QuasarApp/openssl
4
0
Fork 0
mirror of https://github.com/QuasarApp/openssl.git synced 2025-04-28 18:54:36 +00:00
Code Issues Projects Releases Wiki Activity

Add data driven SELF TEST code for signatures and key agreement

Browse Source 
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11036)
This commit is contained in:
Shane Lontis 2020-04-03 16:50:36 +10:00
parent 4b1fe471ac
commit ec4d1b8f8c
6 changed files with 1074 additions and 416 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
doc/man7/OSSL_PROVIDER-FIPS.pod
View File

@ -245,12 +245,14 @@ Signature tests used with the "KAT_Signature" type.
=item "ECDH" (B<OSSL_SELF_TEST_DESC_KA_ECDH>)
=item "ECDSA" (B<OSSL_SELF_TEST_DESC_KA_ECDSA>)
=item "DH" (B<OSSL_SELF_TEST_DESC_KA_DH>)
Key agreement tests used with the "KAT_KA" type.
=item "HKDF" (B<OSSL_SELF_TEST_DESC_KDF_HKDF>)
=item "SSKDF" (B<OSSL_SELF_TEST_DESC_KDF_SSKDF>)
Key Derivation Function tests used with the "KAT_KDF" type.
=item "CTR" (B<OSSL_SELF_TEST_DESC_DRBG_CTR>)

3
include/openssl/self_test.h
View File

@ -52,9 +52,10 @@ extern "C" {
# define OSSL_SELF_TEST_DESC_DRBG_CTR "CTR"
# define OSSL_SELF_TEST_DESC_DRBG_HASH "HASH"
# define OSSL_SELF_TEST_DESC_DRBG_HMAC "HMAC"
# define OSSL_SELF_TEST_DESC_KA_DH "DH"
# define OSSL_SELF_TEST_DESC_KA_ECDH "ECDH"
# define OSSL_SELF_TEST_DESC_KA_ECDSA "ECDSA"
# define OSSL_SELF_TEST_DESC_KDF_HKDF "HKDF"
# define OSSL_SELF_TEST_DESC_KDF_SSKDF "SSKDF"
# ifdef __cplusplus
}

353
providers/fips/fipsprov.c
View File

@ -126,349 +126,6 @@ static OSSL_PARAM core_params[] =
OSSL_PARAM_END
};
/*
* Convert a string into a bignumber.
* The array of hex_data is used to get around compilers that dont like
* strings longer than 509 bytes,
*/
#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA)
static int hextobn(const char *hex_data[], BIGNUM **bn)
{
int ret = 0;
int i, slen;
char *str = NULL;
/* Get the total length of the strings */
for (slen = 0, i = 0; hex_data[i] != NULL; ++i)
slen += strlen(hex_data[i]);
/* Add 1 for the string terminator */
str = OPENSSL_zalloc(slen + 1);
if (str == NULL)
return 0;
/* join the strings together into 1 buffer */
for (i = 0; hex_data[i] != NULL; ++i)
strcat(str, hex_data[i]);
if (BN_hex2bn(bn, str) <= 0)
goto err;
ret = 1;
err:
OPENSSL_free(str);
return ret;
}
#endif /* !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA) */
#ifndef OPENSSL_NO_DH
static int hextobin(const char *hex_data[], unsigned char **out, size_t *len)
{
int ret = 0, sz;
BIGNUM *bn = NULL;
unsigned char *buf = NULL;
if (!hextobn(hex_data, &bn))
return 0;
sz = BN_num_bytes(bn);
buf = OPENSSL_zalloc(sz);
if (buf == NULL)
goto err;
if (BN_bn2binpad(bn, buf, sz) <= 0)
goto err;
*out = buf;
*len = sz;
buf = NULL; /* Set to NULL so it is not freed */
ret = 1;
err:
OPENSSL_free(buf);
BN_free(bn);
return ret;
}
#endif
#ifndef OPENSSL_NO_DSA
static int dsa_key_signature_test(OPENSSL_CTX *libctx)
{
int ret = 0;
BIGNUM *p = NULL, *q = NULL, *g = NULL;
BIGNUM *pub = NULL, *priv = NULL;
OSSL_PARAM *params = NULL, *params_sig = NULL;
OSSL_PARAM_BLD *bld = NULL;
EVP_PKEY_CTX *sctx = NULL, *kctx = NULL;
EVP_PKEY *pkey = NULL;
unsigned char sig[64];
size_t siglen;
static const unsigned char dgst[SHA256_DIGEST_LENGTH] = {
0x7f, 0x83, 0xb1, 0x65, 0x7f, 0xf1, 0xfc, 0x53, 0xb9, 0x2d, 0xc1, 0x81,
0x48, 0xa1, 0xd6, 0x5d, 0xfc, 0x2d, 0x4b, 0x1f, 0xa3, 0xd6, 0x77, 0x28,
0x4a, 0xdd, 0xd2, 0x00, 0x12, 0x6d, 0x90, 0x69
};
/* dsa 2048 */
static const char *dsa_p_hex[] = {
"a29b8872ce8b8423b7d5d21d4b02f57e03e9e6b8a258dc16611ba098ab543415"
"e415f156997a3ee236658fa093260de3ad422e05e046f9ec29161a375f0eb4ef"
"fcef58285c5d39ed425d7a62ca12896c4a92cb1946f2952a48133f07da364d1b"
"df6b0f7139983e693c80059b0eacd1479ba9f2857754ede75f112b07ebbf3534",
"8bbf3e01e02f2d473de39453f99dd2367541caca3ba01166343d7b5b58a37bd1"
"b7521db2f13b86707132fe09f4cd09dc1618fa3401ebf9cc7b19fa94aa472088"
"133d6cb2d35c1179c8c8ff368758d507d9f9a17d46c110fe3144ce9b022b42e4"
"19eb4f5388613bfc3e26241a432e8706bc58ef76117278deab6cf692618291b7",
NULL
};
static const char *dsa_q_hex[] = {
"a3bfd9ab7884794e383450d5891dc18b65157bdcfcdac51518902867",
NULL
};
static const char *dsa_g_hex[] = {
"6819278869c7fd3d2d7b77f77e8150d9ad433bea3ba85efc80415aa3545f78f7"
"2296f06cb19ceda06c94b0551cfe6e6f863e31d1de6eed7dab8b0c9df231e084"
"34d1184f91d033696bb382f8455e9888f5d31d4784ec40120246f4bea61794bb"
"a5866f09746463bdf8e9e108cd9529c3d0f6df80316e2e70aaeb1b26cdb8ad97",
"bc3d287e0b8d616c42e65b87db20deb7005bc416747a6470147a68a7820388eb"
"f44d52e0628af9cf1b7166d03465f35acc31b6110c43dabc7c5d591e671eaf7c"
"252c1c145336a1a4ddf13244d55e835680cab2533b82df2efe55ec18c1e6cd00"
"7bb089758bb17c2cbe14441bd093ae66e5976d53733f4fa3269701d31d23d467",
NULL
};
static const char *dsa_pub_hex[] = {
"a012b3b170b307227957b7ca2061a816ac7a2b3d9ae995a5119c385b603bf6f6"
"c5de4dc5ecb5dfa4a41c68662eb25b638b7e2620ba898d07da6c4991e76cc0ec"
"d1ad3421077067e47c18f58a92a72ad43199ecb7bd84e7d3afb9019f0e9dd0fb"
"aa487300b13081e33c902876436f7b03c345528481d362815e24fe59dac5ac34",
"660d4c8a76cb99a7c7de93eb956cd6bc88e58d901034944a094b01803a43c672"
"b9688c0e01d8f4fc91c62a3f88021f7bd6a651b1a88f43aa4ef27653d12bf8b7"
"099fdf6b461082f8e939107bfd2f7210087d326c375200f1f51e7e74a3413190"
"1bcd0863521ff8d676c48581868736c5e51b16a4e39215ea0b17c4735974c516",
NULL
};
static const char *dsa_priv_hex[] = {
"6ccaeef6d73b4e80f11c17b8e9627c036635bac39423505e407e5cb7",
NULL
};
if (!hextobn(dsa_p_hex, &p)
|| !hextobn(dsa_q_hex, &q)
|| !hextobn(dsa_g_hex, &g)
|| !hextobn(dsa_pub_hex, &pub)
|| !hextobn(dsa_priv_hex, &priv))
goto err;
bld = OSSL_PARAM_BLD_new();
if (bld == NULL
|| !OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p)
|| !OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q)
|| !OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g)
|| !OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY, pub)
|| !OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY, priv))
goto err;
params = OSSL_PARAM_BLD_to_param(bld);
/* Create a EVP_PKEY_CTX to load the DSA key into */
kctx = EVP_PKEY_CTX_new_from_name(libctx, SN_dsa, "");
if (kctx == NULL || params == NULL)
goto err;
if (EVP_PKEY_key_fromdata_init(kctx) <= 0
|| EVP_PKEY_fromdata(kctx, &pkey, params) <= 0)
goto err;
/* Create a EVP_PKEY_CTX to use for the signing operation */
sctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, NULL);
if (sctx == NULL
|| EVP_PKEY_sign_init(sctx) <= 0)
goto err;
/* set signature parameters */
if (!OSSL_PARAM_BLD_push_utf8_string(bld, OSSL_SIGNATURE_PARAM_DIGEST,
SN_sha256,strlen(SN_sha256) + 1))
goto err;
params_sig = OSSL_PARAM_BLD_to_param(bld);
if (EVP_PKEY_CTX_set_params(sctx, params_sig) <= 0)
goto err;
if (EVP_PKEY_sign(sctx, sig, &siglen, dgst, sizeof(dgst)) <= 0
|| EVP_PKEY_verify_init(sctx) <= 0
|| EVP_PKEY_verify(sctx, sig, siglen, dgst, sizeof(dgst)) <= 0)
goto err;
ret = 1;
err:
OSSL_PARAM_BLD_free_params(params);
OSSL_PARAM_BLD_free_params(params_sig);
OSSL_PARAM_BLD_free(bld);
BN_free(p);
