1299118Sbr/* 2299118Sbr * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. 3299118Sbr * Copyright (c) 2019-2020, Oracle and/or its affiliates. All rights reserved. 4299118Sbr * 5299118Sbr * Licensed under the Apache License 2.0 (the "License"). You may not use 6299118Sbr * this file except in compliance with the License. You can obtain a copy 7299118Sbr * in the file LICENSE in the source distribution or at 8299118Sbr * https://www.openssl.org/source/license.html 9299118Sbr */ 10299118Sbr 11299118Sbr/* 12299118Sbr * This is an internal test that is intentionally using internal APIs. Some of 13299118Sbr * those APIs are deprecated for public use. 14299118Sbr */ 15299118Sbr#include "internal/deprecated.h" 16299118Sbr 17299118Sbr#include <stdio.h> 18299118Sbr#include <stdlib.h> 19299118Sbr#include <string.h> 20299118Sbr 21299118Sbr#include "internal/nelem.h" 22299118Sbr#include <openssl/crypto.h> 23299118Sbr#include <openssl/bio.h> 24299118Sbr#include <openssl/bn.h> 25299118Sbr#include <openssl/rand.h> 26299118Sbr#include <openssl/err.h> 27299118Sbr#include "testutil.h" 28299118Sbr 29299118Sbr#include "internal/ffc.h" 30299118Sbr#include "crypto/security_bits.h" 31299118Sbr 32299118Sbr#ifndef OPENSSL_NO_DSA 33299118Sbrstatic const unsigned char dsa_2048_224_sha224_p[] = { 34299118Sbr 0x93, 0x57, 0x93, 0x62, 0x1b, 0x9a, 0x10, 0x9b, 0xc1, 0x56, 0x0f, 0x24, 35299118Sbr 0x71, 0x76, 0x4e, 0xd3, 0xed, 0x78, 0x78, 0x7a, 0xbf, 0x89, 0x71, 0x67, 36299118Sbr 0x8e, 0x03, 0xd8, 0x5b, 0xcd, 0x22, 0x8f, 0x70, 0x74, 0xff, 0x22, 0x05, 37299118Sbr 0x07, 0x0c, 0x4c, 0x60, 0xed, 0x41, 0xe1, 0x9e, 0x9c, 0xaa, 0x3e, 0x19, 38299118Sbr 0x5c, 0x3d, 0x80, 0x58, 0xb2, 0x7f, 0x5f, 0x89, 0xec, 0xb5, 0x19, 0xdb, 39299118Sbr 0x06, 0x11, 0xe9, 0x78, 0x5c, 0xf9, 0xa0, 0x9e, 0x70, 0x62, 0x14, 0x7b, 40299118Sbr 0xda, 0x92, 0xbf, 0xb2, 0x6b, 0x01, 0x6f, 0xb8, 0x68, 0x9c, 0x89, 0x36, 41299118Sbr 0x89, 0x72, 0x79, 0x49, 0x93, 0x3d, 0x14, 0xb2, 0x2d, 0xbb, 0xf0, 0xdf, 42299118Sbr 0x94, 0x45, 0x0b, 0x5f, 0xf1, 0x75, 0x37, 0xeb, 0x49, 0xb9, 0x2d, 0xce, 43299118Sbr 0xb7, 0xf4, 0x95, 0x77, 0xc2, 0xe9, 0x39, 0x1c, 0x4e, 0x0c, 0x40, 0x62, 44299118Sbr 0x33, 0x0a, 0xe6, 0x29, 0x6f, 0xba, 0xef, 0x02, 0xdd, 0x0d, 0xe4, 0x04, 45299118Sbr 0x01, 0x70, 0x40, 0xb9, 0xc9, 0x7e, 0x2f, 0x10, 0x37, 0xe9, 0xde, 0xb0, 46299118Sbr 0xf6, 0xeb, 0x71, 0x7f, 0x9c, 0x35, 0x16, 0xf3, 0x0d, 0xc4, 0xe8, 0x02, 47299118Sbr 0x37, 0x6c, 0xdd, 0xb3, 0x8d, 0x2d, 0x1e, 0x28, 0x13, 0x22, 0x89, 0x40, 48299118Sbr 0xe5, 0xfa, 0x16, 0x67, 0xd6, 0xda, 0x12, 0xa2, 0x38, 0x83, 0x25, 0xcc, 49299118Sbr 0x26, 0xc1, 0x27, 0x74, 0xfe, 0xf6, 0x7a, 0xb6, 0xa1, 0xe4, 0xe8, 0xdf, 50299118Sbr 0x5d, 0xd2, 0x9c, 0x2f, 0xec, 0xea, 0x08, 0xca, 0x48, 0xdb, 0x18, 0x4b, 51299118Sbr 0x12, 0xee, 0x16, 0x9b, 0xa6, 0x00, 0xa0, 0x18, 0x98, 0x7d, 0xce, 0x6c, 52299118Sbr 0x6d, 0xf8, 0xfc, 0x95, 0x51, 0x1b, 0x0a, 0x40, 0xb6, 0xfc, 0xe5, 0xe2, 53299118Sbr 0xb0, 0x26, 0x53, 0x4c, 0xd7, 0xfe, 0xaa, 0x6d, 0xbc, 0xdd, 0xc0, 0x61, 54299118Sbr 0x65, 0xe4, 0x89, 0x44, 0x18, 0x6f, 0xd5, 0x39, 0xcf, 0x75, 0x6d, 0x29, 55299118Sbr 0xcc, 0xf8, 0x40, 0xab 56299118Sbr}; 57299118Sbrstatic const unsigned char dsa_2048_224_sha224_q[] = { 58299118Sbr 0xf2, 0x5e, 0x4e, 0x9a, 0x15, 0xa8, 0x13, 0xdf, 0xa3, 0x17, 0x90, 0xc6, 59299118Sbr 0xd6, 0x5e, 0xb1, 0xfb, 0x31, 0xf8, 0xb5, 0xb1, 0x4b, 0xa7, 