2 * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
3 * Copyright (c) 2019-2020, Oracle and/or its affiliates. All rights reserved.
5 * Licensed under the Apache License 2.0 (the "License"). You may not use
6 * this file except in compliance with the License. You can obtain a copy
7 * in the file LICENSE in the source distribution or at
8 * https://www.openssl.org/source/license.html
12 * This is an internal test that is intentionally using internal APIs. Some of
13 * those APIs are deprecated for public use.
15 #include "internal/deprecated.h"
21 #include "internal/nelem.h"
22 #include <openssl/crypto.h>
23 #include <openssl/bio.h>
24 #include <openssl/bn.h>
25 #include <openssl/rand.h>
26 #include <openssl/err.h>
29 #include "internal/ffc.h"
30 #include "crypto/security_bits.h"
32 #ifndef OPENSSL_NO_DSA
33 static const unsigned char dsa_2048_224_sha224_p[] = {
34 0x93, 0x57, 0x93, 0x62, 0x1b, 0x9a, 0x10, 0x9b, 0xc1, 0x56, 0x0f, 0x24,
35 0x71, 0x76, 0x4e, 0xd3, 0xed, 0x78, 0x78, 0x7a, 0xbf, 0x89, 0x71, 0x67,
36 0x8e, 0x03, 0xd8, 0x5b, 0xcd, 0x22, 0x8f, 0x70, 0x74, 0xff, 0x22, 0x05,
37 0x07, 0x0c, 0x4c, 0x60, 0xed, 0x41, 0xe1, 0x9e, 0x9c, 0xaa, 0x3e, 0x19,
38 0x5c, 0x3d, 0x80, 0x58, 0xb2, 0x7f, 0x5f, 0x89, 0xec, 0xb5, 0x19, 0xdb,
39 0x06, 0x11, 0xe9, 0x78, 0x5c, 0xf9, 0xa0, 0x9e, 0x70, 0x62, 0x14, 0x7b,
40 0xda, 0x92, 0xbf, 0xb2, 0x6b, 0x01, 0x6f, 0xb8, 0x68, 0x9c, 0x89, 0x36,
41 0x89, 0x72, 0x79, 0x49, 0x93, 0x3d, 0x14, 0xb2, 0x2d, 0xbb, 0xf0, 0xdf,
42 0x94, 0x45, 0x0b, 0x5f, 0xf1, 0x75, 0x37, 0xeb, 0x49, 0xb9, 0x2d, 0xce,
43 0xb7, 0xf4, 0x95, 0x77, 0xc2, 0xe9, 0x39, 0x1c, 0x4e, 0x0c, 0x40, 0x62,
44 0x33, 0x0a, 0xe6, 0x29, 0x6f, 0xba, 0xef, 0x02, 0xdd, 0x0d, 0xe4, 0x04,
45 0x01, 0x70, 0x40, 0xb9, 0xc9, 0x7e, 0x2f, 0x10, 0x37, 0xe9, 0xde, 0xb0,
46 0xf6, 0xeb, 0x71, 0x7f, 0x9c, 0x35, 0x16, 0xf3, 0x0d, 0xc4, 0xe8, 0x02,
47 0x37, 0x6c, 0xdd, 0xb3, 0x8d, 0x2d, 0x1e, 0x28, 0x13, 0x22, 0x89, 0x40,
48 0xe5, 0xfa, 0x16, 0x67, 0xd6, 0xda, 0x12, 0xa2, 0x38, 0x83, 0x25, 0xcc,
49 0x26, 0xc1, 0x27, 0x74, 0xfe, 0xf6, 0x7a, 0xb6, 0xa1, 0xe4, 0xe8, 0xdf,
50 0x5d, 0xd2, 0x9c, 0x2f, 0xec, 0xea, 0x08, 0xca, 0x48, 0xdb, 0x18, 0x4b,
51 0x12, 0xee, 0x16, 0x9b, 0xa6, 0x00, 0xa0, 0x18, 0x98, 0x7d, 0xce, 0x6c,
52 0x6d, 0xf8, 0xfc, 0x95, 0x51, 0x1b, 0x0a, 0x40, 0xb6, 0xfc, 0xe5, 0xe2,
53 0xb0, 0x26, 0x53, 0x4c, 0xd7, 0xfe, 0xaa, 0x6d, 0xbc, 0xdd, 0xc0, 0x61,