BN_free(q);
BN_free(g);
BN_free(pub);
BN_free(priv);
EVP_PKEY_free(pkey);
EVP_PKEY_CTX_free(kctx);
EVP_PKEY_CTX_free(sctx);
return ret;
}
#endif /* OPENSSL_NO_DSA */
#ifndef OPENSSL_NO_DH
static int dh_key_exchange_test(OPENSSL_CTX *libctx)
{
int ret = 0;
BIGNUM *p = NULL, *q = NULL, *g = NULL;
BIGNUM *pub = NULL, *priv = NULL, *pub_peer = NULL;
unsigned char *kat_secret = NULL;
EVP_PKEY_CTX *kactx = NULL, *dctx = NULL;
EVP_PKEY *pkey = NULL, *peerkey = NULL;
OSSL_PARAM *params = NULL;
OSSL_PARAM *params_peer = NULL;
unsigned char secret[256];
size_t secret_len, kat_secret_len = 0;
OSSL_PARAM_BLD *bld = NULL;
/* DH KAT */
static const char *dh_p_hex[] = {
"dcca1511b2313225f52116e1542789e001f0425bccc7f366f7406407f1c9fa8b"
"e610f1778bb170be39dbb76f85bf24ce6880adb7629f7c6d015e61d43fa3ee4d"
"e185f2cfd041ffde9d418407e15138bb021daeb35f762d1782acc658d32bd4b0"
"232c927dd38fa097b3d1859fa8acafb98f066608fc644ec7ddb6f08599f92ac1",
"b59825da8432077def695646063c20823c9507ab6f0176d4730d990dbbe6361c"
"d8b2b94d3d2f329b82099bd661f42950f403df3ede62a33188b02798ba823f44"
"b946fe9df677a0c5a1238eaa97b70f80da8cac88e092b1127060ffbf45579994"
"011dc2faa5e7f6c76245e1cc312231c17d1ca6b19007ef0db99f9cb60e1d5f69",
NULL
};
static const char *dh_q_hex[] = {
"898b226717ef039e603e82e5c7afe48374ac5f625c54f1ea11acb57d",
NULL
};
static const char *dh_g_hex[] = {
"5ef7b88f2df60139351dfbfe1266805fdf356cdfd13a4da0050c7ede"
"246df59f6abf96ade5f2b28ffe88d6bce7f7894a3d535fc82126ddd4"
"24872e16b838df8c51e9016f889c7c203e98a8b631f9c72563d38a49"
"589a0753d358e783318cefd9677c7b2dbb77d6dce2a1963795ca64b9",
"2d1c9aac6d0e8d431de5e50060dff78689c9eca1c1248c16ed09c7ad",
"412a17406d2b525aa1cabb237b9734ec7b8ce3fae02f29c5efed30d6"
"9187da109c2c9fe2aadbb0c22af54c616655000c431c6b4a379763b0"
"a91658efc84e8b06358c8b4f213710fd10172cf39b830c2dd84a0c8a"
"b82516ecab995fa4215e023e4ecf8074c39d6c88b70d1ee4e96fdc20",
"ea115c32",
NULL
};
static const char *dh_priv_hex[] = {
"1433e0b5a917b60a3023f2f8aa2c2d70d2968aba9aeac81540b8fce6",
NULL
};
static const char *dh_pub_hex[] = {
"95dd338d29e5710492b918317b72a36936e1951a2ee5a5591699c048"
"6d0d4f9bdd6d5a3f6b98890c62b37652d36e712111e68a7355372506"
"99efe330537391fbc2c548bc5ac3e5b23386c3eef5eb43c099d70a52"
"02687e83964248fca91f40908e8fb3319315f6d2606d7f7cd52cc6e7",
"c5843afb22519cf0f0f9d3a0a4e8c88899efede7364351fb6a363ee7"
"17e5445adab4c931a6483997b87dad83677e4d1d3a7775e0f6d00fdf"
"73c7ad801e665a0e5a796d0a0380a19fa182efc8a04f5e4db90d1a86"
"37f95db16436bdc8f3fc096c4ff7f234be8fef479ac4b0dc4b77263e",
"07d9959de0f1bf3f0ae3d9d50e4b89c99e3ea1217343dd8c6581acc4"
"959c91d3",
NULL
};
static const char *dh_peer_pub_hex[] = {
"1fc1da341d1a846a96b7be24340f877dd010aa0356d5ad58aae9c7b0"
"8f749a32235110b5d88eb5dbfa978d27ecc530f02d3114005b64b1c0"
"e024cb8ae21698bca9e60d42808622f181c56e1de7a96e6efee9d665"
"67e91b977042c7e3d0448f05fb77f522b9bfc8d33cc3c31ed3b31f0f",
"ecb6db4f6ea311e77afdbcd47aee1bb150f216873578fb96468e8f9f"
"3de8efbfce75624b1df05322a34f1463e839e8984c4ad0a96e1ac842"
"e5318cc23c062a8ca171b8d575980dde7fc56f1536523820d43192bf"
"d51e8e228978aca5b94472f339caeb9931b42be301268bc99789c9b2",
"5571c3c0e4cb3f007f1a511cbb53c8519cdd1302abca6c0f34f96739"
"f17ff48b",
NULL
};
static const char *dh_secret_exptd_hex[] = {
"08ff33bb2ecff49a7d4a7912aeb1bb6ab511641b4a76770c8cc1bcc2"
"33343dfe700d11813d2c9ed23b211ca9e8786921edca283c68b16153"
"fa01e91ab82c90ddab4a95816770a98710e14c92ab83b6e46e1e426e"
"e852430d6187daa3720a6bcd73235c6b0f941f3364f50420551a4bfe",
"afe2bc438505a59a4a40daca7a895a73db575c74c13a23ad8832957d"
"582d38f0a6165fb0d7e9b8799e42fd3220e332e98185a0c9429757b2"
"d0d02c17dbaa1ff6ed93d7e73e241eaed90caf394d2bc6570f18c81f"
"2be5d01a2ca99ff142b5d963f9f500325e7556f95849b3ffc7479486",
"be1d4596a3106bd5cb4f61c57ec5f100fb7a0c82a10b82526a97d1d9"
"7d98eaf6",
NULL
};
if (!hextobn(dh_p_hex, &p)
|| !hextobn(dh_q_hex, &q)
|| !hextobn(dh_g_hex, &g)
|| !hextobn(dh_pub_hex, &pub)
|| !hextobn(dh_priv_hex, &priv)
|| !hextobn(dh_peer_pub_hex, &pub_peer)
|| !hextobin(dh_secret_exptd_hex, &kat_secret, &kat_secret_len))
goto err;
bld = OSSL_PARAM_BLD_new();
if (bld == NULL
|| !OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p)
|| !OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q)
|| !OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g)
|| !OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY, pub)
|| !OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY, priv))
goto err;
params = OSSL_PARAM_BLD_to_param(bld);
if (!OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p)
|| !OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q)
|| !OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g)
|| !OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY, pub_peer))
goto err;
params_peer = OSSL_PARAM_BLD_to_param(bld);
if (params == NULL || params_peer == NULL)
goto err;
/* Create a EVP_PKEY_CTX to load the DH keys into */
kactx = EVP_PKEY_CTX_new_from_name(libctx, "DH", "");
if (kactx == NULL)
goto err;
if (EVP_PKEY_key_fromdata_init(kactx) <= 0
|| EVP_PKEY_fromdata(kactx, &pkey, params) <= 0)
goto err;
if (EVP_PKEY_key_fromdata_init(kactx) <= 0
|| EVP_PKEY_fromdata(kactx, &peerkey, params_peer) <= 0)
goto err;
/* Create a EVP_PKEY_CTX to perform key derivation */
dctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, NULL);
if (dctx == NULL)
goto err;
if (EVP_PKEY_derive_init(dctx) <= 0
|| EVP_PKEY_derive_set_peer(dctx, peerkey) <= 0
|| EVP_PKEY_derive(dctx, secret, &secret_len) <= 0)
goto err;
if (secret_len != kat_secret_len
|| memcmp(secret, kat_secret, secret_len) != 0)
goto err;
ret = 1;
err:
OSSL_PARAM_BLD_free(bld);
OSSL_PARAM_BLD_free_params(params_peer);
OSSL_PARAM_BLD_free_params(params);
BN_free(p);
BN_free(q);
BN_free(g);
BN_free(pub);
BN_free(priv);
BN_free(pub_peer);
OPENSSL_free(kat_secret);
EVP_PKEY_free(pkey);
EVP_PKEY_free(peerkey);
EVP_PKEY_CTX_free(kactx);
EVP_PKEY_CTX_free(dctx);
return ret;
}
#endif /* OPENSSL_NO_DH */
/* TODO(3.0): To be removed */
static int dummy_evp_call(void *provctx)
{
@ -536,16 +193,6 @@ static int dummy_evp_call(void *provctx)
goto err;
#endif
#ifndef OPENSSL_NO_DSA
if (!dsa_key_signature_test(libctx))
goto err;
#endif
#ifndef OPENSSL_NO_DH
if (!dh_key_exchange_test(libctx))
goto err;
#endif /* OPENSSL_NO_DH */
ret = 1;
err:
BN_CTX_end(bnctx);

836
providers/fips/self_test_data.inc
View File

@ -7,6 +7,26 @@
* https://www.openssl.org/source/license.html
*/
/* Macros to build Self test data */
#define ITM(x) x, sizeof(x)
#define ITM_STR(x) x, (sizeof(x) - 1)
#define ST_KAT_PARAM_END() { "", 0, NULL, 0 }
#define ST_KAT_PARAM_BIGNUM(name, data) \
{ name, OSSL_PARAM_UNSIGNED_INTEGER, ITM(data) }
#define ST_KAT_PARAM_OCTET(name, data) \
{ name, OSSL_PARAM_OCTET_STRING, ITM(data) }
#define ST_KAT_PARAM_UTF8STRING(name, data) \
{ name, OSSL_PARAM_UTF8_STRING, ITM_STR(data) }
/* used to store raw parameters for keys and algorithms */
typedef struct st_kat_param_st {
const char *name; /* an OSSL_PARAM name */
