• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
3  * Copyright (c) 2019-2020, Oracle and/or its affiliates.  All rights reserved.
4  *
5  * Licensed under the Apache License 2.0 (the "License").  You may not use
6  * this file except in compliance with the License.  You can obtain a copy
7  * in the file LICENSE in the source distribution or at
8  * https://www.openssl.org/source/license.html
9  */
10 
11 /*
12  * This is an internal test that is intentionally using internal APIs. Some of
13  * those APIs are deprecated for public use.
14  */
15 #include "internal/deprecated.h"
16 
17 #include <stdio.h>
18 #include <stdlib.h>
19 #include <string.h>
20 
21 #include "internal/nelem.h"
22 #include <openssl/crypto.h>
23 #include <openssl/bio.h>
24 #include <openssl/bn.h>
25 #include <openssl/rand.h>
26 #include <openssl/err.h>
27 #include "testutil.h"
28 
29 #include "internal/ffc.h"
30 #include "crypto/security_bits.h"
31 
32 #ifndef OPENSSL_NO_DSA
33 static const unsigned char dsa_2048_224_sha224_p[] = {
34     0x93, 0x57, 0x93, 0x62, 0x1b, 0x9a, 0x10, 0x9b, 0xc1, 0x56, 0x0f, 0x24,
35     0x71, 0x76, 0x4e, 0xd3, 0xed, 0x78, 0x78, 0x7a, 0xbf, 0x89, 0x71, 0x67,
36     0x8e, 0x03, 0xd8, 0x5b, 0xcd, 0x22, 0x8f, 0x70, 0x74, 0xff, 0x22, 0x05,
37     0x07, 0x0c, 0x4c, 0x60, 0xed, 0x41, 0xe1, 0x9e, 0x9c, 0xaa, 0x3e, 0x19,
38     0x5c, 0x3d, 0x80, 0x58, 0xb2, 0x7f, 0x5f, 0x89, 0xec, 0xb5, 0x19, 0xdb,
39     0x06, 0x11, 0xe9, 0x78, 0x5c, 0xf9, 0xa0, 0x9e, 0x70, 0x62, 0x14, 0x7b,
40     0xda, 0x92, 0xbf, 0xb2, 0x6b, 0x01, 0x6f, 0xb8, 0x68, 0x9c, 0x89, 0x36,
41     0x89, 0x72, 0x79, 0x49, 0x93, 0x3d, 0x14, 0xb2, 0x2d, 0xbb, 0xf0, 0xdf,
42     0x94, 0x45, 0x0b, 0x5f, 0xf1, 0x75, 0x37, 0xeb, 0x49, 0xb9, 0x2d, 0xce,
43     0xb7, 0xf4, 0x95, 0x77, 0xc2, 0xe9, 0x39, 0x1c, 0x4e, 0x0c, 0x40, 0x62,
44     0x33, 0x0a, 0xe6, 0x29, 0x6f, 0xba, 0xef, 0x02, 0xdd, 0x0d, 0xe4, 0x04,
45     0x01, 0x70, 0x40, 0xb9, 0xc9, 0x7e, 0x2f, 0x10, 0x37, 0xe9, 0xde, 0xb0,
46     0xf6, 0xeb, 0x71, 0x7f, 0x9c, 0x35, 0x16, 0xf3, 0x0d, 0xc4, 0xe8, 0x02,
47     0x37, 0x6c, 0xdd, 0xb3, 0x8d, 0x2d, 0x1e, 0x28, 0x13, 0x22, 0x89, 0x40,
48     0xe5, 0xfa, 0x16, 0x67, 0xd6, 0xda, 0x12, 0xa2, 0x38, 0x83, 0x25, 0xcc,
49     0x26, 0xc1, 0x27, 0x74, 0xfe, 0xf6, 0x7a, 0xb6, 0xa1, 0xe4, 0xe8, 0xdf,
50     0x5d, 0xd2, 0x9c, 0x2f, 0xec, 0xea, 0x08, 0xca, 0x48, 0xdb, 0x18, 0x4b,
51     0x12, 0xee, 0x16, 0x9b, 0xa6, 0x00, 0xa0, 0x18, 0x98, 0x7d, 0xce, 0x6c,
52     0x6d, 0xf8, 0xfc, 0x95, 0x51, 0x1b, 0x0a, 0x40, 0xb6, 0xfc, 0xe5, 0xe2,
53     0xb0, 0x26, 0x53, 0x4c, 0xd7, 0xfe, 0xaa, 0x6d, 0xbc, 0xdd, 0xc0, 0x61,
54     0x65, 0xe4, 0x89, 0x44, 0x18, 0x6f, 0xd5, 0x39, 0xcf, 0x75, 0x6d, 0x29,
55     0xcc, 0xf8, 0x40, 0xab
56 };
57 static const unsigned char dsa_2048_224_sha224_q[] = {
58     0xf2, 0x5e, 0x4e, 0x9a, 0x15, 0xa8, 0x13, 0xdf, 0xa3, 0x17, 0x90, 0xc6,
59     0xd6, 0x5e, 0xb1, 0xfb, 0x31, 0xf8, 0xb5, 0xb1, 0x4b, 0xa7, 0x6d, 0xde,
60     0x57, 0x76, 0x6f, 0x11
61 };
62 static const unsigned char dsa_2048_224_sha224_seed[] = {
63     0xd2, 0xb1, 0x36, 0xd8, 0x5b, 0x8e, 0xa4, 0xb2, 0x6a, 0xab, 0x4e, 0x85,
64     0x8b, 0x49, 0xf9, 0xdd, 0xe6, 0xa1, 0xcd, 0xad, 0x49, 0x52, 0xe9, 0xb3,
65     0x36, 0x17, 0x06, 0xcf
66 };
67 static const unsigned char dsa_2048_224_sha224_bad_seed[] = {
68     0xd2, 0xb1, 0x36, 0xd8, 0x5b, 0x8e, 0xa4, 0xb2, 0x6a, 0xab, 0x4e, 0x85,
69     0x8b, 0x49, 0xf9, 0xdd, 0xe6, 0xa1, 0xcd, 0xad, 0x49, 0x52, 0xe9, 0xb3,
