2 * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved.
3 * Copyright (c) 2019-2020, Oracle and/or its affiliates. All rights reserved.
5 * Licensed under the Apache License 2.0 (the "License"). You may not use
6 * this file except in compliance with the License. You can obtain a copy
7 * in the file LICENSE in the source distribution or at
8 * https://www.openssl.org/source/license.html
15 #include "internal/nelem.h"
16 #include <openssl/crypto.h>
17 #include <openssl/bio.h>
18 #include <openssl/bn.h>
19 #include <openssl/rand.h>
20 #include <openssl/err.h>
23 #include "internal/ffc.h"
25 #ifndef OPENSSL_NO_DSA
26 static const unsigned char dsa_2048_224_sha224_p[] = {
27 0x93, 0x57, 0x93, 0x62, 0x1b, 0x9a, 0x10, 0x9b, 0xc1, 0x56, 0x0f, 0x24,
28 0x71, 0x76, 0x4e, 0xd3, 0xed, 0x78, 0x78, 0x7a, 0xbf, 0x89, 0x71, 0x67,
29 0x8e, 0x03, 0xd8, 0x5b, 0xcd, 0x22, 0x8f, 0x70, 0x74, 0xff, 0x22, 0x05,
30 0x07, 0x0c, 0x4c, 0x60, 0xed, 0x41, 0xe1, 0x9e, 0x9c, 0xaa, 0x3e, 0x19,
31 0x5c, 0x3d, 0x80, 0x58, 0xb2, 0x7f, 0x5f, 0x89, 0xec, 0xb5, 0x19, 0xdb,
32 0x06, 0x11, 0xe9, 0x78, 0x5c, 0xf9, 0xa0, 0x9e, 0x70, 0x62, 0x14, 0x7b,
33 0xda, 0x92, 0xbf, 0xb2, 0x6b, 0x01, 0x6f, 0xb8, 0x68, 0x9c, 0x89, 0x36,
34 0x89, 0x72, 0x79, 0x49, 0x93, 0x3d, 0x14, 0xb2, 0x2d, 0xbb, 0xf0, 0xdf,
35 0x94, 0x45, 0x0b, 0x5f, 0xf1, 0x75, 0x37, 0xeb, 0x49, 0xb9, 0x2d, 0xce,
36 0xb7, 0xf4, 0x95, 0x77, 0xc2, 0xe9, 0x39, 0x1c, 0x4e, 0x0c, 0x40, 0x62,
37 0x33, 0x0a, 0xe6, 0x29, 0x6f, 0xba, 0xef, 0x02, 0xdd, 0x0d, 0xe4, 0x04,
38 0x01, 0x70, 0x40, 0xb9, 0xc9, 0x7e, 0x2f, 0x10, 0x37, 0xe9, 0xde, 0xb0,
39 0xf6, 0xeb, 0x71, 0x7f, 0x9c, 0x35, 0x16, 0xf3, 0x0d, 0xc4, 0xe8, 0x02,
40 0x37, 0x6c, 0xdd, 0xb3, 0x8d, 0x2d, 0x1e, 0x28, 0x13, 0x22, 0x89, 0x40,
41 0xe5, 0xfa, 0x16, 0x67, 0xd6, 0xda, 0x12, 0xa2, 0x38, 0x83, 0x25, 0xcc,
42 0x26, 0xc1, 0x27, 0x74, 0xfe, 0xf6, 0x7a, 0xb6, 0xa1, 0xe4, 0xe8, 0xdf,
43 0x5d, 0xd2, 0x9c, 0x2f, 0xec, 0xea, 0x08, 0xca, 0x48, 0xdb, 0x18, 0x4b,
44 0x12, 0xee, 0x16, 0x9b, 0xa6, 0x00, 0xa0, 0x18, 0x98, 0x7d, 0xce, 0x6c,
45 0x6d, 0xf8, 0xfc, 0x95, 0x51, 0x1b, 0x0a, 0x40, 0xb6, 0xfc, 0xe5, 0xe2,
46 0xb0, 0x26, 0x53, 0x4c, 0xd7, 0xfe, 0xaa, 0x6d, 0xbc, 0xdd, 0xc0, 0x61,
47 0x65, 0xe4, 0x89, 0x44, 0x18, 0x6f, 0xd5, 0x39, 0xcf, 0x75, 0x6d, 0x29,
48 0xcc, 0xf8, 0x40, 0xab
50 static const unsigned char dsa_2048_224_sha224_q[] = {
51 0xf2, 0x5e, 0x4e, 0x9a, 0x15, 0xa8, 0x13, 0xdf, 0xa3, 0x17, 0x90, 0xc6,
