1 /*
2 * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the OpenSSL license (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 #include <stdio.h>
11 #include <stdlib.h>
12 #include <string.h>
13
14 #include "internal/nelem.h"
15 #include <openssl/crypto.h>
16 #include <openssl/bio.h>
17 #include <openssl/bn.h>
18 #include <openssl/rand.h>
19 #include <openssl/err.h>
20 #include <openssl/obj_mac.h>
21 #include "testutil.h"
22
23 #ifndef OPENSSL_NO_DH
24 # include <openssl/dh.h>
25
26 static int cb(int p, int n, BN_GENCB *arg);
27
dh_test(void)28 static int dh_test(void)
29 {
30 DH *dh = NULL;
31 BIGNUM *p = NULL, *q = NULL, *g = NULL;
32 const BIGNUM *p2, *q2, *g2;
33 BIGNUM *priv_key = NULL;
34 const BIGNUM *pub_key2, *priv_key2;
35 BN_GENCB *_cb = NULL;
36 DH *a = NULL;
37 DH *b = NULL;
38 DH *c = NULL;
39 const BIGNUM *ap = NULL, *ag = NULL, *apub_key = NULL;
40 const BIGNUM *bpub_key = NULL, *bpriv_key = NULL;
41 BIGNUM *bp = NULL, *bg = NULL, *cpriv_key = NULL;
42 unsigned char *abuf = NULL;
43 unsigned char *bbuf = NULL;
44 unsigned char *cbuf = NULL;
45 int i, alen, blen, clen, aout, bout, cout;
46 int ret = 0;
47
48 if (!TEST_ptr(dh = DH_new())
49 || !TEST_ptr(p = BN_new())
50 || !TEST_ptr(q = BN_new())
51 || !TEST_ptr(g = BN_new())
52 || !TEST_ptr(priv_key = BN_new()))
53 goto err1;
54
55 /*
56 * I) basic tests
57 */
58
59 /* using a small predefined Sophie Germain DH group with generator 3 */
60 if (!TEST_true(BN_set_word(p, 4079L))
61 || !TEST_true(BN_set_word(q, 2039L))
62 || !TEST_true(BN_set_word(g, 3L))
63 || !TEST_true(DH_set0_pqg(dh, p, q, g)))
64 goto err1;
65
66 if (!TEST_true(DH_check(dh, &i)))
67 goto err2;
68 if (!TEST_false(i & DH_CHECK_P_NOT_PRIME)
69 || !TEST_false(i & DH_CHECK_P_NOT_SAFE_PRIME)
70 || !TEST_false(i & DH_CHECK_INVALID_Q_VALUE)
71 || !TEST_false(i & DH_CHECK_Q_NOT_PRIME)
72 || !TEST_false(i & DH_UNABLE_TO_CHECK_GENERATOR)
73 || !TEST_false(i & DH_NOT_SUITABLE_GENERATOR)
74 || !TEST_false(i))
75 goto err2;
76
77 /* test the combined getter for p, q, and g */
78 DH_get0_pqg(dh, &p2, &q2, &g2);
79 if (!TEST_ptr_eq(p2, p)
80 || !TEST_ptr_eq(q2, q)
81 || !TEST_ptr_eq(g2, g))
82 goto err2;
83
84 /* test the simple getters for p, q, and g */
85 if (!TEST_ptr_eq(DH_get0_p(dh), p2)
86 || !TEST_ptr_eq(DH_get0_q(dh), q2)
87 || !TEST_ptr_eq(DH_get0_g(dh), g2))
88 goto err2;
89
90 /* set the private key only*/
91 if (!TEST_true(BN_set_word(priv_key, 1234L))
92 || !TEST_true(DH_set0_key(dh, NULL, priv_key)))
93 goto err2;
94
95 /* test the combined getter for pub_key and priv_key */
96 DH_get0_key(dh, &pub_key2, &priv_key2);
97 if (!TEST_ptr_eq(pub_key2, NULL)
98 || !TEST_ptr_eq(priv_key2, priv_key))
99 goto err3;
100
101 /* test the simple getters for pub_key and priv_key */
102 if (!TEST_ptr_eq(DH_get0_pub_key(dh), pub_key2)
103 || !TEST_ptr_eq(DH_get0_priv_key(dh), priv_key2))
104 goto err3;
105
106 /* now generate a key pair ... */
107 if (!DH_generate_key(dh))
108 goto err3;
109
110 /* ... and check whether the private key was reused: */
111
112 /* test it with the combined getter for pub_key and priv_key */
113 DH_get0_key(dh, &pub_key2, &priv_key2);
114 if (!TEST_ptr(pub_key2)
115 || !TEST_ptr_eq(priv_key2, priv_key))
116 goto err3;
117
118 /* test it the simple getters for pub_key and priv_key */
119 if (!TEST_ptr_eq(DH_get0_pub_key(dh), pub_key2)
120 || !TEST_ptr_eq(DH_get0_priv_key(dh), priv_key2))
121 goto err3;
122
123 /* check whether the public key was calculated correctly */