70     0x36, 0x17, 0x06, 0xd0
71 };
72 static int dsa_2048_224_sha224_counter = 2878;
73 
74 static const unsigned char dsa_3072_256_sha512_p[] = {
75     0x9a, 0x82, 0x8b, 0x8d, 0xea, 0xd0, 0x56, 0x23, 0x88, 0x2d, 0x5d, 0x41,
76     0x42, 0x4c, 0x13, 0x5a, 0x15, 0x81, 0x59, 0x02, 0xc5, 0x00, 0x82, 0x28,
77     0x01, 0xee, 0x8f, 0x99, 0xfd, 0x6a, 0x95, 0xf2, 0x0f, 0xae, 0x34, 0x77,
78     0x29, 0xcc, 0xc7, 0x50, 0x0e, 0x03, 0xef, 0xb0, 0x4d, 0xe5, 0x10, 0x00,
79     0xa8, 0x7b, 0xce, 0x8c, 0xc6, 0xb2, 0x01, 0x74, 0x23, 0x1b, 0x7f, 0xe8,
80     0xf9, 0x71, 0x28, 0x39, 0xcf, 0x18, 0x04, 0xb2, 0x95, 0x61, 0x2d, 0x11,
81     0x71, 0x6b, 0xdd, 0x0d, 0x0b, 0xf0, 0xe6, 0x97, 0x52, 0x29, 0x9d, 0x45,
82     0xb1, 0x23, 0xda, 0xb0, 0xd5, 0xcb, 0x51, 0x71, 0x8e, 0x40, 0x9c, 0x97,
83     0x13, 0xea, 0x1f, 0x4b, 0x32, 0x5d, 0x27, 0x74, 0x81, 0x8d, 0x47, 0x8a,
84     0x08, 0xce, 0xf4, 0xd1, 0x28, 0xa2, 0x0f, 0x9b, 0x2e, 0xc9, 0xa3, 0x0e,
85     0x5d, 0xde, 0x47, 0x19, 0x6d, 0x5f, 0x98, 0xe0, 0x8e, 0x7f, 0x60, 0x8f,
86     0x25, 0xa7, 0xa4, 0xeb, 0xb9, 0xf3, 0x24, 0xa4, 0x9e, 0xc1, 0xbd, 0x14,
87     0x27, 0x7c, 0x27, 0xc8, 0x4f, 0x5f, 0xed, 0xfd, 0x86, 0xc8, 0xf1, 0xd7,
88     0x82, 0xe2, 0xeb, 0xe5, 0xd2, 0xbe, 0xb0, 0x65, 0x28, 0xab, 0x99, 0x9e,
89     0xcd, 0xd5, 0x22, 0xf8, 0x1b, 0x3b, 0x01, 0xe9, 0x20, 0x3d, 0xe4, 0x98,
90     0x22, 0xfe, 0xfc, 0x09, 0x7e, 0x95, 0x20, 0xda, 0xb6, 0x12, 0x2c, 0x94,
91     0x5c, 0xea, 0x74, 0x71, 0xbd, 0x19, 0xac, 0x78, 0x43, 0x02, 0x51, 0xb8,
92     0x5f, 0x06, 0x1d, 0xea, 0xc8, 0xa4, 0x3b, 0xc9, 0x78, 0xa3, 0x2b, 0x09,
93     0xdc, 0x76, 0x74, 0xc4, 0x23, 0x14, 0x48, 0x2e, 0x84, 0x2b, 0xa3, 0x82,
94     0xc1, 0xba, 0x0b, 0x39, 0x2a, 0x9f, 0x24, 0x7b, 0xd6, 0xc2, 0xea, 0x5a,
95     0xb6, 0xbd, 0x15, 0x82, 0x21, 0x85, 0xe0, 0x6b, 0x12, 0x4f, 0x8d, 0x64,
96     0x75, 0xeb, 0x7e, 0xa1, 0xdb, 0xe0, 0x9d, 0x25, 0xae, 0x3b, 0xe9, 0x9b,
97     0x21, 0x7f, 0x9a, 0x3d, 0x66, 0xd0, 0x52, 0x1d, 0x39, 0x8b, 0xeb, 0xfc,
98     0xec, 0xbe, 0x72, 0x20, 0x5a, 0xdf, 0x1b, 0x00, 0xf1, 0x0e, 0xed, 0xc6,
99     0x78, 0x6f, 0xc9, 0xab, 0xe4, 0xd6, 0x81, 0x8b, 0xcc, 0xf6, 0xd4, 0x6a,
100     0x31, 0x62, 0x08, 0xd9, 0x38, 0x21, 0x8f, 0xda, 0x9e, 0xb1, 0x2b, 0x9c,
101     0xc0, 0xbe, 0xf7, 0x9a, 0x43, 0x2d, 0x07, 0x59, 0x46, 0x0e, 0xd5, 0x23,
102     0x4e, 0xaa, 0x4a, 0x04, 0xc2, 0xde, 0x33, 0xa6, 0x34, 0xba, 0xac, 0x4f,
103     0x78, 0xd8, 0xca, 0x76, 0xce, 0x5e, 0xd4, 0xf6, 0x85, 0x4c, 0x6a, 0x60,
104     0x08, 0x5d, 0x0e, 0x34, 0x8b, 0xf2, 0xb6, 0xe3, 0xb7, 0x51, 0xca, 0x43,
105     0xaa, 0x68, 0x7b, 0x0a, 0x6e, 0xea, 0xce, 0x1e, 0x2c, 0x34, 0x8e, 0x0f,
106     0xe2, 0xcc, 0x38, 0xf2, 0x9a, 0x98, 0xef, 0xe6, 0x7f, 0xf6, 0x62, 0xbb
107 };
108 static const unsigned char dsa_3072_256_sha512_q[] = {
109     0xc1, 0xdb, 0xc1, 0x21, 0x50, 0x49, 0x63, 0xa3, 0x77, 0x6d, 0x4c, 0x92,
110     0xed, 0x58, 0x9e, 0x98, 0xea, 0xac, 0x7a, 0x90, 0x13, 0x24, 0xf7, 0xcd,
111     0xd7, 0xe6, 0xd4, 0x8f, 0xf0, 0x45, 0x4b, 0xf7
112 };
113 static const unsigned char dsa_3072_256_sha512_seed[] = {
114     0x35, 0x24, 0xb5, 0x59, 0xd5, 0x27, 0x58, 0x10, 0xf6, 0xa2, 0x7c, 0x9a,
115     0x0d, 0xc2, 0x70, 0x8a, 0xb0, 0x41, 0x4a, 0x84, 0x0b, 0xfe, 0x66, 0xf5,
116     0x3a, 0xbf, 0x4a, 0xa9, 0xcb, 0xfc, 0xa6, 0x22
117 };
118 static int dsa_3072_256_sha512_counter = 1604;
119 
120 static const unsigned char dsa_2048_224_sha256_p[] = {
121     0xe9, 0x13, 0xbc, 0xf2, 0x14, 0x5d, 0xf9, 0x79, 0xd6, 0x6d, 0xf5, 0xc5,
