2 * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved.
3 * Copyright (c) 2019-2020, Oracle and/or its affiliates. All rights reserved.
5 * Licensed under the Apache License 2.0 (the "License"). You may not use
6 * this file except in compliance with the License. You can obtain a copy
7 * in the file LICENSE in the source distribution or at
8 * https://www.openssl.org/source/license.html
15 #include "internal/nelem.h"
16 #include <openssl/crypto.h>
17 #include <openssl/bio.h>
18 #include <openssl/bn.h>
19 #include <openssl/rand.h>
20 #include <openssl/err.h>
23 #include "internal/ffc.h"
25 #ifndef OPENSSL_NO_DSA
26 static const unsigned char dsa_2048_224_sha224_p[] = {
27 0x93, 0x57, 0x93, 0x62, 0x1b, 0x9a, 0x10, 0x9b, 0xc1, 0x56, 0x0f, 0x24,
28 0x71, 0x76, 0x4e, 0xd3, 0xed, 0x78, 0x78, 0x7a, 0xbf, 0x89, 0x71, 0x67,
29 0x8e, 0x03, 0xd8, 0x5b, 0xcd, 0x22, 0x8f, 0x70, 0x74, 0xff, 0x22, 0x05,
30 0x07, 0x0c, 0x4c, 0x60, 0xed, 0x41, 0xe1, 0x9e, 0x9c, 0xaa, 0x3e, 0x19,
31 0x5c, 0x3d, 0x80, 0x58, 0xb2, 0x7f, 0x5f, 0x89, 0xec, 0xb5, 0x19, 0xdb,
32 0x06, 0x11, 0xe9, 0x78, 0x5c, 0xf9, 0xa0, 0x9e, 0x70, 0x62, 0x14, 0x7b,
33 0xda, 0x92, 0xbf, 0xb2, 0x6b, 0x01, 0x6f, 0xb8, 0x68, 0x9c, 0x89, 0x36,
34 0x89, 0x72, 0x79, 0x49, 0x93, 0x3d, 0x14, 0xb2, 0x2d, 0xbb, 0xf0, 0xdf,
35 0x94, 0x45, 0x0b, 0x5f, 0xf1, 0x75, 0x37, 0xeb, 0x49, 0xb9, 0x2d, 0xce,
36 0xb7, 0xf4, 0x95, 0x77, 0xc2, 0xe9, 0x39, 0x1c, 0x4e, 0x0c, 0x40, 0x62,
37 0x33, 0x0a, 0xe6, 0x29, 0x6f, 0xba, 0xef, 0x02, 0xdd, 0x0d, 0xe4, 0x04,
38 0x01, 0x70, 0x40, 0xb9, 0xc9, 0x7e, 0x2f, 0x10, 0x37, 0xe9, 0xde, 0xb0,
39 0xf6, 0xeb, 0x71, 0x7f, 0x9c, 0x35, 0x16, 0xf3, 0x0d, 0xc4, 0xe8, 0x02,
40 0x37, 0x6c, 0xdd, 0xb3, 0x8d, 0x2d, 0x1e, 0x28, 0x13, 0x22, 0x89, 0x40,
41 0xe5, 0xfa, 0x16, 0x67, 0xd6, 0xda, 0x12, 0xa2, 0x38, 0x83, 0x25, 0xcc,
42 0x26, 0xc1, 0x27, 0x74, 0xfe, 0xf6, 0x7a, 0xb6, 0xa1, 0xe4, 0xe8, 0xdf,
43 0x5d, 0xd2, 0x9c, 0x2f, 0xec, 0xea, 0x08, 0xca, 0x48, 0xdb, 0x18, 0x4b,
44 0x12, 0xee, 0x16, 0x9b, 0xa6, 0x00, 0xa0, 0x18, 0x98, 0x7d, 0xce, 0x6c,
45 0x6d, 0xf8, 0xfc, 0x95, 0x51, 0x1b, 0x0a, 0x40, 0xb6, 0xfc, 0xe5, 0xe2,
46 0xb0, 0x26, 0x53, 0x4c, 0xd7, 0xfe, 0xaa, 0x6d, 0xbc, 0xdd, 0xc0, 0x61,
47 0x65, 0xe4, 0x89, 0x44, 0x18, 0x6f, 0xd5, 0x39, 0xcf, 0x75, 0x6d, 0x29,
48 0xcc, 0xf8, 0x40, 0xab
50 static const unsigned char dsa_2048_224_sha224_q[] = {