124 TEST_uint_eq(BN_get_word(pub_key2), 3331L);
125
126 /* Modulus of size: dh check max modulus bits + 1 */
127 if (!TEST_true(BN_set_word(p, 1))
128 || !TEST_true(BN_lshift(p, p, OPENSSL_DH_CHECK_MAX_MODULUS_BITS)))
129 goto err3;
130
131 /*
132 * We expect no checks at all for an excessively large modulus
133 */
134 if (!TEST_false(DH_check(dh, &i)))
135 goto err3;
136
137 /*
138 * II) key generation
139 */
140
141 /* generate a DH group ... */
142 if (!TEST_ptr(_cb = BN_GENCB_new()))
143 goto err3;
144 BN_GENCB_set(_cb, &cb, NULL);
145 if (!TEST_ptr(a = DH_new())
146 || !TEST_true(DH_generate_parameters_ex(a, 64,
147 DH_GENERATOR_5, _cb)))
148 goto err3;
149
150 /* ... and check whether it is valid */
151 if (!TEST_true(DH_check(a, &i)))
152 goto err3;
153 if (!TEST_false(i & DH_CHECK_P_NOT_PRIME)
154 || !TEST_false(i & DH_CHECK_P_NOT_SAFE_PRIME)
155 || !TEST_false(i & DH_UNABLE_TO_CHECK_GENERATOR)
156 || !TEST_false(i & DH_NOT_SUITABLE_GENERATOR)
157 || !TEST_false(i))
158 goto err3;
159
160 DH_get0_pqg(a, &ap, NULL, &ag);
161
162 /* now create another copy of the DH group for the peer */
163 if (!TEST_ptr(b = DH_new()))
164 goto err3;
165
166 if (!TEST_ptr(bp = BN_dup(ap))
167 || !TEST_ptr(bg = BN_dup(ag))
168 || !TEST_true(DH_set0_pqg(b, bp, NULL, bg)))
169 goto err3;
170 bp = bg = NULL;
171
172 /*
173 * III) simulate a key exchange
174 */
175
176 if (!DH_generate_key(a))
177 goto err3;
178 DH_get0_key(a, &apub_key, NULL);
179
180 if (!DH_generate_key(b))
181 goto err3;
182 DH_get0_key(b, &bpub_key, &bpriv_key);
183
184 /* Also test with a private-key-only copy of |b|. */
185 if (!TEST_ptr(c = DHparams_dup(b))
186 || !TEST_ptr(cpriv_key = BN_dup(bpriv_key))
187 || !TEST_true(DH_set0_key(c, NULL, cpriv_key)))
188 goto err3;
189 cpriv_key = NULL;
190
191 alen = DH_size(a);
192 if (!TEST_ptr(abuf = OPENSSL_malloc(alen))
193 || !TEST_true((aout = DH_compute_key(abuf, bpub_key, a)) != -1))
194 goto err3;
195
196 blen = DH_size(b);
197 if (!TEST_ptr(bbuf = OPENSSL_malloc(blen))
198 || !TEST_true((bout = DH_compute_key(bbuf, apub_key, b)) != -1))
199 goto err3;
200
201 clen = DH_size(c);
202 if (!TEST_ptr(cbuf = OPENSSL_malloc(clen))
203 || !TEST_true((cout = DH_compute_key(cbuf, apub_key, c)) != -1))
204 goto err3;
205
206 if (!TEST_true(aout >= 4)
207 || !TEST_mem_eq(abuf, aout, bbuf, bout)
208 || !TEST_mem_eq(abuf, aout, cbuf, cout))
209 goto err3;
210
211 ret = 1;
212 goto success;
213
214 err1:
215 /* an error occurred before p,q,g were assigned to dh */
216 BN_free(p);
217 BN_free(q);
218 BN_free(g);
219 err2:
220 /* an error occurred before priv_key was assigned to dh */
221 BN_free(priv_key);
222 err3:
223 success:
224 OPENSSL_free(abuf);
225 OPENSSL_free(bbuf);
226 OPENSSL_free(cbuf);
227 DH_free(b);
228 DH_free(a);
229 DH_free(c);
230 BN_free(bp);
231 BN_free(bg);
232 BN_free(cpriv_key);
233 BN_GENCB_free(_cb);
234 DH_free(dh);
235
236 return ret;
237 }
238
cb(int p,int n,BN_GENCB * arg)239 static int cb(int p, int n, BN_GENCB *arg)
240 {
241 return 1;
242 }
243
244 /* Test data from RFC 5114 */
245
246 static const unsigned char dhtest_1024_160_xA[] = {
247 0xB9, 0xA3, 0xB3, 0xAE, 0x8F, 0xEF, 0xC1, 0xA2, 0x93, 0x04, 0x96, 0x50,
248 0x70, 0x86, 0xF8, 0x45, 0x5D, 0x48, 0x94, 0x3E
249 };
250
251 static const unsigned char dhtest_1024_160_yA[] = {
252 0x2A, 0x85, 0x3B, 0x3D, 0x92, 0x19, 0x75, 0x01, 0xB9, 0x01, 0x5B, 0x2D,
253 0xEB, 0x3E, 0xD8, 0x4F, 0x5E, 0x02, 0x1D, 0xCC, 0x3E, 0x52, 0xF1, 0x09,
254 0xD3, 0x27, 0x3D, 0x2B, 0x75, 0x21, 0x28, 0x1C, 0xBA, 0xBE, 0x0E, 0x76,