54 0x65, 0xe4, 0x89, 0x44, 0x18, 0x6f, 0xd5, 0x39, 0xcf, 0x75, 0x6d, 0x29,
55 0xcc, 0xf8, 0x40, 0xab
57 static const unsigned char dsa_2048_224_sha224_q[] = {
58 0xf2, 0x5e, 0x4e, 0x9a, 0x15, 0xa8, 0x13, 0xdf, 0xa3, 0x17, 0x90, 0xc6,
59 0xd6, 0x5e, 0xb1, 0xfb, 0x31, 0xf8, 0xb5, 0xb1, 0x4b, 0xa7, 0x6d, 0xde,
60 0x57, 0x76, 0x6f, 0x11
62 static const unsigned char dsa_2048_224_sha224_seed[] = {
63 0xd2, 0xb1, 0x36, 0xd8, 0x5b, 0x8e, 0xa4, 0xb2, 0x6a, 0xab, 0x4e, 0x85,
64 0x8b, 0x49, 0xf9, 0xdd, 0xe6, 0xa1, 0xcd, 0xad, 0x49, 0x52, 0xe9, 0xb3,
65 0x36, 0x17, 0x06, 0xcf
67 static const unsigned char dsa_2048_224_sha224_bad_seed[] = {
68 0xd2, 0xb1, 0x36, 0xd8, 0x5b, 0x8e, 0xa4, 0xb2, 0x6a, 0xab, 0x4e, 0x85,
69 0x8b, 0x49, 0xf9, 0xdd, 0xe6, 0xa1, 0xcd, 0xad, 0x49, 0x52, 0xe9, 0xb3,
70 0x36, 0x17, 0x06, 0xd0
72 static int dsa_2048_224_sha224_counter = 2878;
74 static const unsigned char dsa_3072_256_sha512_p[] = {
75 0x9a, 0x82, 0x8b, 0x8d, 0xea, 0xd0, 0x56, 0x23, 0x88, 0x2d, 0x5d, 0x41,
76 0x42, 0x4c, 0x13, 0x5a, 0x15, 0x81, 0x59, 0x02, 0xc5, 0x00, 0x82, 0x28,
77 0x01, 0xee, 0x8f, 0x99, 0xfd, 0x6a, 0x95, 0xf2, 0x0f, 0xae, 0x34, 0x77,
78 0x29, 0xcc, 0xc7, 0x50, 0x0e, 0x03, 0xef, 0xb0, 0x4d, 0xe5, 0x10, 0x00,
79 0xa8, 0x7b, 0xce, 0x8c, 0xc6, 0xb2, 0x01, 0x74, 0x23, 0x1b, 0x7f, 0xe8,
80 0xf9, 0x71, 0x28, 0x39, 0xcf, 0x18, 0x04, 0xb2, 0x95, 0x61, 0x2d, 0x11,
81 0x71, 0x6b, 0xdd, 0x0d, 0x0b, 0xf0, 0xe6, 0x97, 0x52, 0x29, 0x9d, 0x45,
82 0xb1, 0x23, 0xda, 0xb0, 0xd5, 0xcb, 0x51, 0x71, 0x8e, 0x40, 0x9c, 0x97,
83 0x13, 0xea, 0x1f, 0x4b, 0x32, 0x5d, 0x27, 0x74, 0x81, 0x8d, 0x47, 0x8a,
84 0x08, 0xce, 0xf4, 0xd1, 0x28, 0xa2, 0x0f, 0x9b, 0x2e, 0xc9, 0xa3, 0x0e,
85 0x5d, 0xde, 0x47, 0x19, 0x6d, 0x5f, 0x98, 0xe0, 0x8e, 0x7f, 0x60, 0x8f,
86 0x25, 0xa7, 0xa4, 0xeb, 0xb9, 0xf3, 0x24, 0xa4, 0x9e, 0xc1, 0xbd, 0x14,
87 0x27, 0x7c, 0x27, 0xc8, 0x4f, 0x5f, 0xed, 0xfd, 0x86, 0xc8, 0xf1, 0xd7,
88 0x82, 0xe2, 0xeb, 0xe5, 0xd2, 0xbe, 0xb0, 0x65, 0x28, 0xab, 0x99, 0x9e,
89 0xcd, 0xd5, 0x22, 0xf8, 0x1b, 0x3b, 0x01, 0xe9, 0x20, 0x3d, 0xe4, 0x98,
90 0x22, 0xfe, 0xfc, 0x09, 0x7e, 0x95, 0x20, 0xda, 0xb6, 0x12, 0x2c, 0x94,
91 0x5c, 0xea, 0x74, 0x71, 0xbd, 0x19, 0xac, 0x78, 0x43, 0x02, 0x51, 0xb8,
92 0x5f, 0x06, 0x1d, 0xea, 0xc8, 0xa4, 0x3b, 0xc9, 0x78, 0xa3, 0x2b, 0x09,
93 0xdc, 0x76, 0x74, 0xc4, 0x23, 0x14, 0x48, 0x2e, 0x84, 0x2b, 0xa3, 0x82,
94 0xc1, 0xba, 0x0b, 0x39, 0x2a, 0x9f, 0x24, 0x7b, 0xd6, 0xc2, 0xea, 0x5a,