52 0xd6, 0x5e, 0xb1, 0xfb, 0x31, 0xf8, 0xb5, 0xb1, 0x4b, 0xa7, 0x6d, 0xde,
53 0x57, 0x76, 0x6f, 0x11
55 static const unsigned char dsa_2048_224_sha224_seed[] = {
56 0xd2, 0xb1, 0x36, 0xd8, 0x5b, 0x8e, 0xa4, 0xb2, 0x6a, 0xab, 0x4e, 0x85,
57 0x8b, 0x49, 0xf9, 0xdd, 0xe6, 0xa1, 0xcd, 0xad, 0x49, 0x52, 0xe9, 0xb3,
58 0x36, 0x17, 0x06, 0xcf
60 static const unsigned char dsa_2048_224_sha224_bad_seed[] = {
61 0xd2, 0xb1, 0x36, 0xd8, 0x5b, 0x8e, 0xa4, 0xb2, 0x6a, 0xab, 0x4e, 0x85,
62 0x8b, 0x49, 0xf9, 0xdd, 0xe6, 0xa1, 0xcd, 0xad, 0x49, 0x52, 0xe9, 0xb3,
63 0x36, 0x17, 0x06, 0xd0
65 static int dsa_2048_224_sha224_counter = 2878;
67 static const unsigned char dsa_3072_256_sha512_p[] = {
68 0x9a, 0x82, 0x8b, 0x8d, 0xea, 0xd0, 0x56, 0x23, 0x88, 0x2d, 0x5d, 0x41,
69 0x42, 0x4c, 0x13, 0x5a, 0x15, 0x81, 0x59, 0x02, 0xc5, 0x00, 0x82, 0x28,
70 0x01, 0xee, 0x8f, 0x99, 0xfd, 0x6a, 0x95, 0xf2, 0x0f, 0xae, 0x34, 0x77,
71 0x29, 0xcc, 0xc7, 0x50, 0x0e, 0x03, 0xef, 0xb0, 0x4d, 0xe5, 0x10, 0x00,
72 0xa8, 0x7b, 0xce, 0x8c, 0xc6, 0xb2, 0x01, 0x74, 0x23, 0x1b, 0x7f, 0xe8,
73 0xf9, 0x71, 0x28, 0x39, 0xcf, 0x18, 0x04, 0xb2, 0x95, 0x61, 0x2d, 0x11,
74 0x71, 0x6b, 0xdd, 0x0d, 0x0b, 0xf0, 0xe6, 0x97, 0x52, 0x29, 0x9d, 0x45,
75 0xb1, 0x23, 0xda, 0xb0, 0xd5, 0xcb, 0x51, 0x71, 0x8e, 0x40, 0x9c, 0x97,
76 0x13, 0xea, 0x1f, 0x4b, 0x32, 0x5d, 0x27, 0x74, 0x81, 0x8d, 0x47, 0x8a,
77 0x08, 0xce, 0xf4, 0xd1, 0x28, 0xa2, 0x0f, 0x9b, 0x2e, 0xc9, 0xa3, 0x0e,
78 0x5d, 0xde, 0x47, 0x19, 0x6d, 0x5f, 0x98, 0xe0, 0x8e, 0x7f, 0x60, 0x8f,
79 0x25, 0xa7, 0xa4, 0xeb, 0xb9, 0xf3, 0x24, 0xa4, 0x9e, 0xc1, 0xbd, 0x14,
80 0x27, 0x7c, 0x27, 0xc8, 0x4f, 0x5f, 0xed, 0xfd, 0x86, 0xc8, 0xf1, 0xd7,
81 0x82, 0xe2, 0xeb, 0xe5, 0xd2, 0xbe, 0xb0, 0x65, 0x28, 0xab, 0x99, 0x9e,
82 0xcd, 0xd5, 0x22, 0xf8, 0x1b, 0x3b, 0x01, 0xe9, 0x20, 0x3d, 0xe4, 0x98,
83 0x22, 0xfe, 0xfc, 0x09, 0x7e, 0x95, 0x20, 0xda, 0xb6, 0x12, 0x2c, 0x94,
84 0x5c, 0xea, 0x74, 0x71, 0xbd, 0x19, 0xac, 0x78, 0x43, 0x02, 0x51, 0xb8,
85 0x5f, 0x06, 0x1d, 0xea, 0xc8, 0xa4, 0x3b, 0xc9, 0x78, 0xa3, 0x2b, 0x09,
86 0xdc, 0x76, 0x74, 0xc4, 0x23, 0x14, 0x48, 0x2e, 0x84, 0x2b, 0xa3, 0x82,
87 0xc1, 0xba, 0x0b, 0x39, 0x2a, 0x9f, 0x24, 0x7b, 0xd6, 0xc2, 0xea, 0x5a,
88 0xb6, 0xbd, 0x15, 0x82, 0x21, 0x85, 0xe0, 0x6b, 0x12, 0x4f, 0x8d, 0x64,
89 0x75, 0xeb, 0x7e, 0xa1, 0xdb, 0xe0, 0x9d, 0x25, 0xae, 0x3b, 0xe9, 0x9b,
