1 1.1 christos /* 2 1.1.1.3 christos * Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved. 3 1.1 christos * 4 1.1 christos * Licensed under the Apache License 2.0 (the "License"). You may not use 5 1.1 christos * this file except in compliance with the License. You can obtain a copy 6 1.1 christos * in the file LICENSE in the source distribution or at 7 1.1 christos * https://www.openssl.org/source/license.html 8 1.1 christos */ 9 1.1 christos 10 1.1 christos #include <string.h> 11 1.1 christos #include <openssl/core_dispatch.h> 12 1.1 christos #include <openssl/evp.h> 13 1.1 christos #include <openssl/pem.h> 14 1.1 christos #include <openssl/rsa.h> 15 1.1 christos #include <openssl/x509.h> 16 1.1 christos #include <openssl/core_names.h> 17 1.1 christos #include <openssl/params.h> 18 1.1 christos #include <openssl/param_build.h> 19 1.1 christos #include <openssl/encoder.h> 20 1.1 christos #include <openssl/decoder.h> 21 1.1 christos 22 1.1 christos #include "internal/cryptlib.h" /* ossl_assert */ 23 1.1 christos #include "crypto/pem.h" /* For PVK and "blob" PEM headers */ 24 1.1 christos #include "crypto/evp.h" /* For evp_pkey_is_provided() */ 25 1.1 christos 26 1.1 christos #include "helpers/predefined_dhparams.h" 27 1.1 christos #include "testutil.h" 28 1.1 christos 29 1.1 christos /* Extended test macros to allow passing file & line number */ 30 1.1 christos #define TEST_FL_ptr(a) test_ptr(file, line, #a, a) 31 1.1 christos #define TEST_FL_mem_eq(a, m, b, n) test_mem_eq(file, line, #a, #b, a, m, b, n) 32 1.1 christos #define TEST_FL_strn_eq(a, b, n) test_strn_eq(file, line, #a, #b, a, n, b, n) 33 1.1 christos #define TEST_FL_strn2_eq(a, m, b, n) test_strn_eq(file, line, #a, #b, a, m, b, n) 34 1.1 christos #define TEST_FL_int_eq(a, b) test_int_eq(file, line, #a, #b, a, b) 35 1.1 christos #define TEST_FL_int_ge(a, b) test_int_ge(file, line, #a, #b, a, b) 36 1.1 christos #define TEST_FL_int_gt(a, b) test_int_gt(file, line, #a, #b, a, b) 37 1.1 christos #define TEST_FL_long_gt(a, b) test_long_gt(file, line, #a, #b, a, b) 38 1.1 christos #define TEST_FL_true(a) test_true(file, line, #a, (a) != 0) 39 1.1 christos 40 1.1 christos #if defined(OPENSSL_NO_DH) && defined(OPENSSL_NO_DSA) && defined(OPENSSL_NO_EC) 41 1.1 christos # define OPENSSL_NO_KEYPARAMS 42 1.1 christos #endif 43 1.1 christos 44 1.1 christos static int default_libctx = 1; 45 1.1 christos static int is_fips = 0; 46 1.1 christos static int is_fips_3_0_0 = 0; 47 1.1 christos 48 1.1 christos static OSSL_LIB_CTX *testctx = NULL; 49 1.1 christos static OSSL_LIB_CTX *keyctx = NULL; 50 1.1 christos static char *testpropq = NULL; 51 1.1 christos 52 1.1 christos static OSSL_PROVIDER *nullprov = NULL; 53 1.1 christos static OSSL_PROVIDER *deflprov = NULL; 54 1.1 christos static OSSL_PROVIDER *keyprov = NULL; 55 1.1 christos 56 1.1 christos #ifndef OPENSSL_NO_EC 57 1.1 christos static BN_CTX *bnctx = NULL; 58 1.1 christos static OSSL_PARAM_BLD *bld_prime_nc = NULL; 59 1.1 christos static OSSL_PARAM_BLD *bld_prime = NULL; 60 1.1 christos static OSSL_PARAM *ec_explicit_prime_params_nc = NULL; 61 1.1 christos static OSSL_PARAM *ec_explicit_prime_params_explicit = NULL; 62 1.1 christos 63 1.1 christos # ifndef OPENSSL_NO_EC2M 64 1.1 christos static OSSL_PARAM_BLD *bld_tri_nc = NULL; 65 1.1 christos static OSSL_PARAM_BLD *bld_tri = NULL; 66 1.1 christos static OSSL_PARAM *ec_explicit_tri_params_nc = NULL; 67 1.1 christos static OSSL_PARAM *ec_explicit_tri_params_explicit = NULL; 68 1.1 christos # endif 69 1.1 christos #endif 70 1.1 christos 71 1.1 christos #ifndef OPENSSL_NO_KEYPARAMS 72 1.1 christos static EVP_PKEY *make_template(const char *type, OSSL_PARAM *genparams) 73 1.1 christos { 74 1.1 christos EVP_PKEY *pkey = NULL; 75 1.1 christos EVP_PKEY_CTX *ctx = NULL; 76 1.1 christos 77 1.1 christos # ifndef OPENSSL_NO_DH 78 1.1 christos /* 79 1.1 christos * Use 512-bit DH(X) keys with predetermined parameters for efficiency, 80 1.1 christos * for testing only. Use a minimum key size of 2048 for security purposes. 81 1.1 christos */ 82 1.1 christos if (strcmp(type, "DH") == 0) 83 1.1 christos return get_dh512(keyctx); 84 1.1 christos 85 1.1 christos if (strcmp(type, "X9.42 DH") == 0) 86 1.1 christos return get_dhx512(keyctx); 87 1.1 christos # endif 88 1.1 christos 89 1.1 christos /* 90 1.1 christos * No real need to check the errors other than for the cascade 91 1.1 christos * effect. |pkey| will simply remain NULL if something goes wrong. 92 1.1 christos */ 93 1.1 christos (void)((ctx = EVP_PKEY_CTX_new_from_name(keyctx, type, testpropq)) != NULL 94 1.1 christos && EVP_PKEY_paramgen_init(ctx) > 0 95 1.1 christos && (genparams == NULL 96 1.1 christos || EVP_PKEY_CTX_set_params(ctx, genparams) > 0) 97 1.1 christos && EVP_PKEY_generate(ctx, &pkey) > 0); 98 1.1 christos EVP_PKEY_CTX_free(ctx); 99 1.1 christos 100 1.1 christos return pkey; 101 1.1 christos } 102 1.1 christos #endif 103 1.1 christos 104 1.1 christos #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC) 105 1.1 christos static EVP_PKEY *make_key(const char *type, EVP_PKEY *template, 106 1.1 christos OSSL_PARAM *genparams) 107 1.1 christos { 108 1.1 christos EVP_PKEY *pkey = NULL; 109 1.1 christos EVP_PKEY_CTX *ctx = 110 1.1 christos template != NULL 111 1.1 christos ? EVP_PKEY_CTX_new_from_pkey(keyctx, template, testpropq) 112 1.1 christos : EVP_PKEY_CTX_new_from_name(keyctx, type, testpropq); 113 1.1 christos 114 1.1 christos /* 115 1.1 christos * No real need to check the errors other than for the cascade 116 1.1 christos * effect. |pkey| will simply remain NULL if something goes wrong. 117 1.1 christos */ 118 1.1 christos (void)(ctx != NULL 119 1.1 christos && EVP_PKEY_keygen_init(ctx) > 0 120 1.1 christos && (genparams == NULL 121 1.1 christos || EVP_PKEY_CTX_set_params(ctx, genparams) > 0) 122 1.1 christos && EVP_PKEY_keygen(ctx, &pkey) > 0); 123 1.1 christos EVP_PKEY_CTX_free(ctx); 124 1.1 christos return pkey; 125 1.1 christos } 126 1.1 christos #endif 127 1.1 christos 128 1.1 christos /* Main test driver */ 129 1.1 christos 130 1.1 christos typedef int (encoder)(const char *file, const int line, 131 1.1 christos void **encoded, long *encoded_len, 132 1.1 christos void *object, int selection, 133 1.1 christos const char *output_type, const char *output_structure, 134 1.1 christos const char *pass, const char *pcipher); 135 1.1 christos typedef int (decoder)(const char *file, const int line, 136 1.1 christos void **object, void *encoded, long encoded_len, 137 1.1 christos const char *input_type, const char *structure_type, 138 1.1 christos const char *keytype, int selection, const char *pass); 139 1.1 christos typedef int (tester)(const char *file, const int line, 140 1.1 christos const void *data1, size_t data1_len, 141 1.1 christos const void *data2, size_t data2_len); 142 1.1 christos typedef int (checker)(const char *file, const int line, 143 1.1 christos const char *type, const void *data, size_t data_len); 144 1.1 christos typedef void (dumper)(const char *label, const void *data, size_t data_len); 145 1.1 christos 146 1.1 christos #define FLAG_DECODE_WITH_TYPE 0x0001 147 1.1 christos #define FLAG_FAIL_IF_FIPS 0x0002 148 1.1 christos 149 1.1 christos static int test_encode_decode(const char *file, const int line, 150 1.1 christos const char *type, EVP_PKEY *pkey, 151 1.1 christos int selection, const char *output_type, 152 1.1 christos const char *output_structure, 153 1.1 christos const char *pass, const char *pcipher, 154 1.1 christos encoder *encode_cb, decoder *decode_cb, 155 1.1 christos tester *test_cb, checker *check_cb, 156 1.1 christos dumper *dump_cb, int flags) 157 1.1 christos { 158 1.1 christos void *encoded = NULL; 159 1.1 christos long encoded_len = 0; 160 1.1 christos EVP_PKEY *pkey2 = NULL; 161 1.1.1.2 christos EVP_PKEY *pkey3 = NULL; 162 1.1 christos void *encoded2 = NULL; 163 1.1 christos long encoded2_len = 0; 164 1.1 christos int ok = 0; 165 1.1 christos 166 1.1 christos /* 167 1.1 christos * Encode |pkey|, decode the result into |pkey2|, and finish off by 168 1.1 christos * encoding |pkey2| as well. That last encoding is for checking and 169 1.1 christos * dumping purposes. 