95 0xb6, 0xbd, 0x15, 0x82, 0x21, 0x85, 0xe0, 0x6b, 0x12, 0x4f, 0x8d, 0x64,
96 0x75, 0xeb, 0x7e, 0xa1, 0xdb, 0xe0, 0x9d, 0x25, 0xae, 0x3b, 0xe9, 0x9b,
97 0x21, 0x7f, 0x9a, 0x3d, 0x66, 0xd0, 0x52, 0x1d, 0x39, 0x8b, 0xeb, 0xfc,
98 0xec, 0xbe, 0x72, 0x20, 0x5a, 0xdf, 0x1b, 0x00, 0xf1, 0x0e, 0xed, 0xc6,
99 0x78, 0x6f, 0xc9, 0xab, 0xe4, 0xd6, 0x81, 0x8b, 0xcc, 0xf6, 0xd4, 0x6a,
100 0x31, 0x62, 0x08, 0xd9, 0x38, 0x21, 0x8f, 0xda, 0x9e, 0xb1, 0x2b, 0x9c,
101 0xc0, 0xbe, 0xf7, 0x9a, 0x43, 0x2d, 0x07, 0x59, 0x46, 0x0e, 0xd5, 0x23,
102 0x4e, 0xaa, 0x4a, 0x04, 0xc2, 0xde, 0x33, 0xa6, 0x34, 0xba, 0xac, 0x4f,
103 0x78, 0xd8, 0xca, 0x76, 0xce, 0x5e, 0xd4, 0xf6, 0x85, 0x4c, 0x6a, 0x60,
104 0x08, 0x5d, 0x0e, 0x34, 0x8b, 0xf2, 0xb6, 0xe3, 0xb7, 0x51, 0xca, 0x43,
105 0xaa, 0x68, 0x7b, 0x0a, 0x6e, 0xea, 0xce, 0x1e, 0x2c, 0x34, 0x8e, 0x0f,
106 0xe2, 0xcc, 0x38, 0xf2, 0x9a, 0x98, 0xef, 0xe6, 0x7f, 0xf6, 0x62, 0xbb
108 static const unsigned char dsa_3072_256_sha512_q[] = {
109 0xc1, 0xdb, 0xc1, 0x21, 0x50, 0x49, 0x63, 0xa3, 0x77, 0x6d, 0x4c, 0x92,
110 0xed, 0x58, 0x9e, 0x98, 0xea, 0xac, 0x7a, 0x90, 0x13, 0x24, 0xf7, 0xcd,
111 0xd7, 0xe6, 0xd4, 0x8f, 0xf0, 0x45, 0x4b, 0xf7
113 static const unsigned char dsa_3072_256_sha512_seed[] = {
114 0x35, 0x24, 0xb5, 0x59, 0xd5, 0x27, 0x58, 0x10, 0xf6, 0xa2, 0x7c, 0x9a,
115 0x0d, 0xc2, 0x70, 0x8a, 0xb0, 0x41, 0x4a, 0x84, 0x0b, 0xfe, 0x66, 0xf5,
116 0x3a, 0xbf, 0x4a, 0xa9, 0xcb, 0xfc, 0xa6, 0x22
118 static int dsa_3072_256_sha512_counter = 1604;
120 static const unsigned char dsa_2048_224_sha256_p[] = {
121 0xe9, 0x13, 0xbc, 0xf2, 0x14, 0x5d, 0xf9, 0x79, 0xd6, 0x6d, 0xf5, 0xc5,
122 0xbe, 0x7b, 0x6f, 0x90, 0x63, 0xd0, 0xfd, 0xee, 0x4f, 0xc4, 0x65, 0x83,
123 0xbf, 0xec, 0xc3, 0x2c, 0x5d, 0x30, 0xc8, 0xa4, 0x3b, 0x2f, 0x3b, 0x29,
124 0x43, 0x69, 0xfb, 0x6e, 0xa9, 0xa4, 0x07, 0x6c, 0xcd, 0xb0, 0xd2, 0xd9,
125 0xd3, 0xe6, 0xf4, 0x87, 0x16, 0xb7, 0xe5, 0x06, 0xb9, 0xba, 0xd6, 0x87,
126 0xbc, 0x01, 0x9e, 0xba, 0xc2, 0xcf, 0x39, 0xb6, 0xec, 0xdc, 0x75, 0x07,
127 0xc1, 0x39, 0x2d, 0x6a, 0x95, 0x31, 0x97, 0xda, 0x54, 0x20, 0x29, 0xe0,
128 0x1b, 0xf9, 0x74, 0x65, 0xaa, 0xc1, 0x47, 0xd3, 0x9e, 0xb4, 0x3c, 0x1d,
129 0xe0, 0xdc, 0x2d, 0x21, 0xab, 0x12, 0x3b, 0xa5, 0x51, 0x1e, 0xc6, 0xbc,
130 0x6b, 0x4c, 0x22, 0xd1, 0x7c, 0xc6, 0xce, 0xcb, 0x8c, 0x1d, 0x1f, 0xce,
131 0x1c, 0xe2, 0x75, 0x49, 0x6d, 0x2c, 0xee, 0x7f, 0x5f, 0xb8, 0x74, 0x42,