90 0x21, 0x7f, 0x9a, 0x3d, 0x66, 0xd0, 0x52, 0x1d, 0x39, 0x8b, 0xeb, 0xfc,
91 0xec, 0xbe, 0x72, 0x20, 0x5a, 0xdf, 0x1b, 0x00, 0xf1, 0x0e, 0xed, 0xc6,
92 0x78, 0x6f, 0xc9, 0xab, 0xe4, 0xd6, 0x81, 0x8b, 0xcc, 0xf6, 0xd4, 0x6a,
93 0x31, 0x62, 0x08, 0xd9, 0x38, 0x21, 0x8f, 0xda, 0x9e, 0xb1, 0x2b, 0x9c,
94 0xc0, 0xbe, 0xf7, 0x9a, 0x43, 0x2d, 0x07, 0x59, 0x46, 0x0e, 0xd5, 0x23,
95 0x4e, 0xaa, 0x4a, 0x04, 0xc2, 0xde, 0x33, 0xa6, 0x34, 0xba, 0xac, 0x4f,
96 0x78, 0xd8, 0xca, 0x76, 0xce, 0x5e, 0xd4, 0xf6, 0x85, 0x4c, 0x6a, 0x60,
97 0x08, 0x5d, 0x0e, 0x34, 0x8b, 0xf2, 0xb6, 0xe3, 0xb7, 0x51, 0xca, 0x43,
98 0xaa, 0x68, 0x7b, 0x0a, 0x6e, 0xea, 0xce, 0x1e, 0x2c, 0x34, 0x8e, 0x0f,
99 0xe2, 0xcc, 0x38, 0xf2, 0x9a, 0x98, 0xef, 0xe6, 0x7f, 0xf6, 0x62, 0xbb
101 static const unsigned char dsa_3072_256_sha512_q[] = {
102 0xc1, 0xdb, 0xc1, 0x21, 0x50, 0x49, 0x63, 0xa3, 0x77, 0x6d, 0x4c, 0x92,
103 0xed, 0x58, 0x9e, 0x98, 0xea, 0xac, 0x7a, 0x90, 0x13, 0x24, 0xf7, 0xcd,
104 0xd7, 0xe6, 0xd4, 0x8f, 0xf0, 0x45, 0x4b, 0xf7
106 static const unsigned char dsa_3072_256_sha512_seed[] = {
107 0x35, 0x24, 0xb5, 0x59, 0xd5, 0x27, 0x58, 0x10, 0xf6, 0xa2, 0x7c, 0x9a,
108 0x0d, 0xc2, 0x70, 0x8a, 0xb0, 0x41, 0x4a, 0x84, 0x0b, 0xfe, 0x66, 0xf5,
109 0x3a, 0xbf, 0x4a, 0xa9, 0xcb, 0xfc, 0xa6, 0x22
111 static int dsa_3072_256_sha512_counter = 1604;
113 static const unsigned char dsa_2048_224_sha256_p[] = {
114 0xe9, 0x13, 0xbc, 0xf2, 0x14, 0x5d, 0xf9, 0x79, 0xd6, 0x6d, 0xf5, 0xc5,
115 0xbe, 0x7b, 0x6f, 0x90, 0x63, 0xd0, 0xfd, 0xee, 0x4f, 0xc4, 0x65, 0x83,
116 0xbf, 0xec, 0xc3, 0x2c, 0x5d, 0x30, 0xc8, 0xa4, 0x3b, 0x2f, 0x3b, 0x29,
117 0x43, 0x69, 0xfb, 0x6e, 0xa9, 0xa4, 0x07, 0x6c, 0xcd, 0xb0, 0xd2, 0xd9,
118 0xd3, 0xe6, 0xf4, 0x87, 0x16, 0xb7, 0xe5, 0x06, 0xb9, 0xba, 0xd6, 0x87,
119 0xbc, 0x01, 0x9e, 0xba, 0xc2, 0xcf, 0x39, 0xb6, 0xec, 0xdc, 0x75, 0x07,
120 0xc1, 0x39, 0x2d, 0x6a, 0x95, 0x31, 0x97, 0xda, 0x54, 0x20, 0x29, 0xe0,
121 0x1b, 0xf9, 0x74, 0x65, 0xaa, 0xc1, 0x47, 0xd3, 0x9e, 0xb4, 0x3c, 0x1d,
122 0xe0, 0xdc, 0x2d, 0x21, 0xab, 0x12, 0x3b, 0xa5, 0x51, 0x1e, 0xc6, 0xbc,
123 0x6b, 0x4c, 0x22, 0xd1, 0x7c, 0xc6, 0xce, 0xcb, 0x8c, 0x1d, 0x1f, 0xce,
124 0x1c, 0xe2, 0x75, 0x49, 0x6d, 0x2c, 0xee, 0x7f, 0x5f, 0xb8, 0x74, 0x42,
125 0x5c, 0x96, 0x77, 0x13, 0xff, 0x80, 0xf3, 0x05, 0xc7, 0xfe, 0x08, 0x3b,
126 0x25, 0x36, 0x46, 0xa2, 0xc4, 0x26, 0xb4, 0xb0, 0x3b, 0xd5, 0xb2, 0x4c,
127 0x13, 0x29, 0x0e, 0x47, 0x31, 0x66, 0x7d, 0x78, 0x57, 0xe6, 0xc2, 0xb5,
128 0x9f, 0x46, 0x17, 0xbc, 0xa9, 0x9a, 0x49, 0x1c, 0x0f, 0x45, 0xe0, 0x88,
129 0x97, 0xa1, 0x30, 0x7c, 0x42, 0xb7, 0x2c, 0x0a, 0xce, 0xb3, 0xa5, 0x7a,
130 0x61, 0x8e, 0xab, 0x44, 0xc1, 0xdc, 0x70, 0xe5, 0xda, 0x78, 0x2a, 0xb4,
131 0xe6, 0x3c, 0xa0, 0x58, 0xda, 0x62, 0x0a, 0xb2, 0xa9, 0x3d, 0xaa, 0x49,
132 0x7e, 0x7f, 0x9a, 0x19, 0x67, 0xee, 0xd6, 0xe3, 0x67, 0x13, 0xe8, 0x6f,
133 0x79, 0x50, 0x76, 0xfc, 0xb3, 0x9d, 0x7e, 0x9e, 0x3e, 0x6e, 0x47, 0xb1,
134 0x11, 0x5e, 0xc8, 0x83, 0x3a, 0x3c, 0xfc, 0x82, 0x5c, 0x9d, 0x34, 0x65,
135 0x73, 0xb4, 0x56, 0xd5
137 static const unsigned char dsa_2048_224_sha256_q[] = {
138 0xb0, 0xdf, 0xa1, 0x7b, 0xa4, 0x77, 0x64, 0x0e, 0xb9, 0x28, 0xbb, 0xbc,
139 0xd4, 0x60, 0x02, 0xaf, 0x21, 0x8c, 0xb0, 0x69, 0x0f, 0x8a, 0x7b, 0xc6,
140 0x80, 0xcb, 0x0a, 0x45
142 static const unsigned char dsa_2048_224_sha256_g[] = {
143 0x11, 0x7c, 0x5f, 0xf6, 0x99, 0x44, 0x67, 0x5b, 0x69, 0xa3, 0x83, 0xef,
144 0xb5, 0x85, 0xa2, 0x19, 0x35, 0x18, 0x2a, 0xf2, 0x58, 0xf4, 0xc9, 0x58,
145 0x9e, 0xb9, 0xe8, 0x91, 0x17, 0x2f, 0xb0, 0x60, 0x85, 0x95, 0xa6, 0x62,
146 0x36, 0xd0, 0xff, 0x94, 0xb9, 0xa6, 0x50, 0xad, 0xa6, 0xf6, 0x04, 0x28,
147 0xc2, 0xc9, 0xb9, 0x75, 0xf3, 0x66, 0xb4, 0xeb, 0xf6, 0xd5, 0x06, 0x13,
148 0x01, 0x64, 0x82, 0xa9, 0xf1, 0xd5, 0x41, 0xdc, 0xf2, 0x08, 0xfc, 0x2f,
149 0xc4, 0xa1, 0x21, 0xee, 0x7d, 0xbc, 0xda, 0x5a, 0xa4, 0xa2, 0xb9, 0x68,
150 0x87, 0x36, 0xba, 0x53, 0x9e, 0x14, 0x4e, 0x76, 0x5c, 0xba, 0x79, 0x3d,
151 0x0f, 0xe5, 0x99, 0x1c, 0x27, 0xfc, 0xaf, 0x10, 0x63, 0x87, 0x68, 0x0e,
152 0x3e, 0x6e, 0xaa, 0xf3, 0xdf, 0x76, 0x7e, 0x02, 0x9a, 0x41, 0x96, 0xa1,
153 0x6c, 0xbb, 0x67, 0xee, 0x0c, 0xad, 0x72, 0x65, 0xf1, 0x70, 0xb0, 0x39,
154 0x9b, 0x54, 0x5f, 0xd7, 0x6c, 0xc5, 0x9a, 0x90, 0x53, 0x18, 0xde, 0x5e,
155 0x62, 0x89, 0xb9, 0x2f, 0x66, 0x59, 0x3a, 0x3d, 0x10, 0xeb, 0xa5, 0x99,
156 0xf6, 0x21, 0x7d, 0xf2, 0x7b, 0x42, 0x15, 0x1c, 0x55, 0x79, 0x15, 0xaa,
157 0xa4, 0x17, 0x2e, 0x48, 0xc3, 0xa8, 0x36, 0xf5, 0x1a, 0x97, 0xce, 0xbd,
158 0x72, 0xef, 0x1d, 0x50, 0x5b, 0xb1, 0x60, 0x0a, 0x5c, 0x0b, 0xa6, 0x21,
159 0x38, 0x28, 0x4e, 0x89, 0x33, 0x1d, 0xb5, 0x7e, 0x5c, 0xf1, 0x6b, 0x2c,
160 0xbd, 0xad, 0x84, 0xb2, 0x8e, 0x96, 0xe2, 0x30, 0xe7, 0x54, 0xb8, 0xc9,
161 0x70, 0xcb, 0x10, 0x30, 0x63, 0x90, 0xf4, 0x45, 0x64, 0x93, 0x09, 0x38,