size_t type; /* the type associated with the data */
const void *data; /* unsigned char [], or char [] depending on the type */
size_t data_len; /* the length of the data */
} ST_KAT_PARAM;
typedef struct st_kat_st {
const char *desc;
const char *algorithm;
@ -29,15 +49,10 @@ typedef struct st_kat_cipher_st {
size_t tag_len;
} ST_KAT_CIPHER;
typedef struct st_kat_nvp_st {
const char *name;
const char *value;
} ST_KAT_NVP;
typedef struct st_kat_kdf_st {
const char *desc;
const char *algorithm;
const ST_KAT_NVP *ctrls;
const ST_KAT_PARAM *params;
const unsigned char *expected;
size_t expected_len;
} ST_KAT_KDF;
@ -64,9 +79,26 @@ typedef struct st_kat_drbg_st {
size_t expectedlen;
} ST_KAT_DRBG;
/* Macros to build Self test data */
#define ITM(x) x, sizeof(x)
#define ITM_STR(x) x, sizeof(x) - 1
typedef struct st_kat_kas_st {
const char *desc;
const char *algorithm;
const ST_KAT_PARAM *key_group;
const ST_KAT_PARAM *key_host_data;
const ST_KAT_PARAM *key_peer_data;
const unsigned char *expected;
size_t expected_len;
} ST_KAT_KAS;
typedef struct st_kat_sign_st {
const char *desc;
const char *algorithm;
const char *mdalgorithm;
const ST_KAT_PARAM *key;
const unsigned char *sig_expected; /* Set to NULL if this value changes */
size_t sig_expected_len;
} ST_KAT_SIGN;
/*- DIGEST TEST DATA */
static const unsigned char sha1_pt[] = "abc";
@ -118,11 +150,11 @@ static const ST_KAT_DIGEST st_kat_digest_tests[] =
/* DES3 test data */
static const unsigned char des_ede3_cbc_pt[] = {
0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 0xE9, 0x3D, 0x7E, 0x11,
0x73, 0x93, 0x17, 0x2A, 0xAE, 0x2D, 0x8A, 0x57, 0x1E, 0x03, 0xAC, 0x9C,
0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96,
0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A,
0xAE, 0x2D, 0x8A, 0x57, 0x1E, 0x03, 0xAC, 0x9C,
0x9E, 0xB7, 0x6F, 0xAC, 0x45, 0xAF, 0x8E, 0x51
};
static const unsigned char des_ede3_cbc_key[] = {
0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x01,
@ -132,34 +164,38 @@ static const unsigned char des_ede3_cbc_iv[] = {
0xF6, 0x9F, 0x24, 0x45, 0xDF, 0x4F, 0x9B, 0x17
};
static const unsigned char des_ede3_cbc_ct[] = {
0x20, 0x79, 0xC3, 0xD5, 0x3A, 0xA7, 0x63, 0xE1, 0x93, 0xB7, 0x9E, 0x25,
0x69, 0xAB, 0x52, 0x62, 0x51, 0x65, 0x70, 0x48, 0x1F, 0x25, 0xB5, 0x0F,
0x20, 0x79, 0xC3, 0xD5, 0x3A, 0xA7, 0x63, 0xE1,
0x93, 0xB7, 0x9E, 0x25, 0x69, 0xAB, 0x52, 0x62,
0x51, 0x65, 0x70, 0x48, 0x1F, 0x25, 0xB5, 0x0F,
0x73, 0xC0, 0xBD, 0xA8, 0x5C, 0x8E, 0x0D, 0xA7
};
/* AES-256 GCM test data */
static const unsigned char aes_256_gcm_key[] = {
0x92,0xe1,0x1d,0xcd,0xaa,0x86,0x6f,0x5c,0xe7,0x90,0xfd,0x24,
0x50,0x1f,0x92,0x50,0x9a,0xac,0xf4,0xcb,0x8b,0x13,0x39,0xd5,
0x0c,0x9c,0x12,0x40,0x93,0x5d,0xd0,0x8b
0x92, 0xe1, 0x1d, 0xcd, 0xaa, 0x86, 0x6f, 0x5c,
0xe7, 0x90, 0xfd, 0x24, 0x50, 0x1f, 0x92, 0x50,
0x9a, 0xac, 0xf4, 0xcb, 0x8b, 0x13, 0x39, 0xd5,
0x0c, 0x9c, 0x12, 0x40, 0x93, 0x5d, 0xd0, 0x8b
};
static const unsigned char aes_256_gcm_iv[] = {
0xac,0x93,0xa1,0xa6,0x14,0x52,0x99,0xbd,0xe9,0x02,0xf2,0x1a
0xac, 0x93, 0xa1, 0xa6, 0x14, 0x52, 0x99, 0xbd,
0xe9, 0x02, 0xf2, 0x1a
};
static const unsigned char aes_256_gcm_pt[] = {
0x2d,0x71,0xbc,0xfa,0x91,0x4e,0x4a,0xc0,0x45,0xb2,0xaa,0x60,
0x95,0x5f,0xad,0x24
0x2d, 0x71, 0xbc, 0xfa, 0x91, 0x4e, 0x4a, 0xc0,
0x45, 0xb2, 0xaa, 0x60, 0x95, 0x5f, 0xad, 0x24
};
static const unsigned char aes_256_gcm_aad[] = {
0x1e,0x08,0x89,0x01,0x6f,0x67,0x60,0x1c,0x8e,0xbe,0xa4,0x94,
0x3b,0xc2,0x3a,0xd6
0x1e, 0x08, 0x89, 0x01, 0x6f, 0x67, 0x60, 0x1c,
0x8e, 0xbe, 0xa4, 0x94, 0x3b, 0xc2, 0x3a, 0xd6
};
static const unsigned char aes_256_gcm_ct[] = {
0x89,0x95,0xae,0x2e,0x6d,0xf3,0xdb,0xf9,0x6f,0xac,0x7b,0x71,
0x37,0xba,0xe6,0x7f
0x89, 0x95, 0xae, 0x2e, 0x6d, 0xf3, 0xdb, 0xf9,
0x6f, 0xac, 0x7b, 0x71, 0x37, 0xba, 0xe6, 0x7f
};
static const unsigned char aes_256_gcm_tag[] = {
0xec,0xa5,0xaa,0x77,0xd5,0x1d,0x4a,0x0a,0x14,0xd9,0xc5,0x1e,
0x1d,0xa4,0x74,0xab
0xec, 0xa5, 0xaa, 0x77, 0xd5, 0x1d, 0x4a, 0x0a,
0x14, 0xd9, 0xc5, 0x1e, 0x1d, 0xa4, 0x74, 0xab
};
static const ST_KAT_CIPHER st_kat_cipher_tests[] = {
@ -189,27 +225,65 @@ static const ST_KAT_CIPHER st_kat_cipher_tests[] = {
}
};
/*- KDF TEST DATA */
static const char hkdf_digest[] = "SHA256";
static const unsigned char hkdf_secret[] = { 's', 'e', 'c', 'r', 'e', 't' };
static const unsigned char hkdf_salt[] = { 's', 'a', 'l', 't' };
static const unsigned char hkdf_info[] = { 'l', 'a', 'b', 'e', 'l' };
static const ST_KAT_NVP hkdf_ctrl[] =
{
{ "digest", "SHA256" },
{ "key", "secret" },
{ "salt", "salt" },
{ "info", "label" },
{ NULL, NULL }
static const ST_KAT_PARAM hkdf_params[] = {
ST_KAT_PARAM_UTF8STRING(OSSL_KDF_PARAM_DIGEST, hkdf_digest),
ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_KEY, hkdf_secret),
ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_SALT, hkdf_salt),
ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_INFO, hkdf_info),
ST_KAT_PARAM_END()
};
static const unsigned char hkdf_expected[] = {
0x2a, 0xc4, 0x36, 0x9f, 0x52, 0x59, 0x96, 0xf8, 0xde, 0x13
0x2a, 0xc4, 0x36, 0x9f, 0x52, 0x59, 0x96, 0xf8,
0xde, 0x13
};
static const char sskdf_digest[] = "SHA224";
static const unsigned char sskdf_secret[] = {
0x6d, 0xbd, 0xc2, 0x3f, 0x04, 0x54, 0x88, 0xe4,
0x06, 0x27, 0x57, 0xb0, 0x6b, 0x9e, 0xba, 0xe1,
0x83, 0xfc, 0x5a, 0x59, 0x46, 0xd8, 0x0d, 0xb9,
0x3f, 0xec, 0x6f, 0x62, 0xec, 0x07, 0xe3, 0x72,
0x7f, 0x01, 0x26, 0xae, 0xd1, 0x2c, 0xe4, 0xb2,
0x62, 0xf4, 0x7d, 0x48, 0xd5, 0x42, 0x87, 0xf8,
0x1d, 0x47, 0x4c, 0x7c, 0x3b, 0x18, 0x50, 0xe9
};
static const unsigned char sskdf_otherinfo[] = {
0xa1, 0xb2, 0xc3, 0xd4, 0xe5, 0x43, 0x41, 0x56,
0x53, 0x69, 0x64, 0x3c, 0x83, 0x2e, 0x98, 0x49,
0xdc, 0xdb, 0xa7, 0x1e, 0x9a, 0x31, 0x39, 0xe6,
0x06, 0xe0, 0x95, 0xde, 0x3c, 0x26, 0x4a, 0x66,
0xe9, 0x8a, 0x16, 0x58, 0x54, 0xcd, 0x07, 0x98,
0x9b, 0x1e, 0xe0, 0xec, 0x3f, 0x8d, 0xbe
};
static const unsigned char sskdf_expected[] = {
0xa4, 0x62, 0xde, 0x16, 0xa8, 0x9d, 0xe8, 0x46,
0x6e, 0xf5, 0x46, 0x0b, 0x47, 0xb8
};
static const ST_KAT_PARAM sskdf_params[] = {
ST_KAT_PARAM_UTF8STRING(OSSL_KDF_PARAM_DIGEST, sskdf_digest),
ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_KEY, sskdf_secret),
ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_INFO, sskdf_otherinfo),
ST_KAT_PARAM_END()
};
static const ST_KAT_KDF st_kat_kdf_tests[] =
{
{
OSSL_SELF_TEST_DESC_KDF_HKDF,
"HKDF",
hkdf_ctrl,
OSSL_KDF_NAME_HKDF,
hkdf_params,
ITM(hkdf_expected)
},
{
OSSL_SELF_TEST_DESC_KDF_SSKDF,
OSSL_KDF_NAME_SSKDF,
sskdf_params,
ITM(sskdf_expected)
}
};
@ -422,3 +496,691 @@ static const ST_KAT_DRBG st_kat_drbg_tests[] =
ITM(drbg_hmac_sha1_pr_expected)
}
};
/* KEY EXCHANGE TEST DATA */
#ifndef OPENSSL_NO_DH
/* DH KAT */
static const unsigned char dh_p[] = {
0xdc, 0xca, 0x15, 0x11, 0xb2, 0x31, 0x32, 0x25,
0xf5, 0x21, 0x16, 0xe1, 0x54, 0x27, 0x89, 0xe0,
0x01, 0xf0, 0x42, 0x5b, 0xcc, 0xc7, 0xf3, 0x66,
0xf7, 0x40, 0x64, 0x07, 0xf1, 0xc9, 0xfa, 0x8b,
0xe6, 0x10, 0xf1, 0x77, 0x8b, 0xb1, 0x70, 0xbe,
