]>
Commit | Line | Data |
---|---|---|
5a23d78c | 1 | /* |
fecb3aae | 2 | * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. |
5a23d78c RL |
3 | * |
4 | * Licensed under the Apache License 2.0 (the "License"). You may not use | |
5 | * this file except in compliance with the License. You can obtain a copy | |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
8 | */ | |
9 | ||
3ecbea6a | 10 | #include <string.h> |
ae12eac0 | 11 | #include <openssl/core_dispatch.h> |
5a23d78c RL |
12 | #include <openssl/evp.h> |
13 | #include <openssl/pem.h> | |
14 | #include <openssl/rsa.h> | |
15 | #include <openssl/x509.h> | |
c0f39ded | 16 | #include <openssl/core_names.h> |
7c664b1f | 17 | #include <openssl/params.h> |
c0f39ded | 18 | #include <openssl/param_build.h> |
ece9304c RL |
19 | #include <openssl/encoder.h> |
20 | #include <openssl/decoder.h> | |
5a23d78c | 21 | |
e2ac846e | 22 | #include "internal/cryptlib.h" /* ossl_assert */ |
0934cf48 | 23 | #include "crypto/pem.h" /* For PVK and "blob" PEM headers */ |
4f0831b8 | 24 | #include "crypto/evp.h" /* For evp_pkey_is_provided() */ |
e2ac846e | 25 | |
20f8bc72 | 26 | #include "helpers/predefined_dhparams.h" |
5a23d78c RL |
27 | #include "testutil.h" |
28 | ||
7ee992a5 MC |
29 | #ifdef STATIC_LEGACY |
30 | OSSL_provider_init_fn ossl_legacy_provider_init; | |
31 | #endif | |
32 | ||
6511f686 JS |
33 | /* Extended test macros to allow passing file & line number */ |
34 | #define TEST_FL_ptr(a) test_ptr(file, line, #a, a) | |
35 | #define TEST_FL_mem_eq(a, m, b, n) test_mem_eq(file, line, #a, #b, a, m, b, n) | |
36 | #define TEST_FL_strn_eq(a, b, n) test_strn_eq(file, line, #a, #b, a, n, b, n) | |
37 | #define TEST_FL_strn2_eq(a, m, b, n) test_strn_eq(file, line, #a, #b, a, m, b, n) | |
38 | #define TEST_FL_int_eq(a, b) test_int_eq(file, line, #a, #b, a, b) | |
39 | #define TEST_FL_int_ge(a, b) test_int_ge(file, line, #a, #b, a, b) | |
40 | #define TEST_FL_int_gt(a, b) test_int_gt(file, line, #a, #b, a, b) | |
41 | #define TEST_FL_long_gt(a, b) test_long_gt(file, line, #a, #b, a, b) | |
42 | #define TEST_FL_true(a) test_true(file, line, #a, (a) != 0) | |
43 | ||
a2e145f8 RL |
44 | #if defined(OPENSSL_NO_DH) && defined(OPENSSL_NO_DSA) && defined(OPENSSL_NO_EC) |
45 | # define OPENSSL_NO_KEYPARAMS | |
46 | #endif | |
47 | ||
169eca60 JS |
48 | static int default_libctx = 1; |
49 | static int is_fips = 0; | |
e1289d90 | 50 | static int is_fips_3_0_0 = 0; |
169eca60 JS |
51 | |
52 | static OSSL_LIB_CTX *testctx = NULL; | |
53 | static OSSL_LIB_CTX *keyctx = NULL; | |
54 | static char *testpropq = NULL; | |
55 | ||
56 | static OSSL_PROVIDER *nullprov = NULL; | |
57 | static OSSL_PROVIDER *deflprov = NULL; | |
58 | static OSSL_PROVIDER *keyprov = NULL; | |
59 | ||
c0f39ded SL |
60 | #ifndef OPENSSL_NO_EC |
61 | static BN_CTX *bnctx = NULL; | |
62 | static OSSL_PARAM_BLD *bld_prime_nc = NULL; | |
63 | static OSSL_PARAM_BLD *bld_prime = NULL; | |
64 | static OSSL_PARAM *ec_explicit_prime_params_nc = NULL; | |
65 | static OSSL_PARAM *ec_explicit_prime_params_explicit = NULL; | |
66 | ||
67 | # ifndef OPENSSL_NO_EC2M | |
68 | static OSSL_PARAM_BLD *bld_tri_nc = NULL; | |
69 | static OSSL_PARAM_BLD *bld_tri = NULL; | |
70 | static OSSL_PARAM *ec_explicit_tri_params_nc = NULL; | |
71 | static OSSL_PARAM *ec_explicit_tri_params_explicit = NULL; | |
72 | # endif | |
73 | #endif | |
74 | ||
a2e145f8 | 75 | #ifndef OPENSSL_NO_KEYPARAMS |
7c664b1f RL |
76 | static EVP_PKEY *make_template(const char *type, OSSL_PARAM *genparams) |
77 | { | |
78 | EVP_PKEY *pkey = NULL; | |
5658470c DDO |
79 | EVP_PKEY_CTX *ctx = NULL; |
80 | ||
821d6f8c | 81 | # ifndef OPENSSL_NO_DH |
1234aa7e DDO |
82 | /* |
83 | * Use 512-bit DH(X) keys with predetermined parameters for efficiency, | |
84 | * for testing only. Use a minimum key size of 2048 for security purposes. | |
85 | */ | |
5658470c | 86 | if (strcmp(type, "DH") == 0) |
169eca60 JS |
87 | return get_dh512(keyctx); |
88 | ||
5658470c | 89 | if (strcmp(type, "X9.42 DH") == 0) |
169eca60 | 90 | return get_dhx512(keyctx); |
821d6f8c | 91 | # endif |
7c664b1f RL |
92 | |
93 | /* | |
94 | * No real need to check the errors other than for the cascade | |
95 | * effect. |pkey| will simply remain NULL if something goes wrong. | |
96 | */ | |
169eca60 | 97 | (void)((ctx = EVP_PKEY_CTX_new_from_name(keyctx, type, testpropq)) != NULL |
7c664b1f RL |
98 | && EVP_PKEY_paramgen_init(ctx) > 0 |
99 | && (genparams == NULL | |
100 | || EVP_PKEY_CTX_set_params(ctx, genparams) > 0) | |
f9253152 | 101 | && EVP_PKEY_generate(ctx, &pkey) > 0); |
7c664b1f RL |
102 | EVP_PKEY_CTX_free(ctx); |
103 | ||
104 | return pkey; | |
105 | } | |
821d6f8c | 106 | #endif |
5a23d78c | 107 | |
91f2b15f | 108 | #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC) |
7c664b1f | 109 | static EVP_PKEY *make_key(const char *type, EVP_PKEY *template, |
1251cddf | 110 | OSSL_PARAM *genparams) |
5a23d78c RL |
111 | { |
112 | EVP_PKEY *pkey = NULL; | |
7c664b1f RL |
113 | EVP_PKEY_CTX *ctx = |
114 | template != NULL | |
169eca60 JS |
115 | ? EVP_PKEY_CTX_new_from_pkey(keyctx, template, testpropq) |
116 | : EVP_PKEY_CTX_new_from_name(keyctx, type, testpropq); | |
5a23d78c RL |
117 | |
118 | /* | |
119 | * No real need to check the errors other than for the cascade | |
7c664b1f | 120 | * effect. |pkey| will simply remain NULL if something goes wrong. |
5a23d78c RL |
121 | */ |
122 | (void)(ctx != NULL | |
123 | && EVP_PKEY_keygen_init(ctx) > 0 | |
7c664b1f RL |
124 | && (genparams == NULL |
125 | || EVP_PKEY_CTX_set_params(ctx, genparams) > 0) | |
5a23d78c RL |
126 | && EVP_PKEY_keygen(ctx, &pkey) > 0); |
127 | EVP_PKEY_CTX_free(ctx); | |
5a23d78c RL |
128 | return pkey; |
129 | } | |
91f2b15f | 130 | #endif |
5a23d78c RL |
131 | |
132 | /* Main test driver */ | |
133 | ||
6511f686 JS |
134 | typedef int (encoder)(const char *file, const int line, |
135 | void **encoded, long *encoded_len, | |
973a52ce RL |
136 | void *object, int selection, |
137 | const char *output_type, const char *output_structure, | |
ae12eac0 | 138 | const char *pass, const char *pcipher); |
6511f686 JS |
139 | typedef int (decoder)(const char *file, const int line, |
140 | void **object, void *encoded, long encoded_len, | |
ff1c10d9 RL |
141 | const char *input_type, const char *structure_type, |
142 | const char *keytype, int selection, const char *pass); | |
6511f686 JS |
143 | typedef int (tester)(const char *file, const int line, |
144 | const void *data1, size_t data1_len, | |
319d0b2b | 145 | const void *data2, size_t data2_len); |
6511f686 JS |
146 | typedef int (checker)(const char *file, const int line, |
147 | const char *type, const void *data, size_t data_len); | |
5a23d78c RL |
148 | typedef void (dumper)(const char *label, const void *data, size_t data_len); |
149 | ||
b565a17d | 150 | #define FLAG_DECODE_WITH_TYPE 0x0001 |
e8a41459 | 151 | #define FLAG_FAIL_IF_FIPS 0x0002 |
b565a17d | 152 | |
6511f686 JS |
153 | static int test_encode_decode(const char *file, const int line, |
154 | const char *type, EVP_PKEY *pkey, | |
973a52ce RL |
155 | int selection, const char *output_type, |
156 | const char *output_structure, | |
1251cddf RL |
157 | const char *pass, const char *pcipher, |
158 | encoder *encode_cb, decoder *decode_cb, | |
159 | tester *test_cb, checker *check_cb, | |
b565a17d | 160 | dumper *dump_cb, int flags) |
5a23d78c | 161 | { |
ece9304c RL |
162 | void *encoded = NULL; |
163 | long encoded_len = 0; | |
5a23d78c | 164 | EVP_PKEY *pkey2 = NULL; |
ece9304c RL |
165 | void *encoded2 = NULL; |
166 | long encoded2_len = 0; | |
5a23d78c RL |
167 | int ok = 0; |
168 | ||
ae12eac0 RL |
169 | /* |
170 | * Encode |pkey|, decode the result into |pkey2|, and finish off by | |
171 | * encoding |pkey2| as well. That last encoding is for checking and | |
172 | * dumping purposes. | |
173 | */ | |
6511f686 | 174 | if (!TEST_true(encode_cb(file, line, &encoded, &encoded_len, pkey, selection, |
e8a41459 TM |
175 | output_type, output_structure, pass, pcipher))) |
176 | goto end; | |
177 | ||
e1289d90 | 178 | if ((flags & FLAG_FAIL_IF_FIPS) != 0 && is_fips && !is_fips_3_0_0) { |
e8a41459 TM |
179 | if (TEST_false(decode_cb(file, line, (void **)&pkey2, encoded, |
180 | encoded_len, output_type, output_structure, | |
