Add ACVP fips module tests

For FIPS validation purposes - Automated Cryptographic Validation Protocol (ACVP) tests need to be
performed. (See https://github.com/usnistgov/ACVP). These tests are very similiar to the old CAVS tests.

This PR uses a hardwired subset of these test vectors to perform similiar operations,
to show the usage and prove that the API's are able to perform the required operations.
It may also help with communication with the lab (i.e- The lab could add a test here to show
a unworking use case - which we can then address).

The EVP layer performs these tests instead of calling lower level API's
as was done in the old FOM.
Some of these tests require access to internals that are not normally allowed/required.

The config option 'acvp_tests' (enabled by default) has been added so that this
access may be removed.

The mechanism has been implemented as additional OSSL_PARAM values that can be set and get.
A callback mechanism did not seem to add any additional benefit.
These params will not be added to the gettables lists.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11572)

5 files changed, 85 insertions, 38 deletions

diff --git a/include/crypto/dh.h b/include/crypto/dh.h
index f67b4e01cd..22847dd1e0 100644
--- a/include/crypto/dh.h
+++ b/include/crypto/dh.h
@@ -14,8 +14,8 @@
 DH *dh_new_by_nid_with_libctx(OPENSSL_CTX *libctx, int nid);
 DH *dh_new_with_libctx(OPENSSL_CTX *libctx);
 
-int dh_generate_ffc_parameters(DH *dh, int type, int pbits,
-                               int qbits, EVP_MD *md, BN_GENCB *cb);
+int dh_generate_ffc_parameters(DH *dh, int type, int pbits, int qbits,
+                               BN_GENCB *cb);
 int dh_generate_public_key(BN_CTX *ctx, DH *dh, const BIGNUM *priv_key,
                            BIGNUM *pub_key);
 int dh_get_named_group_uid_from_size(int pbits);
diff --git a/include/crypto/dsa.h b/include/crypto/dsa.h
index 1a278fecf2..59c94a1740 100644
--- a/include/crypto/dsa.h
+++ b/include/crypto/dsa.h
@@ -16,8 +16,8 @@
 
 DSA *dsa_new_with_ctx(OPENSSL_CTX *libctx);
 
-int dsa_generate_ffc_parameters(DSA *dsa, int type,
-                                int pbits, int qbits, EVP_MD *md, BN_GENCB *cb);
+int dsa_generate_ffc_parameters(DSA *dsa, int type, int pbits, int qbits,
+                                BN_GENCB *cb);
 
 int dsa_sign_int(int type, const unsigned char *dgst,
                  int dlen, unsigned char *sig, unsigned int *siglen, DSA *dsa);
diff --git a/include/crypto/rsa.h b/include/crypto/rsa.h
index 5d7a6e515d..9469ec9233 100644
--- a/include/crypto/rsa.h
+++ b/include/crypto/rsa.h
@@ -10,8 +10,8 @@
 #ifndef OSSL_INTERNAL_RSA_H
 # define OSSL_INTERNAL_RSA_H
 
-#include <openssl/core.h>
-#include <openssl/rsa.h>
+# include <openssl/core.h>
+# include <openssl/rsa.h>
 
 typedef struct rsa_pss_params_30_st {
     int hash_algorithm_nid;
@@ -93,4 +93,16 @@ extern const char *rsa_mp_factor_names[];
 extern const char *rsa_mp_exp_names[];
 extern const char *rsa_mp_coeff_names[];
 