255 0xFF, 0x57, 0x27, 0xFA, 0x8A, 0xCC, 0xE2, 0x69, 0x56, 0xBA, 0x9A, 0x1F,
256 0xCA, 0x26, 0xF2, 0x02, 0x28, 0xD8, 0x69, 0x3F, 0xEB, 0x10, 0x84, 0x1D,
257 0x84, 0xA7, 0x36, 0x00, 0x54, 0xEC, 0xE5, 0xA7, 0xF5, 0xB7, 0xA6, 0x1A,
258 0xD3, 0xDF, 0xB3, 0xC6, 0x0D, 0x2E, 0x43, 0x10, 0x6D, 0x87, 0x27, 0xDA,
259 0x37, 0xDF, 0x9C, 0xCE, 0x95, 0xB4, 0x78, 0x75, 0x5D, 0x06, 0xBC, 0xEA,
260 0x8F, 0x9D, 0x45, 0x96, 0x5F, 0x75, 0xA5, 0xF3, 0xD1, 0xDF, 0x37, 0x01,
261 0x16, 0x5F, 0xC9, 0xE5, 0x0C, 0x42, 0x79, 0xCE, 0xB0, 0x7F, 0x98, 0x95,
262 0x40, 0xAE, 0x96, 0xD5, 0xD8, 0x8E, 0xD7, 0x76
263 };
264
265 static const unsigned char dhtest_1024_160_xB[] = {
266 0x93, 0x92, 0xC9, 0xF9, 0xEB, 0x6A, 0x7A, 0x6A, 0x90, 0x22, 0xF7, 0xD8,
267 0x3E, 0x72, 0x23, 0xC6, 0x83, 0x5B, 0xBD, 0xDA
268 };
269
270 static const unsigned char dhtest_1024_160_yB[] = {
271 0x71, 0x7A, 0x6C, 0xB0, 0x53, 0x37, 0x1F, 0xF4, 0xA3, 0xB9, 0x32, 0x94,
272 0x1C, 0x1E, 0x56, 0x63, 0xF8, 0x61, 0xA1, 0xD6, 0xAD, 0x34, 0xAE, 0x66,
273 0x57, 0x6D, 0xFB, 0x98, 0xF6, 0xC6, 0xCB, 0xF9, 0xDD, 0xD5, 0xA5, 0x6C,
274 0x78, 0x33, 0xF6, 0xBC, 0xFD, 0xFF, 0x09, 0x55, 0x82, 0xAD, 0x86, 0x8E,
275 0x44, 0x0E, 0x8D, 0x09, 0xFD, 0x76, 0x9E, 0x3C, 0xEC, 0xCD, 0xC3, 0xD3,
276 0xB1, 0xE4, 0xCF, 0xA0, 0x57, 0x77, 0x6C, 0xAA, 0xF9, 0x73, 0x9B, 0x6A,
277 0x9F, 0xEE, 0x8E, 0x74, 0x11, 0xF8, 0xD6, 0xDA, 0xC0, 0x9D, 0x6A, 0x4E,
278 0xDB, 0x46, 0xCC, 0x2B, 0x5D, 0x52, 0x03, 0x09, 0x0E, 0xAE, 0x61, 0x26,
279 0x31, 0x1E, 0x53, 0xFD, 0x2C, 0x14, 0xB5, 0x74, 0xE6, 0xA3, 0x10, 0x9A,
280 0x3D, 0xA1, 0xBE, 0x41, 0xBD, 0xCE, 0xAA, 0x18, 0x6F, 0x5C, 0xE0, 0x67,
281 0x16, 0xA2, 0xB6, 0xA0, 0x7B, 0x3C, 0x33, 0xFE
282 };
283
284 static const unsigned char dhtest_1024_160_Z[] = {
285 0x5C, 0x80, 0x4F, 0x45, 0x4D, 0x30, 0xD9, 0xC4, 0xDF, 0x85, 0x27, 0x1F,
286 0x93, 0x52, 0x8C, 0x91, 0xDF, 0x6B, 0x48, 0xAB, 0x5F, 0x80, 0xB3, 0xB5,
287 0x9C, 0xAA, 0xC1, 0xB2, 0x8F, 0x8A, 0xCB, 0xA9, 0xCD, 0x3E, 0x39, 0xF3,
288 0xCB, 0x61, 0x45, 0x25, 0xD9, 0x52, 0x1D, 0x2E, 0x64, 0x4C, 0x53, 0xB8,
289 0x07, 0xB8, 0x10, 0xF3, 0x40, 0x06, 0x2F, 0x25, 0x7D, 0x7D, 0x6F, 0xBF,
290 0xE8, 0xD5, 0xE8, 0xF0, 0x72, 0xE9, 0xB6, 0xE9, 0xAF, 0xDA, 0x94, 0x13,
291 0xEA, 0xFB, 0x2E, 0x8B, 0x06, 0x99, 0xB1, 0xFB, 0x5A, 0x0C, 0xAC, 0xED,
292 0xDE, 0xAE, 0xAD, 0x7E, 0x9C, 0xFB, 0xB3, 0x6A, 0xE2, 0xB4, 0x20, 0x83,
293 0x5B, 0xD8, 0x3A, 0x19, 0xFB, 0x0B, 0x5E, 0x96, 0xBF, 0x8F, 0xA4, 0xD0,
294 0x9E, 0x34, 0x55, 0x25, 0x16, 0x7E, 0xCD, 0x91, 0x55, 0x41, 0x6F, 0x46,
295 0xF4, 0x08, 0xED, 0x31, 0xB6, 0x3C, 0x6E, 0x6D
296 };
297
298 static const unsigned char dhtest_2048_224_xA[] = {
299 0x22, 0xE6, 0x26, 0x01, 0xDB, 0xFF, 0xD0, 0x67, 0x08, 0xA6, 0x80, 0xF7,
300 0x47, 0xF3, 0x61, 0xF7, 0x6D, 0x8F, 0x4F, 0x72, 0x1A, 0x05, 0x48, 0xE4,
301 0x83, 0x29, 0x4B, 0x0C
302 };
303
304 static const unsigned char dhtest_2048_224_yA[] = {
305 0x1B, 0x3A, 0x63, 0x45, 0x1B, 0xD8, 0x86, 0xE6, 0x99, 0xE6, 0x7B, 0x49,
306 0x4E, 0x28, 0x8B, 0xD7, 0xF8, 0xE0, 0xD3, 0x70, 0xBA, 0xDD, 0xA7, 0xA0,
307 0xEF, 0xD2, 0xFD, 0xE7, 0xD8, 0xF6, 0x61, 0x45, 0xCC, 0x9F, 0x28, 0x04,
308 0x19, 0x97, 0x5E, 0xB8, 0x08, 0x87, 0x7C, 0x8A, 0x4C, 0x0C, 0x8E, 0x0B,
309 0xD4, 0x8D, 0x4A, 0x54, 0x01, 0xEB, 0x1E, 0x87, 0x76, 0xBF, 0xEE, 0xE1,
310 0x34, 0xC0, 0x38, 0x31, 0xAC, 0x27, 0x3C, 0xD9, 0xD6, 0x35, 0xAB, 0x0C,
311 0xE0, 0x06, 0xA4, 0x2A, 0x88, 0x7E, 0x3F, 0x52, 0xFB, 0x87, 0x66, 0xB6,
312 0x50, 0xF3, 0x80, 0x78, 0xBC, 0x8E, 0xE8, 0x58, 0x0C, 0xEF, 0xE2, 0x43,