132 0x5c, 0x96, 0x77, 0x13, 0xff, 0x80, 0xf3, 0x05, 0xc7, 0xfe, 0x08, 0x3b,
133 0x25, 0x36, 0x46, 0xa2, 0xc4, 0x26, 0xb4, 0xb0, 0x3b, 0xd5, 0xb2, 0x4c,
134 0x13, 0x29, 0x0e, 0x47, 0x31, 0x66, 0x7d, 0x78, 0x57, 0xe6, 0xc2, 0xb5,
135 0x9f, 0x46, 0x17, 0xbc, 0xa9, 0x9a, 0x49, 0x1c, 0x0f, 0x45, 0xe0, 0x88,
136 0x97, 0xa1, 0x30, 0x7c, 0x42, 0xb7, 0x2c, 0x0a, 0xce, 0xb3, 0xa5, 0x7a,
137 0x61, 0x8e, 0xab, 0x44, 0xc1, 0xdc, 0x70, 0xe5, 0xda, 0x78, 0x2a, 0xb4,
138 0xe6, 0x3c, 0xa0, 0x58, 0xda, 0x62, 0x0a, 0xb2, 0xa9, 0x3d, 0xaa, 0x49,
139 0x7e, 0x7f, 0x9a, 0x19, 0x67, 0xee, 0xd6, 0xe3, 0x67, 0x13, 0xe8, 0x6f,
140 0x79, 0x50, 0x76, 0xfc, 0xb3, 0x9d, 0x7e, 0x9e, 0x3e, 0x6e, 0x47, 0xb1,
141 0x11, 0x5e, 0xc8, 0x83, 0x3a, 0x3c, 0xfc, 0x82, 0x5c, 0x9d, 0x34, 0x65,
142 0x73, 0xb4, 0x56, 0xd5
144 static const unsigned char dsa_2048_224_sha256_q[] = {
145 0xb0, 0xdf, 0xa1, 0x7b, 0xa4, 0x77, 0x64, 0x0e, 0xb9, 0x28, 0xbb, 0xbc,
146 0xd4, 0x60, 0x02, 0xaf, 0x21, 0x8c, 0xb0, 0x69, 0x0f, 0x8a, 0x7b, 0xc6,
147 0x80, 0xcb, 0x0a, 0x45
149 static const unsigned char dsa_2048_224_sha256_g[] = {
150 0x11, 0x7c, 0x5f, 0xf6, 0x99, 0x44, 0x67, 0x5b, 0x69, 0xa3, 0x83, 0xef,
151 0xb5, 0x85, 0xa2, 0x19, 0x35, 0x18, 0x2a, 0xf2, 0x58, 0xf4, 0xc9, 0x58,
152 0x9e, 0xb9, 0xe8, 0x91, 0x17, 0x2f, 0xb0, 0x60, 0x85, 0x95, 0xa6, 0x62,
153 0x36, 0xd0, 0xff, 0x94, 0xb9, 0xa6, 0x50, 0xad, 0xa6, 0xf6, 0x04, 0x28,
154 0xc2, 0xc9, 0xb9, 0x75, 0xf3, 0x66, 0xb4, 0xeb, 0xf6, 0xd5, 0x06, 0x13,
155 0x01, 0x64, 0x82, 0xa9, 0xf1, 0xd5, 0x41, 0xdc, 0xf2, 0x08, 0xfc, 0x2f,
156 0xc4, 0xa1, 0x21, 0xee, 0x7d, 0xbc, 0xda, 0x5a, 0xa4, 0xa2, 0xb9, 0x68,
157 0x87, 0x36, 0xba, 0x53, 0x9e, 0x14, 0x4e, 0x76, 0x5c, 0xba, 0x79, 0x3d,
158 0x0f, 0xe5, 0x99, 0x1c, 0x27, 0xfc, 0xaf, 0x10, 0x63, 0x87, 0x68, 0x0e,
159 0x3e, 0x6e, 0xaa, 0xf3, 0xdf, 0x76, 0x7e, 0x02, 0x9a, 0x41, 0x96, 0xa1,
160 0x6c, 0xbb, 0x67, 0xee, 0x0c, 0xad, 0x72, 0x65, 0xf1, 0x70, 0xb0, 0x39,
161 0x9b, 0x54, 0x5f, 0xd7, 0x6c, 0xc5, 0x9a, 0x90, 0x53, 0x18, 0xde, 0x5e,
162 0x62, 0x89, 0xb9, 0x2f, 0x66, 0x59, 0x3a, 0x3d, 0x10, 0xeb, 0xa5, 0x99,
163 0xf6, 0x21, 0x7d, 0xf2, 0x7b, 0x42, 0x15, 0x1c, 0x55, 0x79, 0x15, 0xaa,
164 0xa4, 0x17, 0x2e, 0x48, 0xc3, 0xa8, 0x36, 0xf5, 0x1a, 0x97, 0xce, 0xbd,
165 0x72, 0xef, 0x1d, 0x50, 0x5b, 0xb1, 0x60, 0x0a, 0x5c, 0x0b, 0xa6, 0x21,
166 0x38, 0x28, 0x4e, 0x89, 0x33, 0x1d, 0xb5, 0x7e, 0x5c, 0xf1, 0x6b, 0x2c,
