evp_libctx_test.c@ 105943

最後變更在這個檔案從105943是 104078,由 vboxsync 提交於 8 月前
openssl-3.1.5: Applied and adjusted our OpenSSL changes to 3.1.4. bugref:10638
檔案大小: 29.3 KB

行
1	/*
2	* Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved.
3	*
4	* Licensed under the Apache License 2.0 (the "License"). You may not use
5	* this file except in compliance with the License. You can obtain a copy
6	* in the file LICENSE in the source distribution or at
7	* https://www.openssl.org/source/license.html
8	*/
9
10	/*
11
12	* These tests are setup to load null into the default library context.
13	* Any tests are expected to use the created 'libctx' to find algorithms.
14	* The framework runs the tests twice using the 'default' provider or
15	* 'fips' provider as inputs.
16	*/
17
18	/*
19	* DSA/DH low level APIs are deprecated for public use, but still ok for
20	* internal use.
21	*/
22	#include "internal/deprecated.h"
23	#include <assert.h>
24	#include <openssl/evp.h>
25	#include <openssl/provider.h>
26	#include <openssl/dsa.h>
27	#include <openssl/dh.h>
28	#include <openssl/safestack.h>
29	#include <openssl/core_dispatch.h>
30	#include <openssl/core_names.h>
31	#include <openssl/x509.h>
32	#include <openssl/encoder.h>
33	#include "testutil.h"
34	#include "internal/nelem.h"
35	#include "crypto/bn_dh.h" /* _bignum_ffdhe2048_p */
36
37	static OSSL_LIB_CTX *libctx = NULL;
38	static OSSL_PROVIDER *nullprov = NULL;
39	static OSSL_PROVIDER *libprov = NULL;
40	static STACK_OF(OPENSSL_STRING) *cipher_names = NULL;
41
42	typedef enum OPTION_choice {
43	OPT_ERR = -1,
44	OPT_EOF = 0,
45	OPT_CONFIG_FILE,
46	OPT_PROVIDER_NAME,
47	OPT_TEST_ENUM
48	} OPTION_CHOICE;
49
50	const OPTIONS *test_get_options(void)
51	{
52	static const OPTIONS test_options[] = {
53	OPT_TEST_OPTIONS_DEFAULT_USAGE,
54	{ "config", OPT_CONFIG_FILE, '<',
55	"The configuration file to use for the libctx" },
56	{ "provider", OPT_PROVIDER_NAME, 's',
57	"The provider to load (The default value is 'default')" },
58	{ NULL }
59	};
60	return test_options;
61	}
62
63	#ifndef OPENSSL_NO_DH
64	static const char *getname(int id)
65	{
66	const char *name[] = {"p", "q", "g" };
67
68	if (id >= 0 && id < 3)
69	return name[id];
70	return "?";
71	}
72	#endif
73
74	/*
75	* We're using some DH specific values in this test, so we skip compilation if
76	* we're in a no-dh build.
77	*/
78	#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DH)
79
80	static int test_dsa_param_keygen(int tstid)
81	{
82	int ret = 0;
83	int expected;
84	EVP_PKEY_CTX *gen_ctx = NULL;
85	EVP_PKEY *pkey_parm = NULL;
86	EVP_PKEY pkey = NULL, dup_pk = NULL;
87	DSA *dsa = NULL;
88	int pind, qind, gind;
89	BIGNUM p = NULL, q = NULL, *g = NULL;
90
91	/*
92	* Just grab some fixed dh p, q, g values for testing,
93	* these 'safe primes' should not be used normally for dsa *.
94	*/
95	static const BIGNUM *bn[] = {
96	&ossl_bignum_dh2048_256_p, &ossl_bignum_dh2048_256_q,
97	&ossl_bignum_dh2048_256_g
98	};
99
100	/*
101	* These tests are using bad values for p, q, g by reusing the values.
102	* A value of 0 uses p, 1 uses q and 2 uses g.
103	* There are 27 different combinations, with only the 1 valid combination.
104	*/
105	pind = tstid / 9;
106	qind = (tstid / 3) % 3;
107	gind = tstid % 3;
108	expected = (pind == 0 && qind == 1 && gind == 2);
109
110	TEST_note("Testing with (p, q, g) = (%s, %s, %s)\n", getname(pind),
111	getname(qind), getname(gind));
112
113	if (!TEST_ptr(pkey_parm = EVP_PKEY_new())
114	\|\| !TEST_ptr(dsa = DSA_new())
115	\|\| !TEST_ptr(p = BN_dup(bn[pind]))
116	\|\| !TEST_ptr(q = BN_dup(bn[qind]))
117	\|\| !TEST_ptr(g = BN_dup(bn[gind]))
118	\|\| !TEST_true(DSA_set0_pqg(dsa, p, q, g)))
119	goto err;
120	p = q = g = NULL;
121
122	if (!TEST_true(EVP_PKEY_assign_DSA(pkey_parm, dsa)))
123	goto err;
124	dsa = NULL;
125
126	if (!TEST_ptr(gen_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey_parm, NULL))
127	\|\| !TEST_int_gt(EVP_PKEY_keygen_init(gen_ctx), 0)
128	\|\| !TEST_int_eq(EVP_PKEY_keygen(gen_ctx, &pkey), expected))
129	goto err;
130
131	if (expected) {
132	if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pkey))
133	\|\| !TEST_int_eq(EVP_PKEY_eq(pkey, dup_pk), 1))
134	goto err;
135	}
136
137	ret = 1;
138	err:
139	EVP_PKEY_free(pkey);
140	EVP_PKEY_free(dup_pk);
141	EVP_PKEY_CTX_free(gen_ctx);
142	EVP_PKEY_free(pkey_parm);
143	DSA_free(dsa);
144	BN_free(g);
145	BN_free(q);
146	BN_free(p);
147	return ret;
148	}
149	#endif /* OPENSSL_NO_DSA */
150
151	#ifndef OPENSSL_NO_DH
152	static int do_dh_param_keygen(int tstid, const BIGNUM **bn)
153	{
154	int ret = 0;
155	int expected;
156	EVP_PKEY_CTX *gen_ctx = NULL;
157	EVP_PKEY *pkey_parm = NULL;
158	EVP_PKEY pkey = NULL, dup_pk = NULL;
159	DH *dh = NULL;
160	int pind, qind, gind;
161	BIGNUM p = NULL, q = NULL, *g = NULL;
162
163	/*
164	* These tests are using bad values for p, q, g by reusing the values.