162 0x6a, 0x47, 0x58, 0x31, 0x04, 0x1a, 0x18, 0x04, 0x1a, 0xe0, 0xd7, 0x0b,
163 0x3c, 0xbe, 0x2a, 0x9c, 0xec, 0xcc, 0x0d, 0x0c, 0xed, 0xde, 0x54, 0xbc,
164 0xe6, 0x93, 0x59, 0xfc
167 static int ffc_params_validate_g_unverified_test(void)
171 BIGNUM *p = NULL, *q = NULL, *g = NULL;
172 BIGNUM *p1 = NULL, *g1 = NULL;
174 ffc_params_init(¶ms);
176 if (!TEST_ptr(p = BN_bin2bn(dsa_2048_224_sha256_p,
177 sizeof(dsa_2048_224_sha256_p), NULL)))
180 if (!TEST_ptr(q = BN_bin2bn(dsa_2048_224_sha256_q,
181 sizeof(dsa_2048_224_sha256_q), NULL)))
183 if (!TEST_ptr(g = BN_bin2bn(dsa_2048_224_sha256_g,
184 sizeof(dsa_2048_224_sha256_g), NULL)))
188 /* Fail if g is NULL */
189 ffc_params_set0_pqg(¶ms, p, q, NULL);
192 ffc_params_set_flags(¶ms, FFC_PARAM_FLAG_VALIDATE_G);
193 ffc_set_digest(¶ms, "SHA256", NULL);
195 if (!TEST_false(ffc_params_FIPS186_4_validate(NULL, ¶ms,
200 ffc_params_set0_pqg(¶ms, p, q, g);
202 if (!TEST_true(ffc_params_FIPS186_4_validate(NULL, ¶ms,
209 if (!TEST_false(ffc_params_FIPS186_4_validate(NULL, ¶ms,
216 if (!TEST_false(ffc_params_FIPS186_4_validate(NULL, ¶ms,
223 if (!TEST_false(ffc_params_FIPS186_4_validate(NULL, ¶ms,
230 ffc_params_cleanup(¶ms);
237 static int ffc_params_validate_pq_test(void)
239 int ret = 0, res = -1;
241 BIGNUM *p = NULL, *q = NULL;
243 ffc_params_init(¶ms);
244 if (!TEST_ptr(p = BN_bin2bn(dsa_2048_224_sha224_p,
245 sizeof(dsa_2048_224_sha224_p),
248 if (!TEST_ptr(q = BN_bin2bn(dsa_2048_224_sha224_q,
249 sizeof(dsa_2048_224_sha224_q),
254 ffc_params_set0_pqg(¶ms, NULL, q, NULL);
256 ffc_params_set_flags(¶ms, FFC_PARAM_FLAG_VALIDATE_PQ);
257 ffc_set_digest(¶ms, "SHA224", NULL);
259 if (!TEST_false(ffc_params_FIPS186_4_validate(NULL, ¶ms,
264 /* Test valid case */
265 ffc_params_set0_pqg(¶ms, p, NULL, NULL);
267 ffc_params_set_validate_params(¶ms, dsa_2048_224_sha224_seed,
268 sizeof(dsa_2048_224_sha224_seed),
269 dsa_2048_224_sha224_counter);
270 if (!TEST_true(ffc_params_FIPS186_4_validate(NULL, ¶ms,
275 /* Bad counter - so p is not prime */
276 ffc_params_set_validate_params(¶ms, dsa_2048_224_sha224_seed,
277 sizeof(dsa_2048_224_sha224_seed),
279 if (!TEST_false(ffc_params_FIPS186_4_validate(NULL, ¶ms,
284 /* seedlen smaller than N */
285 ffc_params_set_validate_params(¶ms, dsa_2048_224_sha224_seed,
286 sizeof(dsa_2048_224_sha224_seed)-1,
287 dsa_2048_224_sha224_counter);
288 if (!TEST_false(ffc_params_FIPS186_4_validate(NULL, ¶ms,
