endecode_test.c revision 1.1
1 1.1 christos /* 2 1.1 christos * Copyright 2020-2025 The OpenSSL Project Authors. All Rights Reserved. 3 1.1 christos * 4 1.1 christos * Licensed under the Apache License 2.0 (the "License"). You may not use 5 1.1 christos * this file except in compliance with the License. You can obtain a copy 6 1.1 christos * in the file LICENSE in the source distribution or at 7 1.1 christos * https://www.openssl.org/source/license.html 8 1.1 christos */ 9 1.1 christos 10 1.1 christos #include <string.h> 11 1.1 christos #include <openssl/core_dispatch.h> 12 1.1 christos #include <openssl/evp.h> 13 1.1 christos #include <openssl/pem.h> 14 1.1 christos #include <openssl/rsa.h> 15 1.1 christos #include <openssl/x509.h> 16 1.1 christos #include <openssl/core_names.h> 17 1.1 christos #include <openssl/params.h> 18 1.1 christos #include <openssl/param_build.h> 19 1.1 christos #include <openssl/encoder.h> 20 1.1 christos #include <openssl/decoder.h> 21 1.1 christos 22 1.1 christos #include "internal/cryptlib.h" /* ossl_assert */ 23 1.1 christos #include "crypto/pem.h" /* For PVK and "blob" PEM headers */ 24 1.1 christos #include "crypto/evp.h" /* For evp_pkey_is_provided() */ 25 1.1 christos 26 1.1 christos #include "helpers/predefined_dhparams.h" 27 1.1 christos #include "testutil.h" 28 1.1 christos 29 1.1 christos #ifdef STATIC_LEGACY 30 1.1 christos OSSL_provider_init_fn ossl_legacy_provider_init; 31 1.1 christos #endif 32 1.1 christos 33 1.1 christos /* Extended test macros to allow passing file & line number */ 34 1.1 christos #define TEST_FL_ptr(a) test_ptr(file, line, #a, a) 35 1.1 christos #define TEST_FL_mem_eq(a, m, b, n) test_mem_eq(file, line, #a, #b, a, m, b, n) 36 1.1 christos #define TEST_FL_strn_eq(a, b, n) test_strn_eq(file, line, #a, #b, a, n, b, n) 37 1.1 christos #define TEST_FL_strn2_eq(a, m, b, n) test_strn_eq(file, line, #a, #b, a, m, b, n) 38 1.1 christos #define TEST_FL_int_eq(a, b) test_int_eq(file, line, #a, #b, a, b) 39 1.1 christos #define TEST_FL_int_ge(a, b) test_int_ge(file, line, #a, #b, a, b) 40 1.1 christos #define TEST_FL_int_gt(a, b) test_int_gt(file, line, #a, #b, a, b) 41 1.1 christos #define TEST_FL_long_gt(a, b) test_long_gt(file, line, #a, #b, a, b) 42 1.1 christos #define TEST_FL_true(a) test_true(file, line, #a, (a) != 0) 43 1.1 christos 44 1.1 christos #if defined(OPENSSL_NO_DH) && defined(OPENSSL_NO_DSA) && defined(OPENSSL_NO_EC) 45 1.1 christos # define OPENSSL_NO_KEYPARAMS 46 1.1 christos #endif 47 1.1 christos 48 1.1 christos static int default_libctx = 1; 49 1.1 christos static int is_fips = 0; 50 1.1 christos static int is_fips_3_0_0 = 0; 51 1.1 christos static int is_fips_lt_3_5 = 0; 52 1.1 christos 53 1.1 christos static OSSL_LIB_CTX *testctx = NULL; 54 1.1 christos static OSSL_LIB_CTX *keyctx = NULL; 55 1.1 christos static char *testpropq = NULL; 56 1.1 christos 57 1.1 christos static OSSL_PROVIDER *nullprov = NULL; 58 1.1 christos static OSSL_PROVIDER *deflprov = NULL; 59 1.1 christos static OSSL_PROVIDER *keyprov = NULL; 60 1.1 christos 61 1.1 christos #ifndef OPENSSL_NO_EC 62 1.1 christos static BN_CTX *bnctx = NULL; 63 1.1 christos static OSSL_PARAM_BLD *bld_prime_nc = NULL; 64 1.1 christos static OSSL_PARAM_BLD *bld_prime = NULL; 65 1.1 christos static OSSL_PARAM *ec_explicit_prime_params_nc = NULL; 66 1.1 christos static OSSL_PARAM *ec_explicit_prime_params_explicit = NULL; 67 1.1 christos 68 1.1 christos # ifndef OPENSSL_NO_EC2M 69 1.1 christos static OSSL_PARAM_BLD *bld_tri_nc = NULL; 70 1.1 christos static OSSL_PARAM_BLD *bld_tri = NULL; 71 1.1 christos static OSSL_PARAM *ec_explicit_tri_params_nc = NULL; 72 1.1 christos static OSSL_PARAM *ec_explicit_tri_params_explicit = NULL; 73 1.1 christos # endif 74 1.1 christos #endif 75 1.1 christos 76 1.1 christos #ifndef OPENSSL_NO_KEYPARAMS 77 1.1 christos static EVP_PKEY *make_template(const char *type, OSSL_PARAM *genparams) 78 1.1 christos { 79 1.1 christos EVP_PKEY *pkey = NULL; 80 1.1 christos EVP_PKEY_CTX *ctx = NULL; 81 1.1 christos 82 1.1 christos # ifndef OPENSSL_NO_DH 83 1.1 christos /* 84 1.1 christos * Use 512-bit DH(X) keys with predetermined parameters for efficiency, 85 1.1 christos * for testing only. Use a minimum key size of 2048 for security purposes. 86 1.1 christos */ 87 1.1 christos if (strcmp(type, "DH") == 0) 88 1.1 christos return get_dh512(keyctx); 89 1.1 christos 90 1.1 christos if (strcmp(type, "X9.42 DH") == 0) 91 1.1 christos return get_dhx512(keyctx); 92 1.1 christos # endif 93 1.1 christos 94 1.1 christos /* 95 1.1 christos * No real need to check the errors other than for the cascade 96 1.1 christos * effect. |pkey| will simply remain NULL if something goes wrong. 97 1.1 christos */ 98 1.1 christos (void)((ctx = EVP_PKEY_CTX_new_from_name(keyctx, type, testpropq)) != NULL 99 1.1 christos && EVP_PKEY_paramgen_init(ctx) > 0 100 1.1 christos && (genparams == NULL 101 1.1 christos || EVP_PKEY_CTX_set_params(ctx, genparams) > 0) 102 1.1 christos && EVP_PKEY_generate(ctx, &pkey) > 0); 103 1.1 christos EVP_PKEY_CTX_free(ctx); 104 1.1 christos 105 1.1 christos return pkey; 106 1.1 christos } 107 1.1 christos #endif 108 1.1 christos 109 1.1 christos #if !defined(OPENSSL_NO_DH) || \ 110 1.1 christos !defined(OPENSSL_NO_DSA) || \ 111 1.1 christos !defined(OPENSSL_NO_EC) || \ 112 1.1 christos !defined(OPENSSL_NO_ML_DSA) || \ 113 1.1 christos !defined(OPENSSL_NO_ML_KEM) || \ 114 1.1 christos !defined(OPENSSL_NO_SLH_DSA) 115 1.1 christos static EVP_PKEY *make_key(const char *type, EVP_PKEY *template, 116 1.1 christos OSSL_PARAM *genparams) 117 1.1 christos { 118 1.1 christos EVP_PKEY *pkey = NULL; 119 1.1 christos EVP_PKEY_CTX *ctx = 120 1.1 christos template != NULL 121 1.1 christos ? EVP_PKEY_CTX_new_from_pkey(keyctx, template, testpropq) 122 1.1 christos : EVP_PKEY_CTX_new_from_name(keyctx, type, testpropq); 123 1.1 christos 124 1.1 christos /* 125 1.1 christos * No real need to check the errors other than for the cascade 126 1.1 christos * effect. |pkey| will simply remain NULL if something goes wrong. 127 1.1 christos */ 128 1.1 christos (void)(ctx != NULL 129 1.1 christos && EVP_PKEY_keygen_init(ctx) > 0 130 1.1 christos && (genparams == NULL 131 1.1 christos || EVP_PKEY_CTX_set_params(ctx, genparams) > 0) 132 1.1 christos && EVP_PKEY_keygen(ctx, &pkey) > 0); 133 1.1 christos EVP_PKEY_CTX_free(ctx); 134 1.1 christos return pkey; 135 1.1 christos } 136 1.1 christos #endif 137 1.1 christos 138 1.1 christos /* Main test driver */ 139 1.1 christos 140 1.1 christos typedef int (encoder)(const char *file, const int line, 141 1.1 christos void **encoded, long *encoded_len, 142 1.1 christos void *object, int selection, 143 1.1 christos const char *output_type, const char *output_structure, 144 1.1 christos const char *pass, const char *pcipher); 145 1.1 christos typedef int (decoder)(const char *file, const int line, 146 1.1 christos void **object, void *encoded, long encoded_len, 147 1.1 christos const char *input_type, const char *structure_type, 148 1.1 christos const char *keytype, int selection, const char *pass); 149 1.1 christos typedef int (tester)(const char *file, const int line, 150 1.1 christos const void *data1, size_t data1_len, 151 1.1 christos const void *data2, size_t data2_len); 152 1.1 christos typedef int (checker)(const char *file, const int line, 153 1.1 christos const char *type, const void *data, size_t data_len); 154 1.1 christos typedef void (dumper)(const char *label, const void *data, size_t data_len); 155 1.1 christos 156 1.1 christos #define FLAG_DECODE_WITH_TYPE 0x0001 157 1.1 christos #define FLAG_FAIL_IF_FIPS 0x0002 158 1.1 christos 159 1.1 christos static int test_encode_decode(const char *file, const int line, 160 1.1 christos const char *type, EVP_PKEY *pkey, 161 1.1 christos int selection, const char *output_type, 162 1.1 christos const char *output_structure, 163 1.1 christos const char *pass, const char *pcipher, 164 1.1 christos encoder *encode_cb, decoder *decode_cb, 165 1.1 christos tester *test_cb, checker *check_cb, 166 1.1 christos dumper *dump_cb, int flags) 167 1.1 christos { 168 1.1 christos void *encoded = NULL; 169 1.1 christos long encoded_len = 0; 170 1.1 christos EVP_PKEY *pkey2 = NULL; 171 1.1 christos EVP_PKEY *pkey3 = NULL; 172 1.1 christos void *encoded2 = NULL; 173 1.1 christos long encoded2_len = 0; 174 1.1 christos int ok = 0; 175 1.1 christos 176 1.1 christos /* 177 1.1 christos * Encode |pkey|, decode the result into |pkey2|, and finish off by 178 1.1 christos * encoding |pkey2| as well. That last encoding is for checking and 179 1.1 christos * dumping purposes. 180 1.1 christos */ 181 1.1 christos if (!TEST_true(encode_cb(file, line, &encoded, &encoded_len, pkey, selection, 182 1.1 christos output_type, output_structure, pass, pcipher))) 183 1.1 christos goto end; 184 1.1 christos 185 1.1 christos if ((flags & FLAG_FAIL_IF_FIPS) != 0 && is_fips && !is_fips_3_0_0) { 186 1.1 christos if (TEST_false(decode_cb(file, line, (void **)&pkey2, encoded, 187 1.1 christos encoded_len, output_type, output_structure, 188 1.1 christos (flags & FLAG_DECODE_WITH_TYPE ? type : NULL), 189 1.1 christos selection, pass))) 190 1.1 christos ok = 1; 191 1.1 christos goto end; 192 1.1 christos } 193 1.1 christos 194 1.1 christos if (!TEST_true(check_cb(file, line, type, encoded, encoded_len)) 195 1.1 christos || !TEST_true(decode_cb(file, line, (void **)&pkey2, encoded, encoded_len, 196 1.1 christos output_type, output_structure, 197 1.1 christos (flags & FLAG_DECODE_WITH_TYPE ? type : NULL), 198 1.1 christos selection, pass)) 199 1.1 christos || ((output_structure == NULL 200 1.1 christos || strcmp(output_structure, "type-specific") != 0) 201 1.1 christos && !TEST_true(decode_cb(file, line, (void **)&pkey3, encoded, encoded_len, 202 1.1 christos output_type, output_structure, 203 1.1 christos (flags & FLAG_DECODE_WITH_TYPE ? type : NULL), 204 1.1 christos 0, pass))) 205 1.1 christos || !TEST_true(encode_cb(file, line, &encoded2, &encoded2_len, pkey2, selection, 206 1.1 christos output_type, output_structure, pass, pcipher))) 207 1.1 christos goto end; 208 1.1 christos 209 1.1 christos if (selection == OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) { 210 1.1 christos if (!TEST_int_eq(EVP_PKEY_parameters_eq(pkey, pkey2), 1) 211 1.1 christos || (pkey3 != NULL 212 1.1 christos && !TEST_int_eq(EVP_PKEY_parameters_eq(pkey, pkey3), 1))) 213 1.1 christos goto end; 214 1.1 christos } else { 215 1.1 christos if (!TEST_int_eq(EVP_PKEY_eq(pkey, pkey2), 1) 216 1.1 christos || (pkey3 != NULL 217 1.1 christos && !TEST_int_eq(EVP_PKEY_eq(pkey, pkey3), 1))) 218 1.1 christos goto end; 219 1.1 christos } 220 1.1 christos 221 1.1 christos /* 222 1.1 christos * Double check the encoding, but only for unprotected keys, 223 1.1 christos * as protected keys have a random component, which makes the output 224 1.1 christos * differ. 