170 1.1 christos */ 171 1.1 christos if (!TEST_true(encode_cb(file, line, &encoded, &encoded_len, pkey, selection, 172 1.1 christos output_type, output_structure, pass, pcipher))) 173 1.1 christos goto end; 174 1.1 christos 175 1.1 christos if ((flags & FLAG_FAIL_IF_FIPS) != 0 && is_fips && !is_fips_3_0_0) { 176 1.1 christos if (TEST_false(decode_cb(file, line, (void **)&pkey2, encoded, 177 1.1 christos encoded_len, output_type, output_structure, 178 1.1 christos (flags & FLAG_DECODE_WITH_TYPE ? type : NULL), 179 1.1 christos selection, pass))) 180 1.1 christos ok = 1; 181 1.1 christos goto end; 182 1.1 christos } 183 1.1 christos 184 1.1 christos if (!TEST_true(check_cb(file, line, type, encoded, encoded_len)) 185 1.1 christos || !TEST_true(decode_cb(file, line, (void **)&pkey2, encoded, encoded_len, 186 1.1 christos output_type, output_structure, 187 1.1 christos (flags & FLAG_DECODE_WITH_TYPE ? type : NULL), 188 1.1 christos selection, pass)) 189 1.1.1.2 christos || ((output_structure == NULL 190 1.1.1.2 christos || strcmp(output_structure, "type-specific") != 0) 191 1.1.1.2 christos && !TEST_true(decode_cb(file, line, (void **)&pkey3, encoded, encoded_len, 192 1.1.1.2 christos output_type, output_structure, 193 1.1.1.2 christos (flags & FLAG_DECODE_WITH_TYPE ? type : NULL), 194 1.1.1.2 christos 0, pass))) 195 1.1 christos || !TEST_true(encode_cb(file, line, &encoded2, &encoded2_len, pkey2, selection, 196 1.1 christos output_type, output_structure, pass, pcipher))) 197 1.1 christos goto end; 198 1.1 christos 199 1.1 christos if (selection == OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) { 200 1.1.1.2 christos if (!TEST_int_eq(EVP_PKEY_parameters_eq(pkey, pkey2), 1) 201 1.1.1.2 christos || (pkey3 != NULL 202 1.1.1.2 christos && !TEST_int_eq(EVP_PKEY_parameters_eq(pkey, pkey3), 1))) 203 1.1 christos goto end; 204 1.1 christos } else { 205 1.1.1.2 christos if (!TEST_int_eq(EVP_PKEY_eq(pkey, pkey2), 1) 206 1.1.1.2 christos || (pkey3 != NULL 207 1.1.1.2 christos && !TEST_int_eq(EVP_PKEY_eq(pkey, pkey3), 1))) 208 1.1 christos goto end; 209 1.1 christos } 210 1.1 christos 211 1.1 christos /* 212 1.1 christos * Double check the encoding, but only for unprotected keys, 213 1.1 christos * as protected keys have a random component, which makes the output 214 1.1 christos * differ. 215 1.1 christos */ 216 1.1 christos if ((pass == NULL && pcipher == NULL) 217 1.1 christos && !test_cb(file, line, encoded, encoded_len, encoded2, encoded2_len)) 218 1.1 christos goto end; 219 1.1 christos 220 1.1 christos ok = 1; 221 1.1 christos end: 222 1.1 christos if (!ok) { 223 1.1 christos if (encoded != NULL && encoded_len != 0) 224 1.1 christos dump_cb("|pkey| encoded", encoded, encoded_len); 225 1.1 christos if (encoded2 != NULL && encoded2_len != 0) 226 1.1 christos dump_cb("|pkey2| encoded", encoded2, encoded2_len); 227 1.1 christos } 228 1.1 christos 229 1.1 christos OPENSSL_free(encoded); 230 1.1 christos OPENSSL_free(encoded2); 231 1.1 christos EVP_PKEY_free(pkey2); 232 1.1.1.2 christos EVP_PKEY_free(pkey3); 233 1.1 christos return ok; 234 1.1 christos } 235 1.1 christos 236 1.1 christos /* Encoding and decoding methods */ 237 1.1 christos 238 1.1 christos static int encode_EVP_PKEY_prov(const char *file, const int line, 239 1.1 christos void **encoded, long *encoded_len, 240 1.1 christos void *object, int selection, 241 1.1 christos const char *output_type, 242 1.1 christos const char *output_structure, 243 1.1 christos const char *pass, const char *pcipher) 244 1.1 christos { 245 1.1 christos EVP_PKEY *pkey = object; 246 1.1 christos OSSL_ENCODER_CTX *ectx = NULL; 247 1.1 christos BIO *mem_ser = NULL; 248 1.1 christos BUF_MEM *mem_buf = NULL; 249 1.1 christos const unsigned char *upass = (const unsigned char *)pass; 250 1.1 christos int ok = 0; 251 1.1 christos 252 1.1 christos if (!TEST_FL_ptr(ectx = OSSL_ENCODER_CTX_new_for_pkey(pkey, selection, 253 1.1 christos output_type, 254 1.1 christos output_structure, 255 1.1 christos testpropq)) 256 1.1 christos || !TEST_FL_int_gt(OSSL_ENCODER_CTX_get_num_encoders(ectx), 0) 257 1.1 christos || (pass != NULL 258 1.1 christos && !TEST_FL_true(OSSL_ENCODER_CTX_set_passphrase(ectx, upass, 259 1.1 christos strlen(pass)))) 260 1.1 christos || (pcipher != NULL 261 1.1 christos && !TEST_FL_true(OSSL_ENCODER_CTX_set_cipher(ectx, pcipher, NULL))) 262 1.1 christos || !TEST_FL_ptr(mem_ser = BIO_new(BIO_s_mem())) 263 1.1 christos || !TEST_FL_true(OSSL_ENCODER_to_bio(ectx, mem_ser)) 264 1.1 christos || !TEST_FL_true(BIO_get_mem_ptr(mem_ser, &mem_buf) > 0) 265 1.1 christos || !TEST_FL_ptr(*encoded = mem_buf->data) 266 1.1 christos || !TEST_FL_long_gt(*encoded_len = mem_buf->length, 0)) 267 1.1 christos goto end; 268 1.1 christos 269 1.1 christos /* Detach the encoded output */ 270 1.1 christos mem_buf->data = NULL; 271 1.1 christos mem_buf->length = 0; 272 1.1 christos ok = 1; 273 1.1 christos end: 274 1.1 christos BIO_free(mem_ser); 275 1.1 christos OSSL_ENCODER_CTX_free(ectx); 276 1.1 christos return ok; 277 1.1 christos } 278 1.1 christos 279 1.1 christos static int decode_EVP_PKEY_prov(const char *file, const int line, 280 1.1 christos void **object, void *encoded, long encoded_len, 281 1.1 christos const char *input_type, 282 1.1 christos const char *structure_type, 283 1.1 christos const char *keytype, int selection, 284 1.1 christos const char *pass) 285 1.1 christos { 286 1.1 christos EVP_PKEY *pkey = NULL, *testpkey = NULL; 287 1.1 christos OSSL_DECODER_CTX *dctx = NULL; 288 1.1 christos BIO *encoded_bio = NULL; 289 1.1 christos const unsigned char *upass = (const unsigned char *)pass; 290 1.1 christos int ok = 0; 291 1.1 christos int i; 292 1.1 christos const char *badtype; 293 1.1 christos 294 1.1 christos if (strcmp(input_type, "DER") == 0) 295 1.1 christos badtype = "PEM"; 296 1.1 christos else 297 1.1 christos badtype = "DER"; 298 1.1 christos 299 1.1 christos if (!TEST_FL_ptr(encoded_bio = BIO_new_mem_buf(encoded, encoded_len))) 300 1.1 christos goto end; 301 1.1 christos 302 1.1 christos /* 303 1.1 christos * We attempt the decode 3 times. The first time we provide the expected 304 1.1 christos * starting input type. The second time we provide NULL for the starting 305 1.1 christos * type. The third time we provide a bad starting input type. 306 1.1 christos * The bad starting input type should fail. The other two should succeed 307 1.1 christos * and produce the same result. 308 1.1 christos */ 309 1.1 christos for (i = 0; i < 3; i++) { 310 1.1 christos const char *testtype = (i == 0) ? input_type 311 1.1 christos : ((i == 1) ? NULL : badtype); 312 1.1 christos 313 1.1 christos if (!TEST_FL_ptr(dctx = OSSL_DECODER_CTX_new_for_pkey(&testpkey, 314 1.1 christos testtype, 315 1.1 christos structure_type, 316 1.1 christos keytype, 317 1.1 christos selection, 318 1.1 christos testctx, testpropq)) 319 1.1 christos || (pass != NULL 320 1.1 christos && !OSSL_DECODER_CTX_set_passphrase(dctx, upass, strlen(pass))) 321 1.1 christos || !TEST_FL_int_gt(BIO_reset(encoded_bio), 0) 322 1.1 christos /* We expect to fail when using a bad input type */ 323 1.1 christos || !TEST_FL_int_eq(OSSL_DECODER_from_bio(dctx, encoded_bio), 324 1.1 christos (i == 2) ? 0 : 1)) 325 1.1 christos goto end; 326 1.1 christos OSSL_DECODER_CTX_free(dctx); 327 1.1 christos dctx = NULL; 328 1.1 christos 329 1.1 christos if (i == 0) { 330 1.1 christos pkey = testpkey; 331 1.1 christos testpkey = NULL; 332 1.1 christos } else if (i == 1) { 333 1.1 christos if (selection == OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) { 334 1.1 christos if (!TEST_FL_int_eq(EVP_PKEY_parameters_eq(pkey, testpkey), 1)) 335 1.1 christos goto end; 336 1.1 christos } else { 337 1.1 christos if (!TEST_FL_int_eq(EVP_PKEY_eq(pkey, testpkey), 1)) 338 1.1 christos goto end; 339 1.1 christos } 340 1.1 christos } 341 1.1 christos } 342 1.1 christos ok = 1; 343 1.1 christos *object = pkey; 344 1.1 christos pkey = NULL; 345 1.1 christos 346 1.1 christos end: 347 1.1 christos EVP_PKEY_free(pkey); 348 1.1 christos EVP_PKEY_free(testpkey); 349 1.1 christos BIO_free(encoded_bio); 350 1.1 christos OSSL_DECODER_CTX_free(dctx); 351 1.1 christos return ok; 352 1.1 christos } 353 1.1 christos 354 1.1 christos static int encode_EVP_PKEY_legacy_PEM(const char *file, const int line, 355 1.1 christos void **encoded, long *encoded_len, 356 1.1 christos void *object, ossl_unused int selection, 357 1.1 christos ossl_unused const char *output_type, 358 1.1 christos ossl_unused const char *output_structure, 359 1.1 christos const char *pass, const char *pcipher) 360 1.1 christos { 361 1.1 christos EVP_PKEY *pkey = object; 362 1.1 christos EVP_CIPHER *cipher = NULL; 363 1.1 christos BIO *mem_ser = NULL; 364 1.1 christos BUF_MEM *mem_buf = NULL; 365 1.1 christos const unsigned char *upass = (const unsigned char *)pass; 366 1.1 christos size_t passlen = 0; 367 1.1 christos int ok = 0; 368 1.1 christos 369 1.1 christos if (pcipher != NULL && pass != NULL) { 370 1.1 christos passlen = strlen(pass); 371 1.1 christos if (!TEST_FL_ptr(cipher = EVP_CIPHER_fetch(testctx, pcipher, testpropq))) 372 1.1 christos goto end; 373 1.1 christos } 374 1.1 christos if (!TEST_FL_ptr(mem_ser = BIO_new(BIO_s_mem())) 375 1.1 christos || !TEST_FL_true(PEM_write_bio_PrivateKey_traditional(mem_ser, pkey, 376 1.1 christos cipher, 377 1.1 christos upass, passlen, 378 1.1 christos NULL, NULL)) 379 1.1 christos || !TEST_FL_true(BIO_get_mem_ptr(mem_ser, &mem_buf) > 0) 380 1.1 christos || !TEST_FL_ptr(*encoded = mem_buf->data) 381 1.1 christos || !TEST_FL_long_gt(*encoded_len = mem_buf->length, 0)) 382 1.1 christos goto end; 383 1.1 christos 384 1.1 christos /* Detach the encoded output */ 385 1.1 