165	* A value of 0 uses p, 1 uses q and 2 uses g.
166	* There are 27 different combinations, with only the 1 valid combination.
167	*/
168	pind = tstid / 9;
169	qind = (tstid / 3) % 3;
170	gind = tstid % 3;
171	expected = (pind == 0 && qind == 1 && gind == 2);
172
173	TEST_note("Testing with (p, q, g) = (%s, %s, %s)", getname(pind),
174	getname(qind), getname(gind));
175
176	if (!TEST_ptr(pkey_parm = EVP_PKEY_new())
177	\|\| !TEST_ptr(dh = DH_new())
178	\|\| !TEST_ptr(p = BN_dup(bn[pind]))
179	\|\| !TEST_ptr(q = BN_dup(bn[qind]))
180	\|\| !TEST_ptr(g = BN_dup(bn[gind]))
181	\|\| !TEST_true(DH_set0_pqg(dh, p, q, g)))
182	goto err;
183	p = q = g = NULL;
184
185	if (!TEST_true(EVP_PKEY_assign_DH(pkey_parm, dh)))
186	goto err;
187	dh = NULL;
188
189	if (!TEST_ptr(gen_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey_parm, NULL))
190	\|\| !TEST_int_gt(EVP_PKEY_keygen_init(gen_ctx), 0)
191	\|\| !TEST_int_eq(EVP_PKEY_keygen(gen_ctx, &pkey), expected))
192	goto err;
193
194	if (expected) {
195	if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pkey))
196	\|\| !TEST_int_eq(EVP_PKEY_eq(pkey, dup_pk), 1))
197	goto err;
198	}
199
200	ret = 1;
201	err:
202	EVP_PKEY_free(pkey);
203	EVP_PKEY_free(dup_pk);
204	EVP_PKEY_CTX_free(gen_ctx);
205	EVP_PKEY_free(pkey_parm);
206	DH_free(dh);
207	BN_free(g);
208	BN_free(q);
209	BN_free(p);
210	return ret;
211	}
212
213	/*
214	* Note that we get the fips186-4 path being run for most of these cases since
215	* the internal code will detect that the p, q, g does not match a safe prime
216	* group (Except for when tstid = 5, which sets the correct p, q, g)
217	*/
218	static int test_dh_safeprime_param_keygen(int tstid)
219	{
220	static const BIGNUM *bn[] = {
221	&ossl_bignum_ffdhe2048_p, &ossl_bignum_ffdhe2048_q,
222	&ossl_bignum_const_2
223	};
224	return do_dh_param_keygen(tstid, bn);
225	}
226
227	static int dhx_cert_load(void)
228	{
229	int ret = 0;
230	X509 *cert = NULL;
231	BIO *bio = NULL;
232
233	static const unsigned char dhx_cert[] = {
234	0x30,0x82,0x03,0xff,0x30,0x82,0x02,0xe7,0xa0,0x03,0x02,0x01,0x02,0x02,0x09,0x00,
235	0xdb,0xf5,0x4d,0x22,0xa0,0x7a,0x67,0xa6,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,
236	0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x30,0x44,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,
237	0x04,0x06,0x13,0x02,0x55,0x4b,0x31,0x16,0x30,0x14,0x06,0x03,0x55,0x04,0x0a,0x0c,
238	0x0d,0x4f,0x70,0x65,0x6e,0x53,0x53,0x4c,0x20,0x47,0x72,0x6f,0x75,0x70,0x31,0x1d,
239	0x30,0x1b,0x06,0x03,0x55,0x04,0x03,0x0c,0x14,0x54,0x65,0x73,0x74,0x20,0x53,0x2f,
240	0x4d,0x49,0x4d,0x45,0x20,0x52,0x53,0x41,0x20,0x52,0x6f,0x6f,0x74,0x30,0x1e,0x17,
241	0x0d,0x31,0x33,0x30,0x38,0x30,0x32,0x31,0x34,0x34,0x39,0x32,0x39,0x5a,0x17,0x0d,
242	0x32,0x33,0x30,0x36,0x31,0x31,0x31,0x34,0x34,0x39,0x32,0x39,0x5a,0x30,0x44,0x31,
243	0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x4b,0x31,0x16,0x30,0x14,
244	0x06,0x03,0x55,0x04,0x0a,0x0c,0x0d,0x4f,0x70,0x65,0x6e,0x53,0x53,0x4c,0x20,0x47,
245	0x72,0x6f,0x75,0x70,0x31,0x1d,0x30,0x1b,0x06,0x03,0x55,0x04,0x03,0x0c,0x14,0x54,
246	0x65,0x73,0x74,0x20,0x53,0x2f,0x4d,0x49,0x4d,0x45,0x20,0x45,0x45,0x20,0x44,0x48,
247	0x20,0x23,0x31,0x30,0x82,0x01,0xb6,0x30,0x82,0x01,0x2b,0x06,0x07,0x2a,0x86,0x48,
