evp_libctx_test.c@ 108358

最後變更在這個檔案從108358是 108206,由 vboxsync 提交於 5 週前
openssl-3.3.2: Exported all files to OSE and removed .scm-settings bugref:10757
屬性 svn:eol-style 設為 `native` 屬性 svn:keywords 設為 `Author Date Id Revision`
檔案大小: 30.2 KB

行
1	/*
2	* Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved.
3	*
4	* Licensed under the Apache License 2.0 (the "License"). You may not use
5	* this file except in compliance with the License. You can obtain a copy
6	* in the file LICENSE in the source distribution or at
7	* https://www.openssl.org/source/license.html
8	*/
9
10	/*
11
12	* These tests are setup to load null into the default library context.
13	* Any tests are expected to use the created 'libctx' to find algorithms.
14	* The framework runs the tests twice using the 'default' provider or
15	* 'fips' provider as inputs.
16	*/
17
18	/*
19	* DSA/DH low level APIs are deprecated for public use, but still ok for
20	* internal use.
21	*/
22	#include "internal/deprecated.h"
23	#include <assert.h>
24	#include <openssl/evp.h>
25	#include <openssl/provider.h>
26	#include <openssl/dsa.h>
27	#include <openssl/dh.h>
28	#include <openssl/safestack.h>
29	#include <openssl/core_dispatch.h>
30	#include <openssl/core_names.h>
31	#include <openssl/x509.h>
32	#include <openssl/encoder.h>
33	#include "testutil.h"
34	#include "internal/nelem.h"
35	#include "crypto/bn_dh.h" /* _bignum_ffdhe2048_p */
36
37	static OSSL_LIB_CTX *libctx = NULL;
38	static OSSL_PROVIDER *nullprov = NULL;
39	static OSSL_PROVIDER *libprov = NULL;
40	static STACK_OF(OPENSSL_STRING) *cipher_names = NULL;
41
42	typedef enum OPTION_choice {
43	OPT_ERR = -1,
44	OPT_EOF = 0,
45	OPT_CONFIG_FILE,
46	OPT_PROVIDER_NAME,
47	OPT_TEST_ENUM
48	} OPTION_CHOICE;
49
50	const OPTIONS *test_get_options(void)
51	{
52	static const OPTIONS test_options[] = {
53	OPT_TEST_OPTIONS_DEFAULT_USAGE,
54	{ "config", OPT_CONFIG_FILE, '<',
55	"The configuration file to use for the libctx" },
56	{ "provider", OPT_PROVIDER_NAME, 's',
57	"The provider to load (The default value is 'default')" },
58	{ NULL }
59	};
60	return test_options;
61	}
62
63	#ifndef OPENSSL_NO_DH
64	static const char *getname(int id)
65	{
66	const char *name[] = {"p", "q", "g" };
67
68	if (id >= 0 && id < 3)
69	return name[id];
70	return "?";
71	}
72	#endif
73
74	static int test_evp_cipher_api_safety(void)
75	{
76	int ret = 0;
77	EVP_CIPHER_CTX *ctx = NULL;
78
79	ctx = EVP_CIPHER_CTX_new();
80
81	if (!TEST_ptr(ctx))
82	goto err;
83
84	/*
85	* Ensure that EVP_CIPHER_get_block_size returns 0
86	* if we haven't initialized the cipher in this context
87	*/
88	if (!TEST_int_eq(EVP_CIPHER_CTX_get_block_size(ctx), 0))
89	goto err_free;
90
91	/*
92	* Ensure that EVP_CIPHER_get_iv_length returns 0
93	* if we haven't initialized the cipher in this context
94	*/
95	if (!TEST_int_eq(EVP_CIPHER_CTX_get_iv_length(ctx), 0))
96	goto err_free;
97
98	ret = 1;
99	err_free:
100	EVP_CIPHER_CTX_free(ctx);
101	err:
102	return ret;
103	}
104
105	/*
106	* We're using some DH specific values in this test, so we skip compilation if
107	* we're in a no-dh build.
108	*/
109	#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DH)
110
111	static int test_dsa_param_keygen(int tstid)
112	{
113	int ret = 0;
114	int expected;
115	EVP_PKEY_CTX *gen_ctx = NULL;
116	EVP_PKEY *pkey_parm = NULL;
117	EVP_PKEY pkey = NULL, dup_pk = NULL;
118	DSA *dsa = NULL;
119	int pind, qind, gind;
120	BIGNUM p = NULL, q = NULL, *g = NULL;
121
122	/*
123	* Just grab some fixed dh p, q, g values for testing,
124	* these 'safe primes' should not be used normally for dsa *.
125	*/
126	static const BIGNUM *bn[] = {
127	&ossl_bignum_dh2048_256_p, &ossl_bignum_dh2048_256_q,
128	&ossl_bignum_dh2048_256_g
129	};
130
131	/*
132	* These tests are using bad values for p, q, g by reusing the values.
133	* A value of 0 uses p, 1 uses q and 2 uses g.
134	* There are 27 different combinations, with only the 1 valid combination.