181 | (flags & FLAG_DECODE_WITH_TYPE ? type : NULL), | |
182 | selection, pass))) | |
183 | ok = 1; | |
184 | goto end; | |
185 | } | |
186 | ||
187 | if (!TEST_true(check_cb(file, line, type, encoded, encoded_len)) | |
6511f686 | 188 | || !TEST_true(decode_cb(file, line, (void **)&pkey2, encoded, encoded_len, |
ff1c10d9 | 189 | output_type, output_structure, |
b565a17d | 190 | (flags & FLAG_DECODE_WITH_TYPE ? type : NULL), |
ff1c10d9 | 191 | selection, pass)) |
6511f686 | 192 | || !TEST_true(encode_cb(file, line, &encoded2, &encoded2_len, pkey2, selection, |
973a52ce | 193 | output_type, output_structure, pass, pcipher))) |
ae12eac0 RL |
194 | goto end; |
195 | ||
b565a17d MC |
196 | if (selection == OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) { |
197 | if (!TEST_int_eq(EVP_PKEY_parameters_eq(pkey, pkey2), 1)) | |
198 | goto end; | |
199 | } else { | |
200 | if (!TEST_int_eq(EVP_PKEY_eq(pkey, pkey2), 1)) | |
201 | goto end; | |
202 | } | |
5a23d78c RL |
203 | |
204 | /* | |
ece9304c | 205 | * Double check the encoding, but only for unprotected keys, |
3ecbea6a RL |
206 | * as protected keys have a random component, which makes the output |
207 | * differ. | |
5a23d78c | 208 | */ |
3ecbea6a | 209 | if ((pass == NULL && pcipher == NULL) |
6511f686 | 210 | && !test_cb(file, line, encoded, encoded_len, encoded2, encoded2_len)) |
5a23d78c RL |
211 | goto end; |
212 | ||
213 | ok = 1; | |
214 | end: | |
319d0b2b | 215 | if (!ok) { |
ece9304c | 216 | if (encoded != NULL && encoded_len != 0) |
ae12eac0 | 217 | dump_cb("|pkey| encoded", encoded, encoded_len); |
ece9304c | 218 | if (encoded2 != NULL && encoded2_len != 0) |
ae12eac0 | 219 | dump_cb("|pkey2| encoded", encoded2, encoded2_len); |
319d0b2b | 220 | } |
5a23d78c | 221 | |
ece9304c RL |
222 | OPENSSL_free(encoded); |
223 | OPENSSL_free(encoded2); | |
5a23d78c RL |
224 | EVP_PKEY_free(pkey2); |
225 | return ok; | |
226 | } | |
227 | ||
973a52ce | 228 | /* Encoding and decoding methods */ |
5a23d78c | 229 | |
6511f686 JS |
230 | static int encode_EVP_PKEY_prov(const char *file, const int line, |
231 | void **encoded, long *encoded_len, | |
973a52ce RL |
232 | void *object, int selection, |
233 | const char *output_type, | |
234 | const char *output_structure, | |
ae12eac0 | 235 | const char *pass, const char *pcipher) |
5a23d78c RL |
236 | { |
237 | EVP_PKEY *pkey = object; | |
ece9304c | 238 | OSSL_ENCODER_CTX *ectx = NULL; |
5a23d78c RL |
239 | BIO *mem_ser = NULL; |
240 | BUF_MEM *mem_buf = NULL; | |
3ecbea6a | 241 | const unsigned char *upass = (const unsigned char *)pass; |
5a23d78c RL |
242 | int ok = 0; |
243 | ||
6511f686 | 244 | if (!TEST_FL_ptr(ectx = OSSL_ENCODER_CTX_new_for_pkey(pkey, selection, |
fe75766c TM |
245 | output_type, |
246 | output_structure, | |
169eca60 | 247 | testpropq)) |
6511f686 | 248 | || !TEST_FL_int_gt(OSSL_ENCODER_CTX_get_num_encoders(ectx), 0) |
3ecbea6a | 249 | || (pass != NULL |
6511f686 | 250 | && !TEST_FL_true(OSSL_ENCODER_CTX_set_passphrase(ectx, upass, |
ae12eac0 | 251 | strlen(pass)))) |
3ecbea6a | 252 | || (pcipher != NULL |
6511f686 JS |
253 | && !TEST_FL_true(OSSL_ENCODER_CTX_set_cipher(ectx, pcipher, NULL))) |
254 | || !TEST_FL_ptr(mem_ser = BIO_new(BIO_s_mem())) | |
255 | || !TEST_FL_true(OSSL_ENCODER_to_bio(ectx, mem_ser)) | |
256 | || !TEST_FL_true(BIO_get_mem_ptr(mem_ser, &mem_buf) > 0) | |
257 | || !TEST_FL_ptr(*encoded = mem_buf->data) | |
258 | || !TEST_FL_long_gt(*encoded_len = mem_buf->length, 0)) | |
5a23d78c RL |
259 | goto end; |
260 | ||
ece9304c | 261 | /* Detach the encoded output */ |
5a23d78c RL |
262 | mem_buf->data = NULL; |
263 | mem_buf->length = 0; | |
264 | ok = 1; | |
265 | end: | |
266 | BIO_free(mem_ser); | |
ece9304c | 267 | OSSL_ENCODER_CTX_free(ectx); |
5a23d78c RL |
268 | return ok; |
269 | } | |
270 | ||
6511f686 JS |
271 | static int decode_EVP_PKEY_prov(const char *file, const int line, |
272 | void **object, void *encoded, long encoded_len, | |
ff1c10d9 RL |
273 | const char *input_type, |
274 | const char *structure_type, | |
275 | const char *keytype, int selection, | |
276 | const char *pass) | |
5a23d78c | 277 | { |
b565a17d | 278 | EVP_PKEY *pkey = NULL, *testpkey = NULL; |
ece9304c | 279 | OSSL_DECODER_CTX *dctx = NULL; |
b565a17d | 280 | BIO *encoded_bio = NULL; |
3ecbea6a | 281 | const unsigned char *upass = (const unsigned char *)pass; |
5a23d78c | 282 | int ok = 0; |
b565a17d MC |
283 | int i; |
284 | const char *badtype; | |
5a23d78c | 285 | |
b565a17d MC |
286 | if (strcmp(input_type, "DER") == 0) |
287 | badtype = "PEM"; | |
288 | else | |
289 | badtype = "DER"; | |
290 | ||
6511f686 | 291 | if (!TEST_FL_ptr(encoded_bio = BIO_new_mem_buf(encoded, encoded_len))) |
5a23d78c | 292 | goto end; |
b565a17d MC |
293 | |
294 | /* | |
295 | * We attempt the decode 3 times. The first time we provide the expected | |
296 | * starting input type. The second time we provide NULL for the starting | |
297 | * type. The third time we provide a bad starting input type. | |
298 | * The bad starting input type should fail. The other two should succeed | |
299 | * and produce the same result. | |
300 | */ | |
301 | for (i = 0; i < 3; i++) { | |
302 | const char *testtype = (i == 0) ? input_type | |
303 | : ((i == 1) ? NULL : badtype); | |
304 | ||
6511f686 | 305 | if (!TEST_FL_ptr(dctx = OSSL_DECODER_CTX_new_for_pkey(&testpkey, |
fe75766c | 306 | testtype, |
ff1c10d9 | 307 | structure_type, |
fe75766c TM |
308 | keytype, |
309 | selection, | |
169eca60 | 310 | testctx, testpropq)) |
b565a17d MC |
311 | || (pass != NULL |
312 | && !OSSL_DECODER_CTX_set_passphrase(dctx, upass, strlen(pass))) | |
6511f686 | 313 | || !TEST_FL_int_gt(BIO_reset(encoded_bio), 0) |
b565a17d | 314 | /* We expect to fail when using a bad input type */ |
6511f686 | 315 | || !TEST_FL_int_eq(OSSL_DECODER_from_bio(dctx, encoded_bio), |
b565a17d MC |
316 | (i == 2) ? 0 : 1)) |
317 | goto end; | |
318 | OSSL_DECODER_CTX_free(dctx); | |
319 | dctx = NULL; | |
320 | ||
321 | if (i == 0) { | |
322 | pkey = testpkey; | |
323 | testpkey = NULL; | |
324 | } else if (i == 1) { | |
325 | if (selection == OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) { | |
6511f686 | 326 | if (!TEST_FL_int_eq(EVP_PKEY_parameters_eq(pkey, testpkey), 1)) |
b565a17d MC |
327 | goto end; |
328 | } else { | |
6511f686 | 329 | if (!TEST_FL_int_eq(EVP_PKEY_eq(pkey, testpkey), 1)) |
b565a17d MC |
330 | goto end; |
331 | } | |
332 | } | |
333 | } | |
5a23d78c RL |
334 | ok = 1; |
335 | *object = pkey; | |
b565a17d MC |
336 | pkey = NULL; |
337 | ||
5a23d78c | 338 | end: |
b565a17d MC |
339 | EVP_PKEY_free(pkey); |
340 | EVP_PKEY_free(testpkey); | |
341 | BIO_free(encoded_bio); | |
ece9304c | 342 | OSSL_DECODER_CTX_free(dctx); |
5a23d78c RL |
343 | return ok; |
344 | } | |
345 | ||
6511f686 JS |
346 | static int encode_EVP_PKEY_legacy_PEM(const char *file, const int line, |
347 | void **encoded, long *encoded_len, | |
973a52ce RL |
348 | void *object, ossl_unused int selection, |
349 | ossl_unused const char *output_type, | |
350 | ossl_unused const char *output_structure, | |
ae12eac0 | 351 | const char *pass, const char *pcipher) |
e2ac846e RL |
352 | { |
353 | EVP_PKEY *pkey = object; | |
354 | EVP_CIPHER *cipher = NULL; | |
355 | BIO *mem_ser = NULL; | |
356 | BUF_MEM *mem_buf = NULL; | |
357 | const unsigned char *upass = (const unsigned char *)pass; | |
358 | size_t passlen = 0; | |
359 | int ok = 0; | |
360 | ||
361 | if (pcipher != NULL && pass != NULL) { | |
362 | passlen = strlen(pass); | |
169eca60 | 363 | if (!TEST_FL_ptr(cipher = EVP_CIPHER_fetch(testctx, pcipher, testpropq))) |
e2ac846e RL |
364 | goto end; |
365 | } | |
6511f686 JS |
366 | if (!TEST_FL_ptr(mem_ser = BIO_new(BIO_s_mem())) |
367 | || !TEST_FL_true(PEM_write_bio_PrivateKey_traditional(mem_ser, pkey, | |
e2ac846e RL |
368 | cipher, |
369 | upass, passlen, | |
370 | NULL, NULL)) | |
6511f686 JS |
371 | || !TEST_FL_true(BIO_get_mem_ptr(mem_ser, &mem_buf) > 0) |
372 | || !TEST_FL_ptr(*encoded = mem_buf->data) | |
373 | || !TEST_FL_long_gt(*encoded_len = mem_buf->length, 0)) | |
e2ac846e RL |
374 | goto end; |
375 | ||
ece9304c | 376 | /* Detach the encoded output */ |
e2ac846e RL |
377 | mem_buf->data = NULL; |
378 | mem_buf->length = 0; | |
379 | ok = 1; | |
380 | end: | |
381 | BIO_free(mem_ser); | |
