/* ====================================================================

 * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.

 * Copyright (c) 2013 Red Hat, Inc.

 *

 * Redistribution and use in source and binary forms, with or without

 * modification, are permitted provided that the following conditions

 * are met:

 *

 * 1. Redistributions of source code must retain the above copyright

 *    notice, this list of conditions and the following disclaimer. 

 *

 * 2. Redistributions in binary form must reproduce the above copyright

 *    notice, this list of conditions and the following disclaimer in

 *    the documentation and/or other materials provided with the

 *    distribution.

 *

 * 3. All advertising materials mentioning features or use of this

 *    software must display the following acknowledgment:

 *    "This product includes software developed by the OpenSSL Project

 *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

 *

 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

 *    endorse or promote products derived from this software without

 *    prior written permission. For written permission, please contact

 *    openssl-core@openssl.org.

 *

 * 5. Products derived from this software may not be called "OpenSSL"

 *    nor may "OpenSSL" appear in their names without prior written

 *    permission of the OpenSSL Project.

 *

 * 6. Redistributions of any form whatsoever must retain the following

 *    acknowledgment:

 *    "This product includes software developed by the OpenSSL Project

 *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

 *

 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

 * OF THE POSSIBILITY OF SUCH DAMAGE.

 *

 */

#include <string.h>

#include <openssl/crypto.h>

#include <openssl/dh.h>

#include <openssl/fips.h>

#include <openssl/err.h>

#include <openssl/evp.h>

#include <openssl/bn.h>

#include "fips_locl.h"

#ifdef OPENSSL_FIPS

static const unsigned char dh_test_2048_priv_key[] = {

    0x0C, 0x4B, 0x30, 0x89, 0xD1, 0xB8, 0x62, 0xCB,

    0x3C, 0x43, 0x64, 0x91, 0xF0, 0x91, 0x54, 0x70,

    0xC5, 0x27, 0x96, 0xE3, 0xAC, 0xBE, 0xE8, 0x00,

    0xEC, 0x55, 0xF6, 0xCC

};