51 0xf2, 0x5e, 0x4e, 0x9a, 0x15, 0xa8, 0x13, 0xdf, 0xa3, 0x17, 0x90, 0xc6,
52 0xd6, 0x5e, 0xb1, 0xfb, 0x31, 0xf8, 0xb5, 0xb1, 0x4b, 0xa7, 0x6d, 0xde,
53 0x57, 0x76, 0x6f, 0x11
55 static const unsigned char dsa_2048_224_sha224_seed[] = {
56 0xd2, 0xb1, 0x36, 0xd8, 0x5b, 0x8e, 0xa4, 0xb2, 0x6a, 0xab, 0x4e, 0x85,
57 0x8b, 0x49, 0xf9, 0xdd, 0xe6, 0xa1, 0xcd, 0xad, 0x49, 0x52, 0xe9, 0xb3,
58 0x36, 0x17, 0x06, 0xcf
60 static const unsigned char dsa_2048_224_sha224_bad_seed[] = {
61 0xd2, 0xb1, 0x36, 0xd8, 0x5b, 0x8e, 0xa4, 0xb2, 0x6a, 0xab, 0x4e, 0x85,
62 0x8b, 0x49, 0xf9, 0xdd, 0xe6, 0xa1, 0xcd, 0xad, 0x49, 0x52, 0xe9, 0xb3,
63 0x36, 0x17, 0x06, 0xd0
65 static int dsa_2048_224_sha224_counter = 2878;
67 static const unsigned char dsa_3072_256_sha512_p[] = {
68 0x9a, 0x82, 0x8b, 0x8d, 0xea, 0xd0, 0x56, 0x23, 0x88, 0x2d, 0x5d, 0x41,
69 0x42, 0x4c, 0x13, 0x5a, 0x15, 0x81, 0x59, 0x02, 0xc5, 0x00, 0x82, 0x28,
70 0x01, 0xee, 0x8f, 0x99, 0xfd, 0x6a, 0x95, 0xf2, 0x0f, 0xae, 0x34, 0x77,
71 0x29, 0xcc, 0xc7, 0x50, 0x0e, 0x03, 0xef, 0xb0, 0x4d, 0xe5, 0x10, 0x00,
72 0xa8, 0x7b, 0xce, 0x8c, 0xc6, 0xb2, 0x01, 0x74, 0x23, 0x1b, 0x7f, 0xe8,
73 0xf9, 0x71, 0x28, 0x39, 0xcf, 0x18, 0x04, 0xb2, 0x95, 0x61, 0x2d, 0x11,
74 0x71, 0x6b, 0xdd, 0x0d, 0x0b, 0xf0, 0xe6, 0x97, 0x52, 0x29, 0x9d, 0x45,
75 0xb1, 0x23, 0xda, 0xb0, 0xd5, 0xcb, 0x51, 0x71, 0x8e, 0x40, 0x9c, 0x97,
76 0x13, 0xea, 0x1f, 0x4b, 0x32, 0x5d, 0x27, 0x74, 0x81, 0x8d, 0x47, 0x8a,
77 0x08, 0xce, 0xf4, 0xd1, 0x28, 0xa2, 0x0f, 0x9b, 0x2e, 0xc9, 0xa3, 0x0e,
78 0x5d, 0xde, 0x47, 0x19, 0x6d, 0x5f, 0x98, 0xe0, 0x8e, 0x7f, 0x60, 0x8f,
79 0x25, 0xa7, 0xa4, 0xeb, 0xb9, 0xf3, 0x24, 0xa4, 0x9e, 0xc1, 0xbd, 0x14,
80 0x27, 0x7c, 0x27, 0xc8, 0x4f, 0x5f, 0xed, 0xfd, 0x86, 0xc8, 0xf1, 0xd7,
81 0x82, 0xe2, 0xeb, 0xe5, 0xd2, 0xbe, 0xb0, 0x65, 0x28, 0xab, 0x99, 0x9e,
82 0xcd, 0xd5, 0x22, 0xf8, 0x1b, 0x3b, 0x01, 0xe9, 0x20, 0x3d, 0xe4, 0x98,
83 0x22, 0xfe, 0xfc, 0x09, 0x7e, 0x95, 0x20, 0xda, 0xb6, 0x12, 0x2c, 0x94,
84 0x5c, 0xea, 0x74, 0x71, 0xbd, 0x19, 0xac, 0x78, 0x43, 0x02, 0x51, 0xb8,
85 0x5f, 0x06, 0x1d, 0xea, 0xc8, 0xa4, 0x3b, 0xc9, 0x78, 0xa3, 0x2b, 0x09,
86 0xdc, 0x76, 0x74, 0xc4, 0x23, 0x14, 0x48, 0x2e, 0x84, 0x2b, 0xa3, 0x82,
87 0xc1, 0xba, 0x0b, 0x39, 0x2a, 0x9f, 0x24, 0x7b, 0xd6, 0xc2, 0xea, 0x5a,
88 0xb6, 0xbd, 0x15, 0x82, 0x21, 0x85, 0xe0, 0x6b, 0x12, 0x4f, 0x8d, 0x64,
89 0x75, 0xeb, 0x7e, 0xa1, 0xdb, 0xe0, 0x9d, 0x25, 0xae, 0x3b, 0xe9, 0x9b,