248	0xce,0x3e,0x02,0x01,0x30,0x82,0x01,0x1e,0x02,0x81,0x81,0x00,0xd4,0x0c,0x4a,0x0c,
249	0x04,0x72,0x71,0x19,0xdf,0x59,0x19,0xc5,0xaf,0x44,0x7f,0xca,0x8e,0x2b,0xf0,0x09,
250	0xf5,0xd3,0x25,0xb1,0x73,0x16,0x55,0x89,0xdf,0xfd,0x07,0xaf,0x19,0xd3,0x7f,0xd0,
251	0x07,0xa2,0xfe,0x3f,0x5a,0xf1,0x01,0xc6,0xf8,0x2b,0xef,0x4e,0x6d,0x03,0x38,0x42,
252	0xa1,0x37,0xd4,0x14,0xb4,0x00,0x4a,0xb1,0x86,0x5a,0x83,0xce,0xb9,0x08,0x0e,0xc1,
253	0x99,0x27,0x47,0x8d,0x0b,0x85,0xa8,0x82,0xed,0xcc,0x0d,0xb9,0xb0,0x32,0x7e,0xdf,
254	0xe8,0xe4,0xf6,0xf6,0xec,0xb3,0xee,0x7a,0x11,0x34,0x65,0x97,0xfc,0x1a,0xb0,0x95,
255	0x4b,0x19,0xb9,0xa6,0x1c,0xd9,0x01,0x32,0xf7,0x35,0x7c,0x2d,0x5d,0xfe,0xc1,0x85,
256	0x70,0x49,0xf8,0xcc,0x99,0xd0,0xbe,0xf1,0x5a,0x78,0xc8,0x03,0x02,0x81,0x80,0x69,
257	0x00,0xfd,0x66,0xf2,0xfc,0x15,0x8b,0x09,0xb8,0xdc,0x4d,0xea,0xaa,0x79,0x55,0xf9,
258	0xdf,0x46,0xa6,0x2f,0xca,0x2d,0x8f,0x59,0x2a,0xad,0x44,0xa3,0xc6,0x18,0x2f,0x95,
259	0xb6,0x16,0x20,0xe3,0xd3,0xd1,0x8f,0x03,0xce,0x71,0x7c,0xef,0x3a,0xc7,0x44,0x39,
260	0x0e,0xe2,0x1f,0xd8,0xd3,0x89,0x2b,0xe7,0x51,0xdc,0x12,0x48,0x4c,0x18,0x4d,0x99,
261	0x12,0x06,0xe4,0x17,0x02,0x03,0x8c,0x24,0x05,0x8e,0xa6,0x85,0xf2,0x69,0x1b,0xe1,
262	0x6a,0xdc,0xe2,0x04,0x3a,0x01,0x9d,0x64,0xbe,0xfe,0x45,0xf9,0x44,0x18,0x71,0xbd,
263	0x2d,0x3e,0x7a,0x6f,0x72,0x7d,0x1a,0x80,0x42,0x57,0xae,0x18,0x6f,0x91,0xd6,0x61,
264	0x03,0x8a,0x1c,0x89,0x73,0xc7,0x56,0x41,0x03,0xd3,0xf8,0xed,0x65,0xe2,0x85,0x02,
265	0x15,0x00,0x89,0x94,0xab,0x10,0x67,0x45,0x41,0xad,0x63,0xc6,0x71,0x40,0x8d,0x6b,
266	0x9e,0x19,0x5b,0xa4,0xc7,0xf5,0x03,0x81,0x84,0x00,0x02,0x81,0x80,0x2f,0x5b,0xde,
267	0x72,0x02,0x36,0x6b,0x00,0x5e,0x24,0x7f,0x14,0x2c,0x18,0x52,0x42,0x97,0x4b,0xdb,
268	0x6e,0x15,0x50,0x3c,0x45,0x3e,0x25,0xf3,0xb7,0xc5,0x6e,0xe5,0x52,0xe7,0xc4,0xfb,
269	0xf4,0xa5,0xf0,0x39,0x12,0x7f,0xbc,0x54,0x1c,0x93,0xb9,0x5e,0xee,0xe9,0x14,0xb0,
270	0xdf,0xfe,0xfc,0x36,0xe4,0xf2,0xaf,0xfb,0x13,0xc8,0xdf,0x18,0x94,0x1d,0x40,0xb9,
271	0x71,0xdd,0x4c,0x9c,0xa7,0x03,0x52,0x02,0xb5,0xed,0x71,0x80,0x3e,0x23,0xda,0x28,
272	0xe5,0xab,0xe7,0x6f,0xf2,0x0a,0x0e,0x00,0x5b,0x7d,0xc6,0x4b,0xd7,0xc7,0xb2,0xc3,
273	0xba,0x62,0x7f,0x70,0x28,0xa0,0x9d,0x71,0x13,0x70,0xd1,0x9f,0x32,0x2f,0x3e,0xd2,
274	0xcd,0x1b,0xa4,0xc6,0x72,0xa0,0x74,0x5d,0x71,0xef,0x03,0x43,0x6e,0xa3,0x60,0x30,
275	0x5e,0x30,0x0c,0x06,0x03,0x55,0x1d,0x13,0x01,0x01,0xff,0x04,0x02,0x30,0x00,0x30,
276	0x0e,0x06,0x03,0x55,0x1d,0x0f,0x01,0x01,0xff,0x04,0x04,0x03,0x02,0x05,0xe0,0x30,
277	0x1d,0x06,0x03,0x55,0x1d,0x0e,0x04,0x16,0x04,0x14,0x0b,0x5a,0x4d,0x5f,0x7d,0x25,
278	0xc7,0xf2,0x9d,0xc1,0xaa,0xb7,0x63,0x82,0x2f,0xfa,0x8f,0x32,0xe7,0xc0,0x30,0x1f,
279	0x06,0x03,0x55,0x1d,0x23,0x04,0x18,0x30,0x16,0x80,0x14,0xdf,0x7e,0x5e,0x88,0x05,
280	0x24,0x33,0x08,0xdd,0x22,0x81,0x02,0x97,0xcc,0x9a,0xb7,0xb1,0x33,0x27,0x30,0x30,
281	0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x03,0x82,
282	0x01,0x01,0x00,0x5a,0xf2,0x63,0xef,0xd3,0x16,0xd7,0xf5,0xaa,0xdd,0x12,0x00,0x36,
283	0x00,0x21,0xa2,0x7b,0x08,0xd6,0x3b,0x9f,0x62,0xac,0x53,0x1f,0xed,0x4c,0xd1,0x15,
284	0x34,0x65,0x71,0xee,0x96,0x07,0xa6,0xef,0xb2,0xde,0xd8,0xbb,0x35,0x6e,0x2c,0xe2,
285	0xd1,0x26,0xef,0x7e,0x94,0xe2,0x88,0x51,0xa4,0x6c,0xaa,0x27,0x2a,0xd3,0xb6,0xc2,
