summaryrefslogtreecommitdiff
path: root/providers/fips
diff options
context:
space:
mode:
authorShane Lontis <shane.lontis@oracle.com>2020-04-03 16:50:36 +1000
committerShane Lontis <shane.lontis@oracle.com>2020-04-03 16:50:36 +1000
commitec4d1b8f8ce2d2ed1c378abfeffaabfda3cc7122 (patch)
tree8a98709b11db8c7913dde2d0ef4d72c572025f50 /providers/fips
parent4b1fe471ac99b9f8692be85dcbcbf6977eb35c78 (diff)
downloadopenssl-new-ec4d1b8f8ce2d2ed1c378abfeffaabfda3cc7122.tar.gz
Add data driven SELF TEST code for signatures and key agreement
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11036)
Diffstat (limited to 'providers/fips')
-rw-r--r--providers/fips/fipsprov.c353
-rw-r--r--providers/fips/self_test_data.inc836
-rw-r--r--providers/fips/self_test_kats.c274
3 files changed, 1050 insertions, 413 deletions
diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c
index 8fbb618527..c107d690b7 100644
--- a/providers/fips/fipsprov.c
+++ b/providers/fips/fipsprov.c
@@ -126,349 +126,6 @@ static OSSL_PARAM core_params[] =
OSSL_PARAM_END
};
-/*
- * Convert a string into a bignumber.
- * The array of hex_data is used to get around compilers that dont like
- * strings longer than 509 bytes,
- */
-#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA)
-static int hextobn(const char *hex_data[], BIGNUM **bn)
-{
- int ret = 0;
- int i, slen;
- char *str = NULL;
-
- /* Get the total length of the strings */
- for (slen = 0, i = 0; hex_data[i] != NULL; ++i)
- slen += strlen(hex_data[i]);
-
- /* Add 1 for the string terminator */
- str = OPENSSL_zalloc(slen + 1);
- if (str == NULL)
- return 0;
-
- /* join the strings together into 1 buffer */
- for (i = 0; hex_data[i] != NULL; ++i)
- strcat(str, hex_data[i]);
-
- if (BN_hex2bn(bn, str) <= 0)
- goto err;
- ret = 1;
-err:
- OPENSSL_free(str);
- return ret;
-}
-#endif /* !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA) */
-
-#ifndef OPENSSL_NO_DH
-static int hextobin(const char *hex_data[], unsigned char **out, size_t *len)
-{
- int ret = 0, sz;
- BIGNUM *bn = NULL;
- unsigned char *buf = NULL;
-
- if (!hextobn(hex_data, &bn))
- return 0;
- sz = BN_num_bytes(bn);
- buf = OPENSSL_zalloc(sz);
- if (buf == NULL)
- goto err;
- if (BN_bn2binpad(bn, buf, sz) <= 0)
- goto err;
-
- *out = buf;
- *len = sz;
- buf = NULL; /* Set to NULL so it is not freed */
- ret = 1;
-err:
- OPENSSL_free(buf);
- BN_free(bn);
- return ret;
-}
-#endif
-
-#ifndef OPENSSL_NO_DSA
-static int dsa_key_signature_test(OPENSSL_CTX *libctx)
-{
- int ret = 0;
- BIGNUM *p = NULL, *q = NULL, *g = NULL;
- BIGNUM *pub = NULL, *priv = NULL;
- OSSL_PARAM *params = NULL, *params_sig = NULL;
- OSSL_PARAM_BLD *bld = NULL;
- EVP_PKEY_CTX *sctx = NULL, *kctx = NULL;
- EVP_PKEY *pkey = NULL;
- unsigned char sig[64];
- size_t siglen;
-
- static const unsigned char dgst[SHA256_DIGEST_LENGTH] = {
- 0x7f, 0x83, 0xb1, 0x65, 0x7f, 0xf1, 0xfc, 0x53, 0xb9, 0x2d, 0xc1, 0x81,
- 0x48, 0xa1, 0xd6, 0x5d, 0xfc, 0x2d, 0x4b, 0x1f, 0xa3, 0xd6, 0x77, 0x28,
- 0x4a, 0xdd, 0xd2, 0x00, 0x12, 0x6d, 0x90, 0x69
- };
- /* dsa 2048 */
- static const char *dsa_p_hex[] = {
- "a29b8872ce8b8423b7d5d21d4b02f57e03e9e6b8a258dc16611ba098ab543415"
- "e415f156997a3ee236658fa093260de3ad422e05e046f9ec29161a375f0eb4ef"
- "fcef58285c5d39ed425d7a62ca12896c4a92cb1946f2952a48133f07da364d1b"
- "df6b0f7139983e693c80059b0eacd1479ba9f2857754ede75f112b07ebbf3534",
- "8bbf3e01e02f2d473de39453f99dd2367541caca3ba01166343d7b5b58a37bd1"
- "b7521db2f13b86707132fe09f4cd09dc1618fa3401ebf9cc7b19fa94aa472088"
- "133d6cb2d35c1179c8c8ff368758d507d9f9a17d46c110fe3144ce9b022b42e4"
- "19eb4f5388613bfc3e26241a432e8706bc58ef76117278deab6cf692618291b7",
- NULL
- };
- static const char *dsa_q_hex[] = {
- "a3bfd9ab7884794e383450d5891dc18b65157bdcfcdac51518902867",
- NULL
- };
- static const char *dsa_g_hex[] = {
- "6819278869c7fd3d2d7b77f77e8150d9ad433bea3ba85efc80415aa3545f78f7"
- "2296f06cb19ceda06c94b0551cfe6e6f863e31d1de6eed7dab8b0c9df231e084"
- "34d1184f91d033696bb382f8455e9888f5d31d4784ec40120246f4bea61794bb"
- "a5866f09746463bdf8e9e108cd9529c3d0f6df80316e2e70aaeb1b26cdb8ad97",
- "bc3d287e0b8d616c42e65b87db20deb7005bc416747a6470147a68a7820388eb"
- "f44d52e0628af9cf1b7166d03465f35acc31b6110c43dabc7c5d591e671eaf7c"
- "252c1c145336a1a4ddf13244d55e835680cab2533b82df2efe55ec18c1e6cd00"
- "7bb089758bb17c2cbe14441bd093ae66e5976d53733f4fa3269701d31d23d467",
- NULL
- };
- static const char *dsa_pub_hex[] = {
- "a012b3b170b307227957b7ca2061a816ac7a2b3d9ae995a5119c385b603bf6f6"
- "c5de4dc5ecb5dfa4a41c68662eb25b638b7e2620ba898d07da6c4991e76cc0ec"
- "d1ad3421077067e47c18f58a92a72ad43199ecb7bd84e7d3afb9019f0e9dd0fb"
- "aa487300b13081e33c902876436f7b03c345528481d362815e24fe59dac5ac34",
- "660d4c8a76cb99a7c7de93eb956cd6bc88e58d901034944a094b01803a43c672"
- "b9688c0e01d8f4fc91c62a3f88021f7bd6a651b1a88f43aa4ef27653d12bf8b7"
- "099fdf6b461082f8e939107bfd2f7210087d326c375200f1f51e7e74a3413190"
- "1bcd0863521ff8d676c48581868736c5e51b16a4e39215ea0b17c4735974c516",
- NULL
- };
- static const char *dsa_priv_hex[] = {
- "6ccaeef6d73b4e80f11c17b8e9627c036635bac39423505e407e5cb7",
- NULL
- };
-
- if (!hextobn(dsa_p_hex, &p)
- || !hextobn(dsa_q_hex, &q)
- || !hextobn(dsa_g_hex, &g)
- || !hextobn(dsa_pub_hex, &pub)
- || !hextobn(dsa_priv_hex, &priv))
- goto err;
-
- bld = OSSL_PARAM_BLD_new();
- if (bld == NULL
- || !OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p)
- || !OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q)
- || !OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g)
- || !OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY, pub)
- || !OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY, priv))
- goto err;
- params = OSSL_PARAM_BLD_to_param(bld);
-
- /* Create a EVP_PKEY_CTX to load the DSA key into */
- kctx = EVP_PKEY_CTX_new_from_name(libctx, SN_dsa, "");
- if (kctx == NULL || params == NULL)
- goto err;
- if (EVP_PKEY_key_fromdata_init(kctx) <= 0
- || EVP_PKEY_fromdata(kctx, &pkey, params) <= 0)
- goto err;
-
- /* Create a EVP_PKEY_CTX to use for the signing operation */
- sctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, NULL);
- if (sctx == NULL
- || EVP_PKEY_sign_init(sctx) <= 0)
- goto err;
-
- /* set signature parameters */
- if (!OSSL_PARAM_BLD_push_utf8_string(bld, OSSL_SIGNATURE_PARAM_DIGEST,
- SN_sha256,strlen(SN_sha256) + 1))
- goto err;
- params_sig = OSSL_PARAM_BLD_to_param(bld);
- if (EVP_PKEY_CTX_set_params(sctx, params_sig) <= 0)
- goto err;
-
- if (EVP_PKEY_sign(sctx, sig, &siglen, dgst, sizeof(dgst)) <= 0
- || EVP_PKEY_verify_init(sctx) <= 0
- || EVP_PKEY_verify(sctx, sig, siglen, dgst, sizeof(dgst)) <= 0)
- goto err;
- ret = 1;
-err:
- OSSL_PARAM_BLD_free_params(params);
- OSSL_PARAM_BLD_free_params(params_sig);
- OSSL_PARAM_BLD_free(bld);
- BN_free(p);
- BN_free(q);
- BN_free(g);
- BN_free(pub);
- BN_free(priv);
- EVP_PKEY_free(pkey);
- EVP_PKEY_CTX_free(kctx);
- EVP_PKEY_CTX_free(sctx);
- return ret;
-}
-#endif /* OPENSSL_NO_DSA */
-
-#ifndef OPENSSL_NO_DH
-static int dh_key_exchange_test(OPENSSL_CTX *libctx)
-{
- int ret = 0;
- BIGNUM *p = NULL, *q = NULL, *g = NULL;
- BIGNUM *pub = NULL, *priv = NULL, *pub_peer = NULL;
- unsigned char *kat_secret = NULL;
- EVP_PKEY_CTX *kactx = NULL, *dctx = NULL;