christos mem_buf->data = NULL; 386 1.1 christos mem_buf->length = 0; 387 1.1 christos ok = 1; 388 1.1 christos end: 389 1.1 christos BIO_free(mem_ser); 390 1.1 christos EVP_CIPHER_free(cipher); 391 1.1 christos return ok; 392 1.1 christos } 393 1.1 christos 394 1.1 christos static int encode_EVP_PKEY_MSBLOB(const char *file, const int line, 395 1.1 christos void **encoded, long *encoded_len, 396 1.1 christos void *object, int selection, 397 1.1 christos ossl_unused const char *output_type, 398 1.1 christos ossl_unused const char *output_structure, 399 1.1 christos ossl_unused const char *pass, 400 1.1 christos ossl_unused const char *pcipher) 401 1.1 christos { 402 1.1 christos EVP_PKEY *pkey = object; 403 1.1 christos BIO *mem_ser = NULL; 404 1.1 christos BUF_MEM *mem_buf = NULL; 405 1.1 christos int ok = 0; 406 1.1 christos 407 1.1 christos if (!TEST_FL_ptr(mem_ser = BIO_new(BIO_s_mem()))) 408 1.1 christos goto end; 409 1.1 christos 410 1.1 christos if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) { 411 1.1 christos if (!TEST_FL_int_ge(i2b_PrivateKey_bio(mem_ser, pkey), 0)) 412 1.1 christos goto end; 413 1.1 christos } else { 414 1.1 christos if (!TEST_FL_int_ge(i2b_PublicKey_bio(mem_ser, pkey), 0)) 415 1.1 christos goto end; 416 1.1 christos } 417 1.1 christos 418 1.1 christos if (!TEST_FL_true(BIO_get_mem_ptr(mem_ser, &mem_buf) > 0) 419 1.1 christos || !TEST_FL_ptr(*encoded = mem_buf->data) 420 1.1 christos || !TEST_FL_long_gt(*encoded_len = mem_buf->length, 0)) 421 1.1 christos goto end; 422 1.1 christos 423 1.1 christos /* Detach the encoded output */ 424 1.1 christos mem_buf->data = NULL; 425 1.1 christos mem_buf->length = 0; 426 1.1 christos ok = 1; 427 1.1 christos end: 428 1.1 christos BIO_free(mem_ser); 429 1.1 christos return ok; 430 1.1 christos } 431 1.1 christos 432 1.1 christos static pem_password_cb pass_pw; 433 1.1 christos static int pass_pw(char *buf, int size, int rwflag, void *userdata) 434 1.1 christos { 435 1.1 christos OPENSSL_strlcpy(buf, userdata, size); 436 1.1 christos return strlen(userdata); 437 1.1 christos } 438 1.1 christos 439 1.1 christos static int encode_EVP_PKEY_PVK(const char *file, const int line, 440 1.1 christos void **encoded, long *encoded_len, 441 1.1 christos void *object, int selection, 442 1.1 christos ossl_unused const char *output_type, 443 1.1 christos ossl_unused const char *output_structure, 444 1.1 christos const char *pass, 445 1.1 christos ossl_unused const char *pcipher) 446 1.1 christos { 447 1.1 christos EVP_PKEY *pkey = object; 448 1.1 christos BIO *mem_ser = NULL; 449 1.1 christos BUF_MEM *mem_buf = NULL; 450 1.1 christos int enc = (pass != NULL); 451 1.1 christos int ok = 0; 452 1.1 christos 453 1.1 christos if (!TEST_FL_true(ossl_assert((selection 454 1.1 christos & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0)) 455 1.1 christos || !TEST_FL_ptr(mem_ser = BIO_new(BIO_s_mem())) 456 1.1 christos || !TEST_FL_int_ge(i2b_PVK_bio_ex(mem_ser, pkey, enc, 457 1.1 christos pass_pw, (void *)pass, testctx, testpropq), 0) 458 1.1 christos || !TEST_FL_true(BIO_get_mem_ptr(mem_ser, &mem_buf) > 0) 459 1.1 christos || !TEST_FL_ptr(*encoded = mem_buf->data) 460 1.1 christos || !TEST_FL_long_gt(*encoded_len = mem_buf->length, 0)) 461 1.1 christos goto end; 462 1.1 christos 463 1.1 christos /* Detach the encoded output */ 464 1.1 christos mem_buf->data = NULL; 465 1.1 christos mem_buf->length = 0; 466 1.1 christos ok = 1; 467 1.1 christos end: 468 1.1 christos BIO_free(mem_ser); 469 1.1 christos return ok; 470 1.1 christos } 471 1.1 christos 472 1.1 christos static int test_text(const char *file, const int line, 473 1.1 christos const void *data1, size_t data1_len, 474 1.1 christos const void *data2, size_t data2_len) 475 1.1 christos { 476 1.1 christos return TEST_FL_strn2_eq(data1, data1_len, data2, data2_len); 477 1.1 christos } 478 1.1 christos 479 1.1 christos static int test_mem(const char *file, const int line, 480 1.1 christos const void *data1, size_t data1_len, 481 1.1 christos const void *data2, size_t data2_len) 482 1.1 christos { 483 1.1 christos return TEST_FL_mem_eq(data1, data1_len, data2, data2_len); 484 1.1 christos } 485 1.1 christos 486 1.1 christos /* Test cases and their dumpers / checkers */ 487 1.1 christos 488 1.1 christos static void collect_name(const char *name, void *arg) 489 1.1 christos { 490 1.1 christos char **namelist = arg; 491 1.1 christos char *new_namelist; 492 1.1 christos size_t space; 493 1.1 christos 494 1.1 christos space = strlen(name); 495 1.1 christos if (*namelist != NULL) 496 1.1 christos space += strlen(*namelist) + 2 /* for comma and space */; 497 1.1 christos space++; /* for terminating null byte */ 498 1.1 christos 499 1.1 christos new_namelist = OPENSSL_realloc(*namelist, space); 500 1.1 christos if (new_namelist == NULL) 501 1.1 christos return; 502 1.1 christos if (*namelist != NULL) { 503 1.1 christos strcat(new_namelist, ", "); 504 1.1 christos strcat(new_namelist, name); 505 1.1 christos } else { 506 1.1 christos strcpy(new_namelist, name); 507 1.1 christos } 508 1.1 christos *namelist = new_namelist; 509 1.1 christos } 510 1.1 christos 511 1.1 christos static void dump_der(const char *label, const void *data, size_t data_len) 512 1.1 christos { 513 1.1 christos test_output_memory(label, data, data_len); 514 1.1 christos } 515 1.1 christos 516 1.1 christos static void dump_pem(const char *label, const void *data, size_t data_len) 517 1.1 christos { 518 1.1 christos test_output_string(label, data, data_len - 1); 519 1.1 christos } 520 1.1 christos 521 1.1 christos static int check_unprotected_PKCS8_DER(const char *file, const int line, 522 1.1 christos const char *type, 523 1.1 christos const void *data, size_t data_len) 524 1.1 christos { 525 1.1 christos const unsigned char *datap = data; 526 1.1 christos PKCS8_PRIV_KEY_INFO *p8inf = 527 1.1 christos d2i_PKCS8_PRIV_KEY_INFO(NULL, &datap, data_len); 528 1.1 christos int ok = 0; 529 1.1 christos 530 1.1 christos if (TEST_FL_ptr(p8inf)) { 531 1.1 christos EVP_PKEY *pkey = EVP_PKCS82PKEY_ex(p8inf, testctx, testpropq); 532 1.1 christos char *namelist = NULL; 533 1.1 christos 534 1.1 christos if (TEST_FL_ptr(pkey)) { 535 1.1 christos if (!(ok = TEST_FL_true(EVP_PKEY_is_a(pkey, type)))) { 536 1.1 christos EVP_PKEY_type_names_do_all(pkey, collect_name, &namelist); 537 1.1 christos if (namelist != NULL) 538 1.1 christos TEST_note("%s isn't any of %s", type, namelist); 539 1.1 christos OPENSSL_free(namelist); 540 1.1 christos } 541 1.1 christos ok = ok && TEST_FL_true(evp_pkey_is_provided(pkey)); 542 1.1 christos EVP_PKEY_free(pkey); 543 1.1 christos } 544 1.1 christos } 545 1.1 christos PKCS8_PRIV_KEY_INFO_free(p8inf); 546 1.1 christos return ok; 547 1.1 christos } 548 1.1 christos 549 1.1 christos static int test_unprotected_via_DER(const char *type, EVP_PKEY *key, int fips) 550 1.1 christos { 551 1.1 christos return test_encode_decode(__FILE__, __LINE__, type, key, 552 1.1 christos OSSL_KEYMGMT_SELECT_KEYPAIR 553 1.1 christos | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS, 554 1.1 christos "DER", "PrivateKeyInfo", NULL, NULL, 555 1.1 christos encode_EVP_PKEY_prov, decode_EVP_PKEY_prov, 556 1.1 christos test_mem, check_unprotected_PKCS8_DER, 557 1.1 christos dump_der, fips ? 0 : FLAG_FAIL_IF_FIPS); 558 1.1 christos } 559 1.1 christos 560 1.1 christos static int check_unprotected_PKCS8_PEM(const char *file, const int line, 561 1.1 christos const char *type, 562 1.1 christos const void *data, size_t data_len) 563 1.1 christos { 564 1.1 christos static const char expected_pem_header[] = 565 1.1 christos "-----BEGIN " PEM_STRING_PKCS8INF "-----"; 566 1.1 christos 567 1.1 christos return TEST_FL_strn_eq(data, expected_pem_header, 568 1.1 christos sizeof(expected_pem_header) - 1); 569 1.1 christos } 570 1.1 christos 571 1.1 christos static int test_unprotected_via_PEM(const char *type, EVP_PKEY *key, int fips) 572 1.1 christos { 573 1.1 christos return test_encode_decode(__FILE__, __LINE__, type, key, 574 1.1 christos OSSL_KEYMGMT_SELECT_KEYPAIR 575 1.1 christos | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS, 576 1.1 christos "PEM", "PrivateKeyInfo", NULL, NULL, 577 1.1 christos encode_EVP_PKEY_prov, decode_EVP_PKEY_prov, 578 1.1 christos test_text, check_unprotected_PKCS8_PEM, 579 1.1 christos dump_pem, fips ? 