self_test_kats.c@ 104031

Last change on this file since 104031 was 102863, checked in by vboxsync, 11 months ago
openssl-3.1.4: Applied and adjusted our OpenSSL changes to 3.1.3. bugref:10577
File size: 26.3 KB

Line
1	/*
2	* Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
3	*
4	* Licensed under the Apache License 2.0 (the "License"). You may not use
5	* this file except in compliance with the License. You can obtain a copy
6	* in the file LICENSE in the source distribution or at
7	* https://www.openssl.org/source/license.html
8	*/
9
10	#include <string.h>
11	#include <openssl/evp.h>
12	#include <openssl/kdf.h>
13	#include <openssl/core_names.h>
14	#include <openssl/param_build.h>
15	#include <openssl/rand.h>
16	#include "crypto/rand.h"
17	#include "internal/cryptlib.h"
18	#include "internal/nelem.h"
19	#include "self_test.h"
20	#include "self_test_data.inc"
21
22	static int set_kat_drbg(OSSL_LIB_CTX *ctx,
23	const unsigned char *entropy, size_t entropy_len,
24	const unsigned char *nonce, size_t nonce_len,
25	const unsigned char *persstr, size_t persstr_len);
26	static int reset_main_drbg(OSSL_LIB_CTX *ctx);
27
28	static int self_test_digest(const ST_KAT_DIGEST t, OSSL_SELF_TEST st,
29	OSSL_LIB_CTX *libctx)
30	{
31	int ok = 0;
32	unsigned char out[EVP_MAX_MD_SIZE];
33	unsigned int out_len = 0;
34	EVP_MD_CTX *ctx = EVP_MD_CTX_new();
35	EVP_MD *md = EVP_MD_fetch(libctx, t->algorithm, NULL);
36
37	OSSL_SELF_TEST_onbegin(st, OSSL_SELF_TEST_TYPE_KAT_DIGEST, t->desc);
38
39	if (ctx == NULL
40	\|\| md == NULL
41	\|\| !EVP_DigestInit_ex(ctx, md, NULL)
42	\|\| !EVP_DigestUpdate(ctx, t->pt, t->pt_len)
43	\|\| !EVP_DigestFinal(ctx, out, &out_len))
44	goto err;
45
46	/* Optional corruption */
47	OSSL_SELF_TEST_oncorrupt_byte(st, out);
48
49	if (out_len != t->expected_len
50	\|\| memcmp(out, t->expected, out_len) != 0)
51	goto err;
52	ok = 1;
53	err:
54	EVP_MD_free(md);
55	EVP_MD_CTX_free(ctx);
56	OSSL_SELF_TEST_onend(st, ok);
57	return ok;
58	}
59
60	/*
61	* Helper function to setup a EVP_CipherInit
62	* Used to hide the complexity of Authenticated ciphers.
63	*/
64	static int cipher_init(EVP_CIPHER_CTX ctx, const EVP_CIPHER cipher,
65	const ST_KAT_CIPHER *t, int enc)
66	{
67	unsigned char *in_tag = NULL;
68	int pad = 0, tmp;
69
70	/* Flag required for Key wrapping */
71	EVP_CIPHER_CTX_set_flags(ctx, EVP_CIPHER_CTX_FLAG_WRAP_ALLOW);
72	if (t->tag == NULL) {
73	/* Use a normal cipher init */
74	return EVP_CipherInit_ex(ctx, cipher, NULL, t->key, t->iv, enc)
75	&& EVP_CIPHER_CTX_set_padding(ctx, pad);
76	}
77
78	/* The authenticated cipher init */
79	if (!enc)
80	in_tag = (unsigned char *)t->tag;
81
82	return EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc)
83	&& (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, t->iv_len, NULL) > 0)
84	&& (in_tag == NULL
85	\|\| EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, t->tag_len,
86	in_tag) > 0)
87	&& EVP_CipherInit_ex(ctx, NULL, NULL, t->key, t->iv, enc)
88	&& EVP_CIPHER_CTX_set_padding(ctx, pad)
89	&& EVP_CipherUpdate(ctx, NULL, &tmp, t->aad, t->aad_len);
90	}
91
92	/* Test a single KAT for encrypt/decrypt */
93	static int self_test_cipher(const ST_KAT_CIPHER t, OSSL_SELF_TEST st,
94	OSSL_LIB_CTX *libctx)
95	{
96	int ret = 0, encrypt = 1, len = 0, ct_len = 0, pt_len = 0;
97	EVP_CIPHER_CTX *ctx = NULL;
98	EVP_CIPHER *cipher = NULL;
99	unsigned char ct_buf[256] = { 0 };
100	unsigned char pt_buf[256] = { 0 };