135	*/
136	pind = tstid / 9;
137	qind = (tstid / 3) % 3;
138	gind = tstid % 3;
139	expected = (pind == 0 && qind == 1 && gind == 2);
140
141	TEST_note("Testing with (p, q, g) = (%s, %s, %s)\n", getname(pind),
142	getname(qind), getname(gind));
143
144	if (!TEST_ptr(pkey_parm = EVP_PKEY_new())
145	\|\| !TEST_ptr(dsa = DSA_new())
146	\|\| !TEST_ptr(p = BN_dup(bn[pind]))
147	\|\| !TEST_ptr(q = BN_dup(bn[qind]))
148	\|\| !TEST_ptr(g = BN_dup(bn[gind]))
149	\|\| !TEST_true(DSA_set0_pqg(dsa, p, q, g)))
150	goto err;
151	p = q = g = NULL;
152
153	if (!TEST_true(EVP_PKEY_assign_DSA(pkey_parm, dsa)))
154	goto err;
155	dsa = NULL;
156
157	if (!TEST_ptr(gen_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey_parm, NULL))
158	\|\| !TEST_int_gt(EVP_PKEY_keygen_init(gen_ctx), 0)
159	\|\| !TEST_int_eq(EVP_PKEY_keygen(gen_ctx, &pkey), expected))
160	goto err;
161
162	if (expected) {
163	if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pkey))
164	\|\| !TEST_int_eq(EVP_PKEY_eq(pkey, dup_pk), 1))
165	goto err;
166	}
167
168	ret = 1;
169	err:
170	EVP_PKEY_free(pkey);
171	EVP_PKEY_free(dup_pk);
172	EVP_PKEY_CTX_free(gen_ctx);
173	EVP_PKEY_free(pkey_parm);
174	DSA_free(dsa);
175	BN_free(g);
176	BN_free(q);
177	BN_free(p);
178	return ret;
179	}
180	#endif /* OPENSSL_NO_DSA */
181
182	#ifndef OPENSSL_NO_DH
183	static int do_dh_param_keygen(int tstid, const BIGNUM **bn)
184	{
185	int ret = 0;
186	int expected;
187	EVP_PKEY_CTX *gen_ctx = NULL;
188	EVP_PKEY *pkey_parm = NULL;
189	EVP_PKEY pkey = NULL, dup_pk = NULL;
190	DH *dh = NULL;
191	int pind, qind, gind;
192	BIGNUM p = NULL, q = NULL, *g = NULL;
193
194	/*
195	* These tests are using bad values for p, q, g by reusing the values.
196	* A value of 0 uses p, 1 uses q and 2 uses g.
197	* There are 27 different combinations, with only the 1 valid combination.
198	*/
199	pind = tstid / 9;
200	qind = (tstid / 3) % 3;
201	gind = tstid % 3;
202	expected = (pind == 0 && qind == 1 && gind == 2);
203
204	TEST_note("Testing with (p, q, g) = (%s, %s, %s)", getname(pind),
205	getname(qind), getname(gind));
206
207	if (!TEST_ptr(pkey_parm = EVP_PKEY_new())
208	\|\| !TEST_ptr(dh = DH_new())
209	\|\| !TEST_ptr(p = BN_dup(bn[pind]))
210	\|\| !TEST_ptr(q = BN_dup(bn[qind]))
211	\|\| !TEST_ptr(g = BN_dup(bn[gind]))
212	\|\| !TEST_true(DH_set0_pqg(dh, p, q, g)))
213	goto err;
214	p = q = g = NULL;
215
216	if (!TEST_true(EVP_PKEY_assign_DH(pkey_parm, dh)))
217	goto err;
218	dh = NULL;
219
220	if (!TEST_ptr(gen_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey_parm, NULL))
221	\|\| !TEST_int_gt(EVP_PKEY_keygen_init(gen_ctx), 0)
222	\|\| !TEST_int_eq(EVP_PKEY_keygen(gen_ctx, &pkey), expected))
223	goto err;
224
225	if (expected) {
226	if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pkey))
227	\|\| !TEST_int_eq(EVP_PKEY_eq(pkey, dup_pk), 1))
228	goto err;
229	}
230
231	ret = 1;
232	err:
233	EVP_PKEY_free(pkey);
234	EVP_PKEY_free(dup_pk);
235	EVP_PKEY_CTX_free(gen_ctx);
236	EVP_PKEY_free(pkey_parm);
237	DH_free(dh);
238	BN_free(g);
239	BN_free(q);
240	BN_free(p);
241	return ret;
242	}
243
244	/*
245	* Note that we get the fips186-4 path being run for most of these cases since
246	* the internal code will detect that the p, q, g does not match a safe prime
247	* group (Except for when tstid = 5, which sets the correct p, q, g)
248	*/
249	static int test_dh_safeprime_param_keygen(int tstid)
250	{
251	static const BIGNUM *bn[] = {
252	&ossl_bignum_ffdhe2048_p, &ossl_bignum_ffdhe2048_q,
253	&ossl_bignum_const_2
254	};
255	return do_dh_param_keygen(tstid, bn);
256	}
257
258	static int dhx_cert_load(void)
259	{
260	int ret = 0;
261	X509 *cert = NULL;
262	BIO *bio = NULL;
263
264	static const unsigned char dhx_cert[] = {
265	0x30,0x82,0x03,0xff,0x30,0x82,0x02,0xe7,0xa0,0x03,0x02,0x01,0x02,0x02,0x09,0x00,