167 0xbd, 0xad, 0x84, 0xb2, 0x8e, 0x96, 0xe2, 0x30, 0xe7, 0x54, 0xb8, 0xc9,
168 0x70, 0xcb, 0x10, 0x30, 0x63, 0x90, 0xf4, 0x45, 0x64, 0x93, 0x09, 0x38,
169 0x6a, 0x47, 0x58, 0x31, 0x04, 0x1a, 0x18, 0x04, 0x1a, 0xe0, 0xd7, 0x0b,
170 0x3c, 0xbe, 0x2a, 0x9c, 0xec, 0xcc, 0x0d, 0x0c, 0xed, 0xde, 0x54, 0xbc,
171 0xe6, 0x93, 0x59, 0xfc
174 static int ffc_params_validate_g_unverified_test(void)
178 BIGNUM *p = NULL, *q = NULL, *g = NULL;
179 BIGNUM *p1 = NULL, *g1 = NULL;
181 ossl_ffc_params_init(¶ms);
183 if (!TEST_ptr(p = BN_bin2bn(dsa_2048_224_sha256_p,
184 sizeof(dsa_2048_224_sha256_p), NULL)))
187 if (!TEST_ptr(q = BN_bin2bn(dsa_2048_224_sha256_q,
188 sizeof(dsa_2048_224_sha256_q), NULL)))
190 if (!TEST_ptr(g = BN_bin2bn(dsa_2048_224_sha256_g,
191 sizeof(dsa_2048_224_sha256_g), NULL)))
195 /* Fail if g is NULL */
196 ossl_ffc_params_set0_pqg(¶ms, p, q, NULL);
199 ossl_ffc_params_set_flags(¶ms, FFC_PARAM_FLAG_VALIDATE_G);
200 ossl_ffc_set_digest(¶ms, "SHA256", NULL);
202 if (!TEST_false(ossl_ffc_params_FIPS186_4_validate(NULL, ¶ms,
207 ossl_ffc_params_set0_pqg(¶ms, p, q, g);
209 if (!TEST_true(ossl_ffc_params_FIPS186_4_validate(NULL, ¶ms,
216 if (!TEST_false(ossl_ffc_params_FIPS186_4_validate(NULL, ¶ms,
223 if (!TEST_false(ossl_ffc_params_FIPS186_4_validate(NULL, ¶ms,
230 if (!TEST_false(ossl_ffc_params_FIPS186_4_validate(NULL, ¶ms,
237 ossl_ffc_params_cleanup(¶ms);
244 static int ffc_params_validate_pq_test(void)
246 int ret = 0, res = -1;
248 BIGNUM *p = NULL, *q = NULL;
250 ossl_ffc_params_init(¶ms);
251 if (!TEST_ptr(p = BN_bin2bn(dsa_2048_224_sha224_p,
252 sizeof(dsa_2048_224_sha224_p),
255 if (!TEST_ptr(q = BN_bin2bn(dsa_2048_224_sha224_q,
256 sizeof(dsa_2048_224_sha224_q),
261 ossl_ffc_params_set0_pqg(¶ms, NULL, q, NULL);
263 ossl_ffc_params_set_flags(¶ms, FFC_PARAM_FLAG_VALIDATE_PQ);
264 ossl_ffc_set_digest(¶ms, "SHA224", NULL);
266 if (!TEST_false(ossl_ffc_params_FIPS186_4_validate(NULL, ¶ms,
271 /* Test valid case */
272 ossl_ffc_params_set0_pqg(¶ms, p, NULL, NULL);
274 ossl_ffc_params_set_validate_params(¶ms, dsa_2048_224_sha224_seed,
275 sizeof(dsa_2048_224_sha224_seed),
276 dsa_2048_224_sha224_counter);
277 if (!TEST_true(ossl_ffc_params_FIPS186_4_validate(NULL, ¶ms,
282 /* Bad counter - so p is not prime */
283 ossl_ffc_params_set_validate_params(¶ms, dsa_2048_224_sha224_seed,
284 sizeof(dsa_2048_224_sha224_seed),