0x6d, 0xde, 60299118Sbr 0x57, 0x76, 0x6f, 0x11 61299118Sbr}; 62299118Sbrstatic const unsigned char dsa_2048_224_sha224_seed[] = { 63299118Sbr 0xd2, 0xb1, 0x36, 0xd8, 0x5b, 0x8e, 0xa4, 0xb2, 0x6a, 0xab, 0x4e, 0x85, 64299118Sbr 0x8b, 0x49, 0xf9, 0xdd, 0xe6, 0xa1, 0xcd, 0xad, 0x49, 0x52, 0xe9, 0xb3, 65299118Sbr 0x36, 0x17, 0x06, 0xcf 66299118Sbr}; 67299118Sbrstatic const unsigned char dsa_2048_224_sha224_bad_seed[] = { 68299118Sbr 0xd2, 0xb1, 0x36, 0xd8, 0x5b, 0x8e, 0xa4, 0xb2, 0x6a, 0xab, 0x4e, 0x85, 69299118Sbr 0x8b, 0x49, 0xf9, 0xdd, 0xe6, 0xa1, 0xcd, 0xad, 0x49, 0x52, 0xe9, 0xb3, 70299118Sbr 0x36, 0x17, 0x06, 0xd0 71299118Sbr}; 72299118Sbrstatic int dsa_2048_224_sha224_counter = 2878; 73299118Sbr 74299118Sbrstatic const unsigned char dsa_3072_256_sha512_p[] = { 75299118Sbr 0x9a, 0x82, 0x8b, 0x8d, 0xea, 0xd0, 0x56, 0x23, 0x88, 0x2d, 0x5d, 0x41, 76299118Sbr 0x42, 0x4c, 0x13, 0x5a, 0x15, 0x81, 0x59, 0x02, 0xc5, 0x00, 0x82, 0x28, 77299118Sbr 0x01, 0xee, 0x8f, 0x99, 0xfd, 0x6a, 0x95, 0xf2, 0x0f, 0xae, 0x34, 0x77, 78299118Sbr 0x29, 0xcc, 0xc7, 0x50, 0x0e, 0x03, 0xef, 0xb0, 0x4d, 0xe5, 0x10, 0x00, 79299118Sbr 0xa8, 0x7b, 0xce, 0x8c, 0xc6, 0xb2, 0x01, 0x74, 0x23, 0x1b, 0x7f, 0xe8, 80299118Sbr 0xf9, 0x71, 0x28, 0x39, 0xcf, 0x18, 0x04, 0xb2, 0x95, 0x61, 0x2d, 0x11, 81299118Sbr 0x71, 0x6b, 0xdd, 0x0d, 0x0b, 0xf0, 0xe6, 0x97, 0x52, 0x29, 0x9d, 0x45, 82299118Sbr 0xb1, 0x23, 0xda, 0xb0, 0xd5, 0xcb, 0x51, 0x71, 0x8e, 0x40, 0x9c, 0x97, 83299118Sbr 0x13, 0xea, 0x1f, 0x4b, 0x32, 0x5d, 0x27, 0x74, 0x81, 0x8d, 0x47, 0x8a, 84299118Sbr 0x08, 0xce, 0xf4, 0xd1, 0x28, 0xa2, 0x0f, 0x9b, 0x2e, 0xc9, 0xa3, 0x0e, 85299118Sbr 0x5d, 0xde, 0x47, 0x19, 0x6d, 0x5f, 0x98, 0xe0, 0x8e, 0x7f, 0x60, 0x8f, 86299118Sbr 0x25, 0xa7, 0xa4, 0xeb, 0xb9, 0xf3, 0x24, 0xa4, 0x9e, 0xc1, 0xbd, 0x14, 87299118Sbr 0x27, 0x7c, 0x27, 0xc8, 0x4f, 0x5f, 0xed, 0xfd, 0x86, 0xc8, 0xf1, 0xd7, 88299118Sbr 0x82, 0xe2, 0xeb, 0xe5, 0xd2, 0xbe, 0xb0, 0x65, 0x28, 0xab, 0x99, 0x9e, 89299118Sbr 0xcd, 0xd5, 0x22, 0xf8, 0x1b, 0x3b, 0x01, 0xe9, 0x20, 0x3d, 0xe4, 0x98, 90299118Sbr 0x22, 0xfe, 0xfc, 0x09, 0x7e, 0x95, 0x20, 0xda, 0xb6, 0x12, 0x2c, 0x94, 91299118Sbr 0x5c, 0xea, 0x74, 0x71, 0xbd, 0x19, 0xac, 0x78, 0x43, 0x02, 0x51, 0xb8, 92299118Sbr 0x5f, 0x06, 0x1d, 0xea, 0xc8, 0xa4, 0x3b, 0xc9, 0x78, 0xa3, 0x2b, 0x09, 93299118Sbr 0xdc, 0x76, 0x74, 0xc4, 0x23, 0x14, 0x48, 0x2e, 0x84, 0x2b, 0xa3, 0x82, 94299118Sbr 0xc1, 0xba, 0x0b, 0x39, 0x2a, 0x9f, 0x24, 0x7b, 0xd6, 0xc2, 0xea, 0x5a, 95299118Sbr 0xb6, 0xbd, 0x15, 0x82, 0x21, 0x85, 0xe0, 0x6b, 0x12, 0x4f, 0x8d, 0x64, 96299118Sbr 0x75, 0xeb, 0x7e, 0xa1, 0xdb, 0xe0, 0x9d, 0x25, 0xae, 0x3b, 0xe9, 0x9b, 97299118Sbr 0x21, 0x7f, 0x9a, 0x3d, 0x66, 0xd0, 0x52, 0x1d, 0x39, 0x8b, 0xeb, 0xfc, 98299118Sbr 0xec, 0xbe, 0x72, 0x20, 0x5a, 0xdf, 0x1b, 0x00, 0xf1, 0x0e, 0xed, 0xc6, 99299118Sbr 0x78, 0x6f, 0xc9, 0xab, 0xe4, 0xd6, 0x81, 0x8b, 0xcc, 0xf6, 0xd4, 0x6a, 100299118Sbr 0x31, 0x62, 0x08, 0xd9, 0x38, 0x21, 0x8f, 0xda, 0x9e, 0xb1, 0x2b, 0x9c, 101299118Sbr 0xc0, 0xbe, 0xf7, 0x9a, 0x43, 0x2d, 0x07, 0x59, 0x46, 0x0e, 0xd5, 0x23, 102299118Sbr 0x4e, 0xaa, 0x4a, 0x04, 0xc2, 0xde, 0x33, 0xa6, 0x34, 0xba, 0xac, 0x4f, 103299118Sbr 0x78, 0xd8, 0xca, 0x76, 0xce, 0x5e, 0xd4, 0xf6, 0x85, 0x4c, 0x6a, 0x60, 104299118Sbr 0x08, 0x5d, 0x0e, 0x34, 0x8b, 0xf2, 0xb6, 0xe3, 0xb7, 0x51, 0xca, 0x43, 105299118Sbr 0xaa, 0x68, 0x7b, 