2 * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 #include <string.h> /* memset */
11 #include <openssl/evp.h>
12 #include <openssl/pem.h>
13 #include <openssl/encoder.h>
14 #include <openssl/provider.h>
15 #include <openssl/param_build.h>
16 #include <openssl/core_names.h>
17 #include <openssl/sha.h>
18 #include "crypto/ecx.h"
19 #include "crypto/evp.h" /* For the internal API */
20 #include "crypto/bn_dh.h" /* _bignum_ffdhe2048_p */
21 #include "internal/nelem.h"
24 static char *datadir
= NULL
;
27 * Do not change the order of the following defines unless you also
28 * update the for loop bounds used inside test_print_key_using_encoder() and
29 * test_print_key_using_encoder_public().
38 static void stripcr(char *buf
, size_t *len
)
43 for (i
= *len
, curr
= buf
, writ
= buf
; i
> 0; i
--, curr
++) {
54 static int compare_with_file(const char *alg
, int type
, BIO
*membio
)
59 char *memdata
, *fullfile
= NULL
;
92 TEST_error("Invalid file type");
96 BIO_snprintf(filename
, sizeof(filename
), "%s.%s", alg
, suffix
);
97 fullfile
= test_mk_file_path(datadir
, filename
);
98 if (!TEST_ptr(fullfile
))
101 file
= BIO_new_file(fullfile
, "rb");
105 if (!TEST_true(BIO_read_ex(file
, buf
, sizeof(buf
), &readbytes
))
106 || !TEST_true(BIO_eof(file
))
107 || !TEST_size_t_lt(readbytes
, sizeof(buf
)))
110 len
= BIO_get_mem_data(membio
, &memdata
);
111 if (!TEST_int_gt(len
, 0))
115 if (type
!= PRIV_DER
&& type
!= PUB_DER
) {
116 stripcr(memdata
, &slen
);
117 stripcr(buf
, &readbytes
);
120 if (!TEST_mem_eq(memdata
, slen
, buf
, readbytes
))
125 OPENSSL_free(fullfile
);
126 (void)BIO_reset(membio
);
131 static int pass_cb(char *buf
, int size
, int rwflag
, void *u
)
136 static int pass_cb_error(char *buf
, int size
, int rwflag
, void *u
)
141 static int test_print_key_using_pem(const char *alg
, const EVP_PKEY
*pk
)
143 BIO
*membio
= BIO_new(BIO_s_mem());
146 if (!TEST_ptr(membio
))
149 if (/* Output Encrypted private key in PEM form */
150 !TEST_true(PEM_write_bio_PrivateKey(bio_out
, pk
, EVP_aes_256_cbc(),
151 (unsigned char *)"pass", 4,
153 /* Output zero-length passphrase encrypted private key in PEM form */
154 || !TEST_true(PEM_write_bio_PKCS8PrivateKey(bio_out
, pk
,
158 || !TEST_true(PEM_write_bio_PKCS8PrivateKey(bio_out
, pk
,
161 || !TEST_true(PEM_write_bio_PKCS8PrivateKey(bio_out
, pk
,
163 NULL
, 0, pass_cb
, NULL
))
164 || !TEST_false(PEM_write_bio_PKCS8PrivateKey(bio_out
, pk
,
166 NULL
, 0, pass_cb_error
,
168 #ifndef OPENSSL_NO_DES
169 || !TEST_true(PEM_write_bio_PKCS8PrivateKey_nid(
170 bio_out
, pk
, NID_pbe_WithSHA1And3_Key_TripleDES_CBC
,
171 (const char *)~0, 0, NULL
, NULL
))
172 || !TEST_true(PEM_write_bio_PKCS8PrivateKey_nid(
173 bio_out
, pk
, NID_pbe_WithSHA1And3_Key_TripleDES_CBC
, NULL
, 0,
175 || !TEST_true(PEM_write_bio_PKCS8PrivateKey_nid(
176 bio_out
, pk
, NID_pbe_WithSHA1And3_Key_TripleDES_CBC
, NULL
, 0,
178 || !TEST_false(PEM_write_bio_PKCS8PrivateKey_nid(
179 bio_out
, pk
, NID_pbe_WithSHA1And3_Key_TripleDES_CBC
, NULL
, 0,
180 pass_cb_error
, NULL
))
182 /* Private key in text form */
183 || !TEST_int_gt(EVP_PKEY_print_private(membio
, pk
, 0, NULL
), 0)
184 || !TEST_true(compare_with_file(alg
, PRIV_TEXT
, membio
))
185 /* Public key in PEM form */
186 || !TEST_true(PEM_write_bio_PUBKEY(membio
, pk
))
187 || !TEST_true(compare_with_file(alg
, PUB_PEM
, membio
))
188 /* Unencrypted private key in PEM form */
189 || !TEST_true(PEM_write_bio_PrivateKey(membio
, pk
,
190 NULL
, NULL
, 0, NULL
, NULL
))
191 || !TEST_true(compare_with_file(alg
, PRIV_PEM
, membio
))
193 || !TEST_false(PEM_write_bio_PrivateKey(membio
, NULL
,
194 NULL
, NULL
, 0, NULL
, NULL
))
195 || !TEST_false(PEM_write_bio_PrivateKey_traditional(membio
, NULL
,
196 NULL
, NULL
, 0, NULL
, NULL
)))
205 static int test_print_key_type_using_encoder(const char *alg
, int type
,
208 const char *output_type
, *output_structure
;
210 OSSL_ENCODER_CTX
*ctx
= NULL
;
211 BIO
*membio
= BIO_new(BIO_s_mem());
216 output_type
= "TEXT";
217 output_structure
= NULL
;
218 selection
= OSSL_KEYMGMT_SELECT_KEYPAIR
219 | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS
;
224 output_structure
= "PrivateKeyInfo";
225 selection
= OSSL_KEYMGMT_SELECT_KEYPAIR
226 | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS
;
231 output_structure
= "PrivateKeyInfo";
232 selection
= OSSL_KEYMGMT_SELECT_KEYPAIR
233 | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS
;
237 output_type
= "TEXT";
238 output_structure
= NULL
;
239 selection
= OSSL_KEYMGMT_SELECT_PUBLIC_KEY
240 | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS
;
245 output_structure
= "SubjectPublicKeyInfo";
246 selection
= OSSL_KEYMGMT_SELECT_PUBLIC_KEY
247 | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS
;
252 output_structure
= "SubjectPublicKeyInfo";
253 selection
= OSSL_KEYMGMT_SELECT_PUBLIC_KEY
254 | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS
;
258 TEST_error("Invalid encoding type");
262 if (!TEST_ptr(membio
))
265 /* Make a context, it's valid for several prints */
266 TEST_note("Setting up a OSSL_ENCODER context with passphrase");
267 if (!TEST_ptr(ctx
= OSSL_ENCODER_CTX_new_for_pkey(pk
, selection
,
271 /* Check that this operation is supported */
272 || !TEST_int_ne(OSSL_ENCODER_CTX_get_num_encoders(ctx
), 0))
275 /* Use no cipher. This should give us an unencrypted PEM */
276 TEST_note("Testing with no encryption");
277 if (!TEST_true(OSSL_ENCODER_to_bio(ctx
, membio
))
278 || !TEST_true(compare_with_file(alg
, type
, membio
)))
281 if (type
== PRIV_PEM
) {
282 /* Set a passphrase to be used later */
283 if (!TEST_true(OSSL_ENCODER_CTX_set_passphrase(ctx
,
284 (unsigned char *)"pass",
288 /* Use a valid cipher name */
289 TEST_note("Displaying PEM encrypted with AES-256-CBC");
290 if (!TEST_true(OSSL_ENCODER_CTX_set_cipher(ctx
, "AES-256-CBC", NULL
))
291 || !TEST_true(OSSL_ENCODER_to_bio(ctx
, bio_out
)))
294 /* Use an invalid cipher name, which should generate no output */
295 TEST_note("NOT Displaying PEM encrypted with (invalid) FOO");
296 if (!TEST_false(OSSL_ENCODER_CTX_set_cipher(ctx
, "FOO", NULL
))
297 || !TEST_false(OSSL_ENCODER_to_bio(ctx
, bio_out
)))
300 /* Clear the cipher. This should give us an unencrypted PEM again */
301 TEST_note("Testing with encryption cleared (no encryption)");
302 if (!TEST_true(OSSL_ENCODER_CTX_set_cipher(ctx
, NULL
, NULL
))
303 || !TEST_true(OSSL_ENCODER_to_bio(ctx
, membio
))
304 || !TEST_true(compare_with_file(alg
, type
, membio
)))
310 OSSL_ENCODER_CTX_free(ctx
);
314 static int test_print_key_using_encoder(const char *alg
, const EVP_PKEY
*pk
)
319 for (i
= PRIV_TEXT
; i
<= PUB_DER
; i
++)
320 ret
= ret
&& test_print_key_type_using_encoder(alg
, i
, pk
);
325 #ifndef OPENSSL_NO_ECX
326 static int test_print_key_using_encoder_public(const char *alg
,
332 for (i
= PUB_TEXT
; i
<= PUB_DER
; i
++)
333 ret
= ret
&& test_print_key_type_using_encoder(alg
, i
, pk
);
339 /* Array indexes used in test_fromdata_rsa */
349 static int test_fromdata_rsa(void)
352 EVP_PKEY_CTX
*ctx
= NULL
, *key_ctx
= NULL
;
353 EVP_PKEY
*pk
= NULL
, *copy_pk
= NULL
, *dup_pk
= NULL
;
355 * 32-bit RSA key, extracted from this command,
356 * executed with OpenSSL 1.0.2:
358 * openssl genrsa 32 | openssl rsa -text
360 static unsigned long key_numbers
[] = {
370 OSSL_PARAM fromdata_params
[] = {
371 OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_N
, &key_numbers
[N
]),
372 OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_E
, &key_numbers
[E
]),
373 OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_D
, &key_numbers
[D
]),
374 OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_FACTOR1
, &key_numbers
[P
]),
375 OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_FACTOR2
, &key_numbers
[Q
]),
376 OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_EXPONENT1
, &key_numbers
[DP
]),
377 OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_EXPONENT2
, &key_numbers
[DQ
]),
378 OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_COEFFICIENT1
, &key_numbers
[QINV
]),
381 BIGNUM
*bn
= BN_new();
382 BIGNUM
*bn_from
= BN_new();
384 if (!TEST_ptr(ctx
= EVP_PKEY_CTX_new_from_name(NULL
, "RSA", NULL
)))
387 if (!TEST_int_eq(EVP_PKEY_fromdata_init(ctx
), 1)
388 || !TEST_int_eq(EVP_PKEY_fromdata(ctx
, &pk
, EVP_PKEY_KEYPAIR
,
389 fromdata_params
), 1))
392 while (dup_pk
== NULL
) {
394 if (!TEST_int_eq(EVP_PKEY_get_bits(pk
), 32)
395 || !TEST_int_eq(EVP_PKEY_get_security_bits(pk
), 8)
396 || !TEST_int_eq(EVP_PKEY_get_size(pk
), 4)
397 || !TEST_false(EVP_PKEY_missing_parameters(pk
)))
400 EVP_PKEY_CTX_free(key_ctx
);
401 if (!TEST_ptr(key_ctx
= EVP_PKEY_CTX_new_from_pkey(NULL
, pk
, "")))
404 if (!TEST_int_gt(EVP_PKEY_check(key_ctx
), 0)
405 || !TEST_int_gt(EVP_PKEY_public_check(key_ctx
), 0)
406 || !TEST_int_gt(EVP_PKEY_private_check(key_ctx
), 0)
407 || !TEST_int_gt(EVP_PKEY_pairwise_check(key_ctx
), 0))
410 /* EVP_PKEY_copy_parameters() should fail for RSA */
411 if (!TEST_ptr(copy_pk
= EVP_PKEY_new())
412 || !TEST_false(EVP_PKEY_copy_parameters(copy_pk
, pk
)))
414 EVP_PKEY_free(copy_pk
);
417 ret
= test_print_key_using_pem("RSA", pk
)
418 && test_print_key_using_encoder("RSA", pk
);
420 if (!ret
|| !TEST_ptr(dup_pk