266	0xdb,0xf5,0x4d,0x22,0xa0,0x7a,0x67,0xa6,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,
267	0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x30,0x44,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,
268	0x04,0x06,0x13,0x02,0x55,0x4b,0x31,0x16,0x30,0x14,0x06,0x03,0x55,0x04,0x0a,0x0c,
269	0x0d,0x4f,0x70,0x65,0x6e,0x53,0x53,0x4c,0x20,0x47,0x72,0x6f,0x75,0x70,0x31,0x1d,
270	0x30,0x1b,0x06,0x03,0x55,0x04,0x03,0x0c,0x14,0x54,0x65,0x73,0x74,0x20,0x53,0x2f,
271	0x4d,0x49,0x4d,0x45,0x20,0x52,0x53,0x41,0x20,0x52,0x6f,0x6f,0x74,0x30,0x1e,0x17,
272	0x0d,0x31,0x33,0x30,0x38,0x30,0x32,0x31,0x34,0x34,0x39,0x32,0x39,0x5a,0x17,0x0d,
273	0x32,0x33,0x30,0x36,0x31,0x31,0x31,0x34,0x34,0x39,0x32,0x39,0x5a,0x30,0x44,0x31,
274	0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x4b,0x31,0x16,0x30,0x14,
275	0x06,0x03,0x55,0x04,0x0a,0x0c,0x0d,0x4f,0x70,0x65,0x6e,0x53,0x53,0x4c,0x20,0x47,
276	0x72,0x6f,0x75,0x70,0x31,0x1d,0x30,0x1b,0x06,0x03,0x55,0x04,0x03,0x0c,0x14,0x54,
277	0x65,0x73,0x74,0x20,0x53,0x2f,0x4d,0x49,0x4d,0x45,0x20,0x45,0x45,0x20,0x44,0x48,
278	0x20,0x23,0x31,0x30,0x82,0x01,0xb6,0x30,0x82,0x01,0x2b,0x06,0x07,0x2a,0x86,0x48,
279	0xce,0x3e,0x02,0x01,0x30,0x82,0x01,0x1e,0x02,0x81,0x81,0x00,0xd4,0x0c,0x4a,0x0c,
280	0x04,0x72,0x71,0x19,0xdf,0x59,0x19,0xc5,0xaf,0x44,0x7f,0xca,0x8e,0x2b,0xf0,0x09,
281	0xf5,0xd3,0x25,0xb1,0x73,0x16,0x55,0x89,0xdf,0xfd,0x07,0xaf,0x19,0xd3,0x7f,0xd0,
282	0x07,0xa2,0xfe,0x3f,0x5a,0xf1,0x01,0xc6,0xf8,0x2b,0xef,0x4e,0x6d,0x03,0x38,0x42,
283	0xa1,0x37,0xd4,0x14,0xb4,0x00,0x4a,0xb1,0x86,0x5a,0x83,0xce,0xb9,0x08,0x0e,0xc1,
284	0x99,0x27,0x47,0x8d,0x0b,0x85,0xa8,0x82,0xed,0xcc,0x0d,0xb9,0xb0,0x32,0x7e,0xdf,
285	0xe8,0xe4,0xf6,0xf6,0xec,0xb3,0xee,0x7a,0x11,0x34,0x65,0x97,0xfc,0x1a,0xb0,0x95,
286	0x4b,0x19,0xb9,0xa6,0x1c,0xd9,0x01,0x32,0xf7,0x35,0x7c,0x2d,0x5d,0xfe,0xc1,0x85,
287	0x70,0x49,0xf8,0xcc,0x99,0xd0,0xbe,0xf1,0x5a,0x78,0xc8,0x03,0x02,0x81,0x80,0x69,
288	0x00,0xfd,0x66,0xf2,0xfc,0x15,0x8b,0x09,0xb8,0xdc,0x4d,0xea,0xaa,0x79,0x55,0xf9,
289	0xdf,0x46,0xa6,0x2f,0xca,0x2d,0x8f,0x59,0x2a,0xad,0x44,0xa3,0xc6,0x18,0x2f,0x95,
290	0xb6,0x16,0x20,0xe3,0xd3,0xd1,0x8f,0x03,0xce,0x71,0x7c,0xef,0x3a,0xc7,0x44,0x39,
291	0x0e,0xe2,0x1f,0xd8,0xd3,0x89,0x2b,0xe7,0x51,0xdc,0x12,0x48,0x4c,0x18,0x4d,0x99,
292	0x12,0x06,0xe4,0x17,0x02,0x03,0x8c,0x24,0x05,0x8e,0xa6,0x85,0xf2,0x69,0x1b,0xe1,
293	0x6a,0xdc,0xe2,0x04,0x3a,0x01,0x9d,0x64,0xbe,0xfe,0x45,0xf9,0x44,0x18,0x71,0xbd,
294	0x2d,0x3e,0x7a,0x6f,0x72,0x7d,0x1a,0x80,0x42,0x57,0xae,0x18,0x6f,0x91,0xd6,0x61,
295	0x03,0x8a,0x1c,0x89,0x73,0xc7,0x56,0x41,0x03,0xd3,0xf8,0xed,0x65,0xe2,0x85,0x02,
296	0x15,0x00,0x89,0x94,0xab,0x10,0x67,0x45,0x41,0xad,0x63,0xc6,0x71,0x40,0x8d,0x6b,
297	0x9e,0x19,0x5b,0xa4,0xc7,0xf5,0x03,0x81,0x84,0x00,0x02,0x81,0x80,0x2f,0x5b,0xde,
298	0x72,0x02,0x36,0x6b,0x00,0x5e,0x24,0x7f,0x14,0x2c,0x18,0x52,0x42,0x97,0x4b,0xdb,
299	0x6e,0x15,0x50,0x3c,0x45,0x3e,0x25,0xf3,0xb7,0xc5,0x6e,0xe5,0x52,0xe7,0xc4,0xfb,
300	0xf4,0xa5,0xf0,0x39,0x12,0x7f,0xbc,0x54,0x1c,0x93,0xb9,0x5e,0xee,0xe9,0x14,0xb0,
301	0xdf,0xfe,0xfc,0x36,0xe4,0xf2,0xaf,0xfb,0x13,0xc8,0xdf,0x18,0x94,0x1d,0x40,0xb9,
302	0x71,0xdd,0x4c,0x9c,0xa7,0x03,0x52,0x02,0xb5,0xed,0x71,0x80,0x3e,0x23,0xda,0x28,
303	0xe5,0xab,0xe7,0x6f,0xf2,0x0a,0x0e,0x00,0x5b,0x7d,0xc6,0x4b,0xd7,0xc7,0xb2,0xc3,
304	0xba,0x62,0x7f,0x70,0x28,0xa0,0x9d,0x71,0x13,0x70,0xd1,0x9f,0x32,0x2f,0x3e,0xd2,
305	0xcd,0x1b,0xa4,0xc6,0x72,0xa0,0x74,0x5d,0x71,0xef,0x03,0x43,0x6e,0xa3,0x60,0x30,
306	0x5e,0x30,0x0c,0x06,0x03,0x55,0x1d,0x13,0x01,0x01,0xff,0x04,0x02,0x30,0x00,0x30,
307	0x0e,0x06,0x03,0x55,0x1d,0x0f,0x01,0x01,0xff,0x04,0x04,0x03,0x02,0x05,0xe0,0x30,
308	0x1d,0x06,0x03,0x55,0x1d,0x0e,0x04,0x16,0x04,0x14,0x0b,0x5a,0x4d,0x5f,0x7d,0x25,
309	0xc7,0xf2,0x9d,0xc1,0xaa,0xb7,0x63,0x82,0x2f,0xfa,0x8f,0x32,0xe7,0xc0,0x30,0x1f,