225 1.1 christos */ 226 1.1 christos if ((pass == NULL && pcipher == NULL) 227 1.1 christos && !test_cb(file, line, encoded, encoded_len, encoded2, encoded2_len)) 228 1.1 christos goto end; 229 1.1 christos 230 1.1 christos ok = 1; 231 1.1 christos end: 232 1.1 christos if (!ok) { 233 1.1 christos if (encoded != NULL && encoded_len != 0) 234 1.1 christos dump_cb("|pkey| encoded", encoded, encoded_len); 235 1.1 christos if (encoded2 != NULL && encoded2_len != 0) 236 1.1 christos dump_cb("|pkey2| encoded", encoded2, encoded2_len); 237 1.1 christos } 238 1.1 christos 239 1.1 christos OPENSSL_free(encoded); 240 1.1 christos OPENSSL_free(encoded2); 241 1.1 christos EVP_PKEY_free(pkey2); 242 1.1 christos EVP_PKEY_free(pkey3); 243 1.1 christos return ok; 244 1.1 christos } 245 1.1 christos 246 1.1 christos /* Encoding and decoding methods */ 247 1.1 christos 248 1.1 christos static int encode_EVP_PKEY_prov(const char *file, const int line, 249 1.1 christos void **encoded, long *encoded_len, 250 1.1 christos void *object, int selection, 251 1.1 christos const char *output_type, 252 1.1 christos const char *output_structure, 253 1.1 christos const char *pass, const char *pcipher) 254 1.1 christos { 255 1.1 christos EVP_PKEY *pkey = object; 256 1.1 christos OSSL_ENCODER_CTX *ectx = NULL; 257 1.1 christos BIO *mem_ser = NULL; 258 1.1 christos BUF_MEM *mem_buf = NULL; 259 1.1 christos const unsigned char *upass = (const unsigned char *)pass; 260 1.1 christos int ok = 0; 261 1.1 christos 262 1.1 christos if (!TEST_FL_ptr(ectx = OSSL_ENCODER_CTX_new_for_pkey(pkey, selection, 263 1.1 christos output_type, 264 1.1 christos output_structure, 265 1.1 christos testpropq)) 266 1.1 christos || !TEST_FL_int_gt(OSSL_ENCODER_CTX_get_num_encoders(ectx), 0) 267 1.1 christos || (pass != NULL 268 1.1 christos && !TEST_FL_true(OSSL_ENCODER_CTX_set_passphrase(ectx, upass, 269 1.1 christos strlen(pass)))) 270 1.1 christos || (pcipher != NULL 271 1.1 christos && !TEST_FL_true(OSSL_ENCODER_CTX_set_cipher(ectx, pcipher, NULL))) 272 1.1 christos || !TEST_FL_ptr(mem_ser = BIO_new(BIO_s_mem())) 273 1.1 christos || !TEST_FL_true(OSSL_ENCODER_to_bio(ectx, mem_ser)) 274 1.1 christos || !TEST_FL_true(BIO_get_mem_ptr(mem_ser, &mem_buf) > 0) 275 1.1 christos || !TEST_FL_ptr(*encoded = mem_buf->data) 276 1.1 christos || !TEST_FL_long_gt(*encoded_len = mem_buf->length, 0)) 277 1.1 christos goto end; 278 1.1 christos 279 1.1 christos /* Detach the encoded output */ 280 1.1 christos mem_buf->data = NULL; 281 1.1 christos mem_buf->length = 0; 282 1.1 christos ok = 1; 283 1.1 christos end: 284 1.1 christos BIO_free(mem_ser); 285 1.1 christos OSSL_ENCODER_CTX_free(ectx); 286 1.1 christos return ok; 287 1.1 christos } 288 1.1 christos 289 1.1 christos static int decode_EVP_PKEY_prov(const char *file, const int line, 290 1.1 christos void **object, void *encoded, long encoded_len, 291 1.1 christos const char *input_type, 292 1.1 christos const char *structure_type, 293 1.1 christos const char *keytype, int selection, 294 1.1 christos const char *pass) 295 1.1 christos { 296 1.1 christos EVP_PKEY *pkey = NULL, *testpkey = NULL; 297 1.1 christos OSSL_DECODER_CTX *dctx = NULL; 298 1.1 christos BIO *encoded_bio = NULL; 299 1.1 christos const unsigned char *upass = (const unsigned char *)pass; 300 1.1 christos int ok = 0; 301 1.1 christos int i; 302 1.1 christos const char *badtype; 303 1.1 christos 304 1.1 christos if (strcmp(input_type, "DER") == 0) 305 1.1 christos badtype = "PEM"; 306 1.1 christos else 307 1.1 christos badtype = "DER"; 308 1.1 christos 309 1.1 christos if (!TEST_FL_ptr(encoded_bio = BIO_new_mem_buf(encoded, encoded_len))) 310 1.1 christos goto end; 311 1.1 christos 312 1.1 christos /* 313 1.1 christos * We attempt the decode 3 times. The first time we provide the expected 314 1.1 christos * starting input type. The second time we provide NULL for the starting 315 1.1 christos * type. The third time we provide a bad starting input type. 316 1.1 christos * The bad starting input type should fail. The other two should succeed 317 1.1 christos * and produce the same result. 318 1.1 christos */ 319 1.1 christos for (i = 0; i < 3; i++) { 320 1.1 christos const char *testtype = (i == 0) ? input_type 321 1.1 christos : ((i == 1) ? NULL : badtype); 322 1.1 christos 323 1.1 christos if (!TEST_FL_ptr(dctx = OSSL_DECODER_CTX_new_for_pkey(&testpkey, 324 1.1 christos testtype, 325 1.1 christos structure_type, 326 1.1 christos keytype, 327 1.1 christos selection, 328 1.1 christos testctx, testpropq)) 329 1.1 christos || (pass != NULL 330 1.1 christos && !OSSL_DECODER_CTX_set_passphrase(dctx, upass, strlen(pass))) 331 1.1 christos || !TEST_FL_int_gt(BIO_reset(encoded_bio), 0) 332 1.1 christos /* We expect to fail when using a bad input type */ 333 1.1 christos || !TEST_FL_int_eq(OSSL_DECODER_from_bio(dctx, encoded_bio), 334 1.1 christos (i == 2) ? 0 : 1)) 335 1.1 christos goto end; 336 1.1 christos OSSL_DECODER_CTX_free(dctx); 337 1.1 christos dctx = NULL; 338 1.1 christos 339 1.1 christos if (i == 0) { 340 1.1 christos pkey = testpkey; 341 1.1 christos testpkey = NULL; 342 1.1 christos } else if (i == 1) { 343 1.1 christos if (selection == OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) { 344 1.1 christos if (!TEST_FL_int_eq(EVP_PKEY_parameters_eq(pkey, testpkey), 1)) 345 1.1 christos goto end; 346 1.1 christos } else { 347 1.1 christos if (!TEST_FL_int_eq(EVP_PKEY_eq(pkey, testpkey), 1)) 348 1.1 christos goto end; 349 1.1 christos } 350 1.1 christos } 351 1.1 christos } 352 1.1 christos ok = 1; 353 1.1 christos *object = pkey; 354 1.1 christos pkey = NULL; 355 1.1 christos 356 1.1 christos end: 357 1.1 christos EVP_PKEY_free(pkey); 358 1.1 christos EVP_PKEY_free(testpkey); 359 1.1 christos BIO_free(encoded_bio); 360 1.1 christos OSSL_DECODER_CTX_free(dctx); 361 1.1 christos return ok; 362 1.1 christos } 363 1.1 christos 364 1.1 christos static int encode_EVP_PKEY_legacy_PEM(const char *file, const int line, 365 1.1 christos void **encoded, long *encoded_len, 366 1.1 christos void *object, ossl_unused int selection, 367 1.1 christos ossl_unused const char *output_type, 368 1.1 christos ossl_unused const char *output_structure, 369 1.1 christos const char *pass, const char *pcipher) 370 1.1 christos { 371 1.1 christos EVP_PKEY *pkey = object; 372 1.1 christos EVP_CIPHER *cipher = NULL; 373 1.1 christos BIO *mem_ser = NULL; 374 1.1 christos BUF_MEM *mem_buf = NULL; 375 1.1 christos const unsigned char *upass = (const unsigned char *)pass; 376 1.1 christos size_t passlen = 0; 377 1.1 christos int ok = 0; 378 1.1 christos 379 1.1 christos if (pcipher != NULL && pass != NULL) { 380 1.1 christos passlen = strlen(pass); 381 1.1 christos if (!TEST_FL_ptr(cipher = EVP_CIPHER_fetch(testctx, pcipher, testpropq))) 382 1.1 christos goto end; 383 1.1 christos } 384 1.1 christos if (!TEST_FL_ptr(mem_ser = BIO_new(BIO_s_mem())) 385 1.1 christos || !TEST_FL_true(PEM_write_bio_PrivateKey_traditional(mem_ser, pkey, 386 1.1 christos cipher, 387 1.1 christos upass, passlen, 388 1.1 christos NULL, NULL)) 389 1.1 christos || !TEST_FL_true(BIO_get_mem_ptr(mem_ser, &mem_buf) > 0) 390 1.1 christos || !TEST_FL_ptr(*encoded = mem_buf->data) 391 1.1 christos || !TEST_FL_long_gt(*encoded_len = mem_buf->length, 0)) 392 1.1 christos goto end; 393 1.1 christos 394 1.1 christos /* Detach the encoded output */ 395 1.1 christos mem_buf->data = NULL; 396 1.1 christos mem_buf->length = 0; 397 1.1 christos ok = 1; 398 1.1 christos end: 399 1.1 christos BIO_free(mem_ser); 400 1.1 christos EVP_CIPHER_free(cipher); 401 1.1 christos return ok; 402 1.1 christos } 403 1.1 christos 404 1.1 christos static int encode_EVP_PKEY_MSBLOB(const char *file, const int line, 405 1.1 christos void **encoded, long *encoded_len, 406 1.1 christos void *object, int selection, 407 1.1 christos ossl_unused const char *output_type, 408 1.1 christos ossl_unused const char *output_structure, 409 1.1 christos ossl_unused const char *pass, 410 1.1 christos ossl_unused const char *pcipher) 411 1.1 christos { 412 1.1 christos EVP_PKEY *pkey = object; 413 1.1 christos BIO *mem_ser = NULL; 414 1.1 christos BUF_MEM *mem_buf = NULL; 415 1.1 christos int ok = 0; 416 1.1 christos 417 1.1 christos if (!TEST_FL_ptr(mem_ser = BIO_new(BIO_s_mem()))) 418 1.1 christos goto end; 419 1.1 christos 420 1.1 christos if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) { 421 1.1 christos if (!TEST_FL_int_ge(i2b_PrivateKey_bio(mem_ser, pkey), 0)) 422 1.1 christos goto end; 423 1.1 christos } else { 424 1.1 christos if (!TEST_FL_int_ge(i2b_PublicKey_bio(mem_ser, pkey), 0)) 425 1.1 christos goto end; 426 1.1 christos } 427 1.1 christos 428 1.1 christos if (!TEST_FL_true(BIO_get_mem_ptr(mem_ser, &mem_buf) > 0) 429 1.1 christos || !TEST_FL_ptr(*encoded = mem_buf->data) 430 1.1 christos || !TEST_FL_long_gt(*encoded_len = mem_buf->length, 0)) 431 1.1 christos goto end; 432 1.1 christos 433 1.1 christos /* Detach the encoded output */ 434 1.1 christos mem_buf->data = NULL; 435 1.1 christos mem_buf->length = 0; 436 1.1 christos ok = 1; 437 1.1 christos end: 438 1.1 christos BIO_free(mem_ser); 439 1.1 christos return ok; 440 1.1 christos } 441 1.1 christos 442 1.1 christos static pem_password_cb pass_pw; 443 1.1 christos static int pass_pw(char *buf, int size, int rwflag, void *userdata) 444 1.1 christos { 445 1.1 christos OPENSSL_strlcpy(buf, userdata, size); 446 1.1 christos return strlen(userdata); 447 1.1 christos } 448 1.1 christos 449 1.1 christos static int encode_EVP_PKEY_PVK(const char *file, const int line, 450 1.1 christos void **encoded, long *encoded_len, 451 1.1 christos void *object, int selection, 452 1.1 christos ossl_unused const char *output_type, 453 1.1 christos ossl_unused const char *output_structure, 454 1.1 christos const char *pass, 455 1.1 christos ossl_unused const char *pcipher) 456 1.1 christos { 457 1.1 christos EVP_PKEY *pkey = object; 458 1.1 christos BIO *mem_ser = NULL; 459 1.1 christos BUF_MEM *mem_buf = NULL; 460 1.1 christos int enc = (pass != NULL); 461 1.1 christos int ok = 0; 462 1.1 christos 463 1.1 christos if (!TEST_FL_true(ossl_assert((selection 464 1.1 christos & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0)) 465 1.1 christos || !TEST_FL_ptr(mem_ser = BIO_new(BIO_s_mem())) 466 1.1 christos || !TEST_FL_int_ge(i2b_PVK_bio_ex(mem_ser, pkey, enc, 467 1.1 christos pass_pw, (void *)pass, testctx, testpropq), 0) 468 1.1 christos || !TEST_FL_true(BIO_get_mem_ptr(mem_ser, &mem_buf) > 0) 469 1.1 christos || !TEST_FL_ptr(*encoded = mem_buf->data) 470 1.1 christos || !TEST_FL_long_gt(*encoded_len = mem_buf->length, 0)) 471 1.1 christos goto end; 472 1.1 christos 473 1.1 christos /* Detach the encoded output */ 474 1.1 christos mem_buf->data = NULL; 475 1.1 christos mem_buf->length = 0; 476 1.1 christos ok = 1; 477 1.1 christos end: 478 1.1 christos BIO_free(mem_ser); 479 1.1 christos return ok; 480 1.1 christos } 481 1.1 christos 482 1.1 christos static int test_text(const char *file, const int line, 483 1.1 christos const void *data1, size_t data1_len, 484 1.1 christos const void *data2, size_t data2_len) 485 1.1 christos { 486 1.1 christos return TEST_FL_strn2_eq(data1, data1_len, data2, data2_len); 487 1.1 christos } 488 1.1 christos 489 1.1 christos static int test_mem(const char *file, const int line, 490 1.1 christos const void *data1, size_t data1_len, 491 1.1 christos const void *data2, size_t data2_len) 492 1.1 christos { 493 1.1 christos return TEST_FL_mem_eq(data1, data1_len, data2, data2_len); 494 1.1 christos } 495 1.1 christos 496 1.1 christos /* Test cases and their dumpers / checkers */ 497 1.1 christos 498 1.1 christos static void collect_name(const char *name, void *arg) 499 1.1 christos { 500 1.1 christos char **namelist = arg; 501 1.1 christos char *new_namelist; 502 1.1 christos size_t space; 503 1.1 christos 504 1.1 christos space = strlen(name); 505 1.1 christos if (*namelist != NULL) 506 1.1 christos space += strlen(*namelist) + 2 /* for comma and space */; 507 1.1 christos space++; /* for terminating null byte */ 508 1.1 christos 509 1.1 christos new_namelist = OPENSSL_realloc(*namelist, space); 510 1.1 christos if (new_namelist == NULL) 511 1.1 christos return; 512 1.1 christos if (*namelist != NULL) { 513 1.1 christos strcat(new_namelist, ", "); 514 1.1 christos strcat(new_namelist, name); 515 1.1 christos } else { 516 1.1 christos strcpy(new_namelist, name); 517 1.1 christos } 518 1.1 christos *namelist = new_namelist; 519 1.1 christos } 520 1.1 christos 521 1.1 christos static void dump_der(const char *label, const void *data, size_t data_len) 522 1.1 christos { 523 1.1 christos test_output_memory(label, data, data_len); 524 1.1 christos } 525 1.1 christos 526 1.1 christos static void dump_pem(const char *label, const void *data, size_t data_len) 527 1.1 christos { 528 1.1 christos test_output_string(label, data, data_len - 1); 529 1.1 christos } 530 1.1 christos 531 1.1 christos static int check_unprotected_PKCS8_DER(const char *file, const int line, 532 1.1 christos const char *type, 533 1.1 christos const void *data, size_t data_len) 534 1.1 christos { 535 1.1 christos const unsigned char *datap = data; 536 1.1 christos PKCS8_PRIV_KEY_INFO *p8inf = 537 1.1 christos d2i_PKCS8_PRIV_KEY_INFO(NULL, &datap, data_len); 538 1.1 christos int ok = 0; 539 1.1 christos 540 1.1 christos if (TEST_FL_ptr(p8inf)) { 541 1.1 christos EVP_PKEY *pkey = EVP_PKCS82PKEY_ex(p8inf, testctx, testpropq); 542 1.1 christos char *namelist = NULL; 543 1.1 christos 544 1.1 christos if (TEST_FL_ptr(pkey)) { 545 1.1 christos if (!(ok = TEST_FL_true(EVP_PKEY_is_a(pkey, type)))) { 546 1.1 christos EVP_PKEY_type_names_do_all(pkey, collect_name, &namelist); 547 1.1 christos if (namelist != NULL) 548 1.1 christos TEST_note("%s isn't any of %s", type, namelist); 549 1.1 christos OPENSSL_free(namelist); 550 1.1 christos } 551 1.1 christos ok = ok && TEST_FL_true(evp_pkey_is_provided(pkey)); 552 1.1 christos EVP_PKEY_free(pkey); 553 1.1 christos } 554 1.1 christos } 555 1.1 christos PKCS8_PRIV_KEY_INFO_free(p8inf); 556 1.1 christos return ok; 557 1.1 christos } 558 1.1 christos 559 1.1 christos static int test_unprotected_via_DER(const char *type, EVP_PKEY *key, int fips) 560 1.1 christos { 561 1.1 christos return test_encode_decode(__FILE__, __LINE__, type, key, 562 1.1 christos OSSL_KEYMGMT_SELECT_KEYPAIR 563 1.1 christos | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS, 564 1.1 christos "DER", "PrivateKeyInfo", NULL, NULL, 565 1.1 christos encode_EVP_PKEY_prov, decode_EVP_PKEY_prov, 566 1.1 christos test_mem, check_unprotected_PKCS8_DER, 567 1.1 christos dump_der, fips ? 0 : FLAG_FAIL_IF_FIPS); 568 1.1 christos } 569 1.1 christos 570 1.1 christos static int check_unprotected_PKCS8_PEM(const char *file, const int line, 571 1.1 christos const char *type, 572 1.1 christos const void *data, size_t data_len) 573 1.1 christos { 574 1.1 christos static const char expected_pem_header[] = 575 1.1 christos "-----BEGIN " PEM_STRING_PKCS8INF "-----"; 576 1.1 christos 577 1.1 christos return TEST_FL_strn_eq(data, expected_pem_header, 578 1.1 christos sizeof(expected_pem_header) - 1); 579 1.1 christos } 580 1.1 christos 581 1.1 christos static int test_unprotected_via_PEM(const char *type, EVP_PKEY *key, int fips) 582 1.1 christos { 583 1.1 christos return test_encode_decode(__FILE__, __LINE__, type, key, 584 1.1 christos OSSL_KEYMGMT_SELECT_KEYPAIR 585 1.1 christos | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS, 586 1.1 christos "PEM", "PrivateKeyInfo", NULL, NULL, 587 1.1 christos encode_EVP_PKEY_prov, decode_EVP_PKEY_prov, 588 1.1 christos test_text, check_unprotected_PKCS8_PEM, 589 1.1 christos dump_pem, fips ? 0 : FLAG_FAIL_IF_FIPS); 590 1.1 christos } 591 1.1 christos 592 1.1 christos #ifndef OPENSSL_NO_KEYPARAMS 593 1.1 christos static int check_params_DER(const char *file, const int line, 594 1.1 christos const char *type, const void *data, size_t data_len) 595 1.1 christos { 596 1.1 christos const unsigned char *datap = data; 597 1.1 christos int ok = 0; 598 1.1 christos int itype = NID_undef; 599 1.1 christos EVP_PKEY *pkey = NULL; 600 1.1 christos 601 1.1 christos if (strcmp(type, "DH") == 0) 602 1.1 christos itype = EVP_PKEY_DH; 603 1.1 christos else if (strcmp(type, "X9.42 DH") == 0) 604 1.1 christos itype = EVP_PKEY_DHX; 605 1.1 christos else if (strcmp(type, "DSA") == 0) 606 1.1 christos itype = EVP_PKEY_DSA; 607 1.1 christos else if (strcmp(type, "EC") == 0) 608 1.1 christos itype = EVP_PKEY_EC; 609 1.1 christos 610 1.1 christos if (itype != NID_undef) { 611 1.1 christos pkey = d2i_KeyParams(itype, NULL, &datap, data_len); 612 1.1 christos ok = (pkey != NULL); 613 1.1 christos EVP_PKEY_free(pkey); 614 1.1 christos } 615 1.1 christos 616 1.1 christos return ok; 617 1.1 christos } 618 1.1 christos 619 1.1 christos static int check_params_PEM(const char *file, const int line, 620 1.1 christos const char *type, 621 1.1 christos const void *data, size_t data_len) 622 1.1 christos { 623 1.1 christos static char expected_pem_header[80]; 624 1.1 christos 625 1.1 christos return 626 1.1 christos TEST_FL_int_gt(BIO_snprintf(expected_pem_header, 627 1.1 christos sizeof(expected_pem_header), 628 1.1 christos "-----BEGIN %s PARAMETERS-----", type), 0) 629 1.1 christos && TEST_FL_strn_eq(data, expected_pem_header, strlen(expected_pem_header)); 630 1.1 christos } 631 1.1 christos 632 1.1 christos static int test_params_via_DER(const char *type, EVP_PKEY *key) 633 1.1 christos { 634 1.1 christos return test_encode_decode(__FILE__, __LINE__, type, key, OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS, 635 1.1 christos "DER", "type-specific", NULL, NULL, 636 1.1 christos encode_EVP_PKEY_prov, decode_EVP_PKEY_prov, 637 1.1 christos test_mem, check_params_DER, 638 1.1 christos dump_der, FLAG_DECODE_WITH_TYPE); 639 1.1 christos } 640 1.1 christos 641 1.1 christos static int test_params_via_PEM(const char *type, EVP_PKEY *key) 642 1.1 christos { 643 1.1 christos return test_encode_decode(__FILE__, __LINE__, type, key, OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS, 644 1.1 christos "PEM", "type-specific", NULL, NULL, 645 1.1 christos encode_EVP_PKEY_prov, decode_EVP_PKEY_prov, 646 1.1 christos test_text, check_params_PEM, 647 1.1 christos dump_pem, 0); 648 1.1 christos } 649 1.1 christos #endif /* !OPENSSL_NO_KEYPARAMS */ 650 1.1 christos 651 1.1 christos static int check_unprotected_legacy_PEM(const char *file, const int line, 652 1.1 christos const char *type, 653 1.1 christos const void *data, size_t data_len) 654 1.1 christos { 655 1.1 christos static char expected_pem_header[80]; 656 1.1 christos 657 1.1 christos return 658 1.1 christos TEST_FL_int_gt(BIO_snprintf(expected_pem_header, 659 1.1 christos sizeof(expected_pem_header), 660 1.1 christos "-----BEGIN %s PRIVATE KEY-----", type), 0) 661 1.1 christos && TEST_FL_strn_eq(data, expected_pem_header, strlen(expected_pem_header)); 662 1.1 christos } 663 1.1 christos 664 1.1 christos static int test_unprotected_via_legacy_PEM(const char *type, EVP_PKEY *key) 665 1.1 christos { 666 1.1 christos if (!default_libctx || is_fips) 667 1.1 christos return TEST_skip("Test not available if using a non-default library context or FIPS provider"); 668 1.1 christos 669 1.1 christos return test_encode_decode(__FILE__, __LINE__, type, key, 670 1.1 christos OSSL_KEYMGMT_SELECT_KEYPAIR 671 1.1 christos | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS, 672 1.1 christos "PEM", "type-specific", NULL, NULL, 673 1.1 christos encode_EVP_PKEY_legacy_PEM, decode_EVP_PKEY_prov, 674 1.1 christos test_text, check_unprotected_legacy_PEM, 675 1.1 christos dump_pem, 0); 676 1.1 christos } 677 1.1 christos 678 1.1 christos static int check_MSBLOB(const char *file, const int line, 679 1.1 christos const char *type, const void *data, size_t data_len) 680 1.1 christos { 681 1.1 christos const unsigned char *datap = data; 682 1.1 christos EVP_PKEY *pkey = b2i_PrivateKey(&datap, data_len); 683 1.1 christos int ok = TEST_FL_ptr(pkey); 684 1.1 christos 685 1.1 christos EVP_PKEY_free(pkey); 686 1.1 christos return ok; 687 1.1 christos } 688 1.1 christos 689 1.1 christos static int test_unprotected_via_MSBLOB(const char *type, EVP_PKEY *key) 690 1.1 christos { 691 1.1 christos return test_encode_decode(__FILE__, __LINE__, type, key, 692 1.1 christos OSSL_KEYMGMT_SELECT_KEYPAIR 693 1.1 christos | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS, 694 1.1 christos "MSBLOB", NULL, NULL, NULL, 695 1.1 christos encode_EVP_PKEY_MSBLOB, decode_EVP_PKEY_prov, 696 1.1 christos test_mem, check_MSBLOB, 697 1.1 christos dump_der, 0); 698 1.1 christos } 699 1.1 christos 700 1.1 christos static int check_PVK(const char *file, const int line, 701 1.1 christos const char *type, const void *data, size_t data_len) 702 1.1 christos { 703 1.1 christos const unsigned char *in = data; 704 1.1 christos unsigned int saltlen = 0, keylen = 0; 705 1.1 christos int isdss = -1; 706 1.1 christos 707 1.1 christos return ossl_do_PVK_header(&in, data_len, 0, &isdss, &saltlen, &keylen); 708 1.1 christos } 709 1.1 christos 710 1.1 christos static int test_unprotected_via_PVK(const char *type, EVP_PKEY *key) 711 1.1 christos { 712 1.1 christos return test_encode_decode(__FILE__, __LINE__, type, key, 713 1.1 christos OSSL_KEYMGMT_SELECT_KEYPAIR 714 1.1 christos | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS, 715 1.1 christos "PVK", NULL, NULL, NULL, 716 1.1 christos encode_EVP_PKEY_PVK, decode_EVP_PKEY_prov, 717 1.1 christos test_mem, check_PVK, 718 1.1 christos dump_der, 0); 719 1.1 christos } 720 1.1 christos 721 1.1 christos static const char *pass_cipher = "AES-256-CBC"; 722 1.1 christos static const char *pass = "the holy handgrenade of antioch"; 723 1.1 christos 724 1.1 christos static int check_protected_PKCS8_DER(const char *file, const int line, 725 1.1 christos const char *type, 726 1.1 christos const void *data, size_t data_len) 727 1.1 christos { 728 1.1 christos const unsigned char *datap = data; 729 1.1 christos X509_SIG *p8 = d2i_X509_SIG(NULL, &datap, data_len); 730 1.1 christos int ok = TEST_FL_ptr(p8); 731 1.1 christos 732 1.1 christos X509_SIG_free(p8); 733 1.1 christos return ok; 734 1.1 christos } 735 1.1 christos 736 1.1 christos static int test_protected_via_DER(const char *type, EVP_PKEY *key, int fips) 737 1.1 christos { 738 1.1 christos return test_encode_decode(__FILE__, __LINE__, type, key, 739 1.1 christos OSSL_KEYMGMT_SELECT_KEYPAIR 740 1.1 christos | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS, 741 1.1 christos "DER", "EncryptedPrivateKeyInfo", 742 1.1 christos pass, pass_cipher, 743 1.1 christos encode_EVP_PKEY_prov, decode_EVP_PKEY_prov, 744 1.1 christos test_mem, check_protected_PKCS8_DER, 745 1.1 christos dump_der, fips ? 0 : FLAG_FAIL_IF_FIPS); 746 1.1 christos } 747 1.1 christos 748 1.1 christos static int check_protected_PKCS8_PEM(const char *file, const int line, 749 1.1 christos const char *type, 750 1.1 christos const void *data, size_t data_len) 751 1.1 christos { 752 1.1 christos static const char expected_pem_header[] = 753 1.1 christos "-----BEGIN " PEM_STRING_PKCS8 "-----"; 754 1.1 christos 755 1.1 christos return TEST_FL_strn_eq(data, expected_pem_header, 756 1.1 christos sizeof(expected_pem_header) - 1); 757 1.1 christos } 758 1.1 christos 759 1.1 christos static int test_protected_via_PEM(const char *type, EVP_PKEY *key, int fips) 760 1.1 christos { 761 1.1 christos return test_encode_decode(__FILE__, __LINE__, type, key, 762 1.1 christos OSSL_KEYMGMT_SELECT_KEYPAIR 763 1.1 christos | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS, 764 1.1 christos "PEM", "EncryptedPrivateKeyInfo", 765 1.1 christos pass, pass_cipher, 766 1.1 christos encode_EVP_PKEY_prov, decode_EVP_PKEY_prov, 767 1.1 christos test_text, check_protected_PKCS8_PEM, 768 1.1 christos dump_pem, fips ? 0 : FLAG_FAIL_IF_FIPS); 769 1.1 christos } 770 1.1 christos 771 1.1 christos static int check_protected_legacy_PEM(const char *file, const int line, 772 1.1 christos const char *type, 773 1.1 christos const void *data, size_t data_len) 774 1.1 christos { 775 1.1 christos static char expected_pem_header[80]; 776 1.1 christos 777 1.1 christos return 778 1.1 christos TEST_FL_int_gt(BIO_snprintf(expected_pem_header, 779 1.1 christos sizeof(expected_pem_header), 780 1.1 christos "-----BEGIN %s PRIVATE KEY-----", type), 0) 781 1.1 christos && TEST_FL_strn_eq(data, expected_pem_header, strlen(expected_pem_header)) 782 1.1 christos && TEST_FL_ptr(strstr(data, "\nDEK-Info: ")); 783 1.1 christos } 784 1.1 christos 785 1.1 christos static int test_protected_via_legacy_PEM(const char *type, EVP_PKEY *key) 786 1.1 christos { 787 1.1 christos if (!default_libctx || is_fips) 788 1.1 christos return TEST_skip("Test not available if using a non-default library context or FIPS provider"); 789 1.1 christos 790 1.1 christos return test_encode_decode(__FILE__, __LINE__, type, key, 791 1.1 christos OSSL_KEYMGMT_SELECT_KEYPAIR 792 1.1 christos | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS, 793 1.1 christos "PEM", "type-specific", pass, pass_cipher, 794 1.1 christos encode_EVP_PKEY_legacy_PEM, decode_EVP_PKEY_prov, 795 1.1 christos test_text, check_protected_legacy_PEM, 796 1.1 christos dump_pem, 0); 797 1.1 christos } 798 1.1 christos 799 1.1 christos #ifndef OPENSSL_NO_RC4 800 1.1 christos static int test_protected_via_PVK(const char *type, EVP_PKEY *key) 801 1.1 christos { 802 1.1 christos int ret = 0; 803 1.1 christos OSSL_PROVIDER *lgcyprov = OSSL_PROVIDER_load(testctx, "legacy"); 804 1.1 christos if (lgcyprov == NULL) 805 1.1 christos return TEST_skip("Legacy provider not available"); 806 1.1 christos 807 1.1 christos ret = test_encode_decode(__FILE__, __LINE__, type, key, 808 1.1 christos OSSL_KEYMGMT_SELECT_KEYPAIR 809 1.1 christos | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS, 810 1.1 christos "PVK", NULL, pass, NULL, 811 1.1 christos encode_EVP_PKEY_PVK, decode_EVP_PKEY_prov, 812 1.1 christos test_mem, check_PVK, dump_der, 0); 813 1.1 christos OSSL_PROVIDER_unload(lgcyprov); 814 1.1 christos return ret; 815 1.1 christos } 816 1.1 christos #endif 817 1.1 christos 818 1.1 christos static int check_public_DER(const char *file, const int line, 819 1.1 christos const char *type, const void *data, size_t data_len) 820 1.1 christos { 821 1.1 christos const unsigned char *datap = data; 822 1.1 christos EVP_PKEY *pkey = d2i_PUBKEY_ex(NULL, &datap, data_len, testctx, testpropq); 823 1.1 christos int ok = (TEST_FL_ptr(pkey) && TEST_FL_true(EVP_PKEY_is_a(pkey, type))); 824 1.1 christos 825 1.1 christos EVP_PKEY_free(pkey); 826 1.1 christos return ok; 827 1.1 christos } 828 1.1 christos 829 1.1 christos static int test_public_via_DER(const char *type, EVP_PKEY *key, int fips) 830 1.1 christos { 831 1.1 christos return test_encode_decode(__FILE__, __LINE__, type, key, 832 1.1 christos OSSL_KEYMGMT_SELECT_PUBLIC_KEY 833 1.1 christos | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS, 834 1.1 christos "DER", "SubjectPublicKeyInfo", NULL, NULL, 835 1.1 christos encode_EVP_PKEY_prov, decode_EVP_PKEY_prov, 836 1.1 christos test_mem, check_public_DER, dump_der, 837 1.1 christos fips ? 0 : FLAG_FAIL_IF_FIPS); 838 1.1 christos } 839 1.1 christos 840 1.1 christos static int check_public_PEM(const char *file, const int line, 841 1.1 christos const char *type, const void *data, size_t data_len) 842 1.1 christos { 843 1.1 christos static const char expected_pem_header[] = 844 1.1 christos "-----BEGIN " PEM_STRING_PUBLIC "-----"; 845 1.1 christos 846 1.1 christos return 847 1.1 christos TEST_FL_strn_eq(data, expected_pem_header, 848 1.1 christos sizeof(expected_pem_header) - 1); 849 1.1 christos } 850 1.1 christos 851 1.1 christos static int test_public_via_PEM(const char *type, EVP_PKEY *key, int fips) 852 1.1 christos { 853 1.1 christos return test_encode_decode(__FILE__, __LINE__, type, key, 854 1.1 christos OSSL_KEYMGMT_SELECT_PUBLIC_KEY 855 1.1 christos | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS, 856 1.1 christos "PEM", "SubjectPublicKeyInfo", NULL, NULL, 857 1.1 christos encode_EVP_PKEY_prov, decode_EVP_PKEY_prov, 858 1.1 christos test_text, check_public_PEM, dump_pem, 859 1.1 christos fips ? 0 : FLAG_FAIL_IF_FIPS); 860 1.1 christos } 861 1.1 christos 862 1.1 christos static int check_public_MSBLOB(const char *file, const int line, 863 1.1 christos const char *type, 864 1.1 christos const void *data, size_t data_len) 865 1.1 christos { 866 1.1 christos const unsigned char *datap = data; 867 1.1 christos EVP_PKEY *pkey = b2i_PublicKey(&datap, data_len); 868 1.1 christos int ok = TEST_FL_ptr(pkey); 869 1.1 christos 870 1.1 christos EVP_PKEY_free(pkey); 871 1.1 christos return ok; 872 1.1 christos } 873 1.1 christos 874 1.1 christos static int test_public_via_MSBLOB(const char *type, EVP_PKEY *key) 875 1.1 christos { 876 1.1 christos return test_encode_decode(__FILE__, __LINE__, type, key, OSSL_KEYMGMT_SELECT_PUBLIC_KEY 877 1.1 christos | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS, 878 1.1 christos "MSBLOB", NULL, NULL, NULL, 879 1.1 christos encode_EVP_PKEY_MSBLOB, decode_EVP_PKEY_prov, 880 1.1 christos test_mem, check_public_MSBLOB, dump_der, 0); 881 1.1 christos } 882 1.1 christos 883 1.1 christos #define KEYS(KEYTYPE) \ 884 1.1 christos static EVP_PKEY *key_##KEYTYPE = NULL 885 1.1 christos #define MAKE_KEYS(KEYTYPE, KEYTYPEstr, params) \ 886 1.1 christos ok = ok \ 887 1.1 christos && TEST_ptr(key_##KEYTYPE = make_key(KEYTYPEstr, NULL, params)) 888 1.1 christos #define FREE_KEYS(KEYTYPE) \ 889 1.1 christos EVP_PKEY_free(key_##KEYTYPE); \ 890 1.1 christos 891 1.1 christos #define DOMAIN_KEYS(KEYTYPE) \ 892 1.1 christos static EVP_PKEY *template_##KEYTYPE = NULL; \ 893 1.1 christos static EVP_PKEY *key_##KEYTYPE = NULL 894 1.1 christos #define MAKE_DOMAIN_KEYS(KEYTYPE, KEYTYPEstr, params) \ 895 1.1 christos ok = ok \ 896 1.1 christos && TEST_ptr(template_##KEYTYPE = \ 897 1.1 christos make_template(KEYTYPEstr, params)) \ 898 1.1 christos && TEST_ptr(key_##KEYTYPE = \ 899 1.1 christos make_key(KEYTYPEstr, template_##KEYTYPE, NULL)) 900 1.1 christos #define FREE_DOMAIN_KEYS(KEYTYPE) \ 901 1.1 christos EVP_PKEY_free(template_##KEYTYPE); \ 902 1.1 christos EVP_PKEY_free(key_##KEYTYPE) 903 1.1 christos 904 1.1 christos #define IMPLEMENT_TEST_SUITE(KEYTYPE, KEYTYPEstr, fips) \ 905 1.1 christos static int test_unprotected_##KEYTYPE##_via_DER(void) \ 906 1.1 christos { \ 907 1.1 christos return test_unprotected_via_DER(KEYTYPEstr, key_##KEYTYPE, fips); \ 908 1.1 christos } \ 909 1.1 christos static int test_unprotected_##KEYTYPE##_via_PEM(void) \ 910 1.1 christos { \ 911 1.1 christos return test_unprotected_via_PEM(KEYTYPEstr, key_##KEYTYPE, fips); \ 912 1.1 christos } \ 913 1.1 christos static int test_protected_##KEYTYPE##_via_DER(void) \ 914 1.1 christos { \ 915 1.1 christos return test_protected_via_DER(KEYTYPEstr, key_##KEYTYPE, fips); \ 916 1.1 christos } \ 917 1.1 christos static int test_protected_##KEYTYPE##_via_PEM(void) \ 918 1.1 christos { \ 919 1.1 christos return test_protected_via_PEM(KEYTYPEstr, key_##KEYTYPE, fips); \ 920 1.1 christos } \ 921 1.1 christos static int test_public_##KEYTYPE##_via_DER(void) \ 922 1.1 christos { \ 923 1.1 christos return test_public_via_DER(KEYTYPEstr, key_##KEYTYPE, fips); \ 924 1.1 christos } \ 925 1.1 christos static int test_public_##KEYTYPE##_via_PEM(void) \ 926 1.1 christos { \ 927 1.1 christos return test_public_via_PEM(KEYTYPEstr, key_##KEYTYPE, fips); \ 928 1.1 christos } 929 1.1 christos 930 1.1 christos #define ADD_TEST_SUITE(KEYTYPE) \ 931 1.1 christos ADD_TEST(test_unprotected_##KEYTYPE##_via_DER); \ 932 1.1 christos ADD_TEST(test_unprotected_##KEYTYPE##_via_PEM); \ 933 1.1 christos ADD_TEST(test_protected_##KEYTYPE##_via_DER); \ 934 1.1 christos ADD_TEST(test_protected_##KEYTYPE##_via_PEM); \ 935 1.1 christos ADD_TEST(test_public_##KEYTYPE##_via_DER); \ 936 1.1 christos ADD_TEST(test_public_##KEYTYPE##_via_PEM) 937 1.1 christos 938 1.1 christos #define IMPLEMENT_TEST_SUITE_PARAMS(KEYTYPE, KEYTYPEstr) \ 939 1.1 christos static int test_params_##KEYTYPE##_via_DER(void) \ 940 1.1 christos { \ 941 1.1 christos return test_params_via_DER(KEYTYPEstr, key_##KEYTYPE); \ 942 1.1 christos } \ 943 1.1 christos static int test_params_##KEYTYPE##_via_PEM(void) \ 944 1.1 christos { \ 945 1.1 christos return test_params_via_PEM(KEYTYPEstr, key_##KEYTYPE); \ 946 1.1 christos } 947 1.1 christos 948 1.1 christos #define ADD_TEST_SUITE_PARAMS(KEYTYPE) \ 949 1.1 christos ADD_TEST(test_params_##KEYTYPE##_via_DER); \ 950 1.1 christos ADD_TEST(test_params_##KEYTYPE##_via_PEM) 951 1.1 christos 952 1.1 christos #define IMPLEMENT_TEST_SUITE_LEGACY(KEYTYPE, KEYTYPEstr) \ 953 1.1 christos static int test_unprotected_##KEYTYPE##_via_legacy_PEM(void) \ 954 1.1 christos { \ 955 1.1 christos return \ 956 1.1 christos test_unprotected_via_legacy_PEM(KEYTYPEstr, key_##KEYTYPE); \ 957 1.1 christos } \ 958 1.1 christos static int test_protected_##KEYTYPE##_via_legacy_PEM(void) \ 959 1.1 christos { \ 960 1.1 christos return \ 961 1.1 christos test_protected_via_legacy_PEM(KEYTYPEstr, key_##KEYTYPE); \ 962 1.1 christos } 963 1.1 christos 964 1.1 christos #define ADD_TEST_SUITE_LEGACY(KEYTYPE) \ 965 1.1 christos ADD_TEST(test_unprotected_##KEYTYPE##_via_legacy_PEM); \ 966 1.1 christos ADD_TEST(test_protected_##KEYTYPE##_via_legacy_PEM) 967 1.1 christos 968 1.1 christos #define IMPLEMENT_TEST_SUITE_MSBLOB(KEYTYPE, KEYTYPEstr) \ 969 1.1 christos static int test_unprotected_##KEYTYPE##_via_MSBLOB(void) \ 970 1.1 christos { \ 971 1.1 christos return test_unprotected_via_MSBLOB(KEYTYPEstr, key_##KEYTYPE); \ 972 1.1 christos } \ 973 1.1 christos static int test_public_##KEYTYPE##_via_MSBLOB(void) \ 974 1.1 christos { \ 975 1.1 christos return test_public_via_MSBLOB(KEYTYPEstr, key_##KEYTYPE); \ 976 1.1 christos } 977 1.1 christos 978 1.1 christos #define ADD_TEST_SUITE_MSBLOB(KEYTYPE) \ 979 1.1 christos ADD_TEST(test_unprotected_##KEYTYPE##_via_MSBLOB); \ 980 1.1 christos ADD_TEST(test_public_##KEYTYPE##_via_MSBLOB) 981 1.1 christos 982 1.1 christos #define IMPLEMENT_TEST_SUITE_UNPROTECTED_PVK(KEYTYPE, KEYTYPEstr) \ 983 1.1 christos static int test_unprotected_##KEYTYPE##_via_PVK(void) \ 984 1.1 christos { \ 985 1.1 christos return test_unprotected_via_PVK(KEYTYPEstr, key_##KEYTYPE); \ 986 1.1 christos } 987 1.1 christos # define ADD_TEST_SUITE_UNPROTECTED_PVK(KEYTYPE) \ 988 1.1 christos ADD_TEST(test_unprotected_##KEYTYPE##_via_PVK) 989 1.1 christos #ifndef OPENSSL_NO_RC4 990 1.1 christos # define IMPLEMENT_TEST_SUITE_PROTECTED_PVK(KEYTYPE, KEYTYPEstr) \ 991 1.1 christos static int test_protected_##KEYTYPE##_via_PVK(void) \ 992 1.1 christos { \ 993 1.1 christos return test_protected_via_PVK(KEYTYPEstr, key_##KEYTYPE); \ 994 1.1 christos } 995 1.1 christos # define ADD_TEST_SUITE_PROTECTED_PVK(KEYTYPE) \ 996 1.1 christos ADD_TEST(test_protected_##KEYTYPE##_via_PVK) 997 1.1 christos #endif 998 1.1 christos 999 1.1 christos #ifndef OPENSSL_NO_DH 1000 1.1 christos DOMAIN_KEYS(DH); 1001 1.1 christos IMPLEMENT_TEST_SUITE(DH, "DH", 1) 1002 1.1 christos IMPLEMENT_TEST_SUITE_PARAMS(DH, "DH") 1003 1.1 christos DOMAIN_KEYS(DHX); 1004 1.1 christos IMPLEMENT_TEST_SUITE(DHX, "X9.42 DH", 1) 1005 1.1 christos IMPLEMENT_TEST_SUITE_PARAMS(DHX, "X9.42 DH") 1006 1.1 christos /* 1007 1.1 christos * DH has no support for PEM_write_bio_PrivateKey_traditional(), 1008 1.1 christos * so no legacy tests. 1009 1.1 christos */ 1010 1.1 christos #endif 1011 1.1 christos #ifndef OPENSSL_NO_DSA 1012 1.1 christos DOMAIN_KEYS(DSA); 1013 1.1 christos IMPLEMENT_TEST_SUITE(DSA, "DSA", 1) 1014 1.1 christos IMPLEMENT_TEST_SUITE_PARAMS(DSA, "DSA") 1015 1.1 christos IMPLEMENT_TEST_SUITE_LEGACY(DSA, "DSA") 1016 1.1 christos IMPLEMENT_TEST_SUITE_MSBLOB(DSA, "DSA") 1017 1.1 christos IMPLEMENT_TEST_SUITE_UNPROTECTED_PVK(DSA, "DSA") 1018 1.1 christos # ifndef OPENSSL_NO_RC4 1019 1.1 christos IMPLEMENT_TEST_SUITE_PROTECTED_PVK(DSA, "DSA") 1020 1.1 christos # endif 1021 1.1 christos #endif 1022 1.1 christos #ifndef OPENSSL_NO_EC 1023 1.1 christos DOMAIN_KEYS(EC); 1024 1.1 christos IMPLEMENT_TEST_SUITE(EC, "EC", 1) 1025 1.1 christos IMPLEMENT_TEST_SUITE_PARAMS(EC, "EC") 1026 1.1 christos IMPLEMENT_TEST_SUITE_LEGACY(EC, "EC") 1027 1.1 christos DOMAIN_KEYS(ECExplicitPrimeNamedCurve); 1028 1.1 christos IMPLEMENT_TEST_SUITE(ECExplicitPrimeNamedCurve, "EC", 1) 1029 1.1 christos IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitPrimeNamedCurve, "EC") 1030 1.1 christos DOMAIN_KEYS(ECExplicitPrime2G); 1031 1.1 christos IMPLEMENT_TEST_SUITE(ECExplicitPrime2G, "EC", 0) 1032 1.1 christos IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitPrime2G, "EC") 1033 1.1 christos # ifndef OPENSSL_NO_EC2M 1034 1.1 christos DOMAIN_KEYS(ECExplicitTriNamedCurve); 1035 1.1 christos IMPLEMENT_TEST_SUITE(ECExplicitTriNamedCurve, "EC", 1) 1036 1.1 christos IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitTriNamedCurve, "EC") 1037 1.1 christos DOMAIN_KEYS(ECExplicitTri2G); 1038 1.1 christos IMPLEMENT_TEST_SUITE(ECExplicitTri2G, "EC", 0) 1039 1.1 christos IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitTri2G, "EC") 1040 1.1 christos # endif 1041 1.1 christos # ifndef OPENSSL_NO_SM2 1042 1.1 christos KEYS(SM2); 1043 1.1 christos IMPLEMENT_TEST_SUITE(SM2, "SM2", 0) 1044 1.1 christos # endif 1045 1.1 christos #endif 1046 1.1 christos #ifndef OPENSSL_NO_ECX 1047 1.1 christos /* 1048 1.1 christos * ED25519, ED448, X25519 and X448 have no support for 1049 1.1 christos * PEM_write_bio_PrivateKey_traditional(), so no legacy tests. 1050 1.1 christos */ 1051 1.1 christos KEYS(ED25519); 1052 1.1 christos IMPLEMENT_TEST_SUITE(ED25519, "ED25519", 1) 1053 1.1 christos KEYS(ED448); 1054 1.1 christos IMPLEMENT_TEST_SUITE(ED448, "ED448", 1) 1055 1.1 christos KEYS(X25519); 1056 1.1 christos IMPLEMENT_TEST_SUITE(X25519, "X25519", 1) 1057 1.1 christos KEYS(X448); 1058 1.1 christos IMPLEMENT_TEST_SUITE(X448, "X448", 1) 1059 1.1 christos #endif 1060 1.1 christos #ifndef OPENSSL_NO_ML_KEM 1061 1.1 christos /* 1062 1.1 christos * ML-KEM has no support for PEM_write_bio_PrivateKey_traditional(), so no 1063 1.1 christos * legacy tests. 1064 1.1 christos */ 1065 1.1 christos KEYS(ML_KEM_512); 1066 1.1 christos IMPLEMENT_TEST_SUITE(ML_KEM_512, "ML-KEM-512", 1) 1067 1.1 christos KEYS(ML_KEM_768); 1068 1.1 christos IMPLEMENT_TEST_SUITE(ML_KEM_768, "ML-KEM-768", 1) 1069 1.1 christos KEYS(ML_KEM_1024); 1070 1.1 christos IMPLEMENT_TEST_SUITE(ML_KEM_1024, "ML-KEM-1024", 1) 1071 1.1 christos #endif 1072 1.1 christos #ifndef OPENSSL_NO_SLH_DSA 1073 1.1 christos KEYS(SLH_DSA_SHA2_128s); 1074 1.1 christos KEYS(SLH_DSA_SHA2_128f); 1075 1.1 christos KEYS(SLH_DSA_SHA2_192s); 1076 1.1 christos KEYS(SLH_DSA_SHA2_192f); 1077 1.1 christos KEYS(SLH_DSA_SHA2_256s); 1078 1.1 christos KEYS(SLH_DSA_SHA2_256f); 1079 1.1 christos KEYS(SLH_DSA_SHAKE_128s); 1080 1.1 christos KEYS(SLH_DSA_SHAKE_128f); 1081 1.1 christos KEYS(SLH_DSA_SHAKE_192s); 1082 1.1 christos KEYS(SLH_DSA_SHAKE_192f); 1083 1.1 christos KEYS(SLH_DSA_SHAKE_256s); 1084 1.1 christos KEYS(SLH_DSA_SHAKE_256f); 1085 1.1 christos IMPLEMENT_TEST_SUITE(SLH_DSA_SHA2_128s, "SLH-DSA-SHA2-128s", 1) 1086 1.1 christos IMPLEMENT_TEST_SUITE(SLH_DSA_SHA2_128f, "SLH-DSA-SHA2-128f", 1) 1087 1.1 christos IMPLEMENT_TEST_SUITE(SLH_DSA_SHA2_192s, "SLH-DSA-SHA2-192s", 1) 1088 1.1 christos IMPLEMENT_TEST_SUITE(SLH_DSA_SHA2_192f, "SLH-DSA-SHA2-192f", 1) 1089 1.1 christos IMPLEMENT_TEST_SUITE(SLH_DSA_SHA2_256s, "SLH-DSA-SHA2-256s", 1) 1090 1.1 christos IMPLEMENT_TEST_SUITE(SLH_DSA_SHA2_256f, "SLH-DSA-SHA2-256f", 1) 1091 1.1 christos IMPLEMENT_TEST_SUITE(SLH_DSA_SHAKE_128s, "SLH-DSA-SHAKE-128s", 1) 1092 1.1 christos IMPLEMENT_TEST_SUITE(SLH_DSA_SHAKE_128f, "SLH-DSA-SHAKE-128f", 1) 1093 1.1 christos IMPLEMENT_TEST_SUITE(SLH_DSA_SHAKE_192s, "SLH-DSA-SHAKE-192s", 1) 1094 1.1 christos IMPLEMENT_TEST_SUITE(SLH_DSA_SHAKE_192f, "SLH-DSA-SHAKE-192f", 1) 1095 1.1 christos IMPLEMENT_TEST_SUITE(SLH_DSA_SHAKE_256s, "SLH-DSA-SHAKE-256s", 1) 1096 1.1 christos IMPLEMENT_TEST_SUITE(SLH_DSA_SHAKE_256f, "SLH-DSA-SHAKE-256f", 1) 1097 1.1 christos #endif /* OPENSSL_NO_SLH_DSA */ 1098 1.1 christos KEYS(RSA); 1099 1.1 christos IMPLEMENT_TEST_SUITE(RSA, "RSA", 1) 1100 1.1 christos IMPLEMENT_TEST_SUITE_LEGACY(RSA, "RSA") 1101 1.1 christos KEYS(RSA_PSS); 1102 1.1 christos IMPLEMENT_TEST_SUITE(RSA_PSS, "RSA-PSS", 1) 1103 1.1 christos /* 1104 1.1 christos * RSA-PSS has no support for PEM_write_bio_PrivateKey_traditional(), 1105 1.1 christos * so no legacy tests. 1106 1.1 christos */ 1107 1.1 christos IMPLEMENT_TEST_SUITE_MSBLOB(RSA, "RSA") 1108 1.1 christos IMPLEMENT_TEST_SUITE_UNPROTECTED_PVK(RSA, "RSA") 1109 1.1 christos #ifndef OPENSSL_NO_RC4 1110 1.1 christos IMPLEMENT_TEST_SUITE_PROTECTED_PVK(RSA, "RSA") 1111 1.1 christos #endif 1112 1.1 christos 1113 1.1 christos #ifndef OPENSSL_NO_ML_DSA 1114 1.1 christos KEYS(ML_DSA_44); 1115 1.1 christos KEYS(ML_DSA_65); 1116 1.1 christos KEYS(ML_DSA_87); 1117 1.1 christos IMPLEMENT_TEST_SUITE(ML_DSA_44, "ML-DSA-44", 1) 1118 1.1 christos IMPLEMENT_TEST_SUITE(ML_DSA_65, "ML-DSA-65", 1) 1119 1.1 christos IMPLEMENT_TEST_SUITE(ML_DSA_87, "ML-DSA-87", 1) 1120 1.1 christos #endif /* OPENSSL_NO_ML_DSA */ 1121 1.1 christos 1122 1.1 christos #ifndef OPENSSL_NO_EC 1123 1.1 christos /* Explicit parameters that match a named curve */ 1124 1.1 christos static int do_create_ec_explicit_prime_params(OSSL_PARAM_BLD *bld, 1125 1.1 christos const unsigned char *gen, 1126 1.1 christos size_t gen_len) 1127 1.1 christos { 1128 1.1 christos BIGNUM *a, *b, *prime, *order; 1129 1.1 christos 1130 1.1 christos /* Curve prime256v1 */ 1131 1.1 christos static const unsigned char prime_data[] = { 1132 1.1 christos 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 1133 1.1 christos 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1134 1.1 christos 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 1135 1.1 christos 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 1136 1.1 christos 0xff 1137 1.1 christos }; 1138 1.1 christos static const unsigned char a_data[] = { 1139 1.1 christos 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 1140 1.1 christos 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1141 1.1 christos 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 1142 1.1 christos 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 1143 1.1 christos 0xfc 1144 1.1 christos }; 1145 1.1 christos static const unsigned char b_data[] = { 1146 1.1 christos 0x5a, 0xc6, 0x35, 0xd8, 0xaa, 0x3a, 0x93, 0xe7, 1147 1.1 christos 0xb3, 0xeb, 0xbd, 0x55, 0x76, 0x98, 0x86, 0xbc, 1148 1.1 christos 0x65, 0x1d, 0x06, 0xb0, 0xcc, 0x53, 0xb0, 0xf6, 1149 1.1 christos 0x3b, 0xce, 0x3c, 0x3e, 0x27, 0xd2, 0x60, 0x4b 1150 1.1 christos }; 1151 1.1 christos static const unsigned char seed[] = { 1152 1.1 christos 0xc4, 0x9d, 0x36, 0x08, 0x86, 0xe7, 0x04, 0x93, 1153 1.1 christos 0x6a, 0x66, 0x78, 0xe1, 0x13, 0x9d, 0x26, 0xb7, 1154 1.1 christos 0x81, 0x9f, 0x7e, 0x90 1155 1.1 christos }; 1156 1.1 christos static const unsigned char order_data[] = { 1157 1.1 christos 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 1158 1.1 christos 0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 1159 1.1 christos 0xff, 0xbc, 0xe6, 0xfa, 0xad, 0xa7, 0x17, 0x9e, 1160 1.1 christos 0x84, 0xf3, 0xb9, 0xca, 0xc2, 0xfc, 0x63, 0x25, 0x51 1161 1.1 christos }; 1162 1.1 christos return TEST_ptr(a = BN_CTX_get(bnctx)) 1163 1.1 christos && TEST_ptr(b = BN_CTX_get(bnctx)) 1164 1.1 christos && TEST_ptr(prime = BN_CTX_get(bnctx)) 1165 1.1 christos && TEST_ptr(order = BN_CTX_get(bnctx)) 1166 1.1 christos && TEST_ptr(BN_bin2bn(prime_data, sizeof(prime_data), prime)) 1167 1.1 christos && TEST_ptr(BN_bin2bn(a_data, sizeof(a_data), a)) 1168 1.1 christos && TEST_ptr(BN_bin2bn(b_data, sizeof(b_data), b)) 1169 1.1 christos && TEST_ptr(BN_bin2bn(order_data, sizeof(order_data), order)) 1170 1.1 christos && TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld, 1171 1.1 christos OSSL_PKEY_PARAM_EC_FIELD_TYPE, SN_X9_62_prime_field, 1172 1.1 christos 0)) 1173 1.1 christos && TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_P, prime)) 1174 1.1 christos && TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_A, a)) 1175 1.1 christos && TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_B, b)) 1176 1.1 christos && TEST_true(OSSL_PARAM_BLD_push_BN(bld, 1177 1.1 christos OSSL_PKEY_PARAM_EC_ORDER, order)) 1178 1.1 christos && TEST_true(OSSL_PARAM_BLD_push_octet_string(bld, 1179 1.1 christos OSSL_PKEY_PARAM_EC_GENERATOR, gen, gen_len)) 1180 1.1 christos && TEST_true(OSSL_PARAM_BLD_push_octet_string(bld, 1181 1.1 christos OSSL_PKEY_PARAM_EC_SEED, seed, sizeof(seed))) 1182 1.1 christos && TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_COFACTOR, 1183 1.1 christos BN_value_one())); 1184 1.1 christos } 1185 1.1 christos 1186 1.1 christos static int create_ec_explicit_prime_params_namedcurve(OSSL_PARAM_BLD *bld) 1187 1.1 christos { 1188 1.1 christos static const unsigned char prime256v1_gen[] = { 1189 1.1 christos 0x04, 1190 1.1 christos 0x6b, 0x17, 0xd1, 0xf2, 0xe1, 0x2c, 0x42, 0x47, 1191 1.1 christos 0xf8, 0xbc, 0xe6, 0xe5, 0x63, 0xa4, 0x40, 0xf2, 1192 1.1 christos 0x77, 0x03, 0x7d, 0x81, 0x2d, 0xeb, 0x33, 0xa0, 1193 1.1 christos 0xf4, 0xa1, 0x39, 0x45, 0xd8, 0x98, 0xc2, 0x96, 1194 1.1 christos 0x4f, 0xe3, 0x42, 0xe2, 0xfe, 0x1a, 0x7f, 0x9b, 1195 1.1 christos 0x8e, 0xe7, 0xeb, 0x4a, 0x7c, 0x0f, 0x9e, 0x16, 1196 1.1 christos 0x2b, 0xce, 0x33, 0x57, 0x6b, 0x31, 0x5e, 0xce, 1197 1.1 christos 0xcb, 0xb6, 0x40, 0x68, 0x37, 0xbf, 0x51, 0xf5 1198 1.1 christos }; 1199 1.1 christos return do_create_ec_explicit_prime_params(bld, prime256v1_gen, 1200 1.1 christos sizeof(prime256v1_gen)); 1201 1.1 christos } 1202 1.1 christos 1203 1.1 christos static int create_ec_explicit_prime_params(OSSL_PARAM_BLD *bld) 1204 1.1 christos { 1205 1.1 christos /* 2G */ 1206 1.1 christos static const unsigned char prime256v1_gen2[] = { 1207 1.1 christos 0x04, 1208 1.1 christos 0xe4, 0x97, 0x08, 0xbe, 0x7d, 0xfa, 0xa2, 0x9a, 1209 1.1 christos 0xa3, 0x12, 0x6f, 0xe4, 0xe7, 0xd0, 0x25, 0xe3, 1210 1.1 christos 0x4a, 0xc1, 0x03, 0x15, 0x8c, 0xd9, 0x33, 0xc6, 1211 1.1 christos 0x97, 0x42, 0xf5, 0xdc, 0x97, 0xb9, 0xd7, 0x31, 1212 1.1 christos 0xe9, 0x7d, 0x74, 0x3d, 0x67, 0x6a, 0x3b, 0x21, 1213 1.1 christos 0x08, 0x9c, 0x31, 0x73, 0xf8, 0xc1, 0x27, 0xc9, 1214 1.1 christos 0xd2, 0xa0, 0xa0, 0x83, 0x66, 0xe0, 0xc9, 0xda, 1215 1.1 christos 0xa8, 0xc6, 0x56, 0x2b, 0x94, 0xb1, 0xae, 0x55 1216 1.1 christos }; 1217 1.1 christos return do_create_ec_explicit_prime_params(bld, prime256v1_gen2, 1218 1.1 christos sizeof(prime256v1_gen2)); 1219 1.1 christos } 1220 1.1 christos 1221 1.1 christos # ifndef OPENSSL_NO_EC2M 1222 1.1 christos static int do_create_ec_explicit_trinomial_params(OSSL_PARAM_BLD *bld, 1223 1.1 christos const unsigned char *gen, 1224 1.1 christos size_t gen_len) 1225 1.1 christos { 1226 1.1 christos BIGNUM *a, *b, *poly, *order, *cofactor; 1227 1.1 christos /* sect233k1 characteristic-two-field tpBasis */ 1228 1.1 christos static const unsigned char poly_data[] = { 1229 1.1 christos 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1230 1.1 christos 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 1231 1.1 christos 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 1232 1.1 christos }; 1233 1.1 christos static const unsigned char a_data[] = { 1234 1.1 christos 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1235 1.1 christos 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1236 1.1 christos 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 1237 1.1 christos }; 1238 1.1 christos static const unsigned char b_data[] = { 1239 1.1 christos 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1240 1.1 christos 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1241 1.1 christos 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 1242 1.1 christos }; 1243 1.1 christos static const unsigned char order_data[] = { 1244 1.1 christos 0x00, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1245 1.1 christos 0x00, 0x00, 0x00, 0x06, 0x9D, 0x5B, 0xB9, 0x15, 0xBC, 0xD4, 0x6E, 0xFB, 1246 1.1 christos 0x1A, 0xD5, 0xF1, 0x73, 0xAB, 0xDF 1247 1.1 christos }; 1248 1.1 christos static const unsigned char cofactor_data[]= { 1249 1.1 christos 0x4 1250 1.1 christos }; 1251 1.1 christos return TEST_ptr(a = BN_CTX_get(bnctx)) 1252 1.1 christos && TEST_ptr(b = BN_CTX_get(bnctx)) 1253 1.1 christos && TEST_ptr(poly = BN_CTX_get(bnctx)) 1254 1.1 christos && TEST_ptr(order = BN_CTX_get(bnctx)) 1255 1.1 christos && TEST_ptr(cofactor = BN_CTX_get(bnctx)) 1256 1.1 christos && TEST_ptr(BN_bin2bn(poly_data, sizeof(poly_data), poly)) 1257 1.1 christos && TEST_ptr(BN_bin2bn(a_data, sizeof(a_data), a)) 1258 1.1 christos && TEST_ptr(BN_bin2bn(b_data, sizeof(b_data), b)) 1259 1.1 christos && TEST_ptr(BN_bin2bn(order_data, sizeof(order_data), order)) 1260 1.1 christos && TEST_ptr(BN_bin2bn(cofactor_data, sizeof(cofactor_data), cofactor)) 1261 1.1 christos && TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld, 1262 1.1 christos OSSL_PKEY_PARAM_EC_FIELD_TYPE, 1263 1.1 christos SN_X9_62_characteristic_two_field, 0)) 1264 1.1 christos && TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_P, poly)) 1265 1.1 christos && TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_A, a)) 1266 1.1 christos && TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_B, b)) 1267 1.1 christos && TEST_true(OSSL_PARAM_BLD_push_BN(bld, 1268 1.1 christos OSSL_PKEY_PARAM_EC_ORDER, order)) 1269 1.1 christos && TEST_true(OSSL_PARAM_BLD_push_octet_string(bld, 1270 1.1 christos OSSL_PKEY_PARAM_EC_GENERATOR, gen, gen_len)) 1271 1.1 christos && TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_COFACTOR, 1272 1.1 christos cofactor)); 1273 1.1 christos } 1274 1.1 christos 1275 1.1 christos static int create_ec_explicit_trinomial_params_namedcurve(OSSL_PARAM_BLD *bld) 1276 1.1 christos { 1277 1.1 christos static const unsigned char gen[] = { 1278 1.1 christos 0x04, 1279 1.1 christos 0x01, 0x72, 0x32, 0xBA, 0x85, 0x3A, 0x7E, 0x73, 0x1A, 0xF1, 0x29, 0xF2, 1280 1.1 christos 0x2F, 0xF4, 0x14, 0x95, 0x63, 0xA4, 0x19, 0xC2, 0x6B, 0xF5, 0x0A, 0x4C, 1281 1.1 christos 0x9D, 0x6E, 0xEF, 0xAD, 0x61, 0x26, 1282 1.1 christos 0x01, 0xDB, 0x53, 0x7D, 0xEC, 0xE8, 0x19, 0xB7, 0xF7, 0x0F, 0x55, 0x5A, 1283 1.1 christos 0x67, 0xC4, 0x27, 0xA8, 0xCD, 0x9B, 0xF1, 0x8A, 0xEB, 0x9B, 0x56, 0xE0, 1284 1.1 christos 0xC1, 0x10, 0x56, 0xFA, 0xE6, 0xA3 1285 1.1 christos }; 1286 1.1 christos return do_create_ec_explicit_trinomial_params(bld, gen, sizeof(gen)); 1287 1.1 christos } 1288 1.1 christos 1289 1.1 christos static int create_ec_explicit_trinomial_params(OSSL_PARAM_BLD *bld) 1290 1.1 christos { 1291 1.1 christos static const unsigned char gen2[] = { 1292 1.1 christos 0x04, 1293 1.1 christos 0x00, 0xd7, 0xba, 0xd0, 0x26, 0x6c, 0x31, 0x6a, 0x78, 0x76, 0x01, 0xd1, 1294 1.1 christos 0x32, 0x4b, 0x8f, 0x30, 0x29, 0x2d, 0x78, 0x30, 0xca, 0x43, 0xaa, 0xf0, 1295 1.1 christos 0xa2, 0x5a, 0xd4, 0x0f, 0xb3, 0xf4, 1296 1.1 christos 0x00, 0x85, 0x4b, 0x1b, 0x8d, 0x50, 0x10, 0xa5, 0x1c, 0x80, 0xf7, 0x86, 1297 1.1 christos 0x40, 0x62, 0x4c, 0x87, 0xd1, 0x26, 0x7a, 0x9c, 0x5c, 0xe9, 0x82, 0x29, 1298 1.1 christos 0xd1, 0x67, 0x70, 0x41, 0xea, 0xcb 1299 1.1 christos }; 1300 1.1 christos return do_create_ec_explicit_trinomial_params(bld, gen2, sizeof(gen2)); 1301 1.1 christos } 1302 1.1 christos # endif /* OPENSSL_NO_EC2M */ 1303 1.1 christos 1304 1.1 christos /* 1305 1.1 christos * Test that multiple calls to OSSL_ENCODER_to_data() do not cause side effects 1306 1.1 christos */ 1307 1.1 christos static int ec_encode_to_data_multi(void) 1308 1.1 christos { 1309 1.1 christos int ret; 1310 1.1 christos OSSL_ENCODER_CTX *ectx = NULL; 1311 1.1 christos EVP_PKEY *key = NULL; 1312 1.1 christos uint8_t *enc = NULL; 1313 1.1 christos size_t enc_len = 0; 1314 1.1 christos 1315 1.1 christos ret = TEST_ptr(key = EVP_PKEY_Q_keygen(testctx, "", "EC", "P-256")) 1316 1.1 christos && TEST_ptr(ectx = OSSL_ENCODER_CTX_new_for_pkey(key, EVP_PKEY_KEYPAIR, 1317 1.1 christos "DER", NULL, NULL)) 1318 1.1 christos && TEST_int_eq(OSSL_ENCODER_to_data(ectx, NULL, &enc_len), 1) 1319 1.1 christos && TEST_int_eq(OSSL_ENCODER_to_data(ectx, &enc, &enc_len), 1); 1320 1.1 christos OPENSSL_free(enc); 1321 1.1 christos EVP_PKEY_free(key); 1322 1.1 christos OSSL_ENCODER_CTX_free(ectx); 1323 1.1 christos return ret; 1324 1.1 christos } 1325 1.1 christos #endif /* OPENSSL_NO_EC */ 1326 1.1 christos 1327 1.1 christos typedef enum OPTION_choice { 1328 1.1 christos OPT_ERR = -1, 1329 1.1 christos OPT_EOF = 0, 1330 1.1 christos OPT_CONTEXT, 1331 1.1 christos OPT_RSA_FILE, 1332 1.1 christos OPT_RSA_PSS_FILE, 1333 1.1 christos OPT_CONFIG_FILE, 1334 1.1 christos OPT_PROVIDER_NAME, 1335 1.1 christos OPT_TEST_ENUM 1336 1.1 christos } OPTION_CHOICE; 1337 1.1 christos 1338 1.1 christos const OPTIONS *test_get_options(void) 1339 1.1 christos { 1340 1.1 christos static const OPTIONS options[] = { 1341 1.1 christos OPT_TEST_OPTIONS_DEFAULT_USAGE, 1342 1.1 christos { "context", OPT_CONTEXT, '-', 1343 1.1 christos "Explicitly use a non-default library context" }, 1344 1.1 christos { "rsa", OPT_RSA_FILE, '<', 1345 1.1 christos "PEM format RSA key file to encode/decode" }, 1346 1.1 christos { "pss", OPT_RSA_PSS_FILE, '<', 1347 1.1 christos "PEM format RSA-PSS key file to encode/decode" }, 1348 1.1 christos { "config", OPT_CONFIG_FILE, '<', 1349 1.1 christos "The configuration file to use for the library context" }, 1350 1.1 christos { "provider", OPT_PROVIDER_NAME, 's', 1351 1.1 christos "The provider to load (The default value is 'default')" }, 1352 1.1 christos { NULL } 1353 1.1 christos }; 1354 1.1 christos return options; 1355 1.1 christos } 1356 1.1 christos 1357 1.1 christos int setup_tests(void) 1358 1.1 christos { 1359 1.1 christos const char *rsa_file = NULL; 1360 1.1 christos const char *rsa_pss_file = NULL; 1361 1.1 christos const char *prov_name = "default"; 1362 1.1 christos char *config_file = NULL; 1363 1.1 christos int ok = 1; 1364 1.1 christos 1365 1.1 christos #ifndef OPENSSL_NO_DSA 1366 1.1 christos static size_t qbits = 160; /* PVK only tolerates 160 Q bits */ 1367 1.1 christos static size_t pbits = 1024; /* With 160 Q bits, we MUST use 1024 P bits */ 1368 1.1 christos OSSL_PARAM DSA_params[] = { 1369 1.1 christos OSSL_PARAM_size_t("pbits", &pbits), 1370 1.1 christos OSSL_PARAM_size_t("qbits", &qbits), 1371 1.1 christos OSSL_PARAM_END 1372 1.1 christos }; 1373 1.1 christos #endif 1374 1.1 christos 1375 1.1 christos #ifndef OPENSSL_NO_EC 1376 1.1 christos static char groupname[] = "prime256v1"; 1377 1.1 christos OSSL_PARAM EC_params[] = { 1378 1.1 christos OSSL_PARAM_utf8_string("group", groupname, sizeof(groupname) - 1), 1379 1.1 christos OSSL_PARAM_END 1380 1.1 christos }; 1381 1.1 christos #endif 1382 1.1 christos 1383 1.1 christos OPTION_CHOICE o; 1384 1.1 christos 1385 1.1 christos while ((o = opt_next()) != OPT_EOF) { 1386 1.1 christos switch (o) { 1387 1.1 christos case OPT_CONTEXT: 1388 1.1 christos default_libctx = 0; 1389 1.1 christos break; 1390 1.1 christos case OPT_PROVIDER_NAME: 1391 1.1 christos prov_name = opt_arg(); 1392 1.1 christos break; 1393 1.1 christos case OPT_CONFIG_FILE: 1394 1.1 christos config_file = opt_arg(); 1395 1.1 christos break; 1396 1.1 christos case OPT_RSA_FILE: 1397 1.1 christos rsa_file = opt_arg(); 1398 1.1 christos break; 1399 1.1 christos case OPT_RSA_PSS_FILE: 1400 1.1 christos rsa_pss_file = opt_arg(); 1401 1.1 christos break; 1402 1.1 christos case OPT_TEST_CASES: 1403 1.1 christos break; 1404 1.1 christos default: 1405 1.1 christos return 0; 1406 1.1 christos } 1407 1.1 christos } 1408 1.1 christos 1409 1.1 christos if (strcmp(prov_name, "fips") == 0) 1410 1.1 christos is_fips = 1; 1411 1.1 christos 1412 1.1 christos if (default_libctx) { 1413 1.1 christos if (!test_get_libctx(NULL, NULL, config_file, &deflprov, prov_name)) 1414 1.1 christos return 0; 1415 1.1 christos } else { 1416 1.1 christos if (!test_get_libctx(&testctx, &nullprov, config_file, &deflprov, prov_name)) 1417 1.1 christos return 0; 1418 1.1 christos } 1419 1.1 christos 1420 1.1 christos /* FIPS(3.0.0): provider imports explicit params but they won't work #17998 */ 1421 1.1 christos is_fips_3_0_0 = is_fips && fips_provider_version_eq(testctx, 3, 0, 0); 1422 1.1 christos /* FIPS(3.5.0) is the first to support ML-DSA, ML-KEM and SLH-DSA */ 1423 1.1 christos is_fips_lt_3_5 = is_fips && fips_provider_version_lt(testctx, 3, 5, 0); 1424 1.1 christos 1425 1.1 christos #ifdef STATIC_LEGACY 1426 1.1 christos /* 1427 1.1 christos * This test is always statically linked against libcrypto. We must not 1428 1.1 christos * attempt to load legacy.so that might be dynamically linked against 1429 1.1 christos * libcrypto. Instead we use a built-in version of the legacy provider. 1430 1.1 christos */ 1431 1.1 christos if (!OSSL_PROVIDER_add_builtin(testctx, "legacy", ossl_legacy_provider_init)) 1432 1.1 christos return 0; 1433 1.1 christos #endif 1434 1.1 christos 1435 1.1 christos /* Separate provider/ctx for generating the test data */ 1436 1.1 christos if (!TEST_ptr(keyctx = OSSL_LIB_CTX_new())) 1437 1.1 christos return 0; 1438 1.1 christos if (!TEST_ptr(keyprov = OSSL_PROVIDER_load(keyctx, "default"))) 1439 1.1 christos return 0; 1440 1.1 christos 1441 1.1 christos #ifndef OPENSSL_NO_EC 1442 1.1 christos if (!TEST_ptr(bnctx = BN_CTX_new_ex(testctx)) 1443 1.1 christos || !TEST_ptr(bld_prime_nc = OSSL_PARAM_BLD_new()) 1444 1.1 christos || !TEST_ptr(bld_prime = OSSL_PARAM_BLD_new()) 1445 1.1 christos || !create_ec_explicit_prime_params_namedcurve(bld_prime_nc) 1446 1.1 christos || !create_ec_explicit_prime_params(bld_prime) 1447 1.1 christos || !TEST_ptr(ec_explicit_prime_params_nc = OSSL_PARAM_BLD_to_param(bld_prime_nc)) 1448 1.1 christos || !TEST_ptr(ec_explicit_prime_params_explicit = OSSL_PARAM_BLD_to_param(bld_prime)) 1449 1.1 christos # ifndef OPENSSL_NO_EC2M 1450 1.1 christos || !TEST_ptr(bld_tri_nc = OSSL_PARAM_BLD_new()) 1451 1.1 christos || !TEST_ptr(bld_tri = OSSL_PARAM_BLD_new()) 1452 1.1 christos || !create_ec_explicit_trinomial_params_namedcurve(bld_tri_nc) 1453 1.1 christos || !create_ec_explicit_trinomial_params(bld_tri) 1454 1.1 christos || !TEST_ptr(ec_explicit_tri_params_nc = OSSL_PARAM_BLD_to_param(bld_tri_nc)) 1455 1.1 christos || !TEST_ptr(ec_explicit_tri_params_explicit = OSSL_PARAM_BLD_to_param(bld_tri)) 1456 1.1 christos # endif 1457 1.1 christos ) 1458 1.1 christos return 0; 1459 1.1 christos #endif 1460 1.1 christos 1461 1.1 christos TEST_info("Generating keys..."); 1462 1.1 christos 1463 1.1 christos #ifndef OPENSSL_NO_DH 1464 1.1 christos TEST_info("Generating DH keys..."); 1465 1.1 christos MAKE_DOMAIN_KEYS(DH, "DH", NULL); 1466 1.1 christos MAKE_DOMAIN_KEYS(DHX, "X9.42 DH", NULL); 1467 1.1 christos #endif 1468 1.1 christos #ifndef OPENSSL_NO_DSA 1469 1.1 christos TEST_info("Generating DSA keys..."); 1470 1.1 christos MAKE_DOMAIN_KEYS(DSA, "DSA", DSA_params); 1471 1.1 christos #endif 1472 1.1 christos #ifndef OPENSSL_NO_EC 1473 1.1 christos TEST_info("Generating EC keys..."); 1474 1.1 christos MAKE_DOMAIN_KEYS(EC, "EC", EC_params); 1475 1.1 christos MAKE_DOMAIN_KEYS(ECExplicitPrimeNamedCurve, "EC", ec_explicit_prime_params_nc); 1476 1.1 christos MAKE_DOMAIN_KEYS(ECExplicitPrime2G, "EC", ec_explicit_prime_params_explicit); 1477 1.1 christos # ifndef OPENSSL_NO_EC2M 1478 1.1 christos MAKE_DOMAIN_KEYS(ECExplicitTriNamedCurve, "EC", ec_explicit_tri_params_nc); 1479 1.1 christos MAKE_DOMAIN_KEYS(ECExplicitTri2G, "EC", ec_explicit_tri_params_explicit); 1480 1.1 christos # endif 1481 1.1 christos # ifndef OPENSSL_NO_SM2 1482 1.1 christos MAKE_KEYS(SM2, "SM2", NULL); 1483 1.1 christos # endif 1484 1.1 