= EVP_PKEY_dup(pk
)))
422 ret
= ret
&& TEST_int_eq(EVP_PKEY_eq(pk
, dup_pk
), 1);
429 /* for better diagnostics always compare key params */
430 for (i
= 0; fromdata_params
[i
].key
!= NULL
; ++i
) {
431 if (!TEST_true(BN_set_word(bn_from
, key_numbers
[i
]))
432 || !TEST_true(EVP_PKEY_get_bn_param(pk
, fromdata_params
[i
].key
,
434 || !TEST_BN_eq(bn
, bn_from
))
440 EVP_PKEY_free(copy_pk
);
441 EVP_PKEY_CTX_free(key_ctx
);
442 EVP_PKEY_CTX_free(ctx
);
452 static int do_fromdata_rsa_derive(OSSL_PARAM
*fromdata_params
,
453 struct check_data check
[],
454 int expected_nbits
, int expected_sbits
,
457 const OSSL_PARAM
*check_param
= NULL
;
458 BIGNUM
*check_bn
= NULL
;
459 OSSL_PARAM
*todata_params
= NULL
;
460 EVP_PKEY_CTX
*ctx
= NULL
, *key_ctx
= NULL
;
461 EVP_PKEY
*pk
= NULL
, *copy_pk
= NULL
, *dup_pk
= NULL
;
465 if (!TEST_ptr(ctx
= EVP_PKEY_CTX_new_from_name(NULL
, "RSA", NULL
))
466 || !TEST_int_eq(EVP_PKEY_fromdata_init(ctx
), 1)
467 || !TEST_int_eq(EVP_PKEY_fromdata(ctx
, &pk
, EVP_PKEY_KEYPAIR
,
468 fromdata_params
), 1))
472 * get the generated key parameters back and validate that the
473 * exponents/coeffs are correct
475 if (!TEST_int_eq(EVP_PKEY_todata(pk
, EVP_PKEY_KEYPAIR
, &todata_params
), 1))
478 for (i
= 0; check
[i
].pname
!= NULL
; i
++) {
479 if (!TEST_ptr(check_param
= OSSL_PARAM_locate_const(todata_params
,
482 if (!TEST_int_eq(OSSL_PARAM_get_BN(check_param
, &check_bn
), 1))
484 if (!TEST_BN_eq(check_bn
, check
[i
].comparebn
)) {
485 TEST_info("Data mismatch for parameter %s", check
[i
].pname
);
492 while (dup_pk
== NULL
) {
493 if (!TEST_int_eq(EVP_PKEY_get_bits(pk
), expected_nbits
)
494 || !TEST_int_eq(EVP_PKEY_get_security_bits(pk
), expected_sbits
)
495 || !TEST_int_eq(EVP_PKEY_get_size(pk
), expected_ksize
)
496 || !TEST_false(EVP_PKEY_missing_parameters(pk
)))
499 EVP_PKEY_CTX_free(key_ctx
);
500 if (!TEST_ptr(key_ctx
= EVP_PKEY_CTX_new_from_pkey(NULL
, pk
, "")))
503 if (!TEST_int_gt(EVP_PKEY_check(key_ctx
), 0)
504 || !TEST_int_gt(EVP_PKEY_public_check(key_ctx
), 0)
505 || !TEST_int_gt(EVP_PKEY_private_check(key_ctx
), 0)
506 || !TEST_int_gt(EVP_PKEY_pairwise_check(key_ctx
), 0))
509 /* EVP_PKEY_copy_parameters() should fail for RSA */
510 if (!TEST_ptr(copy_pk
= EVP_PKEY_new())
511 || !TEST_false(EVP_PKEY_copy_parameters(copy_pk
, pk
)))
513 EVP_PKEY_free(copy_pk
);
516 if (!TEST_ptr(dup_pk
= EVP_PKEY_dup(pk
)))
518 if (!TEST_int_eq(EVP_PKEY_eq(pk
, dup_pk
), 1)) {
519 EVP_PKEY_free(dup_pk
);
529 EVP_PKEY_CTX_free(ctx
);
530 EVP_PKEY_CTX_free(key_ctx
);
531 OSSL_PARAM_free(fromdata_params
);
532 OSSL_PARAM_free(todata_params
);
536 static int test_fromdata_rsa_derive_from_pq_sp800(void)
538 OSSL_PARAM_BLD
*bld
= NULL
;
539 BIGNUM
*n
= NULL
, *e
= NULL
, *d
= NULL
, *p
= NULL
, *q
= NULL
;
540 BIGNUM
*dmp1
= NULL
, *dmq1
= NULL
, *iqmp
= NULL
;
541 OSSL_PARAM
*fromdata_params
= NULL
;
542 struct check_data cdata
[4];
545 * 512-bit RSA key, extracted from this command,
546 * openssl genrsa 512 | openssl rsa -text
547 * Note: When generating a key with EVP_PKEY_fromdata, and using
548 * crt derivation, openssl requires a minimum of 512 bits of n data,
549 * and 2048 bits in the FIPS case
551 static unsigned char n_data
[] =
552 {0x00, 0xc7, 0x06, 0xd8, 0x6b, 0x3c, 0x4f, 0xb7, 0x95, 0x42, 0x44, 0x90,
553 0xbd, 0xef, 0xf3, 0xc4, 0xb5, 0xa8, 0x55, 0x9e, 0x33, 0xa3, 0x04, 0x3a,
554 0x90, 0xe5, 0x13, 0xff, 0x87, 0x69, 0x15, 0xa4, 0x8a, 0x17, 0x10, 0xcc,
555 0xdf, 0xf9, 0xc5, 0x0f, 0xf1, 0x12, 0xff, 0x12, 0x11, 0xe5, 0x6b, 0x5c,
556 0x83, 0xd9, 0x43, 0xd1, 0x8a, 0x7e, 0xa6, 0x60, 0x07, 0x2e, 0xbb, 0x03,
557 0x17, 0x2d, 0xec, 0x17, 0x87};
558 static unsigned char e_data
[] = {0x01, 0x00, 0x01};
559 static unsigned char d_data
[] =
560 {0x1e, 0x5e, 0x5d, 0x07, 0x7f, 0xdc, 0x6a, 0x16, 0xcc, 0x55, 0xca, 0x00,
561 0x31, 0x6c, 0xf0, 0xc7, 0x07, 0x38, 0x89, 0x3b, 0x37, 0xd4, 0x9d, 0x5b,
562 0x1e, 0x99, 0x3e, 0x94, 0x5a, 0xe4, 0x82, 0x86, 0x8a, 0x78, 0x34, 0x09,
563 0x37, 0xd5, 0xe7, 0xb4, 0xef, 0x5f, 0x83, 0x94, 0xff, 0xe5, 0x36, 0x79,
564 0x10, 0x0c, 0x38, 0xc5, 0x3a, 0x33, 0xa6, 0x7c, 0x3c, 0xcc, 0x98, 0xe0,
565 0xf5, 0xdb, 0xe6, 0x81};
566 static unsigned char p_data
[] =
567 {0x00, 0xf6, 0x61, 0x38, 0x0e, 0x1f, 0x82, 0x7c, 0xb8, 0xba, 0x00, 0xd3,
568 0xac, 0xdc, 0x4e, 0x6b, 0x7e, 0xf7, 0x58, 0xf3, 0xd9, 0xd8, 0x21, 0xed,
569 0x54, 0xa3, 0x36, 0xd2, 0x2c, 0x5f, 0x06, 0x7d, 0xc5};
570 static unsigned char q_data
[] =
571 {0x00, 0xce, 0xcc, 0x4a, 0xa5, 0x4f, 0xd6, 0x73, 0xd0, 0x20, 0xc3, 0x98,
572 0x64, 0x20, 0x9b, 0xc1, 0x23, 0xd8, 0x5c, 0x82, 0x4f, 0xe8, 0xa5, 0x32,
573 0xcd, 0x7e, 0x97, 0xb4, 0xde, 0xf6, 0x4c, 0x80, 0xdb};
574 static unsigned char dmp1_data
[] =
575 {0x00, 0xd1, 0x07, 0xb6, 0x79, 0x34, 0xfe, 0x8e, 0x36, 0x63, 0x88, 0xa4,
576 0x0e, 0x3a, 0x73, 0x45, 0xfc, 0x58, 0x7a, 0x5d, 0x98, 0xeb, 0x28, 0x0d,
577 0xa5, 0x0b, 0x3c, 0x4d, 0xa0, 0x5b, 0x96, 0xb4, 0x49};
578 static unsigned char dmq1_data
[] =
579 {0x5b, 0x47, 0x02, 0xdf, 0xaa, 0xb8, 0xae, 0x8f, 0xbc, 0x16, 0x79, 0x6a,
580 0x20, 0x96, 0x7f, 0x0e, 0x92, 0x4e, 0x6a, 0xda, 0x58, 0x86, 0xaa, 0x40,
581 0xd7, 0xd2, 0xa0, 0x6c, 0x15, 0x6c, 0xb9, 0x27};
582 static unsigned char iqmp_data
[] =
583 {0x00, 0xa0, 0xd6, 0xf0, 0xe8, 0x17, 0x9e, 0xe7, 0xe6, 0x99, 0x12, 0xd6,
584 0xd9, 0x43, 0xcf, 0xed, 0x37, 0x29, 0xf5, 0x6c, 0x3e, 0xc1, 0x7f, 0x2e,
585 0x31, 0x3f, 0x64, 0x34, 0x66, 0x68, 0x5c, 0x22, 0x08};
587 if (!TEST_ptr(bld
= OSSL_PARAM_BLD_new())
588 || !TEST_ptr(n
= BN_bin2bn(n_data
, sizeof(n_data
), NULL
))
589 || !TEST_ptr(e
= BN_bin2bn(e_data
, sizeof(e_data
), NULL
))
590 || !TEST_ptr(d
= BN_bin2bn(d_data
, sizeof(d_data
), NULL
))
591 || !TEST_ptr(p
= BN_bin2bn(p_data
, sizeof(p_data
), NULL
))
592 || !TEST_ptr(q
= BN_bin2bn(q_data
, sizeof(q_data
), NULL
))
593 || !TEST_ptr(dmp1
= BN_bin2bn(dmp1_data
, sizeof(dmp1_data
), NULL
))
594 || !TEST_ptr(dmq1
= BN_bin2bn(dmq1_data
, sizeof(dmq1_data
), NULL
))
595 || !TEST_ptr(iqmp
= BN_bin2bn(iqmp_data
, sizeof(iqmp_data
), NULL
))
596 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_RSA_N
, n
))
597 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_RSA_E
, e
))
598 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_RSA_D
, d
))
599 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_RSA_FACTOR1
,
601 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_RSA_FACTOR2
,
603 || !TEST_true(OSSL_PARAM_BLD_push_int(bld
,
604 OSSL_PKEY_PARAM_RSA_DERIVE_FROM_PQ
, 1))
605 || !TEST_ptr(fromdata_params
= OSSL_PARAM_BLD_to_param(bld
)))
608 cdata
[0].pname
= OSSL_PKEY_PARAM_RSA_EXPONENT1
;
609 cdata
[0].comparebn
= dmp1
;
610 cdata
[1].pname
= OSSL_PKEY_PARAM_RSA_EXPONENT2
;
611 cdata
[1].comparebn
= dmq1
;
612 cdata
[2].pname
= OSSL_PKEY_PARAM_RSA_COEFFICIENT1
;
613 cdata
[2].comparebn
= iqmp
;
614 cdata
[3].pname
= NULL
;
615 cdata
[3].comparebn
= NULL
;
617 ret
= do_fromdata_rsa_derive(fromdata_params
, cdata
, 512, 56, 64);
628 OSSL_PARAM_BLD_free(bld
);
632 static int test_fromdata_rsa_derive_from_pq_multiprime(void)
634 OSSL_PARAM_BLD
*bld
= NULL
;
635 BIGNUM
*n
= NULL
, *e
= NULL
, *d
= NULL
;
636 BIGNUM
*p
= NULL
, *q
= NULL
, *p2
= NULL
;
637 BIGNUM
*dmp1
= NULL
, *dmq1
= NULL
, *iqmp
= NULL
;
638 BIGNUM
*exp3
= NULL
, *coeff2
= NULL
;
639 OSSL_PARAM
*fromdata_params
= NULL
;
640 struct check_data cdata
[12];
643 * multiprime RSA key, extracted from this command,
644 * openssl genrsa -primes 3 | openssl rsa -text
645 * Note: When generating a key with EVP_PKEY_fromdata, and using
646 * crt derivation, openssl requires a minimum of 512 bits of n data,
647 * and 2048 bits in the FIPS case
649 static unsigned char n_data
[] =
650 {0x00, 0x95, 0x78, 0x21, 0xe0, 0xca, 0x94, 0x6c, 0x0b, 0x86, 0x2a, 0x01,
651 0xde, 0xd9, 0xab, 0xee, 0x88, 0x4a, 0x27, 0x4f, 0xcc, 0x5f, 0xf1, 0x71,
652 0xe1, 0x0b, 0xc3, 0xd1, 0x88, 0x76, 0xf0, 0x83, 0x03, 0x93, 0x7e, 0x39,
653 0xfa, 0x47, 0x89, 0x34, 0x27, 0x18, 0x19, 0x97, 0xfc, 0xd4, 0xfe, 0xe5,
654 0x8a, 0xa9, 0x11, 0x83, 0xb5, 0x15, 0x4a, 0x29, 0xa6, 0xa6, 0xd0, 0x6e,
655 0x0c, 0x7f, 0x61, 0x8f, 0x7e, 0x7c, 0xfb, 0xfc, 0x04, 0x8b, 0xca, 0x44,
656 0xf8, 0x59, 0x0b, 0x22, 0x6f, 0x3f, 0x92, 0x23, 0x98, 0xb5, 0xc8, 0xf7,
657 0xff, 0xf7, 0xac, 0x6b, 0x36, 0xb3, 0xaf, 0x39, 0xde, 0x66, 0x38, 0x51,
658 0x9f, 0xbe, 0xe2, 0xfc, 0xe4, 0x6f, 0x1a, 0x0f, 0x7a, 0xde, 0x7f, 0x0f,
659 0x4e, 0xbc, 0xed, 0xa2, 0x99, 0xc5, 0xd1, 0xbf, 0x8f, 0xba, 0x92, 0x91,
660 0xe4, 0x00, 0x91, 0xbb, 0x67, 0x36, 0x7d, 0x00, 0x50, 0xda, 0x28, 0x38,
661 0xdc, 0x9f, 0xfe, 0x3f, 0x24, 0x5a, 0x0d, 0xe1, 0x8d, 0xe9, 0x45, 0x2c,
662 0xd7, 0xf2, 0x67, 0x8c, 0x0c, 0x6e, 0xdb, 0xc8, 0x8b, 0x6b, 0x38, 0x30,
663 0x21, 0x94, 0xc0, 0xe3, 0xd7, 0xe0, 0x23, 0xd3, 0xd4, 0xfa, 0xdb, 0xb9,
664 0xfe, 0x1a, 0xcc, 0xc9, 0x79, 0x19, 0x35, 0x18, 0x42, 0x30, 0xc4, 0xb5,
665 0x92, 0x33, 0x1e, 0xd4, 0xc4, 0xc0, 0x9d, 0x55, 0x37, 0xd4, 0xef, 0x54,
666 0x71, 0x81, 0x09, 0x15, 0xdb, 0x11, 0x38, 0x6b, 0x35, 0x93, 0x11, 0xdc,
667 0xb1, 0x6c, 0xd6, 0xa4, 0x37, 0x84, 0xf3, 0xb2, 0x2f, 0x1b, 0xd6, 0x05,
668 0x9f, 0x0e, 0x5c, 0x98, 0x29, 0x2f, 0x95, 0xb6, 0x55, 0xbd, 0x24, 0x44,
669 0xc5, 0xc8, 0xa2, 0x76, 0x1e, 0xf8, 0x82, 0x8a, 0xdf, 0x34, 0x72, 0x7e,
670 0xdd, 0x65, 0x4b, 0xfc, 0x6c, 0x1c, 0x96, 0x70, 0xe2, 0x69, 0xb5, 0x12,
