From ec4d1b8f8ce2d2ed1c378abfeffaabfda3cc7122 Mon Sep 17 00:00:00 2001 From: Shane Lontis Date: Fri, 3 Apr 2020 16:50:36 +1000 Subject: [PATCH] Add data driven SELF TEST code for signatures and key agreement Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/11036) --- doc/man7/OSSL_PROVIDER-FIPS.pod | 4 +- include/openssl/self_test.h | 3 +- providers/fips/fipsprov.c | 353 ------------ providers/fips/self_test_data.inc | 836 +++++++++++++++++++++++++++-- providers/fips/self_test_kats.c | 274 +++++++++- test/recipes/03-test_fipsinstall.t | 20 +- 6 files changed, 1074 insertions(+), 416 deletions(-) diff --git a/doc/man7/OSSL_PROVIDER-FIPS.pod b/doc/man7/OSSL_PROVIDER-FIPS.pod index 56844deeb9..92dab0e88a 100644 --- a/doc/man7/OSSL_PROVIDER-FIPS.pod +++ b/doc/man7/OSSL_PROVIDER-FIPS.pod @@ -245,12 +245,14 @@ Signature tests used with the "KAT_Signature" type. =item "ECDH" (B) -=item "ECDSA" (B) +=item "DH" (B) Key agreement tests used with the "KAT_KA" type. =item "HKDF" (B) +=item "SSKDF" (B) + Key Derivation Function tests used with the "KAT_KDF" type. =item "CTR" (B) diff --git a/include/openssl/self_test.h b/include/openssl/self_test.h index 478d4b3cd5..b4981e547f 100644 --- a/include/openssl/self_test.h +++ b/include/openssl/self_test.h @@ -52,9 +52,10 @@ extern "C" { # define OSSL_SELF_TEST_DESC_DRBG_CTR "CTR" # define OSSL_SELF_TEST_DESC_DRBG_HASH "HASH" # define OSSL_SELF_TEST_DESC_DRBG_HMAC "HMAC" +# define OSSL_SELF_TEST_DESC_KA_DH "DH" # define OSSL_SELF_TEST_DESC_KA_ECDH "ECDH" -# define OSSL_SELF_TEST_DESC_KA_ECDSA "ECDSA" # define OSSL_SELF_TEST_DESC_KDF_HKDF "HKDF" +# define OSSL_SELF_TEST_DESC_KDF_SSKDF "SSKDF" # ifdef __cplusplus } diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c index 8fbb618527..c107d690b7 100644 --- a/providers/fips/fipsprov.c +++ b/providers/fips/fipsprov.c @@ -126,349 +126,6 @@ static OSSL_PARAM core_params[] = OSSL_PARAM_END }; -/* - * Convert a string into a bignumber. - * The array of hex_data is used to get around compilers that dont like - * strings longer than 509 bytes, - */ -#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA) -static int hextobn(const char *hex_data[], BIGNUM **bn) -{ - int ret = 0; - int i, slen; - char *str = NULL; - - /* Get the total length of the strings */ - for (slen = 0, i = 0; hex_data[i] != NULL; ++i) - slen += strlen(hex_data[i]); - - /* Add 1 for the string terminator */ - str = OPENSSL_zalloc(slen + 1); - if (str == NULL) - return 0; - - /* join the strings together into 1 buffer */ - for (i = 0; hex_data[i] != NULL; ++i) - strcat(str, hex_data[i]); - - if (BN_hex2bn(bn, str) <= 0) - goto err; - ret = 1; -err: - OPENSSL_free(str); - return ret; -} -#endif /* !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA) */ - -#ifndef OPENSSL_NO_DH -static int hextobin(const char *hex_data[], unsigned char **out, size_t *len) -{ - int ret = 0, sz; - BIGNUM *bn = NULL; - unsigned char *buf = NULL; - - if (!hextobn(hex_data, &bn)) - return 0; - sz = BN_num_bytes(bn); - buf = OPENSSL_zalloc(sz); - if (buf == NULL) - goto err; - if (BN_bn2binpad(bn, buf, sz) <= 0) - goto err; - - *out = buf; - *len = sz; - buf = NULL; /* Set to NULL so it is not freed */ - ret = 1; -err: - OPENSSL_free(buf); - BN_free(bn); - return ret; -} -#endif - -#ifndef OPENSSL_NO_DSA -static int dsa_key_signature_test(OPENSSL_CTX *libctx) -{ - int ret = 0; - BIGNUM *p = NULL, *q = NULL, *g = NULL; - BIGNUM *pub = NULL, *priv = NULL; - OSSL_PARAM *params = NULL, *params_sig = NULL; - OSSL_PARAM_BLD *bld = NULL; - EVP_PKEY_CTX *sctx = NULL, *kctx = NULL; - EVP_PKEY *pkey = NULL; - unsigned char sig[64]; - size_t siglen; - - static const unsigned char dgst[SHA256_DIGEST_LENGTH] = { - 0x7f, 0x83, 0xb1, 0x65, 0x7f, 0xf1, 0xfc, 0x53, 0xb9, 0x2d, 0xc1, 0x81, - 0x48, 0xa1, 0xd6, 0x5d, 0xfc, 0x2d, 0x4b, 0x1f, 0xa3, 0xd6, 0x77, 0x28, - 0x4a, 0xdd, 0xd2, 0x00, 0x12, 0x6d, 0x90, 0x69 - }; - /* dsa 2048 */ - static const char *dsa_p_hex[] = { - "a29b8872ce8b8423b7d5d21d4b02f57e03e9e6b8a258dc16611ba098ab543415" - "e415f156997a3ee236658fa093260de3ad422e05e046f9ec29161a375f0eb4ef" - "fcef58285c5d39ed425d7a62ca12896c4a92cb1946f2952a48133f07da364d1b" - "df6b0f7139983e693c80059b0eacd1479ba9f2857754ede75f112b07ebbf3534", - "8bbf3e01e02f2d473de39453f99dd2367541caca3ba01166343d7b5b58a37bd1" - "b7521db2f13b86707132fe09f4cd09dc1618fa3401ebf9cc7b19fa94aa472088" - "133d6cb2d35c1179c8c8ff368758d507d9f9a17d46c110fe3144ce9b022b42e4" - "19eb4f5388613bfc3e26241a432e8706bc58ef76117278deab6cf692618291b7", - NULL - }; - static const char *dsa_q_hex[] = { - "a3bfd9ab7884794e383450d5891dc18b65157bdcfcdac51518902867", - NULL - }; - static const char *dsa_g_hex[] = { - "6819278869c7fd3d2d7b77f77e8150d9ad433bea3ba85efc80415aa3545f78f7" - "2296f06cb19ceda06c94b0551cfe6e6f863e31d1de6eed7dab8b0c9df231e084" - "34d1184f91d033696bb382f8455e9888f5d31d4784ec40120246f4bea61794bb" - "a5866f09746463bdf8e9e108cd9529c3d0f6df80316e2e70aaeb1b26cdb8ad97", - "bc3d287e0b8d616c42e65b87db20deb7005bc416747a6470147a68a7820388eb" - "f44d52e0628af9cf1b7166d03465f35acc31b6110c43dabc7c5d591e671eaf7c" - "252c1c145336a1a4ddf13244d55e835680cab2533b82df2efe55ec18c1e6cd00" - "7bb089758bb17c2cbe14441bd093ae66e5976d53733f4fa3269701d31d23d467", - NULL - }; - static const char *dsa_pub_hex[] = { - "a012b3b170b307227957b7ca2061a816ac7a2b3d9ae995a5119c385b603bf6f6" - "c5de4dc5ecb5dfa4a41c68662eb25b638b7e2620ba898d07da6c4991e76cc0ec" - "d1ad3421077067e47c18f58a92a72ad43199ecb7bd84e7d3afb9019f0e9dd0fb" - "aa487300b13081e33c902876436f7b03c345528481d362815e24fe59dac5ac34", - "660d4c8a76cb99a7c7de93eb956cd6bc88e58d901034944a094b01803a43c672" - "b9688c0e01d8f4fc91c62a3f88021f7bd6a651b1a88f43aa4ef27653d12bf8b7" - "099fdf6b461082f8e939107bfd2f7210087d326c375200f1f51e7e74a3413190" - "1bcd0863521ff8d676c48581868736c5e51b16a4e39215ea0b17c4735974c516", - NULL - }; - static const char *dsa_priv_hex[] = { - "6ccaeef6d73b4e80f11c17b8e9627c036635bac39423505e407e5cb7", - NULL - }; - - if (!hextobn(dsa_p_hex, &p) - || !hextobn(dsa_q_hex, &q) - || !hextobn(dsa_g_hex, &g) - || !hextobn(dsa_pub_hex, &pub) - || !hextobn(dsa_priv_hex, &priv)) - goto err; - - bld = OSSL_PARAM_BLD_new(); - if (bld == NULL - || !OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p) - || !OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q) - || !OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g) - || !OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY, pub) - || !OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY, priv)) - goto err; - params = OSSL_PARAM_BLD_to_param(bld); - - /* Create a EVP_PKEY_CTX to load the DSA key into */ - kctx = EVP_PKEY_CTX_new_from_name(libctx, SN_dsa, ""); - if (kctx == NULL || params == NULL) - goto err; - if (EVP_PKEY_key_fromdata_init(kctx) <= 0 - || EVP_PKEY_fromdata(kctx, &pkey, params) <= 0) - goto err; - - /* Create a EVP_PKEY_CTX to use for the signing operation */ - sctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, NULL); - if (sctx == NULL - || EVP_PKEY_sign_init(sctx) <= 0) - goto err; - - /* set signature parameters */ - if (!OSSL_PARAM_BLD_push_utf8_string(bld, OSSL_SIGNATURE_PARAM_DIGEST, - SN_sha256,strlen(SN_sha256) + 1)) - goto err; - params_sig = OSSL_PARAM_BLD_to_param(bld); - if (EVP_PKEY_CTX_set_params(sctx, params_sig) <= 0) - goto err; - - if (EVP_PKEY_sign(sctx, sig, &siglen, dgst, sizeof(dgst)) <= 0 - || EVP_PKEY_verify_init(sctx) <= 0 - || EVP_PKEY_verify(sctx, sig, siglen, dgst, sizeof(dgst)) <= 0) - goto err; - ret = 1; -err: - OSSL_PARAM_BLD_free_params(params); - OSSL_PARAM_BLD_free_params(params_sig); - OSSL_PARAM_BLD_free(bld); - BN_free(p); - BN_free(q); - BN_free(g); - BN_free(pub); - BN_free(priv); - EVP_PKEY_free(pkey); - EVP_PKEY_CTX_free(kctx); - EVP_PKEY_CTX_free(sctx); - return ret; -} -#endif /* OPENSSL_NO_DSA */ - -#ifndef OPENSSL_NO_DH -static int dh_key_exchange_test(OPENSSL_CTX *libctx) -{ - int ret = 0; - BIGNUM *p = NULL, *q = NULL, *g = NULL; - BIGNUM *pub = NULL, *priv = NULL, *pub_peer = NULL; - unsigned char *kat_secret = NULL; - EVP_PKEY_CTX *kactx = NULL, *dctx = NULL; - EVP_PKEY *pkey = NULL, *peerkey = NULL; - OSSL_PARAM *params = NULL; - OSSL_PARAM *params_peer = NULL; - unsigned char secret[256]; - size_t secret_len, kat_secret_len = 0; - OSSL_PARAM_BLD *bld = NULL; - - /* DH KAT */ - static const char *dh_p_hex[] = { - "dcca1511b2313225f52116e1542789e001f0425bccc7f366f7406407f1c9fa8b" - "e610f1778bb170be39dbb76f85bf24ce6880adb7629f7c6d015e61d43fa3ee4d" - "e185f2cfd041ffde9d418407e15138bb021daeb35f762d1782acc658d32bd4b0" - "232c927dd38fa097b3d1859fa8acafb98f066608fc644ec7ddb6f08599f92ac1", - "b59825da8432077def695646063c20823c9507ab6f0176d4730d990dbbe6361c" - "d8b2b94d3d2f329b82099bd661f42950f403df3ede62a33188b02798ba823f44" - "b946fe9df677a0c5a1238eaa97b70f80da8cac88e092b1127060ffbf45579994" - "011dc2faa5e7f6c76245e1cc312231c17d1ca6b19007ef0db99f9cb60e1d5f69", - NULL - }; - static const char *dh_q_hex[] = { - "898b226717ef039e603e82e5c7afe48374ac5f625c54f1ea11acb57d", - NULL - }; - static const char *dh_g_hex[] = { - "5ef7b88f2df60139351dfbfe1266805fdf356cdfd13a4da0050c7ede" - "246df59f6abf96ade5f2b28ffe88d6bce7f7894a3d535fc82126ddd4" - "24872e16b838df8c51e9016f889c7c203e98a8b631f9c72563d38a49" - "589a0753d358e783318cefd9677c7b2dbb77d6dce2a1963795ca64b9", - "2d1c9aac6d0e8d431de5e50060dff78689c9eca1c1248c16ed09c7ad", - "412a17406d2b525aa1cabb237b9734ec7b8ce3fae02f29c5efed30d6" - "9187da109c2c9fe2aadbb0c22af54c616655000c431c6b4a379763b0" - "a91658efc84e8b06358c8b4f213710fd10172cf39b830c2dd84a0c8a" - "b82516ecab995fa4215e023e4ecf8074c39d6c88b70d1ee4e96fdc20", - "ea115c32", - NULL - }; - static const char *dh_priv_hex[] = { - "1433e0b5a917b60a3023f2f8aa2c2d70d2968aba9aeac81540b8fce6", - NULL - }; - static const char *dh_pub_hex[] = { - "95dd338d29e5710492b918317b72a36936e1951a2ee5a5591699c048" - "6d0d4f9bdd6d5a3f6b98890c62b37652d36e712111e68a7355372506" - "99efe330537391fbc2c548bc5ac3e5b23386c3eef5eb43c099d70a52" - "02687e83964248fca91f40908e8fb3319315f6d2606d7f7cd52cc6e7", - "c5843afb22519cf0f0f9d3a0a4e8c88899efede7364351fb6a363ee7" - "17e5445adab4c931a6483997b87dad83677e4d1d3a7775e0f6d00fdf" - "73c7ad801e665a0e5a796d0a0380a19fa182efc8a04f5e4db90d1a86" - "37f95db16436bdc8f3fc096c4ff7f234be8fef479ac4b0dc4b77263e", - "07d9959de0f1bf3f0ae3d9d50e4b89c99e3ea1217343dd8c6581acc4" - "959c91d3", - NULL - }; - static const char *dh_peer_pub_hex[] = { - "1fc1da341d1a846a96b7be24340f877dd010aa0356d5ad58aae9c7b0" - "8f749a32235110b5d88eb5dbfa978d27ecc530f02d3114005b64b1c0" - "e024cb8ae21698bca9e60d42808622f181c56e1de7a96e6efee9d665" - "67e91b977042c7e3d0448f05fb77f522b9bfc8d33cc3c31ed3b31f0f", - "ecb6db4f6ea311e77afdbcd47aee1bb150f216873578fb96468e8f9f" - "3de8efbfce75624b1df05322a34f1463e839e8984c4ad0a96e1ac842" - "e5318cc23c062a8ca171b8d575980dde7fc56f1536523820d43192bf" - "d51e8e228978aca5b94472f339caeb9931b42be301268bc99789c9b2", - "5571c3c0e4cb3f007f1a511cbb53c8519cdd1302abca6c0f34f96739" - "f17ff48b", - NULL - }; - static const char *dh_secret_exptd_hex[] = { - "08ff33bb2ecff49a7d4a7912aeb1bb6ab511641b4a76770c8cc1bcc2" - "33343dfe700d11813d2c9ed23b211ca9e8786921edca283c68b16153" - "fa01e91ab82c90ddab4a95816770a98710e14c92ab83b6e46e1e426e" - "e852430d6187daa3720a6bcd73235c6b0f941f3364f50420551a4bfe", - "afe2bc438505a59a4a40daca7a895a73db575c74c13a23ad8832957d" - "582d38f0a6165fb0d7e9b8799e42fd3220e332e98185a0c9429757b2" - "d0d02c17dbaa1ff6ed93d7e73e241eaed90caf394d2bc6570f18c81f" - "2be5d01a2ca99ff142b5d963f9f500325e7556f95849b3ffc7479486", - "be1d4596a3106bd5cb4f61c57ec5f100fb7a0c82a10b82526a97d1d9" - "7d98eaf6", - NULL - }; - - if (!hextobn(dh_p_hex, &p) - || !hextobn(dh_q_hex, &q) - || !hextobn(dh_g_hex, &g) - || !hextobn(dh_pub_hex, &pub) - || !hextobn(dh_priv_hex, &priv) - || !hextobn(dh_peer_pub_hex, &pub_peer) - || !hextobin(dh_secret_exptd_hex, &kat_secret, &kat_secret_len)) - goto err; - - bld = OSSL_PARAM_BLD_new(); - if (bld == NULL - || !OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p) - || !OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q) - || !OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g) - || !OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY, pub) - || !OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY, priv)) - goto err; - params = OSSL_PARAM_BLD_to_param(bld); - - if (!OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p) - || !OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q) - || !OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g) - || !OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY, pub_peer)) - goto err; - - params_peer = OSSL_PARAM_BLD_to_param(bld); - if (params == NULL || params_peer == NULL) - goto err; - - /* Create a EVP_PKEY_CTX to load the DH keys into */ - kactx = EVP_PKEY_CTX_new_from_name(libctx, "DH", ""); - if (kactx == NULL) - goto err; - if (EVP_PKEY_key_fromdata_init(kactx) <= 0 - || EVP_PKEY_fromdata(kactx, &pkey, params) <= 0) - goto err; - if (EVP_PKEY_key_fromdata_init(kactx) <= 0 - || EVP_PKEY_fromdata(kactx, &peerkey, params_peer) <= 0) - goto err; - - /* Create a EVP_PKEY_CTX to perform key derivation */ - dctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, NULL); - if (dctx == NULL) - goto err; - - if (EVP_PKEY_derive_init(dctx) <= 0 - || EVP_PKEY_derive_set_peer(dctx, peerkey) <= 0 - || EVP_PKEY_derive(dctx, secret, &secret_len) <= 0) - goto err; - - if (secret_len != kat_secret_len - || memcmp(secret, kat_secret, secret_len) != 0) - goto err; - ret = 1; -err: - OSSL_PARAM_BLD_free(bld); - OSSL_PARAM_BLD_free_params(params_peer); - OSSL_PARAM_BLD_free_params(params); - BN_free(p); - BN_free(q); - BN_free(g); - BN_free(pub); - BN_free(priv); - BN_free(pub_peer); - OPENSSL_free(kat_secret); - EVP_PKEY_free(pkey); - EVP_PKEY_free(peerkey); - EVP_PKEY_CTX_free(kactx); - EVP_PKEY_CTX_free(dctx); - return ret; -} -#endif /* OPENSSL_NO_DH */ - /* TODO(3.0): To be removed */ static int dummy_evp_call(void *provctx) { @@ -536,16 +193,6 @@ static int dummy_evp_call(void *provctx) goto err; #endif -#ifndef OPENSSL_NO_DSA - if (!dsa_key_signature_test(libctx)) - goto err; -#endif - -#ifndef OPENSSL_NO_DH - if (!dh_key_exchange_test(libctx)) - goto err; -#endif /* OPENSSL_NO_DH */ - ret = 1; err: BN_CTX_end(bnctx); diff --git a/providers/fips/self_test_data.inc b/providers/fips/self_test_data.inc index c91e7d83c1..43de2aa3f2 100644 --- a/providers/fips/self_test_data.inc +++ b/providers/fips/self_test_data.inc @@ -7,6 +7,26 @@ * https://www.openssl.org/source/license.html */ +/* Macros to build Self test data */ +#define ITM(x) x, sizeof(x) +#define ITM_STR(x) x, (sizeof(x) - 1) + +#define ST_KAT_PARAM_END() { "", 0, NULL, 0 } +#define ST_KAT_PARAM_BIGNUM(name, data) \ + { name, OSSL_PARAM_UNSIGNED_INTEGER, ITM(data) } +#define ST_KAT_PARAM_OCTET(name, data) \ + { name, OSSL_PARAM_OCTET_STRING, ITM(data) } +#define ST_KAT_PARAM_UTF8STRING(name, data) \ + { name, OSSL_PARAM_UTF8_STRING, ITM_STR(data) } + +/* used to store raw parameters for keys and algorithms */ +typedef struct st_kat_param_st { + const char *name; /* an OSSL_PARAM name */ + size_t type; /* the type associated with the data */ + const void *data; /* unsigned char [], or char [] depending on the type */ + size_t data_len; /* the length of the data */ +} ST_KAT_PARAM; + typedef struct st_kat_st { const char *desc; const char *algorithm; @@ -29,15 +49,10 @@ typedef struct st_kat_cipher_st { size_t tag_len; } ST_KAT_CIPHER; -typedef struct st_kat_nvp_st { - const char *name; - const char *value; -} ST_KAT_NVP; - typedef struct st_kat_kdf_st { const char *desc; const char *algorithm; - const ST_KAT_NVP *ctrls; + const ST_KAT_PARAM *params; const unsigned char *expected; size_t expected_len; } ST_KAT_KDF; @@ -64,9 +79,26 @@ typedef struct st_kat_drbg_st { size_t expectedlen; } ST_KAT_DRBG; -/* Macros to build Self test data */ -#define ITM(x) x, sizeof(x) -#define ITM_STR(x) x, sizeof(x) - 1 +typedef struct st_kat_kas_st { + const char *desc; + const char *algorithm; + + const ST_KAT_PARAM *key_group; + const ST_KAT_PARAM *key_host_data; + const ST_KAT_PARAM *key_peer_data; + + const unsigned char *expected; + size_t expected_len; +} ST_KAT_KAS; + +typedef struct st_kat_sign_st { + const char *desc; + const char *algorithm; + const char *mdalgorithm; + const ST_KAT_PARAM *key; + const unsigned char *sig_expected; /* Set to NULL if this value changes */ + size_t sig_expected_len; +} ST_KAT_SIGN; /*- DIGEST TEST DATA */ static const unsigned char sha1_pt[] = "abc"; @@ -118,11 +150,11 @@ static const ST_KAT_DIGEST st_kat_digest_tests[] = /* DES3 test data */ static const unsigned char des_ede3_cbc_pt[] = { - 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 0xE9, 0x3D, 0x7E, 0x11, - 0x73, 0x93, 0x17, 0x2A, 0xAE, 0x2D, 0x8A, 0x57, 0x1E, 0x03, 0xAC, 0x9C, + 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, + 0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A, + 0xAE, 0x2D, 0x8A, 0x57, 0x1E, 0x03, 0xAC, 0x9C, 0x9E, 0xB7, 0x6F, 0xAC, 0x45, 0xAF, 0x8E, 0x51 }; - static const unsigned char des_ede3_cbc_key[] = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x01, @@ -132,34 +164,38 @@ static const unsigned char des_ede3_cbc_iv[] = { 0xF6, 0x9F, 0x24, 0x45, 0xDF, 0x4F, 0x9B, 0x17 }; static const unsigned char des_ede3_cbc_ct[] = { - 0x20, 0x79, 0xC3, 0xD5, 0x3A, 0xA7, 0x63, 0xE1, 0x93, 0xB7, 0x9E, 0x25, - 0x69, 0xAB, 0x52, 0x62, 0x51, 0x65, 0x70, 0x48, 0x1F, 0x25, 0xB5, 0x0F, + 0x20, 0x79, 0xC3, 0xD5, 0x3A, 0xA7, 0x63, 0xE1, + 0x93, 0xB7, 0x9E, 0x25, 0x69, 0xAB, 0x52, 0x62, + 0x51, 0x65, 0x70, 0x48, 0x1F, 0x25, 0xB5, 0x0F, 0x73, 0xC0, 0xBD, 0xA8, 0x5C, 0x8E, 0x0D, 0xA7 }; +/* AES-256 GCM test data */ static const unsigned char aes_256_gcm_key[] = { - 0x92,0xe1,0x1d,0xcd,0xaa,0x86,0x6f,0x5c,0xe7,0x90,0xfd,0x24, - 0x50,0x1f,0x92,0x50,0x9a,0xac,0xf4,0xcb,0x8b,0x13,0x39,0xd5, - 0x0c,0x9c,0x12,0x40,0x93,0x5d,0xd0,0x8b + 0x92, 0xe1, 0x1d, 0xcd, 0xaa, 0x86, 0x6f, 0x5c, + 0xe7, 0x90, 0xfd, 0x24, 0x50, 0x1f, 0x92, 0x50, + 0x9a, 0xac, 0xf4, 0xcb, 0x8b, 0x13, 0x39, 0xd5, + 0x0c, 0x9c, 0x12, 0x40, 0x93, 0x5d, 0xd0, 0x8b }; static const unsigned char aes_256_gcm_iv[] = { - 0xac,0x93,0xa1,0xa6,0x14,0x52,0x99,0xbd,0xe9,0x02,0xf2,0x1a + 0xac, 0x93, 0xa1, 0xa6, 0x14, 0x52, 0x99, 0xbd, + 0xe9, 0x02, 0xf2, 0x1a }; static const unsigned char aes_256_gcm_pt[] = { - 0x2d,0x71,0xbc,0xfa,0x91,0x4e,0x4a,0xc0,0x45,0xb2,0xaa,0x60, - 0x95,0x5f,0xad,0x24 + 0x2d, 0x71, 0xbc, 0xfa, 0x91, 0x4e, 0x4a, 0xc0, + 0x45, 0xb2, 0xaa, 0x60, 0x95, 0x5f, 0xad, 0x24 }; static const unsigned char aes_256_gcm_aad[] = { - 0x1e,0x08,0x89,0x01,0x6f,0x67,0x60,0x1c,0x8e,0xbe,0xa4,0x94, - 0x3b,0xc2,0x3a,0xd6 + 0x1e, 0x08, 0x89, 0x01, 0x6f, 0x67, 0x60, 0x1c, + 0x8e, 0xbe, 0xa4, 0x94, 0x3b, 0xc2, 0x3a, 0xd6 }; static const unsigned char aes_256_gcm_ct[] = { - 0x89,0x95,0xae,0x2e,0x6d,0xf3,0xdb,0xf9,0x6f,0xac,0x7b,0x71, - 0x37,0xba,0xe6,0x7f + 0x89, 0x95, 0xae, 0x2e, 0x6d, 0xf3, 0xdb, 0xf9, + 0x6f, 0xac, 0x7b, 0x71, 0x37, 0xba, 0xe6, 0x7f }; static const unsigned char aes_256_gcm_tag[] = { - 0xec,0xa5,0xaa,0x77,0xd5,0x1d,0x4a,0x0a,0x14,0xd9,0xc5,0x1e, - 0x1d,0xa4,0x74,0xab + 0xec, 0xa5, 0xaa, 0x77, 0xd5, 0x1d, 0x4a, 0x0a, + 0x14, 0xd9, 0xc5, 0x1e, 0x1d, 0xa4, 0x74, 0xab }; static const ST_KAT_CIPHER st_kat_cipher_tests[] = { @@ -189,27 +225,65 @@ static const ST_KAT_CIPHER st_kat_cipher_tests[] = { } }; -/*- KDF TEST DATA */ +static const char hkdf_digest[] = "SHA256"; +static const unsigned char hkdf_secret[] = { 's', 'e', 'c', 'r', 'e', 't' }; +static const unsigned char hkdf_salt[] = { 's', 'a', 'l', 't' }; +static const unsigned char hkdf_info[] = { 'l', 'a', 'b', 'e', 'l' }; -static const ST_KAT_NVP hkdf_ctrl[] = -{ - { "digest", "SHA256" }, - { "key", "secret" }, - { "salt", "salt" }, - { "info", "label" }, - { NULL, NULL } +static const ST_KAT_PARAM hkdf_params[] = { + ST_KAT_PARAM_UTF8STRING(OSSL_KDF_PARAM_DIGEST, hkdf_digest), + ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_KEY, hkdf_secret), + ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_SALT, hkdf_salt), + ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_INFO, hkdf_info), + ST_KAT_PARAM_END() }; static const unsigned char hkdf_expected[] = { - 0x2a, 0xc4, 0x36, 0x9f, 0x52, 0x59, 0x96, 0xf8, 0xde, 0x13 + 0x2a, 0xc4, 0x36, 0x9f, 0x52, 0x59, 0x96, 0xf8, + 0xde, 0x13 +}; + +static const char sskdf_digest[] = "SHA224"; +static const unsigned char sskdf_secret[] = { + 0x6d, 0xbd, 0xc2, 0x3f, 0x04, 0x54, 0x88, 0xe4, + 0x06, 0x27, 0x57, 0xb0, 0x6b, 0x9e, 0xba, 0xe1, + 0x83, 0xfc, 0x5a, 0x59, 0x46, 0xd8, 0x0d, 0xb9, + 0x3f, 0xec, 0x6f, 0x62, 0xec, 0x07, 0xe3, 0x72, + 0x7f, 0x01, 0x26, 0xae, 0xd1, 0x2c, 0xe4, 0xb2, + 0x62, 0xf4, 0x7d, 0x48, 0xd5, 0x42, 0x87, 0xf8, + 0x1d, 0x47, 0x4c, 0x7c, 0x3b, 0x18, 0x50, 0xe9 +}; +static const unsigned char sskdf_otherinfo[] = { + 0xa1, 0xb2, 0xc3, 0xd4, 0xe5, 0x43, 0x41, 0x56, + 0x53, 0x69, 0x64, 0x3c, 0x83, 0x2e, 0x98, 0x49, + 0xdc, 0xdb, 0xa7, 0x1e, 0x9a, 0x31, 0x39, 0xe6, + 0x06, 0xe0, 0x95, 0xde, 0x3c, 0x26, 0x4a, 0x66, + 0xe9, 0x8a, 0x16, 0x58, 0x54, 0xcd, 0x07, 0x98, + 0x9b, 0x1e, 0xe0, 0xec, 0x3f, 0x8d, 0xbe +}; +static const unsigned char sskdf_expected[] = { + 0xa4, 0x62, 0xde, 0x16, 0xa8, 0x9d, 0xe8, 0x46, + 0x6e, 0xf5, 0x46, 0x0b, 0x47, 0xb8 +}; +static const ST_KAT_PARAM sskdf_params[] = { + ST_KAT_PARAM_UTF8STRING(OSSL_KDF_PARAM_DIGEST, sskdf_digest), + ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_KEY, sskdf_secret), + ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_INFO, sskdf_otherinfo), + ST_KAT_PARAM_END() }; static const ST_KAT_KDF st_kat_kdf_tests[] = { { OSSL_SELF_TEST_DESC_KDF_HKDF, - "HKDF", - hkdf_ctrl, + OSSL_KDF_NAME_HKDF, + hkdf_params, ITM(hkdf_expected) + }, + { + OSSL_SELF_TEST_DESC_KDF_SSKDF, + OSSL_KDF_NAME_SSKDF, + sskdf_params, + ITM(sskdf_expected) } }; @@ -422,3 +496,691 @@ static const ST_KAT_DRBG st_kat_drbg_tests[] = ITM(drbg_hmac_sha1_pr_expected) } }; + +/* KEY EXCHANGE TEST DATA */ + +#ifndef OPENSSL_NO_DH +/* DH KAT */ +static const unsigned char dh_p[] = { + 0xdc, 0xca, 0x15, 0x11, 0xb2, 0x31, 0x32, 0x25, + 0xf5, 0x21, 0x16, 0xe1, 0x54, 0x27, 0x89, 0xe0, + 0x01, 0xf0, 0x42, 0x5b, 0xcc, 0xc7, 0xf3, 0x66, + 0xf7, 0x40, 0x64, 0x07, 0xf1, 0xc9, 0xfa, 0x8b, + 0xe6, 0x10, 0xf1, 0x77, 0x8b, 0xb1, 0x70, 0xbe, + 0x39, 0xdb, 0xb7, 0x6f, 0x85, 0xbf, 0x24, 0xce, + 0x68, 0x80, 0xad, 0xb7, 0x62, 0x9f, 0x7c, 0x6d, + 0x01, 0x5e, 0x61, 0xd4, 0x3f, 0xa3, 0xee, 0x4d, + 0xe1, 0x85, 0xf2, 0xcf, 0xd0, 0x41, 0xff, 0xde, + 0x9d, 0x41, 0x84, 0x07, 0xe1, 0x51, 0x38, 0xbb, + 0x02, 0x1d, 0xae, 0xb3, 0x5f, 0x76, 0x2d, 0x17, + 0x82, 0xac, 0xc6, 0x58, 0xd3, 0x2b, 0xd4, 0xb0, + 0x23, 0x2c, 0x92, 0x7d, 0xd3, 0x8f, 0xa0, 0x97, + 0xb3, 0xd1, 0x85, 0x9f, 0xa8, 0xac, 0xaf, 0xb9, + 0x8f, 0x06, 0x66, 0x08, 0xfc, 0x64, 0x4e, 0xc7, + 0xdd, 0xb6, 0xf0, 0x85, 0x99, 0xf9, 0x2a, 0xc1, + 0xb5, 0x98, 0x25, 0xda, 0x84, 0x32, 0x07, 0x7d, + 0xef, 0x69, 0x56, 0x46, 0x06, 0x3c, 0x20, 0x82, + 0x3c, 0x95, 0x07, 0xab, 0x6f, 0x01, 0x76, 0xd4, + 0x73, 0x0d, 0x99, 0x0d, 0xbb, 0xe6, 0x36, 0x1c, + 0xd8, 0xb2, 0xb9, 0x4d, 0x3d, 0x2f, 0x32, 0x9b, + 0x82, 0x09, 0x9b, 0xd6, 0x61, 0xf4, 0x29, 0x50, + 0xf4, 0x03, 0xdf, 0x3e, 0xde, 0x62, 0xa3, 0x31, + 0x88, 0xb0, 0x27, 0x98, 0xba, 0x82, 0x3f, 0x44, + 0xb9, 0x46, 0xfe, 0x9d, 0xf6, 0x77, 0xa0, 0xc5, + 0xa1, 0x23, 0x8e, 0xaa, 0x97, 0xb7, 0x0f, 0x80, + 0xda, 0x8c, 0xac, 0x88, 0xe0, 0x92, 0xb1, 0x12, + 0x70, 0x60, 0xff, 0xbf, 0x45, 0x57, 0x99, 0x94, + 0x01, 0x1d, 0xc2, 0xfa, 0xa5, 0xe7, 0xf6, 0xc7, + 0x62, 0x45, 0xe1, 0xcc, 0x31, 0x22, 0x31, 0xc1, + 0x7d, 0x1c, 0xa6, 0xb1, 0x90, 0x07, 0xef, 0x0d, + 0xb9, 0x9f, 0x9c, 0xb6, 0x0e, 0x1d, 0x5f, 0x69 +}; +static const unsigned char dh_q[] = { + 0x89, 0x8b, 0x22, 0x67, 0x17, 0xef, 0x03, 0x9e, + 0x60, 0x3e, 0x82, 0xe5, 0xc7, 0xaf, 0xe4, 0x83, + 0x74, 0xac, 0x5f, 0x62, 0x5c, 0x54, 0xf1, 0xea, + 0x11, 0xac, 0xb5, 0x7d +}; +static const unsigned char dh_g[] = { + 0x5e, 0xf7, 0xb8, 0x8f, 0x2d, 0xf6, 0x01, 0x39, + 0x35, 0x1d, 0xfb, 0xfe, 0x12, 0x66, 0x80, 0x5f, + 0xdf, 0x35, 0x6c, 0xdf, 0xd1, 0x3a, 0x4d, 0xa0, + 0x05, 0x0c, 0x7e, 0xde, 0x24, 0x6d, 0xf5, 0x9f, + 0x6a, 0xbf, 0x96, 0xad, 0xe5, 0xf2, 0xb2, 0x8f, + 0xfe, 0x88, 0xd6, 0xbc, 0xe7, 0xf7, 0x89, 0x4a, + 0x3d, 0x53, 0x5f, 0xc8, 0x21, 0x26, 0xdd, 0xd4, + 0x24, 0x87, 0x2e, 0x16, 0xb8, 0x38, 0xdf, 0x8c, + 0x51, 0xe9, 0x01, 0x6f, 0x88, 0x9c, 0x7c, 0x20, + 0x3e, 0x98, 0xa8, 0xb6, 0x31, 0xf9, 0xc7, 0x25, + 0x63, 0xd3, 0x8a, 0x49, 0x58, 0x9a, 0x07, 0x53, + 0xd3, 0x58, 0xe7, 0x83, 0x31, 0x8c, 0xef, 0xd9, + 0x67, 0x7c, 0x7b, 0x2d, 0xbb, 0x77, 0xd6, 0xdc, + 0xe2, 0xa1, 0x96, 0x37, 0x95, 0xca, 0x64, 0xb9, + 0x2d, 0x1c, 0x9a, 0xac, 0x6d, 0x0e, 0x8d, 0x43, + 0x1d, 0xe5, 0xe5, 0x00, 0x60, 0xdf, 0xf7, 0x86, + 0x89, 0xc9, 0xec, 0xa1, 0xc1, 0x24, 0x8c, 0x16, + 0xed, 0x09, 0xc7, 0xad, 0x41, 0x2a, 0x17, 0x40, + 0x6d, 0x2b, 0x52, 0x5a, 0xa1, 0xca, 0xbb, 0x23, + 0x7b, 0x97, 0x34, 0xec, 0x7b, 0x8c, 0xe3, 0xfa, + 0xe0, 0x2f, 0x29, 0xc5, 0xef, 0xed, 0x30, 0xd6, + 0x91, 0x87, 0xda, 0x10, 0x9c, 0x2c, 0x9f, 0xe2, + 0xaa, 0xdb, 0xb0, 0xc2, 0x2a, 0xf5, 0x4c, 0x61, + 0x66, 0x55, 0x00, 0x0c, 0x43, 0x1c, 0x6b, 0x4a, + 0x37, 0x97, 0x63, 0xb0, 0xa9, 0x16, 0x58, 0xef, + 0xc8, 0x4e, 0x8b, 0x06, 0x35, 0x8c, 0x8b, 0x4f, + 0x21, 0x37, 0x10, 0xfd, 0x10, 0x17, 0x2c, 0xf3, + 0x9b, 0x83, 0x0c, 0x2d, 0xd8, 0x4a, 0x0c, 0x8a, + 0xb8, 0x25, 0x16, 0xec, 0xab, 0x99, 0x5f, 0xa4, + 0x21, 0x5e, 0x02, 0x3e, 0x4e, 0xcf, 0x80, 0x74, + 0xc3, 0x9d, 0x6c, 0x88, 0xb7, 0x0d, 0x1e, 0xe4, + 0xe9, 0x6f, 0xdc, 0x20, 0xea, 0x11, 0x5c, 0x32 +}; +static const unsigned char dh_priv[] = { + 0x14, 0x33, 0xe0, 0xb5, 0xa9, 0x17, 0xb6, 0x0a, + 0x30, 0x23, 0xf2, 0xf8, 0xaa, 0x2c, 0x2d, 0x70, + 0xd2, 0x96, 0x8a, 0xba, 0x9a, 0xea, 0xc8, 0x15, + 0x40, 0xb8, 0xfc, 0xe6 +}; +static const unsigned char dh_pub[] = { + 0x95, 0xdd, 0x33, 0x8d, 0x29, 0xe5, 0x71, 0x04, + 0x92, 0xb9, 0x18, 0x31, 0x7b, 0x72, 0xa3, 0x69, + 0x36, 0xe1, 0x95, 0x1a, 0x2e, 0xe5, 0xa5, 0x59, + 0x16, 0x99, 0xc0, 0x48, 0x6d, 0x0d, 0x4f, 0x9b, + 0xdd, 0x6d, 0x5a, 0x3f, 0x6b, 0x98, 0x89, 0x0c, + 0x62, 0xb3, 0x76, 0x52, 0xd3, 0x6e, 0x71, 0x21, + 0x11, 0xe6, 0x8a, 0x73, 0x55, 0x37, 0x25, 0x06, + 0x99, 0xef, 0xe3, 0x30, 0x53, 0x73, 0x91, 0xfb, + 0xc2, 0xc5, 0x48, 0xbc, 0x5a, 0xc3, 0xe5, 0xb2, + 0x33, 0x86, 0xc3, 0xee, 0xf5, 0xeb, 0x43, 0xc0, + 0x99, 0xd7, 0x0a, 0x52, 0x02, 0x68, 0x7e, 0x83, + 0x96, 0x42, 0x48, 0xfc, 0xa9, 0x1f, 0x40, 0x90, + 0x8e, 0x8f, 0xb3, 0x31, 0x93, 0x15, 0xf6, 0xd2, + 0x60, 0x6d, 0x7f, 0x7c, 0xd5, 0x2c, 0xc6, 0xe7, + 0xc5, 0x84, 0x3a, 0xfb, 0x22, 0x51, 0x9c, 0xf0, + 0xf0, 0xf9, 0xd3, 0xa0, 0xa4, 0xe8, 0xc8, 0x88, + 0x99, 0xef, 0xed, 0xe7, 0x36, 0x43, 0x51, 0xfb, + 0x6a, 0x36, 0x3e, 0xe7, 0x17, 0xe5, 0x44, 0x5a, + 0xda, 0xb4, 0xc9, 0x31, 0xa6, 0x48, 0x39, 0x97, + 0xb8, 0x7d, 0xad, 0x83, 0x67, 0x7e, 0x4d, 0x1d, + 0x3a, 0x77, 0x75, 0xe0, 0xf6, 0xd0, 0x0f, 0xdf, + 0x73, 0xc7, 0xad, 0x80, 0x1e, 0x66, 0x5a, 0x0e, + 0x5a, 0x79, 0x6d, 0x0a, 0x03, 0x80, 0xa1, 0x9f, + 0xa1, 0x82, 0xef, 0xc8, 0xa0, 0x4f, 0x5e, 0x4d, + 0xb9, 0x0d, 0x1a, 0x86, 0x37, 0xf9, 0x5d, 0xb1, + 0x64, 0x36, 0xbd, 0xc8, 0xf3, 0xfc, 0x09, 0x6c, + 0x4f, 0xf7, 0xf2, 0x34, 0xbe, 0x8f, 0xef, 0x47, + 0x9a, 0xc4, 0xb0, 0xdc, 0x4b, 0x77, 0x26, 0x3e, + 0x07, 0xd9, 0x95, 0x9d, 0xe0, 0xf1, 0xbf, 0x3f, + 0x0a, 0xe3, 0xd9, 0xd5, 0x0e, 0x4b, 0x89, 0xc9, + 0x9e, 0x3e, 0xa1, 0x21, 0x73, 0x43, 0xdd, 0x8c, + 0x65, 0x81, 0xac, 0xc4, 0x95, 0x9c, 0x91, 0xd3 +}; +static const unsigned char dh_peer_pub[] = { + 0x1f, 0xc1, 0xda, 0x34, 0x1d, 0x1a, 0x84, 0x6a, + 0x96, 0xb7, 0xbe, 0x24, 0x34, 0x0f, 0x87, 0x7d, + 0xd0, 0x10, 0xaa, 0x03, 0x56, 0xd5, 0xad, 0x58, + 0xaa, 0xe9, 0xc7, 0xb0, 0x8f, 0x74, 0x9a, 0x32, + 0x23, 0x51, 0x10, 0xb5, 0xd8, 0x8e, 0xb5, 0xdb, + 0xfa, 0x97, 0x8d, 0x27, 0xec, 0xc5, 0x30, 0xf0, + 0x2d, 0x31, 0x14, 0x00, 0x5b, 0x64, 0xb1, 0xc0, + 0xe0, 0x24, 0xcb, 0x8a, 0xe2, 0x16, 0x98, 0xbc, + 0xa9, 0xe6, 0x0d, 0x42, 0x80, 0x86, 0x22, 0xf1, + 0x81, 0xc5, 0x6e, 0x1d, 0xe7, 0xa9, 0x6e, 0x6e, + 0xfe, 0xe9, 0xd6, 0x65, 0x67, 0xe9, 0x1b, 0x97, + 0x70, 0x42, 0xc7, 0xe3, 0xd0, 0x44, 0x8f, 0x05, + 0xfb, 0x77, 0xf5, 0x22, 0xb9, 0xbf, 0xc8, 0xd3, + 0x3c, 0xc3, 0xc3, 0x1e, 0xd3, 0xb3, 0x1f, 0x0f, + 0xec, 0xb6, 0xdb, 0x4f, 0x6e, 0xa3, 0x11, 0xe7, + 0x7a, 0xfd, 0xbc, 0xd4, 0x7a, 0xee, 0x1b, 0xb1, + 0x50, 0xf2, 0x16, 0x87, 0x35, 0x78, 0xfb, 0x96, + 0x46, 0x8e, 0x8f, 0x9f, 0x3d, 0xe8, 0xef, 0xbf, + 0xce, 0x75, 0x62, 0x4b, 0x1d, 0xf0, 0x53, 0x22, + 0xa3, 0x4f, 0x14, 0x63, 0xe8, 0x39, 0xe8, 0x98, + 0x4c, 0x4a, 0xd0, 0xa9, 0x6e, 0x1a, 0xc8, 0x42, + 0xe5, 0x31, 0x8c, 0xc2, 0x3c, 0x06, 0x2a, 0x8c, + 0xa1, 0x71, 0xb8, 0xd5, 0x75, 0x98, 0x0d, 0xde, + 0x7f, 0xc5, 0x6f, 0x15, 0x36, 0x52, 0x38, 0x20, + 0xd4, 0x31, 0x92, 0xbf, 0xd5, 0x1e, 0x8e, 0x22, + 0x89, 0x78, 0xac, 0xa5, 0xb9, 0x44, 0x72, 0xf3, + 0x39, 0xca, 0xeb, 0x99, 0x31, 0xb4, 0x2b, 0xe3, + 0x01, 0x26, 0x8b, 0xc9, 0x97, 0x89, 0xc9, 0xb2, + 0x55, 0x71, 0xc3, 0xc0, 0xe4, 0xcb, 0x3f, 0x00, + 0x7f, 0x1a, 0x51, 0x1c, 0xbb, 0x53, 0xc8, 0x51, + 0x9c, 0xdd, 0x13, 0x02, 0xab, 0xca, 0x6c, 0x0f, + 0x34, 0xf9, 0x67, 0x39, 0xf1, 0x7f, 0xf4, 0x8b +}; + +static const unsigned char dh_secret_expected[] = { + 0x08, 0xff, 0x33, 0xbb, 0x2e, 0xcf, 0xf4, 0x9a, + 0x7d, 0x4a, 0x79, 0x12, 0xae, 0xb1, 0xbb, 0x6a, + 0xb5, 0x11, 0x64, 0x1b, 0x4a, 0x76, 0x77, 0x0c, + 0x8c, 0xc1, 0xbc, 0xc2, 0x33, 0x34, 0x3d, 0xfe, + 0x70, 0x0d, 0x11, 0x81, 0x3d, 0x2c, 0x9e, 0xd2, + 0x3b, 0x21, 0x1c, 0xa9, 0xe8, 0x78, 0x69, 0x21, + 0xed, 0xca, 0x28, 0x3c, 0x68, 0xb1, 0x61, 0x53, + 0xfa, 0x01, 0xe9, 0x1a, 0xb8, 0x2c, 0x90, 0xdd, + 0xab, 0x4a, 0x95, 0x81, 0x67, 0x70, 0xa9, 0x87, + 0x10, 0xe1, 0x4c, 0x92, 0xab, 0x83, 0xb6, 0xe4, + 0x6e, 0x1e, 0x42, 0x6e, 0xe8, 0x52, 0x43, 0x0d, + 0x61, 0x87, 0xda, 0xa3, 0x72, 0x0a, 0x6b, 0xcd, + 0x73, 0x23, 0x5c, 0x6b, 0x0f, 0x94, 0x1f, 0x33, + 0x64, 0xf5, 0x04, 0x20, 0x55, 0x1a, 0x4b, 0xfe, + 0xaf, 0xe2, 0xbc, 0x43, 0x85, 0x05, 0xa5, 0x9a, + 0x4a, 0x40, 0xda, 0xca, 0x7a, 0x89, 0x5a, 0x73, + 0xdb, 0x57, 0x5c, 0x74, 0xc1, 0x3a, 0x23, 0xad, + 0x88, 0x32, 0x95, 0x7d, 0x58, 0x2d, 0x38, 0xf0, + 0xa6, 0x16, 0x5f, 0xb0, 0xd7, 0xe9, 0xb8, 0x79, + 0x9e, 0x42, 0xfd, 0x32, 0x20, 0xe3, 0x32, 0xe9, + 0x81, 0x85, 0xa0, 0xc9, 0x42, 0x97, 0x57, 0xb2, + 0xd0, 0xd0, 0x2c, 0x17, 0xdb, 0xaa, 0x1f, 0xf6, + 0xed, 0x93, 0xd7, 0xe7, 0x3e, 0x24, 0x1e, 0xae, + 0xd9, 0x0c, 0xaf, 0x39, 0x4d, 0x2b, 0xc6, 0x57, + 0x0f, 0x18, 0xc8, 0x1f, 0x2b, 0xe5, 0xd0, 0x1a, + 0x2c, 0xa9, 0x9f, 0xf1, 0x42, 0xb5, 0xd9, 0x63, + 0xf9, 0xf5, 0x00, 0x32, 0x5e, 0x75, 0x56, 0xf9, + 0x58, 0x49, 0xb3, 0xff, 0xc7, 0x47, 0x94, 0x86, + 0xbe, 0x1d, 0x45, 0x96, 0xa3, 0x10, 0x6b, 0xd5, + 0xcb, 0x4f, 0x61, 0xc5, 0x7e, 0xc5, 0xf1, 0x00, + 0xfb, 0x7a, 0x0c, 0x82, 0xa1, 0x0b, 0x82, 0x52, + 0x6a, 0x97, 0xd1, 0xd9, 0x7d, 0x98, 0xea, 0xf6 +}; + +static const ST_KAT_PARAM dh_group[] = { + ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_FFC_P, dh_p), + ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_FFC_Q, dh_q), + ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_FFC_G, dh_g), + ST_KAT_PARAM_END() +}; + +/* The host's private key */ +static const ST_KAT_PARAM dh_host_key[] = { + ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_PUB_KEY, dh_pub), + ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_PRIV_KEY, dh_priv), + ST_KAT_PARAM_END() +}; + +/* The peer's public key */ +static const ST_KAT_PARAM dh_peer_key[] = { + ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_PUB_KEY, dh_peer_pub), + ST_KAT_PARAM_END() +}; +#endif /* OPENSSL_NO_DH */ + + +#ifndef OPENSSL_NO_EC +static const char ecdh_curve_name[] = "prime256v1"; +static const unsigned char ecdh_privd[] = { + 0x33, 0xd0, 0x43, 0x83, 0xa9, 0x89, 0x56, 0x03, + 0xd2, 0xd7, 0xfe, 0x6b, 0x01, 0x6f, 0xe4, 0x59, + 0xcc, 0x0d, 0x9a, 0x24, 0x6c, 0x86, 0x1b, 0x2e, + 0xdc, 0x4b, 0x4d, 0x35, 0x43, 0xe1, 0x1b, 0xad +}; +static const unsigned char ecdh_pub[] = { + 0x04, + 0x1b, 0x93, 0x67, 0x55, 0x1c, 0x55, 0x9f, 0x63, + 0xd1, 0x22, 0xa4, 0xd8, 0xd1, 0x0a, 0x60, 0x6d, + 0x02, 0xa5, 0x77, 0x57, 0xc8, 0xa3, 0x47, 0x73, + 0x3a, 0x6a, 0x08, 0x28, 0x39, 0xbd, 0xc9, 0xd2, + 0x80, 0xec, 0xe9, 0xa7, 0x08, 0x29, 0x71, 0x2f, + 0xc9, 0x56, 0x82, 0xee, 0x9a, 0x85, 0x0f, 0x6d, + 0x7f, 0x59, 0x5f, 0x8c, 0xd1, 0x96, 0x0b, 0xdf, + 0x29, 0x3e, 0x49, 0x07, 0x88, 0x3f, 0x9a, 0x29 +}; +static const unsigned char ecdh_peer_pub[] = { + 0x04, + 0x1f, 0x72, 0xbd, 0x2a, 0x3e, 0xeb, 0x6c, 0x76, + 0xe5, 0x5d, 0x69, 0x75, 0x24, 0xbf, 0x2f, 0x5b, + 0x96, 0xb2, 0x91, 0x62, 0x06, 0x35, 0xcc, 0xb2, + 0x4b, 0x31, 0x1b, 0x0c, 0x6f, 0x06, 0x9f, 0x86, + 0xcf, 0xc8, 0xac, 0xd5, 0x4f, 0x4d, 0x77, 0xf3, + 0x70, 0x4a, 0x8f, 0x04, 0x9a, 0xb1, 0x03, 0xc7, + 0xeb, 0xd5, 0x94, 0x78, 0x61, 0xab, 0x78, 0x0c, + 0x4a, 0x2d, 0x6b, 0xf3, 0x2f, 0x2e, 0x4a, 0xbc +}; + +static const ST_KAT_PARAM ecdh_group[] = { + ST_KAT_PARAM_UTF8STRING(OSSL_PKEY_PARAM_EC_NAME, ecdh_curve_name), + ST_KAT_PARAM_END() +}; +static const ST_KAT_PARAM ecdh_host_key[] = { + ST_KAT_PARAM_OCTET(OSSL_PKEY_PARAM_PUB_KEY, ecdh_pub), + ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_PRIV_KEY, ecdh_privd), + ST_KAT_PARAM_END() +}; +static const ST_KAT_PARAM ecdh_peer_key[] = { + ST_KAT_PARAM_OCTET(OSSL_PKEY_PARAM_PUB_KEY, ecdh_peer_pub), + ST_KAT_PARAM_END() +}; +static const unsigned char ecdh_secret_expected[] = { + 0x45, 0x2a, 0x2f, 0x0d, 0x24, 0xe6, 0x8d, 0xd0, + 0xda, 0x59, 0x7b, 0x0c, 0xec, 0x9b, 0x4c, 0x38, + 0x41, 0xdd, 0xce, 0xb3, 0xcc, 0xf1, 0x90, 0x8e, + 0x30, 0xdb, 0x5b, 0x5f, 0x97, 0xea, 0xe0, 0xc2 +}; +#endif /* OPENSSL_NO_EC */ + +static const ST_KAT_KAS st_kat_kas_tests[] = +{ +#ifndef OPENSSL_NO_DH + { + OSSL_SELF_TEST_DESC_KA_DH, + "DH", + dh_group, + dh_host_key, + dh_peer_key, + ITM(dh_secret_expected) + }, +#endif /* OPENSSL_NO_DH */ +#ifndef OPENSSL_NO_EC + { + OSSL_SELF_TEST_DESC_KA_ECDH, + "EC", + ecdh_group, + ecdh_host_key, + ecdh_peer_key, + ITM(ecdh_secret_expected) + }, +#endif /* OPENSSL_NO_EC */ +}; + +#if !defined(OPENSSL_NO_RSA) +/* RSA key data */ +static const unsigned char rsa_n[] = { + 0xDB, 0x10, 0x1A, 0xC2, 0xA3, 0xF1, 0xDC, 0xFF, + 0x13, 0x6B, 0xED, 0x44, 0xDF, 0xF0, 0x02, 0x6D, + 0x13, 0xC7, 0x88, 0xDA, 0x70, 0x6B, 0x54, 0xF1, + 0xE8, 0x27, 0xDC, 0xC3, 0x0F, 0x99, 0x6A, 0xFA, + 0xC6, 0x67, 0xFF, 0x1D, 0x1E, 0x3C, 0x1D, 0xC1, + 0xB5, 0x5F, 0x6C, 0xC0, 0xB2, 0x07, 0x3A, 0x6D, + 0x41, 0xE4, 0x25, 0x99, 0xAC, 0xFC, 0xD2, 0x0F, + 0x02, 0xD3, 0xD1, 0x54, 0x06, 0x1A, 0x51, 0x77, + 0xBD, 0xB6, 0xBF, 0xEA, 0xA7, 0x5C, 0x06, 0xA9, + 0x5D, 0x69, 0x84, 0x45, 0xD7, 0xF5, 0x05, 0xBA, + 0x47, 0xF0, 0x1B, 0xD7, 0x2B, 0x24, 0xEC, 0xCB, + 0x9B, 0x1B, 0x10, 0x8D, 0x81, 0xA0, 0xBE, 0xB1, + 0x8C, 0x33, 0xE4, 0x36, 0xB8, 0x43, 0xEB, 0x19, + 0x2A, 0x81, 0x8D, 0xDE, 0x81, 0x0A, 0x99, 0x48, + 0xB6, 0xF6, 0xBC, 0xCD, 0x49, 0x34, 0x3A, 0x8F, + 0x26, 0x94, 0xE3, 0x28, 0x82, 0x1A, 0x7C, 0x8F, + 0x59, 0x9F, 0x45, 0xE8, 0x5D, 0x1A, 0x45, 0x76, + 0x04, 0x56, 0x05, 0xA1, 0xD0, 0x1B, 0x8C, 0x77, + 0x6D, 0xAF, 0x53, 0xFA, 0x71, 0xE2, 0x67, 0xE0, + 0x9A, 0xFE, 0x03, 0xA9, 0x85, 0xD2, 0xC9, 0xAA, + 0xBA, 0x2A, 0xBC, 0xF4, 0xA0, 0x08, 0xF5, 0x13, + 0x98, 0x13, 0x5D, 0xF0, 0xD9, 0x33, 0x34, 0x2A, + 0x61, 0xC3, 0x89, 0x55, 0xF0, 0xAE, 0x1A, 0x9C, + 0x22, 0xEE, 0x19, 0x05, 0x8D, 0x32, 0xFE, 0xEC, + 0x9C, 0x84, 0xBA, 0xB7, 0xF9, 0x6C, 0x3A, 0x4F, + 0x07, 0xFC, 0x45, 0xEB, 0x12, 0xE5, 0x7B, 0xFD, + 0x55, 0xE6, 0x29, 0x69, 0xD1, 0xC2, 0xE8, 0xB9, + 0x78, 0x59, 0xF6, 0x79, 0x10, 0xC6, 0x4E, 0xEB, + 0x6A, 0x5E, 0xB9, 0x9A, 0xC7, 0xC4, 0x5B, 0x63, + 0xDA, 0xA3, 0x3F, 0x5E, 0x92, 0x7A, 0x81, 0x5E, + 0xD6, 0xB0, 0xE2, 0x62, 0x8F, 0x74, 0x26, 0xC2, + 0x0C, 0xD3, 0x9A, 0x17, 0x47, 0xE6, 0x8E, 0xAB +}; +static const unsigned char rsa_e[] = { 0x01, 0x00, 0x01 }; +static const unsigned char rsa_d[] = { + 0x52, 0x41, 0xF4, 0xDA, 0x7B, 0xB7, 0x59, 0x55, + 0xCA, 0xD4, 0x2F, 0x0F, 0x3A, 0xCB, 0xA4, 0x0D, + 0x93, 0x6C, 0xCC, 0x9D, 0xC1, 0xB2, 0xFB, 0xFD, + 0xAE, 0x40, 0x31, 0xAC, 0x69, 0x52, 0x21, 0x92, + 0xB3, 0x27, 0xDF, 0xEA, 0xEE, 0x2C, 0x82, 0xBB, + 0xF7, 0x40, 0x32, 0xD5, 0x14, 0xC4, 0x94, 0x12, + 0xEC, 0xB8, 0x1F, 0xCA, 0x59, 0xE3, 0xC1, 0x78, + 0xF3, 0x85, 0xD8, 0x47, 0xA5, 0xD7, 0x02, 0x1A, + 0x65, 0x79, 0x97, 0x0D, 0x24, 0xF4, 0xF0, 0x67, + 0x6E, 0x75, 0x2D, 0xBF, 0x10, 0x3D, 0xA8, 0x7D, + 0xEF, 0x7F, 0x60, 0xE4, 0xE6, 0x05, 0x82, 0x89, + 0x5D, 0xDF, 0xC6, 0xD2, 0x6C, 0x07, 0x91, 0x33, + 0x98, 0x42, 0xF0, 0x02, 0x00, 0x25, 0x38, 0xC5, + 0x85, 0x69, 0x8A, 0x7D, 0x2F, 0x95, 0x6C, 0x43, + 0x9A, 0xB8, 0x81, 0xE2, 0xD0, 0x07, 0x35, 0xAA, + 0x05, 0x41, 0xC9, 0x1E, 0xAF, 0xE4, 0x04, 0x3B, + 0x19, 0xB8, 0x73, 0xA2, 0xAC, 0x4B, 0x1E, 0x66, + 0x48, 0xD8, 0x72, 0x1F, 0xAC, 0xF6, 0xCB, 0xBC, + 0x90, 0x09, 0xCA, 0xEC, 0x0C, 0xDC, 0xF9, 0x2C, + 0xD7, 0xEB, 0xAE, 0xA3, 0xA4, 0x47, 0xD7, 0x33, + 0x2F, 0x8A, 0xCA, 0xBC, 0x5E, 0xF0, 0x77, 0xE4, + 0x97, 0x98, 0x97, 0xC7, 0x10, 0x91, 0x7D, 0x2A, + 0xA6, 0xFF, 0x46, 0x83, 0x97, 0xDE, 0xE9, 0xE2, + 0x17, 0x03, 0x06, 0x14, 0xE2, 0xD7, 0xB1, 0x1D, + 0x77, 0xAF, 0x51, 0x27, 0x5B, 0x5E, 0x69, 0xB8, + 0x81, 0xE6, 0x11, 0xC5, 0x43, 0x23, 0x81, 0x04, + 0x62, 0xFF, 0xE9, 0x46, 0xB8, 0xD8, 0x44, 0xDB, + 0xA5, 0xCC, 0x31, 0x54, 0x34, 0xCE, 0x3E, 0x82, + 0xD6, 0xBF, 0x7A, 0x0B, 0x64, 0x21, 0x6D, 0x88, + 0x7E, 0x5B, 0x45, 0x12, 0x1E, 0x63, 0x8D, 0x49, + 0xA7, 0x1D, 0xD9, 0x1E, 0x06, 0xCD, 0xE8, 0xBA, + 0x2C, 0x8C, 0x69, 0x32, 0xEA, 0xBE, 0x60, 0x71 +}; +static const unsigned char rsa_p[] = { + 0xFA, 0xAC, 0xE1, 0x37, 0x5E, 0x32, 0x11, 0x34, + 0xC6, 0x72, 0x58, 0x2D, 0x91, 0x06, 0x3E, 0x77, + 0xE7, 0x11, 0x21, 0xCD, 0x4A, 0xF8, 0xA4, 0x3F, + 0x0F, 0xEF, 0x31, 0xE3, 0xF3, 0x55, 0xA0, 0xB9, + 0xAC, 0xB6, 0xCB, 0xBB, 0x41, 0xD0, 0x32, 0x81, + 0x9A, 0x8F, 0x7A, 0x99, 0x30, 0x77, 0x6C, 0x68, + 0x27, 0xE2, 0x96, 0xB5, 0x72, 0xC9, 0xC3, 0xD4, + 0x42, 0xAA, 0xAA, 0xCA, 0x95, 0x8F, 0xFF, 0xC9, + 0x9B, 0x52, 0x34, 0x30, 0x1D, 0xCF, 0xFE, 0xCF, + 0x3C, 0x56, 0x68, 0x6E, 0xEF, 0xE7, 0x6C, 0xD7, + 0xFB, 0x99, 0xF5, 0x4A, 0xA5, 0x21, 0x1F, 0x2B, + 0xEA, 0x93, 0xE8, 0x98, 0x26, 0xC4, 0x6E, 0x42, + 0x21, 0x5E, 0xA0, 0xA1, 0x2A, 0x58, 0x35, 0xBB, + 0x10, 0xE7, 0xBA, 0x27, 0x0A, 0x3B, 0xB3, 0xAF, + 0xE2, 0x75, 0x36, 0x04, 0xAC, 0x56, 0xA0, 0xAB, + 0x52, 0xDE, 0xCE, 0xDD, 0x2C, 0x28, 0x77, 0x03 +}; +static const unsigned char rsa_q[] = { + 0xDF, 0xB7, 0x52, 0xB6, 0xD7, 0xC0, 0xE2, 0x96, + 0xE7, 0xC9, 0xFE, 0x5D, 0x71, 0x5A, 0xC4, 0x40, + 0x96, 0x2F, 0xE5, 0x87, 0xEA, 0xF3, 0xA5, 0x77, + 0x11, 0x67, 0x3C, 0x8D, 0x56, 0x08, 0xA7, 0xB5, + 0x67, 0xFA, 0x37, 0xA8, 0xB8, 0xCF, 0x61, 0xE8, + 0x63, 0xD8, 0x38, 0x06, 0x21, 0x2B, 0x92, 0x09, + 0xA6, 0x39, 0x3A, 0xEA, 0xA8, 0xB4, 0x45, 0x4B, + 0x36, 0x10, 0x4C, 0xE4, 0x00, 0x66, 0x71, 0x65, + 0xF8, 0x0B, 0x94, 0x59, 0x4F, 0x8C, 0xFD, 0xD5, + 0x34, 0xA2, 0xE7, 0x62, 0x84, 0x0A, 0xA7, 0xBB, + 0xDB, 0xD9, 0x8A, 0xCD, 0x05, 0xE1, 0xCC, 0x57, + 0x7B, 0xF1, 0xF1, 0x1F, 0x11, 0x9D, 0xBA, 0x3E, + 0x45, 0x18, 0x99, 0x1B, 0x41, 0x64, 0x43, 0xEE, + 0x97, 0x5D, 0x77, 0x13, 0x5B, 0x74, 0x69, 0x73, + 0x87, 0x95, 0x05, 0x07, 0xBE, 0x45, 0x07, 0x17, + 0x7E, 0x4A, 0x69, 0x22, 0xF3, 0xDB, 0x05, 0x39 +}; +static const unsigned char rsa_dp[] = { + 0x5E, 0xD8, 0xDC, 0xDA, 0x53, 0x44, 0xC4, 0x67, + 0xE0, 0x92, 0x51, 0x34, 0xE4, 0x83, 0xA5, 0x4D, + 0x3E, 0xDB, 0xA7, 0x9B, 0x82, 0xBB, 0x73, 0x81, + 0xFC, 0xE8, 0x77, 0x4B, 0x15, 0xBE, 0x17, 0x73, + 0x49, 0x9B, 0x5C, 0x98, 0xBC, 0xBD, 0x26, 0xEF, + 0x0C, 0xE9, 0x2E, 0xED, 0x19, 0x7E, 0x86, 0x41, + 0x1E, 0x9E, 0x48, 0x81, 0xDD, 0x2D, 0xE4, 0x6F, + 0xC2, 0xCD, 0xCA, 0x93, 0x9E, 0x65, 0x7E, 0xD5, + 0xEC, 0x73, 0xFD, 0x15, 0x1B, 0xA2, 0xA0, 0x7A, + 0x0F, 0x0D, 0x6E, 0xB4, 0x53, 0x07, 0x90, 0x92, + 0x64, 0x3B, 0x8B, 0xA9, 0x33, 0xB3, 0xC5, 0x94, + 0x9B, 0x4C, 0x5D, 0x9C, 0x7C, 0x46, 0xA4, 0xA5, + 0x56, 0xF4, 0xF3, 0xF8, 0x27, 0x0A, 0x7B, 0x42, + 0x0D, 0x92, 0x70, 0x47, 0xE7, 0x42, 0x51, 0xA9, + 0xC2, 0x18, 0xB1, 0x58, 0xB1, 0x50, 0x91, 0xB8, + 0x61, 0x41, 0xB6, 0xA9, 0xCE, 0xD4, 0x7C, 0xBB +}; +static const unsigned char rsa_dq[] = { + 0x54, 0x09, 0x1F, 0x0F, 0x03, 0xD8, 0xB6, 0xC5, + 0x0C, 0xE8, 0xB9, 0x9E, 0x0C, 0x38, 0x96, 0x43, + 0xD4, 0xA6, 0xC5, 0x47, 0xDB, 0x20, 0x0E, 0xE5, + 0xBD, 0x29, 0xD4, 0x7B, 0x1A, 0xF8, 0x41, 0x57, + 0x49, 0x69, 0x9A, 0x82, 0xCC, 0x79, 0x4A, 0x43, + 0xEB, 0x4D, 0x8B, 0x2D, 0xF2, 0x43, 0xD5, 0xA5, + 0xBE, 0x44, 0xFD, 0x36, 0xAC, 0x8C, 0x9B, 0x02, + 0xF7, 0x9A, 0x03, 0xE8, 0x19, 0xA6, 0x61, 0xAE, + 0x76, 0x10, 0x93, 0x77, 0x41, 0x04, 0xAB, 0x4C, + 0xED, 0x6A, 0xCC, 0x14, 0x1B, 0x99, 0x8D, 0x0C, + 0x6A, 0x37, 0x3B, 0x86, 0x6C, 0x51, 0x37, 0x5B, + 0x1D, 0x79, 0xF2, 0xA3, 0x43, 0x10, 0xC6, 0xA7, + 0x21, 0x79, 0x6D, 0xF9, 0xE9, 0x04, 0x6A, 0xE8, + 0x32, 0xFF, 0xAE, 0xFD, 0x1C, 0x7B, 0x8C, 0x29, + 0x13, 0xA3, 0x0C, 0xB2, 0xAD, 0xEC, 0x6C, 0x0F, + 0x8D, 0x27, 0x12, 0x7B, 0x48, 0xB2, 0xDB, 0x31 +}; +static const unsigned char rsa_qInv[] = { + 0x8D, 0x1B, 0x05, 0xCA, 0x24, 0x1F, 0x0C, 0x53, + 0x19, 0x52, 0x74, 0x63, 0x21, 0xFA, 0x78, 0x46, + 0x79, 0xAF, 0x5C, 0xDE, 0x30, 0xA4, 0x6C, 0x20, + 0x38, 0xE6, 0x97, 0x39, 0xB8, 0x7A, 0x70, 0x0D, + 0x8B, 0x6C, 0x6D, 0x13, 0x74, 0xD5, 0x1C, 0xDE, + 0xA9, 0xF4, 0x60, 0x37, 0xFE, 0x68, 0x77, 0x5E, + 0x0B, 0x4E, 0x5E, 0x03, 0x31, 0x30, 0xDF, 0xD6, + 0xAE, 0x85, 0xD0, 0x81, 0xBB, 0x61, 0xC7, 0xB1, + 0x04, 0x5A, 0xC4, 0x6D, 0x56, 0x1C, 0xD9, 0x64, + 0xE7, 0x85, 0x7F, 0x88, 0x91, 0xC9, 0x60, 0x28, + 0x05, 0xE2, 0xC6, 0x24, 0x8F, 0xDD, 0x61, 0x64, + 0xD8, 0x09, 0xDE, 0x7E, 0xD3, 0x4A, 0x61, 0x1A, + 0xD3, 0x73, 0x58, 0x4B, 0xD8, 0xA0, 0x54, 0x25, + 0x48, 0x83, 0x6F, 0x82, 0x6C, 0xAF, 0x36, 0x51, + 0x2A, 0x5D, 0x14, 0x2F, 0x41, 0x25, 0x00, 0xDD, + 0xF8, 0xF3, 0x95, 0xFE, 0x31, 0x25, 0x50, 0x12 +}; + +static const ST_KAT_PARAM rsa_key[] = { + ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_N, rsa_n), + ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_E, rsa_e), + ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_D, rsa_d), + ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_FACTOR, rsa_p), + ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_FACTOR, rsa_q), + ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_EXPONENT, rsa_dp), + ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_EXPONENT, rsa_dq), + ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_COEFFICIENT, rsa_qInv), + ST_KAT_PARAM_END() +}; + +static const unsigned char rsa_expected_sig[256] = { + 0xad, 0xbe, 0x2a, 0xaf, 0x16, 0x85, 0xc5, 0x00, + 0x91, 0x3e, 0xd0, 0x49, 0xfb, 0x3a, 0x81, 0xb9, + 0x6c, 0x28, 0xbc, 0xbf, 0xea, 0x96, 0x5f, 0xe4, + 0x9f, 0x99, 0xf7, 0x18, 0x8c, 0xec, 0x60, 0x28, + 0xeb, 0x29, 0x02, 0x49, 0xfc, 0xda, 0xd7, 0x78, + 0x68, 0xf8, 0xe1, 0xe9, 0x4d, 0x20, 0x6d, 0x32, + 0xa6, 0xde, 0xfc, 0xe4, 0xda, 0xcc, 0x6c, 0x75, + 0x36, 0x6b, 0xff, 0x5a, 0xac, 0x01, 0xa8, 0xc2, + 0xa9, 0xe6, 0x8b, 0x18, 0x3e, 0xec, 0xea, 0x4c, + 0x4a, 0x9e, 0x00, 0x09, 0xd1, 0x8a, 0x69, 0x1b, + 0x8b, 0xd9, 0xad, 0x37, 0xe5, 0x7c, 0xff, 0x7d, + 0x59, 0x56, 0x3e, 0xa0, 0xc6, 0x32, 0xd8, 0x35, + 0x2f, 0xff, 0xfb, 0x05, 0x02, 0xcd, 0xd7, 0x19, + 0xb9, 0x00, 0x86, 0x2a, 0xcf, 0xaa, 0x78, 0x16, + 0x4b, 0xf1, 0xa7, 0x59, 0xef, 0x7d, 0xe8, 0x74, + 0x23, 0x5c, 0xb2, 0xd4, 0x8a, 0x99, 0xa5, 0xbc, + 0xfa, 0x63, 0xd8, 0xf7, 0xbd, 0xc6, 0x00, 0x13, + 0x06, 0x02, 0x9a, 0xd4, 0xa7, 0xb4, 0x3d, 0x61, + 0xab, 0xf1, 0xc2, 0x95, 0x59, 0x9b, 0x3d, 0x67, + 0x1f, 0xde, 0x57, 0xb6, 0xb6, 0x9f, 0xb0, 0x87, + 0xd6, 0x51, 0xd5, 0x3e, 0x00, 0xe2, 0xc9, 0xa0, + 0x03, 0x66, 0xbc, 0x01, 0xb3, 0x8e, 0xfa, 0xf1, + 0x15, 0xeb, 0x26, 0xf1, 0x5d, 0x81, 0x90, 0xb4, + 0x1c, 0x00, 0x7c, 0x83, 0x4a, 0xa5, 0xde, 0x64, + 0xae, 0xea, 0x6c, 0x43, 0xc3, 0x20, 0x77, 0x77, + 0x42, 0x12, 0x24, 0xf5, 0xe3, 0x70, 0xdd, 0x59, + 0x48, 0x9c, 0xef, 0xd4, 0x8a, 0x3c, 0x29, 0x6a, + 0x0c, 0x9c, 0xf2, 0x13, 0xa4, 0x1c, 0x2f, 0x49, + 0xcd, 0xb4, 0xaa, 0x28, 0x40, 0x34, 0xc6, 0x75, + 0xba, 0x30, 0xe6, 0xd8, 0x5b, 0x2f, 0x08, 0xd0, + 0x29, 0xa5, 0x39, 0xfb, 0x6e, 0x3b, 0x0f, 0x52, + 0x2c, 0x68, 0xf0, 0x37, 0xa9, 0xd2, 0x56, 0xd6 +}; + +#endif /* OPENSSL_NO_RSA */ + +#ifndef OPENSSL_NO_EC +/* ECDSA key data */ +static const char ecd_curve_name[] = "secp224r1"; +static const unsigned char ecd_priv[] = { + 0x98, 0x1f, 0xb5, 0xf1, 0xfc, 0x87, 0x1d, 0x7d, + 0xde, 0x1e, 0x01, 0x64, 0x09, 0x9b, 0xe7, 0x1b, + 0x9f, 0xad, 0x63, 0xdd, 0x33, 0x01, 0xd1, 0x50, + 0x80, 0x93, 0x50, 0x30 +}; +static const unsigned char ecd_pub[] = { + 0x04, 0x95, 0x47, 0x99, 0x44, 0x29, 0x8f, 0x51, + 0x39, 0xe2, 0x53, 0xec, 0x79, 0xb0, 0x4d, 0xde, + 0x87, 0x1a, 0x76, 0x54, 0xd5, 0x96, 0xb8, 0x7a, + 0x6d, 0xf4, 0x1c, 0x2c, 0x87, 0x91, 0x5f, 0xd5, + 0x31, 0xdd, 0x24, 0xe5, 0x78, 0xd9, 0x08, 0x24, + 0x8a, 0x49, 0x99, 0xec, 0x55, 0xf2, 0x82, 0xb3, + 0xc4, 0xb7, 0x33, 0x68, 0xe4, 0x24, 0xa9, 0x12, + 0x82 +}; + +static const ST_KAT_PARAM ecdsa_key[] = { + ST_KAT_PARAM_UTF8STRING(OSSL_PKEY_PARAM_EC_NAME, ecd_curve_name), + ST_KAT_PARAM_OCTET(OSSL_PKEY_PARAM_PUB_KEY, ecd_pub), + ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_PRIV_KEY, ecd_priv), + ST_KAT_PARAM_END() +}; +#endif /* OPENSSL_NO_EC */ + +#ifndef OPENSSL_NO_DSA +/* dsa 2048 */ +static const unsigned char dsa_p[] = { + 0xa2, 0x9b, 0x88, 0x72, 0xce, 0x8b, 0x84, 0x23, + 0xb7, 0xd5, 0xd2, 0x1d, 0x4b, 0x02, 0xf5, 0x7e, + 0x03, 0xe9, 0xe6, 0xb8, 0xa2, 0x58, 0xdc, 0x16, + 0x61, 0x1b, 0xa0, 0x98, 0xab, 0x54, 0x34, 0x15, + 0xe4, 0x15, 0xf1, 0x56, 0x99, 0x7a, 0x3e, 0xe2, + 0x36, 0x65, 0x8f, 0xa0, 0x93, 0x26, 0x0d, 0xe3, + 0xad, 0x42, 0x2e, 0x05, 0xe0, 0x46, 0xf9, 0xec, + 0x29, 0x16, 0x1a, 0x37, 0x5f, 0x0e, 0xb4, 0xef, + 0xfc, 0xef, 0x58, 0x28, 0x5c, 0x5d, 0x39, 0xed, + 0x42, 0x5d, 0x7a, 0x62, 0xca, 0x12, 0x89, 0x6c, + 0x4a, 0x92, 0xcb, 0x19, 0x46, 0xf2, 0x95, 0x2a, + 0x48, 0x13, 0x3f, 0x07, 0xda, 0x36, 0x4d, 0x1b, + 0xdf, 0x6b, 0x0f, 0x71, 0x39, 0x98, 0x3e, 0x69, + 0x3c, 0x80, 0x05, 0x9b, 0x0e, 0xac, 0xd1, 0x47, + 0x9b, 0xa9, 0xf2, 0x85, 0x77, 0x54, 0xed, 0xe7, + 0x5f, 0x11, 0x2b, 0x07, 0xeb, 0xbf, 0x35, 0x34, + 0x8b, 0xbf, 0x3e, 0x01, 0xe0, 0x2f, 0x2d, 0x47, + 0x3d, 0xe3, 0x94, 0x53, 0xf9, 0x9d, 0xd2, 0x36, + 0x75, 0x41, 0xca, 0xca, 0x3b, 0xa0, 0x11, 0x66, + 0x34, 0x3d, 0x7b, 0x5b, 0x58, 0xa3, 0x7b, 0xd1, + 0xb7, 0x52, 0x1d, 0xb2, 0xf1, 0x3b, 0x86, 0x70, + 0x71, 0x32, 0xfe, 0x09, 0xf4, 0xcd, 0x09, 0xdc, + 0x16, 0x18, 0xfa, 0x34, 0x01, 0xeb, 0xf9, 0xcc, + 0x7b, 0x19, 0xfa, 0x94, 0xaa, 0x47, 0x20, 0x88, + 0x13, 0x3d, 0x6c, 0xb2, 0xd3, 0x5c, 0x11, 0x79, + 0xc8, 0xc8, 0xff, 0x36, 0x87, 0x58, 0xd5, 0x07, + 0xd9, 0xf9, 0xa1, 0x7d, 0x46, 0xc1, 0x10, 0xfe, + 0x31, 0x44, 0xce, 0x9b, 0x02, 0x2b, 0x42, 0xe4, + 0x19, 0xeb, 0x4f, 0x53, 0x88, 0x61, 0x3b, 0xfc, + 0x3e, 0x26, 0x24, 0x1a, 0x43, 0x2e, 0x87, 0x06, + 0xbc, 0x58, 0xef, 0x76, 0x11, 0x72, 0x78, 0xde, + 0xab, 0x6c, 0xf6, 0x92, 0x61, 0x82, 0x91, 0xb7 +}; +static const unsigned char dsa_q[] = { + 0xa3, 0xbf, 0xd9, 0xab, 0x78, 0x84, 0x79, 0x4e, + 0x38, 0x34, 0x50, 0xd5, 0x89, 0x1d, 0xc1, 0x8b, + 0x65, 0x15, 0x7b, 0xdc, 0xfc, 0xda, 0xc5, 0x15, + 0x18, 0x90, 0x28, 0x67 +}; +static const unsigned char dsa_g[] = { + 0x68, 0x19, 0x27, 0x88, 0x69, 0xc7, 0xfd, 0x3d, + 0x2d, 0x7b, 0x77, 0xf7, 0x7e, 0x81, 0x50, 0xd9, + 0xad, 0x43, 0x3b, 0xea, 0x3b, 0xa8, 0x5e, 0xfc, + 0x80, 0x41, 0x5a, 0xa3, 0x54, 0x5f, 0x78, 0xf7, + 0x22, 0x96, 0xf0, 0x6c, 0xb1, 0x9c, 0xed, 0xa0, + 0x6c, 0x94, 0xb0, 0x55, 0x1c, 0xfe, 0x6e, 0x6f, + 0x86, 0x3e, 0x31, 0xd1, 0xde, 0x6e, 0xed, 0x7d, + 0xab, 0x8b, 0x0c, 0x9d, 0xf2, 0x31, 0xe0, 0x84, + 0x34, 0xd1, 0x18, 0x4f, 0x91, 0xd0, 0x33, 0x69, + 0x6b, 0xb3, 0x82, 0xf8, 0x45, 0x5e, 0x98, 0x88, + 0xf5, 0xd3, 0x1d, 0x47, 0x84, 0xec, 0x40, 0x12, + 0x02, 0x46, 0xf4, 0xbe, 0xa6, 0x17, 0x94, 0xbb, + 0xa5, 0x86, 0x6f, 0x09, 0x74, 0x64, 0x63, 0xbd, + 0xf8, 0xe9, 0xe1, 0x08, 0xcd, 0x95, 0x29, 0xc3, + 0xd0, 0xf6, 0xdf, 0x80, 0x31, 0x6e, 0x2e, 0x70, + 0xaa, 0xeb, 0x1b, 0x26, 0xcd, 0xb8, 0xad, 0x97, + 0xbc, 0x3d, 0x28, 0x7e, 0x0b, 0x8d, 0x61, 0x6c, + 0x42, 0xe6, 0x5b, 0x87, 0xdb, 0x20, 0xde, 0xb7, + 0x00, 0x5b, 0xc4, 0x16, 0x74, 0x7a, 0x64, 0x70, + 0x14, 0x7a, 0x68, 0xa7, 0x82, 0x03, 0x88, 0xeb, + 0xf4, 0x4d, 0x52, 0xe0, 0x62, 0x8a, 0xf9, 0xcf, + 0x1b, 0x71, 0x66, 0xd0, 0x34, 0x65, 0xf3, 0x5a, + 0xcc, 0x31, 0xb6, 0x11, 0x0c, 0x43, 0xda, 0xbc, + 0x7c, 0x5d, 0x59, 0x1e, 0x67, 0x1e, 0xaf, 0x7c, + 0x25, 0x2c, 0x1c, 0x14, 0x53, 0x36, 0xa1, 0xa4, + 0xdd, 0xf1, 0x32, 0x44, 0xd5, 0x5e, 0x83, 0x56, + 0x80, 0xca, 0xb2, 0x53, 0x3b, 0x82, 0xdf, 0x2e, + 0xfe, 0x55, 0xec, 0x18, 0xc1, 0xe6, 0xcd, 0x00, + 0x7b, 0xb0, 0x89, 0x75, 0x8b, 0xb1, 0x7c, 0x2c, + 0xbe, 0x14, 0x44, 0x1b, 0xd0, 0x93, 0xae, 0x66, + 0xe5, 0x97, 0x6d, 0x53, 0x73, 0x3f, 0x4f, 0xa3, + 0x26, 0x97, 0x01, 0xd3, 0x1d, 0x23, 0xd4, 0x67 +}; +static const unsigned char dsa_pub[] = { + 0xa0, 0x12, 0xb3, 0xb1, 0x70, 0xb3, 0x07, 0x22, + 0x79, 0x57, 0xb7, 0xca, 0x20, 0x61, 0xa8, 0x16, + 0xac, 0x7a, 0x2b, 0x3d, 0x9a, 0xe9, 0x95, 0xa5, + 0x11, 0x9c, 0x38, 0x5b, 0x60, 0x3b, 0xf6, 0xf6, + 0xc5, 0xde, 0x4d, 0xc5, 0xec, 0xb5, 0xdf, 0xa4, + 0xa4, 0x1c, 0x68, 0x66, 0x2e, 0xb2, 0x5b, 0x63, + 0x8b, 0x7e, 0x26, 0x20, 0xba, 0x89, 0x8d, 0x07, + 0xda, 0x6c, 0x49, 0x91, 0xe7, 0x6c, 0xc0, 0xec, + 0xd1, 0xad, 0x34, 0x21, 0x07, 0x70, 0x67, 0xe4, + 0x7c, 0x18, 0xf5, 0x8a, 0x92, 0xa7, 0x2a, 0xd4, + 0x31, 0x99, 0xec, 0xb7, 0xbd, 0x84, 0xe7, 0xd3, + 0xaf, 0xb9, 0x01, 0x9f, 0x0e, 0x9d, 0xd0, 0xfb, + 0xaa, 0x48, 0x73, 0x00, 0xb1, 0x30, 0x81, 0xe3, + 0x3c, 0x90, 0x28, 0x76, 0x43, 0x6f, 0x7b, 0x03, + 0xc3, 0x45, 0x52, 0x84, 0x81, 0xd3, 0x62, 0x81, + 0x5e, 0x24, 0xfe, 0x59, 0xda, 0xc5, 0xac, 0x34, + 0x66, 0x0d, 0x4c, 0x8a, 0x76, 0xcb, 0x99, 0xa7, + 0xc7, 0xde, 0x93, 0xeb, 0x95, 0x6c, 0xd6, 0xbc, + 0x88, 0xe5, 0x8d, 0x90, 0x10, 0x34, 0x94, 0x4a, + 0x09, 0x4b, 0x01, 0x80, 0x3a, 0x43, 0xc6, 0x72, + 0xb9, 0x68, 0x8c, 0x0e, 0x01, 0xd8, 0xf4, 0xfc, + 0x91, 0xc6, 0x2a, 0x3f, 0x88, 0x02, 0x1f, 0x7b, + 0xd6, 0xa6, 0x51, 0xb1, 0xa8, 0x8f, 0x43, 0xaa, + 0x4e, 0xf2, 0x76, 0x53, 0xd1, 0x2b, 0xf8, 0xb7, + 0x09, 0x9f, 0xdf, 0x6b, 0x46, 0x10, 0x82, 0xf8, + 0xe9, 0x39, 0x10, 0x7b, 0xfd, 0x2f, 0x72, 0x10, + 0x08, 0x7d, 0x32, 0x6c, 0x37, 0x52, 0x00, 0xf1, + 0xf5, 0x1e, 0x7e, 0x74, 0xa3, 0x41, 0x31, 0x90, + 0x1b, 0xcd, 0x08, 0x63, 0x52, 0x1f, 0xf8, 0xd6, + 0x76, 0xc4, 0x85, 0x81, 0x86, 0x87, 0x36, 0xc5, + 0xe5, 0x1b, 0x16, 0xa4, 0xe3, 0x92, 0x15, 0xea, + 0x0b, 0x17, 0xc4, 0x73, 0x59, 0x74, 0xc5, 0x16 +}; +static const unsigned char dsa_priv[] = { + 0x6c, 0xca, 0xee, 0xf6, 0xd7, 0x3b, 0x4e, 0x80, + 0xf1, 0x1c, 0x17, 0xb8, 0xe9, 0x62, 0x7c, 0x03, + 0x66, 0x35, 0xba, 0xc3, 0x94, 0x23, 0x50, 0x5e, + 0x40, 0x7e, 0x5c, 0xb7 +}; + +static const ST_KAT_PARAM dsa_key[] = { + ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_FFC_P, dsa_p), + ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_FFC_Q, dsa_q), + ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_FFC_G, dsa_g), + ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_PUB_KEY, dsa_pub), + ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_PRIV_KEY, dsa_priv), + ST_KAT_PARAM_END() +}; +#endif /* OPENSSL_NO_DSA */ + +static const ST_KAT_SIGN st_kat_sign_tests[] = { +#ifndef OPENSSL_NO_RSA + { + OSSL_SELF_TEST_DESC_SIGN_RSA, + "RSA", + "SHA-256", + rsa_key, + ITM(rsa_expected_sig) + }, +#endif /* OPENSSL_NO_RSA */ +#ifndef OPENSSL_NO_EC + { + OSSL_SELF_TEST_DESC_SIGN_ECDSA, + "EC", + "SHA-256", + ecdsa_key, + /* + * The ECDSA signature changes each time due to it using a random k. + * So there is no expected KAT for this case. + */ + }, +#endif /* OPENSSL_NO_EC */ +#ifndef OPENSSL_NO_DSA + { + OSSL_SELF_TEST_DESC_SIGN_DSA, + "DSA", + "SHA-256", + dsa_key, + /* + * The DSA signature changes each time due to it using a random k. + * So there is no expected KAT for this case. + */ + }, +#endif /* OPENSSL_NO_DSA */ +}; diff --git a/providers/fips/self_test_kats.c b/providers/fips/self_test_kats.c index 50e59611c5..f02dbcd85c 100644 --- a/providers/fips/self_test_kats.c +++ b/providers/fips/self_test_kats.c @@ -11,6 +11,8 @@ #include #include #include +#include +#include #include "internal/cryptlib.h" #include "internal/nelem.h" #include "self_test.h" @@ -46,10 +48,9 @@ static int self_test_digest(const ST_KAT_DIGEST *t, OSSL_SELF_TEST *st, goto err; ok = 1; err: - OSSL_SELF_TEST_onend(st, ok); EVP_MD_free(md); EVP_MD_CTX_free(ctx); - + OSSL_SELF_TEST_onend(st, ok); return ok; } @@ -142,39 +143,79 @@ err: return ret; } +static int add_params(OSSL_PARAM_BLD *bld, const ST_KAT_PARAM *params, + BN_CTX *ctx) +{ + int ret = 0; + const ST_KAT_PARAM *p; + + if (params == NULL) + return 1; + for (p = params; p->data != NULL; ++p) + { + switch (p->type) { + case OSSL_PARAM_UNSIGNED_INTEGER: { + BIGNUM *bn = BN_CTX_get(ctx); + + if (bn == NULL + || (BN_bin2bn(p->data, p->data_len, bn) == NULL) + || !OSSL_PARAM_BLD_push_BN(bld, p->name, bn)) + goto err; + break; + } + case OSSL_PARAM_UTF8_STRING: { + if (!OSSL_PARAM_BLD_push_utf8_string(bld, p->name, p->data, 0)) + goto err; + break; + } + case OSSL_PARAM_OCTET_STRING: { + if (!OSSL_PARAM_BLD_push_octet_string(bld, p->name, p->data, + p->data_len)) + goto err; + break; + } + default: + break; + } + } + ret = 1; +err: + return ret; +} + static int self_test_kdf(const ST_KAT_KDF *t, OSSL_SELF_TEST *st, OPENSSL_CTX *libctx) { int ret = 0; - int i, numparams; unsigned char out[64]; EVP_KDF *kdf = NULL; EVP_KDF_CTX *ctx = NULL; - OSSL_PARAM params[16]; - const OSSL_PARAM *settables = NULL; + BN_CTX *bnctx = NULL; + OSSL_PARAM *params = NULL; + OSSL_PARAM_BLD *bld = NULL; - numparams = OSSL_NELEM(params); OSSL_SELF_TEST_onbegin(st, OSSL_SELF_TEST_TYPE_KAT_KDF, t->desc); - /* Zeroize the params array to avoid mem leaks on error */ - for (i = 0; i < numparams; ++i) - params[i] = OSSL_PARAM_construct_end(); + bld = OSSL_PARAM_BLD_new(); + if (bld == NULL) + goto err; kdf = EVP_KDF_fetch(libctx, t->algorithm, ""); + if (kdf == NULL) + goto err; + ctx = EVP_KDF_CTX_new(kdf); if (ctx == NULL) goto err; - settables = EVP_KDF_settable_ctx_params(kdf); - for (i = 0; t->ctrls[i].name != NULL; ++i) { - if (!ossl_assert(i < (numparams - 1))) - goto err; - if (!OSSL_PARAM_allocate_from_text(¶ms[i], settables, - t->ctrls[i].name, - t->ctrls[i].value, - strlen(t->ctrls[i].value), NULL)) - goto err; - } + bnctx = BN_CTX_new_ex(libctx); + if (bnctx == NULL) + goto err; + if (!add_params(bld, t->params, bnctx)) + goto err; + params = OSSL_PARAM_BLD_to_param(bld); + if (params == NULL) + goto err; if (!EVP_KDF_CTX_set_params(ctx, params)) goto err; @@ -190,10 +231,11 @@ static int self_test_kdf(const ST_KAT_KDF *t, OSSL_SELF_TEST *st, ret = 1; err: - for (i = 0; params[i].key != NULL; ++i) - OPENSSL_free(params[i].data); EVP_KDF_free(kdf); EVP_KDF_CTX_free(ctx); + BN_CTX_free(bnctx); + OSSL_PARAM_BLD_free_params(params); + OSSL_PARAM_BLD_free(bld); OSSL_SELF_TEST_onend(st, ret); return ret; } @@ -300,6 +342,168 @@ err: return ret; } + + +static int self_test_ka(const ST_KAT_KAS *t, + OSSL_SELF_TEST *st, OPENSSL_CTX *libctx) +{ + int ret = 0; + EVP_PKEY_CTX *kactx = NULL, *dctx = NULL; + EVP_PKEY *pkey = NULL, *peerkey = NULL; + OSSL_PARAM *params = NULL; + OSSL_PARAM *params_peer = NULL; + unsigned char secret[256]; + size_t secret_len; + OSSL_PARAM_BLD *bld = NULL; + BN_CTX *bnctx = NULL; + + OSSL_SELF_TEST_onbegin(st, OSSL_SELF_TEST_TYPE_KAT_KA, t->desc); + + bnctx = BN_CTX_new_ex(libctx); + if (bnctx == NULL) + goto err; + + bld = OSSL_PARAM_BLD_new(); + if (bld == NULL) + goto err; + + if (!add_params(bld, t->key_group, bnctx) + || !add_params(bld, t->key_host_data, bnctx)) + goto err; + params = OSSL_PARAM_BLD_to_param(bld); + + if (!add_params(bld, t->key_group, bnctx) + || !add_params(bld, t->key_peer_data, bnctx)) + goto err; + + params_peer = OSSL_PARAM_BLD_to_param(bld); + if (params == NULL || params_peer == NULL) + goto err; + + /* Create a EVP_PKEY_CTX to load the DH keys into */ + kactx = EVP_PKEY_CTX_new_from_name(libctx, t->algorithm, ""); + if (kactx == NULL) + goto err; + if (EVP_PKEY_key_fromdata_init(kactx) <= 0 + || EVP_PKEY_fromdata(kactx, &pkey, params) <= 0) + goto err; + if (EVP_PKEY_key_fromdata_init(kactx) <= 0 + || EVP_PKEY_fromdata(kactx, &peerkey, params_peer) <= 0) + goto err; + + /* Create a EVP_PKEY_CTX to perform key derivation */ + dctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, NULL); + if (dctx == NULL) + goto err; + + if (EVP_PKEY_derive_init(dctx) <= 0 + || EVP_PKEY_derive_set_peer(dctx, peerkey) <= 0 + || EVP_PKEY_derive(dctx, secret, &secret_len) <= 0) + goto err; + + OSSL_SELF_TEST_oncorrupt_byte(st, secret); + + if (secret_len != t->expected_len + || memcmp(secret, t->expected, t->expected_len) != 0) + goto err; + ret = 1; +err: + BN_CTX_free(bnctx); + EVP_PKEY_free(pkey); + EVP_PKEY_free(peerkey); + EVP_PKEY_CTX_free(kactx); + EVP_PKEY_CTX_free(dctx); + OSSL_PARAM_BLD_free_params(params_peer); + OSSL_PARAM_BLD_free_params(params); + OSSL_PARAM_BLD_free(bld); + OSSL_SELF_TEST_onend(st, ret); + return ret; +} + +static int self_test_sign(const ST_KAT_SIGN *t, + OSSL_SELF_TEST *st, OPENSSL_CTX *libctx) +{ + int ret = 0; + OSSL_PARAM *params = NULL, *params_sig = NULL; + OSSL_PARAM_BLD *bld = NULL; + EVP_PKEY_CTX *sctx = NULL, *kctx = NULL; + EVP_PKEY *pkey = NULL; + unsigned char sig[256]; + BN_CTX *bnctx = NULL; + size_t siglen = 0; + static const unsigned char dgst[] = { + 0x7f, 0x83, 0xb1, 0x65, 0x7f, 0xf1, 0xfc, 0x53, 0xb9, 0x2d, 0xc1, 0x81, + 0x48, 0xa1, 0xd6, 0x5d, 0xfc, 0x2d, 0x4b, 0x1f, 0xa3, 0xd6, 0x77, 0x28, + 0x4a, 0xdd, 0xd2, 0x00, 0x12, 0x6d, 0x90, 0x69 + }; + + OSSL_SELF_TEST_onbegin(st, OSSL_SELF_TEST_TYPE_KAT_SIGNATURE, t->desc); + + bnctx = BN_CTX_new_ex(libctx); + if (bnctx == NULL) + goto err; + + bld = OSSL_PARAM_BLD_new(); + if (bld == NULL) + goto err; + + if (!add_params(bld, t->key, bnctx)) + goto err; + params = OSSL_PARAM_BLD_to_param(bld); + + /* Create a EVP_PKEY_CTX to load the DSA key into */ + kctx = EVP_PKEY_CTX_new_from_name(libctx, t->algorithm, ""); + if (kctx == NULL || params == NULL) + goto err; + if (EVP_PKEY_key_fromdata_init(kctx) <= 0 + || EVP_PKEY_fromdata(kctx, &pkey, params) <= 0) + goto err; + + /* Create a EVP_PKEY_CTX to use for the signing operation */ + sctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, NULL); + if (sctx == NULL + || EVP_PKEY_sign_init(sctx) <= 0) + goto err; + + /* set signature parameters */ + if (!OSSL_PARAM_BLD_push_utf8_string(bld, OSSL_SIGNATURE_PARAM_DIGEST, + t->mdalgorithm, + strlen(t->mdalgorithm) + 1)) + goto err; + params_sig = OSSL_PARAM_BLD_to_param(bld); + if (EVP_PKEY_CTX_set_params(sctx, params_sig) <= 0) + goto err; + + if (EVP_PKEY_sign(sctx, sig, &siglen, dgst, sizeof(dgst)) <= 0 + || EVP_PKEY_verify_init(sctx) <= 0 + || EVP_PKEY_CTX_set_params(sctx, params_sig) <= 0) + goto err; + + /* + * Used by RSA, for other key types where the signature changes, we + * can only use the verify. + */ + if (t->sig_expected != NULL + && (siglen != t->sig_expected_len + || memcmp(sig, t->sig_expected, t->sig_expected_len) != 0)) + goto err; + + OSSL_SELF_TEST_oncorrupt_byte(st, sig); + if (EVP_PKEY_verify(sctx, sig, siglen, dgst, sizeof(dgst)) <= 0) + goto err; + ret = 1; +err: + BN_CTX_free(bnctx); + EVP_PKEY_free(pkey); + EVP_PKEY_CTX_free(kctx); + EVP_PKEY_CTX_free(sctx); + OSSL_PARAM_BLD_free_params(params); + OSSL_PARAM_BLD_free_params(params_sig); + OSSL_PARAM_BLD_free(bld); + OSSL_SELF_TEST_onend(st, ret); + return ret; +} + /* * Test a data driven list of KAT's for digest algorithms. * All tests are run regardless of if they fail or not. @@ -349,12 +553,32 @@ static int self_test_drbgs(OSSL_SELF_TEST *st, OPENSSL_CTX *libctx) return ret; } +static int self_test_kas(OSSL_SELF_TEST *st, OPENSSL_CTX *libctx) +{ + int i, ret = 1; + + for (i = 0; i < (int)OSSL_NELEM(st_kat_kas_tests); ++i) { + if (!self_test_ka(&st_kat_kas_tests[i], st, libctx)) + ret = 0; + } + return ret; +} + +static int self_test_signatures(OSSL_SELF_TEST *st, OPENSSL_CTX *libctx) +{ + int i, ret = 1; + + for (i = 0; i < (int)OSSL_NELEM(st_kat_sign_tests); ++i) { + if (!self_test_sign(&st_kat_sign_tests[i], st, libctx)) + ret = 0; + } + return ret; +} + /* * Run the algorithm KAT's. * Return 1 is successful, otherwise return 0. * This runs all the tests regardless of if any fail. - * - * TODO(3.0) Add self tests for KA, Sign/Verify when they become available */ int SELF_TEST_kats(OSSL_SELF_TEST *st, OPENSSL_CTX *libctx) { @@ -364,10 +588,14 @@ int SELF_TEST_kats(OSSL_SELF_TEST *st, OPENSSL_CTX *libctx) ret = 0; if (!self_test_ciphers(st, libctx)) ret = 0; + if (!self_test_signatures(st, libctx)) + ret = 0; if (!self_test_kdfs(st, libctx)) ret = 0; if (!self_test_drbgs(st, libctx)) ret = 0; + if (!self_test_kas(st, libctx)) + ret = 0; return ret; } diff --git a/test/recipes/03-test_fipsinstall.t b/test/recipes/03-test_fipsinstall.t index 3be6346ab9..024d8c7ca5 100644 --- a/test/recipes/03-test_fipsinstall.t +++ b/test/recipes/03-test_fipsinstall.t @@ -24,7 +24,7 @@ use platform; plan skip_all => "Test only supported in a fips build" if disabled("fips"); -plan tests => 10; +plan tests => 12; my $infile = bldtop_file('providers', platform->dso('fips')); $ENV{OPENSSL_MODULES} = bldtop_dir("providers"); @@ -99,3 +99,21 @@ ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips.cnf', '-module', $infile, '-macopt', 'digest:SHA256', '-macopt', 'hexkey:00', '-section_name', 'fips_install', '-corrupt_desc', 'CTR'])), "fipsinstall fails when the DRBG CTR result is corrupted"); + +# corrupt a KAS test +ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips.conf', '-module', $infile, + '-provider_name', 'fips', '-mac_name', 'HMAC', + '-macopt', 'digest:SHA256', '-macopt', 'hexkey:00', + '-section_name', 'fips_install', + '-corrupt_desc', 'DH', + '-corrupt_type', 'KAT_KA'])), + "fipsinstall fails when the kas result is corrupted"); + +# corrupt a Signature test +ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips.conf', '-module', $infile, + '-provider_name', 'fips', '-mac_name', 'HMAC', + '-macopt', 'digest:SHA256', '-macopt', 'hexkey:00', + '-section_name', 'fips_install', + '-corrupt_desc', 'DSA', + '-corrupt_type', 'KAT_Signature'])), + "fipsinstall fails when the signature result is corrupted"); -- 2.25.1