310	0x06,0x03,0x55,0x1d,0x23,0x04,0x18,0x30,0x16,0x80,0x14,0xdf,0x7e,0x5e,0x88,0x05,
311	0x24,0x33,0x08,0xdd,0x22,0x81,0x02,0x97,0xcc,0x9a,0xb7,0xb1,0x33,0x27,0x30,0x30,
312	0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x03,0x82,
313	0x01,0x01,0x00,0x5a,0xf2,0x63,0xef,0xd3,0x16,0xd7,0xf5,0xaa,0xdd,0x12,0x00,0x36,
314	0x00,0x21,0xa2,0x7b,0x08,0xd6,0x3b,0x9f,0x62,0xac,0x53,0x1f,0xed,0x4c,0xd1,0x15,
315	0x34,0x65,0x71,0xee,0x96,0x07,0xa6,0xef,0xb2,0xde,0xd8,0xbb,0x35,0x6e,0x2c,0xe2,
316	0xd1,0x26,0xef,0x7e,0x94,0xe2,0x88,0x51,0xa4,0x6c,0xaa,0x27,0x2a,0xd3,0xb6,0xc2,
317	0xf7,0xea,0xc3,0x0b,0xa9,0xb5,0x28,0x37,0xa2,0x63,0x08,0xe4,0x88,0xc0,0x1b,0x16,
318	0x1b,0xca,0xfd,0x8a,0x07,0x32,0x29,0xa7,0x53,0xb5,0x2d,0x30,0xe4,0xf5,0x16,0xc3,
319	0xe3,0xc2,0x4c,0x30,0x5d,0x35,0x80,0x1c,0xa2,0xdb,0xe3,0x4b,0x51,0x0d,0x4c,0x60,
320	0x5f,0xb9,0x46,0xac,0xa8,0x46,0xa7,0x32,0xa7,0x9c,0x76,0xf8,0xe9,0xb5,0x19,0xe2,
321	0x0c,0xe1,0x0f,0xc6,0x46,0xe2,0x38,0xa7,0x87,0x72,0x6d,0x6c,0xbc,0x88,0x2f,0x9d,
322	0x2d,0xe5,0xd0,0x7d,0x1e,0xc7,0x5d,0xf8,0x7e,0xb4,0x0b,0xa6,0xf9,0x6c,0xe3,0x7c,
323	0xb2,0x70,0x6e,0x75,0x9b,0x1e,0x63,0xe1,0x4d,0xb2,0x81,0xd3,0x55,0x38,0x94,0x1a,
324	0x7a,0xfa,0xbf,0x01,0x18,0x70,0x2d,0x35,0xd3,0xe3,0x10,0x7a,0x9a,0xa7,0x8f,0xf3,
325	0xbd,0x56,0x55,0x5e,0xd8,0xbd,0x4e,0x16,0x76,0xd0,0x48,0x4c,0xf9,0x51,0x54,0xdf,
326	0x2d,0xb0,0xc9,0xaa,0x5e,0x42,0x38,0x50,0xbf,0x0f,0xc0,0xd9,0x84,0x44,0x4b,0x42,
327	0x24,0xec,0x14,0xa3,0xde,0x11,0xdf,0x58,0x7f,0xc2,0x4d,0xb2,0xd5,0x42,0x78,0x6e,
328	0x52,0x3e,0xad,0xc3,0x5f,0x04,0xc4,0xe6,0x31,0xaa,0x81,0x06,0x8b,0x13,0x4b,0x3c,
329	0x0e,0x6a,0xb1
330	};
331
332	if (!TEST_ptr(bio = BIO_new_mem_buf(dhx_cert, sizeof(dhx_cert)))
333	\|\| !TEST_ptr(cert = X509_new_ex(libctx, NULL))
334	\|\| !TEST_ptr(d2i_X509_bio(bio, &cert)))
335	goto err;
336	ret = 1;
337	err:
338	X509_free(cert);
339	BIO_free(bio);
340	return ret;
341	}
342
343	#endif /* OPENSSL_NO_DH */
344
345	static int test_cipher_reinit(int test_id)
346	{
347	int ret = 0, diff, ccm, siv, no_null_key;
348	int out1_len = 0, out2_len = 0, out3_len = 0;
349	EVP_CIPHER *cipher = NULL;
350	EVP_CIPHER_CTX *ctx = NULL;
351	unsigned char out1[256];
352	unsigned char out2[256];
353	unsigned char out3[256];
354	unsigned char in[16] = {
355	0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
356	0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10
357	};
358	unsigned char key[64] = {
359	0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
360	0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
361	0x01, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
362	0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
363	0x02, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
364	0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
365	0x03, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
366	0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
367	};
368	unsigned char iv[16] = {
369	0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08,
370	0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00
371	};
372	const char *name = sk_OPENSSL_STRING_value(cipher_names, test_id);
373
374	if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()))
375	goto err;
376
377	TEST_note("Fetching %s\n", name);
378	if (!TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, name, NULL)))
379	goto err;
380
381	/* ccm fails on the second update - this matches OpenSSL 1_1_1 behaviour */
382	ccm = (EVP_CIPHER_get_mode(cipher) == EVP_CIPH_CCM_MODE);
383
384	/* siv cannot be called with NULL key as the iv is irrelevant */
385	siv = (EVP_CIPHER_get_mode(cipher) == EVP_CIPH_SIV_MODE);
386
387	/*
388	* Skip init call with a null key for RC4 as the stream cipher does not
389	* handle reinit (1.1.1 behaviour).
