test/ffc_internal_test.c

   1 /*
   2  * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
   3  * Copyright (c) 2019-2020, Oracle and/or its affiliates.  All rights reserved.
   4  *
   5  * Licensed under the Apache License 2.0 (the "License").  You may not use
   6  * this file except in compliance with the License.  You can obtain a copy
   7  * in the file LICENSE in the source distribution or at
   8  * https://www.openssl.org/source/license.html
   9  */
  10
  11 /*
  12  * This is an internal test that is intentionally using internal APIs. Some of
  13  * those APIs are deprecated for public use.
  14  */
  15 #include "internal/deprecated.h"
  16
  17 #include <stdio.h>
  18 #include <stdlib.h>
  19 #include <string.h>
  20
  21 #include "internal/nelem.h"
  22 #include <openssl/crypto.h>
  23 #include <openssl/bio.h>
  24 #include <openssl/bn.h>
  25 #include <openssl/rand.h>
  26 #include <openssl/err.h>
  27 #include "testutil.h"
  28
  29 #include "internal/ffc.h"
  30 #include "crypto/security_bits.h"
  31
  32 #ifndef OPENSSL_NO_DSA
  33 static const unsigned char dsa_2048_224_sha224_p[] = {
  34     0x93, 0x57, 0x93, 0x62, 0x1b, 0x9a, 0x10, 0x9b, 0xc1, 0x56, 0x0f, 0x24,
  35     0x71, 0x76, 0x4e, 0xd3, 0xed, 0x78, 0x78, 0x7a, 0xbf, 0x89, 0x71, 0x67,
  36     0x8e, 0x03, 0xd8, 0x5b, 0xcd, 0x22, 0x8f, 0x70, 0x74, 0xff, 0x22, 0x05,
  37     0x07, 0x0c, 0x4c, 0x60, 0xed, 0x41, 0xe1, 0x9e, 0x9c, 0xaa, 0x3e, 0x19,
  38     0x5c, 0x3d, 0x80, 0x58, 0xb2, 0x7f, 0x5f, 0x89, 0xec, 0xb5, 0x19, 0xdb,
  39     0x06, 0x11, 0xe9, 0x78, 0x5c, 0xf9, 0xa0, 0x9e, 0x70, 0x62, 0x14, 0x7b,
  40     0xda, 0x92, 0xbf, 0xb2, 0x6b, 0x01, 0x6f, 0xb8, 0x68, 0x9c, 0x89, 0x36,
  41     0x89, 0x72, 0x79, 0x49, 0x93, 0x3d, 0x14, 0xb2, 0x2d, 0xbb, 0xf0, 0xdf,
  42     0x94, 0x45, 0x0b, 0x5f, 0xf1, 0x75, 0x37, 0xeb, 0x49, 0xb9, 0x2d, 0xce,
  43     0xb7, 0xf4, 0x95, 0x77, 0xc2, 0xe9, 0x39, 0x1c, 0x4e, 0x0c, 0x40, 0x62,
  44     0x33, 0x0a, 0xe6, 0x29, 0x6f, 0xba, 0xef, 0x02, 0xdd, 0x0d, 0xe4, 0x04,
  45     0x01, 0x70, 0x40, 0xb9, 0xc9, 0x7e, 0x2f, 0x10, 0x37, 0xe9, 0xde, 0xb0,
  46     0xf6, 0xeb, 0x71, 0x7f, 0x9c, 0x35, 0x16, 0xf3, 0x0d, 0xc4, 0xe8, 0x02,
  47     0x37, 0x6c, 0xdd, 0xb3, 0x8d, 0x2d, 0x1e, 0x28, 0x13, 0x22, 0x89, 0x40,
  48     0xe5, 0xfa, 0x16, 0x67, 0xd6, 0xda, 0x12, 0xa2, 0x38, 0x83, 0x25, 0xcc,
  49     0x26, 0xc1, 0x27, 0x74, 0xfe, 0xf6, 0x7a, 0xb6, 0xa1, 0xe4, 0xe8, 0xdf,
  50     0x5d, 0xd2, 0x9c, 0x2f, 0xec, 0xea, 0x08, 0xca, 0x48, 0xdb, 0x18, 0x4b,
  51     0x12, 0xee, 0x16, 0x9b, 0xa6, 0x00, 0xa0, 0x18, 0x98, 0x7d, 0xce, 0x6c,
  52     0x6d, 0xf8, 0xfc, 0x95, 0x51, 0x1b, 0x0a, 0x40, 0xb6, 0xfc, 0xe5, 0xe2,
  53     0xb0, 0x26, 0x53, 0x4c, 0xd7, 0xfe, 0xaa, 0x6d, 0xbc, 0xdd, 0xc0, 0x61,
  54     0x65, 0xe4, 0x89, 0x44, 0x18, 0x6f, 0xd5, 0x39, 0xcf, 0x75, 0x6d, 0x29,
  55     0xcc, 0xf8, 0x40, 0xab
  56 };
  57 static const unsigned char dsa_2048_224_sha224_q[] = {
  58     0xf2, 0x5e, 0x4e, 0x9a, 0x15, 0xa8, 0x13, 0xdf, 0xa3, 0x17, 0x90, 0xc6,
  59     0xd6, 0x5e, 0xb1, 0xfb, 0x31, 0xf8, 0xb5, 0xb1, 0x4b, 0xa7, 0x6d, 0xde,
  60     0x57, 0x76, 0x6f, 0x11
  61 };
  62 static const unsigned char dsa_2048_224_sha224_seed[] = {
  63     0xd2, 0xb1, 0x36, 0xd8, 0x5b, 0x8e, 0xa4, 0xb2, 0x6a, 0xab, 0x4e, 0x85,
  64     0x8b, 0x49, 0xf9, 0xdd, 0xe6, 0xa1, 0xcd, 0xad, 0x49, 0x52, 0xe9, 0xb3,
  65     0x36, 0x17, 0x06, 0xcf
  66 };
  67 static const unsigned char dsa_2048_224_sha224_bad_seed[] = {
  68     0xd2, 0xb1, 0x36, 0xd8, 0x5b, 0x8e, 0xa4, 0xb2, 0x6a, 0xab, 0x4e, 0x85,