122     0xbe, 0x7b, 0x6f, 0x90, 0x63, 0xd0, 0xfd, 0xee, 0x4f, 0xc4, 0x65, 0x83,
123     0xbf, 0xec, 0xc3, 0x2c, 0x5d, 0x30, 0xc8, 0xa4, 0x3b, 0x2f, 0x3b, 0x29,
124     0x43, 0x69, 0xfb, 0x6e, 0xa9, 0xa4, 0x07, 0x6c, 0xcd, 0xb0, 0xd2, 0xd9,
125     0xd3, 0xe6, 0xf4, 0x87, 0x16, 0xb7, 0xe5, 0x06, 0xb9, 0xba, 0xd6, 0x87,
126     0xbc, 0x01, 0x9e, 0xba, 0xc2, 0xcf, 0x39, 0xb6, 0xec, 0xdc, 0x75, 0x07,
127     0xc1, 0x39, 0x2d, 0x6a, 0x95, 0x31, 0x97, 0xda, 0x54, 0x20, 0x29, 0xe0,
128     0x1b, 0xf9, 0x74, 0x65, 0xaa, 0xc1, 0x47, 0xd3, 0x9e, 0xb4, 0x3c, 0x1d,
129     0xe0, 0xdc, 0x2d, 0x21, 0xab, 0x12, 0x3b, 0xa5, 0x51, 0x1e, 0xc6, 0xbc,
130     0x6b, 0x4c, 0x22, 0xd1, 0x7c, 0xc6, 0xce, 0xcb, 0x8c, 0x1d, 0x1f, 0xce,
131     0x1c, 0xe2, 0x75, 0x49, 0x6d, 0x2c, 0xee, 0x7f, 0x5f, 0xb8, 0x74, 0x42,
132     0x5c, 0x96, 0x77, 0x13, 0xff, 0x80, 0xf3, 0x05, 0xc7, 0xfe, 0x08, 0x3b,
133     0x25, 0x36, 0x46, 0xa2, 0xc4, 0x26, 0xb4, 0xb0, 0x3b, 0xd5, 0xb2, 0x4c,
134     0x13, 0x29, 0x0e, 0x47, 0x31, 0x66, 0x7d, 0x78, 0x57, 0xe6, 0xc2, 0xb5,
135     0x9f, 0x46, 0x17, 0xbc, 0xa9, 0x9a, 0x49, 0x1c, 0x0f, 0x45, 0xe0, 0x88,
136     0x97, 0xa1, 0x30, 0x7c, 0x42, 0xb7, 0x2c, 0x0a, 0xce, 0xb3, 0xa5, 0x7a,
137     0x61, 0x8e, 0xab, 0x44, 0xc1, 0xdc, 0x70, 0xe5, 0xda, 0x78, 0x2a, 0xb4,
138     0xe6, 0x3c, 0xa0, 0x58, 0xda, 0x62, 0x0a, 0xb2, 0xa9, 0x3d, 0xaa, 0x49,
139     0x7e, 0x7f, 0x9a, 0x19, 0x67, 0xee, 0xd6, 0xe3, 0x67, 0x13, 0xe8, 0x6f,
140     0x79, 0x50, 0x76, 0xfc, 0xb3, 0x9d, 0x7e, 0x9e, 0x3e, 0x6e, 0x47, 0xb1,
141     0x11, 0x5e, 0xc8, 0x83, 0x3a, 0x3c, 0xfc, 0x82, 0x5c, 0x9d, 0x34, 0x65,
142     0x73, 0xb4, 0x56, 0xd5
143 };
144 static const unsigned char dsa_2048_224_sha256_q[] = {
145     0xb0, 0xdf, 0xa1, 0x7b, 0xa4, 0x77, 0x64, 0x0e, 0xb9, 0x28, 0xbb, 0xbc,
146     0xd4, 0x60, 0x02, 0xaf, 0x21, 0x8c, 0xb0, 0x69, 0x0f, 0x8a, 0x7b, 0xc6,
147     0x80, 0xcb, 0x0a, 0x45
148 };
149 static const unsigned char dsa_2048_224_sha256_g[] = {
150     0x11, 0x7c, 0x5f, 0xf6, 0x99, 0x44, 0x67, 0x5b, 0x69, 0xa3, 0x83, 0xef,
151     0xb5, 0x85, 0xa2, 0x19, 0x35, 0x18, 0x2a, 0xf2, 0x58, 0xf4, 0xc9, 0x58,
152     0x9e, 0xb9, 0xe8, 0x91, 0x17, 0x2f, 0xb0, 0x60, 0x85, 0x95, 0xa6, 0x62,
153     0x36, 0xd0, 0xff, 0x94, 0xb9, 0xa6, 0x50, 0xad, 0xa6, 0xf6, 0x04, 0x28,
154     0xc2, 0xc9, 0xb9, 0x75, 0xf3, 0x66, 0xb4, 0xeb, 0xf6, 0xd5, 0x06, 0x13,
155     0x01, 0x64, 0x82, 0xa9, 0xf1, 0xd5, 0x41, 0xdc, 0xf2, 0x08, 0xfc, 0x2f,
156     0xc4, 0xa1, 0x21, 0xee, 0x7d, 0xbc, 0xda, 0x5a, 0xa4, 0xa2, 0xb9, 0x68,
157     0x87, 0x36, 0xba, 0x53, 0x9e, 0x14, 0x4e, 0x76, 0x5c, 0xba, 0x79, 0x3d,
158     0x0f, 0xe5, 0x99, 0x1c, 0x27, 0xfc, 0xaf, 0x10, 0x63, 0x87, 0x68, 0x0e,
159     0x3e, 0x6e, 0xaa, 0xf3, 0xdf, 0x76, 0x7e, 0x02, 0x9a, 0x41, 0x96, 0xa1,
160     0x6c, 0xbb, 0x67, 0xee, 0x0c, 0xad, 0x72, 0x65, 0xf1, 0x70, 0xb0, 0x39,
161     0x9b, 0x54, 0x5f, 0xd7, 0x6c, 0xc5, 0x9a, 0x90, 0x53, 0x18, 0xde, 0x5e,
162     0x62, 0x89, 0xb9, 0x2f, 0x66, 0x59, 0x3a, 0x3d, 0x10, 0xeb, 0xa5, 0x99,
163     0xf6, 0x21, 0x7d, 0xf2, 0x7b, 0x42, 0x15, 0x1c, 0x55, 0x79, 0x15, 0xaa,
164     0xa4, 0x17, 0x2e, 0x48, 0xc3, 0xa8, 0x36, 0xf5, 0x1a, 0x97, 0xce, 0xbd,
165     0x72, 0xef, 0x1d, 0x50, 0x5b, 0xb1, 0x60, 0x0a, 0x5c, 0x0b, 0xa6, 0x21,
166     0x38, 0x28, 0x4e, 0x89, 0x33, 0x1d, 0xb5, 0x7e, 0x5c, 0xf1, 0x6b, 0x2c,
167     0xbd, 0xad, 0x84, 0xb2, 0x8e, 0x96, 0xe2, 0x30, 0xe7, 0x54, 0xb8, 0xc9,
168     0x70, 0xcb, 0x10, 0x30, 0x63, 0x90, 0xf4, 0x45, 0x64, 0x93, 0x09, 0x38,
