/*
* Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <string.h>
#include <openssl/evp.h>
#include <openssl/kdf.h>
#include <openssl/core_names.h>
#include <openssl/param_build.h>
#include <openssl/rand.h>
#include "internal/cryptlib.h"
#include "internal/nelem.h"
#include "self_test.h"
#include "self_test_data.inc"
static int set_kat_drbg(OSSL_LIB_CTX *ctx,
const unsigned char *entropy, size_t entropy_len,
const unsigned char *nonce, size_t nonce_len,
const unsigned char *persstr, size_t persstr_len);
static int reset_original_drbg(OSSL_LIB_CTX *ctx);
static int self_test_digest(const ST_KAT_DIGEST *t, OSSL_SELF_TEST *st,
OSSL_LIB_CTX *libctx)
{
int ok = 0;
unsigned char out[EVP_MAX_MD_SIZE];
unsigned int out_len = 0;
EVP_MD_CTX *ctx = EVP_MD_CTX_new();
EVP_MD *md = EVP_MD_fetch(libctx, t->algorithm, NULL);
OSSL_SELF_TEST_onbegin(st, OSSL_SELF_TEST_TYPE_KAT_DIGEST, t->desc);
if (ctx == NULL
|| md == NULL
|| !EVP_DigestInit_ex(ctx, md, NULL)
|| !EVP_DigestUpdate(ctx, t->pt, t->pt_len)
|| !EVP_DigestFinal(ctx, out, &out_len))
goto err;
/* Optional corruption */
OSSL_SELF_TEST_oncorrupt_byte(st, out);
if (out_len != t->expected_len
|| memcmp(out, t->expected, out_len) != 0)
goto err;
ok = 1;
err:
EVP_MD_free(md);
EVP_MD_CTX_free(ctx);
OSSL_SELF_TEST_onend(st, ok);
return ok;
}
/*
* Helper function to setup a EVP_CipherInit
* Used to hide the complexity of Authenticated ciphers.
*/
static int cipher_init(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
const ST_KAT_CIPHER *t, int enc)
{
unsigned char *in_tag = NULL;
int pad = 0, tmp;
/* Flag required for Key wrapping */
EVP_CIPHER_CTX_set_flags(ctx, EVP_CIPHER_CTX_FLAG_WRAP_ALLOW);
if (t->tag == NULL) {
/* Use a normal cipher init */
return EVP_CipherInit_ex(ctx, cipher, NULL, t->key, t->iv, enc)
&& EVP_CIPHER_CTX_set_padding(ctx, pad);
}
/* The authenticated cipher init */
if (!enc)
in_tag = (unsigned char *)t->tag;
return EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc)
&& (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, t->iv_len, NULL) > 0)
&& (in_tag == NULL
|| EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, t->tag_len,
in_tag) > 0)
&& EVP_CipherInit_ex(ctx, NULL, NULL, t->key, t->iv, enc)
&& EVP_CIPHER_CTX_set_padding(ctx, pad)
&& EVP_CipherUpdate(ctx, NULL, &tmp, t->aad, t->aad_len);
}
/* Test a single KAT for encrypt/decrypt */
static int self_test_cipher(const ST_KAT_CIPHER *t, OSSL_SELF_TEST *st,
OSSL_LIB_CTX *libctx)
{
int ret = 0, encrypt = 1, len = 0, ct_len = 0, pt_len = 0;
EVP_CIPHER_CTX *ctx = NULL;
EVP_CIPHER *cipher = NULL;
unsigned char ct_buf[256] = { 0 };
unsigned char pt_buf[256] = { 0 };
OSSL_SELF_TEST_onbegin(st, OSSL_SELF_TEST_TYPE_KAT_CIPHER, t->base.desc);
ctx = EVP_CIPHER_CTX_new();
if (ctx == NULL)
goto err;
cipher = EVP_CIPHER_fetch(libctx, t->base.algorithm, NULL);
if (cipher == NULL)
goto err;
/* Encrypt plain text message */
if ((t->mode & CIPHER_MODE_ENCRYPT) != 0) {
if (!cipher_init(ctx, cipher, t, encrypt)
|| !EVP_CipherUpdate(ctx, ct_buf, &len, t->base.pt,
t->base.pt_len)
|| !EVP_CipherFinal_ex(ctx, ct_buf + len, &ct_len))
goto err;
OSSL_SELF_TEST_oncorrupt_byte(st, ct_buf);
ct_len += len;