0 : FLAG_FAIL_IF_FIPS); 580 1.1 christos } 581 1.1 christos 582 1.1 christos #ifndef OPENSSL_NO_KEYPARAMS 583 1.1 christos static int check_params_DER(const char *file, const int line, 584 1.1 christos const char *type, const void *data, size_t data_len) 585 1.1 christos { 586 1.1 christos const unsigned char *datap = data; 587 1.1 christos int ok = 0; 588 1.1 christos int itype = NID_undef; 589 1.1 christos EVP_PKEY *pkey = NULL; 590 1.1 christos 591 1.1 christos if (strcmp(type, "DH") == 0) 592 1.1 christos itype = EVP_PKEY_DH; 593 1.1 christos else if (strcmp(type, "X9.42 DH") == 0) 594 1.1 christos itype = EVP_PKEY_DHX; 595 1.1 christos else if (strcmp(type, "DSA") == 0) 596 1.1 christos itype = EVP_PKEY_DSA; 597 1.1 christos else if (strcmp(type, "EC") == 0) 598 1.1 christos itype = EVP_PKEY_EC; 599 1.1 christos 600 1.1 christos if (itype != NID_undef) { 601 1.1 christos pkey = d2i_KeyParams(itype, NULL, &datap, data_len); 602 1.1 christos ok = (pkey != NULL); 603 1.1 christos EVP_PKEY_free(pkey); 604 1.1 christos } 605 1.1 christos 606 1.1 christos return ok; 607 1.1 christos } 608 1.1 christos 609 1.1 christos static int check_params_PEM(const char *file, const int line, 610 1.1 christos const char *type, 611 1.1 christos const void *data, size_t data_len) 612 1.1 christos { 613 1.1 christos static char expected_pem_header[80]; 614 1.1 christos 615 1.1 christos return 616 1.1 christos TEST_FL_int_gt(BIO_snprintf(expected_pem_header, 617 1.1 christos sizeof(expected_pem_header), 618 1.1 christos "-----BEGIN %s PARAMETERS-----", type), 0) 619 1.1 christos && TEST_FL_strn_eq(data, expected_pem_header, strlen(expected_pem_header)); 620 1.1 christos } 621 1.1 christos 622 1.1 christos static int test_params_via_DER(const char *type, EVP_PKEY *key) 623 1.1 christos { 624 1.1 christos return test_encode_decode(__FILE__, __LINE__, type, key, OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS, 625 1.1 christos "DER", "type-specific", NULL, NULL, 626 1.1 christos encode_EVP_PKEY_prov, decode_EVP_PKEY_prov, 627 1.1 christos test_mem, check_params_DER, 628 1.1 christos dump_der, FLAG_DECODE_WITH_TYPE); 629 1.1 christos } 630 1.1 christos 631 1.1 christos static int test_params_via_PEM(const char *type, EVP_PKEY *key) 632 1.1 christos { 633 1.1 christos return test_encode_decode(__FILE__, __LINE__, type, key, OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS, 634 1.1 christos "PEM", "type-specific", NULL, NULL, 635 1.1 christos encode_EVP_PKEY_prov, decode_EVP_PKEY_prov, 636 1.1 christos test_text, check_params_PEM, 637 1.1 christos dump_pem, 0); 638 1.1 christos } 639 1.1 christos #endif /* !OPENSSL_NO_KEYPARAMS */ 640 1.1 christos 641 1.1 christos static int check_unprotected_legacy_PEM(const char *file, const int line, 642 1.1 christos const char *type, 643 1.1 christos const void *data, size_t data_len) 644 1.1 christos { 645 1.1 christos static char expected_pem_header[80]; 646 1.1 christos 647 1.1 christos return 648 1.1 christos TEST_FL_int_gt(BIO_snprintf(expected_pem_header, 649 1.1 christos sizeof(expected_pem_header), 650 1.1 christos "-----BEGIN %s PRIVATE KEY-----", type), 0) 651 1.1 christos && TEST_FL_strn_eq(data, expected_pem_header, strlen(expected_pem_header)); 652 1.1 christos } 653 1.1 christos 654 1.1 christos static int test_unprotected_via_legacy_PEM(const char *type, EVP_PKEY *key) 655 1.1 christos { 656 1.1 christos if (!default_libctx || is_fips) 657 1.1 christos return TEST_skip("Test not available if using a non-default library context or FIPS provider"); 658 1.1 christos 659 1.1 christos return test_encode_decode(__FILE__, __LINE__, type, key, 660 1.1 christos OSSL_KEYMGMT_SELECT_KEYPAIR 661 1.1 christos | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS, 662 1.1 christos "PEM", "type-specific", NULL, NULL, 663 1.1 christos encode_EVP_PKEY_legacy_PEM, decode_EVP_PKEY_prov, 664 1.1 christos test_text, check_unprotected_legacy_PEM, 665 1.1 christos dump_pem, 0); 666 1.1 christos } 667 1.1 christos 668 1.1 christos static int check_MSBLOB(const char *file, const int line, 669 1.1 christos const char *type, const void *data, size_t data_len) 670 1.1 christos { 671 1.1 christos const unsigned char *datap = data; 672 1.1 christos EVP_PKEY *pkey = b2i_PrivateKey(&datap, data_len); 673 1.1 christos int ok = TEST_FL_ptr(pkey); 674 1.1 christos 675 1.1 christos EVP_PKEY_free(pkey); 676 1.1 christos return ok; 677 1.1 christos } 678 1.1 christos 679 1.1 christos static int test_unprotected_via_MSBLOB(const char *type, EVP_PKEY *key) 680 1.1 christos { 681 1.1 christos return test_encode_decode(__FILE__, __LINE__, type, key, 682 1.1 christos OSSL_KEYMGMT_SELECT_KEYPAIR 683 1.1 christos | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS, 684 1.1 christos "MSBLOB", NULL, NULL, NULL, 685 1.1 christos encode_EVP_PKEY_MSBLOB, decode_EVP_PKEY_prov, 686 1.1 christos test_mem, check_MSBLOB, 687 1.1 christos dump_der, 0); 688 1.1 christos } 689 1.1 christos 690 1.1 christos static int check_PVK(const char *file, const int line, 691 1.1 christos const char *type, const void *data, size_t data_len) 692 1.1 christos { 693 1.1 christos const unsigned char *in = data; 694 1.1 christos unsigned int saltlen = 0, keylen = 0; 695 1.1 christos int ok = ossl_do_PVK_header(&in, data_len, 0, &saltlen, &keylen); 696 1.1 christos 697 1.1 christos return ok; 698 1.1 christos } 699 1.1 christos 700 1.1 christos static int test_unprotected_via_PVK(const char *type, EVP_PKEY *key) 701 1.1 christos { 702 1.1 christos return test_encode_decode(__FILE__, __LINE__, type, key, 703 1.1 christos OSSL_KEYMGMT_SELECT_KEYPAIR 704 1.1 christos | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS, 705 1.1 christos "PVK", NULL, NULL, NULL, 706 1.1 christos encode_EVP_PKEY_PVK, decode_EVP_PKEY_prov, 707 1.1 christos test_mem, check_PVK, 708 1.1 christos dump_der, 0); 709 1.1 christos } 710 1.1 christos 711 1.1 christos static const char *pass_cipher = "AES-256-CBC"; 712 1.1 christos static const char *pass = "the holy handgrenade of antioch"; 713 1.1 christos 714 1.1 christos static int check_protected_PKCS8_DER(const char *file, const int line, 715 1.1 christos const char *type, 716 1.1 christos const void *data, size_t data_len) 717 1.1 christos { 718 1.1 christos const unsigned char *datap = data; 719 1.1 christos X509_SIG *p8 = d2i_X509_SIG(NULL, &datap, data_len); 720 1.1 christos int ok = TEST_FL_ptr(p8); 721 1.1 christos 722 1.1 christos X509_SIG_free(p8); 723 1.1 christos return ok; 724 1.1 christos } 725 1.1 christos 726 1.1 christos static int test_protected_via_DER(const char *type, EVP_PKEY *key, int fips) 727 1.1 christos { 728 1.1 christos return test_encode_decode(__FILE__, __LINE__, type, key, 729 1.1 christos OSSL_KEYMGMT_SELECT_KEYPAIR 730 1.1 christos | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS, 731 1.1 christos "DER", "EncryptedPrivateKeyInfo", 732 1.1 christos pass, pass_cipher, 733 1.1 christos encode_EVP_PKEY_prov, decode_EVP_PKEY_prov, 734 1.1 christos test_mem, check_protected_PKCS8_DER, 735 1.1 christos dump_der, fips ? 0 : FLAG_FAIL_IF_FIPS); 736 1.1 christos } 737 1.1 christos 738 1.1 christos static int check_protected_PKCS8_PEM(const char *file, const int line, 739 1.1 christos const char *type, 740 1.1 christos const void *data, size_t data_len) 741 1.1 christos { 742 1.1 christos static const char expected_pem_header[] = 743 1.1 christos "-----BEGIN " PEM_STRING_PKCS8 "-----"; 744 1.1 christos 745 1.1 christos return TEST_FL_strn_eq(data, expected_pem_header, 746 1.1 christos sizeof(expected_pem_header) - 1); 747 1.1 christos } 748 1.1 christos 749 1.1 christos static int test_protected_via_PEM(const char *type, EVP_PKEY *key, int fips) 750 1.1 christos { 751 1.1 christos return test_encode_decode(__FILE__, __LINE__, type, key, 752 1.1 christos OSSL_KEYMGMT_SELECT_KEYPAIR 753 1.1 christos | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS, 754 1.1 christos "PEM", "EncryptedPrivateKeyInfo", 755 1.1 christos pass, pass_cipher, 756 1.1 christos encode_EVP_PKEY_prov, decode_EVP_PKEY_prov, 757 1.1 christos test_text, check_protected_PKCS8_PEM, 758 1.1 christos dump_pem, fips ? 0 : FLAG_FAIL_IF_FIPS); 759 1.1 christos } 760 1.1 christos 761 1.1 christos static int check_protected_legacy_PEM(const char *file, const int line, 762 1.1 christos const char *type, 763 1.1 christos const void *data, size_t data_len) 764 1.1 christos { 765 1.1 christos static char expected_pem_header[80]; 766 1.1 christos 767 1.1 christos return 768 1.1 christos TEST_FL_int_gt(BIO_snprintf(expected_pem_header, 769 1.1 christos sizeof(expected_pem_header), 770 1.1 christos "-----BEGIN %s PRIVATE KEY-----", type), 0) 771 1.1 christos && TEST_FL_strn_eq(data, expected_pem_header, strlen(expected_pem_header)) 772 1.1 christos && TEST_FL_ptr(strstr(data, "\nDEK-Info: ")); 773 1.1 christos } 774 1.1 christos 775 1.1 christos static int test_protected_via_legacy_PEM(const char *type, EVP_PKEY *key) 776 1.1 christos { 777 1.1 christos if (!default_libctx || is_fips) 778 1.1 christos return TEST_skip("Test not available if using a non-default library context or FIPS provider"); 779 1.1 christos 780 1.1 christos return test_encode_decode(__FILE__, __LINE__, type, key, 781 1.1 christos OSSL_KEYMGMT_SELECT_KEYPAIR 782 1.1 christos | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS, 783 1.1 christos "PEM", "type-specific", pass, pass_cipher, 784 1.1 christos encode_EVP_PKEY_legacy_PEM, decode_EVP_PKEY_prov, 785 1.1 christos test_text, check_protected_legacy_PEM, 786 