1/*
2 * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
3 * Copyright (c) 2019-2020, Oracle and/or its affiliates.  All rights reserved.
4 *
5 * Licensed under the Apache License 2.0 (the "License").  You may not use
6 * this file except in compliance with the License.  You can obtain a copy
7 * in the file LICENSE in the source distribution or at
8 * https://www.openssl.org/source/license.html
9 */
10
11/*
12 * This is an internal test that is intentionally using internal APIs. Some of
13 * those APIs are deprecated for public use.
14 */
15#include "internal/deprecated.h"
16
17#include <stdio.h>
18#include <stdlib.h>
19#include <string.h>
20
21#include "internal/nelem.h"
22#include <openssl/crypto.h>
23#include <openssl/bio.h>
24#include <openssl/bn.h>
25#include <openssl/rand.h>
26#include <openssl/err.h>
27#include "testutil.h"
28
29#include "internal/ffc.h"
30#include "crypto/security_bits.h"
31
32#ifndef OPENSSL_NO_DSA
33static const unsigned char dsa_2048_224_sha224_p[] = {
34    0x93, 0x57, 0x93, 0x62, 0x1b, 0x9a, 0x10, 0x9b, 0xc1, 0x56, 0x0f, 0x24,
35    0x71, 0x76, 0x4e, 0xd3, 0xed, 0x78, 0x78, 0x7a, 0xbf, 0x89, 0x71, 0x67,
36    0x8e, 0x03, 0xd8, 0x5b, 0xcd, 0x22, 0x8f, 0x70, 0x74, 0xff, 0x22, 0x05,
37    0x07, 0x0c, 0x4c, 0x60, 0xed, 0x41, 0xe1, 0x9e, 0x9c, 0xaa, 0x3e, 0x19,
38    0x5c, 0x3d, 0x80, 0x58, 0xb2, 0x7f, 0x5f, 0x89, 0xec, 0xb5, 0x19, 0xdb,
39    0x06, 0x11, 0xe9, 0x78, 0x5c, 0xf9, 0xa0, 0x9e, 0x70, 0x62, 0x14, 0x7b,
40    0xda, 0x92, 0xbf, 0xb2, 0x6b, 0x01, 0x6f, 0xb8, 0x68, 0x9c, 0x89, 0x36,
41    0x89, 0x72, 0x79, 0x49, 0x93, 0x3d, 0x14, 0xb2, 0x2d, 0xbb, 0xf0, 0xdf,
42    0x94, 0x45, 0x0b, 0x5f, 0xf1, 0x75, 0x37, 0xeb, 0x49, 0xb9, 0x2d, 0xce,
43    0xb7, 0xf4, 0x95, 0x77, 0xc2, 0xe9, 0x39, 0x1c, 0x4e, 0x0c, 0x40, 0x62,
44    0x33, 0x0a, 0xe6, 0x29, 0x6f, 0xba, 0xef, 0x02, 0xdd, 0x0d, 0xe4, 0x04,
45    0x01, 0x70, 0x40, 0xb9, 0xc9, 0x7e, 0x2f, 0x10, 0x37, 0xe9, 0xde, 0xb0,
46    0xf6, 0xeb, 0x71, 0x7f, 0x9c, 0x35, 0x16, 0xf3, 0x0d, 0xc4, 0xe8, 0x02,
47    0x37, 0x6c, 0xdd, 0xb3, 0x8d, 0x2d, 0x1e, 0x28, 0x13, 0x22, 0x89, 0x40,
48    0xe5, 0xfa, 0x16, 0x67, 0xd6, 0xda, 0x12, 0xa2, 0x38, 0x83, 0x25, 0xcc,
49    0x26, 0xc1, 0x27, 0x74, 0xfe, 0xf6, 0x7a, 0xb6, 0xa1, 0xe4, 0xe8, 0xdf,
50    0x5d, 0xd2, 0x9c, 0x2f, 0xec, 0xea, 0x08, 0xca, 0x48, 0xdb, 0x18, 0x4b,
51    0x12, 0xee, 0x16, 0x9b, 0xa6, 0x00, 0xa0, 0x18, 0x98, 0x7d, 0xce, 0x6c,
52    0x6d, 0xf8, 0xfc, 0x95, 0x51, 0x1b, 0x0a, 0x40, 0xb6, 0xfc, 0xe5, 0xe2,
53    0xb0, 0x26, 0x53, 0x4c, 0xd7, 0xfe, 0xaa, 0x6d, 0xbc, 0xdd, 0xc0, 0x61,
54    0x65, 0xe4, 0x89, 0x44, 0x18, 0x6f, 0xd5, 0x39, 0xcf, 0x75, 0x6d, 0x29,
55    0xcc, 0xf8, 0x40, 0xab
56};
57static const unsigned char dsa_2048_224_sha224_q[] = {
58    0xf2, 0x5e, 0x4e, 0x9a, 0x15, 0xa8, 0x13, 0xdf, 0xa3, 0x17, 0x90, 0xc6,
59    0xd6, 0x5e, 0xb1, 0xfb, 0x31, 0xf8, 0xb5, 0xb1, 0x4b, 0xa7, 0x6d, 0xde,
60    0x57, 0x76, 0x6f, 0x11
61};
62static const unsigned char dsa_2048_224_sha224_seed[] = {
63    0xd2, 0xb1, 0x36, 0xd8, 0x5b, 0x8e, 0xa4, 0xb2, 0x6a, 0xab, 0x4e, 0x85,
64    0x8b, 0x49, 0xf9, 0xdd, 0xe6, 0xa1, 0xcd, 0xad, 0x49, 0x52, 0xe9, 0xb3,
65    0x36, 0x17, 0x06, 0xcf
66};
67static const unsigned char dsa_2048_224_sha224_bad_seed[] = {
68    0xd2, 0xb1, 0x36, 0xd8, 0x5b, 0x8e, 0xa4, 0xb2, 0x6a, 0xab, 0x4e, 0x85,
69    0x8b, 0x49, 0xf9, 0xdd, 0xe6, 0xa1, 0xcd, 0xad, 0x49, 0x52, 0xe9, 0xb3,