671 0x1b, 0x59, 0x67, 0x14, 0x9d};
672 static unsigned char e_data
[] = {0x01, 0x00, 0x01};
673 static unsigned char d_data
[] =
674 {0x64, 0x57, 0x4d, 0x86, 0xf6, 0xf8, 0x44, 0xc0, 0x47, 0xc5, 0x13, 0x94,
675 0x63, 0x54, 0x84, 0xc1, 0x81, 0xe6, 0x7a, 0x2f, 0x9d, 0x89, 0x1d, 0x06,
676 0x13, 0x3b, 0xd6, 0x02, 0x62, 0xb6, 0x7b, 0x7d, 0x7f, 0x1a, 0x92, 0x19,
677 0x6e, 0xc4, 0xb0, 0xfa, 0x3d, 0xb7, 0x90, 0xcc, 0xee, 0xc0, 0x5f, 0xa0,
678 0x82, 0x77, 0x7b, 0x8f, 0xa9, 0x47, 0x2c, 0x46, 0xf0, 0x5d, 0xa4, 0x43,
679 0x47, 0x90, 0x5b, 0x20, 0x73, 0x0f, 0x46, 0xd4, 0x56, 0x73, 0xe7, 0x71,
680 0x41, 0x75, 0xb4, 0x1c, 0x32, 0xf5, 0x0c, 0x68, 0x8c, 0x40, 0xea, 0x1c,
681 0x30, 0x12, 0xa2, 0x65, 0x02, 0x27, 0x98, 0x4e, 0x0a, 0xbf, 0x2b, 0x72,
682 0xb2, 0x5c, 0xe3, 0xbe, 0x3e, 0xc7, 0xdb, 0x9b, 0xa2, 0x4a, 0x90, 0xc0,
683 0xa7, 0xb0, 0x00, 0xf1, 0x6a, 0xff, 0xa3, 0x77, 0xf7, 0x71, 0xa2, 0x41,
684 0xe9, 0x6e, 0x7c, 0x38, 0x24, 0x46, 0xd5, 0x5c, 0x49, 0x2a, 0xe6, 0xee,
685 0x27, 0x4b, 0x2e, 0x6f, 0x16, 0x54, 0x2d, 0x37, 0x36, 0x01, 0x39, 0x2b,
686 0x23, 0x4b, 0xb4, 0x65, 0x25, 0x4d, 0x7f, 0x72, 0x20, 0x7f, 0x5d, 0xec,
687 0x50, 0xba, 0xbb, 0xaa, 0x9c, 0x3c, 0x1d, 0xa1, 0x40, 0x2c, 0x6a, 0x8b,
688 0x5f, 0x2e, 0xe0, 0xa6, 0xf7, 0x9e, 0x03, 0xb5, 0x44, 0x5f, 0x74, 0xc7,
689 0x9f, 0x89, 0x2b, 0x71, 0x2f, 0x66, 0x9f, 0x03, 0x6c, 0x96, 0xd0, 0x23,
690 0x36, 0x4d, 0xa1, 0xf0, 0x82, 0xcc, 0x43, 0xe7, 0x08, 0x93, 0x40, 0x18,
691 0xc0, 0x39, 0x73, 0x83, 0xe2, 0xec, 0x9b, 0x81, 0x9d, 0x4c, 0x86, 0xaa,
692 0x59, 0xa8, 0x67, 0x1c, 0x80, 0xdc, 0x6f, 0x7f, 0x23, 0x6b, 0x7d, 0x2c,
693 0x56, 0x99, 0xa0, 0x89, 0x7e, 0xdb, 0x8b, 0x7a, 0xaa, 0x03, 0x8e, 0x8e,
694 0x8e, 0x3a, 0x58, 0xb4, 0x03, 0x6b, 0x65, 0xfa, 0x92, 0x0a, 0x96, 0x93,
695 0xa6, 0x07, 0x60, 0x01};
696 static unsigned char p_data
[] =
697 {0x06, 0x55, 0x7f, 0xbd, 0xfd, 0xa8, 0x4c, 0x94, 0x5e, 0x10, 0x8a, 0x54,
698 0x37, 0xf3, 0x64, 0x37, 0x3a, 0xca, 0x18, 0x1b, 0xdd, 0x71, 0xa5, 0x94,
699 0xc9, 0x31, 0x59, 0xa5, 0x89, 0xe9, 0xc4, 0xba, 0x55, 0x90, 0x6d, 0x9c,
700 0xcc, 0x52, 0x5d, 0x44, 0xa8, 0xbc, 0x2b, 0x3b, 0x8c, 0xbd, 0x96, 0xfa,
701 0xcd, 0x54, 0x63, 0xe3, 0xc8, 0xfe, 0x5e, 0xc6, 0x73, 0x98, 0x14, 0x7a,
702 0x54, 0x0e, 0xe7, 0x75, 0x49, 0x93, 0x20, 0x33, 0x17, 0xa9, 0x34, 0xa8,
703 0xee, 0xaf, 0x3a, 0xcc, 0xf5, 0x69, 0xfc, 0x30, 0x1a, 0xdf, 0x49, 0x61,
705 static unsigned char p2_data
[] =
706 {0x03, 0xe2, 0x41, 0x3d, 0xb1, 0xdd, 0xad, 0xd7, 0x3b, 0xf8, 0xab, 0x32,
707 0x27, 0x8b, 0xac, 0x95, 0xc0, 0x1a, 0x3f, 0x80, 0x8e, 0x21, 0xa9, 0xb8,
708 0xa2, 0xed, 0xcf, 0x97, 0x5c, 0x61, 0x10, 0x94, 0x1b, 0xd0, 0xbe, 0x88,
709 0xc2, 0xa7, 0x20, 0xe5, 0xa5, 0xc2, 0x7a, 0x7e, 0xf0, 0xd1, 0xe4, 0x13,
710 0x75, 0xb9, 0x62, 0x90, 0xf1, 0xc3, 0x5b, 0x8c, 0xe9, 0xa9, 0x5b, 0xb7,
711 0x6d, 0xdc, 0xcd, 0x12, 0xea, 0x97, 0x05, 0x04, 0x25, 0x2a, 0x93, 0xd1,
712 0x4e, 0x05, 0x1a, 0x50, 0xa2, 0x67, 0xb8, 0x4b, 0x09, 0x15, 0x65, 0x6c,
714 static unsigned char q_data
[] =
715 {0x06, 0x13, 0x74, 0x6e, 0xde, 0x7c, 0x33, 0xc2, 0xe7, 0x05, 0x2c, 0xeb,
716 0x25, 0x7d, 0x4a, 0x07, 0x7e, 0x03, 0xcf, 0x6a, 0x23, 0x36, 0x25, 0x23,
717 0xf6, 0x5d, 0xde, 0xa3, 0x0f, 0x82, 0xe6, 0x4b, 0xec, 0x39, 0xbf, 0x37,
718 0x1f, 0x4f, 0x56, 0x1e, 0xd8, 0x62, 0x32, 0x5c, 0xf5, 0x37, 0x75, 0x20,
719 0xe2, 0x7e, 0x56, 0x82, 0xc6, 0x35, 0xd3, 0x4d, 0xfa, 0x6c, 0xc3, 0x93,
720 0xf0, 0x60, 0x53, 0x78, 0x95, 0xee, 0xf9, 0x8b, 0x2c, 0xaf, 0xb1, 0x47,
721 0x5c, 0x29, 0x0d, 0x2a, 0x47, 0x7f, 0xd0, 0x7a, 0x4e, 0x26, 0x7b, 0x47,
723 static unsigned char dmp1_data
[] =
724 {0x01, 0x13, 0x3a, 0x1f, 0x91, 0x92, 0xa3, 0x8c, 0xfb, 0x7a, 0x6b, 0x40,
725 0x68, 0x4e, 0xd3, 0xcf, 0xdc, 0x16, 0xb9, 0x88, 0xe1, 0x49, 0x8d, 0x05,
726 0x78, 0x30, 0xfc, 0x3a, 0x70, 0xf2, 0x51, 0x06, 0x1f, 0xc7, 0xe8, 0x13,
727 0x19, 0x4b, 0x51, 0xb1, 0x79, 0xc2, 0x96, 0xc4, 0x00, 0xdb, 0x9d, 0x68,
728 0xec, 0xb9, 0x4a, 0x4b, 0x3b, 0xae, 0x91, 0x7f, 0xb5, 0xd7, 0x36, 0x82,
729 0x9d, 0x09, 0xfa, 0x97, 0x99, 0xe9, 0x73, 0x29, 0xb8, 0xf6, 0x6b, 0x8d,
730 0xd1, 0x15, 0xc5, 0x31, 0x4c, 0xe6, 0xb4, 0x7b, 0xa5, 0xd4, 0x08, 0xac,
732 static unsigned char dmq1_data
[] =
733 {0x05, 0xcd, 0x33, 0xc2, 0xdd, 0x3b, 0xb8, 0xec, 0xe4, 0x4c, 0x03, 0xcc,
734 0xef, 0xba, 0x07, 0x22, 0xca, 0x47, 0x77, 0x18, 0x40, 0x50, 0xe5, 0xfb,
735 0xc5, 0xb5, 0x71, 0xed, 0x3e, 0xd5, 0x5d, 0x72, 0xa7, 0x37, 0xa8, 0x86,
736 0x48, 0xa6, 0x27, 0x74, 0x42, 0x66, 0xd8, 0xf1, 0xfb, 0xcf, 0x1d, 0x4e,
737 0xee, 0x15, 0x76, 0x23, 0x5e, 0x81, 0x6c, 0xa7, 0x2b, 0x74, 0x08, 0xf7,
738 0x4c, 0x71, 0x9d, 0xa2, 0x29, 0x7f, 0xca, 0xd5, 0x02, 0x31, 0x2c, 0x54,
739 0x18, 0x02, 0xb6, 0xa8, 0x65, 0x26, 0xfc, 0xf8, 0x9b, 0x80, 0x90, 0xfc,
741 static unsigned char iqmp_data
[] =
742 {0x05, 0x78, 0xf8, 0xdd, 0x1c, 0x6f, 0x3d, 0xaf, 0x53, 0x84, 0x32, 0xa9,
743 0x35, 0x52, 0xf3, 0xd0, 0x4d, 0xf8, 0x09, 0x85, 0x3d, 0x72, 0x20, 0x8b,
744 0x47, 0xba, 0xc8, 0xce, 0xac, 0xd9, 0x76, 0x90, 0x05, 0x88, 0x63, 0x8a,
745 0x10, 0x2b, 0xcd, 0xd3, 0xbe, 0x8c, 0x16, 0x60, 0x6a, 0xfd, 0xce, 0xc7,
746 0x9f, 0xfa, 0xbb, 0xe3, 0xa6, 0xde, 0xc2, 0x8f, 0x1d, 0x25, 0xdc, 0x41,
747 0xcb, 0xa4, 0xeb, 0x76, 0xc9, 0xdc, 0x8e, 0x49, 0x0e, 0xe4, 0x7c, 0xd2,
748 0xd5, 0x6e, 0x26, 0x3c, 0x0b, 0xd3, 0xc5, 0x20, 0x4e, 0x4b, 0xb6, 0xf7,
750 static unsigned char exp3_data
[] =
751 {0x02, 0x7d, 0x16, 0x24, 0xfc, 0x35, 0xf9, 0xd0, 0xb3, 0x02, 0xf2, 0x5f,
752 0xde, 0xeb, 0x27, 0x19, 0x85, 0xd0, 0xcb, 0xe4, 0x0a, 0x2f, 0x13, 0xdb,
753 0xd5, 0xba, 0xe0, 0x8c, 0x32, 0x8b, 0x97, 0xdd, 0xef, 0xbc, 0xe0, 0x7a,
754 0x2d, 0x90, 0x7e, 0x09, 0xe9, 0x1f, 0x26, 0xf2, 0xf4, 0x48, 0xea, 0x06,
755 0x76, 0x26, 0xe6, 0x3b, 0xce, 0x4e, 0xc9, 0xf9, 0x0f, 0x38, 0x90, 0x26,
756 0x87, 0x65, 0x36, 0x9a, 0xea, 0x6a, 0xfe, 0xb1, 0xdb, 0x46, 0xdf, 0x14,
757 0xfd, 0x13, 0x53, 0xfb, 0x5b, 0x35, 0x6e, 0xe7, 0xd5, 0xd8, 0x39, 0xf7,
759 static unsigned char coeff2_data
[] =
760 {0x01, 0xba, 0x66, 0x0a, 0xa2, 0x86, 0xc0, 0x57, 0x7f, 0x4e, 0x68, 0xb1,
761 0x86, 0x63, 0x23, 0x5b, 0x0e, 0xeb, 0x93, 0x42, 0xd1, 0xaa, 0x15, 0x13,
762 0xcc, 0x29, 0x71, 0x8a, 0xb0, 0xe0, 0xc9, 0x67, 0xde, 0x1a, 0x7c, 0x1a,
763 0xef, 0xa7, 0x08, 0x85, 0xb3, 0xae, 0x98, 0x99, 0xde, 0xaf, 0x09, 0x38,
764 0xfc, 0x46, 0x29, 0x5f, 0x4f, 0x7e, 0x01, 0x6c, 0x50, 0x13, 0x95, 0x91,
765 0x4c, 0x0f, 0x00, 0xba, 0xca, 0x40, 0xa3, 0xd0, 0x58, 0xb6, 0x62, 0x4c,
766 0xd1, 0xb6, 0xd3, 0x29, 0x5d, 0x82, 0xb3, 0x3d, 0x61, 0xbe, 0x5d, 0xf0,
769 if (!TEST_ptr(bld
= OSSL_PARAM_BLD_new())
770 || !TEST_ptr(n
= BN_bin2bn(n_data
, sizeof(n_data
), NULL
))
771 || !TEST_ptr(e
= BN_bin2bn(e_data
, sizeof(e_data
), NULL
))
772 || !TEST_ptr(d
= BN_bin2bn(d_data
, sizeof(d_data
), NULL
))
773 || !TEST_ptr(p
= BN_bin2bn(p_data
, sizeof(p_data
), NULL
))
774 || !TEST_ptr(q
= BN_bin2bn(q_data
, sizeof(q_data
), NULL
))
775 || !TEST_ptr(p2
= BN_bin2bn(p2_data
, sizeof(p2_data
), NULL
))
776 || !TEST_ptr(exp3
= BN_bin2bn(exp3_data
, sizeof(exp3_data
), NULL
))
777 || !TEST_ptr(coeff2
= BN_bin2bn(coeff2_data
, sizeof(coeff2_data
), NULL
))
778 || !TEST_ptr(dmp1
= BN_bin2bn(dmp1_data
, sizeof(dmp1_data
), NULL
))
779 || !TEST_ptr(dmq1
= BN_bin2bn(dmq1_data
, sizeof(dmq1_data
), NULL
))
780 || !TEST_ptr(iqmp
= BN_bin2bn(iqmp_data
, sizeof(iqmp_data
), NULL
))
781 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_RSA_N
, n
))
782 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_RSA_E
, e
))
783 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_RSA_D
, d
))
784 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_RSA_FACTOR1
,
786 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_RSA_FACTOR2
,
788 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_RSA_FACTOR3
,
790 || !TEST_true(OSSL_PARAM_BLD_push_int(bld
,
791 OSSL_PKEY_PARAM_RSA_DERIVE_FROM_PQ
, 1))
792 || !TEST_ptr(fromdata_params
= OSSL_PARAM_BLD_to_param(bld
)))
795 cdata
[0].pname
= OSSL_PKEY_PARAM_RSA_EXPONENT1
;
796 cdata
[0].comparebn
= dmp1
;
797 cdata
[1].pname
= OSSL_PKEY_PARAM_RSA_EXPONENT2
;
798 cdata
[1].comparebn
= dmq1
;
799 cdata
[2].pname
= OSSL_PKEY_PARAM_RSA_COEFFICIENT1
;
800 cdata
[2].comparebn
= iqmp
;
801 cdata
[3].pname
= OSSL_PKEY_PARAM_RSA_EXPONENT3
;
802 cdata
[3].comparebn
= exp3
;
803 cdata
[4].pname
= OSSL_PKEY_PARAM_RSA_COEFFICIENT2
;
804 cdata
[4].comparebn
= coeff2
;
805 cdata
[5].pname
= OSSL_PKEY_PARAM_RSA_N
;
806 cdata
[5].comparebn
= n
;
807 cdata
[6].pname
= OSSL_PKEY_PARAM_RSA_E
;
808 cdata
[6].comparebn
= e
;
809 cdata
[7].pname
= OSSL_PKEY_PARAM_RSA_D
;
810 cdata
[7].comparebn
= d
;
811 cdata
[8].pname
= OSSL_PKEY_PARAM_RSA_FACTOR1
;
812 cdata
[8].comparebn
= p
;
813 cdata
[9].pname
= OSSL_PKEY_PARAM_RSA_FACTOR2
;
814 cdata
[9].comparebn
= q
;
815 cdata
[10].pname
= OSSL_PKEY_PARAM_RSA_FACTOR3
;
816 cdata
[10].comparebn
= p2
;
817 cdata
[11].pname
= NULL
;
818 cdata
[11].comparebn
= NULL
;
820 ret
= do_fromdata_rsa_derive(fromdata_params
, cdata
, 2048, 112, 256);
834 OSSL_PARAM_BLD_free(bld
);
838 static int test_evp_pkey_get_bn_param_large(void)
841 EVP_PKEY_CTX
*ctx
= NULL
, *key_ctx
= NULL
;
843 OSSL_PARAM_BLD
*bld
= NULL
;
844 OSSL_PARAM
*fromdata_params
= NULL
;
845 BIGNUM
*n
= NULL
, *e
= NULL
, *d
= NULL
, *n_out
= NULL
;
847 * The buffer size chosen here for n_data larger than the buffer used
848 * internally in EVP_PKEY_get_bn_param.
850 static unsigned char n_data
[2050];
851 static const unsigned char e_data
[] = {
854 static const unsigned char d_data
[] = {
855 0x99, 0x33, 0x13, 0x7b
858 /* N is a large buffer */
859 memset(n_data
, 0xCE, sizeof(n_data
));
861 if (!TEST_ptr(bld
= OSSL_PARAM_BLD_new())
862 || !TEST_ptr(n
= BN_bin2bn(n_data
, sizeof(n_data
), NULL
))
863 || !TEST_ptr(e
= BN_bin2bn(e_data
, sizeof(e_data
), NULL
))
864 || !TEST_ptr(d
= BN_bin2bn(d_data
, sizeof(d_data
), NULL
))
865 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_RSA_N
, n
))
866 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_RSA_E
, e
))
867 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_RSA_D
, d
))
868 || !TEST_ptr(fromdata_params
= OSSL_PARAM_BLD_to_param(bld
))
869 || !TEST_ptr(ctx
= EVP_PKEY_CTX_new_from_name(NULL
, "RSA", NULL
))
870 || !TEST_int_eq(EVP_PKEY_fromdata_init(ctx
), 1)
871 || !TEST_int_eq(EVP_PKEY_fromdata(ctx
, &pk
, EVP_PKEY_KEYPAIR
,
873 || !TEST_ptr(key_ctx
= EVP_PKEY_CTX_new_from_pkey(NULL
, pk
, ""))
874 || !TEST_true(EVP_PKEY_get_bn_param(pk
, OSSL_PKEY_PARAM_RSA_N
, &n_out
))
875 || !TEST_BN_eq(n
, n_out
))
884 EVP_PKEY_CTX_free(key_ctx
);
885 EVP_PKEY_CTX_free(ctx
);
886 OSSL_PARAM_free(fromdata_params
);
887 OSSL_PARAM_BLD_free(bld
);
892 #ifndef OPENSSL_NO_DH
893 static int test_fromdata_dh_named_group(void)
896 int gindex
= 0, pcounter
= 0, hindex
= 0;
897 EVP_PKEY_CTX
*ctx
= NULL
, *key_ctx
= NULL
;
898 EVP_PKEY
*pk
= NULL
, *copy_pk
= NULL
, *dup_pk
= NULL
;
900 BIGNUM
*pub
= NULL
, *priv
= NULL
;
901 BIGNUM
*pub_out
= NULL
, *priv_out
= NULL
;
902 BIGNUM
*p
= NULL
, *q
= NULL
, *g
= NULL
, *j
= NULL
;
903 OSSL_PARAM
*fromdata_params
= NULL
;
904 OSSL_PARAM_BLD
*bld
= NULL
;
906 unsigned char seed_out
[32];
909 * DH key data was generated using the following:
910 * openssl genpkey -algorithm DH -pkeyopt group:ffdhe2048
911 * -pkeyopt priv_len:224 -text
913 static const unsigned char priv_data
[] = {
914 0x88, 0x85, 0xe7, 0x9f, 0xee, 0x6d, 0xc5, 0x7c, 0x78, 0xaf, 0x63, 0x5d,
915 0x38, 0x2a, 0xd0, 0xed, 0x56, 0x4b, 0x47, 0x21, 0x2b, 0xfa, 0x55, 0xfa,
916 0x87, 0xe8, 0xa9, 0x7b,
918 static const unsigned char pub_data
[] = {
919 0x00, 0xd6, 0x2d, 0x77, 0xe0, 0xd3, 0x7d, 0xf8, 0xeb, 0x98, 0x50, 0xa1,
920 0x82, 0x22, 0x65, 0xd5, 0xd9, 0xfe, 0xc9, 0x3f, 0xbe, 0x16, 0x83, 0xbd,
921 0x33, 0xe9, 0xc6, 0x93, 0xcf, 0x08, 0xaf, 0x83, 0xfa, 0x80, 0x8a, 0x6c,
922 0x64, 0xdf, 0x70, 0x64, 0xd5, 0x0a, 0x7c, 0x5a, 0x72, 0xda, 0x66, 0xe6,
923 0xf9, 0xf5, 0x31, 0x21, 0x92, 0xb0, 0x60, 0x1a, 0xb5, 0xd3, 0xf0, 0xa5,
924 0xfa, 0x48, 0x95, 0x2e, 0x38, 0xd9, 0xc5, 0xe6, 0xda, 0xfb, 0x6c, 0x03,
925 0x9d, 0x4b, 0x69, 0xb7, 0x95, 0xe4, 0x5c, 0xc0, 0x93, 0x4f, 0x48, 0xd9,
926 0x7e, 0x06, 0x22, 0xb2, 0xde, 0xf3, 0x79, 0x24, 0xed, 0xe1, 0xd1, 0x4a,
927 0x57, 0xf1, 0x40, 0x86, 0x70, 0x42, 0x25, 0xc5, 0x27, 0x68, 0xc9, 0xfa,
928 0xe5, 0x8e, 0x62, 0x7e, 0xff, 0x49, 0x6c, 0x5b, 0xb5, 0xba, 0xf9, 0xef,
929 0x9a, 0x1a, 0x10, 0xd4, 0x81, 0x53, 0xcf, 0x83, 0x04, 0x18, 0x1c, 0xe1,
930 0xdb, 0xe1, 0x65, 0xa9, 0x7f, 0xe1, 0x33, 0xeb, 0xc3, 0x4f, 0xe3, 0xb7,
931 0x22, 0xf7, 0x1c, 0x09, 0x4f, 0xed, 0xc6, 0x07, 0x8e, 0x78, 0x05, 0x8f,
932 0x7c, 0x96, 0xd9, 0x12, 0xe0, 0x81, 0x74, 0x1a, 0xe9, 0x13, 0xc0, 0x20,
933 0x82, 0x65, 0xbb, 0x42, 0x3b, 0xed, 0x08, 0x6a, 0x84, 0x4f, 0xea, 0x77,
934 0x14, 0x32, 0xf9, 0xed, 0xc2, 0x12, 0xd6, 0xc5, 0xc6, 0xb3, 0xe5, 0xf2,
935 0x6e, 0xf6, 0x16, 0x7f, 0x37, 0xde, 0xbc, 0x09, 0xc7, 0x06, 0x6b, 0x12,
936 0xbc, 0xad, 0x2d, 0x49, 0x25, 0xd5, 0xdc, 0xf4, 0x18, 0x14, 0xd2, 0xf0,
937 0xf1, 0x1d, 0x1f, 0x3a, 0xaa, 0x15, 0x55, 0xbb, 0x0d, 0x7f, 0xbe, 0x67,
938 0xa1, 0xa7, 0xf0, 0xaa, 0xb3, 0xfb, 0x41, 0x82, 0x39, 0x49, 0x93, 0xbc,
939 0xa8, 0xee, 0x72, 0x13, 0x45, 0x65, 0x15, 0x42, 0x17, 0xaa, 0xd8, 0xab,
940 0xcf, 0x33, 0x42, 0x83, 0x42
942 static const char group_name
[] = "ffdhe2048";
943 static const long priv_len
= 224;
945 if (!TEST_ptr(bld
= OSSL_PARAM_BLD_new())
946 || !TEST_ptr(pub
= BN_bin2bn(pub_data
, sizeof(pub_data
), NULL
))
947 || !TEST_ptr(priv
= BN_bin2bn(priv_data
, sizeof(priv_data
), NULL
))
948 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld
,
949 OSSL_PKEY_PARAM_GROUP_NAME
,
951 || !TEST_true(OSSL_PARAM_BLD_push_long(bld
, OSSL_PKEY_PARAM_DH_PRIV_LEN
,
953 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_PUB_KEY
, pub
))
954 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_PRIV_KEY
, priv
))
955 || !TEST_ptr(fromdata_params
= OSSL_PARAM_BLD_to_param(bld
)))
958 if (!TEST_ptr(ctx
= EVP_PKEY_CTX_new_from_name(NULL
, "DH", NULL
)))
961 if (!TEST_int_eq(EVP_PKEY_fromdata_init(ctx
), 1)
962 || !TEST_int_eq(EVP_PKEY_fromdata(ctx
, &pk
, EVP_PKEY_KEYPAIR
,
963 fromdata_params
), 1))
967 * A few extra checks of EVP_PKEY_get_utf8_string_param() to see that
968 * it behaves as expected with regards to string length and terminating
971 if (!TEST_true(EVP_PKEY_get_utf8_string_param(pk
,
972 OSSL_PKEY_PARAM_GROUP_NAME
,
973 NULL
, sizeof(name_out
),
975 || !TEST_size_t_eq(len
, sizeof(group_name
) - 1)
976 /* Just enough space to hold the group name and a terminating NUL */
977 || !TEST_true(EVP_PKEY_get_utf8_string_param(pk
,
978 OSSL_PKEY_PARAM_GROUP_NAME
,
982 || !TEST_size_t_eq(len
, sizeof(group_name
) - 1)
983 /* Too small buffer to hold the terminating NUL byte */
984 || !TEST_false(EVP_PKEY_get_utf8_string_param(pk
,
985 OSSL_PKEY_PARAM_GROUP_NAME
,
987 sizeof(group_name
) - 1,
989 /* Too small buffer to hold the whole group name, even! */
990 || !TEST_false(EVP_PKEY_get_utf8_string_param(pk
,
991 OSSL_PKEY_PARAM_GROUP_NAME
,
993 sizeof(group_name
) - 2,
997 while (dup_pk
== NULL
) {
999 if (!TEST_int_eq(EVP_PKEY_get_bits(pk
), 2048)
1000 || !TEST_int_eq(EVP_PKEY_get_security_bits(pk
), 112)
1001 || !TEST_int_eq(EVP_PKEY_get_size(pk
), 256)
1002 || !TEST_false(EVP_PKEY_missing_parameters(pk
)))
1005 if (!TEST_true(EVP_PKEY_get_utf8_string_param(pk
,
1006 OSSL_PKEY_PARAM_GROUP_NAME
,
1010 || !TEST_str_eq(name_out
, group_name
)
1011 || !TEST_true(EVP_PKEY_get_bn_param(pk
, OSSL_PKEY_PARAM_PUB_KEY
,
1014 || !TEST_BN_eq(pub
, pub_out
)
1015 || !TEST_true(EVP_PKEY_get_bn_param(pk
, OSSL_PKEY_PARAM_PRIV_KEY
,
1017 || !TEST_BN_eq(priv
, priv_out
)
1018 || !TEST_true(EVP_PKEY_get_bn_param(pk
, OSSL_PKEY_PARAM_FFC_P
, &p
))
1019 || !TEST_BN_eq(&ossl_bignum_ffdhe2048_p
, p
)
1020 || !TEST_true(EVP_PKEY_get_bn_param(pk
, OSSL_PKEY_PARAM_FFC_Q
, &q
))
1022 || !TEST_true(EVP_PKEY_get_bn_param(pk
, OSSL_PKEY_PARAM_FFC_G
, &g
))
1023 || !TEST_BN_eq(&ossl_bignum_const_2
, g
)
1024 || !TEST_false(EVP_PKEY_get_bn_param(pk
,
1025 OSSL_PKEY_PARAM_FFC_COFACTOR
,
1027 || !TEST_ptr_null(j
)
1028 || !TEST_false(EVP_PKEY_get_octet_string_param(pk
,
1029 OSSL_PKEY_PARAM_FFC_SEED
,
1033 || !TEST_true(EVP_PKEY_get_int_param(pk
, OSSL_PKEY_PARAM_FFC_GINDEX
,
1035 || !TEST_int_eq(gindex
, -1)
1036 || !TEST_true(EVP_PKEY_get_int_param(pk
, OSSL_PKEY_PARAM_FFC_H
,