1.1 christos dump_pem, 0); 787 1.1 christos } 788 1.1 christos 789 1.1 christos #ifndef OPENSSL_NO_RC4 790 1.1 christos static int test_protected_via_PVK(const char *type, EVP_PKEY *key) 791 1.1 christos { 792 1.1 christos int ret = 0; 793 1.1 christos OSSL_PROVIDER *lgcyprov = OSSL_PROVIDER_load(testctx, "legacy"); 794 1.1 christos if (lgcyprov == NULL) 795 1.1 christos return TEST_skip("Legacy provider not available"); 796 1.1 christos 797 1.1 christos ret = test_encode_decode(__FILE__, __LINE__, type, key, 798 1.1 christos OSSL_KEYMGMT_SELECT_KEYPAIR 799 1.1 christos | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS, 800 1.1 christos "PVK", NULL, pass, NULL, 801 1.1 christos encode_EVP_PKEY_PVK, decode_EVP_PKEY_prov, 802 1.1 christos test_mem, check_PVK, dump_der, 0); 803 1.1 christos OSSL_PROVIDER_unload(lgcyprov); 804 1.1 christos return ret; 805 1.1 christos } 806 1.1 christos #endif 807 1.1 christos 808 1.1 christos static int check_public_DER(const char *file, const int line, 809 1.1 christos const char *type, const void *data, size_t data_len) 810 1.1 christos { 811 1.1 christos const unsigned char *datap = data; 812 1.1 christos EVP_PKEY *pkey = d2i_PUBKEY_ex(NULL, &datap, data_len, testctx, testpropq); 813 1.1 christos int ok = (TEST_FL_ptr(pkey) && TEST_FL_true(EVP_PKEY_is_a(pkey, type))); 814 1.1 christos 815 1.1 christos EVP_PKEY_free(pkey); 816 1.1 christos return ok; 817 1.1 christos } 818 1.1 christos 819 1.1 christos static int test_public_via_DER(const char *type, EVP_PKEY *key, int fips) 820 1.1 christos { 821 1.1 christos return test_encode_decode(__FILE__, __LINE__, type, key, 822 1.1 christos OSSL_KEYMGMT_SELECT_PUBLIC_KEY 823 1.1 christos | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS, 824 1.1 christos "DER", "SubjectPublicKeyInfo", NULL, NULL, 825 1.1 christos encode_EVP_PKEY_prov, decode_EVP_PKEY_prov, 826 1.1 christos test_mem, check_public_DER, dump_der, 827 1.1 christos fips ? 0 : FLAG_FAIL_IF_FIPS); 828 1.1 christos } 829 1.1 christos 830 1.1 christos static int check_public_PEM(const char *file, const int line, 831 1.1 christos const char *type, const void *data, size_t data_len) 832 1.1 christos { 833 1.1 christos static const char expected_pem_header[] = 834 1.1 christos "-----BEGIN " PEM_STRING_PUBLIC "-----"; 835 1.1 christos 836 1.1 christos return 837 1.1 christos TEST_FL_strn_eq(data, expected_pem_header, 838 1.1 christos sizeof(expected_pem_header) - 1); 839 1.1 christos } 840 1.1 christos 841 1.1 christos static int test_public_via_PEM(const char *type, EVP_PKEY *key, int fips) 842 1.1 christos { 843 1.1 christos return test_encode_decode(__FILE__, __LINE__, type, key, 844 1.1 christos OSSL_KEYMGMT_SELECT_PUBLIC_KEY 845 1.1 christos | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS, 846 1.1 christos "PEM", "SubjectPublicKeyInfo", NULL, NULL, 847 1.1 christos encode_EVP_PKEY_prov, decode_EVP_PKEY_prov, 848 1.1 christos test_text, check_public_PEM, dump_pem, 849 1.1 christos fips ? 0 : FLAG_FAIL_IF_FIPS); 850 1.1 christos } 851 1.1 christos 852 1.1 christos static int check_public_MSBLOB(const char *file, const int line, 853 1.1 christos const char *type, 854 1.1 christos const void *data, size_t data_len) 855 1.1 christos { 856 1.1 christos const unsigned char *datap = data; 857 1.1 christos EVP_PKEY *pkey = b2i_PublicKey(&datap, data_len); 858 1.1 christos int ok = TEST_FL_ptr(pkey); 859 1.1 christos 860 1.1 christos EVP_PKEY_free(pkey); 861 1.1 christos return ok; 862 1.1 christos } 863 1.1 christos 864 1.1 christos static int test_public_via_MSBLOB(const char *type, EVP_PKEY *key) 865 1.1 christos { 866 1.1 christos return test_encode_decode(__FILE__, __LINE__, type, key, OSSL_KEYMGMT_SELECT_PUBLIC_KEY 867 1.1 christos | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS, 868 1.1 christos "MSBLOB", NULL, NULL, NULL, 869 1.1 christos encode_EVP_PKEY_MSBLOB, decode_EVP_PKEY_prov, 870 1.1 christos test_mem, check_public_MSBLOB, dump_der, 0); 871 1.1 christos } 872 1.1 christos 873 1.1 christos #define KEYS(KEYTYPE) \ 874 1.1 christos static EVP_PKEY *key_##KEYTYPE = NULL 875 1.1 christos #define MAKE_KEYS(KEYTYPE, KEYTYPEstr, params) \ 876 1.1 christos ok = ok \ 877 1.1 christos && TEST_ptr(key_##KEYTYPE = make_key(KEYTYPEstr, NULL, params)) 878 1.1 christos #define FREE_KEYS(KEYTYPE) \ 879 1.1 christos EVP_PKEY_free(key_##KEYTYPE); \ 880 1.1 christos 881 1.1 christos #define DOMAIN_KEYS(KEYTYPE) \ 882 1.1 christos static EVP_PKEY *template_##KEYTYPE = NULL; \ 883 1.1 christos static EVP_PKEY *key_##KEYTYPE = NULL 884 1.1 christos #define MAKE_DOMAIN_KEYS(KEYTYPE, KEYTYPEstr, params) \ 885 1.1 christos ok = ok \ 886 1.1 christos && TEST_ptr(template_##KEYTYPE = \ 887 1.1 christos make_template(KEYTYPEstr, params)) \ 888 1.1 christos && TEST_ptr(key_##KEYTYPE = \ 889 1.1 christos make_key(KEYTYPEstr, template_##KEYTYPE, NULL)) 890 1.1 christos #define FREE_DOMAIN_KEYS(KEYTYPE) \ 891 1.1 christos EVP_PKEY_free(template_##KEYTYPE); \ 892 1.1 christos EVP_PKEY_free(key_##KEYTYPE) 893 1.1 christos 894 1.1 christos #define IMPLEMENT_TEST_SUITE(KEYTYPE, KEYTYPEstr, fips) \ 895 1.1 christos static int test_unprotected_##KEYTYPE##_via_DER(void) \ 896 1.1 christos { \ 897 1.1 christos return test_unprotected_via_DER(KEYTYPEstr, key_##KEYTYPE, fips); \ 898 1.1 christos } \ 899 1.1 christos static int test_unprotected_##KEYTYPE##_via_PEM(void) \ 900 1.1 christos { \ 901 1.1 christos return test_unprotected_via_PEM(KEYTYPEstr, key_##KEYTYPE, fips); \ 902 1.1 christos } \ 903 1.1 christos static int test_protected_##KEYTYPE##_via_DER(void) \ 904 1.1 christos { \ 905 1.1 christos return test_protected_via_DER(KEYTYPEstr, key_##KEYTYPE, fips); \ 906 1.1 christos } \ 907 1.1 christos static int test_protected_##KEYTYPE##_via_PEM(void) \ 908 1.1 christos { \ 909 1.1 christos return test_protected_via_PEM(KEYTYPEstr, key_##KEYTYPE, fips); \ 910 1.1 christos } \ 911 1.1 christos static int test_public_##KEYTYPE##_via_DER(void) \ 912 1.1 christos { \ 913 1.1 christos return test_public_via_DER(KEYTYPEstr, key_##KEYTYPE, fips); \ 914 1.1 christos } \ 915 1.1 christos static int test_public_##KEYTYPE##_via_PEM(void) \ 916 1.1 christos { \ 917 1.1 christos return test_public_via_PEM(KEYTYPEstr, key_##KEYTYPE, fips); \ 918 1.1 christos } 919 1.1 christos 920 1.1 christos #define ADD_TEST_SUITE(KEYTYPE) \ 921 1.1 christos ADD_TEST(test_unprotected_##KEYTYPE##_via_DER); \ 922 1.1 christos ADD_TEST(test_unprotected_##KEYTYPE##_via_PEM); \ 923 1.1 christos ADD_TEST(test_protected_##KEYTYPE##_via_DER); \ 924 1.1 christos ADD_TEST(test_protected_##KEYTYPE##_via_PEM); \ 925 1.1 christos ADD_TEST(test_public_##KEYTYPE##_via_DER); \ 926 1.1 christos ADD_TEST(test_public_##KEYTYPE##_via_PEM) 927 1.1 christos 928 1.1 christos #define IMPLEMENT_TEST_SUITE_PARAMS(KEYTYPE, KEYTYPEstr) \ 929 1.1 christos static int test_params_##KEYTYPE##_via_DER(void) \ 930 1.1 christos { \ 931 1.1 christos return test_params_via_DER(KEYTYPEstr, key_##KEYTYPE); \ 932 1.1 christos } \ 933 1.1 christos static int test_params_##KEYTYPE##_via_PEM(void) \ 934 1.1 christos { \ 935 1.1 christos return test_params_via_PEM(KEYTYPEstr, key_##KEYTYPE); \ 936 1.1 christos } 937 1.1 christos 938 1.1 christos #define ADD_TEST_SUITE_PARAMS(KEYTYPE) \ 939 1.1 christos ADD_TEST(test_params_##KEYTYPE##_via_DER); \ 940 1.1 christos ADD_TEST(test_params_##KEYTYPE##_via_PEM) 941 1.1 christos 942 1.1 christos #define IMPLEMENT_TEST_SUITE_LEGACY(KEYTYPE, KEYTYPEstr) \ 943 1.1 christos static int test_unprotected_##KEYTYPE##_via_legacy_PEM(void) \ 944 1.1 christos { \ 945 1.1 christos return \ 946 1.1 christos test_unprotected_via_legacy_PEM(KEYTYPEstr, key_##KEYTYPE); \ 947 1.1 christos } \ 948 1.1 christos static int test_protected_##KEYTYPE##_via_legacy_PEM(void) \ 949 1.1 christos { \ 950 1.1 christos return \ 951 1.1 christos test_protected_via_legacy_PEM(KEYTYPEstr, key_##KEYTYPE); \ 952 1.1 christos } 953 1.1 christos 954 1.1 christos #define ADD_TEST_SUITE_LEGACY(KEYTYPE) \ 955 1.1 christos ADD_TEST(test_unprotected_##KEYTYPE##_via_legacy_PEM); \ 956 1.1 christos ADD_TEST(test_protected_##KEYTYPE##_via_legacy_PEM) 957 1.1 christos 958 1.1 christos #define IMPLEMENT_TEST_SUITE_MSBLOB(KEYTYPE, KEYTYPEstr) \ 959 1.1 christos static int test_unprotected_##KEYTYPE##_via_MSBLOB(void) \ 960 1.1 christos { \ 961 1.1 christos return test_unprotected_via_MSBLOB(KEYTYPEstr, key_##KEYTYPE); \ 962 1.1 christos } \ 963 1.1 christos static int test_public_##KEYTYPE##_via_MSBLOB(void) \ 964 1.1 christos { \ 965 1.1 christos return test_public_via_MSBLOB(KEYTYPEstr, key_##KEYTYPE); \ 966 1.1 christos } 967 1.1 christos 968 1.1 christos #define ADD_TEST_SUITE_MSBLOB(KEYTYPE) \ 969 1.1 christos ADD_TEST(test_unprotected_##KEYTYPE##_via_MSBLOB); \ 970 1.1 christos ADD_TEST(test_public_##KEYTYPE##_via_MSBLOB) 971 1.1 christos 972 1.1 christos #define IMPLEMENT_TEST_SUITE_UNPROTECTED_PVK(KEYTYPE, KEYTYPEstr) \ 973 1.1 christos static int test_unprotected_##KEYTYPE##_via_PVK(void) \ 974 1.1 christos { \ 975 1.1 christos return test_unprotected_via_PVK(KEYTYPEstr, key_##KEYTYPE); \ 976 1.1 christos } 977 1.1 christos # define ADD_TEST_SUITE_UNPROTECTED_PVK(KEYTYPE) \ 978 1.1 christos ADD_TEST(test_unprotected_##KEYTYPE##_via_PVK) 979 1.1 christos #ifndef OPENSSL_NO_RC4 980 1.1 christos # define IMPLEMENT_TEST_SUITE_PROTECTED_PVK(KEYTYPE, KEYTYPEstr) \ 981 1.1 christos static int test_protected_##KEYTYPE##_via_PVK(void) \ 982 1.1 christos { \ 983 1.1 christos return test_protected_via_PVK(KEYTYPEstr, key_##KEYTYPE); \ 984 1.1 christos } 985 1.1 christos # define ADD_TEST_SUITE_PROTECTED_PVK(KEYTYPE) \ 986 1.1 christos ADD_TEST(test_protected_##KEYTYPE##_via_PVK) 987 1.1 christos #endif 988 1.1 christos 989 1.1 christos #ifndef OPENSSL_NO_DH 990 1.1 christos DOMAIN_KEYS(DH); 991 1.1 christos IMPLEMENT_TEST_SUITE(DH, "DH", 1) 992 1.1 christos IMPLEMENT_TEST_SUITE_PARAMS(DH, "DH") 993 1.1 christos DOMAIN_KEYS(DHX); 994 1.1 christos IMPLEMENT_TEST_SUITE(DHX, "X9.42 DH", 1) 995 1.1 christos IMPLEMENT_TEST_SUITE_PARAMS(DHX, "X9.42 DH") 996 1.1 christos /* 997 1.1 christos * DH has no support for PEM_write_bio_PrivateKey_traditional(), 998 1.1 christos * so no legacy tests. 999 1.1 christos */ 1000 1.1 christos #endif 1001 1.1 christos #ifndef OPENSSL_NO_DSA 1002 1.1 christos DOMAIN_KEYS(DSA); 1003 1.1 christos IMPLEMENT_TEST_SUITE(DSA, "DSA", 1) 1004 1.1 christos IMPLEMENT_TEST_SUITE_PARAMS(DSA, "DSA") 1005 1.1 christos IMPLEMENT_TEST_SUITE_LEGACY(DSA, "DSA") 1006 1.1 christos IMPLEMENT_TEST_SUITE_MSBLOB(DSA, "DSA") 1007 1.1 christos IMPLEMENT_TEST_SUITE_UNPROTECTED_PVK(DSA, "DSA") 1008 1.1 christos # ifndef OPENSSL_NO_RC4 1009 1.1 christos IMPLEMENT_TEST_SUITE_PROTECTED_PVK(DSA, "DSA") 1010 1.1 christos # endif 1011 1.1 christos #endif 1012 1.1 christos #ifndef OPENSSL_NO_EC 1013 1.1 christos DOMAIN_KEYS(EC); 1014 1.1 christos IMPLEMENT_TEST_SUITE(EC, "EC", 1) 1015 1.1 christos IMPLEMENT_TEST_SUITE_PARAMS(EC, "EC") 1016 1.1 christos IMPLEMENT_TEST_SUITE_LEGACY(EC, "EC") 1017 1.1 christos DOMAIN_KEYS(ECExplicitPrimeNamedCurve); 1018 1.1 christos IMPLEMENT_TEST_SUITE(ECExplicitPrimeNamedCurve, "EC", 1) 1019 1.1 christos IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitPrimeNamedCurve, "EC") 1020 1.1 christos DOMAIN_KEYS(ECExplicitPrime2G); 1021 1.1 christos IMPLEMENT_TEST_SUITE(ECExplicitPrime2G, "EC", 0) 1022 1.1 christos IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitPrime2G, "EC") 1023 1.1 christos # ifndef OPENSSL_NO_EC2M 1024 1.1 christos DOMAIN_KEYS(ECExplicitTriNamedCurve); 1025 1.1 christos IMPLEMENT_TEST_SUITE(ECExplicitTriNamedCurve, "EC", 1) 1026 1.1 christos IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitTriNamedCurve, "EC") 1027 1.1 christos DOMAIN_KEYS(ECExplicitTri2G); 1028 1.1 christos IMPLEMENT_TEST_SUITE(ECExplicitTri2G, "EC", 0) 1029 1.1 christos IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitTri2G, "EC") 1030 1.1 christos # endif 1031 1.1.1.3 christos # ifndef OPENSSL_NO_SM2 1032 1.1.1.3 christos KEYS(SM2); 1033 1.1.1.3 christos IMPLEMENT_TEST_SUITE(SM2, "SM2", 0) 1034 1.1.1.3 christos # endif 1035 1.1 christos KEYS(ED25519); 1036 1.1 christos IMPLEMENT_TEST_SUITE(ED25519, "ED25519", 1) 1037 1.1 christos KEYS(ED448); 1038 1.1 christos IMPLEMENT_TEST_SUITE(ED448, "ED448", 1) 1039 1.1 christos KEYS(X25519); 1040 1.1 christos IMPLEMENT_TEST_SUITE(X25519, "X25519", 1) 1041 1.1 christos KEYS(X448); 1042 1.1 christos IMPLEMENT_TEST_SUITE(X448, "X448", 1) 1043 1.1 christos /* 1044 1.1 christos * ED25519, ED448, X25519 and X448 have no support for 1045 1.1 christos * PEM_write_bio_PrivateKey_traditional(), so no legacy tests. 1046 1.1 christos */ 1047 1.1 christos #endif 1048 1.1 christos KEYS(RSA); 1049 1.1 christos IMPLEMENT_TEST_SUITE(RSA, "RSA", 1) 1050 1.1 christos IMPLEMENT_TEST_SUITE_LEGACY(RSA, "RSA") 1051 1.1 christos KEYS(RSA_PSS); 1052 1.1 christos IMPLEMENT_TEST_SUITE(RSA_PSS, "RSA-PSS", 1) 1053 1.1 christos /* 1054 1.1 christos * RSA-PSS has no support for PEM_write_bio_PrivateKey_traditional(), 1055 1.1 christos * so no legacy tests. 1056 1.1 christos */ 1057 1.1 christos IMPLEMENT_TEST_SUITE_MSBLOB(RSA, "RSA") 1058 1.1 christos IMPLEMENT_TEST_SUITE_UNPROTECTED_PVK(RSA, "RSA") 1059 1.1 christos #ifndef OPENSSL_NO_RC4 1060 1.1 christos IMPLEMENT_TEST_SUITE_PROTECTED_PVK(RSA, "RSA") 1061 1.1 christos #endif 1062 1.1 christos 1063 1.1 christos #ifndef OPENSSL_NO_EC 1064 1.1 christos /* Explicit parameters that match a named curve */ 1065 1.1 christos static int do_create_ec_explicit_prime_params(OSSL_PARAM_BLD *bld, 1066 1.1 christos const unsigned char *gen, 1067 1.1 christos size_t gen_len) 1068 1.1 christos { 1069 1.1 christos BIGNUM *a, *b, *prime, *order; 1070 1.1 christos 1071 1.1 christos /* Curve prime256v1 */ 1072 1.1 christos static const unsigned char prime_data[] = { 1073 1.1 christos 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 1074 1.1 christos 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1075 1.1 christos 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 1076 1.1 christos 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 1077 1.1 christos 0xff 1078 1.1 christos }; 1079 1.1 christos static const unsigned char a_data[] = { 1080 1.1 christos 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 1081 1.1 christos 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1082 1.1 christos 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 1083 1.1 christos 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 1084 1.1 christos 0xfc 1085 1.1 christos }; 1086 1.1 christos static const unsigned char b_data[] = { 1087 1.1 christos 0x5a, 0xc6, 0x35, 0xd8, 0xaa, 0x3a, 0x93, 0xe7, 1088 1.1 christos 0xb3, 0xeb, 0xbd, 0x55, 0x76, 0x98, 0x86, 0xbc, 1089 1.1 christos 0x65, 0x1d, 0x06, 0xb0, 0xcc, 0x53, 0xb0, 0xf6, 1090 1.1 christos 0x3b, 0xce, 0x3c, 0x3e, 0x27, 0xd2, 0x60, 0x4b 1091 1.1 christos }; 1092 1.1 christos static const unsigned char seed[] = { 1093 1.1 christos 0xc4, 0x9d, 0x36, 0x08, 0x86, 0xe7, 0x04, 0x93, 1094 1.1 christos 0x6a, 0x66, 0x78, 0xe1, 0x13, 0x9d, 0x26, 0xb7, 1095 1.1 christos 0x81, 0x9f, 0x7e, 0x90 1096 1.1 christos }; 1097 1.1 christos static const unsigned char order_data[] = { 1098 1.1 christos 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 1099 1.1 christos 0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 1100 1.1 christos 0xff, 0xbc, 0xe6, 0xfa, 0xad, 0xa7, 0x17, 0x9e, 1101 1.1 christos 0x84, 0xf3, 0xb9, 0xca, 0xc2, 0xfc, 0x63, 0x25, 0x51 1102 1.1 christos }; 1103 1.1 christos return TEST_ptr(a = BN_CTX_get(bnctx)) 1104 1.1 christos && TEST_ptr(b = BN_CTX_get(bnctx)) 1105 1.1 christos && TEST_ptr(prime = BN_CTX_get(bnctx)) 1106 1.1 christos && TEST_ptr(order = BN_CTX_get(bnctx)) 1107 1.1 christos && TEST_ptr(BN_bin2bn(prime_data, sizeof(prime_data), prime)) 1108 1.1 christos && TEST_ptr(BN_bin2bn(a_data, sizeof(a_data), a)) 1109 1.1 christos && TEST_ptr(BN_bin2bn(b_data, sizeof(b_data), b)) 1110 1.1 christos && TEST_ptr(BN_bin2bn(order_data, sizeof(order_data), order)) 1111 1.1 christos && TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld, 1112 1.1 christos OSSL_PKEY_PARAM_EC_FIELD_TYPE, SN_X9_62_prime_field, 1113 1.1 christos 0)) 1114 1.1 christos && TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_P, prime)) 1115 1.1 christos && TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_A, a)) 1116 1.1 christos && TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_B, b)) 1117 1.1 christos && TEST_true(OSSL_PARAM_BLD_push_BN(bld, 1118 1.1 christos OSSL_PKEY_PARAM_EC_ORDER, order)) 1119 1.1 christos && TEST_true(OSSL_PARAM_BLD_push_octet_string(bld, 1120 1.1 christos OSSL_PKEY_PARAM_EC_GENERATOR, gen, gen_len)) 1121 1.1 christos && TEST_true(OSSL_PARAM_BLD_push_octet_string(bld, 1122 1.1 christos OSSL_PKEY_PARAM_EC_SEED, seed, sizeof(seed))) 1123 1.1 christos && TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_COFACTOR, 1124 1.1 christos BN_value_one())); 1125 1.1 christos } 1126 1.1 christos 1127 1.1 christos static int create_ec_explicit_prime_params_namedcurve(OSSL_PARAM_BLD *bld) 1128 1.1 christos { 1129 1.1 christos static const unsigned char prime256v1_gen[] = { 1130 1.1 christos 0x04, 1131 1.1 christos 0x6b, 0x17, 0xd1, 0xf2, 0xe1, 0x2c, 0x42, 0x47, 1132 1.1 christos 0xf8, 0xbc, 0xe6, 0xe5, 0x63, 0xa4, 0x40, 0xf2, 1133 1.1 christos 0x77, 0x03, 0x7d, 0x81, 0x2d, 0xeb, 0x33, 0xa0, 1134 1.1 christos 0xf4, 0xa1, 0x39, 0x45, 0xd8, 0x98, 0xc2, 0x96, 1135 1.1 christos 0x4f, 0xe3, 0x42, 0xe2, 0xfe, 0x1a, 0x7f, 0x9b, 1136 1.1 christos 0x8e, 0xe7, 0xeb, 0x4a, 0x7c, 0x0f, 0x9e, 0x16, 1137 1.1 christos 0x2b, 0xce, 0x33, 0x57, 0x6b, 0x31, 0x5e, 0xce, 1138 1.1 christos 0xcb, 0xb6, 0x40, 0x68, 0x37, 0xbf, 0x51, 0xf5 1139 1.1 christos }; 1140 1.1 christos return do_create_ec_explicit_prime_params(bld, prime256v1_gen, 1141 1.1 christos sizeof(prime256v1_gen)); 1142 1.1 christos } 1143 1.1 christos 1144 1.1 christos static int create_ec_explicit_prime_params(OSSL_PARAM_BLD *bld) 1145 1.1 christos { 1146 1.1 christos /* 2G */ 1147 1.1 christos static const unsigned char prime256v1_gen2[] = { 1148 1.1 christos 0x04, 1149 1.1 christos 0xe4, 0x97, 0x08, 0xbe, 0x7d, 0xfa, 0xa2, 0x9a, 1150 1.1 christos 0xa3, 0x12, 0x6f, 0xe4, 0xe7, 0xd0, 0x25, 0xe3, 1151 1.1 christos 0x4a, 0xc1, 0x03, 0x15, 0x8c, 0xd9, 0x33, 0xc6, 1152 1.1 christos 0x97, 0x42, 0xf5, 0xdc, 0x97, 0xb9, 0xd7, 0x31, 1153 1.1 christos 0xe9, 0x7d, 0x74, 0x3d, 0x67, 0x6a, 0x3b, 0x21, 1154 1.1 christos 0x08, 0x9c, 0x31, 0x73, 0xf8, 0xc1, 0x27, 0xc9, 1155 1.1 christos 0xd2, 0xa0, 0xa0, 0x83, 0x66, 0xe0, 0xc9, 0xda, 1156 1.1 christos 0xa8, 0xc6, 0x56, 0x2b, 0x94, 0xb1, 0xae, 0x55 1157 1.1 christos }; 1158 1.1 christos return do_create_ec_explicit_prime_params(bld, prime256v1_gen2, 1159 1.1 christos sizeof(prime256v1_gen2)); 1160 1.1 christos } 1161 1.1 christos 1162 1.1 christos # ifndef OPENSSL_NO_EC2M 1163 1.1 christos static int do_create_ec_explicit_trinomial_params(OSSL_PARAM_BLD *bld, 1164 1.1 christos const unsigned char *gen, 1165 1.1 christos size_t gen_len) 1166 1.1 christos { 1167 1.1 christos BIGNUM *a, *b, *poly, *order, *cofactor; 1168 1.1 christos /* sect233k1 characteristic-two-field tpBasis */ 1169 1.1 christos static const unsigned char poly_data[] = { 1170 1.1 christos 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1171 1.1 christos 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 1172 1.1 christos 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 1173 1.1 christos }; 1174 1.1 christos static const unsigned char a_data[] = { 1175 1.1 christos 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1176 1.1 christos 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1177 1.1 christos 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 1178 1.1 christos }; 1179 1.1 christos static const unsigned char b_data[] = { 1180 1.1 christos 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1181 1.1 christos 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1182 1.1 christos 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 1183 1.1 christos }; 1184 1.1 christos static const unsigned char order_data[] = { 1185 1.1 christos 0x00, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1186 1.1 christos 0x00, 0x00, 0x00, 0x06, 0x9D, 0x5B, 0xB9, 0x15, 0xBC, 0xD4, 0x6E, 0xFB, 1187 1.1 christos 0x1A, 0xD5, 0xF1, 0x73, 0xAB, 0xDF 1188 1.1 christos }; 1189 1.1 christos static const unsigned char cofactor_data[]= { 1190 1.1 christos 0x4 1191 1.1 christos }; 1192 1.1 christos return TEST_ptr(a = BN_CTX_get(bnctx)) 1193 1.1 christos && TEST_ptr(b = BN_CTX_get(bnctx)) 1194 1.1 christos && TEST_ptr(poly = BN_CTX_get(bnctx)) 1195 1.1 christos && TEST_ptr(order = BN_CTX_get(bnctx)) 1196 1.1 christos && TEST_ptr(cofactor = BN_CTX_get(bnctx)) 1197 1.1 christos && TEST_ptr(BN_bin2bn(poly_data, sizeof(poly_data), poly)) 1198 1.1 christos && TEST_ptr(BN_bin2bn(a_data, sizeof(a_data), a)) 1199 1.1 christos && TEST_ptr(BN_bin2bn(b_data, sizeof(b_data), b)) 1200 1.1 christos && TEST_ptr(BN_bin2bn(order_data, sizeof(order_data), order)) 1201 1.1 christos && TEST_ptr(BN_bin2bn(cofactor_data, sizeof(cofactor_data), cofactor)) 1202 1.1 christos && TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld, 1203 1.1 christos OSSL_PKEY_PARAM_EC_FIELD_TYPE, 1204 1.1 christos SN_X9_62_characteristic_two_field, 0)) 1205 1.1 christos && TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_P, poly)) 1206 1.1 christos && TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_A, a)) 1207 1.1 christos && TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_B, b)) 1208 1.1 christos && TEST_true(OSSL_PARAM_BLD_push_BN(bld, 1209 1.1 christos OSSL_PKEY_PARAM_EC_ORDER, order)) 1210 1.1 christos && TEST_true(OSSL_PARAM_BLD_push_octet_string(bld, 1211 1.1 christos OSSL_PKEY_PARAM_EC_GENERATOR, gen, gen_len)) 1212 1.1 christos && TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_COFACTOR, 1213 1.1 christos cofactor)); 1214 1.1 christos } 1215 1.1 christos 1216 1.1 christos static int create_ec_explicit_trinomial_params_namedcurve(OSSL_PARAM_BLD *bld) 1217 1.1 christos { 1218 1.1 christos static const unsigned char gen[] = { 1219 1.1 christos 0x04, 1220 1.1 christos 0x01, 0x72, 0x32, 0xBA, 0x85, 0x3A, 0x7E, 0x73, 0x1A, 0xF1, 0x29, 0xF2, 1221 1.1 christos 0x2F, 0xF4, 0x14, 0x95, 0x63, 0xA4, 0x19, 0xC2, 0x6B, 0xF5, 0x0A, 0x4C, 1222 1.1 christos 0x9D, 0x6E, 0xEF, 0xAD, 0x61, 0x26, 1223 1.1 christos 0x01, 0xDB, 0x53, 0x7D, 0xEC, 0xE8, 0x19, 0xB7, 0xF7, 0x0F, 0x55, 0x5A, 1224 1.1 christos 0x67, 0xC4, 0x27, 0xA8, 0xCD, 0x9B, 0xF1, 0x8A, 0xEB, 0x9B, 0x56, 0xE0, 1225 1.1 christos 0xC1, 0x10, 0x56, 0xFA, 0xE6, 0xA3 1226 1.1 christos }; 1227 1.1 christos return do_create_ec_explicit_trinomial_params(bld, gen, sizeof(gen)); 1228 1.1 christos } 1229 1.1 christos 1230 1.1 christos static int create_ec_explicit_trinomial_params(OSSL_PARAM_BLD *bld) 1231 1.1 christos { 1232 1.1 christos static const unsigned char gen2[] = { 1233 1.1 christos 0x04, 1234 1.1 christos 0x00, 0xd7, 0xba, 0xd0, 0x26, 0x6c, 0x31, 0x6a, 0x78, 0x76, 0x01, 0xd1, 1235 1.1 christos 0x32, 0x4b, 0x8f, 0x30, 0x29, 0x2d, 0x78, 0x30, 0xca, 0x43, 0xaa, 0xf0, 1236 1.1 christos 0xa2, 0x5a, 0xd4, 0x0f, 0xb3, 0xf4, 1237 1.1 christos 0x00, 0x85, 0x4b, 0x1b, 0x8d, 0x50, 0x10, 0xa5, 0x1c, 0x80, 0xf7, 0x86, 1238 1.1 christos 0x40, 0x62, 0x4c, 0x87, 0xd1, 0x26, 0x7a, 0x9c, 0x5c, 0xe9, 0x82, 0x29, 1239 1.1 christos 0xd1, 0x67, 0x70, 0x41, 0xea, 0xcb 1240 1.1 christos }; 1241 1.1 christos return do_create_ec_explicit_trinomial_params(bld, gen2, sizeof(gen2)); 1242 1.1 christos } 1243 1.1 christos # endif /* OPENSSL_NO_EC2M */ 1244 1.1 christos #endif /* OPENSSL_NO_EC */ 1245 1.1 christos 1246 1.1 christos typedef enum OPTION_choice { 1247 1.1 christos OPT_ERR = -1, 1248 1.1 christos OPT_EOF = 0, 1249 1.1 christos OPT_CONTEXT, 1250 1.1 christos OPT_RSA_FILE, 1251 1.1 christos OPT_RSA_PSS_FILE, 1252 1.1 christos OPT_CONFIG_FILE, 1253 1.1 christos OPT_PROVIDER_NAME, 1254 1.1 christos OPT_TEST_ENUM 1255 1.1 christos } OPTION_CHOICE; 1256 1.1 christos 1257 1.1 christos const OPTIONS *test_get_options(void) 1258 1.1 christos { 1259 1.1 christos static const OPTIONS options[] = { 1260 1.1 christos OPT_TEST_OPTIONS_DEFAULT_USAGE, 1261 1.1 christos { "context", OPT_CONTEXT, '-', 1262 1.1 christos "Explicitly use a non-default library context" }, 1263 1.1 christos { "rsa", OPT_RSA_FILE, '<', 1264 1.1 christos "PEM format RSA key file to encode/decode" }, 1265 1.1 christos { "pss", OPT_RSA_PSS_FILE, '<', 1266 1.1 christos "PEM format RSA-PSS key file to encode/decode" }, 1267 1.1 christos { "config", OPT_CONFIG_FILE, '<', 1268 1.1 christos "The configuration file to use for the library context" }, 1269 1.1 christos { "provider", OPT_PROVIDER_NAME, 's', 1270 1.1 christos "The provider to load (The default value is 'default')" }, 1271 1.1 christos { NULL } 1272 1.1 christos }; 1273 1.1 christos return options; 1274 1.1 christos } 1275 1.1 christos 1276 1.1 christos int setup_tests(void) 1277 1.1 christos { 1278 1.1 christos const char *rsa_file = NULL; 1279 1.1 christos const char *rsa_pss_file = NULL; 1280 1.1 christos const char *prov_name = "default"; 1281 1.1 christos char *config_file = NULL; 1282 1.1 christos int ok = 1; 1283 1.1 christos 1284 1.1 christos #ifndef OPENSSL_NO_DSA 1285 1.1 christos static size_t qbits = 160; /* PVK only tolerates 160 Q bits */ 1286 1.1 christos static size_t pbits = 1024; /* With 160 Q bits, we MUST use 1024 P bits */ 1287 1.1 christos OSSL_PARAM DSA_params[] = { 1288 1.1 christos OSSL_PARAM_size_t("pbits", &pbits), 1289 1.1 christos OSSL_PARAM_size_t("qbits", &qbits), 1290 1.1 christos OSSL_PARAM_END 1291 1.1 christos }; 1292 1.1 christos #endif 1293 1.1 christos 1294 1.1 christos #ifndef OPENSSL_NO_EC 1295 1.1 christos static char groupname[] = "prime256v1"; 1296 1.1 christos OSSL_PARAM EC_params[] = { 1297 1.1 christos OSSL_PARAM_utf8_string("group", groupname, sizeof(groupname) - 1), 1298 1.1 christos OSSL_PARAM_END 1299 1.1 christos }; 1300 1.1 christos #endif 1301 1.1 christos 1302 1.1 christos OPTION_CHOICE o; 1303 1.1 christos 1304 1.1 christos while ((o = opt_next()) != OPT_EOF) { 1305 1.1 christos switch (o) { 1306 1.1 christos case OPT_CONTEXT: 1307 1.1 christos default_libctx = 0; 1308 1.1 christos break; 1309 1.1 christos case OPT_PROVIDER_NAME: 1310 1.1 christos prov_name = opt_arg(); 1311 1.1 christos break; 1312 1.1 christos case OPT_CONFIG_FILE: 1313 1.1 christos config_file = opt_arg(); 1314 1.1 christos break; 1315 1.1 christos case OPT_RSA_FILE: 1316 1.1 christos rsa_file = opt_arg(); 1317 1.1 christos break; 1318 1.1 christos case OPT_RSA_PSS_FILE: 1319 1.1 christos rsa_pss_file = opt_arg(); 1320 1.1 christos break; 1321 1.1 christos case OPT_TEST_CASES: 1322 1.1 christos break; 1323 1.1 christos