2 * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved.
3 * Copyright (c) 2019-2020, Oracle and/or its affiliates. All rights reserved.
5 * Licensed under the Apache License 2.0 (the "License"). You may not use
6 * this file except in compliance with the License. You can obtain a copy
7 * in the file LICENSE in the source distribution or at
8 * https://www.openssl.org/source/license.html
15 #include "internal/nelem.h"
16 #include <openssl/crypto.h>
17 #include <openssl/bio.h>
18 #include <openssl/bn.h>
19 #include <openssl/rand.h>
20 #include <openssl/err.h>
23 #include "internal/ffc.h"
25 #ifndef OPENSSL_NO_DSA
26 static const unsigned char dsa_2048_224_sha224_p[] = {
27 0x93, 0x57, 0x93, 0x62, 0x1b, 0x9a, 0x10, 0x9b, 0xc1, 0x56, 0x0f, 0x24,
28 0x71, 0x76, 0x4e, 0xd3, 0xed, 0x78, 0x78, 0x7a, 0xbf, 0x89, 0x71, 0x67,
29 0x8e, 0x03, 0xd8, 0x5b, 0xcd, 0x22, 0x8f, 0x70, 0x74, 0xff, 0x22, 0x05,
30 0x07, 0x0c, 0x4c, 0x60, 0xed, 0x41, 0xe1, 0x9e, 0x9c, 0xaa, 0x3e, 0x19,
31 0x5c, 0x3d, 0x80, 0x58, 0xb2, 0x7f, 0x5f, 0x89, 0xec, 0xb5, 0x19, 0xdb,
32 0x06, 0x11, 0xe9, 0x78, 0x5c, 0xf9, 0xa0, 0x9e, 0x70, 0x62, 0x14, 0x7b,
33 0xda, 0x92, 0xbf, 0xb2, 0x6b, 0x01, 0x6f, 0xb8, 0x68, 0x9c, 0x89, 0x36,
34 0x89, 0x72, 0x79, 0x49, 0x93, 0x3d, 0x14, 0xb2, 0x2d, 0xbb, 0xf0, 0xdf,
35 0x94, 0x45, 0x0b, 0x5f, 0xf1, 0x75, 0x37, 0xeb, 0x49, 0xb9, 0x2d, 0xce,
36 0xb7, 0xf4, 0x95, 0x77, 0xc2, 0xe9, 0x39, 0x1c, 0x4e, 0x0c, 0x40, 0x62,
37 0x33, 0x0a, 0xe6, 0x29, 0x6f, 0xba, 0xef, 0x02, 0xdd, 0x0d, 0xe4, 0x04,
38 0x01, 0x70, 0x40, 0xb9, 0xc9, 0x7e, 0x2f, 0x10, 0x37, 0xe9, 0xde, 0xb0,
39 0xf6, 0xeb, 0x71, 0x7f, 0x9c, 0x35, 0x16, 0xf3, 0x0d, 0xc4, 0xe8, 0x02,
40 0x37, 0x6c, 0xdd, 0xb3, 0x8d, 0x2d, 0x1e, 0x28, 0x13, 0x22, 0x89, 0x40,
41 0xe5, 0xfa, 0x16, 0x67, 0xd6, 0xda, 0x12, 0xa2, 0x38, 0x83, 0x25, 0xcc,
42 0x26, 0xc1, 0x27, 0x74, 0xfe, 0xf6, 0x7a, 0xb6, 0xa1, 0xe4, 0xe8, 0xdf,
43 0x5d, 0xd2, 0x9c, 0x2f, 0xec, 0xea, 0x08, 0xca, 0x48, 0xdb, 0x18, 0x4b,
44 0x12, 0xee, 0x16, 0x9b, 0xa6, 0x00, 0xa0, 0x18, 0x98, 0x7d, 0xce, 0x6c,
45 0x6d, 0xf8, 0xfc, 0x95, 0x51, 0x1b, 0x0a, 0x40, 0xb6, 0xfc, 0xe5, 0xe2,
46 0xb0, 0x26, 0x53, 0x4c, 0xd7, 0xfe, 0xaa, 0x6d, 0xbc, 0xdd, 0xc0, 0x61,
47 0x65, 0xe4, 0x89, 0x44, 0x18, 0x6f, 0xd5, 0x39, 0xcf, 0x75, 0x6d, 0x29,
48 0xcc, 0xf8, 0x40, 0xab
50 static const unsigned char dsa_2048_224_sha224_q[] = {
51 0xf2, 0x5e, 0x4e, 0x9a, 0x15, 0xa8, 0x13, 0xdf, 0xa3, 0x17, 0x90, 0xc6,
52 0xd6, 0x5e, 0xb1, 0xfb, 0x31, 0xf8, 0xb5, 0xb1, 0x4b, 0xa7, 0x6d, 0xde,