70    0x36, 0x17, 0x06, 0xd0
71};
72static int dsa_2048_224_sha224_counter = 2878;
73
74static const unsigned char dsa_3072_256_sha512_p[] = {
75    0x9a, 0x82, 0x8b, 0x8d, 0xea, 0xd0, 0x56, 0x23, 0x88, 0x2d, 0x5d, 0x41,
76    0x42, 0x4c, 0x13, 0x5a, 0x15, 0x81, 0x59, 0x02, 0xc5, 0x00, 0x82, 0x28,
77    0x01, 0xee, 0x8f, 0x99, 0xfd, 0x6a, 0x95, 0xf2, 0x0f, 0xae, 0x34, 0x77,
78    0x29, 0xcc, 0xc7, 0x50, 0x0e, 0x03, 0xef, 0xb0, 0x4d, 0xe5, 0x10, 0x00,
79    0xa8, 0x7b, 0xce, 0x8c, 0xc6, 0xb2, 0x01, 0x74, 0x23, 0x1b, 0x7f, 0xe8,
80    0xf9, 0x71, 0x28, 0x39, 0xcf, 0x18, 0x04, 0xb2, 0x95, 0x61, 0x2d, 0x11,
81    0x71, 0x6b, 0xdd, 0x0d, 0x0b, 0xf0, 0xe6, 0x97, 0x52, 0x29, 0x9d, 0x45,
82    0xb1, 0x23, 0xda, 0xb0, 0xd5, 0xcb, 0x51, 0x71, 0x8e, 0x40, 0x9c, 0x97,
83    0x13, 0xea, 0x1f, 0x4b, 0x32, 0x5d, 0x27, 0x74, 0x81, 0x8d, 0x47, 0x8a,
84    0x08, 0xce, 0xf4, 0xd1, 0x28, 0xa2, 0x0f, 0x9b, 0x2e, 0xc9, 0xa3, 0x0e,
85    0x5d, 0xde, 0x47, 0x19, 0x6d, 0x5f, 0x98, 0xe0, 0x8e, 0x7f, 0x60, 0x8f,
86    0x25, 0xa7, 0xa4, 0xeb, 0xb9, 0xf3, 0x24, 0xa4, 0x9e, 0xc1, 0xbd, 0x14,
87    0x27, 0x7c, 0x27, 0xc8, 0x4f, 0x5f, 0xed, 0xfd, 0x86, 0xc8, 0xf1, 0xd7,
88    0x82, 0xe2, 0xeb, 0xe5, 0xd2, 0xbe, 0xb0, 0x65, 0x28, 0xab, 0x99, 0x9e,
89    0xcd, 0xd5, 0x22, 0xf8, 0x1b, 0x3b, 0x01, 0xe9, 0x20, 0x3d, 0xe4, 0x98,
90    0x22, 0xfe, 0xfc, 0x09, 0x7e, 0x95, 0x20, 0xda, 0xb6, 0x12, 0x2c, 0x94,
91    0x5c, 0xea, 0x74, 0x71, 0xbd, 0x19, 0xac, 0x78, 0x43, 0x02, 0x51, 0xb8,
92    0x5f, 0x06, 0x1d, 0xea, 0xc8, 0xa4, 0x3b, 0xc9, 0x78, 0xa3, 0x2b, 0x09,
93    0xdc, 0x76, 0x74, 0xc4, 0x23, 0x14, 0x48, 0x2e, 0x84, 0x2b, 0xa3, 0x82,
94    0xc1, 0xba, 0x0b, 0x39, 0x2a, 0x9f, 0x24, 0x7b, 0xd6, 0xc2, 0xea, 0x5a,
95    0xb6, 0xbd, 0x15, 0x82, 0x21, 0x85, 0xe0, 0x6b, 0x12, 0x4f, 0x8d, 0x64,
96    0x75, 0xeb, 0x7e, 0xa1, 0xdb, 0xe0, 0x9d, 0x25, 0xae, 0x3b, 0xe9, 0x9b,
97    0x21, 0x7f, 0x9a, 0x3d, 0x66, 0xd0, 0x52, 0x1d, 0x39, 0x8b, 0xeb, 0xfc,
98    0xec, 0xbe, 0x72, 0x20, 0x5a, 0xdf, 0x1b, 0x00, 0xf1, 0x0e, 0xed, 0xc6,
99    0x78, 0x6f, 0xc9, 0xab, 0xe4, 0xd6, 0x81, 0x8b, 0xcc, 0xf6, 0xd4, 0x6a,
100    0x31, 0x62, 0x08, 0xd9, 0x38, 0x21, 0x8f, 0xda, 0x9e, 0xb1, 0x2b, 0x9c,
101    0xc0, 0xbe, 0xf7, 0x9a, 0x43, 0x2d, 0x07, 0x59, 0x46, 0x0e, 0xd5, 0x23,
102    0x4e, 0xaa, 0x4a, 0x04, 0xc2, 0xde, 0x33, 0xa6, 0x34, 0xba, 0xac, 0x4f,
103    0x78, 0xd8, 0xca, 0x76, 0xce, 0x5e, 0xd4, 0xf6, 0x85, 0x4c, 0x6a, 0x60,
104    0x08, 0x5d, 0x0e, 0x34, 0x8b, 0xf2, 0xb6, 0xe3, 0xb7, 0x51, 0xca, 0x43,
105    0xaa, 0x68, 0x7b, 0x0a, 0x6e, 0xea, 0xce, 0x1e, 0x2c, 0x34, 0x8e, 0x0f,
106    0xe2, 0xcc, 0x38, 0xf2, 0x9a, 0x98, 0xef, 0xe6, 0x7f, 0xf6, 0x62, 0xbb
107};
108static const unsigned char dsa_3072_256_sha512_q[] = {
109    0xc1, 0xdb, 0xc1, 0x21, 0x50, 0x49, 0x63, 0xa3, 0x77, 0x6d, 0x4c, 0x92,
110    0xed, 0x58, 0x9e, 0x98, 0xea, 0xac, 0x7a, 0x90, 0x13, 0x24, 0xf7, 0xcd,
111    0xd7, 0xe6, 0xd4, 0x8f, 0xf0, 0x45, 0x4b, 0xf7
112};
113static const unsigned char dsa_3072_256_sha512_seed[] = {
114    0x35, 0x24, 0xb5, 0x59, 0xd5, 0x27, 0x58, 0x10, 0xf6, 0xa2, 0x7c, 0x9a,
115    0x0d, 0xc2, 0x70, 0x8a, 0xb0, 0x41, 0x4a, 0x84, 0x0b, 0xfe, 0x66, 0xf5,
116    0x3a, 0xbf, 0x4a, 0xa9, 0xcb, 0xfc, 0xa6, 0x22
117};
118static int dsa_3072_256_sha512_counter = 1604;
119
120static const unsigned char dsa_2048_224_sha256_p[] = {