90 0x21, 0x7f, 0x9a, 0x3d, 0x66, 0xd0, 0x52, 0x1d, 0x39, 0x8b, 0xeb, 0xfc,
91 0xec, 0xbe, 0x72, 0x20, 0x5a, 0xdf, 0x1b, 0x00, 0xf1, 0x0e, 0xed, 0xc6,
92 0x78, 0x6f, 0xc9, 0xab, 0xe4, 0xd6, 0x81, 0x8b, 0xcc, 0xf6, 0xd4, 0x6a,
93 0x31, 0x62, 0x08, 0xd9, 0x38, 0x21, 0x8f, 0xda, 0x9e, 0xb1, 0x2b, 0x9c,
94 0xc0, 0xbe, 0xf7, 0x9a, 0x43, 0x2d, 0x07, 0x59, 0x46, 0x0e, 0xd5, 0x23,
95 0x4e, 0xaa, 0x4a, 0x04, 0xc2, 0xde, 0x33, 0xa6, 0x34, 0xba, 0xac, 0x4f,
96 0x78, 0xd8, 0xca, 0x76, 0xce, 0x5e, 0xd4, 0xf6, 0x85, 0x4c, 0x6a, 0x60,
97 0x08, 0x5d, 0x0e, 0x34, 0x8b, 0xf2, 0xb6, 0xe3, 0xb7, 0x51, 0xca, 0x43,
98 0xaa, 0x68, 0x7b, 0x0a, 0x6e, 0xea, 0xce, 0x1e, 0x2c, 0x34, 0x8e, 0x0f,
99 0xe2, 0xcc, 0x38, 0xf2, 0x9a, 0x98, 0xef, 0xe6, 0x7f, 0xf6, 0x62, 0xbb
101 static const unsigned char dsa_3072_256_sha512_q[] = {
102 0xc1, 0xdb, 0xc1, 0x21, 0x50, 0x49, 0x63, 0xa3, 0x77, 0x6d, 0x4c, 0x92,
103 0xed, 0x58, 0x9e, 0x98, 0xea, 0xac, 0x7a, 0x90, 0x13, 0x24, 0xf7, 0xcd,
104 0xd7, 0xe6, 0xd4, 0x8f, 0xf0, 0x45, 0x4b, 0xf7
106 static const unsigned char dsa_3072_256_sha512_seed[] = {
107 0x35, 0x24, 0xb5, 0x59, 0xd5, 0x27, 0x58, 0x10, 0xf6, 0xa2, 0x7c, 0x9a,
108 0x0d, 0xc2, 0x70, 0x8a, 0xb0, 0x41, 0x4a, 0x84, 0x0b, 0xfe, 0x66, 0xf5,
109 0x3a, 0xbf, 0x4a, 0xa9, 0xcb, 0xfc, 0xa6, 0x22
111 static int dsa_3072_256_sha512_counter = 1604;
113 static const unsigned char dsa_2048_224_sha256_p[] = {
114 0xe9, 0x13, 0xbc, 0xf2, 0x14, 0x5d, 0xf9, 0x79, 0xd6, 0x6d, 0xf5, 0xc5,
115 0xbe, 0x7b, 0x6f, 0x90, 0x63, 0xd0, 0xfd, 0xee, 0x4f, 0xc4, 0x65, 0x83,
116 0xbf, 0xec, 0xc3, 0x2c, 0x5d, 0x30, 0xc8, 0xa4, 0x3b, 0x2f, 0x3b, 0x29,
117 0x43, 0x69, 0xfb, 0x6e, 0xa9, 0xa4, 0x07, 0x6c, 0xcd, 0xb0, 0xd2, 0xd9,
118 0xd3, 0xe6, 0xf4, 0x87, 0x16, 0xb7, 0xe5, 0x06, 0xb9, 0xba, 0xd6, 0x87,
119 0xbc, 0x01, 0x9e, 0xba, 0xc2, 0xcf, 0x39, 0xb6, 0xec, 0xdc, 0x75, 0x07,
120 0xc1, 0x39, 0x2d, 0x6a, 0x95, 0x31, 0x97, 0xda, 0x54, 0x20, 0x29, 0xe0,
121 0x1b, 0xf9, 0x74, 0x65, 0xaa, 0xc1, 0x47, 0xd3, 0x9e, 0xb4, 0x3c, 0x1d,
122 0xe0, 0xdc, 0x2d, 0x21, 0xab, 0x12, 0x3b, 0xa5, 0x51, 0x1e, 0xc6, 0xbc,
123 0x6b, 0x4c, 0x22, 0xd1, 0x7c, 0xc6, 0xce, 0xcb, 0x8c, 0x1d, 0x1f, 0xce,
124 0x1c, 0xe2, 0x75, 0x49, 0x6d, 0x2c, 0xee, 0x7f, 0x5f, 0xb8, 0x74, 0x42,
125 0x5c, 0x96, 0x77, 0x13, 0xff, 0x80, 0xf3, 0x05, 0xc7, 0xfe, 0x08, 0x3b,
126 0x25, 0x36, 0x46, 0xa2, 0xc4, 0x26, 0xb4, 0xb0, 0x3b, 0xd5, 0xb2, 0x4c,