390	*/
391	no_null_key = EVP_CIPHER_is_a(cipher, "RC4")
392	\|\| EVP_CIPHER_is_a(cipher, "RC4-40")
393	\|\| EVP_CIPHER_is_a(cipher, "RC4-HMAC-MD5");
394
395	/* DES3-WRAP uses random every update - so it will give a different value */
396	diff = EVP_CIPHER_is_a(cipher, "DES3-WRAP");
397
398	if (!TEST_true(EVP_EncryptInit_ex(ctx, cipher, NULL, key, iv))
399	\|\| !TEST_true(EVP_EncryptUpdate(ctx, out1, &out1_len, in, sizeof(in)))
400	\|\| !TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv))
401	\|\| !TEST_int_eq(EVP_EncryptUpdate(ctx, out2, &out2_len, in, sizeof(in)),
402	ccm ? 0 : 1)
403	\|\| (!no_null_key
404	&& (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv))
405	\|\| !TEST_int_eq(EVP_EncryptUpdate(ctx, out3, &out3_len, in, sizeof(in)),
406	ccm \|\| siv ? 0 : 1))))
407	goto err;
408
409	if (ccm == 0) {
410	if (diff) {
411	if (!TEST_mem_ne(out1, out1_len, out2, out2_len)
412	\|\| !TEST_mem_ne(out1, out1_len, out3, out3_len)
413	\|\| !TEST_mem_ne(out2, out2_len, out3, out3_len))
414	goto err;
415	} else {
416	if (!TEST_mem_eq(out1, out1_len, out2, out2_len)
417	\|\| (!siv && !no_null_key && !TEST_mem_eq(out1, out1_len, out3, out3_len)))
418	goto err;
419	}
420	}
421	ret = 1;
422	err:
423	EVP_CIPHER_free(cipher);
424	EVP_CIPHER_CTX_free(ctx);
425	return ret;
426	}
427
428	/*
429	* This test only uses a partial block (half the block size) of input for each
430	* EVP_EncryptUpdate() in order to test that the second init/update is not using
431	* a leftover buffer from the first init/update.
432	* Note: some ciphers don't need a full block to produce output.
433	*/
434	static int test_cipher_reinit_partialupdate(int test_id)
435	{
436	int ret = 0, in_len;
437	int out1_len = 0, out2_len = 0, out3_len = 0;
438	EVP_CIPHER *cipher = NULL;
439	EVP_CIPHER_CTX *ctx = NULL;
440	unsigned char out1[256];
441	unsigned char out2[256];
442	unsigned char out3[256];
443	static const unsigned char in[32] = {
444	0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
445	0xba, 0xbe, 0xba, 0xbe, 0x00, 0x00, 0xba, 0xbe,
446	0x01, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
447	0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
448	};
449	static const unsigned char key[64] = {
450	0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
451	0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
452	0x01, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
453	0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
454	0x02, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
455	0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
456	0x03, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
457	0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
458	};
459	static const unsigned char iv[16] = {
460	0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08,
461	0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00
462	};
463	const char *name = sk_OPENSSL_STRING_value(cipher_names, test_id);
464
465	if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()))
466	goto err;
467
468	TEST_note("Fetching %s\n", name);
469	if (!TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, name, NULL)))
470	goto err;
471
472	in_len = EVP_CIPHER_get_block_size(cipher);
473	if (!TEST_int_gt(in_len, 0))
474	goto err;
475	if (in_len > 1)
476	in_len /= 2;
477
478	/* skip any ciphers that don't allow partial updates */
479	if (((EVP_CIPHER_get_flags(cipher)
480	& (EVP_CIPH_FLAG_CTS \| EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK)) != 0)
481	\|\| EVP_CIPHER_get_mode(cipher) == EVP_CIPH_CCM_MODE
482	\|\| EVP_CIPHER_get_mode(cipher) == EVP_CIPH_XTS_MODE
483	\|\| EVP_CIPHER_get_mode(cipher) == EVP_CIPH_WRAP_MODE) {
484	ret = 1;
485	goto err;
486	}
487
488	if (!TEST_true(EVP_EncryptInit_ex(ctx, cipher, NULL, key, iv))