0x39, 0xdb, 0xb7, 0x6f, 0x85, 0xbf, 0x24, 0xce,
0x68, 0x80, 0xad, 0xb7, 0x62, 0x9f, 0x7c, 0x6d,
0x01, 0x5e, 0x61, 0xd4, 0x3f, 0xa3, 0xee, 0x4d,
0xe1, 0x85, 0xf2, 0xcf, 0xd0, 0x41, 0xff, 0xde,
0x9d, 0x41, 0x84, 0x07, 0xe1, 0x51, 0x38, 0xbb,
0x02, 0x1d, 0xae, 0xb3, 0x5f, 0x76, 0x2d, 0x17,
0x82, 0xac, 0xc6, 0x58, 0xd3, 0x2b, 0xd4, 0xb0,
0x23, 0x2c, 0x92, 0x7d, 0xd3, 0x8f, 0xa0, 0x97,
0xb3, 0xd1, 0x85, 0x9f, 0xa8, 0xac, 0xaf, 0xb9,
0x8f, 0x06, 0x66, 0x08, 0xfc, 0x64, 0x4e, 0xc7,
0xdd, 0xb6, 0xf0, 0x85, 0x99, 0xf9, 0x2a, 0xc1,
0xb5, 0x98, 0x25, 0xda, 0x84, 0x32, 0x07, 0x7d,
0xef, 0x69, 0x56, 0x46, 0x06, 0x3c, 0x20, 0x82,
0x3c, 0x95, 0x07, 0xab, 0x6f, 0x01, 0x76, 0xd4,
0x73, 0x0d, 0x99, 0x0d, 0xbb, 0xe6, 0x36, 0x1c,
0xd8, 0xb2, 0xb9, 0x4d, 0x3d, 0x2f, 0x32, 0x9b,
0x82, 0x09, 0x9b, 0xd6, 0x61, 0xf4, 0x29, 0x50,
0xf4, 0x03, 0xdf, 0x3e, 0xde, 0x62, 0xa3, 0x31,
0x88, 0xb0, 0x27, 0x98, 0xba, 0x82, 0x3f, 0x44,
0xb9, 0x46, 0xfe, 0x9d, 0xf6, 0x77, 0xa0, 0xc5,
0xa1, 0x23, 0x8e, 0xaa, 0x97, 0xb7, 0x0f, 0x80,
0xda, 0x8c, 0xac, 0x88, 0xe0, 0x92, 0xb1, 0x12,
0x70, 0x60, 0xff, 0xbf, 0x45, 0x57, 0x99, 0x94,
0x01, 0x1d, 0xc2, 0xfa, 0xa5, 0xe7, 0xf6, 0xc7,
0x62, 0x45, 0xe1, 0xcc, 0x31, 0x22, 0x31, 0xc1,
0x7d, 0x1c, 0xa6, 0xb1, 0x90, 0x07, 0xef, 0x0d,
0xb9, 0x9f, 0x9c, 0xb6, 0x0e, 0x1d, 0x5f, 0x69
};
static const unsigned char dh_q[] = {
0x89, 0x8b, 0x22, 0x67, 0x17, 0xef, 0x03, 0x9e,
0x60, 0x3e, 0x82, 0xe5, 0xc7, 0xaf, 0xe4, 0x83,
0x74, 0xac, 0x5f, 0x62, 0x5c, 0x54, 0xf1, 0xea,
0x11, 0xac, 0xb5, 0x7d
};
static const unsigned char dh_g[] = {
0x5e, 0xf7, 0xb8, 0x8f, 0x2d, 0xf6, 0x01, 0x39,
0x35, 0x1d, 0xfb, 0xfe, 0x12, 0x66, 0x80, 0x5f,
0xdf, 0x35, 0x6c, 0xdf, 0xd1, 0x3a, 0x4d, 0xa0,
0x05, 0x0c, 0x7e, 0xde, 0x24, 0x6d, 0xf5, 0x9f,
0x6a, 0xbf, 0x96, 0xad, 0xe5, 0xf2, 0xb2, 0x8f,
0xfe, 0x88, 0xd6, 0xbc, 0xe7, 0xf7, 0x89, 0x4a,
0x3d, 0x53, 0x5f, 0xc8, 0x21, 0x26, 0xdd, 0xd4,
0x24, 0x87, 0x2e, 0x16, 0xb8, 0x38, 0xdf, 0x8c,
0x51, 0xe9, 0x01, 0x6f, 0x88, 0x9c, 0x7c, 0x20,
0x3e, 0x98, 0xa8, 0xb6, 0x31, 0xf9, 0xc7, 0x25,
0x63, 0xd3, 0x8a, 0x49, 0x58, 0x9a, 0x07, 0x53,
0xd3, 0x58, 0xe7, 0x83, 0x31, 0x8c, 0xef, 0xd9,
0x67, 0x7c, 0x7b, 0x2d, 0xbb, 0x77, 0xd6, 0xdc,
0xe2, 0xa1, 0x96, 0x37, 0x95, 0xca, 0x64, 0xb9,
0x2d, 0x1c, 0x9a, 0xac, 0x6d, 0x0e, 0x8d, 0x43,
0x1d, 0xe5, 0xe5, 0x00, 0x60, 0xdf, 0xf7, 0x86,
0x89, 0xc9, 0xec, 0xa1, 0xc1, 0x24, 0x8c, 0x16,
0xed, 0x09, 0xc7, 0xad, 0x41, 0x2a, 0x17, 0x40,
0x6d, 0x2b, 0x52, 0x5a, 0xa1, 0xca, 0xbb, 0x23,
0x7b, 0x97, 0x34, 0xec, 0x7b, 0x8c, 0xe3, 0xfa,
0xe0, 0x2f, 0x29, 0xc5, 0xef, 0xed, 0x30, 0xd6,
0x91, 0x87, 0xda, 0x10, 0x9c, 0x2c, 0x9f, 0xe2,
0xaa, 0xdb, 0xb0, 0xc2, 0x2a, 0xf5, 0x4c, 0x61,
0x66, 0x55, 0x00, 0x0c, 0x43, 0x1c, 0x6b, 0x4a,
0x37, 0x97, 0x63, 0xb0, 0xa9, 0x16, 0x58, 0xef,
0xc8, 0x4e, 0x8b, 0x06, 0x35, 0x8c, 0x8b, 0x4f,
0x21, 0x37, 0x10, 0xfd, 0x10, 0x17, 0x2c, 0xf3,
0x9b, 0x83, 0x0c, 0x2d, 0xd8, 0x4a, 0x0c, 0x8a,
0xb8, 0x25, 0x16, 0xec, 0xab, 0x99, 0x5f, 0xa4,
0x21, 0x5e, 0x02, 0x3e, 0x4e, 0xcf, 0x80, 0x74,
0xc3, 0x9d, 0x6c, 0x88, 0xb7, 0x0d, 0x1e, 0xe4,
0xe9, 0x6f, 0xdc, 0x20, 0xea, 0x11, 0x5c, 0x32
};
static const unsigned char dh_priv[] = {
0x14, 0x33, 0xe0, 0xb5, 0xa9, 0x17, 0xb6, 0x0a,
0x30, 0x23, 0xf2, 0xf8, 0xaa, 0x2c, 0x2d, 0x70,
0xd2, 0x96, 0x8a, 0xba, 0x9a, 0xea, 0xc8, 0x15,
0x40, 0xb8, 0xfc, 0xe6
};
static const unsigned char dh_pub[] = {
0x95, 0xdd, 0x33, 0x8d, 0x29, 0xe5, 0x71, 0x04,
0x92, 0xb9, 0x18, 0x31, 0x7b, 0x72, 0xa3, 0x69,
0x36, 0xe1, 0x95, 0x1a, 0x2e, 0xe5, 0xa5, 0x59,
0x16, 0x99, 0xc0, 0x48, 0x6d, 0x0d, 0x4f, 0x9b,
0xdd, 0x6d, 0x5a, 0x3f, 0x6b, 0x98, 0x89, 0x0c,
0x62, 0xb3, 0x76, 0x52, 0xd3, 0x6e, 0x71, 0x21,
0x11, 0xe6, 0x8a, 0x73, 0x55, 0x37, 0x25, 0x06,
0x99, 0xef, 0xe3, 0x30, 0x53, 0x73, 0x91, 0xfb,
0xc2, 0xc5, 0x48, 0xbc, 0x5a, 0xc3, 0xe5, 0xb2,
0x33, 0x86, 0xc3, 0xee, 0xf5, 0xeb, 0x43, 0xc0,
0x99, 0xd7, 0x0a, 0x52, 0x02, 0x68, 0x7e, 0x83,
0x96, 0x42, 0x48, 0xfc, 0xa9, 0x1f, 0x40, 0x90,
0x8e, 0x8f, 0xb3, 0x31, 0x93, 0x15, 0xf6, 0xd2,
0x60, 0x6d, 0x7f, 0x7c, 0xd5, 0x2c, 0xc6, 0xe7,
0xc5, 0x84, 0x3a, 0xfb, 0x22, 0x51, 0x9c, 0xf0,
0xf0, 0xf9, 0xd3, 0xa0, 0xa4, 0xe8, 0xc8, 0x88,
0x99, 0xef, 0xed, 0xe7, 0x36, 0x43, 0x51, 0xfb,
0x6a, 0x36, 0x3e, 0xe7, 0x17, 0xe5, 0x44, 0x5a,
0xda, 0xb4, 0xc9, 0x31, 0xa6, 0x48, 0x39, 0x97,
0xb8, 0x7d, 0xad, 0x83, 0x67, 0x7e, 0x4d, 0x1d,
0x3a, 0x77, 0x75, 0xe0, 0xf6, 0xd0, 0x0f, 0xdf,
0x73, 0xc7, 0xad, 0x80, 0x1e, 0x66, 0x5a, 0x0e,
0x5a, 0x79, 0x6d, 0x0a, 0x03, 0x80, 0xa1, 0x9f,
0xa1, 0x82, 0xef, 0xc8, 0xa0, 0x4f, 0x5e, 0x4d,
0xb9, 0x0d, 0x1a, 0x86, 0x37, 0xf9, 0x5d, 0xb1,
0x64, 0x36, 0xbd, 0xc8, 0xf3, 0xfc, 0x09, 0x6c,
0x4f, 0xf7, 0xf2, 0x34, 0xbe, 0x8f, 0xef, 0x47,
0x9a, 0xc4, 0xb0, 0xdc, 0x4b, 0x77, 0x26, 0x3e,
0x07, 0xd9, 0x95, 0x9d, 0xe0, 0xf1, 0xbf, 0x3f,
0x0a, 0xe3, 0xd9, 0xd5, 0x0e, 0x4b, 0x89, 0xc9,
0x9e, 0x3e, 0xa1, 0x21, 0x73, 0x43, 0xdd, 0x8c,
0x65, 0x81, 0xac, 0xc4, 0x95, 0x9c, 0x91, 0xd3
};
static const unsigned char dh_peer_pub[] = {
0x1f, 0xc1, 0xda, 0x34, 0x1d, 0x1a, 0x84, 0x6a,
0x96, 0xb7, 0xbe, 0x24, 0x34, 0x0f, 0x87, 0x7d,
0xd0, 0x10, 0xaa, 0x03, 0x56, 0xd5, 0xad, 0x58,
0xaa, 0xe9, 0xc7, 0xb0, 0x8f, 0x74, 0x9a, 0x32,
0x23, 0x51, 0x10, 0xb5, 0xd8, 0x8e, 0xb5, 0xdb,
0xfa, 0x97, 0x8d, 0x27, 0xec, 0xc5, 0x30, 0xf0,
0x2d, 0x31, 0x14, 0x00, 0x5b, 0x64, 0xb1, 0xc0,
0xe0, 0x24, 0xcb, 0x8a, 0xe2, 0x16, 0x98, 0xbc,
0xa9, 0xe6, 0x0d, 0x42, 0x80, 0x86, 0x22, 0xf1,
0x81, 0xc5, 0x6e, 0x1d, 0xe7, 0xa9, 0x6e, 0x6e,
0xfe, 0xe9, 0xd6, 0x65, 0x67, 0xe9, 0x1b, 0x97,
0x70, 0x42, 0xc7, 0xe3, 0xd0, 0x44, 0x8f, 0x05,
0xfb, 0x77, 0xf5, 0x22, 0xb9, 0xbf, 0xc8, 0xd3,
0x3c, 0xc3, 0xc3, 0x1e, 0xd3, 0xb3, 0x1f, 0x0f,
0xec, 0xb6, 0xdb, 0x4f, 0x6e, 0xa3, 0x11, 0xe7,
0x7a, 0xfd, 0xbc, 0xd4, 0x7a, 0xee, 0x1b, 0xb1,
0x50, 0xf2, 0x16, 0x87, 0x35, 0x78, 0xfb, 0x96,
0x46, 0x8e, 0x8f, 0x9f, 0x3d, 0xe8, 0xef, 0xbf,
0xce, 0x75, 0x62, 0x4b, 0x1d, 0xf0, 0x53, 0x22,
0xa3, 0x4f, 0x14, 0x63, 0xe8, 0x39, 0xe8, 0x98,
0x4c, 0x4a, 0xd0, 0xa9, 0x6e, 0x1a, 0xc8, 0x42,
0xe5, 0x31, 0x8c, 0xc2, 0x3c, 0x06, 0x2a, 0x8c,
0xa1, 0x71, 0xb8, 0xd5, 0x75, 0x98, 0x0d, 0xde,
0x7f, 0xc5, 0x6f, 0x15, 0x36, 0x52, 0x38, 0x20,
0xd4, 0x31, 0x92, 0xbf, 0xd5, 0x1e, 0x8e, 0x22,
0x89, 0x78, 0xac, 0xa5, 0xb9, 0x44, 0x72, 0xf3,
0x39, 0xca, 0xeb, 0x99, 0x31, 0xb4, 0x2b, 0xe3,
0x01, 0x26, 0x8b, 0xc9, 0x97, 0x89, 0xc9, 0xb2,
0x55, 0x71, 0xc3, 0xc0, 0xe4, 0xcb, 0x3f, 0x00,
0x7f, 0x1a, 0x51, 0x1c, 0xbb, 0x53, 0xc8, 0x51,
0x9c, 0xdd, 0x13, 0x02, 0xab, 0xca, 0x6c, 0x0f,
0x34, 0xf9, 0x67, 0x39, 0xf1, 0x7f, 0xf4, 0x8b
};
static const unsigned char dh_secret_expected[] = {
0x08, 0xff, 0x33, 0xbb, 0x2e, 0xcf, 0xf4, 0x9a,
0x7d, 0x4a, 0x79, 0x12, 0xae, 0xb1, 0xbb, 0x6a,
0xb5, 0x11, 0x64, 0x1b, 0x4a, 0x76, 0x77, 0x0c,
0x8c, 0xc1, 0xbc, 0xc2, 0x33, 0x34, 0x3d, 0xfe,
0x70, 0x0d, 0x11, 0x81, 0x3d, 0x2c, 0x9e, 0xd2,
0x3b, 0x21, 0x1c, 0xa9, 0xe8, 0x78, 0x69, 0x21,
0xed, 0xca, 0x28, 0x3c, 0x68, 0xb1, 0x61, 0x53,
0xfa, 0x01, 0xe9, 0x1a, 0xb8, 0x2c, 0x90, 0xdd,
0xab, 0x4a, 0x95, 0x81, 0x67, 0x70, 0xa9, 0x87,
0x10, 0xe1, 0x4c, 0x92, 0xab, 0x83, 0xb6, 0xe4,