christos #endif 1485 1.1 christos #ifndef OPENSSL_NO_ECX 1486 1.1 christos MAKE_KEYS(ED25519, "ED25519", NULL); 1487 1.1 christos MAKE_KEYS(ED448, "ED448", NULL); 1488 1.1 christos MAKE_KEYS(X25519, "X25519", NULL); 1489 1.1 christos MAKE_KEYS(X448, "X448", NULL); 1490 1.1 christos #endif 1491 1.1 christos #ifndef OPENSSL_NO_ML_DSA 1492 1.1 christos if (!is_fips_lt_3_5) { 1493 1.1 christos MAKE_KEYS(ML_DSA_44, "ML-DSA-44", NULL); 1494 1.1 christos MAKE_KEYS(ML_DSA_65, "ML-DSA-65", NULL); 1495 1.1 christos MAKE_KEYS(ML_DSA_87, "ML-DSA-87", NULL); 1496 1.1 christos } 1497 1.1 christos #endif /* OPENSSL_NO_ML_DSA */ 1498 1.1 christos #ifndef OPENSSL_NO_ML_KEM 1499 1.1 christos if (!is_fips_lt_3_5) { 1500 1.1 christos MAKE_KEYS(ML_KEM_512, "ML-KEM-512", NULL); 1501 1.1 christos MAKE_KEYS(ML_KEM_768, "ML-KEM-768", NULL); 1502 1.1 christos MAKE_KEYS(ML_KEM_1024, "ML-KEM-1024", NULL); 1503 1.1 christos } 1504 1.1 christos #endif 1505 1.1 christos #ifndef OPENSSL_NO_SLH_DSA 1506 1.1 christos if (!is_fips_lt_3_5) { 1507 1.1 christos MAKE_KEYS(SLH_DSA_SHA2_128s, "SLH-DSA-SHA2-128s", NULL); 1508 1.1 christos MAKE_KEYS(SLH_DSA_SHA2_128f, "SLH-DSA-SHA2-128f", NULL); 1509 1.1 christos MAKE_KEYS(SLH_DSA_SHA2_192s, "SLH-DSA-SHA2-192s", NULL); 1510 1.1 christos MAKE_KEYS(SLH_DSA_SHA2_192f, "SLH-DSA-SHA2-192f", NULL); 1511 1.1 christos MAKE_KEYS(SLH_DSA_SHA2_256s, "SLH-DSA-SHA2-256s", NULL); 1512 1.1 christos MAKE_KEYS(SLH_DSA_SHA2_256f, "SLH-DSA-SHA2-256f", NULL); 1513 1.1 christos MAKE_KEYS(SLH_DSA_SHAKE_128s, "SLH-DSA-SHAKE-128s", NULL); 1514 1.1 christos MAKE_KEYS(SLH_DSA_SHAKE_128f, "SLH-DSA-SHAKE-128f", NULL); 1515 1.1 christos MAKE_KEYS(SLH_DSA_SHAKE_192s, "SLH-DSA-SHAKE-192s", NULL); 1516 1.1 christos MAKE_KEYS(SLH_DSA_SHAKE_192f, "SLH-DSA-SHAKE-192f", NULL); 1517 1.1 christos MAKE_KEYS(SLH_DSA_SHAKE_256s, "SLH-DSA-SHAKE-256s", NULL); 1518 1.1 christos MAKE_KEYS(SLH_DSA_SHAKE_256f, "SLH-DSA-SHAKE-256f", NULL); 1519 1.1 christos } 1520 1.1 christos #endif /* OPENSSL_NO_SLH_DSA */ 1521 1.1 christos 1522 1.1 christos TEST_info("Loading RSA key..."); 1523 1.1 christos ok = ok && TEST_ptr(key_RSA = load_pkey_pem(rsa_file, keyctx)); 1524 1.1 christos TEST_info("Loading RSA_PSS key..."); 1525 1.1 christos ok = ok && TEST_ptr(key_RSA_PSS = load_pkey_pem(rsa_pss_file, keyctx)); 1526 1.1 christos TEST_info("Generating keys done"); 1527 1.1 christos 1528 1.1 christos if (ok) { 1529 1.1 christos #ifndef OPENSSL_NO_DH 1530 1.1 christos ADD_TEST_SUITE(DH); 1531 1.1 christos ADD_TEST_SUITE_PARAMS(DH); 1532 1.1 christos ADD_TEST_SUITE(DHX); 1533 1.1 christos ADD_TEST_SUITE_PARAMS(DHX); 1534 1.1 christos /* 1535 1.1 christos * DH has no support for PEM_write_bio_PrivateKey_traditional(), 1536 1.1 christos * so no legacy tests. 1537 1.1 christos */ 1538 1.1 christos #endif 1539 1.1 christos #ifndef OPENSSL_NO_DSA 1540 1.1 christos ADD_TEST_SUITE(DSA); 1541 1.1 christos ADD_TEST_SUITE_PARAMS(DSA); 1542 1.1 christos ADD_TEST_SUITE_LEGACY(DSA); 1543 1.1 christos ADD_TEST_SUITE_MSBLOB(DSA); 1544 1.1 christos ADD_TEST_SUITE_UNPROTECTED_PVK(DSA); 1545 1.1 christos # ifndef OPENSSL_NO_RC4 1546 1.1 christos ADD_TEST_SUITE_PROTECTED_PVK(DSA); 1547 1.1 christos # endif 1548 1.1 christos #endif 1549 1.1 christos #ifndef OPENSSL_NO_EC 1550 1.1 christos ADD_TEST(ec_encode_to_data_multi); 1551 1.1 christos ADD_TEST_SUITE(EC); 1552 1.1 christos ADD_TEST_SUITE_PARAMS(EC); 1553 1.1 christos ADD_TEST_SUITE_LEGACY(EC); 1554 1.1 christos ADD_TEST_SUITE(ECExplicitPrimeNamedCurve); 1555 1.1 christos ADD_TEST_SUITE_LEGACY(ECExplicitPrimeNamedCurve); 1556 1.1 christos ADD_TEST_SUITE(ECExplicitPrime2G); 1557 1.1 christos ADD_TEST_SUITE_LEGACY(ECExplicitPrime2G); 1558 1.1 christos # ifndef OPENSSL_NO_EC2M 1559 1.1 christos ADD_TEST_SUITE(ECExplicitTriNamedCurve); 1560 1.1 christos ADD_TEST_SUITE_LEGACY(ECExplicitTriNamedCurve); 1561 1.1 christos ADD_TEST_SUITE(ECExplicitTri2G); 1562 1.1 christos ADD_TEST_SUITE_LEGACY(ECExplicitTri2G); 1563 1.1 christos # endif 1564 1.1 christos # ifndef OPENSSL_NO_SM2 1565 1.1 christos if (!is_fips_3_0_0) { 1566 1.1 christos /* 3.0.0 FIPS provider imports explicit EC params and then fails. */ 1567 1.1 christos ADD_TEST_SUITE(SM2); 1568 1.1 christos } 1569 1.1 christos # endif 1570 1.1 christos #endif 1571 1.1 christos #ifndef OPENSSL_NO_ECX 1572 1.1 christos ADD_TEST_SUITE(ED25519); 1573 1.1 christos ADD_TEST_SUITE(ED448); 1574 1.1 christos ADD_TEST_SUITE(X25519); 1575 1.1 christos ADD_TEST_SUITE(X448); 1576 1.1 christos /* 1577 1.1 christos * ED25519, ED448, X25519 and X448 have no support for 1578 1.1 christos * PEM_write_bio_PrivateKey_traditional(), so no legacy tests. 1579 1.1 christos */ 1580 1.1 christos #endif 1581 1.1 christos #ifndef OPENSSL_NO_ML_KEM 1582 1.1 christos if (!is_fips_lt_3_5) { 1583 1.1 christos ADD_TEST_SUITE(ML_KEM_512); 1584 1.1 christos ADD_TEST_SUITE(ML_KEM_768); 1585 1.1 christos ADD_TEST_SUITE(ML_KEM_1024); 1586 1.1 christos } 1587 1.1 christos #endif 1588 1.1 christos ADD_TEST_SUITE(RSA); 1589 1.1 christos ADD_TEST_SUITE_LEGACY(RSA); 1590 1.1 christos ADD_TEST_SUITE(RSA_PSS); 1591 1.1 christos /* 1592 1.1 christos * RSA-PSS has no support for PEM_write_bio_PrivateKey_traditional(), 1593 1.1 christos * so no legacy tests. 1594 1.1 christos */ 1595 1.1 christos ADD_TEST_SUITE_MSBLOB(RSA); 1596 1.1 christos ADD_TEST_SUITE_UNPROTECTED_PVK(RSA); 1597 1.1 christos # ifndef OPENSSL_NO_RC4 1598 1.1 christos ADD_TEST_SUITE_PROTECTED_PVK(RSA); 1599 1.1 christos # endif 1600 1.1 christos 1601 1.1 christos #ifndef OPENSSL_NO_ML_DSA 1602 1.1 christos if (!is_fips_lt_3_5) { 1603 1.1 christos ADD_TEST_SUITE(ML_DSA_44); 1604 1.1 christos ADD_TEST_SUITE(ML_DSA_65); 1605 1.1 christos ADD_TEST_SUITE(ML_DSA_87); 1606 1.1 christos } 1607 1.1 christos #endif /* OPENSSL_NO_ML_DSA */ 1608 1.1 christos 1609 1.1 christos #ifndef OPENSSL_NO_SLH_DSA 1610 1.1 christos if (!is_fips_lt_3_5) { 1611 1.1 christos ADD_TEST_SUITE(SLH_DSA_SHA2_128s); 1612 1.1 christos ADD_TEST_SUITE(SLH_DSA_SHA2_128f); 1613 1.1 christos ADD_TEST_SUITE(SLH_DSA_SHA2_192s); 1614 1.1 christos ADD_TEST_SUITE(SLH_DSA_SHA2_192f); 1615 1.1 christos ADD_TEST_SUITE(SLH_DSA_SHA2_256s); 1616 1.1 christos ADD_TEST_SUITE(SLH_DSA_SHA2_256f); 1617 1.1 christos ADD_TEST_SUITE(SLH_DSA_SHAKE_128s); 1618 1.1 christos ADD_TEST_SUITE(SLH_DSA_SHAKE_128f); 1619 1.1 christos ADD_TEST_SUITE(SLH_DSA_SHAKE_192s); 1620 1.1 christos ADD_TEST_SUITE(SLH_DSA_SHAKE_192f); 1621 1.1 christos ADD_TEST_SUITE(SLH_DSA_SHAKE_256s); 1622 1.1 christos ADD_TEST_SUITE(SLH_DSA_SHAKE_256f); 1623 1.1 christos } 1624 1.1 christos #endif /* OPENSSL_NO_SLH_DSA */ 1625 1.1 christos } 1626 1.1 christos 1627 1.1 christos return 1; 1628 1.1 christos } 1629 1.1 christos 1630 1.1 christos void cleanup_tests(void) 1631 1.1 christos { 1632 1.1 christos #ifndef OPENSSL_NO_EC 1633 1.1 christos OSSL_PARAM_free(ec_explicit_prime_params_nc); 1634 1.1 christos OSSL_PARAM_free(ec_explicit_prime_params_explicit); 1635 1.1 christos OSSL_PARAM_BLD_free(bld_prime_nc); 1636 1.1 christos OSSL_PARAM_BLD_free(bld_prime); 1637 1.1 christos # ifndef OPENSSL_NO_EC2M 1638 1.1 christos OSSL_PARAM_free(ec_explicit_tri_params_nc); 1639 1.1 christos OSSL_PARAM_free(ec_explicit_tri_params_explicit); 1640 1.1 christos OSSL_PARAM_BLD_free(bld_tri_nc); 1641 1.1 christos OSSL_PARAM_BLD_free(bld_tri); 1642 1.1 christos # endif 1643 1.1 christos BN_CTX_free(bnctx); 1644 1.1 christos #endif /* OPENSSL_NO_EC */ 1645 1.1 christos 1646 1.1 christos #ifndef OPENSSL_NO_DH 1647 1.1 christos FREE_DOMAIN_KEYS(DH); 1648 1.1 christos FREE_DOMAIN_KEYS(DHX); 1649 1.1 christos #endif 1650 1.1 christos #ifndef OPENSSL_NO_DSA 1651 1.1 christos FREE_DOMAIN_KEYS(DSA); 1652 1.1 christos #endif 1653 1.1 christos #ifndef OPENSSL_NO_EC 1654 1.1 christos FREE_DOMAIN_KEYS(EC); 1655 1.1 christos FREE_DOMAIN_KEYS(ECExplicitPrimeNamedCurve); 1656 1.1 christos FREE_DOMAIN_KEYS(ECExplicitPrime2G); 1657 1.1 christos # ifndef OPENSSL_NO_EC2M 1658 1.1 christos FREE_DOMAIN_KEYS(ECExplicitTriNamedCurve); 1659 1.1 christos FREE_DOMAIN_KEYS(ECExplicitTri2G); 1660 1.1 christos # endif 1661 1.1 christos # ifndef OPENSSL_NO_SM2 1662 1.1 christos FREE_KEYS(SM2); 1663 1.1 christos # endif 1664 1.1 christos #endif 1665 1.1 christos #ifndef OPENSSL_NO_ECX 1666 1.1 christos FREE_KEYS(ED25519); 1667 1.1 christos FREE_KEYS(ED448); 1668 1.1 christos FREE_KEYS(X25519); 1669 1.1 christos FREE_KEYS(X448); 1670 1.1 christos #endif 1671 1.1 christos #ifndef OPENSSL_NO_ML_KEM 1672 1.1 christos if (!is_fips_lt_3_5) { 1673 1.1 christos FREE_KEYS(ML_KEM_512); 1674 1.1 christos FREE_KEYS(ML_KEM_768); 1675 1.1 christos FREE_KEYS(ML_KEM_1024); 1676 1.1 christos } 1677 1.1 christos #endif 1678 1.1 christos FREE_KEYS(RSA); 1679 1.1 christos FREE_KEYS(RSA_PSS); 1680 1.1 christos 1681 1.1 christos #ifndef OPENSSL_NO_ML_DSA 1682 1.1 christos if (!is_fips_lt_3_5) { 1683 1.1 christos FREE_KEYS(ML_DSA_44); 1684 1.1 christos FREE_KEYS(ML_DSA_65); 1685 1.1 christos FREE_KEYS(ML_DSA_87); 1686 1.1 christos } 1687 1.1 christos #endif /* OPENSSL_NO_ML_DSA */ 1688 1.1 christos 1689 1.1 christos #ifndef OPENSSL_NO_SLH_DSA 1690 1.1 christos if (!is_fips_lt_3_5) { 1691 1.1 christos FREE_KEYS(SLH_DSA_SHA2_128s); 1692 1.1 christos FREE_KEYS(SLH_DSA_SHA2_128f); 1693 1.1 christos FREE_KEYS(SLH_DSA_SHA2_192s); 1694 1.1 christos FREE_KEYS(SLH_DSA_SHA2_192f); 1695 1.1 christos FREE_KEYS(SLH_DSA_SHA2_256s); 1696 1.1 christos FREE_KEYS(SLH_DSA_SHA2_256f); 1697 1.1 christos FREE_KEYS(SLH_DSA_SHAKE_128s); 1698 1.1 christos FREE_KEYS(SLH_DSA_SHAKE_128f); 1699 1.1 christos FREE_KEYS(SLH_DSA_SHAKE_192s); 1700 1.1 christos FREE_KEYS(SLH_DSA_SHAKE_192f); 1701 1.1 christos FREE_KEYS(SLH_DSA_SHAKE_256s); 1702 1.1 christos FREE_KEYS(SLH_DSA_SHAKE_256f); 1703 1.1 christos } 1704 1.1 christos #endif /* OPENSSL_NO_SLH_DSA */ 1705 1.1 christos 1706 1.1 christos OSSL_PROVIDER_unload(nullprov); 1707 1.1 christos OSSL_PROVIDER_unload(deflprov); 1708 1.1 christos OSSL_PROVIDER_unload(keyprov); 1709 1.1 christos OSSL_LIB_CTX_free(testctx); 1710 1.1 christos OSSL_LIB_CTX_free(keyctx); 1711 1.1 christos } 1712
Indexes created Mon Mar 02 05:31:46 UTC 2026