2 * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
11 * DSA low level APIs are deprecated for public use, but still ok for
14 #include "internal/deprecated.h"
19 #include <sys/types.h>
22 #include <openssl/crypto.h>
23 #include <openssl/rand.h>
24 #include <openssl/bn.h>
25 #include <openssl/dsa.h>
26 #include <openssl/evp.h>
27 #include <openssl/core_names.h>
30 #include "internal/nelem.h"
32 #ifndef OPENSSL_NO_DSA
33 static int dsa_cb(int p, int n, BN_GENCB *arg);
35 static int dsa_test(void)
39 int counter, ret = 0, i, j;
40 unsigned char buf[256];
42 unsigned char sig[256];
44 const BIGNUM *p = NULL, *q = NULL, *g = NULL;
46 * seed, out_p, out_q, out_g are taken from the updated Appendix 5 to FIPS
47 * PUB 186 and also appear in Appendix 5 to FIPS PIB 186-1
49 static unsigned char seed[20] = {
50 0xd5, 0x01, 0x4e, 0x4b, 0x60, 0xef, 0x2b, 0xa8,
51 0xb6, 0x21, 0x1b, 0x40, 0x62, 0xba, 0x32, 0x24,
52 0xe0, 0x42, 0x7d, 0xd3,
54 static unsigned char out_p[] = {
55 0x8d, 0xf2, 0xa4, 0x94, 0x49, 0x22, 0x76, 0xaa,
56 0x3d, 0x25, 0x75, 0x9b, 0xb0, 0x68, 0x69, 0xcb,
57 0xea, 0xc0, 0xd8, 0x3a, 0xfb, 0x8d, 0x0c, 0xf7,
58 0xcb, 0xb8, 0x32, 0x4f, 0x0d, 0x78, 0x82, 0xe5,
59 0xd0, 0x76, 0x2f, 0xc5, 0xb7, 0x21, 0x0e, 0xaf,
60 0xc2, 0xe9, 0xad, 0xac, 0x32, 0xab, 0x7a, 0xac,
61 0x49, 0x69, 0x3d, 0xfb, 0xf8, 0x37, 0x24, 0xc2,
62 0xec, 0x07, 0x36, 0xee, 0x31, 0xc8, 0x02, 0x91,
64 static unsigned char out_q[] = {
65 0xc7, 0x73, 0x21, 0x8c, 0x73, 0x7e, 0xc8, 0xee,
66 0x99, 0x3b, 0x4f, 0x2d, 0xed, 0x30, 0xf4, 0x8e,
67 0xda, 0xce, 0x91, 0x5f,
69 static unsigned char out_g[] = {
70 0x62, 0x6d, 0x02, 0x78, 0x39, 0xea, 0x0a, 0x13,
71 0x41, 0x31, 0x63, 0xa5, 0x5b, 0x4c, 0xb5, 0x00,
72 0x29, 0x9d, 0x55, 0x22, 0x95, 0x6c, 0xef, 0xcb,
73 0x3b, 0xff, 0x10, 0xf3, 0x99, 0xce, 0x2c, 0x2e,
74 0x71, 0xcb, 0x9d, 0xe5, 0xfa, 0x24, 0xba, 0xbf,
75 0x58, 0xe5, 0xb7, 0x95, 0x21, 0x92, 0x5c, 0x9c,
76 0xc4, 0x2e, 0x9f, 0x6f, 0x46, 0x4b, 0x08, 0x8c,
77 0xc5, 0x72, 0xaf, 0x53, 0xe6, 0xd7, 0x88, 0x02,
79 static const unsigned char str1[] = "12345678901234567890";
81 if (!TEST_ptr(cb = BN_GENCB_new()))
84 BN_GENCB_set(cb, dsa_cb, NULL);
85 if (!TEST_ptr(dsa = DSA_new())
86 || !TEST_true(DSA_generate_parameters_ex(dsa, 512, seed, 20,
90 if (!TEST_int_eq(counter, 105))
92 if (!TEST_int_eq(h, 2))
95 DSA_get0_pqg(dsa, &p, &q, &g);
96 i = BN_bn2bin(q, buf);
98 if (!TEST_int_eq(i, j) || !TEST_mem_eq(buf, i, out_q, i))
101 i = BN_bn2bin(p, buf);
103 if (!TEST_int_eq(i, j) || !TEST_mem_eq(buf, i, out_p, i))
106 i = BN_bn2bin(g, buf);
108 if (!TEST_int_eq(i, j) || !TEST_mem_eq(buf, i, out_g, i))
111 DSA_generate_key(dsa);
112 DSA_sign(0, str1, 20, sig, &siglen, dsa);
113 if (TEST_true(DSA_verify(0, str1, 20, sig, siglen, dsa)))
122 static int dsa_cb(int p, int n, BN_GENCB *arg)
124 static int ok = 0, num = 0;
131 if (!ok && (p == 0) && (num > 1)) {
132 TEST_error("dsa_cb error");
147 static int dsa_keygen_test(void)
150 EVP_PKEY *param_key = NULL, *key = NULL;
151 EVP_PKEY_CTX *pg_ctx = NULL, *kg_ctx = NULL;
152 BIGNUM *p_in = NULL, *q_in = NULL, *g_in = NULL;
153 BIGNUM *p_out = NULL, *q_out = NULL, *g_out = NULL;
154 int gindex_out = 0, pcount_out = 0, hcount_out = 0;
155 unsigned char seed_out[32];
158 static const unsigned char seed_data[] = {
159 0xa6, 0xf5, 0x28, 0x8c, 0x50, 0x77, 0xa5, 0x68,
160 0x6d, 0x3a, 0xf5, 0xf1, 0xc6, 0x4c, 0xdc, 0x35,
161 0x95, 0x26, 0x3f, 0x03, 0xdc, 0x00, 0x3f, 0x44,
162 0x7b, 0x2a, 0xc7, 0x29
164 static const unsigned char expected_p[]= {
165 0xdb, 0x47, 0x07, 0xaf, 0xf0, 0x06, 0x49, 0x55,
166 0xc9, 0xbb, 0x09, 0x41, 0xb8, 0xdb, 0x1f, 0xbc,
167 0xa8, 0xed, 0x12, 0x06, 0x7f, 0x88, 0x49, 0xb8,
168 0xc9, 0x12, 0x87, 0x21, 0xbb, 0x08, 0x6c, 0xbd,
169 0xf1, 0x89, 0xef, 0x84, 0xd9, 0x7a, 0x93, 0xe8,
170 0x45, 0x40, 0x81, 0xec, 0x37, 0x27, 0x1a, 0xa4,
171 0x22, 0x51, 0x99, 0xf0, 0xde, 0x04, 0xdb, 0xea,
172 0xa1, 0xf9, 0x37, 0x83, 0x80, 0x96, 0x36, 0x53,
173 0xf6, 0xae, 0x14, 0x73, 0x33, 0x0f, 0xdf, 0x0b,
174 0xf9, 0x2f, 0x08, 0x46, 0x31, 0xf9, 0x66, 0xcd,
175 0x5a, 0xeb, 0x6c, 0xf3, 0xbb, 0x74, 0xf3, 0x88,
176 0xf0, 0x31, 0x5c, 0xa4, 0xc8, 0x0f, 0x86, 0xf3,
177 0x0f, 0x9f, 0xc0, 0x8c, 0x57, 0xe4, 0x7f, 0x95,
178 0xb3, 0x62, 0xc8, 0x4e, 0xae, 0xf3, 0xd8, 0x14,
179 0xcc, 0x47, 0xc2, 0x4b, 0x4f, 0xef, 0xaf, 0xcd,
180 0xcf, 0xb2, 0xbb, 0xe8, 0xbe, 0x08, 0xca, 0x15,
181 0x90, 0x59, 0x35, 0xef, 0x35, 0x1c, 0xfe, 0xeb,
182 0x33, 0x2e, 0x25, 0x22, 0x57, 0x9c, 0x55, 0x23,
183 0x0c, 0x6f, 0xed, 0x7c, 0xb6, 0xc7, 0x36, 0x0b,
184 0xcb, 0x2b, 0x6a, 0x21, 0xa1, 0x1d, 0x55, 0x77,
185 0xd9, 0x91, 0xcd, 0xc1, 0xcd, 0x3d, 0x82, 0x16,
186 0x9c, 0xa0, 0x13, 0xa5, 0x83, 0x55, 0x3a, 0x73,
187 0x7e, 0x2c, 0x44, 0x3e, 0x70, 0x2e, 0x50, 0x91,
188 0x6e, 0xca, 0x3b, 0xef, 0xff, 0x85, 0x35, 0x70,
189 0xff, 0x61, 0x0c, 0xb1, 0xb2, 0xb7, 0x94, 0x6f,
190 0x65, 0xa4, 0x57, 0x62, 0xef, 0x21, 0x83, 0x0f,
191 0x3e, 0x71, 0xae, 0x7d, 0xe4, 0xad, 0xfb, 0xe3,
192 0xdd, 0xd6, 0x03, 0xda, 0x9a, 0xd8, 0x8f, 0x2d,
193 0xbb, 0x90, 0x87, 0xf8, 0xdb, 0xdc, 0xec, 0x71,
194 0xf2, 0xdb, 0x0b, 0x8e, 0xfc, 0x1a, 0x7e, 0x79,
195 0xb1, 0x1b, 0x0d, 0xfc, 0x70, 0xec, 0x85, 0xc2,
196 0xc5, 0xba, 0xb9, 0x69, 0x3f, 0x88, 0xbc, 0xcb
198 static const unsigned char expected_q[]= {
199 0x99, 0xb6, 0xa0, 0xee, 0xb3, 0xa6, 0x99, 0x1a,
200 0xb6, 0x67, 0x8d, 0xc1, 0x2b, 0x9b, 0xce, 0x2b,
201 0x01, 0x72, 0x5a, 0x65, 0x76, 0x3d, 0x93, 0x69,
202 0xe2, 0x56, 0xae, 0xd7
204 static const unsigned char expected_g[]= {
205 0x63, 0xf8, 0xb6, 0xee, 0x2a, 0x27, 0xaf, 0x4f,
206 0x4c, 0xf6, 0x08, 0x28, 0x87, 0x4a, 0xe7, 0x1f,
207 0x45, 0x46, 0x27, 0x52, 0x3b, 0x7f, 0x6f, 0xd2,
208 0x29, 0xcb, 0xe8, 0x11, 0x19, 0x25, 0x35, 0x76,
209 0x99, 0xcb, 0x4f, 0x1b, 0xe0, 0xed, 0x32, 0x9e,
210 0x05, 0xb5, 0xbe, 0xd7, 0xf6, 0x5a, 0xb2, 0xf6,
211 0x0e, 0x0c, 0x7e, 0xf5, 0xe1, 0x05, 0xfe, 0xda,
212 0xaf, 0x0f, 0x27, 0x1e, 0x40, 0x2a, 0xf7, 0xa7,
213 0x23, 0x49, 0x2c, 0xd9, 0x1b, 0x0a, 0xbe, 0xff,
214 0xc7, 0x7c, 0x7d, 0x60, 0xca, 0xa3, 0x19, 0xc3,
215 0xb7, 0xe4, 0x43, 0xb0, 0xf5, 0x75, 0x44, 0x90,
216 0x46, 0x47, 0xb1, 0xa6, 0x48, 0x0b, 0x21, 0x8e,
217 0xee, 0x75, 0xe6, 0x3d, 0xa7, 0xd3, 0x7b, 0x31,
218 0xd1, 0xd2, 0x9d, 0xe2, 0x8a, 0xfc, 0x57, 0xfd,
219 0x8a, 0x10, 0x31, 0xeb, 0x87, 0x36, 0x3f, 0x65,
220 0x72, 0x23, 0x2c, 0xd3, 0xd6, 0x17, 0xa5, 0x62,
221 0x58, 0x65, 0x57, 0x6a, 0xd4, 0xa8, 0xfe, 0xec,
222 0x57, 0x76, 0x0c, 0xb1, 0x4c, 0x93, 0xed, 0xb0,
223 0xb4, 0xf9, 0x45, 0xb3, 0x3e, 0xdd, 0x47, 0xf1,
224 0xfb, 0x7d, 0x25, 0x79, 0x3d, 0xfc, 0xa7, 0x39,
225 0x90, 0x68, 0x6a, 0x6b, 0xae, 0xf2, 0x6e, 0x64,
226 0x8c, 0xfb, 0xb8, 0xdd, 0x76, 0x4e, 0x4a, 0x69,
227 0x8c, 0x97, 0x15, 0x77, 0xb2, 0x67, 0xdc, 0xeb,
228 0x4a, 0x40, 0x6b, 0xb9, 0x47, 0x8f, 0xa6, 0xab,
229 0x6e, 0x98, 0xc0, 0x97, 0x9a, 0x0c, 0xea, 0x00,
230 0xfd, 0x56, 0x1a, 0x74, 0x9a, 0x32, 0x6b, 0xfe,
231 0xbd, 0xdf, 0x6c, 0x82, 0x54, 0x53, 0x4d, 0x70,
232 0x65, 0xe3, 0x8b, 0x37, 0xb8, 0xe4, 0x70, 0x08,
233 0xb7, 0x3b, 0x30, 0x27, 0xaf, 0x1c, 0x77, 0xf3,
234 0x62, 0xd4, 0x9a, 0x59, 0xba, 0xd1, 0x6e, 0x89,
235 0x5c, 0x34, 0x9a, 0xa1, 0xb7, 0x4f, 0x7d, 0x8c,
236 0xdc, 0xbc, 0x74, 0x25, 0x5e, 0xbf, 0x77, 0x46
238 int expected_c = 1316;
241 if (!TEST_ptr(p_in = BN_bin2bn(expected_p, sizeof(expected_p), NULL))
242 || !TEST_ptr(q_in = BN_bin2bn(expected_q, sizeof(expected_q), NULL))
243 || !TEST_ptr(g_in = BN_bin2bn(expected_g, sizeof(expected_g), NULL)))
245 if (!TEST_ptr(pg_ctx = EVP_PKEY_CTX_new_from_name(NULL, "DSA", NULL))
246 || !TEST_int_gt(EVP_PKEY_paramgen_init(pg_ctx), 0)
247 || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_bits(pg_ctx, 2048))
248 || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_q_bits(pg_ctx, 224))
249 || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_seed(pg_ctx, seed_data,
251 || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_md_props(pg_ctx, "SHA256",
253 || !TEST_int_gt(EVP_PKEY_gen(pg_ctx, ¶m_key), 0)
254 || !TEST_ptr(kg_ctx = EVP_PKEY_CTX_new_from_pkey(NULL, param_key, NULL))
255 || !TEST_int_gt(EVP_PKEY_keygen_init(kg_ctx), 0)
256 || !TEST_int_gt(EVP_PKEY_gen(kg_ctx, &key), 0))
259 if (!TEST_true(EVP_PKEY_get_bn_param(key, OSSL_PKEY_PARAM_FFC_P, &p_out))
260 || !TEST_BN_eq(p_in, p_out)
261 || !TEST_true(EVP_PKEY_get_bn_param(key, OSSL_PKEY_PARAM_FFC_Q, &q_out))
262 || !TEST_BN_eq(q_in, q_out)
263 || !TEST_true(EVP_PKEY_get_bn_param(key, OSSL_PKEY_PARAM_FFC_G, &g_out))
264 || !TEST_BN_eq(g_in, g_out)
265 || !TEST_true(EVP_PKEY_get_octet_string_param(
266 key, OSSL_PKEY_PARAM_FFC_SEED, seed_out,
267 sizeof(seed_out), &len))
268 || !TEST_mem_eq(seed_out, len, seed_data, sizeof(seed_data))
269 || !TEST_true(EVP_PKEY_get_int_param(key, OSSL_PKEY_PARAM_FFC_GINDEX,
271 || !TEST_int_eq(gindex_out, -1)
272 || !TEST_true(EVP_PKEY_get_int_param(key, OSSL_PKEY_PARAM_FFC_H,
274 || !TEST_int_eq(hcount_out, expected_h)
275 || !TEST_true(EVP_PKEY_get_int_param(key,
276 OSSL_PKEY_PARAM_FFC_PCOUNTER,
278 || !TEST_int_eq(pcount_out, expected_c)
279 || !TEST_false(EVP_PKEY_get_utf8_string_param(key,
280 OSSL_PKEY_PARAM_FFC_GROUP,
282 sizeof(group_out), &len)))
292 EVP_PKEY_free(param_key);
294 EVP_PKEY_CTX_free(kg_ctx);
295 EVP_PKEY_CTX_free(pg_ctx);
299 #endif /* OPENSSL_NO_DSA */
301 int setup_tests(void)
303 #ifndef OPENSSL_NO_DSA
305 ADD_TEST(dsa_keygen_test);