293 /* Provided seed doesnt produce a valid prime q */
294 ffc_params_set_validate_params(¶ms, dsa_2048_224_sha224_bad_seed,
295 sizeof(dsa_2048_224_sha224_bad_seed),
296 dsa_2048_224_sha224_counter);
297 if (!TEST_false(ffc_params_FIPS186_4_validate(NULL, ¶ms,
302 if (!TEST_ptr(p = BN_bin2bn(dsa_3072_256_sha512_p,
303 sizeof(dsa_3072_256_sha512_p), NULL)))
305 if (!TEST_ptr(q = BN_bin2bn(dsa_3072_256_sha512_q,
306 sizeof(dsa_3072_256_sha512_q),
311 ffc_params_set0_pqg(¶ms, p, q, NULL);
313 ffc_set_digest(¶ms, "SHA512", NULL);
314 ffc_params_set_validate_params(¶ms, dsa_3072_256_sha512_seed,
315 sizeof(dsa_3072_256_sha512_seed),
316 dsa_3072_256_sha512_counter);
317 /* Q doesn't div P-1 */
318 if (!TEST_false(ffc_params_FIPS186_4_validate(NULL, ¶ms,
323 /* Bad L/N for FIPS DH */
324 if (!TEST_false(ffc_params_FIPS186_4_validate(NULL, ¶ms,
331 ffc_params_cleanup(¶ms);
336 #endif /* OPENSSL_NO_DSA */
338 #ifndef OPENSSL_NO_DH
339 static int ffc_params_gen_test(void)
341 int ret = 0, res = -1;
344 ffc_params_init(¶ms);
345 if (!TEST_true(ffc_params_FIPS186_4_generate(NULL, ¶ms,
347 2048, 256, &res, NULL)))
349 if (!TEST_true(ffc_params_FIPS186_4_validate(NULL, ¶ms,
356 ffc_params_cleanup(¶ms);
360 static int ffc_params_gen_canonicalg_test(void)
362 int ret = 0, res = -1;
365 ffc_params_init(¶ms);
367 if (!TEST_true(ffc_params_FIPS186_4_generate(NULL, ¶ms,
369 2048, 256, &res, NULL)))
371 if (!TEST_true(ffc_params_FIPS186_4_validate(NULL, ¶ms,
376 if (!TEST_true(ffc_params_print(bio_out, ¶ms, 4)))
381 ffc_params_cleanup(¶ms);
385 static int ffc_params_fips186_2_gen_validate_test(void)
387 int ret = 0, res = -1;
391 ffc_params_init(¶ms);
392 if (!TEST_ptr(bn = BN_new()))
394 if (!TEST_true(ffc_params_FIPS186_2_generate(NULL, ¶ms,
396 1024, 160, &res, NULL)))
398 if (!TEST_true(ffc_params_FIPS186_2_validate(NULL, ¶ms,
402 /* FIPS 186-4 L,N pair test will fail for DH */
403 if (!TEST_false(ffc_params_FIPS186_4_validate(NULL, ¶ms,
407 if (!TEST_int_eq(res, FFC_CHECK_BAD_LN_PAIR))
411 * The fips186-2 generation should produce a different q compared to
412 * fips 186-4 given the same seed value. So validation of q will fail.
414 if (!TEST_false(ffc_params_FIPS186_4_validate(NULL, ¶ms,
418 /* As the params are randomly generated the error is one of the following */
419 if (!TEST_true(res == FFC_CHECK_Q_MISMATCH || res == FFC_CHECK_Q_NOT_PRIME))