  69     0x8b, 0x49, 0xf9, 0xdd, 0xe6, 0xa1, 0xcd, 0xad, 0x49, 0x52, 0xe9, 0xb3,
  70     0x36, 0x17, 0x06, 0xd0
  71 };
  72 static int dsa_2048_224_sha224_counter = 2878;
  73
  74 static const unsigned char dsa_3072_256_sha512_p[] = {
  75     0x9a, 0x82, 0x8b, 0x8d, 0xea, 0xd0, 0x56, 0x23, 0x88, 0x2d, 0x5d, 0x41,
  76     0x42, 0x4c, 0x13, 0x5a, 0x15, 0x81, 0x59, 0x02, 0xc5, 0x00, 0x82, 0x28,
  77     0x01, 0xee, 0x8f, 0x99, 0xfd, 0x6a, 0x95, 0xf2, 0x0f, 0xae, 0x34, 0x77,
  78     0x29, 0xcc, 0xc7, 0x50, 0x0e, 0x03, 0xef, 0xb0, 0x4d, 0xe5, 0x10, 0x00,
  79     0xa8, 0x7b, 0xce, 0x8c, 0xc6, 0xb2, 0x01, 0x74, 0x23, 0x1b, 0x7f, 0xe8,
  80     0xf9, 0x71, 0x28, 0x39, 0xcf, 0x18, 0x04, 0xb2, 0x95, 0x61, 0x2d, 0x11,
  81     0x71, 0x6b, 0xdd, 0x0d, 0x0b, 0xf0, 0xe6, 0x97, 0x52, 0x29, 0x9d, 0x45,
  82     0xb1, 0x23, 0xda, 0xb0, 0xd5, 0xcb, 0x51, 0x71, 0x8e, 0x40, 0x9c, 0x97,
  83     0x13, 0xea, 0x1f, 0x4b, 0x32, 0x5d, 0x27, 0x74, 0x81, 0x8d, 0x47, 0x8a,
  84     0x08, 0xce, 0xf4, 0xd1, 0x28, 0xa2, 0x0f, 0x9b, 0x2e, 0xc9, 0xa3, 0x0e,
  85     0x5d, 0xde, 0x47, 0x19, 0x6d, 0x5f, 0x98, 0xe0, 0x8e, 0x7f, 0x60, 0x8f,
  86     0x25, 0xa7, 0xa4, 0xeb, 0xb9, 0xf3, 0x24, 0xa4, 0x9e, 0xc1, 0xbd, 0x14,
  87     0x27, 0x7c, 0x27, 0xc8, 0x4f, 0x5f, 0xed, 0xfd, 0x86, 0xc8, 0xf1, 0xd7,
  88     0x82, 0xe2, 0xeb, 0xe5, 0xd2, 0xbe, 0xb0, 0x65, 0x28, 0xab, 0x99, 0x9e,
  89     0xcd, 0xd5, 0x22, 0xf8, 0x1b, 0x3b, 0x01, 0xe9, 0x20, 0x3d, 0xe4, 0x98,
  90     0x22, 0xfe, 0xfc, 0x09, 0x7e, 0x95, 0x20, 0xda, 0xb6, 0x12, 0x2c, 0x94,
  91     0x5c, 0xea, 0x74, 0x71, 0xbd, 0x19, 0xac, 0x78, 0x43, 0x02, 0x51, 0xb8,
  92     0x5f, 0x06, 0x1d, 0xea, 0xc8, 0xa4, 0x3b, 0xc9, 0x78, 0xa3, 0x2b, 0x09,
  93     0xdc, 0x76, 0x74, 0xc4, 0x23, 0x14, 0x48, 0x2e, 0x84, 0x2b, 0xa3, 0x82,
  94     0xc1, 0xba, 0x0b, 0x39, 0x2a, 0x9f, 0x24, 0x7b, 0xd6, 0xc2, 0xea, 0x5a,
  95     0xb6, 0xbd, 0x15, 0x82, 0x21, 0x85, 0xe0, 0x6b, 0x12, 0x4f, 0x8d, 0x64,
  96     0x75, 0xeb, 0x7e, 0xa1, 0xdb, 0xe0, 0x9d, 0x25, 0xae, 0x3b, 0xe9, 0x9b,
  97     0x21, 0x7f, 0x9a, 0x3d, 0x66, 0xd0, 0x52, 0x1d, 0x39, 0x8b, 0xeb, 0xfc,
  98     0xec, 0xbe, 0x72, 0x20, 0x5a, 0xdf, 0x1b, 0x00, 0xf1, 0x0e, 0xed, 0xc6,
  99     0x78, 0x6f, 0xc9, 0xab, 0xe4, 0xd6, 0x81, 0x8b, 0xcc, 0xf6, 0xd4, 0x6a,
 100     0x31, 0x62, 0x08, 0xd9, 0x38, 0x21, 0x8f, 0xda, 0x9e, 0xb1, 0x2b, 0x9c,
 101     0xc0, 0xbe, 0xf7, 0x9a, 0x43, 0x2d, 0x07, 0x59, 0x46, 0x0e, 0xd5, 0x23,
 102     0x4e, 0xaa, 0x4a, 0x04, 0xc2, 0xde, 0x33, 0xa6, 0x34, 0xba, 0xac, 0x4f,
 103     0x78, 0xd8, 0xca, 0x76, 0xce, 0x5e, 0xd4, 0xf6, 0x85, 0x4c, 0x6a, 0x60,
 104     0x08, 0x5d, 0x0e, 0x34, 0x8b, 0xf2, 0xb6, 0xe3, 0xb7, 0x51, 0xca, 0x43,
 105     0xaa, 0x68, 0x7b, 0x0a, 0x6e, 0xea, 0xce, 0x1e, 0x2c, 0x34, 0x8e, 0x0f,
 106     0xe2, 0xcc, 0x38, 0xf2, 0x9a, 0x98, 0xef, 0xe6, 0x7f, 0xf6, 0x62, 0xbb
 107 };
 108 static const unsigned char dsa_3072_256_sha512_q[] = {
 109     0xc1, 0xdb, 0xc1, 0x21, 0x50, 0x49, 0x63, 0xa3, 0x77, 0x6d, 0x4c, 0x92,
 110     0xed, 0x58, 0x9e, 0x98, 0xea, 0xac, 0x7a, 0x90, 0x13, 0x24, 0xf7, 0xcd,
 111     0xd7, 0xe6, 0xd4, 0x8f, 0xf0, 0x45, 0x4b, 0xf7
 112 };
 113 static const unsigned char dsa_3072_256_sha512_seed[] = {
 114     0x35, 0x24, 0xb5, 0x59, 0xd5, 0x27, 0x58, 0x10, 0xf6, 0xa2, 0x7c, 0x9a,
 115     0x0d, 0xc2, 0x70, 0x8a, 0xb0, 0x41, 0x4a, 0x84, 0x0b, 0xfe, 0x66, 0xf5,
 116     0x3a, 0xbf, 0x4a, 0xa9, 0xcb, 0xfc, 0xa6, 0x22
 117 };
 118 static int dsa_3072_256_sha512_counter = 1604;
 119