53 0x57, 0x76, 0x6f, 0x11
55 static const unsigned char dsa_2048_224_sha224_seed[] = {
56 0xd2, 0xb1, 0x36, 0xd8, 0x5b, 0x8e, 0xa4, 0xb2, 0x6a, 0xab, 0x4e, 0x85,
57 0x8b, 0x49, 0xf9, 0xdd, 0xe6, 0xa1, 0xcd, 0xad, 0x49, 0x52, 0xe9, 0xb3,
58 0x36, 0x17, 0x06, 0xcf
60 static const unsigned char dsa_2048_224_sha224_bad_seed[] = {
61 0xd2, 0xb1, 0x36, 0xd8, 0x5b, 0x8e, 0xa4, 0xb2, 0x6a, 0xab, 0x4e, 0x85,
62 0x8b, 0x49, 0xf9, 0xdd, 0xe6, 0xa1, 0xcd, 0xad, 0x49, 0x52, 0xe9, 0xb3,
63 0x36, 0x17, 0x06, 0xd0
65 static int dsa_2048_224_sha224_counter = 2878;
67 static const unsigned char dsa_3072_256_sha512_p[] = {
68 0x9a, 0x82, 0x8b, 0x8d, 0xea, 0xd0, 0x56, 0x23, 0x88, 0x2d, 0x5d, 0x41,
69 0x42, 0x4c, 0x13, 0x5a, 0x15, 0x81, 0x59, 0x02, 0xc5, 0x00, 0x82, 0x28,
70 0x01, 0xee, 0x8f, 0x99, 0xfd, 0x6a, 0x95, 0xf2, 0x0f, 0xae, 0x34, 0x77,
71 0x29, 0xcc, 0xc7, 0x50, 0x0e, 0x03, 0xef, 0xb0, 0x4d, 0xe5, 0x10, 0x00,
72 0xa8, 0x7b, 0xce, 0x8c, 0xc6, 0xb2, 0x01, 0x74, 0x23, 0x1b, 0x7f, 0xe8,
73 0xf9, 0x71, 0x28, 0x39, 0xcf, 0x18, 0x04, 0xb2, 0x95, 0x61, 0x2d, 0x11,
74 0x71, 0x6b, 0xdd, 0x0d, 0x0b, 0xf0, 0xe6, 0x97, 0x52, 0x29, 0x9d, 0x45,
75 0xb1, 0x23, 0xda, 0xb0, 0xd5, 0xcb, 0x51, 0x71, 0x8e, 0x40, 0x9c, 0x97,
76 0x13, 0xea, 0x1f, 0x4b, 0x32, 0x5d, 0x27, 0x74, 0x81, 0x8d, 0x47, 0x8a,
77 0x08, 0xce, 0xf4, 0xd1, 0x28, 0xa2, 0x0f, 0x9b, 0x2e, 0xc9, 0xa3, 0x0e,
78 0x5d, 0xde, 0x47, 0x19, 0x6d, 0x5f, 0x98, 0xe0, 0x8e, 0x7f, 0x60, 0x8f,
79 0x25, 0xa7, 0xa4, 0xeb, 0xb9, 0xf3, 0x24, 0xa4, 0x9e, 0xc1, 0xbd, 0x14,
80 0x27, 0x7c, 0x27, 0xc8, 0x4f, 0x5f, 0xed, 0xfd, 0x86, 0xc8, 0xf1, 0xd7,
81 0x82, 0xe2, 0xeb, 0xe5, 0xd2, 0xbe, 0xb0, 0x65, 0x28, 0xab, 0x99, 0x9e,
82 0xcd, 0xd5, 0x22, 0xf8, 0x1b, 0x3b, 0x01, 0xe9, 0x20, 0x3d, 0xe4, 0x98,
83 0x22, 0xfe, 0xfc, 0x09, 0x7e, 0x95, 0x20, 0xda, 0xb6, 0x12, 0x2c, 0x94,
84 0x5c, 0xea, 0x74, 0x71, 0xbd, 0x19, 0xac, 0x78, 0x43, 0x02, 0x51, 0xb8,
85 0x5f, 0x06, 0x1d, 0xea, 0xc8, 0xa4, 0x3b, 0xc9, 0x78, 0xa3, 0x2b, 0x09,
86 0xdc, 0x76, 0x74, 0xc4, 0x23, 0x14, 0x48, 0x2e, 0x84, 0x2b, 0xa3, 0x82,
87 0xc1, 0xba, 0x0b, 0x39, 0x2a, 0x9f, 0x24, 0x7b, 0xd6, 0xc2, 0xea, 0x5a,
88 0xb6, 0xbd, 0x15, 0x82, 0x21, 0x85, 0xe0, 0x6b, 0x12, 0x4f, 0x8d, 0x64,
89 0x75, 0xeb, 0x7e, 0xa1, 0xdb, 0xe0, 0x9d, 0x25, 0xae, 0x3b, 0xe9, 0x9b,
90 0x21, 0x7f, 0x9a, 0x3d, 0x66, 0xd0, 0x52, 0x1d, 0x39, 0x8b, 0xeb, 0xfc,
91 0xec, 0xbe, 0x72, 0x20, 0x5a, 0xdf, 0x1b, 0x00, 0xf1, 0x0e, 0xed, 0xc6,