127 0x13, 0x29, 0x0e, 0x47, 0x31, 0x66, 0x7d, 0x78, 0x57, 0xe6, 0xc2, 0xb5,
128 0x9f, 0x46, 0x17, 0xbc, 0xa9, 0x9a, 0x49, 0x1c, 0x0f, 0x45, 0xe0, 0x88,
129 0x97, 0xa1, 0x30, 0x7c, 0x42, 0xb7, 0x2c, 0x0a, 0xce, 0xb3, 0xa5, 0x7a,
130 0x61, 0x8e, 0xab, 0x44, 0xc1, 0xdc, 0x70, 0xe5, 0xda, 0x78, 0x2a, 0xb4,
131 0xe6, 0x3c, 0xa0, 0x58, 0xda, 0x62, 0x0a, 0xb2, 0xa9, 0x3d, 0xaa, 0x49,
132 0x7e, 0x7f, 0x9a, 0x19, 0x67, 0xee, 0xd6, 0xe3, 0x67, 0x13, 0xe8, 0x6f,
133 0x79, 0x50, 0x76, 0xfc, 0xb3, 0x9d, 0x7e, 0x9e, 0x3e, 0x6e, 0x47, 0xb1,
134 0x11, 0x5e, 0xc8, 0x83, 0x3a, 0x3c, 0xfc, 0x82, 0x5c, 0x9d, 0x34, 0x65,
135 0x73, 0xb4, 0x56, 0xd5
137 static const unsigned char dsa_2048_224_sha256_q[] = {
138 0xb0, 0xdf, 0xa1, 0x7b, 0xa4, 0x77, 0x64, 0x0e, 0xb9, 0x28, 0xbb, 0xbc,
139 0xd4, 0x60, 0x02, 0xaf, 0x21, 0x8c, 0xb0, 0x69, 0x0f, 0x8a, 0x7b, 0xc6,
140 0x80, 0xcb, 0x0a, 0x45
142 static const unsigned char dsa_2048_224_sha256_g[] = {
143 0x11, 0x7c, 0x5f, 0xf6, 0x99, 0x44, 0x67, 0x5b, 0x69, 0xa3, 0x83, 0xef,
144 0xb5, 0x85, 0xa2, 0x19, 0x35, 0x18, 0x2a, 0xf2, 0x58, 0xf4, 0xc9, 0x58,
145 0x9e, 0xb9, 0xe8, 0x91, 0x17, 0x2f, 0xb0, 0x60, 0x85, 0x95, 0xa6, 0x62,
146 0x36, 0xd0, 0xff, 0x94, 0xb9, 0xa6, 0x50, 0xad, 0xa6, 0xf6, 0x04, 0x28,
147 0xc2, 0xc9, 0xb9, 0x75, 0xf3, 0x66, 0xb4, 0xeb, 0xf6, 0xd5, 0x06, 0x13,
148 0x01, 0x64, 0x82, 0xa9, 0xf1, 0xd5, 0x41, 0xdc, 0xf2, 0x08, 0xfc, 0x2f,
149 0xc4, 0xa1, 0x21, 0xee, 0x7d, 0xbc, 0xda, 0x5a, 0xa4, 0xa2, 0xb9, 0x68,
150 0x87, 0x36, 0xba, 0x53, 0x9e, 0x14, 0x4e, 0x76, 0x5c, 0xba, 0x79, 0x3d,
151 0x0f, 0xe5, 0x99, 0x1c, 0x27, 0xfc, 0xaf, 0x10, 0x63, 0x87, 0x68, 0x0e,
152 0x3e, 0x6e, 0xaa, 0xf3, 0xdf, 0x76, 0x7e, 0x02, 0x9a, 0x41, 0x96, 0xa1,
153 0x6c, 0xbb, 0x67, 0xee, 0x0c, 0xad, 0x72, 0x65, 0xf1, 0x70, 0xb0, 0x39,
154 0x9b, 0x54, 0x5f, 0xd7, 0x6c, 0xc5, 0x9a, 0x90, 0x53, 0x18, 0xde, 0x5e,
155 0x62, 0x89, 0xb9, 0x2f, 0x66, 0x59, 0x3a, 0x3d, 0x10, 0xeb, 0xa5, 0x99,
156 0xf6, 0x21, 0x7d, 0xf2, 0x7b, 0x42, 0x15, 0x1c, 0x55, 0x79, 0x15, 0xaa,
157 0xa4, 0x17, 0x2e, 0x48, 0xc3, 0xa8, 0x36, 0xf5, 0x1a, 0x97, 0xce, 0xbd,
158 0x72, 0xef, 0x1d, 0x50, 0x5b, 0xb1, 0x60, 0x0a, 0x5c, 0x0b, 0xa6, 0x21,
159 0x38, 0x28, 0x4e, 0x89, 0x33, 0x1d, 0xb5, 0x7e, 0x5c, 0xf1, 0x6b, 0x2c,
160 0xbd, 0xad, 0x84, 0xb2, 0x8e, 0x96, 0xe2, 0x30, 0xe7, 0x54, 0xb8, 0xc9,