169     0x6a, 0x47, 0x58, 0x31, 0x04, 0x1a, 0x18, 0x04, 0x1a, 0xe0, 0xd7, 0x0b,
170     0x3c, 0xbe, 0x2a, 0x9c, 0xec, 0xcc, 0x0d, 0x0c, 0xed, 0xde, 0x54, 0xbc,
171     0xe6, 0x93, 0x59, 0xfc
172 };
173 
ffc_params_validate_g_unverified_test(void)174 static int ffc_params_validate_g_unverified_test(void)
175 {
176     int ret = 0, res;
177     FFC_PARAMS params;
178     BIGNUM *p = NULL, *q = NULL, *g = NULL;
179     BIGNUM *p1 = NULL, *g1 = NULL;
180 
181     ossl_ffc_params_init(&params);
182 
183     if (!TEST_ptr(p = BN_bin2bn(dsa_2048_224_sha256_p,
184                                 sizeof(dsa_2048_224_sha256_p), NULL)))
185         goto err;
186     p1 = p;
187     if (!TEST_ptr(q = BN_bin2bn(dsa_2048_224_sha256_q,
188                                 sizeof(dsa_2048_224_sha256_q), NULL)))
189         goto err;
190     if (!TEST_ptr(g = BN_bin2bn(dsa_2048_224_sha256_g,
191                                 sizeof(dsa_2048_224_sha256_g), NULL)))
192         goto err;
193     g1 = g;
194 
195     /* Fail if g is NULL */
196     ossl_ffc_params_set0_pqg(&params, p, q, NULL);
197     p = NULL;
198     q = NULL;
199     ossl_ffc_params_set_flags(&params, FFC_PARAM_FLAG_VALIDATE_G);
200     ossl_ffc_set_digest(&params, "SHA256", NULL);
201 
202     if (!TEST_false(ossl_ffc_params_FIPS186_4_validate(NULL, &params,
203                                                        FFC_PARAM_TYPE_DSA,
204                                                        &res, NULL)))
205         goto err;
206 
207     ossl_ffc_params_set0_pqg(&params, p, q, g);
208     g = NULL;
209     if (!TEST_true(ossl_ffc_params_FIPS186_4_validate(NULL, &params,
210                                                       FFC_PARAM_TYPE_DSA,
211                                                       &res, NULL)))
212         goto err;
213 
214     /* incorrect g */
215     BN_add_word(g1, 1);
216     if (!TEST_false(ossl_ffc_params_FIPS186_4_validate(NULL, &params,
217                                                        FFC_PARAM_TYPE_DSA,
218                                                        &res, NULL)))
219         goto err;
220 
221     /* fail if g < 2 */
222     BN_set_word(g1, 1);
223     if (!TEST_false(ossl_ffc_params_FIPS186_4_validate(NULL, &params,
224                                                        FFC_PARAM_TYPE_DSA,
225                                                        &res, NULL)))
226         goto err;
227 
228     BN_copy(g1, p1);
229     /* Fail if g >= p */
230     if (!TEST_false(ossl_ffc_params_FIPS186_4_validate(NULL, &params,
231                                                        FFC_PARAM_TYPE_DSA,
232                                                        &res, NULL)))
233         goto err;
234 
235     ret = 1;
236 err:
237     ossl_ffc_params_cleanup(&params);
238     BN_free(p);
239     BN_free(q);
240     BN_free(g);
241     return ret;
242 }
243 
ffc_params_validate_pq_test(void)244 static int ffc_params_validate_pq_test(void)
245 {
246     int ret = 0, res = -1;
247     FFC_PARAMS params;
248     BIGNUM *p = NULL, *q = NULL;
249 
250     ossl_ffc_params_init(&params);
251     if (!TEST_ptr(p = BN_bin2bn(dsa_2048_224_sha224_p,
252                                    sizeof(dsa_2048_224_sha224_p),
253                                    NULL)))
254         goto err;
255     if (!TEST_ptr(q = BN_bin2bn(dsa_2048_224_sha224_q,
256                                    sizeof(dsa_2048_224_sha224_q),