 120 static const unsigned char dsa_2048_224_sha256_p[] = {
 121     0xe9, 0x13, 0xbc, 0xf2, 0x14, 0x5d, 0xf9, 0x79, 0xd6, 0x6d, 0xf5, 0xc5,
 122     0xbe, 0x7b, 0x6f, 0x90, 0x63, 0xd0, 0xfd, 0xee, 0x4f, 0xc4, 0x65, 0x83,
 123     0xbf, 0xec, 0xc3, 0x2c, 0x5d, 0x30, 0xc8, 0xa4, 0x3b, 0x2f, 0x3b, 0x29,
 124     0x43, 0x69, 0xfb, 0x6e, 0xa9, 0xa4, 0x07, 0x6c, 0xcd, 0xb0, 0xd2, 0xd9,
 125     0xd3, 0xe6, 0xf4, 0x87, 0x16, 0xb7, 0xe5, 0x06, 0xb9, 0xba, 0xd6, 0x87,
 126     0xbc, 0x01, 0x9e, 0xba, 0xc2, 0xcf, 0x39, 0xb6, 0xec, 0xdc, 0x75, 0x07,
 127     0xc1, 0x39, 0x2d, 0x6a, 0x95, 0x31, 0x97, 0xda, 0x54, 0x20, 0x29, 0xe0,
 128     0x1b, 0xf9, 0x74, 0x65, 0xaa, 0xc1, 0x47, 0xd3, 0x9e, 0xb4, 0x3c, 0x1d,
 129     0xe0, 0xdc, 0x2d, 0x21, 0xab, 0x12, 0x3b, 0xa5, 0x51, 0x1e, 0xc6, 0xbc,
 130     0x6b, 0x4c, 0x22, 0xd1, 0x7c, 0xc6, 0xce, 0xcb, 0x8c, 0x1d, 0x1f, 0xce,
 131     0x1c, 0xe2, 0x75, 0x49, 0x6d, 0x2c, 0xee, 0x7f, 0x5f, 0xb8, 0x74, 0x42,
 132     0x5c, 0x96, 0x77, 0x13, 0xff, 0x80, 0xf3, 0x05, 0xc7, 0xfe, 0x08, 0x3b,
 133     0x25, 0x36, 0x46, 0xa2, 0xc4, 0x26, 0xb4, 0xb0, 0x3b, 0xd5, 0xb2, 0x4c,
 134     0x13, 0x29, 0x0e, 0x47, 0x31, 0x66, 0x7d, 0x78, 0x57, 0xe6, 0xc2, 0xb5,
 135     0x9f, 0x46, 0x17, 0xbc, 0xa9, 0x9a, 0x49, 0x1c, 0x0f, 0x45, 0xe0, 0x88,
 136     0x97, 0xa1, 0x30, 0x7c, 0x42, 0xb7, 0x2c, 0x0a, 0xce, 0xb3, 0xa5, 0x7a,
 137     0x61, 0x8e, 0xab, 0x44, 0xc1, 0xdc, 0x70, 0xe5, 0xda, 0x78, 0x2a, 0xb4,
 138     0xe6, 0x3c, 0xa0, 0x58, 0xda, 0x62, 0x0a, 0xb2, 0xa9, 0x3d, 0xaa, 0x49,
 139     0x7e, 0x7f, 0x9a, 0x19, 0x67, 0xee, 0xd6, 0xe3, 0x67, 0x13, 0xe8, 0x6f,
 140     0x79, 0x50, 0x76, 0xfc, 0xb3, 0x9d, 0x7e, 0x9e, 0x3e, 0x6e, 0x47, 0xb1,
 141     0x11, 0x5e, 0xc8, 0x83, 0x3a, 0x3c, 0xfc, 0x82, 0x5c, 0x9d, 0x34, 0x65,
 142     0x73, 0xb4, 0x56, 0xd5
 143 };
 144 static const unsigned char dsa_2048_224_sha256_q[] = {
 145     0xb0, 0xdf, 0xa1, 0x7b, 0xa4, 0x77, 0x64, 0x0e, 0xb9, 0x28, 0xbb, 0xbc,
 146     0xd4, 0x60, 0x02, 0xaf, 0x21, 0x8c, 0xb0, 0x69, 0x0f, 0x8a, 0x7b, 0xc6,
 147     0x80, 0xcb, 0x0a, 0x45
 148 };
 149 static const unsigned char dsa_2048_224_sha256_g[] = {
 150     0x11, 0x7c, 0x5f, 0xf6, 0x99, 0x44, 0x67, 0x5b, 0x69, 0xa3, 0x83, 0xef,
 151     0xb5, 0x85, 0xa2, 0x19, 0x35, 0x18, 0x2a, 0xf2, 0x58, 0xf4, 0xc9, 0x58,
 152     0x9e, 0xb9, 0xe8, 0x91, 0x17, 0x2f, 0xb0, 0x60, 0x85, 0x95, 0xa6, 0x62,
 153     0x36, 0xd0, 0xff, 0x94, 0xb9, 0xa6, 0x50, 0xad, 0xa6, 0xf6, 0x04, 0x28,
 154     0xc2, 0xc9, 0xb9, 0x75, 0xf3, 0x66, 0xb4, 0xeb, 0xf6, 0xd5, 0x06, 0x13,
 155     0x01, 0x64, 0x82, 0xa9, 0xf1, 0xd5, 0x41, 0xdc, 0xf2, 0x08, 0xfc, 0x2f,
 156     0xc4, 0xa1, 0x21, 0xee, 0x7d, 0xbc, 0xda, 0x5a, 0xa4, 0xa2, 0xb9, 0x68,
 157     0x87, 0x36, 0xba, 0x53, 0x9e, 0x14, 0x4e, 0x76, 0x5c, 0xba, 0x79, 0x3d,
 158     0x0f, 0xe5, 0x99, 0x1c, 0x27, 0xfc, 0xaf, 0x10, 0x63, 0x87, 0x68, 0x0e,
 159     0x3e, 0x6e, 0xaa, 0xf3, 0xdf, 0x76, 0x7e, 0x02, 0x9a, 0x41, 0x96, 0xa1,
 160     0x6c, 0xbb, 0x67, 0xee, 0x0c, 0xad, 0x72, 0x65, 0xf1, 0x70, 0xb0, 0x39,
 161     0x9b, 0x54, 0x5f, 0xd7, 0x6c, 0xc5, 0x9a, 0x90, 0x53, 0x18, 0xde, 0x5e,
 162     0x62, 0x89, 0xb9, 0x2f, 0x66, 0x59, 0x3a, 0x3d, 0x10, 0xeb, 0xa5, 0x99,
 163     0xf6, 0x21, 0x7d, 0xf2, 0x7b, 0x42, 0x15, 0x1c, 0x55, 0x79, 0x15, 0xaa,
 164     0xa4, 0x17, 0x2e, 0x48, 0xc3, 0xa8, 0x36, 0xf5, 0x1a, 0x97, 0xce, 0xbd,
 165     0x72, 0xef, 0x1d, 0x50, 0x5b, 0xb1, 0x60, 0x0a, 0x5c, 0x0b, 0xa6, 0x21,
 166     0x38, 0x28, 0x4e, 0x89, 0x33, 0x1d, 0xb5, 0x7e, 0x5c, 0xf1, 0x6b, 0x2c,