313 0x96, 0x8C, 0xFC, 0x4F, 0x8D, 0xC3, 0xDB, 0x08, 0x45, 0x54, 0x17, 0x1D,
314 0x41, 0xBF, 0x2E, 0x86, 0x1B, 0x7B, 0xB4, 0xD6, 0x9D, 0xD0, 0xE0, 0x1E,
315 0xA3, 0x87, 0xCB, 0xAA, 0x5C, 0xA6, 0x72, 0xAF, 0xCB, 0xE8, 0xBD, 0xB9,
316 0xD6, 0x2D, 0x4C, 0xE1, 0x5F, 0x17, 0xDD, 0x36, 0xF9, 0x1E, 0xD1, 0xEE,
317 0xDD, 0x65, 0xCA, 0x4A, 0x06, 0x45, 0x5C, 0xB9, 0x4C, 0xD4, 0x0A, 0x52,
318 0xEC, 0x36, 0x0E, 0x84, 0xB3, 0xC9, 0x26, 0xE2, 0x2C, 0x43, 0x80, 0xA3,
319 0xBF, 0x30, 0x9D, 0x56, 0x84, 0x97, 0x68, 0xB7, 0xF5, 0x2C, 0xFD, 0xF6,
320 0x55, 0xFD, 0x05, 0x3A, 0x7E, 0xF7, 0x06, 0x97, 0x9E, 0x7E, 0x58, 0x06,
321 0xB1, 0x7D, 0xFA, 0xE5, 0x3A, 0xD2, 0xA5, 0xBC, 0x56, 0x8E, 0xBB, 0x52,
322 0x9A, 0x7A, 0x61, 0xD6, 0x8D, 0x25, 0x6F, 0x8F, 0xC9, 0x7C, 0x07, 0x4A,
323 0x86, 0x1D, 0x82, 0x7E, 0x2E, 0xBC, 0x8C, 0x61, 0x34, 0x55, 0x31, 0x15,
324 0xB7, 0x0E, 0x71, 0x03, 0x92, 0x0A, 0xA1, 0x6D, 0x85, 0xE5, 0x2B, 0xCB,
325 0xAB, 0x8D, 0x78, 0x6A, 0x68, 0x17, 0x8F, 0xA8, 0xFF, 0x7C, 0x2F, 0x5C,
326 0x71, 0x64, 0x8D, 0x6F
327 };
328
329 static const unsigned char dhtest_2048_224_xB[] = {
330 0x4F, 0xF3, 0xBC, 0x96, 0xC7, 0xFC, 0x6A, 0x6D, 0x71, 0xD3, 0xB3, 0x63,
331 0x80, 0x0A, 0x7C, 0xDF, 0xEF, 0x6F, 0xC4, 0x1B, 0x44, 0x17, 0xEA, 0x15,
332 0x35, 0x3B, 0x75, 0x90
333 };
334
335 static const unsigned char dhtest_2048_224_yB[] = {
336 0x4D, 0xCE, 0xE9, 0x92, 0xA9, 0x76, 0x2A, 0x13, 0xF2, 0xF8, 0x38, 0x44,
337 0xAD, 0x3D, 0x77, 0xEE, 0x0E, 0x31, 0xC9, 0x71, 0x8B, 0x3D, 0xB6, 0xC2,
338 0x03, 0x5D, 0x39, 0x61, 0x18, 0x2C, 0x3E, 0x0B, 0xA2, 0x47, 0xEC, 0x41,
339 0x82, 0xD7, 0x60, 0xCD, 0x48, 0xD9, 0x95, 0x99, 0x97, 0x06, 0x22, 0xA1,
340 0x88, 0x1B, 0xBA, 0x2D, 0xC8, 0x22, 0x93, 0x9C, 0x78, 0xC3, 0x91, 0x2C,
341 0x66, 0x61, 0xFA, 0x54, 0x38, 0xB2, 0x07, 0x66, 0x22, 0x2B, 0x75, 0xE2,
342 0x4C, 0x2E, 0x3A, 0xD0, 0xC7, 0x28, 0x72, 0x36, 0x12, 0x95, 0x25, 0xEE,
343 0x15, 0xB5, 0xDD, 0x79, 0x98, 0xAA, 0x04, 0xC4, 0xA9, 0x69, 0x6C, 0xAC,
344 0xD7, 0x17, 0x20, 0x83, 0xA9, 0x7A, 0x81, 0x66, 0x4E, 0xAD, 0x2C, 0x47,
345 0x9E, 0x44, 0x4E, 0x4C, 0x06, 0x54, 0xCC, 0x19, 0xE2, 0x8D, 0x77, 0x03,
346 0xCE, 0xE8, 0xDA, 0xCD, 0x61, 0x26, 0xF5, 0xD6, 0x65, 0xEC, 0x52, 0xC6,
347 0x72, 0x55, 0xDB, 0x92, 0x01, 0x4B, 0x03, 0x7E, 0xB6, 0x21, 0xA2, 0xAC,
348 0x8E, 0x36, 0x5D, 0xE0, 0x71, 0xFF, 0xC1, 0x40, 0x0A, 0xCF, 0x07, 0x7A,
349 0x12, 0x91, 0x3D, 0xD8, 0xDE, 0x89, 0x47, 0x34, 0x37, 0xAB, 0x7B, 0xA3,
350 0x46, 0x74, 0x3C, 0x1B, 0x21, 0x5D, 0xD9, 0xC1, 0x21, 0x64, 0xA7, 0xE4,
351 0x05, 0x31, 0x18, 0xD1, 0x99, 0xBE, 0xC8, 0xEF, 0x6F, 0xC5, 0x61, 0x17,
352 0x0C, 0x84, 0xC8, 0x7D, 0x10, 0xEE, 0x9A, 0x67, 0x4A, 0x1F, 0xA8, 0xFF,
353 0xE1, 0x3B, 0xDF, 0xBA, 0x1D, 0x44, 0xDE, 0x48, 0x94, 0x6D, 0x68, 0xDC,
354 0x0C, 0xDD, 0x77, 0x76, 0x35, 0xA7, 0xAB, 0x5B, 0xFB, 0x1E, 0x4B, 0xB7,
355 0xB8, 0x56, 0xF9, 0x68, 0x27, 0x73, 0x4C, 0x18, 0x41, 0x38, 0xE9, 0x15,
356 0xD9, 0xC3, 0x00, 0x2E, 0xBC, 0xE5, 0x31, 0x20, 0x54, 0x6A, 0x7E, 0x20,
357 0x02, 0x14, 0x2B, 0x6C
358 };
359
360 static const unsigned char dhtest_2048_224_Z[] = {
361 0x34, 0xD9, 0xBD, 0xDC, 0x1B, 0x42, 0x17, 0x6C, 0x31, 0x3F, 0xEA, 0x03,
362 0x4C, 0x21, 0x03, 0x4D, 0x07, 0x4A, 0x63, 0x13, 0xBB, 0x4E, 0xCD, 0xB3,
363 0x70, 0x3F, 0xFF, 0x42, 0x45, 0x67, 0xA4, 0x6B, 0xDF, 0x75, 0x53, 0x0E,
364 0xDE, 0x0A, 0x9D, 0xA5, 0x22, 0x9D, 0xE7, 0xD7, 0x67, 0x32, 0x28, 0x6C,
365 0xBC, 0x0F, 0x91, 0xDA, 0x4C, 0x3C, 0x85, 0x2F, 0xC0, 0x99, 0xC6, 0x79,
366 0x53, 0x1D, 0x94, 0xC7, 0x8A, 0xB0, 0x3D, 0x9D, 0xEC, 0xB0, 0xA4, 0xE4,
367 0xCA, 0x8B, 0x2B, 0xB4, 0x59, 0x1C, 0x40, 0x21, 0xCF, 0x8C, 0xE3, 0xA2,
