2 * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
12 * These tests are setup to load null into the default library context.
13 * Any tests are expected to use the created 'libctx' to find algorithms.
14 * The framework runs the tests twice using the 'default' provider or
15 * 'fips' provider as inputs.
19 * DSA/DH low level APIs are deprecated for public use, but still ok for
22 #include "internal/deprecated.h"
23 #include <openssl/evp.h>
24 #include <openssl/provider.h>
25 #include <openssl/dsa.h>
26 #include <openssl/dh.h>
27 #include <openssl/safestack.h>
29 #include "internal/nelem.h"
30 #include "crypto/bn_dh.h" /* _bignum_ffdhe2048_p */
31 #include "../e_os.h" /* strcasecmp */
33 DEFINE_STACK_OF_CSTRING()
35 static OPENSSL_CTX *libctx = NULL;
36 static OSSL_PROVIDER *nullprov = NULL;
37 static OSSL_PROVIDER *libprov = NULL;
38 static STACK_OF(OPENSSL_CSTRING) *cipher_names = NULL;
40 typedef enum OPTION_choice {
48 const OPTIONS *test_get_options(void)
50 static const OPTIONS test_options[] = {
51 OPT_TEST_OPTIONS_DEFAULT_USAGE,
52 { "config", OPT_CONFIG_FILE, '<',
53 "The configuration file to use for the libctx" },
54 { "provider", OPT_PROVIDER_NAME, 's',
55 "The provider to load (The default value is 'default'" },
62 static const char *getname(int id)
64 const char *name[] = {"p", "q", "g" };
66 if (id >= 0 && id < 3)
73 * We're using some DH specific values in this test, so we skip compilation if
74 * we're in a no-dh build.
76 #if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DH)
78 static int test_dsa_param_keygen(int tstid)
82 EVP_PKEY_CTX *gen_ctx = NULL;
83 EVP_PKEY *pkey_parm = NULL;
84 EVP_PKEY *pkey = NULL;
87 BIGNUM *p = NULL, *q = NULL, *g = NULL;
90 * Just grab some fixed dh p, q, g values for testing,
91 * these 'safe primes' should not be used normally for dsa *.
93 static const BIGNUM *bn[] = {
94 &_bignum_dh2048_256_p, &_bignum_dh2048_256_q, &_bignum_dh2048_256_g
98 * These tests are using bad values for p, q, g by reusing the values.
99 * A value of 0 uses p, 1 uses q and 2 uses g.
100 * There are 27 different combinations, with only the 1 valid combination.
103 qind = (tstid / 3) % 3;
105 expected = (pind == 0 && qind == 1 && gind == 2);
107 TEST_note("Testing with (p, q, g) = (%s, %s, %s)\n", getname(pind),
108 getname(qind), getname(gind));
110 if (!TEST_ptr(pkey_parm = EVP_PKEY_new())
111 || !TEST_ptr(dsa = DSA_new())
112 || !TEST_ptr(p = BN_dup(bn[pind]))
113 || !TEST_ptr(q = BN_dup(bn[qind]))
114 || !TEST_ptr(g = BN_dup(bn[gind]))
115 || !TEST_true(DSA_set0_pqg(dsa, p, q, g)))
119 if (!TEST_true(EVP_PKEY_assign_DSA(pkey_parm, dsa)))
123 if (!TEST_ptr(gen_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey_parm, NULL))
124 || !TEST_int_gt(EVP_PKEY_keygen_init(gen_ctx), 0)
125 || !TEST_int_eq(EVP_PKEY_keygen(gen_ctx, &pkey), expected))
130 EVP_PKEY_CTX_free(gen_ctx);
131 EVP_PKEY_free(pkey_parm);
138 #endif /* OPENSSL_NO_DSA */
140 #ifndef OPENSSL_NO_DH
141 static int do_dh_param_keygen(int tstid, const BIGNUM **bn)
145 EVP_PKEY_CTX *gen_ctx = NULL;
146 EVP_PKEY *pkey_parm = NULL;
147 EVP_PKEY *pkey = NULL;
149 int pind, qind, gind;
150 BIGNUM *p = NULL, *q = NULL, *g = NULL;
153 * These tests are using bad values for p, q, g by reusing the values.
154 * A value of 0 uses p, 1 uses q and 2 uses g.
155 * There are 27 different combinations, with only the 1 valid combination.
158 qind = (tstid / 3) % 3;
160 expected = (pind == 0 && qind == 1 && gind == 2);
162 TEST_note("Testing with (p, q, g) = (%s, %s, %s)", getname(pind),
163 getname(qind), getname(gind));
165 if (!TEST_ptr(pkey_parm = EVP_PKEY_new())
166 || !TEST_ptr(dh = DH_new())
167 || !TEST_ptr(p = BN_dup(bn[pind]))
168 || !TEST_ptr(q = BN_dup(bn[qind]))
169 || !TEST_ptr(g = BN_dup(bn[gind]))
170 || !TEST_true(DH_set0_pqg(dh, p, q, g)))
174 if (!TEST_true(EVP_PKEY_assign_DH(pkey_parm, dh)))
178 if (!TEST_ptr(gen_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey_parm, NULL))
179 || !TEST_int_gt(EVP_PKEY_keygen_init(gen_ctx), 0)
180 || !TEST_int_eq(EVP_PKEY_keygen(gen_ctx, &pkey), expected))
185 EVP_PKEY_CTX_free(gen_ctx);
186 EVP_PKEY_free(pkey_parm);
195 * Note that we get the fips186-4 path being run for most of these cases since
196 * the internal code will detect that the p, q, g does not match a safe prime
197 * group (Except for when tstid = 5, which sets the correct p, q, g)
199 static int test_dh_safeprime_param_keygen(int tstid)
201 static const BIGNUM *bn[] = {
202 &_bignum_ffdhe2048_p, &_bignum_ffdhe2048_q, &_bignum_const_2
204 return do_dh_param_keygen(tstid, bn);
206 #endif /* OPENSSL_NO_DH */
208 static int test_cipher_reinit(int test_id)
210 int ret = 0, out1_len = 0, out2_len = 0, diff, ccm;
211 EVP_CIPHER *cipher = NULL;
212 EVP_CIPHER_CTX *ctx = NULL;
213 unsigned char out1[256];
214 unsigned char out2[256];
215 unsigned char in[16] = {
216 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
217 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10
219 unsigned char key[64] = {
220 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
221 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
222 0x01, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
223 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
224 0x02, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
225 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
226 0x03, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
227 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
229 unsigned char iv[16] = {
230 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08,
231 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00
233 const char *name = sk_OPENSSL_CSTRING_value(cipher_names, test_id);
235 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()))
238 TEST_note("Fetching %s\n", name);
239 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, name, NULL)))
242 /* ccm fails on the second update - this matches OpenSSL 1_1_1 behaviour */
243 ccm = (EVP_CIPHER_mode(cipher) == EVP_CIPH_CCM_MODE);
245 /* DES3-WRAP uses random every update - so it will give a different value */
246 diff = EVP_CIPHER_is_a(cipher, "DES3-WRAP");
248 if (!TEST_true(EVP_EncryptInit_ex(ctx, cipher, NULL, key, iv))
249 || !TEST_true(EVP_EncryptUpdate(ctx, out1, &out1_len, in, sizeof(in)))
250 || !TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv))
251 || !TEST_int_eq(EVP_EncryptUpdate(ctx, out2, &out2_len, in, sizeof(in)),
257 if (!TEST_mem_ne(out1, out1_len, out2, out2_len))
260 if (!TEST_mem_eq(out1, out1_len, out2, out2_len))
266 EVP_CIPHER_free(cipher);
267 EVP_CIPHER_CTX_free(ctx);
272 * This test only uses a partial block (half the block size) of input for each
273 * EVP_EncryptUpdate() in order to test that the second init/update is not using
274 * a leftover buffer from the first init/update.
275 * Note: some ciphers don't need a full block to produce output.
277 static int test_cipher_reinit_partialupdate(int test_id)
279 int ret = 0, out1_len = 0, out2_len = 0, in_len;
280 EVP_CIPHER *cipher = NULL;
281 EVP_CIPHER_CTX *ctx = NULL;
282 unsigned char out1[256];
283 unsigned char out2[256];
284 static const unsigned char in[32] = {
285 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
286 0xba, 0xbe, 0xba, 0xbe, 0x00, 0x00, 0xba, 0xbe,
287 0x01, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
288 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
290 static const unsigned char key[64] = {
291 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
292 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
293 0x01, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
294 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
295 0x02, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
296 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
297 0x03, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
298 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
300 static const unsigned char iv[16] = {
301 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08,
302 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00
304 const char *name = sk_OPENSSL_CSTRING_value(cipher_names, test_id);
306 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()))
309 TEST_note("Fetching %s\n", name);
310 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, name, NULL)))
313 in_len = EVP_CIPHER_block_size(cipher) / 2;
315 /* skip any ciphers that don't allow partial updates */
316 if (((EVP_CIPHER_flags(cipher)
317 & (EVP_CIPH_FLAG_CTS | EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK)) != 0)
318 || EVP_CIPHER_mode(cipher) == EVP_CIPH_CCM_MODE
319 || EVP_CIPHER_mode(cipher) == EVP_CIPH_XTS_MODE
320 || EVP_CIPHER_mode(cipher) == EVP_CIPH_WRAP_MODE) {
325 if (!TEST_true(EVP_EncryptInit_ex(ctx, cipher, NULL, key, iv))
326 || !TEST_true(EVP_EncryptUpdate(ctx, out1, &out1_len, in, in_len))
327 || !TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv))
328 || !TEST_true(EVP_EncryptUpdate(ctx, out2, &out2_len, in, in_len)))
331 /* DES3-WRAP uses random every update - so it will give a different value */
332 if (EVP_CIPHER_is_a(cipher, "DES3-WRAP")) {
333 if (!TEST_mem_ne(out1, out1_len, out2, out2_len))
336 if (!TEST_mem_eq(out1, out1_len, out2, out2_len))
341 EVP_CIPHER_free(cipher);
342 EVP_CIPHER_CTX_free(ctx);
347 static int name_cmp(const char * const *a, const char * const *b)
349 return strcasecmp(*a, *b);
352 static void collect_cipher_names(EVP_CIPHER *cipher, void *cipher_names_list)
354 STACK_OF(OPENSSL_CSTRING) *names = cipher_names_list;
356 sk_OPENSSL_CSTRING_push(names, EVP_CIPHER_name(cipher));
359 int setup_tests(void)
361 const char *prov_name = "default";
362 char *config_file = NULL;
365 while ((o = opt_next()) != OPT_EOF) {
367 case OPT_PROVIDER_NAME:
368 prov_name = opt_arg();
370 case OPT_CONFIG_FILE:
371 config_file = opt_arg();
381 nullprov = OSSL_PROVIDER_load(NULL, "null");
382 if (!TEST_ptr(nullprov))
385 libctx = OPENSSL_CTX_new();
387 if (!TEST_ptr(libctx))
390 if (config_file != NULL) {
391 if (!TEST_true(OPENSSL_CTX_load_config(libctx, config_file)))
395 libprov = OSSL_PROVIDER_load(libctx, prov_name);
396 if (!TEST_ptr(libprov))
399 #if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DH)
400 ADD_ALL_TESTS(test_dsa_param_keygen, 3 * 3 * 3);
402 #ifndef OPENSSL_NO_DH
403 ADD_ALL_TESTS(test_dh_safeprime_param_keygen, 3 * 3 * 3);
406 if (!TEST_ptr(cipher_names = sk_OPENSSL_CSTRING_new(name_cmp)))
408 EVP_CIPHER_do_all_provided(libctx, collect_cipher_names, cipher_names);
410 ADD_ALL_TESTS(test_cipher_reinit, sk_OPENSSL_CSTRING_num(cipher_names));
411 ADD_ALL_TESTS(test_cipher_reinit_partialupdate,
412 sk_OPENSSL_CSTRING_num(cipher_names));
416 void cleanup_tests(void)
418 sk_OPENSSL_CSTRING_free(cipher_names);
419 OSSL_PROVIDER_unload(libprov);
420 OPENSSL_CTX_free(libctx);
421 OSSL_PROVIDER_unload(nullprov);