286 if (!TEST_false(ossl_ffc_params_FIPS186_4_validate(NULL, ¶ms,
291 /* seedlen smaller than N */
292 ossl_ffc_params_set_validate_params(¶ms, dsa_2048_224_sha224_seed,
293 sizeof(dsa_2048_224_sha224_seed)-1,
294 dsa_2048_224_sha224_counter);
295 if (!TEST_false(ossl_ffc_params_FIPS186_4_validate(NULL, ¶ms,
300 /* Provided seed doesnt produce a valid prime q */
301 ossl_ffc_params_set_validate_params(¶ms, dsa_2048_224_sha224_bad_seed,
302 sizeof(dsa_2048_224_sha224_bad_seed),
303 dsa_2048_224_sha224_counter);
304 if (!TEST_false(ossl_ffc_params_FIPS186_4_validate(NULL, ¶ms,
309 if (!TEST_ptr(p = BN_bin2bn(dsa_3072_256_sha512_p,
310 sizeof(dsa_3072_256_sha512_p), NULL)))
312 if (!TEST_ptr(q = BN_bin2bn(dsa_3072_256_sha512_q,
313 sizeof(dsa_3072_256_sha512_q),
318 ossl_ffc_params_set0_pqg(¶ms, p, q, NULL);
320 ossl_ffc_set_digest(¶ms, "SHA512", NULL);
321 ossl_ffc_params_set_validate_params(¶ms, dsa_3072_256_sha512_seed,
322 sizeof(dsa_3072_256_sha512_seed),
323 dsa_3072_256_sha512_counter);
324 /* Q doesn't div P-1 */
325 if (!TEST_false(ossl_ffc_params_FIPS186_4_validate(NULL, ¶ms,
330 /* Bad L/N for FIPS DH */
331 if (!TEST_false(ossl_ffc_params_FIPS186_4_validate(NULL, ¶ms,
338 ossl_ffc_params_cleanup(¶ms);
343 #endif /* OPENSSL_NO_DSA */
345 #ifndef OPENSSL_NO_DH
346 static int ffc_params_gen_test(void)
348 int ret = 0, res = -1;
351 ossl_ffc_params_init(¶ms);
352 if (!TEST_true(ossl_ffc_params_FIPS186_4_generate(NULL, ¶ms,
354 2048, 256, &res, NULL)))
356 if (!TEST_true(ossl_ffc_params_FIPS186_4_validate(NULL, ¶ms,
363 ossl_ffc_params_cleanup(¶ms);
367 static int ffc_params_gen_canonicalg_test(void)
369 int ret = 0, res = -1;
372 ossl_ffc_params_init(¶ms);
374 if (!TEST_true(ossl_ffc_params_FIPS186_4_generate(NULL, ¶ms,
376 2048, 256, &res, NULL)))
378 if (!TEST_true(ossl_ffc_params_FIPS186_4_validate(NULL, ¶ms,
383 if (!TEST_true(ossl_ffc_params_print(bio_out, ¶ms, 4)))
388 ossl_ffc_params_cleanup(¶ms);
392 static int ffc_params_fips186_2_gen_validate_test(void)
394 int ret = 0, res = -1;
398 ossl_ffc_params_init(¶ms);
399 if (!TEST_ptr(bn = BN_new()))
401 if (!TEST_true(ossl_ffc_params_FIPS186_2_generate(NULL, ¶ms,
403 1024, 160, &res, NULL)))
405 if (!TEST_true(ossl_ffc_params_FIPS186_2_validate(NULL, ¶ms,
411 * The fips186-2 generation should produce a different q compared to
412 * fips 186-4 given the same seed value. So validation of q will fail.
