Add ACVP fips module tests

For FIPS validation purposes - Automated Cryptographic Validation Protocol (ACVP) tests need to be
performed. (See https://github.com/usnistgov/ACVP). These tests are very similiar to the old CAVS tests.

This PR uses a hardwired subset of these test vectors to perform similiar operations,
to show the usage and prove that the API's are able to perform the required operations.
It may also help with communication with the lab (i.e- The lab could add a test here to show
a unworking use case - which we can then address).

The EVP layer performs these tests instead of calling lower level API's
as was done in the old FOM.
Some of these tests require access to internals that are not normally allowed/required.

The config option 'acvp_tests' (enabled by default) has been added so that this
access may be removed.

The mechanism has been implemented as additional OSSL_PARAM values that can be set and get.
A callback mechanism did not seem to add any additional benefit.
These params will not be added to the gettables lists.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11572)

1 files changed, 0 insertions, 128 deletions

diff --git a/test/rsa_sp800_56b_test.c b/test/rsa_sp800_56b_test.c
index b80df0137a..edcf4478fa 100644
--- a/test/rsa_sp800_56b_test.c
+++ b/test/rsa_sp800_56b_test.c
@@ -33,63 +33,6 @@ int setup_tests(void)
 static const unsigned char cav_e[] = {
     0x01,0x00,0x01
 };
-static const unsigned char cav_Xp[] = {
-    0xcf,0x72,0x1b,0x9a,0xfd,0x0d,0x22,0x1a,0x74,0x50,0x97,0x22,0x76,0xd8,0xc0,
-    0xc2,0xfd,0x08,0x81,0x05,0xdd,0x18,0x21,0x99,0x96,0xd6,0x5c,0x79,0xe3,0x02,
-    0x81,0xd7,0x0e,0x3f,0x3b,0x34,0xda,0x61,0xc9,0x2d,0x84,0x86,0x62,0x1e,0x3d,
-    0x5d,0xbf,0x92,0x2e,0xcd,0x35,0x3d,0x6e,0xb9,0x59,0x16,0xc9,0x82,0x50,0x41,
-    0x30,0x45,0x67,0xaa,0xb7,0xbe,0xec,0xea,0x4b,0x9e,0xa0,0xc3,0x05,0xb3,0x88,
-    0xd4,0x4c,0xac,0xeb,0xe4,0x03,0xc6,0xca,0xcb,0xd9,0xd3,0x4e,0xf6,0x7f,0x2c,
-    0x27,0x1e,0x08,0x6c,0xc2,0xd6,0x45,0x1f,0x84,0xe4,0x3c,0x97,0x19,0xde,0xb8,
-    0x55,0xaf,0x0e,0xcf,0x9e,0xb0,0x9c,0x20,0xd3,0x1f,0xa8,0xd7,0x52,0xc2,0x95,
-    0x1c,0x80,0x15,0x42,0x4d,0x4f,0x19,0x16
-};
-static const unsigned char cav_Xp1[] = {
-    0xac,0x5f,0x7f,0x6e,0x33,0x3e,0x97,0x3a,0xb3,0x17,0x44,0xa9,0x0f,0x7a,0x54,
-    0x70,0x27,0x06,0x93,0xd5,0x49,0xde,0x91,0x83,0xbc,0x8a,0x7b,0x95
-};
-static const unsigned char cav_Xp2[] = {