368 0x0A, 0x54, 0x1D, 0x33, 0x99, 0x40, 0x17, 0xD0, 0x20, 0x0A, 0xE2, 0xC9,
369 0x51, 0x6E, 0x2F, 0xF5, 0x14, 0x57, 0x79, 0x26, 0x9E, 0x86, 0x2B, 0x0F,
370 0xB4, 0x74, 0xA2, 0xD5, 0x6D, 0xC3, 0x1E, 0xD5, 0x69, 0xA7, 0x70, 0x0B,
371 0x4C, 0x4A, 0xB1, 0x6B, 0x22, 0xA4, 0x55, 0x13, 0x53, 0x1E, 0xF5, 0x23,
372 0xD7, 0x12, 0x12, 0x07, 0x7B, 0x5A, 0x16, 0x9B, 0xDE, 0xFF, 0xAD, 0x7A,
373 0xD9, 0x60, 0x82, 0x84, 0xC7, 0x79, 0x5B, 0x6D, 0x5A, 0x51, 0x83, 0xB8,
374 0x70, 0x66, 0xDE, 0x17, 0xD8, 0xD6, 0x71, 0xC9, 0xEB, 0xD8, 0xEC, 0x89,
375 0x54, 0x4D, 0x45, 0xEC, 0x06, 0x15, 0x93, 0xD4, 0x42, 0xC6, 0x2A, 0xB9,
376 0xCE, 0x3B, 0x1C, 0xB9, 0x94, 0x3A, 0x1D, 0x23, 0xA5, 0xEA, 0x3B, 0xCF,
377 0x21, 0xA0, 0x14, 0x71, 0xE6, 0x7E, 0x00, 0x3E, 0x7F, 0x8A, 0x69, 0xC7,
378 0x28, 0xBE, 0x49, 0x0B, 0x2F, 0xC8, 0x8C, 0xFE, 0xB9, 0x2D, 0xB6, 0xA2,
379 0x15, 0xE5, 0xD0, 0x3C, 0x17, 0xC4, 0x64, 0xC9, 0xAC, 0x1A, 0x46, 0xE2,
380 0x03, 0xE1, 0x3F, 0x95, 0x29, 0x95, 0xFB, 0x03, 0xC6, 0x9D, 0x3C, 0xC4,
381 0x7F, 0xCB, 0x51, 0x0B, 0x69, 0x98, 0xFF, 0xD3, 0xAA, 0x6D, 0xE7, 0x3C,
382 0xF9, 0xF6, 0x38, 0x69
383 };
384
385 static const unsigned char dhtest_2048_256_xA[] = {
386 0x08, 0x81, 0x38, 0x2C, 0xDB, 0x87, 0x66, 0x0C, 0x6D, 0xC1, 0x3E, 0x61,
387 0x49, 0x38, 0xD5, 0xB9, 0xC8, 0xB2, 0xF2, 0x48, 0x58, 0x1C, 0xC5, 0xE3,
388 0x1B, 0x35, 0x45, 0x43, 0x97, 0xFC, 0xE5, 0x0E
389 };
390
391 static const unsigned char dhtest_2048_256_yA[] = {
392 0x2E, 0x93, 0x80, 0xC8, 0x32, 0x3A, 0xF9, 0x75, 0x45, 0xBC, 0x49, 0x41,
393 0xDE, 0xB0, 0xEC, 0x37, 0x42, 0xC6, 0x2F, 0xE0, 0xEC, 0xE8, 0x24, 0xA6,
394 0xAB, 0xDB, 0xE6, 0x6C, 0x59, 0xBE, 0xE0, 0x24, 0x29, 0x11, 0xBF, 0xB9,
395 0x67, 0x23, 0x5C, 0xEB, 0xA3, 0x5A, 0xE1, 0x3E, 0x4E, 0xC7, 0x52, 0xBE,
396 0x63, 0x0B, 0x92, 0xDC, 0x4B, 0xDE, 0x28, 0x47, 0xA9, 0xC6, 0x2C, 0xB8,
397 0x15, 0x27, 0x45, 0x42, 0x1F, 0xB7, 0xEB, 0x60, 0xA6, 0x3C, 0x0F, 0xE9,
398 0x15, 0x9F, 0xCC, 0xE7, 0x26, 0xCE, 0x7C, 0xD8, 0x52, 0x3D, 0x74, 0x50,
399 0x66, 0x7E, 0xF8, 0x40, 0xE4, 0x91, 0x91, 0x21, 0xEB, 0x5F, 0x01, 0xC8,
400 0xC9, 0xB0, 0xD3, 0xD6, 0x48, 0xA9, 0x3B, 0xFB, 0x75, 0x68, 0x9E, 0x82,
401 0x44, 0xAC, 0x13, 0x4A, 0xF5, 0x44, 0x71, 0x1C, 0xE7, 0x9A, 0x02, 0xDC,
402 0xC3, 0x42, 0x26, 0x68, 0x47, 0x80, 0xDD, 0xDC, 0xB4, 0x98, 0x59, 0x41,
403 0x06, 0xC3, 0x7F, 0x5B, 0xC7, 0x98, 0x56, 0x48, 0x7A, 0xF5, 0xAB, 0x02,
404 0x2A, 0x2E, 0x5E, 0x42, 0xF0, 0x98, 0x97, 0xC1, 0xA8, 0x5A, 0x11, 0xEA,
405 0x02, 0x12, 0xAF, 0x04, 0xD9, 0xB4, 0xCE, 0xBC, 0x93, 0x7C, 0x3C, 0x1A,
406 0x3E, 0x15, 0xA8, 0xA0, 0x34, 0x2E, 0x33, 0x76, 0x15, 0xC8, 0x4E, 0x7F,
407 0xE3, 0xB8, 0xB9, 0xB8, 0x7F, 0xB1, 0xE7, 0x3A, 0x15, 0xAF, 0x12, 0xA3,
408 0x0D, 0x74, 0x6E, 0x06, 0xDF, 0xC3, 0x4F, 0x29, 0x0D, 0x79, 0x7C, 0xE5,
409 0x1A, 0xA1, 0x3A, 0xA7, 0x85, 0xBF, 0x66, 0x58, 0xAF, 0xF5, 0xE4, 0xB0,
410 0x93, 0x00, 0x3C, 0xBE, 0xAF, 0x66, 0x5B, 0x3C, 0x2E, 0x11, 0x3A, 0x3A,
411 0x4E, 0x90, 0x52, 0x69, 0x34, 0x1D, 0xC0, 0x71, 0x14, 0x26, 0x68, 0x5F,
412 0x4E, 0xF3, 0x7E, 0x86, 0x8A, 0x81, 0x26, 0xFF, 0x3F, 0x22, 0x79, 0xB5,
413 0x7C, 0xA6, 0x7E, 0x29
414 };
415
416 static const unsigned char dhtest_2048_256_xB[] = {
417 0x7D, 0x62, 0xA7, 0xE3, 0xEF, 0x36, 0xDE, 0x61, 0x7B, 0x13, 0xD1, 0xAF,
418 0xB8, 0x2C, 0x78, 0x0D, 0x83, 0xA2, 0x3B, 0xD4, 0xEE, 0x67, 0x05, 0x64,
419 0x51, 0x21, 0xF3, 0x71, 0xF5, 0x46, 0xA5, 0x3D
420 };
421
422 static const unsigned char dhtest_2048_256_yB[] = {
423 0x57, 0x5F, 0x03, 0x51, 0xBD, 0x2B, 0x1B, 0x81, 0x74, 0x48, 0xBD, 0xF8,