414 if (!TEST_false(ossl_ffc_params_FIPS186_4_validate(NULL, ¶ms,
418 /* As the params are randomly generated the error is one of the following */
419 if (!TEST_true(res == FFC_CHECK_Q_MISMATCH || res == FFC_CHECK_Q_NOT_PRIME))
422 ossl_ffc_params_set_flags(¶ms, FFC_PARAM_FLAG_VALIDATE_G);
423 /* Partially valid g test will still pass */
424 if (!TEST_int_eq(ossl_ffc_params_FIPS186_4_validate(NULL, ¶ms,
429 if (!TEST_true(ossl_ffc_params_print(bio_out, ¶ms, 4)))
435 ossl_ffc_params_cleanup(¶ms);
439 extern FFC_PARAMS *ossl_dh_get0_params(DH *dh);
441 static int ffc_public_validate_test(void)
443 int ret = 0, res = -1;
448 if (!TEST_ptr(pub = BN_new()))
451 if (!TEST_ptr(dh = DH_new_by_nid(NID_ffdhe2048)))
453 params = ossl_dh_get0_params(dh);
455 if (!TEST_true(BN_set_word(pub, 1)))
457 BN_set_negative(pub, 1);
458 /* Fail if public key is negative */
459 if (!TEST_false(ossl_ffc_validate_public_key(params, pub, &res)))
461 if (!TEST_int_eq(FFC_ERROR_PUBKEY_TOO_SMALL, res))
463 if (!TEST_true(BN_set_word(pub, 0)))
465 if (!TEST_int_eq(FFC_ERROR_PUBKEY_TOO_SMALL, res))
467 /* Fail if public key is zero */
468 if (!TEST_false(ossl_ffc_validate_public_key(params, pub, &res)))
470 if (!TEST_int_eq(FFC_ERROR_PUBKEY_TOO_SMALL, res))
472 /* Fail if public key is 1 */
473 if (!TEST_false(ossl_ffc_validate_public_key(params, BN_value_one(), &res)))
475 if (!TEST_int_eq(FFC_ERROR_PUBKEY_TOO_SMALL, res))
477 if (!TEST_true(BN_add_word(pub, 2)))
479 /* Pass if public key >= 2 */
480 if (!TEST_true(ossl_ffc_validate_public_key(params, pub, &res)))
483 if (!TEST_ptr(BN_copy(pub, params->p)))
485 /* Fail if public key = p */
486 if (!TEST_false(ossl_ffc_validate_public_key(params, pub, &res)))
488 if (!TEST_int_eq(FFC_ERROR_PUBKEY_TOO_LARGE, res))
491 if (!TEST_true(BN_sub_word(pub, 1)))
493 /* Fail if public key = p - 1 */
494 if (!TEST_false(ossl_ffc_validate_public_key(params, pub, &res)))
496 if (!TEST_int_eq(FFC_ERROR_PUBKEY_TOO_LARGE, res))
499 if (!TEST_true(BN_sub_word(pub, 1)))
501 /* Fail if public key is not related to p & q */
502 if (!TEST_false(ossl_ffc_validate_public_key(params, pub, &res)))
504 if (!TEST_int_eq(FFC_ERROR_PUBKEY_INVALID, res))
507 if (!TEST_true(BN_sub_word(pub, 5)))
509 /* Pass if public key is valid */
510 if (!TEST_true(ossl_ffc_validate_public_key(params, pub, &res)))
513 /* Fail if params is NULL */
514 if (!TEST_false(ossl_ffc_validate_public_key(NULL, pub, &res)))
516 if (!TEST_int_eq(FFC_ERROR_PASSED_NULL_PARAM, res))
519 /* Fail if pubkey is NULL */
520 if (!TEST_false(ossl_ffc_validate_public_key(params, NULL, &res)))
522 if (!TEST_int_eq(FFC_ERROR_PASSED_NULL_PARAM, res))
528 /* Fail if params->p is NULL */
529 if (!TEST_false(ossl_ffc_validate_public_key(params, pub, &res)))
531 if (!TEST_int_eq(FFC_ERROR_PASSED_NULL_PARAM, res))
541 static int ffc_private_validate_test(void)
543 int ret = 0, res = -1;
548 if (!TEST_ptr(priv = BN_new()))
551 if (!TEST_ptr(dh = DH_new_by_nid(NID_ffdhe2048)))
553 params = ossl_dh_get0_params(dh);
555 if (!TEST_true(BN_set_word(priv, 1)))
557 BN_set_negative(priv, 1);
558 /* Fail if priv key is negative */
559 if (!TEST_false(ossl_ffc_validate_private_key(params->q, priv, &res)))
561 if (!TEST_int_eq(FFC_ERROR_PRIVKEY_TOO_SMALL, res))