382 | EVP_CIPHER_free(cipher); | |
383 | return ok; | |
384 | } | |
385 | ||
6511f686 JS |
386 | static int encode_EVP_PKEY_MSBLOB(const char *file, const int line, |
387 | void **encoded, long *encoded_len, | |
973a52ce | 388 | void *object, int selection, |
ae12eac0 | 389 | ossl_unused const char *output_type, |
973a52ce | 390 | ossl_unused const char *output_structure, |
1251cddf | 391 | ossl_unused const char *pass, |
ae12eac0 | 392 | ossl_unused const char *pcipher) |
a7922e20 RL |
393 | { |
394 | EVP_PKEY *pkey = object; | |
395 | BIO *mem_ser = NULL; | |
396 | BUF_MEM *mem_buf = NULL; | |
397 | int ok = 0; | |
398 | ||
6511f686 | 399 | if (!TEST_FL_ptr(mem_ser = BIO_new(BIO_s_mem()))) |
a7922e20 RL |
400 | goto end; |
401 | ||
973a52ce | 402 | if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) { |
6511f686 | 403 | if (!TEST_FL_int_ge(i2b_PrivateKey_bio(mem_ser, pkey), 0)) |
973a52ce RL |
404 | goto end; |
405 | } else { | |
6511f686 | 406 | if (!TEST_FL_int_ge(i2b_PublicKey_bio(mem_ser, pkey), 0)) |
973a52ce RL |
407 | goto end; |
408 | } | |
a7922e20 | 409 | |
6511f686 JS |
410 | if (!TEST_FL_true(BIO_get_mem_ptr(mem_ser, &mem_buf) > 0) |
411 | || !TEST_FL_ptr(*encoded = mem_buf->data) | |
412 | || !TEST_FL_long_gt(*encoded_len = mem_buf->length, 0)) | |
a7922e20 RL |
413 | goto end; |
414 | ||
ece9304c | 415 | /* Detach the encoded output */ |
a7922e20 RL |
416 | mem_buf->data = NULL; |
417 | mem_buf->length = 0; | |
418 | ok = 1; | |
419 | end: | |
420 | BIO_free(mem_ser); | |
421 | return ok; | |
422 | } | |
423 | ||
a7922e20 RL |
424 | static pem_password_cb pass_pw; |
425 | static int pass_pw(char *buf, int size, int rwflag, void *userdata) | |
426 | { | |
427 | OPENSSL_strlcpy(buf, userdata, size); | |
428 | return strlen(userdata); | |
429 | } | |
430 | ||
6511f686 JS |
431 | static int encode_EVP_PKEY_PVK(const char *file, const int line, |
432 | void **encoded, long *encoded_len, | |
973a52ce | 433 | void *object, int selection, |
ae12eac0 | 434 | ossl_unused const char *output_type, |
973a52ce | 435 | ossl_unused const char *output_structure, |
1251cddf | 436 | const char *pass, |
ae12eac0 | 437 | ossl_unused const char *pcipher) |
a7922e20 RL |
438 | { |
439 | EVP_PKEY *pkey = object; | |
440 | BIO *mem_ser = NULL; | |
441 | BUF_MEM *mem_buf = NULL; | |
442 | int enc = (pass != NULL); | |
443 | int ok = 0; | |
444 | ||
6511f686 | 445 | if (!TEST_FL_true(ossl_assert((selection |
973a52ce | 446 | & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0)) |
6511f686 | 447 | || !TEST_FL_ptr(mem_ser = BIO_new(BIO_s_mem())) |
169eca60 JS |
448 | || !TEST_FL_int_ge(i2b_PVK_bio_ex(mem_ser, pkey, enc, |
449 | pass_pw, (void *)pass, testctx, testpropq), 0) | |
6511f686 JS |
450 | || !TEST_FL_true(BIO_get_mem_ptr(mem_ser, &mem_buf) > 0) |
451 | || !TEST_FL_ptr(*encoded = mem_buf->data) | |
452 | || !TEST_FL_long_gt(*encoded_len = mem_buf->length, 0)) | |
a7922e20 RL |
453 | goto end; |
454 | ||
ece9304c | 455 | /* Detach the encoded output */ |
a7922e20 RL |
456 | mem_buf->data = NULL; |
457 | mem_buf->length = 0; | |
458 | ok = 1; | |
459 | end: | |
460 | BIO_free(mem_ser); | |
461 | return ok; | |
462 | } | |
a7922e20 | 463 | |
6511f686 JS |
464 | static int test_text(const char *file, const int line, |
465 | const void *data1, size_t data1_len, | |
319d0b2b RL |
466 | const void *data2, size_t data2_len) |
467 | { | |
6511f686 | 468 | return TEST_FL_strn2_eq(data1, data1_len, data2, data2_len); |
319d0b2b RL |
469 | } |
470 | ||
6511f686 JS |
471 | static int test_mem(const char *file, const int line, |
472 | const void *data1, size_t data1_len, | |
319d0b2b RL |
473 | const void *data2, size_t data2_len) |
474 | { | |
6511f686 | 475 | return TEST_FL_mem_eq(data1, data1_len, data2, data2_len); |
319d0b2b RL |
476 | } |
477 | ||
5a23d78c RL |
478 | /* Test cases and their dumpers / checkers */ |
479 | ||
ae12eac0 RL |
480 | static void collect_name(const char *name, void *arg) |
481 | { | |
482 | char **namelist = arg; | |
483 | char *new_namelist; | |
484 | size_t space; | |
485 | ||
486 | space = strlen(name); | |
487 | if (*namelist != NULL) | |
488 | space += strlen(*namelist) + 2 /* for comma and space */; | |
489 | space++; /* for terminating null byte */ | |
490 | ||
491 | new_namelist = OPENSSL_realloc(*namelist, space); | |
492 | if (new_namelist == NULL) | |
493 | return; | |
494 | if (*namelist != NULL) { | |
495 | strcat(new_namelist, ", "); | |
496 | strcat(new_namelist, name); | |
497 | } else { | |
498 | strcpy(new_namelist, name); | |
499 | } | |
500 | *namelist = new_namelist; | |
501 | } | |
502 | ||
5a23d78c RL |
503 | static void dump_der(const char *label, const void *data, size_t data_len) |
504 | { | |
505 | test_output_memory(label, data, data_len); | |
506 | } | |
507 | ||
508 | static void dump_pem(const char *label, const void *data, size_t data_len) | |
509 | { | |
510 | test_output_string(label, data, data_len - 1); | |
511 | } | |
512 | ||
6511f686 JS |
513 | static int check_unprotected_PKCS8_DER(const char *file, const int line, |
514 | const char *type, | |
3ecbea6a | 515 | const void *data, size_t data_len) |
5a23d78c RL |
516 | { |
517 | const unsigned char *datap = data; | |
518 | PKCS8_PRIV_KEY_INFO *p8inf = | |
519 | d2i_PKCS8_PRIV_KEY_INFO(NULL, &datap, data_len); | |
520 | int ok = 0; | |
521 | ||
6511f686 | 522 | if (TEST_FL_ptr(p8inf)) { |
169eca60 | 523 | EVP_PKEY *pkey = EVP_PKCS82PKEY_ex(p8inf, testctx, testpropq); |
ae12eac0 RL |
524 | char *namelist = NULL; |
525 | ||
6511f686 JS |
526 | if (TEST_FL_ptr(pkey)) { |
527 | if (!(ok = TEST_FL_true(EVP_PKEY_is_a(pkey, type)))) { | |
ddf0d149 | 528 | EVP_PKEY_type_names_do_all(pkey, collect_name, &namelist); |
ae12eac0 RL |
529 | if (namelist != NULL) |
530 | TEST_note("%s isn't any of %s", type, namelist); | |
531 | OPENSSL_free(namelist); | |
532 | } | |
4f0831b8 | 533 | ok = ok && TEST_FL_true(evp_pkey_is_provided(pkey)); |
ae12eac0 RL |
534 | EVP_PKEY_free(pkey); |
535 | } | |
5a23d78c RL |
536 | } |
537 | PKCS8_PRIV_KEY_INFO_free(p8inf); | |
538 | return ok; | |
539 | } | |
540 | ||
e8a41459 | 541 | static int test_unprotected_via_DER(const char *type, EVP_PKEY *key, int fips) |
846f96f8 | 542 | { |
6511f686 | 543 | return test_encode_decode(__FILE__, __LINE__, type, key, |
973a52ce | 544 | OSSL_KEYMGMT_SELECT_KEYPAIR |
169eca60 | 545 | | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS, |
6a2b8ff3 | 546 | "DER", "PrivateKeyInfo", NULL, NULL, |
1251cddf | 547 | encode_EVP_PKEY_prov, decode_EVP_PKEY_prov, |
ae12eac0 | 548 | test_mem, check_unprotected_PKCS8_DER, |
e8a41459 | 549 | dump_der, fips ? 0 : FLAG_FAIL_IF_FIPS); |
846f96f8 RL |
550 | } |
551 | ||
6511f686 JS |
552 | static int check_unprotected_PKCS8_PEM(const char *file, const int line, |
553 | const char *type, | |
3ecbea6a | 554 | const void *data, size_t data_len) |
5a23d78c | 555 | { |
ae12eac0 RL |
556 | static const char expected_pem_header[] = |
557 | "-----BEGIN " PEM_STRING_PKCS8INF "-----"; | |
5a23d78c | 558 | |
6511f686 | 559 | return TEST_FL_strn_eq(data, expected_pem_header, |
ae12eac0 | 560 | sizeof(expected_pem_header) - 1); |
5a23d78c RL |
561 | } |
562 | ||
e8a41459 | 563 | static int test_unprotected_via_PEM(const char *type, EVP_PKEY *key, int fips) |
5a23d78c | 564 | { |
169eca60 JS |
565 | return test_encode_decode(__FILE__, __LINE__, type, key, |
566 | OSSL_KEYMGMT_SELECT_KEYPAIR | |
567 | | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS, | |
6a2b8ff3 | 568 | "PEM", "PrivateKeyInfo", NULL, NULL, |
1251cddf | 569 | encode_EVP_PKEY_prov, decode_EVP_PKEY_prov, |
ae12eac0 | 570 | test_text, check_unprotected_PKCS8_PEM, |
e8a41459 | 571 | dump_pem, fips ? 0 : FLAG_FAIL_IF_FIPS); |
b565a17d MC |
572 | } |
573 | ||
a2e145f8 | 574 | #ifndef OPENSSL_NO_KEYPARAMS |
6511f686 JS |
575 | static int check_params_DER(const char *file, const int line, |
576 | const char *type, const void *data, size_t data_len) | |
b565a17d MC |
577 | { |
578 | const unsigned char *datap = data; | |
579 | int ok = 0; | |
580 | int itype = NID_undef; | |
581 | EVP_PKEY *pkey = NULL; | |
582 | ||
583 | if (strcmp(type, "DH") == 0) | |
584 | itype = EVP_PKEY_DH; | |
585 | else if (strcmp(type, "X9.42 DH") == 0) | |
586 | itype = EVP_PKEY_DHX; | |
587 | else if (strcmp(type, "DSA") == 0) | |
588 | itype = EVP_PKEY_DSA; | |
589 | else if (strcmp(type, "EC") == 0) | |
590 | itype = EVP_PKEY_EC; | |
591 | ||
592 | if (itype != NID_undef) { | |
593 | pkey = d2i_KeyParams(itype, NULL, &datap, data_len); | |
594 | ok = (pkey != NULL); | |
595 | EVP_PKEY_free(pkey); | |
596 | } | |
597 | ||
598 | return ok; | |
599 | } | |
600 | ||
6511f686 JS |
601 | static int check_params_PEM(const char *file, const int line, |
602 | const char *type, | |
603 | const void *data, size_t data_len) | |
b565a17d MC |
604 | { |
605 | static char expected_pem_header[80]; | |
606 | ||
607 | return | |
6511f686 | 608 | TEST_FL_int_gt(BIO_snprintf(expected_pem_header, |
b565a17d MC |
609 | sizeof(expected_pem_header), |
610 | "-----BEGIN %s PARAMETERS-----", type), 0) | |
6511f686 | 611 | && TEST_FL_strn_eq(data, expected_pem_header, strlen(expected_pem_header)); |
b565a17d MC |
612 | } |
613 | ||
614 | static int test_params_via_DER(const char *type, EVP_PKEY *key) | |
615 | { | |
6511f686 | 616 | return test_encode_decode(__FILE__, __LINE__, type, key, OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS, |
973a52ce | 617 | "DER", "type-specific", NULL, NULL, |
b565a17d MC |
618 | encode_EVP_PKEY_prov, decode_EVP_PKEY_prov, |
619 | test_mem, check_params_DER, | |
620 | dump_der, FLAG_DECODE_WITH_TYPE); | |
621 | } | |
622 | ||
623 | static int test_params_via_PEM(const char *type, EVP_PKEY *key) | |
624 | { | |
6511f686 | 625 | return test_encode_decode(__FILE__, __LINE__, type, key, OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS, |
973a52ce | 626 | "PEM", "type-specific", NULL, NULL, |
b565a17d MC |
627 | encode_EVP_PKEY_prov, decode_EVP_PKEY_prov, |
628 | test_text, check_params_PEM, | |
629 | dump_pem, 0); | |
e2ac846e | 630 | } |
a2e145f8 | 631 | #endif /* !OPENSSL_NO_KEYPARAMS */ |
e2ac846e | 632 | |
6511f686 JS |
633 | static int check_unprotected_legacy_PEM(const char *file, const int line, |
634 | const char *type, | |
e2ac846e RL |
635 | const void *data, size_t data_len) |
636 | { | |
ae12eac0 | 637 | static char expected_pem_header[80]; |
e2ac846e | 638 | |
846f96f8 | 639 | return |
6511f686 | 640 | TEST_FL_int_gt(BIO_snprintf(expected_pem_header, |
ae12eac0 | 641 | sizeof(expected_pem_header), |
846f96f8 | 642 | "-----BEGIN %s PRIVATE KEY-----", type), 0) |
6511f686 | 643 | && TEST_FL_strn_eq(data, expected_pem_header, strlen(expected_pem_header)); |
e2ac846e RL |
644 | } |
645 | ||
7c664b1f | 646 | static int test_unprotected_via_legacy_PEM(const char *type, EVP_PKEY *key) |
846f96f8 | 647 | { |
169eca60 JS |
648 | if (!default_libctx || is_fips) |
649 | return TEST_skip("Test not available if using a non-default library context or FIPS provider"); | |
650 | ||
6511f686 | 651 | return test_encode_decode(__FILE__, __LINE__, type, key, |
973a52ce | 652 | OSSL_KEYMGMT_SELECT_KEYPAIR |
ae12eac0 | 653 | | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS, |
973a52ce | 654 | "PEM", "type-specific", NULL, NULL, |
1251cddf | 655 | encode_EVP_PKEY_legacy_PEM, decode_EVP_PKEY_prov, |
ae12eac0 | 656 | test_text, check_unprotected_legacy_PEM, |
b565a17d | 657 | dump_pem, 0); |
3ecbea6a RL |
658 | } |
659 | ||
6511f686 JS |
660 | static int check_MSBLOB(const char *file, const int line, |
661 | const char *type, const void *data, size_t data_len) | |
a7922e20 RL |
662 | { |
663 | const unsigned char *datap = data; | |
664 | EVP_PKEY *pkey = b2i_PrivateKey(&datap, data_len); | |
6511f686 | 665 | int ok = TEST_FL_ptr(pkey); |
a7922e20 RL |
666 | |
667 | EVP_PKEY_free(pkey); | |
668 | return ok; | |
669 | } | |
670 | ||
671 | static int test_unprotected_via_MSBLOB(const char *type, EVP_PKEY *key) | |
672 | { | |
6511f686 | 673 | return test_encode_decode(__FILE__, __LINE__, type, key, |
973a52ce | 674 | OSSL_KEYMGMT_SELECT_KEYPAIR |
ae12eac0 | 675 | | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS, |
973a52ce | 676 | "MSBLOB", NULL, NULL, NULL, |
1251cddf | 677 | encode_EVP_PKEY_MSBLOB, decode_EVP_PKEY_prov, |
ae12eac0 | 678 | test_mem, check_MSBLOB, |
b565a17d | 679 | dump_der, 0); |
a7922e20 RL |
680 | } |
681 | ||
6511f686 JS |
682 | static int check_PVK(const char *file, const int line, |
683 | const char *type, const void *data, size_t data_len) | |
a7922e20 RL |
684 | { |
685 | const unsigned char *in = data; | |
686 | unsigned int saltlen = 0, keylen = 0; | |
687 | int ok = ossl_do_PVK_header(&in, data_len, 0, &saltlen, &keylen); | |
688 | ||
689 | return ok; | |
690 | } | |
691 | ||
692 | static int test_unprotected_via_PVK(const char *type, EVP_PKEY *key) | |
693 | { | |
6511f686 | 694 | return test_encode_decode(__FILE__, __LINE__, type, key, |
973a52ce | 695 | OSSL_KEYMGMT_SELECT_KEYPAIR |
ae12eac0 | 696 | | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS, |
973a52ce | 697 | "PVK", NULL, NULL, NULL, |
1251cddf | 698 | encode_EVP_PKEY_PVK, decode_EVP_PKEY_prov, |
ae12eac0 | 699 | test_mem, check_PVK, |
b565a17d | 700 | dump_der, 0); |
a7922e20 | 701 | } |
a7922e20 | 702 | |
3ecbea6a RL |
703 | static const char *pass_cipher = "AES-256-CBC"; |
704 | static const char *pass = "the holy handgrenade of antioch"; | |
705 | ||
6511f686 JS |
706 | static int check_protected_PKCS8_DER(const char *file, const int line, |
707 | const char *type, | |
3ecbea6a RL |
708 | const void *data, size_t data_len) |
709 | { | |
710 | const unsigned char *datap = data; | |
711 | X509_SIG *p8 = d2i_X509_SIG(NULL, &datap, data_len); | |
6511f686 | 712 | int ok = TEST_FL_ptr(p8); |
3ecbea6a RL |
713 | |
714 | X509_SIG_free(p8); | |
715 | return ok; | |
716 | } | |
717 | ||
e8a41459 | 718 | static int test_protected_via_DER(const char *type, EVP_PKEY *key, int fips) |
846f96f8 | 719 | { |
6511f686 | 720 | return test_encode_decode(__FILE__, __LINE__, type, key, |
973a52ce | 721 | OSSL_KEYMGMT_SELECT_KEYPAIR |
ae12eac0 | 722 | | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS, |
602bfb8b | 723 | "DER", "EncryptedPrivateKeyInfo", |
6a2b8ff3 | 724 | pass, pass_cipher, |
1251cddf | 725 | encode_EVP_PKEY_prov, decode_EVP_PKEY_prov, |
ae12eac0 | 726 | test_mem, check_protected_PKCS8_DER, |
e8a41459 | 727 | dump_der, fips ? 0 : FLAG_FAIL_IF_FIPS); |
3ecbea6a RL |
728 | } |
729 | ||
6511f686 JS |
730 | static int check_protected_PKCS8_PEM(const char *file, const int line, |
731 | const char *type, | |
3ecbea6a RL |
732 | const void *data, size_t data_len) |
733 | { | |
ae12eac0 RL |
734 | static const char expected_pem_header[] = |
735 | "-----BEGIN " PEM_STRING_PKCS8 "-----"; | |
3ecbea6a | 736 | |
6511f686 | 737 | return TEST_FL_strn_eq(data, expected_pem_header, |
ae12eac0 | 738 | sizeof(expected_pem_header) - 1); |
3ecbea6a RL |
739 | } |
740 | ||
e8a41459 | 741 | static int test_protected_via_PEM(const char *type, EVP_PKEY *key, int fips) |
3ecbea6a | 742 | { |
6511f686 | 743 | return test_encode_decode(__FILE__, __LINE__, type, key, |
973a52ce | 744 | OSSL_KEYMGMT_SELECT_KEYPAIR |
ae12eac0 | 745 | | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS, |
602bfb8b | 746 | "PEM", "EncryptedPrivateKeyInfo", |
6a2b8ff3 | 747 | pass, pass_cipher, |
1251cddf | 748 | encode_EVP_PKEY_prov, decode_EVP_PKEY_prov, |
ae12eac0 | 749 | test_text, check_protected_PKCS8_PEM, |
e8a41459 | 750 | dump_pem, fips ? 0 : FLAG_FAIL_IF_FIPS); |
e2ac846e RL |
751 | } |
752 | ||
6511f686 JS |
753 | static int check_protected_legacy_PEM(const char *file, const int line, |
754 | const char *type, | |
e2ac846e RL |
755 | const void *data, size_t data_len) |
756 | { | |
ae12eac0 | 757 | static char expected_pem_header[80]; |
e2ac846e RL |
758 | |
759 | return | |
6511f686 | 760 | TEST_FL_int_gt(BIO_snprintf(expected_pem_header, |
ae12eac0 | 761 | sizeof(expected_pem_header), |
846f96f8 | 762 | "-----BEGIN %s PRIVATE KEY-----", type), 0) |
6511f686 JS |
763 | && TEST_FL_strn_eq(data, expected_pem_header, strlen(expected_pem_header)) |
764 | && TEST_FL_ptr(strstr(data, "\nDEK-Info: ")); | |
e2ac846e RL |
765 | } |
766 | ||
7c664b1f | 767 | static int test_protected_via_legacy_PEM(const char *type, EVP_PKEY *key) |
e2ac846e | 768 | { |
169eca60 JS |
769 | if (!default_libctx || is_fips) |
770 | return TEST_skip("Test not available if using a non-default library context or FIPS provider"); | |
771 | ||
6511f686 | 772 | return test_encode_decode(__FILE__, __LINE__, type, key, |
973a52ce | 773 | OSSL_KEYMGMT_SELECT_KEYPAIR |
ae12eac0 | 774 | | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS, |
973a52ce | 775 | "PEM", "type-specific", pass, pass_cipher, |
1251cddf | 776 | encode_EVP_PKEY_legacy_PEM, decode_EVP_PKEY_prov, |
ae12eac0 | 777 | test_text, check_protected_legacy_PEM, |
b565a17d | 778 | dump_pem, 0); |
846f96f8 RL |
779 | } |
780 | ||
2e1bc081 | 781 | #ifndef OPENSSL_NO_RC4 |
a7922e20 RL |
782 | static int test_protected_via_PVK(const char *type, EVP_PKEY *key) |
783 | { | |
169eca60 JS |
784 | int ret = 0; |
785 | OSSL_PROVIDER *lgcyprov = OSSL_PROVIDER_load(testctx, "legacy"); | |
786 | if (lgcyprov == NULL) | |
787 | return TEST_skip("Legacy provider not available"); | |
788 | ||
789 | ret = test_encode_decode(__FILE__, __LINE__, type, key, | |
973a52ce | 790 | OSSL_KEYMGMT_SELECT_KEYPAIR |
ae12eac0 | 791 | | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS, |
973a52ce | 792 | "PVK", NULL, pass, NULL, |
1251cddf | 793 | encode_EVP_PKEY_PVK, decode_EVP_PKEY_prov, |
b565a17d | 794 | test_mem, check_PVK, dump_der, 0); |
169eca60 JS |
795 | OSSL_PROVIDER_unload(lgcyprov); |
796 | return ret; | |
a7922e20 RL |
797 | } |
798 | #endif | |
799 | ||
6511f686 JS |
800 | static int check_public_DER(const char *file, const int line, |
801 | const char *type, const void *data, size_t data_len) | |
3ff8159a RL |
802 | { |
803 | const unsigned char *datap = data; | |
169eca60 | 804 | EVP_PKEY *pkey = d2i_PUBKEY_ex(NULL, &datap, data_len, testctx, testpropq); |
6511f686 | 805 | int ok = (TEST_FL_ptr(pkey) && TEST_FL_true(EVP_PKEY_is_a(pkey, type))); |
3ff8159a RL |
806 | |
807 | EVP_PKEY_free(pkey); | |
808 | return ok; | |
809 | } | |
810 | ||
e8a41459 | 811 | static int test_public_via_DER(const char *type, EVP_PKEY *key, int fips) |
3ff8159a | 812 | { |
6511f686 | 813 | return test_encode_decode(__FILE__, __LINE__, type, key, |
973a52ce | 814 | OSSL_KEYMGMT_SELECT_PUBLIC_KEY |
169eca60 | 815 | | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS, |
973a52ce | 816 | "DER", "SubjectPublicKeyInfo", NULL, NULL, |
1251cddf | 817 | encode_EVP_PKEY_prov, decode_EVP_PKEY_prov, |
e8a41459 TM |
818 | test_mem, check_public_DER, dump_der, |
819 | fips ? 0 : FLAG_FAIL_IF_FIPS); | |
3ff8159a RL |
820 | } |
821 | ||
6511f686 JS |
822 | static int check_public_PEM(const char *file, const int line, |
823 | const char *type, const void *data, size_t data_len) | |
3ff8159a | 824 | { |
ae12eac0 RL |
825 | static const char expected_pem_header[] = |
826 | "-----BEGIN " PEM_STRING_PUBLIC "-----"; | |
3ff8159a RL |
827 | |
828 | return | |
6511f686 | 829 | TEST_FL_strn_eq(data, expected_pem_header, |
ae12eac0 | 830 | sizeof(expected_pem_header) - 1); |
3ff8159a RL |
831 | } |
832 | ||
e8a41459 | 833 | static int test_public_via_PEM(const char *type, EVP_PKEY *key, int fips) |
3ff8159a | 834 | { |
6511f686 | 835 | return test_encode_decode(__FILE__, __LINE__, type, key, |
973a52ce | 836 | OSSL_KEYMGMT_SELECT_PUBLIC_KEY |
169eca60 | 837 | | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS, |
973a52ce | 838 | "PEM", "SubjectPublicKeyInfo", NULL, NULL, |
1251cddf | 839 | encode_EVP_PKEY_prov, decode_EVP_PKEY_prov, |
e8a41459 TM |
840 | test_text, check_public_PEM, dump_pem, |
841 | fips ? 0 : FLAG_FAIL_IF_FIPS); | |
3ff8159a RL |
842 | } |
843 | ||
6511f686 JS |
844 | static int check_public_MSBLOB(const char *file, const int line, |
845 | const char *type, | |
a7922e20 RL |
846 | const void *data, size_t data_len) |
847 | { | |
848 | const unsigned char *datap = data; | |
849 | EVP_PKEY *pkey = b2i_PublicKey(&datap, data_len); | |
6511f686 | 850 | int ok = TEST_FL_ptr(pkey); |
a7922e20 RL |
851 | |
852 | EVP_PKEY_free(pkey); | |
853 | return ok; | |
854 | } | |
855 | ||
856 | static int test_public_via_MSBLOB(const char *type, EVP_PKEY *key) | |
857 | { | |
6511f686 | 858 | return test_encode_decode(__FILE__, __LINE__, type, key, OSSL_KEYMGMT_SELECT_PUBLIC_KEY |
ae12eac0 | 859 | | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS, |
973a52ce RL |
860 | "MSBLOB", NULL, NULL, NULL, |
861 | encode_EVP_PKEY_MSBLOB, decode_EVP_PKEY_prov, | |
b565a17d | 862 | test_mem, check_public_MSBLOB, dump_der, 0); |
a7922e20 | 863 | } |
a7922e20 | 864 | |
7c664b1f | 865 | #define KEYS(KEYTYPE) \ |
1251cddf | 866 | static EVP_PKEY *key_##KEYTYPE = NULL |
7c664b1f RL |
867 | #define MAKE_KEYS(KEYTYPE, KEYTYPEstr, params) \ |
868 | ok = ok \ | |
1251cddf | 869 | && TEST_ptr(key_##KEYTYPE = make_key(KEYTYPEstr, NULL, params)) |
7c664b1f RL |
870 | #define FREE_KEYS(KEYTYPE) \ |
871 | EVP_PKEY_free(key_##KEYTYPE); \ | |
7c664b1f RL |
872 | |
873 | #define DOMAIN_KEYS(KEYTYPE) \ | |
874 | static EVP_PKEY *template_##KEYTYPE = NULL; \ | |
1251cddf | 875 | static EVP_PKEY *key_##KEYTYPE = NULL |
7c664b1f RL |
876 | #define MAKE_DOMAIN_KEYS(KEYTYPE, KEYTYPEstr, params) \ |
877 | ok = ok \ | |
878 | && TEST_ptr(template_##KEYTYPE = \ | |
879 | make_template(KEYTYPEstr, params)) \ | |
880 | && TEST_ptr(key_##KEYTYPE = \ | |
1251cddf | 881 | make_key(KEYTYPEstr, template_##KEYTYPE, NULL)) |
7c664b1f RL |
882 | #define FREE_DOMAIN_KEYS(KEYTYPE) \ |
883 | EVP_PKEY_free(template_##KEYTYPE); \ | |
1251cddf | 884 | EVP_PKEY_free(key_##KEYTYPE) |
7c664b1f | 885 | |
e8a41459 | 886 | #define IMPLEMENT_TEST_SUITE(KEYTYPE, KEYTYPEstr, fips) \ |
7c664b1f RL |
887 | static int test_unprotected_##KEYTYPE##_via_DER(void) \ |
888 | { \ | |
e8a41459 | 889 | return test_unprotected_via_DER(KEYTYPEstr, key_##KEYTYPE, fips); \ |
7c664b1f RL |
890 | } \ |
891 | static int test_unprotected_##KEYTYPE##_via_PEM(void) \ | |
892 | { \ | |
e8a41459 | 893 | return test_unprotected_via_PEM(KEYTYPEstr, key_##KEYTYPE, fips); \ |
7c664b1f | 894 | } \ |
7c664b1f RL |
895 | static int test_protected_##KEYTYPE##_via_DER(void) \ |
896 | { \ | |
e8a41459 | 897 | return test_protected_via_DER(KEYTYPEstr, key_##KEYTYPE, fips); \ |
7c664b1f RL |
898 | } \ |
899 | static int test_protected_##KEYTYPE##_via_PEM(void) \ | |
900 | { \ | |
e8a41459 | 901 | return test_protected_via_PEM(KEYTYPEstr, key_##KEYTYPE, fips); \ |
7c664b1f | 902 | } \ |
7c664b1f RL |
903 | static int test_public_##KEYTYPE##_via_DER(void) \ |
904 | { \ | |
e8a41459 | 905 | return test_public_via_DER(KEYTYPEstr, key_##KEYTYPE, fips); \ |
7c664b1f RL |
906 | } \ |
907 | static int test_public_##KEYTYPE##_via_PEM(void) \ | |
908 | { \ | |
e8a41459 | 909 | return test_public_via_PEM(KEYTYPEstr, key_##KEYTYPE, fips); \ |
7c664b1f RL |
910 | } |
911 | ||
912 | #define ADD_TEST_SUITE(KEYTYPE) \ | |
913 | ADD_TEST(test_unprotected_##KEYTYPE##_via_DER); \ | |
914 | ADD_TEST(test_unprotected_##KEYTYPE##_via_PEM); \ | |
7c664b1f RL |
915 | ADD_TEST(test_protected_##KEYTYPE##_via_DER); \ |
916 | ADD_TEST(test_protected_##KEYTYPE##_via_PEM); \ | |
7c664b1f RL |
917 | ADD_TEST(test_public_##KEYTYPE##_via_DER); \ |
918 | ADD_TEST(test_public_##KEYTYPE##_via_PEM) | |
919 | ||
b565a17d MC |
920 | #define IMPLEMENT_TEST_SUITE_PARAMS(KEYTYPE, KEYTYPEstr) \ |
921 | static int test_params_##KEYTYPE##_via_DER(void) \ | |
922 | { \ | |
923 | return test_params_via_DER(KEYTYPEstr, key_##KEYTYPE); \ | |
924 | } \ | |
925 | static int test_params_##KEYTYPE##_via_PEM(void) \ | |
926 | { \ | |
927 | return test_params_via_PEM(KEYTYPEstr, key_##KEYTYPE); \ | |
928 | } | |
929 | ||
930 | #define ADD_TEST_SUITE_PARAMS(KEYTYPE) \ | |
931 | ADD_TEST(test_params_##KEYTYPE##_via_DER); \ | |
932 | ADD_TEST(test_params_##KEYTYPE##_via_PEM) | |
933 | ||
bddfea02 RL |
934 | #define IMPLEMENT_TEST_SUITE_LEGACY(KEYTYPE, KEYTYPEstr) \ |
935 | static int test_unprotected_##KEYTYPE##_via_legacy_PEM(void) \ | |
936 | { \ | |
1251cddf RL |
937 | return \ |
938 | test_unprotected_via_legacy_PEM(KEYTYPEstr, key_##KEYTYPE); \ | |
bddfea02 RL |
939 | } \ |
940 | static int test_protected_##KEYTYPE##_via_legacy_PEM(void) \ | |
941 | { \ | |
1251cddf RL |
942 | return \ |
943 | test_protected_via_legacy_PEM(KEYTYPEstr, key_##KEYTYPE); \ | |
bddfea02 RL |
944 | } |
945 | ||
2e1bc081 RL |
946 | #define ADD_TEST_SUITE_LEGACY(KEYTYPE) \ |
947 | ADD_TEST(test_unprotected_##KEYTYPE##_via_legacy_PEM); \ | |
bddfea02 RL |
948 | ADD_TEST(test_protected_##KEYTYPE##_via_legacy_PEM) |
949 | ||
2e1bc081 | 950 | #define IMPLEMENT_TEST_SUITE_MSBLOB(KEYTYPE, KEYTYPEstr) \ |
a7922e20 RL |
951 | static int test_unprotected_##KEYTYPE##_via_MSBLOB(void) \ |
952 | { \ | |
953 | return test_unprotected_via_MSBLOB(KEYTYPEstr, key_##KEYTYPE); \ | |
954 | } \ | |
955 | static int test_public_##KEYTYPE##_via_MSBLOB(void) \ | |
956 | { \ | |
957 | return test_public_via_MSBLOB(KEYTYPEstr, key_##KEYTYPE); \ | |
958 | } | |
959 | ||
2e1bc081 RL |
960 | #define ADD_TEST_SUITE_MSBLOB(KEYTYPE) \ |
961 | ADD_TEST(test_unprotected_##KEYTYPE##_via_MSBLOB); \ | |
a7922e20 RL |
962 | ADD_TEST(test_public_##KEYTYPE##_via_MSBLOB) |
963 | ||
5faec149 | 964 | #define IMPLEMENT_TEST_SUITE_UNPROTECTED_PVK(KEYTYPE, KEYTYPEstr) \ |
a7922e20 RL |
965 | static int test_unprotected_##KEYTYPE##_via_PVK(void) \ |
966 | { \ | |
967 | return test_unprotected_via_PVK(KEYTYPEstr, key_##KEYTYPE); \ | |
5faec149 RL |
968 | } |
969 | # define ADD_TEST_SUITE_UNPROTECTED_PVK(KEYTYPE) \ | |
970 | ADD_TEST(test_unprotected_##KEYTYPE##_via_PVK) | |
971 | #ifndef OPENSSL_NO_RC4 | |
972 | # define IMPLEMENT_TEST_SUITE_PROTECTED_PVK(KEYTYPE, KEYTYPEstr) \ | |
a7922e20 RL |
973 | static int test_protected_##KEYTYPE##_via_PVK(void) \ |
974 | { \ | |
975 | return test_protected_via_PVK(KEYTYPEstr, key_##KEYTYPE); \ | |
976 | } | |
5faec149 | 977 | # define ADD_TEST_SUITE_PROTECTED_PVK(KEYTYPE) \ |
a7922e20 | 978 | ADD_TEST(test_protected_##KEYTYPE##_via_PVK) |
a7922e20 RL |
979 | #endif |
980 | ||
7c664b1f RL |
981 | #ifndef OPENSSL_NO_DH |
982 | DOMAIN_KEYS(DH); | |
e8a41459 | 983 | IMPLEMENT_TEST_SUITE(DH, "DH", 1) |
b565a17d | 984 | IMPLEMENT_TEST_SUITE_PARAMS(DH, "DH") |
31d2daec | 985 | DOMAIN_KEYS(DHX); |
e8a41459 | 986 | IMPLEMENT_TEST_SUITE(DHX, "X9.42 DH", 1) |
b565a17d | 987 | IMPLEMENT_TEST_SUITE_PARAMS(DHX, "X9.42 DH") |
bddfea02 RL |
988 | /* |
989 | * DH has no support for PEM_write_bio_PrivateKey_traditional(), | |
990 | * so no legacy tests. | |
991 | */ | |
7c664b1f RL |
992 | #endif |
993 | #ifndef OPENSSL_NO_DSA | |
994 | DOMAIN_KEYS(DSA); | |
e8a41459 | 995 | IMPLEMENT_TEST_SUITE(DSA, "DSA", 1) |
b565a17d | 996 | IMPLEMENT_TEST_SUITE_PARAMS(DSA, "DSA") |
bddfea02 | 997 | IMPLEMENT_TEST_SUITE_LEGACY(DSA, "DSA") |
a7922e20 | 998 | IMPLEMENT_TEST_SUITE_MSBLOB(DSA, "DSA") |
5faec149 RL |
999 | IMPLEMENT_TEST_SUITE_UNPROTECTED_PVK(DSA, "DSA") |
1000 | # ifndef OPENSSL_NO_RC4 | |
1001 | IMPLEMENT_TEST_SUITE_PROTECTED_PVK(DSA, "DSA") | |
1002 | # endif | |
7c664b1f RL |
1003 | #endif |
1004 | #ifndef OPENSSL_NO_EC | |
1005 | DOMAIN_KEYS(EC); | |
e8a41459 | 1006 | IMPLEMENT_TEST_SUITE(EC, "EC", 1) |
b565a17d | 1007 | IMPLEMENT_TEST_SUITE_PARAMS(EC, "EC") |
bddfea02 | 1008 | IMPLEMENT_TEST_SUITE_LEGACY(EC, "EC") |
c0f39ded | 1009 | DOMAIN_KEYS(ECExplicitPrimeNamedCurve); |
e8a41459 | 1010 | IMPLEMENT_TEST_SUITE(ECExplicitPrimeNamedCurve, "EC", 1) |
bddfea02 | 1011 | IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitPrimeNamedCurve, "EC") |
c0f39ded | 1012 | DOMAIN_KEYS(ECExplicitPrime2G); |
e8a41459 | 1013 | IMPLEMENT_TEST_SUITE(ECExplicitPrime2G, "EC", 0) |
bddfea02 | 1014 | IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitPrime2G, "EC") |
c0f39ded SL |
1015 | # ifndef OPENSSL_NO_EC2M |
1016 | DOMAIN_KEYS(ECExplicitTriNamedCurve); | |
e8a41459 | 1017 | IMPLEMENT_TEST_SUITE(ECExplicitTriNamedCurve, "EC", 1) |
bddfea02 | 1018 | IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitTriNamedCurve, "EC") |
c0f39ded | 1019 | DOMAIN_KEYS(ECExplicitTri2G); |
e8a41459 | 1020 | IMPLEMENT_TEST_SUITE(ECExplicitTri2G, "EC", 0) |
bddfea02 | 1021 | IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitTri2G, "EC") |
c0f39ded | 1022 | # endif |
7c664b1f | 1023 | KEYS(ED25519); |
e8a41459 | 1024 | IMPLEMENT_TEST_SUITE(ED25519, "ED25519", 1) |
7c664b1f | 1025 | KEYS(ED448); |
e8a41459 | 1026 | IMPLEMENT_TEST_SUITE(ED448, "ED448", 1) |
7c664b1f | 1027 | KEYS(X25519); |
e8a41459 | 1028 | IMPLEMENT_TEST_SUITE(X25519, "X25519", 1) |
7c664b1f | 1029 | KEYS(X448); |
e8a41459 | 1030 | IMPLEMENT_TEST_SUITE(X448, "X448", 1) |
bddfea02 RL |
1031 | /* |
1032 | * ED25519, ED448, X25519 and X448 have no support for | |
1033 | * PEM_write_bio_PrivateKey_traditional(), so no legacy tests. | |
1034 | */ | |
7c664b1f RL |
1035 | #endif |
1036 | KEYS(RSA); | |
e8a41459 | 1037 | IMPLEMENT_TEST_SUITE(RSA, "RSA", 1) |
bddfea02 | 1038 | IMPLEMENT_TEST_SUITE_LEGACY(RSA, "RSA") |
7c664b1f | 1039 | KEYS(RSA_PSS); |
e8a41459 | 1040 | IMPLEMENT_TEST_SUITE(RSA_PSS, "RSA-PSS", 1) |
bddfea02 RL |
1041 | /* |
1042 | * RSA-PSS has no support for PEM_write_bio_PrivateKey_traditional(), | |
1043 | * so no legacy tests. | |
1044 | */ | |
a7922e20 | 1045 | IMPLEMENT_TEST_SUITE_MSBLOB(RSA, "RSA") |
5faec149 RL |
1046 | IMPLEMENT_TEST_SUITE_UNPROTECTED_PVK(RSA, "RSA") |
1047 | #ifndef OPENSSL_NO_RC4 | |
1048 | IMPLEMENT_TEST_SUITE_PROTECTED_PVK(RSA, "RSA") | |
1049 | #endif | |
3ff8159a | 1050 | |
c0f39ded SL |
1051 | #ifndef OPENSSL_NO_EC |
1052 | /* Explicit parameters that match a named curve */ | |
1053 | static int do_create_ec_explicit_prime_params(OSSL_PARAM_BLD *bld, | |
1054 | const unsigned char *gen, | |
1055 | size_t gen_len) | |
1056 | { | |
1057 | BIGNUM *a, *b, *prime, *order; | |
1058 | ||
1059 | /* Curve prime256v1 */ | |
1060 | static const unsigned char prime_data[] = { | |
1061 | 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, | |
1062 | 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | |
1063 | 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, | |
1064 | 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, | |
1065 | 0xff | |
1066 | }; | |
1067 | static const unsigned char a_data[] = { | |
1068 | 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, | |
1069 | 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | |
1070 | 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, | |
1071 | 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, | |
1072 | 0xfc | |
1073 | }; | |
1074 | static const unsigned char b_data[] = { | |
1075 | 0x5a, 0xc6, 0x35, 0xd8, 0xaa, 0x3a, 0x93, 0xe7, | |
1076 | 0xb3, 0xeb, 0xbd, 0x55, 0x76, 0x98, 0x86, 0xbc, | |
1077 | 0x65, 0x1d, 0x06, 0xb0, 0xcc, 0x53, 0xb0, 0xf6, | |
1078 | 0x3b, 0xce, 0x3c, 0x3e, 0x27, 0xd2, 0x60, 0x4b | |
1079 | }; | |
1080 | static const unsigned char seed[] = { | |
1081 | 0xc4, 0x9d, 0x36, 0x08, 0x86, 0xe7, 0x04, 0x93, | |
1082 | 0x6a, 0x66, 0x78, 0xe1, 0x13, 0x9d, 0x26, 0xb7, | |
1083 | 0x81, 0x9f, 0x7e, 0x90 | |
1084 | }; | |
1085 | static const unsigned char order_data[] = { | |
1086 | 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, | |
1087 | 0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, | |
1088 | 0xff, 0xbc, 0xe6, 0xfa, 0xad, 0xa7, 0x17, 0x9e, | |
1089 | 0x84, 0xf3, 0xb9, 0xca, 0xc2, 0xfc, 0x63, 0x25, 0x51 | |
1090 | }; | |
1091 | return TEST_ptr(a = BN_CTX_get(bnctx)) | |
1092 | && TEST_ptr(b = BN_CTX_get(bnctx)) | |
1093 | && TEST_ptr(prime = BN_CTX_get(bnctx)) | |
1094 | && TEST_ptr(order = BN_CTX_get(bnctx)) | |
1095 | && TEST_ptr(BN_bin2bn(prime_data, sizeof(prime_data), prime)) | |
1096 | && TEST_ptr(BN_bin2bn(a_data, sizeof(a_data), a)) | |
1097 | && TEST_ptr(BN_bin2bn(b_data, sizeof(b_data), b)) | |
1098 | && TEST_ptr(BN_bin2bn(order_data, sizeof(order_data), order)) | |
1099 | && TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld, | |
1100 | OSSL_PKEY_PARAM_EC_FIELD_TYPE, SN_X9_62_prime_field, | |
1101 | 0)) | |
1102 | && TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_P, prime)) | |
1103 | && TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_A, a)) | |
1104 | && TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_B, b)) | |
1105 | && TEST_true(OSSL_PARAM_BLD_push_BN(bld, | |
1106 | OSSL_PKEY_PARAM_EC_ORDER, order)) | |
1107 | && TEST_true(OSSL_PARAM_BLD_push_octet_string(bld, | |
1108 | OSSL_PKEY_PARAM_EC_GENERATOR, gen, gen_len)) | |
1109 | && TEST_true(OSSL_PARAM_BLD_push_octet_string(bld, | |
1110 | OSSL_PKEY_PARAM_EC_SEED, seed, sizeof(seed))) | |
1111 | && TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_COFACTOR, | |
1112 | BN_value_one())); | |
1113 | } | |
1114 | ||
1115 | static int create_ec_explicit_prime_params_namedcurve(OSSL_PARAM_BLD *bld) | |
1116 | { | |
1117 | static const unsigned char prime256v1_gen[] = { | |
1118 | 0x04, | |
1119 | 0x6b, 0x17, 0xd1, 0xf2, 0xe1, 0x2c, 0x42, 0x47, | |
1120 | 0xf8, 0xbc, 0xe6, 0xe5, 0x63, 0xa4, 0x40, 0xf2, | |