101
102	OSSL_SELF_TEST_onbegin(st, OSSL_SELF_TEST_TYPE_KAT_CIPHER, t->base.desc);
103
104	ctx = EVP_CIPHER_CTX_new();
105	if (ctx == NULL)
106	goto err;
107	cipher = EVP_CIPHER_fetch(libctx, t->base.algorithm, NULL);
108	if (cipher == NULL)
109	goto err;
110
111	/* Encrypt plain text message */
112	if ((t->mode & CIPHER_MODE_ENCRYPT) != 0) {
113	if (!cipher_init(ctx, cipher, t, encrypt)
114	\|\| !EVP_CipherUpdate(ctx, ct_buf, &len, t->base.pt,
115	t->base.pt_len)
116	\|\| !EVP_CipherFinal_ex(ctx, ct_buf + len, &ct_len))
117	goto err;
118
119	OSSL_SELF_TEST_oncorrupt_byte(st, ct_buf);
120	ct_len += len;
121	if (ct_len != (int)t->base.expected_len
122	\|\| memcmp(t->base.expected, ct_buf, ct_len) != 0)
123	goto err;
124
125	if (t->tag != NULL) {
126	unsigned char tag[16] = { 0 };
127
128	if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, t->tag_len,
129	tag) <= 0
130	\|\| memcmp(tag, t->tag, t->tag_len) != 0)
131	goto err;
132	}
133	}
134
135	/* Decrypt cipher text */
136	if ((t->mode & CIPHER_MODE_DECRYPT) != 0) {
137	if (!(cipher_init(ctx, cipher, t, !encrypt)
138	&& EVP_CipherUpdate(ctx, pt_buf, &len,
139	t->base.expected, t->base.expected_len)
140	&& EVP_CipherFinal_ex(ctx, pt_buf + len, &pt_len)))
141	goto err;
142	OSSL_SELF_TEST_oncorrupt_byte(st, pt_buf);
143	pt_len += len;
144	if (pt_len != (int)t->base.pt_len
145	\|\| memcmp(pt_buf, t->base.pt, pt_len) != 0)
146	goto err;
147	}
148
149	ret = 1;
150	err:
151	EVP_CIPHER_free(cipher);
152	EVP_CIPHER_CTX_free(ctx);
153	OSSL_SELF_TEST_onend(st, ret);
154	return ret;
155	}
156
157	static int add_params(OSSL_PARAM_BLD bld, const ST_KAT_PARAM params,
158	BN_CTX *ctx)
159	{
160	int ret = 0;
161	const ST_KAT_PARAM *p;
162
163	if (params == NULL)
164	return 1;
165	for (p = params; p->data != NULL; ++p)
166	{
167	switch (p->type) {
168	case OSSL_PARAM_UNSIGNED_INTEGER: {
169	BIGNUM *bn = BN_CTX_get(ctx);
170
171	if (bn == NULL
172	\|\| (BN_bin2bn(p->data, p->data_len, bn) == NULL)
173	\|\| !OSSL_PARAM_BLD_push_BN(bld, p->name, bn))
174	goto err;
175	break;
176	}
177	case OSSL_PARAM_UTF8_STRING: {
178	if (!OSSL_PARAM_BLD_push_utf8_string(bld, p->name, p->data,
179	p->data_len))
180	goto err;
181	break;
182	}
183	case OSSL_PARAM_OCTET_STRING: {
184	if (!OSSL_PARAM_BLD_push_octet_string(bld, p->name, p->data,
185	p->data_len))
186	goto err;
187	break;
188	}
189	case OSSL_PARAM_INTEGER: {
190	if (!OSSL_PARAM_BLD_push_int(bld, p->name, (int )p->data))
191	goto err;
192	break;
193	}
194	default:
195	break;
196	}
197	}
198	ret = 1;
199	err:
200	return ret;
201	}
202
203	static int self_test_kdf(const ST_KAT_KDF t, OSSL_SELF_TEST st,
204	OSSL_LIB_CTX *libctx)
205	{
206	int ret = 0;
207	unsigned char out[128];
208	EVP_KDF *kdf = NULL;
209	EVP_KDF_CTX *ctx = NULL;
210	BN_CTX *bnctx = NULL;
211	OSSL_PARAM *params = NULL;
212	OSSL_PARAM_BLD *bld = NULL;
213
214	OSSL_SELF_TEST_onbegin(st, OSSL_SELF_TEST_TYPE_KAT_KDF, t->desc);
215
216	bld = OSSL_PARAM_BLD_new();
217	if (bld == NULL)
218	goto err;
219
220	kdf = EVP_KDF_fetch(libctx, t->algorithm, "");
221	if (kdf == NULL)
222	goto err;
223
224	ctx = EVP_KDF_CTX_new(kdf);
225	if (ctx == NULL)
226	goto err;
227
228	bnctx = BN_CTX_new_ex(libctx);
229	if (bnctx == NULL)
230	goto err;
231	if (!add_params(bld, t->params, bnctx))
232	goto err;
233	params = OSSL_PARAM_BLD_to_param(bld);
234	if (params == NULL)
235	goto err;
236