424 0x7A, 0x6C, 0x36, 0x2C, 0x1E, 0x28, 0x9D, 0x39, 0x03, 0xA3, 0x0B, 0x98,
425 0x32, 0xC5, 0x74, 0x1F, 0xA2, 0x50, 0x36, 0x3E, 0x7A, 0xCB, 0xC7, 0xF7,
426 0x7F, 0x3D, 0xAC, 0xBC, 0x1F, 0x13, 0x1A, 0xDD, 0x8E, 0x03, 0x36, 0x7E,
427 0xFF, 0x8F, 0xBB, 0xB3, 0xE1, 0xC5, 0x78, 0x44, 0x24, 0x80, 0x9B, 0x25,
428 0xAF, 0xE4, 0xD2, 0x26, 0x2A, 0x1A, 0x6F, 0xD2, 0xFA, 0xB6, 0x41, 0x05,
429 0xCA, 0x30, 0xA6, 0x74, 0xE0, 0x7F, 0x78, 0x09, 0x85, 0x20, 0x88, 0x63,
430 0x2F, 0xC0, 0x49, 0x23, 0x37, 0x91, 0xAD, 0x4E, 0xDD, 0x08, 0x3A, 0x97,
431 0x8B, 0x88, 0x3E, 0xE6, 0x18, 0xBC, 0x5E, 0x0D, 0xD0, 0x47, 0x41, 0x5F,
432 0x2D, 0x95, 0xE6, 0x83, 0xCF, 0x14, 0x82, 0x6B, 0x5F, 0xBE, 0x10, 0xD3,
433 0xCE, 0x41, 0xC6, 0xC1, 0x20, 0xC7, 0x8A, 0xB2, 0x00, 0x08, 0xC6, 0x98,
434 0xBF, 0x7F, 0x0B, 0xCA, 0xB9, 0xD7, 0xF4, 0x07, 0xBE, 0xD0, 0xF4, 0x3A,
435 0xFB, 0x29, 0x70, 0xF5, 0x7F, 0x8D, 0x12, 0x04, 0x39, 0x63, 0xE6, 0x6D,
436 0xDD, 0x32, 0x0D, 0x59, 0x9A, 0xD9, 0x93, 0x6C, 0x8F, 0x44, 0x13, 0x7C,
437 0x08, 0xB1, 0x80, 0xEC, 0x5E, 0x98, 0x5C, 0xEB, 0xE1, 0x86, 0xF3, 0xD5,
438 0x49, 0x67, 0x7E, 0x80, 0x60, 0x73, 0x31, 0xEE, 0x17, 0xAF, 0x33, 0x80,
439 0xA7, 0x25, 0xB0, 0x78, 0x23, 0x17, 0xD7, 0xDD, 0x43, 0xF5, 0x9D, 0x7A,
440 0xF9, 0x56, 0x8A, 0x9B, 0xB6, 0x3A, 0x84, 0xD3, 0x65, 0xF9, 0x22, 0x44,
441 0xED, 0x12, 0x09, 0x88, 0x21, 0x93, 0x02, 0xF4, 0x29, 0x24, 0xC7, 0xCA,
442 0x90, 0xB8, 0x9D, 0x24, 0xF7, 0x1B, 0x0A, 0xB6, 0x97, 0x82, 0x3D, 0x7D,
443 0xEB, 0x1A, 0xFF, 0x5B, 0x0E, 0x8E, 0x4A, 0x45, 0xD4, 0x9F, 0x7F, 0x53,
444 0x75, 0x7E, 0x19, 0x13
445 };
446
447 static const unsigned char dhtest_2048_256_Z[] = {
448 0x86, 0xC7, 0x0B, 0xF8, 0xD0, 0xBB, 0x81, 0xBB, 0x01, 0x07, 0x8A, 0x17,
449 0x21, 0x9C, 0xB7, 0xD2, 0x72, 0x03, 0xDB, 0x2A, 0x19, 0xC8, 0x77, 0xF1,
450 0xD1, 0xF1, 0x9F, 0xD7, 0xD7, 0x7E, 0xF2, 0x25, 0x46, 0xA6, 0x8F, 0x00,
451 0x5A, 0xD5, 0x2D, 0xC8, 0x45, 0x53, 0xB7, 0x8F, 0xC6, 0x03, 0x30, 0xBE,
452 0x51, 0xEA, 0x7C, 0x06, 0x72, 0xCA, 0xC1, 0x51, 0x5E, 0x4B, 0x35, 0xC0,
453 0x47, 0xB9, 0xA5, 0x51, 0xB8, 0x8F, 0x39, 0xDC, 0x26, 0xDA, 0x14, 0xA0,
454 0x9E, 0xF7, 0x47, 0x74, 0xD4, 0x7C, 0x76, 0x2D, 0xD1, 0x77, 0xF9, 0xED,
455 0x5B, 0xC2, 0xF1, 0x1E, 0x52, 0xC8, 0x79, 0xBD, 0x95, 0x09, 0x85, 0x04,
456 0xCD, 0x9E, 0xEC, 0xD8, 0xA8, 0xF9, 0xB3, 0xEF, 0xBD, 0x1F, 0x00, 0x8A,
457 0xC5, 0x85, 0x30, 0x97, 0xD9, 0xD1, 0x83, 0x7F, 0x2B, 0x18, 0xF7, 0x7C,
458 0xD7, 0xBE, 0x01, 0xAF, 0x80, 0xA7, 0xC7, 0xB5, 0xEA, 0x3C, 0xA5, 0x4C,
459 0xC0, 0x2D, 0x0C, 0x11, 0x6F, 0xEE, 0x3F, 0x95, 0xBB, 0x87, 0x39, 0x93,
460 0x85, 0x87, 0x5D, 0x7E, 0x86, 0x74, 0x7E, 0x67, 0x6E, 0x72, 0x89, 0x38,
461 0xAC, 0xBF, 0xF7, 0x09, 0x8E, 0x05, 0xBE, 0x4D, 0xCF, 0xB2, 0x40, 0x52,
462 0xB8, 0x3A, 0xEF, 0xFB, 0x14, 0x78, 0x3F, 0x02, 0x9A, 0xDB, 0xDE, 0x7F,
463 0x53, 0xFA, 0xE9, 0x20, 0x84, 0x22, 0x40, 0x90, 0xE0, 0x07, 0xCE, 0xE9,
464 0x4D, 0x4B, 0xF2, 0xBA, 0xCE, 0x9F, 0xFD, 0x4B, 0x57, 0xD2, 0xAF, 0x7C,
465 0x72, 0x4D, 0x0C, 0xAA, 0x19, 0xBF, 0x05, 0x01, 0xF6, 0xF1, 0x7B, 0x4A,
466 0xA1, 0x0F, 0x42, 0x5E, 0x3E, 0xA7, 0x60, 0x80, 0xB4, 0xB9, 0xD6, 0xB3,
467 0xCE, 0xFE, 0xA1, 0x15, 0xB2, 0xCE, 0xB8, 0x78, 0x9B, 0xB8, 0xA3, 0xB0,
468 0xEA, 0x87, 0xFE, 0xBE, 0x63, 0xB6, 0xC8, 0xF8, 0x46, 0xEC, 0x6D, 0xB0,
469 0xC2, 0x6C, 0x5D, 0x7C
470 };
471
472 static const unsigned char dhtest_rfc5114_2048_224_bad_y[] = {
473 0x45, 0x32, 0x5F, 0x51, 0x07, 0xE5, 0xDF, 0x1C, 0xD6, 0x02, 0x82, 0xB3,
474 0x32, 0x8F, 0xA4, 0x0F, 0x87, 0xB8, 0x41, 0xFE, 0xB9, 0x35, 0xDE, 0xAD,
475 0xC6, 0x26, 0x85, 0xB4, 0xFF, 0x94, 0x8C, 0x12, 0x4C, 0xBF, 0x5B, 0x20,
476 0xC4, 0x46, 0xA3, 0x26, 0xEB, 0xA4, 0x25, 0xB7, 0x68, 0x8E, 0xCC, 0x67,
477 0xBA, 0xEA, 0x58, 0xD0, 0xF2, 0xE9, 0xD2, 0x24, 0x72, 0x60, 0xDA, 0x88,
478 0x18, 0x9C, 0xE0, 0x31, 0x6A, 0xAD, 0x50, 0x6D, 0x94, 0x35, 0x8B, 0x83,
479 0x4A, 0x6E, 0xFA, 0x48, 0x73, 0x0F, 0x83, 0x87, 0xFF, 0x6B, 0x66, 0x1F,
480 0xA8, 0x82, 0xC6, 0x01, 0xE5, 0x80, 0xB5, 0xB0, 0x52, 0xD0, 0xE9, 0xD8,
481 0x72, 0xF9, 0x7D, 0x5B, 0x8B, 0xA5, 0x4C, 0xA5, 0x25, 0x95, 0x74, 0xE2,
482 0x7A, 0x61, 0x4E, 0xA7, 0x8F, 0x12, 0xE2, 0xD2, 0x9D, 0x8C, 0x02, 0x70,
483 0x34, 0x44, 0x32, 0xC7, 0xB2, 0xF3, 0xB9, 0xFE, 0x17, 0x2B, 0xD6, 0x1F,
484 0x8B, 0x7E, 0x4A, 0xFA, 0xA3, 0xB5, 0x3E, 0x7A, 0x81, 0x9A, 0x33, 0x66,
485 0x62, 0xA4, 0x50, 0x18, 0x3E, 0xA2, 0x5F, 0x00, 0x07, 0xD8, 0x9B, 0x22,
486 0xE4, 0xEC, 0x84, 0xD5, 0xEB, 0x5A, 0xF3, 0x2A, 0x31, 0x23, 0xD8, 0x44,
487 0x22, 0x2A, 0x8B, 0x37, 0x44, 0xCC, 0xC6, 0x87, 0x4B, 0xBE, 0x50, 0x9D,
488 0x4A, 0xC4, 0x8E, 0x45, 0xCF, 0x72, 0x4D, 0xC0, 0x89, 0xB3, 0x72, 0xED,
489 0x33, 0x2C, 0xBC, 0x7F, 0x16, 0x39, 0x3B, 0xEB, 0xD2, 0xDD, 0xA8, 0x01,
490 0x73, 0x84, 0x62, 0xB9, 0x29, 0xD2, 0xC9, 0x51, 0x32, 0x9E, 0x7A, 0x6A,
491 0xCF, 0xC1, 0x0A, 0xDB, 0x0E, 0xE0, 0x62, 0x77, 0x6F, 0x59, 0x62, 0x72,
492 0x5A, 0x69, 0xA6, 0x5B, 0x70, 0xCA, 0x65, 0xC4, 0x95, 0x6F, 0x9A, 0xC2,
493 0xDF, 0x72, 0x6D, 0xB1, 0x1E, 0x54, 0x7B, 0x51, 0xB4, 0xEF, 0x7F, 0x89,
494 0x93, 0x74, 0x89, 0x59
495 };
496
497 typedef struct {
498 DH *(*get_param) (void);
499 const unsigned char *xA;
500 size_t xA_len;
501 const unsigned char *yA;
502 size_t yA_len;
503 const unsigned char *xB;
504 size_t xB_len;
505 const unsigned char *yB;
506 size_t yB_len;
507 const unsigned char *Z;
508 size_t Z_len;
509 } rfc5114_td;
510
511 # define make_rfc5114_td(pre) { \
512 DH_get_##pre, \
513 dhtest_##pre##_xA, sizeof(dhtest_##pre##_xA), \
514 dhtest_##pre##_yA, sizeof(dhtest_##pre##_yA), \
515 dhtest_##pre##_xB, sizeof(dhtest_##pre##_xB), \
516 dhtest_##pre##_yB, sizeof(dhtest_##pre##_yB), \
517 dhtest_##pre##_Z, sizeof(dhtest_##pre##_Z) \
518 }
519
520 static const rfc5114_td rfctd[] = {
521 make_rfc5114_td(1024_160),
522 make_rfc5114_td(2048_224),
523 make_rfc5114_td(2048_256)
524 };
525
rfc5114_test(void)526 static int rfc5114_test(void)
527 {
528 int i;
529 DH *dhA = NULL;
530 DH *dhB = NULL;
531 unsigned char *Z1 = NULL;
532 unsigned char *Z2 = NULL;
533 const rfc5114_td *td = NULL;
534 BIGNUM *bady = NULL, *priv_key = NULL, *pub_key = NULL;
535 const BIGNUM *pub_key_tmp;
536
537 for (i = 0; i < (int)OSSL_NELEM(rfctd); i++) {
538 td = rfctd + i;
539 /* Set up DH structures setting key components */
540 if (!TEST_ptr(dhA = td->get_param())
541 || !TEST_ptr(dhB = td->get_param()))
542 goto bad_err;
543
544 if (!TEST_ptr(priv_key = BN_bin2bn(td->xA, td->xA_len, NULL))
545 || !TEST_ptr(pub_key = BN_bin2bn(td->yA, td->yA_len, NULL))
546 || !TEST_true(DH_set0_key(dhA, pub_key, priv_key)))
547 goto bad_err;
548
549 if (!TEST_ptr(priv_key = BN_bin2bn(td->xB, td->xB_len, NULL))
550 || !TEST_ptr(pub_key = BN_bin2bn(td->yB, td->yB_len, NULL))
551 || !TEST_true( DH_set0_key(dhB, pub_key, priv_key)))
552 goto bad_err;
553 priv_key = pub_key = NULL;
554
555 if (!TEST_uint_eq(td->Z_len, (size_t)DH_size(dhA))
556 || !TEST_uint_eq(td->Z_len, (size_t)DH_size(dhB)))
557 goto err;
558
559 if (!TEST_ptr(Z1 = OPENSSL_malloc(DH_size(dhA)))
560 || !TEST_ptr(Z2 = OPENSSL_malloc(DH_size(dhB))))
561 goto bad_err;
562 /*
563 * Work out shared secrets using both sides and compare with expected
564 * values.