286	0xf7,0xea,0xc3,0x0b,0xa9,0xb5,0x28,0x37,0xa2,0x63,0x08,0xe4,0x88,0xc0,0x1b,0x16,
287	0x1b,0xca,0xfd,0x8a,0x07,0x32,0x29,0xa7,0x53,0xb5,0x2d,0x30,0xe4,0xf5,0x16,0xc3,
288	0xe3,0xc2,0x4c,0x30,0x5d,0x35,0x80,0x1c,0xa2,0xdb,0xe3,0x4b,0x51,0x0d,0x4c,0x60,
289	0x5f,0xb9,0x46,0xac,0xa8,0x46,0xa7,0x32,0xa7,0x9c,0x76,0xf8,0xe9,0xb5,0x19,0xe2,
290	0x0c,0xe1,0x0f,0xc6,0x46,0xe2,0x38,0xa7,0x87,0x72,0x6d,0x6c,0xbc,0x88,0x2f,0x9d,
291	0x2d,0xe5,0xd0,0x7d,0x1e,0xc7,0x5d,0xf8,0x7e,0xb4,0x0b,0xa6,0xf9,0x6c,0xe3,0x7c,
292	0xb2,0x70,0x6e,0x75,0x9b,0x1e,0x63,0xe1,0x4d,0xb2,0x81,0xd3,0x55,0x38,0x94,0x1a,
293	0x7a,0xfa,0xbf,0x01,0x18,0x70,0x2d,0x35,0xd3,0xe3,0x10,0x7a,0x9a,0xa7,0x8f,0xf3,
294	0xbd,0x56,0x55,0x5e,0xd8,0xbd,0x4e,0x16,0x76,0xd0,0x48,0x4c,0xf9,0x51,0x54,0xdf,
295	0x2d,0xb0,0xc9,0xaa,0x5e,0x42,0x38,0x50,0xbf,0x0f,0xc0,0xd9,0x84,0x44,0x4b,0x42,
296	0x24,0xec,0x14,0xa3,0xde,0x11,0xdf,0x58,0x7f,0xc2,0x4d,0xb2,0xd5,0x42,0x78,0x6e,
297	0x52,0x3e,0xad,0xc3,0x5f,0x04,0xc4,0xe6,0x31,0xaa,0x81,0x06,0x8b,0x13,0x4b,0x3c,
298	0x0e,0x6a,0xb1
299	};
300
301	if (!TEST_ptr(bio = BIO_new_mem_buf(dhx_cert, sizeof(dhx_cert)))
302	\|\| !TEST_ptr(cert = X509_new_ex(libctx, NULL))
303	\|\| !TEST_ptr(d2i_X509_bio(bio, &cert)))
304	goto err;
305	ret = 1;
306	err:
307	X509_free(cert);
308	BIO_free(bio);
309	return ret;
310	}
311
312	#endif /* OPENSSL_NO_DH */
313
314	static int test_cipher_reinit(int test_id)
315	{
316	int ret = 0, diff, ccm, siv, no_null_key;
317	int out1_len = 0, out2_len = 0, out3_len = 0;
318	EVP_CIPHER *cipher = NULL;
319	EVP_CIPHER_CTX *ctx = NULL;
320	unsigned char out1[256];
321	unsigned char out2[256];
322	unsigned char out3[256];
323	unsigned char in[16] = {
324	0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
325	0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10
326	};
327	unsigned char key[64] = {
328	0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
329	0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
330	0x01, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
331	0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
332	0x02, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
333	0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
334	0x03, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
335	0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
336	};
337	unsigned char iv[16] = {
338	0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08,
339	0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00
340	};
341	const char *name = sk_OPENSSL_STRING_value(cipher_names, test_id);
342
343	if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()))
344	goto err;
345
346	TEST_note("Fetching %s\n", name);
347	if (!TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, name, NULL)))
348	goto err;
349
350	/* ccm fails on the second update - this matches OpenSSL 1_1_1 behaviour */
351	ccm = (EVP_CIPHER_get_mode(cipher) == EVP_CIPH_CCM_MODE);
352
353	/* siv cannot be called with NULL key as the iv is irrelevant */
354	siv = (EVP_CIPHER_get_mode(cipher) == EVP_CIPH_SIV_MODE);
355
356	/*
357	* Skip init call with a null key for RC4 as the stream cipher does not
358	* handle reinit (1.1.1 behaviour).
359	*/
360	no_null_key = EVP_CIPHER_is_a(cipher, "RC4")
361	\|\| EVP_CIPHER_is_a(cipher, "RC4-40")
362	\|\| EVP_CIPHER_is_a(cipher, "RC4-HMAC-MD5");
363
364	/* DES3-WRAP uses random every update - so it will give a different value */
365	diff = EVP_CIPHER_is_a(cipher, "DES3-WRAP");
366
367	if (!TEST_true(EVP_EncryptInit_ex(ctx, cipher, NULL, key, iv))
368	\|\| !TEST_true(EVP_EncryptUpdate(ctx, out1, &out1_len, in, sizeof(in)))
369	\|\| !TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv))
370	\|\| !TEST_int_eq(EVP_EncryptUpdate(ctx, out2, &out2_len, in, sizeof(in)),
371	ccm ? 0 : 1)
372	\|\| (!no_null_key
373	&& (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv))
374	\|\| !TEST_int_eq(EVP_EncryptUpdate(ctx, out3, &out3_len, in, sizeof(in)),
375	ccm \|\| siv ? 0 : 1))))
376	goto err;
377
378	if (ccm == 0) {
379	if (diff) {
380	if (!TEST_mem_ne(out1, out1_len, out2, out2_len)
381	\|\| !TEST_mem_ne(out1, out1_len, out3, out3_len)
382	\|\| !TEST_mem_ne(out2, out2_len, out3, out3_len))
383	goto err;
384	} else {
385	if (!TEST_mem_eq(out1, out1_len, out2, out2_len)
386	\|\| (!siv && !no_null_key && !TEST_mem_eq(out1, out1_len, out3, out3_len)))
387	goto err;
388	}
389	}
390	ret = 1;
391	err:
392	EVP_CIPHER_free(cipher);
393	EVP_CIPHER_CTX_free(ctx);
394	return ret;
395	}
396
397	/*
398	* This test only uses a partial block (half the block size) of input for each
399	* EVP_EncryptUpdate() in order to test that the second init/update is not using
400	* a leftover buffer from the first init/update.
401	* Note: some ciphers don't need a full block to produce output.
402	*/
403	static int test_cipher_reinit_partialupdate(int test_id)
404	{
405	int ret = 0, in_len;
406	int out1_len = 0, out2_len = 0, out3_len = 0;
407	EVP_CIPHER *cipher = NULL;
408	EVP_CIPHER_CTX *ctx = NULL;
409	unsigned char out1[256];
410	unsigned char out2[256];
411	unsigned char out3[256];
412	static const unsigned char in[32] = {
413	0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
414	0xba, 0xbe, 0xba, 0xbe, 0x00, 0x00, 0xba, 0xbe,
415	0x01, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
416	0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
417	};
418	static const unsigned char key[64] = {
419	0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
420	0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
421	0x01, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
422	0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
423	0x02, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
424	0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
425	0x03, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
426	0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
427	};
428	static const unsigned char iv[16] = {
429	0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08,
430	0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00
431	};
432	const char *name = sk_OPENSSL_STRING_value(cipher_names, test_id);
433
434	if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()))
435	goto err;
436
437	TEST_note("Fetching %s\n", name);
438	if (!TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, name, NULL)))
439	goto err;
440
441	in_len = EVP_CIPHER_get_block_size(cipher) / 2;
442
443	/* skip any ciphers that don't allow partial updates */
444	if (((EVP_CIPHER_get_flags(cipher)
445	& (EVP_CIPH_FLAG_CTS \| EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK)) != 0)
446	\|\| EVP_CIPHER_get_mode(cipher) == EVP_CIPH_CCM_MODE
447	\|\| EVP_CIPHER_get_mode(cipher) == EVP_CIPH_XTS_MODE
448	\|\| EVP_CIPHER_get_mode(cipher) == EVP_CIPH_WRAP_MODE) {
449	ret = 1;
450	goto err;
451	}
452
453	if (!TEST_true(EVP_EncryptInit_ex(ctx, cipher, NULL, key, iv))
454	\|\| !TEST_true(EVP_EncryptUpdate(ctx, out1, &out1_len, in, in_len))
455	\|\| !TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv))
456	\|\| !TEST_true(EVP_EncryptUpdate(ctx, out2, &out2_len, in, in_len)))
457	goto err;
458
459	if (!TEST_mem_eq(out1, out1_len, out2, out2_len))
460	goto err;
461
462	if (EVP_CIPHER_get_mode(cipher) != EVP_CIPH_SIV_MODE) {
463	if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv))
464	\|\| !TEST_true(EVP_EncryptUpdate(ctx, out3, &out3_len, in, in_len)))
465	goto err;
466
467	if (!TEST_mem_eq(out1, out1_len, out3, out3_len))
468	goto err;
469	}
470	ret = 1;
471	err:
472	EVP_CIPHER_free(cipher);
473	EVP_CIPHER_CTX_free(ctx);
474	return ret;
475	}
476
477
478	static int name_cmp(const char * const a, const char const *b)
479	{
480	return OPENSSL_strcasecmp(a, b);
481	}
482
483	static void collect_cipher_names(EVP_CIPHER cipher, void cipher_names_list)
484	{
485	STACK_OF(OPENSSL_STRING) *names = cipher_names_list;
486	const char *name = EVP_CIPHER_get0_name(cipher);
487	char *namedup = NULL;
488
489	assert(name != NULL);
490	/* the cipher will be freed after returning, strdup is needed */
491	if ((namedup = OPENSSL_strdup(name)) != NULL
492	&& !sk_OPENSSL_STRING_push(names, namedup))
493	OPENSSL_free(namedup);
494	}
495
496	static int rsa_keygen(int bits, EVP_PKEY pub, EVP_PKEY priv)
497	{
498	int ret = 0;
499	unsigned char *pub_der = NULL;
500	const unsigned char *pp = NULL;
501	size_t len = 0;
502	OSSL_ENCODER_CTX *ectx = NULL;
503
504	if (!TEST_ptr(*priv = EVP_PKEY_Q_keygen(libctx, NULL, "RSA", bits))
505	\|\| !TEST_ptr(ectx =
506	OSSL_ENCODER_CTX_new_for_pkey(*priv,
507	EVP_PKEY_PUBLIC_KEY,
508	"DER", "type-specific",
509	NULL))
510	\|\| !TEST_true(OSSL_ENCODER_to_data(ectx, &pub_der, &len)))
511	goto err;
512	pp = pub_der;
513	if (!TEST_ptr(d2i_PublicKey(EVP_PKEY_RSA, pub, &pp, len)))
514	goto err;
515	ret = 1;
516	err:
517	OSSL_ENCODER_CTX_free(ectx);
518	OPENSSL_free(pub_der);
519	return ret;
520	}
521
522	static int kem_rsa_gen_recover(void)
523	{
524	int ret = 0;
525	EVP_PKEY *pub = NULL;
526	EVP_PKEY *priv = NULL;
527	EVP_PKEY_CTX sctx = NULL, rctx = NULL, *dctx = NULL;
528	unsigned char secret[256] = { 0, };
529	unsigned char ct[256] = { 0, };
530	unsigned char unwrap[256] = { 0, };
531	size_t ctlen = 0, unwraplen = 0, secretlen = 0;
532	int bits = 2048;
533
534	ret = TEST_true(rsa_keygen(bits, &pub, &priv))
535	&& TEST_ptr(sctx = EVP_PKEY_CTX_new_from_pkey(libctx, pub, NULL))
536	&& TEST_int_eq(EVP_PKEY_encapsulate_init(sctx, NULL), 1)
537	&& TEST_int_eq(EVP_PKEY_CTX_set_kem_op(sctx, "RSASVE"), 1)
538	&& TEST_ptr(dctx = EVP_PKEY_CTX_dup(sctx))
539	&& TEST_int_eq(EVP_PKEY_encapsulate(dctx, NULL, &ctlen, NULL,
540	&secretlen), 1)
541	&& TEST_int_eq(ctlen, secretlen)
542	&& TEST_int_eq(ctlen, bits / 8)
543	&& TEST_int_eq(EVP_PKEY_encapsulate(dctx, ct, &ctlen, secret,
544	&secretlen), 1)
545	&& TEST_ptr(rctx = EVP_PKEY_CTX_new_from_pkey(libctx, priv, NULL))
546	&& TEST_int_eq(EVP_PKEY_decapsulate_init(rctx, NULL), 1)
547	&& TEST_int_eq(EVP_PKEY_CTX_set_kem_op(rctx, "RSASVE"), 1)
548	&& TEST_int_eq(EVP_PKEY_decapsulate(rctx, NULL, &unwraplen,
549	ct, ctlen), 1)
550	&& TEST_int_eq(EVP_PKEY_decapsulate(rctx, unwrap, &unwraplen,
551	ct, ctlen), 1)
552	&& TEST_mem_eq(unwrap, unwraplen, secret, secretlen);
553	EVP_PKEY_free(pub);
554	EVP_PKEY_free(priv);
555	EVP_PKEY_CTX_free(rctx);
556	EVP_PKEY_CTX_free(dctx);
557	EVP_PKEY_CTX_free(sctx);
558	return ret;
559	}
560
561	#ifndef OPENSSL_NO_DES
562	/*
563	* This test makes sure that EVP_CIPHER_CTX_rand_key() works correctly
564	* For fips mode this code would produce an error if the flag is not set.
565	*/
566	static int test_cipher_tdes_randkey(void)
567	{
568	int ret;
569	EVP_CIPHER_CTX *ctx = NULL;
570	EVP_CIPHER tdes_cipher = NULL, aes_cipher = NULL;
571	unsigned char key[24] = { 0 };
572
573	ret = TEST_ptr(aes_cipher = EVP_CIPHER_fetch(libctx, "AES-256-CBC", NULL))
574	&& TEST_int_eq(EVP_CIPHER_get_flags(aes_cipher) & EVP_CIPH_RAND_KEY, 0)
575	&& TEST_ptr(tdes_cipher = EVP_CIPHER_fetch(libctx, "DES-EDE3-CBC", NULL))
576	&& TEST_int_ne(EVP_CIPHER_get_flags(tdes_cipher) & EVP_CIPH_RAND_KEY, 0)
577	&& TEST_ptr(ctx = EVP_CIPHER_CTX_new())
578	&& TEST_true(EVP_CipherInit_ex(ctx, tdes_cipher, NULL, NULL, NULL, 1))
579	&& TEST_int_gt(EVP_CIPHER_CTX_rand_key(ctx, key), 0);
580
581	EVP_CIPHER_CTX_free(ctx);
582	EVP_CIPHER_free(tdes_cipher);
583	EVP_CIPHER_free(aes_cipher);
584	return ret;
585	}
586	#endif /* OPENSSL_NO_DES */
587
588	static int kem_rsa_params(void)
589	{
590	int ret = 0;
591	EVP_PKEY *pub = NULL;
592	EVP_PKEY *priv = NULL;
593	EVP_PKEY_CTX pubctx = NULL, privctx = NULL;
594	unsigned char secret[256] = { 0, };
595	unsigned char ct[256] = { 0, };
596	size_t ctlen = 0, secretlen = 0;
597
598	ret = TEST_true(rsa_keygen(2048, &pub, &priv))
599	&& TEST_ptr(pubctx = EVP_PKEY_CTX_new_from_pkey(libctx, pub, NULL))
600	&& TEST_ptr(privctx = EVP_PKEY_CTX_new_from_pkey(libctx, priv, NULL))
601	/* Test setting kem op before the init fails */
602	&& TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx, "RSASVE"), -2)
603	/* Test NULL ctx passed */
604	&& TEST_int_eq(EVP_PKEY_encapsulate_init(NULL, NULL), 0)
605	&& TEST_int_eq(EVP_PKEY_encapsulate(NULL, NULL, NULL, NULL, NULL), 0)
606	&& TEST_int_eq(EVP_PKEY_decapsulate_init(NULL, NULL), 0)
607	&& TEST_int_eq(EVP_PKEY_decapsulate(NULL, NULL, NULL, NULL, 0), 0)
608	/* Test Invalid operation */
609	&& TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, NULL, NULL, NULL), -1)
610	&& TEST_int_eq(EVP_PKEY_decapsulate(privctx, NULL, NULL, NULL, 0), 0)
611	/* Wrong key component - no secret should be returned on failure */
612	&& TEST_int_eq(EVP_PKEY_decapsulate_init(pubctx, NULL), 1)
613	&& TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx, "RSASVE"), 1)
614	&& TEST_int_eq(EVP_PKEY_decapsulate(pubctx, secret, &secretlen, ct,
615	sizeof(ct)), 0)
616	&& TEST_uchar_eq(secret[0], 0)
617	/* Test encapsulate fails if the mode is not set */
618	&& TEST_int_eq(EVP_PKEY_encapsulate_init(pubctx, NULL), 1)
619	&& TEST_int_eq(EVP_PKEY_encapsulate(pubctx, ct, &ctlen, secret, &secretlen), -2)
620	/* Test setting a bad kem ops fail */
621	&& TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx, "RSA"), 0)
622	&& TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx, NULL), 0)
623	&& TEST_int_eq(EVP_PKEY_CTX_set_kem_op(NULL, "RSASVE"), 0)
624	&& TEST_int_eq(EVP_PKEY_CTX_set_kem_op(NULL, NULL), 0)
625	/* Test secretlen is optional */
626	&& TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx, "RSASVE"), 1)
627	&& TEST_int_eq(EVP_PKEY_encapsulate(pubctx, ct, &ctlen, secret, NULL), 1)
628	&& TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, &ctlen, NULL, NULL), 1)
629	/* Test outlen is optional */
630	&& TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, NULL, NULL, &secretlen), 1)
631	&& TEST_int_eq(EVP_PKEY_encapsulate(pubctx, ct, NULL, secret, &secretlen), 1)
632	/* test that either len must be set if out is NULL */
633	&& TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, NULL, NULL, NULL), 0)
634	&& TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, &ctlen, NULL, NULL), 1)
635	&& TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, NULL, NULL, &secretlen), 1)
636	&& TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, &ctlen, NULL, &secretlen), 1)
637	/* Secret buffer should be set if there is an output buffer */
638	&& TEST_int_eq(EVP_PKEY_encapsulate(pubctx, ct, &ctlen, NULL, NULL), 0)
639	/* Test that lengths are optional if ct is not NULL */
640	&& TEST_int_eq(EVP_PKEY_encapsulate(pubctx, ct, NULL, secret, NULL), 1)
641	/* Pass if secret or secret length are not NULL */
642	&& TEST_int_eq(EVP_PKEY_decapsulate_init(privctx, NULL), 1)
643	&& TEST_int_eq(EVP_PKEY_CTX_set_kem_op(privctx, "RSASVE"), 1)
644	&& TEST_int_eq(EVP_PKEY_decapsulate(privctx, secret, NULL, ct, sizeof(ct)), 1)
645	&& TEST_int_eq(EVP_PKEY_decapsulate(privctx, NULL, &secretlen, ct, sizeof(ct)), 1)
646	&& TEST_int_eq(secretlen, 256)
647	/* Fail if passed NULL arguments */
648	&& TEST_int_eq(EVP_PKEY_decapsulate(privctx, NULL, NULL, ct, sizeof(ct)), 0)
649	&& TEST_int_eq(EVP_PKEY_decapsulate(privctx, secret, &secretlen, NULL, 0), 0)
650	&& TEST_int_eq(EVP_PKEY_decapsulate(privctx, secret, &secretlen, NULL, sizeof(ct)), 0)
651	&& TEST_int_eq(EVP_PKEY_decapsulate(privctx, secret, &secretlen, ct, 0), 0);
652
653	EVP_PKEY_free(pub);
654	EVP_PKEY_free(priv);
655	EVP_PKEY_CTX_free(pubctx);
656	EVP_PKEY_CTX_free(privctx);
657	return ret;
658	}
659
660	#ifndef OPENSSL_NO_DH
661	static EVP_PKEY *gen_dh_key(void)
662	{
663	EVP_PKEY_CTX *gctx = NULL;
664	EVP_PKEY *pkey = NULL;
665	OSSL_PARAM params[2];
666
667	params[0] = OSSL_PARAM_construct_utf8_string("group", "ffdhe2048", 0);
668	params[1] = OSSL_PARAM_construct_end();
669
670	if (!TEST_ptr(gctx = EVP_PKEY_CTX_new_from_name(libctx, "DH", NULL))
671	\|\| !TEST_int_gt(EVP_PKEY_keygen_init(gctx), 0)
672	\|\| !TEST_true(EVP_PKEY_CTX_set_params(gctx, params))
673	\|\| !TEST_true(EVP_PKEY_keygen(gctx, &pkey)))
674	goto err;
675	err:
676	EVP_PKEY_CTX_free(gctx);
677	return pkey;
678	}
679
680	/* Fail if we try to use a dh key */
681	static int kem_invalid_keytype(void)
682	{
683	int ret = 0;
684	EVP_PKEY *key = NULL;
685	EVP_PKEY_CTX *sctx = NULL;
686
687	if (!TEST_ptr(key = gen_dh_key()))
688	goto done;
689
690	if (!TEST_ptr(sctx = EVP_PKEY_CTX_new_from_pkey(libctx, key, NULL)))
691	goto done;
692	if (!TEST_int_eq(EVP_PKEY_encapsulate_init(sctx, NULL), -2))
693	goto done;
694
695	ret = 1;
696	done:
697	EVP_PKEY_free(key);
698	EVP_PKEY_CTX_free(sctx);
699	return ret;
700	}
701	#endif /* OPENSSL_NO_DH */
702
703	int setup_tests(void)
704	{
705	const char *prov_name = "default";
706	char *config_file = NULL;
707	OPTION_CHOICE o;
708
709	while ((o = opt_next()) != OPT_EOF) {
710	switch (o) {
711	case OPT_PROVIDER_NAME:
712	prov_name = opt_arg();
713	break;
714	case OPT_CONFIG_FILE:
715	config_file = opt_arg();
716	break;
717	case OPT_TEST_CASES:
718	break;
719	default:
720	case OPT_ERR:
721	return 0;
722	}
723	}
724
725	if (!test_get_libctx(&libctx, &nullprov, config_file, &libprov, prov_name))
726	return 0;
727
728	#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DH)
729	ADD_ALL_TESTS(test_dsa_param_keygen, 3 * 3 * 3);
730	#endif
731	#ifndef OPENSSL_NO_DH
732	ADD_ALL_TESTS(test_dh_safeprime_param_keygen, 3 * 3 * 3);
733	ADD_TEST(dhx_cert_load);
734	#endif
735
736	if (!TEST_ptr(cipher_names = sk_OPENSSL_STRING_new(name_cmp)))
737	return 0;
738	EVP_CIPHER_do_all_provided(libctx, collect_cipher_names, cipher_names);
739
740	ADD_ALL_TESTS(test_cipher_reinit, sk_OPENSSL_STRING_num(cipher_names));
741	ADD_ALL_TESTS(test_cipher_reinit_partialupdate,
742	sk_OPENSSL_STRING_num(cipher_names));
743	ADD_TEST(kem_rsa_gen_recover);
744	ADD_TEST(kem_rsa_params);
745	#ifndef OPENSSL_NO_DH
746	ADD_TEST(kem_invalid_keytype);
747	#endif
748	#ifndef OPENSSL_NO_DES
749	ADD_TEST(test_cipher_tdes_randkey);
750	#endif
751	return 1;
752	}
753
754	/* Because OPENSSL_free is a macro, it can't be passed as a function pointer */
755	static void string_free(char *m)
756	{
757	OPENSSL_free(m);
758	}
759
760	void cleanup_tests(void)
761	{
762	sk_OPENSSL_STRING_pop_free(cipher_names, string_free);
763	OSSL_PROVIDER_unload(libprov);
764	OSSL_LIB_CTX_free(libctx);
765	OSSL_PROVIDER_unload(nullprov);
766	}

注意: 瀏覽 TracBrowser 來幫助您使用儲存庫瀏覽器

source: vbox/trunk/src/libs/openssl-3.1.7/test/evp_libctx_test.c@ 105943

以其他格式下載: