]> git.ipfire.org Git - thirdparty/openssl.git/blob - test/endecode_test.c
projects / thirdparty / openssl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Statically link the legacy provider to endecode_test
[thirdparty/openssl.git] / test / endecode_test.c
1 /*
2 * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 #include <string.h>
11 #include <openssl/core_dispatch.h>
12 #include <openssl/evp.h>
13 #include <openssl/pem.h>
14 #include <openssl/rsa.h>
15 #include <openssl/x509.h>
16 #include <openssl/core_names.h>
17 #include <openssl/params.h>
18 #include <openssl/param_build.h>
19 #include <openssl/encoder.h>
20 #include <openssl/decoder.h>
21
22 #include "internal/cryptlib.h" /* ossl_assert */
23 #include "crypto/pem.h" /* For PVK and "blob" PEM headers */
24 #include "crypto/evp.h" /* For evp_pkey_is_provided() */
25
26 #include "helpers/predefined_dhparams.h"
27 #include "testutil.h"
28
29 #ifdef STATIC_LEGACY
30 OSSL_provider_init_fn ossl_legacy_provider_init;
31 #endif
32
33 /* Extended test macros to allow passing file & line number */
34 #define TEST_FL_ptr(a) test_ptr(file, line, #a, a)
35 #define TEST_FL_mem_eq(a, m, b, n) test_mem_eq(file, line, #a, #b, a, m, b, n)
36 #define TEST_FL_strn_eq(a, b, n) test_strn_eq(file, line, #a, #b, a, n, b, n)
37 #define TEST_FL_strn2_eq(a, m, b, n) test_strn_eq(file, line, #a, #b, a, m, b, n)
38 #define TEST_FL_int_eq(a, b) test_int_eq(file, line, #a, #b, a, b)
39 #define TEST_FL_int_ge(a, b) test_int_ge(file, line, #a, #b, a, b)
40 #define TEST_FL_int_gt(a, b) test_int_gt(file, line, #a, #b, a, b)
41 #define TEST_FL_long_gt(a, b) test_long_gt(file, line, #a, #b, a, b)
42 #define TEST_FL_true(a) test_true(file, line, #a, (a) != 0)
43
44 #if defined(OPENSSL_NO_DH) && defined(OPENSSL_NO_DSA) && defined(OPENSSL_NO_EC)
45 # define OPENSSL_NO_KEYPARAMS
46 #endif
47
48 static int default_libctx = 1;
49 static int is_fips = 0;
50
51 static OSSL_LIB_CTX *testctx = NULL;
52 static OSSL_LIB_CTX *keyctx = NULL;
53 static char *testpropq = NULL;
54
55 static OSSL_PROVIDER *nullprov = NULL;
56 static OSSL_PROVIDER *deflprov = NULL;
57 static OSSL_PROVIDER *keyprov = NULL;
58
59 #ifndef OPENSSL_NO_EC
60 static BN_CTX *bnctx = NULL;
61 static OSSL_PARAM_BLD *bld_prime_nc = NULL;
62 static OSSL_PARAM_BLD *bld_prime = NULL;
63 static OSSL_PARAM *ec_explicit_prime_params_nc = NULL;
64 static OSSL_PARAM *ec_explicit_prime_params_explicit = NULL;
65
66 # ifndef OPENSSL_NO_EC2M
67 static OSSL_PARAM_BLD *bld_tri_nc = NULL;
68 static OSSL_PARAM_BLD *bld_tri = NULL;
69 static OSSL_PARAM *ec_explicit_tri_params_nc = NULL;
70 static OSSL_PARAM *ec_explicit_tri_params_explicit = NULL;
71 # endif
72 #endif
73
74 #ifndef OPENSSL_NO_KEYPARAMS
75 static EVP_PKEY *make_template(const char *type, OSSL_PARAM *genparams)
76 {
77 EVP_PKEY *pkey = NULL;
78 EVP_PKEY_CTX *ctx = NULL;
79
80 # ifndef OPENSSL_NO_DH
81 /*
82 * Use 512-bit DH(X) keys with predetermined parameters for efficiency,
83 * for testing only. Use a minimum key size of 2048 for security purposes.
84 */
85 if (strcmp(type, "DH") == 0)
86 return get_dh512(keyctx);
87
88 if (strcmp(type, "X9.42 DH") == 0)
89 return get_dhx512(keyctx);
90 # endif
91
92 /*
93 * No real need to check the errors other than for the cascade
94 * effect. |pkey| will simply remain NULL if something goes wrong.
95 */
96 (void)((ctx = EVP_PKEY_CTX_new_from_name(keyctx, type, testpropq)) != NULL
97 && EVP_PKEY_paramgen_init(ctx) > 0
98 && (genparams == NULL
99 || EVP_PKEY_CTX_set_params(ctx, genparams) > 0)
100 && EVP_PKEY_generate(ctx, &pkey) > 0);
101 EVP_PKEY_CTX_free(ctx);
102
103 return pkey;
104 }
105 #endif
106
107 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC)
108 static EVP_PKEY *make_key(const char *type, EVP_PKEY *template,
109 OSSL_PARAM *genparams)
110 {
111 EVP_PKEY *pkey = NULL;
112 EVP_PKEY_CTX *ctx =
113 template != NULL
114 ? EVP_PKEY_CTX_new_from_pkey(keyctx, template, testpropq)
115 : EVP_PKEY_CTX_new_from_name(keyctx, type, testpropq);
116
117 /*
118 * No real need to check the errors other than for the cascade
119 * effect. |pkey| will simply remain NULL if something goes wrong.
120 */
121 (void)(ctx != NULL
122 && EVP_PKEY_keygen_init(ctx) > 0
123 && (genparams == NULL
124 || EVP_PKEY_CTX_set_params(ctx, genparams) > 0)
125 && EVP_PKEY_keygen(ctx, &pkey) > 0);
126 EVP_PKEY_CTX_free(ctx);
127 return pkey;
128 }
129 #endif
130
131 /* Main test driver */
132
133 typedef int (encoder)(const char *file, const int line,
134 void **encoded, long *encoded_len,
135 void *object, int selection,
136 const char *output_type, const char *output_structure,
137 const char *pass, const char *pcipher);
138 typedef int (decoder)(const char *file, const int line,
139 void **object, void *encoded, long encoded_len,
140 const char *input_type, const char *structure_type,
141 const char *keytype, int selection, const char *pass);
142 typedef int (tester)(const char *file, const int line,
143 const void *data1, size_t data1_len,
144 const void *data2, size_t data2_len);
145 typedef int (checker)(const char *file, const int line,
146 const char *type, const void *data, size_t data_len);
147 typedef void (dumper)(const char *label, const void *data, size_t data_len);
148
149 #define FLAG_DECODE_WITH_TYPE 0x0001
150
151 static int test_encode_decode(const char *file, const int line,
152 const char *type, EVP_PKEY *pkey,
153 int selection, const char *output_type,
154 const char *output_structure,
155 const char *pass, const char *pcipher,
156 encoder *encode_cb, decoder *decode_cb,
157 tester *test_cb, checker *check_cb,
158 dumper *dump_cb, int flags)
159 {
160 void *encoded = NULL;
161 long encoded_len = 0;
162 EVP_PKEY *pkey2 = NULL;
163 void *encoded2 = NULL;
164 long encoded2_len = 0;
165 int ok = 0;
166
167 /*
168 * Encode |pkey|, decode the result into |pkey2|, and finish off by
169 * encoding |pkey2| as well. That last encoding is for checking and
170 * dumping purposes.
171 */
172 if (!TEST_true(encode_cb(file, line, &encoded, &encoded_len, pkey, selection,
173 output_type, output_structure, pass, pcipher))
174 || !TEST_true(check_cb(file, line, type, encoded, encoded_len))
175 || !TEST_true(decode_cb(file, line, (void **)&pkey2, encoded, encoded_len,
176 output_type, output_structure,
177 (flags & FLAG_DECODE_WITH_TYPE ? type : NULL),
178 selection, pass))
179 || !TEST_true(encode_cb(file, line, &encoded2, &encoded2_len, pkey2, selection,
180 output_type, output_structure, pass, pcipher)))
181 goto end;
182
183 if (selection == OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) {
184 if (!TEST_int_eq(EVP_PKEY_parameters_eq(pkey, pkey2), 1))
185 goto end;
186 } else {
187 if (!TEST_int_eq(EVP_PKEY_eq(pkey, pkey2), 1))
188 goto end;
189 }
190
191 /*
192 * Double check the encoding, but only for unprotected keys,
193 * as protected keys have a random component, which makes the output
194 * differ.
195 */
196 if ((pass == NULL && pcipher == NULL)
197 && !test_cb(file, line, encoded, encoded_len, encoded2, encoded2_len))
198 goto end;
199
200 ok = 1;
201 end:
202 if (!ok) {
203 if (encoded != NULL && encoded_len != 0)
204 dump_cb("|pkey| encoded", encoded, encoded_len);
205 if (encoded2 != NULL && encoded2_len != 0)
206 dump_cb("|pkey2| encoded", encoded2, encoded2_len);
207 }
208
209 OPENSSL_free(encoded);
210 OPENSSL_free(encoded2);
211 EVP_PKEY_free(pkey2);
212 return ok;
213 }
214
215 /* Encoding and decoding methods */
216
217 static int encode_EVP_PKEY_prov(const char *file, const int line,
218 void **encoded, long *encoded_len,
219 void *object, int selection,
220 const char *output_type,
221 const char *output_structure,
222 const char *pass, const char *pcipher)
223 {
224 EVP_PKEY *pkey = object;
225 OSSL_ENCODER_CTX *ectx = NULL;
226 BIO *mem_ser = NULL;
227 BUF_MEM *mem_buf = NULL;
228 const unsigned char *upass = (const unsigned char *)pass;
229 int ok = 0;
230
231 if (!TEST_FL_ptr(ectx = OSSL_ENCODER_CTX_new_for_pkey(pkey, selection,
232 output_type,
233 output_structure,
234 testpropq))
235 || !TEST_FL_int_gt(OSSL_ENCODER_CTX_get_num_encoders(ectx), 0)
236 || (pass != NULL
237 && !TEST_FL_true(OSSL_ENCODER_CTX_set_passphrase(ectx, upass,
238 strlen(pass))))
239 || (pcipher != NULL
240 && !TEST_FL_true(OSSL_ENCODER_CTX_set_cipher(ectx, pcipher, NULL)))
241 || !TEST_FL_ptr(mem_ser = BIO_new(BIO_s_mem()))
242 || !TEST_FL_true(OSSL_ENCODER_to_bio(ectx, mem_ser))
243 || !TEST_FL_true(BIO_get_mem_ptr(mem_ser, &mem_buf) > 0)
244 || !TEST_FL_ptr(*encoded = mem_buf->data)
245 || !TEST_FL_long_gt(*encoded_len = mem_buf->length, 0))
246 goto end;
247
248 /* Detach the encoded output */
249 mem_buf->data = NULL;
250 mem_buf->length = 0;
251 ok = 1;
252 end:
253 BIO_free(mem_ser);
254 OSSL_ENCODER_CTX_free(ectx);
255 return ok;
256 }
257
258 static int decode_EVP_PKEY_prov(const char *file, const int line,
259 void **object, void *encoded, long encoded_len,
260 const char *input_type,
261 const char *structure_type,
262 const char *keytype, int selection,
263 const char *pass)
264 {
265 EVP_PKEY *pkey = NULL, *testpkey = NULL;
266 OSSL_DECODER_CTX *dctx = NULL;
267 BIO *encoded_bio = NULL;
268 const unsigned char *upass = (const unsigned char *)pass;
269 int ok = 0;
270 int i;
271 const char *badtype;
272
273 if (strcmp(input_type, "DER") == 0)
274 badtype = "PEM";
275 else
276 badtype = "DER";
277
278 if (!TEST_FL_ptr(encoded_bio = BIO_new_mem_buf(encoded, encoded_len)))
279 goto end;
280
281 /*
282 * We attempt the decode 3 times. The first time we provide the expected
283 * starting input type. The second time we provide NULL for the starting
284 * type. The third time we provide a bad starting input type.
285 * The bad starting input type should fail. The other two should succeed
286 * and produce the same result.
287 */
288 for (i = 0; i < 3; i++) {
289 const char *testtype = (i == 0) ? input_type
290 : ((i == 1) ? NULL : badtype);
291
292 if (!TEST_FL_ptr(dctx = OSSL_DECODER_CTX_new_for_pkey(&testpkey,
293 testtype,
294 structure_type,
295 keytype,
296 selection,
297 testctx, testpropq))
298 || (pass != NULL
299 && !OSSL_DECODER_CTX_set_passphrase(dctx, upass, strlen(pass)))
300 || !TEST_FL_int_gt(BIO_reset(encoded_bio), 0)
301 /* We expect to fail when using a bad input type */
302 || !TEST_FL_int_eq(OSSL_DECODER_from_bio(dctx, encoded_bio),
303 (i == 2) ? 0 : 1))
304 goto end;
305 OSSL_DECODER_CTX_free(dctx);
306 dctx = NULL;
307
308 if (i == 0) {
309 pkey = testpkey;
310 testpkey = NULL;
311 } else if (i == 1) {
312 if (selection == OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) {
313 if (!TEST_FL_int_eq(EVP_PKEY_parameters_eq(pkey, testpkey), 1))
314 goto end;
315 } else {
316 if (!TEST_FL_int_eq(EVP_PKEY_eq(pkey, testpkey), 1))
317 goto end;
318 }
319 }
320 }
321 ok = 1;
322 *object = pkey;
323 pkey = NULL;
324
325 end:
326 EVP_PKEY_free(pkey);
327 EVP_PKEY_free(testpkey);
328 BIO_free(encoded_bio);
329 OSSL_DECODER_CTX_free(dctx);
330 return ok;
331 }
332
333 static int encode_EVP_PKEY_legacy_PEM(const char *file, const int line,
334 void **encoded, long *encoded_len,
335 void *object, ossl_unused int selection,
336 ossl_unused const char *output_type,
337 ossl_unused const char *output_structure,
338 const char *pass, const char *pcipher)
339 {
340 EVP_PKEY *pkey = object;
341 EVP_CIPHER *cipher = NULL;
342 BIO *mem_ser = NULL;
343 BUF_MEM *mem_buf = NULL;
344 const unsigned char *upass = (const unsigned char *)pass;
345 size_t passlen = 0;
346 int ok = 0;
347
348 if (pcipher != NULL && pass != NULL) {
349 passlen = strlen(pass);
350 if (!TEST_FL_ptr(cipher = EVP_CIPHER_fetch(testctx, pcipher, testpropq)))
351 goto end;
352 }
353 if (!TEST_FL_ptr(mem_ser = BIO_new(BIO_s_mem()))
354 || !TEST_FL_true(PEM_write_bio_PrivateKey_traditional(mem_ser, pkey,
355 cipher,
356 upass, passlen,
357 NULL, NULL))
358 || !TEST_FL_true(BIO_get_mem_ptr(mem_ser, &mem_buf) > 0)
359 || !TEST_FL_ptr(*encoded = mem_buf->data)
360 || !TEST_FL_long_gt(*encoded_len = mem_buf->length, 0))
361 goto end;
362
363 /* Detach the encoded output */
364 mem_buf->data = NULL;
365 mem_buf->length = 0;
366 ok = 1;
367 end:
368 BIO_free(mem_ser);
369 EVP_CIPHER_free(cipher);
370 return ok;
371 }
372
373 static int encode_EVP_PKEY_MSBLOB(const char *file, const int line,
374 void **encoded, long *encoded_len,
375 void *object, int selection,
376 ossl_unused const char *output_type,
377 ossl_unused const char *output_structure,
378 ossl_unused const char *pass,
379 ossl_unused const char *pcipher)
380 {
381 EVP_PKEY *pkey = object;
382 BIO *mem_ser = NULL;
383 BUF_MEM *mem_buf = NULL;
384 int ok = 0;
385
386 if (!TEST_FL_ptr(mem_ser = BIO_new(BIO_s_mem())))
387 goto end;
388
389 if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) {
390 if (!TEST_FL_int_ge(i2b_PrivateKey_bio(mem_ser, pkey), 0))
391 goto end;
392 } else {
393 if (!TEST_FL_int_ge(i2b_PublicKey_bio(mem_ser, pkey), 0))
394 goto end;
395 }
396
397 if (!TEST_FL_true(BIO_get_mem_ptr(mem_ser, &mem_buf) > 0)
398 || !TEST_FL_ptr(*encoded = mem_buf->data)
399 || !TEST_FL_long_gt(*encoded_len = mem_buf->length, 0))
400 goto end;
401
402 /* Detach the encoded output */
403 mem_buf->data = NULL;
404 mem_buf->length = 0;
405 ok = 1;
406 end:
407 BIO_free(mem_ser);
408 return ok;
409 }
410
411 static pem_password_cb pass_pw;
412 static int pass_pw(char *buf, int size, int rwflag, void *userdata)
413 {
414 OPENSSL_strlcpy(buf, userdata, size);
415 return strlen(userdata);
416 }
417
418 static int encode_EVP_PKEY_PVK(const char *file, const int line,
419 void **encoded, long *encoded_len,
420 void *object, int selection,
421 ossl_unused const char *output_type,
422 ossl_unused const char *output_structure,
423 const char *pass,
424 ossl_unused const char *pcipher)
425 {
426 EVP_PKEY *pkey = object;
427 BIO *mem_ser = NULL;
428 BUF_MEM *mem_buf = NULL;
429 int enc = (pass != NULL);
430 int ok = 0;
431
432 if (!TEST_FL_true(ossl_assert((selection
433 & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0))
434 || !TEST_FL_ptr(mem_ser = BIO_new(BIO_s_mem()))
435 || !TEST_FL_int_ge(i2b_PVK_bio_ex(mem_ser, pkey, enc,
436 pass_pw, (void *)pass, testctx, testpropq), 0)
437 || !TEST_FL_true(BIO_get_mem_ptr(mem_ser, &mem_buf) > 0)
438 || !TEST_FL_ptr(*encoded = mem_buf->data)
439 || !TEST_FL_long_gt(*encoded_len = mem_buf->length, 0))
440 goto end;
441
442 /* Detach the encoded output */
443 mem_buf->data = NULL;
444 mem_buf->length = 0;
445 ok = 1;
446 end:
447 BIO_free(mem_ser);
448 return ok;
449 }
450
451 static int test_text(const char *file, const int line,
452 const void *data1, size_t data1_len,
453 const void *data2, size_t data2_len)
454 {
455 return TEST_FL_strn2_eq(data1, data1_len, data2, data2_len);
456 }
457
458 static int test_mem(const char *file, const int line,
459 const void *data1, size_t data1_len,
460 const void *data2, size_t data2_len)
461 {
462 return TEST_FL_mem_eq(data1, data1_len, data2, data2_len);
463 }
464
465 /* Test cases and their dumpers / checkers */
466
467 static void collect_name(const char *name, void *arg)
468 {
469 char **namelist = arg;
470 char *new_namelist;
471 size_t space;
472
473 space = strlen(name);
474 if (*namelist != NULL)
475 space += strlen(*namelist) + 2 /* for comma and space */;
476 space++; /* for terminating null byte */
477
478 new_namelist = OPENSSL_realloc(*namelist, space);
479 if (new_namelist == NULL)
480 return;
481 if (*namelist != NULL) {
482 strcat(new_namelist, ", ");
483 strcat(new_namelist, name);
484 } else {
485 strcpy(new_namelist, name);
486 }
487 *namelist = new_namelist;
488 }
489
490 static void dump_der(const char *label, const void *data, size_t data_len)
491 {
492 test_output_memory(label, data, data_len);
493 }
494
495 static void dump_pem(const char *label, const void *data, size_t data_len)
496 {
497 test_output_string(label, data, data_len - 1);
498 }
499
500 static int check_unprotected_PKCS8_DER(const char *file, const int line,
501 const char *type,
502 const void *data, size_t data_len)
503 {
504 const unsigned char *datap = data;
505 PKCS8_PRIV_KEY_INFO *p8inf =
506 d2i_PKCS8_PRIV_KEY_INFO(NULL, &datap, data_len);
507 int ok = 0;
508
509 if (TEST_FL_ptr(p8inf)) {
510 EVP_PKEY *pkey = EVP_PKCS82PKEY_ex(p8inf, testctx, testpropq);
511 char *namelist = NULL;
512
513 if (TEST_FL_ptr(pkey)) {
514 if (!(ok = TEST_FL_true(EVP_PKEY_is_a(pkey, type)))) {
515 EVP_PKEY_type_names_do_all(pkey, collect_name, &namelist);
516 if (namelist != NULL)
517 TEST_note("%s isn't any of %s", type, namelist);
518 OPENSSL_free(namelist);
519 }
520 ok = ok && TEST_FL_true(evp_pkey_is_provided(pkey));
521 EVP_PKEY_free(pkey);
522 }
523 }
524 PKCS8_PRIV_KEY_INFO_free(p8inf);
525 return ok;
526 }
527
528 static int test_unprotected_via_DER(const char *type, EVP_PKEY *key)
529 {
530 return test_encode_decode(__FILE__, __LINE__, type, key,
531 OSSL_KEYMGMT_SELECT_KEYPAIR
532 | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS,
533 "DER", "PrivateKeyInfo", NULL, NULL,
534 encode_EVP_PKEY_prov, decode_EVP_PKEY_prov,
535 test_mem, check_unprotected_PKCS8_DER,
536 dump_der, 0);
537 }
538
539 static int check_unprotected_PKCS8_PEM(const char *file, const int line,
540 const char *type,
541 const void *data, size_t data_len)
542 {
543 static const char expected_pem_header[] =
544 "-----BEGIN " PEM_STRING_PKCS8INF "-----";
545
546 return TEST_FL_strn_eq(data, expected_pem_header,
547 sizeof(expected_pem_header) - 1);
548 }
549
550 static int test_unprotected_via_PEM(const char *type, EVP_PKEY *key)
551 {
552 return test_encode_decode(__FILE__, __LINE__, type, key,
553 OSSL_KEYMGMT_SELECT_KEYPAIR
554 | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS,
555 "PEM", "PrivateKeyInfo", NULL, NULL,
556 encode_EVP_PKEY_prov, decode_EVP_PKEY_prov,
557 test_text, check_unprotected_PKCS8_PEM,
558 dump_pem, 0);
559 }
560
561 #ifndef OPENSSL_NO_KEYPARAMS
562 static int check_params_DER(const char *file, const int line,
563 const char *type, const void *data, size_t data_len)
564 {
565 const unsigned char *datap = data;
566 int ok = 0;
567 int itype = NID_undef;
568 EVP_PKEY *pkey = NULL;
569
570 if (strcmp(type, "DH") == 0)
571 itype = EVP_PKEY_DH;
572 else if (strcmp(type, "X9.42 DH") == 0)
573 itype = EVP_PKEY_DHX;
574 else if (strcmp(type, "DSA") == 0)
575 itype = EVP_PKEY_DSA;
576 else if (strcmp(type, "EC") == 0)
577 itype = EVP_PKEY_EC;
578
579 if (itype != NID_undef) {
580 pkey = d2i_KeyParams(itype, NULL, &datap, data_len);
581 ok = (pkey != NULL);
582 EVP_PKEY_free(pkey);
583 }
584
585 return ok;
586 }
587
588 static int check_params_PEM(const char *file, const int line,
589 const char *type,
590 const void *data, size_t data_len)
591 {
592 static char expected_pem_header[80];
593
594 return
595 TEST_FL_int_gt(BIO_snprintf(expected_pem_header,
596 sizeof(expected_pem_header),
597 "-----BEGIN %s PARAMETERS-----", type), 0)
598 && TEST_FL_strn_eq(data, expected_pem_header, strlen(expected_pem_header));
599 }
600
601 static int test_params_via_DER(const char *type, EVP_PKEY *key)
602 {
603 return test_encode_decode(__FILE__, __LINE__, type, key, OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS,
604 "DER", "type-specific", NULL, NULL,
605 encode_EVP_PKEY_prov, decode_EVP_PKEY_prov,
606 test_mem, check_params_DER,
607 dump_der, FLAG_DECODE_WITH_TYPE);
608 }
609
610 static int test_params_via_PEM(const char *type, EVP_PKEY *key)
611 {
612 return test_encode_decode(__FILE__, __LINE__, type, key, OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS,
613 "PEM", "type-specific", NULL, NULL,
614 encode_EVP_PKEY_prov, decode_EVP_PKEY_prov,
615 test_text, check_params_PEM,
616 dump_pem, 0);
617 }
618 #endif /* !OPENSSL_NO_KEYPARAMS */
619
620 static int check_unprotected_legacy_PEM(const char *file, const int line,
621 const char *type,
622 const void *data, size_t data_len)
623 {
624 static char expected_pem_header[80];
625
626 return
627 TEST_FL_int_gt(BIO_snprintf(expected_pem_header,
628 sizeof(expected_pem_header),
629 "-----BEGIN %s PRIVATE KEY-----", type), 0)
630 && TEST_FL_strn_eq(data, expected_pem_header, strlen(expected_pem_header));
631 }
632
633 static int test_unprotected_via_legacy_PEM(const char *type, EVP_PKEY *key)
634 {
635 if (!default_libctx || is_fips)
636 return TEST_skip("Test not available if using a non-default library context or FIPS provider");
637
638 return test_encode_decode(__FILE__, __LINE__, type, key,
639 OSSL_KEYMGMT_SELECT_KEYPAIR
640 | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS,
641 "PEM", "type-specific", NULL, NULL,
642 encode_EVP_PKEY_legacy_PEM, decode_EVP_PKEY_prov,
643 test_text, check_unprotected_legacy_PEM,
644 dump_pem, 0);
645 }
646
647 static int check_MSBLOB(const char *file, const int line,
648 const char *type, const void *data, size_t data_len)
649 {
650 const unsigned char *datap = data;
651 EVP_PKEY *pkey = b2i_PrivateKey(&datap, data_len);
652 int ok = TEST_FL_ptr(pkey);
653
654 EVP_PKEY_free(pkey);
655 return ok;
656 }
657
658 static int test_unprotected_via_MSBLOB(const char *type, EVP_PKEY *key)
659 {
660 return test_encode_decode(__FILE__, __LINE__, type, key,
661 OSSL_KEYMGMT_SELECT_KEYPAIR
662 | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS,
663 "MSBLOB", NULL, NULL, NULL,
664 encode_EVP_PKEY_MSBLOB, decode_EVP_PKEY_prov,
665 test_mem, check_MSBLOB,
666 dump_der, 0);
667 }
668
669 static int check_PVK(const char *file, const int line,
670 const char *type, const void *data, size_t data_len)
671 {
672 const unsigned char *in = data;
673 unsigned int saltlen = 0, keylen = 0;
674 int ok = ossl_do_PVK_header(&in, data_len, 0, &saltlen, &keylen);
675
676 return ok;
677 }
678
679 static int test_unprotected_via_PVK(const char *type, EVP_PKEY *key)
680 {
681 return test_encode_decode(__FILE__, __LINE__, type, key,
682 OSSL_KEYMGMT_SELECT_KEYPAIR
683 | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS,
684 "PVK", NULL, NULL, NULL,
685 encode_EVP_PKEY_PVK, decode_EVP_PKEY_prov,
686 test_mem, check_PVK,
687 dump_der, 0);
688 }
689
690 static const char *pass_cipher = "AES-256-CBC";
691 static const char *pass = "the holy handgrenade of antioch";
692
693 static int check_protected_PKCS8_DER(const char *file, const int line,
694 const char *type,
695 const void *data, size_t data_len)
696 {
697 const unsigned char *datap = data;
698 X509_SIG *p8 = d2i_X509_SIG(NULL, &datap, data_len);
699 int ok = TEST_FL_ptr(p8);
700
701 X509_SIG_free(p8);
702 return ok;
703 }
704
705 static int test_protected_via_DER(const char *type, EVP_PKEY *key)
706 {
707 return test_encode_decode(__FILE__, __LINE__, type, key,
708 OSSL_KEYMGMT_SELECT_KEYPAIR
709 | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS,
710 "DER", "EncryptedPrivateKeyInfo",
711 pass, pass_cipher,
712 encode_EVP_PKEY_prov, decode_EVP_PKEY_prov,
713 test_mem, check_protected_PKCS8_DER,
714 dump_der, 0);
715 }
716
717 static int check_protected_PKCS8_PEM(const char *file, const int line,
718 const char *type,
719 const void *data, size_t data_len)
720 {
721 static const char expected_pem_header[] =
722 "-----BEGIN " PEM_STRING_PKCS8 "-----";
723
724 return TEST_FL_strn_eq(data, expected_pem_header,
725 sizeof(expected_pem_header) - 1);
726 }
727
728 static int test_protected_via_PEM(const char *type, EVP_PKEY *key)
729 {
730 return test_encode_decode(__FILE__, __LINE__, type, key,
731 OSSL_KEYMGMT_SELECT_KEYPAIR
732 | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS,
733 "PEM", "EncryptedPrivateKeyInfo",
734 pass, pass_cipher,
735 encode_EVP_PKEY_prov, decode_EVP_PKEY_prov,
736 test_text, check_protected_PKCS8_PEM,
737 dump_pem, 0);
738 }
739
740 static int check_protected_legacy_PEM(const char *file, const int line,
741 const char *type,
742 const void *data, size_t data_len)
743 {
744 static char expected_pem_header[80];
745
746 return
747 TEST_FL_int_gt(BIO_snprintf(expected_pem_header,
748 sizeof(expected_pem_header),
749 "-----BEGIN %s PRIVATE KEY-----", type), 0)
750 && TEST_FL_strn_eq(data, expected_pem_header, strlen(expected_pem_header))
751 && TEST_FL_ptr(strstr(data, "\nDEK-Info: "));
752 }
753
754 static int test_protected_via_legacy_PEM(const char *type, EVP_PKEY *key)
755 {
756 if (!default_libctx || is_fips)
757 return TEST_skip("Test not available if using a non-default library context or FIPS provider");
758
759 return test_encode_decode(__FILE__, __LINE__, type, key,
760 OSSL_KEYMGMT_SELECT_KEYPAIR
761 | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS,
762 "PEM", "type-specific", pass, pass_cipher,
763 encode_EVP_PKEY_legacy_PEM, decode_EVP_PKEY_prov,
764 test_text, check_protected_legacy_PEM,
765 dump_pem, 0);
766 }
767
768 #ifndef OPENSSL_NO_RC4
769 static int test_protected_via_PVK(const char *type, EVP_PKEY *key)
770 {
771 int ret = 0;
772 OSSL_PROVIDER *lgcyprov = OSSL_PROVIDER_load(testctx, "legacy");
773 if (lgcyprov == NULL)
774 return TEST_skip("Legacy provider not available");
775
776 ret = test_encode_decode(__FILE__, __LINE__, type, key,
777 OSSL_KEYMGMT_SELECT_KEYPAIR
778 | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS,
779 "PVK", NULL, pass, NULL,
780 encode_EVP_PKEY_PVK, decode_EVP_PKEY_prov,
781 test_mem, check_PVK, dump_der, 0);
782 OSSL_PROVIDER_unload(lgcyprov);
783 return ret;
784 }
785 #endif
786
787 static int check_public_DER(const char *file, const int line,
788 const char *type, const void *data, size_t data_len)
789 {
790 const unsigned char *datap = data;
791 EVP_PKEY *pkey = d2i_PUBKEY_ex(NULL, &datap, data_len, testctx, testpropq);
792 int ok = (TEST_FL_ptr(pkey) && TEST_FL_true(EVP_PKEY_is_a(pkey, type)));
793
794 EVP_PKEY_free(pkey);
795 return ok;
796 }
797
798 static int test_public_via_DER(const char *type, EVP_PKEY *key)
799 {
800 return test_encode_decode(__FILE__, __LINE__, type, key,
801 OSSL_KEYMGMT_SELECT_PUBLIC_KEY
802 | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS,
803 "DER", "SubjectPublicKeyInfo", NULL, NULL,
804 encode_EVP_PKEY_prov, decode_EVP_PKEY_prov,
805 test_mem, check_public_DER, dump_der, 0);
806 }
807
808 static int check_public_PEM(const char *file, const int line,
809 const char *type, const void *data, size_t data_len)
810 {
811 static const char expected_pem_header[] =
812 "-----BEGIN " PEM_STRING_PUBLIC "-----";
813
814 return
815 TEST_FL_strn_eq(data, expected_pem_header,
816 sizeof(expected_pem_header) - 1);
817 }
818
819 static int test_public_via_PEM(const char *type, EVP_PKEY *key)
820 {
821 return test_encode_decode(__FILE__, __LINE__, type, key,
822 OSSL_KEYMGMT_SELECT_PUBLIC_KEY
823 | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS,
824 "PEM", "SubjectPublicKeyInfo", NULL, NULL,
825 encode_EVP_PKEY_prov, decode_EVP_PKEY_prov,
826 test_text, check_public_PEM, dump_pem, 0);
827 }
828
829 static int check_public_MSBLOB(const char *file, const int line,
830 const char *type,
831 const void *data, size_t data_len)
832 {
833 const unsigned char *datap = data;
834 EVP_PKEY *pkey = b2i_PublicKey(&datap, data_len);
835 int ok = TEST_FL_ptr(pkey);
836
837 EVP_PKEY_free(pkey);
838 return ok;
839 }
840
841 static int test_public_via_MSBLOB(const char *type, EVP_PKEY *key)
842 {
843 return test_encode_decode(__FILE__, __LINE__, type, key, OSSL_KEYMGMT_SELECT_PUBLIC_KEY
844 | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS,
845 "MSBLOB", NULL, NULL, NULL,
846 encode_EVP_PKEY_MSBLOB, decode_EVP_PKEY_prov,
847 test_mem, check_public_MSBLOB, dump_der, 0);
848 }
849
850 #define KEYS(KEYTYPE) \
851 static EVP_PKEY *key_##KEYTYPE = NULL
852 #define MAKE_KEYS(KEYTYPE, KEYTYPEstr, params) \
853 ok = ok \
854 && TEST_ptr(key_##KEYTYPE = make_key(KEYTYPEstr, NULL, params))
855 #define FREE_KEYS(KEYTYPE) \
856 EVP_PKEY_free(key_##KEYTYPE); \
857
858 #define DOMAIN_KEYS(KEYTYPE) \
859 static EVP_PKEY *template_##KEYTYPE = NULL; \
860 static EVP_PKEY *key_##KEYTYPE = NULL
861 #define MAKE_DOMAIN_KEYS(KEYTYPE, KEYTYPEstr, params) \
862 ok = ok \
863 && TEST_ptr(template_##KEYTYPE = \
864 make_template(KEYTYPEstr, params)) \
865 && TEST_ptr(key_##KEYTYPE = \
866 make_key(KEYTYPEstr, template_##KEYTYPE, NULL))
867 #define FREE_DOMAIN_KEYS(KEYTYPE) \
868 EVP_PKEY_free(template_##KEYTYPE); \
869 EVP_PKEY_free(key_##KEYTYPE)
870
871 #define IMPLEMENT_TEST_SUITE(KEYTYPE, KEYTYPEstr) \
872 static int test_unprotected_##KEYTYPE##_via_DER(void) \
873 { \
874 return test_unprotected_via_DER(KEYTYPEstr, key_##KEYTYPE); \
875 } \
876 static int test_unprotected_##KEYTYPE##_via_PEM(void) \
877 { \
878 return test_unprotected_via_PEM(KEYTYPEstr, key_##KEYTYPE); \
879 } \
880 static int test_protected_##KEYTYPE##_via_DER(void) \
881 { \
882 return test_protected_via_DER(KEYTYPEstr, key_##KEYTYPE); \
883 } \
884 static int test_protected_##KEYTYPE##_via_PEM(void) \
885 { \
886 return test_protected_via_PEM(KEYTYPEstr, key_##KEYTYPE); \
887 } \
888 static int test_public_##KEYTYPE##_via_DER(void) \
889 { \
890 return test_public_via_DER(KEYTYPEstr, key_##KEYTYPE); \
891 } \
892 static int test_public_##KEYTYPE##_via_PEM(void) \
893 { \
894 return test_public_via_PEM(KEYTYPEstr, key_##KEYTYPE); \
895 }
896
897 #define ADD_TEST_SUITE(KEYTYPE) \
898 ADD_TEST(test_unprotected_##KEYTYPE##_via_DER); \
899 ADD_TEST(test_unprotected_##KEYTYPE##_via_PEM); \
900 ADD_TEST(test_protected_##KEYTYPE##_via_DER); \
901 ADD_TEST(test_protected_##KEYTYPE##_via_PEM); \
902 ADD_TEST(test_public_##KEYTYPE##_via_DER); \
903 ADD_TEST(test_public_##KEYTYPE##_via_PEM)
904
905 #define IMPLEMENT_TEST_SUITE_PARAMS(KEYTYPE, KEYTYPEstr) \
906 static int test_params_##KEYTYPE##_via_DER(void) \
907 { \
908 return test_params_via_DER(KEYTYPEstr, key_##KEYTYPE); \
909 } \
910 static int test_params_##KEYTYPE##_via_PEM(void) \
911 { \
912 return test_params_via_PEM(KEYTYPEstr, key_##KEYTYPE); \
913 }
914
915 #define ADD_TEST_SUITE_PARAMS(KEYTYPE) \
916 ADD_TEST(test_params_##KEYTYPE##_via_DER); \
917 ADD_TEST(test_params_##KEYTYPE##_via_PEM)
918
919 #define IMPLEMENT_TEST_SUITE_LEGACY(KEYTYPE, KEYTYPEstr) \
920 static int test_unprotected_##KEYTYPE##_via_legacy_PEM(void) \
921 { \
922 return \
923 test_unprotected_via_legacy_PEM(KEYTYPEstr, key_##KEYTYPE); \
924 } \
925 static int test_protected_##KEYTYPE##_via_legacy_PEM(void) \
926 { \
927 return \
928 test_protected_via_legacy_PEM(KEYTYPEstr, key_##KEYTYPE); \
929 }
930
931 #define ADD_TEST_SUITE_LEGACY(KEYTYPE) \
932 ADD_TEST(test_unprotected_##KEYTYPE##_via_legacy_PEM); \
933 ADD_TEST(test_protected_##KEYTYPE##_via_legacy_PEM)
934
935 #define IMPLEMENT_TEST_SUITE_MSBLOB(KEYTYPE, KEYTYPEstr) \
936 static int test_unprotected_##KEYTYPE##_via_MSBLOB(void) \
937 { \
938 return test_unprotected_via_MSBLOB(KEYTYPEstr, key_##KEYTYPE); \
939 } \
940 static int test_public_##KEYTYPE##_via_MSBLOB(void) \
941 { \
942 return test_public_via_MSBLOB(KEYTYPEstr, key_##KEYTYPE); \
943 }
944
945 #define ADD_TEST_SUITE_MSBLOB(KEYTYPE) \
946 ADD_TEST(test_unprotected_##KEYTYPE##_via_MSBLOB); \
947 ADD_TEST(test_public_##KEYTYPE##_via_MSBLOB)
948
949 #define IMPLEMENT_TEST_SUITE_UNPROTECTED_PVK(KEYTYPE, KEYTYPEstr) \
950 static int test_unprotected_##KEYTYPE##_via_PVK(void) \
951 { \
952 return test_unprotected_via_PVK(KEYTYPEstr, key_##KEYTYPE); \
953 }
954 # define ADD_TEST_SUITE_UNPROTECTED_PVK(KEYTYPE) \
955 ADD_TEST(test_unprotected_##KEYTYPE##_via_PVK)
956 #ifndef OPENSSL_NO_RC4
957 # define IMPLEMENT_TEST_SUITE_PROTECTED_PVK(KEYTYPE, KEYTYPEstr) \
958 static int test_protected_##KEYTYPE##_via_PVK(void) \
959 { \
960 return test_protected_via_PVK(KEYTYPEstr, key_##KEYTYPE); \
961 }
962 # define ADD_TEST_SUITE_PROTECTED_PVK(KEYTYPE) \
963 ADD_TEST(test_protected_##KEYTYPE##_via_PVK)
964 #endif
965
966 #ifndef OPENSSL_NO_DH
967 DOMAIN_KEYS(DH);
968 IMPLEMENT_TEST_SUITE(DH, "DH")
969 IMPLEMENT_TEST_SUITE_PARAMS(DH, "DH")
970 DOMAIN_KEYS(DHX);
971 IMPLEMENT_TEST_SUITE(DHX, "X9.42 DH")
972 IMPLEMENT_TEST_SUITE_PARAMS(DHX, "X9.42 DH")
973 /*
974 * DH has no support for PEM_write_bio_PrivateKey_traditional(),
975 * so no legacy tests.
976 */
977 #endif
978 #ifndef OPENSSL_NO_DSA
979 DOMAIN_KEYS(DSA);
980 IMPLEMENT_TEST_SUITE(DSA, "DSA")
981 IMPLEMENT_TEST_SUITE_PARAMS(DSA, "DSA")
982 IMPLEMENT_TEST_SUITE_LEGACY(DSA, "DSA")
983 IMPLEMENT_TEST_SUITE_MSBLOB(DSA, "DSA")
984 IMPLEMENT_TEST_SUITE_UNPROTECTED_PVK(DSA, "DSA")
985 # ifndef OPENSSL_NO_RC4
986 IMPLEMENT_TEST_SUITE_PROTECTED_PVK(DSA, "DSA")
987 # endif
988 #endif
989 #ifndef OPENSSL_NO_EC
990 DOMAIN_KEYS(EC);
991 IMPLEMENT_TEST_SUITE(EC, "EC")
992 IMPLEMENT_TEST_SUITE_PARAMS(EC, "EC")
993 IMPLEMENT_TEST_SUITE_LEGACY(EC, "EC")
994 DOMAIN_KEYS(ECExplicitPrimeNamedCurve);
995 IMPLEMENT_TEST_SUITE(ECExplicitPrimeNamedCurve, "EC")
996 IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitPrimeNamedCurve, "EC")
997 DOMAIN_KEYS(ECExplicitPrime2G);
998 IMPLEMENT_TEST_SUITE(ECExplicitPrime2G, "EC")
999 IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitPrime2G, "EC")
1000 # ifndef OPENSSL_NO_EC2M
1001 DOMAIN_KEYS(ECExplicitTriNamedCurve);
1002 IMPLEMENT_TEST_SUITE(ECExplicitTriNamedCurve, "EC")
1003 IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitTriNamedCurve, "EC")
1004 DOMAIN_KEYS(ECExplicitTri2G);
1005 IMPLEMENT_TEST_SUITE(ECExplicitTri2G, "EC")
1006 IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitTri2G, "EC")
1007 # endif
1008 KEYS(ED25519);
1009 IMPLEMENT_TEST_SUITE(ED25519, "ED25519")
1010 KEYS(ED448);
1011 IMPLEMENT_TEST_SUITE(ED448, "ED448")
1012 KEYS(X25519);
1013 IMPLEMENT_TEST_SUITE(X25519, "X25519")
1014 KEYS(X448);
1015 IMPLEMENT_TEST_SUITE(X448, "X448")
1016 /*
1017 * ED25519, ED448, X25519 and X448 have no support for
1018 * PEM_write_bio_PrivateKey_traditional(), so no legacy tests.
1019 */
1020 #endif
1021 KEYS(RSA);
1022 IMPLEMENT_TEST_SUITE(RSA, "RSA")
1023 IMPLEMENT_TEST_SUITE_LEGACY(RSA, "RSA")
1024 KEYS(RSA_PSS);
1025 IMPLEMENT_TEST_SUITE(RSA_PSS, "RSA-PSS")
1026 /*
1027 * RSA-PSS has no support for PEM_write_bio_PrivateKey_traditional(),
1028 * so no legacy tests.
1029 */
1030 IMPLEMENT_TEST_SUITE_MSBLOB(RSA, "RSA")
1031 IMPLEMENT_TEST_SUITE_UNPROTECTED_PVK(RSA, "RSA")
1032 #ifndef OPENSSL_NO_RC4
1033 IMPLEMENT_TEST_SUITE_PROTECTED_PVK(RSA, "RSA")
1034 #endif
1035
1036 #ifndef OPENSSL_NO_EC
1037 /* Explicit parameters that match a named curve */
1038 static int do_create_ec_explicit_prime_params(OSSL_PARAM_BLD *bld,
1039 const unsigned char *gen,
1040 size_t gen_len)
1041 {
1042 BIGNUM *a, *b, *prime, *order;
1043
1044 /* Curve prime256v1 */
1045 static const unsigned char prime_data[] = {
1046 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00,
1047 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1048 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff,
1049 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
1050 0xff
1051 };
1052 static const unsigned char a_data[] = {
1053 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00,
1054 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1055 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff,
1056 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
1057 0xfc
1058 };
1059 static const unsigned char b_data[] = {
1060 0x5a, 0xc6, 0x35, 0xd8, 0xaa, 0x3a, 0x93, 0xe7,
1061 0xb3, 0xeb, 0xbd, 0x55, 0x76, 0x98, 0x86, 0xbc,
1062 0x65, 0x1d, 0x06, 0xb0, 0xcc, 0x53, 0xb0, 0xf6,
1063 0x3b, 0xce, 0x3c, 0x3e, 0x27, 0xd2, 0x60, 0x4b
1064 };
1065 static const unsigned char seed[] = {
1066 0xc4, 0x9d, 0x36, 0x08, 0x86, 0xe7, 0x04, 0x93,
1067 0x6a, 0x66, 0x78, 0xe1, 0x13, 0x9d, 0x26, 0xb7,
1068 0x81, 0x9f, 0x7e, 0x90
1069 };
1070 static const unsigned char order_data[] = {
1071 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00,
1072 0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
1073 0xff, 0xbc, 0xe6, 0xfa, 0xad, 0xa7, 0x17, 0x9e,
1074 0x84, 0xf3, 0xb9, 0xca, 0xc2, 0xfc, 0x63, 0x25, 0x51
1075 };
1076 return TEST_ptr(a = BN_CTX_get(bnctx))
1077 && TEST_ptr(b = BN_CTX_get(bnctx))
1078 && TEST_ptr(prime = BN_CTX_get(bnctx))
1079 && TEST_ptr(order = BN_CTX_get(bnctx))
1080 && TEST_ptr(BN_bin2bn(prime_data, sizeof(prime_data), prime))
1081 && TEST_ptr(BN_bin2bn(a_data, sizeof(a_data), a))
1082 && TEST_ptr(BN_bin2bn(b_data, sizeof(b_data), b))
1083 && TEST_ptr(BN_bin2bn(order_data, sizeof(order_data), order))
1084 && TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
1085 OSSL_PKEY_PARAM_EC_FIELD_TYPE, SN_X9_62_prime_field,
1086 0))
1087 && TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_P, prime))
1088 && TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_A, a))
1089 && TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_B, b))
1090 && TEST_true(OSSL_PARAM_BLD_push_BN(bld,
1091 OSSL_PKEY_PARAM_EC_ORDER, order))
1092 && TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
1093 OSSL_PKEY_PARAM_EC_GENERATOR, gen, gen_len))
1094 && TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
1095 OSSL_PKEY_PARAM_EC_SEED, seed, sizeof(seed)))
1096 && TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_COFACTOR,
1097 BN_value_one()));
1098 }
1099
1100 static int create_ec_explicit_prime_params_namedcurve(OSSL_PARAM_BLD *bld)
1101 {
1102 static const unsigned char prime256v1_gen[] = {
1103 0x04,
1104 0x6b, 0x17, 0xd1, 0xf2, 0xe1, 0x2c, 0x42, 0x47,
1105 0xf8, 0xbc, 0xe6, 0xe5, 0x63, 0xa4, 0x40, 0xf2,
1106 0x77, 0x03, 0x7d, 0x81, 0x2d, 0xeb, 0x33, 0xa0,
1107 0xf4, 0xa1, 0x39, 0x45, 0xd8, 0x98, 0xc2, 0x96,
1108 0x4f, 0xe3, 0x42, 0xe2, 0xfe, 0x1a, 0x7f, 0x9b,
1109 0x8e, 0xe7, 0xeb, 0x4a, 0x7c, 0x0f, 0x9e, 0x16,
1110 0x2b, 0xce, 0x33, 0x57, 0x6b, 0x31, 0x5e, 0xce,
1111 0xcb, 0xb6, 0x40, 0x68, 0x37, 0xbf, 0x51, 0xf5
1112 };
1113 return do_create_ec_explicit_prime_params(bld, prime256v1_gen,
1114 sizeof(prime256v1_gen));
1115 }
1116
1117 static int create_ec_explicit_prime_params(OSSL_PARAM_BLD *bld)
1118 {
1119 /* 2G */
1120 static const unsigned char prime256v1_gen2[] = {
1121 0x04,
1122 0xe4, 0x97, 0x08, 0xbe, 0x7d, 0xfa, 0xa2, 0x9a,
1123 0xa3, 0x12, 0x6f, 0xe4, 0xe7, 0xd0, 0x25, 0xe3,
1124 0x4a, 0xc1, 0x03, 0x15, 0x8c, 0xd9, 0x33, 0xc6,
1125 0x97, 0x42, 0xf5, 0xdc, 0x97, 0xb9, 0xd7, 0x31,
1126 0xe9, 0x7d, 0x74, 0x3d, 0x67, 0x6a, 0x3b, 0x21,
1127 0x08, 0x9c, 0x31, 0x73, 0xf8, 0xc1, 0x27, 0xc9,
1128 0xd2, 0xa0, 0xa0, 0x83, 0x66, 0xe0, 0xc9, 0xda,
1129 0xa8, 0xc6, 0x56, 0x2b, 0x94, 0xb1, 0xae, 0x55
1130 };
1131 return do_create_ec_explicit_prime_params(bld, prime256v1_gen2,
1132 sizeof(prime256v1_gen2));
1133 }
1134
1135 # ifndef OPENSSL_NO_EC2M
1136 static int do_create_ec_explicit_trinomial_params(OSSL_PARAM_BLD *bld,
1137 const unsigned char *gen,
1138 size_t gen_len)
1139 {
1140 BIGNUM *a, *b, *poly, *order, *cofactor;
1141 /* sect233k1 characteristic-two-field tpBasis */
1142 static const unsigned char poly_data[] = {
1143 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1144 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00,
1145 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
1146 };
1147 static const unsigned char a_data[] = {
1148 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1149 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1150 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
1151 };
1152 static const unsigned char b_data[] = {
1153 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1154 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1155 0x00, 0x00, 0x00, 0x00, 0x00, 0x01
1156 };
1157 static const unsigned char order_data[] = {
1158 0x00, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1159 0x00, 0x00, 0x00, 0x06, 0x9D, 0x5B, 0xB9, 0x15, 0xBC, 0xD4, 0x6E, 0xFB,
1160 0x1A, 0xD5, 0xF1, 0x73, 0xAB, 0xDF
1161 };
1162 static const unsigned char cofactor_data[]= {
1163 0x4
1164 };
1165 return TEST_ptr(a = BN_CTX_get(bnctx))
1166 && TEST_ptr(b = BN_CTX_get(bnctx))
1167 && TEST_ptr(poly = BN_CTX_get(bnctx))
1168 && TEST_ptr(order = BN_CTX_get(bnctx))
1169 && TEST_ptr(cofactor = BN_CTX_get(bnctx))
1170 && TEST_ptr(BN_bin2bn(poly_data, sizeof(poly_data), poly))
1171 && TEST_ptr(BN_bin2bn(a_data, sizeof(a_data), a))
1172 && TEST_ptr(BN_bin2bn(b_data, sizeof(b_data), b))
1173 && TEST_ptr(BN_bin2bn(order_data, sizeof(order_data), order))
1174 && TEST_ptr(BN_bin2bn(cofactor_data, sizeof(cofactor_data), cofactor))
1175 && TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
1176 OSSL_PKEY_PARAM_EC_FIELD_TYPE,
1177 SN_X9_62_characteristic_two_field, 0))
1178 && TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_P, poly))
1179 && TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_A, a))
1180 && TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_B, b))
1181 && TEST_true(OSSL_PARAM_BLD_push_BN(bld,
1182 OSSL_PKEY_PARAM_EC_ORDER, order))
1183 && TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
1184 OSSL_PKEY_PARAM_EC_GENERATOR, gen, gen_len))
1185 && TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_COFACTOR,
1186 cofactor));
1187 }
1188
1189 static int create_ec_explicit_trinomial_params_namedcurve(OSSL_PARAM_BLD *bld)
1190 {
1191 static const unsigned char gen[] = {
1192 0x04,
1193 0x01, 0x72, 0x32, 0xBA, 0x85, 0x3A, 0x7E, 0x73, 0x1A, 0xF1, 0x29, 0xF2,
1194 0x2F, 0xF4, 0x14, 0x95, 0x63, 0xA4, 0x19, 0xC2, 0x6B, 0xF5, 0x0A, 0x4C,
1195 0x9D, 0x6E, 0xEF, 0xAD, 0x61, 0x26,
1196 0x01, 0xDB, 0x53, 0x7D, 0xEC, 0xE8, 0x19, 0xB7, 0xF7, 0x0F, 0x55, 0x5A,
1197 0x67, 0xC4, 0x27, 0xA8, 0xCD, 0x9B, 0xF1, 0x8A, 0xEB, 0x9B, 0x56, 0xE0,
1198 0xC1, 0x10, 0x56, 0xFA, 0xE6, 0xA3
1199 };
1200 return do_create_ec_explicit_trinomial_params(bld, gen, sizeof(gen));
1201 }
1202
1203 static int create_ec_explicit_trinomial_params(OSSL_PARAM_BLD *bld)
1204 {
1205 static const unsigned char gen2[] = {
1206 0x04,
1207 0x00, 0xd7, 0xba, 0xd0, 0x26, 0x6c, 0x31, 0x6a, 0x78, 0x76, 0x01, 0xd1,
1208 0x32, 0x4b, 0x8f, 0x30, 0x29, 0x2d, 0x78, 0x30, 0xca, 0x43, 0xaa, 0xf0,
1209 0xa2, 0x5a, 0xd4, 0x0f, 0xb3, 0xf4,
1210 0x00, 0x85, 0x4b, 0x1b, 0x8d, 0x50, 0x10, 0xa5, 0x1c, 0x80, 0xf7, 0x86,
1211 0x40, 0x62, 0x4c, 0x87, 0xd1, 0x26, 0x7a, 0x9c, 0x5c, 0xe9, 0x82, 0x29,
1212 0xd1, 0x67, 0x70, 0x41, 0xea, 0xcb
1213 };
1214 return do_create_ec_explicit_trinomial_params(bld, gen2, sizeof(gen2));
1215 }
1216 # endif /* OPENSSL_NO_EC2M */
1217 #endif /* OPENSSL_NO_EC */
1218
1219 typedef enum OPTION_choice {
1220 OPT_ERR = -1,
1221 OPT_EOF = 0,
1222 OPT_CONTEXT,
1223 OPT_RSA_FILE,
1224 OPT_RSA_PSS_FILE,
1225 OPT_CONFIG_FILE,
1226 OPT_PROVIDER_NAME,
1227 OPT_TEST_ENUM
1228 } OPTION_CHOICE;
1229
1230 const OPTIONS *test_get_options(void)
1231 {
1232 static const OPTIONS options[] = {
1233 OPT_TEST_OPTIONS_DEFAULT_USAGE,
1234 { "context", OPT_CONTEXT, '-',
1235 "Explicitly use a non-default library context" },
1236 { "rsa", OPT_RSA_FILE, '<',
1237 "PEM format RSA key file to encode/decode" },
1238 { "pss", OPT_RSA_PSS_FILE, '<',
1239 "PEM format RSA-PSS key file to encode/decode" },
1240 { "config", OPT_CONFIG_FILE, '<',
1241 "The configuration file to use for the library context" },
1242 { "provider", OPT_PROVIDER_NAME, 's',
1243 "The provider to load (The default value is 'default')" },
1244 { NULL }
1245 };
1246 return options;
1247 }
1248
1249 int setup_tests(void)
1250 {
1251 const char *rsa_file = NULL;
1252 const char *rsa_pss_file = NULL;
1253 const char *prov_name = "default";
1254 char *config_file = NULL;
1255 int ok = 1;
1256
1257 #ifndef OPENSSL_NO_DSA
1258 static size_t qbits = 160; /* PVK only tolerates 160 Q bits */
1259 static size_t pbits = 1024; /* With 160 Q bits, we MUST use 1024 P bits */
1260 OSSL_PARAM DSA_params[] = {
1261 OSSL_PARAM_size_t("pbits", &pbits),
1262 OSSL_PARAM_size_t("qbits", &qbits),
1263 OSSL_PARAM_END
1264 };
1265 #endif
1266
1267 #ifndef OPENSSL_NO_EC
1268 static char groupname[] = "prime256v1";
1269 OSSL_PARAM EC_params[] = {
1270 OSSL_PARAM_utf8_string("group", groupname, sizeof(groupname) - 1),
1271 OSSL_PARAM_END
1272 };
1273 #endif
1274
1275 OPTION_CHOICE o;
1276
1277 while ((o = opt_next()) != OPT_EOF) {
1278 switch (o) {
1279 case OPT_CONTEXT:
1280 default_libctx = 0;
1281 break;
1282 case OPT_PROVIDER_NAME:
1283 prov_name = opt_arg();
1284 break;
1285 case OPT_CONFIG_FILE:
1286 config_file = opt_arg();
1287 break;
1288 case OPT_RSA_FILE:
1289 rsa_file = opt_arg();
1290 break;
1291 case OPT_RSA_PSS_FILE:
1292 rsa_pss_file = opt_arg();
1293 break;
1294 case OPT_TEST_CASES:
1295 break;
1296 default:
1297 return 0;
1298 }
1299 }
1300
1301 if (strcmp(prov_name, "fips") == 0)
1302 is_fips = 1;
1303
1304 if (default_libctx) {
1305 if (!test_get_libctx(NULL, NULL, config_file, &deflprov, prov_name))
1306 return 0;
1307 } else {
1308 if (!test_get_libctx(&testctx, &nullprov, config_file, &deflprov, prov_name))
1309 return 0;
1310 }
1311
1312 #ifdef STATIC_LEGACY
1313 /*
1314 * This test is always statically linked against libcrypto. We must not
1315 * attempt to load legacy.so that might be dynamically linked against
1316 * libcrypto. Instead we use a built-in version of the legacy provider.
1317 */
1318 if (!OSSL_PROVIDER_add_builtin(testctx, "legacy", ossl_legacy_provider_init))
1319 return 0;
1320 #endif
1321
1322 /* Separate provider/ctx for generating the test data */
1323 if (!TEST_ptr(keyctx = OSSL_LIB_CTX_new()))
1324 return 0;
1325 if (!TEST_ptr(keyprov = OSSL_PROVIDER_load(keyctx, "default")))
1326 return 0;
1327
1328 #ifndef OPENSSL_NO_EC
1329 if (!TEST_ptr(bnctx = BN_CTX_new_ex(testctx))
1330 || !TEST_ptr(bld_prime_nc = OSSL_PARAM_BLD_new())
1331 || !TEST_ptr(bld_prime = OSSL_PARAM_BLD_new())
1332 || !create_ec_explicit_prime_params_namedcurve(bld_prime_nc)
1333 || !create_ec_explicit_prime_params(bld_prime)
1334 || !TEST_ptr(ec_explicit_prime_params_nc = OSSL_PARAM_BLD_to_param(bld_prime_nc))
1335 || !TEST_ptr(ec_explicit_prime_params_explicit = OSSL_PARAM_BLD_to_param(bld_prime))
1336 # ifndef OPENSSL_NO_EC2M
1337 || !TEST_ptr(bld_tri_nc = OSSL_PARAM_BLD_new())
1338 || !TEST_ptr(bld_tri = OSSL_PARAM_BLD_new())
1339 || !create_ec_explicit_trinomial_params_namedcurve(bld_tri_nc)
1340 || !create_ec_explicit_trinomial_params(bld_tri)
1341 || !TEST_ptr(ec_explicit_tri_params_nc = OSSL_PARAM_BLD_to_param(bld_tri_nc))
1342 || !TEST_ptr(ec_explicit_tri_params_explicit = OSSL_PARAM_BLD_to_param(bld_tri))
1343 # endif
1344 )
1345 return 0;
1346 #endif
1347
1348 TEST_info("Generating keys...");
1349
1350 #ifndef OPENSSL_NO_DH
1351 TEST_info("Generating DH keys...");
1352 MAKE_DOMAIN_KEYS(DH, "DH", NULL);
1353 MAKE_DOMAIN_KEYS(DHX, "X9.42 DH", NULL);
1354 #endif
1355 #ifndef OPENSSL_NO_DSA
1356 TEST_info("Generating DSA keys...");
1357 MAKE_DOMAIN_KEYS(DSA, "DSA", DSA_params);
1358 #endif
1359 #ifndef OPENSSL_NO_EC
1360 TEST_info("Generating EC keys...");
1361 MAKE_DOMAIN_KEYS(EC, "EC", EC_params);
1362 MAKE_DOMAIN_KEYS(ECExplicitPrimeNamedCurve, "EC", ec_explicit_prime_params_nc);
1363 MAKE_DOMAIN_KEYS(ECExplicitPrime2G, "EC", ec_explicit_prime_params_explicit);
1364 # ifndef OPENSSL_NO_EC2M
1365 MAKE_DOMAIN_KEYS(ECExplicitTriNamedCurve, "EC", ec_explicit_tri_params_nc);
1366 MAKE_DOMAIN_KEYS(ECExplicitTri2G, "EC", ec_explicit_tri_params_explicit);
1367 # endif
1368 MAKE_KEYS(ED25519, "ED25519", NULL);
1369 MAKE_KEYS(ED448, "ED448", NULL);
1370 MAKE_KEYS(X25519, "X25519", NULL);
1371 MAKE_KEYS(X448, "X448", NULL);
1372 #endif
1373 TEST_info("Loading RSA key...");
1374 ok = ok && TEST_ptr(key_RSA = load_pkey_pem(rsa_file, keyctx));
1375 TEST_info("Loading RSA_PSS key...");
1376 ok = ok && TEST_ptr(key_RSA_PSS = load_pkey_pem(rsa_pss_file, keyctx));
1377 TEST_info("Generating keys done");
1378
1379 if (ok) {
1380 #ifndef OPENSSL_NO_DH
1381 ADD_TEST_SUITE(DH);
1382 ADD_TEST_SUITE_PARAMS(DH);
1383 ADD_TEST_SUITE(DHX);
1384 ADD_TEST_SUITE_PARAMS(DHX);
1385 /*
1386 * DH has no support for PEM_write_bio_PrivateKey_traditional(),
1387 * so no legacy tests.
1388 */
1389 #endif
1390 #ifndef OPENSSL_NO_DSA
1391 ADD_TEST_SUITE(DSA);
1392 ADD_TEST_SUITE_PARAMS(DSA);
1393 ADD_TEST_SUITE_LEGACY(DSA);
1394 ADD_TEST_SUITE_MSBLOB(DSA);
1395 ADD_TEST_SUITE_UNPROTECTED_PVK(DSA);
1396 # ifndef OPENSSL_NO_RC4
1397 ADD_TEST_SUITE_PROTECTED_PVK(DSA);
1398 # endif
1399 #endif
1400 #ifndef OPENSSL_NO_EC
1401 ADD_TEST_SUITE(EC);
1402 ADD_TEST_SUITE_PARAMS(EC);
1403 ADD_TEST_SUITE_LEGACY(EC);
1404 ADD_TEST_SUITE(ECExplicitPrimeNamedCurve);
1405 ADD_TEST_SUITE_LEGACY(ECExplicitPrimeNamedCurve);
1406 ADD_TEST_SUITE(ECExplicitPrime2G);
1407 ADD_TEST_SUITE_LEGACY(ECExplicitPrime2G);
1408 # ifndef OPENSSL_NO_EC2M
1409 ADD_TEST_SUITE(ECExplicitTriNamedCurve);
1410 ADD_TEST_SUITE_LEGACY(ECExplicitTriNamedCurve);
1411 ADD_TEST_SUITE(ECExplicitTri2G);
1412 ADD_TEST_SUITE_LEGACY(ECExplicitTri2G);
1413 # endif
1414 ADD_TEST_SUITE(ED25519);
1415 ADD_TEST_SUITE(ED448);
1416 ADD_TEST_SUITE(X25519);
1417 ADD_TEST_SUITE(X448);
1418 /*
1419 * ED25519, ED448, X25519 and X448 have no support for
1420 * PEM_write_bio_PrivateKey_traditional(), so no legacy tests.
1421 */
1422 #endif
1423 ADD_TEST_SUITE(RSA);
1424 ADD_TEST_SUITE_LEGACY(RSA);
1425 ADD_TEST_SUITE(RSA_PSS);
1426 /*
1427 * RSA-PSS has no support for PEM_write_bio_PrivateKey_traditional(),
1428 * so no legacy tests.
1429 */
1430 ADD_TEST_SUITE_MSBLOB(RSA);
1431 ADD_TEST_SUITE_UNPROTECTED_PVK(RSA);
1432 # ifndef OPENSSL_NO_RC4
1433 ADD_TEST_SUITE_PROTECTED_PVK(RSA);
1434 # endif
1435 }
1436
1437 return 1;
1438 }
1439
1440 void cleanup_tests(void)
1441 {
1442 #ifndef OPENSSL_NO_EC
1443 OSSL_PARAM_free(ec_explicit_prime_params_nc);
1444 OSSL_PARAM_free(ec_explicit_prime_params_explicit);
1445 OSSL_PARAM_BLD_free(bld_prime_nc);
1446 OSSL_PARAM_BLD_free(bld_prime);
1447 # ifndef OPENSSL_NO_EC2M
1448 OSSL_PARAM_free(ec_explicit_tri_params_nc);
1449 OSSL_PARAM_free(ec_explicit_tri_params_explicit);
1450 OSSL_PARAM_BLD_free(bld_tri_nc);
1451 OSSL_PARAM_BLD_free(bld_tri);
1452 # endif
1453 BN_CTX_free(bnctx);
1454 #endif /* OPENSSL_NO_EC */
1455
1456 #ifndef OPENSSL_NO_DH
1457 FREE_DOMAIN_KEYS(DH);
1458 FREE_DOMAIN_KEYS(DHX);
1459 #endif
1460 #ifndef OPENSSL_NO_DSA
1461 FREE_DOMAIN_KEYS(DSA);
1462 #endif
1463 #ifndef OPENSSL_NO_EC
1464 FREE_DOMAIN_KEYS(EC);
1465 FREE_DOMAIN_KEYS(ECExplicitPrimeNamedCurve);
1466 FREE_DOMAIN_KEYS(ECExplicitPrime2G);
1467 # ifndef OPENSSL_NO_EC2M
1468 FREE_DOMAIN_KEYS(ECExplicitTriNamedCurve);
1469 FREE_DOMAIN_KEYS(ECExplicitTri2G);
1470 # endif
1471 FREE_KEYS(ED25519);
1472 FREE_KEYS(ED448);
1473 FREE_KEYS(X25519);
1474 FREE_KEYS(X448);
1475 #endif
1476 FREE_KEYS(RSA);
1477 FREE_KEYS(RSA_PSS);
1478
1479 OSSL_PROVIDER_unload(nullprov);
1480 OSSL_PROVIDER_unload(deflprov);
1481 OSSL_PROVIDER_unload(keyprov);
1482 OSSL_LIB_CTX_free(testctx);
1483 OSSL_LIB_CTX_free(keyctx);
1484 }
A mirror of the official openssl repository