static const unsigned char dh_test_2048_pub_key[] = {

    0xE8, 0x8B, 0xEC, 0x36, 0x93, 0xB4, 0x94, 0x44,

    0xA3, 0x7D, 0x09, 0x5C, 0x0B, 0x60, 0x79, 0x4B,

    0x2B, 0xCA, 0xCF, 0xB7, 0x16, 0x30, 0x4A, 0xD0,

    0xEA, 0x23, 0x04, 0x24, 0x8C, 0x50, 0x82, 0x11,

    0x79, 0x4C, 0x57, 0x6F, 0x96, 0xAC, 0xF9, 0x78,

    0x38, 0x83, 0x03, 0x0B, 0x77, 0x47, 0xB7, 0x84,

    0xB9, 0x6F, 0xE6, 0xB9, 0xCC, 0xA7, 0x2B, 0x94,

    0xAE, 0x8A, 0xCA, 0x58, 0x15, 0x7B, 0xA0, 0x73,

    0x5D, 0xD4, 0xD7, 0xC6, 0xBA, 0xA6, 0x03, 0x30,

    0x6B, 0x52, 0x85, 0x94, 0x57, 0x11, 0xFB, 0xAA,

    0x83, 0x71, 0x5E, 0x0E, 0xC4, 0x86, 0x89, 0xF8,

    0x38, 0x5A, 0xAE, 0x66, 0xF2, 0xA1, 0x67, 0xE0,

    0xF5, 0x7A, 0x38, 0xE6, 0x21, 0x98, 0xF0, 0x33,

    0xD6, 0xD7, 0x27, 0x82, 0xED, 0xDE, 0x73, 0x52,

    0xD4, 0x2C, 0xCF, 0x0A, 0xB1, 0xA1, 0xA0, 0x5A,

    0xCE, 0x05, 0x40, 0xE7, 0xF7, 0x0C, 0xE2, 0x63,

    0x21, 0xA0, 0xF3, 0x26, 0x9B, 0xEC, 0x6B, 0x33,

    0x4D, 0x34, 0x9B, 0x8D, 0x86, 0x10, 0xB8, 0xE8,

    0x96, 0x84, 0x66, 0x49, 0x27, 0xED, 0x2B, 0x76,

    0x19, 0xF6, 0x9C, 0xCB, 0x71, 0x4F, 0xF9, 0x16,

    0xB4, 0xD0, 0xC6, 0x49, 0x7A, 0x53, 0xDD, 0x53,

    0xA1, 0x0E, 0x0B, 0xB6, 0x33, 0xC4, 0xE9, 0xCF,

    0x5A, 0x1E, 0x4D, 0xC8, 0xE3, 0x1F, 0x14, 0x9D,

    0xF0, 0x14, 0x70, 0x39, 0x50, 0x21, 0x8A, 0xEA,

    0x7C, 0x72, 0xA3, 0x3F, 0x67, 0x5C, 0x1E, 0x32,

    0xA7, 0x5D, 0x78, 0xCC, 0xE3, 0xA9, 0x03, 0x76,

    0x4A, 0xD4, 0x65, 0x0E, 0x11, 0xEF, 0x56, 0x25,

    0xE5, 0x78, 0x1A, 0xA8, 0x49, 0x8C, 0x14, 0x2E,

    0xF7, 0xFA, 0x70, 0x27, 0xB1, 0x89, 0x66, 0x8F,

    0xFA, 0xFC, 0xED, 0x15, 0x98, 0xE8, 0x0D, 0x72,

    0x17, 0x02, 0x67, 0x14, 0x55, 0x6C, 0x32, 0x98,

    0x59, 0xF3, 0x17, 0xBC, 0x55, 0xA1, 0x39, 0x69

};

static const unsigned char dh_test_2048_peer_key[] = {

    0xD3, 0xAA, 0x26, 0x20, 0x2C, 0x02, 0x38, 0x0A,

    0x2E, 0x4D, 0xC0, 0x62, 0xCB, 0xD8, 0x7F, 0xF2,

    0x54, 0x23, 0xC3, 0x90, 0x33, 0xD8, 0xF7, 0x93,

    0xAD, 0x5F, 0xDA, 0xE6, 0xA4, 0xAB, 0x29, 0xE1,

    0x4B, 0x75, 0xE8, 0x3B, 0x4E, 0xC7, 0xB5, 0x43,

    0xCD, 0xF7, 0xB9, 0x0F, 0x43, 0x68, 0xED, 0xF7,

    0xD1, 0xFD, 0x13, 0x39, 0xCA, 0x39, 0x35, 0x39,

    0xB4, 0x5A, 0x12, 0x96, 0xC6, 0x85, 0xEC, 0x80,

    0xC0, 0x0D, 0xBC, 0xC6, 0x59, 0xC0, 0xAD, 0xB6,

    0xD8, 0x68, 0xD4, 0xE0, 0x2A, 0x8B, 0x21, 0x09,

    0xC0, 0xDB, 0xD9, 0xBA, 0x63, 0xC0, 0x11, 0x22,

    0xBB, 0xF2, 0x81, 0x35, 0x5C, 0xE0, 0xCE, 0xBE,

    0xAB, 0x2E, 0x83, 0x44, 0xCA, 0x05, 0x07, 0xDF,

    0xAD, 0x1D, 0xAD, 0x12, 0x15, 0xD3, 0x9C, 0x8C,

    0x92, 0xD3, 0xDE, 0x02, 0x00, 0x7B, 0x30, 0x97,

    0x07, 0xC0, 0x7C, 0x58, 0xF8, 0x98, 0xAE, 0xB9,

    0xE8, 0x82, 0x56, 0x0A, 0xEC, 0x4B, 0xF7, 0xEC,

    0x85, 0xBA, 0xDF, 0xD7, 0xEA, 0x9D, 0x68, 0xAE,

    0x1A, 0x2C, 0xEC, 0x25, 0x6A, 0x07, 0x2B, 0xFE,

    0x6D, 0x49, 0xD7, 0x8A, 0x1C, 0x5E, 0xC9, 0xA5,

    0x2C, 0xF2, 0xB5, 0x8A, 0x14, 0x91, 0x15, 0x6B,

    0x71, 0x2E, 0x6D, 0x31, 0x1F, 0xC8, 0x61, 0x46,

    0xF2, 0x0D, 0xCC, 0x10, 0xF7, 0x08, 0x9E, 0xBB,

    0x66, 0x0D, 0x0D, 0x6D, 0xE7, 0x82, 0x0E, 0x71,

    0xA4, 0x51, 0xC2, 0x63, 0xA5, 0xDC, 0xFA, 0xF1,

    0x04, 0xD8, 0xCF, 0x16, 0x9F, 0x7F, 0x73, 0xA2,

    0x3B, 0xF9, 0x0D, 0xC7, 0xDD, 0x9A, 0x3A, 0x2B,

    0x0F, 0xB0, 0xB3, 0x97, 0x9D, 0xF1, 0xF0, 0x73,

    0x7C, 0xFD, 0x76, 0x3A, 0xEB, 0x34, 0xDD, 0x87,

    0xE6, 0x52, 0x79, 0xDD, 0x53, 0x9A, 0xCB, 0x62,

    0xE4, 0xF1, 0xB2, 0xCA, 0x6B, 0xD8, 0xC2, 0x69,

    0xBD, 0xA9, 0xB8, 0xE8, 0x76, 0x88, 0x91, 0x6D

};