0x6e, 0x1e, 0x42, 0x6e, 0xe8, 0x52, 0x43, 0x0d,
0x61, 0x87, 0xda, 0xa3, 0x72, 0x0a, 0x6b, 0xcd,
0x73, 0x23, 0x5c, 0x6b, 0x0f, 0x94, 0x1f, 0x33,
0x64, 0xf5, 0x04, 0x20, 0x55, 0x1a, 0x4b, 0xfe,
0xaf, 0xe2, 0xbc, 0x43, 0x85, 0x05, 0xa5, 0x9a,
0x4a, 0x40, 0xda, 0xca, 0x7a, 0x89, 0x5a, 0x73,
0xdb, 0x57, 0x5c, 0x74, 0xc1, 0x3a, 0x23, 0xad,
0x88, 0x32, 0x95, 0x7d, 0x58, 0x2d, 0x38, 0xf0,
0xa6, 0x16, 0x5f, 0xb0, 0xd7, 0xe9, 0xb8, 0x79,
0x9e, 0x42, 0xfd, 0x32, 0x20, 0xe3, 0x32, 0xe9,
0x81, 0x85, 0xa0, 0xc9, 0x42, 0x97, 0x57, 0xb2,
0xd0, 0xd0, 0x2c, 0x17, 0xdb, 0xaa, 0x1f, 0xf6,
0xed, 0x93, 0xd7, 0xe7, 0x3e, 0x24, 0x1e, 0xae,
0xd9, 0x0c, 0xaf, 0x39, 0x4d, 0x2b, 0xc6, 0x57,
0x0f, 0x18, 0xc8, 0x1f, 0x2b, 0xe5, 0xd0, 0x1a,
0x2c, 0xa9, 0x9f, 0xf1, 0x42, 0xb5, 0xd9, 0x63,
0xf9, 0xf5, 0x00, 0x32, 0x5e, 0x75, 0x56, 0xf9,
0x58, 0x49, 0xb3, 0xff, 0xc7, 0x47, 0x94, 0x86,
0xbe, 0x1d, 0x45, 0x96, 0xa3, 0x10, 0x6b, 0xd5,
0xcb, 0x4f, 0x61, 0xc5, 0x7e, 0xc5, 0xf1, 0x00,
0xfb, 0x7a, 0x0c, 0x82, 0xa1, 0x0b, 0x82, 0x52,
0x6a, 0x97, 0xd1, 0xd9, 0x7d, 0x98, 0xea, 0xf6
};
static const ST_KAT_PARAM dh_group[] = {
ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_FFC_P, dh_p),
ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_FFC_Q, dh_q),
ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_FFC_G, dh_g),
ST_KAT_PARAM_END()
};
/* The host's private key */
static const ST_KAT_PARAM dh_host_key[] = {
ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_PUB_KEY, dh_pub),
ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_PRIV_KEY, dh_priv),
ST_KAT_PARAM_END()
};
/* The peer's public key */
static const ST_KAT_PARAM dh_peer_key[] = {
ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_PUB_KEY, dh_peer_pub),
ST_KAT_PARAM_END()
};
#endif /* OPENSSL_NO_DH */
#ifndef OPENSSL_NO_EC
static const char ecdh_curve_name[] = "prime256v1";
static const unsigned char ecdh_privd[] = {
0x33, 0xd0, 0x43, 0x83, 0xa9, 0x89, 0x56, 0x03,
0xd2, 0xd7, 0xfe, 0x6b, 0x01, 0x6f, 0xe4, 0x59,
0xcc, 0x0d, 0x9a, 0x24, 0x6c, 0x86, 0x1b, 0x2e,
0xdc, 0x4b, 0x4d, 0x35, 0x43, 0xe1, 0x1b, 0xad
};
static const unsigned char ecdh_pub[] = {
0x04,
0x1b, 0x93, 0x67, 0x55, 0x1c, 0x55, 0x9f, 0x63,
0xd1, 0x22, 0xa4, 0xd8, 0xd1, 0x0a, 0x60, 0x6d,
0x02, 0xa5, 0x77, 0x57, 0xc8, 0xa3, 0x47, 0x73,
0x3a, 0x6a, 0x08, 0x28, 0x39, 0xbd, 0xc9, 0xd2,
0x80, 0xec, 0xe9, 0xa7, 0x08, 0x29, 0x71, 0x2f,
0xc9, 0x56, 0x82, 0xee, 0x9a, 0x85, 0x0f, 0x6d,
0x7f, 0x59, 0x5f, 0x8c, 0xd1, 0x96, 0x0b, 0xdf,
0x29, 0x3e, 0x49, 0x07, 0x88, 0x3f, 0x9a, 0x29
};
static const unsigned char ecdh_peer_pub[] = {
0x04,
0x1f, 0x72, 0xbd, 0x2a, 0x3e, 0xeb, 0x6c, 0x76,
0xe5, 0x5d, 0x69, 0x75, 0x24, 0xbf, 0x2f, 0x5b,
0x96, 0xb2, 0x91, 0x62, 0x06, 0x35, 0xcc, 0xb2,
0x4b, 0x31, 0x1b, 0x0c, 0x6f, 0x06, 0x9f, 0x86,
0xcf, 0xc8, 0xac, 0xd5, 0x4f, 0x4d, 0x77, 0xf3,
0x70, 0x4a, 0x8f, 0x04, 0x9a, 0xb1, 0x03, 0xc7,
0xeb, 0xd5, 0x94, 0x78, 0x61, 0xab, 0x78, 0x0c,
0x4a, 0x2d, 0x6b, 0xf3, 0x2f, 0x2e, 0x4a, 0xbc
};
static const ST_KAT_PARAM ecdh_group[] = {
ST_KAT_PARAM_UTF8STRING(OSSL_PKEY_PARAM_EC_NAME, ecdh_curve_name),
ST_KAT_PARAM_END()
};
static const ST_KAT_PARAM ecdh_host_key[] = {
ST_KAT_PARAM_OCTET(OSSL_PKEY_PARAM_PUB_KEY, ecdh_pub),
ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_PRIV_KEY, ecdh_privd),
ST_KAT_PARAM_END()
};
static const ST_KAT_PARAM ecdh_peer_key[] = {
ST_KAT_PARAM_OCTET(OSSL_PKEY_PARAM_PUB_KEY, ecdh_peer_pub),
ST_KAT_PARAM_END()
};
static const unsigned char ecdh_secret_expected[] = {
0x45, 0x2a, 0x2f, 0x0d, 0x24, 0xe6, 0x8d, 0xd0,
0xda, 0x59, 0x7b, 0x0c, 0xec, 0x9b, 0x4c, 0x38,
0x41, 0xdd, 0xce, 0xb3, 0xcc, 0xf1, 0x90, 0x8e,
0x30, 0xdb, 0x5b, 0x5f, 0x97, 0xea, 0xe0, 0xc2
};
#endif /* OPENSSL_NO_EC */
static const ST_KAT_KAS st_kat_kas_tests[] =
{
#ifndef OPENSSL_NO_DH
{
OSSL_SELF_TEST_DESC_KA_DH,
"DH",
dh_group,
dh_host_key,
dh_peer_key,
ITM(dh_secret_expected)
},
#endif /* OPENSSL_NO_DH */
#ifndef OPENSSL_NO_EC
{
OSSL_SELF_TEST_DESC_KA_ECDH,
"EC",
ecdh_group,
ecdh_host_key,
ecdh_peer_key,
ITM(ecdh_secret_expected)
},
#endif /* OPENSSL_NO_EC */
};
#if !defined(OPENSSL_NO_RSA)
/* RSA key data */
static const unsigned char rsa_n[] = {
0xDB, 0x10, 0x1A, 0xC2, 0xA3, 0xF1, 0xDC, 0xFF,
0x13, 0x6B, 0xED, 0x44, 0xDF, 0xF0, 0x02, 0x6D,
0x13, 0xC7, 0x88, 0xDA, 0x70, 0x6B, 0x54, 0xF1,
0xE8, 0x27, 0xDC, 0xC3, 0x0F, 0x99, 0x6A, 0xFA,
0xC6, 0x67, 0xFF, 0x1D, 0x1E, 0x3C, 0x1D, 0xC1,
0xB5, 0x5F, 0x6C, 0xC0, 0xB2, 0x07, 0x3A, 0x6D,
0x41, 0xE4, 0x25, 0x99, 0xAC, 0xFC, 0xD2, 0x0F,
0x02, 0xD3, 0xD1, 0x54, 0x06, 0x1A, 0x51, 0x77,
0xBD, 0xB6, 0xBF, 0xEA, 0xA7, 0x5C, 0x06, 0xA9,
0x5D, 0x69, 0x84, 0x45, 0xD7, 0xF5, 0x05, 0xBA,
0x47, 0xF0, 0x1B, 0xD7, 0x2B, 0x24, 0xEC, 0xCB,
0x9B, 0x1B, 0x10, 0x8D, 0x81, 0xA0, 0xBE, 0xB1,
0x8C, 0x33, 0xE4, 0x36, 0xB8, 0x43, 0xEB, 0x19,
0x2A, 0x81, 0x8D, 0xDE, 0x81, 0x0A, 0x99, 0x48,
0xB6, 0xF6, 0xBC, 0xCD, 0x49, 0x34, 0x3A, 0x8F,
0x26, 0x94, 0xE3, 0x28, 0x82, 0x1A, 0x7C, 0x8F,
0x59, 0x9F, 0x45, 0xE8, 0x5D, 0x1A, 0x45, 0x76,
0x04, 0x56, 0x05, 0xA1, 0xD0, 0x1B, 0x8C, 0x77,
0x6D, 0xAF, 0x53, 0xFA, 0x71, 0xE2, 0x67, 0xE0,
0x9A, 0xFE, 0x03, 0xA9, 0x85, 0xD2, 0xC9, 0xAA,
0xBA, 0x2A, 0xBC, 0xF4, 0xA0, 0x08, 0xF5, 0x13,
0x98, 0x13, 0x5D, 0xF0, 0xD9, 0x33, 0x34, 0x2A,
0x61, 0xC3, 0x89, 0x55, 0xF0, 0xAE, 0x1A, 0x9C,
0x22, 0xEE, 0x19, 0x05, 0x8D, 0x32, 0xFE, 0xEC,
0x9C, 0x84, 0xBA, 0xB7, 0xF9, 0x6C, 0x3A, 0x4F,
0x07, 0xFC, 0x45, 0xEB, 0x12, 0xE5, 0x7B, 0xFD,
0x55, 0xE6, 0x29, 0x69, 0xD1, 0xC2, 0xE8, 0xB9,
0x78, 0x59, 0xF6, 0x79, 0x10, 0xC6, 0x4E, 0xEB,
0x6A, 0x5E, 0xB9, 0x9A, 0xC7, 0xC4, 0x5B, 0x63,
0xDA, 0xA3, 0x3F, 0x5E, 0x92, 0x7A, 0x81, 0x5E,
0xD6, 0xB0, 0xE2, 0x62, 0x8F, 0x74, 0x26, 0xC2,
0x0C, 0xD3, 0x9A, 0x17, 0x47, 0xE6, 0x8E, 0xAB
};
static const unsigned char rsa_e[] = { 0x01, 0x00, 0x01 };
static const unsigned char rsa_d[] = {
0x52, 0x41, 0xF4, 0xDA, 0x7B, 0xB7, 0x59, 0x55,
0xCA, 0xD4, 0x2F, 0x0F, 0x3A, 0xCB, 0xA4, 0x0D,
0x93, 0x6C, 0xCC, 0x9D, 0xC1, 0xB2, 0xFB, 0xFD,
0xAE, 0x40, 0x31, 0xAC, 0x69, 0x52, 0x21, 0x92,
0xB3, 0x27, 0xDF, 0xEA, 0xEE, 0x2C, 0x82, 0xBB,
0xF7, 0x40, 0x32, 0xD5, 0x14, 0xC4, 0x94, 0x12,
0xEC, 0xB8, 0x1F, 0xCA, 0x59, 0xE3, 0xC1, 0x78,
0xF3, 0x85, 0xD8, 0x47, 0xA5, 0xD7, 0x02, 0x1A,
0x65, 0x79, 0x97, 0x0D, 0x24, 0xF4, 0xF0, 0x67,
0x6E, 0x75, 0x2D, 0xBF, 0x10, 0x3D, 0xA8, 0x7D,
0xEF, 0x7F, 0x60, 0xE4, 0xE6, 0x05, 0x82, 0x89,
0x5D, 0xDF, 0xC6, 0xD2, 0x6C, 0x07, 0x91, 0x33,
0x98, 0x42, 0xF0, 0x02, 0x00, 0x25, 0x38, 0xC5,
0x85, 0x69, 0x8A, 0x7D, 0x2F, 0x95, 0x6C, 0x43,
0x9A, 0xB8, 0x81, 0xE2, 0xD0, 0x07, 0x35, 0xAA,
0x05, 0x41, 0xC9, 0x1E, 0xAF, 0xE4, 0x04, 0x3B,
0x19, 0xB8, 0x73, 0xA2, 0xAC, 0x4B, 0x1E, 0x66,
0x48, 0xD8, 0x72, 0x1F, 0xAC, 0xF6, 0xCB, 0xBC,
0x90, 0x09, 0xCA, 0xEC, 0x0C, 0xDC, 0xF9, 0x2C,
0xD7, 0xEB, 0xAE, 0xA3, 0xA4, 0x47, 0xD7, 0x33,
0x2F, 0x8A, 0xCA, 0xBC, 0x5E, 0xF0, 0x77, 0xE4,
0x97, 0x98, 0x97, 0xC7, 0x10, 0x91, 0x7D, 0x2A,
0xA6, 0xFF, 0x46, 0x83, 0x97, 0xDE, 0xE9, 0xE2,
0x17, 0x03, 0x06, 0x14, 0xE2, 0xD7, 0xB1, 0x1D,