1038 || !TEST_int_eq(hindex
, 0)
1039 || !TEST_true(EVP_PKEY_get_int_param(pk
,
1040 OSSL_PKEY_PARAM_FFC_PCOUNTER
,
1042 || !TEST_int_eq(pcounter
, -1))
1057 if (!TEST_ptr(key_ctx
= EVP_PKEY_CTX_new_from_pkey(NULL
, pk
, "")))
1060 if (!TEST_int_gt(EVP_PKEY_check(key_ctx
), 0)
1061 || !TEST_int_gt(EVP_PKEY_public_check(key_ctx
), 0)
1062 || !TEST_int_gt(EVP_PKEY_private_check(key_ctx
), 0)
1063 || !TEST_int_gt(EVP_PKEY_pairwise_check(key_ctx
), 0))
1065 EVP_PKEY_CTX_free(key_ctx
);
1068 if (!TEST_ptr(copy_pk
= EVP_PKEY_new())
1069 || !TEST_true(EVP_PKEY_copy_parameters(copy_pk
, pk
)))
1071 EVP_PKEY_free(copy_pk
);
1074 ret
= test_print_key_using_pem("DH", pk
)
1075 && test_print_key_using_encoder("DH", pk
);
1077 if (!ret
|| !TEST_ptr(dup_pk
= EVP_PKEY_dup(pk
)))
1079 ret
= ret
&& TEST_int_eq(EVP_PKEY_eq(pk
, dup_pk
), 1);
1094 EVP_PKEY_free(copy_pk
);
1096 EVP_PKEY_CTX_free(ctx
);
1097 EVP_PKEY_CTX_free(key_ctx
);
1098 OSSL_PARAM_free(fromdata_params
);
1099 OSSL_PARAM_BLD_free(bld
);
1104 static int test_fromdata_dh_fips186_4(void)
1107 int gindex
= 0, pcounter
= 0, hindex
= 0;
1108 EVP_PKEY_CTX
*ctx
= NULL
, *key_ctx
= NULL
;
1109 EVP_PKEY
*pk
= NULL
, *dup_pk
= NULL
;
1111 BIGNUM
*pub
= NULL
, *priv
= NULL
;
1112 BIGNUM
*pub_out
= NULL
, *priv_out
= NULL
;
1113 BIGNUM
*p
= NULL
, *q
= NULL
, *g
= NULL
, *j
= NULL
;
1114 OSSL_PARAM_BLD
*bld
= NULL
;
1115 OSSL_PARAM
*fromdata_params
= NULL
;
1117 unsigned char seed_out
[32];
1120 * DH key data was generated using the following:
1121 * openssl genpkey -algorithm DH
1122 * -pkeyopt group:ffdhe2048 -pkeyopt priv_len:224 -text
1124 static const unsigned char priv_data
[] = {
1125 0x88, 0x85, 0xe7, 0x9f, 0xee, 0x6d, 0xc5, 0x7c, 0x78, 0xaf, 0x63, 0x5d,
1126 0x38, 0x2a, 0xd0, 0xed, 0x56, 0x4b, 0x47, 0x21, 0x2b, 0xfa, 0x55, 0xfa,
1127 0x87, 0xe8, 0xa9, 0x7b,
1129 static const unsigned char pub_data
[] = {
1130 0xd6, 0x2d, 0x77, 0xe0, 0xd3, 0x7d, 0xf8, 0xeb, 0x98, 0x50, 0xa1, 0x82,
1131 0x22, 0x65, 0xd5, 0xd9, 0xfe, 0xc9, 0x3f, 0xbe, 0x16, 0x83, 0xbd, 0x33,
1132 0xe9, 0xc6, 0x93, 0xcf, 0x08, 0xaf, 0x83, 0xfa, 0x80, 0x8a, 0x6c, 0x64,
1133 0xdf, 0x70, 0x64, 0xd5, 0x0a, 0x7c, 0x5a, 0x72, 0xda, 0x66, 0xe6, 0xf9,
1134 0xf5, 0x31, 0x21, 0x92, 0xb0, 0x60, 0x1a, 0xb5, 0xd3, 0xf0, 0xa5, 0xfa,
1135 0x48, 0x95, 0x2e, 0x38, 0xd9, 0xc5, 0xe6, 0xda, 0xfb, 0x6c, 0x03, 0x9d,
1136 0x4b, 0x69, 0xb7, 0x95, 0xe4, 0x5c, 0xc0, 0x93, 0x4f, 0x48, 0xd9, 0x7e,
1137 0x06, 0x22, 0xb2, 0xde, 0xf3, 0x79, 0x24, 0xed, 0xe1, 0xd1, 0x4a, 0x57,
1138 0xf1, 0x40, 0x86, 0x70, 0x42, 0x25, 0xc5, 0x27, 0x68, 0xc9, 0xfa, 0xe5,
1139 0x8e, 0x62, 0x7e, 0xff, 0x49, 0x6c, 0x5b, 0xb5, 0xba, 0xf9, 0xef, 0x9a,
1140 0x1a, 0x10, 0xd4, 0x81, 0x53, 0xcf, 0x83, 0x04, 0x18, 0x1c, 0xe1, 0xdb,
1141 0xe1, 0x65, 0xa9, 0x7f, 0xe1, 0x33, 0xeb, 0xc3, 0x4f, 0xe3, 0xb7, 0x22,
1142 0xf7, 0x1c, 0x09, 0x4f, 0xed, 0xc6, 0x07, 0x8e, 0x78, 0x05, 0x8f, 0x7c,
1143 0x96, 0xd9, 0x12, 0xe0, 0x81, 0x74, 0x1a, 0xe9, 0x13, 0xc0, 0x20, 0x82,
1144 0x65, 0xbb, 0x42, 0x3b, 0xed, 0x08, 0x6a, 0x84, 0x4f, 0xea, 0x77, 0x14,
1145 0x32, 0xf9, 0xed, 0xc2, 0x12, 0xd6, 0xc5, 0xc6, 0xb3, 0xe5, 0xf2, 0x6e,
1146 0xf6, 0x16, 0x7f, 0x37, 0xde, 0xbc, 0x09, 0xc7, 0x06, 0x6b, 0x12, 0xbc,
1147 0xad, 0x2d, 0x49, 0x25, 0xd5, 0xdc, 0xf4, 0x18, 0x14, 0xd2, 0xf0, 0xf1,
1148 0x1d, 0x1f, 0x3a, 0xaa, 0x15, 0x55, 0xbb, 0x0d, 0x7f, 0xbe, 0x67, 0xa1,
1149 0xa7, 0xf0, 0xaa, 0xb3, 0xfb, 0x41, 0x82, 0x39, 0x49, 0x93, 0xbc, 0xa8,
1150 0xee, 0x72, 0x13, 0x45, 0x65, 0x15, 0x42, 0x17, 0xaa, 0xd8, 0xab, 0xcf,
1151 0x33, 0x42, 0x83, 0x42
1153 static const char group_name
[] = "ffdhe2048";
1154 static const long priv_len
= 224;
1157 if (!TEST_ptr(bld
= OSSL_PARAM_BLD_new())
1158 || !TEST_ptr(pub
= BN_bin2bn(pub_data
, sizeof(pub_data
), NULL
))
1159 || !TEST_ptr(priv
= BN_bin2bn(priv_data
, sizeof(priv_data
), NULL
))
1160 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld
,
1161 OSSL_PKEY_PARAM_GROUP_NAME
,
1163 || !TEST_true(OSSL_PARAM_BLD_push_long(bld
, OSSL_PKEY_PARAM_DH_PRIV_LEN
,
1165 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_PUB_KEY
, pub
))
1166 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_PRIV_KEY
, priv
))
1167 || !TEST_ptr(fromdata_params
= OSSL_PARAM_BLD_to_param(bld
)))
1170 if (!TEST_ptr(ctx
= EVP_PKEY_CTX_new_from_name(NULL
, "DH", NULL
)))
1173 if (!TEST_int_eq(EVP_PKEY_fromdata_init(ctx
), 1)
1174 || !TEST_int_eq(EVP_PKEY_fromdata(ctx
, &pk
, EVP_PKEY_KEYPAIR
,
1175 fromdata_params
), 1))
1178 while (dup_pk
== NULL
) {
1180 if (!TEST_int_eq(EVP_PKEY_get_bits(pk
), 2048)
1181 || !TEST_int_eq(EVP_PKEY_get_security_bits(pk
), 112)
1182 || !TEST_int_eq(EVP_PKEY_get_size(pk
), 256)
1183 || !TEST_false(EVP_PKEY_missing_parameters(pk
)))
1186 if (!TEST_true(EVP_PKEY_get_utf8_string_param(pk
,
1187 OSSL_PKEY_PARAM_GROUP_NAME
,
1191 || !TEST_str_eq(name_out
, group_name
)
1192 || !TEST_true(EVP_PKEY_get_bn_param(pk
, OSSL_PKEY_PARAM_PUB_KEY
,
1194 || !TEST_BN_eq(pub
, pub_out
)
1195 || !TEST_true(EVP_PKEY_get_bn_param(pk
, OSSL_PKEY_PARAM_PRIV_KEY
,
1197 || !TEST_BN_eq(priv
, priv_out
)
1198 || !TEST_true(EVP_PKEY_get_bn_param(pk
, OSSL_PKEY_PARAM_FFC_P
, &p
))
1199 || !TEST_BN_eq(&ossl_bignum_ffdhe2048_p
, p
)
1200 || !TEST_true(EVP_PKEY_get_bn_param(pk
, OSSL_PKEY_PARAM_FFC_Q
, &q
))
1202 || !TEST_true(EVP_PKEY_get_bn_param(pk
, OSSL_PKEY_PARAM_FFC_G
, &g
))
1203 || !TEST_BN_eq(&ossl_bignum_const_2
, g
)
1204 || !TEST_false(EVP_PKEY_get_bn_param(pk
,
1205 OSSL_PKEY_PARAM_FFC_COFACTOR
,
1207 || !TEST_ptr_null(j
)
1208 || !TEST_false(EVP_PKEY_get_octet_string_param(pk
,
1209 OSSL_PKEY_PARAM_FFC_SEED
,
1213 || !TEST_true(EVP_PKEY_get_int_param(pk
,
1214 OSSL_PKEY_PARAM_FFC_GINDEX
,
1216 || !TEST_int_eq(gindex
, -1)
1217 || !TEST_true(EVP_PKEY_get_int_param(pk
, OSSL_PKEY_PARAM_FFC_H
,
1219 || !TEST_int_eq(hindex
, 0)
1220 || !TEST_true(EVP_PKEY_get_int_param(pk
,
1221 OSSL_PKEY_PARAM_FFC_PCOUNTER
,
1223 || !TEST_int_eq(pcounter
, -1))
1238 if (!TEST_ptr(key_ctx
= EVP_PKEY_CTX_new_from_pkey(NULL
, pk
, "")))
1241 if (!TEST_int_gt(EVP_PKEY_check(key_ctx
), 0)
1242 || !TEST_int_gt(EVP_PKEY_public_check(key_ctx
), 0)
1243 || !TEST_int_gt(EVP_PKEY_private_check(key_ctx
), 0)
1244 || !TEST_int_gt(EVP_PKEY_pairwise_check(key_ctx
), 0))
1246 EVP_PKEY_CTX_free(key_ctx
);
1249 ret
= test_print_key_using_pem("DH", pk
)
1250 && test_print_key_using_encoder("DH", pk
);
1252 if (!ret
|| !TEST_ptr(dup_pk
= EVP_PKEY_dup(pk
)))
1254 ret
= ret
&& TEST_int_eq(EVP_PKEY_eq(pk
, dup_pk
), 1);
1270 EVP_PKEY_CTX_free(ctx
);
1271 EVP_PKEY_CTX_free(key_ctx
);
1272 OSSL_PARAM_free(fromdata_params
);
1273 OSSL_PARAM_BLD_free(bld
);
1282 #ifndef OPENSSL_NO_EC
1283 # ifndef OPENSSL_NO_ECX
1284 /* Array indexes used in test_fromdata_ecx */
1288 # define X25519_IDX 0
1290 # define ED25519_IDX 2
1291 # define ED448_IDX 3
1294 * tst uses indexes 0 ... (3 * 4 - 1)
1295 * For the 4 ECX key types (X25519_IDX..ED448_IDX)
1296 * 0..3 = public + private key.
1297 * 4..7 = private key (This will generate the public key from the private key)
1298 * 8..11 = public key
1300 static int test_fromdata_ecx(int tst
)
1303 EVP_PKEY_CTX
*ctx
= NULL
, *ctx2
= NULL
;
1304 EVP_PKEY
*pk
= NULL
, *copy_pk
= NULL
, *dup_pk
= NULL
;
1305 const char *alg
= NULL
;
1307 unsigned char out_pub
[ED448_KEYLEN
];
1308 unsigned char out_priv
[ED448_KEYLEN
];
1309 OSSL_PARAM params
[3] = { OSSL_PARAM_END
, OSSL_PARAM_END
, OSSL_PARAM_END
};
1311 /* ED448_KEYLEN > X448_KEYLEN > X25519_KEYLEN == ED25519_KEYLEN */
1312 static unsigned char key_numbers
[4][2][ED448_KEYLEN
] = {
1313 /* X25519: Keys from RFC 7748 6.1 */
1317 0x77, 0x07, 0x6d, 0x0a, 0x73, 0x18, 0xa5, 0x7d, 0x3c, 0x16,
1318 0xc1, 0x72, 0x51, 0xb2, 0x66, 0x45, 0xdf, 0x4c, 0x2f, 0x87,
1319 0xeb, 0xc0, 0x99, 0x2a, 0xb1, 0x77, 0xfb, 0xa5, 0x1d, 0xb9,
1324 0x85, 0x20, 0xf0, 0x09, 0x89, 0x30, 0xa7, 0x54, 0x74, 0x8b,
1325 0x7d, 0xdc, 0xb4, 0x3e, 0xf7, 0x5a, 0x0d, 0xbf, 0x3a, 0x0d,
1326 0x26, 0x38, 0x1a, 0xf4, 0xeb, 0xa4, 0xa9, 0x8e, 0xaa, 0x9b,
1330 /* X448: Keys from RFC 7748 6.2 */
1334 0x9a, 0x8f, 0x49, 0x25, 0xd1, 0x51, 0x9f, 0x57, 0x75, 0xcf,
1335 0x46, 0xb0, 0x4b, 0x58, 0x00, 0xd4, 0xee, 0x9e, 0xe8, 0xba,
1336 0xe8, 0xbc, 0x55, 0x65, 0xd4, 0x98, 0xc2, 0x8d, 0xd9, 0xc9,
1337 0xba, 0xf5, 0x74, 0xa9, 0x41, 0x97, 0x44, 0x89, 0x73, 0x91,
1338 0x00, 0x63, 0x82, 0xa6, 0xf1, 0x27, 0xab, 0x1d, 0x9a, 0xc2,
1339 0xd8, 0xc0, 0xa5, 0x98, 0x72, 0x6b
1343 0x9b, 0x08, 0xf7, 0xcc, 0x31, 0xb7, 0xe3, 0xe6, 0x7d, 0x22,
1344 0xd5, 0xae, 0xa1, 0x21, 0x07, 0x4a, 0x27, 0x3b, 0xd2, 0xb8,
1345 0x3d, 0xe0, 0x9c, 0x63, 0xfa, 0xa7, 0x3d, 0x2c, 0x22, 0xc5,
1346 0xd9, 0xbb, 0xc8, 0x36, 0x64, 0x72, 0x41, 0xd9, 0x53, 0xd4,
1347 0x0c, 0x5b, 0x12, 0xda, 0x88, 0x12, 0x0d, 0x53, 0x17, 0x7f,
1348 0x80, 0xe5, 0x32, 0xc4, 0x1f, 0xa0
1351 /* ED25519: Keys from RFC 8032 */
1355 0x9d, 0x61, 0xb1, 0x9d, 0xef, 0xfd, 0x5a, 0x60, 0xba, 0x84,
1356 0x4a, 0xf4, 0x92, 0xec, 0x2c, 0xc4, 0x44, 0x49, 0xc5, 0x69,
1357 0x7b, 0x32, 0x69, 0x19, 0x70, 0x3b, 0xac, 0x03, 0x1c, 0xae,
1362 0xd7, 0x5a, 0x98, 0x01, 0x82, 0xb1, 0x0a, 0xb7, 0xd5, 0x4b,
1363 0xfe, 0xd3, 0xc9, 0x64, 0x07, 0x3a, 0x0e, 0xe1, 0x72, 0xf3,
1364 0xda, 0xa6, 0x23, 0x25, 0xaf, 0x02, 0x1a, 0x68, 0xf7, 0x07,
1368 /* ED448: Keys from RFC 8032 */
1372 0x6c, 0x82, 0xa5, 0x62, 0xcb, 0x80, 0x8d, 0x10, 0xd6, 0x32,
1373 0xbe, 0x89, 0xc8, 0x51, 0x3e, 0xbf, 0x6c, 0x92, 0x9f, 0x34,
1374 0xdd, 0xfa, 0x8c, 0x9f, 0x63, 0xc9, 0x96, 0x0e, 0xf6, 0xe3,
1375 0x48, 0xa3, 0x52, 0x8c, 0x8a, 0x3f, 0xcc, 0x2f, 0x04, 0x4e,
1376 0x39, 0xa3, 0xfc, 0x5b, 0x94, 0x49, 0x2f, 0x8f, 0x03, 0x2e,
1377 0x75, 0x49, 0xa2, 0x00, 0x98, 0xf9, 0x5b
1381 0x5f, 0xd7, 0x44, 0x9b, 0x59, 0xb4, 0x61, 0xfd, 0x2c, 0xe7,
1382 0x87, 0xec, 0x61, 0x6a, 0xd4, 0x6a, 0x1d, 0xa1, 0x34, 0x24,
1383 0x85, 0xa7, 0x0e, 0x1f, 0x8a, 0x0e, 0xa7, 0x5d, 0x80, 0xe9,
1384 0x67, 0x78, 0xed, 0xf1, 0x24, 0x76, 0x9b, 0x46, 0xc7, 0x06,
1385 0x1b, 0xd6, 0x78, 0x3d, 0xf1, 0xe5, 0x0f, 0x6c, 0xd1, 0xfa,
1386 0x1a, 0xbe, 0xaf, 0xe8, 0x25, 0x61, 0x80
1390 OSSL_PARAM x25519_fromdata_params
[] = {
1391 OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PRIV_KEY
,
1392 key_numbers
[X25519_IDX
][PRIV_KEY
],
1394 OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PUB_KEY
,
1395 key_numbers
[X25519_IDX
][PUB_KEY
],
1399 OSSL_PARAM x448_fromdata_params
[] = {
1400 OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PRIV_KEY
,
1401 key_numbers
[X448_IDX
][PRIV_KEY
],
1403 OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PUB_KEY
,
1404 key_numbers
[X448_IDX
][PUB_KEY
],
1408 OSSL_PARAM ed25519_fromdata_params
[] = {
1409 OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PRIV_KEY
,
1410 key_numbers
[ED25519_IDX
][PRIV_KEY
],
1412 OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PUB_KEY
,
1413 key_numbers
[ED25519_IDX
][PUB_KEY
],
1417 OSSL_PARAM ed448_fromdata_params
[] = {
1418 OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PRIV_KEY
,
1419 key_numbers
[ED448_IDX
][PRIV_KEY
],
1421 OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PUB_KEY
,
1422 key_numbers
[ED448_IDX
][PUB_KEY
],
1426 OSSL_PARAM
*fromdata_params
= NULL
;
1427 int bits
= 0, security_bits
= 0, size
= 0;
1428 OSSL_PARAM
*orig_fromdata_params
= NULL
;
1432 fromdata_params
= x25519_fromdata_params
;
1434 security_bits
= X25519_SECURITY_BITS
;
1435 size
= X25519_KEYLEN
;
1440 fromdata_params
= x448_fromdata_params
;
1442 security_bits
= X448_SECURITY_BITS
;
1448 fromdata_params
= ed25519_fromdata_params
;
1449 bits
= ED25519_BITS
;
1450 security_bits
= ED25519_SECURITY_BITS
;
1451 size
= ED25519_SIGSIZE
;
1456 fromdata_params
= ed448_fromdata_params
;
1458 security_bits
= ED448_SECURITY_BITS
;
1459 size
= ED448_SIGSIZE
;
1466 ctx
= EVP_PKEY_CTX_new_from_name(NULL
, alg
, NULL
);
1470 orig_fromdata_params
= fromdata_params
;
1472 /* public key only */
1474 } else if (tst
> 3) {
1475 /* private key only */
1476 params
[0] = fromdata_params
[0];
1477 params
[1] = fromdata_params
[2];
1478 fromdata_params
= params
;
1481 if (!TEST_int_eq(EVP_PKEY_fromdata_init(ctx
), 1)
1482 || !TEST_int_eq(EVP_PKEY_fromdata(ctx
, &pk
, EVP_PKEY_KEYPAIR
,
1483 fromdata_params
), 1))
1486 while (dup_pk
== NULL
) {
1488 if (!TEST_int_eq(EVP_PKEY_get_bits(pk
), bits
)
1489 || !TEST_int_eq(EVP_PKEY_get_security_bits(pk
), security_bits
)
1490 || !TEST_int_eq(EVP_PKEY_get_size(pk
), size
)
1491 || !TEST_false(EVP_PKEY_missing_parameters(pk
)))
1494 if (!TEST_ptr(ctx2
= EVP_PKEY_CTX_new_from_pkey(NULL
, pk
, NULL
)))
1497 if (!TEST_int_gt(EVP_PKEY_check(ctx2
), 0))
1499 if (!TEST_true(EVP_PKEY_get_octet_string_param(
1500 pk
, orig_fromdata_params
[PRIV_KEY
].key
,
1501 out_priv
, sizeof(out_priv
), &len
))
1502 || !TEST_mem_eq(out_priv
, len
,
1503 orig_fromdata_params
[PRIV_KEY
].data
,
1504 orig_fromdata_params
[PRIV_KEY
].data_size
)
1505 || !TEST_true(EVP_PKEY_get_octet_string_param(
1506 pk
, orig_fromdata_params
[PUB_KEY
].key
,
1507 out_pub
, sizeof(out_pub
), &len
))
1508 || !TEST_mem_eq(out_pub
, len
,
1509 orig_fromdata_params
[PUB_KEY
].data
,
1510 orig_fromdata_params
[PUB_KEY
].data_size
))
1513 /* The private key check should fail if there is only a public key */
1514 if (!TEST_int_gt(EVP_PKEY_public_check(ctx2
), 0)
1515 || !TEST_int_le(EVP_PKEY_private_check(ctx2
), 0)
1516 || !TEST_int_le(EVP_PKEY_check(ctx2
), 0))
1519 EVP_PKEY_CTX_free(ctx2
);
1522 if (!TEST_ptr(copy_pk
= EVP_PKEY_new())
1523 /* This should succeed because there are no parameters to copy */
1524 || !TEST_true(EVP_PKEY_copy_parameters(copy_pk
, pk
)))
1526 if (!TEST_ptr(ctx2
= EVP_PKEY_CTX_new_from_pkey(NULL
, copy_pk
, NULL
))
1527 /* This should fail because copy_pk has no pubkey */
1528 || !TEST_int_le(EVP_PKEY_public_check(ctx2
), 0))
1530 EVP_PKEY_CTX_free(ctx2
);
1532 EVP_PKEY_free(copy_pk
);
1536 ret
= test_print_key_using_encoder_public(alg
, pk
);
1538 ret
= test_print_key_using_pem(alg
, pk
)
1539 && test_print_key_using_encoder(alg
, pk
);
1541 if (!ret
|| !TEST_ptr(dup_pk
= EVP_PKEY_dup(pk
)))
1543 ret
= ret
&& TEST_int_eq(EVP_PKEY_eq(pk
, dup_pk
), 1);
1552 EVP_PKEY_free(copy_pk
);
1553 EVP_PKEY_CTX_free(ctx
);
1554 EVP_PKEY_CTX_free(ctx2
);
1558 # endif /* OPENSSL_NO_ECX */
1560 static int test_fromdata_ec(void)
1563 EVP_PKEY_CTX
*ctx
= NULL
;
1564 EVP_PKEY
*pk
= NULL
, *copy_pk
= NULL
, *dup_pk
= NULL
;
1565 OSSL_PARAM_BLD
*bld
= NULL
;
1566 BIGNUM
*ec_priv_bn
= NULL
;
1567 BIGNUM
*bn_priv
= NULL
;
1568 OSSL_PARAM
*fromdata_params
= NULL
;
1569 const char *alg
= "EC";
1570 const char *curve
= "prime256v1";
1571 const char bad_curve
[] = "nonexistent-curve";
1572 OSSL_PARAM nokey_params
[2] = {
1576 /* UNCOMPRESSED FORMAT */
1577 static const unsigned char ec_pub_keydata
[] = {
1578 POINT_CONVERSION_UNCOMPRESSED
,
1579 0x1b, 0x93, 0x67, 0x55, 0x1c, 0x55, 0x9f, 0x63,
1580 0xd1, 0x22, 0xa4, 0xd8, 0xd1, 0x0a, 0x60, 0x6d,
1581 0x02, 0xa5, 0x77, 0x57, 0xc8, 0xa3, 0x47, 0x73,
1582 0x3a, 0x6a, 0x08, 0x28, 0x39, 0xbd, 0xc9, 0xd2,
1583 0x80, 0xec, 0xe9, 0xa7, 0x08, 0x29, 0x71, 0x2f,
1584 0xc9, 0x56, 0x82, 0xee, 0x9a, 0x85, 0x0f, 0x6d,
1585 0x7f, 0x59, 0x5f, 0x8c, 0xd1, 0x96, 0x0b, 0xdf,
1586 0x29, 0x3e, 0x49, 0x07, 0x88, 0x3f, 0x9a, 0x29
1588 /* SAME BUT COMPRESSED FORMAT */
1589 static const unsigned char ec_pub_keydata_compressed
[] = {
1590 POINT_CONVERSION_COMPRESSED
+1,
1591 0x1b, 0x93, 0x67, 0x55, 0x1c, 0x55, 0x9f, 0x63,
1592 0xd1, 0x22, 0xa4, 0xd8, 0xd1, 0x0a, 0x60, 0x6d,
1593 0x02, 0xa5, 0x77, 0x57, 0xc8, 0xa3, 0x47, 0x73,
1594 0x3a, 0x6a, 0x08, 0x28, 0x39, 0xbd, 0xc9, 0xd2
1596 static const unsigned char ec_priv_keydata
[] = {
1597 0x33, 0xd0, 0x43, 0x83, 0xa9, 0x89, 0x56, 0x03,
1598 0xd2, 0xd7, 0xfe, 0x6b, 0x01, 0x6f, 0xe4, 0x59,
1599 0xcc, 0x0d, 0x9a, 0x24, 0x6c, 0x86, 0x1b, 0x2e,
1600 0xdc, 0x4b, 0x4d, 0x35, 0x43, 0xe1, 0x1b, 0xad
1602 unsigned char out_pub
[sizeof(ec_pub_keydata
)];
1603 char out_curve_name
[80];
1604 const OSSL_PARAM
*gettable
= NULL
;
1606 EC_GROUP
*group
= NULL
;
1607 BIGNUM
*group_a
= NULL
;
1608 BIGNUM
*group_b
= NULL
;
1609 BIGNUM
*group_p
= NULL
;
1615 if (!TEST_ptr(bld
= OSSL_PARAM_BLD_new()))
1617 if (!TEST_ptr(ec_priv_bn
= BN_bin2bn(ec_priv_keydata
,
1618 sizeof(ec_priv_keydata
), NULL
)))
1621 if (OSSL_PARAM_BLD_push_utf8_string(bld
, OSSL_PKEY_PARAM_GROUP_NAME
,
1625 * We intentionally provide the input point in compressed format,
1626 * and avoid setting `OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT`.
1628 * Later on we check what format is used when exporting the
1629 * `OSSL_PKEY_PARAM_PUB_KEY` and expect to default to uncompressed
1632 if (OSSL_PARAM_BLD_push_octet_string(bld
, OSSL_PKEY_PARAM_PUB_KEY
,
1633 ec_pub_keydata_compressed
,
1634 sizeof(ec_pub_keydata_compressed
)) <= 0)
1636 if (OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_PRIV_KEY
, ec_priv_bn
) <= 0)
1638 if (!TEST_ptr(fromdata_params
= OSSL_PARAM_BLD_to_param(bld
)))
1640 ctx
= EVP_PKEY_CTX_new_from_name(NULL
, alg
, NULL
);
1644 /* try importing parameters with bad curve first */
1646 OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME
,
1647 (char *)bad_curve
, sizeof(bad_curve
));
1648 if (!TEST_int_eq(EVP_PKEY_fromdata_init(ctx
), 1)
1649 || !TEST_int_eq(EVP_PKEY_fromdata(ctx
, &pk
, EVP_PKEY_KEY_PARAMETERS
,
1651 || !TEST_ptr_null(pk
))
1654 if (!TEST_int_eq(EVP_PKEY_fromdata_init(ctx
), 1)
1655 || !TEST_int_eq(EVP_PKEY_fromdata(ctx
, &pk
, EVP_PKEY_KEYPAIR
,
1656 fromdata_params
), 1))
1659 while (dup_pk
== NULL
) {
1661 if (!TEST_int_eq(EVP_PKEY_get_bits(pk
), 256)
1662 || !TEST_int_eq(EVP_PKEY_get_security_bits(pk
), 128)
1663 || !TEST_int_eq(EVP_PKEY_get_size(pk
), 2 + 35 * 2)
1664 || !TEST_false(EVP_PKEY_missing_parameters(pk
)))
1667 if (!TEST_ptr(copy_pk
= EVP_PKEY_new())
1668 || !TEST_true(EVP_PKEY_copy_parameters(copy_pk
, pk
)))
1670 EVP_PKEY_free(copy_pk
);
1673 if (!TEST_ptr(gettable
= EVP_PKEY_gettable_params(pk
))
1674 || !TEST_ptr(OSSL_PARAM_locate_const(gettable
,
1675 OSSL_PKEY_PARAM_GROUP_NAME
))
1676 || !TEST_ptr(OSSL_PARAM_locate_const(gettable
,
1677 OSSL_PKEY_PARAM_PUB_KEY
))
1678 || !TEST_ptr(OSSL_PARAM_locate_const(gettable
,
1679 OSSL_PKEY_PARAM_PRIV_KEY
)))
1682 if (!TEST_ptr(group
= EC_GROUP_new_by_curve_name(OBJ_sn2nid(curve
)))
1683 || !TEST_ptr(group_p
= BN_new())
1684 || !TEST_ptr(group_a
= BN_new())
1685 || !TEST_ptr(group_b
= BN_new())
1686 || !TEST_true(EC_GROUP_get_curve(group
, group_p
, group_a
, group_b
, NULL
)))
1689 if (!TEST_true(EVP_PKEY_get_bn_param(pk
, OSSL_PKEY_PARAM_EC_A
, &a
))
1690 || !TEST_true(EVP_PKEY_get_bn_param(pk
, OSSL_PKEY_PARAM_EC_B
, &b
))
1691 || !TEST_true(EVP_PKEY_get_bn_param(pk
, OSSL_PKEY_PARAM_EC_P
, &p
)))
1694 if (!TEST_BN_eq(group_p
, p
) || !TEST_BN_eq(group_a
, a
)
1695 || !TEST_BN_eq(group_b
, b
))
1698 if (!EVP_PKEY_get_utf8_string_param(pk
, OSSL_PKEY_PARAM_GROUP_NAME
,
1700 sizeof(out_curve_name
),
1702 || !TEST_str_eq(out_curve_name
, curve
)
1703 || !EVP_PKEY_get_octet_string_param(pk
, OSSL_PKEY_PARAM_PUB_KEY
,
1704 out_pub
, sizeof(out_pub
), &len
)
1707 * Our providers use uncompressed format by default if
1708 * `OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT` was not
1709 * explicitly set, irrespective of the format used for the
1710 * input point given as a param to create this key.
1712 || !TEST_true(out_pub
[0] == POINT_CONVERSION_UNCOMPRESSED
)
1713 || !TEST_mem_eq(out_pub
+ 1, len
- 1,
1714 ec_pub_keydata
+ 1, sizeof(ec_pub_keydata
) - 1)
1716 || !TEST_true(EVP_PKEY_get_bn_param(pk
, OSSL_PKEY_PARAM_PRIV_KEY
,
1718 || !TEST_BN_eq(ec_priv_bn
, bn_priv
))
1723 ret
= test_print_key_using_pem(alg
, pk
)
1724 && test_print_key_using_encoder(alg
, pk
);
1726 if (!ret
|| !TEST_ptr(dup_pk
= EVP_PKEY_dup(pk
)))
1728 ret
= ret
&& TEST_int_eq(EVP_PKEY_eq(pk
, dup_pk
), 1);
1736 EC_GROUP_free(group
);
1744 BN_free(ec_priv_bn
);
1745 OSSL_PARAM_free(fromdata_params
);
1746 OSSL_PARAM_BLD_free(bld
);
1748 EVP_PKEY_free(copy_pk
);
1749 EVP_PKEY_CTX_free(ctx
);
1753 static int test_ec_dup_no_operation(void)
1756 EVP_PKEY_CTX
*pctx
= NULL
, *ctx
= NULL
, *kctx
= NULL
;
1757 EVP_PKEY
*param
= NULL
, *pkey
= NULL
;
1759 if (!TEST_ptr(pctx
= EVP_PKEY_CTX_new_id(EVP_PKEY_EC
, NULL
))
1760 || !TEST_int_gt(EVP_PKEY_paramgen_init(pctx
), 0)
1761 || !TEST_int_gt(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx
,
1762 NID_X9_62_prime256v1
), 0)
1763 || !TEST_int_gt(EVP_PKEY_paramgen(pctx
, ¶m
), 0)
1764 || !TEST_ptr(param
))
1767 EVP_PKEY_CTX_free(pctx
);
1770 if (!TEST_ptr(ctx
= EVP_PKEY_CTX_new_from_pkey(NULL
, param
, NULL
))
1771 || !TEST_ptr(kctx
= EVP_PKEY_CTX_dup(ctx
))
1772 || !TEST_int_gt(EVP_PKEY_keygen_init(kctx
), 0)
1773 || !TEST_int_gt(EVP_PKEY_keygen(kctx
, &pkey
), 0))
1777 EVP_PKEY_free(pkey
);
1778 EVP_PKEY_free(param
);
1779 EVP_PKEY_CTX_free(ctx
);
1780 EVP_PKEY_CTX_free(kctx
);
1781 EVP_PKEY_CTX_free(pctx
);
1785 /* Test that keygen doesn't support EVP_PKEY_CTX_dup */
1786 static int test_ec_dup_keygen_operation(void)
1789 EVP_PKEY_CTX
*pctx
= NULL
, *ctx
= NULL
, *kctx
= NULL
;
1790 EVP_PKEY
*param
= NULL
, *pkey
= NULL
;
1792 if (!TEST_ptr(pctx
= EVP_PKEY_CTX_new_id(EVP_PKEY_EC
, NULL
))
1793 || !TEST_int_gt(EVP_PKEY_paramgen_init(pctx
), 0)
1794 || !TEST_int_gt(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx
,
1795 NID_X9_62_prime256v1
), 0)
1796 || !TEST_int_gt(EVP_PKEY_paramgen(pctx
, ¶m
), 0)
1797 || !TEST_ptr(param
))
1800 EVP_PKEY_CTX_free(pctx
);
1803 if (!TEST_ptr(ctx
= EVP_PKEY_CTX_new_from_pkey(NULL
, param
, NULL
))
1804 || !TEST_int_gt(EVP_PKEY_keygen_init(ctx
), 0)
1805 || !TEST_ptr_null(kctx
= EVP_PKEY_CTX_dup(ctx
)))
1809 EVP_PKEY_free(pkey
);
1810 EVP_PKEY_free(param
);
1811 EVP_PKEY_CTX_free(ctx
);
1812 EVP_PKEY_CTX_free(kctx
);
1813 EVP_PKEY_CTX_free(pctx
);
1817 #endif /* OPENSSL_NO_EC */
1819 #ifndef OPENSSL_NO_DSA
1820 static int test_fromdata_dsa_fips186_4(void)
1823 EVP_PKEY_CTX
*ctx
= NULL
, *key_ctx
= NULL
;
1824 EVP_PKEY
*pk
= NULL
, *copy_pk
= NULL
, *dup_pk
= NULL
;
1825 BIGNUM
*pub
= NULL
, *priv
= NULL
;
1826 BIGNUM
*p
= NULL
, *q
= NULL
, *g
= NULL
;
1827 BIGNUM
*pub_out
= NULL
, *priv_out
= NULL
;
1828 BIGNUM
*p_out
= NULL
, *q_out
= NULL
, *g_out
= NULL
, *j_out
= NULL
;
1829 int gindex_out
= 0, pcounter_out
= 0, hindex_out
= 0;
1831 unsigned char seed_out
[32];
1833 OSSL_PARAM_BLD
*bld
= NULL
;
1834 OSSL_PARAM
*fromdata_params
= NULL
;
1837 * DSA parameter data was generated using the following:
1838 * openssl genpkey -genparam -algorithm DSA -pkeyopt pbits:2048 \
1839 * -pkeyopt qbits:256 -pkeyopt type:0 \
1840 * -pkeyopt gindex:1 -out dsa_params.pem -text
1842 static const unsigned char p_data
[] = {
1843 0x00, 0xa0, 0xb7, 0x02, 0xc4, 0xac, 0xa6, 0x42, 0xab, 0xf2, 0x34, 0x0b,
1844 0x22, 0x47, 0x1f, 0x33, 0xcf, 0xd5, 0x04, 0xe4, 0x3e, 0xec, 0xa1, 0x21,
1845 0xc8, 0x41, 0x2b, 0xef, 0xb8, 0x1f, 0x0b, 0x5b, 0x88, 0x8b, 0x67, 0xf8,
1846 0x68, 0x6d, 0x7c, 0x4d, 0x96, 0x5f, 0x3c, 0x66, 0xef, 0x58, 0x34, 0xd7,
1847 0xf6, 0xa2, 0x1b, 0xad, 0xc8, 0x12, 0x52, 0xb8, 0xe8, 0x2a, 0x63, 0xcc,
1848 0xea, 0xe7, 0x4e, 0xc8, 0x34, 0x4c, 0x58, 0x59, 0x0a, 0xc2, 0x4a, 0xe4,
1849 0xb4, 0x64, 0x20, 0xf4, 0xf6, 0x0a, 0xcf, 0x86, 0x01, 0x6c, 0x7f, 0x23,
1850 0x4a, 0x51, 0x07, 0x99, 0x42, 0x28, 0x7a, 0xff, 0x18, 0x67, 0x52, 0x64,
1851 0xf2, 0x9a, 0x62, 0x30, 0xc3, 0x00, 0xde, 0x23, 0xe9, 0x11, 0x95, 0x7e,
1852 0xd1, 0x3d, 0x8d, 0xb4, 0x0e, 0x9f, 0x9e, 0xb1, 0x30, 0x03, 0xf0, 0x73,
1853 0xa8, 0x40, 0x48, 0x42, 0x7b, 0x60, 0xa0, 0xc4, 0xf2, 0x3b, 0x2d, 0x0a,
1854 0x0c, 0xb8, 0x19, 0xfb, 0xb4, 0xf8, 0xe0, 0x2a, 0xc7, 0xf1, 0xc0, 0xc6,
1855 0x86, 0x14, 0x60, 0x12, 0x0f, 0xc0, 0xde, 0x4a, 0x67, 0xec, 0xc7, 0xde,
1856 0x76, 0x21, 0x1a, 0x55, 0x7f, 0x86, 0xc3, 0x97, 0x98, 0xce, 0xf5, 0xcd,
1857 0xf0, 0xe7, 0x12, 0xd6, 0x93, 0xee, 0x1b, 0x9b, 0x61, 0xef, 0x05, 0x8c,
1858 0x45, 0x46, 0xd9, 0x64, 0x6f, 0xbe, 0x27, 0xaa, 0x67, 0x01, 0xcc, 0x71,
1859 0xb1, 0x60, 0xce, 0x21, 0xd8, 0x51, 0x17, 0x27, 0x0d, 0x90, 0x3d, 0x18,
1860 0x7c, 0x87, 0x15, 0x8e, 0x48, 0x4c, 0x6c, 0xc5, 0x72, 0xeb, 0xb7, 0x56,
1861 0xf5, 0x6b, 0x60, 0x8f, 0xc2, 0xfd, 0x3f, 0x46, 0x5c, 0x00, 0x91, 0x85,
1862 0x79, 0x45, 0x5b, 0x1c, 0x82, 0xc4, 0x87, 0x50, 0x79, 0xba, 0xcc, 0x1c,
1863 0x32, 0x7e, 0x2e, 0xb8, 0x2e, 0xc5, 0x4e, 0xd1, 0x9b, 0xdb, 0x66, 0x79,
1864 0x7c, 0xfe, 0xaf, 0x6a, 0x05
1866 static const unsigned char q_data
[] = {
1867 0xa8, 0xcd, 0xf4, 0x33, 0x7b, 0x13, 0x0a, 0x24, 0xc1, 0xde, 0x4a, 0x04,
1868 0x7b, 0x4b, 0x71, 0x51, 0x32, 0xe9, 0x47, 0x74, 0xbd, 0x0c, 0x21, 0x40,
1869 0x84, 0x12, 0x0a, 0x17, 0x73, 0xdb, 0x29, 0xc7
1871 static const unsigned char g_data
[] = {
1872 0x6c, 0xc6, 0xa4, 0x3e, 0x61, 0x84, 0xc1, 0xff, 0x6f, 0x4a, 0x1a, 0x6b,
1873 0xb0, 0x24, 0x4b, 0xd2, 0x92, 0x5b, 0x29, 0x5c, 0x61, 0xb8, 0xc9, 0x2b,
1874 0xd6, 0xf7, 0x59, 0xfd, 0xd8, 0x70, 0x66, 0x77, 0xfc, 0xc1, 0xa4, 0xd4,
1875 0xb0, 0x1e, 0xd5, 0xbf, 0x59, 0x98, 0xb3, 0x66, 0x8b, 0xf4, 0x2e, 0xe6,
1876 0x12, 0x3e, 0xcc, 0xf8, 0x02, 0xb8, 0xc6, 0xc3, 0x47, 0xd2, 0xf5, 0xaa,
1877 0x0c, 0x5f, 0x51, 0xf5, 0xd0, 0x4c, 0x55, 0x3d, 0x07, 0x73, 0xa6, 0x57,
1878 0xce, 0x5a, 0xad, 0x42, 0x0c, 0x13, 0x0f, 0xe2, 0x31, 0x25, 0x8e, 0x72,
1879 0x12, 0x73, 0x10, 0xdb, 0x7f, 0x79, 0xeb, 0x59, 0xfc, 0xfe, 0xf7, 0x0c,
1880 0x1a, 0x81, 0x53, 0x96, 0x22, 0xb8, 0xe7, 0x58, 0xd8, 0x67, 0x80, 0x60,
1881 0xad, 0x8b, 0x55, 0x1c, 0x91, 0xf0, 0x72, 0x9a, 0x7e, 0xad, 0x37, 0xf1,
1882 0x77, 0x18, 0x96, 0x8a, 0x68, 0x70, 0xfc, 0x71, 0xa9, 0xa2, 0xe8, 0x35,
1883 0x27, 0x78, 0xf2, 0xef, 0x59, 0x36, 0x6d, 0x7c, 0xb6, 0x98, 0xd8, 0x1e,
1884 0xfa, 0x25, 0x73, 0x97, 0x45, 0x58, 0xe3, 0xae, 0xbd, 0x52, 0x54, 0x05,
1885 0xd8, 0x26, 0x26, 0xba, 0xba, 0x05, 0xb5, 0xe9, 0xe5, 0x76, 0xae, 0x25,
1886 0xdd, 0xfc, 0x10, 0x89, 0x5a, 0xa9, 0xee, 0x59, 0xc5, 0x79, 0x8b, 0xeb,
1887 0x1e, 0x2c, 0x61, 0xab, 0x0d, 0xd1, 0x10, 0x04, 0x91, 0x32, 0x77, 0x4a,
1888 0xa6, 0x64, 0x53, 0xda, 0x4c, 0xd7, 0x3a, 0x29, 0xd4, 0xf3, 0x82, 0x25,
1889 0x1d, 0x6f, 0x4a, 0x7f, 0xd3, 0x08, 0x3b, 0x42, 0x30, 0x10, 0xd8, 0xd0,
1890 0x97, 0x3a, 0xeb, 0x92, 0x63, 0xec, 0x93, 0x2b, 0x6f, 0x32, 0xd8, 0xcd,
1891 0x80, 0xd3, 0xc0, 0x4c, 0x03, 0xd5, 0xca, 0xbc, 0x8f, 0xc7, 0x43, 0x53,
1892 0x64, 0x66, 0x1c, 0x82, 0x2d, 0xfb, 0xff, 0x39, 0xba, 0xd6, 0x42, 0x62,
1893 0x02, 0x6f, 0x96, 0x36
1895 static const unsigned char seed_data
[] = {
1896 0x64, 0x46, 0x07, 0x32, 0x8d, 0x70, 0x9c, 0xb3, 0x8a, 0x35, 0xde, 0x62,
1897 0x00, 0xf2, 0x6d, 0x52, 0x37, 0x4d, 0xb3, 0x84, 0xe1, 0x9d, 0x41, 0x04,
1898 0xda, 0x7b, 0xdc, 0x0d, 0x8b, 0x5e, 0xe0, 0x84
1900 const int gindex
= 1;
1901 const int pcounter
= 53;
1903 * The keypair was generated using
1904 * openssl genpkey -paramfile dsa_params.pem --pkeyopt pcounter:53 \
1905 * -pkeyopt gindex:1 \
1906 * -pkeyopt hexseed:644607328d709cb38a35de6200f26d -text
1908 static const unsigned char priv_data
[] = {
1909 0x00, 0x8f, 0xc5, 0x9e, 0xd0, 0xf7, 0x2a, 0x0b, 0x66, 0xf1, 0x32, 0x73,
1910 0xae, 0xf6, 0xd9, 0xd4, 0xdb, 0x2d, 0x96, 0x55, 0x89, 0xff, 0xef, 0xa8,
1911 0x5f, 0x47, 0x8f, 0xca, 0x02, 0x8a, 0xe1, 0x35, 0x90
1913 static const unsigned char pub_data
[] = {
1914 0x44, 0x19, 0xc9, 0x46, 0x45, 0x57, 0xc1, 0xa9, 0xd8, 0x30, 0x99, 0x29,
1915 0x6a, 0x4b, 0x63, 0x71, 0x69, 0x96, 0x35, 0x17, 0xb2, 0x62, 0x9b, 0x80,
1916 0x0a, 0x95, 0x9d, 0x6a, 0xc0, 0x32, 0x0d, 0x07, 0x5f, 0x19, 0x44, 0x02,
1917 0xf1, 0xbd, 0xce, 0xdf, 0x10, 0xf8, 0x02, 0x5d, 0x7d, 0x98, 0x8a, 0x73,
1918 0x89, 0x00, 0xb6, 0x24, 0xd6, 0x33, 0xe7, 0xcf, 0x8b, 0x49, 0x2a, 0xaf,
1919 0x13, 0x1c, 0xb2, 0x52, 0x15, 0xfd, 0x9b, 0xd5, 0x40, 0x4a, 0x1a, 0xda,
1920 0x29, 0x4c, 0x92, 0x7e, 0x66, 0x06, 0xdb, 0x61, 0x86, 0xac, 0xb5, 0xda,
1921 0x3c, 0x7d, 0x73, 0x7e, 0x54, 0x32, 0x68, 0xa5, 0x02, 0xbc, 0x59, 0x47,
1922 0x84, 0xd3, 0x87, 0x71, 0x5f, 0xeb, 0x43, 0x45, 0x24, 0xd3, 0xec, 0x08,
1923 0x52, 0xc2, 0x89, 0x2d, 0x9c, 0x1a, 0xcc, 0x91, 0x65, 0x5d, 0xa3, 0xa1,
1924 0x35, 0x31, 0x10, 0x1c, 0x3a, 0xa8, 0x4d, 0x18, 0xd5, 0x06, 0xaf, 0xb2,
1925 0xec, 0x5c, 0x89, 0x9e, 0x90, 0x86, 0x10, 0x01, 0xeb, 0x51, 0xd5, 0x1b,
1926 0x9c, 0xcb, 0x66, 0x07, 0x3f, 0xc4, 0x6e, 0x0a, 0x1b, 0x73, 0xa0, 0x4b,
1927 0x5f, 0x4d, 0xab, 0x35, 0x28, 0xfa, 0xda, 0x3a, 0x0c, 0x08, 0xe8, 0xf3,
1928 0xef, 0x42, 0x67, 0xbc, 0x21, 0xf2, 0xc2, 0xb8, 0xff, 0x1a, 0x81, 0x05,
1929 0x68, 0x73, 0x62, 0xdf, 0xd7, 0xab, 0x0f, 0x22, 0x89, 0x57, 0x96, 0xd4,
1930 0x93, 0xaf, 0xa1, 0x21, 0xa3, 0x48, 0xe9, 0xf0, 0x97, 0x47, 0xa0, 0x27,
1931 0xba, 0x87, 0xb8, 0x15, 0x5f, 0xff, 0x2c, 0x50, 0x41, 0xf1, 0x7e, 0xc6,
1932 0x81, 0xc4, 0x51, 0xf1, 0xfd, 0xd6, 0x86, 0xf7, 0x69, 0x97, 0xf1, 0x49,
1933 0xc9, 0xf9, 0xf4, 0x9b, 0xf4, 0xe8, 0x85, 0xa7, 0xbd, 0x36, 0x55, 0x4a,
1934 0x3d, 0xe8, 0x65, 0x09, 0x7b, 0xb7, 0x12, 0x64, 0xd2, 0x0a, 0x53, 0x60,
1935 0x48, 0xd1, 0x8a, 0xbd
1938 if (!TEST_ptr(bld
= OSSL_PARAM_BLD_new())
1939 || !TEST_ptr(pub
= BN_bin2bn(pub_data
, sizeof(pub_data
), NULL
))
1940 || !TEST_ptr(priv
= BN_bin2bn(priv_data
, sizeof(priv_data
), NULL
))
1941 || !TEST_ptr(p
= BN_bin2bn(p_data
, sizeof(p_data
), NULL
))
1942 || !TEST_ptr(q
= BN_bin2bn(q_data
, sizeof(q_data
), NULL
))
1943 || !TEST_ptr(g
= BN_bin2bn(g_data
, sizeof(g_data
), NULL
))
1945 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_P
, p
))
1946 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_Q
, q
))
1947 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_G
, g
))
1948 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld
,
1949 OSSL_PKEY_PARAM_FFC_SEED
,
1952 || !TEST_true(OSSL_PARAM_BLD_push_int(bld
, OSSL_PKEY_PARAM_FFC_GINDEX
,
1954 || !TEST_true(OSSL_PARAM_BLD_push_int(bld
,
1955 OSSL_PKEY_PARAM_FFC_PCOUNTER
,
1957 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_PUB_KEY
,
1959 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_PRIV_KEY
,
1961 || !TEST_ptr(fromdata_params
= OSSL_PARAM_BLD_to_param(bld
)))
1964 if (!TEST_ptr(ctx
= EVP_PKEY_CTX_new_from_name(NULL
, "DSA", NULL
)))
1967 if (!TEST_int_eq(EVP_PKEY_fromdata_init(ctx
), 1)
1968 || !TEST_int_eq(EVP_PKEY_fromdata(ctx
, &pk
, EVP_PKEY_KEYPAIR
,
1969 fromdata_params
), 1))
1972 while (dup_pk
== NULL
) {
1974 if (!TEST_int_eq(EVP_PKEY_get_bits(pk
), 2048)
1975 || !TEST_int_eq(EVP_PKEY_get_security_bits(pk
), 112)
1976 || !TEST_int_eq(EVP_PKEY_get_size(pk
), 2 + 2 * (3 + sizeof(q_data
)))
1977 || !TEST_false(EVP_PKEY_missing_parameters(pk
)))
1980 if (!TEST_false(EVP_PKEY_get_utf8_string_param(pk
,
1981 OSSL_PKEY_PARAM_GROUP_NAME
,
1985 || !TEST_true(EVP_PKEY_get_bn_param(pk
, OSSL_PKEY_PARAM_PUB_KEY
,
1987 || !TEST_BN_eq(pub
, pub_out
)
1988 || !TEST_true(EVP_PKEY_get_bn_param(pk
, OSSL_PKEY_PARAM_PRIV_KEY
,
1990 || !TEST_BN_eq(priv
, priv_out
)
1991 || !TEST_true(EVP_PKEY_get_bn_param(pk
, OSSL_PKEY_PARAM_FFC_P
,
1993 || !TEST_BN_eq(p
, p_out
)
1994 || !TEST_true(EVP_PKEY_get_bn_param(pk
, OSSL_PKEY_PARAM_FFC_Q
,
1996 || !TEST_BN_eq(q
, q_out
)
1997 || !TEST_true(EVP_PKEY_get_bn_param(pk
, OSSL_PKEY_PARAM_FFC_G
,
1999 || !TEST_BN_eq(g
, g_out
)
2000 || !TEST_false(EVP_PKEY_get_bn_param(pk
,
2001 OSSL_PKEY_PARAM_FFC_COFACTOR
,
2003 || !TEST_ptr_null(j_out
)
2004 || !TEST_true(EVP_PKEY_get_octet_string_param(pk
,
2005 OSSL_PKEY_PARAM_FFC_SEED
,
2009 || !TEST_true(EVP_PKEY_get_int_param(pk
,
2010 OSSL_PKEY_PARAM_FFC_GINDEX
,
2012 || !TEST_int_eq(gindex
, gindex_out
)
2013 || !TEST_true(EVP_PKEY_get_int_param(pk
, OSSL_PKEY_PARAM_FFC_H
,
2015 || !TEST_int_eq(hindex_out
, 0)
2016 || !TEST_true(EVP_PKEY_get_int_param(pk
,
2017 OSSL_PKEY_PARAM_FFC_PCOUNTER
,
2019 || !TEST_int_eq(pcounter
, pcounter_out
))
2034 if (!TEST_ptr(key_ctx
= EVP_PKEY_CTX_new_from_pkey(NULL
, pk
, "")))
2037 if (!TEST_int_gt(EVP_PKEY_check(key_ctx
), 0)
2038 || !TEST_int_gt(EVP_PKEY_public_check(key_ctx
), 0)
2039 || !TEST_int_gt(EVP_PKEY_private_check(key_ctx
), 0)
2040 || !TEST_int_gt(EVP_PKEY_pairwise_check(key_ctx
), 0))
2042 EVP_PKEY_CTX_free(key_ctx
);
2045 if (!TEST_ptr(copy_pk
= EVP_PKEY_new())
2046 || !TEST_true(EVP_PKEY_copy_parameters(copy_pk
, pk
)))
2048 EVP_PKEY_free(copy_pk
);
2051 ret
= test_print_key_using_pem("DSA", pk
)
2052 && test_print_key_using_encoder("DSA", pk
);
2054 if (!ret
|| !TEST_ptr(dup_pk
= EVP_PKEY_dup(pk
)))
2056 ret
= ret
&& TEST_int_eq(EVP_PKEY_eq(pk
, dup_pk
), 1);
2064 OSSL_PARAM_free(fromdata_params
);
2065 OSSL_PARAM_BLD_free(bld
);
2078 EVP_PKEY_free(copy_pk
);
2079 EVP_PKEY_CTX_free(ctx
);
2080 EVP_PKEY_CTX_free(key_ctx
);
2085 static int test_check_dsa(void)
2088 EVP_PKEY_CTX
*ctx
= NULL
;
2090 if (!TEST_ptr(ctx
= EVP_PKEY_CTX_new_from_name(NULL
, "DSA", NULL
))
2091 || !TEST_int_le(EVP_PKEY_check(ctx
), 0)
2092 || !TEST_int_le(EVP_PKEY_public_check(ctx
), 0)
2093 || !TEST_int_le(EVP_PKEY_private_check(ctx
), 0)
2094 || !TEST_int_le(EVP_PKEY_pairwise_check(ctx
), 0))
2099 EVP_PKEY_CTX_free(ctx
);
2103 #endif /* OPENSSL_NO_DSA */
2106 static OSSL_PARAM
*do_construct_hkdf_params(char *digest
, char *key
,
2107 size_t keylen
, char *salt
)
2109 OSSL_PARAM
*params
= OPENSSL_malloc(sizeof(OSSL_PARAM
) * 5);
2110 OSSL_PARAM
*p
= params
;
2112 *p
++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST
, digest
, 0);
2113 *p
++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT
,
2114 salt
, strlen(salt
));
2115 *p
++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY
,
2116 (unsigned char *)key
, keylen
);
2117 *p
++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MODE
,
2119 *p
= OSSL_PARAM_construct_end();
2124 static int test_evp_pkey_ctx_dup_kdf(void)
2127 size_t len
= 0, dlen
= 0;
2128 EVP_PKEY_CTX
*pctx
= NULL
, *dctx
= NULL
;
2129 OSSL_PARAM
*params
= NULL
;
2131 if (!TEST_ptr(params
= do_construct_hkdf_params("sha256", "secret", 6,
2134 if (!TEST_ptr(pctx
= EVP_PKEY_CTX_new_from_name(NULL
, "HKDF", NULL
)))
2136 if (!TEST_int_eq(EVP_PKEY_derive_init_ex(pctx
, params
), 1))
2138 if (!TEST_ptr(dctx
= EVP_PKEY_CTX_dup(pctx
)))
2140 if (!TEST_int_eq(EVP_PKEY_derive(pctx
, NULL
, &len
), 1)
2141 || !TEST_size_t_eq(len
, SHA256_DIGEST_LENGTH
)
2142 || !TEST_int_eq(EVP_PKEY_derive(dctx
, NULL
, &dlen
), 1)
2143 || !TEST_size_t_eq(dlen
, SHA256_DIGEST_LENGTH
))
2147 OPENSSL_free(params
);
2148 EVP_PKEY_CTX_free(dctx
);
2149 EVP_PKEY_CTX_free(pctx
);
2153 int setup_tests(void)
2155 if (!test_skip_common_options()) {
2156 TEST_error("Error parsing test options\n");
2160 if (!TEST_ptr(datadir
= test_get_argument(0)))
2163 ADD_TEST(test_evp_pkey_ctx_dup_kdf
);
2164 ADD_TEST(test_evp_pkey_get_bn_param_large
);
2165 ADD_TEST(test_fromdata_rsa
);
2166 ADD_TEST(test_fromdata_rsa_derive_from_pq_sp800
);
2167 ADD_TEST(test_fromdata_rsa_derive_from_pq_multiprime
);
2168 #ifndef OPENSSL_NO_DH
2169 ADD_TEST(test_fromdata_dh_fips186_4
);
2170 ADD_TEST(test_fromdata_dh_named_group
);
2172 #ifndef OPENSSL_NO_DSA
2173 ADD_TEST(test_check_dsa
);
2174 ADD_TEST(test_fromdata_dsa_fips186_4
);
2176 #ifndef OPENSSL_NO_EC
2177 # ifndef OPENSSL_NO_ECX
2178 ADD_ALL_TESTS(test_fromdata_ecx
, 4 * 3);
2180 ADD_TEST(test_fromdata_ec
);
2181 ADD_TEST(test_ec_dup_no_operation
);
2182 ADD_TEST(test_ec_dup_keygen_operation
);