0x0a, 0x6e, 0xea, 0xce, 0x1e, 0x2c, 0x34, 0x8e, 0x0f, 106299118Sbr 0xe2, 0xcc, 0x38, 0xf2, 0x9a, 0x98, 0xef, 0xe6, 0x7f, 0xf6, 0x62, 0xbb 107299118Sbr}; 108299118Sbrstatic const unsigned char dsa_3072_256_sha512_q[] = { 109299118Sbr 0xc1, 0xdb, 0xc1, 0x21, 0x50, 0x49, 0x63, 0xa3, 0x77, 0x6d, 0x4c, 0x92, 110299118Sbr 0xed, 0x58, 0x9e, 0x98, 0xea, 0xac, 0x7a, 0x90, 0x13, 0x24, 0xf7, 0xcd, 111299118Sbr 0xd7, 0xe6, 0xd4, 0x8f, 0xf0, 0x45, 0x4b, 0xf7 112299118Sbr}; 113299118Sbrstatic const unsigned char dsa_3072_256_sha512_seed[] = { 114299118Sbr 0x35, 0x24, 0xb5, 0x59, 0xd5, 0x27, 0x58, 0x10, 0xf6, 0xa2, 0x7c, 0x9a, 115299118Sbr 0x0d, 0xc2, 0x70, 0x8a, 0xb0, 0x41, 0x4a, 0x84, 0x0b, 0xfe, 0x66, 0xf5, 116299118Sbr 0x3a, 0xbf, 0x4a, 0xa9, 0xcb, 0xfc, 0xa6, 0x22 117299118Sbr}; 118299118Sbrstatic int dsa_3072_256_sha512_counter = 1604; 119299118Sbr 120299118Sbrstatic const unsigned char dsa_2048_224_sha256_p[] = { 121299118Sbr 0xe9, 0x13, 0xbc, 0xf2, 0x14, 0x5d, 0xf9, 0x79, 0xd6, 0x6d, 0xf5, 0xc5, 122299118Sbr 0xbe, 0x7b, 0x6f, 0x90, 0x63, 0xd0, 0xfd, 0xee, 0x4f, 0xc4, 0x65, 0x83, 123299118Sbr 0xbf, 0xec, 0xc3, 0x2c, 0x5d, 0x30, 0xc8, 0xa4, 0x3b, 0x2f, 0x3b, 0x29, 124299118Sbr 0x43, 0x69, 0xfb, 0x6e, 0xa9, 0xa4, 0x07, 0x6c, 0xcd, 0xb0, 0xd2, 0xd9, 125299118Sbr 0xd3, 0xe6, 0xf4, 0x87, 0x16, 0xb7, 0xe5, 0x06, 0xb9, 0xba, 0xd6, 0x87, 126299118Sbr 0xbc, 0x01, 0x9e, 0xba, 0xc2, 0xcf, 0x39, 0xb6, 0xec, 0xdc, 0x75, 0x07, 127299118Sbr 0xc1, 0x39, 0x2d, 0x6a, 0x95, 0x31, 0x97, 0xda, 0x54, 0x20, 0x29, 0xe0, 128299118Sbr 0x1b, 0xf9, 0x74, 0x65, 0xaa, 0xc1, 0x47, 0xd3, 0x9e, 0xb4, 0x3c, 0x1d, 129299118Sbr 0xe0, 0xdc, 0x2d, 0x21, 0xab, 0x12, 0x3b, 0xa5, 0x51, 0x1e, 0xc6, 0xbc, 130299118Sbr 0x6b, 0x4c, 0x22, 0xd1, 0x7c, 0xc6, 0xce, 0xcb, 0x8c, 0x1d, 0x1f, 0xce, 131299118Sbr 0x1c, 0xe2, 0x75, 0x49, 0x6d, 0x2c, 0xee, 0x7f, 0x5f, 0xb8, 0x74, 0x42, 132299118Sbr 0x5c, 0x96, 0x77, 0x13, 0xff, 0x80, 0xf3, 0x05, 0xc7, 0xfe, 0x08, 0x3b, 133299118Sbr 0x25, 0x36, 0x46, 0xa2, 0xc4, 0x26, 0xb4, 0xb0, 0x3b, 0xd5, 0xb2, 0x4c, 134299118Sbr 0x13, 0x29, 0x0e, 0x47, 0x31, 0x66, 0x7d, 0x78, 0x57, 0xe6, 0xc2, 0xb5, 135299118Sbr 0x9f, 0x46, 0x17, 0xbc, 0xa9, 0x9a, 0x49, 0x1c, 0x0f, 0x45, 0xe0, 0x88, 136299118Sbr 0x97, 0xa1, 0x30, 0x7c, 0x42, 0xb7, 0x2c, 0x0a, 0xce, 0xb3, 0xa5, 0x7a, 137299118Sbr 0x61, 0x8e, 0xab, 0x44, 0xc1, 0xdc, 0x70, 0xe5, 0xda, 0x78, 0x2a, 0xb4, 138299118Sbr 0xe6, 0x3c, 0xa0, 0x58, 0xda, 0x62, 0x0a, 0xb2, 0xa9, 0x3d, 0xaa, 0x49, 139299118Sbr 0x7e, 0x7f, 0x9a, 0x19, 0x67, 0xee, 0xd6, 0xe3, 0x67, 0x13, 0xe8, 0x6f, 140299118Sbr 0x79, 0x50, 0x76, 0xfc, 0xb3, 0x9d, 0x7e, 0x9e, 0x3e, 0x6e, 0x47, 0xb1, 141299118Sbr 0x11, 0x5e, 0xc8, 0x83, 0x3a, 0x3c, 0xfc, 0x82, 0x5c, 0x9d, 0x34, 0x65, 142299118Sbr 0x73, 0xb4, 0x56, 0xd5 143299118Sbr}; 144299118Sbrstatic const unsigned char dsa_2048_224_sha256_q[] = { 145299118Sbr 0xb0, 0xdf, 0xa1, 0x7b, 0xa4, 0x77, 0x64, 0x0e, 0xb9, 0x28, 0xbb, 0xbc, 146299118Sbr 0xd4, 0x60, 0x02, 0xaf, 0x21, 0x8c, 0xb0, 0x69, 0x0f, 0x8a, 0x7b, 0xc6, 147299118Sbr 0x80, 0xcb, 0x0a, 0x45 148299118Sbr}; 149299118Sbrstatic const unsigned char dsa_2048_224_sha256_g[] = { 150299118Sbr 0x11, 0x7c, 0x5f, 0xf6, 0x99, 0x44, 0x67, 0x5b, 0x69, 0xa3, 0x83, 0xef, 151299118Sbr 0xb5, 0x85, 0xa2, 0x19, 0x35, 0x18, 0x2a, 0xf2, 0x58, 0xf4, 0xc9, 0x58, 152299118Sbr 0x9e, 0xb9, 0xe8, 0x91, 0x17, 0x2f, 