237	if (t->expected_len > sizeof(out))
238	goto err;
239	if (EVP_KDF_derive(ctx, out, t->expected_len, params) <= 0)
240	goto err;
241
242	OSSL_SELF_TEST_oncorrupt_byte(st, out);
243
244	if (memcmp(out, t->expected, t->expected_len) != 0)
245	goto err;
246
247	ret = 1;
248	err:
249	EVP_KDF_free(kdf);
250	EVP_KDF_CTX_free(ctx);
251	BN_CTX_free(bnctx);
252	OSSL_PARAM_free(params);
253	OSSL_PARAM_BLD_free(bld);
254	OSSL_SELF_TEST_onend(st, ret);
255	return ret;
256	}
257
258	static int self_test_drbg(const ST_KAT_DRBG t, OSSL_SELF_TEST st,
259	OSSL_LIB_CTX *libctx)
260	{
261	int ret = 0;
262	unsigned char out[256];
263	EVP_RAND *rand;
264	EVP_RAND_CTX test = NULL, drbg = NULL;
265	unsigned int strength = 256;
266	int prediction_resistance = 1; /* Causes a reseed */
267	OSSL_PARAM drbg_params[3] = {
268	OSSL_PARAM_END, OSSL_PARAM_END, OSSL_PARAM_END
269	};
270
271	OSSL_SELF_TEST_onbegin(st, OSSL_SELF_TEST_TYPE_DRBG, t->desc);
272
273	rand = EVP_RAND_fetch(libctx, "TEST-RAND", NULL);
274	if (rand == NULL)
275	goto err;
276
277	test = EVP_RAND_CTX_new(rand, NULL);
278	EVP_RAND_free(rand);
279	if (test == NULL)
280	goto err;
281
282	drbg_params[0] = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_STRENGTH,
283	&strength);
284	if (!EVP_RAND_CTX_set_params(test, drbg_params))
285	goto err;
286
287	rand = EVP_RAND_fetch(libctx, t->algorithm, NULL);
288	if (rand == NULL)
289	goto err;
290
291	drbg = EVP_RAND_CTX_new(rand, test);
292	EVP_RAND_free(rand);
293	if (drbg == NULL)
294	goto err;
295
296	strength = EVP_RAND_get_strength(drbg);
297
298	drbg_params[0] = OSSL_PARAM_construct_utf8_string(t->param_name,
299	t->param_value, 0);
300	/* This is only used by HMAC-DRBG but it is ignored by the others */
301	drbg_params[1] =
302	OSSL_PARAM_construct_utf8_string(OSSL_DRBG_PARAM_MAC, "HMAC", 0);
303	if (!EVP_RAND_CTX_set_params(drbg, drbg_params))
304	goto err;
305
306	drbg_params[0] =
307	OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY,
308	(void *)t->entropyin,
309	t->entropyinlen);
310	drbg_params[1] =
311	OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_NONCE,
312	(void *)t->nonce, t->noncelen);
313	if (!EVP_RAND_instantiate(test, strength, 0, NULL, 0, drbg_params))
314	goto err;
315	if (!EVP_RAND_instantiate(drbg, strength, 0, t->persstr, t->persstrlen,
316	NULL))
317	goto err;
318
319	drbg_params[0] =
320	OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY,
321	(void *)t->entropyinpr1,
322	t->entropyinpr1len);
323	if (!EVP_RAND_CTX_set_params(test, drbg_params))
324	goto err;
325
326	if (!EVP_RAND_generate(drbg, out, t->expectedlen, strength,
327	prediction_resistance,
328	t->entropyaddin1, t->entropyaddin1len))
329	goto err;
330
331	drbg_params[0] =
332	OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY,
333	(void *)t->entropyinpr2,
334	t->entropyinpr2len);
335	if (!EVP_RAND_CTX_set_params(test, drbg_params))
336	goto err;
337
338	/*
339	* This calls ossl_prov_drbg_reseed() internally when
340	* prediction_resistance = 1
341	*/
342	if (!EVP_RAND_generate(drbg, out, t->expectedlen, strength,
343	prediction_resistance,
344	t->entropyaddin2, t->entropyaddin2len))
345	goto err;
346
347	OSSL_SELF_TEST_oncorrupt_byte(st, out);
348
349	if (memcmp(out, t->expected, t->expectedlen) != 0)
350	goto err;
351
352	if (!EVP_RAND_uninstantiate(drbg))
353	goto err;
354	/*
355	* Check that the DRBG data has been zeroized after
356	* ossl_prov_drbg_uninstantiate.