static const unsigned char dh_test_2048_expected_key[] = {

    0xB1, 0x26, 0x63, 0xAD, 0xB9, 0x4D, 0x9A, 0x38,

    0x14, 0x25, 0x16, 0x4D, 0x3A, 0x18, 0x36, 0x10,

    0xF8, 0xB1, 0x2C, 0x22, 0x4F, 0xD6, 0xA6, 0x2B,

    0xEB, 0xDF, 0x39, 0xAA, 0x31, 0x8E, 0x44, 0x40,

    0x09, 0xB6, 0x55, 0x7C, 0x95, 0x6E, 0x1F, 0x00,

    0x5B, 0xF8, 0x94, 0x1E, 0x5B, 0x69, 0x7A, 0x63,

    0x38, 0x12, 0x7B, 0xE6, 0xDD, 0x58, 0x08, 0x8E,

    0x88, 0xF7, 0x82, 0xA5, 0x5D, 0xED, 0x24, 0x10,

    0x0E, 0x87, 0x2E, 0x9A, 0x3A, 0xF0, 0xDB, 0xA5,

    0x0E, 0x85, 0xAE, 0xFC, 0xD0, 0x35, 0x30, 0x79,

    0xFE, 0x84, 0x84, 0xF1, 0x15, 0x14, 0x9C, 0x84,

    0x72, 0xA6, 0xB3, 0x7C, 0xB7, 0xEF, 0x38, 0xF5,

    0x2C, 0x90, 0x1B, 0xFC, 0x41, 0x85, 0x0A, 0xDE,

    0x1B, 0xD3, 0x7E, 0x93, 0xCB, 0x59, 0xE8, 0x7C,

    0xAB, 0x47, 0x3A, 0x02, 0x22, 0x4F, 0xAC, 0xAD,

    0xE9, 0x56, 0x32, 0xEB, 0x3D, 0x02, 0x9B, 0x1F,

    0x7C, 0x70, 0x0F, 0x83, 0xEF, 0x4D, 0x88, 0xE8,

    0x70, 0x91, 0x34, 0xDD, 0x1C, 0xEF, 0x56, 0x97,

    0xA3, 0x6E, 0xF6, 0x88, 0xAC, 0xF3, 0xA2, 0xBE,

    0x30, 0xBD, 0xE0, 0xC0, 0xCD, 0x01, 0x46, 0x5E,

    0x96, 0xC6, 0x14, 0x44, 0x60, 0xC0, 0x99, 0xFD,

    0xF0, 0x0A, 0xF6, 0x7D, 0x29, 0xD6, 0x0D, 0xEE,

    0x10, 0x91, 0x0F, 0x55, 0x71, 0x29, 0xA7, 0x6A,

    0xEB, 0x18, 0x9B, 0x40, 0xF7, 0x37, 0x50, 0x91,

    0xBC, 0x16, 0x5D, 0x29, 0x24, 0x63, 0xA2, 0x73,

    0x0F, 0xA7, 0xA4, 0x0D, 0x00, 0xD4, 0x5F, 0x61,

    0x74, 0x73, 0x99, 0x14, 0x73, 0xC7, 0x35, 0x2A,

    0xC0, 0xBA, 0x38, 0x9E, 0x05, 0x09, 0x81, 0xA5,

    0xDE, 0x8E, 0xB5, 0xE0, 0x77, 0xA7, 0x2F, 0x1A,

    0x47, 0xD2, 0x68, 0xD4, 0x3E, 0x9A, 0x02, 0xA0,

    0x5C, 0xC7, 0xFB, 0xE4, 0x2C, 0x7B, 0xC6, 0x26,

    0x35, 0x92, 0x12, 0x88, 0x62, 0x36, 0x98, 0xFE

};

int FIPS_selftest_dh()

{

    DH *dh = NULL;

    int ret = 0;

    unsigned char shared_key[sizeof(dh_test_2048_expected_key)];

    int len;

    BIGNUM *priv_key = NULL;

    BIGNUM *pub_key = NULL;

    BIGNUM *peer_key = NULL;

    fips_load_key_component(priv_key, dh_test_2048);

    fips_load_key_component(pub_key, dh_test_2048);

    fips_load_key_component(peer_key, dh_test_2048);

    if ((dh = DH_new_by_nid(NID_ffdhe2048)) == NULL)

        goto err;

    DH_set0_key(dh, pub_key, priv_key);

    len = DH_compute_key(shared_key, peer_key, dh);

    if (len != sizeof(dh_test_2048_expected_key) ||

        memcmp(shared_key, dh_test_2048_expected_key, len) != 0)

        goto err;

    ret = 1;

 err:

    if (dh)

        DH_free(dh);

    else {

        BN_free(priv_key);

        BN_free(pub_key);

    }

    BN_free(peer_key);

    return ret;

}

#endif