422 ffc_params_set_flags(¶ms, FFC_PARAM_FLAG_VALIDATE_G);
423 /* Partially valid g test will still pass */
424 if (!TEST_int_eq(ffc_params_FIPS186_4_validate(NULL, ¶ms,
429 if (!TEST_true(ffc_params_print(bio_out, ¶ms, 4)))
435 ffc_params_cleanup(¶ms);
439 extern FFC_PARAMS *dh_get0_params(DH *dh);
441 static int ffc_public_validate_test(void)
443 int ret = 0, res = -1;
448 if (!TEST_ptr(pub = BN_new()))
451 if (!TEST_ptr(dh = DH_new_by_nid(NID_ffdhe2048)))
453 params = dh_get0_params(dh);
455 if (!TEST_true(BN_set_word(pub, 1)))
457 BN_set_negative(pub, 1);
458 /* Fail if public key is negative */
459 if (!TEST_false(ffc_validate_public_key(params, pub, &res)))
461 if (!TEST_int_eq(FFC_ERROR_PUBKEY_TOO_SMALL, res))
463 if (!TEST_true(BN_set_word(pub, 0)))
465 if (!TEST_int_eq(FFC_ERROR_PUBKEY_TOO_SMALL, res))
467 /* Fail if public key is zero */
468 if (!TEST_false(ffc_validate_public_key(params, pub, &res)))
470 if (!TEST_int_eq(FFC_ERROR_PUBKEY_TOO_SMALL, res))
472 /* Fail if public key is 1 */
473 if (!TEST_false(ffc_validate_public_key(params, BN_value_one(), &res)))
475 if (!TEST_int_eq(FFC_ERROR_PUBKEY_TOO_SMALL, res))
477 if (!TEST_true(BN_add_word(pub, 2)))
479 /* Pass if public key >= 2 */
480 if (!TEST_true(ffc_validate_public_key(params, pub, &res)))
483 if (!TEST_ptr(BN_copy(pub, params->p)))
485 /* Fail if public key = p */
486 if (!TEST_false(ffc_validate_public_key(params, pub, &res)))
488 if (!TEST_int_eq(FFC_ERROR_PUBKEY_TOO_LARGE, res))
491 if (!TEST_true(BN_sub_word(pub, 1)))
493 /* Fail if public key = p - 1 */
494 if (!TEST_false(ffc_validate_public_key(params, pub, &res)))
496 if (!TEST_int_eq(FFC_ERROR_PUBKEY_TOO_LARGE, res))
499 if (!TEST_true(BN_sub_word(pub, 1)))
501 /* Fail if public key is not related to p & q */
502 if (!TEST_false(ffc_validate_public_key(params, pub, &res)))
504 if (!TEST_int_eq(FFC_ERROR_PUBKEY_INVALID, res))
507 if (!TEST_true(BN_sub_word(pub, 5)))
509 /* Pass if public key is valid */
510 if (!TEST_true(ffc_validate_public_key(params, pub, &res)))
520 static int ffc_private_validate_test(void)
522 int ret = 0, res = -1;
527 if (!TEST_ptr(priv = BN_new()))
530 if (!TEST_ptr(dh = DH_new_by_nid(NID_ffdhe2048)))
532 params = dh_get0_params(dh);
534 if (!TEST_true(BN_set_word(priv, 1)))
536 BN_set_negative(priv, 1);
537 /* Fail if priv key is negative */
538 if (!TEST_false(ffc_validate_private_key(params->q, priv, &res)))
540 if (!TEST_int_eq(FFC_ERROR_PRIVKEY_TOO_SMALL, res))
543 if (!TEST_true(BN_set_word(priv, 0)))
545 /* Fail if priv key is zero */
546 if (!TEST_false(ffc_validate_private_key(params->q, priv, &res)))
548 if (!TEST_int_eq(FFC_ERROR_PRIVKEY_TOO_SMALL, res))
551 /* Pass if priv key >= 1 */
552 if (!TEST_true(ffc_validate_private_key(params->q, BN_value_one(), &res)))
555 if (!TEST_ptr(BN_copy(priv, params->q)))
557 /* Fail if priv key = upper */
558 if (!TEST_false(ffc_validate_private_key(params->q, priv, &res)))
560 if (!TEST_int_eq(FFC_ERROR_PRIVKEY_TOO_LARGE, res))
563 if (!TEST_true(BN_sub_word(priv, 1)))
565 /* Pass if priv key <= upper - 1 */
566 if (!TEST_true(ffc_validate_private_key(params->q, priv, &res)))
576 static int ffc_private_gen_test(int index)
578 int ret = 0, res = -1, N;
584 if (!TEST_ptr(ctx = BN_CTX_new_ex(NULL)))
587 if (!TEST_ptr(priv = BN_new()))
590 if (!TEST_ptr(dh = DH_new_by_nid(NID_ffdhe2048)))
592 params = dh_get0_params(dh);
594 N = BN_num_bits(params->q);
595 /* Fail since N < 2*s - where s = 112*/
596 if (!TEST_false(ffc_generate_private_key(ctx, params, 220, 112, priv)))
598 /* fail since N > len(q) */
599 if (!TEST_false(ffc_generate_private_key(ctx, params, N + 1, 112, priv)))
601 /* pass since 2s <= N <= len(q) */
602 if (!TEST_true(ffc_generate_private_key(ctx, params, N, 112, priv)))
604 /* pass since N = len(q) */
605 if (!TEST_true(ffc_validate_private_key(params->q, priv, &res)))
607 /* pass since 2s <= N < len(q) */
608 if (!TEST_true(ffc_generate_private_key(ctx, params, N / 2, 112, priv)))
610 if (!TEST_true(ffc_validate_private_key(params->q, priv, &res)))
613 /* N and s are ignored in this case */
614 if (!TEST_true(ffc_generate_private_key(ctx, params, 0, 0, priv)))
616 if (!TEST_true(ffc_validate_private_key(params->q, priv, &res)))
626 #endif /* OPENSSL_NO_DH */
628 int setup_tests(void)
630 #ifndef OPENSSL_NO_DSA
631 ADD_TEST(ffc_params_validate_pq_test);
632 ADD_TEST(ffc_params_validate_g_unverified_test);
633 #endif /* OPENSSL_NO_DSA */
634 #ifndef OPENSSL_NO_DH
635 ADD_TEST(ffc_params_gen_test);
636 ADD_TEST(ffc_params_gen_canonicalg_test);
637 ADD_TEST(ffc_params_fips186_2_gen_validate_test);
638 ADD_TEST(ffc_public_validate_test);
639 ADD_TEST(ffc_private_validate_test);
640 ADD_ALL_TESTS(ffc_private_gen_test, 10);
641 #endif /* OPENSSL_NO_DH */