357	*/
358	if (!EVP_RAND_verify_zeroization(drbg))
359	goto err;
360
361	ret = 1;
362	err:
363	EVP_RAND_CTX_free(drbg);
364	EVP_RAND_CTX_free(test);
365	OSSL_SELF_TEST_onend(st, ret);
366	return ret;
367	}
368
369	#if !defined(OPENSSL_NO_DH) \|\| !defined(OPENSSL_NO_EC)
370	static int self_test_ka(const ST_KAT_KAS *t,
371	OSSL_SELF_TEST st, OSSL_LIB_CTX libctx)
372	{
373	int ret = 0;
374	EVP_PKEY_CTX kactx = NULL, dctx = NULL;
375	EVP_PKEY pkey = NULL, peerkey = NULL;
376	OSSL_PARAM *params = NULL;
377	OSSL_PARAM *params_peer = NULL;
378	unsigned char secret[256];
379	size_t secret_len = sizeof(secret);
380	OSSL_PARAM_BLD *bld = NULL;
381	BN_CTX *bnctx = NULL;
382
383	OSSL_SELF_TEST_onbegin(st, OSSL_SELF_TEST_TYPE_KAT_KA, t->desc);
384
385	bnctx = BN_CTX_new_ex(libctx);
386	if (bnctx == NULL)
387	goto err;
388
389	bld = OSSL_PARAM_BLD_new();
390	if (bld == NULL)
391	goto err;
392
393	if (!add_params(bld, t->key_group, bnctx)
394	\|\| !add_params(bld, t->key_host_data, bnctx))
395	goto err;
396	params = OSSL_PARAM_BLD_to_param(bld);
397
398	if (!add_params(bld, t->key_group, bnctx)
399	\|\| !add_params(bld, t->key_peer_data, bnctx))
400	goto err;
401
402	params_peer = OSSL_PARAM_BLD_to_param(bld);
403	if (params == NULL \|\| params_peer == NULL)
404	goto err;
405
406	/* Create a EVP_PKEY_CTX to load the DH keys into */
407	kactx = EVP_PKEY_CTX_new_from_name(libctx, t->algorithm, "");
408	if (kactx == NULL)
409	goto err;
410	if (EVP_PKEY_fromdata_init(kactx) <= 0
411	\|\| EVP_PKEY_fromdata(kactx, &pkey, EVP_PKEY_KEYPAIR, params) <= 0)
412	goto err;
413	if (EVP_PKEY_fromdata_init(kactx) <= 0
414	\|\| EVP_PKEY_fromdata(kactx, &peerkey, EVP_PKEY_KEYPAIR, params_peer) <= 0)
415	goto err;
416
417	/* Create a EVP_PKEY_CTX to perform key derivation */
418	dctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, NULL);
419	if (dctx == NULL)
420	goto err;
421
422	if (EVP_PKEY_derive_init(dctx) <= 0
423	\|\| EVP_PKEY_derive_set_peer(dctx, peerkey) <= 0
424	\|\| EVP_PKEY_derive(dctx, secret, &secret_len) <= 0)
425	goto err;
426
427	OSSL_SELF_TEST_oncorrupt_byte(st, secret);
428
429	if (secret_len != t->expected_len
430	\|\| memcmp(secret, t->expected, t->expected_len) != 0)
431	goto err;
432	ret = 1;
433	err:
434	BN_CTX_free(bnctx);
435	EVP_PKEY_free(pkey);
436	EVP_PKEY_free(peerkey);
437	EVP_PKEY_CTX_free(kactx);
438	EVP_PKEY_CTX_free(dctx);
439	OSSL_PARAM_free(params_peer);
440	OSSL_PARAM_free(params);
441	OSSL_PARAM_BLD_free(bld);
442	OSSL_SELF_TEST_onend(st, ret);
443	return ret;
444	}
445	#endif /* !defined(OPENSSL_NO_DH) \|\| !defined(OPENSSL_NO_EC) */
446
447	static int self_test_sign(const ST_KAT_SIGN *t,
448	OSSL_SELF_TEST st, OSSL_LIB_CTX libctx)
