_PARAM_BLD_free_params(params);
946 OSSL_PARAM_BLD_free(bld);
947 EVP_PKEY_CTX_free(ctx);
951 static int dh_safe_prime_keygen_test(int id)
954 EVP_PKEY_CTX *ctx = NULL;
955 EVP_PKEY *pkey = NULL;
956 unsigned char *priv = NULL;
957 unsigned char *pub = NULL;
958 size_t priv_len = 0, pub_len = 0;
959 OSSL_PARAM params[2];
960 const struct dh_safe_prime_keygen_st *tst = &dh_safe_prime_keygen_data[id];
962 params[0] = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME,
963 (char *)tst->group_name, 0);
964 params[1] = OSSL_PARAM_construct_end();
966 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "DH", NULL))
967 || !TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
968 || !TEST_true(EVP_PKEY_CTX_set_params(ctx, params))
969 || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0)
970 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_PRIV_KEY,
972 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_PUB_KEY,
976 test_output_memory("x", priv, priv_len);
977 test_output_memory("y", pub, pub_len);
980 OPENSSL_clear_free(priv, priv_len);
983 EVP_PKEY_CTX_free(ctx);
987 static int dh_safe_prime_keyver_test(int id)
990 BN_CTX *bn_ctx = NULL;
991 EVP_PKEY_CTX *key_ctx = NULL;
992 EVP_PKEY *pkey = NULL;
993 const struct dh_safe_prime_keyver_st *tst = &dh_safe_prime_keyver_data[id];
995 if (!TEST_ptr(bn_ctx = BN_CTX_new_ex(libctx))
996 || !TEST_true(dh_create_pkey(&pkey, tst->group_name,
997 tst->pub, tst->pub_len,
998 tst->priv, tst->priv_len, bn_ctx, 1))
999 || !TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, ""))
1000 || !TEST_int_eq(EVP_PKEY_check(key_ctx), tst->pass))
1005 EVP_PKEY_free(pkey);
1006 EVP_PKEY_CTX_free(key_ctx);
1007 BN_CTX_free(bn_ctx);
1010 #endif /* OPENSSL_NO_DH */
1013 #ifndef OPENSSL_NO_RSA
1014 static EVP_PKEY *rsa_keygen(int bits)
1016 EVP_PKEY *key = NULL;
1017 EVP_PKEY_CTX *keygen_ctx = NULL;
1019 if (!TEST_ptr(keygen_ctx = EVP_PKEY_CTX_new_from_name(libctx, "RSA", NULL))
1020 || !TEST_int_gt(EVP_PKEY_keygen_init(keygen_ctx), 0)
1021 || !TEST_true(EVP_PKEY_CTX_set_rsa_keygen_bits(keygen_ctx, bits))
1022 || !TEST_int_gt(EVP_PKEY_keygen(keygen_ctx, &key), 0))
1025 EVP_PKEY_CTX_free(keygen_ctx);
1029 static int rsa_create_pkey(EVP_PKEY **pkey,
1030 const unsigned char *n, size_t n_len,
1031 const unsigned char *e, size_t e_len,
1032 const unsigned char *d, size_t d_len,
1036 EVP_PKEY_CTX *ctx = NULL;
1037 OSSL_PARAM_BLD *bld = NULL;
1038 OSSL_PARAM *params = NULL;
1039 BIGNUM *e_bn = NULL, *d_bn = NULL, *n_bn = NULL;
1041 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
1042 || !TEST_ptr(n_bn = BN_CTX_get(bn_ctx))
1043 || !TEST_ptr(BN_bin2bn(n, n_len, n_bn))
1044 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_N, n_bn)))
1048 if (!TEST_ptr(e_bn = BN_CTX_get(bn_ctx))
1049 || !TEST_ptr(BN_bin2bn(e, e_len, e_bn))
1050 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_E,
1055 if (!TEST_ptr(d_bn = BN_CTX_get(bn_ctx))
1056 || !TEST_ptr(BN_bin2bn(d, d_len, d_bn))
1057 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_D,
1061 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
1062 || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "RSA", NULL))
1063 || !TEST_true(EVP_PKEY_key_fromdata_init(ctx))
1064 || !TEST_true(EVP_PKEY_fromdata(ctx, pkey, params)))
1069 OSSL_PARAM_BLD_free_params(params);
1070 OSSL_PARAM_BLD_free(bld);
1071 EVP_PKEY_CTX_free(ctx);
1075 static int rsa_keygen_test(int id)
1078 EVP_PKEY_CTX *ctx = NULL;
1079 EVP_PKEY *pkey = NULL;
1080 BIGNUM *e_bn = NULL;
1081 BIGNUM *xp1_bn = NULL, *xp2_bn = NULL, *xp_bn = NULL;
1082 BIGNUM *xq1_bn = NULL, *xq2_bn = NULL, *xq_bn = NULL;
1083 unsigned char *n = NULL, *d = NULL;
1084 unsigned char *p = NULL, *p1 = NULL, *p2 = NULL;
1085 unsigned char *q = NULL, *q1 = NULL, *q2 = NULL;
1086 size_t n_len = 0, d_len = 0;
1087 size_t p_len = 0, p1_len = 0, p2_len = 0;
1088 size_t q_len = 0, q1_len = 0, q2_len = 0;
1089 OSSL_PARAM_BLD *bld = NULL;
1090 OSSL_PARAM *params = NULL;
1091 const struct rsa_keygen_st *tst = &rsa_keygen_data[id];
1093 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
1094 || !TEST_ptr(xp1_bn = BN_bin2bn(tst->xp1, tst->xp1_len, NULL))
1095 || !TEST_ptr(xp2_bn = BN_bin2bn(tst->xp2, tst->xp2_len, NULL))
1096 || !TEST_ptr(xp_bn = BN_bin2bn(tst->xp, tst->xp_len, NULL))
1097 || !TEST_ptr(xq1_bn = BN_bin2bn(tst->xq1, tst->xq1_len, NULL))
1098 || !TEST_ptr(xq2_bn = BN_bin2bn(tst->xq2, tst->xq2_len, NULL))
1099 || !TEST_ptr(xq_bn = BN_bin2bn(tst->xq, tst->xq_len, NULL))
1100 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_TEST_XP1,
1102 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_TEST_XP2,
1104 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_TEST_XP,
1106 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_TEST_XQ1,
1108 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_TEST_XQ2,
1110 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_TEST_XQ,
1112 || !TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
1115 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "RSA", NULL))
1116 || !TEST_ptr(e_bn = BN_bin2bn(tst->e, tst->e_len, NULL))
1117 || !TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
1118 || !TEST_true(EVP_PKEY_CTX_set_params(ctx, params))
1119 || !TEST_true(EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, tst->mod))
1120 || !TEST_true(EVP_PKEY_CTX_set1_rsa_keygen_pubexp(ctx, e_bn))
1121 || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0)
1122 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_TEST_P1,
1124 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_TEST_P2,
1126 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_TEST_Q1,
1128 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_TEST_Q2,
1130 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_FACTOR1,
1132 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_FACTOR2,
1134 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_N,
1136 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_D,
1140 if (!TEST_mem_eq(tst->p1, tst->p1_len, p1, p1_len)
1141 || !TEST_mem_eq(tst->p2, tst->p2_len, p2, p2_len)
1142 || !TEST_mem_eq(tst->p, tst->p_len, p, p_len)
1143 || !TEST_mem_eq(tst->q1, tst->q1_len, q1, q1_len)
1144 || !TEST_mem_eq(tst->q2, tst->q2_len, q2, q2_len)
1145 || !TEST_mem_eq(tst->q, tst->q_len, q, q_len)