+# if defined(FIPS_MODULE) && !defined(OPENSSL_NO_ACVP_TESTS)
+int rsa_acvp_test_gen_params_new(OSSL_PARAM **dst, const OSSL_PARAM src[]);
+void rsa_acvp_test_gen_params_free(OSSL_PARAM *dst);
+
+int rsa_acvp_test_set_params(RSA *r, const OSSL_PARAM params[]);
+int rsa_acvp_test_get_params(RSA *r, OSSL_PARAM params[]);
+typedef struct rsa_acvp_test_st RSA_ACVP_TEST;
+void rsa_acvp_test_free(RSA_ACVP_TEST *t);
+# else
+# define RSA_ACVP_TEST void
+# endif
+
 #endif
diff --git a/include/internal/ffc.h b/include/internal/ffc.h
index e4c4dce8fa..2ed5d72c5c 100644
--- a/include/internal/ffc.h
+++ b/include/internal/ffc.h
@@ -16,6 +16,7 @@
 # include <openssl/dh.h> /* Uses Error codes from DH */
 # include <openssl/params.h>
 # include <openssl/param_build.h>
+# include "internal/sizes.h"
 
 /* Default value for gindex when canonical generation of g is not used */
 # define FFC_UNVERIFIABLE_GINDEX -1
@@ -24,17 +25,24 @@
 # define FFC_PARAM_TYPE_DSA  0
 # define FFC_PARAM_TYPE_DH   1
 
+/*
+ * The mode used by functions that share code for both generation and
+ * verification. See ffc_params_FIPS186_4_gen_verify().
+ */
+#define FFC_PARAM_MODE_VERIFY   0
+#define FFC_PARAM_MODE_GENERATE 1
+
 /* Return codes for generation and validation of FFC parameters */
-#define FFC_PARAMS_RET_STATUS_FAILED         0
-#define FFC_PARAMS_RET_STATUS_SUCCESS        1
+#define FFC_PARAM_RET_STATUS_FAILED         0
+#define FFC_PARAM_RET_STATUS_SUCCESS        1
 /* Returned if validating and g is only partially verifiable */
-#define FFC_PARAMS_RET_STATUS_UNVERIFIABLE_G 2
+#define FFC_PARAM_RET_STATUS_UNVERIFIABLE_G 2
 
 /* Validation flags */
-# define FFC_PARAMS_GENERATE     0x00
-# define FFC_PARAMS_VALIDATE_PQ  0x01
-# define FFC_PARAMS_VALIDATE_G   0x02
-# define FFC_PARAMS_VALIDATE_ALL (FFC_PARAMS_VALIDATE_PQ | FFC_PARAMS_VALIDATE_G)
+# define FFC_PARAM_FLAG_VALIDATE_PQ  0x01
+# define FFC_PARAM_FLAG_VALIDATE_G   0x02
+# define FFC_PARAM_FLAG_VALIDATE_ALL                                           \
+    (FFC_PARAM_FLAG_VALIDATE_PQ | FFC_PARAM_FLAG_VALIDATE_G)
 
 /*
  * NB: These values must align with the equivalently named macros in
@@ -94,6 +102,14 @@ typedef struct ffc_params_st {
      */
     int gindex;
     int h; /* loop counter for unverifiable g */
+
+    unsigned int flags; /* See FFC_PARAM_FLAG_VALIDATE_ALL */
+    /*
+     * The digest to use for generation or validation. If this value is NULL,
+     * then the digest is chosen using the value of N.
+     */
+    const char *mdname;
+    const char *mdprops;
 } FFC_PARAMS;
 
 void ffc_params_init(FFC_PARAMS *params);
@@ -107,6 +123,8 @@ int ffc_params_set_seed(FFC_PARAMS *params,
 void ffc_params_set_gindex(FFC_PARAMS *params, int index);
 void ffc_params_set_pcounter(FFC_PARAMS *params, int index);
 void ffc_params_set_h(FFC_PARAMS *params, int index);
+void ffc_params_set_flags(FFC_PARAMS *params, unsigned int flags);
+int ffc_set_digest(FFC_PARAMS *params, const char *alg, const char *props);
 
 int ffc_params_set_validate_params(FFC_PARAMS *params,
                                    const unsigned char *seed, size_t seedlen,
@@ -125,27 +143,22 @@ int ffc_params_print(BIO *bp, const FFC_PARAMS *ffc, int indent);
 