565 */
566 DH_get0_key(dhB, &pub_key_tmp, NULL);
567 if (!TEST_int_ne(DH_compute_key(Z1, pub_key_tmp, dhA), -1))
568 goto bad_err;
569
570 DH_get0_key(dhA, &pub_key_tmp, NULL);
571 if (!TEST_int_ne(DH_compute_key(Z2, pub_key_tmp, dhB), -1))
572 goto bad_err;
573
574 if (!TEST_mem_eq(Z1, td->Z_len, td->Z, td->Z_len)
575 || !TEST_mem_eq(Z2, td->Z_len, td->Z, td->Z_len))
576 goto err;
577
578 DH_free(dhA);
579 dhA = NULL;
580 DH_free(dhB);
581 dhB = NULL;
582 OPENSSL_free(Z1);
583 Z1 = NULL;
584 OPENSSL_free(Z2);
585 Z2 = NULL;
586 }
587
588 /* Now i == OSSL_NELEM(rfctd) */
589 /* RFC5114 uses unsafe primes, so now test an invalid y value */
590 if (!TEST_ptr(dhA = DH_get_2048_224())
591 || !TEST_ptr(Z1 = OPENSSL_malloc(DH_size(dhA))))
592 goto bad_err;
593
594 if (!TEST_ptr(bady = BN_bin2bn(dhtest_rfc5114_2048_224_bad_y,
595 sizeof(dhtest_rfc5114_2048_224_bad_y),
596 NULL)))
597 goto bad_err;
598
599 if (!DH_generate_key(dhA))
600 goto bad_err;
601
602 if (DH_compute_key(Z1, bady, dhA) != -1) {
603 /*
604 * DH_compute_key should fail with -1. If we get here we unexpectedly
605 * allowed an invalid y value
606 */
607 goto err;
608 }
609 /* We'll have a stale error on the queue from the above test so clear it */
610 ERR_clear_error();
611 BN_free(bady);
612 DH_free(dhA);
613 OPENSSL_free(Z1);
614 return 1;
615
616 bad_err:
617 BN_free(bady);
618 DH_free(dhA);
619 DH_free(dhB);
620 BN_free(pub_key);
621 BN_free(priv_key);
622 OPENSSL_free(Z1);
623 OPENSSL_free(Z2);
624 TEST_error("Initialisation error RFC5114 set %d\n", i + 1);
625 return 0;
626
627 err:
628 BN_free(bady);
629 DH_free(dhA);
630 DH_free(dhB);
631 OPENSSL_free(Z1);
632 OPENSSL_free(Z2);
633 TEST_error("Test failed RFC5114 set %d\n", i + 1);
634 return 0;
635 }
636
rfc7919_test(void)637 static int rfc7919_test(void)
638 {
639 DH *a = NULL, *b = NULL;
640 const BIGNUM *apub_key = NULL, *bpub_key = NULL;
641 unsigned char *abuf = NULL;
642 unsigned char *bbuf = NULL;
643 int i, alen, blen, aout, bout;
644 int ret = 0;
645
646 if (!TEST_ptr(a = DH_new_by_nid(NID_ffdhe2048)))
647 goto err;
648
649 if (!DH_check(a, &i))
650 goto err;
651 if (!TEST_false(i & DH_CHECK_P_NOT_PRIME)
652 || !TEST_false(i & DH_CHECK_P_NOT_SAFE_PRIME)
653 || !TEST_false(i & DH_UNABLE_TO_CHECK_GENERATOR)
654 || !TEST_false(i & DH_NOT_SUITABLE_GENERATOR)
655 || !TEST_false(i))
656 goto err;
657
658 if (!DH_generate_key(a))
659 goto err;
660 DH_get0_key(a, &apub_key, NULL);
661
662 /* now create another copy of the DH group for the peer */
663 if (!TEST_ptr(b = DH_new_by_nid(NID_ffdhe2048)))
664 goto err;
665
666 if (!DH_generate_key(b))
667 goto err;
668 DH_get0_key(b, &bpub_key, NULL);
669
670 alen = DH_size(a);
671 if (!TEST_ptr(abuf = OPENSSL_malloc(alen))
672 || !TEST_true((aout = DH_compute_key(abuf, bpub_key, a)) != -1))
673 goto err;
674
675 blen = DH_size(b);
676 if (!TEST_ptr(bbuf = OPENSSL_malloc(blen))
677 || !TEST_true((bout = DH_compute_key(bbuf, apub_key, b)) != -1))
678 goto err;
679
680 if (!TEST_true(aout >= 20)
681 || !TEST_mem_eq(abuf, aout, bbuf, bout))
682 goto err;
683
684 ret = 1;
685
686 err:
687 OPENSSL_free(abuf);
688 OPENSSL_free(bbuf);
689 DH_free(a);
690 DH_free(b);
691 return ret;
692 }
693 #endif
694
695
setup_tests(void)696 int setup_tests(void)
697 {
698 #ifdef OPENSSL_NO_DH
699 TEST_note("No DH support");
700 #else
701 ADD_TEST(dh_test);
702 ADD_TEST(rfc5114_test);
703 ADD_TEST(rfc7919_test);
704 #endif
705 return 1;
706 }
707