1121 | 0x77, 0x03, 0x7d, 0x81, 0x2d, 0xeb, 0x33, 0xa0, | |
1122 | 0xf4, 0xa1, 0x39, 0x45, 0xd8, 0x98, 0xc2, 0x96, | |
1123 | 0x4f, 0xe3, 0x42, 0xe2, 0xfe, 0x1a, 0x7f, 0x9b, | |
1124 | 0x8e, 0xe7, 0xeb, 0x4a, 0x7c, 0x0f, 0x9e, 0x16, | |
1125 | 0x2b, 0xce, 0x33, 0x57, 0x6b, 0x31, 0x5e, 0xce, | |
1126 | 0xcb, 0xb6, 0x40, 0x68, 0x37, 0xbf, 0x51, 0xf5 | |
1127 | }; | |
1128 | return do_create_ec_explicit_prime_params(bld, prime256v1_gen, | |
1129 | sizeof(prime256v1_gen)); | |
1130 | } | |
1131 | ||
1132 | static int create_ec_explicit_prime_params(OSSL_PARAM_BLD *bld) | |
1133 | { | |
1134 | /* 2G */ | |
1135 | static const unsigned char prime256v1_gen2[] = { | |
1136 | 0x04, | |
1137 | 0xe4, 0x97, 0x08, 0xbe, 0x7d, 0xfa, 0xa2, 0x9a, | |
1138 | 0xa3, 0x12, 0x6f, 0xe4, 0xe7, 0xd0, 0x25, 0xe3, | |
1139 | 0x4a, 0xc1, 0x03, 0x15, 0x8c, 0xd9, 0x33, 0xc6, | |
1140 | 0x97, 0x42, 0xf5, 0xdc, 0x97, 0xb9, 0xd7, 0x31, | |
1141 | 0xe9, 0x7d, 0x74, 0x3d, 0x67, 0x6a, 0x3b, 0x21, | |
1142 | 0x08, 0x9c, 0x31, 0x73, 0xf8, 0xc1, 0x27, 0xc9, | |
1143 | 0xd2, 0xa0, 0xa0, 0x83, 0x66, 0xe0, 0xc9, 0xda, | |
1144 | 0xa8, 0xc6, 0x56, 0x2b, 0x94, 0xb1, 0xae, 0x55 | |
1145 | }; | |
1146 | return do_create_ec_explicit_prime_params(bld, prime256v1_gen2, | |
1147 | sizeof(prime256v1_gen2)); | |
1148 | } | |
1149 | ||
1150 | # ifndef OPENSSL_NO_EC2M | |
1151 | static int do_create_ec_explicit_trinomial_params(OSSL_PARAM_BLD *bld, | |
1152 | const unsigned char *gen, | |
1153 | size_t gen_len) | |
1154 | { | |
1155 | BIGNUM *a, *b, *poly, *order, *cofactor; | |
1156 | /* sect233k1 characteristic-two-field tpBasis */ | |
1157 | static const unsigned char poly_data[] = { | |
1158 | 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | |
1159 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, | |
1160 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, | |
1161 | }; | |
1162 | static const unsigned char a_data[] = { | |
1163 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | |
1164 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | |
1165 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 | |
1166 | }; | |
1167 | static const unsigned char b_data[] = { | |
1168 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | |
1169 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | |
1170 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 | |
1171 | }; | |
1172 | static const unsigned char order_data[] = { | |
1173 | 0x00, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | |
1174 | 0x00, 0x00, 0x00, 0x06, 0x9D, 0x5B, 0xB9, 0x15, 0xBC, 0xD4, 0x6E, 0xFB, | |
1175 | 0x1A, 0xD5, 0xF1, 0x73, 0xAB, 0xDF | |
1176 | }; | |
1177 | static const unsigned char cofactor_data[]= { | |
1178 | 0x4 | |
1179 | }; | |
1180 | return TEST_ptr(a = BN_CTX_get(bnctx)) | |
1181 | && TEST_ptr(b = BN_CTX_get(bnctx)) | |
1182 | && TEST_ptr(poly = BN_CTX_get(bnctx)) | |
1183 | && TEST_ptr(order = BN_CTX_get(bnctx)) | |
1184 | && TEST_ptr(cofactor = BN_CTX_get(bnctx)) | |
1185 | && TEST_ptr(BN_bin2bn(poly_data, sizeof(poly_data), poly)) | |
1186 | && TEST_ptr(BN_bin2bn(a_data, sizeof(a_data), a)) | |
1187 | && TEST_ptr(BN_bin2bn(b_data, sizeof(b_data), b)) | |
1188 | && TEST_ptr(BN_bin2bn(order_data, sizeof(order_data), order)) | |
1189 | && TEST_ptr(BN_bin2bn(cofactor_data, sizeof(cofactor_data), cofactor)) | |
1190 | && TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld, | |
1191 | OSSL_PKEY_PARAM_EC_FIELD_TYPE, | |
1192 | SN_X9_62_characteristic_two_field, 0)) | |
1193 | && TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_P, poly)) | |
1194 | && TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_A, a)) | |
1195 | && TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_B, b)) | |
1196 | && TEST_true(OSSL_PARAM_BLD_push_BN(bld, | |
1197 | OSSL_PKEY_PARAM_EC_ORDER, order)) | |
1198 | && TEST_true(OSSL_PARAM_BLD_push_octet_string(bld, | |
1199 | OSSL_PKEY_PARAM_EC_GENERATOR, gen, gen_len)) | |
1200 | && TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_COFACTOR, | |
1201 | cofactor)); | |
1202 | } | |
1203 | ||
1204 | static int create_ec_explicit_trinomial_params_namedcurve(OSSL_PARAM_BLD *bld) | |
1205 | { | |
1206 | static const unsigned char gen[] = { | |
1207 | 0x04, | |
1208 | 0x01, 0x72, 0x32, 0xBA, 0x85, 0x3A, 0x7E, 0x73, 0x1A, 0xF1, 0x29, 0xF2, | |
1209 | 0x2F, 0xF4, 0x14, 0x95, 0x63, 0xA4, 0x19, 0xC2, 0x6B, 0xF5, 0x0A, 0x4C, | |
1210 | 0x9D, 0x6E, 0xEF, 0xAD, 0x61, 0x26, | |
1211 | 0x01, 0xDB, 0x53, 0x7D, 0xEC, 0xE8, 0x19, 0xB7, 0xF7, 0x0F, 0x55, 0x5A, | |
1212 | 0x67, 0xC4, 0x27, 0xA8, 0xCD, 0x9B, 0xF1, 0x8A, 0xEB, 0x9B, 0x56, 0xE0, | |
1213 | 0xC1, 0x10, 0x56, 0xFA, 0xE6, 0xA3 | |
1214 | }; | |
1215 | return do_create_ec_explicit_trinomial_params(bld, gen, sizeof(gen)); | |
1216 | } | |
1217 | ||
1218 | static int create_ec_explicit_trinomial_params(OSSL_PARAM_BLD *bld) | |
1219 | { | |
1220 | static const unsigned char gen2[] = { | |
1221 | 0x04, | |
1222 | 0x00, 0xd7, 0xba, 0xd0, 0x26, 0x6c, 0x31, 0x6a, 0x78, 0x76, 0x01, 0xd1, | |
1223 | 0x32, 0x4b, 0x8f, 0x30, 0x29, 0x2d, 0x78, 0x30, 0xca, 0x43, 0xaa, 0xf0, | |
1224 | 0xa2, 0x5a, 0xd4, 0x0f, 0xb3, 0xf4, | |
1225 | 0x00, 0x85, 0x4b, 0x1b, 0x8d, 0x50, 0x10, 0xa5, 0x1c, 0x80, 0xf7, 0x86, | |
1226 | 0x40, 0x62, 0x4c, 0x87, 0xd1, 0x26, 0x7a, 0x9c, 0x5c, 0xe9, 0x82, 0x29, | |
1227 | 0xd1, 0x67, 0x70, 0x41, 0xea, 0xcb | |
1228 | }; | |
1229 | return do_create_ec_explicit_trinomial_params(bld, gen2, sizeof(gen2)); | |
1230 | } | |
1231 | # endif /* OPENSSL_NO_EC2M */ | |
1232 | #endif /* OPENSSL_NO_EC */ | |
1233 | ||
169eca60 JS |
1234 | typedef enum OPTION_choice { |
1235 | OPT_ERR = -1, | |
1236 | OPT_EOF = 0, | |
1237 | OPT_CONTEXT, | |
1238 | OPT_RSA_FILE, | |
1239 | OPT_RSA_PSS_FILE, | |
1240 | OPT_CONFIG_FILE, | |
1241 | OPT_PROVIDER_NAME, | |
1242 | OPT_TEST_ENUM | |
1243 | } OPTION_CHOICE; | |
1244 | ||
1245 | const OPTIONS *test_get_options(void) | |
1246 | { | |
1247 | static const OPTIONS options[] = { | |
1248 | OPT_TEST_OPTIONS_DEFAULT_USAGE, | |
1249 | { "context", OPT_CONTEXT, '-', | |
1250 | "Explicitly use a non-default library context" }, | |
1251 | { "rsa", OPT_RSA_FILE, '<', | |
1252 | "PEM format RSA key file to encode/decode" }, | |
1253 | { "pss", OPT_RSA_PSS_FILE, '<', | |
1254 | "PEM format RSA-PSS key file to encode/decode" }, | |
1255 | { "config", OPT_CONFIG_FILE, '<', | |
1256 | "The configuration file to use for the library context" }, | |
1257 | { "provider", OPT_PROVIDER_NAME, 's', | |
1258 | "The provider to load (The default value is 'default')" }, | |
1259 | { NULL } | |
1260 | }; | |
1261 | return options; | |
1262 | } | |
91f2b15f | 1263 | |
5a23d78c RL |
1264 | int setup_tests(void) |
1265 | { | |
169eca60 JS |
1266 | const char *rsa_file = NULL; |
1267 | const char *rsa_pss_file = NULL; | |
1268 | const char *prov_name = "default"; | |
1269 | char *config_file = NULL; | |
7c664b1f RL |
1270 | int ok = 1; |
1271 | ||
a7922e20 RL |
1272 | #ifndef OPENSSL_NO_DSA |
1273 | static size_t qbits = 160; /* PVK only tolerates 160 Q bits */ | |
1274 | static size_t pbits = 1024; /* With 160 Q bits, we MUST use 1024 P bits */ | |
1275 | OSSL_PARAM DSA_params[] = { | |
1276 | OSSL_PARAM_size_t("pbits", &pbits), | |
1277 | OSSL_PARAM_size_t("qbits", &qbits), | |
1278 | OSSL_PARAM_END | |
1279 | }; | |
1280 | #endif | |
1281 | ||
7c664b1f RL |
1282 | #ifndef OPENSSL_NO_EC |
1283 | static char groupname[] = "prime256v1"; | |
1284 | OSSL_PARAM EC_params[] = { | |
1285 | OSSL_PARAM_utf8_string("group", groupname, sizeof(groupname) - 1), | |
1286 | OSSL_PARAM_END | |
1287 | }; | |
1288 | #endif | |
1289 | ||
169eca60 JS |
1290 | OPTION_CHOICE o; |
1291 | ||
1292 | while ((o = opt_next()) != OPT_EOF) { | |
1293 | switch (o) { | |
1294 | case OPT_CONTEXT: | |
1295 | default_libctx = 0; | |
1296 | break; | |
1297 | case OPT_PROVIDER_NAME: | |
1298 | prov_name = opt_arg(); | |
1299 | break; | |
1300 | case OPT_CONFIG_FILE: | |
1301 | config_file = opt_arg(); | |
1302 | break; | |
1303 | case OPT_RSA_FILE: | |
1304 | rsa_file = opt_arg(); | |
1305 | break; | |
1306 | case OPT_RSA_PSS_FILE: | |
1307 | rsa_pss_file = opt_arg(); | |
1308 | break; | |
1309 | case OPT_TEST_CASES: | |
1310 | break; | |
1311 | default: | |
1312 | return 0; | |
1313 | } | |
91f2b15f | 1314 | } |
169eca60 JS |
1315 | |
1316 | if (strcmp(prov_name, "fips") == 0) | |
1317 | is_fips = 1; | |
1318 | ||
1319 | if (default_libctx) { | |
1320 | if (!test_get_libctx(NULL, NULL, config_file, &deflprov, prov_name)) | |
1321 | return 0; | |
1322 | } else { | |
1323 | if (!test_get_libctx(&testctx, &nullprov, config_file, &deflprov, prov_name)) | |
1324 | return 0; | |
91f2b15f | 1325 | } |
7c664b1f | 1326 | |
e1289d90 TM |
1327 | /* FIPS(3.0.0): provider imports explicit params but they won't work #17998 */ |
1328 | is_fips_3_0_0 = fips_provider_version_eq(testctx, 3, 0, 0); | |
1329 | if (is_fips_3_0_0 < 0) | |
1330 | return 0; | |
1331 | ||
7ee992a5 MC |
1332 | #ifdef STATIC_LEGACY |
1333 | /* | |
1334 | * This test is always statically linked against libcrypto. We must not | |
1335 | * attempt to load legacy.so that might be dynamically linked against | |
1336 | * libcrypto. Instead we use a built-in version of the legacy provider. | |
1337 | */ | |
1338 | if (!OSSL_PROVIDER_add_builtin(testctx, "legacy", ossl_legacy_provider_init)) | |
1339 | return 0; | |
1340 | #endif | |
1341 | ||
169eca60 JS |
1342 | /* Separate provider/ctx for generating the test data */ |
1343 | if (!TEST_ptr(keyctx = OSSL_LIB_CTX_new())) | |
1344 | return 0; | |
1345 | if (!TEST_ptr(keyprov = OSSL_PROVIDER_load(keyctx, "default"))) | |
1346 | return 0; | |
1347 | ||
c0f39ded | 1348 | #ifndef OPENSSL_NO_EC |
169eca60 | 1349 | if (!TEST_ptr(bnctx = BN_CTX_new_ex(testctx)) |
c0f39ded SL |
1350 | || !TEST_ptr(bld_prime_nc = OSSL_PARAM_BLD_new()) |
1351 | || !TEST_ptr(bld_prime = OSSL_PARAM_BLD_new()) | |
1352 | || !create_ec_explicit_prime_params_namedcurve(bld_prime_nc) | |
1353 | || !create_ec_explicit_prime_params(bld_prime) | |
1354 | || !TEST_ptr(ec_explicit_prime_params_nc = OSSL_PARAM_BLD_to_param(bld_prime_nc)) | |
1355 | || !TEST_ptr(ec_explicit_prime_params_explicit = OSSL_PARAM_BLD_to_param(bld_prime)) | |
1356 | # ifndef OPENSSL_NO_EC2M | |
1357 | || !TEST_ptr(bld_tri_nc = OSSL_PARAM_BLD_new()) | |
1358 | || !TEST_ptr(bld_tri = OSSL_PARAM_BLD_new()) | |
1359 | || !create_ec_explicit_trinomial_params_namedcurve(bld_tri_nc) | |
1360 | || !create_ec_explicit_trinomial_params(bld_tri) | |
1361 | || !TEST_ptr(ec_explicit_tri_params_nc = OSSL_PARAM_BLD_to_param(bld_tri_nc)) | |
1362 | || !TEST_ptr(ec_explicit_tri_params_explicit = OSSL_PARAM_BLD_to_param(bld_tri)) | |
1363 | # endif | |
1364 | ) | |
1365 | return 0; | |
1366 | #endif | |
1367 | ||
e2ac846e | 1368 | TEST_info("Generating keys..."); |
c0f39ded | 1369 | |
7c664b1f | 1370 | #ifndef OPENSSL_NO_DH |
91f2b15f | 1371 | TEST_info("Generating DH keys..."); |
7c664b1f | 1372 | MAKE_DOMAIN_KEYS(DH, "DH", NULL); |
31d2daec | 1373 | MAKE_DOMAIN_KEYS(DHX, "X9.42 DH", NULL); |
7c664b1f RL |
1374 | #endif |
1375 | #ifndef OPENSSL_NO_DSA | |
91f2b15f | 1376 | TEST_info("Generating DSA keys..."); |
a7922e20 | 1377 | MAKE_DOMAIN_KEYS(DSA, "DSA", DSA_params); |
7c664b1f RL |
1378 | #endif |
1379 | #ifndef OPENSSL_NO_EC | |
91f2b15f | 1380 | TEST_info("Generating EC keys..."); |
7c664b1f | 1381 | MAKE_DOMAIN_KEYS(EC, "EC", EC_params); |
c0f39ded SL |
1382 | MAKE_DOMAIN_KEYS(ECExplicitPrimeNamedCurve, "EC", ec_explicit_prime_params_nc); |
1383 | MAKE_DOMAIN_KEYS(ECExplicitPrime2G, "EC", ec_explicit_prime_params_explicit); | |
1384 | # ifndef OPENSSL_NO_EC2M | |
1385 | MAKE_DOMAIN_KEYS(ECExplicitTriNamedCurve, "EC", ec_explicit_tri_params_nc); | |
1386 | MAKE_DOMAIN_KEYS(ECExplicitTri2G, "EC", ec_explicit_tri_params_explicit); | |
1387 | # endif | |
7c664b1f RL |
1388 | MAKE_KEYS(ED25519, "ED25519", NULL); |
1389 | MAKE_KEYS(ED448, "ED448", NULL); | |
1390 | MAKE_KEYS(X25519, "X25519", NULL); | |
1391 | MAKE_KEYS(X448, "X448", NULL); | |
1392 | #endif | |
91f2b15f | 1393 | TEST_info("Loading RSA key..."); |
169eca60 | 1394 | ok = ok && TEST_ptr(key_RSA = load_pkey_pem(rsa_file, keyctx)); |
91f2b15f | 1395 | TEST_info("Loading RSA_PSS key..."); |
169eca60 | 1396 | ok = ok && TEST_ptr(key_RSA_PSS = load_pkey_pem(rsa_pss_file, keyctx)); |
91f2b15f | 1397 | TEST_info("Generating keys done"); |
5a23d78c | 1398 | |
7c664b1f RL |
1399 | if (ok) { |
1400 | #ifndef OPENSSL_NO_DH | |
1401 | ADD_TEST_SUITE(DH); | |
b565a17d | 1402 | ADD_TEST_SUITE_PARAMS(DH); |
31d2daec | 1403 | ADD_TEST_SUITE(DHX); |
b565a17d | 1404 | ADD_TEST_SUITE_PARAMS(DHX); |
bddfea02 RL |
1405 | /* |
1406 | * DH has no support for PEM_write_bio_PrivateKey_traditional(), | |
1407 | * so no legacy tests. | |
1408 | */ | |
7c664b1f RL |
1409 | #endif |
1410 | #ifndef OPENSSL_NO_DSA | |
1411 | ADD_TEST_SUITE(DSA); | |
b565a17d | 1412 | ADD_TEST_SUITE_PARAMS(DSA); |
bddfea02 | 1413 | ADD_TEST_SUITE_LEGACY(DSA); |
a7922e20 | 1414 | ADD_TEST_SUITE_MSBLOB(DSA); |
5faec149 RL |
1415 | ADD_TEST_SUITE_UNPROTECTED_PVK(DSA); |
1416 | # ifndef OPENSSL_NO_RC4 | |
169eca60 | 1417 | ADD_TEST_SUITE_PROTECTED_PVK(DSA); |
5faec149 | 1418 | # endif |
7c664b1f RL |
1419 | #endif |
1420 | #ifndef OPENSSL_NO_EC | |
1421 | ADD_TEST_SUITE(EC); | |
b565a17d | 1422 | ADD_TEST_SUITE_PARAMS(EC); |
bddfea02 | 1423 | ADD_TEST_SUITE_LEGACY(EC); |
c0f39ded | 1424 | ADD_TEST_SUITE(ECExplicitPrimeNamedCurve); |
bddfea02 | 1425 | ADD_TEST_SUITE_LEGACY(ECExplicitPrimeNamedCurve); |
c0f39ded | 1426 | ADD_TEST_SUITE(ECExplicitPrime2G); |
bddfea02 | 1427 | ADD_TEST_SUITE_LEGACY(ECExplicitPrime2G); |
c0f39ded SL |
1428 | # ifndef OPENSSL_NO_EC2M |
1429 | ADD_TEST_SUITE(ECExplicitTriNamedCurve); | |
bddfea02 | 1430 | ADD_TEST_SUITE_LEGACY(ECExplicitTriNamedCurve); |
c0f39ded | 1431 | ADD_TEST_SUITE(ECExplicitTri2G); |
bddfea02 | 1432 | ADD_TEST_SUITE_LEGACY(ECExplicitTri2G); |
c0f39ded | 1433 | # endif |
7c664b1f RL |
1434 | ADD_TEST_SUITE(ED25519); |
1435 | ADD_TEST_SUITE(ED448); | |
1436 | ADD_TEST_SUITE(X25519); | |
1437 | ADD_TEST_SUITE(X448); | |
bddfea02 RL |
1438 | /* |
1439 | * ED25519, ED448, X25519 and X448 have no support for | |
1440 | * PEM_write_bio_PrivateKey_traditional(), so no legacy tests. | |
1441 | */ | |
7c664b1f RL |
1442 | #endif |
1443 | ADD_TEST_SUITE(RSA); | |
bddfea02 | 1444 | ADD_TEST_SUITE_LEGACY(RSA); |
7c664b1f | 1445 | ADD_TEST_SUITE(RSA_PSS); |
bddfea02 RL |
1446 | /* |
1447 | * RSA-PSS has no support for PEM_write_bio_PrivateKey_traditional(), | |
1448 | * so no legacy tests. | |
1449 | */ | |
a7922e20 | 1450 | ADD_TEST_SUITE_MSBLOB(RSA); |
5faec149 RL |
1451 | ADD_TEST_SUITE_UNPROTECTED_PVK(RSA); |
1452 | # ifndef OPENSSL_NO_RC4 | |
169eca60 | 1453 | ADD_TEST_SUITE_PROTECTED_PVK(RSA); |
5faec149 | 1454 | # endif |
7c664b1f | 1455 | } |
5a23d78c RL |
1456 | |
1457 | return 1; | |
1458 | } | |
7c664b1f RL |
1459 | |
1460 | void cleanup_tests(void) | |
1461 | { | |
c0f39ded | 1462 | #ifndef OPENSSL_NO_EC |
3f883c7c SL |
1463 | OSSL_PARAM_free(ec_explicit_prime_params_nc); |
1464 | OSSL_PARAM_free(ec_explicit_prime_params_explicit); | |
c0f39ded SL |
1465 | OSSL_PARAM_BLD_free(bld_prime_nc); |
1466 | OSSL_PARAM_BLD_free(bld_prime); | |
1467 | # ifndef OPENSSL_NO_EC2M | |
3f883c7c SL |
1468 | OSSL_PARAM_free(ec_explicit_tri_params_nc); |
1469 | OSSL_PARAM_free(ec_explicit_tri_params_explicit); | |
c0f39ded SL |
1470 | OSSL_PARAM_BLD_free(bld_tri_nc); |
1471 | OSSL_PARAM_BLD_free(bld_tri); | |
1472 | # endif | |
1473 | BN_CTX_free(bnctx); | |
1474 | #endif /* OPENSSL_NO_EC */ | |
1475 | ||
7c664b1f RL |
1476 | #ifndef OPENSSL_NO_DH |
1477 | FREE_DOMAIN_KEYS(DH); | |
31d2daec | 1478 | FREE_DOMAIN_KEYS(DHX); |
7c664b1f RL |
1479 | #endif |
1480 | #ifndef OPENSSL_NO_DSA | |
1481 | FREE_DOMAIN_KEYS(DSA); | |
1482 | #endif | |
1483 | #ifndef OPENSSL_NO_EC | |
1484 | FREE_DOMAIN_KEYS(EC); | |
c0f39ded SL |
1485 | FREE_DOMAIN_KEYS(ECExplicitPrimeNamedCurve); |
1486 | FREE_DOMAIN_KEYS(ECExplicitPrime2G); | |
1487 | # ifndef OPENSSL_NO_EC2M | |
1488 | FREE_DOMAIN_KEYS(ECExplicitTriNamedCurve); | |
1489 | FREE_DOMAIN_KEYS(ECExplicitTri2G); | |
1490 | # endif | |
7c664b1f RL |
1491 | FREE_KEYS(ED25519); |
1492 | FREE_KEYS(ED448); | |
1493 | FREE_KEYS(X25519); | |
1494 | FREE_KEYS(X448); | |
1495 | #endif | |
1496 | FREE_KEYS(RSA); | |
1497 | FREE_KEYS(RSA_PSS); | |
169eca60 JS |
1498 | |
1499 | OSSL_PROVIDER_unload(nullprov); | |
1500 | OSSL_PROVIDER_unload(deflprov); | |
1501 | OSSL_PROVIDER_unload(keyprov); | |
1502 | OSSL_LIB_CTX_free(testctx); | |
1503 | OSSL_LIB_CTX_free(keyctx); | |
7c664b1f | 1504 | } |