0x77, 0xAF, 0x51, 0x27, 0x5B, 0x5E, 0x69, 0xB8,
0x81, 0xE6, 0x11, 0xC5, 0x43, 0x23, 0x81, 0x04,
0x62, 0xFF, 0xE9, 0x46, 0xB8, 0xD8, 0x44, 0xDB,
0xA5, 0xCC, 0x31, 0x54, 0x34, 0xCE, 0x3E, 0x82,
0xD6, 0xBF, 0x7A, 0x0B, 0x64, 0x21, 0x6D, 0x88,
0x7E, 0x5B, 0x45, 0x12, 0x1E, 0x63, 0x8D, 0x49,
0xA7, 0x1D, 0xD9, 0x1E, 0x06, 0xCD, 0xE8, 0xBA,
0x2C, 0x8C, 0x69, 0x32, 0xEA, 0xBE, 0x60, 0x71
};
static const unsigned char rsa_p[] = {
0xFA, 0xAC, 0xE1, 0x37, 0x5E, 0x32, 0x11, 0x34,
0xC6, 0x72, 0x58, 0x2D, 0x91, 0x06, 0x3E, 0x77,
0xE7, 0x11, 0x21, 0xCD, 0x4A, 0xF8, 0xA4, 0x3F,
0x0F, 0xEF, 0x31, 0xE3, 0xF3, 0x55, 0xA0, 0xB9,
0xAC, 0xB6, 0xCB, 0xBB, 0x41, 0xD0, 0x32, 0x81,
0x9A, 0x8F, 0x7A, 0x99, 0x30, 0x77, 0x6C, 0x68,
0x27, 0xE2, 0x96, 0xB5, 0x72, 0xC9, 0xC3, 0xD4,
0x42, 0xAA, 0xAA, 0xCA, 0x95, 0x8F, 0xFF, 0xC9,
0x9B, 0x52, 0x34, 0x30, 0x1D, 0xCF, 0xFE, 0xCF,
0x3C, 0x56, 0x68, 0x6E, 0xEF, 0xE7, 0x6C, 0xD7,
0xFB, 0x99, 0xF5, 0x4A, 0xA5, 0x21, 0x1F, 0x2B,
0xEA, 0x93, 0xE8, 0x98, 0x26, 0xC4, 0x6E, 0x42,
0x21, 0x5E, 0xA0, 0xA1, 0x2A, 0x58, 0x35, 0xBB,
0x10, 0xE7, 0xBA, 0x27, 0x0A, 0x3B, 0xB3, 0xAF,
0xE2, 0x75, 0x36, 0x04, 0xAC, 0x56, 0xA0, 0xAB,
0x52, 0xDE, 0xCE, 0xDD, 0x2C, 0x28, 0x77, 0x03
};
static const unsigned char rsa_q[] = {
0xDF, 0xB7, 0x52, 0xB6, 0xD7, 0xC0, 0xE2, 0x96,
0xE7, 0xC9, 0xFE, 0x5D, 0x71, 0x5A, 0xC4, 0x40,
0x96, 0x2F, 0xE5, 0x87, 0xEA, 0xF3, 0xA5, 0x77,
0x11, 0x67, 0x3C, 0x8D, 0x56, 0x08, 0xA7, 0xB5,
0x67, 0xFA, 0x37, 0xA8, 0xB8, 0xCF, 0x61, 0xE8,
0x63, 0xD8, 0x38, 0x06, 0x21, 0x2B, 0x92, 0x09,
0xA6, 0x39, 0x3A, 0xEA, 0xA8, 0xB4, 0x45, 0x4B,
0x36, 0x10, 0x4C, 0xE4, 0x00, 0x66, 0x71, 0x65,
0xF8, 0x0B, 0x94, 0x59, 0x4F, 0x8C, 0xFD, 0xD5,
0x34, 0xA2, 0xE7, 0x62, 0x84, 0x0A, 0xA7, 0xBB,
0xDB, 0xD9, 0x8A, 0xCD, 0x05, 0xE1, 0xCC, 0x57,
0x7B, 0xF1, 0xF1, 0x1F, 0x11, 0x9D, 0xBA, 0x3E,
0x45, 0x18, 0x99, 0x1B, 0x41, 0x64, 0x43, 0xEE,
0x97, 0x5D, 0x77, 0x13, 0x5B, 0x74, 0x69, 0x73,
0x87, 0x95, 0x05, 0x07, 0xBE, 0x45, 0x07, 0x17,
0x7E, 0x4A, 0x69, 0x22, 0xF3, 0xDB, 0x05, 0x39
};
static const unsigned char rsa_dp[] = {
0x5E, 0xD8, 0xDC, 0xDA, 0x53, 0x44, 0xC4, 0x67,
0xE0, 0x92, 0x51, 0x34, 0xE4, 0x83, 0xA5, 0x4D,
0x3E, 0xDB, 0xA7, 0x9B, 0x82, 0xBB, 0x73, 0x81,
0xFC, 0xE8, 0x77, 0x4B, 0x15, 0xBE, 0x17, 0x73,
0x49, 0x9B, 0x5C, 0x98, 0xBC, 0xBD, 0x26, 0xEF,
0x0C, 0xE9, 0x2E, 0xED, 0x19, 0x7E, 0x86, 0x41,
0x1E, 0x9E, 0x48, 0x81, 0xDD, 0x2D, 0xE4, 0x6F,
0xC2, 0xCD, 0xCA, 0x93, 0x9E, 0x65, 0x7E, 0xD5,
0xEC, 0x73, 0xFD, 0x15, 0x1B, 0xA2, 0xA0, 0x7A,
0x0F, 0x0D, 0x6E, 0xB4, 0x53, 0x07, 0x90, 0x92,
0x64, 0x3B, 0x8B, 0xA9, 0x33, 0xB3, 0xC5, 0x94,
0x9B, 0x4C, 0x5D, 0x9C, 0x7C, 0x46, 0xA4, 0xA5,
0x56, 0xF4, 0xF3, 0xF8, 0x27, 0x0A, 0x7B, 0x42,
0x0D, 0x92, 0x70, 0x47, 0xE7, 0x42, 0x51, 0xA9,
0xC2, 0x18, 0xB1, 0x58, 0xB1, 0x50, 0x91, 0xB8,
0x61, 0x41, 0xB6, 0xA9, 0xCE, 0xD4, 0x7C, 0xBB
};
static const unsigned char rsa_dq[] = {
0x54, 0x09, 0x1F, 0x0F, 0x03, 0xD8, 0xB6, 0xC5,
0x0C, 0xE8, 0xB9, 0x9E, 0x0C, 0x38, 0x96, 0x43,
0xD4, 0xA6, 0xC5, 0x47, 0xDB, 0x20, 0x0E, 0xE5,
0xBD, 0x29, 0xD4, 0x7B, 0x1A, 0xF8, 0x41, 0x57,
0x49, 0x69, 0x9A, 0x82, 0xCC, 0x79, 0x4A, 0x43,
0xEB, 0x4D, 0x8B, 0x2D, 0xF2, 0x43, 0xD5, 0xA5,
0xBE, 0x44, 0xFD, 0x36, 0xAC, 0x8C, 0x9B, 0x02,
0xF7, 0x9A, 0x03, 0xE8, 0x19, 0xA6, 0x61, 0xAE,
0x76, 0x10, 0x93, 0x77, 0x41, 0x04, 0xAB, 0x4C,
0xED, 0x6A, 0xCC, 0x14, 0x1B, 0x99, 0x8D, 0x0C,
0x6A, 0x37, 0x3B, 0x86, 0x6C, 0x51, 0x37, 0x5B,
0x1D, 0x79, 0xF2, 0xA3, 0x43, 0x10, 0xC6, 0xA7,
0x21, 0x79, 0x6D, 0xF9, 0xE9, 0x04, 0x6A, 0xE8,
0x32, 0xFF, 0xAE, 0xFD, 0x1C, 0x7B, 0x8C, 0x29,
0x13, 0xA3, 0x0C, 0xB2, 0xAD, 0xEC, 0x6C, 0x0F,
0x8D, 0x27, 0x12, 0x7B, 0x48, 0xB2, 0xDB, 0x31
};
static const unsigned char rsa_qInv[] = {
0x8D, 0x1B, 0x05, 0xCA, 0x24, 0x1F, 0x0C, 0x53,
0x19, 0x52, 0x74, 0x63, 0x21, 0xFA, 0x78, 0x46,
0x79, 0xAF, 0x5C, 0xDE, 0x30, 0xA4, 0x6C, 0x20,
0x38, 0xE6, 0x97, 0x39, 0xB8, 0x7A, 0x70, 0x0D,
0x8B, 0x6C, 0x6D, 0x13, 0x74, 0xD5, 0x1C, 0xDE,
0xA9, 0xF4, 0x60, 0x37, 0xFE, 0x68, 0x77, 0x5E,
0x0B, 0x4E, 0x5E, 0x03, 0x31, 0x30, 0xDF, 0xD6,
0xAE, 0x85, 0xD0, 0x81, 0xBB, 0x61, 0xC7, 0xB1,
0x04, 0x5A, 0xC4, 0x6D, 0x56, 0x1C, 0xD9, 0x64,
0xE7, 0x85, 0x7F, 0x88, 0x91, 0xC9, 0x60, 0x28,
0x05, 0xE2, 0xC6, 0x24, 0x8F, 0xDD, 0x61, 0x64,
0xD8, 0x09, 0xDE, 0x7E, 0xD3, 0x4A, 0x61, 0x1A,
0xD3, 0x73, 0x58, 0x4B, 0xD8, 0xA0, 0x54, 0x25,
0x48, 0x83, 0x6F, 0x82, 0x6C, 0xAF, 0x36, 0x51,
0x2A, 0x5D, 0x14, 0x2F, 0x41, 0x25, 0x00, 0xDD,
0xF8, 0xF3, 0x95, 0xFE, 0x31, 0x25, 0x50, 0x12
};
static const ST_KAT_PARAM rsa_key[] = {
ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_N, rsa_n),
ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_E, rsa_e),
ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_D, rsa_d),
ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_FACTOR, rsa_p),
ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_FACTOR, rsa_q),
ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_EXPONENT, rsa_dp),
ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_EXPONENT, rsa_dq),
ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_COEFFICIENT, rsa_qInv),
ST_KAT_PARAM_END()
};
static const unsigned char rsa_expected_sig[256] = {
0xad, 0xbe, 0x2a, 0xaf, 0x16, 0x85, 0xc5, 0x00,
0x91, 0x3e, 0xd0, 0x49, 0xfb, 0x3a, 0x81, 0xb9,
0x6c, 0x28, 0xbc, 0xbf, 0xea, 0x96, 0x5f, 0xe4,
0x9f, 0x99, 0xf7, 0x18, 0x8c, 0xec, 0x60, 0x28,
0xeb, 0x29, 0x02, 0x49, 0xfc, 0xda, 0xd7, 0x78,
0x68, 0xf8, 0xe1, 0xe9, 0x4d, 0x20, 0x6d, 0x32,
0xa6, 0xde, 0xfc, 0xe4, 0xda, 0xcc, 0x6c, 0x75,
0x36, 0x6b, 0xff, 0x5a, 0xac, 0x01, 0xa8, 0xc2,
0xa9, 0xe6, 0x8b, 0x18, 0x3e, 0xec, 0xea, 0x4c,
0x4a, 0x9e, 0x00, 0x09, 0xd1, 0x8a, 0x69, 0x1b,
0x8b, 0xd9, 0xad, 0x37, 0xe5, 0x7c, 0xff, 0x7d,
0x59, 0x56, 0x3e, 0xa0, 0xc6, 0x32, 0xd8, 0x35,
0x2f, 0xff, 0xfb, 0x05, 0x02, 0xcd, 0xd7, 0x19,
0xb9, 0x00, 0x86, 0x2a, 0xcf, 0xaa, 0x78, 0x16,
0x4b, 0xf1, 0xa7, 0x59, 0xef, 0x7d, 0xe8, 0x74,
0x23, 0x5c, 0xb2, 0xd4, 0x8a, 0x99, 0xa5, 0xbc,
0xfa, 0x63, 0xd8, 0xf7, 0xbd, 0xc6, 0x00, 0x13,
0x06, 0x02, 0x9a, 0xd4, 0xa7, 0xb4, 0x3d, 0x61,
0xab, 0xf1, 0xc2, 0x95, 0x59, 0x9b, 0x3d, 0x67,
0x1f, 0xde, 0x57, 0xb6, 0xb6, 0x9f, 0xb0, 0x87,
0xd6, 0x51, 0xd5, 0x3e, 0x00, 0xe2, 0xc9, 0xa0,
0x03, 0x66, 0xbc, 0x01, 0xb3, 0x8e, 0xfa, 0xf1,
0x15, 0xeb, 0x26, 0xf1, 0x5d, 0x81, 0x90, 0xb4,
0x1c, 0x00, 0x7c, 0x83, 0x4a, 0xa5, 0xde, 0x64,
0xae, 0xea, 0x6c, 0x43, 0xc3, 0x20, 0x77, 0x77,
0x42, 0x12, 0x24, 0xf5, 0xe3, 0x70, 0xdd, 0x59,
0x48, 0x9c, 0xef, 0xd4, 0x8a, 0x3c, 0x29, 0x6a,
0x0c, 0x9c, 0xf2, 0x13, 0xa4, 0x1c, 0x2f, 0x49,
0xcd, 0xb4, 0xaa, 0x28, 0x40, 0x34, 0xc6, 0x75,
0xba, 0x30, 0xe6, 0xd8, 0x5b, 0x2f, 0x08, 0xd0,
0x29, 0xa5, 0x39, 0xfb, 0x6e, 0x3b, 0x0f, 0x52,
0x2c, 0x68, 0xf0, 0x37, 0xa9, 0xd2, 0x56, 0xd6
};
#endif /* OPENSSL_NO_RSA */
#ifndef OPENSSL_NO_EC
/* ECDSA key data */
static const char ecd_curve_name[] = "secp224r1";
static const unsigned char ecd_priv[] = {
0x98, 0x1f, 0xb5, 0xf1, 0xfc, 0x87, 0x1d, 0x7d,
0xde, 0x1e, 0x01, 0x64, 0x09, 0x9b, 0xe7, 0x1b,
0x9f, 0xad, 0x63, 0xdd, 0x33, 0x01, 0xd1, 0x50,