121    0xe9, 0x13, 0xbc, 0xf2, 0x14, 0x5d, 0xf9, 0x79, 0xd6, 0x6d, 0xf5, 0xc5,
122    0xbe, 0x7b, 0x6f, 0x90, 0x63, 0xd0, 0xfd, 0xee, 0x4f, 0xc4, 0x65, 0x83,
123    0xbf, 0xec, 0xc3, 0x2c, 0x5d, 0x30, 0xc8, 0xa4, 0x3b, 0x2f, 0x3b, 0x29,
124    0x43, 0x69, 0xfb, 0x6e, 0xa9, 0xa4, 0x07, 0x6c, 0xcd, 0xb0, 0xd2, 0xd9,
125    0xd3, 0xe6, 0xf4, 0x87, 0x16, 0xb7, 0xe5, 0x06, 0xb9, 0xba, 0xd6, 0x87,
126    0xbc, 0x01, 0x9e, 0xba, 0xc2, 0xcf, 0x39, 0xb6, 0xec, 0xdc, 0x75, 0x07,
127    0xc1, 0x39, 0x2d, 0x6a, 0x95, 0x31, 0x97, 0xda, 0x54, 0x20, 0x29, 0xe0,
128    0x1b, 0xf9, 0x74, 0x65, 0xaa, 0xc1, 0x47, 0xd3, 0x9e, 0xb4, 0x3c, 0x1d,
129    0xe0, 0xdc, 0x2d, 0x21, 0xab, 0x12, 0x3b, 0xa5, 0x51, 0x1e, 0xc6, 0xbc,
130    0x6b, 0x4c, 0x22, 0xd1, 0x7c, 0xc6, 0xce, 0xcb, 0x8c, 0x1d, 0x1f, 0xce,
131    0x1c, 0xe2, 0x75, 0x49, 0x6d, 0x2c, 0xee, 0x7f, 0x5f, 0xb8, 0x74, 0x42,
132    0x5c, 0x96, 0x77, 0x13, 0xff, 0x80, 0xf3, 0x05, 0xc7, 0xfe, 0x08, 0x3b,
133    0x25, 0x36, 0x46, 0xa2, 0xc4, 0x26, 0xb4, 0xb0, 0x3b, 0xd5, 0xb2, 0x4c,
134    0x13, 0x29, 0x0e, 0x47, 0x31, 0x66, 0x7d, 0x78, 0x57, 0xe6, 0xc2, 0xb5,
135    0x9f, 0x46, 0x17, 0xbc, 0xa9, 0x9a, 0x49, 0x1c, 0x0f, 0x45, 0xe0, 0x88,
136    0x97, 0xa1, 0x30, 0x7c, 0x42, 0xb7, 0x2c, 0x0a, 0xce, 0xb3, 0xa5, 0x7a,
137    0x61, 0x8e, 0xab, 0x44, 0xc1, 0xdc, 0x70, 0xe5, 0xda, 0x78, 0x2a, 0xb4,
138    0xe6, 0x3c, 0xa0, 0x58, 0xda, 0x62, 0x0a, 0xb2, 0xa9, 0x3d, 0xaa, 0x49,
139    0x7e, 0x7f, 0x9a, 0x19, 0x67, 0xee, 0xd6, 0xe3, 0x67, 0x13, 0xe8, 0x6f,
140    0x79, 0x50, 0x76, 0xfc, 0xb3, 0x9d, 0x7e, 0x9e, 0x3e, 0x6e, 0x47, 0xb1,
141    0x11, 0x5e, 0xc8, 0x83, 0x3a, 0x3c, 0xfc, 0x82, 0x5c, 0x9d, 0x34, 0x65,
142    0x73, 0xb4, 0x56, 0xd5
143};
144static const unsigned char dsa_2048_224_sha256_q[] = {
145    0xb0, 0xdf, 0xa1, 0x7b, 0xa4, 0x77, 0x64, 0x0e, 0xb9, 0x28, 0xbb, 0xbc,
146    0xd4, 0x60, 0x02, 0xaf, 0x21, 0x8c, 0xb0, 0x69, 0x0f, 0x8a, 0x7b, 0xc6,
147    0x80, 0xcb, 0x0a, 0x45
148};
149static const unsigned char dsa_2048_224_sha256_g[] = {
150    0x11, 0x7c, 0x5f, 0xf6, 0x99, 0x44, 0x67, 0x5b, 0x69, 0xa3, 0x83, 0xef,
151    0xb5, 0x85, 0xa2, 0x19, 0x35, 0x18, 0x2a, 0xf2, 0x58, 0xf4, 0xc9, 0x58,
152    0x9e, 0xb9, 0xe8, 0x91, 0x17, 0x2f, 0xb0, 0x60, 0x85, 0x95, 0xa6, 0x62,
153    0x36, 0xd0, 0xff, 0x94, 0xb9, 0xa6, 0x50, 0xad, 0xa6, 0xf6, 0x04, 0x28,
154    0xc2, 0xc9, 0xb9, 0x75, 0xf3, 0x66, 0xb4, 0xeb, 0xf6, 0xd5, 0x06, 0x13,
155    0x01, 0x64, 0x82, 0xa9, 0xf1, 0xd5, 0x41, 0xdc, 0xf2, 0x08, 0xfc, 0x2f,
156    0xc4, 0xa1, 0x21, 0xee, 0x7d, 0xbc, 0xda, 0x5a, 0xa4, 0xa2, 0xb9, 0x68,
157    0x87, 0x36, 0xba, 0x53, 0x9e, 0x14, 0x4e, 0x76, 0x5c, 0xba, 0x79, 0x3d,
158    0x0f, 0xe5, 0x99, 0x1c, 0x27, 0xfc, 0xaf, 0x10, 0x63, 0x87, 0x68, 0x0e,
159    0x3e, 0x6e, 0xaa, 0xf3, 0xdf, 0x76, 0x7e, 0x02, 0x9a, 0x41, 0x96, 0xa1,
160    0x6c, 0xbb, 0x67, 0xee, 0x0c, 0xad, 0x72, 0x65, 0xf1, 0x70, 0xb0, 0x39,
161    0x9b, 0x54, 0x5f, 0xd7, 0x6c, 0xc5, 0x9a, 0x90, 0x53, 0x18, 0xde, 0x5e,
162    0x62, 0x89, 0xb9, 0x2f, 0x66, 0x59, 0x3a, 0x3d, 0x10, 0xeb, 0xa5, 0x99,
163    0xf6, 0x21, 0x7d, 0xf2, 0x7b, 0x42, 0x15, 0x1c, 0x55, 0x79, 0x15, 0xaa,
164    0xa4, 0x17, 0x2e, 0x48, 0xc3, 0xa8, 0x36, 0xf5, 0x1a, 0x97, 0xce, 0xbd,
165    0x72, 0xef, 0x1d, 0x50, 0x5b, 0xb1, 0x60, 0x0a, 0x5c, 0x0b, 0xa6, 0x21,
166    0x38, 0x28, 0x4e, 0x89, 0x33, 0x1d, 0xb5, 0x7e, 0x5c, 0xf1, 0x6b, 0x2c,
167    0xbd, 0xad, 0x84, 0xb2, 0x8e, 0x96, 0xe2, 0x30, 0xe7, 0x54, 0xb8, 0xc9,
168    0x70, 0xcb, 0x10, 0x30, 0x63, 0x90, 0xf4, 0x45, 0x64, 0x93, 0x09, 0x38,
169    0x6a, 0x47, 0x58, 0x31, 0x04, 0x1a, 0x18, 0x04, 0x1a, 0xe0, 0xd7, 0x0b,
170    0x3c, 0xbe, 0x2a, 0x9c, 0xec, 0xcc, 0x0d, 0x0c, 0xed, 0xde, 0x54, 0xbc,
171    0xe6, 0x93, 0x59, 0xfc
172};
173
174static int ffc_params_validate_g_unverified_test(void)
175{
176    int ret = 0, res;
177    FFC_PARAMS params;
178    BIGNUM *p = NULL, *q = NULL, *g = NULL;
179    BIGNUM *p1 = NULL, *g1 = NULL;
180
181    ossl_ffc_params_init(&params);
182
183    if (!TEST_ptr(p = BN_bin2bn(dsa_2048_224_sha256_p,
184                                sizeof(dsa_2048_224_sha256_p), NULL)))
185        goto err;
186    p1 = p;
187    if (!TEST_ptr(q = BN_bin2bn(dsa_2048_224_sha256_q,
188                                sizeof(dsa_2048_224_sha256_q), NULL)))
189        goto err;
190    if (!TEST_ptr(g = BN_bin2bn(dsa_2048_224_sha256_g,
191                                sizeof(dsa_2048_224_sha256_g), NULL)))
192        goto err;
193    g1 = g;
194
195    /* Fail if g is NULL */
196    ossl_ffc_params_set0_pqg(&params, p, q, NULL);
197    p = NULL;
198    q = NULL;
199    ossl_ffc_params_set_flags(&params, FFC_PARAM_FLAG_VALIDATE_G);
200    ossl_ffc_set_digest(&params, "SHA256", NULL);
201
202    if (!TEST_false(ossl_ffc_params_FIPS186_4_validate(NULL, &params,
203                                                       FFC_PARAM_TYPE_DSA,
204                                                       &res, NULL)))
205        goto err;
206
207    ossl_ffc_params_set0_pqg(&params, p, q, g);
208    g = NULL;
209    if (!TEST_true(ossl_ffc_params_FIPS186_4_validate(NULL, &params,
210                                                      FFC_PARAM_TYPE_DSA,
211                                                      &res, NULL)))
212        goto err;
213
214    /* incorrect g */
215    BN_add_word(g1, 1);
216    if (!TEST_false(ossl_ffc_params_FIPS186_4_validate(NULL, &params,
217                                                       FFC_PARAM_TYPE_DSA,
218                                                       &res, NULL)))
219        goto err;
220
221    /* fail if g < 2 */
222    BN_set_word(g1, 1);
223    if (!TEST_false(ossl_ffc_params_FIPS186_4_validate(NULL, &params,
224                                                       FFC_PARAM_TYPE_DSA,
225                                                       &res, NULL)))
226        goto err;
227
228    BN_copy(g1, p1);
229    /* Fail if g >= p */
230    if (!TEST_false(ossl_ffc_params_FIPS186_4_validate(NULL, &params,
231                                                       FFC_PARAM_TYPE_DSA,
232                                                       &res, NULL)))
233        goto err;
234
235    ret = 1;
236err:
237    ossl_ffc_params_cleanup(&params);
238    BN_free(p);
239    BN_free(q);
240    BN_free(g);
241    return ret;
242}
243
244static int ffc_params_validate_pq_test(void)
245{
246    int ret = 0, res = -1;
247    FFC_PARAMS params;
248    BIGNUM *p = NULL, *q = NULL;
249
250    ossl_ffc_params_init(&params);
251    if (!TEST_ptr(p = BN_bin2bn(dsa_2048_224_sha224_p,
252                                   sizeof(dsa_2048_224_sha224_p),
253                                   NULL)))
254        goto err;
255    if (!TEST_ptr(q = BN_bin2bn(dsa_2048_224_sha224_q,
256                                   sizeof(dsa_2048_224_sha224_q),
257                                   NULL)))
258        goto err;
259
260    /* No p */
261    ossl_ffc_params_set0_pqg(&params, NULL, q, NULL);
262    q = NULL;
263    ossl_ffc_params_set_flags(&params, FFC_PARAM_FLAG_VALIDATE_PQ);
264    ossl_ffc_set_digest(&params, "SHA224", NULL);
265
266    if (!TEST_false(ossl_ffc_params_FIPS186_4_validate(NULL, &params,
267                                                       FFC_PARAM_TYPE_DSA,
268                                                       &res, NULL)))
269        goto err;
270
271    /* Test valid case */
272    ossl_ffc_params_set0_pqg(&params, p, NULL, NULL);
273    p = NULL;
274    ossl_ffc_params_set_validate_params(&params, dsa_2048_224_sha224_seed,
275                                        sizeof(dsa_2048_224_sha224_seed),
276                                        dsa_2048_224_sha224_counter);
277    if (!TEST_true(ossl_ffc_params_FIPS186_4_validate(NULL, &params,
278                                                      FFC_PARAM_TYPE_DSA,
279                                                      &res, NULL)))
280        goto err;
281
282    /* Bad counter - so p is not prime */
283    ossl_ffc_params_set_validate_params(&params, dsa_2048_224_sha224_seed,
284                                        sizeof(dsa_2048_224_sha224_seed),
285                                        1);
286    if (!TEST_false(ossl_ffc_params_FIPS186_4_validate(NULL, &params,
287                                                       FFC_PARAM_TYPE_DSA,
288                                                       &res, NULL)))
289        goto err;
290
291    /* seedlen smaller than N */
292    ossl_ffc_params_set_validate_params(&params, dsa_2048_224_sha224_seed,
293                                        sizeof(dsa_2048_224_sha224_seed)-1,
294                                        dsa_2048_224_sha224_counter);
295    if (!TEST_false(ossl_ffc_params_FIPS186_4_validate(NULL, &params,
296                                                       FFC_PARAM_TYPE_DSA,
297                                                       &res, NULL)))
298        goto err;
299
300    /* Provided seed doesnt produce a valid prime q */
301    ossl_ffc_params_set_validate_params(&params, dsa_2048_224_sha224_bad_seed,
302                                        sizeof(dsa_2048_224_sha224_bad_seed),
303                                        dsa_2048_224_sha224_counter);
304    if (!TEST_false(ossl_ffc_params_FIPS186_4_validate(NULL, &params,
305                                                       FFC_PARAM_TYPE_DSA,
306                                                       &res, NULL)))
307        goto err;
308
309    if (!TEST_ptr(p = BN_bin2bn(dsa_3072_256_sha512_p,
310                                sizeof(dsa_3072_256_sha512_p), NULL)))
311        goto err;
312    if (!TEST_ptr(q = BN_bin2bn(dsa_3072_256_sha512_q,
313                                sizeof(dsa_3072_256_sha512_q),
314                                NULL)))
315        goto err;
316
317
318    ossl_ffc_params_set0_pqg(&params, p, q, NULL);
319    p = q  = NULL;
320    ossl_ffc_set_digest(&params, "SHA512", NULL);
321    ossl_ffc_params_set_validate_params(&params, dsa_3072_256_sha512_seed,
322                                        sizeof(dsa_3072_256_sha512_seed),
323                                        dsa_3072_256_sha512_counter);
324    /* Q doesn't div P-1 */
325    if (!TEST_false(ossl_ffc_params_FIPS186_4_validate(NULL, &params,
326                                                       FFC_PARAM_TYPE_DSA,
327                                                       &res, NULL)))
328        goto err;
329
330    /* Bad L/N for FIPS DH */
331    if (!TEST_false(ossl_ffc_params_FIPS186_4_validate(NULL, &params,
332                                                       FFC_PARAM_TYPE_DH,
333                                                       &res, NULL)))
334        goto err;
335
336    ret = 1;
337err:
338    ossl_ffc_params_cleanup(&params);
339    BN_free(p);
340    BN_free(q);
341    return ret;
342}
343#endif /* OPENSSL_NO_DSA */
344
345#ifndef OPENSSL_NO_DH
346static int ffc_params_gen_test(void)
347{
348    int ret = 0, res = -1;
349    FFC_PARAMS params;
350
351    ossl_ffc_params_init(&params);
352    if (!TEST_true(ossl_ffc_params_FIPS186_4_generate(NULL, &params,
353                                                      FFC_PARAM_TYPE_DH,
354                                                      2048, 256, &res, NULL)))
355        goto err;
356    if (!TEST_true(ossl_ffc_params_FIPS186_4_validate(NULL, &params,
357                                                      FFC_PARAM_TYPE_DH,
358                                                      &res, NULL)))
359        goto err;
360
361    ret = 1;
362err:
363    ossl_ffc_params_cleanup(&params);
364    return ret;
365}
366
367static int ffc_params_gen_canonicalg_test(void)
368{
369    int ret = 0, res = -1;
370    FFC_PARAMS params;
371
372    ossl_ffc_params_init(&params);
373    params.gindex = 1;
374    if (!TEST_true(ossl_ffc_params_FIPS186_4_generate(NULL, &params,
375                                                      FFC_PARAM_TYPE_DH,
376                                                      2048, 256, &res, NULL)))
377        goto err;
378    if (!TEST_true(ossl_ffc_params_FIPS186_4_validate(NULL, &params,
379                                                      FFC_PARAM_TYPE_DH,
380                                                      &res, NULL)))
381        goto err;
382
383    if (!TEST_true(ossl_ffc_params_print(bio_out, &params, 4)))
384        goto err;
385
386    ret = 1;
387err:
388    ossl_ffc_params_cleanup(&params);
389    return ret;
390}
391
392static int ffc_params_fips186_2_gen_validate_test(void)
393{
394    int ret = 0, res = -1;
395    FFC_PARAMS params;
396    BIGNUM *bn = NULL;
397
398    ossl_ffc_params_init(&params);
399    if (!TEST_ptr(bn = BN_new()))
400        goto err;
401    if (!TEST_true(ossl_ffc_params_FIPS186_2_generate(NULL, &params,
402                                                      FFC_PARAM_TYPE_DH,
403                                                      1024, 160, &res, NULL)))
404        goto err;
405    if (!TEST_true(ossl_ffc_params_FIPS186_2_validate(NULL, &params,
406                                                      FFC_PARAM_TYPE_DH,
407                                                      &res, NULL)))
408        goto err;
409
410    /*
411     * The fips186-2 generation should produce a different q compared to
412     * fips 186-4 given the same seed value. So validation of q will fail.
413     */
414    if (!TEST_false(ossl_ffc_params_FIPS186_4_validate(NULL, &params,
415                                                       FFC_PARAM_TYPE_DSA,
416                                                       &res, NULL)))
417        goto err;
418    /* As the params are randomly generated the error is one of the following */
419    if (!TEST_true(res == FFC_CHECK_Q_MISMATCH || res == FFC_CHECK_Q_NOT_PRIME))
420        goto err;
421
422    ossl_ffc_params_set_flags(&params, FFC_PARAM_FLAG_VALIDATE_G);
423    /* Partially valid g test will still pass */
424    if (!TEST_int_eq(ossl_ffc_params_FIPS186_4_validate(NULL, &params,
425                                                        FFC_PARAM_TYPE_DSA,
426                                                        &res, NULL), 2))
427        goto err;
428
429    if (!TEST_true(ossl_ffc_params_print(bio_out, &params, 4)))
430        goto err;
431
432    ret = 1;
433err:
434    BN_free(bn);
435    ossl_ffc_params_cleanup(&params);
436    return ret;
437}
438
439extern FFC_PARAMS *ossl_dh_get0_params(DH *dh);
440
441static int ffc_public_validate_test(void)
442{
443    int ret = 0, res = -1;
444    FFC_PARAMS *params;
445    BIGNUM *pub = NULL;
446    DH *dh = NULL;
447
448    if (!TEST_ptr(pub = BN_new()))
449        goto err;
450
451    if (!TEST_ptr(dh = DH_new_by_nid(NID_ffdhe2048)))
452        goto err;
453    params = ossl_dh_get0_params(dh);
454
455    if (!TEST_true(BN_set_word(pub, 1)))
456        goto err;
457    BN_set_negative(pub, 1);
458    /* Fail if public key is negative */
459    if (!TEST_false(ossl_ffc_validate_public_key(params, pub, &res)))
460        goto err;
461    if (!TEST_int_eq(FFC_ERROR_PUBKEY_TOO_SMALL, res))
462        goto err;
463    if (!TEST_true(BN_set_word(pub, 0)))
464        goto err;
465    if (!TEST_int_eq(FFC_ERROR_PUBKEY_TOO_SMALL, res))
466        goto err;
467    /* Fail if public key is zero */
468    if (!TEST_false(ossl_ffc_validate_public_key(params, pub, &res)))
469        goto err;
470    if (!TEST_int_eq(FFC_ERROR_PUBKEY_TOO_SMALL, res))
471        goto err;
472    /* Fail if public key is 1 */
473    if (!TEST_false(ossl_ffc_validate_public_key(params, BN_value_one(), &res)))
474        goto err;
475    if (!TEST_int_eq(FFC_ERROR_PUBKEY_TOO_SMALL, res))
476        goto err;
477    if (!TEST_true(BN_add_word(pub, 2)))
478        goto err;
479    /* Pass if public key >= 2 */
480    if (!TEST_true(ossl_ffc_validate_public_key(params, pub, &res)))
481        goto err;
482
483    if (!TEST_ptr(BN_copy(pub, params->p)))
484        goto err;
485    /* Fail if public key = p */
486    if (!TEST_false(ossl_ffc_validate_public_key(params, pub, &res)))
487        goto err;
488    if (!TEST_int_eq(FFC_ERROR_PUBKEY_TOO_LARGE, res))
489        goto err;
490
491    if (!TEST_true(BN_sub_word(pub, 1)))
492        goto err;
493    /* Fail if public key = p - 1 */
494    if (!TEST_false(ossl_ffc_validate_public_key(params, pub, &res)))
495        goto err;
496    if (!TEST_int_eq(FFC_ERROR_PUBKEY_TOO_LARGE, res))
497        goto err;
498
499    if (!TEST_true(BN_sub_word(pub, 1)))
500        goto err;
501    /* Fail if public key is not related to p & q */
502    if (!TEST_false(ossl_ffc_validate_public_key(params, pub, &res)))
503        goto err;
504    if (!TEST_int_eq(FFC_ERROR_PUBKEY_INVALID, res))
505        goto err;
506
507    if (!TEST_true(BN_sub_word(pub, 5)))
508        goto err;
509    /* Pass if public key is valid */
510    if (!TEST_true(ossl_ffc_validate_public_key(params, pub, &res)))
511        goto err;
512
513    /* Fail if params is NULL */
514    if (!TEST_false(ossl_ffc_validate_public_key(NULL, pub, &res)))
515        goto err;
516    if (!TEST_int_eq(FFC_ERROR_PASSED_NULL_PARAM, res))
517        goto err;
518    res = -1;
519    /* Fail if pubkey is NULL */
520    if (!TEST_false(ossl_ffc_validate_public_key(params, NULL, &res)))
521        goto err;
522    if (!TEST_int_eq(FFC_ERROR_PASSED_NULL_PARAM, res))
523        goto err;
524    res = -1;
525
526    BN_free(params->p);
527    params->p = NULL;
528    /* Fail if params->p is NULL */
529    if (!TEST_false(ossl_ffc_validate_public_key(params, pub, &res)))
530        goto err;
531    if (!TEST_int_eq(FFC_ERROR_PASSED_NULL_PARAM, res))
532        goto err;
533
534    ret = 1;
535err:
536    DH_free(dh);
537    BN_free(pub);
538    return ret;
539}
540
541static int ffc_private_validate_test(void)
542{
543    int ret = 0, res = -1;
544    FFC_PARAMS *params;
545    BIGNUM *priv = NULL;
546    DH *dh = NULL;
547
548    if (!TEST_ptr(priv = BN_new()))
549        goto err;
550
551    if (!TEST_ptr(dh = DH_new_by_nid(NID_ffdhe2048)))
552        goto err;
553    params = ossl_dh_get0_params(dh);
554
555    if (!TEST_true(BN_set_word(priv, 1)))
556        goto err;
557    BN_set_negative(priv, 1);
558    /* Fail if priv key is negative */
559    if (!TEST_false(ossl_ffc_validate_private_key(params->q, priv, &res)))
560        goto err;
561    if (!TEST_int_eq(FFC_ERROR_PRIVKEY_TOO_SMALL, res))
562        goto err;
563
564    if (!TEST_true(BN_set_word(priv, 0)))
565        goto err;
566    /* Fail if priv key is zero */
567    if (!TEST_false(ossl_ffc_validate_private_key(params->q, priv, &res)))
568        goto err;
569    if (!TEST_int_eq(FFC_ERROR_PRIVKEY_TOO_SMALL, res))
570        goto err;
571
572    /* Pass if priv key >= 1 */
573    if (!TEST_true(ossl_ffc_validate_private_key(params->q, BN_value_one(),
574                                                 &res)))
575        goto err;
576
577    if (!TEST_ptr(BN_copy(priv, params->q)))
578        goto err;
579    /* Fail if priv key = upper */
580    if (!TEST_false(ossl_ffc_validate_private_key(params->q, priv, &res)))
581        goto err;
582    if (!TEST_int_eq(FFC_ERROR_PRIVKEY_TOO_LARGE, res))
583        goto err;
584
585    if (!TEST_true(BN_sub_word(priv, 1)))
586        goto err;
587    /* Pass if priv key <= upper - 1 */
588    if (!TEST_true(ossl_ffc_validate_private_key(params->q, priv, &res)))
589        goto err;
590
591    if (!TEST_false(ossl_ffc_validate_private_key(NULL, priv, &res)))
592        goto err;
593    if (!TEST_int_eq(FFC_ERROR_PASSED_NULL_PARAM, res))
594        goto err;
595    res = -1;
596    if (!TEST_false(ossl_ffc_validate_private_key(params->q, NULL, &res)))
597        goto err;
598    if (!TEST_int_eq(FFC_ERROR_PASSED_NULL_PARAM, res))
599        goto err;
600
601    ret = 1;
602err:
603    DH_free(dh);
604    BN_free(priv);
605    return ret;
606}
607
608static int ffc_private_gen_test(int index)
609{
610    int ret = 0, res = -1, N;
611    FFC_PARAMS *params;
612    BIGNUM *priv = NULL;
613    DH *dh = NULL;
614    BN_CTX *ctx = NULL;
615
616    if (!TEST_ptr(ctx = BN_CTX_new_ex(NULL)))
617        goto err;
618
619    if (!TEST_ptr(priv = BN_new()))
620        goto err;
621
622    if (!TEST_ptr(dh = DH_new_by_nid(NID_ffdhe2048)))
623        goto err;
624    params = ossl_dh_get0_params(dh);
625
626    N = BN_num_bits(params->q);
627    /* Fail since N < 2*s - where s = 112*/
628    if (!TEST_false(ossl_ffc_generate_private_key(ctx, params, 220, 112, priv)))
629        goto err;
630    /* fail since N > len(q) */
631    if (!TEST_false(ossl_ffc_generate_private_key(ctx, params, N + 1, 112, priv)))
632        goto err;
633    /* s must be always set */
634    if (!TEST_false(ossl_ffc_generate_private_key(ctx, params, N, 0, priv)))
635        goto err;
636    /* pass since 2s <= N <= len(q) */
637    if (!TEST_true(ossl_ffc_generate_private_key(ctx, params, N, 112, priv)))
638        goto err;
639    /* pass since N = len(q) */
640    if (!TEST_true(ossl_ffc_validate_private_key(params->q, priv, &res)))
641        goto err;
642    /* pass since 2s <= N < len(q) */
643    if (!TEST_true(ossl_ffc_generate_private_key(ctx, params, N / 2, 112, priv)))
644        goto err;
645    if (!TEST_true(ossl_ffc_validate_private_key(params->q, priv, &res)))
646        goto err;
647    /* N is ignored in this case */
648    if (!TEST_true(ossl_ffc_generate_private_key(ctx, params, 0,
649                                                 ossl_ifc_ffc_compute_security_bits(BN_num_bits(params->p)),
650                                                 priv)))
651        goto err;
652    if (!TEST_int_le(BN_num_bits(priv), 225))
653        goto err;
654    if (!TEST_true(ossl_ffc_validate_private_key(params->q, priv, &res)))
655        goto err;
656
657    ret = 1;
658err:
659    DH_free(dh);
660    BN_free(priv);
661    BN_CTX_free(ctx);
662    return ret;
663}
664
665static int ffc_params_copy_test(void)
666{
667    int ret = 0;
668    DH *dh = NULL;
669    FFC_PARAMS *params, copy;
670
671    ossl_ffc_params_init(&copy);
672
673    if (!TEST_ptr(dh = DH_new_by_nid(NID_ffdhe3072)))
674        goto err;
675    params = ossl_dh_get0_params(dh);
676
677    if (!TEST_int_eq(params->keylength, 275))
678        goto err;
679
680    if (!TEST_true(ossl_ffc_params_copy(&copy, params)))
681        goto err;
682
683    if (!TEST_int_eq(copy.keylength, 275))
684        goto err;
685
686    if (!TEST_true(ossl_ffc_params_cmp(&copy, params, 0)))
687        goto err;
688
689    ret = 1;
690err:
691    ossl_ffc_params_cleanup(&copy);
692    DH_free(dh);
693    return ret;
694}
695#endif /* OPENSSL_NO_DH */
696
697int setup_tests(void)
698{
699#ifndef OPENSSL_NO_DSA
700    ADD_TEST(ffc_params_validate_pq_test);
701    ADD_TEST(ffc_params_validate_g_unverified_test);
702#endif /* OPENSSL_NO_DSA */
703#ifndef OPENSSL_NO_DH
704    ADD_TEST(ffc_params_gen_test);
705    ADD_TEST(ffc_params_gen_canonicalg_test);
706    ADD_TEST(ffc_params_fips186_2_gen_validate_test);
707    ADD_TEST(ffc_public_validate_test);
708    ADD_TEST(ffc_private_validate_test);
709    ADD_ALL_TESTS(ffc_private_gen_test, 10);
710    ADD_TEST(ffc_params_copy_test);
711#endif /* OPENSSL_NO_DH */
712    return 1;
713}
714