449	{
450	int ret = 0;
451	OSSL_PARAM params = NULL, params_sig = NULL;
452	OSSL_PARAM_BLD *bld = NULL;
453	EVP_PKEY_CTX sctx = NULL, kctx = NULL;
454	EVP_PKEY *pkey = NULL;
455	unsigned char sig[256];
456	BN_CTX *bnctx = NULL;
457	size_t siglen = sizeof(sig);
458	static const unsigned char dgst[] = {
459	0x7f, 0x83, 0xb1, 0x65, 0x7f, 0xf1, 0xfc, 0x53, 0xb9, 0x2d, 0xc1, 0x81,
460	0x48, 0xa1, 0xd6, 0x5d, 0xfc, 0x2d, 0x4b, 0x1f, 0xa3, 0xd6, 0x77, 0x28,
461	0x4a, 0xdd, 0xd2, 0x00, 0x12, 0x6d, 0x90, 0x69
462	};
463	const char *typ = OSSL_SELF_TEST_TYPE_KAT_SIGNATURE;
464
465	if (t->sig_expected == NULL)
466	typ = OSSL_SELF_TEST_TYPE_PCT_SIGNATURE;
467
468	OSSL_SELF_TEST_onbegin(st, typ, t->desc);
469
470	bnctx = BN_CTX_new_ex(libctx);
471	if (bnctx == NULL)
472	goto err;
473
474	bld = OSSL_PARAM_BLD_new();
475	if (bld == NULL)
476	goto err;
477
478	if (!add_params(bld, t->key, bnctx))
479	goto err;
480	params = OSSL_PARAM_BLD_to_param(bld);
481
482	/* Create a EVP_PKEY_CTX to load the DSA key into */
483	kctx = EVP_PKEY_CTX_new_from_name(libctx, t->algorithm, "");
484	if (kctx == NULL \|\| params == NULL)
485	goto err;
486	if (EVP_PKEY_fromdata_init(kctx) <= 0
487	\|\| EVP_PKEY_fromdata(kctx, &pkey, EVP_PKEY_KEYPAIR, params) <= 0)
488	goto err;
489
490	/* Create a EVP_PKEY_CTX to use for the signing operation */
491	sctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, NULL);
492	if (sctx == NULL
493	\|\| EVP_PKEY_sign_init(sctx) <= 0)
494	goto err;
495
496	/* set signature parameters */
497	if (!OSSL_PARAM_BLD_push_utf8_string(bld, OSSL_SIGNATURE_PARAM_DIGEST,
498	t->mdalgorithm,
499	strlen(t->mdalgorithm) + 1))
500	goto err;
501	params_sig = OSSL_PARAM_BLD_to_param(bld);
502	if (EVP_PKEY_CTX_set_params(sctx, params_sig) <= 0)
503	goto err;
504
505	if (EVP_PKEY_sign(sctx, sig, &siglen, dgst, sizeof(dgst)) <= 0
506	\|\| EVP_PKEY_verify_init(sctx) <= 0
507	\|\| EVP_PKEY_CTX_set_params(sctx, params_sig) <= 0)
508	goto err;
509
510	if (t->sig_expected != NULL
511	&& (siglen != t->sig_expected_len
512	\|\| memcmp(sig, t->sig_expected, t->sig_expected_len) != 0))
513	goto err;
514
515	OSSL_SELF_TEST_oncorrupt_byte(st, sig);
516	if (EVP_PKEY_verify(sctx, sig, siglen, dgst, sizeof(dgst)) <= 0)
517	goto err;
518	ret = 1;
519	err:
520	BN_CTX_free(bnctx);
521	EVP_PKEY_free(pkey);
522	EVP_PKEY_CTX_free(kctx);
523	EVP_PKEY_CTX_free(sctx);
524	OSSL_PARAM_free(params);
525	OSSL_PARAM_free(params_sig);
526	OSSL_PARAM_BLD_free(bld);
527	OSSL_SELF_TEST_onend(st, ret);
528	return ret;
529	}
530
531	/*
532	* Test an encrypt or decrypt KAT..
533	*
534	* FIPS 140-2 IG D.9 states that separate KAT tests are needed for encrypt
535	* and decrypt..
536	*/
537	static int self_test_asym_cipher(const ST_KAT_ASYM_CIPHER t, OSSL_SELF_TEST st,
538	OSSL_LIB_CTX *libctx)
539	{
540	int ret = 0;
541	OSSL_PARAM keyparams = NULL, initparams = NULL;
542	OSSL_PARAM_BLD keybld = NULL, initbld = NULL;
543	EVP_PKEY_CTX encctx = NULL, keyctx = NULL;
544	EVP_PKEY *key = NULL;
545	BN_CTX *bnctx = NULL;
546	unsigned char out[256];
547	size_t outlen = sizeof(out);
548
549	OSSL_SELF_TEST_onbegin(st, OSSL_SELF_TEST_TYPE_KAT_ASYM_CIPHER, t->desc);
550
551	bnctx = BN_CTX_new_ex(libctx);
552	if (bnctx == NULL)
553	goto err;
554
555	/* Load a public or private key from data */
556	keybld = OSSL_PARAM_BLD_new();
557	if (keybld == NULL
558	\|\| !add_params(keybld, t->key, bnctx))
559	goto err;
560	keyparams = OSSL_PARAM_BLD_to_param(keybld);
561	keyctx = EVP_PKEY_CTX_new_from_name(libctx, t->algorithm, NULL);
562	if (keyctx == NULL \|\| keyparams == NULL)
563	goto err;
564	if (EVP_PKEY_fromdata_init(keyctx) <= 0
565	\|\| EVP_PKEY_fromdata(keyctx, &key, EVP_PKEY_KEYPAIR, keyparams) <= 0)
566	goto err;
567
568	/* Create a EVP_PKEY_CTX to use for the encrypt or decrypt operation */
569	encctx = EVP_PKEY_CTX_new_from_pkey(libctx, key, NULL);
570	if (encctx == NULL
571	\|\| (t->encrypt && EVP_PKEY_encrypt_init(encctx) <= 0)
572	\|\| (!t->encrypt && EVP_PKEY_decrypt_init(encctx) <= 0))
573	goto err;
574
575	/* Add any additional parameters such as padding */
576	if (t->postinit != NULL) {
577	initbld = OSSL_PARAM_BLD_new();
578	if (initbld == NULL)
579	goto err;
580	if (!add_params(initbld, t->postinit, bnctx))
581	goto err;
582	initparams = OSSL_PARAM_BLD_to_param(initbld);
583	if (initparams == NULL)
584	goto err;
585	if (EVP_PKEY_CTX_set_params(encctx, initparams) <= 0)
586	goto err;
587	}
588
589	if (t->encrypt) {
590	if (EVP_PKEY_encrypt(encctx, out, &outlen,
591	t->in, t->in_len) <= 0)
592	goto err;
593	} else {
594	if (EVP_PKEY_decrypt(encctx, out, &outlen,
595	t->in, t->in_len) <= 0)
596	goto err;
597	}
598	/* Check the KAT */
599	OSSL_SELF_TEST_oncorrupt_byte(st, out);
600	if (outlen != t->expected_len
601	\|\| memcmp(out, t->expected, t->expected_len) != 0)
602	goto err;
603
604	ret = 1;
605	err:
606	BN_CTX_free(bnctx);
607	EVP_PKEY_free(key);
608	EVP_PKEY_CTX_free(encctx);
609	EVP_PKEY_CTX_free(keyctx);
610	OSSL_PARAM_free(keyparams);
611	OSSL_PARAM_BLD_free(keybld);
612	OSSL_PARAM_free(initparams);
613	OSSL_PARAM_BLD_free(initbld);
614	OSSL_SELF_TEST_onend(st, ret);
615	return ret;
616	}
617
618	/*
619	* Test a data driven list of KAT's for digest algorithms.
620	* All tests are run regardless of if they fail or not.
621	* Return 0 if any test fails.