- EVP_PKEY *pkey = NULL, *peerkey = NULL;
- OSSL_PARAM *params = NULL;
- OSSL_PARAM *params_peer = NULL;
- unsigned char secret[256];
- size_t secret_len, kat_secret_len = 0;
- OSSL_PARAM_BLD *bld = NULL;
-
- /* DH KAT */
- static const char *dh_p_hex[] = {
- "dcca1511b2313225f52116e1542789e001f0425bccc7f366f7406407f1c9fa8b"
- "e610f1778bb170be39dbb76f85bf24ce6880adb7629f7c6d015e61d43fa3ee4d"
- "e185f2cfd041ffde9d418407e15138bb021daeb35f762d1782acc658d32bd4b0"
- "232c927dd38fa097b3d1859fa8acafb98f066608fc644ec7ddb6f08599f92ac1",
- "b59825da8432077def695646063c20823c9507ab6f0176d4730d990dbbe6361c"
- "d8b2b94d3d2f329b82099bd661f42950f403df3ede62a33188b02798ba823f44"
- "b946fe9df677a0c5a1238eaa97b70f80da8cac88e092b1127060ffbf45579994"
- "011dc2faa5e7f6c76245e1cc312231c17d1ca6b19007ef0db99f9cb60e1d5f69",
- NULL
- };
- static const char *dh_q_hex[] = {
- "898b226717ef039e603e82e5c7afe48374ac5f625c54f1ea11acb57d",
- NULL
- };
- static const char *dh_g_hex[] = {
- "5ef7b88f2df60139351dfbfe1266805fdf356cdfd13a4da0050c7ede"
- "246df59f6abf96ade5f2b28ffe88d6bce7f7894a3d535fc82126ddd4"
- "24872e16b838df8c51e9016f889c7c203e98a8b631f9c72563d38a49"
- "589a0753d358e783318cefd9677c7b2dbb77d6dce2a1963795ca64b9",
- "2d1c9aac6d0e8d431de5e50060dff78689c9eca1c1248c16ed09c7ad",
- "412a17406d2b525aa1cabb237b9734ec7b8ce3fae02f29c5efed30d6"
- "9187da109c2c9fe2aadbb0c22af54c616655000c431c6b4a379763b0"
- "a91658efc84e8b06358c8b4f213710fd10172cf39b830c2dd84a0c8a"
- "b82516ecab995fa4215e023e4ecf8074c39d6c88b70d1ee4e96fdc20",
- "ea115c32",
- NULL
- };
- static const char *dh_priv_hex[] = {
- "1433e0b5a917b60a3023f2f8aa2c2d70d2968aba9aeac81540b8fce6",
- NULL
- };
- static const char *dh_pub_hex[] = {
- "95dd338d29e5710492b918317b72a36936e1951a2ee5a5591699c048"
- "6d0d4f9bdd6d5a3f6b98890c62b37652d36e712111e68a7355372506"
- "99efe330537391fbc2c548bc5ac3e5b23386c3eef5eb43c099d70a52"
- "02687e83964248fca91f40908e8fb3319315f6d2606d7f7cd52cc6e7",
- "c5843afb22519cf0f0f9d3a0a4e8c88899efede7364351fb6a363ee7"
- "17e5445adab4c931a6483997b87dad83677e4d1d3a7775e0f6d00fdf"
- "73c7ad801e665a0e5a796d0a0380a19fa182efc8a04f5e4db90d1a86"
- "37f95db16436bdc8f3fc096c4ff7f234be8fef479ac4b0dc4b77263e",
- "07d9959de0f1bf3f0ae3d9d50e4b89c99e3ea1217343dd8c6581acc4"
- "959c91d3",
- NULL
- };
- static const char *dh_peer_pub_hex[] = {
- "1fc1da341d1a846a96b7be24340f877dd010aa0356d5ad58aae9c7b0"
- "8f749a32235110b5d88eb5dbfa978d27ecc530f02d3114005b64b1c0"
- "e024cb8ae21698bca9e60d42808622f181c56e1de7a96e6efee9d665"
- "67e91b977042c7e3d0448f05fb77f522b9bfc8d33cc3c31ed3b31f0f",
- "ecb6db4f6ea311e77afdbcd47aee1bb150f216873578fb96468e8f9f"
- "3de8efbfce75624b1df05322a34f1463e839e8984c4ad0a96e1ac842"
- "e5318cc23c062a8ca171b8d575980dde7fc56f1536523820d43192bf"
- "d51e8e228978aca5b94472f339caeb9931b42be301268bc99789c9b2",
- "5571c3c0e4cb3f007f1a511cbb53c8519cdd1302abca6c0f34f96739"
- "f17ff48b",
- NULL
- };
- static const char *dh_secret_exptd_hex[] = {
- "08ff33bb2ecff49a7d4a7912aeb1bb6ab511641b4a76770c8cc1bcc2"
- "33343dfe700d11813d2c9ed23b211ca9e8786921edca283c68b16153"
- "fa01e91ab82c90ddab4a95816770a98710e14c92ab83b6e46e1e426e"
- "e852430d6187daa3720a6bcd73235c6b0f941f3364f50420551a4bfe",
- "afe2bc438505a59a4a40daca7a895a73db575c74c13a23ad8832957d"
- "582d38f0a6165fb0d7e9b8799e42fd3220e332e98185a0c9429757b2"
- "d0d02c17dbaa1ff6ed93d7e73e241eaed90caf394d2bc6570f18c81f"
- "2be5d01a2ca99ff142b5d963f9f500325e7556f95849b3ffc7479486",
- "be1d4596a3106bd5cb4f61c57ec5f100fb7a0c82a10b82526a97d1d9"
- "7d98eaf6",
- NULL
- };
-
- if (!hextobn(dh_p_hex, &p)
- || !hextobn(dh_q_hex, &q)
- || !hextobn(dh_g_hex, &g)
- || !hextobn(dh_pub_hex, &pub)
- || !hextobn(dh_priv_hex, &priv)
- || !hextobn(dh_peer_pub_hex, &pub_peer)
- || !hextobin(dh_secret_exptd_hex, &kat_secret, &kat_secret_len))
- goto err;
-
- bld = OSSL_PARAM_BLD_new();
- if (bld == NULL
- || !OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p)
- || !OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q)
- || !OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g)
- || !OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY, pub)
- || !OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY, priv))
- goto err;
- params = OSSL_PARAM_BLD_to_param(bld);
-
- if (!OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p)
- || !OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q)
- || !OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g)
- || !OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY, pub_peer))
- goto err;
-
- params_peer = OSSL_PARAM_BLD_to_param(bld);
- if (params == NULL || params_peer == NULL)
- goto err;
-
- /* Create a EVP_PKEY_CTX to load the DH keys into */
- kactx = EVP_PKEY_CTX_new_from_name(libctx, "DH", "");
- if (kactx == NULL)
- goto err;
- if (EVP_PKEY_key_fromdata_init(kactx) <= 0
- || EVP_PKEY_fromdata(kactx, &pkey, params) <= 0)
- goto err;
- if (EVP_PKEY_key_fromdata_init(kactx) <= 0
- || EVP_PKEY_fromdata(kactx, &peerkey, params_peer) <= 0)
- goto err;
-
- /* Create a EVP_PKEY_CTX to perform key derivation */
- dctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, NULL);
- if (dctx == NULL)
- goto err;
-
- if (EVP_PKEY_derive_init(dctx) <= 0
- || EVP_PKEY_derive_set_peer(dctx, peerkey) <= 0
- || EVP_PKEY_derive(dctx, secret, &secret_len) <= 0)
- goto err;
-
- if (secret_len != kat_secret_len
- || memcmp(secret, kat_secret, secret_len) != 0)
- goto err;
- ret = 1;
-err:
- OSSL_PARAM_BLD_free(bld);
- OSSL_PARAM_BLD_free_params(params_peer);
- OSSL_PARAM_BLD_free_params(params);
- BN_free(p);
- BN_free(q);
- BN_free(g);
- BN_free(pub);
- BN_free(priv);
- BN_free(pub_peer);
- OPENSSL_free(kat_secret);
- EVP_PKEY_free(pkey);
- EVP_PKEY_free(peerkey);
- EVP_PKEY_CTX_free(kactx);
- EVP_PKEY_CTX_free(dctx);
- return ret;
-}
-#endif /* OPENSSL_NO_DH */
-
/* TODO(3.0): To be removed */
static int dummy_evp_call(void *provctx)
{
@@ -536,16 +193,6 @@ static int dummy_evp_call(void *provctx)
goto err;
#endif
-#ifndef OPENSSL_NO_DSA
- if (!dsa_key_signature_test(libctx))
- goto err;
-#endif
-
-#ifndef OPENSSL_NO_DH
- if (!dh_key_exchange_test(libctx))
- goto err;
-#endif /* OPENSSL_NO_DH */
-
ret = 1;
err:
BN_CTX_end(bnctx);
diff --git a/providers/fips/self_test_data.inc b/providers/fips/self_test_data.inc
index c91e7d83c1..43de2aa3f2 100644
--- a/providers/fips/self_test_data.inc
+++ b/providers/fips/self_test_data.inc
@@ -7,6 +7,26 @@
* https://www.openssl.org/source/license.html
*/
+/* Macros to build Self test data */
+#define ITM(x) x, sizeof(x)
+#define ITM_STR(x) x, (sizeof(x) - 1)
+
+#define ST_KAT_PARAM_END() { "", 0, NULL, 0 }
+#define ST_KAT_PARAM_BIGNUM(name, data) \
+ { name, OSSL_PARAM_UNSIGNED_INTEGER, ITM(data) }
+#define ST_KAT_PARAM_OCTET(name, data) \
+ { name, OSSL_PARAM_OCTET_STRING, ITM(data) }
+#define ST_KAT_PARAM_UTF8STRING(name, data) \
+ { name, OSSL_PARAM_UTF8_STRING, ITM_STR(data) }
+
+/* used to store raw parameters for keys and algorithms */
+typedef struct st_kat_param_st {
+ const char *name; /* an OSSL_PARAM name */
+ size_t type; /* the type associated with the data */
+ const void *data; /* unsigned char [], or char [] depending on the type */
+ size_t data_len; /* the length of the data */
+} ST_KAT_PARAM;
+
typedef struct st_kat_st {
const char *desc;
const char *algorithm;
@@ -29,15 +49,10 @@ typedef struct st_kat_cipher_st {
size_t tag_len;
} ST_KAT_CIPHER;
-typedef struct st_kat_nvp_st {
- const char *name;
- const char *value;
-} ST_KAT_NVP;
-
typedef struct st_kat_kdf_st {
const char *desc;
const char *algorithm;
- const ST_KAT_NVP *ctrls;
+ const ST_KAT_PARAM *params;
const unsigned char *expected;
size_t expected_len;
} ST_KAT_KDF;
@@ -64,9 +79,26 @@ typedef struct st_kat_drbg_st {
size_t expectedlen;
} ST_KAT_DRBG;
-/* Macros to build Self test data */
-#define ITM(x) x, sizeof(x)
-#define ITM_STR(x) x, sizeof(x) - 1
+typedef struct st_kat_kas_st {
+ const char *desc;
+ const char *algorithm;
+
+ const ST_KAT_PARAM *key_group;
+ const ST_KAT_PARAM *key_host_data;
+ const ST_KAT_PARAM *key_peer_data;
+
+ const unsigned char *expected;
+ size_t expected_len;
+} ST_KAT_KAS;
+
+typedef struct st_kat_sign_st {
+ const char *desc;
+ const char *algorithm;
+ const char *mdalgorithm;
+ const ST_KAT_PARAM *key;
+ const unsigned char *sig_expected; /* Set to NULL if this value changes */
+ size_t sig_expected_len;
+} ST_KAT_SIGN;
/*- DIGEST TEST DATA */
static const unsigned char sha1_pt[] = "abc";
@@ -118,11 +150,11 @@ static const ST_KAT_DIGEST st_kat_digest_tests[] =
/* DES3 test data */
static const unsigned char des_ede3_cbc_pt[] = {
- 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 0xE9, 0x3D, 0x7E, 0x11,
- 0x73, 0x93, 0x17, 0x2A, 0xAE, 0x2D, 0x8A, 0x57, 0x1E, 0x03, 0xAC, 0x9C,
+ 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96,
+ 0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A,
+ 0xAE, 0x2D, 0x8A, 0x57, 0x1E, 0x03, 0xAC, 0x9C,
0x9E, 0xB7, 0x6F, 0xAC, 0x45, 0xAF, 0x8E, 0x51
};
-
static const unsigned char des_ede3_cbc_key[] = {
0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x01,
@@ -132,34 +164,38 @@ static const unsigned char des_ede3_cbc_iv[] = {
0xF6, 0x9F, 0x24, 0x45, 0xDF, 0x4F, 0x9B, 0x17
};
static const unsigned char des_ede3_cbc_ct[] = {
- 0x20, 0x79, 0xC3, 0xD5, 0x3A, 0xA7, 0x63, 0xE1, 0x93, 0xB7, 0x9E, 0x25,
- 0x69, 0xAB, 0x52, 0x62, 0x51, 0x65, 0x70, 0x48, 0x1F, 0x25, 0xB5, 0x0F,
+ 0x20, 0x79, 0xC3, 0xD5, 0x3A, 0xA7, 0x63, 0xE1,
+ 0x93, 0xB7, 0x9E, 0x25, 0x69, 0xAB, 0x52, 0x62,
+ 0x51, 0x65, 0x70, 0x48, 0x1F, 0x25, 0xB5, 0x0F,
0x73, 0xC0, 0xBD, 0xA8, 0x5C, 0x8E, 0x0D, 0xA7
};
+/* AES-256 GCM test data */
static const unsigned char aes_256_gcm_key[] = {
- 0x92,0xe1,0x1d,0xcd,0xaa,0x86,0x6f,0x5c,0xe7,0x90,0xfd,0x24,
- 0x50,0x1f,0x92,0x50,0x9a,0xac,0xf4,0xcb,0x8b,0x13,0x39,0xd5,
- 0x0c,0x9c,0x12,0x40,0x93,0x5d,0xd0,0x8b
+ 0x92, 0xe1, 0x1d, 0xcd, 0xaa, 0x86, 0x6f, 0x5c,
+ 0xe7, 0x90, 0xfd, 0x24, 0x50, 0x1f, 0x92, 0x50,
+ 0x9a, 0xac, 0xf4, 0xcb, 0x8b, 0x13, 0x39, 0xd5,
+ 0x0c, 0x9c, 0x12, 0x40, 0x93, 0x5d, 0xd0, 0x8b
};
static const unsigned char aes_256_gcm_iv[] = {
- 0xac,0x93,0xa1,0xa6,0x14,0x52,0x99,0xbd,0xe9,0x02,0xf2,0x1a
+ 0xac, 0x93, 0xa1, 0xa6, 0x14, 0x52, 0x99, 0xbd,
+ 0xe9, 0x02, 0xf2, 0x1a
};
static const unsigned char aes_256_gcm_pt[] = {
- 0x2d,0x71,0xbc,0xfa,0x91,0x4e,0x4a,0xc0,0x45,0xb2,0xaa,0x60,
- 0x95,0x5f,0xad,0x24
+ 0x2d, 0x71, 0xbc, 0xfa, 0x91, 0x4e, 0x4a, 0xc0,
+ 0x45, 0xb2, 0xaa, 0x60, 0x95, 0x5f, 0xad, 0x24
};
static const unsigned char aes_256_gcm_aad[] = {
- 0x1e,0x08,0x89,0x01,0x6f,0x67,0x60,0x1c,0x8e,0xbe,0xa4,0x94,
- 0x3b,0xc2,0x3a,0xd6
+ 0x1e, 0x08, 0x89, 0x01, 0x6f, 0x67, 0x60, 0x1c,
+ 0x8e, 0xbe, 0xa4, 0x94, 0x3b, 0xc2, 0x3a, 0xd6
};
static const unsigned char aes_256_gcm_ct[] = {
- 0x89,0x95,0xae,0x2e,0x6d,0xf3,0xdb,0xf9,0x6f,0xac,0x7b,0x71,
- 0x37,0xba,0xe6,0x7f
+ 0x89, 0x95, 0xae, 0x2e, 0x6d, 0xf3, 0xdb, 0xf9,
+ 0x6f, 0xac, 0x7b, 0x71, 0x37, 0xba, 0xe6, 0x7f
};
static const unsigned char aes_256_gcm_tag[] = {
- 0xec,0xa5,0xaa,0x77,0xd5,0x1d,0x4a,0x0a,0x14,0xd9,0xc5,0x1e,
- 0x1d,0xa4,0x74,0xab
+ 0xec, 0xa5, 0xaa, 0x77, 0xd5, 0x1d, 0x4a, 0x0a,
+ 0x14, 0xd9, 0xc5, 0x1e, 0x1d, 0xa4, 0x74, 0xab
};
static const ST_KAT_CIPHER st_kat_cipher_tests[] = {
@@ -189,27 +225,65 @@ static const ST_KAT_CIPHER st_kat_cipher_tests[] = {
}
};
-/*- KDF TEST DATA */
+static const char hkdf_digest[] = "SHA256";
+static const unsigned char hkdf_secret[] = { 's', 'e', 'c', 'r', 'e', 't' };
+static const unsigned char hkdf_salt[] = { 's', 'a', 'l', 't' };
+static const unsigned char hkdf_info[] = { 'l', 'a', 'b', 'e', 'l' };
-static const ST_KAT_NVP hkdf_ctrl[] =
-{
- { "digest", "SHA256" },
- { "key", "secret" },
- { "salt", "salt" },
- { "info", "label" },
- { NULL, NULL }
+static const ST_KAT_PARAM hkdf_params[] = {
+ ST_KAT_PARAM_UTF8STRING(OSSL_KDF_PARAM_DIGEST, hkdf_digest),
+ ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_KEY, hkdf_secret),
+ ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_SALT, hkdf_salt),
+ ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_INFO, hkdf_info),
+ ST_KAT_PARAM_END()
};
static const unsigned char hkdf_expected[] = {
- 0x2a, 0xc4, 0x36, 0x9f, 0x52, 0x59, 0x96, 0xf8, 0xde, 0x13
+ 0x2a, 0xc4, 0x36, 0x9f, 0x52, 0x59, 0x96, 0xf8,
+ 0xde, 0x13
+};
+
+static const char sskdf_digest[] = "SHA224";
+static const unsigned char sskdf_secret[] = {
+ 0x6d, 0xbd, 0xc2, 0x3f, 0x04, 0x54, 0x88, 0xe4,
+ 0x06, 0x27, 0x57, 0xb0, 0x6b, 0x9e, 0xba, 0xe1,
+ 0x83, 0xfc, 0x5a, 0x59, 0x46, 0xd8, 0x0d, 0xb9,
+ 0x3f, 0xec, 0x6f, 0x62, 0xec, 0x07, 0xe3, 0x72,
+ 0x7f, 0x01, 0x26, 0xae, 0xd1, 0x2c, 0xe4, 0xb2,
+ 0x62, 0xf4, 0x7d, 0x48, 0xd5, 0x42, 0x87, 0xf8,
+ 0x1d, 0x47, 0x4c, 0x7c, 0x3b, 0x18, 0x50, 0xe9
+};
+static const unsigned char sskdf_otherinfo[] = {
+ 0xa1, 0xb2, 0xc3, 0xd4, 0xe5, 0x43, 0x41, 0x56,
+ 0x53, 0x69, 0x64, 0x3c, 0x83, 0x2e, 0x98, 0x49,
+ 0xdc, 0xdb, 0xa7, 0x1e, 0x9a, 0x31, 0x39, 0xe6,
+ 0x06, 0xe0, 0x95, 0xde, 0x3c, 0x26, 0x4a, 0x66,
+ 0xe9, 0x8a, 0x16, 0x58, 0x54, 0xcd, 0x07, 0x98,
+ 0x9b, 0x1e, 0xe0, 0xec, 0x3f, 0x8d, 0xbe
+};
+static const unsigned char sskdf_expected[] = {
+ 0xa4, 0x62, 0xde, 0x16, 0xa8, 0x9d, 0xe8, 0x46,
+ 0x6e, 0xf5, 0x46, 0x0b, 0x47, 0xb8
+};
+static const ST_KAT_PARAM sskdf_params[] = {
+ ST_KAT_PARAM_UTF8STRING(OSSL_KDF_PARAM_DIGEST, sskdf_digest),
+ ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_KEY, sskdf_secret),
+ ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_INFO, sskdf_otherinfo),
+ ST_KAT_PARAM_END()
};
static const ST_KAT_KDF st_kat_kdf_tests[] =
{
{
OSSL_SELF_TEST_DESC_KDF_HKDF,
- "HKDF",
- hkdf_ctrl,
+ OSSL_KDF_NAME_HKDF,
+ hkdf_params,
ITM(hkdf_expected)
+ },
+ {
+ OSSL_SELF_TEST_DESC_KDF_SSKDF,
+ OSSL_KDF_NAME_SSKDF,
+ sskdf_params,
+ ITM(sskdf_expected)
}
};
@@ -422,3 +496,691 @@ static const ST_KAT_DRBG st_kat_drbg_tests[] =
ITM(drbg_hmac_sha1_pr_expected)
}
};
+
+/* KEY EXCHANGE TEST DATA */
+
+#ifndef OPENSSL_NO_DH
+/* DH KAT */
+static const unsigned char dh_p[] = {
+ 0xdc, 0xca, 0x15, 0x11, 0xb2, 0x31, 0x32, 0x25,
+ 0xf5, 0x21, 0x16, 0xe1, 0x54, 0x27, 0x89, 0xe0,
+ 0x01, 0xf0, 0x42, 0x5b, 0xcc, 0xc7, 0xf3, 0x66,
+ 0xf7, 0x40, 0x64, 0x07, 0xf1, 0xc9, 0xfa, 0x8b,
+ 0xe6, 0x10, 0xf1, 0x77, 0x8b, 0xb1, 0x70, 0xbe,
+ 0x39, 0xdb, 0xb7, 0x6f, 0x85, 0xbf, 0x24, 0xce,
+ 0x68, 0x80, 0xad, 0xb7, 0x62, 0x9f, 0x7c, 0x6d,
+ 0x01, 0x5e, 0x61, 0xd4, 0x3f, 0xa3, 0xee, 0x4d,
+ 0xe1, 0x85, 0xf2, 0xcf, 0xd0, 0x41, 0xff, 0xde,
+ 0x9d, 0x41, 0x84, 0x07, 0xe1, 0x51, 0x38, 0xbb,
+ 0x02, 0x1d, 0xae, 0xb3, 0x5f, 0x76, 0x2d, 0x17,
+ 0x82, 0xac, 0xc6, 0x58, 0xd3, 0x2b, 0xd4, 0xb0,
+ 0x23, 0x2c, 0x92, 0x7d, 0xd3, 0x8f, 0xa0, 0x97,
+ 0xb3, 0xd1, 0x85, 0x9f, 0xa8, 0xac, 0xaf, 0xb9,
+ 0x8f, 0x06, 0x66, 0x08, 0xfc, 0x64, 0x4e, 0xc7,
+ 0xdd, 0xb6, 0xf0, 0x85, 0x99, 0xf9, 0x2a, 0xc1,
+ 0xb5, 0x98, 0x25, 0xda, 0x84, 0x32, 0x07, 0x7d,
+ 0xef, 0x69, 0x56, 0x46, 0x06, 0x3c, 0x20, 0x82,
+ 0x3c, 0x95, 0x07, 0xab, 0x6f, 0x01, 0x76, 0xd4,
+ 0x73, 0x0d, 0x99, 0x0d, 0xbb, 0xe6, 0x36, 0x1c,
+ 0xd8, 0xb2, 0xb9, 0x4d, 0x3d, 0x2f, 0x32, 0x9b,
+ 0x82, 0x09, 0x9b, 0xd6, 0x61, 0xf4, 0x29, 0x50,
+ 0xf4, 0x03, 0xdf, 0x3e, 0xde, 0x62, 0xa3, 0x31,
+ 0x88, 0xb0, 0x27, 0x98, 0xba, 0x82, 0x3f, 0x44,
+ 0xb9, 0x46, 0xfe, 0x9d, 0xf6, 0x77, 0xa0, 0xc5,
+ 0xa1, 0x23, 0x8e, 0xaa, 0x97, 0xb7, 0x0f, 0x80,
+ 0xda, 0x8c, 0xac, 0x88, 0xe0, 0x92, 0xb1, 0x12,
+ 0x70, 0x60, 0xff, 0xbf, 0x45, 0x57, 0x99, 0x94,
+ 0x01, 0x1d, 0xc2, 0xfa, 0xa5, 0xe7, 0xf6, 0xc7,
+ 0x62, 0x45, 0xe1, 0xcc, 0x31, 0x22, 0x31, 0xc1,
+ 0x7d, 0x1c, 0xa6, 0xb1, 0x90, 0x07, 0xef, 0x0d,
+ 0xb9, 0x9f, 0x9c, 0xb6, 0x0e, 0x1d, 0x5f, 0x69
+};
+static const unsigned char dh_q[] = {
+ 0x89, 0x8b, 0x22, 0x67, 0x17, 0xef, 0x03, 0x9e,
+ 0x60, 0x3e, 0x82, 0xe5, 0xc7, 0xaf, 0xe4, 0x83,
+ 0x74, 0xac, 0x5f, 0x62, 0x5c, 0x54, 0xf1, 0xea,
+ 0x11, 0xac, 0xb5, 0x7d
+};
+static const unsigned char dh_g[] = {
+ 0x5e, 0xf7, 0xb8, 0x8f, 0x2d, 0xf6, 0x01, 0x39,
+ 0x35, 0x1d, 0xfb, 0xfe, 0x12, 0x66, 0x80, 0x5f,
+ 0xdf, 0x35, 0x6c, 0xdf, 0xd1, 0x3a, 0x4d, 0xa0,
+ 0x05, 0x0c, 0x7e, 0xde, 0x24, 0x6d, 0xf5, 0x9f,
+ 0x6a, 0xbf, 0x96, 0xad, 0xe5, 0xf2, 0xb2, 0x8f,
+ 0xfe, 0x88, 0xd6, 0xbc, 0xe7, 0xf7, 0x89, 0x4a,
+ 0x3d, 0x53, 0x5f, 0xc8, 0x21, 0x26, 0xdd, 0xd4,
+ 0x24, 0x87, 0x2e, 0x16, 0xb8, 0x38, 0xdf, 0x8c,
+ 0x51, 0xe9, 0x01, 0x6f, 0x88, 0x9c, 0x7c, 0x20,
+ 0x3e, 0x98, 0xa8, 0xb6, 0x31, 0xf9, 0xc7, 0x25,
+ 0x63, 0xd3, 0x8a, 0x49, 0x58, 0x9a, 0x07, 0x53,
+ 0xd3, 0x58, 0xe7, 0x83, 0x31, 0x8c, 0xef, 0xd9,
+ 0x67, 0x7c, 0x7b, 0x2d, 0xbb, 0x77, 0xd6, 0xdc,
+ 0xe2, 0xa1, 0x96, 0x37, 0x95, 0xca, 0x64, 0xb9,
+ 0x2d, 0x1c, 0x9a, 0xac, 0x6d, 0x0e, 0x8d, 0x43,
+ 0x1d, 0xe5, 0xe5, 0x00, 0x60, 0xdf, 0xf7, 0x86,
+ 0x89, 0xc9, 0xec, 0xa1, 0xc1, 0x24, 0x8c, 0x16,
+ 0xed, 0x09, 0xc7, 0xad, 0x41, 0x2a, 0x17, 0x40,
+ 0x6d, 0x2b, 0x52, 0x5a, 0xa1, 0xca, 0xbb, 0x23,
+ 0x7b, 0x97, 0x34, 0xec, 0x7b, 0x8c, 0xe3, 0xfa,
+ 0xe0, 0x2f, 0x29, 0xc5, 0xef, 0xed, 0x30, 0xd6,
+ 0x91, 0x87, 0xda, 0x10, 0x9c, 0x2c, 0x9f, 0xe2,
+ 0xaa, 0xdb, 0xb0, 0xc2, 0x2a, 0xf5, 0x4c, 0x61,
+ 0x66, 0x55, 0x00, 0x0c, 0x43, 0x1c, 0x6b, 0x4a,
+ 0x37, 0x97, 0x63, 0xb0, 0xa9, 0x16, 0x58, 0xef,
+ 0xc8, 0x4e, 0x8b, 0x06, 0x35, 0x8c, 0x8b, 0x4f,
+ 0x21, 0x37, 0x10, 0xfd, 0x10, 0x17, 0x2c, 0xf3,
+ 0x9b, 0x83, 0x0c, 0x2d, 0xd8, 0x4a, 0x0c, 0x8a,
+ 0xb8, 0x25, 0x16, 0xec, 0xab, 0x99, 0x5f, 0xa4,
+ 0x21, 0x5e, 0x02, 0x3e, 0x4e, 0xcf, 0x80, 0x74,
+ 0xc3, 0x9d, 0x6c, 0x88, 0xb7, 0x0d, 0x1e, 0xe4,
+ 0xe9, 0x6f, 0xdc, 0x20, 0xea, 0x11, 0x5c, 0x32
+};
+static const unsigned char dh_priv[] = {
+ 0x14, 0x33, 0xe0, 0xb5, 0xa9, 0x17, 0xb6, 0x0a,
+ 0x30, 0x23, 0xf2, 0xf8, 0xaa, 0x2c, 0x2d, 0x70,
+ 0xd2, 0x96, 0x8a, 0xba, 0x9a, 0xea, 0xc8, 0x15,
+ 0x40, 0xb8, 0xfc, 0xe6
+};
+static const unsigned char dh_pub[] = {
+ 0x95, 0xdd, 0x33, 0x8d, 0x29, 0xe5, 0x71, 0x04,
+ 0x92, 0xb9, 0x18, 0x31, 0x7b, 0x72, 0xa3, 0x69,
+ 0x36, 0xe1, 0x95, 0x1a, 0x2e, 0xe5, 0xa5, 0x59,
+ 0x16, 0x99, 0xc0, 0x48, 0x6d, 0x0d, 0x4f, 0x9b,
+ 0xdd, 0x6d, 0x5a, 0x3f, 0x6b, 0x98, 0x89, 0x0c,
+ 0x62, 0xb3, 0x76, 0x52, 0xd3, 0x6e, 0x71, 0x21,
+ 0x11, 0xe6, 0x8a, 0x73, 0x55, 0x37, 0x25, 0x06,
+ 0x99, 0xef, 0xe3, 0x30, 0x53, 0x73, 0x91, 0xfb,
+ 0xc2, 0xc5, 0x48, 0xbc, 0x5a, 0xc3, 0xe5, 0xb2,
+ 0x33, 0x86, 0xc3, 0xee, 0xf5, 0xeb, 0x43, 0xc0,
+ 0x99, 0xd7, 0x0a, 0x52, 0x02, 0x68, 0x7e, 0x83,
+ 0x96, 0x42, 0x48, 0xfc, 0xa9, 0x1f, 0x40, 0x90,
+ 0x8e, 0x8f, 0xb3, 0x31, 0x93, 0x15, 0xf6, 0xd2,
+ 0x60, 0x6d, 0x7f, 0x7c, 0xd5, 0x2c, 0xc6, 0xe7,
+ 0xc5, 0x84, 0x3a, 0xfb, 0x22, 0x51, 0x9c, 0xf0,
+ 0xf0, 0xf9, 0xd3, 0xa0, 0xa4, 0xe8, 0xc8, 0x88,
+ 0x99, 0xef, 0xed, 0xe7, 0x36, 0x43, 0x51, 0xfb,
+ 0x6a, 0x36, 0x3e, 0xe7, 0x17, 0xe5, 0x44, 0x5a,
+ 0xda, 0xb4, 0xc9, 0x31, 0xa6, 0x48, 0x39, 0x97,
+ 0xb8, 0x7d, 0xad, 0x83, 0x67, 0x7e, 0x4d, 0x1d,
+ 0x3a, 0x77, 0x75, 0xe0, 0xf6, 0xd0, 0x0f, 0xdf,
+ 0x73, 0xc7, 0xad, 0x80, 0x1e, 0x66, 0x5a, 0x0e,
+ 0x5a, 0x79, 0x6d, 0x0a, 0x03, 0x80, 0xa1, 0x9f,
+ 0xa1, 0x82, 0xef, 0xc8, 0xa0, 0x4f, 0x5e, 0x4d,
+ 0xb9, 0x0d, 0x1a, 0x86, 0x37, 0xf9, 0x5d, 0xb1,
+ 0x64, 0x36, 0xbd, 0xc8, 0xf3, 0xfc, 0x09, 0x6c,
+ 0x4f, 0xf7, 0xf2, 0x34, 0xbe, 0x8f, 0xef, 0x47,
+ 0x9a, 0xc4, 0xb0, 0xdc, 0x4b, 0x77, 0x26, 0x3e,
+ 0x07, 0xd9, 0x95, 0x9d, 0xe0, 0xf1, 0xbf, 0x3f,
+ 0x0a, 0xe3, 0xd9, 0xd5, 0x0e, 0x4b, 0x89, 0xc9,
+ 0x9e, 0x3e, 0xa1, 0x21, 0x73, 0x43, 0xdd, 0x8c,
+ 0x65, 0x81, 0xac, 0xc4, 0x95, 0x9c, 0x91, 0xd3
+};
+static const unsigned char dh_peer_pub[] = {
+ 0x1f, 0xc1, 0xda, 0x34, 0x1d, 0x1a, 0x84, 0x6a,
+ 0x96, 0xb7, 0xbe, 0x24, 0x34, 0x0f, 0x87, 0x7d,
+ 0xd0, 0x10, 0xaa, 0x03, 0x56, 0xd5, 0xad, 0x58,
+ 0xaa, 0xe9, 0xc7, 0xb0, 0x8f, 0x74, 0x9a, 0x32,
+ 0x23, 0x51, 0x10, 0xb5, 0xd8, 0x8e, 0xb5, 0xdb,
+ 0xfa, 0x97, 0x8d, 0x27, 0xec, 0xc5, 0x30, 0xf0,
+ 0x2d, 0x31, 0x14, 0x00, 0x5b, 0x64, 0xb1, 0xc0,
+ 0xe0, 0x24, 0xcb, 0x8a, 0xe2, 0x16, 0x98, 0xbc,
+ 0xa9, 0xe6, 0x0d, 0x42, 0x80, 0x86, 0x22, 0xf1,
+ 0x81, 0xc5, 0x6e, 0x1d, 0xe7, 0xa9, 0x6e, 0x6e,
+ 0xfe, 0xe9, 0xd6, 0x65, 0x67, 0xe9, 0x1b, 0x97,
+ 0x70, 0x42, 0xc7, 0xe3, 0xd0, 0x44, 0x8f, 0x05,
+ 0xfb, 0x77, 0xf5, 0x22, 0xb9, 0xbf, 0xc8, 0xd3,
+ 0x3c, 0xc3, 0xc3, 0x1e, 0xd3, 0xb3, 0x1f, 0x0f,
+ 0xec, 0xb6, 0xdb, 0x4f, 0x6e, 0xa3, 0x11, 0xe7,
+ 0x7a, 0xfd, 0xbc, 0xd4, 0x7a, 0xee, 0x1b, 0xb1,
+ 0x50, 0xf2, 0x16, 0x87, 0x35, 0x78, 0xfb, 0x96,
+ 0x46, 0x8e, 0x8f, 0x9f, 0x3d, 0xe8, 0xef, 0xbf,
+ 0xce, 0x75, 0x62, 0x4b, 0x1d, 0xf0, 0x53, 0x22,
+ 0xa3, 0x4f, 0x14, 0x63, 0xe8, 0x39, 0xe8, 0x98,
+ 0x4c, 0x4a, 0xd0, 0xa9, 0x6e, 0x1a, 0xc8, 0x42,
+ 0xe5, 0x31, 0x8c, 0xc2, 0x3c, 0x06, 0x2a, 0x8c,
+ 0xa1, 0x71, 0xb8, 0xd5, 0x75, 0x98, 0x0d, 0xde,
+ 0x7f, 0xc5, 0x6f, 0x15, 0x36, 0x52, 0x38, 0x20,
+ 0xd4, 0x31, 0x92, 0xbf, 0xd5, 0x1e, 0x8e, 0x22,
+ 0x89, 0x78, 0xac, 0xa5, 0xb9, 0x44, 0x72, 0xf3,
+ 0x39, 0xca, 0xeb, 0x99, 0x31, 0xb4, 0x2b, 0xe3,
+ 0x01, 0x26, 0x8b, 0xc9, 0x97, 0x89, 0xc9, 0xb2,
+ 0x55, 0x71, 0xc3, 0xc0, 0xe4, 0xcb, 0x3f, 0x00,
+ 0x7f, 0x1a, 0x51, 0x1c, 0xbb, 0x53, 0xc8, 0x51,
+ 0x9c, 0xdd, 0x13, 0x02, 0xab, 0xca, 0x6c, 0x0f,
+ 0x34, 0xf9, 0x67, 0x39, 0xf1, 0x7f, 0xf4, 0x8b
+};
+
+static const unsigned char dh_secret_expected[] = {
+ 0x08, 0xff, 0x33, 0xbb, 0x2e, 0xcf, 0xf4, 0x9a,
+ 0x7d, 0x4a, 0x79, 0x12, 0xae, 0xb1, 0xbb, 0x6a,
+ 0xb5, 0x11, 0x64, 0x1b, 0x4a, 0x76, 0x77, 0x0c,
+ 0x8c, 0xc1, 0xbc, 0xc2, 0x33, 0x34, 0x3d, 0xfe,
+ 0x70, 0x0d, 0x11, 0x81, 0x3d, 0x2c, 0x9e, 0xd2,
+ 0x3b, 0x21, 0x1c, 0xa9, 0xe8, 0x78, 0x69, 0x21,
+ 0xed, 0xca, 0x28, 0x3c, 0x68, 0xb1, 0x61, 0x53,
+ 0xfa, 0x01, 0xe9, 0x1a, 0xb8, 0x2c, 0x90, 0xdd,
+ 0xab, 0x4a, 0x95, 0x81, 0x67, 0x70, 0xa9, 0x87,
+ 0x10, 0xe1, 0x4c, 0x92, 0xab, 0x83, 0xb6, 0xe4,
+ 0x6e, 0x1e, 0x42, 0x6e, 0xe8, 0x52, 0x43, 0x0d,
+ 0x61, 0x87, 0xda, 0xa3, 0x72, 0x0a, 0x6b, 0xcd,
+ 0x73, 0x23, 0x5c, 0x6b, 0x0f, 0x94, 0x1f, 0x33,
+ 0x64, 0xf5, 0x04, 0x20, 0x55, 0x1a, 0x4b, 0xfe,
+ 0xaf, 0xe2, 0xbc, 0x43, 0x85, 0x05, 0xa5, 0x9a,
+ 0x4a, 0x40, 0xda, 0xca, 0x7a, 0x89, 0x5a, 0x73,
+ 0xdb, 0x57, 0x5c, 0x74, 0xc1, 0x3a, 0x23, 0xad,
+ 0x88, 0x32, 0x95, 0x7d, 0x58, 0x2d, 0x38, 0xf0,
+ 0xa6, 0x16, 0x5f, 0xb0, 0xd7, 0xe9, 0xb8, 0x79,
+ 0x9e, 0x42, 0xfd, 0x32, 0x20, 0xe3, 0x32, 0xe9,
+ 0x81, 0x85, 0xa0, 0xc9, 0x42, 0x97, 0x57, 0xb2,
+ 0xd0, 0xd0, 0x2c, 0x17, 0xdb, 0xaa, 0x1f, 0xf6,
+ 0xed, 0x93, 0xd7, 0xe7, 0x3e, 0x24, 0x1e, 0xae,
+ 0xd9, 0x0c, 0xaf, 0x39, 0x4d, 0x2b, 0xc6, 0x57,
+ 0x0f, 0x18, 0xc8, 0x1f, 0x2b, 0xe5, 0xd0, 0x1a,
+ 0x2c, 0xa9, 0x9f, 0xf1, 0x42, 0xb5, 0xd9, 0x63,
+ 0xf9, 0xf5, 0x00, 0x32, 0x5e, 0x75, 0x56, 0xf9,
+ 0x58, 0x49, 0xb3, 0xff, 0xc7, 0x47, 0x94, 0x86,
+ 0xbe, 0x1d, 0x45, 0x96, 0xa3, 0x10, 0x6b, 0xd5,
+ 0xcb, 0x4f, 0x61, 0xc5, 0x7e, 0xc5, 0xf1, 0x00,
+ 0xfb, 0x7a, 0x0c, 0x82, 0xa1, 0x0b, 0x82, 0x52,
+ 0x6a, 0x97, 0xd1, 0xd9, 0x7d, 0x98, 0xea, 0xf6
+};
+
+static const ST_KAT_PARAM dh_group[] = {
+ ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_FFC_P, dh_p),
+ ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_FFC_Q, dh_q),
+ ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_FFC_G, dh_g),
+ ST_KAT_PARAM_END()
+};
+
+/* The host's private key */
+static const ST_KAT_PARAM dh_host_key[] = {
+ ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_PUB_KEY, dh_pub),
+ ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_PRIV_KEY, dh_priv),
+ ST_KAT_PARAM_END()
+};
+
+/* The peer's public key */
+static const ST_KAT_PARAM dh_peer_key[] = {
+ ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_PUB_KEY, dh_peer_pub),
+ ST_KAT_PARAM_END()
+};
+#endif /* OPENSSL_NO_DH */
+
+
+#ifndef OPENSSL_NO_EC
+static const char ecdh_curve_name[] = "prime256v1";
+static const unsigned char ecdh_privd[] = {
+ 0x33, 0xd0, 0x43, 0x83, 0xa9, 0x89, 0x56, 0x03,
+ 0xd2, 0xd7, 0xfe, 0x6b, 0x01, 0x6f, 0xe4, 0x59,
+ 0xcc, 0x0d, 0x9a, 0x24, 0x6c, 0x86, 0x1b, 0x2e,
+ 0xdc, 0x4b, 0x4d, 0x35, 0x43, 0xe1, 0x1b, 0xad
+};
+static const unsigned char ecdh_pub[] = {
+ 0x04,
+ 0x1b, 0x93, 0x67, 0x55, 0x1c, 0x55, 0x9f, 0x63,
+ 0xd1, 0x22, 0xa4, 0xd8, 0xd1, 0x0a, 0x60, 0x6d,
+ 0x02, 0xa5, 0x77, 0x57, 0xc8, 0xa3, 0x47, 0x73,
+ 0x3a, 0x6a, 0x08, 0x28, 0x39, 0xbd, 0xc9, 0xd2,
+ 0x80, 0xec, 0xe9, 0xa7, 0x08, 0x29, 0x71, 0x2f,
+ 0xc9, 0x56, 0x82, 0xee, 0x9a, 0x85, 0x0f, 0x6d,
+ 0x7f, 0x59, 0x5f, 0x8c, 0xd1, 0x96, 0x0b, 0xdf,
+ 0x29, 0x3e, 0x49, 0x07, 0x88, 0x3f, 0x9a, 0x29
+};
+static const unsigned char ecdh_peer_pub[] = {
+ 0x04,
+ 0x1f, 0x72, 0xbd, 0x2a, 0x3e, 0xeb, 0x6c, 0x76,
+ 0xe5, 0x5d, 0x69, 0x75, 0x24, 0xbf, 0x2f, 0x5b,
+ 0x96, 0xb2, 0x91, 0x62, 0x06, 0x35, 0xcc, 0xb2,
+ 0x4b, 0x31, 0x1b, 0x0c, 0x6f, 0x06, 0x9f, 0x86,
+ 0xcf, 0xc8, 0xac, 0xd5, 0x4f, 0x4d, 0x77, 0xf3,
+ 0x70, 0x4a, 0x8f, 0x04, 0x9a, 0xb1, 0x03, 0xc7,
+ 0xeb, 0xd5, 0x94, 0x78, 0x61, 0xab, 0x78, 0x0c,
+ 0x4a, 0x2d, 0x6b, 0xf3, 0x2f, 0x2e, 0x4a, 0xbc
+};
+
+static const ST_KAT_PARAM ecdh_group[] = {
+ ST_KAT_PARAM_UTF8STRING(OSSL_PKEY_PARAM_EC_NAME, ecdh_curve_name),
+ ST_KAT_PARAM_END()
+};
+static const ST_KAT_PARAM ecdh_host_key[] = {
+ ST_KAT_PARAM_OCTET(OSSL_PKEY_PARAM_PUB_KEY, ecdh_pub),
+ ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_PRIV_KEY, ecdh_privd),
+ ST_KAT_PARAM_END()
+};
+static const ST_KAT_PARAM ecdh_peer_key[] = {
+ ST_KAT_PARAM_OCTET(OSSL_PKEY_PARAM_PUB_KEY, ecdh_peer_pub),
+ ST_KAT_PARAM_END()
+};
+static const unsigned char ecdh_secret_expected[] = {
+ 0x45, 0x2a, 0x2f, 0x0d, 0x24, 0xe6, 0x8d, 0xd0,
+ 0xda, 0x59, 0x7b, 0x0c, 0xec, 0x9b, 0x4c, 0x38,
+ 0x41, 0xdd, 0xce, 0xb3, 0xcc, 0xf1, 0x90, 0x8e,
+ 0x30, 0xdb, 0x5b, 0x5f, 0x97, 0xea, 0xe0, 0xc2
+};
+#endif /* OPENSSL_NO_EC */
+
+static const ST_KAT_KAS st_kat_kas_tests[] =
+{
+#ifndef OPENSSL_NO_DH
+ {
+ OSSL_SELF_TEST_DESC_KA_DH,
+ "DH",
+ dh_group,
+ dh_host_key,
+ dh_peer_key,
+ ITM(dh_secret_expected)
+ },
+#endif /* OPENSSL_NO_DH */
+#ifndef OPENSSL_NO_EC
+ {
+ OSSL_SELF_TEST_DESC_KA_ECDH,
+ "EC",
+ ecdh_group,
+ ecdh_host_key,
+ ecdh_peer_key,
+ ITM(ecdh_secret_expected)
+ },
+#endif /* OPENSSL_NO_EC */
+};
+
+#if !defined(OPENSSL_NO_RSA)
+/* RSA key data */
+static const unsigned char rsa_n[] = {
+ 0xDB, 0x10, 0x1A, 0xC2, 0xA3, 0xF1, 0xDC, 0xFF,
+ 0x13, 0x6B, 0xED, 0x44, 0xDF, 0xF0, 0x02, 0x6D,
+ 0x13, 0xC7, 0x88, 0xDA, 0x70, 0x6B, 0x54, 0xF1,
+ 0xE8, 0x27, 0xDC, 0xC3, 0x0F, 0x99, 0x6A, 0xFA,
+ 0xC6, 0x67, 0xFF, 0x1D, 0x1E, 0x3C, 0x1D, 0xC1,
+ 0xB5, 0x5F, 0x6C, 0xC0, 0xB2, 0x07, 0x3A, 0x6D,
+ 0x41, 0xE4, 0x25, 0x99, 0xAC, 0xFC, 0xD2, 0x0F,
+ 0x02, 0xD3, 0xD1, 0x54, 0x06, 0x1A, 0x51, 0x77,
+ 0xBD, 0xB6, 0xBF, 0xEA, 0xA7, 0x5C, 0x06, 0xA9,
+ 0x5D, 0x69, 0x84, 0x45, 0xD7, 0xF5, 0x05, 0xBA,
+ 0x47, 0xF0, 0x1B, 0xD7, 0x2B, 0x24, 0xEC, 0xCB,
+ 0x9B, 0x1B, 0x10, 0x8D, 0x81, 0xA0, 0xBE, 0xB1,
+ 0x8C, 0x33, 0xE4, 0x36, 0xB8, 0x43, 0xEB, 0x19,
+ 0x2A, 0x81, 0x8D, 0xDE, 0x81, 0x0A, 0x99, 0x48,
+ 0xB6, 0xF6, 0xBC, 0xCD, 0x49, 0x34, 0x3A, 0x8F,
+ 0x26, 0x94, 0xE3, 0x28, 0x82, 0x1A, 0x7C, 0x8F,
+ 0x59, 0x9F, 0x45, 0xE8, 0x5D, 0x1A, 0x45, 0x76,
+ 0x04, 0x56, 0x05, 0xA1, 0xD0, 0x1B, 0x8C, 0x77,
+ 0x6D, 0xAF, 0x53, 0xFA, 0x71, 0xE2, 0x67, 0xE0,
+ 0x9A, 0xFE, 0x03, 0xA9, 0x85, 0xD2, 0xC9, 0xAA,
+ 0xBA, 0x2A, 0xBC, 0xF4, 0xA0, 0x08, 0xF5, 0x13,
+ 0x98, 0x13, 0x5D, 0xF0, 0xD9, 0x33, 0x34, 0x2A,
+ 0x61, 0xC3, 0x89, 0x55, 0xF0, 0xAE, 0x1A, 0x9C,
+ 0x22, 0xEE, 0x19, 0x05, 0x8D, 0x32, 0xFE, 0xEC,
+ 0x9C, 0x84, 0xBA, 0xB7, 0xF9, 0x6C, 0x3A, 0x4F,
+ 0x07, 0xFC, 0x45, 0xEB, 0x12, 0xE5, 0x7B, 0xFD,
+ 0x55, 0xE6, 0x29, 0x69, 0xD1, 0xC2, 0xE8, 0xB9,
+ 0x78, 0x59, 0xF6, 0x79, 0x10, 0xC6, 0x4E, 0xEB,
+ 0x6A, 0x5E, 0xB9, 0x9A, 0xC7, 0xC4, 0x5B, 0x63,
+ 0xDA, 0xA3, 0x3F, 0x5E, 0x92, 0x7A, 0x81, 0x5E,
+ 0xD6, 0xB0, 0xE2, 0x62, 0x8F, 0x74, 0x26, 0xC2,
+ 0x0C, 0xD3, 0x9A, 0x17, 0x47, 0xE6, 0x8E, 0xAB
+};
+static const unsigned char rsa_e[] = { 0x01, 0x00, 0x01 };
+static const unsigned char rsa_d[] = {
+ 0x52, 0x41, 0xF4, 0xDA, 0x7B, 0xB7, 0x59, 0x55,
+ 0xCA, 0xD4, 0x2F, 0x0F, 0x3A, 0xCB, 0xA4, 0x0D,
+ 0x93, 0x6C, 0xCC, 0x9D, 0xC1, 0xB2, 0xFB, 0xFD,
+ 0xAE, 0x40, 0x31, 0xAC, 0x69, 0x52, 0x21, 0x92,
+ 0xB3, 0x27, 0xDF, 0xEA, 0xEE, 0x2C, 0x82, 0xBB,
+ 0xF7, 0x40, 0x32, 0xD5, 0x14, 0xC4, 0x94, 0x12,
+ 0xEC, 0xB8, 0x1F, 0xCA, 0x59, 0xE3, 0xC1, 0x78,
+ 0xF3, 0x85, 0xD8, 0x47, 0xA5, 0xD7, 0x02, 0x1A,
+ 0x65, 0x79, 0x97, 0x0D, 0x24, 0xF4, 0xF0, 0x67,
+ 0x6E, 0x75, 0x2D, 0xBF, 0x10, 0x3D, 0xA8, 0x7D,
+ 0xEF, 0x7F, 0x60, 0xE4, 0xE6, 0x05, 0x82, 0x89,
+ 0x5D, 0xDF, 0xC6, 0xD2, 0x6C, 0x07, 0x91, 0x33,
+ 0x98, 0x42, 0xF0, 0x02, 0x00, 0x25, 0x38, 0xC5,
+ 0x85, 0x69, 0x8A, 0x7D, 0x2F, 0x95, 0x6C, 0x43,
+ 0x9A, 0xB8, 0x81, 0xE2, 0xD0, 0x07, 0x35, 0xAA,
+ 0x05, 0x41, 0xC9, 0x1E, 0xAF, 0xE4, 0x04, 0x3B,
+ 0x19, 0xB8, 0x73, 0xA2, 0xAC, 0x4B, 0x1E, 0x66,
+ 0x48, 0xD8, 0x72, 0x1F, 0xAC, 0xF6, 0xCB, 0xBC,
+ 0x90, 0x09, 0xCA, 0xEC, 0x0C, 0xDC, 0xF9, 0x2C,
+ 0xD7, 0xEB, 0xAE, 0xA3, 0xA4, 0x47, 0xD7, 0x33,
+ 0x2F, 0x8A, 0xCA, 0xBC, 0x5E, 0xF0, 0x77, 0xE4,
+ 0x97, 0x98, 0x97, 0xC7, 0x10, 0x91, 0x7D, 0x2A,
+ 0xA6, 0xFF, 0x46, 0x83, 0x97, 0xDE, 0xE9, 0xE2,
+ 0x17, 0x03, 0x06, 0x14, 0xE2, 0xD7, 0xB1, 0x1D,
+ 0x77, 0xAF, 0x51, 0x27, 0x5B, 0x5E, 0x69, 0xB8,
+ 0x81, 0xE6, 0x11, 0xC5, 0x43, 0x23, 0x81, 0x04,
+ 0x62, 0xFF, 0xE9, 0x46, 0xB8, 0xD8, 0x44, 0xDB,
+ 0xA5, 0xCC, 0x31, 0x54, 0x34, 0xCE, 0x3E, 0x82,
+ 0xD6, 0xBF, 0x7A, 0x0B, 0x64, 0x21, 0x6D, 0x88,
+ 0x7E, 0x5B, 0x45, 0x12, 0x1E, 0x63, 0x8D, 0x49,
+ 0xA7, 0x1D, 0xD9, 0x1E, 0x06, 0xCD, 0xE8, 0xBA,
+ 0x2C, 0x8C, 0x69, 0x32, 0xEA, 0xBE, 0x60, 0x71
+};
+static const unsigned char rsa_p[] = {
+ 0xFA, 0xAC, 0xE1, 0x37, 0x5E, 0x32, 0x11, 0x34,
+ 0xC6, 0x72, 0x58, 0x2D, 0x91, 0x06, 0x3E, 0x77,
+ 0xE7, 0x11, 0x21, 0xCD, 0x4A, 0xF8, 0xA4, 0x3F,
+ 0x0F, 0xEF, 0x31, 0xE3, 0xF3, 0x55, 0xA0, 0xB9,
+ 0xAC, 0xB6, 0xCB, 0xBB, 0x41, 0xD0, 0x32, 0x81,
+ 0x9A, 0x8F, 0x7A, 0x99, 0x30, 0x77, 0x6C, 0x68,
+ 0x27, 0xE2, 0x96, 0xB5, 0x72, 0xC9, 0xC3, 0xD4,
+ 0x42, 0xAA, 0xAA, 0xCA, 0x95, 0x8F, 0xFF, 0xC9,
+ 0x9B, 0x52, 0x34, 0x30, 0x1D, 0xCF, 0xFE, 0xCF,
+ 0x3C, 0x56, 0x68, 0x6E, 0xEF, 0xE7, 0x6C, 0xD7,
+ 0xFB, 0x99, 0xF5, 0x4A, 0xA5, 0x21, 0x1F, 0x2B,
+ 0xEA, 0x93, 0xE8, 0x98, 0x26, 0xC4, 0x6E, 0x42,
+ 0x21, 0x5E, 0xA0, 0xA1, 0x2A, 0x58, 0x35, 0xBB,
+ 0x10, 0xE7, 0xBA, 0x27, 0x0A, 0x3B, 0xB3, 0xAF,
+ 0xE2, 0x75, 0x36, 0x04, 0xAC, 0x56, 0xA0, 0xAB,
+ 0x52, 0xDE, 0xCE, 0xDD, 0x2C, 0x28, 0x77, 0x03
+};
+static const unsigned char rsa_q[] = {
+ 0xDF, 0xB7, 0x52, 0xB6, 0xD7, 0xC0, 0xE2, 0x96,
+ 0xE7, 0xC9, 0xFE, 0x5D, 0x71, 0x5A, 0xC4, 0x40,
+ 0x96, 0x2F, 0xE5, 0x87, 0xEA, 0xF3, 0xA5, 0x77,
+ 0x11, 0x67, 0x3C, 0x8D, 0x56, 0x08, 0xA7, 0xB5,
+ 0x67, 0xFA, 0x37, 0xA8, 0xB8, 0xCF, 0x61, 0xE8,
+ 0x63, 0xD8, 0x38, 0x06, 0x21, 0x2B, 0x92, 0x09,
+ 0xA6, 0x39, 0x3A, 0xEA, 0xA8, 0xB4, 0x45, 0x4B,
+ 0x36, 0x10, 0x4C, 0xE4, 0x00, 0x66, 0x71, 0x65,
+ 0xF8, 0x0B, 0x94, 0x59, 0x4F, 0x8C, 0xFD, 0xD5,
+ 0x34, 0xA2, 0xE7, 0x62, 0x84, 0x0A, 0xA7, 0xBB,
+ 0xDB, 0xD9, 0x8A, 0xCD, 0x05, 0xE1, 0xCC, 0x57,
+ 0x7B, 0xF1, 0xF1, 0x1F, 0x11, 0x9D, 0xBA, 0x3E,
+ 0x45, 0x18, 0x99, 0x1B, 0x41, 0x64, 0x43, 0xEE,
+ 0x97, 0x5D, 0x77, 0x13, 0x5B, 0x74, 0x69, 0x73,
+ 0x87, 0x95, 0x05, 0x07, 0xBE, 0x45, 0x07, 0x17,
+ 0x7E, 0x4A, 0x69, 0x22, 0xF3, 0xDB, 0x05, 0x39
+};
+static const unsigned char rsa_dp[] = {
+ 0x5E, 0xD8, 0xDC, 0xDA, 0x53, 0x44, 0xC4, 0x67,
+ 0xE0, 0x92, 0x51, 0x34, 0xE4, 0x83, 0xA5, 0x4D,
+ 0x3E, 0xDB, 0xA7, 0x9B, 0x82, 0xBB, 0x73, 0x81,
+ 0xFC, 0xE8, 0x77, 0x4B, 0x15, 0xBE, 0x17, 0x73,
+ 0x49, 0x9B, 0x5C, 0x98, 0xBC, 0xBD, 0x26, 0xEF,
+ 0x0C, 0xE9, 0x2E, 0xED, 0x19, 0x7E, 0x86, 0x41,
+ 0x1E, 0x9E, 0x48, 0x81, 0xDD, 0x2D, 0xE4, 0x6F,
+ 0xC2, 0xCD, 0xCA, 0x93, 0x9E, 0x65, 0x7E, 0xD5,
+ 0xEC, 0x73, 0xFD, 0x15, 0x1B, 0xA2, 0xA0, 0x7A,
+ 0x0F, 0x0D, 0x6E, 0xB4, 0x53, 0x07, 0x90, 0x92,
+ 0x64, 0x3B, 0x8B, 0xA9, 0x33, 0xB3, 0xC5, 0x94,
+ 0x9B, 0x4C, 0x5D, 0x9C, 0x7C, 0x46, 0xA4, 0xA5,
+ 0x56, 0xF4, 0xF3, 0xF8, 0x27, 0x0A, 0x7B, 0x42,
+ 0x0D, 0x92, 0x70, 0x47, 0xE7, 0x42, 0x51, 0xA9,
+ 0xC2, 0x18, 0xB1, 0x58, 0xB1, 0x50, 0x91, 0xB8,
+ 0x61, 0x41, 0xB6, 0xA9, 0xCE, 0xD4, 0x7C, 0xBB
+};
+static const unsigned char rsa_dq[] = {
+ 0x54, 0x09, 0x1F, 0x0F, 0x03, 0xD8, 0xB6, 0xC5,
+ 0x0C, 0xE8, 0xB9, 0x9E, 0x0C, 0x38, 0x96, 0x43,
+ 0xD4, 0xA6, 0xC5, 0x47, 0xDB, 0x20, 0x0E, 0xE5,
+ 0xBD, 0x29, 0xD4, 0x7B, 0x1A, 0xF8, 0x41, 0x57,
+ 0x49, 0x69, 0x9A, 0x82, 0xCC, 0x79, 0x4A, 0x43,
+ 0xEB, 0x4D, 0x8B, 0x2D, 0xF2, 0x43, 0xD5, 0xA5,
+ 0xBE, 0x44, 0xFD, 0x36, 0xAC, 0x8C, 0x9B, 0x02,
+ 0xF7, 0x9A, 0x03, 0xE8, 0x19, 0xA6, 0x61, 0xAE,
+ 0x76, 0x10, 0x93, 0x77, 0x41, 0x04, 0xAB, 0x4C,
+ 0xED, 0x6A, 0xCC, 0x14, 0x1B, 0x99, 0x8D, 0x0C,
+ 0x6A, 0x37, 0x3B, 0x86, 0x6C, 0x51, 0x37, 0x5B,
+ 0x1D, 0x79, 0xF2, 0xA3, 0x43, 0x10, 0xC6, 0xA7,
+ 0x21, 0x79, 0x6D, 0xF9, 0xE9, 0x04, 0x6A, 0xE8,
+ 0x32, 0xFF, 0xAE, 0xFD, 0x1C, 0x7B, 0x8C, 0x29,
+ 0x13, 0xA3, 0x0C, 0xB2, 0xAD, 0xEC, 0x6C, 0x0F,
+ 0x8D, 0x27, 0x12, 0x7B, 0x48, 0xB2, 0xDB, 0x31
+};
+static const unsigned char rsa_qInv[] = {
+ 0x8D, 0x1B, 0x05, 0xCA, 0x24, 0x1F, 0x0C, 0x53,
+ 0x19, 0x52, 0x74, 0x63, 0x21, 0xFA, 0x78, 0x46,
+ 0x79, 0xAF, 0x5C, 0xDE, 0x30, 0xA4, 0x6C, 0x20,
+ 0x38, 0xE6, 0x97, 0x39, 0xB8, 0x7A, 0x70, 0x0D,
+ 0x8B, 0x6C, 0x6D, 0x13, 0x74, 0xD5, 0x1C, 0xDE,
+ 0xA9, 0xF4, 0x60, 0x37, 0xFE, 0x68, 0x77, 0x5E,
+ 0x0B, 0x4E, 0x5E, 0x03, 0x31, 0x30, 0xDF, 0xD6,
+ 0xAE, 0x85, 0xD0, 0x81, 0xBB, 0x61, 0xC7, 0xB1,
+ 0x04, 0x5A, 0xC4, 0x6D, 0x56, 0x1C, 0xD9, 0x64,
+ 0xE7, 0x85, 0x7F, 0x88, 0x91, 0xC9, 0x60, 0x28,
+ 0x05, 0xE2, 0xC6, 0x24, 0x8F, 0xDD, 0x61, 0x64,
+ 0xD8, 0x09, 0xDE, 0x7E, 0xD3, 0x4A, 0x61, 0x1A,
+ 0xD3, 0x73, 0x58, 0x4B, 0xD8, 0xA0, 0x54, 0x25,
+ 0x48, 0x83, 0x6F, 0x82, 0x6C, 0xAF, 0x36, 0x51,
+ 0x2A, 0x5D, 0x14, 0x2F, 0x41, 0x25, 0x00, 0xDD,
+ 0xF8, 0xF3, 0x95, 0xFE, 0x31, 0x25, 0x50, 0x12
+};
+
+static const ST_KAT_PARAM rsa_key[] = {
+ ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_N, rsa_n),
+ ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_E, rsa_e),
+ ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_D, rsa_d),
+ ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_FACTOR, rsa_p),
+ ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_FACTOR, rsa_q),
+ ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_EXPONENT, rsa_dp),
+ ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_EXPONENT, rsa_dq),
+ ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_COEFFICIENT, rsa_qInv),
+ ST_KAT_PARAM_END()
+};
+
+static const unsigned char rsa_expected_sig[256] = {
+ 0xad, 0xbe, 0x2a, 0xaf, 0x16, 0x85, 0xc5, 0x00,
+ 0x91, 0x3e, 0xd0, 0x49, 0xfb, 0x3a, 0x81, 0xb9,
+ 0x6c, 0x28, 0xbc, 0xbf, 0xea, 0x96, 0x5f, 0xe4,
+ 0x9f, 0x99, 0xf7, 0x18, 0x8c, 0xec, 0x60, 0x28,
+ 0xeb, 0x29, 0x02, 0x49, 0xfc, 0xda, 0xd7, 0x78,
+ 0x68, 0xf8, 0xe1, 0xe9, 0x4d, 0x20, 0x6d, 0x32,
+ 0xa6, 0xde, 0xfc, 0xe4, 0xda, 0xcc, 0x6c, 0x75,
+ 0x36, 0x6b, 0xff, 0x5a, 0xac, 0x01, 0xa8, 0xc2,
+ 0xa9, 0xe6, 0x8b, 0x18, 0x3e, 0xec, 0xea, 0x4c,
+ 0x4a, 0x9e, 0x00, 0x09, 0xd1, 0x8a, 0x69, 0x1b,
+ 0x8b, 0xd9, 0xad, 0x37, 0xe5, 0x7c, 0xff, 0x7d,
+ 0x59, 0x56, 0x3e, 0xa0, 0xc6, 0x32, 0xd8, 0x35,
+ 0x2f, 0xff, 0xfb, 0x05, 0x02, 0xcd, 0xd7, 0x19,
+ 0xb9, 0x00, 0x86, 0x2a, 0xcf, 0xaa, 0x78, 0x16,
+ 0x4b, 0xf1, 0xa7, 0x59, 0xef, 0x7d, 0xe8, 0x74,
+ 0x23, 0x5c, 0xb2, 0xd4, 0x8a, 0x99, 0xa5, 0xbc,
+ 0xfa, 0x63, 0xd8, 0xf7, 0xbd, 0xc6, 0x00, 0x13,
+ 0x06, 0x02, 0x9a, 0xd4, 0xa7, 0xb4, 0x3d, 0x61,
+ 0xab, 0xf1, 0xc2, 0x95, 0x59, 0x9b, 0x3d, 0x67,
+ 0x1f, 0xde, 0x57, 0xb6, 0xb6, 0x9f, 0xb0, 0x87,
+ 0xd6, 0x51, 0xd5, 0x3e, 0x00, 0xe2, 0xc9, 0xa0,
+ 0x03, 0x66, 0xbc, 0x01, 0xb3, 0x8e, 0xfa, 0xf1,
+ 0x15, 0xeb, 0x26, 0xf1, 0x5d, 0x81, 0x90, 0xb4,
+ 0x1c, 0x00, 0x7c, 0x83, 0x4a, 0xa5, 0xde, 0x64,
+ 0xae, 0xea, 0x6c, 0x43, 0xc3, 0x20, 0x77, 0x77,
+ 0x42, 0x12, 0x24, 0xf5, 0xe3, 0x70, 0xdd, 0x59,
+ 0x48, 0x9c, 0xef, 0xd4, 0x8a, 0x3c, 0x29, 0x6a,
+ 0x0c, 0x9c, 0xf2, 0x13, 0xa4, 0x1c, 0x2f, 0x49,
+ 0xcd, 0xb4, 0xaa, 0x28, 0x40, 0x34, 0xc6, 0x75,
+ 0xba, 0x30, 0xe6, 0xd8, 0x5b, 0x2f, 0x08, 0xd0,
+ 0x29, 0xa5, 0x39, 0xfb, 0x6e, 0x3b, 0x0f, 0x52,
+ 0x2c, 0x68, 0xf0, 0x37, 0xa9, 0xd2, 0x56, 0xd6
+};
+
+#endif /* OPENSSL_NO_RSA */
+
+#ifndef OPENSSL_NO_EC
+/* ECDSA key data */
+static const char ecd_curve_name[] = "secp224r1";
+static const unsigned char ecd_priv[] = {
+ 0x98, 0x1f, 0xb5, 0xf1, 0xfc, 0x87, 0x1d, 0x7d,
+ 0xde, 0x1e, 0x01, 0x64, 0x09, 0x9b, 0xe7, 0x1b,
+ 0x9f, 0xad, 0x63, 0xdd, 0x33, 0x01, 0xd1, 0x50,
+ 0x80, 0x93, 0x50, 0x30
+};
+static const unsigned char ecd_pub[] = {
+ 0x04, 0x95, 0x47, 0x99, 0x44, 0x29, 0x8f, 0x51,
+ 0x39, 0xe2, 0x53, 0xec, 0x79, 0xb0, 0x4d, 0xde,
+ 0x87, 0x1a, 0x76, 0x54, 0xd5, 0x96, 0xb8, 0x7a,
+ 0x6d, 0xf4, 0x1c, 0x2c, 0x87, 0x91, 0x5f, 0xd5,
+ 0x31, 0xdd, 0x24, 0xe5, 0x78, 0xd9, 0x08, 0x24,
+ 0x8a, 0x49, 0x99, 0xec, 0x55, 0xf2, 0x82, 0xb3,
+ 0xc4, 0xb7, 0x33, 0x68, 0xe4, 0x24, 0xa9, 0x12,
+ 0x82
+};
+
+static const ST_KAT_PARAM ecdsa_key[] = {
+ ST_KAT_PARAM_UTF8STRING(OSSL_PKEY_PARAM_EC_NAME, ecd_curve_name),
+ ST_KAT_PARAM_OCTET(OSSL_PKEY_PARAM_PUB_KEY, ecd_pub),
+ ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_PRIV_KEY, ecd_priv),
+ ST_KAT_PARAM_END()
+};
+#endif /* OPENSSL_NO_EC */
+
+#ifndef OPENSSL_NO_DSA
+/* dsa 2048 */
+static const unsigned char dsa_p[] = {
+ 0xa2, 0x9b, 0x88, 0x72, 0xce, 0x8b, 0x84, 0x23,
+ 0xb7, 0xd5, 0xd2, 0x1d, 0x4b, 0x02, 0xf5, 0x7e,
+ 0x03, 0xe9, 0xe6, 0xb8, 0xa2, 0x58, 0xdc, 0x16,
+ 0x61, 0x1b, 0xa0, 0x98, 0xab, 0x54, 0x34, 0x15,
+ 0xe4, 0x15, 0xf1, 0x56, 0x99, 0x7a, 0x3e, 0xe2,
+ 0x36, 0x65, 0x8f, 0xa0, 0x93, 0x26, 0x0d, 0xe3,
+ 0xad, 0x42, 0x2e, 0x05, 0xe0, 0x46, 0xf9, 0xec,
+ 0x29, 0x16, 0x1a, 0x37, 0x5f, 0x0e, 0xb4, 0xef,
+ 0xfc, 0xef, 0x58, 0x28, 0x5c, 0x5d, 0x39, 0xed,
+ 0x42, 0x5d, 0x7a, 0x62, 0xca, 0x12, 0x89, 0x6c,
+ 0x4a, 0x92, 0xcb, 0x19, 0x46, 0xf2, 0x95, 0x2a,
+ 0x48, 0x13, 0x3f, 0x07, 0xda, 0x36, 0x4d, 0x1b,
+ 0xdf, 0x6b, 0x0f, 0x71, 0x39, 0x98, 0x3e, 0x69,
+ 0x3c, 0x80, 0x05, 0x9b, 0x0e, 0xac, 0xd1, 0x47,
+ 0x9b, 0xa9, 0xf2, 0x85, 0x77, 0x54, 0xed, 0xe7,
+ 0x5f, 0x11, 0x2b, 0x07, 0xeb, 0xbf, 0x35, 0x34,
+ 0x8b, 0xbf, 0x3e, 0x01, 0xe0, 0x2f, 0x2d, 0x47,
+ 0x3d, 0xe3, 0x94, 0x53, 0xf9, 0x9d, 0xd2, 0x36,
+ 0x75, 0x41, 0xca, 0xca, 0x3b, 0xa0, 0x11, 0x66,
+ 0x34, 0x3d, 0x7b, 0x5b, 0x58, 0xa3, 0x7b, 0xd1,
+ 0xb7, 0x52, 0x1d, 0xb2, 0xf1, 0x3b, 0x86, 0x70,
+ 0x71, 0x32, 0xfe, 0x09, 0xf4, 0xcd, 0x09, 0xdc,
+ 0x16, 0x18, 0xfa, 0x34, 0x01, 0xeb, 0xf9, 0xcc,
+ 0x7b, 0x19, 0xfa, 0x94, 0xaa, 0x47, 0x20, 0x88,
+ 0x13, 0x3d, 0x6c, 0xb2, 0xd3, 0x5c, 0x11, 0x79,
+ 0xc8, 0xc8, 0xff, 0x36, 0x87, 0x58, 0xd5, 0x07,
+ 0xd9, 0xf9, 0xa1, 0x7d, 0x46, 0xc1, 0x10, 0xfe,
+ 0x31, 0x44, 0xce, 0x9b, 0x02, 0x2b, 0x42, 0xe4,
+ 0x19, 0xeb, 0x4f, 0x53, 0x88, 0x61, 0x3b, 0xfc,
+ 0x3e, 0x26, 0x24, 0x1a, 0x43, 0x2e, 0x87, 0x06,
+ 0xbc, 0x58, 0xef, 0x76, 0x11, 0x72, 0x78, 0xde,
+ 0xab, 0x6c, 0xf6, 0x92, 0x61, 0x82, 0x91, 0xb7
+};
+static const unsigned char dsa_q[] = {
+ 0xa3, 0xbf, 0xd9, 0xab, 0x78, 0x84, 0x79, 0x4e,
+ 0x38, 0x34, 0x50, 0xd5, 0x89, 0x1d, 0xc1, 0x8b,
+ 0x65, 0x15, 0x7b, 0xdc, 0xfc, 0xda, 0xc5, 0x15,
+ 0x18, 0x90, 0x28, 0x67
+};
+static const unsigned char dsa_g[] = {
+ 0x68, 0x19, 0x27, 0x88, 0x69, 0xc7, 0xfd, 0x3d,
+ 0x2d, 0x7b, 0x77, 0xf7, 0x7e, 0x81, 0x50, 0xd9,
+ 0xad, 0x43, 0x3b, 0xea, 0x3b, 0xa8, 0x5e, 0xfc,
+ 0x80, 0x41, 0x5a, 0xa3, 0x54, 0x5f, 0x78, 0xf7,
+ 0x22, 0x96, 0xf0, 0x6c, 0xb1, 0x9c, 0xed, 0xa0,
+ 0x6c, 0x94, 0xb0, 0x55, 0x1c, 0xfe, 0x6e, 0x6f,
+ 0x86, 0x3e, 0x31, 0xd1, 0xde, 0x6e, 0xed, 0x7d,
+ 0xab, 0x8b, 0x0c, 0x9d, 0xf2, 0x31, 0xe0, 0x84,
+ 0x34, 0xd1, 0x18, 0x4f, 0x91, 0xd0, 0x33, 0x69,
+ 0x6b, 0xb3, 0x82, 0xf8, 0x45, 0x5e, 0x98, 0x88,
+ 0xf5, 0xd3, 0x1d, 0x47, 0x84, 0xec, 0x40, 0x12,
+ 0x02, 0x46, 0xf4, 0xbe, 0xa6, 0x17, 0x94, 0xbb,
+ 0xa5, 0x86, 0x6f, 0x09, 0x74, 0x64, 0x63, 0xbd,
+ 0xf8, 0xe9, 0xe1, 0x08, 0xcd, 0x95, 0x29, 0xc3,
+ 0xd0, 0xf6, 0xdf, 0x80, 0x31, 0x6e, 0x2e, 0x70,
+ 0xaa, 0xeb, 0x1b, 0x26, 0xcd, 0xb8, 0xad, 0x97,
+ 0xbc, 0x3d, 0x28, 0x7e, 0x0b, 0x8d, 0x61, 0x6c,
+ 0x42, 0xe6, 0x5b, 0x87, 0xdb, 0x20, 0xde, 0xb7,
+ 0x00, 0x5b, 0xc4, 0x16, 0x74, 0x7a, 0x64, 0x70,
+ 0x14, 0x7a, 0x68, 0xa7, 0x82, 0x03, 0x88, 0xeb,
+ 0xf4, 0x4d, 0x52, 0xe0, 0x62, 0x8a, 0xf9, 0xcf,
+ 0x1b, 0x71, 0x66, 0xd0, 0x34, 0x65, 0xf3, 0x5a,
+ 0xcc, 0x31, 0xb6, 0x11, 0x0c, 0x43, 0xda, 0xbc,
+ 0x7c, 0x5d, 0x59, 0x1e, 0x67, 0x1e, 0xaf, 0x7c,
+ 0x25, 0x2c, 0x1c, 0x14, 0x53, 0x36, 0xa1, 0xa4,
+ 0xdd, 0xf1, 0x32, 0x44, 0xd5, 0x5e, 0x83, 0x56,
+ 0x80, 0xca, 0xb2, 0x53, 0x3b, 0x82, 0xdf, 0x2e,
+ 0xfe, 0x55, 0xec, 0x18, 0xc1, 0xe6, 0xcd, 0x00,
+ 0x7b, 0xb0, 0x89, 0x75, 0x8b, 0xb1, 0x7c, 0x2c,
+ 0xbe, 0x14, 0x44, 0x1b, 0xd0, 0x93, 0xae, 0x66,
+ 0xe5, 0x97, 0x6d, 0x53, 0x73, 0x3f, 0x4f, 0xa3,
+ 0x26, 0x97, 0x01, 0xd3, 0x1d, 0x23, 0xd4, 0x67
+};
+static const unsigned char dsa_pub[] = {
+ 0xa0, 0x12, 0xb3, 0xb1, 0x70, 0xb3, 0x07, 0x22,
+ 0x79, 0x57, 0xb7, 0xca, 0x20, 0x61, 0xa8, 0x16,
+ 0xac, 0x7a, 0x2b, 0x3d, 0x9a, 0xe9, 0x95, 0xa5,
+ 0x11, 0x9c, 0x38, 0x5b, 0x60, 0x3b, 0xf6, 0xf6,
+ 0xc5, 0xde, 0x4d, 0xc5, 0xec, 0xb5, 0xdf, 0xa4,
+ 0xa4, 0x1c, 0x68, 0x66, 0x2e, 0xb2, 0x5b, 0x63,
+ 0x8b, 0x7e, 0x26, 0x20, 0xba, 0x89, 0x8d, 0x07,
+ 0xda, 0x6c, 0x49, 0x91, 0xe7, 0x6c, 0xc0, 0xec,
+ 0xd1, 0xad, 0x34, 0x21, 0x07, 0x70, 0x67, 0xe4,
+ 0x7c, 0x18, 0xf5, 0x8a, 0x92, 0xa7, 0x2a, 0xd4,
+ 0x31, 0x99, 0xec, 0xb7, 0xbd, 0x84, 0xe7, 0xd3,
+ 0xaf, 0xb9, 0x01, 0x9f, 0x0e, 0x9d, 0xd0, 0xfb,
+ 0xaa, 0x48, 0x73, 0x00, 0xb1, 0x30, 0x81, 0xe3,
+ 0x3c, 0x90, 0x28, 0x76, 0x43, 0x6f, 0x7b, 0x03,
+ 0xc3, 0x45, 0x52, 0x84, 0x81, 0xd3, 0x62, 0x81,
+ 0x5e, 0x24, 0xfe, 0x59, 0xda, 0xc5, 0xac, 0x34,
+ 0x66, 0x0d, 0x4c, 0x8a, 0x76, 0xcb, 0x99, 0xa7,
+ 0xc7, 0xde, 0x93, 0xeb, 0x95, 0x6c, 0xd6, 0xbc,
+ 0x88, 0xe5, 0x8d, 0x90, 0x10, 0x34, 0x94, 0x4a,
+ 0x09, 0x4b, 0x01, 0x80, 0x3a, 0x43, 0xc6, 0x72,
+ 0xb9, 0x68, 0x8c, 0x0e, 0x01, 0xd8, 0xf4, 0xfc,
+ 0x91, 0xc6, 0x2a, 0x3f, 0x88, 0x02, 0x1f, 0x7b,
+ 0xd6, 0xa6, 0x51, 0xb1, 0xa8, 0x8f, 0x43, 0xaa,
+ 0x4e, 0xf2, 0x76, 0x53, 0xd1, 0x2b, 0xf8, 0xb7,
+ 0x09, 0x9f, 0xdf, 0x6b, 0x46, 0x10, 0x82, 0xf8,
+ 0xe9, 0x39, 0x10, 0x7b, 0xfd, 0x2f, 0x72, 0x10,
+ 0x08, 0x7d, 0x32, 0x6c, 0x37, 0x52, 0x00, 0xf1,
+ 0xf5, 0x1e, 0x7e, 0x74, 0xa3, 0x41, 0x31, 0x90,
+ 0x1b, 0xcd, 0x08, 0x63, 0x52, 0x1f, 0xf8, 0xd6,
+ 0x76, 0xc4, 0x85, 0x81, 0x86, 0x87, 0x36, 0xc5,
+ 0xe5, 0x1b, 0x16, 0xa4, 0xe3, 0x92, 0x15, 0xea,
+ 0x0b, 0x17, 0xc4, 0x73, 0x59, 0x74, 0xc5, 0x16
+};
+static const unsigned char dsa_priv[] = {
+ 0x6c, 0xca, 0xee, 0xf6, 0xd7, 0x3b, 0x4e, 0x80,
+ 0xf1, 0x1c, 0x17, 0xb8, 0xe9, 0x62, 0x7c, 0x03,
+ 0x66, 0x35, 0xba, 0xc3, 0x94, 0x23, 0x50, 0x5e,
+ 0x40, 0x7e, 0x5c, 0xb7
+};
+
+static const ST_KAT_PARAM dsa_key[] = {
+ ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_FFC_P, dsa_p),
+ ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_FFC_Q, dsa_q),
+ ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_FFC_G, dsa_g),
+ ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_PUB_KEY, dsa_pub),
+ ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_PRIV_KEY, dsa_priv),
+ ST_KAT_PARAM_END()
+};
+#endif /* OPENSSL_NO_DSA */
+
+static const ST_KAT_SIGN st_kat_sign_tests[] = {
+#ifndef OPENSSL_NO_RSA
+ {
+ OSSL_SELF_TEST_DESC_SIGN_RSA,
+ "RSA",
+ "SHA-256",
+ rsa_key,
+ ITM(rsa_expected_sig)
+ },
+#endif /* OPENSSL_NO_RSA */
+#ifndef OPENSSL_NO_EC
+ {
+ OSSL_SELF_TEST_DESC_SIGN_ECDSA,
+ "EC",
+ "SHA-256",
+ ecdsa_key,
+ /*
+ * The ECDSA signature changes each time due to it using a random k.
+ * So there is no expected KAT for this case.
+ */
+ },
+#endif /* OPENSSL_NO_EC */
+#ifndef OPENSSL_NO_DSA
+ {
+ OSSL_SELF_TEST_DESC_SIGN_DSA,
+ "DSA",
+ "SHA-256",
+ dsa_key,
+ /*
+ * The DSA signature changes each time due to it using a random k.
+ * So there is no expected KAT for this case.
+ */
+ },
+#endif /* OPENSSL_NO_DSA */
+};
diff --git a/providers/fips/self_test_kats.c b/providers/fips/self_test_kats.c
index 50e59611c5..f02dbcd85c 100644
--- a/providers/fips/self_test_kats.c
+++ b/providers/fips/self_test_kats.c
@@ -11,6 +11,8 @@
#include <openssl/evp.h>
#include <openssl/kdf.h>
#include <openssl/rand_drbg.h>
+#include <openssl/core_names.h>
+#include <openssl/param_build.h>
#include "internal/cryptlib.h"
#include "internal/nelem.h"
#include "self_test.h"
@@ -46,10 +48,9 @@ static int self_test_digest(const ST_KAT_DIGEST *t, OSSL_SELF_TEST *st,
goto err;
ok = 1;
err:
- OSSL_SELF_TEST_onend(st, ok);
EVP_MD_free(md);
EVP_MD_CTX_free(ctx);
-
+ OSSL_SELF_TEST_onend(st, ok);
return ok;
}
@@ -142,39 +143,79 @@ err:
return ret;
}
+static int add_params(OSSL_PARAM_BLD *bld, const ST_KAT_PARAM *params,
+ BN_CTX *ctx)
+{
+ int ret = 0;
+ const ST_KAT_PARAM *p;
+
+ if (params == NULL)
+ return 1;
+ for (p = params; p->data != NULL; ++p)
+ {
+ switch (p->type) {
+ case OSSL_PARAM_UNSIGNED_INTEGER: {
+ BIGNUM *bn = BN_CTX_get(ctx);
+
+ if (bn == NULL
+ || (BN_bin2bn(p->data, p->data_len, bn) == NULL)
+ || !OSSL_PARAM_BLD_push_BN(bld, p->name, bn))
+ goto err;
+ break;
+ }
+ case OSSL_PARAM_UTF8_STRING: {
+ if (!OSSL_PARAM_BLD_push_utf8_string(bld, p->name, p->data, 0))
+ goto err;
+ break;
+ }
+ case OSSL_PARAM_OCTET_STRING: {
+ if (!OSSL_PARAM_BLD_push_octet_string(bld, p->name, p->data,
+ p->data_len))
+ goto err;
+ break;
+ }
+ default:
+ break;
+ }
+ }
+ ret = 1;
+err:
+ return ret;
+}
+
static int self_test_kdf(const ST_KAT_KDF *t, OSSL_SELF_TEST *st,
OPENSSL_CTX *libctx)
{
int ret = 0;
- int i, numparams;
unsigned char out[64];
EVP_KDF *kdf = NULL;
EVP_KDF_CTX *ctx = NULL;
- OSSL_PARAM params[16];
- const OSSL_PARAM *settables = NULL;
+ BN_CTX *bnctx = NULL;
+ OSSL_PARAM *params = NULL;
+ OSSL_PARAM_BLD *bld = NULL;
- numparams = OSSL_NELEM(params);
OSSL_SELF_TEST_onbegin(st, OSSL_SELF_TEST_TYPE_KAT_KDF, t->desc);
- /* Zeroize the params array to avoid mem leaks on error */
- for (i = 0; i < numparams; ++i)
- params[i] = OSSL_PARAM_construct_end();
+ bld = OSSL_PARAM_BLD_new();
+ if (bld == NULL)
+ goto err;
kdf = EVP_KDF_fetch(libctx, t->algorithm, "");
+ if (kdf == NULL)
+ goto err;
+
ctx = EVP_KDF_CTX_new(kdf);
if (ctx == NULL)
goto err;
- settables = EVP_KDF_settable_ctx_params(kdf);
- for (i = 0; t->ctrls[i].name != NULL; ++i) {
- if (!ossl_assert(i < (numparams - 1)))
- goto err;
- if (!OSSL_PARAM_allocate_from_text(&params[i], settables,
- t->ctrls[i].name,
- t->ctrls[i].value,
- strlen(t->ctrls[i].value), NULL))
- goto err;
- }
+ bnctx = BN_CTX_new_ex(libctx);
+ if (bnctx == NULL)
+ goto err;
+ if (!add_params(bld, t->params, bnctx))
+ goto err;
+ params = OSSL_PARAM_BLD_to_param(bld);
+ if (params == NULL)
+ goto err;
if (!EVP_KDF_CTX_set_params(ctx, params))
goto err;
@@ -190,10 +231,11 @@ static int self_test_kdf(const ST_KAT_KDF *t, OSSL_SELF_TEST *st,
ret = 1;
err:
- for (i = 0; params[i].key != NULL; ++i)
- OPENSSL_free(params[i].data);
EVP_KDF_free(kdf);
EVP_KDF_CTX_free(ctx);
+ BN_CTX_free(bnctx);
+ OSSL_PARAM_BLD_free_params(params);
+ OSSL_PARAM_BLD_free(bld);
OSSL_SELF_TEST_onend(st, ret);
return ret;
}
@@ -300,6 +342,168 @@ err:
return ret;
}
+
+
+static int self_test_ka(const ST_KAT_KAS *t,
+ OSSL_SELF_TEST *st, OPENSSL_CTX *libctx)
+{
+ int ret = 0;
+ EVP_PKEY_CTX *kactx = NULL, *dctx = NULL;
+ EVP_PKEY *pkey = NULL, *peerkey = NULL;
+ OSSL_PARAM *params = NULL;
+ OSSL_PARAM *params_peer = NULL;
+ unsigned char secret[256];
+ size_t secret_len;
+ OSSL_PARAM_BLD *bld = NULL;
+ BN_CTX *bnctx = NULL;
+
+ OSSL_SELF_TEST_onbegin(st, OSSL_SELF_TEST_TYPE_KAT_KA, t->desc);
+
+ bnctx = BN_CTX_new_ex(libctx);
+ if (bnctx == NULL)
+ goto err;
+
+ bld = OSSL_PARAM_BLD_new();
+ if (bld == NULL)
+ goto err;
+
+ if (!add_params(bld, t->key_group, bnctx)
+ || !add_params(bld, t->key_host_data, bnctx))
+ goto err;
+ params = OSSL_PARAM_BLD_to_param(bld);
+
+ if (!add_params(bld, t->key_group, bnctx)
+ || !add_params(bld, t->key_peer_data, bnctx))
+ goto err;
+
+ params_peer = OSSL_PARAM_BLD_to_param(bld);
+ if (params == NULL || params_peer == NULL)
+ goto err;
+
+ /* Create a EVP_PKEY_CTX to load the DH keys into */
+ kactx = EVP_PKEY_CTX_new_from_name(libctx, t->algorithm, "");
+ if (kactx == NULL)
+ goto err;
+ if (EVP_PKEY_key_fromdata_init(kactx) <= 0
+ || EVP_PKEY_fromdata(kactx, &pkey, params) <= 0)
+ goto err;
+ if (EVP_PKEY_key_fromdata_init(kactx) <= 0
+ || EVP_PKEY_fromdata(kactx, &peerkey, params_peer) <= 0)
+ goto err;
+
+ /* Create a EVP_PKEY_CTX to perform key derivation */
+ dctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, NULL);
+ if (dctx == NULL)
+ goto err;
+
+ if (EVP_PKEY_derive_init(dctx) <= 0
+ || EVP_PKEY_derive_set_peer(dctx, peerkey) <= 0
+ || EVP_PKEY_derive(dctx, secret, &secret_len) <= 0)
+ goto err;
+
+ OSSL_SELF_TEST_oncorrupt_byte(st, secret);
+
+ if (secret_len != t->expected_len
+ || memcmp(secret, t->expected, t->expected_len) != 0)
+ goto err;
+ ret = 1;
+err:
+ BN_CTX_free(bnctx);
+ EVP_PKEY_free(pkey);
+ EVP_PKEY_free(peerkey);
+ EVP_PKEY_CTX_free(kactx);
+ EVP_PKEY_CTX_free(dctx);
+ OSSL_PARAM_BLD_free_params(params_peer);
+ OSSL_PARAM_BLD_free_params(params);
+ OSSL_PARAM_BLD_free(bld);
+ OSSL_SELF_TEST_onend(st, ret);
+ return ret;
+}
+
+static int self_test_sign(const ST_KAT_SIGN *t,
+ OSSL_SELF_TEST *st, OPENSSL_CTX *libctx)
+{
+ int ret = 0;
+ OSSL_PARAM *params = NULL, *params_sig = NULL;
+ OSSL_PARAM_BLD *bld = NULL;
+ EVP_PKEY_CTX *sctx = NULL, *kctx = NULL;
+ EVP_PKEY *pkey = NULL;
+ unsigned char sig[256];
+ BN_CTX *bnctx = NULL;
+ size_t siglen = 0;
+ static const unsigned char dgst[] = {
+ 0x7f, 0x83, 0xb1, 0x65, 0x7f, 0xf1, 0xfc, 0x53, 0xb9, 0x2d, 0xc1, 0x81,
+ 0x48, 0xa1, 0xd6, 0x5d, 0xfc, 0x2d, 0x4b, 0x1f, 0xa3, 0xd6, 0x77, 0x28,
+ 0x4a, 0xdd, 0xd2, 0x00, 0x12, 0x6d, 0x90, 0x69
+ };
+
+ OSSL_SELF_TEST_onbegin(st, OSSL_SELF_TEST_TYPE_KAT_SIGNATURE, t->desc);
+
+ bnctx = BN_CTX_new_ex(libctx);
+ if (bnctx == NULL)
+ goto err;
+
+ bld = OSSL_PARAM_BLD_new();
+ if (bld == NULL)
+ goto err;
+
+ if (!add_params(bld, t->key, bnctx))
+ goto err;
+ params = OSSL_PARAM_BLD_to_param(bld);
+
+ /* Create a EVP_PKEY_CTX to load the DSA key into */
+ kctx = EVP_PKEY_CTX_new_from_name(libctx, t->algorithm, "");
+ if (kctx == NULL || params == NULL)
+ goto err;
+ if (EVP_PKEY_key_fromdata_init(kctx) <= 0
+ || EVP_PKEY_fromdata(kctx, &pkey, params) <= 0)
+ goto err;
+
+ /* Create a EVP_PKEY_CTX to use for the signing operation */
+ sctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, NULL);
+ if (sctx == NULL
+ || EVP_PKEY_sign_init(sctx) <= 0)
+ goto err;
+
+ /* set signature parameters */
+ if (!OSSL_PARAM_BLD_push_utf8_string(bld, OSSL_SIGNATURE_PARAM_DIGEST,
+ t->mdalgorithm,
+ strlen(t->mdalgorithm) + 1))
+ goto err;
+ params_sig = OSSL_PARAM_BLD_to_param(bld);
+ if (EVP_PKEY_CTX_set_params(sctx, params_sig) <= 0)
+ goto err;
+
+ if (EVP_PKEY_sign(sctx, sig, &siglen, dgst, sizeof(dgst)) <= 0
+ || EVP_PKEY_verify_init(sctx) <= 0
+ || EVP_PKEY_CTX_set_params(sctx, params_sig) <= 0)
+ goto err;
+
+ /*
+ * Used by RSA, for other key types where the signature changes, we
+ * can only use the verify.
+ */
+ if (t->sig_expected != NULL
+ && (siglen != t->sig_expected_len
+ || memcmp(sig, t->sig_expected, t->sig_expected_len) != 0))
+ goto err;
+
+ OSSL_SELF_TEST_oncorrupt_byte(st, sig);
+ if (EVP_PKEY_verify(sctx, sig, siglen, dgst, sizeof(dgst)) <= 0)
+ goto err;
+ ret = 1;
+err:
+ BN_CTX_free(bnctx);
+ EVP_PKEY_free(pkey);
+ EVP_PKEY_CTX_free(kctx);
+ EVP_PKEY_CTX_free(sctx);
+ OSSL_PARAM_BLD_free_params(params);
+ OSSL_PARAM_BLD_free_params(params_sig);
+ OSSL_PARAM_BLD_free(bld);
+ OSSL_SELF_TEST_onend(st, ret);
+ return ret;
+}
+
/*
* Test a data driven list of KAT's for digest algorithms.
* All tests are run regardless of if they fail or not.
@@ -349,12 +553,32 @@ static int self_test_drbgs(OSSL_SELF_TEST *st, OPENSSL_CTX *libctx)
return ret;
}
+static int self_test_kas(OSSL_SELF_TEST *st, OPENSSL_CTX *libctx)
+{
+ int i, ret = 1;
+
+ for (i = 0; i < (int)OSSL_NELEM(st_kat_kas_tests); ++i) {
+ if (!self_test_ka(&st_kat_kas_tests[i], st, libctx))
+ ret = 0;
+ }
+ return ret;
+}
+
+static int self_test_signatures(OSSL_SELF_TEST *st, OPENSSL_CTX *libctx)
+{
+ int i, ret = 1;
+
+ for (i = 0; i < (int)OSSL_NELEM(st_kat_sign_tests); ++i) {
+ if (!self_test_sign(&st_kat_sign_tests[i], st, libctx))
+ ret = 0;
+ }
+ return ret;
+}
+
/*
* Run the algorithm KAT's.
* Return 1 is successful, otherwise return 0.
* This runs all the tests regardless of if any fail.
- *
- * TODO(3.0) Add self tests for KA, Sign/Verify when they become available
*/
int SELF_TEST_kats(OSSL_SELF_TEST *st, OPENSSL_CTX *libctx)
{
@@ -364,10 +588,14 @@ int SELF_TEST_kats(OSSL_SELF_TEST *st, OPENSSL_CTX *libctx)
ret = 0;
if (!self_test_ciphers(st, libctx))
ret = 0;
+ if (!self_test_signatures(st, libctx))
+ ret = 0;
if (!self_test_kdfs(st, libctx))
ret = 0;
if (!self_test_drbgs(st, libctx))
ret = 0;
+ if (!self_test_kas(st, libctx))
+ ret = 0;
return ret;
}
View Lorry Controller Status