0xb0, 0x60, 0x85, 0x95, 0xa6, 0x62, 153299118Sbr 0x36, 0xd0, 0xff, 0x94, 0xb9, 0xa6, 0x50, 0xad, 0xa6, 0xf6, 0x04, 0x28, 154299118Sbr 0xc2, 0xc9, 0xb9, 0x75, 0xf3, 0x66, 0xb4, 0xeb, 0xf6, 0xd5, 0x06, 0x13, 155299118Sbr 0x01, 0x64, 0x82, 0xa9, 0xf1, 0xd5, 0x41, 0xdc, 0xf2, 0x08, 0xfc, 0x2f, 156299118Sbr 0xc4, 0xa1, 0x21, 0xee, 0x7d, 0xbc, 0xda, 0x5a, 0xa4, 0xa2, 0xb9, 0x68, 157299118Sbr 0x87, 0x36, 0xba, 0x53, 0x9e, 0x14, 0x4e, 0x76, 0x5c, 0xba, 0x79, 0x3d, 158299118Sbr 0x0f, 0xe5, 0x99, 0x1c, 0x27, 0xfc, 0xaf, 0x10, 0x63, 0x87, 0x68, 0x0e, 159299118Sbr 0x3e, 0x6e, 0xaa, 0xf3, 0xdf, 0x76, 0x7e, 0x02, 0x9a, 0x41, 0x96, 0xa1, 160299118Sbr 0x6c, 0xbb, 0x67, 0xee, 0x0c, 0xad, 0x72, 0x65, 0xf1, 0x70, 0xb0, 0x39, 161299118Sbr 0x9b, 0x54, 0x5f, 0xd7, 0x6c, 0xc5, 0x9a, 0x90, 0x53, 0x18, 0xde, 0x5e, 162299118Sbr 0x62, 0x89, 0xb9, 0x2f, 0x66, 0x59, 0x3a, 0x3d, 0x10, 0xeb, 0xa5, 0x99, 163299118Sbr 0xf6, 0x21, 0x7d, 0xf2, 0x7b, 0x42, 0x15, 0x1c, 0x55, 0x79, 0x15, 0xaa, 164299118Sbr 0xa4, 0x17, 0x2e, 0x48, 0xc3, 0xa8, 0x36, 0xf5, 0x1a, 0x97, 0xce, 0xbd, 165 0x72, 0xef, 0x1d, 0x50, 0x5b, 0xb1, 0x60, 0x0a, 0x5c, 0x0b, 0xa6, 0x21, 166 0x38, 0x28, 0x4e, 0x89, 0x33, 0x1d, 0xb5, 0x7e, 0x5c, 0xf1, 0x6b, 0x2c, 167 0xbd, 0xad, 0x84, 0xb2, 0x8e, 0x96, 0xe2, 0x30, 0xe7, 0x54, 0xb8, 0xc9, 168 0x70, 0xcb, 0x10, 0x30, 0x63, 0x90, 0xf4, 0x45, 0x64, 0x93, 0x09, 0x38, 169 0x6a, 0x47, 0x58, 0x31, 0x04, 0x1a, 0x18, 0x04, 0x1a, 0xe0, 0xd7, 0x0b, 170 0x3c, 0xbe, 0x2a, 0x9c, 0xec, 0xcc, 0x0d, 0x0c, 0xed, 0xde, 0x54, 0xbc, 171 0xe6, 0x93, 0x59, 0xfc 172}; 173 174static int ffc_params_validate_g_unverified_test(void) 175{ 176 int ret = 0, res; 177 FFC_PARAMS params; 178 BIGNUM *p = NULL, *q = NULL, *g = NULL; 179 BIGNUM *p1 = NULL, *g1 = NULL; 180 181 ossl_ffc_params_init(¶ms); 182 183 if (!TEST_ptr(p = BN_bin2bn(dsa_2048_224_sha256_p, 184 sizeof(dsa_2048_224_sha256_p), NULL))) 185 goto err; 186 p1 = p; 187 if (!TEST_ptr(q = BN_bin2bn(dsa_2048_224_sha256_q, 188 sizeof(dsa_2048_224_sha256_q), NULL))) 189 goto err; 190 if (!TEST_ptr(g = BN_bin2bn(dsa_2048_224_sha256_g, 191 sizeof(dsa_2048_224_sha256_g), NULL))) 192 goto err; 193 g1 = g; 194 195 /* Fail if g is NULL */ 196 ossl_ffc_params_set0_pqg(¶ms, p, q, NULL); 197 p = NULL; 198 q = NULL; 199 ossl_ffc_params_set_flags(¶ms, FFC_PARAM_FLAG_VALIDATE_G); 200 ossl_ffc_set_digest(¶ms, "SHA256", NULL); 201 202 if (!TEST_false(ossl_ffc_params_FIPS186_4_validate(NULL, ¶ms, 203 FFC_PARAM_TYPE_DSA, 204 &res, NULL))) 205 goto err; 206 207 ossl_ffc_params_set0_pqg(¶ms, p, q, g); 208 g = NULL; 209 if (!TEST_true(ossl_ffc_params_FIPS186_4_validate(NULL, ¶ms, 210 FFC_PARAM_TYPE_DSA, 211 &res, NULL))) 212 goto err; 213 214 /* incorrect g */ 215 BN_add_word(g1, 1); 216 if (!TEST_false(ossl_ffc_params_FIPS186_4_validate(NULL, ¶ms, 217 FFC_PARAM_TYPE_DSA, 218 &res, NULL))) 219 goto err; 220 221 /* fail if g < 2 */ 222 BN_set_word(g1, 1); 223 if (!TEST_false(ossl_ffc_params_FIPS186_4_validate(NULL, ¶ms, 224 FFC_PARAM_TYPE_DSA, 225 &res, NULL))) 226 goto err; 227 228 BN_copy(g1, p1); 229 /* Fail if g >= p */ 230 if (!TEST_false(ossl_ffc_params_FIPS186_4_validate(NULL, ¶ms, 231 FFC_PARAM_TYPE_DSA, 232 &res, NULL))) 233 goto err; 234 235 ret = 1; 236err: 237 ossl_ffc_params_cleanup(¶ms); 238 BN_free(p); 239 BN_free(q); 240 BN_free(g); 241 return ret; 242} 243 244static int