257                                    NULL)))
258         goto err;
259 
260     /* No p */
261     ossl_ffc_params_set0_pqg(&params, NULL, q, NULL);
262     q = NULL;
263     ossl_ffc_params_set_flags(&params, FFC_PARAM_FLAG_VALIDATE_PQ);
264     ossl_ffc_set_digest(&params, "SHA224", NULL);
265 
266     if (!TEST_false(ossl_ffc_params_FIPS186_4_validate(NULL, &params,
267                                                        FFC_PARAM_TYPE_DSA,
268                                                        &res, NULL)))
269         goto err;
270 
271     /* Test valid case */
272     ossl_ffc_params_set0_pqg(&params, p, NULL, NULL);
273     p = NULL;
274     ossl_ffc_params_set_validate_params(&params, dsa_2048_224_sha224_seed,
275                                         sizeof(dsa_2048_224_sha224_seed),
276                                         dsa_2048_224_sha224_counter);
277     if (!TEST_true(ossl_ffc_params_FIPS186_4_validate(NULL, &params,
278                                                       FFC_PARAM_TYPE_DSA,
279                                                       &res, NULL)))
280         goto err;
281 
282     /* Bad counter - so p is not prime */
283     ossl_ffc_params_set_validate_params(&params, dsa_2048_224_sha224_seed,
284                                         sizeof(dsa_2048_224_sha224_seed),
285                                         1);
286     if (!TEST_false(ossl_ffc_params_FIPS186_4_validate(NULL, &params,
287                                                        FFC_PARAM_TYPE_DSA,
288                                                        &res, NULL)))
289         goto err;
290 
291     /* seedlen smaller than N */
292     ossl_ffc_params_set_validate_params(&params, dsa_2048_224_sha224_seed,
293                                         sizeof(dsa_2048_224_sha224_seed)-1,
294                                         dsa_2048_224_sha224_counter);
295     if (!TEST_false(ossl_ffc_params_FIPS186_4_validate(NULL, &params,
296                                                        FFC_PARAM_TYPE_DSA,
297                                                        &res, NULL)))
298         goto err;
299 
300     /* Provided seed doesnt produce a valid prime q */
301     ossl_ffc_params_set_validate_params(&params, dsa_2048_224_sha224_bad_seed,
302                                         sizeof(dsa_2048_224_sha224_bad_seed),
303                                         dsa_2048_224_sha224_counter);
304     if (!TEST_false(ossl_ffc_params_FIPS186_4_validate(NULL, &params,
305                                                        FFC_PARAM_TYPE_DSA,
306                                                        &res, NULL)))
307         goto err;
308 
309     if (!TEST_ptr(p = BN_bin2bn(dsa_3072_256_sha512_p,
310                                 sizeof(dsa_3072_256_sha512_p), NULL)))
311         goto err;
312     if (!TEST_ptr(q = BN_bin2bn(dsa_3072_256_sha512_q,
313                                 sizeof(dsa_3072_256_sha512_q),
314                                 NULL)))
315         goto err;
316 
317 
318     ossl_ffc_params_set0_pqg(&params, p, q, NULL);
319     p = q  = NULL;
320     ossl_ffc_set_digest(&params, "SHA512", NULL);
321     ossl_ffc_params_set_validate_params(&params, dsa_3072_256_sha512_seed,
322                                         sizeof(dsa_3072_256_sha512_seed),
323                                         dsa_3072_256_sha512_counter);