161 0x70, 0xcb, 0x10, 0x30, 0x63, 0x90, 0xf4, 0x45, 0x64, 0x93, 0x09, 0x38,
162 0x6a, 0x47, 0x58, 0x31, 0x04, 0x1a, 0x18, 0x04, 0x1a, 0xe0, 0xd7, 0x0b,
163 0x3c, 0xbe, 0x2a, 0x9c, 0xec, 0xcc, 0x0d, 0x0c, 0xed, 0xde, 0x54, 0xbc,
164 0xe6, 0x93, 0x59, 0xfc
167 static int ffc_params_validate_g_unverified_test(void)
171 BIGNUM *p = NULL, *q = NULL, *g = NULL;
172 BIGNUM *p1 = NULL, *g1 = NULL;
174 ffc_params_init(¶ms);
176 if (!TEST_ptr(p = BN_bin2bn(dsa_2048_224_sha256_p,
177 sizeof(dsa_2048_224_sha256_p), NULL)))
180 if (!TEST_ptr(q = BN_bin2bn(dsa_2048_224_sha256_q,
181 sizeof(dsa_2048_224_sha256_q), NULL)))
183 if (!TEST_ptr(g = BN_bin2bn(dsa_2048_224_sha256_g,
184 sizeof(dsa_2048_224_sha256_g), NULL)))
188 /* Fail if g is NULL */
189 ffc_params_set0_pqg(¶ms, p, q, NULL);
192 ffc_params_set_flags(¶ms, FFC_PARAM_FLAG_VALIDATE_G);
193 ffc_set_digest(¶ms, "SHA256", NULL);
195 if (!TEST_false(ffc_params_FIPS186_4_validate(NULL, ¶ms,
200 ffc_params_set0_pqg(¶ms, p, q, g);
202 if (!TEST_true(ffc_params_FIPS186_4_validate(NULL, ¶ms,
209 if (!TEST_false(ffc_params_FIPS186_4_validate(NULL, ¶ms,
216 if (!TEST_false(ffc_params_FIPS186_4_validate(NULL, ¶ms,
223 if (!TEST_false(ffc_params_FIPS186_4_validate(NULL, ¶ms,
230 ffc_params_cleanup(¶ms);
237 static int ffc_params_validate_pq_test(void)
239 int ret = 0, res = -1;
241 BIGNUM *p = NULL, *q = NULL;
243 ffc_params_init(¶ms);
244 if (!TEST_ptr(p = BN_bin2bn(dsa_2048_224_sha224_p,
245 sizeof(dsa_2048_224_sha224_p),
248 if (!TEST_ptr(q = BN_bin2bn(dsa_2048_224_sha224_q,
249 sizeof(dsa_2048_224_sha224_q),
254 ffc_params_set0_pqg(¶ms, NULL, q, NULL);
256 ffc_params_set_flags(¶ms, FFC_PARAM_FLAG_VALIDATE_PQ);
257 ffc_set_digest(¶ms, "SHA224", NULL);
259 if (!TEST_false(ffc_params_FIPS186_4_validate(NULL, ¶ms,
264 /* Test valid case */
265 ffc_params_set0_pqg(¶ms, p, NULL, NULL);
267 ffc_params_set_validate_params(¶ms, dsa_2048_224_sha224_seed,
268 sizeof(dsa_2048_224_sha224_seed),
269 dsa_2048_224_sha224_counter);
270 if (!TEST_true(ffc_params_FIPS186_4_validate(NULL, ¶ms,
275 /* Bad counter - so p is not prime */
276 ffc_params_set_validate_params(¶ms, dsa_2048_224_sha224_seed,
277 sizeof(dsa_2048_224_sha224_seed),
279 if (!TEST_false(ffc_params_FIPS186_4_validate(NULL, ¶ms,
284 /* seedlen smaller than N */
285 ffc_params_set_validate_params(¶ms, dsa_2048_224_sha224_seed,
286 sizeof(dsa_2048_224_sha224_seed)-1,
287 dsa_2048_224_sha224_counter);
288 if (!TEST_false(ffc_params_FIPS186_4_validate(NULL, ¶ms,
293 /* Provided seed doesnt produce a valid prime q */
294 ffc_params_set_validate_params(¶ms, dsa_2048_224_sha224_bad_seed,
295 sizeof(dsa_2048_224_sha224_bad_seed),
296 dsa_2048_224_sha224_counter);
297 if (!TEST_false(ffc_params_FIPS186_4_validate(NULL, ¶ms,
302 if (!TEST_ptr(p = BN_bin2bn(dsa_3072_256_sha512_p,
303 sizeof(dsa_3072_256_sha512_p), NULL)))
305 if (!TEST_ptr(q = BN_bin2bn(dsa_3072_256_sha512_q,
306 sizeof(dsa_3072_256_sha512_q),
311 ffc_params_set0_pqg(¶ms, p, q, NULL);
313 ffc_set_digest(¶ms, "SHA512", NULL);
314 ffc_params_set_validate_params(¶ms, dsa_3072_256_sha512_seed,
315 sizeof(dsa_3072_256_sha512_seed),
316 dsa_3072_256_sha512_counter);
317 /* Q doesn't div P-1 */
318 if (!TEST_false(ffc_params_FIPS186_4_validate(NULL, ¶ms,
323 /* Bad L/N for FIPS DH */
324 if (!TEST_false(ffc_params_FIPS186_4_validate(NULL, ¶ms,
331 ffc_params_cleanup(¶ms);
336 #endif /* OPENSSL_NO_DSA */
338 #ifndef OPENSSL_NO_DH
339 static int ffc_params_gen_test(void)
341 int ret = 0, res = -1;
344 ffc_params_init(¶ms);
345 if (!TEST_true(ffc_params_FIPS186_4_generate(NULL, ¶ms,
347 2048, 256, &res, NULL)))
349 if (!TEST_true(ffc_params_FIPS186_4_validate(NULL, ¶ms,
356 ffc_params_cleanup(¶ms);
360 static int ffc_params_gen_canonicalg_test(void)
362 int ret = 0, res = -1;
365 ffc_params_init(¶ms);
367 if (!TEST_true(ffc_params_FIPS186_4_generate(NULL, ¶ms,
369 2048, 256, &res, NULL)))
371 if (!TEST_true(ffc_params_FIPS186_4_validate(NULL, ¶ms,
376 if (!TEST_true(ffc_params_print(bio_out, ¶ms, 4)))
381 ffc_params_cleanup(¶ms);
385 static int ffc_params_fips186_2_gen_validate_test(void)
387 int ret = 0, res = -1;
391 ffc_params_init(¶ms);
392 if (!TEST_ptr(bn = BN_new()))
394 if (!TEST_true(ffc_params_FIPS186_2_generate(NULL, ¶ms,
396 1024, 160, &res, NULL)))
398 if (!TEST_true(ffc_params_FIPS186_2_validate(NULL, ¶ms,
404 * The fips186-2 generation should produce a different q compared to
405 * fips 186-4 given the same seed value. So validation of q will fail.
407 if (!TEST_false(ffc_params_FIPS186_4_validate(NULL, ¶ms,
411 /* As the params are randomly generated the error is one of the following */
412 if (!TEST_true(res == FFC_CHECK_Q_MISMATCH || res == FFC_CHECK_Q_NOT_PRIME))
415 ffc_params_set_flags(¶ms, FFC_PARAM_FLAG_VALIDATE_G);
416 /* Partially valid g test will still pass */
417 if (!TEST_int_eq(ffc_params_FIPS186_4_validate(NULL, ¶ms,
422 if (!TEST_true(ffc_params_print(bio_out, ¶ms, 4)))
428 ffc_params_cleanup(¶ms);
432 extern FFC_PARAMS *dh_get0_params(DH *dh);
434 static int ffc_public_validate_test(void)
436 int ret = 0, res = -1;
441 if (!TEST_ptr(pub = BN_new()))
444 if (!TEST_ptr(dh = DH_new_by_nid(NID_ffdhe2048)))
446 params = dh_get0_params(dh);
448 if (!TEST_true(BN_set_word(pub, 1)))
450 BN_set_negative(pub, 1);
451 /* Fail if public key is negative */
452 if (!TEST_false(ffc_validate_public_key(params, pub, &res)))
454 if (!TEST_int_eq(FFC_ERROR_PUBKEY_TOO_SMALL, res))
456 if (!TEST_true(BN_set_word(pub, 0)))
458 if (!TEST_int_eq(FFC_ERROR_PUBKEY_TOO_SMALL, res))
460 /* Fail if public key is zero */
461 if (!TEST_false(ffc_validate_public_key(params, pub, &res)))
463 if (!TEST_int_eq(FFC_ERROR_PUBKEY_TOO_SMALL, res))
465 /* Fail if public key is 1 */
466 if (!TEST_false(ffc_validate_public_key(params, BN_value_one(), &res)))
468 if (!TEST_int_eq(FFC_ERROR_PUBKEY_TOO_SMALL, res))
470 if (!TEST_true(BN_add_word(pub, 2)))
472 /* Pass if public key >= 2 */
473 if (!TEST_true(ffc_validate_public_key(params, pub, &res)))
476 if (!TEST_ptr(BN_copy(pub, params->p)))
478 /* Fail if public key = p */
479 if (!TEST_false(ffc_validate_public_key(params, pub, &res)))
481 if (!TEST_int_eq(FFC_ERROR_PUBKEY_TOO_LARGE, res))
484 if (!TEST_true(BN_sub_word(pub, 1)))
486 /* Fail if public key = p - 1 */
487 if (!TEST_false(ffc_validate_public_key(params, pub, &res)))
489 if (!TEST_int_eq(FFC_ERROR_PUBKEY_TOO_LARGE, res))
492 if (!TEST_true(BN_sub_word(pub, 1)))
494 /* Fail if public key is not related to p & q */
495 if (!TEST_false(ffc_validate_public_key(params, pub, &res)))
497 if (!TEST_int_eq(FFC_ERROR_PUBKEY_INVALID, res))
500 if (!TEST_true(BN_sub_word(pub, 5)))
502 /* Pass if public key is valid */
503 if (!TEST_true(ffc_validate_public_key(params, pub, &res)))
513 static int ffc_private_validate_test(void)
515 int ret = 0, res = -1;
520 if (!TEST_ptr(priv = BN_new()))
523 if (!TEST_ptr(dh = DH_new_by_nid(NID_ffdhe2048)))
525 params = dh_get0_params(dh);
527 if (!TEST_true(BN_set_word(priv, 1)))
529 BN_set_negative(priv, 1);
530 /* Fail if priv key is negative */
531 if (!TEST_false(ffc_validate_private_key(params->q, priv, &res)))
533 if (!TEST_int_eq(FFC_ERROR_PRIVKEY_TOO_SMALL, res))
536 if (!TEST_true(BN_set_word(priv, 0)))
538 /* Fail if priv key is zero */
539 if (!TEST_false(ffc_validate_private_key(params->q, priv, &res)))
541 if (!TEST_int_eq(FFC_ERROR_PRIVKEY_TOO_SMALL, res))
544 /* Pass if priv key >= 1 */
545 if (!TEST_true(ffc_validate_private_key(params->q, BN_value_one(), &res)))
548 if (!TEST_ptr(BN_copy(priv, params->q)))
550 /* Fail if priv key = upper */
551 if (!TEST_false(ffc_validate_private_key(params->q, priv, &res)))
553 if (!TEST_int_eq(FFC_ERROR_PRIVKEY_TOO_LARGE, res))
556 if (!TEST_true(BN_sub_word(priv, 1)))
558 /* Pass if priv key <= upper - 1 */
559 if (!TEST_true(ffc_validate_private_key(params->q, priv, &res)))
569 static int ffc_private_gen_test(int index)
571 int ret = 0, res = -1, N;
577 if (!TEST_ptr(ctx = BN_CTX_new_ex(NULL)))
580 if (!TEST_ptr(priv = BN_new()))
583 if (!TEST_ptr(dh = DH_new_by_nid(NID_ffdhe2048)))
585 params = dh_get0_params(dh);
587 N = BN_num_bits(params->q);
588 /* Fail since N < 2*s - where s = 112*/
589 if (!TEST_false(ffc_generate_private_key(ctx, params, 220, 112, priv)))
591 /* fail since N > len(q) */
592 if (!TEST_false(ffc_generate_private_key(ctx, params, N + 1, 112, priv)))
594 /* pass since 2s <= N <= len(q) */
595 if (!TEST_true(ffc_generate_private_key(ctx, params, N, 112, priv)))
597 /* pass since N = len(q) */
598 if (!TEST_true(ffc_validate_private_key(params->q, priv, &res)))
600 /* pass since 2s <= N < len(q) */
601 if (!TEST_true(ffc_generate_private_key(ctx, params, N / 2, 112, priv)))
603 if (!TEST_true(ffc_validate_private_key(params->q, priv, &res)))
606 /* N and s are ignored in this case */
607 if (!TEST_true(ffc_generate_private_key(ctx, params, 0, 0, priv)))
609 if (!TEST_true(ffc_validate_private_key(params->q, priv, &res)))
619 #endif /* OPENSSL_NO_DH */
621 int setup_tests(void)
623 #ifndef OPENSSL_NO_DSA
624 ADD_TEST(ffc_params_validate_pq_test);
625 ADD_TEST(ffc_params_validate_g_unverified_test);
626 #endif /* OPENSSL_NO_DSA */
627 #ifndef OPENSSL_NO_DH
628 ADD_TEST(ffc_params_gen_test);
629 ADD_TEST(ffc_params_gen_canonicalg_test);
630 ADD_TEST(ffc_params_fips186_2_gen_validate_test);
631 ADD_TEST(ffc_public_validate_test);
632 ADD_TEST(ffc_private_validate_test);
633 ADD_ALL_TESTS(ffc_private_gen_test, 10);
634 #endif /* OPENSSL_NO_DH */
projects / openssl.git / blob