 int ffc_params_FIPS186_4_generate(OPENSSL_CTX *libctx, FFC_PARAMS *params,
                                   int type, size_t L, size_t N,
-                                  const EVP_MD *evpmd, int *res, BN_GENCB *cb);
+                                  int *res, BN_GENCB *cb);
 int ffc_params_FIPS186_2_generate(OPENSSL_CTX *libctx, FFC_PARAMS *params,
                                   int type, size_t L, size_t N,
-                                  const EVP_MD *evpmd, int *res, BN_GENCB *cb);
+                                  int *res, BN_GENCB *cb);
 
 int ffc_params_FIPS186_4_gen_verify(OPENSSL_CTX *libctx, FFC_PARAMS *params,
-                                    int type, size_t L, size_t N,
-                                    const EVP_MD *evpmd, int validate_flags,
+                                    int mode, int type, size_t L, size_t N,
                                     int *res, BN_GENCB *cb);
 int ffc_params_FIPS186_2_gen_verify(OPENSSL_CTX *libctx, FFC_PARAMS *params,
-                                    int type, size_t L, size_t N,
-                                    const EVP_MD *evpmd, int validate_flags,
+                                    int mode, int type, size_t L, size_t N,
                                     int *res, BN_GENCB *cb);
 
-int ffc_params_FIPS186_4_validate(const FFC_PARAMS *params, int type,
-                                  const EVP_MD *evpmd, int validate_flags,
-                                  int *res, BN_GENCB *cb);
-int ffc_params_FIPS186_2_validate(const FFC_PARAMS *params, int type,
-                                  const EVP_MD *evpmd, int validate_flags,
-                                  int *res, BN_GENCB *cb);
-
+int ffc_params_FIPS186_4_validate(OPENSSL_CTX *libctx, const FFC_PARAMS *params,
+                                  int type, int *res, BN_GENCB *cb);
+int ffc_params_FIPS186_2_validate(OPENSSL_CTX *libctx, const FFC_PARAMS *params,
+                                  int type, int *res, BN_GENCB *cb);
 
 int ffc_generate_private_key(BN_CTX *ctx, const FFC_PARAMS *params,
                              int N, int s, BIGNUM *priv);
@@ -168,5 +181,7 @@ int ffc_set_group_pqg(FFC_PARAMS *ffc, const char *group_name);
 int ffc_named_group_to_uid(const char *name);
 const char *ffc_named_group_from_uid(int nid);
 int ffc_set_group_pqg(FFC_PARAMS *ffc, const char *group_name);
+const char *ffc_params_flags_to_name(int flags);
+int ffc_params_flags_from_name(const char *name);
 
 #endif /* OSSL_INTERNAL_FFC_H */
diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h
index f04168e819..fa6b7a9547 100644
--- a/include/openssl/core_names.h
+++ b/include/openssl/core_names.h
@@ -201,22 +201,30 @@ extern "C" {
 #define OSSL_PKEY_PARAM_PRIV_KEY            "priv"
 
 /* Diffie-Hellman/DSA Parameters */
-#define OSSL_PKEY_PARAM_FFC_P        "p"
-#define OSSL_PKEY_PARAM_FFC_G        "g"
-#define OSSL_PKEY_PARAM_FFC_Q        "q"
-#define OSSL_PKEY_PARAM_FFC_GINDEX   "gindex"
-#define OSSL_PKEY_PARAM_FFC_PCOUNTER "pcounter"
-#define OSSL_PKEY_PARAM_FFC_SEED     "seed"
-#define OSSL_PKEY_PARAM_FFC_COFACTOR "j"
-#define OSSL_PKEY_PARAM_FFC_H        "hindex"
+#define OSSL_PKEY_PARAM_FFC_P               "p"
+#define OSSL_PKEY_PARAM_FFC_G               "g"
+#define OSSL_PKEY_PARAM_FFC_Q               "q"
+#define OSSL_PKEY_PARAM_FFC_GINDEX          "gindex"
+#define OSSL_PKEY_PARAM_FFC_PCOUNTER        "pcounter"
+#define OSSL_PKEY_PARAM_FFC_SEED            "seed"
+#define OSSL_PKEY_PARAM_FFC_COFACTOR        "j"
+#define OSSL_PKEY_PARAM_FFC_H               "hindex"
+#define OSSL_PKEY_PARAM_FFC_VALIDATE_TYPE   "valid-type"
+
+/* Diffie-Hellman/DSA Parameters parameter validation types */
+#define OSSL_FFC_PARAM_VALIDATE_PQ          "validate-pq"
+#define OSSL_FFC_PARAM_VALIDATE_G           "validate-g"
+#define OSSL_FFC_PARAM_VALIDATE_PQG         "validate-pqg"
 
 /* Diffie-Hellman params */
-#define OSSL_PKEY_PARAM_DH_GROUP     "group"
-#define OSSL_PKEY_PARAM_DH_GENERATOR "safeprime-generator"
-#define OSSL_PKEY_PARAM_DH_PRIV_LEN   "priv_len"
+#define OSSL_PKEY_PARAM_DH_GROUP            "group"
+#define OSSL_PKEY_PARAM_DH_GENERATOR        "safeprime-generator"
+#define OSSL_PKEY_PARAM_DH_PRIV_LEN         "priv_len"
 
 /* Elliptic Curve Domain Parameters */
 #define OSSL_PKEY_PARAM_EC_NAME      "curve-name"
+#define OSSL_PKEY_PARAM_EC_PUB_X     "qx"
+#define OSSL_PKEY_PARAM_EC_PUB_Y     "qy"
 
 /* Elliptic Curve Key Parameters */
 #define OSSL_PKEY_PARAM_USE_COFACTOR_FLAG "use-cofactor-flag"
@@ -334,7 +342,6 @@ extern "C" {
 #define OSSL_SIGNATURE_PARAM_MGF1_PROPERTIES    \
     OSSL_PKEY_PARAM_MGF1_PROPERTIES
 #define OSSL_SIGNATURE_PARAM_DIGEST_SIZE        OSSL_PKEY_PARAM_DIGEST_SIZE
-#define OSSL_SIGNATURE_PARAM_KAT                "kat"
 
 /* Asym cipher parameters */
 #define OSSL_ASYM_CIPHER_PARAM_PAD_MODE                 OSSL_PKEY_PARAM_PAD_MODE
@@ -364,6 +371,19 @@ extern "C" {
 #define OSSL_GEN_PARAM_POTENTIAL            "potential" /* integer */
 #define OSSL_GEN_PARAM_ITERATION            "iteration" /* integer */
 
+/* ACVP Test parameters : These should not be used normally */
+#define OSSL_PKEY_PARAM_RSA_TEST_XP1 "xp1"
+#define OSSL_PKEY_PARAM_RSA_TEST_XP2 "xp2"
+#define OSSL_PKEY_PARAM_RSA_TEST_XP  "xp"
+#define OSSL_PKEY_PARAM_RSA_TEST_XQ1 "xq1"
+#define OSSL_PKEY_PARAM_RSA_TEST_XQ2 "xq2"
+#define OSSL_PKEY_PARAM_RSA_TEST_XQ  "xq"
+#define OSSL_PKEY_PARAM_RSA_TEST_P1  "p1"
+#define OSSL_PKEY_PARAM_RSA_TEST_P2  "p2"
+#define OSSL_PKEY_PARAM_RSA_TEST_Q1  "q1"
+#define OSSL_PKEY_PARAM_RSA_TEST_Q2  "q2"
+#define OSSL_SIGNATURE_PARAM_KAT "kat"
+
 # ifdef __cplusplus
 }
 # endif