324     /* Q doesn't div P-1 */
325     if (!TEST_false(ossl_ffc_params_FIPS186_4_validate(NULL, &params,
326                                                        FFC_PARAM_TYPE_DSA,
327                                                        &res, NULL)))
328         goto err;
329 
330     /* Bad L/N for FIPS DH */
331     if (!TEST_false(ossl_ffc_params_FIPS186_4_validate(NULL, &params,
332                                                        FFC_PARAM_TYPE_DH,
333                                                        &res, NULL)))
334         goto err;
335 
336     ret = 1;
337 err:
338     ossl_ffc_params_cleanup(&params);
339     BN_free(p);
340     BN_free(q);
341     return ret;
342 }
343 #endif /* OPENSSL_NO_DSA */
344 
345 #ifndef OPENSSL_NO_DH
ffc_params_gen_test(void)346 static int ffc_params_gen_test(void)
347 {
348     int ret = 0, res = -1;
349     FFC_PARAMS params;
350 
351     ossl_ffc_params_init(&params);
352     if (!TEST_true(ossl_ffc_params_FIPS186_4_generate(NULL, &params,
353                                                       FFC_PARAM_TYPE_DH,
354                                                       2048, 256, &res, NULL)))
355         goto err;
356     if (!TEST_true(ossl_ffc_params_FIPS186_4_validate(NULL, &params,
357                                                       FFC_PARAM_TYPE_DH,
358                                                       &res, NULL)))
359         goto err;
360 
361     ret = 1;
362 err:
363     ossl_ffc_params_cleanup(&params);
364     return ret;
365 }
366 
ffc_params_gen_canonicalg_test(void)367 static int ffc_params_gen_canonicalg_test(void)
368 {
369     int ret = 0, res = -1;
370     FFC_PARAMS params;
371 
372     ossl_ffc_params_init(&params);
373     params.gindex = 1;
374     if (!TEST_true(ossl_ffc_params_FIPS186_4_generate(NULL, &params,
375                                                       FFC_PARAM_TYPE_DH,
376                                                       2048, 256, &res, NULL)))
377         goto err;
378     if (!TEST_true(ossl_ffc_params_FIPS186_4_validate(NULL, &params,
379                                                       FFC_PARAM_TYPE_DH,
380                                                       &res, NULL)))
381         goto err;
382 
383     if (!TEST_true(ossl_ffc_params_print(bio_out, &params, 4)))
384         goto err;
385 
386     ret = 1;
387 err:
388     ossl_ffc_params_cleanup(&params);
389     return ret;
390 }
391 
ffc_params_fips186_2_gen_validate_test(void)392 static int ffc_params_fips186_2_gen_validate_test(void)
393 {
394     int ret = 0, res = -1;
395     FFC_PARAMS params;
396     BIGNUM *bn = NULL;
397 
398     ossl_ffc_params_init(&params);
399     if (!TEST_ptr(bn = BN_new()))
400         goto err;
401     if (!TEST_true(ossl_ffc_params_FIPS186_2_generate(NULL, &params,
402                                                       FFC_PARAM_TYPE_DH,
403                                                       1024, 160, &res, NULL)))
404         goto err;
405     if (!TEST_true(ossl_ffc_params_FIPS186_2_validate(NULL, &params,
406                                                       FFC_PARAM_TYPE_DH,
407                                                       &res, NULL)))
408         goto err;
409 
410     /*
411      * The fips186-2 generation should produce a different q compared to
412      * fips 186-4 given the same seed value. So validation of q will fail.
413      */
414     if (!TEST_false(ossl_ffc_params_FIPS186_4_validate(NULL, &params,
415                                                        FFC_PARAM_TYPE_DSA,
416                                                        &res, NULL)))
417         goto err;
418     /* As the params are randomly generated the error is one of the following */
419     if (!TEST_true(res == FFC_CHECK_Q_MISMATCH || res == FFC_CHECK_Q_NOT_PRIME))
420         goto err;
421 
422     ossl_ffc_params_set_flags(&params, FFC_PARAM_FLAG_VALIDATE_G);
423     /* Partially valid g test will still pass */
424     if (!TEST_int_eq(ossl_ffc_params_FIPS186_4_validate(NULL, &params,
425                                                         FFC_PARAM_TYPE_DSA,
426                                                         &res, NULL), 2))
427         goto err;
428 
429     if (!TEST_true(ossl_ffc_params_print(bio_out, &params, 4)))
430         goto err;
431 
432     ret = 1;
433 err:
434     BN_free(bn);
435     ossl_ffc_params_cleanup(&params);
436     return ret;
437 }
438 
439 extern FFC_PARAMS *ossl_dh_get0_params(DH *dh);
440 
ffc_public_validate_test(void)441 static int ffc_public_validate_test(void)
442 {
443     int ret = 0, res = -1;
444     FFC_PARAMS *params;
445     BIGNUM *pub = NULL;
446     DH *dh = NULL;
447 
448     if (!TEST_ptr(pub = BN_new()))
449         goto err;
450 
451     if (!TEST_ptr(dh = DH_new_by_nid(NID_ffdhe2048)))
452         goto err;
453     params = ossl_dh_get0_params(dh);
454 
455     if (!TEST_true(BN_set_word(pub, 1)))
456         goto err;
457     BN_set_negative(pub, 1);
458     /* Fail if public key is negative */
459     if (!TEST_false(ossl_ffc_validate_public_key(params, pub, &res)))
460         goto err;
461     if (!TEST_int_eq(FFC_ERROR_PUBKEY_TOO_SMALL, res))
462         goto err;
463     if (!TEST_true(BN_set_word(pub, 0)))
464         goto err;
465     if (!TEST_int_eq(FFC_ERROR_PUBKEY_TOO_SMALL, res))
466         goto err;
467     /* Fail if public key is zero */
468     if (!TEST_false(ossl_ffc_validate_public_key(params, pub, &res)))
469         goto err;
470     if (!TEST_int_eq(FFC_ERROR_PUBKEY_TOO_SMALL, res))
471         goto err;
472     /* Fail if public key is 1 */
473     if (!TEST_false(ossl_ffc_validate_public_key(params, BN_value_one(), &res)))
474         goto err;
475     if (!TEST_int_eq(FFC_ERROR_PUBKEY_TOO_SMALL, res))
476         goto err;
477     if (!TEST_true(BN_add_word(pub, 2)))
478         goto err;
479     /* Pass if public key >= 2 */
480     if (!TEST_true(ossl_ffc_validate_public_key(params, pub, &res)))
481         goto err;
482 
483     if (!TEST_ptr(BN_copy(pub, params->p)))
484         goto err;
485     /* Fail if public key = p */
486     if (!TEST_false(ossl_ffc_validate_public_key(params, pub, &res)))
487         goto err;
488     if (!TEST_int_eq(FFC_ERROR_PUBKEY_TOO_LARGE, res))
489         goto err;
490 
491     if (!TEST_true(BN_sub_word(pub, 1)))
492         goto err;
493     /* Fail if public key = p - 1 */
494     if (!TEST_false(ossl_ffc_validate_public_key(params, pub, &res)))
495         goto err;
496     if (!TEST_int_eq(FFC_ERROR_PUBKEY_TOO_LARGE, res))
497         goto err;
498 
499     if (!TEST_true(BN_sub_word(pub, 1)))
500         goto err;
501     /* Fail if public key is not related to p & q */
502     if (!TEST_false(ossl_ffc_validate_public_key(params, pub, &res)))
503         goto err;
504     if (!TEST_int_eq(FFC_ERROR_PUBKEY_INVALID, res))
505         goto err;
506 
507     if (!TEST_true(BN_sub_word(pub, 5)))
508         goto err;
509     /* Pass if public key is valid */
510     if (!TEST_true(ossl_ffc_validate_public_key(params, pub, &res)))
511         goto err;
512 
513     /* Fail if params is NULL */
514     if (!TEST_false(ossl_ffc_validate_public_key(NULL, pub, &res)))
515         goto err;
516     if (!TEST_int_eq(FFC_ERROR_PASSED_NULL_PARAM, res))
517         goto err;
518     res = -1;
519     /* Fail if pubkey is NULL */
520     if (!TEST_false(ossl_ffc_validate_public_key(params, NULL, &res)))
521         goto err;
522     if (!TEST_int_eq(FFC_ERROR_PASSED_NULL_PARAM, res))
523         goto err;
524     res = -1;
525 
526     BN_free(params->p);
527     params->p = NULL;
528     /* Fail if params->p is NULL */
529     if (!TEST_false(ossl_ffc_validate_public_key(params, pub, &res)))
530         goto err;
531     if (!TEST_int_eq(FFC_ERROR_PASSED_NULL_PARAM, res))
532         goto err;
533 
534     ret = 1;
535 err:
536     DH_free(dh);
537     BN_free(pub);
538     return ret;
539 }
540 
ffc_private_validate_test(void)541 static int ffc_private_validate_test(void)
542 {
543     int ret = 0, res = -1;
544     FFC_PARAMS *params;
545     BIGNUM *priv = NULL;
546     DH *dh = NULL;
547 
548     if (!TEST_ptr(priv = BN_new()))
549         goto err;
550 
551     if (!TEST_ptr(dh = DH_new_by_nid(NID_ffdhe2048)))
552         goto err;
553     params = ossl_dh_get0_params(dh);
554 
555     if (!TEST_true(BN_set_word(priv, 1)))
556         goto err;
557     BN_set_negative(priv, 1);
558     /* Fail if priv key is negative */
559     if (!TEST_false(ossl_ffc_validate_private_key(params->q, priv, &res)))