ffc_params_validate_pq_test(void) 245{ 246 int ret = 0, res = -1; 247 FFC_PARAMS params; 248 BIGNUM *p = NULL, *q = NULL; 249 250 ossl_ffc_params_init(¶ms); 251 if (!TEST_ptr(p = BN_bin2bn(dsa_2048_224_sha224_p, 252 sizeof(dsa_2048_224_sha224_p), 253 NULL))) 254 goto err; 255 if (!TEST_ptr(q = BN_bin2bn(dsa_2048_224_sha224_q, 256 sizeof(dsa_2048_224_sha224_q), 257 NULL))) 258 goto err; 259 260 /* No p */ 261 ossl_ffc_params_set0_pqg(¶ms, NULL, q, NULL); 262 q = NULL; 263 ossl_ffc_params_set_flags(¶ms, FFC_PARAM_FLAG_VALIDATE_PQ); 264 ossl_ffc_set_digest(¶ms, "SHA224", NULL); 265 266 if (!TEST_false(ossl_ffc_params_FIPS186_4_validate(NULL, ¶ms, 267 FFC_PARAM_TYPE_DSA, 268 &res, NULL))) 269 goto err; 270 271 /* Test valid case */ 272 ossl_ffc_params_set0_pqg(¶ms, p, NULL, NULL); 273 p = NULL; 274 ossl_ffc_params_set_validate_params(¶ms, dsa_2048_224_sha224_seed, 275 sizeof(dsa_2048_224_sha224_seed), 276 dsa_2048_224_sha224_counter); 277 if (!TEST_true(ossl_ffc_params_FIPS186_4_validate(NULL, ¶ms, 278 FFC_PARAM_TYPE_DSA, 279 &res, NULL))) 280 goto err; 281 282 /* Bad counter - so p is not prime */ 283 ossl_ffc_params_set_validate_params(¶ms, dsa_2048_224_sha224_seed, 284 sizeof(dsa_2048_224_sha224_seed), 285 1); 286 if (!TEST_false(ossl_ffc_params_FIPS186_4_validate(NULL, ¶ms, 287 FFC_PARAM_TYPE_DSA, 288 &res, NULL))) 289 goto err; 290 291 /* seedlen smaller than N */ 292 ossl_ffc_params_set_validate_params(¶ms, dsa_2048_224_sha224_seed, 293 sizeof(dsa_2048_224_sha224_seed)-1, 294 dsa_2048_224_sha224_counter); 295 if (!TEST_false(ossl_ffc_params_FIPS186_4_validate(NULL, ¶ms, 296 FFC_PARAM_TYPE_DSA, 297 &res, NULL))) 298 goto err; 299 300 /* Provided seed doesnt produce a valid prime q */ 301 ossl_ffc_params_set_validate_params(¶ms, dsa_2048_224_sha224_bad_seed, 302 sizeof(dsa_2048_224_sha224_bad_seed), 303 dsa_2048_224_sha224_counter); 304 if (!TEST_false(ossl_ffc_params_FIPS186_4_validate(NULL, ¶ms, 305 FFC_PARAM_TYPE_DSA, 306 &res, NULL))) 307 goto err; 308 309 if (!TEST_ptr(p = BN_bin2bn(dsa_3072_256_sha512_p, 310 sizeof(dsa_3072_256_sha512_p), NULL))) 311 goto err; 312 if (!TEST_ptr(q = BN_bin2bn(dsa_3072_256_sha512_q, 313 sizeof(dsa_3072_256_sha512_q), 314 NULL))) 315 goto err; 316 317 318 ossl_ffc_params_set0_pqg(¶ms, p, q, NULL); 319 p = q = NULL; 320 ossl_ffc_set_digest(¶ms, "SHA512", NULL); 321 ossl_ffc_params_set_validate_params(¶ms, dsa_3072_256_sha512_seed, 322 sizeof(dsa_3072_256_sha512_seed), 323 dsa_3072_256_sha512_counter); 324 /* Q doesn't div P-1 */ 325 if (!TEST_false(ossl_ffc_params_FIPS186_4_validate(NULL, ¶ms, 326 FFC_PARAM_TYPE_DSA, 327 &res, NULL))) 328 goto err; 329 330 /* Bad L/N for FIPS DH */ 331 if (!TEST_false(ossl_ffc_params_FIPS186_4_validate(NULL, ¶ms, 332 FFC_PARAM_TYPE_DH, 333 &res, NULL))) 334 goto err; 335 336 ret = 1; 337err: 338 ossl_ffc_params_cleanup(¶ms); 339 BN_free(p); 340 BN_free(q); 341 return ret; 342} 343#endif /* OPENSSL_NO_DSA */ 344 345#ifndef OPENSSL_NO_DH 346static int ffc_params_gen_test(void) 347{ 348 int ret = 0, res = -1; 349 FFC_PARAMS params; 350 351 ossl_ffc_params_init(¶ms); 352 if (!TEST_true(ossl_ffc_params_FIPS186_4_generate(NULL, ¶ms, 353 FFC_PARAM_TYPE_DH, 354 2048, 256, &res, NULL))) 355 goto err; 356 if (!TEST_true(ossl_ffc_params_FIPS186_4_validate(NULL, ¶ms, 357 FFC_PARAM_TYPE_DH, 358 &res, NULL))) 359 