1146 || !TEST_mem_eq(tst->n, tst->n_len, n, n_len)
1147 || !TEST_mem_eq(tst->d, tst->d_len, d, d_len))
1150 test_output_memory("p1", p1, p1_len);
1151 test_output_memory("p2", p2, p2_len);
1152 test_output_memory("p", p, p_len);
1153 test_output_memory("q1", q1, q1_len);
1154 test_output_memory("q2", q2, q2_len);
1155 test_output_memory("q", q, q_len);
1156 test_output_memory("n", n, n_len);
1157 test_output_memory("d", d, d_len);
1175 EVP_PKEY_free(pkey);
1176 EVP_PKEY_CTX_free(ctx);
1177 OSSL_PARAM_BLD_free_params(params);
1178 OSSL_PARAM_BLD_free(bld);
1182 static int rsa_siggen_test(int id)
1185 EVP_PKEY *pkey = NULL;
1186 unsigned char *sig = NULL, *n = NULL, *e = NULL;
1187 size_t sig_len = 0, n_len = 0, e_len = 0;
1188 OSSL_PARAM params[4], *p;
1189 const struct rsa_siggen_st *tst = &rsa_siggen_data[id];
1191 TEST_note("RSA %s signature generation", tst->sig_pad_mode);
1194 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_PAD_MODE,
1195 (char *)tst->sig_pad_mode, 0);
1196 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
1197 (char *)tst->digest_alg, 0);
1198 if (tst->pss_salt_len >= 0) {
1199 int salt_len = tst->pss_salt_len;
1201 *p++ = OSSL_PARAM_construct_int(OSSL_SIGNATURE_PARAM_PSS_SALTLEN,
1204 *p++ = OSSL_PARAM_construct_end();
1206 if (!TEST_ptr(pkey = rsa_keygen(tst->mod))
1207 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_N, &n, &n_len))
1208 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_E, &e, &e_len))
1209 || !TEST_true(sig_gen(pkey, params, tst->digest_alg,
1210 tst->msg, tst->msg_len,
1213 test_output_memory("n", n, n_len);
1214 test_output_memory("e", e, e_len);
1215 test_output_memory("sig", sig, sig_len);
1221 EVP_PKEY_free(pkey);
1225 static int rsa_sigver_test(int id)
1228 EVP_PKEY_CTX *pkey_ctx = NULL;
1229 EVP_PKEY *pkey = NULL;
1230 EVP_MD_CTX *md_ctx = NULL;
1231 BN_CTX *bn_ctx = NULL;
1232 OSSL_PARAM params[4], *p;
1233 const struct rsa_sigver_st *tst = &rsa_sigver_data[id];
1235 TEST_note("RSA %s Signature Verify : expected to %s ", tst->sig_pad_mode,
1236 tst->pass == PASS ? "pass" : "fail");
1239 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_PAD_MODE,
1240 (char *)tst->sig_pad_mode, 0);
1241 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
1242 (char *)tst->digest_alg, 0);
1243 if (tst->pss_salt_len >= 0) {
1244 int salt_len = tst->pss_salt_len;
1246 *p++ = OSSL_PARAM_construct_int(OSSL_SIGNATURE_PARAM_PSS_SALTLEN,
1249 *p++ = OSSL_PARAM_construct_end();
1251 if (!TEST_ptr(bn_ctx = BN_CTX_new())
1252 || !TEST_true(rsa_create_pkey(&pkey, tst->n, tst->n_len,
1253 tst->e, tst->e_len, NULL, 0, bn_ctx))
1254 || !TEST_ptr(md_ctx = EVP_MD_CTX_new())
1255 || !TEST_true(EVP_DigestVerifyInit_ex(md_ctx, &pkey_ctx,
1256 tst->digest_alg, libctx, NULL,
1258 || !TEST_true(EVP_PKEY_CTX_set_params(pkey_ctx, params))
1259 || !TEST_int_eq(EVP_DigestVerify(md_ctx, tst->sig, tst->sig_len,
1260 tst->msg, tst->msg_len), tst->pass)))
1264 EVP_PKEY_free(pkey);
1265 BN_CTX_free(bn_ctx);
1266 EVP_MD_CTX_free(md_ctx);
1270 static int rsa_decryption_primitive_test(int id)
1273 EVP_PKEY_CTX *ctx = NULL;
1274 EVP_PKEY *pkey = NULL;
1275 unsigned char pt[2048];
1276 size_t pt_len = sizeof(pt);
1277 unsigned char *n = NULL, *e = NULL;
1278 size_t n_len = 0, e_len = 0;
1279 BN_CTX *bn_ctx = NULL;
1280 const struct rsa_decrypt_prim_st *tst = &rsa_decrypt_prim_data[id];
1282 if (!TEST_ptr(pkey = rsa_keygen(2048))
1283 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_N, &n, &n_len))
1284 || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_E, &e, &e_len))
1285 || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, ""))
1286 || !TEST_int_gt(EVP_PKEY_decrypt_init(ctx), 0)
1287 || !TEST_int_gt(EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_NO_PADDING), 0))
1290 test_output_memory("n", n, n_len);
1291 test_output_memory("e", e, e_len);
1292 if (!EVP_PKEY_decrypt(ctx, pt, &pt_len, tst->ct, tst->ct_len))
1293 TEST_note("Decryption Failed");
1295 test_output_memory("pt", pt, pt_len);
1300 EVP_PKEY_CTX_free(ctx);
1301 EVP_PKEY_free(pkey);
1302 BN_CTX_free(bn_ctx);
1305 #endif /* OPENSSL_NO_RSA */
1307 static int self_test_events(const OSSL_PARAM params[], void *varg)
1309 SELF_TEST_ARGS *args = varg;
1310 const OSSL_PARAM *p = NULL;
1311 const char *phase = NULL, *type = NULL, *desc = NULL;
1318 p = OSSL_PARAM_locate_const(params, OSSL_PROV_PARAM_SELF_TEST_PHASE);
1319 if (p == NULL || p->data_type != OSSL_PARAM_UTF8_STRING)
1321 phase = (const char *)p->data;
1323 p = OSSL_PARAM_locate_const(params, OSSL_PROV_PARAM_SELF_TEST_DESC);
1324 if (p == NULL || p->data_type != OSSL_PARAM_UTF8_STRING)
1326 desc = (const char *)p->data;
1328 p = OSSL_PARAM_locate_const(params, OSSL_PROV_PARAM_SELF_TEST_TYPE);
1329 if (p == NULL || p->data_type != OSSL_PARAM_UTF8_STRING)
1331 type = (const char *)p->data;
1333 BIO_printf(bio_out, "%s %s %s\n", phase, desc, type);
1339 static int drbg_test(int id)
1341 OSSL_PARAM params[3];
1342 EVP_RAND *rand = NULL;
1343 EVP_RAND_CTX *ctx = NULL, *parent = NULL;
1344 unsigned char returned_bits[64];
1345 const size_t returned_bits_len = sizeof(returned_bits);
1346 unsigned int strength = 256;
1347 const struct drbg_st *tst = &drbg_data[id];
1350 /* Create the seed source */
1351 if (!TEST_ptr(rand = EVP_RAND_fetch(libctx, "TEST-RAND", "-fips"))
1352 || !TEST_ptr(parent = EVP_RAND_CTX_new(rand, NULL)))
1354 EVP_RAND_free(rand);
1357 params[0] = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_STRENGTH, &strength);
1358 params[1] = OSSL_PARAM_construct_end();
1359 if (!TEST_true(EVP_RAND_set_ctx_params(parent, params)))
1363 if (!TEST_ptr(rand = EVP_RAND_fetch(libctx, tst->drbg_name, ""))
1364 || !TEST_ptr(ctx = EVP_RAND_CTX_new(rand, parent)))
1367 /* Set the DRBG up */
1368 params[0] = OSSL_PARAM_construct_int(OSSL_DRBG_PARAM_USE_DF,
1369 (int *)&tst->use_df);
1370 params[1] = OSSL_PARAM_construct_utf8_string(OSSL_DRBG_PARAM_CIPHER,
1371 (char *)tst->cipher, 0);
1372 params[2] = OSSL_PARAM_construct_end();
1373 if (!TEST_true(EVP_RAND_set_ctx_params(ctx, params)))
1376 /* Feed in the entropy and nonce */
1377 params[0] = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY,
1378 (void *)tst->entropy_input,
1379 tst->entropy_input_len);
1380 params[1] = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_NONCE,
1383 params[2] = OSSL_PARAM_construct_end();
1384 if (!TEST_true(EVP_RAND_set_ctx_params(parent, params)))
1389 * A NULL personalisation string defaults to the built in so something
1390 * non-NULL is needed if there is no personalisation string
1392 if (!TEST_true(EVP_RAND_instantiate(ctx, 0, 0, (void *)"", 0))
1393 || !TEST_true(EVP_RAND_generate(ctx, returned_bits, returned_bits_len,
1395 || !TEST_true(EVP_RAND_generate(ctx, returned_bits, returned_bits_len,
1399 test_output_memory("returned bits", returned_bits, returned_bits_len);
1402 if (!TEST_true(EVP_RAND_uninstantiate(ctx))
1403 || !TEST_true(EVP_RAND_uninstantiate(parent)))
1406 /* Verify the output */
1407 if (!TEST_mem_eq(returned_bits, returned_bits_len,
1408 tst->returned_bits, tst->returned_bits_len))
1412 EVP_RAND_CTX_free(ctx);
1413 EVP_RAND_CTX_free(parent);
1414 EVP_RAND_free(rand);
1418 int setup_tests(void)
1420 char *config_file = NULL;
1424 while ((o = opt_next()) != OPT_EOF) {
1426 case OPT_CONFIG_FILE:
1427 config_file = opt_arg();
1429 case OPT_TEST_CASES:
1437 prov_null = OSSL_PROVIDER_load(NULL, "null");
1438 if (prov_null == NULL) {
1439 opt_printf_stderr("Failed to load null provider into default libctx\n");
1443 libctx = OSSL_LIB_CTX_new();
1445 || !OSSL_LIB_CTX_load_config(libctx, config_file)) {
1446 opt_printf_stderr("Failed to load config\n");
1449 OSSL_SELF_TEST_set_callback(libctx, self_test_events, &self_test_args);
1451 ADD_ALL_TESTS(cipher_enc_dec_test, OSSL_NELEM(cipher_enc_data));
1452 ADD_ALL_TESTS(aes_ccm_enc_dec_test, OSSL_NELEM(aes_ccm_enc_data));
1453 ADD_ALL_TESTS(aes_gcm_enc_dec_test, OSSL_NELEM(aes_gcm_enc_data));
1455 #ifndef OPENSSL_NO_RSA
1456 ADD_ALL_TESTS(rsa_keygen_test, OSSL_NELEM(rsa_keygen_data));
1457 ADD_ALL_TESTS(rsa_siggen_test, OSSL_NELEM(rsa_siggen_data));
1458 ADD_ALL_TESTS(rsa_sigver_test, OSSL_NELEM(rsa_sigver_data));
1459 ADD_ALL_TESTS(rsa_decryption_primitive_test,
1460 OSSL_NELEM(rsa_decrypt_prim_data));
1461 #endif /* OPENSSL_NO_RSA */
1463 #ifndef OPENSSL_NO_DH
1464 ADD_ALL_TESTS(dh_safe_prime_keygen_test,
1465 OSSL_NELEM(dh_safe_prime_keygen_data));
1466 ADD_ALL_TESTS(dh_safe_prime_keyver_test,
1467 OSSL_NELEM(dh_safe_prime_keyver_data));
1468 #endif /* OPENSSL_NO_DH */
1470 #ifndef OPENSSL_NO_DSA
1471 ADD_ALL_TESTS(dsa_keygen_test, OSSL_NELEM(dsa_keygen_data));
1472 ADD_ALL_TESTS(dsa_paramgen_test, OSSL_NELEM(dsa_paramgen_data));
1473 ADD_ALL_TESTS(dsa_pqver_test, OSSL_NELEM(dsa_pqver_data));
1474 ADD_ALL_TESTS(dsa_siggen_test, OSSL_NELEM(dsa_siggen_data));
1475 ADD_ALL_TESTS(dsa_sigver_test, OSSL_NELEM(dsa_sigver_data));
1476 #endif /* OPENSSL_NO_DSA */
1478 #ifndef OPENSSL_NO_EC
1479 ADD_ALL_TESTS(ecdsa_keygen_test, OSSL_NELEM(ecdsa_keygen_data));
1480 ADD_ALL_TESTS(ecdsa_pub_verify_test, OSSL_NELEM(ecdsa_pv_data));
1481 ADD_ALL_TESTS(ecdsa_siggen_test, OSSL_NELEM(ecdsa_siggen_data));
1482 ADD_ALL_TESTS(ecdsa_sigver_test, OSSL_NELEM(ecdsa_sigver_data));
1483 #endif /* OPENSSL_NO_EC */
1485 ADD_ALL_TESTS(drbg_test, OSSL_NELEM(drbg_data));
1489 void cleanup_tests(void)
1491 OSSL_PROVIDER_unload(prov_null);
1492 OSSL_LIB_CTX_free(libctx);