489	\|\| !TEST_true(EVP_EncryptUpdate(ctx, out1, &out1_len, in, in_len))
490	\|\| !TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv))
491	\|\| !TEST_true(EVP_EncryptUpdate(ctx, out2, &out2_len, in, in_len)))
492	goto err;
493
494	if (EVP_CIPHER_get_iv_length(cipher) != 0)
495	if (!TEST_mem_eq(out1, out1_len, out2, out2_len))
496	goto err;
497
498	if (EVP_CIPHER_get_mode(cipher) != EVP_CIPH_SIV_MODE) {
499	if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv))
500	\|\| !TEST_true(EVP_EncryptUpdate(ctx, out3, &out3_len, in, in_len)))
501	goto err;
502
503	if (EVP_CIPHER_get_iv_length(cipher) != 0)
504	if (!TEST_mem_eq(out1, out1_len, out3, out3_len))
505	goto err;
506	}
507	ret = 1;
508	err:
509	EVP_CIPHER_free(cipher);
510	EVP_CIPHER_CTX_free(ctx);
511	return ret;
512	}
513
514
515	static int name_cmp(const char * const a, const char const *b)
516	{
517	return OPENSSL_strcasecmp(a, b);
518	}
519
520	static void collect_cipher_names(EVP_CIPHER cipher, void cipher_names_list)
521	{
522	STACK_OF(OPENSSL_STRING) *names = cipher_names_list;
523	const char *name = EVP_CIPHER_get0_name(cipher);
524	char *namedup = NULL;
525
526	assert(name != NULL);
527	/* the cipher will be freed after returning, strdup is needed */
528	if ((namedup = OPENSSL_strdup(name)) != NULL
529	&& !sk_OPENSSL_STRING_push(names, namedup))
530	OPENSSL_free(namedup);
531	}
532
533	static int rsa_keygen(int bits, EVP_PKEY pub, EVP_PKEY priv)
534	{
535	int ret = 0;
536	unsigned char *pub_der = NULL;
537	const unsigned char *pp = NULL;
538	size_t len = 0;
539	OSSL_ENCODER_CTX *ectx = NULL;
540
541	if (!TEST_ptr(*priv = EVP_PKEY_Q_keygen(libctx, NULL, "RSA", bits))
542	\|\| !TEST_ptr(ectx =
543	OSSL_ENCODER_CTX_new_for_pkey(*priv,
544	EVP_PKEY_PUBLIC_KEY,
545	"DER", "type-specific",
546	NULL))
547	\|\| !TEST_true(OSSL_ENCODER_to_data(ectx, &pub_der, &len)))
548	goto err;
549	pp = pub_der;
550	if (!TEST_ptr(d2i_PublicKey(EVP_PKEY_RSA, pub, &pp, len)))
551	goto err;
552	ret = 1;
553	err:
554	OSSL_ENCODER_CTX_free(ectx);
555	OPENSSL_free(pub_der);
556	return ret;
557	}
558
559	static int kem_rsa_gen_recover(void)
560	{
561	int ret = 0;
562	EVP_PKEY *pub = NULL;
563	EVP_PKEY *priv = NULL;
564	EVP_PKEY_CTX sctx = NULL, rctx = NULL, *dctx = NULL;
565	unsigned char secret[256] = { 0, };
566	unsigned char ct[256] = { 0, };
567	unsigned char unwrap[256] = { 0, };
568	size_t ctlen = 0, unwraplen = 0, secretlen = 0;
569	int bits = 2048;
570
571	ret = TEST_true(rsa_keygen(bits, &pub, &priv))
572	&& TEST_ptr(sctx = EVP_PKEY_CTX_new_from_pkey(libctx, pub, NULL))
573	&& TEST_int_eq(EVP_PKEY_encapsulate_init(sctx, NULL), 1)
574	&& TEST_int_eq(EVP_PKEY_CTX_set_kem_op(sctx, "RSASVE"), 1)
575	&& TEST_ptr(dctx = EVP_PKEY_CTX_dup(sctx))
576	&& TEST_int_eq(EVP_PKEY_encapsulate(dctx, NULL, &ctlen, NULL,
577	&secretlen), 1)
578	&& TEST_int_eq(ctlen, secretlen)
579	&& TEST_int_eq(ctlen, bits / 8)
580	&& TEST_int_eq(EVP_PKEY_encapsulate(dctx, ct, &ctlen, secret,
581	&secretlen), 1)
582	&& TEST_ptr(rctx = EVP_PKEY_CTX_new_from_pkey(libctx, priv, NULL))
583	&& TEST_int_eq(EVP_PKEY_decapsulate_init(rctx, NULL), 1)
584	&& TEST_int_eq(EVP_PKEY_CTX_set_kem_op(rctx, "RSASVE"), 1)
585	&& TEST_int_eq(EVP_PKEY_decapsulate(rctx, NULL, &unwraplen,
586	ct, ctlen), 1)
587	&& TEST_int_eq(EVP_PKEY_decapsulate(rctx, unwrap, &unwraplen,
588	ct, ctlen), 1)
589	&& TEST_mem_eq(unwrap, unwraplen, secret, secretlen);
590	EVP_PKEY_free(pub);
591	EVP_PKEY_free(priv);
592	EVP_PKEY_CTX_free(rctx);
593	EVP_PKEY_CTX_free(dctx);
594	EVP_PKEY_CTX_free(sctx);
595	return ret;
596	}
597
598	#ifndef OPENSSL_NO_DES
599	/*
600	* This test makes sure that EVP_CIPHER_CTX_rand_key() works correctly
601	* For fips mode this code would produce an error if the flag is not set.