0x80, 0x93, 0x50, 0x30
};
static const unsigned char ecd_pub[] = {
0x04, 0x95, 0x47, 0x99, 0x44, 0x29, 0x8f, 0x51,
0x39, 0xe2, 0x53, 0xec, 0x79, 0xb0, 0x4d, 0xde,
0x87, 0x1a, 0x76, 0x54, 0xd5, 0x96, 0xb8, 0x7a,
0x6d, 0xf4, 0x1c, 0x2c, 0x87, 0x91, 0x5f, 0xd5,
0x31, 0xdd, 0x24, 0xe5, 0x78, 0xd9, 0x08, 0x24,
0x8a, 0x49, 0x99, 0xec, 0x55, 0xf2, 0x82, 0xb3,
0xc4, 0xb7, 0x33, 0x68, 0xe4, 0x24, 0xa9, 0x12,
0x82
};
static const ST_KAT_PARAM ecdsa_key[] = {
ST_KAT_PARAM_UTF8STRING(OSSL_PKEY_PARAM_EC_NAME, ecd_curve_name),
ST_KAT_PARAM_OCTET(OSSL_PKEY_PARAM_PUB_KEY, ecd_pub),
ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_PRIV_KEY, ecd_priv),
ST_KAT_PARAM_END()
};
#endif /* OPENSSL_NO_EC */
#ifndef OPENSSL_NO_DSA
/* dsa 2048 */
static const unsigned char dsa_p[] = {
0xa2, 0x9b, 0x88, 0x72, 0xce, 0x8b, 0x84, 0x23,
0xb7, 0xd5, 0xd2, 0x1d, 0x4b, 0x02, 0xf5, 0x7e,
0x03, 0xe9, 0xe6, 0xb8, 0xa2, 0x58, 0xdc, 0x16,
0x61, 0x1b, 0xa0, 0x98, 0xab, 0x54, 0x34, 0x15,
0xe4, 0x15, 0xf1, 0x56, 0x99, 0x7a, 0x3e, 0xe2,
0x36, 0x65, 0x8f, 0xa0, 0x93, 0x26, 0x0d, 0xe3,
0xad, 0x42, 0x2e, 0x05, 0xe0, 0x46, 0xf9, 0xec,
0x29, 0x16, 0x1a, 0x37, 0x5f, 0x0e, 0xb4, 0xef,
0xfc, 0xef, 0x58, 0x28, 0x5c, 0x5d, 0x39, 0xed,
0x42, 0x5d, 0x7a, 0x62, 0xca, 0x12, 0x89, 0x6c,
0x4a, 0x92, 0xcb, 0x19, 0x46, 0xf2, 0x95, 0x2a,
0x48, 0x13, 0x3f, 0x07, 0xda, 0x36, 0x4d, 0x1b,
0xdf, 0x6b, 0x0f, 0x71, 0x39, 0x98, 0x3e, 0x69,
0x3c, 0x80, 0x05, 0x9b, 0x0e, 0xac, 0xd1, 0x47,
0x9b, 0xa9, 0xf2, 0x85, 0x77, 0x54, 0xed, 0xe7,
0x5f, 0x11, 0x2b, 0x07, 0xeb, 0xbf, 0x35, 0x34,
0x8b, 0xbf, 0x3e, 0x01, 0xe0, 0x2f, 0x2d, 0x47,
0x3d, 0xe3, 0x94, 0x53, 0xf9, 0x9d, 0xd2, 0x36,
0x75, 0x41, 0xca, 0xca, 0x3b, 0xa0, 0x11, 0x66,
0x34, 0x3d, 0x7b, 0x5b, 0x58, 0xa3, 0x7b, 0xd1,
0xb7, 0x52, 0x1d, 0xb2, 0xf1, 0x3b, 0x86, 0x70,
0x71, 0x32, 0xfe, 0x09, 0xf4, 0xcd, 0x09, 0xdc,
0x16, 0x18, 0xfa, 0x34, 0x01, 0xeb, 0xf9, 0xcc,
0x7b, 0x19, 0xfa, 0x94, 0xaa, 0x47, 0x20, 0x88,
0x13, 0x3d, 0x6c, 0xb2, 0xd3, 0x5c, 0x11, 0x79,
0xc8, 0xc8, 0xff, 0x36, 0x87, 0x58, 0xd5, 0x07,
0xd9, 0xf9, 0xa1, 0x7d, 0x46, 0xc1, 0x10, 0xfe,
0x31, 0x44, 0xce, 0x9b, 0x02, 0x2b, 0x42, 0xe4,
0x19, 0xeb, 0x4f, 0x53, 0x88, 0x61, 0x3b, 0xfc,
0x3e, 0x26, 0x24, 0x1a, 0x43, 0x2e, 0x87, 0x06,
0xbc, 0x58, 0xef, 0x76, 0x11, 0x72, 0x78, 0xde,
0xab, 0x6c, 0xf6, 0x92, 0x61, 0x82, 0x91, 0xb7
};
static const unsigned char dsa_q[] = {
0xa3, 0xbf, 0xd9, 0xab, 0x78, 0x84, 0x79, 0x4e,
0x38, 0x34, 0x50, 0xd5, 0x89, 0x1d, 0xc1, 0x8b,
0x65, 0x15, 0x7b, 0xdc, 0xfc, 0xda, 0xc5, 0x15,
0x18, 0x90, 0x28, 0x67
};
static const unsigned char dsa_g[] = {
0x68, 0x19, 0x27, 0x88, 0x69, 0xc7, 0xfd, 0x3d,
0x2d, 0x7b, 0x77, 0xf7, 0x7e, 0x81, 0x50, 0xd9,
0xad, 0x43, 0x3b, 0xea, 0x3b, 0xa8, 0x5e, 0xfc,
0x80, 0x41, 0x5a, 0xa3, 0x54, 0x5f, 0x78, 0xf7,
0x22, 0x96, 0xf0, 0x6c, 0xb1, 0x9c, 0xed, 0xa0,
0x6c, 0x94, 0xb0, 0x55, 0x1c, 0xfe, 0x6e, 0x6f,
0x86, 0x3e, 0x31, 0xd1, 0xde, 0x6e, 0xed, 0x7d,
0xab, 0x8b, 0x0c, 0x9d, 0xf2, 0x31, 0xe0, 0x84,
0x34, 0xd1, 0x18, 0x4f, 0x91, 0xd0, 0x33, 0x69,
0x6b, 0xb3, 0x82, 0xf8, 0x45, 0x5e, 0x98, 0x88,
0xf5, 0xd3, 0x1d, 0x47, 0x84, 0xec, 0x40, 0x12,
0x02, 0x46, 0xf4, 0xbe, 0xa6, 0x17, 0x94, 0xbb,
0xa5, 0x86, 0x6f, 0x09, 0x74, 0x64, 0x63, 0xbd,
0xf8, 0xe9, 0xe1, 0x08, 0xcd, 0x95, 0x29, 0xc3,
0xd0, 0xf6, 0xdf, 0x80, 0x31, 0x6e, 0x2e, 0x70,
0xaa, 0xeb, 0x1b, 0x26, 0xcd, 0xb8, 0xad, 0x97,
0xbc, 0x3d, 0x28, 0x7e, 0x0b, 0x8d, 0x61, 0x6c,
0x42, 0xe6, 0x5b, 0x87, 0xdb, 0x20, 0xde, 0xb7,
0x00, 0x5b, 0xc4, 0x16, 0x74, 0x7a, 0x64, 0x70,
0x14, 0x7a, 0x68, 0xa7, 0x82, 0x03, 0x88, 0xeb,
0xf4, 0x4d, 0x52, 0xe0, 0x62, 0x8a, 0xf9, 0xcf,
0x1b, 0x71, 0x66, 0xd0, 0x34, 0x65, 0xf3, 0x5a,
0xcc, 0x31, 0xb6, 0x11, 0x0c, 0x43, 0xda, 0xbc,
0x7c, 0x5d, 0x59, 0x1e, 0x67, 0x1e, 0xaf, 0x7c,
0x25, 0x2c, 0x1c, 0x14, 0x53, 0x36, 0xa1, 0xa4,
0xdd, 0xf1, 0x32, 0x44, 0xd5, 0x5e, 0x83, 0x56,
0x80, 0xca, 0xb2, 0x53, 0x3b, 0x82, 0xdf, 0x2e,
0xfe, 0x55, 0xec, 0x18, 0xc1, 0xe6, 0xcd, 0x00,
0x7b, 0xb0, 0x89, 0x75, 0x8b, 0xb1, 0x7c, 0x2c,
0xbe, 0x14, 0x44, 0x1b, 0xd0, 0x93, 0xae, 0x66,
0xe5, 0x97, 0x6d, 0x53, 0x73, 0x3f, 0x4f, 0xa3,
0x26, 0x97, 0x01, 0xd3, 0x1d, 0x23, 0xd4, 0x67
};
static const unsigned char dsa_pub[] = {
0xa0, 0x12, 0xb3, 0xb1, 0x70, 0xb3, 0x07, 0x22,
0x79, 0x57, 0xb7, 0xca, 0x20, 0x61, 0xa8, 0x16,
0xac, 0x7a, 0x2b, 0x3d, 0x9a, 0xe9, 0x95, 0xa5,
0x11, 0x9c, 0x38, 0x5b, 0x60, 0x3b, 0xf6, 0xf6,
0xc5, 0xde, 0x4d, 0xc5, 0xec, 0xb5, 0xdf, 0xa4,
0xa4, 0x1c, 0x68, 0x66, 0x2e, 0xb2, 0x5b, 0x63,
0x8b, 0x7e, 0x26, 0x20, 0xba, 0x89, 0x8d, 0x07,
0xda, 0x6c, 0x49, 0x91, 0xe7, 0x6c, 0xc0, 0xec,
0xd1, 0xad, 0x34, 0x21, 0x07, 0x70, 0x67, 0xe4,
0x7c, 0x18, 0xf5, 0x8a, 0x92, 0xa7, 0x2a, 0xd4,
0x31, 0x99, 0xec, 0xb7, 0xbd, 0x84, 0xe7, 0xd3,
0xaf, 0xb9, 0x01, 0x9f, 0x0e, 0x9d, 0xd0, 0xfb,
0xaa, 0x48, 0x73, 0x00, 0xb1, 0x30, 0x81, 0xe3,
0x3c, 0x90, 0x28, 0x76, 0x43, 0x6f, 0x7b, 0x03,
0xc3, 0x45, 0x52, 0x84, 0x81, 0xd3, 0x62, 0x81,
0x5e, 0x24, 0xfe, 0x59, 0xda, 0xc5, 0xac, 0x34,
0x66, 0x0d, 0x4c, 0x8a, 0x76, 0xcb, 0x99, 0xa7,
0xc7, 0xde, 0x93, 0xeb, 0x95, 0x6c, 0xd6, 0xbc,
0x88, 0xe5, 0x8d, 0x90, 0x10, 0x34, 0x94, 0x4a,
0x09, 0x4b, 0x01, 0x80, 0x3a, 0x43, 0xc6, 0x72,
0xb9, 0x68, 0x8c, 0x0e, 0x01, 0xd8, 0xf4, 0xfc,
0x91, 0xc6, 0x2a, 0x3f, 0x88, 0x02, 0x1f, 0x7b,
0xd6, 0xa6, 0x51, 0xb1, 0xa8, 0x8f, 0x43, 0xaa,
0x4e, 0xf2, 0x76, 0x53, 0xd1, 0x2b, 0xf8, 0xb7,
0x09, 0x9f, 0xdf, 0x6b, 0x46, 0x10, 0x82, 0xf8,
0xe9, 0x39, 0x10, 0x7b, 0xfd, 0x2f, 0x72, 0x10,
0x08, 0x7d, 0x32, 0x6c, 0x37, 0x52, 0x00, 0xf1,
0xf5, 0x1e, 0x7e, 0x74, 0xa3, 0x41, 0x31, 0x90,
0x1b, 0xcd, 0x08, 0x63, 0x52, 0x1f, 0xf8, 0xd6,
0x76, 0xc4, 0x85, 0x81, 0x86, 0x87, 0x36, 0xc5,
0xe5, 0x1b, 0x16, 0xa4, 0xe3, 0x92, 0x15, 0xea,
0x0b, 0x17, 0xc4, 0x73, 0x59, 0x74, 0xc5, 0x16
};
static const unsigned char dsa_priv[] = {
0x6c, 0xca, 0xee, 0xf6, 0xd7, 0x3b, 0x4e, 0x80,
0xf1, 0x1c, 0x17, 0xb8, 0xe9, 0x62, 0x7c, 0x03,
0x66, 0x35, 0xba, 0xc3, 0x94, 0x23, 0x50, 0x5e,
0x40, 0x7e, 0x5c, 0xb7
};
static const ST_KAT_PARAM dsa_key[] = {
ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_FFC_P, dsa_p),
ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_FFC_Q, dsa_q),
ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_FFC_G, dsa_g),
ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_PUB_KEY, dsa_pub),
ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_PRIV_KEY, dsa_priv),
ST_KAT_PARAM_END()
};
#endif /* OPENSSL_NO_DSA */
static const ST_KAT_SIGN st_kat_sign_tests[] = {
#ifndef OPENSSL_NO_RSA
{
OSSL_SELF_TEST_DESC_SIGN_RSA,
"RSA",
"SHA-256",
rsa_key,
ITM(rsa_expected_sig)
},
#endif /* OPENSSL_NO_RSA */
#ifndef OPENSSL_NO_EC
{
OSSL_SELF_TEST_DESC_SIGN_ECDSA,
"EC",
"SHA-256",
ecdsa_key,
/*
* The ECDSA signature changes each time due to it using a random k.
* So there is no expected KAT for this case.
*/
},
#endif /* OPENSSL_NO_EC */
#ifndef OPENSSL_NO_DSA
{
OSSL_SELF_TEST_DESC_SIGN_DSA,
"DSA",
"SHA-256",
dsa_key,
/*
* The DSA signature changes each time due to it using a random k.
* So there is no expected KAT for this case.
*/
},
#endif /* OPENSSL_NO_DSA */
};

274
providers/fips/self_test_kats.c
View File

@ -11,6 +11,8 @@
#include <openssl/evp.h>
#include <openssl/kdf.h>
#include <openssl/rand_drbg.h>
#include <openssl/core_names.h>
#include <openssl/param_build.h>
#include "internal/cryptlib.h"
#include "internal/nelem.h"
#include "self_test.h"
@ -46,10 +48,9 @@ static int self_test_digest(const ST_KAT_DIGEST *t, OSSL_SELF_TEST *st,
goto err;
ok = 1;
err:
OSSL_SELF_TEST_onend(st, ok);
EVP_MD_free(md);
EVP_MD_CTX_free(ctx);
OSSL_SELF_TEST_onend(st, ok);
return ok;
}
@ -142,39 +143,79 @@ err:
return ret;
}
static int add_params(OSSL_PARAM_BLD *bld, const ST_KAT_PARAM *params,
BN_CTX *ctx)
{
int ret = 0;
const ST_KAT_PARAM *p;
if (params == NULL)
return 1;
for (p = params; p->data != NULL; ++p)
{
switch (p->type) {
case OSSL_PARAM_UNSIGNED_INTEGER: {
BIGNUM *bn = BN_CTX_get(ctx);
if (bn == NULL
|| (BN_bin2bn(p->data, p->data_len, bn) == NULL)
|| !OSSL_PARAM_BLD_push_BN(bld, p->name, bn))
goto err;
break;
}
case OSSL_PARAM_UTF8_STRING: {
if (!OSSL_PARAM_BLD_push_utf8_string(bld, p->name, p->data, 0))
goto err;
break;
}
case OSSL_PARAM_OCTET_STRING: {
if (!OSSL_PARAM_BLD_push_octet_string(bld, p->name, p->data,
p->data_len))
goto err;
break;
}
default:
break;
}
}
ret = 1;
err:
return ret;
}
static int self_test_kdf(const ST_KAT_KDF *t, OSSL_SELF_TEST *st,
OPENSSL_CTX *libctx)
{
int ret = 0;
int i, numparams;
unsigned char out[64];
EVP_KDF *kdf = NULL;
EVP_KDF_CTX *ctx = NULL;
OSSL_PARAM params[16];
const OSSL_PARAM *settables = NULL;
BN_CTX *bnctx = NULL;
OSSL_PARAM *params = NULL;
OSSL_PARAM_BLD *bld = NULL;
numparams = OSSL_NELEM(params);
OSSL_SELF_TEST_onbegin(st, OSSL_SELF_TEST_TYPE_KAT_KDF, t->desc);
/* Zeroize the params array to avoid mem leaks on error */
for (i = 0; i < numparams; ++i)
params[i] = OSSL_PARAM_construct_end();
bld = OSSL_PARAM_BLD_new();
if (bld == NULL)
goto err;
kdf = EVP_KDF_fetch(libctx, t->algorithm, "");
if (kdf == NULL)
goto err;
ctx = EVP_KDF_CTX_new(kdf);
if (ctx == NULL)
goto err;
settables = EVP_KDF_settable_ctx_params(kdf);
for (i = 0; t->ctrls[i].name != NULL; ++i) {
if (!ossl_assert(i < (numparams - 1)))
goto err;
if (!OSSL_PARAM_allocate_from_text(&params[i], settables,
t->ctrls[i].name,
t->ctrls[i].value,
strlen(t->ctrls[i].value), NULL))
goto err;
}
bnctx = BN_CTX_new_ex(libctx);
if (bnctx == NULL)
goto err;
if (!add_params(bld, t->params, bnctx))
goto err;
params = OSSL_PARAM_BLD_to_param(bld);
if (params == NULL)
goto err;
if (!EVP_KDF_CTX_set_params(ctx, params))
goto err;
@ -190,10 +231,11 @@ static int self_test_kdf(const ST_KAT_KDF *t, OSSL_SELF_TEST *st,
ret = 1;
err:
for (i = 0; params[i].key != NULL; ++i)
OPENSSL_free(params[i].data);
EVP_KDF_free(kdf);
EVP_KDF_CTX_free(ctx);
BN_CTX_free(bnctx);
OSSL_PARAM_BLD_free_params(params);
OSSL_PARAM_BLD_free(bld);
OSSL_SELF_TEST_onend(st, ret);
return ret;
}
@ -300,6 +342,168 @@ err:
return ret;
}
static int self_test_ka(const ST_KAT_KAS *t,
OSSL_SELF_TEST *st, OPENSSL_CTX *libctx)
{
int ret = 0;
EVP_PKEY_CTX *kactx = NULL, *dctx = NULL;
EVP_PKEY *pkey = NULL, *peerkey = NULL;
OSSL_PARAM *params = NULL;
OSSL_PARAM *params_peer = NULL;
unsigned char secret[256];
size_t secret_len;
OSSL_PARAM_BLD *bld = NULL;
BN_CTX *bnctx = NULL;
OSSL_SELF_TEST_onbegin(st, OSSL_SELF_TEST_TYPE_KAT_KA, t->desc);
bnctx = BN_CTX_new_ex(libctx);
if (bnctx == NULL)
goto err;
bld = OSSL_PARAM_BLD_new();
if (bld == NULL)
goto err;
if (!add_params(bld, t->key_group, bnctx)
|| !add_params(bld, t->key_host_data, bnctx))
goto err;
params = OSSL_PARAM_BLD_to_param(bld);
if (!add_params(bld, t->key_group, bnctx)
|| !add_params(bld, t->key_peer_data, bnctx))
goto err;
params_peer = OSSL_PARAM_BLD_to_param(bld);
if (params == NULL || params_peer == NULL)
goto err;
/* Create a EVP_PKEY_CTX to load the DH keys into */
kactx = EVP_PKEY_CTX_new_from_name(libctx, t->algorithm, "");
if (kactx == NULL)
goto err;
if (EVP_PKEY_key_fromdata_init(kactx) <= 0
|| EVP_PKEY_fromdata(kactx, &pkey, params) <= 0)
goto err;
if (EVP_PKEY_key_fromdata_init(kactx) <= 0
|| EVP_PKEY_fromdata(kactx, &peerkey, params_peer) <= 0)
goto err;
/* Create a EVP_PKEY_CTX to perform key derivation */
dctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, NULL);
if (dctx == NULL)
goto err;
if (EVP_PKEY_derive_init(dctx) <= 0
|| EVP_PKEY_derive_set_peer(dctx, peerkey) <= 0
|| EVP_PKEY_derive(dctx, secret, &secret_len) <= 0)
goto err;
OSSL_SELF_TEST_oncorrupt_byte(st, secret);
if (secret_len != t->expected_len
|| memcmp(secret, t->expected, t->expected_len) != 0)
goto err;
ret = 1;
err:
BN_CTX_free(bnctx);
EVP_PKEY_free(pkey);
EVP_PKEY_free(peerkey);
EVP_PKEY_CTX_free(kactx);
EVP_PKEY_CTX_free(dctx);
OSSL_PARAM_BLD_free_params(params_peer);
OSSL_PARAM_BLD_free_params(params);
OSSL_PARAM_BLD_free(bld);
OSSL_SELF_TEST_onend(st, ret);
return ret;
}
static int self_test_sign(const ST_KAT_SIGN *t,
OSSL_SELF_TEST *st, OPENSSL_CTX *libctx)
{
int ret = 0;
OSSL_PARAM *params = NULL, *params_sig = NULL;
OSSL_PARAM_BLD *bld = NULL;
EVP_PKEY_CTX *sctx = NULL, *kctx = NULL;
EVP_PKEY *pkey = NULL;
unsigned char sig[256];
BN_CTX *bnctx = NULL;
size_t siglen = 0;
static const unsigned char dgst[] = {
0x7f, 0x83, 0xb1, 0x65, 0x7f, 0xf1, 0xfc, 0x53, 0xb9, 0x2d, 0xc1, 0x81,
0x48, 0xa1, 0xd6, 0x5d, 0xfc, 0x2d, 0x4b, 0x1f, 0xa3, 0xd6, 0x77, 0x28,
0x4a, 0xdd, 0xd2, 0x00, 0x12, 0x6d, 0x90, 0x69
};
OSSL_SELF_TEST_onbegin(st, OSSL_SELF_TEST_TYPE_KAT_SIGNATURE, t->desc);
bnctx = BN_CTX_new_ex(libctx);
if (bnctx == NULL)
goto err;
bld = OSSL_PARAM_BLD_new();
if (bld == NULL)
goto err;
if (!add_params(bld, t->key, bnctx))
goto err;
params = OSSL_PARAM_BLD_to_param(bld);
/* Create a EVP_PKEY_CTX to load the DSA key into */
kctx = EVP_PKEY_CTX_new_from_name(libctx, t->algorithm, "");
if (kctx == NULL || params == NULL)
goto err;
if (EVP_PKEY_key_fromdata_init(kctx) <= 0
|| EVP_PKEY_fromdata(kctx, &pkey, params) <= 0)
goto err;
/* Create a EVP_PKEY_CTX to use for the signing operation */
sctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, NULL);
if (sctx == NULL
|| EVP_PKEY_sign_init(sctx) <= 0)
goto err;
/* set signature parameters */
if (!OSSL_PARAM_BLD_push_utf8_string(bld, OSSL_SIGNATURE_PARAM_DIGEST,
t->mdalgorithm,
strlen(t->mdalgorithm) + 1))
goto err;
params_sig = OSSL_PARAM_BLD_to_param(bld);
if (EVP_PKEY_CTX_set_params(sctx, params_sig) <= 0)
goto err;
if (EVP_PKEY_sign(sctx, sig, &siglen, dgst, sizeof(dgst)) <= 0
|| EVP_PKEY_verify_init(sctx) <= 0
|| EVP_PKEY_CTX_set_params(sctx, params_sig) <= 0)
goto err;
/*
* Used by RSA, for other key types where the signature changes, we
* can only use the verify.
*/
if (t->sig_expected != NULL
&& (siglen != t->sig_expected_len
|| memcmp(sig, t->sig_expected, t->sig_expected_len) != 0))
goto err;
OSSL_SELF_TEST_oncorrupt_byte(st, sig);
if (EVP_PKEY_verify(sctx, sig, siglen, dgst, sizeof(dgst)) <= 0)
goto err;
ret = 1;
err:
BN_CTX_free(bnctx);
EVP_PKEY_free(pkey);
EVP_PKEY_CTX_free(kctx);
EVP_PKEY_CTX_free(sctx);
OSSL_PARAM_BLD_free_params(params);
OSSL_PARAM_BLD_free_params(params_sig);
OSSL_PARAM_BLD_free(bld);
OSSL_SELF_TEST_onend(st, ret);
return ret;
}
/*
* Test a data driven list of KAT's for digest algorithms.
* All tests are run regardless of if they fail or not.
@ -349,12 +553,32 @@ static int self_test_drbgs(OSSL_SELF_TEST *st, OPENSSL_CTX *libctx)
return ret;
}
static int self_test_kas(OSSL_SELF_TEST *st, OPENSSL_CTX *libctx)
{
int i, ret = 1;
for (i = 0; i < (int)OSSL_NELEM(st_kat_kas_tests); ++i) {
if (!self_test_ka(&st_kat_kas_tests[i], st, libctx))
ret = 0;
}
return ret;
}
static int self_test_signatures(OSSL_SELF_TEST *st, OPENSSL_CTX *libctx)
{
int i, ret = 1;
for (i = 0; i < (int)OSSL_NELEM(st_kat_sign_tests); ++i) {
if (!self_test_sign(&st_kat_sign_tests[i], st, libctx))
ret = 0;
}
return ret;
}
/*
* Run the algorithm KAT's.
* Return 1 is successful, otherwise return 0.
* This runs all the tests regardless of if any fail.
*
* TODO(3.0) Add self tests for KA, Sign/Verify when they become available
*/
int SELF_TEST_kats(OSSL_SELF_TEST *st, OPENSSL_CTX *libctx)
{
@ -364,10 +588,14 @@ int SELF_TEST_kats(OSSL_SELF_TEST *st, OPENSSL_CTX *libctx)
ret = 0;
if (!self_test_ciphers(st, libctx))
ret = 0;
if (!self_test_signatures(st, libctx))
ret = 0;
if (!self_test_kdfs(st, libctx))
ret = 0;
if (!self_test_drbgs(st, libctx))
ret = 0;
if (!self_test_kas(st, libctx))
ret = 0;
return ret;
}

20
test/recipes/03-test_fipsinstall.t
View File

@ -24,7 +24,7 @@ use platform;
plan skip_all => "Test only supported in a fips build" if disabled("fips");
plan tests => 10;
plan tests => 12;
my $infile = bldtop_file('providers', platform->dso('fips'));
$ENV{OPENSSL_MODULES} = bldtop_dir("providers");
@ -99,3 +99,21 @@ ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips.cnf', '-module', $infile,
'-macopt', 'digest:SHA256', '-macopt', 'hexkey:00',
'-section_name', 'fips_install', '-corrupt_desc', 'CTR'])),
"fipsinstall fails when the DRBG CTR result is corrupted");
# corrupt a KAS test
ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips.conf', '-module', $infile,
'-provider_name', 'fips', '-mac_name', 'HMAC',
'-macopt', 'digest:SHA256', '-macopt', 'hexkey:00',
'-section_name', 'fips_install',
'-corrupt_desc', 'DH',
'-corrupt_type', 'KAT_KA'])),
"fipsinstall fails when the kas result is corrupted");
# corrupt a Signature test
ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips.conf', '-module', $infile,
'-provider_name', 'fips', '-mac_name', 'HMAC',
'-macopt', 'digest:SHA256', '-macopt', 'hexkey:00',
'-section_name', 'fips_install',
'-corrupt_desc', 'DSA',
'-corrupt_type', 'KAT_Signature'])),
"fipsinstall fails when the signature result is corrupted");