goto err; 360 361 ret = 1; 362err: 363 ossl_ffc_params_cleanup(¶ms); 364 return ret; 365} 366 367static int ffc_params_gen_canonicalg_test(void) 368{ 369 int ret = 0, res = -1; 370 FFC_PARAMS params; 371 372 ossl_ffc_params_init(¶ms); 373 params.gindex = 1; 374 if (!TEST_true(ossl_ffc_params_FIPS186_4_generate(NULL, ¶ms, 375 FFC_PARAM_TYPE_DH, 376 2048, 256, &res, NULL))) 377 goto err; 378 if (!TEST_true(ossl_ffc_params_FIPS186_4_validate(NULL, ¶ms, 379 FFC_PARAM_TYPE_DH, 380 &res, NULL))) 381 goto err; 382 383 if (!TEST_true(ossl_ffc_params_print(bio_out, ¶ms, 4))) 384 goto err; 385 386 ret = 1; 387err: 388 ossl_ffc_params_cleanup(¶ms); 389 return ret; 390} 391 392static int ffc_params_fips186_2_gen_validate_test(void) 393{ 394 int ret = 0, res = -1; 395 FFC_PARAMS params; 396 BIGNUM *bn = NULL; 397 398 ossl_ffc_params_init(¶ms); 399 if (!TEST_ptr(bn = BN_new())) 400 goto err; 401 if (!TEST_true(ossl_ffc_params_FIPS186_2_generate(NULL, ¶ms, 402 FFC_PARAM_TYPE_DH, 403 1024, 160, &res, NULL))) 404 goto err; 405 if (!TEST_true(ossl_ffc_params_FIPS186_2_validate(NULL, ¶ms, 406 FFC_PARAM_TYPE_DH, 407 &res, NULL))) 408 goto err; 409 410 /* 411 * The fips186-2 generation should produce a different q compared to 412 * fips 186-4 given the same seed value. So validation of q will fail. 413 */ 414 if (!TEST_false(ossl_ffc_params_FIPS186_4_validate(NULL, ¶ms, 415 FFC_PARAM_TYPE_DSA, 416 &res, NULL))) 417 goto err; 418 /* As the params are randomly generated the error is one of the following */ 419 if (!TEST_true(res == FFC_CHECK_Q_MISMATCH || res == FFC_CHECK_Q_NOT_PRIME)) 420 goto err; 421 422 ossl_ffc_params_set_flags(¶ms, FFC_PARAM_FLAG_VALIDATE_G); 423 /* Partially valid g test will still pass */ 424 if (!TEST_int_eq(ossl_ffc_params_FIPS186_4_validate(NULL, ¶ms, 425 FFC_PARAM_TYPE_DSA, 426 &res, NULL), 2)) 427 goto err; 428 429 if (!TEST_true(ossl_ffc_params_print(bio_out, ¶ms, 4))) 430 goto err; 431 432 ret = 1; 433err: 434 BN_free(bn); 435 ossl_ffc_params_cleanup(¶ms); 436 return ret; 437} 438 439extern FFC_PARAMS *ossl_dh_get0_params(DH *dh); 440 441static int ffc_public_validate_test(void) 442{ 443 int ret = 0, res = -1; 444 FFC_PARAMS *params; 445 BIGNUM *pub = NULL; 446 DH *dh = NULL; 447 448 if (!TEST_ptr(pub = BN_new())) 449 goto err; 450 451 if (!TEST_ptr(dh = DH_new_by_nid(NID_ffdhe2048))) 452 goto err; 453 params = ossl_dh_get0_params(dh); 454 455 if (!TEST_true(BN_set_word(pub, 1))) 456 goto err; 457 BN_set_negative(pub, 1); 458 /* Check must succeed but set res if public key is negative */ 459 if (!TEST_true(ossl_ffc_validate_public_key(params, pub, &res))) 460 goto err; 461 if (!TEST_int_eq(FFC_ERROR_PUBKEY_TOO_SMALL, res)) 462 goto err; 463 if (!TEST_true(BN_set_word(pub, 0))) 464 goto err; 465 /* Check must succeed but set res if public key is zero */ 466 if (!TEST_true(ossl_ffc_validate_public_key(params, pub, &res))) 467 goto err; 468 if (!TEST_int_eq(FFC_ERROR_PUBKEY_TOO_SMALL, res)) 469 goto err; 470 /* Check must succeed but set res if public key is 1 */ 471 if (!TEST_true(ossl_ffc_validate_public_key(params, BN_value_one(), &res))) 472 goto err; 473 if (!TEST_int_eq(FFC_ERROR_PUBKEY_TOO_SMALL, res)) 474 goto err; 475 if (!TEST_true(BN_add_word(pub, 2))) 476 goto err; 477 /* Pass if public key >= 2 */ 478 if (!TEST_true(ossl_ffc_validate_public_key(params, pub, &res))) 