560         goto err;
561     if (!TEST_int_eq(FFC_ERROR_PRIVKEY_TOO_SMALL, res))
562         goto err;
563 
564     if (!TEST_true(BN_set_word(priv, 0)))
565         goto err;
566     /* Fail if priv key is zero */
567     if (!TEST_false(ossl_ffc_validate_private_key(params->q, priv, &res)))
568         goto err;
569     if (!TEST_int_eq(FFC_ERROR_PRIVKEY_TOO_SMALL, res))
570         goto err;
571 
572     /* Pass if priv key >= 1 */
573     if (!TEST_true(ossl_ffc_validate_private_key(params->q, BN_value_one(),
574                                                  &res)))
575         goto err;
576 
577     if (!TEST_ptr(BN_copy(priv, params->q)))
578         goto err;
579     /* Fail if priv key = upper */
580     if (!TEST_false(ossl_ffc_validate_private_key(params->q, priv, &res)))
581         goto err;
582     if (!TEST_int_eq(FFC_ERROR_PRIVKEY_TOO_LARGE, res))
583         goto err;
584 
585     if (!TEST_true(BN_sub_word(priv, 1)))
586         goto err;
587     /* Pass if priv key <= upper - 1 */
588     if (!TEST_true(ossl_ffc_validate_private_key(params->q, priv, &res)))
589         goto err;
590 
591     if (!TEST_false(ossl_ffc_validate_private_key(NULL, priv, &res)))
592         goto err;
593     if (!TEST_int_eq(FFC_ERROR_PASSED_NULL_PARAM, res))
594         goto err;
595     res = -1;
596     if (!TEST_false(ossl_ffc_validate_private_key(params->q, NULL, &res)))
597         goto err;
598     if (!TEST_int_eq(FFC_ERROR_PASSED_NULL_PARAM, res))
599         goto err;
600 
601     ret = 1;
602 err:
603     DH_free(dh);
604     BN_free(priv);
605     return ret;
606 }
607 
ffc_private_gen_test(int index)608 static int ffc_private_gen_test(int index)
609 {
610     int ret = 0, res = -1, N;
611     FFC_PARAMS *params;
612     BIGNUM *priv = NULL;
613     DH *dh = NULL;
614     BN_CTX *ctx = NULL;
615 
616     if (!TEST_ptr(ctx = BN_CTX_new_ex(NULL)))
617         goto err;
618 
619     if (!TEST_ptr(priv = BN_new()))
620         goto err;
621 
622     if (!TEST_ptr(dh = DH_new_by_nid(NID_ffdhe2048)))
623         goto err;
624     params = ossl_dh_get0_params(dh);
625 
626     N = BN_num_bits(params->q);
627     /* Fail since N < 2*s - where s = 112*/
628     if (!TEST_false(ossl_ffc_generate_private_key(ctx, params, 220, 112, priv)))
629         goto err;
630     /* fail since N > len(q) */
631     if (!TEST_false(ossl_ffc_generate_private_key(ctx, params, N + 1, 112, priv)))
632         goto err;
633     /* s must be always set */
634     if (!TEST_false(ossl_ffc_generate_private_key(ctx, params, N, 0, priv)))
635         goto err;
636     /* pass since 2s <= N <= len(q) */
637     if (!TEST_true(ossl_ffc_generate_private_key(ctx, params, N, 112, priv)))
638         goto err;
639     /* pass since N = len(q) */
640     if (!TEST_true(ossl_ffc_validate_private_key(params->q, priv, &res)))
641         goto err;
642     /* pass since 2s <= N < len(q) */
643     if (!TEST_true(ossl_ffc_generate_private_key(ctx, params, N / 2, 112, priv)))
644         goto err;
645     if (!TEST_true(ossl_ffc_validate_private_key(params->q, priv, &res)))
646         goto err;
647     /* N is ignored in this case */
648     if (!TEST_true(ossl_ffc_generate_private_key(ctx, params, 0,
649                                                  ossl_ifc_ffc_compute_security_bits(BN_num_bits(params->p)),
650                                                  priv)))
651         goto err;
652     if (!TEST_int_le(BN_num_bits(priv), 225))
653         goto err;
654     if (!TEST_true(ossl_ffc_validate_private_key(params->q, priv, &res)))
655         goto err;
656 
657     ret = 1;
658 err:
659     DH_free(dh);
660     BN_free(priv);
661     BN_CTX_free(ctx);
662     return ret;
663 }
664 
ffc_params_copy_test(void)665 static int ffc_params_copy_test(void)
666 {
667     int ret = 0;
668     DH *dh = NULL;
669     FFC_PARAMS *params, copy;
670 
671     ossl_ffc_params_init(&copy);
672 
673     if (!TEST_ptr(dh = DH_new_by_nid(NID_ffdhe3072)))
674         goto err;
675     params = ossl_dh_get0_params(dh);
676 
677     if (!TEST_int_eq(params->keylength, 275))
678         goto err;
679 
680     if (!TEST_true(ossl_ffc_params_copy(&copy, params)))
681         goto err;
682 
683     if (!TEST_int_eq(copy.keylength, 275))
684         goto err;
685 
686     if (!TEST_true(ossl_ffc_params_cmp(&copy, params, 0)))
687         goto err;
688 
689     ret = 1;
690 err:
691     ossl_ffc_params_cleanup(&copy);
692     DH_free(dh);
693     return ret;
694 }
695 #endif /* OPENSSL_NO_DH */
696 
setup_tests(void)697 int setup_tests(void)
698 {
699 #ifndef OPENSSL_NO_DSA
700     ADD_TEST(ffc_params_validate_pq_test);
701     ADD_TEST(ffc_params_validate_g_unverified_test);
702 #endif /* OPENSSL_NO_DSA */
703 #ifndef OPENSSL_NO_DH
704     ADD_TEST(ffc_params_gen_test);
705     ADD_TEST(ffc_params_gen_canonicalg_test);
706     ADD_TEST(ffc_params_fips186_2_gen_validate_test);
707     ADD_TEST(ffc_public_validate_test);
708     ADD_TEST(ffc_private_validate_test);
709     ADD_ALL_TESTS(ffc_private_gen_test, 10);
710     ADD_TEST(ffc_params_copy_test);
711 #endif /* OPENSSL_NO_DH */
712     return 1;
713 }
714