602	*/
603	static int test_cipher_tdes_randkey(void)
604	{
605	int ret;
606	EVP_CIPHER_CTX *ctx = NULL;
607	EVP_CIPHER tdes_cipher = NULL, aes_cipher = NULL;
608	unsigned char key[24] = { 0 };
609
610	ret = TEST_ptr(aes_cipher = EVP_CIPHER_fetch(libctx, "AES-256-CBC", NULL))
611	&& TEST_int_eq(EVP_CIPHER_get_flags(aes_cipher) & EVP_CIPH_RAND_KEY, 0)
612	&& TEST_ptr(tdes_cipher = EVP_CIPHER_fetch(libctx, "DES-EDE3-CBC", NULL))
613	&& TEST_int_ne(EVP_CIPHER_get_flags(tdes_cipher) & EVP_CIPH_RAND_KEY, 0)
614	&& TEST_ptr(ctx = EVP_CIPHER_CTX_new())
615	&& TEST_true(EVP_CipherInit_ex(ctx, tdes_cipher, NULL, NULL, NULL, 1))
616	&& TEST_int_gt(EVP_CIPHER_CTX_rand_key(ctx, key), 0);
617
618	EVP_CIPHER_CTX_free(ctx);
619	EVP_CIPHER_free(tdes_cipher);
620	EVP_CIPHER_free(aes_cipher);
621	return ret;
622	}
623	#endif /* OPENSSL_NO_DES */
624
625	static int kem_rsa_params(void)
626	{
627	int ret = 0;
628	EVP_PKEY *pub = NULL;
629	EVP_PKEY *priv = NULL;
630	EVP_PKEY_CTX pubctx = NULL, privctx = NULL;
631	unsigned char secret[256] = { 0, };
632	unsigned char ct[256] = { 0, };
633	size_t ctlen = 0, secretlen = 0;
634
635	ret = TEST_true(rsa_keygen(2048, &pub, &priv))
636	&& TEST_ptr(pubctx = EVP_PKEY_CTX_new_from_pkey(libctx, pub, NULL))
637	&& TEST_ptr(privctx = EVP_PKEY_CTX_new_from_pkey(libctx, priv, NULL))
638	/* Test setting kem op before the init fails */
639	&& TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx, "RSASVE"), -2)
640	/* Test NULL ctx passed */
641	&& TEST_int_eq(EVP_PKEY_encapsulate_init(NULL, NULL), 0)
642	&& TEST_int_eq(EVP_PKEY_encapsulate(NULL, NULL, NULL, NULL, NULL), 0)
643	&& TEST_int_eq(EVP_PKEY_decapsulate_init(NULL, NULL), 0)
644	&& TEST_int_eq(EVP_PKEY_decapsulate(NULL, NULL, NULL, NULL, 0), 0)
645	/* Test Invalid operation */
646	&& TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, NULL, NULL, NULL), -1)
647	&& TEST_int_eq(EVP_PKEY_decapsulate(privctx, NULL, NULL, NULL, 0), 0)
648	/* Wrong key component - no secret should be returned on failure */
649	&& TEST_int_eq(EVP_PKEY_decapsulate_init(pubctx, NULL), 1)
650	&& TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx, "RSASVE"), 1)
651	&& TEST_int_eq(EVP_PKEY_decapsulate(pubctx, secret, &secretlen, ct,
652	sizeof(ct)), 0)
653	&& TEST_uchar_eq(secret[0], 0)
654	/* Test encapsulate fails if the mode is not set */
655	&& TEST_int_eq(EVP_PKEY_encapsulate_init(pubctx, NULL), 1)
656	&& TEST_int_eq(EVP_PKEY_encapsulate(pubctx, ct, &ctlen, secret, &secretlen), -2)
657	/* Test setting a bad kem ops fail */
658	&& TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx, "RSA"), 0)
659	&& TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx, NULL), 0)
660	&& TEST_int_eq(EVP_PKEY_CTX_set_kem_op(NULL, "RSASVE"), 0)
661	&& TEST_int_eq(EVP_PKEY_CTX_set_kem_op(NULL, NULL), 0)
662	/* Test secretlen is optional */
663	&& TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx, "RSASVE"), 1)
664	&& TEST_int_eq(EVP_PKEY_encapsulate(pubctx, ct, &ctlen, secret, NULL), 1)
665	&& TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, &ctlen, NULL, NULL), 1)
666	/* Test outlen is optional */
667	&& TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, NULL, NULL, &secretlen), 1)
668	&& TEST_int_eq(EVP_PKEY_encapsulate(pubctx, ct, NULL, secret, &secretlen), 1)
669	/* test that either len must be set if out is NULL */
670	&& TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, NULL, NULL, NULL), 0)
671	&& TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, &ctlen, NULL, NULL), 1)
672	&& TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, NULL, NULL, &secretlen), 1)
673	&& TEST_int_eq(EVP_PKEY_encapsulate(pubctx, NULL, &ctlen, NULL, &secretlen), 1)
674	/* Secret buffer should be set if there is an output buffer */
675	&& TEST_int_eq(EVP_PKEY_encapsulate(pubctx, ct, &ctlen, NULL, NULL), 0)
676	/* Test that lengths are optional if ct is not NULL */
677	&& TEST_int_eq(EVP_PKEY_encapsulate(pubctx, ct, NULL, secret, NULL), 1)
