diff options
author | slontis <shane.lontis@oracle.com> | 2024-09-26 07:18:59 +0200 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2024-09-30 20:07:09 +0200 |
commit | 2f362e99a1178263c7102474f0190836166f416d (patch) | |
tree | 218d0d2a1cd84232e93855bd7ee89a73bbb87ebc /test/acvp_test.c | |
parent | kdfs: implement key length check in X9.42 (diff) | |
download | openssl-2f362e99a1178263c7102474f0190836166f416d.tar.xz openssl-2f362e99a1178263c7102474f0190836166f416d.zip |
Fix bugs in ECDH cofactor FIPS indicator.
The code was not detecting that the cofactor was set up correctly
if OSSL_PKEY_PARAM_USE_COFACTOR_ECDH was set, resulting in an incorrect
FIPS indicator error being triggered.
Added a test for all possible combinations of a EVP_PKEY setting
OSSL_PKEY_PARAM_USE_COFACTOR_ECDH and the derive context setting
OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE.
This only affects the B & K curves (which have a cofactor that is not 1).
Bug reported by @abkarcher
Testing this properly, also detected a memory leak of privk when the
FIPS indicator error was triggered (in the case where mode = 0 and
use_cofactor was 1).
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25548)
Diffstat (limited to 'test/acvp_test.c')
-rw-r--r-- | test/acvp_test.c | 59 |
1 files changed, 59 insertions, 0 deletions
diff --git a/test/acvp_test.c b/test/acvp_test.c index 1625cedc11..2cb1ae8d02 100644 --- a/test/acvp_test.c +++ b/test/acvp_test.c @@ -343,6 +343,63 @@ err: return ret; } + +static int ecdh_cofactor_derive_test(int tstid) +{ + int ret = 0; + const struct ecdh_cofactor_derive_st *t = &ecdh_cofactor_derive_data[tstid]; + unsigned char secret1[16]; + size_t secret1_len = sizeof(secret1); + const char *curve = "K-283"; /* A curve that has a cofactor that it not 1 */ + EVP_PKEY *peer1 = NULL, *peer2 = NULL; + EVP_PKEY_CTX *p1ctx = NULL; + OSSL_PARAM params[2], *prms = NULL; + int use_cofactordh = t->key_cofactor; + int cofactor_mode = t->derive_cofactor_mode; + + if (!TEST_ptr(peer1 = EVP_PKEY_Q_keygen(libctx, NULL, "EC", curve)) + || !TEST_ptr(peer2 = EVP_PKEY_Q_keygen(libctx, NULL, "EC", curve))) + goto err; + + params[1] = OSSL_PARAM_construct_end(); + + prms = NULL; + if (t->key_cofactor != COFACTOR_NOT_SET) { + params[0] = OSSL_PARAM_construct_int(OSSL_PKEY_PARAM_USE_COFACTOR_ECDH, + &use_cofactordh); + prms = params; + } + if (!TEST_int_eq(EVP_PKEY_set_params(peer1, prms), 1) + || !TEST_ptr(p1ctx = EVP_PKEY_CTX_new_from_pkey(libctx, peer1, NULL))) + goto err; + + prms = NULL; + if (t->derive_cofactor_mode != COFACTOR_NOT_SET) { + params[0] = OSSL_PARAM_construct_int(OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE, + &cofactor_mode); + prms = params; + } + if (!TEST_int_eq(EVP_PKEY_derive_init_ex(p1ctx, prms), 1) + || !TEST_int_eq(EVP_PKEY_derive_set_peer(p1ctx, peer2), 1) + || !TEST_int_eq(EVP_PKEY_derive(p1ctx, secret1, &secret1_len), + t->expected)) + goto err; + + ret = 1; +err: + if (ret == 0) { + static const char *state[] = { "unset", "-1", "disabled", "enabled" }; + + TEST_note("ECDH derive() was expected to %s if key cofactor is" + "%s and derive mode is %s", t->expected ? "Pass" : "Fail", + state[2 + t->key_cofactor], state[2 + t->derive_cofactor_mode]); + } + EVP_PKEY_free(peer1); + EVP_PKEY_free(peer2); + EVP_PKEY_CTX_free(p1ctx); + return ret; +} + #endif /* OPENSSL_NO_EC */ #if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECX) @@ -1688,6 +1745,8 @@ int setup_tests(void) ADD_ALL_TESTS(ecdsa_pub_verify_test, OSSL_NELEM(ecdsa_pv_data)); ADD_ALL_TESTS(ecdsa_siggen_test, OSSL_NELEM(ecdsa_siggen_data)); ADD_ALL_TESTS(ecdsa_sigver_test, OSSL_NELEM(ecdsa_sigver_data)); + ADD_ALL_TESTS(ecdh_cofactor_derive_test, + OSSL_NELEM(ecdh_cofactor_derive_data)); #endif /* OPENSSL_NO_EC */ #ifndef OPENSSL_NO_ECX |