1 /*
2 * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
3 * Copyright (c) 2019-2020, Oracle and/or its affiliates. All rights reserved.
4 *
5 * Licensed under the Apache License 2.0 (the "License"). You may not use
6 * this file except in compliance with the License. You can obtain a copy
7 * in the file LICENSE in the source distribution or at
8 * https://www.openssl.org/source/license.html
9 */
10
11 /*
12 * This is an internal test that is intentionally using internal APIs. Some of
13 * those APIs are deprecated for public use.
14 */
15 #include "internal/deprecated.h"
16
17 #include <stdio.h>
18 #include <stdlib.h>
19 #include <string.h>
20
21 #include "internal/nelem.h"
22 #include <openssl/crypto.h>
23 #include <openssl/bio.h>
24 #include <openssl/bn.h>
25 #include <openssl/rand.h>
26 #include <openssl/err.h>
27 #include "testutil.h"
28
29 #include "internal/ffc.h"
30 #include "crypto/security_bits.h"
31
32 #ifndef OPENSSL_NO_DSA
33 static const unsigned char dsa_2048_224_sha224_p[] = {
34 0x93, 0x57, 0x93, 0x62, 0x1b, 0x9a, 0x10, 0x9b, 0xc1, 0x56, 0x0f, 0x24,
35 0x71, 0x76, 0x4e, 0xd3, 0xed, 0x78, 0x78, 0x7a, 0xbf, 0x89, 0x71, 0x67,
36 0x8e, 0x03, 0xd8, 0x5b, 0xcd, 0x22, 0x8f, 0x70, 0x74, 0xff, 0x22, 0x05,
37 0x07, 0x0c, 0x4c, 0x60, 0xed, 0x41, 0xe1, 0x9e, 0x9c, 0xaa, 0x3e, 0x19,
38 0x5c, 0x3d, 0x80, 0x58, 0xb2, 0x7f, 0x5f, 0x89, 0xec, 0xb5, 0x19, 0xdb,
39 0x06, 0x11, 0xe9, 0x78, 0x5c, 0xf9, 0xa0, 0x9e, 0x70, 0x62, 0x14, 0x7b,
40 0xda, 0x92, 0xbf, 0xb2, 0x6b, 0x01, 0x6f, 0xb8, 0x68, 0x9c, 0x89, 0x36,
41 0x89, 0x72, 0x79, 0x49, 0x93, 0x3d, 0x14, 0xb2, 0x2d, 0xbb, 0xf0, 0xdf,
42 0x94, 0x45, 0x0b, 0x5f, 0xf1, 0x75, 0x37, 0xeb, 0x49, 0xb9, 0x2d, 0xce,
43 0xb7, 0xf4, 0x95, 0x77, 0xc2, 0xe9, 0x39, 0x1c, 0x4e, 0x0c, 0x40, 0x62,
44 0x33, 0x0a, 0xe6, 0x29, 0x6f, 0xba, 0xef, 0x02, 0xdd, 0x0d, 0xe4, 0x04,
45 0x01, 0x70, 0x40, 0xb9, 0xc9, 0x7e, 0x2f, 0x10, 0x37, 0xe9, 0xde, 0xb0,
46 0xf6, 0xeb, 0x71, 0x7f, 0x9c, 0x35, 0x16, 0xf3, 0x0d, 0xc4, 0xe8, 0x02,
47 0x37, 0x6c, 0xdd, 0xb3, 0x8d, 0x2d, 0x1e, 0x28, 0x13, 0x22, 0x89, 0x40,
48 0xe5, 0xfa, 0x16, 0x67, 0xd6, 0xda, 0x12, 0xa2, 0x38, 0x83, 0x25, 0xcc,
49 0x26, 0xc1, 0x27, 0x74, 0xfe, 0xf6, 0x7a, 0xb6, 0xa1, 0xe4, 0xe8, 0xdf,
50 0x5d, 0xd2, 0x9c, 0x2f, 0xec, 0xea, 0x08, 0xca, 0x48, 0xdb, 0x18, 0x4b,
51 0x12, 0xee, 0x16, 0x9b, 0xa6, 0x00, 0xa0, 0x18, 0x98, 0x7d, 0xce, 0x6c,
52 0x6d, 0xf8, 0xfc, 0x95, 0x51, 0x1b, 0x0a, 0x40, 0xb6, 0xfc, 0xe5, 0xe2,
53 0xb0, 0x26, 0x53, 0x4c, 0xd7, 0xfe, 0xaa, 0x6d, 0xbc, 0xdd, 0xc0, 0x61,
54 0x65, 0xe4, 0x89, 0x44, 0x18, 0x6f, 0xd5, 0x39, 0xcf, 0x75, 0x6d, 0x29,
55 0xcc, 0xf8, 0x40, 0xab
56 };
57 static const unsigned char dsa_2048_224_sha224_q[] = {
58 0xf2, 0x5e, 0x4e, 0x9a, 0x15, 0xa8, 0x13, 0xdf, 0xa3, 0x17, 0x90, 0xc6,
59 0xd6, 0x5e, 0xb1, 0xfb, 0x31, 0xf8, 0xb5, 0xb1, 0x4b, 0xa7, 0x6d, 0xde,
60 0x57, 0x76, 0x6f, 0x11
61 };
62 static const unsigned char dsa_2048_224_sha224_seed[] = {
63 0xd2, 0xb1, 0x36, 0xd8, 0x5b, 0x8e, 0xa4, 0xb2, 0x6a, 0xab, 0x4e, 0x85,
64 0x8b, 0x49, 0xf9, 0xdd, 0xe6, 0xa1, 0xcd, 0xad, 0x49, 0x52, 0xe9, 0xb3,
65 0x36, 0x17, 0x06, 0xcf
66 };
67 static const unsigned char dsa_2048_224_sha224_bad_seed[] = {
68 0xd2, 0xb1, 0x36, 0xd8, 0x5b, 0x8e, 0xa4, 0xb2, 0x6a, 0xab, 0x4e, 0x85,
69 0x8b, 0x49, 0xf9, 0xdd, 0xe6, 0xa1, 0xcd, 0xad, 0x49, 0x52, 0xe9, 0xb3,
70 0x36, 0x17, 0x06, 0xd0
71 };
72 static int dsa_2048_224_sha224_counter = 2878;
73
74 static const unsigned char dsa_3072_256_sha512_p[] = {
75 0x9a, 0x82, 0x8b, 0x8d, 0xea, 0xd0, 0x56, 0x23, 0x88, 0x2d, 0x5d, 0x41,
76 0x42, 0x4c, 0x13, 0x5a, 0x15, 0x81, 0x59, 0x02, 0xc5, 0x00, 0x82, 0x28,
77 0x01, 0xee, 0x8f, 0x99, 0xfd, 0x6a, 0x95, 0xf2, 0x0f, 0xae, 0x34, 0x77,
78 0x29, 0xcc, 0xc7, 0x50, 0x0e, 0x03, 0xef, 0xb0, 0x4d, 0xe5, 0x10, 0x00,
79 0xa8, 0x7b, 0xce, 0x8c, 0xc6, 0xb2, 0x01, 0x74, 0x23, 0x1b, 0x7f, 0xe8,
80 0xf9, 0x71, 0x28, 0x39, 0xcf, 0x18, 0x04, 0xb2, 0x95, 0x61, 0x2d, 0x11,
81 0x71, 0x6b, 0xdd, 0x0d, 0x0b, 0xf0, 0xe6, 0x97, 0x52, 0x29, 0x9d, 0x45,
82 0xb1, 0x23, 0xda, 0xb0, 0xd5, 0xcb, 0x51, 0x71, 0x8e, 0x40, 0x9c, 0x97,
83 0x13, 0xea, 0x1f, 0x4b, 0x32, 0x5d, 0x27, 0x74, 0x81, 0x8d, 0x47, 0x8a,
84 0x08, 0xce, 0xf4, 0xd1, 0x28, 0xa2, 0x0f, 0x9b, 0x2e, 0xc9, 0xa3, 0x0e,
85 0x5d, 0xde, 0x47, 0x19, 0x6d, 0x5f, 0x98, 0xe0, 0x8e, 0x7f, 0x60, 0x8f,
86 0x25, 0xa7, 0xa4, 0xeb, 0xb9, 0xf3, 0x24, 0xa4, 0x9e, 0xc1, 0xbd, 0x14,
87 0x27, 0x7c, 0x27, 0xc8, 0x4f, 0x5f, 0xed, 0xfd, 0x86, 0xc8, 0xf1, 0xd7,
88 0x82, 0xe2, 0xeb, 0xe5, 0xd2, 0xbe, 0xb0, 0x65, 0x28, 0xab, 0x99, 0x9e,
89 0xcd, 0xd5, 0x22, 0xf8, 0x1b, 0x3b, 0x01, 0xe9, 0x20, 0x3d, 0xe4, 0x98,
90 0x22, 0xfe, 0xfc, 0x09, 0x7e, 0x95, 0x20, 0xda, 0xb6, 0x12, 0x2c, 0x94,
91 0x5c, 0xea, 0x74, 0x71, 0xbd, 0x19, 0xac, 0x78, 0x43, 0x02, 0x51, 0xb8,
92 0x5f, 0x06, 0x1d, 0xea, 0xc8, 0xa4, 0x3b, 0xc9, 0x78, 0xa3, 0x2b, 0x09,
93 0xdc, 0x76, 0x74, 0xc4, 0x23, 0x14, 0x48, 0x2e, 0x84, 0x2b, 0xa3, 0x82,
94 0xc1, 0xba, 0x0b, 0x39, 0x2a, 0x9f, 0x24, 0x7b, 0xd6, 0xc2, 0xea, 0x5a,
95 0xb6, 0xbd, 0x15, 0x82, 0x21, 0x85, 0xe0, 0x6b, 0x12, 0x4f, 0x8d, 0x64,
96 0x75, 0xeb, 0x7e, 0xa1, 0xdb, 0xe0, 0x9d, 0x25, 0xae, 0x3b, 0xe9, 0x9b,
97 0x21, 0x7f, 0x9a, 0x3d, 0x66, 0xd0, 0x52, 0x1d, 0x39, 0x8b, 0xeb, 0xfc,
98 0xec, 0xbe, 0x72, 0x20, 0x5a, 0xdf, 0x1b, 0x00, 0xf1, 0x0e, 0xed, 0xc6,
99 0x78, 0x6f, 0xc9, 0xab, 0xe4, 0xd6, 0x81, 0x8b, 0xcc, 0xf6, 0xd4, 0x6a,
100 0x31, 0x62, 0x08, 0xd9, 0x38, 0x21, 0x8f, 0xda, 0x9e, 0xb1, 0x2b, 0x9c,
101 0xc0, 0xbe, 0xf7, 0x9a, 0x43, 0x2d, 0x07, 0x59, 0x46, 0x0e, 0xd5, 0x23,
102 0x4e, 0xaa, 0x4a, 0x04, 0xc2, 0xde, 0x33, 0xa6, 0x34, 0xba, 0xac, 0x4f,
103 0x78, 0xd8, 0xca, 0x76, 0xce, 0x5e, 0xd4, 0xf6, 0x85, 0x4c, 0x6a, 0x60,
104 0x08, 0x5d, 0x0e, 0x34, 0x8b, 0xf2, 0xb6, 0xe3, 0xb7, 0x51, 0xca, 0x43,
105 0xaa, 0x68, 0x7b, 0x0a, 0x6e, 0xea, 0xce, 0x1e, 0x2c, 0x34, 0x8e, 0x0f,
106 0xe2, 0xcc, 0x38, 0xf2, 0x9a, 0x98, 0xef, 0xe6, 0x7f, 0xf6, 0x62, 0xbb
107 };
108 static const unsigned char dsa_3072_256_sha512_q[] = {
109 0xc1, 0xdb, 0xc1, 0x21, 0x50, 0x49, 0x63, 0xa3, 0x77, 0x6d, 0x4c, 0x92,
110 0xed, 0x58, 0x9e, 0x98, 0xea, 0xac, 0x7a, 0x90, 0x13, 0x24, 0xf7, 0xcd,
111 0xd7, 0xe6, 0xd4, 0x8f, 0xf0, 0x45, 0x4b, 0xf7
112 };
113 static const unsigned char dsa_3072_256_sha512_seed[] = {
114 0x35, 0x24, 0xb5, 0x59, 0xd5, 0x27, 0x58, 0x10, 0xf6, 0xa2, 0x7c, 0x9a,
115 0x0d, 0xc2, 0x70, 0x8a, 0xb0, 0x41, 0x4a, 0x84, 0x0b, 0xfe, 0x66, 0xf5,
116 0x3a, 0xbf, 0x4a, 0xa9, 0xcb, 0xfc, 0xa6, 0x22
117 };
118 static int dsa_3072_256_sha512_counter = 1604;
119
120 static const unsigned char dsa_2048_224_sha256_p[] = {
121 0xe9, 0x13, 0xbc, 0xf2, 0x14, 0x5d, 0xf9, 0x79, 0xd6, 0x6d, 0xf5, 0xc5,
122 0xbe, 0x7b, 0x6f, 0x90, 0x63, 0xd0, 0xfd, 0xee, 0x4f, 0xc4, 0x65, 0x83,
123 0xbf, 0xec, 0xc3, 0x2c, 0x5d, 0x30, 0xc8, 0xa4, 0x3b, 0x2f, 0x3b, 0x29,
124 0x43, 0x69, 0xfb, 0x6e, 0xa9, 0xa4, 0x07, 0x6c, 0xcd, 0xb0, 0xd2, 0xd9,
125 0xd3, 0xe6, 0xf4, 0x87, 0x16, 0xb7, 0xe5, 0x06, 0xb9, 0xba, 0xd6, 0x87,
126 0xbc, 0x01, 0x9e, 0xba, 0xc2, 0xcf, 0x39, 0xb6, 0xec, 0xdc, 0x75, 0x07,
127 0xc1, 0x39, 0x2d, 0x6a, 0x95, 0x31, 0x97, 0xda, 0x54, 0x20, 0x29, 0xe0,
128 0x1b, 0xf9, 0x74, 0x65, 0xaa, 0xc1, 0x47, 0xd3, 0x9e, 0xb4, 0x3c, 0x1d,
129 0xe0, 0xdc, 0x2d, 0x21, 0xab, 0x12, 0x3b, 0xa5, 0x51, 0x1e, 0xc6, 0xbc,
130 0x6b, 0x4c, 0x22, 0xd1, 0x7c, 0xc6, 0xce, 0xcb, 0x8c, 0x1d, 0x1f, 0xce,
131 0x1c, 0xe2, 0x75, 0x49, 0x6d, 0x2c, 0xee, 0x7f, 0x5f, 0xb8, 0x74, 0x42,
132 0x5c, 0x96, 0x77, 0x13, 0xff, 0x80, 0xf3, 0x05, 0xc7, 0xfe, 0x08, 0x3b,
133 0x25, 0x36, 0x46, 0xa2, 0xc4, 0x26, 0xb4, 0xb0, 0x3b, 0xd5, 0xb2, 0x4c,
134 0x13, 0x29, 0x0e, 0x47, 0x31, 0x66, 0x7d, 0x78, 0x57, 0xe6, 0xc2, 0xb5,
135 0x9f, 0x46, 0x17, 0xbc, 0xa9, 0x9a, 0x49, 0x1c, 0x0f, 0x45, 0xe0, 0x88,
136 0x97, 0xa1, 0x30, 0x7c, 0x42, 0xb7, 0x2c, 0x0a, 0xce, 0xb3, 0xa5, 0x7a,
137 0x61, 0x8e, 0xab, 0x44, 0xc1, 0xdc, 0x70, 0xe5, 0xda, 0x78, 0x2a, 0xb4,
138 0xe6, 0x3c, 0xa0, 0x58, 0xda, 0x62, 0x0a, 0xb2, 0xa9, 0x3d, 0xaa, 0x49,
139 0x7e, 0x7f, 0x9a, 0x19, 0x67, 0xee, 0xd6, 0xe3, 0x67, 0x13, 0xe8, 0x6f,
140 0x79, 0x50, 0x76, 0xfc, 0xb3, 0x9d, 0x7e, 0x9e, 0x3e, 0x6e, 0x47, 0xb1,
141 0x11, 0x5e, 0xc8, 0x83, 0x3a, 0x3c, 0xfc, 0x82, 0x5c, 0x9d, 0x34, 0x65,
142 0x73, 0xb4, 0x56, 0xd5
143 };
144 static const unsigned char dsa_2048_224_sha256_q[] = {
145 0xb0, 0xdf, 0xa1, 0x7b, 0xa4, 0x77, 0x64, 0x0e, 0xb9, 0x28, 0xbb, 0xbc,
146 0xd4, 0x60, 0x02, 0xaf, 0x21, 0x8c, 0xb0, 0x69, 0x0f, 0x8a, 0x7b, 0xc6,
147 0x80, 0xcb, 0x0a, 0x45
148 };
149 static const unsigned char dsa_2048_224_sha256_g[] = {
150 0x11, 0x7c, 0x5f, 0xf6, 0x99, 0x44, 0x67, 0x5b, 0x69, 0xa3, 0x83, 0xef,
151 0xb5, 0x85, 0xa2, 0x19, 0x35, 0x18, 0x2a, 0xf2, 0x58, 0xf4, 0xc9, 0x58,
152 0x9e, 0xb9, 0xe8, 0x91, 0x17, 0x2f, 0xb0, 0x60, 0x85, 0x95, 0xa6, 0x62,
153 0x36, 0xd0, 0xff, 0x94, 0xb9, 0xa6, 0x50, 0xad, 0xa6, 0xf6, 0x04, 0x28,
154 0xc2, 0xc9, 0xb9, 0x75, 0xf3, 0x66, 0xb4, 0xeb, 0xf6, 0xd5, 0x06, 0x13,
155 0x01, 0x64, 0x82, 0xa9, 0xf1, 0xd5, 0x41, 0xdc, 0xf2, 0x08, 0xfc, 0x2f,
156 0xc4, 0xa1, 0x21, 0xee, 0x7d, 0xbc, 0xda, 0x5a, 0xa4, 0xa2, 0xb9, 0x68,
157 0x87, 0x36, 0xba, 0x53, 0x9e, 0x14, 0x4e, 0x76, 0x5c, 0xba, 0x79, 0x3d,
158 0x0f, 0xe5, 0x99, 0x1c, 0x27, 0xfc, 0xaf, 0x10, 0x63, 0x87, 0x68, 0x0e,
159 0x3e, 0x6e, 0xaa, 0xf3, 0xdf, 0x76, 0x7e, 0x02, 0x9a, 0x41, 0x96, 0xa1,
160 0x6c, 0xbb, 0x67, 0xee, 0x0c, 0xad, 0x72, 0x65, 0xf1, 0x70, 0xb0, 0x39,
161 0x9b, 0x54, 0x5f, 0xd7, 0x6c, 0xc5, 0x9a, 0x90, 0x53, 0x18, 0xde, 0x5e,
162 0x62, 0x89, 0xb9, 0x2f, 0x66, 0x59, 0x3a, 0x3d, 0x10, 0xeb, 0xa5, 0x99,
163 0xf6, 0x21, 0x7d, 0xf2, 0x7b, 0x42, 0x15, 0x1c, 0x55, 0x79, 0x15, 0xaa,
164 0xa4, 0x17, 0x2e, 0x48, 0xc3, 0xa8, 0x36, 0xf5, 0x1a, 0x97, 0xce, 0xbd,
165 0x72, 0xef, 0x1d, 0x50, 0x5b, 0xb1, 0x60, 0x0a, 0x5c, 0x0b, 0xa6, 0x21,
166 0x38, 0x28, 0x4e, 0x89, 0x33, 0x1d, 0xb5, 0x7e, 0x5c, 0xf1, 0x6b, 0x2c,
167 0xbd, 0xad, 0x84, 0xb2, 0x8e, 0x96, 0xe2, 0x30, 0xe7, 0x54, 0xb8, 0xc9,
168 0x70, 0xcb, 0x10, 0x30, 0x63, 0x90, 0xf4, 0x45, 0x64, 0x93, 0x09, 0x38,
169 0x6a, 0x47, 0x58, 0x31, 0x04, 0x1a, 0x18, 0x04, 0x1a, 0xe0, 0xd7, 0x0b,
170 0x3c, 0xbe, 0x2a, 0x9c, 0xec, 0xcc, 0x0d, 0x0c, 0xed, 0xde, 0x54, 0xbc,
171 0xe6, 0x93, 0x59, 0xfc
172 };
173
ffc_params_validate_g_unverified_test(void)174 static int ffc_params_validate_g_unverified_test(void)
175 {
176 int ret = 0, res;
177 FFC_PARAMS params;
178 BIGNUM *p = NULL, *q = NULL, *g = NULL;
179 BIGNUM *p1 = NULL, *g1 = NULL;
180
181 ossl_ffc_params_init(¶ms);
182
183 if (!TEST_ptr(p = BN_bin2bn(dsa_2048_224_sha256_p,
184 sizeof(dsa_2048_224_sha256_p), NULL)))
185 goto err;
186 p1 = p;
187 if (!TEST_ptr(q = BN_bin2bn(dsa_2048_224_sha256_q,
188 sizeof(dsa_2048_224_sha256_q), NULL)))
189 goto err;
190 if (!TEST_ptr(g = BN_bin2bn(dsa_2048_224_sha256_g,
191 sizeof(dsa_2048_224_sha256_g), NULL)))
192 goto err;
193 g1 = g;
194
195 /* Fail if g is NULL */
196 ossl_ffc_params_set0_pqg(¶ms, p, q, NULL);
197 p = NULL;
198 q = NULL;
199 ossl_ffc_params_set_flags(¶ms, FFC_PARAM_FLAG_VALIDATE_G);
200 ossl_ffc_set_digest(¶ms, "SHA256", NULL);
201
202 if (!TEST_false(ossl_ffc_params_FIPS186_4_validate(NULL, ¶ms,
203 FFC_PARAM_TYPE_DSA,
204 &res, NULL)))
205 goto err;
206
207 ossl_ffc_params_set0_pqg(¶ms, p, q, g);
208 g = NULL;
209 if (!TEST_true(ossl_ffc_params_FIPS186_4_validate(NULL, ¶ms,
210 FFC_PARAM_TYPE_DSA,
211 &res, NULL)))
212 goto err;
213
214 /* incorrect g */
215 BN_add_word(g1, 1);
216 if (!TEST_false(ossl_ffc_params_FIPS186_4_validate(NULL, ¶ms,
217 FFC_PARAM_TYPE_DSA,
218 &res, NULL)))
219 goto err;
220
221 /* fail if g < 2 */
222 BN_set_word(g1, 1);
223 if (!TEST_false(ossl_ffc_params_FIPS186_4_validate(NULL, ¶ms,
224 FFC_PARAM_TYPE_DSA,
225 &res, NULL)))
226 goto err;
227
228 BN_copy(g1, p1);
229 /* Fail if g >= p */
230 if (!TEST_false(ossl_ffc_params_FIPS186_4_validate(NULL, ¶ms,
231 FFC_PARAM_TYPE_DSA,
232 &res, NULL)))
233 goto err;
234
235 ret = 1;
236 err:
237 ossl_ffc_params_cleanup(¶ms);
238 BN_free(p);
239 BN_free(q);
240 BN_free(g);
241 return ret;
242 }
243
ffc_params_validate_pq_test(void)244 static int ffc_params_validate_pq_test(void)
245 {
246 int ret = 0, res = -1;
247 FFC_PARAMS params;
248 BIGNUM *p = NULL, *q = NULL;
249
250 ossl_ffc_params_init(¶ms);
251 if (!TEST_ptr(p = BN_bin2bn(dsa_2048_224_sha224_p,
252 sizeof(dsa_2048_224_sha224_p),
253 NULL)))
254 goto err;
255 if (!TEST_ptr(q = BN_bin2bn(dsa_2048_224_sha224_q,
256 sizeof(dsa_2048_224_sha224_q),
257 NULL)))
258 goto err;
259
260 /* No p */
261 ossl_ffc_params_set0_pqg(¶ms, NULL, q, NULL);
262 q = NULL;
263 ossl_ffc_params_set_flags(¶ms, FFC_PARAM_FLAG_VALIDATE_PQ);
264 ossl_ffc_set_digest(¶ms, "SHA224", NULL);
265
266 if (!TEST_false(ossl_ffc_params_FIPS186_4_validate(NULL, ¶ms,
267 FFC_PARAM_TYPE_DSA,
268 &res, NULL)))
269 goto err;
270
271 /* Test valid case */
272 ossl_ffc_params_set0_pqg(¶ms, p, NULL, NULL);
273 p = NULL;
274 ossl_ffc_params_set_validate_params(¶ms, dsa_2048_224_sha224_seed,
275 sizeof(dsa_2048_224_sha224_seed),
276 dsa_2048_224_sha224_counter);
277 if (!TEST_true(ossl_ffc_params_FIPS186_4_validate(NULL, ¶ms,
278 FFC_PARAM_TYPE_DSA,
279 &res, NULL)))
280 goto err;
281
282 /* Bad counter - so p is not prime */
283 ossl_ffc_params_set_validate_params(¶ms, dsa_2048_224_sha224_seed,
284 sizeof(dsa_2048_224_sha224_seed),
285 1);
286 if (!TEST_false(ossl_ffc_params_FIPS186_4_validate(NULL, ¶ms,
287 FFC_PARAM_TYPE_DSA,
288 &res, NULL)))
289 goto err;
290
291 /* seedlen smaller than N */
292 ossl_ffc_params_set_validate_params(¶ms, dsa_2048_224_sha224_seed,
293 sizeof(dsa_2048_224_sha224_seed)-1,
294 dsa_2048_224_sha224_counter);
295 if (!TEST_false(ossl_ffc_params_FIPS186_4_validate(NULL, ¶ms,
296 FFC_PARAM_TYPE_DSA,
297 &res, NULL)))
298 goto err;
299
300 /* Provided seed doesnt produce a valid prime q */
301 ossl_ffc_params_set_validate_params(¶ms, dsa_2048_224_sha224_bad_seed,
302 sizeof(dsa_2048_224_sha224_bad_seed),
303 dsa_2048_224_sha224_counter);
304 if (!TEST_false(ossl_ffc_params_FIPS186_4_validate(NULL, ¶ms,
305 FFC_PARAM_TYPE_DSA,
306 &res, NULL)))
307 goto err;
308
309 if (!TEST_ptr(p = BN_bin2bn(dsa_3072_256_sha512_p,
310 sizeof(dsa_3072_256_sha512_p), NULL)))
311 goto err;
312 if (!TEST_ptr(q = BN_bin2bn(dsa_3072_256_sha512_q,
313 sizeof(dsa_3072_256_sha512_q),
314 NULL)))
315 goto err;
316
317
318 ossl_ffc_params_set0_pqg(¶ms, p, q, NULL);
319 p = q = NULL;
320 ossl_ffc_set_digest(¶ms, "SHA512", NULL);
321 ossl_ffc_params_set_validate_params(¶ms, dsa_3072_256_sha512_seed,
322 sizeof(dsa_3072_256_sha512_seed),
323 dsa_3072_256_sha512_counter);
324 /* Q doesn't div P-1 */
325 if (!TEST_false(ossl_ffc_params_FIPS186_4_validate(NULL, ¶ms,
326 FFC_PARAM_TYPE_DSA,
327 &res, NULL)))
328 goto err;
329
330 /* Bad L/N for FIPS DH */
331 if (!TEST_false(ossl_ffc_params_FIPS186_4_validate(NULL, ¶ms,
332 FFC_PARAM_TYPE_DH,
333 &res, NULL)))
334 goto err;
335
336 ret = 1;
337 err:
338 ossl_ffc_params_cleanup(¶ms);
339 BN_free(p);
340 BN_free(q);
341 return ret;
342 }
343 #endif /* OPENSSL_NO_DSA */
344
345 #ifndef OPENSSL_NO_DH
ffc_params_gen_test(void)346 static int ffc_params_gen_test(void)
347 {
348 int ret = 0, res = -1;
349 FFC_PARAMS params;
350
351 ossl_ffc_params_init(¶ms);
352 if (!TEST_true(ossl_ffc_params_FIPS186_4_generate(NULL, ¶ms,
353 FFC_PARAM_TYPE_DH,
354 2048, 256, &res, NULL)))
355 goto err;
356 if (!TEST_true(ossl_ffc_params_FIPS186_4_validate(NULL, ¶ms,
357 FFC_PARAM_TYPE_DH,
358 &res, NULL)))
359 goto err;
360
361 ret = 1;
362 err:
363 ossl_ffc_params_cleanup(¶ms);
364 return ret;
365 }
366
ffc_params_gen_canonicalg_test(void)367 static int ffc_params_gen_canonicalg_test(void)
368 {
369 int ret = 0, res = -1;
370 FFC_PARAMS params;
371
372 ossl_ffc_params_init(¶ms);
373 params.gindex = 1;
374 if (!TEST_true(ossl_ffc_params_FIPS186_4_generate(NULL, ¶ms,
375 FFC_PARAM_TYPE_DH,
376 2048, 256, &res, NULL)))
377 goto err;
378 if (!TEST_true(ossl_ffc_params_FIPS186_4_validate(NULL, ¶ms,
379 FFC_PARAM_TYPE_DH,
380 &res, NULL)))
381 goto err;
382
383 if (!TEST_true(ossl_ffc_params_print(bio_out, ¶ms, 4)))
384 goto err;
385
386 ret = 1;
387 err:
388 ossl_ffc_params_cleanup(¶ms);
389 return ret;
390 }
391
ffc_params_fips186_2_gen_validate_test(void)392 static int ffc_params_fips186_2_gen_validate_test(void)
393 {
394 int ret = 0, res = -1;
395 FFC_PARAMS params;
396 BIGNUM *bn = NULL;
397
398 ossl_ffc_params_init(¶ms);
399 if (!TEST_ptr(bn = BN_new()))
400 goto err;
401 if (!TEST_true(ossl_ffc_params_FIPS186_2_generate(NULL, ¶ms,
402 FFC_PARAM_TYPE_DH,
403 1024, 160, &res, NULL)))
404 goto err;
405 if (!TEST_true(ossl_ffc_params_FIPS186_2_validate(NULL, ¶ms,
406 FFC_PARAM_TYPE_DH,
407 &res, NULL)))
408 goto err;
409
410 /*
411 * The fips186-2 generation should produce a different q compared to
412 * fips 186-4 given the same seed value. So validation of q will fail.
413 */
414 if (!TEST_false(ossl_ffc_params_FIPS186_4_validate(NULL, ¶ms,
415 FFC_PARAM_TYPE_DSA,
416 &res, NULL)))
417 goto err;
418 /* As the params are randomly generated the error is one of the following */
419 if (!TEST_true(res == FFC_CHECK_Q_MISMATCH || res == FFC_CHECK_Q_NOT_PRIME))
420 goto err;
421
422 ossl_ffc_params_set_flags(¶ms, FFC_PARAM_FLAG_VALIDATE_G);
423 /* Partially valid g test will still pass */
424 if (!TEST_int_eq(ossl_ffc_params_FIPS186_4_validate(NULL, ¶ms,
425 FFC_PARAM_TYPE_DSA,
426 &res, NULL), 2))
427 goto err;
428
429 if (!TEST_true(ossl_ffc_params_print(bio_out, ¶ms, 4)))
430 goto err;
431
432 ret = 1;
433 err:
434 BN_free(bn);
435 ossl_ffc_params_cleanup(¶ms);
436 return ret;
437 }
438
439 extern FFC_PARAMS *ossl_dh_get0_params(DH *dh);
440
ffc_public_validate_test(void)441 static int ffc_public_validate_test(void)
442 {
443 int ret = 0, res = -1;
444 FFC_PARAMS *params;
445 BIGNUM *pub = NULL;
446 DH *dh = NULL;
447
448 if (!TEST_ptr(pub = BN_new()))
449 goto err;
450
451 if (!TEST_ptr(dh = DH_new_by_nid(NID_ffdhe2048)))
452 goto err;
453 params = ossl_dh_get0_params(dh);
454
455 if (!TEST_true(BN_set_word(pub, 1)))
456 goto err;
457 BN_set_negative(pub, 1);
458 /* Fail if public key is negative */
459 if (!TEST_false(ossl_ffc_validate_public_key(params, pub, &res)))
460 goto err;
461 if (!TEST_int_eq(FFC_ERROR_PUBKEY_TOO_SMALL, res))
462 goto err;
463 if (!TEST_true(BN_set_word(pub, 0)))
464 goto err;
465 if (!TEST_int_eq(FFC_ERROR_PUBKEY_TOO_SMALL, res))
466 goto err;
467 /* Fail if public key is zero */
468 if (!TEST_false(ossl_ffc_validate_public_key(params, pub, &res)))
469 goto err;
470 if (!TEST_int_eq(FFC_ERROR_PUBKEY_TOO_SMALL, res))
471 goto err;
472 /* Fail if public key is 1 */
473 if (!TEST_false(ossl_ffc_validate_public_key(params, BN_value_one(), &res)))
474 goto err;
475 if (!TEST_int_eq(FFC_ERROR_PUBKEY_TOO_SMALL, res))
476 goto err;
477 if (!TEST_true(BN_add_word(pub, 2)))
478 goto err;
479 /* Pass if public key >= 2 */
480 if (!TEST_true(ossl_ffc_validate_public_key(params, pub, &res)))
481 goto err;
482
483 if (!TEST_ptr(BN_copy(pub, params->p)))
484 goto err;
485 /* Fail if public key = p */
486 if (!TEST_false(ossl_ffc_validate_public_key(params, pub, &res)))
487 goto err;
488 if (!TEST_int_eq(FFC_ERROR_PUBKEY_TOO_LARGE, res))
489 goto err;
490
491 if (!TEST_true(BN_sub_word(pub, 1)))
492 goto err;
493 /* Fail if public key = p - 1 */
494 if (!TEST_false(ossl_ffc_validate_public_key(params, pub, &res)))
495 goto err;
496 if (!TEST_int_eq(FFC_ERROR_PUBKEY_TOO_LARGE, res))
497 goto err;
498
499 if (!TEST_true(BN_sub_word(pub, 1)))
500 goto err;
501 /* Fail if public key is not related to p & q */
502 if (!TEST_false(ossl_ffc_validate_public_key(params, pub, &res)))
503 goto err;
504 if (!TEST_int_eq(FFC_ERROR_PUBKEY_INVALID, res))
505 goto err;
506
507 if (!TEST_true(BN_sub_word(pub, 5)))
508 goto err;
509 /* Pass if public key is valid */
510 if (!TEST_true(ossl_ffc_validate_public_key(params, pub, &res)))
511 goto err;
512
513 /* Fail if params is NULL */
514 if (!TEST_false(ossl_ffc_validate_public_key(NULL, pub, &res)))
515 goto err;
516 if (!TEST_int_eq(FFC_ERROR_PASSED_NULL_PARAM, res))
517 goto err;
518 res = -1;
519 /* Fail if pubkey is NULL */
520 if (!TEST_false(ossl_ffc_validate_public_key(params, NULL, &res)))
521 goto err;
522 if (!TEST_int_eq(FFC_ERROR_PASSED_NULL_PARAM, res))
523 goto err;
524 res = -1;
525
526 BN_free(params->p);
527 params->p = NULL;
528 /* Fail if params->p is NULL */
529 if (!TEST_false(ossl_ffc_validate_public_key(params, pub, &res)))
530 goto err;
531 if (!TEST_int_eq(FFC_ERROR_PASSED_NULL_PARAM, res))
532 goto err;
533
534 ret = 1;
535 err:
536 DH_free(dh);
537 BN_free(pub);
538 return ret;
539 }
540
ffc_private_validate_test(void)541 static int ffc_private_validate_test(void)
542 {
543 int ret = 0, res = -1;
544 FFC_PARAMS *params;
545 BIGNUM *priv = NULL;
546 DH *dh = NULL;
547
548 if (!TEST_ptr(priv = BN_new()))
549 goto err;
550
551 if (!TEST_ptr(dh = DH_new_by_nid(NID_ffdhe2048)))
552 goto err;
553 params = ossl_dh_get0_params(dh);
554
555 if (!TEST_true(BN_set_word(priv, 1)))
556 goto err;
557 BN_set_negative(priv, 1);
558 /* Fail if priv key is negative */
559 if (!TEST_false(ossl_ffc_validate_private_key(params->q, priv, &res)))
560 goto err;
561 if (!TEST_int_eq(FFC_ERROR_PRIVKEY_TOO_SMALL, res))
562 goto err;
563
564 if (!TEST_true(BN_set_word(priv, 0)))
565 goto err;
566 /* Fail if priv key is zero */
567 if (!TEST_false(ossl_ffc_validate_private_key(params->q, priv, &res)))
568 goto err;
569 if (!TEST_int_eq(FFC_ERROR_PRIVKEY_TOO_SMALL, res))
570 goto err;
571
572 /* Pass if priv key >= 1 */
573 if (!TEST_true(ossl_ffc_validate_private_key(params->q, BN_value_one(),
574 &res)))
575 goto err;
576
577 if (!TEST_ptr(BN_copy(priv, params->q)))
578 goto err;
579 /* Fail if priv key = upper */
580 if (!TEST_false(ossl_ffc_validate_private_key(params->q, priv, &res)))
581 goto err;
582 if (!TEST_int_eq(FFC_ERROR_PRIVKEY_TOO_LARGE, res))
583 goto err;
584
585 if (!TEST_true(BN_sub_word(priv, 1)))
586 goto err;
587 /* Pass if priv key <= upper - 1 */
588 if (!TEST_true(ossl_ffc_validate_private_key(params->q, priv, &res)))
589 goto err;
590
591 if (!TEST_false(ossl_ffc_validate_private_key(NULL, priv, &res)))
592 goto err;
593 if (!TEST_int_eq(FFC_ERROR_PASSED_NULL_PARAM, res))
594 goto err;
595 res = -1;
596 if (!TEST_false(ossl_ffc_validate_private_key(params->q, NULL, &res)))
597 goto err;
598 if (!TEST_int_eq(FFC_ERROR_PASSED_NULL_PARAM, res))
599 goto err;
600
601 ret = 1;
602 err:
603 DH_free(dh);
604 BN_free(priv);
605 return ret;
606 }
607
ffc_private_gen_test(int index)608 static int ffc_private_gen_test(int index)
609 {
610 int ret = 0, res = -1, N;
611 FFC_PARAMS *params;
612 BIGNUM *priv = NULL;
613 DH *dh = NULL;
614 BN_CTX *ctx = NULL;
615
616 if (!TEST_ptr(ctx = BN_CTX_new_ex(NULL)))
617 goto err;
618
619 if (!TEST_ptr(priv = BN_new()))
620 goto err;
621
622 if (!TEST_ptr(dh = DH_new_by_nid(NID_ffdhe2048)))
623 goto err;
624 params = ossl_dh_get0_params(dh);
625
626 N = BN_num_bits(params->q);
627 /* Fail since N < 2*s - where s = 112*/
628 if (!TEST_false(ossl_ffc_generate_private_key(ctx, params, 220, 112, priv)))
629 goto err;
630 /* fail since N > len(q) */
631 if (!TEST_false(ossl_ffc_generate_private_key(ctx, params, N + 1, 112, priv)))
632 goto err;
633 /* s must be always set */
634 if (!TEST_false(ossl_ffc_generate_private_key(ctx, params, N, 0, priv)))
635 goto err;
636 /* pass since 2s <= N <= len(q) */
637 if (!TEST_true(ossl_ffc_generate_private_key(ctx, params, N, 112, priv)))
638 goto err;
639 /* pass since N = len(q) */
640 if (!TEST_true(ossl_ffc_validate_private_key(params->q, priv, &res)))
641 goto err;
642 /* pass since 2s <= N < len(q) */
643 if (!TEST_true(ossl_ffc_generate_private_key(ctx, params, N / 2, 112, priv)))
644 goto err;
645 if (!TEST_true(ossl_ffc_validate_private_key(params->q, priv, &res)))
646 goto err;
647 /* N is ignored in this case */
648 if (!TEST_true(ossl_ffc_generate_private_key(ctx, params, 0,
649 ossl_ifc_ffc_compute_security_bits(BN_num_bits(params->p)),
650 priv)))
651 goto err;
652 if (!TEST_int_le(BN_num_bits(priv), 225))
653 goto err;
654 if (!TEST_true(ossl_ffc_validate_private_key(params->q, priv, &res)))
655 goto err;
656
657 ret = 1;
658 err:
659 DH_free(dh);
660 BN_free(priv);
661 BN_CTX_free(ctx);
662 return ret;
663 }
664
ffc_params_copy_test(void)665 static int ffc_params_copy_test(void)
666 {
667 int ret = 0;
668 DH *dh = NULL;
669 FFC_PARAMS *params, copy;
670
671 ossl_ffc_params_init(©);
672
673 if (!TEST_ptr(dh = DH_new_by_nid(NID_ffdhe3072)))
674 goto err;
675 params = ossl_dh_get0_params(dh);
676
677 if (!TEST_int_eq(params->keylength, 275))
678 goto err;
679
680 if (!TEST_true(ossl_ffc_params_copy(©, params)))
681 goto err;
682
683 if (!TEST_int_eq(copy.keylength, 275))
684 goto err;
685
686 if (!TEST_true(ossl_ffc_params_cmp(©, params, 0)))
687 goto err;
688
689 ret = 1;
690 err:
691 ossl_ffc_params_cleanup(©);
692 DH_free(dh);
693 return ret;
694 }
695 #endif /* OPENSSL_NO_DH */
696
setup_tests(void)697 int setup_tests(void)
698 {
699 #ifndef OPENSSL_NO_DSA
700 ADD_TEST(ffc_params_validate_pq_test);
701 ADD_TEST(ffc_params_validate_g_unverified_test);
702 #endif /* OPENSSL_NO_DSA */
703 #ifndef OPENSSL_NO_DH
704 ADD_TEST(ffc_params_gen_test);
705 ADD_TEST(ffc_params_gen_canonicalg_test);
706 ADD_TEST(ffc_params_fips186_2_gen_validate_test);
707 ADD_TEST(ffc_public_validate_test);
708 ADD_TEST(ffc_private_validate_test);
709 ADD_ALL_TESTS(ffc_private_gen_test, 10);
710 ADD_TEST(ffc_params_copy_test);
711 #endif /* OPENSSL_NO_DH */
712 return 1;
713 }
714