-    0x0b,0xf6,0xe8,0x79,0x5a,0x81,0xae,0x90,0x1d,0xa4,0x38,0x74,0x9c,0x0e,0x6f,
-    0xe0,0x03,0xcf,0xc4,0x53,0x16,0x32,0x17,0xf7,0x09,0x5f,0xd9
-};
-static const unsigned char cav_Xq[] = {
-    0xfe,0xab,0xf2,0x7c,0x16,0x4a,0xf0,0x8d,0x31,0xc6,0x0a,0x82,0xe2,0xae,0xbb,
-    0x03,0x7e,0x7b,0x20,0x4e,0x64,0xb0,0x16,0xad,0x3c,0x01,0x1a,0xd3,0x54,0xbf,
-    0x2b,0xa4,0x02,0x9e,0xc3,0x0d,0x60,0x3d,0x1f,0xb9,0xc0,0x0d,0xe6,0x97,0x68,
-    0xbb,0x8c,0x81,0xd5,0xc1,0x54,0x96,0x0f,0x99,0xf0,0xa8,0xa2,0xf3,0xc6,0x8e,
-    0xec,0xbc,0x31,0x17,0x70,0x98,0x24,0xa3,0x36,0x51,0xa8,0x54,0xbd,0x9a,0x89,
-    0x99,0x6e,0x57,0x5e,0xd0,0x39,0x86,0xc3,0xa3,0x1b,0xc7,0xcf,0xc4,0x4f,0x47,
-    0x25,0x9e,0x2c,0x79,0xe1,0x2c,0xcc,0xe4,0x63,0xf4,0x02,0x84,0xf8,0xf6,0xa1,
-    0x5c,0x93,0x14,0xf2,0x68,0x5f,0x3a,0x90,0x2f,0x4e,0x5e,0xf9,0x16,0x05,0xcf,
-    0x21,0x63,0xca,0xfa,0xb0,0x08,0x02,0xc0
-};
-static const unsigned char cav_Xq1[] = {
-    0x9b,0x02,0xd4,0xba,0xf0,0xaa,0x14,0x99,0x6d,0xc0,0xb7,0xa5,0xe1,0xd3,0x70,
-    0xb6,0x5a,0xa2,0x9b,0x59,0xd5,0x8c,0x1e,0x9f,0x3f,0x9a,0xde,0xeb,0x9e,0x9c,
-    0x61,0xd6,0x5a,0xe1
-};
-static const unsigned char cav_Xq2[] = {
-    0x06,0x81,0x53,0xfd,0xa8,0x7b,0xa3,0x85,0x90,0x15,0x2c,0x97,0xb2,0xa0,0x17,
-    0x48,0xb0,0x7f,0x0a,0x01,0x6d
-};
-/* expected values */
-static const unsigned char cav_p1[] = {
-    0xac,0x5f,0x7f,0x6e,0x33,0x3e,0x97,0x3a,0xb3,0x17,0x44,0xa9,0x0f,0x7a,0x54,
-    0x70,0x27,0x06,0x93,0xd5,0x49,0xde,0x91,0x83,0xbc,0x8a,0x7b,0xc3
-};
-static const unsigned char cav_p2[] = {
-    0x0b,0xf6,0xe8,0x79,0x5a,0x81,0xae,0x90,0x1d,0xa4,0x38,0x74,0x9c,0x0e,0x6f,
-    0xe0,0x03,0xcf,0xc4,0x53,0x16,0x32,0x17,0xf7,0x09,0x5f,0xd9
-};
-static const unsigned char cav_q1[] = {
-    0x9b,0x02,0xd4,0xba,0xf0,0xaa,0x14,0x99,0x6d,0xc0,0xb7,0xa5,0xe1,0xd3,0x70,
-    0xb6,0x5a,0xa2,0x9b,0x59,0xd5,0x8c,0x1e,0x9f,0x3f,0x9a,0xde,0xeb,0x9e,0x9c,
-    0x61,0xd6,0x5d,0x47
-};
-static const unsigned char cav_q2[] = {
-    0x06,0x81,0x53,0xfd,0xa8,0x7b,0xa3,0x85,0x90,0x15,0x2c,0x97,0xb2,0xa0,0x17,
-    0x48,0xb0,0x7f,0x0a,0x01,0x8f
-};
 static const unsigned char cav_p[] = {
     0xcf,0x72,0x1b,0x9a,0xfd,0x0d,0x22,0x1a,0x74,0x50,0x97,0x22,0x76,0xd8,0xc0,
     0xc2,0xfd,0x08,0x81,0x05,0xdd,0x18,0x21,0x99,0x96,0xd6,0x5c,0x79,0xe3,0x02,
@@ -162,15 +105,6 @@ static BIGNUM *bn_load_new(const unsigned char *data, int sz)
     return ret;
 }
 
-/* helper function */
-static BIGNUM *bn_load(BN_CTX *ctx, const unsigned char *data, int sz)
-{
-    BIGNUM *ret = BN_CTX_get(ctx);
-    if (ret != NULL)
-        BN_bin2bn(data, sz, ret);
-    return ret;
-}
-
 static int test_check_public_exponent(void)
 {
     int ret = 0;
@@ -502,67 +436,6 @@ end:
     return ret;
 }
 
-static int test_fips1864_keygen_kat(void)
-{
-    int ret = 0;
-    RSA *key = NULL;
-    BN_CTX *ctx = NULL;
-    BIGNUM *e, *Xp, *Xp1, *Xp2, *Xq, *Xq1, *Xq2;
-    BIGNUM *p1, *p2, *q1, *q2;
-    BIGNUM *p1_exp, *p2_exp, *q1_exp, *q2_exp;
-    BIGNUM *p_exp, *q_exp, *n_exp, *d_exp;
-    const BIGNUM *p, *q, *n, *d, *e2;
-
-    if (!(TEST_ptr(key = RSA_new()) && TEST_ptr(ctx = BN_CTX_new())))
-        goto err;
-    BN_CTX_start(ctx);
-
-    e = bn_load(ctx, cav_e, sizeof(cav_e));
-    Xp = bn_load(ctx, cav_Xp, sizeof(cav_Xp));
-    Xp1 = bn_load(ctx, cav_Xp1, sizeof(cav_Xp1));
-    Xp2 = bn_load(ctx, cav_Xp2, sizeof(cav_Xp2));
-    Xq = bn_load(ctx, cav_Xq, sizeof(cav_Xq));
-    Xq1 = bn_load(ctx, cav_Xq1, sizeof(cav_Xq1));
-    Xq2 = bn_load(ctx, cav_Xq2, sizeof(cav_Xq2));
-    p1_exp = bn_load(ctx, cav_p1, sizeof(cav_p1));
-    p2_exp = bn_load(ctx, cav_p2, sizeof(cav_p2));
-    q1_exp = bn_load(ctx, cav_q1, sizeof(cav_q1));
-    q2_exp = bn_load(ctx, cav_q2, sizeof(cav_q2));
-    p_exp = bn_load(ctx, cav_p, sizeof(cav_p));
-    q_exp = bn_load(ctx, cav_q, sizeof(cav_q));
-    n_exp = bn_load(ctx, cav_n, sizeof(cav_n));
-    d_exp = bn_load(ctx, cav_d, sizeof(cav_d));
-    p1 = BN_CTX_get(ctx);
-    p2 = BN_CTX_get(ctx);
-    q1 = BN_CTX_get(ctx);
-    q2 = BN_CTX_get(ctx);
-    ret = TEST_ptr(q2)
-          && TEST_true(rsa_fips186_4_gen_prob_primes(key, p1, p2, NULL, Xp, Xp1,
-                                                     Xp2, q1, q2, NULL, Xq, Xq1,
-                                                     Xq2, 2048, e, ctx, NULL))
-          && TEST_true(rsa_sp800_56b_derive_params_from_pq(key, 2048, e, ctx))
-          && TEST_BN_eq(p1_exp, p1)
-          && TEST_BN_eq(p2_exp, p2)
-          && TEST_BN_eq(q1_exp, q1)
-          && TEST_BN_eq(q2_exp, q2);
-    if (!ret)
-        goto err;
-
-    RSA_get0_key(key, &n, &e2, &d);
-    RSA_get0_factors(key, &p, &q);
-    ret = TEST_BN_eq(e, e2)
-          && TEST_BN_eq(p_exp, p)
-          && TEST_BN_eq(q_exp, q)
-          && TEST_BN_eq(n_exp, n)
-          && TEST_BN_eq(d_exp, d);
-err:
-    RSA_free(key);
-    BN_CTX_end(ctx);
-    BN_CTX_free(ctx);
-    return ret;
-}
-
-
 static int keygen_size[] =
 {
     2048, 3072
@@ -668,7 +541,6 @@ int setup_tests(void)
     ADD_TEST(test_check_public_key);
     ADD_TEST(test_invalid_keypair);
     ADD_TEST(test_pq_diff);
-    ADD_TEST(test_fips1864_keygen_kat);
     ADD_ALL_TESTS(test_sp80056b_keygen, (int)OSSL_NELEM(keygen_size));
     return 1;
 }