622	*/
623	static int self_test_digests(OSSL_SELF_TEST st, OSSL_LIB_CTX libctx)
624	{
625	int i, ret = 1;
626
627	for (i = 0; i < (int)OSSL_NELEM(st_kat_digest_tests); ++i) {
628	if (!self_test_digest(&st_kat_digest_tests[i], st, libctx))
629	ret = 0;
630	}
631	return ret;
632	}
633
634	static int self_test_ciphers(OSSL_SELF_TEST st, OSSL_LIB_CTX libctx)
635	{
636	int i, ret = 1;
637
638	for (i = 0; i < (int)OSSL_NELEM(st_kat_cipher_tests); ++i) {
639	if (!self_test_cipher(&st_kat_cipher_tests[i], st, libctx))
640	ret = 0;
641	}
642	return ret;
643	}
644
645	static int self_test_asym_ciphers(OSSL_SELF_TEST st, OSSL_LIB_CTX libctx)
646	{
647	int i, ret = 1;
648
649	for (i = 0; i < (int)OSSL_NELEM(st_kat_asym_cipher_tests); ++i) {
650	if (!self_test_asym_cipher(&st_kat_asym_cipher_tests[i], st, libctx))
651	ret = 0;
652	}
653	return ret;
654	}
655
656	static int self_test_kdfs(OSSL_SELF_TEST st, OSSL_LIB_CTX libctx)
657	{
658	int i, ret = 1;
659
660	for (i = 0; i < (int)OSSL_NELEM(st_kat_kdf_tests); ++i) {
661	if (!self_test_kdf(&st_kat_kdf_tests[i], st, libctx))
662	ret = 0;
663	}
664	return ret;
665	}
666
667	static int self_test_drbgs(OSSL_SELF_TEST st, OSSL_LIB_CTX libctx)
668	{
669	int i, ret = 1;
670
671	for (i = 0; i < (int)OSSL_NELEM(st_kat_drbg_tests); ++i) {
672	if (!self_test_drbg(&st_kat_drbg_tests[i], st, libctx))
673	ret = 0;
674	}
675	return ret;
676	}
677
678	static int self_test_kas(OSSL_SELF_TEST st, OSSL_LIB_CTX libctx)
679	{
680	int ret = 1;
681	#if !defined(OPENSSL_NO_DH) \|\| !defined(OPENSSL_NO_EC)
682	int i;
683
684	for (i = 0; i < (int)OSSL_NELEM(st_kat_kas_tests); ++i) {
685	if (!self_test_ka(&st_kat_kas_tests[i], st, libctx))
686	ret = 0;
687	}
688	#endif
689
690	return ret;
691	}
692
693	static int self_test_signatures(OSSL_SELF_TEST st, OSSL_LIB_CTX libctx)
694	{
695	int i, ret = 1;
696	const ST_KAT_SIGN *t;
697
698	for (i = 0; ret && i < (int)OSSL_NELEM(st_kat_sign_tests); ++i) {
699	t = st_kat_sign_tests + i;
700	if (!set_kat_drbg(libctx, t->entropy, t->entropy_len,
701	t->nonce, t->nonce_len, t->persstr, t->persstr_len))
702	return 0;
703	if (!self_test_sign(t, st, libctx))
704	ret = 0;
705	if (!reset_main_drbg(libctx))
706	ret = 0;
707	}
708	return ret;
709	}
710
711	/*
712	* Swap the library context DRBG for KAT testing
713	*
714	* In FIPS 140-3, the asymmetric POST must be a KAT, not a PCT. For DSA and ECDSA,
715	* the sign operation includes the random value 'k'. For a KAT to work, we
716	* have to have control of the DRBG to make sure it is in a "test" state, where
717	* its output is truly deterministic.
718	*
719	*/
720
721	/*
722	* Replacement "random" sources
723	* main_rand is used for most tests and it's set to generate mode.
724	* kat_rand is used for KATs where specific input is mandated.
725	*/
726	static EVP_RAND_CTX *kat_rand = NULL;
727	static EVP_RAND_CTX *main_rand = NULL;
728
729	static int set_kat_drbg(OSSL_LIB_CTX *ctx,
730	const unsigned char *entropy, size_t entropy_len,
731	const unsigned char *nonce, size_t nonce_len,
732	const unsigned char *persstr, size_t persstr_len) {
733	EVP_RAND *rand;
734	unsigned int strength = 256;
735	EVP_RAND_CTX *parent_rand = NULL;
736	OSSL_PARAM drbg_params[3] = {
737	OSSL_PARAM_END, OSSL_PARAM_END, OSSL_PARAM_END
738	};
739
740	/* If not NULL, we didn't cleanup from last call: BAD */
741	if (kat_rand != NULL)
742	return 0;
743
744	rand = EVP_RAND_fetch(ctx, "TEST-RAND", NULL);
745	if (rand == NULL)
746	return 0;
747
748	parent_rand = EVP_RAND_CTX_new(rand, NULL);
749	EVP_RAND_free(rand);
750	if (parent_rand == NULL)
751	goto err;
752
753	drbg_params[0] = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_STRENGTH,
754	&strength);
755	if (!EVP_RAND_CTX_set_params(parent_rand, drbg_params))
756	goto err;
757
758	rand = EVP_RAND_fetch(ctx, "HASH-DRBG", NULL);
759	if (rand == NULL)
760	goto err;
761
762	kat_rand = EVP_RAND_CTX_new(rand, parent_rand);
763	EVP_RAND_free(rand);
764	if (kat_rand == NULL)
765	goto err;
766
767	drbg_params[0] = OSSL_PARAM_construct_utf8_string("digest", "SHA256", 0);
768	if (!EVP_RAND_CTX_set_params(kat_rand, drbg_params))
769	goto err;
770
771	/* Instantiate the RNGs */
772	drbg_params[0] =
773	OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY,
774	(void *)entropy, entropy_len);
775	drbg_params[1] =
776	OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_NONCE,
777	(void *)nonce, nonce_len);
778	if (!EVP_RAND_instantiate(parent_rand, strength, 0, NULL, 0, drbg_params))
779	goto err;
780
781	EVP_RAND_CTX_free(parent_rand);
782	parent_rand = NULL;
783
784	if (!EVP_RAND_instantiate(kat_rand, strength, 0, persstr, persstr_len, NULL))
785	goto err;
786
787	/* When we set the new private generator this one is freed, so upref it */
788	if (!EVP_RAND_CTX_up_ref(main_rand))
789	goto err;
790
791	/* Update the library context DRBG */
792	if (RAND_set0_private(ctx, kat_rand) > 0) {
793	/* Keeping a copy to verify zeroization */
794	if (EVP_RAND_CTX_up_ref(kat_rand))
795	return 1;
796	RAND_set0_private(ctx, main_rand);
797	}
798
799	err:
800	EVP_RAND_CTX_free(parent_rand);
801	EVP_RAND_CTX_free(kat_rand);
802	kat_rand = NULL;
803	return 0;
804	}
805
806	static int reset_main_drbg(OSSL_LIB_CTX *ctx) {
807	int ret = 1;
808
809	if (!RAND_set0_private(ctx, main_rand))
810	ret = 0;
811	if (kat_rand != NULL) {
812	if (!EVP_RAND_uninstantiate(kat_rand)
813	\|\| !EVP_RAND_verify_zeroization(kat_rand))
814	ret = 0;
815	EVP_RAND_CTX_free(kat_rand);
816	kat_rand = NULL;
817	}
818	return ret;
819	}
820
821	static int setup_main_random(OSSL_LIB_CTX *libctx)
822	{
823	OSSL_PARAM drbg_params[3] = {
824	OSSL_PARAM_END, OSSL_PARAM_END, OSSL_PARAM_END
825	};
826	unsigned int strength = 256, generate = 1;
827	EVP_RAND *rand;
828
829	rand = EVP_RAND_fetch(libctx, "TEST-RAND", NULL);
830	if (rand == NULL)
831	return 0;
832
833	main_rand = EVP_RAND_CTX_new(rand, NULL);
834	EVP_RAND_free(rand);
835	if (main_rand == NULL)
836	goto err;
837
838	drbg_params[0] = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_GENERATE,
839	&generate);
840	drbg_params[1] = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_STRENGTH,
841	&strength);
842
843	if (!EVP_RAND_instantiate(main_rand, strength, 0, NULL, 0, drbg_params))
844	goto err;
845	return 1;
846	err:
847	EVP_RAND_CTX_free(main_rand);
848	return 0;
849	}
850
851	/*
852	* Run the algorithm KAT's.
853	* Return 1 is successful, otherwise return 0.
854	* This runs all the tests regardless of if any fail.
855	*/
856	int SELF_TEST_kats(OSSL_SELF_TEST st, OSSL_LIB_CTX libctx)
857	{
858	EVP_RAND_CTX *saved_rand = ossl_rand_get0_private_noncreating(libctx);
859	int ret = 1;
860
861	if (!setup_main_random(libctx)
862	\|\| !RAND_set0_private(libctx, main_rand)) {
863	EVP_RAND_CTX_free(main_rand);
864	return 0;
865	}
866
867	if (!self_test_digests(st, libctx))
868	ret = 0;
869	if (!self_test_ciphers(st, libctx))
870	ret = 0;
871	if (!self_test_signatures(st, libctx))
872	ret = 0;
873	if (!self_test_kdfs(st, libctx))
874	ret = 0;
875	if (!self_test_drbgs(st, libctx))
876	ret = 0;
877	if (!self_test_kas(st, libctx))
878	ret = 0;
879	if (!self_test_asym_ciphers(st, libctx))
880	ret = 0;
881
882	RAND_set0_private(libctx, saved_rand);
883	return ret;
884	}
885

Note: See TracBrowser for help on using the repository browser.

source: vbox/trunk/src/libs/openssl-3.1.4/providers/fips/self_test_kats.c@ 104031

Download in other formats: