Add data driven SELF TEST code for signatures and key agreement
authorShane Lontis <shane.lontis@oracle.com>
Fri, 3 Apr 2020 06:50:36 +0000 (16:50 +1000)
committerShane Lontis <shane.lontis@oracle.com>
Fri, 3 Apr 2020 06:50:36 +0000 (16:50 +1000)
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11036)

doc/man7/OSSL_PROVIDER-FIPS.pod
include/openssl/self_test.h
providers/fips/fipsprov.c
providers/fips/self_test_data.inc
providers/fips/self_test_kats.c
test/recipes/03-test_fipsinstall.t

index 56844deeb98131a3c35d89c75a5dfde69d3bce7f..92dab0e88a74898184cebc162c75b2ea149098f8 100644 (file)
@@ -245,12 +245,14 @@ Signature tests used with the "KAT_Signature" type.
 
 =item "ECDH" (B<OSSL_SELF_TEST_DESC_KA_ECDH>)
 
-=item "ECDSA" (B<OSSL_SELF_TEST_DESC_KA_ECDSA>)
+=item "DH" (B<OSSL_SELF_TEST_DESC_KA_DH>)
 
 Key agreement tests used with the "KAT_KA" type.
 
 =item "HKDF" (B<OSSL_SELF_TEST_DESC_KDF_HKDF>)
 
+=item "SSKDF" (B<OSSL_SELF_TEST_DESC_KDF_SSKDF>)
+
 Key Derivation Function tests used with the "KAT_KDF" type.
 
 =item "CTR" (B<OSSL_SELF_TEST_DESC_DRBG_CTR>)
index 478d4b3cd5207396a4ea462c178e296d37cd1a6d..b4981e547f611b7f227f19624f43b2bb118bfea3 100644 (file)
@@ -52,9 +52,10 @@ extern "C" {
 # define OSSL_SELF_TEST_DESC_DRBG_CTR       "CTR"
 # define OSSL_SELF_TEST_DESC_DRBG_HASH      "HASH"
 # define OSSL_SELF_TEST_DESC_DRBG_HMAC      "HMAC"
+# define OSSL_SELF_TEST_DESC_KA_DH          "DH"
 # define OSSL_SELF_TEST_DESC_KA_ECDH        "ECDH"
-# define OSSL_SELF_TEST_DESC_KA_ECDSA       "ECDSA"
 # define OSSL_SELF_TEST_DESC_KDF_HKDF       "HKDF"
+# define OSSL_SELF_TEST_DESC_KDF_SSKDF      "SSKDF"
 
 # ifdef __cplusplus
 }
index 8fbb618527706ba472bf7367d60979fc7d888b02..c107d690b7a8f98419f66f9f072d1fddfe00454f 100644 (file)
@@ -126,349 +126,6 @@ static OSSL_PARAM core_params[] =
     OSSL_PARAM_END
 };
 
-/*
- * Convert a string into a bignumber.
- * The array of hex_data is used to get around compilers that dont like
- * strings longer than 509 bytes,
- */
-#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA)
-static int hextobn(const char *hex_data[], BIGNUM **bn)
-{
-    int ret = 0;
-    int i, slen;
-    char *str = NULL;
-
-    /* Get the total length of the strings */
-    for (slen = 0, i = 0; hex_data[i] != NULL; ++i)
-        slen += strlen(hex_data[i]);
-
-    /* Add 1 for the string terminator */
-    str = OPENSSL_zalloc(slen + 1);
-    if (str == NULL)
-        return 0;
-
-    /* join the strings together into 1 buffer */
-    for (i = 0; hex_data[i] != NULL; ++i)
-        strcat(str, hex_data[i]);
-
-    if (BN_hex2bn(bn, str) <= 0)
-        goto err;
-    ret = 1;
-err:
-    OPENSSL_free(str);
-    return ret;
-}
-#endif /* !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA) */
-
-#ifndef OPENSSL_NO_DH
-static int hextobin(const char *hex_data[], unsigned char **out, size_t *len)
-{
-    int ret = 0, sz;
-    BIGNUM *bn = NULL;
-    unsigned char *buf = NULL;
-
-    if (!hextobn(hex_data, &bn))
-        return 0;
-    sz = BN_num_bytes(bn);
-    buf = OPENSSL_zalloc(sz);
-    if (buf == NULL)
-        goto err;
-    if (BN_bn2binpad(bn, buf, sz) <= 0)
-        goto err;
-
-    *out = buf;
-    *len = sz;
-    buf = NULL; /* Set to NULL so it is not freed */
-    ret = 1;
-err:
-    OPENSSL_free(buf);
-    BN_free(bn);
-    return ret;
-}
-#endif
-
-#ifndef OPENSSL_NO_DSA
-static int dsa_key_signature_test(OPENSSL_CTX *libctx)
-{
-    int ret = 0;
-    BIGNUM *p = NULL, *q = NULL, *g = NULL;
-    BIGNUM *pub = NULL, *priv = NULL;
-    OSSL_PARAM *params = NULL, *params_sig = NULL;
-    OSSL_PARAM_BLD *bld = NULL;
-    EVP_PKEY_CTX *sctx = NULL, *kctx = NULL;
-    EVP_PKEY *pkey = NULL;
-    unsigned char sig[64];
-    size_t siglen;
-
-    static const unsigned char dgst[SHA256_DIGEST_LENGTH] = {
-        0x7f, 0x83, 0xb1, 0x65, 0x7f, 0xf1, 0xfc, 0x53, 0xb9, 0x2d, 0xc1, 0x81,
-        0x48, 0xa1, 0xd6, 0x5d, 0xfc, 0x2d, 0x4b, 0x1f, 0xa3, 0xd6, 0x77, 0x28,
-        0x4a, 0xdd, 0xd2, 0x00, 0x12, 0x6d, 0x90, 0x69
-    };
-    /* dsa 2048 */
-    static const char *dsa_p_hex[] = {
-        "a29b8872ce8b8423b7d5d21d4b02f57e03e9e6b8a258dc16611ba098ab543415"
-        "e415f156997a3ee236658fa093260de3ad422e05e046f9ec29161a375f0eb4ef"
-        "fcef58285c5d39ed425d7a62ca12896c4a92cb1946f2952a48133f07da364d1b"
-        "df6b0f7139983e693c80059b0eacd1479ba9f2857754ede75f112b07ebbf3534",
-        "8bbf3e01e02f2d473de39453f99dd2367541caca3ba01166343d7b5b58a37bd1"
-        "b7521db2f13b86707132fe09f4cd09dc1618fa3401ebf9cc7b19fa94aa472088"
-        "133d6cb2d35c1179c8c8ff368758d507d9f9a17d46c110fe3144ce9b022b42e4"
-        "19eb4f5388613bfc3e26241a432e8706bc58ef76117278deab6cf692618291b7",
-         NULL
-    };
-    static const char *dsa_q_hex[] = {
-        "a3bfd9ab7884794e383450d5891dc18b65157bdcfcdac51518902867",
-        NULL
-    };
-    static const char *dsa_g_hex[] = {
-        "6819278869c7fd3d2d7b77f77e8150d9ad433bea3ba85efc80415aa3545f78f7"
-        "2296f06cb19ceda06c94b0551cfe6e6f863e31d1de6eed7dab8b0c9df231e084"
-        "34d1184f91d033696bb382f8455e9888f5d31d4784ec40120246f4bea61794bb"
-        "a5866f09746463bdf8e9e108cd9529c3d0f6df80316e2e70aaeb1b26cdb8ad97",
-        "bc3d287e0b8d616c42e65b87db20deb7005bc416747a6470147a68a7820388eb"
-        "f44d52e0628af9cf1b7166d03465f35acc31b6110c43dabc7c5d591e671eaf7c"
-        "252c1c145336a1a4ddf13244d55e835680cab2533b82df2efe55ec18c1e6cd00"
-        "7bb089758bb17c2cbe14441bd093ae66e5976d53733f4fa3269701d31d23d467",
-        NULL
-    };
-    static const char *dsa_pub_hex[] = {
-        "a012b3b170b307227957b7ca2061a816ac7a2b3d9ae995a5119c385b603bf6f6"
-        "c5de4dc5ecb5dfa4a41c68662eb25b638b7e2620ba898d07da6c4991e76cc0ec"
-        "d1ad3421077067e47c18f58a92a72ad43199ecb7bd84e7d3afb9019f0e9dd0fb"
-        "aa487300b13081e33c902876436f7b03c345528481d362815e24fe59dac5ac34",
-        "660d4c8a76cb99a7c7de93eb956cd6bc88e58d901034944a094b01803a43c672"
-        "b9688c0e01d8f4fc91c62a3f88021f7bd6a651b1a88f43aa4ef27653d12bf8b7"
-        "099fdf6b461082f8e939107bfd2f7210087d326c375200f1f51e7e74a3413190"
-        "1bcd0863521ff8d676c48581868736c5e51b16a4e39215ea0b17c4735974c516",
-        NULL
-    };
-    static const char *dsa_priv_hex[] = {
-        "6ccaeef6d73b4e80f11c17b8e9627c036635bac39423505e407e5cb7",
-        NULL
-    };
-
-    if (!hextobn(dsa_p_hex, &p)
-        || !hextobn(dsa_q_hex, &q)
-        || !hextobn(dsa_g_hex, &g)
-        || !hextobn(dsa_pub_hex, &pub)
-        || !hextobn(dsa_priv_hex, &priv))
-        goto err;
-
-    bld = OSSL_PARAM_BLD_new();
-    if (bld == NULL
-        || !OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p)
-        || !OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q)
-        || !OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g)
-        || !OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY, pub)
-        || !OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY, priv))
-        goto err;
-    params = OSSL_PARAM_BLD_to_param(bld);
-
-    /* Create a EVP_PKEY_CTX to load the DSA key into */
-    kctx = EVP_PKEY_CTX_new_from_name(libctx, SN_dsa, "");
-    if (kctx == NULL || params == NULL)
-        goto err;
-    if (EVP_PKEY_key_fromdata_init(kctx) <= 0
-        || EVP_PKEY_fromdata(kctx, &pkey, params) <= 0)
-        goto err;
-
-    /* Create a EVP_PKEY_CTX to use for the signing operation */
-    sctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, NULL);
-    if (sctx == NULL
-        || EVP_PKEY_sign_init(sctx) <= 0)
-        goto err;
-
-    /* set signature parameters */
-    if (!OSSL_PARAM_BLD_push_utf8_string(bld, OSSL_SIGNATURE_PARAM_DIGEST,
-                                         SN_sha256,strlen(SN_sha256) + 1))
-        goto err;
-    params_sig = OSSL_PARAM_BLD_to_param(bld);
-    if (EVP_PKEY_CTX_set_params(sctx, params_sig) <= 0)
-        goto err;
-
-    if (EVP_PKEY_sign(sctx, sig, &siglen, dgst, sizeof(dgst)) <= 0
-        || EVP_PKEY_verify_init(sctx) <= 0
-        || EVP_PKEY_verify(sctx, sig, siglen, dgst, sizeof(dgst)) <= 0)
-        goto err;
-    ret = 1;
-err:
-    OSSL_PARAM_BLD_free_params(params);
-    OSSL_PARAM_BLD_free_params(params_sig);
-    OSSL_PARAM_BLD_free(bld);
-    BN_free(p);
-    BN_free(q);
-    BN_free(g);
-    BN_free(pub);
-    BN_free(priv);
-    EVP_PKEY_free(pkey);
-    EVP_PKEY_CTX_free(kctx);
-    EVP_PKEY_CTX_free(sctx);
-    return ret;
-}
-#endif /* OPENSSL_NO_DSA */
-
-#ifndef OPENSSL_NO_DH
-static int dh_key_exchange_test(OPENSSL_CTX *libctx)
-{
-    int ret = 0;
-    BIGNUM *p = NULL, *q = NULL, *g = NULL;
-    BIGNUM *pub = NULL, *priv = NULL, *pub_peer = NULL;
-    unsigned char *kat_secret = NULL;
-    EVP_PKEY_CTX *kactx = NULL, *dctx = NULL;
-    EVP_PKEY *pkey = NULL, *peerkey = NULL;
-    OSSL_PARAM *params = NULL;
-    OSSL_PARAM *params_peer = NULL;
-    unsigned char secret[256];
-    size_t secret_len, kat_secret_len = 0;
-    OSSL_PARAM_BLD *bld = NULL;
-
-    /* DH KAT */
-    static const char *dh_p_hex[] = {
-        "dcca1511b2313225f52116e1542789e001f0425bccc7f366f7406407f1c9fa8b"
-        "e610f1778bb170be39dbb76f85bf24ce6880adb7629f7c6d015e61d43fa3ee4d"
-        "e185f2cfd041ffde9d418407e15138bb021daeb35f762d1782acc658d32bd4b0"
-        "232c927dd38fa097b3d1859fa8acafb98f066608fc644ec7ddb6f08599f92ac1",
-        "b59825da8432077def695646063c20823c9507ab6f0176d4730d990dbbe6361c"
-        "d8b2b94d3d2f329b82099bd661f42950f403df3ede62a33188b02798ba823f44"
-        "b946fe9df677a0c5a1238eaa97b70f80da8cac88e092b1127060ffbf45579994"
-        "011dc2faa5e7f6c76245e1cc312231c17d1ca6b19007ef0db99f9cb60e1d5f69",
-        NULL
-    };
-    static const char *dh_q_hex[] = {
-        "898b226717ef039e603e82e5c7afe48374ac5f625c54f1ea11acb57d",
-        NULL
-    };
-    static const char *dh_g_hex[] = {
-        "5ef7b88f2df60139351dfbfe1266805fdf356cdfd13a4da0050c7ede"
-        "246df59f6abf96ade5f2b28ffe88d6bce7f7894a3d535fc82126ddd4"
-        "24872e16b838df8c51e9016f889c7c203e98a8b631f9c72563d38a49"
-        "589a0753d358e783318cefd9677c7b2dbb77d6dce2a1963795ca64b9",
-        "2d1c9aac6d0e8d431de5e50060dff78689c9eca1c1248c16ed09c7ad",
-        "412a17406d2b525aa1cabb237b9734ec7b8ce3fae02f29c5efed30d6"
-        "9187da109c2c9fe2aadbb0c22af54c616655000c431c6b4a379763b0"
-        "a91658efc84e8b06358c8b4f213710fd10172cf39b830c2dd84a0c8a"
-        "b82516ecab995fa4215e023e4ecf8074c39d6c88b70d1ee4e96fdc20",
-        "ea115c32",
-        NULL
-    };
-    static const char *dh_priv_hex[] = {
-        "1433e0b5a917b60a3023f2f8aa2c2d70d2968aba9aeac81540b8fce6",
-        NULL
-    };
-    static const char *dh_pub_hex[] = {
-        "95dd338d29e5710492b918317b72a36936e1951a2ee5a5591699c048"
-        "6d0d4f9bdd6d5a3f6b98890c62b37652d36e712111e68a7355372506"
-        "99efe330537391fbc2c548bc5ac3e5b23386c3eef5eb43c099d70a52"
-        "02687e83964248fca91f40908e8fb3319315f6d2606d7f7cd52cc6e7",
-        "c5843afb22519cf0f0f9d3a0a4e8c88899efede7364351fb6a363ee7"
-        "17e5445adab4c931a6483997b87dad83677e4d1d3a7775e0f6d00fdf"
-        "73c7ad801e665a0e5a796d0a0380a19fa182efc8a04f5e4db90d1a86"
-        "37f95db16436bdc8f3fc096c4ff7f234be8fef479ac4b0dc4b77263e",
-        "07d9959de0f1bf3f0ae3d9d50e4b89c99e3ea1217343dd8c6581acc4"
-        "959c91d3",
-        NULL
-    };
-    static const char *dh_peer_pub_hex[] = {
-        "1fc1da341d1a846a96b7be24340f877dd010aa0356d5ad58aae9c7b0"
-        "8f749a32235110b5d88eb5dbfa978d27ecc530f02d3114005b64b1c0"
-        "e024cb8ae21698bca9e60d42808622f181c56e1de7a96e6efee9d665"
-        "67e91b977042c7e3d0448f05fb77f522b9bfc8d33cc3c31ed3b31f0f",
-        "ecb6db4f6ea311e77afdbcd47aee1bb150f216873578fb96468e8f9f"
-        "3de8efbfce75624b1df05322a34f1463e839e8984c4ad0a96e1ac842"
-        "e5318cc23c062a8ca171b8d575980dde7fc56f1536523820d43192bf"
-        "d51e8e228978aca5b94472f339caeb9931b42be301268bc99789c9b2",
-        "5571c3c0e4cb3f007f1a511cbb53c8519cdd1302abca6c0f34f96739"
-        "f17ff48b",
-        NULL
-    };
-    static const char *dh_secret_exptd_hex[] = {
-        "08ff33bb2ecff49a7d4a7912aeb1bb6ab511641b4a76770c8cc1bcc2"
-        "33343dfe700d11813d2c9ed23b211ca9e8786921edca283c68b16153"
-        "fa01e91ab82c90ddab4a95816770a98710e14c92ab83b6e46e1e426e"
-        "e852430d6187daa3720a6bcd73235c6b0f941f3364f50420551a4bfe",
-        "afe2bc438505a59a4a40daca7a895a73db575c74c13a23ad8832957d"
-        "582d38f0a6165fb0d7e9b8799e42fd3220e332e98185a0c9429757b2"
-        "d0d02c17dbaa1ff6ed93d7e73e241eaed90caf394d2bc6570f18c81f"
-        "2be5d01a2ca99ff142b5d963f9f500325e7556f95849b3ffc7479486",
-        "be1d4596a3106bd5cb4f61c57ec5f100fb7a0c82a10b82526a97d1d9"
-        "7d98eaf6",
-        NULL
-    };
-
-    if (!hextobn(dh_p_hex, &p)
-        || !hextobn(dh_q_hex, &q)
-        || !hextobn(dh_g_hex, &g)
-        || !hextobn(dh_pub_hex, &pub)
-        || !hextobn(dh_priv_hex, &priv)
-        || !hextobn(dh_peer_pub_hex, &pub_peer)
-        || !hextobin(dh_secret_exptd_hex, &kat_secret, &kat_secret_len))
-        goto err;
-
-    bld = OSSL_PARAM_BLD_new();
-    if (bld == NULL
-        || !OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p)
-        || !OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q)
-        || !OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g)
-        || !OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY, pub)
-        || !OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY, priv))
-        goto err;
-    params = OSSL_PARAM_BLD_to_param(bld);
-
-    if (!OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p)
-        || !OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q)
-        || !OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g)
-        || !OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY, pub_peer))
-        goto err;
-
-    params_peer = OSSL_PARAM_BLD_to_param(bld);
-    if (params == NULL || params_peer == NULL)
-        goto err;
-
-    /* Create a EVP_PKEY_CTX to load the DH keys into */
-    kactx = EVP_PKEY_CTX_new_from_name(libctx, "DH", "");
-    if (kactx == NULL)
-        goto err;
-    if (EVP_PKEY_key_fromdata_init(kactx) <= 0
-        || EVP_PKEY_fromdata(kactx, &pkey, params) <= 0)
-        goto err;
-    if (EVP_PKEY_key_fromdata_init(kactx) <= 0
-        || EVP_PKEY_fromdata(kactx, &peerkey, params_peer) <= 0)
-        goto err;
-
-    /* Create a EVP_PKEY_CTX to perform key derivation */
-    dctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, NULL);
-    if (dctx == NULL)
-        goto err;
-
-    if (EVP_PKEY_derive_init(dctx) <= 0
-        || EVP_PKEY_derive_set_peer(dctx, peerkey) <= 0
-        || EVP_PKEY_derive(dctx, secret, &secret_len) <= 0)
-        goto err;
-
-    if (secret_len != kat_secret_len
-        || memcmp(secret, kat_secret, secret_len) != 0)
-        goto err;
-    ret = 1;
-err:
-    OSSL_PARAM_BLD_free(bld);
-    OSSL_PARAM_BLD_free_params(params_peer);
-    OSSL_PARAM_BLD_free_params(params);
-    BN_free(p);
-    BN_free(q);
-    BN_free(g);
-    BN_free(pub);
-    BN_free(priv);
-    BN_free(pub_peer);
-    OPENSSL_free(kat_secret);
-    EVP_PKEY_free(pkey);
-    EVP_PKEY_free(peerkey);
-    EVP_PKEY_CTX_free(kactx);
-    EVP_PKEY_CTX_free(dctx);
-    return ret;
-}
-#endif /* OPENSSL_NO_DH */
-
 /* TODO(3.0): To be removed */
 static int dummy_evp_call(void *provctx)
 {
@@ -536,16 +193,6 @@ static int dummy_evp_call(void *provctx)
         goto err;
 #endif
 
-#ifndef OPENSSL_NO_DSA
-    if (!dsa_key_signature_test(libctx))
-        goto err;
-#endif
-
-#ifndef OPENSSL_NO_DH
-    if (!dh_key_exchange_test(libctx))
-        goto err;
-#endif /* OPENSSL_NO_DH */
-
     ret = 1;
  err:
     BN_CTX_end(bnctx);
index c91e7d83c1541a17e5f39d3fd04a8fb995697522..43de2aa3f2cad869d575bd408d5439769c0da7ac 100644 (file)
@@ -7,6 +7,26 @@
  * https://www.openssl.org/source/license.html
  */
 
+/* Macros to build Self test data */
+#define ITM(x) x, sizeof(x)
+#define ITM_STR(x) x, (sizeof(x) - 1)
+
+#define ST_KAT_PARAM_END() { "", 0, NULL, 0 }
+#define ST_KAT_PARAM_BIGNUM(name, data)                                        \
+    { name, OSSL_PARAM_UNSIGNED_INTEGER, ITM(data) }
+#define ST_KAT_PARAM_OCTET(name, data)                                         \
+    { name, OSSL_PARAM_OCTET_STRING, ITM(data) }
+#define ST_KAT_PARAM_UTF8STRING(name, data)                                    \
+    { name, OSSL_PARAM_UTF8_STRING, ITM_STR(data) }
+
+/* used to store raw parameters for keys and algorithms */
+typedef struct st_kat_param_st {
+    const char *name;  /* an OSSL_PARAM name */
+    size_t type;       /* the type associated with the data */
+    const void *data;  /* unsigned char [], or char [] depending on the type */
+    size_t data_len;   /* the length of the data */
+} ST_KAT_PARAM;
+
 typedef struct st_kat_st {
     const char *desc;
     const char *algorithm;
@@ -29,15 +49,10 @@ typedef struct st_kat_cipher_st {
     size_t tag_len;
 } ST_KAT_CIPHER;
 
-typedef struct st_kat_nvp_st {
-    const char *name;
-    const char *value;
-} ST_KAT_NVP;
-
 typedef struct st_kat_kdf_st {
     const char *desc;
     const char *algorithm;
-    const ST_KAT_NVP *ctrls;
+    const ST_KAT_PARAM *params;
     const unsigned char *expected;
     size_t expected_len;
 } ST_KAT_KDF;
@@ -64,9 +79,26 @@ typedef struct st_kat_drbg_st {
     size_t expectedlen;
 } ST_KAT_DRBG;
 
-/* Macros to build Self test data */
-#define ITM(x) x, sizeof(x)
-#define ITM_STR(x) x, sizeof(x) - 1
+typedef struct st_kat_kas_st {
+    const char *desc;
+    const char *algorithm;
+
+    const ST_KAT_PARAM *key_group;
+    const ST_KAT_PARAM *key_host_data;
+    const ST_KAT_PARAM *key_peer_data;
+
+    const unsigned char *expected;
+    size_t expected_len;
+} ST_KAT_KAS;
+
+typedef struct st_kat_sign_st {
+    const char *desc;
+    const char *algorithm;
+    const char *mdalgorithm;
+    const ST_KAT_PARAM *key;
+    const unsigned char *sig_expected; /* Set to NULL if this value changes */
+    size_t sig_expected_len;
+} ST_KAT_SIGN;
 
 /*- DIGEST TEST DATA */
 static const unsigned char sha1_pt[] = "abc";
@@ -118,11 +150,11 @@ static const ST_KAT_DIGEST st_kat_digest_tests[] =
 
 /* DES3 test data */
 static const unsigned char des_ede3_cbc_pt[] = {
-    0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 0xE9, 0x3D, 0x7E, 0x11,
-    0x73, 0x93, 0x17, 0x2A, 0xAE, 0x2D, 0x8A, 0x57, 0x1E, 0x03, 0xAC, 0x9C,
+    0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96,
+    0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A,
+    0xAE, 0x2D, 0x8A, 0x57, 0x1E, 0x03, 0xAC, 0x9C,
     0x9E, 0xB7, 0x6F, 0xAC, 0x45, 0xAF, 0x8E, 0x51
 };
-
 static const unsigned char des_ede3_cbc_key[] = {
     0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
     0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x01,
@@ -132,34 +164,38 @@ static const unsigned char des_ede3_cbc_iv[] = {
     0xF6, 0x9F, 0x24, 0x45, 0xDF, 0x4F, 0x9B, 0x17
 };
 static const unsigned char des_ede3_cbc_ct[] = {
-    0x20, 0x79, 0xC3, 0xD5, 0x3A, 0xA7, 0x63, 0xE1, 0x93, 0xB7, 0x9E, 0x25,
-    0x69, 0xAB, 0x52, 0x62, 0x51, 0x65, 0x70, 0x48, 0x1F, 0x25, 0xB5, 0x0F,
+    0x20, 0x79, 0xC3, 0xD5, 0x3A, 0xA7, 0x63, 0xE1,
+    0x93, 0xB7, 0x9E, 0x25, 0x69, 0xAB, 0x52, 0x62,
+    0x51, 0x65, 0x70, 0x48, 0x1F, 0x25, 0xB5, 0x0F,
     0x73, 0xC0, 0xBD, 0xA8, 0x5C, 0x8E, 0x0D, 0xA7
 };
 
+/* AES-256 GCM test data */
 static const unsigned char aes_256_gcm_key[] = {
-    0x92,0xe1,0x1d,0xcd,0xaa,0x86,0x6f,0x5c,0xe7,0x90,0xfd,0x24,
-    0x50,0x1f,0x92,0x50,0x9a,0xac,0xf4,0xcb,0x8b,0x13,0x39,0xd5,
-    0x0c,0x9c,0x12,0x40,0x93,0x5d,0xd0,0x8b
+    0x92, 0xe1, 0x1d, 0xcd, 0xaa, 0x86, 0x6f, 0x5c,
+    0xe7, 0x90, 0xfd, 0x24, 0x50, 0x1f, 0x92, 0x50,
+    0x9a, 0xac, 0xf4, 0xcb, 0x8b, 0x13, 0x39, 0xd5,
+    0x0c, 0x9c, 0x12, 0x40, 0x93, 0x5d, 0xd0, 0x8b
 };
 static const unsigned char aes_256_gcm_iv[] = {
-    0xac,0x93,0xa1,0xa6,0x14,0x52,0x99,0xbd,0xe9,0x02,0xf2,0x1a
+    0xac, 0x93, 0xa1, 0xa6, 0x14, 0x52, 0x99, 0xbd,
+    0xe9, 0x02, 0xf2, 0x1a
 };
 static const unsigned char aes_256_gcm_pt[] = {
-    0x2d,0x71,0xbc,0xfa,0x91,0x4e,0x4a,0xc0,0x45,0xb2,0xaa,0x60,
-    0x95,0x5f,0xad,0x24
+    0x2d, 0x71, 0xbc, 0xfa, 0x91, 0x4e, 0x4a, 0xc0,
+    0x45, 0xb2, 0xaa, 0x60, 0x95, 0x5f, 0xad, 0x24
 };
 static const unsigned char aes_256_gcm_aad[] = {
-    0x1e,0x08,0x89,0x01,0x6f,0x67,0x60,0x1c,0x8e,0xbe,0xa4,0x94,
-    0x3b,0xc2,0x3a,0xd6
+    0x1e, 0x08, 0x89, 0x01, 0x6f, 0x67, 0x60, 0x1c,
+    0x8e, 0xbe, 0xa4, 0x94, 0x3b, 0xc2, 0x3a, 0xd6
 };
 static const unsigned char aes_256_gcm_ct[] = {
-    0x89,0x95,0xae,0x2e,0x6d,0xf3,0xdb,0xf9,0x6f,0xac,0x7b,0x71,
-    0x37,0xba,0xe6,0x7f
+    0x89, 0x95, 0xae, 0x2e, 0x6d, 0xf3, 0xdb, 0xf9,
+    0x6f, 0xac, 0x7b, 0x71, 0x37, 0xba, 0xe6, 0x7f
 };
 static const unsigned char aes_256_gcm_tag[] = {
-    0xec,0xa5,0xaa,0x77,0xd5,0x1d,0x4a,0x0a,0x14,0xd9,0xc5,0x1e,
-    0x1d,0xa4,0x74,0xab
+    0xec, 0xa5, 0xaa, 0x77, 0xd5, 0x1d, 0x4a, 0x0a,
+    0x14, 0xd9, 0xc5, 0x1e, 0x1d, 0xa4, 0x74, 0xab
 };
 
 static const ST_KAT_CIPHER st_kat_cipher_tests[] = {
@@ -189,27 +225,65 @@ static const ST_KAT_CIPHER st_kat_cipher_tests[] = {
     }
 };
 
-/*- KDF TEST DATA */
+static const char hkdf_digest[] = "SHA256";
+static const unsigned char hkdf_secret[] = { 's', 'e', 'c', 'r', 'e', 't' };
+static const unsigned char hkdf_salt[] = { 's', 'a', 'l', 't' };
+static const unsigned char hkdf_info[] = { 'l', 'a', 'b', 'e', 'l' };
 
-static const ST_KAT_NVP hkdf_ctrl[] =
-{
-    { "digest", "SHA256" },
-    { "key", "secret" },
-    { "salt", "salt" },
-    { "info", "label" },
-    { NULL, NULL }
+static const ST_KAT_PARAM hkdf_params[] = {
+    ST_KAT_PARAM_UTF8STRING(OSSL_KDF_PARAM_DIGEST, hkdf_digest),
+    ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_KEY, hkdf_secret),
+    ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_SALT, hkdf_salt),
+    ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_INFO, hkdf_info),
+    ST_KAT_PARAM_END()
 };
 static const unsigned char hkdf_expected[] = {
-    0x2a, 0xc4, 0x36, 0x9f, 0x52, 0x59, 0x96, 0xf8, 0xde, 0x13
+    0x2a, 0xc4, 0x36, 0x9f, 0x52, 0x59, 0x96, 0xf8,
+    0xde, 0x13
+};
+
+static const char sskdf_digest[] = "SHA224";
+static const unsigned char sskdf_secret[] = {
+    0x6d, 0xbd, 0xc2, 0x3f, 0x04, 0x54, 0x88, 0xe4,
+    0x06, 0x27, 0x57, 0xb0, 0x6b, 0x9e, 0xba, 0xe1,
+    0x83, 0xfc, 0x5a, 0x59, 0x46, 0xd8, 0x0d, 0xb9,
+    0x3f, 0xec, 0x6f, 0x62, 0xec, 0x07, 0xe3, 0x72,
+    0x7f, 0x01, 0x26, 0xae, 0xd1, 0x2c, 0xe4, 0xb2,
+    0x62, 0xf4, 0x7d, 0x48, 0xd5, 0x42, 0x87, 0xf8,
+    0x1d, 0x47, 0x4c, 0x7c, 0x3b, 0x18, 0x50, 0xe9
+};
+static const unsigned char sskdf_otherinfo[] = {
+    0xa1, 0xb2, 0xc3, 0xd4, 0xe5, 0x43, 0x41, 0x56,
+    0x53, 0x69, 0x64, 0x3c, 0x83, 0x2e, 0x98, 0x49,
+    0xdc, 0xdb, 0xa7, 0x1e, 0x9a, 0x31, 0x39, 0xe6,
+    0x06, 0xe0, 0x95, 0xde, 0x3c, 0x26, 0x4a, 0x66,
+    0xe9, 0x8a, 0x16, 0x58, 0x54, 0xcd, 0x07, 0x98,
+    0x9b, 0x1e, 0xe0, 0xec, 0x3f, 0x8d, 0xbe
+};
+static const unsigned char sskdf_expected[] = {
+    0xa4, 0x62, 0xde, 0x16, 0xa8, 0x9d, 0xe8, 0x46,
+    0x6e, 0xf5, 0x46, 0x0b, 0x47, 0xb8
+};
+static const ST_KAT_PARAM sskdf_params[] = {
+    ST_KAT_PARAM_UTF8STRING(OSSL_KDF_PARAM_DIGEST, sskdf_digest),
+    ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_KEY, sskdf_secret),
+    ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_INFO, sskdf_otherinfo),
+    ST_KAT_PARAM_END()
 };
 
 static const ST_KAT_KDF st_kat_kdf_tests[] =
 {
     {
         OSSL_SELF_TEST_DESC_KDF_HKDF,
-        "HKDF",
-        hkdf_ctrl,
+        OSSL_KDF_NAME_HKDF,
+        hkdf_params,
         ITM(hkdf_expected)
+    },
+    {
+        OSSL_SELF_TEST_DESC_KDF_SSKDF,
+        OSSL_KDF_NAME_SSKDF,
+        sskdf_params,
+        ITM(sskdf_expected)
     }
 };
 
@@ -422,3 +496,691 @@ static const ST_KAT_DRBG st_kat_drbg_tests[] =
         ITM(drbg_hmac_sha1_pr_expected)
     }
 };
+
+/* KEY EXCHANGE TEST DATA */
+
+#ifndef OPENSSL_NO_DH
+/* DH KAT */
+static const unsigned char dh_p[] = {
+    0xdc, 0xca, 0x15, 0x11, 0xb2, 0x31, 0x32, 0x25,
+    0xf5, 0x21, 0x16, 0xe1, 0x54, 0x27, 0x89, 0xe0,
+    0x01, 0xf0, 0x42, 0x5b, 0xcc, 0xc7, 0xf3, 0x66,
+    0xf7, 0x40, 0x64, 0x07, 0xf1, 0xc9, 0xfa, 0x8b,
+    0xe6, 0x10, 0xf1, 0x77, 0x8b, 0xb1, 0x70, 0xbe,
+    0x39, 0xdb, 0xb7, 0x6f, 0x85, 0xbf, 0x24, 0xce,
+    0x68, 0x80, 0xad, 0xb7, 0x62, 0x9f, 0x7c, 0x6d,
+    0x01, 0x5e, 0x61, 0xd4, 0x3f, 0xa3, 0xee, 0x4d,
+    0xe1, 0x85, 0xf2, 0xcf, 0xd0, 0x41, 0xff, 0xde,
+    0x9d, 0x41, 0x84, 0x07, 0xe1, 0x51, 0x38, 0xbb,
+    0x02, 0x1d, 0xae, 0xb3, 0x5f, 0x76, 0x2d, 0x17,
+    0x82, 0xac, 0xc6, 0x58, 0xd3, 0x2b, 0xd4, 0xb0,
+    0x23, 0x2c, 0x92, 0x7d, 0xd3, 0x8f, 0xa0, 0x97,
+    0xb3, 0xd1, 0x85, 0x9f, 0xa8, 0xac, 0xaf, 0xb9,
+    0x8f, 0x06, 0x66, 0x08, 0xfc, 0x64, 0x4e, 0xc7,
+    0xdd, 0xb6, 0xf0, 0x85, 0x99, 0xf9, 0x2a, 0xc1,
+    0xb5, 0x98, 0x25, 0xda, 0x84, 0x32, 0x07, 0x7d,
+    0xef, 0x69, 0x56, 0x46, 0x06, 0x3c, 0x20, 0x82,
+    0x3c, 0x95, 0x07, 0xab, 0x6f, 0x01, 0x76, 0xd4,
+    0x73, 0x0d, 0x99, 0x0d, 0xbb, 0xe6, 0x36, 0x1c,
+    0xd8, 0xb2, 0xb9, 0x4d, 0x3d, 0x2f, 0x32, 0x9b,
+    0x82, 0x09, 0x9b, 0xd6, 0x61, 0xf4, 0x29, 0x50,
+    0xf4, 0x03, 0xdf, 0x3e, 0xde, 0x62, 0xa3, 0x31,
+    0x88, 0xb0, 0x27, 0x98, 0xba, 0x82, 0x3f, 0x44,
+    0xb9, 0x46, 0xfe, 0x9d, 0xf6, 0x77, 0xa0, 0xc5,
+    0xa1, 0x23, 0x8e, 0xaa, 0x97, 0xb7, 0x0f, 0x80,
+    0xda, 0x8c, 0xac, 0x88, 0xe0, 0x92, 0xb1, 0x12,
+    0x70, 0x60, 0xff, 0xbf, 0x45, 0x57, 0x99, 0x94,
+    0x01, 0x1d, 0xc2, 0xfa, 0xa5, 0xe7, 0xf6, 0xc7,
+    0x62, 0x45, 0xe1, 0xcc, 0x31, 0x22, 0x31, 0xc1,
+    0x7d, 0x1c, 0xa6, 0xb1, 0x90, 0x07, 0xef, 0x0d,
+    0xb9, 0x9f, 0x9c, 0xb6, 0x0e, 0x1d, 0x5f, 0x69
+};
+static const unsigned char dh_q[] = {
+    0x89, 0x8b, 0x22, 0x67, 0x17, 0xef, 0x03, 0x9e,
+    0x60, 0x3e, 0x82, 0xe5, 0xc7, 0xaf, 0xe4, 0x83,
+    0x74, 0xac, 0x5f, 0x62, 0x5c, 0x54, 0xf1, 0xea,
+    0x11, 0xac, 0xb5, 0x7d
+};
+static const unsigned char dh_g[] = {
+    0x5e, 0xf7, 0xb8, 0x8f, 0x2d, 0xf6, 0x01, 0x39,
+    0x35, 0x1d, 0xfb, 0xfe, 0x12, 0x66, 0x80, 0x5f,
+    0xdf, 0x35, 0x6c, 0xdf, 0xd1, 0x3a, 0x4d, 0xa0,
+    0x05, 0x0c, 0x7e, 0xde, 0x24, 0x6d, 0xf5, 0x9f,
+    0x6a, 0xbf, 0x96, 0xad, 0xe5, 0xf2, 0xb2, 0x8f,
+    0xfe, 0x88, 0xd6, 0xbc, 0xe7, 0xf7, 0x89, 0x4a,
+    0x3d, 0x53, 0x5f, 0xc8, 0x21, 0x26, 0xdd, 0xd4,
+    0x24, 0x87, 0x2e, 0x16, 0xb8, 0x38, 0xdf, 0x8c,
+    0x51, 0xe9, 0x01, 0x6f, 0x88, 0x9c, 0x7c, 0x20,
+    0x3e, 0x98, 0xa8, 0xb6, 0x31, 0xf9, 0xc7, 0x25,
+    0x63, 0xd3, 0x8a, 0x49, 0x58, 0x9a, 0x07, 0x53,
+    0xd3, 0x58, 0xe7, 0x83, 0x31, 0x8c, 0xef, 0xd9,
+    0x67, 0x7c, 0x7b, 0x2d, 0xbb, 0x77, 0xd6, 0xdc,
+    0xe2, 0xa1, 0x96, 0x37, 0x95, 0xca, 0x64, 0xb9,
+    0x2d, 0x1c, 0x9a, 0xac, 0x6d, 0x0e, 0x8d, 0x43,
+    0x1d, 0xe5, 0xe5, 0x00, 0x60, 0xdf, 0xf7, 0x86,
+    0x89, 0xc9, 0xec, 0xa1, 0xc1, 0x24, 0x8c, 0x16,
+    0xed, 0x09, 0xc7, 0xad, 0x41, 0x2a, 0x17, 0x40,
+    0x6d, 0x2b, 0x52, 0x5a, 0xa1, 0xca, 0xbb, 0x23,
+    0x7b, 0x97, 0x34, 0xec, 0x7b, 0x8c, 0xe3, 0xfa,
+    0xe0, 0x2f, 0x29, 0xc5, 0xef, 0xed, 0x30, 0xd6,
+    0x91, 0x87, 0xda, 0x10, 0x9c, 0x2c, 0x9f, 0xe2,
+    0xaa, 0xdb, 0xb0, 0xc2, 0x2a, 0xf5, 0x4c, 0x61,
+    0x66, 0x55, 0x00, 0x0c, 0x43, 0x1c, 0x6b, 0x4a,
+    0x37, 0x97, 0x63, 0xb0, 0xa9, 0x16, 0x58, 0xef,
+    0xc8, 0x4e, 0x8b, 0x06, 0x35, 0x8c, 0x8b, 0x4f,
+    0x21, 0x37, 0x10, 0xfd, 0x10, 0x17, 0x2c, 0xf3,
+    0x9b, 0x83, 0x0c, 0x2d, 0xd8, 0x4a, 0x0c, 0x8a,
+    0xb8, 0x25, 0x16, 0xec, 0xab, 0x99, 0x5f, 0xa4,
+    0x21, 0x5e, 0x02, 0x3e, 0x4e, 0xcf, 0x80, 0x74,
+    0xc3, 0x9d, 0x6c, 0x88, 0xb7, 0x0d, 0x1e, 0xe4,
+    0xe9, 0x6f, 0xdc, 0x20, 0xea, 0x11, 0x5c, 0x32
+};
+static const unsigned char dh_priv[] = {
+    0x14, 0x33, 0xe0, 0xb5, 0xa9, 0x17, 0xb6, 0x0a,
+    0x30, 0x23, 0xf2, 0xf8, 0xaa, 0x2c, 0x2d, 0x70,
+    0xd2, 0x96, 0x8a, 0xba, 0x9a, 0xea, 0xc8, 0x15,
+    0x40, 0xb8, 0xfc, 0xe6
+};
+static const unsigned char dh_pub[] = {
+    0x95, 0xdd, 0x33, 0x8d, 0x29, 0xe5, 0x71, 0x04,
+    0x92, 0xb9, 0x18, 0x31, 0x7b, 0x72, 0xa3, 0x69,
+    0x36, 0xe1, 0x95, 0x1a, 0x2e, 0xe5, 0xa5, 0x59,
+    0x16, 0x99, 0xc0, 0x48, 0x6d, 0x0d, 0x4f, 0x9b,
+    0xdd, 0x6d, 0x5a, 0x3f, 0x6b, 0x98, 0x89, 0x0c,
+    0x62, 0xb3, 0x76, 0x52, 0xd3, 0x6e, 0x71, 0x21,
+    0x11, 0xe6, 0x8a, 0x73, 0x55, 0x37, 0x25, 0x06,
+    0x99, 0xef, 0xe3, 0x30, 0x53, 0x73, 0x91, 0xfb,
+    0xc2, 0xc5, 0x48, 0xbc, 0x5a, 0xc3, 0xe5, 0xb2,
+    0x33, 0x86, 0xc3, 0xee, 0xf5, 0xeb, 0x43, 0xc0,
+    0x99, 0xd7, 0x0a, 0x52, 0x02, 0x68, 0x7e, 0x83,
+    0x96, 0x42, 0x48, 0xfc, 0xa9, 0x1f, 0x40, 0x90,
+    0x8e, 0x8f, 0xb3, 0x31, 0x93, 0x15, 0xf6, 0xd2,
+    0x60, 0x6d, 0x7f, 0x7c, 0xd5, 0x2c, 0xc6, 0xe7,
+    0xc5, 0x84, 0x3a, 0xfb, 0x22, 0x51, 0x9c, 0xf0,
+    0xf0, 0xf9, 0xd3, 0xa0, 0xa4, 0xe8, 0xc8, 0x88,
+    0x99, 0xef, 0xed, 0xe7, 0x36, 0x43, 0x51, 0xfb,
+    0x6a, 0x36, 0x3e, 0xe7, 0x17, 0xe5, 0x44, 0x5a,
+    0xda, 0xb4, 0xc9, 0x31, 0xa6, 0x48, 0x39, 0x97,
+    0xb8, 0x7d, 0xad, 0x83, 0x67, 0x7e, 0x4d, 0x1d,
+    0x3a, 0x77, 0x75, 0xe0, 0xf6, 0xd0, 0x0f, 0xdf,
+    0x73, 0xc7, 0xad, 0x80, 0x1e, 0x66, 0x5a, 0x0e,
+    0x5a, 0x79, 0x6d, 0x0a, 0x03, 0x80, 0xa1, 0x9f,
+    0xa1, 0x82, 0xef, 0xc8, 0xa0, 0x4f, 0x5e, 0x4d,
+    0xb9, 0x0d, 0x1a, 0x86, 0x37, 0xf9, 0x5d, 0xb1,
+    0x64, 0x36, 0xbd, 0xc8, 0xf3, 0xfc, 0x09, 0x6c,
+    0x4f, 0xf7, 0xf2, 0x34, 0xbe, 0x8f, 0xef, 0x47,
+    0x9a, 0xc4, 0xb0, 0xdc, 0x4b, 0x77, 0x26, 0x3e,
+    0x07, 0xd9, 0x95, 0x9d, 0xe0, 0xf1, 0xbf, 0x3f,
+    0x0a, 0xe3, 0xd9, 0xd5, 0x0e, 0x4b, 0x89, 0xc9,
+    0x9e, 0x3e, 0xa1, 0x21, 0x73, 0x43, 0xdd, 0x8c,
+    0x65, 0x81, 0xac, 0xc4, 0x95, 0x9c, 0x91, 0xd3
+};
+static const unsigned char dh_peer_pub[] = {
+    0x1f, 0xc1, 0xda, 0x34, 0x1d, 0x1a, 0x84, 0x6a,
+    0x96, 0xb7, 0xbe, 0x24, 0x34, 0x0f, 0x87, 0x7d,
+    0xd0, 0x10, 0xaa, 0x03, 0x56, 0xd5, 0xad, 0x58,
+    0xaa, 0xe9, 0xc7, 0xb0, 0x8f, 0x74, 0x9a, 0x32,
+    0x23, 0x51, 0x10, 0xb5, 0xd8, 0x8e, 0xb5, 0xdb,
+    0xfa, 0x97, 0x8d, 0x27, 0xec, 0xc5, 0x30, 0xf0,
+    0x2d, 0x31, 0x14, 0x00, 0x5b, 0x64, 0xb1, 0xc0,
+    0xe0, 0x24, 0xcb, 0x8a, 0xe2, 0x16, 0x98, 0xbc,
+    0xa9, 0xe6, 0x0d, 0x42, 0x80, 0x86, 0x22, 0xf1,
+    0x81, 0xc5, 0x6e, 0x1d, 0xe7, 0xa9, 0x6e, 0x6e,
+    0xfe, 0xe9, 0xd6, 0x65, 0x67, 0xe9, 0x1b, 0x97,
+    0x70, 0x42, 0xc7, 0xe3, 0xd0, 0x44, 0x8f, 0x05,
+    0xfb, 0x77, 0xf5, 0x22, 0xb9, 0xbf, 0xc8, 0xd3,
+    0x3c, 0xc3, 0xc3, 0x1e, 0xd3, 0xb3, 0x1f, 0x0f,
+    0xec, 0xb6, 0xdb, 0x4f, 0x6e, 0xa3, 0x11, 0xe7,
+    0x7a, 0xfd, 0xbc, 0xd4, 0x7a, 0xee, 0x1b, 0xb1,
+    0x50, 0xf2, 0x16, 0x87, 0x35, 0x78, 0xfb, 0x96,
+    0x46, 0x8e, 0x8f, 0x9f, 0x3d, 0xe8, 0xef, 0xbf,
+    0xce, 0x75, 0x62, 0x4b, 0x1d, 0xf0, 0x53, 0x22,
+    0xa3, 0x4f, 0x14, 0x63, 0xe8, 0x39, 0xe8, 0x98,
+    0x4c, 0x4a, 0xd0, 0xa9, 0x6e, 0x1a, 0xc8, 0x42,
+    0xe5, 0x31, 0x8c, 0xc2, 0x3c, 0x06, 0x2a, 0x8c,
+    0xa1, 0x71, 0xb8, 0xd5, 0x75, 0x98, 0x0d, 0xde,
+    0x7f, 0xc5, 0x6f, 0x15, 0x36, 0x52, 0x38, 0x20,
+    0xd4, 0x31, 0x92, 0xbf, 0xd5, 0x1e, 0x8e, 0x22,
+    0x89, 0x78, 0xac, 0xa5, 0xb9, 0x44, 0x72, 0xf3,
+    0x39, 0xca, 0xeb, 0x99, 0x31, 0xb4, 0x2b, 0xe3,
+    0x01, 0x26, 0x8b, 0xc9, 0x97, 0x89, 0xc9, 0xb2,
+    0x55, 0x71, 0xc3, 0xc0, 0xe4, 0xcb, 0x3f, 0x00,
+    0x7f, 0x1a, 0x51, 0x1c, 0xbb, 0x53, 0xc8, 0x51,
+    0x9c, 0xdd, 0x13, 0x02, 0xab, 0xca, 0x6c, 0x0f,
+    0x34, 0xf9, 0x67, 0x39, 0xf1, 0x7f, 0xf4, 0x8b
+};
+
+static const unsigned char dh_secret_expected[] = {
+    0x08, 0xff, 0x33, 0xbb, 0x2e, 0xcf, 0xf4, 0x9a,
+    0x7d, 0x4a, 0x79, 0x12, 0xae, 0xb1, 0xbb, 0x6a,
+    0xb5, 0x11, 0x64, 0x1b, 0x4a, 0x76, 0x77, 0x0c,
+    0x8c, 0xc1, 0xbc, 0xc2, 0x33, 0x34, 0x3d, 0xfe,
+    0x70, 0x0d, 0x11, 0x81, 0x3d, 0x2c, 0x9e, 0xd2,
+    0x3b, 0x21, 0x1c, 0xa9, 0xe8, 0x78, 0x69, 0x21,
+    0xed, 0xca, 0x28, 0x3c, 0x68, 0xb1, 0x61, 0x53,
+    0xfa, 0x01, 0xe9, 0x1a, 0xb8, 0x2c, 0x90, 0xdd,
+    0xab, 0x4a, 0x95, 0x81, 0x67, 0x70, 0xa9, 0x87,
+    0x10, 0xe1, 0x4c, 0x92, 0xab, 0x83, 0xb6, 0xe4,
+    0x6e, 0x1e, 0x42, 0x6e, 0xe8, 0x52, 0x43, 0x0d,
+    0x61, 0x87, 0xda, 0xa3, 0x72, 0x0a, 0x6b, 0xcd,
+    0x73, 0x23, 0x5c, 0x6b, 0x0f, 0x94, 0x1f, 0x33,
+    0x64, 0xf5, 0x04, 0x20, 0x55, 0x1a, 0x4b, 0xfe,
+    0xaf, 0xe2, 0xbc, 0x43, 0x85, 0x05, 0xa5, 0x9a,
+    0x4a, 0x40, 0xda, 0xca, 0x7a, 0x89, 0x5a, 0x73,
+    0xdb, 0x57, 0x5c, 0x74, 0xc1, 0x3a, 0x23, 0xad,
+    0x88, 0x32, 0x95, 0x7d, 0x58, 0x2d, 0x38, 0xf0,
+    0xa6, 0x16, 0x5f, 0xb0, 0xd7, 0xe9, 0xb8, 0x79,
+    0x9e, 0x42, 0xfd, 0x32, 0x20, 0xe3, 0x32, 0xe9,
+    0x81, 0x85, 0xa0, 0xc9, 0x42, 0x97, 0x57, 0xb2,
+    0xd0, 0xd0, 0x2c, 0x17, 0xdb, 0xaa, 0x1f, 0xf6,
+    0xed, 0x93, 0xd7, 0xe7, 0x3e, 0x24, 0x1e, 0xae,
+    0xd9, 0x0c, 0xaf, 0x39, 0x4d, 0x2b, 0xc6, 0x57,
+    0x0f, 0x18, 0xc8, 0x1f, 0x2b, 0xe5, 0xd0, 0x1a,
+    0x2c, 0xa9, 0x9f, 0xf1, 0x42, 0xb5, 0xd9, 0x63,
+    0xf9, 0xf5, 0x00, 0x32, 0x5e, 0x75, 0x56, 0xf9,
+    0x58, 0x49, 0xb3, 0xff, 0xc7, 0x47, 0x94, 0x86,
+    0xbe, 0x1d, 0x45, 0x96, 0xa3, 0x10, 0x6b, 0xd5,
+    0xcb, 0x4f, 0x61, 0xc5, 0x7e, 0xc5, 0xf1, 0x00,
+    0xfb, 0x7a, 0x0c, 0x82, 0xa1, 0x0b, 0x82, 0x52,
+    0x6a, 0x97, 0xd1, 0xd9, 0x7d, 0x98, 0xea, 0xf6
+};
+
+static const ST_KAT_PARAM dh_group[] = {
+    ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_FFC_P, dh_p),
+    ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_FFC_Q, dh_q),
+    ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_FFC_G, dh_g),
+    ST_KAT_PARAM_END()
+};
+
+/* The host's private key */
+static const ST_KAT_PARAM dh_host_key[] = {
+    ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_PUB_KEY, dh_pub),
+    ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_PRIV_KEY, dh_priv),
+    ST_KAT_PARAM_END()
+};
+
+/* The peer's public key */
+static const ST_KAT_PARAM dh_peer_key[] = {
+    ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_PUB_KEY, dh_peer_pub),
+    ST_KAT_PARAM_END()
+};
+#endif /* OPENSSL_NO_DH */
+
+
+#ifndef OPENSSL_NO_EC
+static const char ecdh_curve_name[] = "prime256v1";
+static const unsigned char ecdh_privd[] = {
+    0x33, 0xd0, 0x43, 0x83, 0xa9, 0x89, 0x56, 0x03,
+    0xd2, 0xd7, 0xfe, 0x6b, 0x01, 0x6f, 0xe4, 0x59,
+    0xcc, 0x0d, 0x9a, 0x24, 0x6c, 0x86, 0x1b, 0x2e,
+    0xdc, 0x4b, 0x4d, 0x35, 0x43, 0xe1, 0x1b, 0xad
+};
+static const unsigned char ecdh_pub[] = {
+    0x04,
+    0x1b, 0x93, 0x67, 0x55, 0x1c, 0x55, 0x9f, 0x63,
+    0xd1, 0x22, 0xa4, 0xd8, 0xd1, 0x0a, 0x60, 0x6d,
+    0x02, 0xa5, 0x77, 0x57, 0xc8, 0xa3, 0x47, 0x73,
+    0x3a, 0x6a, 0x08, 0x28, 0x39, 0xbd, 0xc9, 0xd2,
+    0x80, 0xec, 0xe9, 0xa7, 0x08, 0x29, 0x71, 0x2f,
+    0xc9, 0x56, 0x82, 0xee, 0x9a, 0x85, 0x0f, 0x6d,
+    0x7f, 0x59, 0x5f, 0x8c, 0xd1, 0x96, 0x0b, 0xdf,
+    0x29, 0x3e, 0x49, 0x07, 0x88, 0x3f, 0x9a, 0x29
+};
+static const unsigned char ecdh_peer_pub[] = {
+    0x04,
+    0x1f, 0x72, 0xbd, 0x2a, 0x3e, 0xeb, 0x6c, 0x76,
+    0xe5, 0x5d, 0x69, 0x75, 0x24, 0xbf, 0x2f, 0x5b,
+    0x96, 0xb2, 0x91, 0x62, 0x06, 0x35, 0xcc, 0xb2,
+    0x4b, 0x31, 0x1b, 0x0c, 0x6f, 0x06, 0x9f, 0x86,
+    0xcf, 0xc8, 0xac, 0xd5, 0x4f, 0x4d, 0x77, 0xf3,
+    0x70, 0x4a, 0x8f, 0x04, 0x9a, 0xb1, 0x03, 0xc7,
+    0xeb, 0xd5, 0x94, 0x78, 0x61, 0xab, 0x78, 0x0c,
+    0x4a, 0x2d, 0x6b, 0xf3, 0x2f, 0x2e, 0x4a, 0xbc
+};
+
+static const ST_KAT_PARAM ecdh_group[] = {
+    ST_KAT_PARAM_UTF8STRING(OSSL_PKEY_PARAM_EC_NAME, ecdh_curve_name),
+    ST_KAT_PARAM_END()
+};
+static const ST_KAT_PARAM ecdh_host_key[] = {
+    ST_KAT_PARAM_OCTET(OSSL_PKEY_PARAM_PUB_KEY, ecdh_pub),
+    ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_PRIV_KEY, ecdh_privd),
+    ST_KAT_PARAM_END()
+};
+static const ST_KAT_PARAM ecdh_peer_key[] = {
+    ST_KAT_PARAM_OCTET(OSSL_PKEY_PARAM_PUB_KEY, ecdh_peer_pub),
+    ST_KAT_PARAM_END()
+};
+static const unsigned char ecdh_secret_expected[] = {
+    0x45, 0x2a, 0x2f, 0x0d, 0x24, 0xe6, 0x8d, 0xd0,
+    0xda, 0x59, 0x7b, 0x0c, 0xec, 0x9b, 0x4c, 0x38,
+    0x41, 0xdd, 0xce, 0xb3, 0xcc, 0xf1, 0x90, 0x8e,
+    0x30, 0xdb, 0x5b, 0x5f, 0x97, 0xea, 0xe0, 0xc2
+};
+#endif /* OPENSSL_NO_EC */
+
+static const ST_KAT_KAS st_kat_kas_tests[] =
+{
+#ifndef OPENSSL_NO_DH
+    {
+        OSSL_SELF_TEST_DESC_KA_DH,
+        "DH",
+        dh_group,
+        dh_host_key,
+        dh_peer_key,
+        ITM(dh_secret_expected)
+    },
+#endif /* OPENSSL_NO_DH */
+#ifndef OPENSSL_NO_EC
+    {
+        OSSL_SELF_TEST_DESC_KA_ECDH,
+        "EC",
+        ecdh_group,
+        ecdh_host_key,
+        ecdh_peer_key,
+        ITM(ecdh_secret_expected)
+    },
+#endif /* OPENSSL_NO_EC */
+};
+
+#if !defined(OPENSSL_NO_RSA)
+/* RSA key data */
+static const unsigned char rsa_n[] = {
+    0xDB, 0x10, 0x1A, 0xC2, 0xA3, 0xF1, 0xDC, 0xFF,
+    0x13, 0x6B, 0xED, 0x44, 0xDF, 0xF0, 0x02, 0x6D,
+    0x13, 0xC7, 0x88, 0xDA, 0x70, 0x6B, 0x54, 0xF1,
+    0xE8, 0x27, 0xDC, 0xC3, 0x0F, 0x99, 0x6A, 0xFA,
+    0xC6, 0x67, 0xFF, 0x1D, 0x1E, 0x3C, 0x1D, 0xC1,
+    0xB5, 0x5F, 0x6C, 0xC0, 0xB2, 0x07, 0x3A, 0x6D,
+    0x41, 0xE4, 0x25, 0x99, 0xAC, 0xFC, 0xD2, 0x0F,
+    0x02, 0xD3, 0xD1, 0x54, 0x06, 0x1A, 0x51, 0x77,
+    0xBD, 0xB6, 0xBF, 0xEA, 0xA7, 0x5C, 0x06, 0xA9,
+    0x5D, 0x69, 0x84, 0x45, 0xD7, 0xF5, 0x05, 0xBA,
+    0x47, 0xF0, 0x1B, 0xD7, 0x2B, 0x24, 0xEC, 0xCB,
+    0x9B, 0x1B, 0x10, 0x8D, 0x81, 0xA0, 0xBE, 0xB1,
+    0x8C, 0x33, 0xE4, 0x36, 0xB8, 0x43, 0xEB, 0x19,
+    0x2A, 0x81, 0x8D, 0xDE, 0x81, 0x0A, 0x99, 0x48,
+    0xB6, 0xF6, 0xBC, 0xCD, 0x49, 0x34, 0x3A, 0x8F,
+    0x26, 0x94, 0xE3, 0x28, 0x82, 0x1A, 0x7C, 0x8F,
+    0x59, 0x9F, 0x45, 0xE8, 0x5D, 0x1A, 0x45, 0x76,
+    0x04, 0x56, 0x05, 0xA1, 0xD0, 0x1B, 0x8C, 0x77,
+    0x6D, 0xAF, 0x53, 0xFA, 0x71, 0xE2, 0x67, 0xE0,
+    0x9A, 0xFE, 0x03, 0xA9, 0x85, 0xD2, 0xC9, 0xAA,
+    0xBA, 0x2A, 0xBC, 0xF4, 0xA0, 0x08, 0xF5, 0x13,
+    0x98, 0x13, 0x5D, 0xF0, 0xD9, 0x33, 0x34, 0x2A,
+    0x61, 0xC3, 0x89, 0x55, 0xF0, 0xAE, 0x1A, 0x9C,
+    0x22, 0xEE, 0x19, 0x05, 0x8D, 0x32, 0xFE, 0xEC,
+    0x9C, 0x84, 0xBA, 0xB7, 0xF9, 0x6C, 0x3A, 0x4F,
+    0x07, 0xFC, 0x45, 0xEB, 0x12, 0xE5, 0x7B, 0xFD,
+    0x55, 0xE6, 0x29, 0x69, 0xD1, 0xC2, 0xE8, 0xB9,
+    0x78, 0x59, 0xF6, 0x79, 0x10, 0xC6, 0x4E, 0xEB,
+    0x6A, 0x5E, 0xB9, 0x9A, 0xC7, 0xC4, 0x5B, 0x63,
+    0xDA, 0xA3, 0x3F, 0x5E, 0x92, 0x7A, 0x81, 0x5E,
+    0xD6, 0xB0, 0xE2, 0x62, 0x8F, 0x74, 0x26, 0xC2,
+    0x0C, 0xD3, 0x9A, 0x17, 0x47, 0xE6, 0x8E, 0xAB
+};
+static const unsigned char rsa_e[] = { 0x01, 0x00, 0x01 };
+static const unsigned char rsa_d[] = {
+    0x52, 0x41, 0xF4, 0xDA, 0x7B, 0xB7, 0x59, 0x55,
+    0xCA, 0xD4, 0x2F, 0x0F, 0x3A, 0xCB, 0xA4, 0x0D,
+    0x93, 0x6C, 0xCC, 0x9D, 0xC1, 0xB2, 0xFB, 0xFD,
+    0xAE, 0x40, 0x31, 0xAC, 0x69, 0x52, 0x21, 0x92,
+    0xB3, 0x27, 0xDF, 0xEA, 0xEE, 0x2C, 0x82, 0xBB,
+    0xF7, 0x40, 0x32, 0xD5, 0x14, 0xC4, 0x94, 0x12,
+    0xEC, 0xB8, 0x1F, 0xCA, 0x59, 0xE3, 0xC1, 0x78,
+    0xF3, 0x85, 0xD8, 0x47, 0xA5, 0xD7, 0x02, 0x1A,
+    0x65, 0x79, 0x97, 0x0D, 0x24, 0xF4, 0xF0, 0x67,
+    0x6E, 0x75, 0x2D, 0xBF, 0x10, 0x3D, 0xA8, 0x7D,
+    0xEF, 0x7F, 0x60, 0xE4, 0xE6, 0x05, 0x82, 0x89,
+    0x5D, 0xDF, 0xC6, 0xD2, 0x6C, 0x07, 0x91, 0x33,
+    0x98, 0x42, 0xF0, 0x02, 0x00, 0x25, 0x38, 0xC5,
+    0x85, 0x69, 0x8A, 0x7D, 0x2F, 0x95, 0x6C, 0x43,
+    0x9A, 0xB8, 0x81, 0xE2, 0xD0, 0x07, 0x35, 0xAA,
+    0x05, 0x41, 0xC9, 0x1E, 0xAF, 0xE4, 0x04, 0x3B,
+    0x19, 0xB8, 0x73, 0xA2, 0xAC, 0x4B, 0x1E, 0x66,
+    0x48, 0xD8, 0x72, 0x1F, 0xAC, 0xF6, 0xCB, 0xBC,
+    0x90, 0x09, 0xCA, 0xEC, 0x0C, 0xDC, 0xF9, 0x2C,
+    0xD7, 0xEB, 0xAE, 0xA3, 0xA4, 0x47, 0xD7, 0x33,
+    0x2F, 0x8A, 0xCA, 0xBC, 0x5E, 0xF0, 0x77, 0xE4,
+    0x97, 0x98, 0x97, 0xC7, 0x10, 0x91, 0x7D, 0x2A,
+    0xA6, 0xFF, 0x46, 0x83, 0x97, 0xDE, 0xE9, 0xE2,
+    0x17, 0x03, 0x06, 0x14, 0xE2, 0xD7, 0xB1, 0x1D,
+    0x77, 0xAF, 0x51, 0x27, 0x5B, 0x5E, 0x69, 0xB8,
+    0x81, 0xE6, 0x11, 0xC5, 0x43, 0x23, 0x81, 0x04,
+    0x62, 0xFF, 0xE9, 0x46, 0xB8, 0xD8, 0x44, 0xDB,
+    0xA5, 0xCC, 0x31, 0x54, 0x34, 0xCE, 0x3E, 0x82,
+    0xD6, 0xBF, 0x7A, 0x0B, 0x64, 0x21, 0x6D, 0x88,
+    0x7E, 0x5B, 0x45, 0x12, 0x1E, 0x63, 0x8D, 0x49,
+    0xA7, 0x1D, 0xD9, 0x1E, 0x06, 0xCD, 0xE8, 0xBA,
+    0x2C, 0x8C, 0x69, 0x32, 0xEA, 0xBE, 0x60, 0x71
+};
+static const unsigned char rsa_p[] = {
+    0xFA, 0xAC, 0xE1, 0x37, 0x5E, 0x32, 0x11, 0x34,
+    0xC6, 0x72, 0x58, 0x2D, 0x91, 0x06, 0x3E, 0x77,
+    0xE7, 0x11, 0x21, 0xCD, 0x4A, 0xF8, 0xA4, 0x3F,
+    0x0F, 0xEF, 0x31, 0xE3, 0xF3, 0x55, 0xA0, 0xB9,
+    0xAC, 0xB6, 0xCB, 0xBB, 0x41, 0xD0, 0x32, 0x81,
+    0x9A, 0x8F, 0x7A, 0x99, 0x30, 0x77, 0x6C, 0x68,
+    0x27, 0xE2, 0x96, 0xB5, 0x72, 0xC9, 0xC3, 0xD4,
+    0x42, 0xAA, 0xAA, 0xCA, 0x95, 0x8F, 0xFF, 0xC9,
+    0x9B, 0x52, 0x34, 0x30, 0x1D, 0xCF, 0xFE, 0xCF,
+    0x3C, 0x56, 0x68, 0x6E, 0xEF, 0xE7, 0x6C, 0xD7,
+    0xFB, 0x99, 0xF5, 0x4A, 0xA5, 0x21, 0x1F, 0x2B,
+    0xEA, 0x93, 0xE8, 0x98, 0x26, 0xC4, 0x6E, 0x42,
+    0x21, 0x5E, 0xA0, 0xA1, 0x2A, 0x58, 0x35, 0xBB,
+    0x10, 0xE7, 0xBA, 0x27, 0x0A, 0x3B, 0xB3, 0xAF,
+    0xE2, 0x75, 0x36, 0x04, 0xAC, 0x56, 0xA0, 0xAB,
+    0x52, 0xDE, 0xCE, 0xDD, 0x2C, 0x28, 0x77, 0x03
+};
+static const unsigned char rsa_q[] = {
+    0xDF, 0xB7, 0x52, 0xB6, 0xD7, 0xC0, 0xE2, 0x96,
+    0xE7, 0xC9, 0xFE, 0x5D, 0x71, 0x5A, 0xC4, 0x40,
+    0x96, 0x2F, 0xE5, 0x87, 0xEA, 0xF3, 0xA5, 0x77,
+    0x11, 0x67, 0x3C, 0x8D, 0x56, 0x08, 0xA7, 0xB5,
+    0x67, 0xFA, 0x37, 0xA8, 0xB8, 0xCF, 0x61, 0xE8,
+    0x63, 0xD8, 0x38, 0x06, 0x21, 0x2B, 0x92, 0x09,
+    0xA6, 0x39, 0x3A, 0xEA, 0xA8, 0xB4, 0x45, 0x4B,
+    0x36, 0x10, 0x4C, 0xE4, 0x00, 0x66, 0x71, 0x65,
+    0xF8, 0x0B, 0x94, 0x59, 0x4F, 0x8C, 0xFD, 0xD5,
+    0x34, 0xA2, 0xE7, 0x62, 0x84, 0x0A, 0xA7, 0xBB,
+    0xDB, 0xD9, 0x8A, 0xCD, 0x05, 0xE1, 0xCC, 0x57,
+    0x7B, 0xF1, 0xF1, 0x1F, 0x11, 0x9D, 0xBA, 0x3E,
+    0x45, 0x18, 0x99, 0x1B, 0x41, 0x64, 0x43, 0xEE,
+    0x97, 0x5D, 0x77, 0x13, 0x5B, 0x74, 0x69, 0x73,
+    0x87, 0x95, 0x05, 0x07, 0xBE, 0x45, 0x07, 0x17,
+    0x7E, 0x4A, 0x69, 0x22, 0xF3, 0xDB, 0x05, 0x39
+};
+static const unsigned char rsa_dp[] = {
+    0x5E, 0xD8, 0xDC, 0xDA, 0x53, 0x44, 0xC4, 0x67,
+    0xE0, 0x92, 0x51, 0x34, 0xE4, 0x83, 0xA5, 0x4D,
+    0x3E, 0xDB, 0xA7, 0x9B, 0x82, 0xBB, 0x73, 0x81,
+    0xFC, 0xE8, 0x77, 0x4B, 0x15, 0xBE, 0x17, 0x73,
+    0x49, 0x9B, 0x5C, 0x98, 0xBC, 0xBD, 0x26, 0xEF,
+    0x0C, 0xE9, 0x2E, 0xED, 0x19, 0x7E, 0x86, 0x41,
+    0x1E, 0x9E, 0x48, 0x81, 0xDD, 0x2D, 0xE4, 0x6F,
+    0xC2, 0xCD, 0xCA, 0x93, 0x9E, 0x65, 0x7E, 0xD5,
+    0xEC, 0x73, 0xFD, 0x15, 0x1B, 0xA2, 0xA0, 0x7A,
+    0x0F, 0x0D, 0x6E, 0xB4, 0x53, 0x07, 0x90, 0x92,
+    0x64, 0x3B, 0x8B, 0xA9, 0x33, 0xB3, 0xC5, 0x94,
+    0x9B, 0x4C, 0x5D, 0x9C, 0x7C, 0x46, 0xA4, 0xA5,
+    0x56, 0xF4, 0xF3, 0xF8, 0x27, 0x0A, 0x7B, 0x42,
+    0x0D, 0x92, 0x70, 0x47, 0xE7, 0x42, 0x51, 0xA9,
+    0xC2, 0x18, 0xB1, 0x58, 0xB1, 0x50, 0x91, 0xB8,
+    0x61, 0x41, 0xB6, 0xA9, 0xCE, 0xD4, 0x7C, 0xBB
+};
+static const unsigned char rsa_dq[] = {
+    0x54, 0x09, 0x1F, 0x0F, 0x03, 0xD8, 0xB6, 0xC5,
+    0x0C, 0xE8, 0xB9, 0x9E, 0x0C, 0x38, 0x96, 0x43,
+    0xD4, 0xA6, 0xC5, 0x47, 0xDB, 0x20, 0x0E, 0xE5,
+    0xBD, 0x29, 0xD4, 0x7B, 0x1A, 0xF8, 0x41, 0x57,
+    0x49, 0x69, 0x9A, 0x82, 0xCC, 0x79, 0x4A, 0x43,
+    0xEB, 0x4D, 0x8B, 0x2D, 0xF2, 0x43, 0xD5, 0xA5,
+    0xBE, 0x44, 0xFD, 0x36, 0xAC, 0x8C, 0x9B, 0x02,
+    0xF7, 0x9A, 0x03, 0xE8, 0x19, 0xA6, 0x61, 0xAE,
+    0x76, 0x10, 0x93, 0x77, 0x41, 0x04, 0xAB, 0x4C,
+    0xED, 0x6A, 0xCC, 0x14, 0x1B, 0x99, 0x8D, 0x0C,
+    0x6A, 0x37, 0x3B, 0x86, 0x6C, 0x51, 0x37, 0x5B,
+    0x1D, 0x79, 0xF2, 0xA3, 0x43, 0x10, 0xC6, 0xA7,
+    0x21, 0x79, 0x6D, 0xF9, 0xE9, 0x04, 0x6A, 0xE8,
+    0x32, 0xFF, 0xAE, 0xFD, 0x1C, 0x7B, 0x8C, 0x29,
+    0x13, 0xA3, 0x0C, 0xB2, 0xAD, 0xEC, 0x6C, 0x0F,
+    0x8D, 0x27, 0x12, 0x7B, 0x48, 0xB2, 0xDB, 0x31
+};
+static const unsigned char rsa_qInv[] = {
+    0x8D, 0x1B, 0x05, 0xCA, 0x24, 0x1F, 0x0C, 0x53,
+    0x19, 0x52, 0x74, 0x63, 0x21, 0xFA, 0x78, 0x46,
+    0x79, 0xAF, 0x5C, 0xDE, 0x30, 0xA4, 0x6C, 0x20,
+    0x38, 0xE6, 0x97, 0x39, 0xB8, 0x7A, 0x70, 0x0D,
+    0x8B, 0x6C, 0x6D, 0x13, 0x74, 0xD5, 0x1C, 0xDE,
+    0xA9, 0xF4, 0x60, 0x37, 0xFE, 0x68, 0x77, 0x5E,
+    0x0B, 0x4E, 0x5E, 0x03, 0x31, 0x30, 0xDF, 0xD6,
+    0xAE, 0x85, 0xD0, 0x81, 0xBB, 0x61, 0xC7, 0xB1,
+    0x04, 0x5A, 0xC4, 0x6D, 0x56, 0x1C, 0xD9, 0x64,
+    0xE7, 0x85, 0x7F, 0x88, 0x91, 0xC9, 0x60, 0x28,
+    0x05, 0xE2, 0xC6, 0x24, 0x8F, 0xDD, 0x61, 0x64,
+    0xD8, 0x09, 0xDE, 0x7E, 0xD3, 0x4A, 0x61, 0x1A,
+    0xD3, 0x73, 0x58, 0x4B, 0xD8, 0xA0, 0x54, 0x25,
+    0x48, 0x83, 0x6F, 0x82, 0x6C, 0xAF, 0x36, 0x51,
+    0x2A, 0x5D, 0x14, 0x2F, 0x41, 0x25, 0x00, 0xDD,
+    0xF8, 0xF3, 0x95, 0xFE, 0x31, 0x25, 0x50, 0x12
+};
+
+static const ST_KAT_PARAM rsa_key[] = {
+    ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_N, rsa_n),
+    ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_E, rsa_e),
+    ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_D, rsa_d),
+    ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_FACTOR, rsa_p),
+    ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_FACTOR, rsa_q),
+    ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_EXPONENT, rsa_dp),
+    ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_EXPONENT, rsa_dq),
+    ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_COEFFICIENT, rsa_qInv),
+    ST_KAT_PARAM_END()
+};
+
+static const unsigned char rsa_expected_sig[256] = {
+    0xad, 0xbe, 0x2a, 0xaf, 0x16, 0x85, 0xc5, 0x00,
+    0x91, 0x3e, 0xd0, 0x49, 0xfb, 0x3a, 0x81, 0xb9,
+    0x6c, 0x28, 0xbc, 0xbf, 0xea, 0x96, 0x5f, 0xe4,
+    0x9f, 0x99, 0xf7, 0x18, 0x8c, 0xec, 0x60, 0x28,
+    0xeb, 0x29, 0x02, 0x49, 0xfc, 0xda, 0xd7, 0x78,
+    0x68, 0xf8, 0xe1, 0xe9, 0x4d, 0x20, 0x6d, 0x32,
+    0xa6, 0xde, 0xfc, 0xe4, 0xda, 0xcc, 0x6c, 0x75,
+    0x36, 0x6b, 0xff, 0x5a, 0xac, 0x01, 0xa8, 0xc2,
+    0xa9, 0xe6, 0x8b, 0x18, 0x3e, 0xec, 0xea, 0x4c,
+    0x4a, 0x9e, 0x00, 0x09, 0xd1, 0x8a, 0x69, 0x1b,
+    0x8b, 0xd9, 0xad, 0x37, 0xe5, 0x7c, 0xff, 0x7d,
+    0x59, 0x56, 0x3e, 0xa0, 0xc6, 0x32, 0xd8, 0x35,
+    0x2f, 0xff, 0xfb, 0x05, 0x02, 0xcd, 0xd7, 0x19,
+    0xb9, 0x00, 0x86, 0x2a, 0xcf, 0xaa, 0x78, 0x16,
+    0x4b, 0xf1, 0xa7, 0x59, 0xef, 0x7d, 0xe8, 0x74,
+    0x23, 0x5c, 0xb2, 0xd4, 0x8a, 0x99, 0xa5, 0xbc,
+    0xfa, 0x63, 0xd8, 0xf7, 0xbd, 0xc6, 0x00, 0x13,
+    0x06, 0x02, 0x9a, 0xd4, 0xa7, 0xb4, 0x3d, 0x61,
+    0xab, 0xf1, 0xc2, 0x95, 0x59, 0x9b, 0x3d, 0x67,
+    0x1f, 0xde, 0x57, 0xb6, 0xb6, 0x9f, 0xb0, 0x87,
+    0xd6, 0x51, 0xd5, 0x3e, 0x00, 0xe2, 0xc9, 0xa0,
+    0x03, 0x66, 0xbc, 0x01, 0xb3, 0x8e, 0xfa, 0xf1,
+    0x15, 0xeb, 0x26, 0xf1, 0x5d, 0x81, 0x90, 0xb4,
+    0x1c, 0x00, 0x7c, 0x83, 0x4a, 0xa5, 0xde, 0x64,
+    0xae, 0xea, 0x6c, 0x43, 0xc3, 0x20, 0x77, 0x77,
+    0x42, 0x12, 0x24, 0xf5, 0xe3, 0x70, 0xdd, 0x59,
+    0x48, 0x9c, 0xef, 0xd4, 0x8a, 0x3c, 0x29, 0x6a,
+    0x0c, 0x9c, 0xf2, 0x13, 0xa4, 0x1c, 0x2f, 0x49,
+    0xcd, 0xb4, 0xaa, 0x28, 0x40, 0x34, 0xc6, 0x75,
+    0xba, 0x30, 0xe6, 0xd8, 0x5b, 0x2f, 0x08, 0xd0,
+    0x29, 0xa5, 0x39, 0xfb, 0x6e, 0x3b, 0x0f, 0x52,
+    0x2c, 0x68, 0xf0, 0x37, 0xa9, 0xd2, 0x56, 0xd6
+};
+
+#endif /* OPENSSL_NO_RSA */
+
+#ifndef OPENSSL_NO_EC
+/* ECDSA key data */
+static const char ecd_curve_name[] = "secp224r1";
+static const unsigned char ecd_priv[] = {
+    0x98, 0x1f, 0xb5, 0xf1, 0xfc, 0x87, 0x1d, 0x7d,
+    0xde, 0x1e, 0x01, 0x64, 0x09, 0x9b, 0xe7, 0x1b,
+    0x9f, 0xad, 0x63, 0xdd, 0x33, 0x01, 0xd1, 0x50,
+    0x80, 0x93, 0x50, 0x30
+};
+static const unsigned char ecd_pub[] = {
+    0x04, 0x95, 0x47, 0x99, 0x44, 0x29, 0x8f, 0x51,
+    0x39, 0xe2, 0x53, 0xec, 0x79, 0xb0, 0x4d, 0xde,
+    0x87, 0x1a, 0x76, 0x54, 0xd5, 0x96, 0xb8, 0x7a,
+    0x6d, 0xf4, 0x1c, 0x2c, 0x87, 0x91, 0x5f, 0xd5,
+    0x31, 0xdd, 0x24, 0xe5, 0x78, 0xd9, 0x08, 0x24,
+    0x8a, 0x49, 0x99, 0xec, 0x55, 0xf2, 0x82, 0xb3,
+    0xc4, 0xb7, 0x33, 0x68, 0xe4, 0x24, 0xa9, 0x12,
+    0x82
+};
+
+static const ST_KAT_PARAM ecdsa_key[] = {
+    ST_KAT_PARAM_UTF8STRING(OSSL_PKEY_PARAM_EC_NAME, ecd_curve_name),
+    ST_KAT_PARAM_OCTET(OSSL_PKEY_PARAM_PUB_KEY, ecd_pub),
+    ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_PRIV_KEY, ecd_priv),
+    ST_KAT_PARAM_END()
+};
+#endif /* OPENSSL_NO_EC */
+
+#ifndef OPENSSL_NO_DSA
+/* dsa 2048 */
+static const unsigned char dsa_p[] = {
+    0xa2, 0x9b, 0x88, 0x72, 0xce, 0x8b, 0x84, 0x23,
+    0xb7, 0xd5, 0xd2, 0x1d, 0x4b, 0x02, 0xf5, 0x7e,
+    0x03, 0xe9, 0xe6, 0xb8, 0xa2, 0x58, 0xdc, 0x16,
+    0x61, 0x1b, 0xa0, 0x98, 0xab, 0x54, 0x34, 0x15,
+    0xe4, 0x15, 0xf1, 0x56, 0x99, 0x7a, 0x3e, 0xe2,
+    0x36, 0x65, 0x8f, 0xa0, 0x93, 0x26, 0x0d, 0xe3,
+    0xad, 0x42, 0x2e, 0x05, 0xe0, 0x46, 0xf9, 0xec,
+    0x29, 0x16, 0x1a, 0x37, 0x5f, 0x0e, 0xb4, 0xef,
+    0xfc, 0xef, 0x58, 0x28, 0x5c, 0x5d, 0x39, 0xed,
+    0x42, 0x5d, 0x7a, 0x62, 0xca, 0x12, 0x89, 0x6c,
+    0x4a, 0x92, 0xcb, 0x19, 0x46, 0xf2, 0x95, 0x2a,
+    0x48, 0x13, 0x3f, 0x07, 0xda, 0x36, 0x4d, 0x1b,
+    0xdf, 0x6b, 0x0f, 0x71, 0x39, 0x98, 0x3e, 0x69,
+    0x3c, 0x80, 0x05, 0x9b, 0x0e, 0xac, 0xd1, 0x47,
+    0x9b, 0xa9, 0xf2, 0x85, 0x77, 0x54, 0xed, 0xe7,
+    0x5f, 0x11, 0x2b, 0x07, 0xeb, 0xbf, 0x35, 0x34,
+    0x8b, 0xbf, 0x3e, 0x01, 0xe0, 0x2f, 0x2d, 0x47,
+    0x3d, 0xe3, 0x94, 0x53, 0xf9, 0x9d, 0xd2, 0x36,
+    0x75, 0x41, 0xca, 0xca, 0x3b, 0xa0, 0x11, 0x66,
+    0x34, 0x3d, 0x7b, 0x5b, 0x58, 0xa3, 0x7b, 0xd1,
+    0xb7, 0x52, 0x1d, 0xb2, 0xf1, 0x3b, 0x86, 0x70,
+    0x71, 0x32, 0xfe, 0x09, 0xf4, 0xcd, 0x09, 0xdc,
+    0x16, 0x18, 0xfa, 0x34, 0x01, 0xeb, 0xf9, 0xcc,
+    0x7b, 0x19, 0xfa, 0x94, 0xaa, 0x47, 0x20, 0x88,
+    0x13, 0x3d, 0x6c, 0xb2, 0xd3, 0x5c, 0x11, 0x79,
+    0xc8, 0xc8, 0xff, 0x36, 0x87, 0x58, 0xd5, 0x07,
+    0xd9, 0xf9, 0xa1, 0x7d, 0x46, 0xc1, 0x10, 0xfe,
+    0x31, 0x44, 0xce, 0x9b, 0x02, 0x2b, 0x42, 0xe4,
+    0x19, 0xeb, 0x4f, 0x53, 0x88, 0x61, 0x3b, 0xfc,
+    0x3e, 0x26, 0x24, 0x1a, 0x43, 0x2e, 0x87, 0x06,
+    0xbc, 0x58, 0xef, 0x76, 0x11, 0x72, 0x78, 0xde,
+    0xab, 0x6c, 0xf6, 0x92, 0x61, 0x82, 0x91, 0xb7
+};
+static const unsigned char dsa_q[] = {
+    0xa3, 0xbf, 0xd9, 0xab, 0x78, 0x84, 0x79, 0x4e,
+    0x38, 0x34, 0x50, 0xd5, 0x89, 0x1d, 0xc1, 0x8b,
+    0x65, 0x15, 0x7b, 0xdc, 0xfc, 0xda, 0xc5, 0x15,
+    0x18, 0x90, 0x28, 0x67
+};
+static const unsigned char dsa_g[] = {
+    0x68, 0x19, 0x27, 0x88, 0x69, 0xc7, 0xfd, 0x3d,
+    0x2d, 0x7b, 0x77, 0xf7, 0x7e, 0x81, 0x50, 0xd9,
+    0xad, 0x43, 0x3b, 0xea, 0x3b, 0xa8, 0x5e, 0xfc,
+    0x80, 0x41, 0x5a, 0xa3, 0x54, 0x5f, 0x78, 0xf7,
+    0x22, 0x96, 0xf0, 0x6c, 0xb1, 0x9c, 0xed, 0xa0,
+    0x6c, 0x94, 0xb0, 0x55, 0x1c, 0xfe, 0x6e, 0x6f,
+    0x86, 0x3e, 0x31, 0xd1, 0xde, 0x6e, 0xed, 0x7d,
+    0xab, 0x8b, 0x0c, 0x9d, 0xf2, 0x31, 0xe0, 0x84,
+    0x34, 0xd1, 0x18, 0x4f, 0x91, 0xd0, 0x33, 0x69,
+    0x6b, 0xb3, 0x82, 0xf8, 0x45, 0x5e, 0x98, 0x88,
+    0xf5, 0xd3, 0x1d, 0x47, 0x84, 0xec, 0x40, 0x12,
+    0x02, 0x46, 0xf4, 0xbe, 0xa6, 0x17, 0x94, 0xbb,
+    0xa5, 0x86, 0x6f, 0x09, 0x74, 0x64, 0x63, 0xbd,
+    0xf8, 0xe9, 0xe1, 0x08, 0xcd, 0x95, 0x29, 0xc3,
+    0xd0, 0xf6, 0xdf, 0x80, 0x31, 0x6e, 0x2e, 0x70,
+    0xaa, 0xeb, 0x1b, 0x26, 0xcd, 0xb8, 0xad, 0x97,
+    0xbc, 0x3d, 0x28, 0x7e, 0x0b, 0x8d, 0x61, 0x6c,
+    0x42, 0xe6, 0x5b, 0x87, 0xdb, 0x20, 0xde, 0xb7,
+    0x00, 0x5b, 0xc4, 0x16, 0x74, 0x7a, 0x64, 0x70,
+    0x14, 0x7a, 0x68, 0xa7, 0x82, 0x03, 0x88, 0xeb,
+    0xf4, 0x4d, 0x52, 0xe0, 0x62, 0x8a, 0xf9, 0xcf,
+    0x1b, 0x71, 0x66, 0xd0, 0x34, 0x65, 0xf3, 0x5a,
+    0xcc, 0x31, 0xb6, 0x11, 0x0c, 0x43, 0xda, 0xbc,
+    0x7c, 0x5d, 0x59, 0x1e, 0x67, 0x1e, 0xaf, 0x7c,
+    0x25, 0x2c, 0x1c, 0x14, 0x53, 0x36, 0xa1, 0xa4,
+    0xdd, 0xf1, 0x32, 0x44, 0xd5, 0x5e, 0x83, 0x56,
+    0x80, 0xca, 0xb2, 0x53, 0x3b, 0x82, 0xdf, 0x2e,
+    0xfe, 0x55, 0xec, 0x18, 0xc1, 0xe6, 0xcd, 0x00,
+    0x7b, 0xb0, 0x89, 0x75, 0x8b, 0xb1, 0x7c, 0x2c,
+    0xbe, 0x14, 0x44, 0x1b, 0xd0, 0x93, 0xae, 0x66,
+    0xe5, 0x97, 0x6d, 0x53, 0x73, 0x3f, 0x4f, 0xa3,
+    0x26, 0x97, 0x01, 0xd3, 0x1d, 0x23, 0xd4, 0x67
+};
+static const unsigned char dsa_pub[] = {
+    0xa0, 0x12, 0xb3, 0xb1, 0x70, 0xb3, 0x07, 0x22,
+    0x79, 0x57, 0xb7, 0xca, 0x20, 0x61, 0xa8, 0x16,
+    0xac, 0x7a, 0x2b, 0x3d, 0x9a, 0xe9, 0x95, 0xa5,
+    0x11, 0x9c, 0x38, 0x5b, 0x60, 0x3b, 0xf6, 0xf6,
+    0xc5, 0xde, 0x4d, 0xc5, 0xec, 0xb5, 0xdf, 0xa4,
+    0xa4, 0x1c, 0x68, 0x66, 0x2e, 0xb2, 0x5b, 0x63,
+    0x8b, 0x7e, 0x26, 0x20, 0xba, 0x89, 0x8d, 0x07,
+    0xda, 0x6c, 0x49, 0x91, 0xe7, 0x6c, 0xc0, 0xec,
+    0xd1, 0xad, 0x34, 0x21, 0x07, 0x70, 0x67, 0xe4,
+    0x7c, 0x18, 0xf5, 0x8a, 0x92, 0xa7, 0x2a, 0xd4,
+    0x31, 0x99, 0xec, 0xb7, 0xbd, 0x84, 0xe7, 0xd3,
+    0xaf, 0xb9, 0x01, 0x9f, 0x0e, 0x9d, 0xd0, 0xfb,
+    0xaa, 0x48, 0x73, 0x00, 0xb1, 0x30, 0x81, 0xe3,
+    0x3c, 0x90, 0x28, 0x76, 0x43, 0x6f, 0x7b, 0x03,
+    0xc3, 0x45, 0x52, 0x84, 0x81, 0xd3, 0x62, 0x81,
+    0x5e, 0x24, 0xfe, 0x59, 0xda, 0xc5, 0xac, 0x34,
+    0x66, 0x0d, 0x4c, 0x8a, 0x76, 0xcb, 0x99, 0xa7,
+    0xc7, 0xde, 0x93, 0xeb, 0x95, 0x6c, 0xd6, 0xbc,
+    0x88, 0xe5, 0x8d, 0x90, 0x10, 0x34, 0x94, 0x4a,
+    0x09, 0x4b, 0x01, 0x80, 0x3a, 0x43, 0xc6, 0x72,
+    0xb9, 0x68, 0x8c, 0x0e, 0x01, 0xd8, 0xf4, 0xfc,
+    0x91, 0xc6, 0x2a, 0x3f, 0x88, 0x02, 0x1f, 0x7b,
+    0xd6, 0xa6, 0x51, 0xb1, 0xa8, 0x8f, 0x43, 0xaa,
+    0x4e, 0xf2, 0x76, 0x53, 0xd1, 0x2b, 0xf8, 0xb7,
+    0x09, 0x9f, 0xdf, 0x6b, 0x46, 0x10, 0x82, 0xf8,
+    0xe9, 0x39, 0x10, 0x7b, 0xfd, 0x2f, 0x72, 0x10,
+    0x08, 0x7d, 0x32, 0x6c, 0x37, 0x52, 0x00, 0xf1,
+    0xf5, 0x1e, 0x7e, 0x74, 0xa3, 0x41, 0x31, 0x90,
+    0x1b, 0xcd, 0x08, 0x63, 0x52, 0x1f, 0xf8, 0xd6,
+    0x76, 0xc4, 0x85, 0x81, 0x86, 0x87, 0x36, 0xc5,
+    0xe5, 0x1b, 0x16, 0xa4, 0xe3, 0x92, 0x15, 0xea,
+    0x0b, 0x17, 0xc4, 0x73, 0x59, 0x74, 0xc5, 0x16
+};
+static const unsigned char dsa_priv[] = {
+    0x6c, 0xca, 0xee, 0xf6, 0xd7, 0x3b, 0x4e, 0x80,
+    0xf1, 0x1c, 0x17, 0xb8, 0xe9, 0x62, 0x7c, 0x03,
+    0x66, 0x35, 0xba, 0xc3, 0x94, 0x23, 0x50, 0x5e,
+    0x40, 0x7e, 0x5c, 0xb7
+};
+
+static const ST_KAT_PARAM dsa_key[] = {
+    ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_FFC_P, dsa_p),
+    ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_FFC_Q, dsa_q),
+    ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_FFC_G, dsa_g),
+    ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_PUB_KEY, dsa_pub),
+    ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_PRIV_KEY, dsa_priv),
+    ST_KAT_PARAM_END()
+};
+#endif /* OPENSSL_NO_DSA */
+
+static const ST_KAT_SIGN st_kat_sign_tests[] = {
+#ifndef OPENSSL_NO_RSA
+    {
+        OSSL_SELF_TEST_DESC_SIGN_RSA,
+        "RSA",
+        "SHA-256",
+        rsa_key,
+        ITM(rsa_expected_sig)
+    },
+#endif /* OPENSSL_NO_RSA */
+#ifndef OPENSSL_NO_EC
+    {
+        OSSL_SELF_TEST_DESC_SIGN_ECDSA,
+        "EC",
+        "SHA-256",
+        ecdsa_key,
+        /*
+         * The ECDSA signature changes each time due to it using a random k.
+         * So there is no expected KAT for this case.
+         */
+    },
+#endif /* OPENSSL_NO_EC */
+#ifndef OPENSSL_NO_DSA
+    {
+        OSSL_SELF_TEST_DESC_SIGN_DSA,
+        "DSA",
+        "SHA-256",
+        dsa_key,
+        /*
+         * The DSA signature changes each time due to it using a random k.
+         * So there is no expected KAT for this case.
+         */
+    },
+#endif /* OPENSSL_NO_DSA */
+};
index 50e59611c53f241edb22c5234f001c1a88dc3111..f02dbcd85cfad696d1ed7cd1b2d3aa0f989808fb 100644 (file)
@@ -11,6 +11,8 @@
 #include <openssl/evp.h>
 #include <openssl/kdf.h>
 #include <openssl/rand_drbg.h>
+#include <openssl/core_names.h>
+#include <openssl/param_build.h>
 #include "internal/cryptlib.h"
 #include "internal/nelem.h"
 #include "self_test.h"
@@ -46,10 +48,9 @@ static int self_test_digest(const ST_KAT_DIGEST *t, OSSL_SELF_TEST *st,
         goto err;
     ok = 1;
 err:
-    OSSL_SELF_TEST_onend(st, ok);
     EVP_MD_free(md);
     EVP_MD_CTX_free(ctx);
-
+    OSSL_SELF_TEST_onend(st, ok);
     return ok;
 }
 
@@ -142,39 +143,79 @@ err:
     return ret;
 }
 
+static int add_params(OSSL_PARAM_BLD *bld, const ST_KAT_PARAM *params,
+                      BN_CTX *ctx)
+{
+    int ret = 0;
+    const ST_KAT_PARAM *p;
+
+    if (params == NULL)
+        return 1;
+    for (p = params; p->data != NULL; ++p)
+    {
+        switch (p->type) {
+        case OSSL_PARAM_UNSIGNED_INTEGER: {
+            BIGNUM *bn = BN_CTX_get(ctx);
+
+            if (bn == NULL
+                || (BN_bin2bn(p->data, p->data_len, bn) == NULL)
+                || !OSSL_PARAM_BLD_push_BN(bld, p->name, bn))
+                goto err;
+            break;
+        }
+        case OSSL_PARAM_UTF8_STRING: {
+            if (!OSSL_PARAM_BLD_push_utf8_string(bld, p->name, p->data, 0))
+                goto err;
+            break;
+        }
+        case OSSL_PARAM_OCTET_STRING: {
+            if (!OSSL_PARAM_BLD_push_octet_string(bld, p->name, p->data,
+                                                  p->data_len))
+                goto err;
+            break;
+        }
+        default:
+            break;
+        }
+    }
+    ret = 1;
+err:
+    return ret;
+}
+
 static int self_test_kdf(const ST_KAT_KDF *t, OSSL_SELF_TEST *st,
                          OPENSSL_CTX *libctx)
 {
     int ret = 0;
-    int i, numparams;
     unsigned char out[64];
     EVP_KDF *kdf = NULL;
     EVP_KDF_CTX *ctx = NULL;
-    OSSL_PARAM params[16];
-    const OSSL_PARAM *settables = NULL;
+    BN_CTX *bnctx = NULL;
+    OSSL_PARAM *params  = NULL;
+    OSSL_PARAM_BLD *bld = NULL;
 
-    numparams = OSSL_NELEM(params);
     OSSL_SELF_TEST_onbegin(st, OSSL_SELF_TEST_TYPE_KAT_KDF, t->desc);
 
-    /* Zeroize the params array to avoid mem leaks on error */
-    for (i = 0; i < numparams; ++i)
-        params[i] = OSSL_PARAM_construct_end();
+    bld = OSSL_PARAM_BLD_new();
+    if (bld == NULL)
+        goto err;
 
     kdf = EVP_KDF_fetch(libctx, t->algorithm, "");
+    if (kdf == NULL)
+        goto err;
+
     ctx = EVP_KDF_CTX_new(kdf);
     if (ctx == NULL)
         goto err;
 
-    settables = EVP_KDF_settable_ctx_params(kdf);
-    for (i = 0; t->ctrls[i].name != NULL; ++i) {
-        if (!ossl_assert(i < (numparams - 1)))
-            goto err;
-        if (!OSSL_PARAM_allocate_from_text(&params[i], settables,
-                                           t->ctrls[i].name,
-                                           t->ctrls[i].value,
-                                           strlen(t->ctrls[i].value), NULL))
-            goto err;
-    }
+    bnctx = BN_CTX_new_ex(libctx);
+    if (bnctx == NULL)
+        goto err;
+    if (!add_params(bld, t->params, bnctx))
+        goto err;
+    params = OSSL_PARAM_BLD_to_param(bld);
+    if (params == NULL)
+        goto err;
     if (!EVP_KDF_CTX_set_params(ctx, params))
         goto err;
 
@@ -190,10 +231,11 @@ static int self_test_kdf(const ST_KAT_KDF *t, OSSL_SELF_TEST *st,
 
     ret = 1;
 err:
-    for (i = 0; params[i].key != NULL; ++i)
-        OPENSSL_free(params[i].data);
     EVP_KDF_free(kdf);
     EVP_KDF_CTX_free(ctx);
+    BN_CTX_free(bnctx);
+    OSSL_PARAM_BLD_free_params(params);
+    OSSL_PARAM_BLD_free(bld);
     OSSL_SELF_TEST_onend(st, ret);
     return ret;
 }
@@ -300,6 +342,168 @@ err:
     return ret;
 }
 
+
+
+static int self_test_ka(const ST_KAT_KAS *t,
+                        OSSL_SELF_TEST *st, OPENSSL_CTX *libctx)
+{
+    int ret = 0;
+    EVP_PKEY_CTX *kactx = NULL, *dctx = NULL;
+    EVP_PKEY *pkey = NULL, *peerkey = NULL;
+    OSSL_PARAM *params = NULL;
+    OSSL_PARAM *params_peer = NULL;
+    unsigned char secret[256];
+    size_t secret_len;
+    OSSL_PARAM_BLD *bld = NULL;
+    BN_CTX *bnctx = NULL;
+
+    OSSL_SELF_TEST_onbegin(st, OSSL_SELF_TEST_TYPE_KAT_KA, t->desc);
+
+    bnctx = BN_CTX_new_ex(libctx);
+    if (bnctx == NULL)
+        goto err;
+
+    bld = OSSL_PARAM_BLD_new();
+    if (bld == NULL)
+        goto err;
+
+    if (!add_params(bld, t->key_group, bnctx)
+        || !add_params(bld, t->key_host_data, bnctx))
+        goto err;
+    params = OSSL_PARAM_BLD_to_param(bld);
+
+    if (!add_params(bld, t->key_group, bnctx)
+        || !add_params(bld, t->key_peer_data, bnctx))
+        goto err;
+
+    params_peer = OSSL_PARAM_BLD_to_param(bld);
+    if (params == NULL || params_peer == NULL)
+        goto err;
+
+    /* Create a EVP_PKEY_CTX to load the DH keys into */
+    kactx = EVP_PKEY_CTX_new_from_name(libctx, t->algorithm, "");
+    if (kactx == NULL)
+        goto err;
+    if (EVP_PKEY_key_fromdata_init(kactx) <= 0
+        || EVP_PKEY_fromdata(kactx, &pkey, params) <= 0)
+        goto err;
+    if (EVP_PKEY_key_fromdata_init(kactx) <= 0
+        || EVP_PKEY_fromdata(kactx, &peerkey, params_peer) <= 0)
+        goto err;
+
+    /* Create a EVP_PKEY_CTX to perform key derivation */
+    dctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, NULL);
+    if (dctx == NULL)
+        goto err;
+
+    if (EVP_PKEY_derive_init(dctx) <= 0
+        || EVP_PKEY_derive_set_peer(dctx, peerkey) <= 0
+        || EVP_PKEY_derive(dctx, secret, &secret_len) <= 0)
+        goto err;
+
+    OSSL_SELF_TEST_oncorrupt_byte(st, secret);
+
+    if (secret_len != t->expected_len
+        || memcmp(secret, t->expected, t->expected_len) != 0)
+        goto err;
+    ret = 1;
+err:
+    BN_CTX_free(bnctx);
+    EVP_PKEY_free(pkey);
+    EVP_PKEY_free(peerkey);
+    EVP_PKEY_CTX_free(kactx);
+    EVP_PKEY_CTX_free(dctx);
+    OSSL_PARAM_BLD_free_params(params_peer);
+    OSSL_PARAM_BLD_free_params(params);
+    OSSL_PARAM_BLD_free(bld);
+    OSSL_SELF_TEST_onend(st, ret);
+    return ret;
+}
+
+static int self_test_sign(const ST_KAT_SIGN *t,
+                         OSSL_SELF_TEST *st, OPENSSL_CTX *libctx)
+{
+    int ret = 0;
+    OSSL_PARAM *params = NULL, *params_sig = NULL;
+    OSSL_PARAM_BLD *bld = NULL;
+    EVP_PKEY_CTX *sctx = NULL, *kctx = NULL;
+    EVP_PKEY *pkey = NULL;
+    unsigned char sig[256];
+    BN_CTX *bnctx = NULL;
+    size_t siglen = 0;
+    static const unsigned char dgst[] = {
+        0x7f, 0x83, 0xb1, 0x65, 0x7f, 0xf1, 0xfc, 0x53, 0xb9, 0x2d, 0xc1, 0x81,
+        0x48, 0xa1, 0xd6, 0x5d, 0xfc, 0x2d, 0x4b, 0x1f, 0xa3, 0xd6, 0x77, 0x28,
+        0x4a, 0xdd, 0xd2, 0x00, 0x12, 0x6d, 0x90, 0x69
+    };
+
+    OSSL_SELF_TEST_onbegin(st, OSSL_SELF_TEST_TYPE_KAT_SIGNATURE, t->desc);
+
+    bnctx = BN_CTX_new_ex(libctx);
+    if (bnctx == NULL)
+        goto err;
+
+    bld = OSSL_PARAM_BLD_new();
+    if (bld == NULL)
+        goto err;
+
+    if (!add_params(bld, t->key, bnctx))
+        goto err;
+    params = OSSL_PARAM_BLD_to_param(bld);
+
+    /* Create a EVP_PKEY_CTX to load the DSA key into */
+    kctx = EVP_PKEY_CTX_new_from_name(libctx, t->algorithm, "");
+    if (kctx == NULL || params == NULL)
+        goto err;
+    if (EVP_PKEY_key_fromdata_init(kctx) <= 0
+        || EVP_PKEY_fromdata(kctx, &pkey, params) <= 0)
+        goto err;
+
+    /* Create a EVP_PKEY_CTX to use for the signing operation */
+    sctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, NULL);
+    if (sctx == NULL
+        || EVP_PKEY_sign_init(sctx) <= 0)
+        goto err;
+
+    /* set signature parameters */
+    if (!OSSL_PARAM_BLD_push_utf8_string(bld, OSSL_SIGNATURE_PARAM_DIGEST,
+                                         t->mdalgorithm,
+                                         strlen(t->mdalgorithm) + 1))
+        goto err;
+    params_sig = OSSL_PARAM_BLD_to_param(bld);
+    if (EVP_PKEY_CTX_set_params(sctx, params_sig) <= 0)
+        goto err;
+
+    if (EVP_PKEY_sign(sctx, sig, &siglen, dgst, sizeof(dgst)) <= 0
+        || EVP_PKEY_verify_init(sctx) <= 0
+        || EVP_PKEY_CTX_set_params(sctx, params_sig) <= 0)
+        goto err;
+
+    /*
+     * Used by RSA, for other key types where the signature changes, we
+     * can only use the verify.
+     */
+    if (t->sig_expected != NULL
+        && (siglen != t->sig_expected_len
+            || memcmp(sig, t->sig_expected, t->sig_expected_len) != 0))
+        goto err;
+
+    OSSL_SELF_TEST_oncorrupt_byte(st, sig);
+    if (EVP_PKEY_verify(sctx, sig, siglen, dgst, sizeof(dgst)) <= 0)
+        goto err;
+    ret = 1;
+err:
+    BN_CTX_free(bnctx);
+    EVP_PKEY_free(pkey);
+    EVP_PKEY_CTX_free(kctx);
+    EVP_PKEY_CTX_free(sctx);
+    OSSL_PARAM_BLD_free_params(params);
+    OSSL_PARAM_BLD_free_params(params_sig);
+    OSSL_PARAM_BLD_free(bld);
+    OSSL_SELF_TEST_onend(st, ret);
+    return ret;
+}
+
 /*
  * Test a data driven list of KAT's for digest algorithms.
  * All tests are run regardless of if they fail or not.
@@ -349,12 +553,32 @@ static int self_test_drbgs(OSSL_SELF_TEST *st, OPENSSL_CTX *libctx)
     return ret;
 }
 
+static int self_test_kas(OSSL_SELF_TEST *st, OPENSSL_CTX *libctx)
+{
+    int i, ret = 1;
+
+    for (i = 0; i < (int)OSSL_NELEM(st_kat_kas_tests); ++i) {
+        if (!self_test_ka(&st_kat_kas_tests[i], st, libctx))
+            ret = 0;
+    }
+    return ret;
+}
+
+static int self_test_signatures(OSSL_SELF_TEST *st, OPENSSL_CTX *libctx)
+{
+    int i, ret = 1;
+
+    for (i = 0; i < (int)OSSL_NELEM(st_kat_sign_tests); ++i) {
+        if (!self_test_sign(&st_kat_sign_tests[i], st, libctx))
+            ret = 0;
+    }
+    return ret;
+}
+
 /*
  * Run the algorithm KAT's.
  * Return 1 is successful, otherwise return 0.
  * This runs all the tests regardless of if any fail.
- *
- * TODO(3.0) Add self tests for KA, Sign/Verify when they become available
  */
 int SELF_TEST_kats(OSSL_SELF_TEST *st, OPENSSL_CTX *libctx)
 {
@@ -364,10 +588,14 @@ int SELF_TEST_kats(OSSL_SELF_TEST *st, OPENSSL_CTX *libctx)
         ret = 0;
     if (!self_test_ciphers(st, libctx))
         ret = 0;
+    if (!self_test_signatures(st, libctx))
+        ret = 0;
     if (!self_test_kdfs(st, libctx))
         ret = 0;
     if (!self_test_drbgs(st, libctx))
         ret = 0;
+    if (!self_test_kas(st, libctx))
+        ret = 0;
 
     return ret;
 }
index 3be6346ab90edc9f8db467992cdffa50878be76f..024d8c7ca51ab199f75835b994d7b6ecc6f39b90 100644 (file)
@@ -24,7 +24,7 @@ use platform;
 
 plan skip_all => "Test only supported in a fips build" if disabled("fips");
 
-plan tests => 10;
+plan tests => 12;
 
 my $infile = bldtop_file('providers', platform->dso('fips'));
 $ENV{OPENSSL_MODULES} = bldtop_dir("providers");
@@ -99,3 +99,21 @@ ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips.cnf', '-module', $infile,
             '-macopt', 'digest:SHA256', '-macopt', 'hexkey:00',
             '-section_name', 'fips_install', '-corrupt_desc', 'CTR'])),
    "fipsinstall fails when the DRBG CTR result is corrupted");
+
+# corrupt a KAS test
+ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips.conf', '-module', $infile,
+            '-provider_name', 'fips', '-mac_name', 'HMAC',
+            '-macopt', 'digest:SHA256', '-macopt', 'hexkey:00',
+            '-section_name', 'fips_install',
+            '-corrupt_desc', 'DH',
+            '-corrupt_type', 'KAT_KA'])),
+   "fipsinstall fails when the kas result is corrupted");
+
+# corrupt a Signature test
+ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips.conf', '-module', $infile,
+            '-provider_name', 'fips', '-mac_name', 'HMAC',
+            '-macopt', 'digest:SHA256', '-macopt', 'hexkey:00',
+            '-section_name', 'fips_install',
+            '-corrupt_desc', 'DSA',
+            '-corrupt_type', 'KAT_Signature'])),
+   "fipsinstall fails when the signature result is corrupted");