92 0x78, 0x6f, 0xc9, 0xab, 0xe4, 0xd6, 0x81, 0x8b, 0xcc, 0xf6, 0xd4, 0x6a,
93 0x31, 0x62, 0x08, 0xd9, 0x38, 0x21, 0x8f, 0xda, 0x9e, 0xb1, 0x2b, 0x9c,
94 0xc0, 0xbe, 0xf7, 0x9a, 0x43, 0x2d, 0x07, 0x59, 0x46, 0x0e, 0xd5, 0x23,
95 0x4e, 0xaa, 0x4a, 0x04, 0xc2, 0xde, 0x33, 0xa6, 0x34, 0xba, 0xac, 0x4f,
96 0x78, 0xd8, 0xca, 0x76, 0xce, 0x5e, 0xd4, 0xf6, 0x85, 0x4c, 0x6a, 0x60,
97 0x08, 0x5d, 0x0e, 0x34, 0x8b, 0xf2, 0xb6, 0xe3, 0xb7, 0x51, 0xca, 0x43,
98 0xaa, 0x68, 0x7b, 0x0a, 0x6e, 0xea, 0xce, 0x1e, 0x2c, 0x34, 0x8e, 0x0f,
99 0xe2, 0xcc, 0x38, 0xf2, 0x9a, 0x98, 0xef, 0xe6, 0x7f, 0xf6, 0x62, 0xbb
101 static const unsigned char dsa_3072_256_sha512_q[] = {
102 0xc1, 0xdb, 0xc1, 0x21, 0x50, 0x49, 0x63, 0xa3, 0x77, 0x6d, 0x4c, 0x92,
103 0xed, 0x58, 0x9e, 0x98, 0xea, 0xac, 0x7a, 0x90, 0x13, 0x24, 0xf7, 0xcd,
104 0xd7, 0xe6, 0xd4, 0x8f, 0xf0, 0x45, 0x4b, 0xf7
106 static const unsigned char dsa_3072_256_sha512_seed[] = {
107 0x35, 0x24, 0xb5, 0x59, 0xd5, 0x27, 0x58, 0x10, 0xf6, 0xa2, 0x7c, 0x9a,
108 0x0d, 0xc2, 0x70, 0x8a, 0xb0, 0x41, 0x4a, 0x84, 0x0b, 0xfe, 0x66, 0xf5,
109 0x3a, 0xbf, 0x4a, 0xa9, 0xcb, 0xfc, 0xa6, 0x22
111 static int dsa_3072_256_sha512_counter = 1604;
113 static const unsigned char dsa_2048_224_sha256_p[] = {
114 0xe9, 0x13, 0xbc, 0xf2, 0x14, 0x5d, 0xf9, 0x79, 0xd6, 0x6d, 0xf5, 0xc5,
115 0xbe, 0x7b, 0x6f, 0x90, 0x63, 0xd0, 0xfd, 0xee, 0x4f, 0xc4, 0x65, 0x83,
116 0xbf, 0xec, 0xc3, 0x2c, 0x5d, 0x30, 0xc8, 0xa4, 0x3b, 0x2f, 0x3b, 0x29,
117 0x43, 0x69, 0xfb, 0x6e, 0xa9, 0xa4, 0x07, 0x6c, 0xcd, 0xb0, 0xd2, 0xd9,
118 0xd3, 0xe6, 0xf4, 0x87, 0x16, 0xb7, 0xe5, 0x06, 0xb9, 0xba, 0xd6, 0x87,
119 0xbc, 0x01, 0x9e, 0xba, 0xc2, 0xcf, 0x39, 0xb6, 0xec, 0xdc, 0x75, 0x07,
120 0xc1, 0x39, 0x2d, 0x6a, 0x95, 0x31, 0x97, 0xda, 0x54, 0x20, 0x29, 0xe0,
121 0x1b, 0xf9, 0x74, 0x65, 0xaa, 0xc1, 0x47, 0xd3, 0x9e, 0xb4, 0x3c, 0x1d,
122 0xe0, 0xdc, 0x2d, 0x21, 0xab, 0x12, 0x3b, 0xa5, 0x51, 0x1e, 0xc6, 0xbc,
123 0x6b, 0x4c, 0x22, 0xd1, 0x7c, 0xc6, 0xce, 0xcb, 0x8c, 0x1d, 0x1f, 0xce,
124 0x1c, 0xe2, 0x75, 0x49, 0x6d, 0x2c, 0xee, 0x7f, 0x5f, 0xb8, 0x74, 0x42,
125 0x5c, 0x96, 0x77, 0x13, 0xff, 0x80, 0xf3, 0x05, 0xc7, 0xfe, 0x08, 0x3b,
126 0x25, 0x36, 0x46, 0xa2, 0xc4, 0x26, 0xb4, 0xb0, 0x3b, 0xd5, 0xb2, 0x4c,
127 0x13, 0x29, 0x0e, 0x47, 0x31, 0x66, 0x7d, 0x78, 0x57, 0xe6, 0xc2, 0xb5,
128 0x9f, 0x46, 0x17, 0xbc, 0xa9, 0x9a, 0x49, 0x1c, 0x0f, 0x45, 0xe0, 0x88,
129 0x97, 0xa1, 0x30, 0x7c, 0x42, 0xb7, 0x2c, 0x0a, 0xce, 0xb3, 0xa5, 0x7a,
130 0x61, 0x8e, 0xab, 0x44, 0xc1, 0xdc, 0x70, 0xe5, 0xda, 0x78, 0x2a, 0xb4,
131 0xe6, 0x3c, 0xa0, 0x58, 0xda, 0x62, 0x0a, 0xb2, 0xa9, 0x3d, 0xaa, 0x49,
132 0x7e, 0x7f, 0x9a, 0x19, 0x67, 0xee, 0xd6, 0xe3, 0x67, 0x13, 0xe8, 0x6f,
133 0x79, 0x50, 0x76, 0xfc, 0xb3, 0x9d, 0x7e, 0x9e, 0x3e, 0x6e, 0x47, 0xb1,
134 0x11, 0x5e, 0xc8, 0x83, 0x3a, 0x3c, 0xfc, 0x82, 0x5c, 0x9d, 0x34, 0x65,
135 0x73, 0xb4, 0x56, 0xd5
137 static const unsigned char dsa_2048_224_sha256_q[] = {
138 0xb0, 0xdf, 0xa1, 0x7b, 0xa4, 0x77, 0x64, 0x0e, 0xb9, 0x28, 0xbb, 0xbc,
139 0xd4, 0x60, 0x02, 0xaf, 0x21, 0x8c, 0xb0, 0x69, 0x0f, 0x8a, 0x7b, 0xc6,
140 0x80, 0xcb, 0x0a, 0x45
142 static const unsigned char dsa_2048_224_sha256_g[] = {
143 0x11, 0x7c, 0x5f, 0xf6, 0x99, 0x44, 0x67, 0x5b, 0x69, 0xa3, 0x83, 0xef,
144 0xb5, 0x85, 0xa2, 0x19, 0x35, 0x18, 0x2a, 0xf2, 0x58, 0xf4, 0xc9, 0x58,
145 0x9e, 0xb9, 0xe8, 0x91, 0x17, 0x2f, 0xb0, 0x60, 0x85, 0x95, 0xa6, 0x62,
146 0x36, 0xd0, 0xff, 0x94, 0xb9, 0xa6, 0x50, 0xad, 0xa6, 0xf6, 0x04, 0x28,
147 0xc2, 0xc9, 0xb9, 0x75, 0xf3, 0x66, 0xb4, 0xeb, 0xf6, 0xd5, 0x06, 0x13,
148 0x01, 0x64, 0x82, 0xa9, 0xf1, 0xd5, 0x41, 0xdc, 0xf2, 0x08, 0xfc, 0x2f,
149 0xc4, 0xa1, 0x21, 0xee, 0x7d, 0xbc, 0xda, 0x5a, 0xa4, 0xa2, 0xb9, 0x68,
150 0x87, 0x36, 0xba, 0x53, 0x9e, 0x14, 0x4e, 0x76, 0x5c, 0xba, 0x79, 0x3d,
151 0x0f, 0xe5, 0x99, 0x1c, 0x27, 0xfc, 0xaf, 0x10, 0x63, 0x87, 0x68, 0x0e,
152 0x3e, 0x6e, 0xaa, 0xf3, 0xdf, 0x76, 0x7e, 0x02, 0x9a, 0x41, 0x96, 0xa1,
153 0x6c, 0xbb, 0x67, 0xee, 0x0c, 0xad, 0x72, 0x65, 0xf1, 0x70, 0xb0, 0x39,
154 0x9b, 0x54, 0x5f, 0xd7, 0x6c, 0xc5, 0x9a, 0x90, 0x53, 0x18, 0xde, 0x5e,
155 0x62, 0x89, 0xb9, 0x2f, 0x66, 0x59, 0x3a, 0x3d, 0x10, 0xeb, 0xa5, 0x99,
156 0xf6, 0x21, 0x7d, 0xf2, 0x7b, 0x42, 0x15, 0x1c, 0x55, 0x79, 0x15, 0xaa,
157 0xa4, 0x17, 0x2e, 0x48, 0xc3, 0xa8, 0x36, 0xf5, 0x1a, 0x97, 0xce, 0xbd,
158 0x72, 0xef, 0x1d, 0x50, 0x5b, 0xb1, 0x60, 0x0a, 0x5c, 0x0b, 0xa6, 0x21,
159 0x38, 0x28, 0x4e, 0x89, 0x33, 0x1d, 0xb5, 0x7e, 0x5c, 0xf1, 0x6b, 0x2c,
160 0xbd, 0xad, 0x84, 0xb2, 0x8e, 0x96, 0xe2, 0x30, 0xe7, 0x54, 0xb8, 0xc9,
161 0x70, 0xcb, 0x10, 0x30, 0x63, 0x90, 0xf4, 0x45, 0x64, 0x93, 0x09, 0x38,
162 0x6a, 0x47, 0x58, 0x31, 0x04, 0x1a, 0x18, 0x04, 0x1a, 0xe0, 0xd7, 0x0b,
163 0x3c, 0xbe, 0x2a, 0x9c, 0xec, 0xcc, 0x0d, 0x0c, 0xed, 0xde, 0x54, 0xbc,
164 0xe6, 0x93, 0x59, 0xfc
167 static int ffc_params_validate_g_unverified_test(void)
171 BIGNUM *p = NULL, *q = NULL, *g = NULL;
172 BIGNUM *p1 = NULL, *g1 = NULL;
174 ffc_params_init(¶ms);
176 if (!TEST_ptr(p = BN_bin2bn(dsa_2048_224_sha256_p,
177 sizeof(dsa_2048_224_sha256_p), NULL)))
180 if (!TEST_ptr(q = BN_bin2bn(dsa_2048_224_sha256_q,
181 sizeof(dsa_2048_224_sha256_q), NULL)))
183 if (!TEST_ptr(g = BN_bin2bn(dsa_2048_224_sha256_g,
184 sizeof(dsa_2048_224_sha256_g), NULL)))
188 /* Fail if g is NULL */
189 ffc_params_set0_pqg(¶ms, p, q, NULL);
192 if (!TEST_false(ffc_params_FIPS186_4_validate(¶ms, FFC_PARAM_TYPE_DSA,
194 FFC_PARAMS_VALIDATE_G, &res,
198 ffc_params_set0_pqg(¶ms, p, q, g);
200 if (!TEST_true(ffc_params_FIPS186_4_validate(¶ms, FFC_PARAM_TYPE_DSA,
202 FFC_PARAMS_VALIDATE_G, &res,
208 if (!TEST_false(ffc_params_FIPS186_4_validate(¶ms, FFC_PARAM_TYPE_DSA,
210 FFC_PARAMS_VALIDATE_G, &res,
216 if (!TEST_false(ffc_params_FIPS186_4_validate(¶ms, FFC_PARAM_TYPE_DSA,
218 FFC_PARAMS_VALIDATE_G, &res,
224 if (!TEST_false(ffc_params_FIPS186_4_validate(¶ms, FFC_PARAM_TYPE_DSA,
226 FFC_PARAMS_VALIDATE_G, &res,
232 ffc_params_cleanup(¶ms);
239 static int ffc_params_validate_pq_test(void)
241 int ret = 0, res = -1;
243 BIGNUM *p = NULL, *q = NULL;
245 ffc_params_init(¶ms);
246 if (!TEST_ptr(p = BN_bin2bn(dsa_2048_224_sha224_p,
247 sizeof(dsa_2048_224_sha224_p),
250 if (!TEST_ptr(q = BN_bin2bn(dsa_2048_224_sha224_q,
251 sizeof(dsa_2048_224_sha224_q),
256 ffc_params_set0_pqg(¶ms, NULL, q, NULL);
258 if (!TEST_false(ffc_params_FIPS186_4_validate(¶ms, FFC_PARAM_TYPE_DSA,
260 FFC_PARAMS_VALIDATE_PQ, &res,
264 /* Test valid case */
265 ffc_params_set0_pqg(¶ms, p, NULL, NULL);
267 ffc_params_set_validate_params(¶ms, dsa_2048_224_sha224_seed,
268 sizeof(dsa_2048_224_sha224_seed),
269 dsa_2048_224_sha224_counter);
270 if (!TEST_true(ffc_params_FIPS186_4_validate(¶ms, FFC_PARAM_TYPE_DSA,
272 FFC_PARAMS_VALIDATE_PQ, &res,
276 /* Bad counter - so p is not prime */
277 ffc_params_set_validate_params(¶ms, dsa_2048_224_sha224_seed,
278 sizeof(dsa_2048_224_sha224_seed),
280 if (!TEST_false(ffc_params_FIPS186_4_validate(¶ms, FFC_PARAM_TYPE_DSA,
282 FFC_PARAMS_VALIDATE_PQ, &res,
286 /* seedlen smaller than N */
287 ffc_params_set_validate_params(¶ms, dsa_2048_224_sha224_seed,
288 sizeof(dsa_2048_224_sha224_seed)-1,
289 dsa_2048_224_sha224_counter);
290 if (!TEST_false(ffc_params_FIPS186_4_validate(¶ms, FFC_PARAM_TYPE_DSA,
292 FFC_PARAMS_VALIDATE_PQ, &res,
296 /* Provided seed doesnt produce a valid prime q */
297 ffc_params_set_validate_params(¶ms, dsa_2048_224_sha224_bad_seed,
298 sizeof(dsa_2048_224_sha224_bad_seed),
299 dsa_2048_224_sha224_counter);
300 if (!TEST_false(ffc_params_FIPS186_4_validate(¶ms, FFC_PARAM_TYPE_DSA,
302 FFC_PARAMS_VALIDATE_PQ, &res,
306 if (!TEST_ptr(p = BN_bin2bn(dsa_3072_256_sha512_p,
307 sizeof(dsa_3072_256_sha512_p), NULL)))
309 if (!TEST_ptr(q = BN_bin2bn(dsa_3072_256_sha512_q,
310 sizeof(dsa_3072_256_sha512_q),
315 ffc_params_set0_pqg(¶ms, p, q, NULL);
317 ffc_params_set_validate_params(¶ms, dsa_3072_256_sha512_seed,
318 sizeof(dsa_3072_256_sha512_seed),
319 dsa_3072_256_sha512_counter);
320 /* Q doesn't div P-1 */
321 if (!TEST_false(ffc_params_FIPS186_4_validate(¶ms, FFC_PARAM_TYPE_DSA,
323 FFC_PARAMS_VALIDATE_PQ, &res,
327 /* Bad L/N for FIPS DH */
328 if (!TEST_false(ffc_params_FIPS186_4_validate(¶ms, FFC_PARAM_TYPE_DH,
330 FFC_PARAMS_VALIDATE_PQ, &res,
336 ffc_params_cleanup(¶ms);
341 #endif /* OPENSSL_NO_DSA */
343 #ifndef OPENSSL_NO_DH
344 static int ffc_params_gen_test(void)
346 int ret = 0, res = -1;
349 ffc_params_init(¶ms);
350 if (!TEST_true(ffc_params_FIPS186_4_generate(NULL, ¶ms, FFC_PARAM_TYPE_DH,
351 2048, 256, NULL, &res, NULL)))
353 if (!TEST_true(ffc_params_FIPS186_4_validate(¶ms, FFC_PARAM_TYPE_DH,
355 FFC_PARAMS_VALIDATE_ALL, &res,
361 ffc_params_cleanup(¶ms);
365 static int ffc_params_gen_canonicalg_test(void)
367 int ret = 0, res = -1;
370 ffc_params_init(¶ms);
372 if (!TEST_true(ffc_params_FIPS186_4_generate(NULL, ¶ms, FFC_PARAM_TYPE_DH,
373 2048, 256, NULL, &res, NULL)))
375 if (!TEST_true(ffc_params_FIPS186_4_validate(¶ms, FFC_PARAM_TYPE_DH,
377 FFC_PARAMS_VALIDATE_ALL, &res,
381 if (!TEST_true(ffc_params_print(bio_out, ¶ms, 4)))
386 ffc_params_cleanup(¶ms);
390 static int ffc_params_fips186_2_gen_validate_test(void)
392 int ret = 0, res = -1;
396 ffc_params_init(¶ms);
397 if (!TEST_ptr(bn = BN_new()))
399 if (!TEST_true(ffc_params_FIPS186_2_generate(NULL, ¶ms, FFC_PARAM_TYPE_DH,
400 1024, 160, NULL, &res, NULL)))
402 if (!TEST_true(ffc_params_FIPS186_2_validate(¶ms, FFC_PARAM_TYPE_DH,
404 FFC_PARAMS_VALIDATE_ALL, &res,
407 /* FIPS 186-4 L,N pair test will fail for DH */
408 if (!TEST_false(ffc_params_FIPS186_4_validate(¶ms, FFC_PARAM_TYPE_DH,
410 FFC_PARAMS_VALIDATE_ALL, &res,
413 if (!TEST_int_eq(res, FFC_CHECK_BAD_LN_PAIR))
417 * The fips186-2 generation should produce a different q compared to
418 * fips 186-4 given the same seed value. So validation of q will fail.
420 if (!TEST_false(ffc_params_FIPS186_4_validate(¶ms, FFC_PARAM_TYPE_DSA,
422 FFC_PARAMS_VALIDATE_ALL, &res,
425 /* As the params are randomly generated the error is one of the following */
426 if (!TEST_true(res == FFC_CHECK_Q_MISMATCH || res == FFC_CHECK_Q_NOT_PRIME))
429 /* Partially valid g test will still pass */
430 if (!TEST_int_eq(ffc_params_FIPS186_4_validate(¶ms, FFC_PARAM_TYPE_DSA,
432 FFC_PARAMS_VALIDATE_G, &res,
436 if (!TEST_true(ffc_params_print(bio_out, ¶ms, 4)))
442 ffc_params_cleanup(¶ms);
446 extern FFC_PARAMS *dh_get0_params(DH *dh);
448 static int ffc_public_validate_test(void)
450 int ret = 0, res = -1;
455 if (!TEST_ptr(pub = BN_new()))
458 if (!TEST_ptr(dh = DH_new_by_nid(NID_ffdhe2048)))
460 params = dh_get0_params(dh);
462 if (!TEST_true(BN_set_word(pub, 1)))
464 BN_set_negative(pub, 1);
465 /* Fail if public key is negative */
466 if (!TEST_false(ffc_validate_public_key(params, pub, &res)))
468 if (!TEST_int_eq(FFC_ERROR_PUBKEY_TOO_SMALL, res))
470 if (!TEST_true(BN_set_word(pub, 0)))
472 if (!TEST_int_eq(FFC_ERROR_PUBKEY_TOO_SMALL, res))
474 /* Fail if public key is zero */
475 if (!TEST_false(ffc_validate_public_key(params, pub, &res)))
477 if (!TEST_int_eq(FFC_ERROR_PUBKEY_TOO_SMALL, res))
479 /* Fail if public key is 1 */
480 if (!TEST_false(ffc_validate_public_key(params, BN_value_one(), &res)))
482 if (!TEST_int_eq(FFC_ERROR_PUBKEY_TOO_SMALL, res))
484 if (!TEST_true(BN_add_word(pub, 2)))
486 /* Pass if public key >= 2 */
487 if (!TEST_true(ffc_validate_public_key(params, pub, &res)))
490 if (!TEST_ptr(BN_copy(pub, params->p)))
492 /* Fail if public key = p */
493 if (!TEST_false(ffc_validate_public_key(params, pub, &res)))
495 if (!TEST_int_eq(FFC_ERROR_PUBKEY_TOO_LARGE, res))
498 if (!TEST_true(BN_sub_word(pub, 1)))
500 /* Fail if public key = p - 1 */
501 if (!TEST_false(ffc_validate_public_key(params, pub, &res)))
503 if (!TEST_int_eq(FFC_ERROR_PUBKEY_TOO_LARGE, res))
506 if (!TEST_true(BN_sub_word(pub, 1)))
508 /* Fail if public key is not related to p & q */
509 if (!TEST_false(ffc_validate_public_key(params, pub, &res)))
511 if (!TEST_int_eq(FFC_ERROR_PUBKEY_INVALID, res))
514 if (!TEST_true(BN_sub_word(pub, 5)))
516 /* Pass if public key is valid */
517 if (!TEST_true(ffc_validate_public_key(params, pub, &res)))
527 static int ffc_private_validate_test(void)
529 int ret = 0, res = -1;
534 if (!TEST_ptr(priv = BN_new()))
537 if (!TEST_ptr(dh = DH_new_by_nid(NID_ffdhe2048)))
539 params = dh_get0_params(dh);
541 if (!TEST_true(BN_set_word(priv, 1)))
543 BN_set_negative(priv, 1);
544 /* Fail if priv key is negative */
545 if (!TEST_false(ffc_validate_private_key(params->q, priv, &res)))
547 if (!TEST_int_eq(FFC_ERROR_PRIVKEY_TOO_SMALL, res))
550 if (!TEST_true(BN_set_word(priv, 0)))
552 /* Fail if priv key is zero */
553 if (!TEST_false(ffc_validate_private_key(params->q, priv, &res)))
555 if (!TEST_int_eq(FFC_ERROR_PRIVKEY_TOO_SMALL, res))
558 /* Pass if priv key >= 1 */
559 if (!TEST_true(ffc_validate_private_key(params->q, BN_value_one(), &res)))
562 if (!TEST_ptr(BN_copy(priv, params->q)))
564 /* Fail if priv key = upper */
565 if (!TEST_false(ffc_validate_private_key(params->q, priv, &res)))
567 if (!TEST_int_eq(FFC_ERROR_PRIVKEY_TOO_LARGE, res))
570 if (!TEST_true(BN_sub_word(priv, 1)))
572 /* Pass if priv key <= upper - 1 */
573 if (!TEST_true(ffc_validate_private_key(params->q, priv, &res)))
583 static int ffc_private_gen_test(int index)
585 int ret = 0, res = -1, N;
591 if (!TEST_ptr(ctx = BN_CTX_new_ex(NULL)))
594 if (!TEST_ptr(priv = BN_new()))
597 if (!TEST_ptr(dh = DH_new_by_nid(NID_ffdhe2048)))
599 params = dh_get0_params(dh);
601 N = BN_num_bits(params->q);
602 /* Fail since N < 2*s - where s = 112*/
603 if (!TEST_false(ffc_generate_private_key_fips(ctx, params, 220, 112, priv)))
605 /* fail since N > len(q) */
606 if (!TEST_false(ffc_generate_private_key_fips(ctx, params, N + 1, 112, priv)))
608 /* pass since 2s <= N <= len(q) */
609 if (!TEST_true(ffc_generate_private_key_fips(ctx, params, N, 112, priv)))
611 /* pass since N = len(q) */
612 if (!TEST_true(ffc_validate_private_key(params->q, priv, &res)))
614 /* pass since 2s <= N < len(q) */
615 if (!TEST_true(ffc_generate_private_key_fips(ctx, params, N / 2, 112, priv)))
617 if (!TEST_true(ffc_validate_private_key(params->q, priv, &res)))
620 /* N and s are ignored in this case */
621 if (!TEST_true(ffc_generate_private_key(ctx, params, 0, 0, priv)))
623 if (!TEST_true(ffc_validate_private_key(params->q, priv, &res)))
633 #endif /* OPENSSL_NO_DH */
635 int setup_tests(void)
637 #ifndef OPENSSL_NO_DSA
638 ADD_TEST(ffc_params_validate_pq_test);
639 ADD_TEST(ffc_params_validate_g_unverified_test);
640 #endif /* OPENSSL_NO_DSA */
641 #ifndef OPENSSL_NO_DH
642 ADD_TEST(ffc_params_gen_test);
643 ADD_TEST(ffc_params_gen_canonicalg_test);
644 ADD_TEST(ffc_params_fips186_2_gen_validate_test);
645 ADD_TEST(ffc_public_validate_test);
646 ADD_TEST(ffc_private_validate_test);
647 ADD_ALL_TESTS(ffc_private_gen_test, 10);
648 #endif /* OPENSSL_NO_DH */