564 if (!TEST_true(BN_set_word(priv, 0)))
566 /* Fail if priv key is zero */
567 if (!TEST_false(ossl_ffc_validate_private_key(params->q, priv, &res)))
569 if (!TEST_int_eq(FFC_ERROR_PRIVKEY_TOO_SMALL, res))
572 /* Pass if priv key >= 1 */
573 if (!TEST_true(ossl_ffc_validate_private_key(params->q, BN_value_one(),
577 if (!TEST_ptr(BN_copy(priv, params->q)))
579 /* Fail if priv key = upper */
580 if (!TEST_false(ossl_ffc_validate_private_key(params->q, priv, &res)))
582 if (!TEST_int_eq(FFC_ERROR_PRIVKEY_TOO_LARGE, res))
585 if (!TEST_true(BN_sub_word(priv, 1)))
587 /* Pass if priv key <= upper - 1 */
588 if (!TEST_true(ossl_ffc_validate_private_key(params->q, priv, &res)))
591 if (!TEST_false(ossl_ffc_validate_private_key(NULL, priv, &res)))
593 if (!TEST_int_eq(FFC_ERROR_PASSED_NULL_PARAM, res))
596 if (!TEST_false(ossl_ffc_validate_private_key(params->q, NULL, &res)))
598 if (!TEST_int_eq(FFC_ERROR_PASSED_NULL_PARAM, res))
608 static int ffc_private_gen_test(int index)
610 int ret = 0, res = -1, N;
616 if (!TEST_ptr(ctx = BN_CTX_new_ex(NULL)))
619 if (!TEST_ptr(priv = BN_new()))
622 if (!TEST_ptr(dh = DH_new_by_nid(NID_ffdhe2048)))
624 params = ossl_dh_get0_params(dh);
626 N = BN_num_bits(params->q);
627 /* Fail since N < 2*s - where s = 112*/
628 if (!TEST_false(ossl_ffc_generate_private_key(ctx, params, 220, 112, priv)))
630 /* fail since N > len(q) */
631 if (!TEST_false(ossl_ffc_generate_private_key(ctx, params, N + 1, 112, priv)))
633 /* s must be always set */
634 if (!TEST_false(ossl_ffc_generate_private_key(ctx, params, N, 0, priv)))
636 /* pass since 2s <= N <= len(q) */
637 if (!TEST_true(ossl_ffc_generate_private_key(ctx, params, N, 112, priv)))
639 /* pass since N = len(q) */
640 if (!TEST_true(ossl_ffc_validate_private_key(params->q, priv, &res)))
642 /* pass since 2s <= N < len(q) */
643 if (!TEST_true(ossl_ffc_generate_private_key(ctx, params, N / 2, 112, priv)))
645 if (!TEST_true(ossl_ffc_validate_private_key(params->q, priv, &res)))
647 /* N is ignored in this case */
648 if (!TEST_true(ossl_ffc_generate_private_key(ctx, params, 0,
649 ossl_ifc_ffc_compute_security_bits(BN_num_bits(params->p)),
652 if (!TEST_int_le(BN_num_bits(priv), 225))
654 if (!TEST_true(ossl_ffc_validate_private_key(params->q, priv, &res)))
665 static int ffc_params_copy_test(void)
669 FFC_PARAMS *params, copy;
671 ossl_ffc_params_init(©);
673 if (!TEST_ptr(dh = DH_new_by_nid(NID_ffdhe3072)))
675 params = ossl_dh_get0_params(dh);
677 if (!TEST_int_eq(params->keylength, 275))
680 if (!TEST_true(ossl_ffc_params_copy(©, params)))
683 if (!TEST_int_eq(copy.keylength, 275))
686 if (!TEST_true(ossl_ffc_params_cmp(©, params, 0)))
691 ossl_ffc_params_cleanup(©);
695 #endif /* OPENSSL_NO_DH */
697 int setup_tests(void)
699 #ifndef OPENSSL_NO_DSA
700 ADD_TEST(ffc_params_validate_pq_test);
701 ADD_TEST(ffc_params_validate_g_unverified_test);
702 #endif /* OPENSSL_NO_DSA */
703 #ifndef OPENSSL_NO_DH
704 ADD_TEST(ffc_params_gen_test);
705 ADD_TEST(ffc_params_gen_canonicalg_test);
706 ADD_TEST(ffc_params_fips186_2_gen_validate_test);
707 ADD_TEST(ffc_public_validate_test);
708 ADD_TEST(ffc_private_validate_test);
709 ADD_ALL_TESTS(ffc_private_gen_test, 10);
710 ADD_TEST(ffc_params_copy_test);
711 #endif /* OPENSSL_NO_DH */