678	/* Pass if secret or secret length are not NULL */
679	&& TEST_int_eq(EVP_PKEY_decapsulate_init(privctx, NULL), 1)
680	&& TEST_int_eq(EVP_PKEY_CTX_set_kem_op(privctx, "RSASVE"), 1)
681	&& TEST_int_eq(EVP_PKEY_decapsulate(privctx, secret, NULL, ct, sizeof(ct)), 1)
682	&& TEST_int_eq(EVP_PKEY_decapsulate(privctx, NULL, &secretlen, ct, sizeof(ct)), 1)
683	&& TEST_int_eq(secretlen, 256)
684	/* Fail if passed NULL arguments */
685	&& TEST_int_eq(EVP_PKEY_decapsulate(privctx, NULL, NULL, ct, sizeof(ct)), 0)
686	&& TEST_int_eq(EVP_PKEY_decapsulate(privctx, secret, &secretlen, NULL, 0), 0)
687	&& TEST_int_eq(EVP_PKEY_decapsulate(privctx, secret, &secretlen, NULL, sizeof(ct)), 0)
688	&& TEST_int_eq(EVP_PKEY_decapsulate(privctx, secret, &secretlen, ct, 0), 0);
689
690	EVP_PKEY_free(pub);
691	EVP_PKEY_free(priv);
692	EVP_PKEY_CTX_free(pubctx);
693	EVP_PKEY_CTX_free(privctx);
694	return ret;
695	}
696
697	#ifndef OPENSSL_NO_DH
698	static EVP_PKEY *gen_dh_key(void)
699	{
700	EVP_PKEY_CTX *gctx = NULL;
701	EVP_PKEY *pkey = NULL;
702	OSSL_PARAM params[2];
703
704	params[0] = OSSL_PARAM_construct_utf8_string("group", "ffdhe2048", 0);
705	params[1] = OSSL_PARAM_construct_end();
706
707	if (!TEST_ptr(gctx = EVP_PKEY_CTX_new_from_name(libctx, "DH", NULL))
708	\|\| !TEST_int_gt(EVP_PKEY_keygen_init(gctx), 0)
709	\|\| !TEST_true(EVP_PKEY_CTX_set_params(gctx, params))
710	\|\| !TEST_true(EVP_PKEY_keygen(gctx, &pkey)))
711	goto err;
712	err:
713	EVP_PKEY_CTX_free(gctx);
714	return pkey;
715	}
716
717	/* Fail if we try to use a dh key */
718	static int kem_invalid_keytype(void)
719	{
720	int ret = 0;
721	EVP_PKEY *key = NULL;
722	EVP_PKEY_CTX *sctx = NULL;
723
724	if (!TEST_ptr(key = gen_dh_key()))
725	goto done;
726
727	if (!TEST_ptr(sctx = EVP_PKEY_CTX_new_from_pkey(libctx, key, NULL)))
728	goto done;
729	if (!TEST_int_eq(EVP_PKEY_encapsulate_init(sctx, NULL), -2))
730	goto done;
731
732	ret = 1;
733	done:
734	EVP_PKEY_free(key);
735	EVP_PKEY_CTX_free(sctx);
736	return ret;
737	}
738	#endif /* OPENSSL_NO_DH */
739
740	int setup_tests(void)
741	{
742	const char *prov_name = "default";
743	char *config_file = NULL;
744	OPTION_CHOICE o;
745
746	while ((o = opt_next()) != OPT_EOF) {
747	switch (o) {
748	case OPT_PROVIDER_NAME:
749	prov_name = opt_arg();
750	break;
751	case OPT_CONFIG_FILE:
752	config_file = opt_arg();
753	break;
754	case OPT_TEST_CASES:
755	break;
756	default:
757	case OPT_ERR:
758	return 0;
759	}
760	}
761
762	if (!test_get_libctx(&libctx, &nullprov, config_file, &libprov, prov_name))
763	return 0;
764
765	ADD_TEST(test_evp_cipher_api_safety);
766
767	#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DH)
768	ADD_ALL_TESTS(test_dsa_param_keygen, 3 * 3 * 3);
769	#endif
770	#ifndef OPENSSL_NO_DH
771	ADD_ALL_TESTS(test_dh_safeprime_param_keygen, 3 * 3 * 3);
772	ADD_TEST(dhx_cert_load);
773	#endif
774
775	if (!TEST_ptr(cipher_names = sk_OPENSSL_STRING_new(name_cmp)))
776	return 0;
777	EVP_CIPHER_do_all_provided(libctx, collect_cipher_names, cipher_names);
778
779	ADD_ALL_TESTS(test_cipher_reinit, sk_OPENSSL_STRING_num(cipher_names));
780	ADD_ALL_TESTS(test_cipher_reinit_partialupdate,
781	sk_OPENSSL_STRING_num(cipher_names));
782	ADD_TEST(kem_rsa_gen_recover);
783	ADD_TEST(kem_rsa_params);
784	#ifndef OPENSSL_NO_DH
785	ADD_TEST(kem_invalid_keytype);
786	#endif
787	#ifndef OPENSSL_NO_DES
788	ADD_TEST(test_cipher_tdes_randkey);
789	#endif
790	return 1;
791	}
792
793	/* Because OPENSSL_free is a macro, it can't be passed as a function pointer */
794	static void string_free(char *m)
795	{
796	OPENSSL_free(m);
797	}
798
799	void cleanup_tests(void)
800	{
801	sk_OPENSSL_STRING_pop_free(cipher_names, string_free);
802	OSSL_PROVIDER_unload(libprov);
803	OSSL_LIB_CTX_free(libctx);
804	OSSL_PROVIDER_unload(nullprov);
805	}

注意: 瀏覽 TracBrowser 來幫助您使用儲存庫瀏覽器

source: vbox/trunk/src/libs/openssl-3.3.2/test/evp_libctx_test.c@ 108358

以其他格式下載: