2 * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
11 * DSA low level APIs are deprecated for public use, but still ok for
14 #include "internal/deprecated.h"
19 #include <sys/types.h>
22 #include <openssl/crypto.h>
23 #include <openssl/rand.h>
24 #include <openssl/bn.h>
25 #include <openssl/dsa.h>
26 #include <openssl/evp.h>
27 #include <openssl/core_names.h>
30 #include "internal/nelem.h"
32 #ifndef OPENSSL_NO_DSA
33 static int dsa_cb(int p, int n, BN_GENCB *arg);
35 static int dsa_test(void)
39 int counter, ret = 0, i, j;
40 unsigned char buf[256];
42 unsigned char sig[256];
44 const BIGNUM *p = NULL, *q = NULL, *g = NULL;
46 * seed, out_p, out_q, out_g are taken from the updated Appendix 5 to FIPS
47 * PUB 186 and also appear in Appendix 5 to FIPS PIB 186-1
49 static unsigned char seed[20] = {
50 0xd5, 0x01, 0x4e, 0x4b, 0x60, 0xef, 0x2b, 0xa8,
51 0xb6, 0x21, 0x1b, 0x40, 0x62, 0xba, 0x32, 0x24,
52 0xe0, 0x42, 0x7d, 0xd3,
54 static unsigned char out_p[] = {
55 0x8d, 0xf2, 0xa4, 0x94, 0x49, 0x22, 0x76, 0xaa,
56 0x3d, 0x25, 0x75, 0x9b, 0xb0, 0x68, 0x69, 0xcb,
57 0xea, 0xc0, 0xd8, 0x3a, 0xfb, 0x8d, 0x0c, 0xf7,
58 0xcb, 0xb8, 0x32, 0x4f, 0x0d, 0x78, 0x82, 0xe5,
59 0xd0, 0x76, 0x2f, 0xc5, 0xb7, 0x21, 0x0e, 0xaf,
60 0xc2, 0xe9, 0xad, 0xac, 0x32, 0xab, 0x7a, 0xac,
61 0x49, 0x69, 0x3d, 0xfb, 0xf8, 0x37, 0x24, 0xc2,
62 0xec, 0x07, 0x36, 0xee, 0x31, 0xc8, 0x02, 0x91,
64 static unsigned char out_q[] = {
65 0xc7, 0x73, 0x21, 0x8c, 0x73, 0x7e, 0xc8, 0xee,
66 0x99, 0x3b, 0x4f, 0x2d, 0xed, 0x30, 0xf4, 0x8e,
67 0xda, 0xce, 0x91, 0x5f,
69 static unsigned char out_g[] = {
70 0x62, 0x6d, 0x02, 0x78, 0x39, 0xea, 0x0a, 0x13,
71 0x41, 0x31, 0x63, 0xa5, 0x5b, 0x4c, 0xb5, 0x00,
72 0x29, 0x9d, 0x55, 0x22, 0x95, 0x6c, 0xef, 0xcb,
73 0x3b, 0xff, 0x10, 0xf3, 0x99, 0xce, 0x2c, 0x2e,
74 0x71, 0xcb, 0x9d, 0xe5, 0xfa, 0x24, 0xba, 0xbf,
75 0x58, 0xe5, 0xb7, 0x95, 0x21, 0x92, 0x5c, 0x9c,
76 0xc4, 0x2e, 0x9f, 0x6f, 0x46, 0x4b, 0x08, 0x8c,
77 0xc5, 0x72, 0xaf, 0x53, 0xe6, 0xd7, 0x88, 0x02,
79 static const unsigned char str1[] = "12345678901234567890";
81 if (!TEST_ptr(cb = BN_GENCB_new()))
84 BN_GENCB_set(cb, dsa_cb, NULL);
85 if (!TEST_ptr(dsa = DSA_new())
86 || !TEST_true(DSA_generate_parameters_ex(dsa, 512, seed, 20,
90 if (!TEST_int_eq(counter, 105))
92 if (!TEST_int_eq(h, 2))
95 DSA_get0_pqg(dsa, &p, &q, &g);
96 i = BN_bn2bin(q, buf);
98 if (!TEST_int_eq(i, j) || !TEST_mem_eq(buf, i, out_q, i))
101 i = BN_bn2bin(p, buf);
103 if (!TEST_int_eq(i, j) || !TEST_mem_eq(buf, i, out_p, i))
106 i = BN_bn2bin(g, buf);
108 if (!TEST_int_eq(i, j) || !TEST_mem_eq(buf, i, out_g, i))
111 DSA_generate_key(dsa);
112 DSA_sign(0, str1, 20, sig, &siglen, dsa);
113 if (TEST_true(DSA_verify(0, str1, 20, sig, siglen, dsa)))
122 static int dsa_cb(int p, int n, BN_GENCB *arg)
124 static int ok = 0, num = 0;
131 if (!ok && (p == 0) && (num > 1)) {
132 TEST_error("dsa_cb error");
147 static int dsa_keygen_test(void)
150 EVP_PKEY *param_key = NULL, *key = NULL;
151 EVP_PKEY_CTX *pg_ctx = NULL, *kg_ctx = NULL;
152 BIGNUM *p_in = NULL, *q_in = NULL, *g_in = NULL;
153 BIGNUM *p_out = NULL, *q_out = NULL, *g_out = NULL;
154 int gindex_out = 0, pcount_out = 0, hcount_out = 0;
155 unsigned char seed_out[32];
158 const OSSL_PARAM *settables = NULL;
159 static const unsigned char seed_data[] = {
160 0xa6, 0xf5, 0x28, 0x8c, 0x50, 0x77, 0xa5, 0x68,
161 0x6d, 0x3a, 0xf5, 0xf1, 0xc6, 0x4c, 0xdc, 0x35,
162 0x95, 0x26, 0x3f, 0x03, 0xdc, 0x00, 0x3f, 0x44,
163 0x7b, 0x2a, 0xc7, 0x29
165 static const unsigned char expected_p[]= {
166 0xdb, 0x47, 0x07, 0xaf, 0xf0, 0x06, 0x49, 0x55,
167 0xc9, 0xbb, 0x09, 0x41, 0xb8, 0xdb, 0x1f, 0xbc,
168 0xa8, 0xed, 0x12, 0x06, 0x7f, 0x88, 0x49, 0xb8,
169 0xc9, 0x12, 0x87, 0x21, 0xbb, 0x08, 0x6c, 0xbd,
170 0xf1, 0x89, 0xef, 0x84, 0xd9, 0x7a, 0x93, 0xe8,
171 0x45, 0x40, 0x81, 0xec, 0x37, 0x27, 0x1a, 0xa4,
172 0x22, 0x51, 0x99, 0xf0, 0xde, 0x04, 0xdb, 0xea,
173 0xa1, 0xf9, 0x37, 0x83, 0x80, 0x96, 0x36, 0x53,
174 0xf6, 0xae, 0x14, 0x73, 0x33, 0x0f, 0xdf, 0x0b,
175 0xf9, 0x2f, 0x08, 0x46, 0x31, 0xf9, 0x66, 0xcd,
176 0x5a, 0xeb, 0x6c, 0xf3, 0xbb, 0x74, 0xf3, 0x88,
177 0xf0, 0x31, 0x5c, 0xa4, 0xc8, 0x0f, 0x86, 0xf3,
178 0x0f, 0x9f, 0xc0, 0x8c, 0x57, 0xe4, 0x7f, 0x95,
179 0xb3, 0x62, 0xc8, 0x4e, 0xae, 0xf3, 0xd8, 0x14,
180 0xcc, 0x47, 0xc2, 0x4b, 0x4f, 0xef, 0xaf, 0xcd,
181 0xcf, 0xb2, 0xbb, 0xe8, 0xbe, 0x08, 0xca, 0x15,
182 0x90, 0x59, 0x35, 0xef, 0x35, 0x1c, 0xfe, 0xeb,
183 0x33, 0x2e, 0x25, 0x22, 0x57, 0x9c, 0x55, 0x23,
184 0x0c, 0x6f, 0xed, 0x7c, 0xb6, 0xc7, 0x36, 0x0b,
185 0xcb, 0x2b, 0x6a, 0x21, 0xa1, 0x1d, 0x55, 0x77,
186 0xd9, 0x91, 0xcd, 0xc1, 0xcd, 0x3d, 0x82, 0x16,
187 0x9c, 0xa0, 0x13, 0xa5, 0x83, 0x55, 0x3a, 0x73,
188 0x7e, 0x2c, 0x44, 0x3e, 0x70, 0x2e, 0x50, 0x91,
189 0x6e, 0xca, 0x3b, 0xef, 0xff, 0x85, 0x35, 0x70,
190 0xff, 0x61, 0x0c, 0xb1, 0xb2, 0xb7, 0x94, 0x6f,
191 0x65, 0xa4, 0x57, 0x62, 0xef, 0x21, 0x83, 0x0f,
192 0x3e, 0x71, 0xae, 0x7d, 0xe4, 0xad, 0xfb, 0xe3,
193 0xdd, 0xd6, 0x03, 0xda, 0x9a, 0xd8, 0x8f, 0x2d,
194 0xbb, 0x90, 0x87, 0xf8, 0xdb, 0xdc, 0xec, 0x71,
195 0xf2, 0xdb, 0x0b, 0x8e, 0xfc, 0x1a, 0x7e, 0x79,
196 0xb1, 0x1b, 0x0d, 0xfc, 0x70, 0xec, 0x85, 0xc2,
197 0xc5, 0xba, 0xb9, 0x69, 0x3f, 0x88, 0xbc, 0xcb
199 static const unsigned char expected_q[]= {
200 0x99, 0xb6, 0xa0, 0xee, 0xb3, 0xa6, 0x99, 0x1a,
201 0xb6, 0x67, 0x8d, 0xc1, 0x2b, 0x9b, 0xce, 0x2b,
202 0x01, 0x72, 0x5a, 0x65, 0x76, 0x3d, 0x93, 0x69,
203 0xe2, 0x56, 0xae, 0xd7
205 static const unsigned char expected_g[]= {
206 0x63, 0xf8, 0xb6, 0xee, 0x2a, 0x27, 0xaf, 0x4f,
207 0x4c, 0xf6, 0x08, 0x28, 0x87, 0x4a, 0xe7, 0x1f,
208 0x45, 0x46, 0x27, 0x52, 0x3b, 0x7f, 0x6f, 0xd2,
209 0x29, 0xcb, 0xe8, 0x11, 0x19, 0x25, 0x35, 0x76,
210 0x99, 0xcb, 0x4f, 0x1b, 0xe0, 0xed, 0x32, 0x9e,
211 0x05, 0xb5, 0xbe, 0xd7, 0xf6, 0x5a, 0xb2, 0xf6,
212 0x0e, 0x0c, 0x7e, 0xf5, 0xe1, 0x05, 0xfe, 0xda,
213 0xaf, 0x0f, 0x27, 0x1e, 0x40, 0x2a, 0xf7, 0xa7,
214 0x23, 0x49, 0x2c, 0xd9, 0x1b, 0x0a, 0xbe, 0xff,
215 0xc7, 0x7c, 0x7d, 0x60, 0xca, 0xa3, 0x19, 0xc3,
216 0xb7, 0xe4, 0x43, 0xb0, 0xf5, 0x75, 0x44, 0x90,
217 0x46, 0x47, 0xb1, 0xa6, 0x48, 0x0b, 0x21, 0x8e,
218 0xee, 0x75, 0xe6, 0x3d, 0xa7, 0xd3, 0x7b, 0x31,
219 0xd1, 0xd2, 0x9d, 0xe2, 0x8a, 0xfc, 0x57, 0xfd,
220 0x8a, 0x10, 0x31, 0xeb, 0x87, 0x36, 0x3f, 0x65,
221 0x72, 0x23, 0x2c, 0xd3, 0xd6, 0x17, 0xa5, 0x62,
222 0x58, 0x65, 0x57, 0x6a, 0xd4, 0xa8, 0xfe, 0xec,
223 0x57, 0x76, 0x0c, 0xb1, 0x4c, 0x93, 0xed, 0xb0,
224 0xb4, 0xf9, 0x45, 0xb3, 0x3e, 0xdd, 0x47, 0xf1,
225 0xfb, 0x7d, 0x25, 0x79, 0x3d, 0xfc, 0xa7, 0x39,
226 0x90, 0x68, 0x6a, 0x6b, 0xae, 0xf2, 0x6e, 0x64,
227 0x8c, 0xfb, 0xb8, 0xdd, 0x76, 0x4e, 0x4a, 0x69,
228 0x8c, 0x97, 0x15, 0x77, 0xb2, 0x67, 0xdc, 0xeb,
229 0x4a, 0x40, 0x6b, 0xb9, 0x47, 0x8f, 0xa6, 0xab,
230 0x6e, 0x98, 0xc0, 0x97, 0x9a, 0x0c, 0xea, 0x00,
231 0xfd, 0x56, 0x1a, 0x74, 0x9a, 0x32, 0x6b, 0xfe,
232 0xbd, 0xdf, 0x6c, 0x82, 0x54, 0x53, 0x4d, 0x70,
233 0x65, 0xe3, 0x8b, 0x37, 0xb8, 0xe4, 0x70, 0x08,
234 0xb7, 0x3b, 0x30, 0x27, 0xaf, 0x1c, 0x77, 0xf3,
235 0x62, 0xd4, 0x9a, 0x59, 0xba, 0xd1, 0x6e, 0x89,
236 0x5c, 0x34, 0x9a, 0xa1, 0xb7, 0x4f, 0x7d, 0x8c,
237 0xdc, 0xbc, 0x74, 0x25, 0x5e, 0xbf, 0x77, 0x46
239 int expected_c = 1316;
242 if (!TEST_ptr(p_in = BN_bin2bn(expected_p, sizeof(expected_p), NULL))
243 || !TEST_ptr(q_in = BN_bin2bn(expected_q, sizeof(expected_q), NULL))
244 || !TEST_ptr(g_in = BN_bin2bn(expected_g, sizeof(expected_g), NULL)))
246 if (!TEST_ptr(pg_ctx = EVP_PKEY_CTX_new_from_name(NULL, "DSA", NULL))
247 || !TEST_int_gt(EVP_PKEY_paramgen_init(pg_ctx), 0)
248 || !TEST_ptr_null(EVP_PKEY_CTX_gettable_params(pg_ctx))
249 || !TEST_ptr(settables = EVP_PKEY_CTX_settable_params(pg_ctx))
250 || !TEST_ptr(OSSL_PARAM_locate_const(settables,
251 OSSL_PKEY_PARAM_FFC_PBITS))
252 || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_bits(pg_ctx, 2048))
253 || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_q_bits(pg_ctx, 224))
254 || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_seed(pg_ctx, seed_data,
256 || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_md_props(pg_ctx, "SHA256",
258 || !TEST_int_gt(EVP_PKEY_gen(pg_ctx, ¶m_key), 0)
259 || !TEST_ptr(kg_ctx = EVP_PKEY_CTX_new_from_pkey(NULL, param_key, NULL))
260 || !TEST_int_gt(EVP_PKEY_keygen_init(kg_ctx), 0)
261 || !TEST_int_gt(EVP_PKEY_gen(kg_ctx, &key), 0))
264 if (!TEST_true(EVP_PKEY_get_bn_param(key, OSSL_PKEY_PARAM_FFC_P, &p_out))
265 || !TEST_BN_eq(p_in, p_out)
266 || !TEST_true(EVP_PKEY_get_bn_param(key, OSSL_PKEY_PARAM_FFC_Q, &q_out))
267 || !TEST_BN_eq(q_in, q_out)
268 || !TEST_true(EVP_PKEY_get_bn_param(key, OSSL_PKEY_PARAM_FFC_G, &g_out))
269 || !TEST_BN_eq(g_in, g_out)
270 || !TEST_true(EVP_PKEY_get_octet_string_param(
271 key, OSSL_PKEY_PARAM_FFC_SEED, seed_out,
272 sizeof(seed_out), &len))
273 || !TEST_mem_eq(seed_out, len, seed_data, sizeof(seed_data))
274 || !TEST_true(EVP_PKEY_get_int_param(key, OSSL_PKEY_PARAM_FFC_GINDEX,
276 || !TEST_int_eq(gindex_out, -1)
277 || !TEST_true(EVP_PKEY_get_int_param(key, OSSL_PKEY_PARAM_FFC_H,
279 || !TEST_int_eq(hcount_out, expected_h)
280 || !TEST_true(EVP_PKEY_get_int_param(key,
281 OSSL_PKEY_PARAM_FFC_PCOUNTER,
283 || !TEST_int_eq(pcount_out, expected_c)
284 || !TEST_false(EVP_PKEY_get_utf8_string_param(key,
285 OSSL_PKEY_PARAM_DH_GROUP,
287 sizeof(group_out), &len)))
297 EVP_PKEY_free(param_key);
299 EVP_PKEY_CTX_free(kg_ctx);
300 EVP_PKEY_CTX_free(pg_ctx);
304 #endif /* OPENSSL_NO_DSA */
306 int setup_tests(void)
308 #ifndef OPENSSL_NO_DSA
310 ADD_TEST(dsa_keygen_test);