/*
- * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2019-2020, Oracle and/or its affiliates. All rights reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* https://www.openssl.org/source/license.html
*/
+/*
+ * This is an internal test that is intentionally using internal APIs. Some of
+ * those APIs are deprecated for public use.
+ */
+#include "internal/deprecated.h"
+
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include "testutil.h"
#include "internal/ffc.h"
+#include "crypto/security_bits.h"
#ifndef OPENSSL_NO_DSA
static const unsigned char dsa_2048_224_sha224_p[] = {
BIGNUM *p = NULL, *q = NULL, *g = NULL;
BIGNUM *p1 = NULL, *g1 = NULL;
- ffc_params_init(¶ms);
+ ossl_ffc_params_init(¶ms);
if (!TEST_ptr(p = BN_bin2bn(dsa_2048_224_sha256_p,
sizeof(dsa_2048_224_sha256_p), NULL)))
g1 = g;
/* Fail if g is NULL */
- ffc_params_set0_pqg(¶ms, p, q, NULL);
+ ossl_ffc_params_set0_pqg(¶ms, p, q, NULL);
p = NULL;
q = NULL;
- if (!TEST_false(ffc_params_FIPS186_4_validate(¶ms, FFC_PARAM_TYPE_DSA,
- EVP_sha256(),
- FFC_PARAMS_VALIDATE_G, &res,
- NULL)))
+ ossl_ffc_params_set_flags(¶ms, FFC_PARAM_FLAG_VALIDATE_G);
+ ossl_ffc_set_digest(¶ms, "SHA256", NULL);
+
+ if (!TEST_false(ossl_ffc_params_FIPS186_4_validate(NULL, ¶ms,
+ FFC_PARAM_TYPE_DSA,
+ &res, NULL)))
goto err;
- ffc_params_set0_pqg(¶ms, p, q, g);
+ ossl_ffc_params_set0_pqg(¶ms, p, q, g);
g = NULL;
- if (!TEST_true(ffc_params_FIPS186_4_validate(¶ms, FFC_PARAM_TYPE_DSA,
- EVP_sha256(),
- FFC_PARAMS_VALIDATE_G, &res,
- NULL)))
+ if (!TEST_true(ossl_ffc_params_FIPS186_4_validate(NULL, ¶ms,
+ FFC_PARAM_TYPE_DSA,
+ &res, NULL)))
goto err;
/* incorrect g */
BN_add_word(g1, 1);
- if (!TEST_false(ffc_params_FIPS186_4_validate(¶ms, FFC_PARAM_TYPE_DSA,
- EVP_sha256(),
- FFC_PARAMS_VALIDATE_G, &res,
- NULL)))
+ if (!TEST_false(ossl_ffc_params_FIPS186_4_validate(NULL, ¶ms,
+ FFC_PARAM_TYPE_DSA,
+ &res, NULL)))
goto err;
/* fail if g < 2 */
BN_set_word(g1, 1);
- if (!TEST_false(ffc_params_FIPS186_4_validate(¶ms, FFC_PARAM_TYPE_DSA,
- EVP_sha256(),
- FFC_PARAMS_VALIDATE_G, &res,
- NULL)))
+ if (!TEST_false(ossl_ffc_params_FIPS186_4_validate(NULL, ¶ms,
+ FFC_PARAM_TYPE_DSA,
+ &res, NULL)))
goto err;
BN_copy(g1, p1);
/* Fail if g >= p */
- if (!TEST_false(ffc_params_FIPS186_4_validate(¶ms, FFC_PARAM_TYPE_DSA,
- EVP_sha256(),
- FFC_PARAMS_VALIDATE_G, &res,
- NULL)))
+ if (!TEST_false(ossl_ffc_params_FIPS186_4_validate(NULL, ¶ms,
+ FFC_PARAM_TYPE_DSA,
+ &res, NULL)))
goto err;
ret = 1;
err:
- ffc_params_cleanup(¶ms);
+ ossl_ffc_params_cleanup(¶ms);
BN_free(p);
BN_free(q);
BN_free(g);
FFC_PARAMS params;
BIGNUM *p = NULL, *q = NULL;
- ffc_params_init(¶ms);
+ ossl_ffc_params_init(¶ms);
if (!TEST_ptr(p = BN_bin2bn(dsa_2048_224_sha224_p,
sizeof(dsa_2048_224_sha224_p),
NULL)))
goto err;
/* No p */
- ffc_params_set0_pqg(¶ms, NULL, q, NULL);
+ ossl_ffc_params_set0_pqg(¶ms, NULL, q, NULL);
q = NULL;
- if (!TEST_false(ffc_params_FIPS186_4_validate(¶ms, FFC_PARAM_TYPE_DSA,
- EVP_sha224(),
- FFC_PARAMS_VALIDATE_PQ, &res,
- NULL)))
+ ossl_ffc_params_set_flags(¶ms, FFC_PARAM_FLAG_VALIDATE_PQ);
+ ossl_ffc_set_digest(¶ms, "SHA224", NULL);
+
+ if (!TEST_false(ossl_ffc_params_FIPS186_4_validate(NULL, ¶ms,
+ FFC_PARAM_TYPE_DSA,
+ &res, NULL)))
goto err;
/* Test valid case */
- ffc_params_set0_pqg(¶ms, p, NULL, NULL);
+ ossl_ffc_params_set0_pqg(¶ms, p, NULL, NULL);
p = NULL;
- ffc_params_set_validate_params(¶ms, dsa_2048_224_sha224_seed,
- sizeof(dsa_2048_224_sha224_seed),
- dsa_2048_224_sha224_counter);
- if (!TEST_true(ffc_params_FIPS186_4_validate(¶ms, FFC_PARAM_TYPE_DSA,
- EVP_sha224(),
- FFC_PARAMS_VALIDATE_PQ, &res,
- NULL)))
+ ossl_ffc_params_set_validate_params(¶ms, dsa_2048_224_sha224_seed,
+ sizeof(dsa_2048_224_sha224_seed),
+ dsa_2048_224_sha224_counter);
+ if (!TEST_true(ossl_ffc_params_FIPS186_4_validate(NULL, ¶ms,
+ FFC_PARAM_TYPE_DSA,
+ &res, NULL)))
goto err;
/* Bad counter - so p is not prime */
- ffc_params_set_validate_params(¶ms, dsa_2048_224_sha224_seed,
- sizeof(dsa_2048_224_sha224_seed),
- 1);
- if (!TEST_false(ffc_params_FIPS186_4_validate(¶ms, FFC_PARAM_TYPE_DSA,
- EVP_sha224(),
- FFC_PARAMS_VALIDATE_PQ, &res,
- NULL)))
+ ossl_ffc_params_set_validate_params(¶ms, dsa_2048_224_sha224_seed,
+ sizeof(dsa_2048_224_sha224_seed),
+ 1);
+ if (!TEST_false(ossl_ffc_params_FIPS186_4_validate(NULL, ¶ms,
+ FFC_PARAM_TYPE_DSA,
+ &res, NULL)))
goto err;
/* seedlen smaller than N */
- ffc_params_set_validate_params(¶ms, dsa_2048_224_sha224_seed,
- sizeof(dsa_2048_224_sha224_seed)-1,
- dsa_2048_224_sha224_counter);
- if (!TEST_false(ffc_params_FIPS186_4_validate(¶ms, FFC_PARAM_TYPE_DSA,
- EVP_sha224(),
- FFC_PARAMS_VALIDATE_PQ, &res,
- NULL)))
+ ossl_ffc_params_set_validate_params(¶ms, dsa_2048_224_sha224_seed,
+ sizeof(dsa_2048_224_sha224_seed)-1,
+ dsa_2048_224_sha224_counter);
+ if (!TEST_false(ossl_ffc_params_FIPS186_4_validate(NULL, ¶ms,
+ FFC_PARAM_TYPE_DSA,
+ &res, NULL)))
goto err;
- /* Provided seed doesnt produce a valid prime q */
- ffc_params_set_validate_params(¶ms, dsa_2048_224_sha224_bad_seed,
- sizeof(dsa_2048_224_sha224_bad_seed),
- dsa_2048_224_sha224_counter);
- if (!TEST_false(ffc_params_FIPS186_4_validate(¶ms, FFC_PARAM_TYPE_DSA,
- EVP_sha224(),
- FFC_PARAMS_VALIDATE_PQ, &res,
- NULL)))
+ /* Provided seed doesn't produce a valid prime q */
+ ossl_ffc_params_set_validate_params(¶ms, dsa_2048_224_sha224_bad_seed,
+ sizeof(dsa_2048_224_sha224_bad_seed),
+ dsa_2048_224_sha224_counter);
+ if (!TEST_false(ossl_ffc_params_FIPS186_4_validate(NULL, ¶ms,
+ FFC_PARAM_TYPE_DSA,
+ &res, NULL)))
goto err;
if (!TEST_ptr(p = BN_bin2bn(dsa_3072_256_sha512_p,
goto err;
- ffc_params_set0_pqg(¶ms, p, q, NULL);
+ ossl_ffc_params_set0_pqg(¶ms, p, q, NULL);
p = q = NULL;
- ffc_params_set_validate_params(¶ms, dsa_3072_256_sha512_seed,
- sizeof(dsa_3072_256_sha512_seed),
- dsa_3072_256_sha512_counter);
+ ossl_ffc_set_digest(¶ms, "SHA512", NULL);
+ ossl_ffc_params_set_validate_params(¶ms, dsa_3072_256_sha512_seed,
+ sizeof(dsa_3072_256_sha512_seed),
+ dsa_3072_256_sha512_counter);
/* Q doesn't div P-1 */
- if (!TEST_false(ffc_params_FIPS186_4_validate(¶ms, FFC_PARAM_TYPE_DSA,
- EVP_sha512(),
- FFC_PARAMS_VALIDATE_PQ, &res,
- NULL)))
+ if (!TEST_false(ossl_ffc_params_FIPS186_4_validate(NULL, ¶ms,
+ FFC_PARAM_TYPE_DSA,
+ &res, NULL)))
goto err;
/* Bad L/N for FIPS DH */
- if (!TEST_false(ffc_params_FIPS186_4_validate(¶ms, FFC_PARAM_TYPE_DH,
- EVP_sha512(),
- FFC_PARAMS_VALIDATE_PQ, &res,
- NULL)))
+ if (!TEST_false(ossl_ffc_params_FIPS186_4_validate(NULL, ¶ms,
+ FFC_PARAM_TYPE_DH,
+ &res, NULL)))
goto err;
ret = 1;
err:
- ffc_params_cleanup(¶ms);
+ ossl_ffc_params_cleanup(¶ms);
BN_free(p);
BN_free(q);
return ret;
int ret = 0, res = -1;
FFC_PARAMS params;
- ffc_params_init(¶ms);
- if (!TEST_true(ffc_params_FIPS186_4_generate(NULL, ¶ms, FFC_PARAM_TYPE_DH,
- 2048, 256, NULL, &res, NULL)))
+ ossl_ffc_params_init(¶ms);
+ if (!TEST_true(ossl_ffc_params_FIPS186_4_generate(NULL, ¶ms,
+ FFC_PARAM_TYPE_DH,
+ 2048, 256, &res, NULL)))
goto err;
- if (!TEST_true(ffc_params_FIPS186_4_validate(¶ms, FFC_PARAM_TYPE_DH,
- NULL,
- FFC_PARAMS_VALIDATE_ALL, &res,
- NULL)))
+ if (!TEST_true(ossl_ffc_params_FIPS186_4_validate(NULL, ¶ms,
+ FFC_PARAM_TYPE_DH,
+ &res, NULL)))
goto err;
ret = 1;
err:
- ffc_params_cleanup(¶ms);
+ ossl_ffc_params_cleanup(¶ms);
return ret;
}
int ret = 0, res = -1;
FFC_PARAMS params;
- ffc_params_init(¶ms);
+ ossl_ffc_params_init(¶ms);
params.gindex = 1;
- if (!TEST_true(ffc_params_FIPS186_4_generate(NULL, ¶ms, FFC_PARAM_TYPE_DH,
- 2048, 256, NULL, &res, NULL)))
+ if (!TEST_true(ossl_ffc_params_FIPS186_4_generate(NULL, ¶ms,
+ FFC_PARAM_TYPE_DH,
+ 2048, 256, &res, NULL)))
goto err;
- if (!TEST_true(ffc_params_FIPS186_4_validate(¶ms, FFC_PARAM_TYPE_DH,
- NULL,
- FFC_PARAMS_VALIDATE_ALL, &res,
- NULL)))
+ if (!TEST_true(ossl_ffc_params_FIPS186_4_validate(NULL, ¶ms,
+ FFC_PARAM_TYPE_DH,
+ &res, NULL)))
goto err;
- if (!TEST_true(ffc_params_print(bio_out, ¶ms, 4)))
+ if (!TEST_true(ossl_ffc_params_print(bio_out, ¶ms, 4)))
goto err;
ret = 1;
err:
- ffc_params_cleanup(¶ms);
+ ossl_ffc_params_cleanup(¶ms);
return ret;
}
FFC_PARAMS params;
BIGNUM *bn = NULL;
- ffc_params_init(¶ms);
+ ossl_ffc_params_init(¶ms);
if (!TEST_ptr(bn = BN_new()))
goto err;
- if (!TEST_true(ffc_params_FIPS186_2_generate(NULL, ¶ms, FFC_PARAM_TYPE_DH,
- 1024, 160, NULL, &res, NULL)))
- goto err;
- if (!TEST_true(ffc_params_FIPS186_2_validate(¶ms, FFC_PARAM_TYPE_DH,
- NULL,
- FFC_PARAMS_VALIDATE_ALL, &res,
- NULL)))
+ if (!TEST_true(ossl_ffc_params_FIPS186_2_generate(NULL, ¶ms,
+ FFC_PARAM_TYPE_DH,
+ 1024, 160, &res, NULL)))
goto err;
- /* FIPS 186-4 L,N pair test will fail for DH */
- if (!TEST_false(ffc_params_FIPS186_4_validate(¶ms, FFC_PARAM_TYPE_DH,
- NULL,
- FFC_PARAMS_VALIDATE_ALL, &res,
- NULL)))
- goto err;
- if (!TEST_int_eq(res, FFC_CHECK_BAD_LN_PAIR))
+ if (!TEST_true(ossl_ffc_params_FIPS186_2_validate(NULL, ¶ms,
+ FFC_PARAM_TYPE_DH,
+ &res, NULL)))
goto err;
/*
* The fips186-2 generation should produce a different q compared to
* fips 186-4 given the same seed value. So validation of q will fail.
*/
- if (!TEST_false(ffc_params_FIPS186_4_validate(¶ms, FFC_PARAM_TYPE_DSA,
- NULL,
- FFC_PARAMS_VALIDATE_ALL, &res,
- NULL)))
+ if (!TEST_false(ossl_ffc_params_FIPS186_4_validate(NULL, ¶ms,
+ FFC_PARAM_TYPE_DSA,
+ &res, NULL)))
goto err;
/* As the params are randomly generated the error is one of the following */
if (!TEST_true(res == FFC_CHECK_Q_MISMATCH || res == FFC_CHECK_Q_NOT_PRIME))
goto err;
+ ossl_ffc_params_set_flags(¶ms, FFC_PARAM_FLAG_VALIDATE_G);
/* Partially valid g test will still pass */
- if (!TEST_int_eq(ffc_params_FIPS186_4_validate(¶ms, FFC_PARAM_TYPE_DSA,
- NULL,
- FFC_PARAMS_VALIDATE_G, &res,
- NULL), 2))
+ if (!TEST_int_eq(ossl_ffc_params_FIPS186_4_validate(NULL, ¶ms,
+ FFC_PARAM_TYPE_DSA,
+ &res, NULL), 2))
goto err;
- if (!TEST_true(ffc_params_print(bio_out, ¶ms, 4)))
+ if (!TEST_true(ossl_ffc_params_print(bio_out, ¶ms, 4)))
goto err;
ret = 1;
err:
BN_free(bn);
- ffc_params_cleanup(¶ms);
+ ossl_ffc_params_cleanup(¶ms);
return ret;
}
-extern FFC_PARAMS *dh_get0_params(DH *dh);
+extern FFC_PARAMS *ossl_dh_get0_params(DH *dh);
static int ffc_public_validate_test(void)
{
if (!TEST_ptr(dh = DH_new_by_nid(NID_ffdhe2048)))
goto err;
- params = dh_get0_params(dh);
+ params = ossl_dh_get0_params(dh);
if (!TEST_true(BN_set_word(pub, 1)))
goto err;
BN_set_negative(pub, 1);
/* Fail if public key is negative */
- if (!TEST_false(ffc_validate_public_key(params, pub, &res)))
+ if (!TEST_false(ossl_ffc_validate_public_key(params, pub, &res)))
goto err;
if (!TEST_int_eq(FFC_ERROR_PUBKEY_TOO_SMALL, res))
goto err;
if (!TEST_int_eq(FFC_ERROR_PUBKEY_TOO_SMALL, res))
goto err;
/* Fail if public key is zero */
- if (!TEST_false(ffc_validate_public_key(params, pub, &res)))
+ if (!TEST_false(ossl_ffc_validate_public_key(params, pub, &res)))
goto err;
if (!TEST_int_eq(FFC_ERROR_PUBKEY_TOO_SMALL, res))
goto err;
/* Fail if public key is 1 */
- if (!TEST_false(ffc_validate_public_key(params, BN_value_one(), &res)))
+ if (!TEST_false(ossl_ffc_validate_public_key(params, BN_value_one(), &res)))
goto err;
if (!TEST_int_eq(FFC_ERROR_PUBKEY_TOO_SMALL, res))
goto err;
if (!TEST_true(BN_add_word(pub, 2)))
goto err;
/* Pass if public key >= 2 */
- if (!TEST_true(ffc_validate_public_key(params, pub, &res)))
+ if (!TEST_true(ossl_ffc_validate_public_key(params, pub, &res)))
goto err;
if (!TEST_ptr(BN_copy(pub, params->p)))
goto err;
/* Fail if public key = p */
- if (!TEST_false(ffc_validate_public_key(params, pub, &res)))
+ if (!TEST_false(ossl_ffc_validate_public_key(params, pub, &res)))
goto err;
if (!TEST_int_eq(FFC_ERROR_PUBKEY_TOO_LARGE, res))
goto err;
if (!TEST_true(BN_sub_word(pub, 1)))
goto err;
/* Fail if public key = p - 1 */
- if (!TEST_false(ffc_validate_public_key(params, pub, &res)))
+ if (!TEST_false(ossl_ffc_validate_public_key(params, pub, &res)))
goto err;
if (!TEST_int_eq(FFC_ERROR_PUBKEY_TOO_LARGE, res))
goto err;
if (!TEST_true(BN_sub_word(pub, 1)))
goto err;
/* Fail if public key is not related to p & q */
- if (!TEST_false(ffc_validate_public_key(params, pub, &res)))
+ if (!TEST_false(ossl_ffc_validate_public_key(params, pub, &res)))
goto err;
if (!TEST_int_eq(FFC_ERROR_PUBKEY_INVALID, res))
goto err;
if (!TEST_true(BN_sub_word(pub, 5)))
goto err;
/* Pass if public key is valid */
- if (!TEST_true(ffc_validate_public_key(params, pub, &res)))
+ if (!TEST_true(ossl_ffc_validate_public_key(params, pub, &res)))
+ goto err;
+
+ /* Fail if params is NULL */
+ if (!TEST_false(ossl_ffc_validate_public_key(NULL, pub, &res)))
+ goto err;
+ if (!TEST_int_eq(FFC_ERROR_PASSED_NULL_PARAM, res))
+ goto err;
+ res = -1;
+ /* Fail if pubkey is NULL */
+ if (!TEST_false(ossl_ffc_validate_public_key(params, NULL, &res)))
+ goto err;
+ if (!TEST_int_eq(FFC_ERROR_PASSED_NULL_PARAM, res))
+ goto err;
+ res = -1;
+
+ BN_free(params->p);
+ params->p = NULL;
+ /* Fail if params->p is NULL */
+ if (!TEST_false(ossl_ffc_validate_public_key(params, pub, &res)))
+ goto err;
+ if (!TEST_int_eq(FFC_ERROR_PASSED_NULL_PARAM, res))
goto err;
ret = 1;
if (!TEST_ptr(dh = DH_new_by_nid(NID_ffdhe2048)))
goto err;
- params = dh_get0_params(dh);
+ params = ossl_dh_get0_params(dh);
if (!TEST_true(BN_set_word(priv, 1)))
goto err;
BN_set_negative(priv, 1);
/* Fail if priv key is negative */
- if (!TEST_false(ffc_validate_private_key(params->q, priv, &res)))
+ if (!TEST_false(ossl_ffc_validate_private_key(params->q, priv, &res)))
goto err;
if (!TEST_int_eq(FFC_ERROR_PRIVKEY_TOO_SMALL, res))
goto err;
if (!TEST_true(BN_set_word(priv, 0)))
goto err;
/* Fail if priv key is zero */
- if (!TEST_false(ffc_validate_private_key(params->q, priv, &res)))
+ if (!TEST_false(ossl_ffc_validate_private_key(params->q, priv, &res)))
goto err;
if (!TEST_int_eq(FFC_ERROR_PRIVKEY_TOO_SMALL, res))
goto err;
/* Pass if priv key >= 1 */
- if (!TEST_true(ffc_validate_private_key(params->q, BN_value_one(), &res)))
+ if (!TEST_true(ossl_ffc_validate_private_key(params->q, BN_value_one(),
+ &res)))
goto err;
if (!TEST_ptr(BN_copy(priv, params->q)))
goto err;
/* Fail if priv key = upper */
- if (!TEST_false(ffc_validate_private_key(params->q, priv, &res)))
+ if (!TEST_false(ossl_ffc_validate_private_key(params->q, priv, &res)))
goto err;
if (!TEST_int_eq(FFC_ERROR_PRIVKEY_TOO_LARGE, res))
goto err;
if (!TEST_true(BN_sub_word(priv, 1)))
goto err;
/* Pass if priv key <= upper - 1 */
- if (!TEST_true(ffc_validate_private_key(params->q, priv, &res)))
+ if (!TEST_true(ossl_ffc_validate_private_key(params->q, priv, &res)))
+ goto err;
+
+ if (!TEST_false(ossl_ffc_validate_private_key(NULL, priv, &res)))
+ goto err;
+ if (!TEST_int_eq(FFC_ERROR_PASSED_NULL_PARAM, res))
+ goto err;
+ res = -1;
+ if (!TEST_false(ossl_ffc_validate_private_key(params->q, NULL, &res)))
+ goto err;
+ if (!TEST_int_eq(FFC_ERROR_PASSED_NULL_PARAM, res))
goto err;
ret = 1;
if (!TEST_ptr(dh = DH_new_by_nid(NID_ffdhe2048)))
goto err;
- params = dh_get0_params(dh);
+ params = ossl_dh_get0_params(dh);
N = BN_num_bits(params->q);
/* Fail since N < 2*s - where s = 112*/
- if (!TEST_false(ffc_generate_private_key(ctx, params, 220, 112, priv)))
+ if (!TEST_false(ossl_ffc_generate_private_key(ctx, params, 220, 112, priv)))
goto err;
/* fail since N > len(q) */
- if (!TEST_false(ffc_generate_private_key(ctx, params, N + 1, 112, priv)))
+ if (!TEST_false(ossl_ffc_generate_private_key(ctx, params, N + 1, 112, priv)))
+ goto err;
+ /* s must be always set */
+ if (!TEST_false(ossl_ffc_generate_private_key(ctx, params, N, 0, priv)))
goto err;
/* pass since 2s <= N <= len(q) */
- if (!TEST_true(ffc_generate_private_key(ctx, params, N, 112, priv)))
+ if (!TEST_true(ossl_ffc_generate_private_key(ctx, params, N, 112, priv)))
goto err;
/* pass since N = len(q) */
- if (!TEST_true(ffc_validate_private_key(params->q, priv, &res)))
+ if (!TEST_true(ossl_ffc_validate_private_key(params->q, priv, &res)))
goto err;
/* pass since 2s <= N < len(q) */
- if (!TEST_true(ffc_generate_private_key(ctx, params, N / 2, 112, priv)))
+ if (!TEST_true(ossl_ffc_generate_private_key(ctx, params, N / 2, 112, priv)))
goto err;
- if (!TEST_true(ffc_validate_private_key(params->q, priv, &res)))
+ if (!TEST_true(ossl_ffc_validate_private_key(params->q, priv, &res)))
goto err;
-
- /* N and s are ignored in this case */
- if (!TEST_true(ffc_generate_private_key(ctx, params, 0, 0, priv)))
+ /* N is ignored in this case */
+ if (!TEST_true(ossl_ffc_generate_private_key(ctx, params, 0,
+ ossl_ifc_ffc_compute_security_bits(BN_num_bits(params->p)),
+ priv)))
goto err;
- if (!TEST_true(ffc_validate_private_key(params->q, priv, &res)))
+ if (!TEST_int_le(BN_num_bits(priv), 225))
+ goto err;
+ if (!TEST_true(ossl_ffc_validate_private_key(params->q, priv, &res)))
goto err;
ret = 1;
BN_CTX_free(ctx);
return ret;
}
+
+static int ffc_params_copy_test(void)
+{
+ int ret = 0;
+ DH *dh = NULL;
+ FFC_PARAMS *params, copy;
+
+ ossl_ffc_params_init(©);
+
+ if (!TEST_ptr(dh = DH_new_by_nid(NID_ffdhe3072)))
+ goto err;
+ params = ossl_dh_get0_params(dh);
+
+ if (!TEST_int_eq(params->keylength, 275))
+ goto err;
+
+ if (!TEST_true(ossl_ffc_params_copy(©, params)))
+ goto err;
+
+ if (!TEST_int_eq(copy.keylength, 275))
+ goto err;
+
+ if (!TEST_true(ossl_ffc_params_cmp(©, params, 0)))
+ goto err;
+
+ ret = 1;
+err:
+ ossl_ffc_params_cleanup(©);
+ DH_free(dh);
+ return ret;
+}
#endif /* OPENSSL_NO_DH */
int setup_tests(void)
ADD_TEST(ffc_public_validate_test);
ADD_TEST(ffc_private_validate_test);
ADD_ALL_TESTS(ffc_private_gen_test, 10);
+ ADD_TEST(ffc_params_copy_test);
#endif /* OPENSSL_NO_DH */
return 1;
}