 167     0xbd, 0xad, 0x84, 0xb2, 0x8e, 0x96, 0xe2, 0x30, 0xe7, 0x54, 0xb8, 0xc9,
 168     0x70, 0xcb, 0x10, 0x30, 0x63, 0x90, 0xf4, 0x45, 0x64, 0x93, 0x09, 0x38,
 169     0x6a, 0x47, 0x58, 0x31, 0x04, 0x1a, 0x18, 0x04, 0x1a, 0xe0, 0xd7, 0x0b,
 170     0x3c, 0xbe, 0x2a, 0x9c, 0xec, 0xcc, 0x0d, 0x0c, 0xed, 0xde, 0x54, 0xbc,
 171     0xe6, 0x93, 0x59, 0xfc
 172 };
 173
 174 static int ffc_params_validate_g_unverified_test(void)
 175 {
 176     int ret = 0, res;
 177     FFC_PARAMS params;
 178     BIGNUM *p = NULL, *q = NULL, *g = NULL;
 179     BIGNUM *p1 = NULL, *g1 = NULL;
 180
 181     ossl_ffc_params_init(&params);
 182
 183     if (!TEST_ptr(p = BN_bin2bn(dsa_2048_224_sha256_p,
 184                                 sizeof(dsa_2048_224_sha256_p), NULL)))
 185         goto err;
 186     p1 = p;
 187     if (!TEST_ptr(q = BN_bin2bn(dsa_2048_224_sha256_q,
 188                                 sizeof(dsa_2048_224_sha256_q), NULL)))
 189         goto err;
 190     if (!TEST_ptr(g = BN_bin2bn(dsa_2048_224_sha256_g,
 191                                 sizeof(dsa_2048_224_sha256_g), NULL)))
 192         goto err;
 193     g1 = g;
 194
 195     /* Fail if g is NULL */
 196     ossl_ffc_params_set0_pqg(&params, p, q, NULL);
 197     p = NULL;
 198     q = NULL;
 199     ossl_ffc_params_set_flags(&params, FFC_PARAM_FLAG_VALIDATE_G);
 200     ossl_ffc_set_digest(&params, "SHA256", NULL);
 201
 202     if (!TEST_false(ossl_ffc_params_FIPS186_4_validate(NULL, &params,
 203                                                        FFC_PARAM_TYPE_DSA,
 204                                                        &res, NULL)))
 205         goto err;
 206
 207     ossl_ffc_params_set0_pqg(&params, p, q, g);
 208     g = NULL;
 209     if (!TEST_true(ossl_ffc_params_FIPS186_4_validate(NULL, &params,
 210                                                       FFC_PARAM_TYPE_DSA,
 211                                                       &res, NULL)))
 212         goto err;
 213
 214     /* incorrect g */
 215     BN_add_word(g1, 1);
 216     if (!TEST_false(ossl_ffc_params_FIPS186_4_validate(NULL, &params,
 217                                                        FFC_PARAM_TYPE_DSA,
 218                                                        &res, NULL)))
 219         goto err;
 220
 221     /* fail if g < 2 */
 222     BN_set_word(g1, 1);
 223     if (!TEST_false(ossl_ffc_params_FIPS186_4_validate(NULL, &params,
 224                                                        FFC_PARAM_TYPE_DSA,
 225                                                        &res, NULL)))
 226         goto err;
 227
 228     BN_copy(g1, p1);
 229     /* Fail if g >= p */
 230     if (!TEST_false(ossl_ffc_params_FIPS186_4_validate(NULL, &params,
 231                                                        FFC_PARAM_TYPE_DSA,
 232                                                        &res, NULL)))
 233         goto err;
 234
 235     ret = 1;
 236 err:
 237     ossl_ffc_params_cleanup(&params);
 238     BN_free(p);
 239     BN_free(q);
 240     BN_free(g);
 241     return ret;
 242 }
 243
 244 static int ffc_params_validate_pq_test(void)
 245 {
 246     int ret = 0, res = -1;
 247     FFC_PARAMS params;
 248     BIGNUM *p = NULL, *q = NULL;
 249
 250     ossl_ffc_params_init(&params);
 251     if (!TEST_ptr(p = BN_bin2bn(dsa_2048_224_sha224_p,
 252                                    sizeof(dsa_2048_224_sha224_p),
 253                                    NULL)))
 254         goto err;
 255     if (!TEST_ptr(q = BN_bin2bn(dsa_2048_224_sha224_q,
 256                                    sizeof(dsa_2048_224_sha224_q),
 257                                    NULL)))
 258         goto err;
 259
 260     /* No p */
 261     ossl_ffc_params_set0_pqg(&params, NULL, q, NULL);
 262     q = NULL;
 263     ossl_ffc_params_set_flags(&params, FFC_PARAM_FLAG_VALIDATE_PQ);
 264     ossl_ffc_set_digest(&params, "SHA224", NULL);
 265
 266     if (!TEST_false(ossl_ffc_params_FIPS186_4_validate(NULL, &params,
 267                                                        FFC_PARAM_TYPE_DSA,
 268                                                        &res, NULL)))
 269         goto err;
 270
 271     /* Test valid case */
 272     ossl_ffc_params_set0_pqg(&params, p, NULL, NULL);
 273     p = NULL;
 274     ossl_ffc_params_set_validate_params(&params, dsa_2048_224_sha224_seed,
 275                                         sizeof(dsa_2048_224_sha224_seed),
 276                                         dsa_2048_224_sha224_counter);
 277     if (!TEST_true(ossl_ffc_params_FIPS186_4_validate(NULL, &params,
 278                                                       FFC_PARAM_TYPE_DSA,
 279                                                       &res, NULL)))
 280         goto err;
 281
 282     /* Bad counter - so p is not prime */
 283     ossl_ffc_params_set_validate_params(&params, dsa_2048_224_sha224_seed,
 284                                         sizeof(dsa_2048_224_sha224_seed),
 285                                         1);
 286     if (!TEST_false(ossl_ffc_params_FIPS186_4_validate(NULL, &params,
 287                                                        FFC_PARAM_TYPE_DSA,
 288                                                        &res, NULL)))
 289         goto err;
 290
 291     /* seedlen smaller than N */
 292     ossl_ffc_params_set_validate_params(&params, dsa_2048_224_sha224_seed,
 293                                         sizeof(dsa_2048_224_sha224_seed)-1,
 294                                         dsa_2048_224_sha224_counter);
 295     if (!TEST_false(ossl_ffc_params_FIPS186_4_validate(NULL, &params,
 296                                                        FFC_PARAM_TYPE_DSA,
 297                                                        &res, NULL)))
 298         goto err;
 299
 300     /* Provided seed doesnt produce a valid prime q */
 301     ossl_ffc_params_set_validate_params(&params, dsa_2048_224_sha224_bad_seed,
 302                                         sizeof(dsa_2048_224_sha224_bad_seed),
 303                                         dsa_2048_224_sha224_counter);
 304     if (!TEST_false(ossl_ffc_params_FIPS186_4_validate(NULL, &params,
 305                                                        FFC_PARAM_TYPE_DSA,
 306                                                        &res, NULL)))
 307         goto err;
 308
 309     if (!TEST_ptr(p = BN_bin2bn(dsa_3072_256_sha512_p,
 310                                 sizeof(dsa_3072_256_sha512_p), NULL)))
 311         goto err;
 312     if (!TEST_ptr(q = BN_bin2bn(dsa_3072_256_sha512_q,
 313                                 sizeof(dsa_3072_256_sha512_q),
 314                                 NULL)))
 315         goto err;
 316
 317
 318     ossl_ffc_params_set0_pqg(&params, p, q, NULL);
 319     p = q  = NULL;
 320     ossl_ffc_set_digest(&params, "SHA512", NULL);
 321     ossl_ffc_params_set_validate_params(&params, dsa_3072_256_sha512_seed,
 322                                         sizeof(dsa_3072_256_sha512_seed),
 323                                         dsa_3072_256_sha512_counter);
 324     /* Q doesn't div P-1 */
 325     if (!TEST_false(ossl_ffc_params_FIPS186_4_validate(NULL, &params,
 326                                                        FFC_PARAM_TYPE_DSA,
 327                                                        &res, NULL)))
 328         goto err;
 329
 330     /* Bad L/N for FIPS DH */
 331     if (!TEST_false(ossl_ffc_params_FIPS186_4_validate(NULL, &params,
 332                                                        FFC_PARAM_TYPE_DH,
 333                                                        &res, NULL)))
 334         goto err;
 335
 336     ret = 1;
 337 err:
 338     ossl_ffc_params_cleanup(&params);
 339     BN_free(p);
 340     BN_free(q);
 341     return ret;
 342 }
 343 #endif /* OPENSSL_NO_DSA */
 344
 345 #ifndef OPENSSL_NO_DH
 346 static int ffc_params_gen_test(void)
 347 {
 348     int ret = 0, res = -1;
 349     FFC_PARAMS params;
 350
 351     ossl_ffc_params_init(&params);
 352     if (!TEST_true(ossl_ffc_params_FIPS186_4_generate(NULL, &params,
 353                                                       FFC_PARAM_TYPE_DH,
 354                                                       2048, 256, &res, NULL)))
 355         goto err;
 356     if (!TEST_true(ossl_ffc_params_FIPS186_4_validate(NULL, &params,
 357                                                       FFC_PARAM_TYPE_DH,
 358                                                       &res, NULL)))
 359         goto err;
 360
 361     ret = 1;
 362 err:
 363     ossl_ffc_params_cleanup(&params);
 364     return ret;
 365 }
 366
 367 static int ffc_params_gen_canonicalg_test(void)
 368 {
 369     int ret = 0, res = -1;
 370     FFC_PARAMS params;
 371
 372     ossl_ffc_params_init(&params);
 373     params.gindex = 1;
 374     if (!TEST_true(ossl_ffc_params_FIPS186_4_generate(NULL, &params,
 375                                                       FFC_PARAM_TYPE_DH,
 376                                                       2048, 256, &res, NULL)))
 377         goto err;
 378     if (!TEST_true(ossl_ffc_params_FIPS186_4_validate(NULL, &params,
 379                                                       FFC_PARAM_TYPE_DH,
 380                                                       &res, NULL)))
 381         goto err;
 382
 383     if (!TEST_true(ossl_ffc_params_print(bio_out, &params, 4)))
 384         goto err;
 385
 386     ret = 1;
 387 err:
 388     ossl_ffc_params_cleanup(&params);
 389     return ret;
 390 }
 391
 392 static int ffc_params_fips186_2_gen_validate_test(void)
 393 {
 394     int ret = 0, res = -1;
 395     FFC_PARAMS params;
 396     BIGNUM *bn = NULL;
 397
 398     ossl_ffc_params_init(&params);
 399     if (!TEST_ptr(bn = BN_new()))
 400         goto err;
 401     if (!TEST_true(ossl_ffc_params_FIPS186_2_generate(NULL, &params,
 402                                                       FFC_PARAM_TYPE_DH,
 403                                                       1024, 160, &res, NULL)))
 404         goto err;
 405     if (!TEST_true(ossl_ffc_params_FIPS186_2_validate(NULL, &params,
 406                                                       FFC_PARAM_TYPE_DH,
 407                                                       &res, NULL)))
 408         goto err;
 409
 410     /*
 411      * The fips186-2 generation should produce a different q compared to
 412      * fips 186-4 given the same seed value. So validation of q will fail.
 413      */
 414     if (!TEST_false(ossl_ffc_params_FIPS186_4_validate(NULL, &params,
 415                                                        FFC_PARAM_TYPE_DSA,
 416                                                        &res, NULL)))
 417         goto err;
 418     /* As the params are randomly generated the error is one of the following */
 419     if (!TEST_true(res == FFC_CHECK_Q_MISMATCH || res == FFC_CHECK_Q_NOT_PRIME))
 420         goto err;
 421
 422     ossl_ffc_params_set_flags(&params, FFC_PARAM_FLAG_VALIDATE_G);
 423     /* Partially valid g test will still pass */
 424     if (!TEST_int_eq(ossl_ffc_params_FIPS186_4_validate(NULL, &params,
 425                                                         FFC_PARAM_TYPE_DSA,
 426                                                         &res, NULL), 2))
 427         goto err;
 428
 429     if (!TEST_true(ossl_ffc_params_print(bio_out, &params, 4)))
 430         goto err;
 431
 432     ret = 1;
 433 err:
 434     BN_free(bn);
 435     ossl_ffc_params_cleanup(&params);
 436     return ret;
 437 }
 438
 439 extern FFC_PARAMS *ossl_dh_get0_params(DH *dh);
 440
 441 static int ffc_public_validate_test(void)
 442 {
 443     int ret = 0, res = -1;
 444     FFC_PARAMS *params;
 445     BIGNUM *pub = NULL;
 446     DH *dh = NULL;
 447
 448     if (!TEST_ptr(pub = BN_new()))
 449         goto err;
 450
 451     if (!TEST_ptr(dh = DH_new_by_nid(NID_ffdhe2048)))
 452         goto err;
 453     params = ossl_dh_get0_params(dh);
 454
 455     if (!TEST_true(BN_set_word(pub, 1)))
 456         goto err;
 457     BN_set_negative(pub, 1);
 458     /* Fail if public key is negative */
 459     if (!TEST_false(ossl_ffc_validate_public_key(params, pub, &res)))
 460         goto err;
 461     if (!TEST_int_eq(FFC_ERROR_PUBKEY_TOO_SMALL, res))
 462         goto err;
 463     if (!TEST_true(BN_set_word(pub, 0)))
 464         goto err;
 465     if (!TEST_int_eq(FFC_ERROR_PUBKEY_TOO_SMALL, res))
 466         goto err;
 467     /* Fail if public key is zero */
 468     if (!TEST_false(ossl_ffc_validate_public_key(params, pub, &res)))
 469         goto err;
 470     if (!TEST_int_eq(FFC_ERROR_PUBKEY_TOO_SMALL, res))
 471         goto err;
 472     /* Fail if public key is 1 */
 473     if (!TEST_false(ossl_ffc_validate_public_key(params, BN_value_one(), &res)))
 474         goto err;
 475     if (!TEST_int_eq(FFC_ERROR_PUBKEY_TOO_SMALL, res))
 476         goto err;
 477     if (!TEST_true(BN_add_word(pub, 2)))
 478         goto err;
 479     /* Pass if public key >= 2 */
 480     if (!TEST_true(ossl_ffc_validate_public_key(params, pub, &res)))
 481         goto err;
 482
 483     if (!TEST_ptr(BN_copy(pub, params->p)))
 484         goto err;
 485     /* Fail if public key = p */
 486     if (!TEST_false(ossl_ffc_validate_public_key(params, pub, &res)))
 487         goto err;
 488     if (!TEST_int_eq(FFC_ERROR_PUBKEY_TOO_LARGE, res))
 489         goto err;
 490
 491     if (!TEST_true(BN_sub_word(pub, 1)))
 492         goto err;
 493     /* Fail if public key = p - 1 */
 494     if (!TEST_false(ossl_ffc_validate_public_key(params, pub, &res)))
 495         goto err;
 496     if (!TEST_int_eq(FFC_ERROR_PUBKEY_TOO_LARGE, res))
 497         goto err;
 498
 499     if (!TEST_true(BN_sub_word(pub, 1)))
 500         goto err;
 501     /* Fail if public key is not related to p & q */
 502     if (!TEST_false(ossl_ffc_validate_public_key(params, pub, &res)))
 503         goto err;
 504     if (!TEST_int_eq(FFC_ERROR_PUBKEY_INVALID, res))
 505         goto err;
 506
 507     if (!TEST_true(BN_sub_word(pub, 5)))
 508         goto err;
 509     /* Pass if public key is valid */
 510     if (!TEST_true(ossl_ffc_validate_public_key(params, pub, &res)))
 511         goto err;
 512
 513     ret = 1;
 514 err:
 515     DH_free(dh);
 516     BN_free(pub);
 517     return ret;
 518 }
 519
 520 static int ffc_private_validate_test(void)
 521 {
 522     int ret = 0, res = -1;
 523     FFC_PARAMS *params;
 524     BIGNUM *priv = NULL;
 525     DH *dh = NULL;
 526
 527     if (!TEST_ptr(priv = BN_new()))
 528         goto err;
 529
 530     if (!TEST_ptr(dh = DH_new_by_nid(NID_ffdhe2048)))
 531         goto err;
 532     params = ossl_dh_get0_params(dh);
 533
 534     if (!TEST_true(BN_set_word(priv, 1)))
 535         goto err;
 536     BN_set_negative(priv, 1);
 537     /* Fail if priv key is negative */
 538     if (!TEST_false(ossl_ffc_validate_private_key(params->q, priv, &res)))
 539         goto err;
 540     if (!TEST_int_eq(FFC_ERROR_PRIVKEY_TOO_SMALL, res))
 541         goto err;
 542
 543     if (!TEST_true(BN_set_word(priv, 0)))
 544         goto err;
 545     /* Fail if priv key is zero */
 546     if (!TEST_false(ossl_ffc_validate_private_key(params->q, priv, &res)))
 547         goto err;
 548     if (!TEST_int_eq(FFC_ERROR_PRIVKEY_TOO_SMALL, res))
 549         goto err;
 550
 551     /* Pass if priv key >= 1 */
 552     if (!TEST_true(ossl_ffc_validate_private_key(params->q, BN_value_one(),
 553                                                  &res)))
 554         goto err;
 555
 556     if (!TEST_ptr(BN_copy(priv, params->q)))
 557         goto err;
 558     /* Fail if priv key = upper */
 559     if (!TEST_false(ossl_ffc_validate_private_key(params->q, priv, &res)))
 560         goto err;
 561     if (!TEST_int_eq(FFC_ERROR_PRIVKEY_TOO_LARGE, res))
 562         goto err;
 563
 564     if (!TEST_true(BN_sub_word(priv, 1)))
 565         goto err;
 566     /* Pass if priv key <= upper - 1 */
 567     if (!TEST_true(ossl_ffc_validate_private_key(params->q, priv, &res)))
 568         goto err;
 569
 570     ret = 1;
 571 err:
 572     DH_free(dh);
 573     BN_free(priv);
 574     return ret;
 575 }
 576
 577 static int ffc_private_gen_test(int index)
 578 {
 579     int ret = 0, res = -1, N;
 580     FFC_PARAMS *params;
 581     BIGNUM *priv = NULL;
 582     DH *dh = NULL;
 583     BN_CTX *ctx = NULL;
 584
 585     if (!TEST_ptr(ctx = BN_CTX_new_ex(NULL)))
 586         goto err;
 587
 588     if (!TEST_ptr(priv = BN_new()))
 589         goto err;
 590
 591     if (!TEST_ptr(dh = DH_new_by_nid(NID_ffdhe2048)))
 592         goto err;
 593     params = ossl_dh_get0_params(dh);
 594
 595     N = BN_num_bits(params->q);
 596     /* Fail since N < 2*s - where s = 112*/
 597     if (!TEST_false(ossl_ffc_generate_private_key(ctx, params, 220, 112, priv)))
 598         goto err;
 599     /* fail since N > len(q) */
 600     if (!TEST_false(ossl_ffc_generate_private_key(ctx, params, N + 1, 112, priv)))
 601         goto err;
 602     /* s must be always set */
 603     if (!TEST_false(ossl_ffc_generate_private_key(ctx, params, N, 0, priv)))
 604         goto err;
 605     /* pass since 2s <= N <= len(q) */
 606     if (!TEST_true(ossl_ffc_generate_private_key(ctx, params, N, 112, priv)))
 607         goto err;
 608     /* pass since N = len(q) */
 609     if (!TEST_true(ossl_ffc_validate_private_key(params->q, priv, &res)))
 610         goto err;
 611     /* pass since 2s <= N < len(q) */
 612     if (!TEST_true(ossl_ffc_generate_private_key(ctx, params, N / 2, 112, priv)))
 613         goto err;
 614     if (!TEST_true(ossl_ffc_validate_private_key(params->q, priv, &res)))
 615         goto err;
 616     /* N is ignored in this case */
 617     if (!TEST_true(ossl_ffc_generate_private_key(ctx, params, 0,
 618                                                  ossl_ifc_ffc_compute_security_bits(BN_num_bits(params->p)),
 619                                                  priv)))
 620         goto err;
 621     if (!TEST_int_le(BN_num_bits(priv), 225))
 622         goto err;
 623     if (!TEST_true(ossl_ffc_validate_private_key(params->q, priv, &res)))
 624         goto err;
 625
 626     ret = 1;
 627 err:
 628     DH_free(dh);
 629     BN_free(priv);
 630     BN_CTX_free(ctx);
 631     return ret;
 632 }
 633
 634 static int ffc_params_copy_test(void)
 635 {
 636     int ret = 0;
 637     DH *dh = NULL;
 638     FFC_PARAMS *params, copy;
 639
 640     ossl_ffc_params_init(&copy);
 641
 642     if (!TEST_ptr(dh = DH_new_by_nid(NID_ffdhe3072)))
 643         goto err;
 644     params = ossl_dh_get0_params(dh);
 645
 646     if (!TEST_int_eq(params->keylength, 275))
 647         goto err;
 648
 649     if (!TEST_true(ossl_ffc_params_copy(&copy, params)))
 650         goto err;
 651
 652     if (!TEST_int_eq(copy.keylength, 275))
 653         goto err;
 654
 655     if (!TEST_true(ossl_ffc_params_cmp(&copy, params, 0)))
 656         goto err;
 657
 658     ret = 1;
 659 err:
 660     ossl_ffc_params_cleanup(&copy);
 661     DH_free(dh);
 662     return ret;
 663 }
 664 #endif /* OPENSSL_NO_DH */
 665
 666 int setup_tests(void)
 667 {
 668 #ifndef OPENSSL_NO_DSA
 669     ADD_TEST(ffc_params_validate_pq_test);
 670     ADD_TEST(ffc_params_validate_g_unverified_test);
 671 #endif /* OPENSSL_NO_DSA */
 672 #ifndef OPENSSL_NO_DH
 673     ADD_TEST(ffc_params_gen_test);
 674     ADD_TEST(ffc_params_gen_canonicalg_test);
 675     ADD_TEST(ffc_params_fips186_2_gen_validate_test);
 676     ADD_TEST(ffc_public_validate_test);
 677     ADD_TEST(ffc_private_validate_test);
 678     ADD_ALL_TESTS(ffc_private_gen_test, 10);
 679     ADD_TEST(ffc_params_copy_test);
 680 #endif /* OPENSSL_NO_DH */
 681     return 1;
 682 }