479 goto err; 480 481 if (!TEST_ptr(BN_copy(pub, params->p))) 482 goto err; 483 /* Check must succeed but set res if public key = p */ 484 if (!TEST_true(ossl_ffc_validate_public_key(params, pub, &res))) 485 goto err; 486 if (!TEST_int_eq(FFC_ERROR_PUBKEY_TOO_LARGE, res)) 487 goto err; 488 489 if (!TEST_true(BN_sub_word(pub, 1))) 490 goto err; 491 /* Check must succeed but set res if public key = p - 1 */ 492 if (!TEST_true(ossl_ffc_validate_public_key(params, pub, &res))) 493 goto err; 494 if (!TEST_int_eq(FFC_ERROR_PUBKEY_TOO_LARGE, res)) 495 goto err; 496 497 if (!TEST_true(BN_sub_word(pub, 1))) 498 goto err; 499 /* Check must succeed but set res if public key is not related to p & q */ 500 if (!TEST_true(ossl_ffc_validate_public_key(params, pub, &res))) 501 goto err; 502 if (!TEST_int_eq(FFC_ERROR_PUBKEY_INVALID, res)) 503 goto err; 504 505 if (!TEST_true(BN_sub_word(pub, 5))) 506 goto err; 507 /* Pass if public key is valid */ 508 if (!TEST_true(ossl_ffc_validate_public_key(params, pub, &res))) 509 goto err; 510 511 /* Check must succeed but set res if params is NULL */ 512 if (!TEST_true(ossl_ffc_validate_public_key(NULL, pub, &res))) 513 goto err; 514 if (!TEST_int_eq(FFC_ERROR_PASSED_NULL_PARAM, res)) 515 goto err; 516 res = -1; 517 /* Check must succeed but set res if pubkey is NULL */ 518 if (!TEST_true(ossl_ffc_validate_public_key(params, NULL, &res))) 519 goto err; 520 if (!TEST_int_eq(FFC_ERROR_PASSED_NULL_PARAM, res)) 521 goto err; 522 res = -1; 523 524 BN_free(params->p); 525 params->p = NULL; 526 /* Check must succeed but set res if params->p is NULL */ 527 if (!TEST_true(ossl_ffc_validate_public_key(params, pub, &res))) 528 goto err; 529 if (!TEST_int_eq(FFC_ERROR_PASSED_NULL_PARAM, res)) 530 goto err; 531 532 ret = 1; 533err: 534 DH_free(dh); 535 BN_free(pub); 536 return ret; 537} 538 539static int ffc_private_validate_test(void) 540{ 541 int ret = 0, res = -1; 542 FFC_PARAMS *params; 543 BIGNUM *priv = NULL; 544 DH *dh = NULL; 545 546 if (!TEST_ptr(priv = BN_new())) 547 goto err; 548 549 if (!TEST_ptr(dh = DH_new_by_nid(NID_ffdhe2048))) 550 goto err; 551 params = ossl_dh_get0_params(dh); 552 553 if (!TEST_true(BN_set_word(priv, 1))) 554 goto err; 555 BN_set_negative(priv, 1); 556 /* Fail if priv key is negative */ 557 if (!TEST_false(ossl_ffc_validate_private_key(params->q, priv, &res))) 558 goto err; 559 if (!TEST_int_eq(FFC_ERROR_PRIVKEY_TOO_SMALL, res)) 560 goto err; 561 562 if (!TEST_true(BN_set_word(priv, 0))) 563 goto err; 564 /* Fail if priv key is zero */ 565 if (!TEST_false(ossl_ffc_validate_private_key(params->q, priv, &res))) 566 goto err; 567 if (!TEST_int_eq(FFC_ERROR_PRIVKEY_TOO_SMALL, res)) 568 goto err; 569 570 /* Pass if priv key >= 1 */ 571 if (!TEST_true(ossl_ffc_validate_private_key(params->q, BN_value_one(), 572 &res))) 573 goto err; 574 575 if (!TEST_ptr(BN_copy(priv, params->q))) 576 goto err; 577 /* Fail if priv key = upper */ 578 if (!TEST_false(ossl_ffc_validate_private_key(params->q, priv, &res))) 579 goto err; 580 if (!TEST_int_eq(FFC_ERROR_PRIVKEY_TOO_LARGE, res)) 581 goto err; 582 583 if (!TEST_true(BN_sub_word(priv, 1))) 584 goto err; 585 /* Pass if priv key <= upper - 1 */ 586 if (!TEST_true(ossl_ffc_validate_private_key(params->q, priv, &res))) 587 goto err; 588 589 if (!TEST_false(ossl_ffc_validate_private_key(NULL, priv, &res))) 