default: 1324 1.1 christos return 0; 1325 1.1 christos } 1326 1.1 christos } 1327 1.1 christos 1328 1.1 christos if (strcmp(prov_name, "fips") == 0) 1329 1.1 christos is_fips = 1; 1330 1.1 christos 1331 1.1 christos if (default_libctx) { 1332 1.1 christos if (!test_get_libctx(NULL, NULL, config_file, &deflprov, prov_name)) 1333 1.1 christos return 0; 1334 1.1 christos } else { 1335 1.1 christos if (!test_get_libctx(&testctx, &nullprov, config_file, &deflprov, prov_name)) 1336 1.1 christos return 0; 1337 1.1 christos } 1338 1.1 christos 1339 1.1 christos /* FIPS(3.0.0): provider imports explicit params but they won't work #17998 */ 1340 1.1.1.3 christos is_fips_3_0_0 = is_fips && fips_provider_version_eq(testctx, 3, 0, 0); 1341 1.1 christos 1342 1.1 christos /* Separate provider/ctx for generating the test data */ 1343 1.1 christos if (!TEST_ptr(keyctx = OSSL_LIB_CTX_new())) 1344 1.1 christos return 0; 1345 1.1 christos if (!TEST_ptr(keyprov = OSSL_PROVIDER_load(keyctx, "default"))) 1346 1.1 christos return 0; 1347 1.1 christos 1348 1.1 christos #ifndef OPENSSL_NO_EC 1349 1.1 christos if (!TEST_ptr(bnctx = BN_CTX_new_ex(testctx)) 1350 1.1 christos || !TEST_ptr(bld_prime_nc = OSSL_PARAM_BLD_new()) 1351 1.1 christos || !TEST_ptr(bld_prime = OSSL_PARAM_BLD_new()) 1352 1.1 christos || !create_ec_explicit_prime_params_namedcurve(bld_prime_nc) 1353 1.1 christos || !create_ec_explicit_prime_params(bld_prime) 1354 1.1 christos || !TEST_ptr(ec_explicit_prime_params_nc = OSSL_PARAM_BLD_to_param(bld_prime_nc)) 1355 1.1 christos || !TEST_ptr(ec_explicit_prime_params_explicit = OSSL_PARAM_BLD_to_param(bld_prime)) 1356 1.1 christos # ifndef OPENSSL_NO_EC2M 1357 1.1 christos || !TEST_ptr(bld_tri_nc = OSSL_PARAM_BLD_new()) 1358 1.1 christos || !TEST_ptr(bld_tri = OSSL_PARAM_BLD_new()) 1359 1.1 christos || !create_ec_explicit_trinomial_params_namedcurve(bld_tri_nc) 1360 1.1 christos || !create_ec_explicit_trinomial_params(bld_tri) 1361 1.1 christos || !TEST_ptr(ec_explicit_tri_params_nc = OSSL_PARAM_BLD_to_param(bld_tri_nc)) 1362 1.1 christos || !TEST_ptr(ec_explicit_tri_params_explicit = OSSL_PARAM_BLD_to_param(bld_tri)) 1363 1.1 christos # endif 1364 1.1 christos ) 1365 1.1 christos return 0; 1366 1.1 christos #endif 1367 1.1 christos 1368 1.1 christos TEST_info("Generating keys..."); 1369 1.1 christos 1370 1.1 christos #ifndef OPENSSL_NO_DH 1371 1.1 christos TEST_info("Generating DH keys..."); 1372 1.1 christos MAKE_DOMAIN_KEYS(DH, "DH", NULL); 1373 1.1 christos MAKE_DOMAIN_KEYS(DHX, "X9.42 DH", NULL); 1374 1.1 christos #endif 1375 1.1 christos #ifndef OPENSSL_NO_DSA 1376 1.1 christos TEST_info("Generating DSA keys..."); 1377 1.1 christos MAKE_DOMAIN_KEYS(DSA, "DSA", DSA_params); 1378 1.1 christos #endif 1379 1.1 christos #ifndef OPENSSL_NO_EC 1380 1.1 christos TEST_info("Generating EC keys..."); 1381 1.1 christos MAKE_DOMAIN_KEYS(EC, "EC", EC_params); 1382 1.1 christos MAKE_DOMAIN_KEYS(ECExplicitPrimeNamedCurve, "EC", ec_explicit_prime_params_nc); 1383 1.1 christos MAKE_DOMAIN_KEYS(ECExplicitPrime2G, "EC", ec_explicit_prime_params_explicit); 1384 1.1 christos # ifndef OPENSSL_NO_EC2M 1385 1.1 christos MAKE_DOMAIN_KEYS(ECExplicitTriNamedCurve, "EC", ec_explicit_tri_params_nc); 1386 1.1 christos MAKE_DOMAIN_KEYS(ECExplicitTri2G, "EC", ec_explicit_tri_params_explicit); 1387 1.1 christos # endif 1388 1.1.1.3 christos # ifndef OPENSSL_NO_SM2 1389 1.1.1.3 christos MAKE_KEYS(SM2, "SM2", NULL); 1390 1.1.1.3 christos # endif 1391 1.1 christos MAKE_KEYS(ED25519, "ED25519", NULL); 1392 1.1 christos MAKE_KEYS(ED448, "ED448", NULL); 1393 1.1 christos MAKE_KEYS(X25519, "X25519", NULL); 1394 1.1 christos MAKE_KEYS(X448, "X448", NULL); 1395 1.1 christos #endif 1396 1.1 christos TEST_info("Loading RSA key..."); 1397 1.1 christos ok = ok && TEST_ptr(key_RSA = load_pkey_pem(rsa_file, keyctx)); 1398 1.1 christos TEST_info("Loading RSA_PSS key..."); 1399 1.1 christos ok = ok && TEST_ptr(key_RSA_PSS = load_pkey_pem(rsa_pss_file, keyctx)); 1400 1.1 christos TEST_info("Generating keys done"); 1401 1.1 christos 1402 1.1 christos if (ok) { 1403 1.1 christos #ifndef OPENSSL_NO_DH 1404 1.1 christos ADD_TEST_SUITE(DH); 1405 1.1 christos ADD_TEST_SUITE_PARAMS(DH); 1406 1.1 christos ADD_TEST_SUITE(DHX); 1407 1.1 christos ADD_TEST_SUITE_PARAMS(DHX); 1408 1.1 christos /* 1409 1.1 christos * DH has no support for PEM_write_bio_PrivateKey_traditional(), 1410 1.1 christos * so no legacy tests. 1411 1.1 christos */ 1412 1.1 christos #endif 1413 1.1 christos #ifndef OPENSSL_NO_DSA 1414 1.1 christos ADD_TEST_SUITE(DSA); 1415 1.1 christos ADD_TEST_SUITE_PARAMS(DSA); 1416 1.1 christos ADD_TEST_SUITE_LEGACY(DSA); 1417 1.1 christos ADD_TEST_SUITE_MSBLOB(DSA); 1418 1.1 christos ADD_TEST_SUITE_UNPROTECTED_PVK(DSA); 1419 1.1 christos # ifndef OPENSSL_NO_RC4 1420 1.1 christos ADD_TEST_SUITE_PROTECTED_PVK(DSA); 1421 1.1 christos # endif 1422 1.1 christos #endif 1423 1.1 christos #ifndef OPENSSL_NO_EC 1424 1.1 christos ADD_TEST_SUITE(EC); 1425 1.1 christos ADD_TEST_SUITE_PARAMS(EC); 1426 1.1 christos ADD_TEST_SUITE_LEGACY(EC); 1427 1.1 christos ADD_TEST_SUITE(ECExplicitPrimeNamedCurve); 1428 1.1 christos ADD_TEST_SUITE_LEGACY(ECExplicitPrimeNamedCurve); 1429 1.1 christos ADD_TEST_SUITE(ECExplicitPrime2G); 1430 1.1 christos ADD_TEST_SUITE_LEGACY(ECExplicitPrime2G); 1431 1.1 christos # ifndef OPENSSL_NO_EC2M 1432 1.1 christos ADD_TEST_SUITE(ECExplicitTriNamedCurve); 1433 1.1 christos ADD_TEST_SUITE_LEGACY(ECExplicitTriNamedCurve); 1434 1.1 christos ADD_TEST_SUITE(ECExplicitTri2G); 1435 1.1 christos ADD_TEST_SUITE_LEGACY(ECExplicitTri2G); 1436 1.1 christos # endif 1437 1.1.1.3 christos # ifndef OPENSSL_NO_SM2 1438 1.1.1.3 christos if (!is_fips_3_0_0) { 1439 1.1.1.3 christos /* 3.0.0 FIPS provider imports explicit EC params and then fails. */ 1440 1.1.1.3 christos ADD_TEST_SUITE(SM2); 1441 1.1.1.3 christos } 1442 1.1.1.3 christos # endif 1443 1.1 christos ADD_TEST_SUITE(ED25519); 1444 1.1 christos ADD_TEST_SUITE(ED448); 1445 1.1 christos ADD_TEST_SUITE(X25519); 1446 1.1 christos ADD_TEST_SUITE(X448); 1447 1.1 christos /* 1448 1.1 christos * ED25519, ED448, X25519 and X448 have no support for 1449 1.1 christos * PEM_write_bio_PrivateKey_traditional(), so no legacy tests. 1450 1.1 christos */ 1451 1.1 christos #endif 1452 1.1 christos ADD_TEST_SUITE(RSA); 1453 1.1 christos ADD_TEST_SUITE_LEGACY(RSA); 1454 1.1 christos ADD_TEST_SUITE(RSA_PSS); 1455 1.1 christos /* 1456 1.1 christos * RSA-PSS has no support for PEM_write_bio_PrivateKey_traditional(), 1457 1.1 christos * so no legacy tests. 1458 1.1 christos */ 1459 1.1 christos ADD_TEST_SUITE_MSBLOB(RSA); 1460 1.1 christos ADD_TEST_SUITE_UNPROTECTED_PVK(RSA); 1461 1.1 christos # ifndef OPENSSL_NO_RC4 1462 1.1 christos ADD_TEST_SUITE_PROTECTED_PVK(RSA); 1463 1.1 christos # endif 1464 1.1 christos } 1465 1.1 christos 1466 1.1 christos return 1; 1467 1.1 christos } 1468 1.1 christos 1469 1.1 christos void cleanup_tests(void) 1470 1.1 christos { 1471 1.1 christos #ifndef OPENSSL_NO_EC 1472 1.1 christos OSSL_PARAM_free(ec_explicit_prime_params_nc); 1473 1.1 christos OSSL_PARAM_free(ec_explicit_prime_params_explicit); 1474 1.1 christos OSSL_PARAM_BLD_free(bld_prime_nc); 1475 1.1 christos OSSL_PARAM_BLD_free(bld_prime); 1476 1.1 christos # ifndef OPENSSL_NO_EC2M 1477 1.1 christos OSSL_PARAM_free(ec_explicit_tri_params_nc); 1478 1.1 christos OSSL_PARAM_free(ec_explicit_tri_params_explicit); 1479 1.1 christos OSSL_PARAM_BLD_free(bld_tri_nc); 1480 1.1 christos OSSL_PARAM_BLD_free(bld_tri); 1481 1.1 christos # endif 1482 1.1 christos BN_CTX_free(bnctx); 1483 1.1 christos #endif /* OPENSSL_NO_EC */ 1484 1.1 christos 1485 1.1 christos #ifndef OPENSSL_NO_DH 1486 1.1 christos FREE_DOMAIN_KEYS(DH); 1487 1.1 christos FREE_DOMAIN_KEYS(DHX); 1488 1.1 christos #endif 1489 1.1 christos #ifndef OPENSSL_NO_DSA 1490 1.1 christos FREE_DOMAIN_KEYS(DSA); 1491 1.1 christos #endif 1492 1.1 christos #ifndef OPENSSL_NO_EC 1493 1.1 christos FREE_DOMAIN_KEYS(EC); 1494 1.1 christos FREE_DOMAIN_KEYS(ECExplicitPrimeNamedCurve); 1495 1.1 christos FREE_DOMAIN_KEYS(ECExplicitPrime2G); 1496 1.1 christos # ifndef OPENSSL_NO_EC2M 1497 1.1 christos FREE_DOMAIN_KEYS(ECExplicitTriNamedCurve); 1498 1.1 christos FREE_DOMAIN_KEYS(ECExplicitTri2G); 1499 1.1 christos # endif 1500 1.1.1.3 christos # ifndef OPENSSL_NO_SM2 1501 1.1.1.3 christos FREE_KEYS(SM2); 1502 1.1.1.3 christos # endif 1503 1.1 christos FREE_KEYS(ED25519); 1504 1.1 christos FREE_KEYS(ED448); 1505 1.1 christos FREE_KEYS(X25519); 1506 1.1 christos FREE_KEYS(X448); 1507 1.1 christos #endif 1508 1.1 christos FREE_KEYS(RSA); 1509 1.1 christos FREE_KEYS(RSA_PSS); 1510 1.1 christos 1511 1.1 christos OSSL_PROVIDER_unload(nullprov); 1512 1.1 christos OSSL_PROVIDER_unload(deflprov); 1513 1.1 christos OSSL_PROVIDER_unload(keyprov); 1514 1.1 christos OSSL_LIB_CTX_free(testctx); 1515 1.1 christos OSSL_LIB_CTX_free(keyctx); 1516 1.1 christos } 1517
Indexes created Mon Mar 02 05:31:46 UTC 2026