590 goto err; 591 if (!TEST_int_eq(FFC_ERROR_PASSED_NULL_PARAM, res)) 592 goto err; 593 res = -1; 594 if (!TEST_false(ossl_ffc_validate_private_key(params->q, NULL, &res))) 595 goto err; 596 if (!TEST_int_eq(FFC_ERROR_PASSED_NULL_PARAM, res)) 597 goto err; 598 599 ret = 1; 600err: 601 DH_free(dh); 602 BN_free(priv); 603 return ret; 604} 605 606static int ffc_private_gen_test(int index) 607{ 608 int ret = 0, res = -1, N; 609 FFC_PARAMS *params; 610 BIGNUM *priv = NULL; 611 DH *dh = NULL; 612 BN_CTX *ctx = NULL; 613 614 if (!TEST_ptr(ctx = BN_CTX_new_ex(NULL))) 615 goto err; 616 617 if (!TEST_ptr(priv = BN_new())) 618 goto err; 619 620 if (!TEST_ptr(dh = DH_new_by_nid(NID_ffdhe2048))) 621 goto err; 622 params = ossl_dh_get0_params(dh); 623 624 N = BN_num_bits(params->q); 625 /* Fail since N < 2*s - where s = 112*/ 626 if (!TEST_false(ossl_ffc_generate_private_key(ctx, params, 220, 112, priv))) 627 goto err; 628 /* fail since N > len(q) */ 629 if (!TEST_false(ossl_ffc_generate_private_key(ctx, params, N + 1, 112, priv))) 630 goto err; 631 /* s must be always set */ 632 if (!TEST_false(ossl_ffc_generate_private_key(ctx, params, N, 0, priv))) 633 goto err; 634 /* pass since 2s <= N <= len(q) */ 635 if (!TEST_true(ossl_ffc_generate_private_key(ctx, params, N, 112, priv))) 636 goto err; 637 /* pass since N = len(q) */ 638 if (!TEST_true(ossl_ffc_validate_private_key(params->q, priv, &res))) 639 goto err; 640 /* pass since 2s <= N < len(q) */ 641 if (!TEST_true(ossl_ffc_generate_private_key(ctx, params, N / 2, 112, priv))) 642 goto err; 643 if (!TEST_true(ossl_ffc_validate_private_key(params->q, priv, &res))) 644 goto err; 645 /* N is ignored in this case */ 646 if (!TEST_true(ossl_ffc_generate_private_key(ctx, params, 0, 647 ossl_ifc_ffc_compute_security_bits(BN_num_bits(params->p)), 648 priv))) 649 goto err; 650 if (!TEST_int_le(BN_num_bits(priv), 225)) 651 goto err; 652 if (!TEST_true(ossl_ffc_validate_private_key(params->q, priv, &res))) 653 goto err; 654 655 ret = 1; 656err: 657 DH_free(dh); 658 BN_free(priv); 659 BN_CTX_free(ctx); 660 return ret; 661} 662 663static int ffc_params_copy_test(void) 664{ 665 int ret = 0; 666 DH *dh = NULL; 667 FFC_PARAMS *params, copy; 668 669 ossl_ffc_params_init(©); 670 671 if (!TEST_ptr(dh = DH_new_by_nid(NID_ffdhe3072))) 672 goto err; 673 params = ossl_dh_get0_params(dh); 674 675 if (!TEST_int_eq(params->keylength, 275)) 676 goto err; 677 678 if (!TEST_true(ossl_ffc_params_copy(©, params))) 679 goto err; 680 681 if (!TEST_int_eq(copy.keylength, 275)) 682 goto err; 683 684 if (!TEST_true(ossl_ffc_params_cmp(©, params, 0))) 685 goto err; 686 687 ret = 1; 688err: 689 ossl_ffc_params_cleanup(©); 690 DH_free(dh); 691 return ret; 692} 693#endif /* OPENSSL_NO_DH */ 694 695int setup_tests(void) 696{ 697#ifndef OPENSSL_NO_DSA 698 ADD_TEST(ffc_params_validate_pq_test); 699 ADD_TEST(ffc_params_validate_g_unverified_test); 700#endif /* OPENSSL_NO_DSA */ 701#ifndef OPENSSL_NO_DH 702 ADD_TEST(ffc_params_gen_test); 703 ADD_TEST(ffc_params_gen_canonicalg_test); 704 ADD_TEST(ffc_params_fips186_2_gen_validate_test); 705 ADD_TEST(ffc_public_validate_test); 706 ADD_TEST(ffc_private_validate_test); 707 ADD_ALL_TESTS(ffc_private_gen_test, 10); 708 ADD_TEST(ffc_params_copy_test); 709#endif /* OPENSSL_NO_DH */ 710 return 1; 711} 712