]> git.ipfire.org Git - thirdparty/openssl.git/blob - test/evp_pkey_provided_test.c
projects / thirdparty / openssl.git / blob
? search:


69782a8005e9adacd4dcf6a7a5398e370518fb08
[thirdparty/openssl.git] / test / evp_pkey_provided_test.c
1 /*
2 * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 #include <string.h> /* memset */
11 #include <openssl/evp.h>
12 #include <openssl/pem.h>
13 #include <openssl/encoder.h>
14 #include <openssl/provider.h>
15 #include <openssl/param_build.h>
16 #include <openssl/core_names.h>
17 #include <openssl/sha.h>
18 #include "crypto/ecx.h"
19 #include "crypto/evp.h" /* For the internal API */
20 #include "crypto/bn_dh.h" /* _bignum_ffdhe2048_p */
21 #include "internal/nelem.h"
22 #include "testutil.h"
23
24 static char *datadir = NULL;
25
26 /*
27 * Do not change the order of the following defines unless you also
28 * update the for loop bounds used inside test_print_key_using_encoder() and
29 * test_print_key_using_encoder_public().
30 */
31 #define PRIV_TEXT 0
32 #define PRIV_PEM 1
33 #define PRIV_DER 2
34 #define PUB_TEXT 3
35 #define PUB_PEM 4
36 #define PUB_DER 5
37
38 static void stripcr(char *buf, size_t *len)
39 {
40 size_t i;
41 char *curr, *writ;
42
43 for (i = *len, curr = buf, writ = buf; i > 0; i--, curr++) {
44 if (*curr == '\r') {
45 (*len)--;
46 continue;
47 }
48 if (curr != writ)
49 *writ = *curr;
50 writ++;
51 }
52 }
53
54 static int compare_with_file(const char *alg, int type, BIO *membio)
55 {
56 char filename[80];
57 BIO *file = NULL;
58 char buf[4096];
59 char *memdata, *fullfile = NULL;
60 const char *suffix;
61 size_t readbytes;
62 int ret = 0;
63 int len;
64 size_t slen;
65
66 switch (type) {
67 case PRIV_TEXT:
68 suffix = "priv.txt";
69 break;
70
71 case PRIV_PEM:
72 suffix = "priv.pem";
73 break;
74
75 case PRIV_DER:
76 suffix = "priv.der";
77 break;
78
79 case PUB_TEXT:
80 suffix = "pub.txt";
81 break;
82
83 case PUB_PEM:
84 suffix = "pub.pem";
85 break;
86
87 case PUB_DER:
88 suffix = "pub.der";
89 break;
90
91 default:
92 TEST_error("Invalid file type");
93 goto err;
94 }
95
96 BIO_snprintf(filename, sizeof(filename), "%s.%s", alg, suffix);
97 fullfile = test_mk_file_path(datadir, filename);
98 if (!TEST_ptr(fullfile))
99 goto err;
100
101 file = BIO_new_file(fullfile, "rb");
102 if (!TEST_ptr(file))
103 goto err;
104
105 if (!TEST_true(BIO_read_ex(file, buf, sizeof(buf), &readbytes))
106 || !TEST_true(BIO_eof(file))
107 || !TEST_size_t_lt(readbytes, sizeof(buf)))
108 goto err;
109
110 len = BIO_get_mem_data(membio, &memdata);
111 if (!TEST_int_gt(len, 0))
112 goto err;
113
114 slen = len;
115 if (type != PRIV_DER && type != PUB_DER) {
116 stripcr(memdata, &slen);
117 stripcr(buf, &readbytes);
118 }
119
120 if (!TEST_mem_eq(memdata, slen, buf, readbytes))
121 goto err;
122
123 ret = 1;
124 err:
125 OPENSSL_free(fullfile);
126 (void)BIO_reset(membio);
127 BIO_free(file);
128 return ret;
129 }
130
131 static int pass_cb(char *buf, int size, int rwflag, void *u)
132 {
133 return 0;
134 }
135
136 static int pass_cb_error(char *buf, int size, int rwflag, void *u)
137 {
138 return -1;
139 }
140
141 static int test_print_key_using_pem(const char *alg, const EVP_PKEY *pk)
142 {
143 BIO *membio = BIO_new(BIO_s_mem());
144 int ret = 0;
145
146 if (!TEST_ptr(membio))
147 goto err;
148
149 if (/* Output Encrypted private key in PEM form */
150 !TEST_true(PEM_write_bio_PrivateKey(bio_out, pk, EVP_aes_256_cbc(),
151 (unsigned char *)"pass", 4,
152 NULL, NULL))
153 /* Output zero-length passphrase encrypted private key in PEM form */
154 || !TEST_true(PEM_write_bio_PKCS8PrivateKey(bio_out, pk,
155 EVP_aes_256_cbc(),
156 (const char *)~0, 0,
157 NULL, NULL))
158 || !TEST_true(PEM_write_bio_PKCS8PrivateKey(bio_out, pk,
159 EVP_aes_256_cbc(),
160 NULL, 0, NULL, ""))
161 || !TEST_true(PEM_write_bio_PKCS8PrivateKey(bio_out, pk,
162 EVP_aes_256_cbc(),
163 NULL, 0, pass_cb, NULL))
164 || !TEST_false(PEM_write_bio_PKCS8PrivateKey(bio_out, pk,
165 EVP_aes_256_cbc(),
166 NULL, 0, pass_cb_error,
167 NULL))
168 #ifndef OPENSSL_NO_DES
169 || !TEST_true(PEM_write_bio_PKCS8PrivateKey_nid(
170 bio_out, pk, NID_pbe_WithSHA1And3_Key_TripleDES_CBC,
171 (const char *)~0, 0, NULL, NULL))
172 || !TEST_true(PEM_write_bio_PKCS8PrivateKey_nid(
173 bio_out, pk, NID_pbe_WithSHA1And3_Key_TripleDES_CBC, NULL, 0,
174 NULL, ""))
175 || !TEST_true(PEM_write_bio_PKCS8PrivateKey_nid(
176 bio_out, pk, NID_pbe_WithSHA1And3_Key_TripleDES_CBC, NULL, 0,
177 pass_cb, NULL))
178 || !TEST_false(PEM_write_bio_PKCS8PrivateKey_nid(
179 bio_out, pk, NID_pbe_WithSHA1And3_Key_TripleDES_CBC, NULL, 0,
180 pass_cb_error, NULL))
181 #endif
182 /* Private key in text form */
183 || !TEST_int_gt(EVP_PKEY_print_private(membio, pk, 0, NULL), 0)
184 || !TEST_true(compare_with_file(alg, PRIV_TEXT, membio))
185 /* Public key in PEM form */
186 || !TEST_true(PEM_write_bio_PUBKEY(membio, pk))
187 || !TEST_true(compare_with_file(alg, PUB_PEM, membio))
188 /* Unencrypted private key in PEM form */
189 || !TEST_true(PEM_write_bio_PrivateKey(membio, pk,
190 NULL, NULL, 0, NULL, NULL))
191 || !TEST_true(compare_with_file(alg, PRIV_PEM, membio))
192 /* NULL key */
193 || !TEST_false(PEM_write_bio_PrivateKey(membio, NULL,
194 NULL, NULL, 0, NULL, NULL))
195 || !TEST_false(PEM_write_bio_PrivateKey_traditional(membio, NULL,
196 NULL, NULL, 0, NULL, NULL)))
197 goto err;
198
199 ret = 1;
200 err:
201 BIO_free(membio);
202 return ret;
203 }
204
205 static int test_print_key_type_using_encoder(const char *alg, int type,
206 const EVP_PKEY *pk)
207 {
208 const char *output_type, *output_structure;
209 int selection;
210 OSSL_ENCODER_CTX *ctx = NULL;
211 BIO *membio = BIO_new(BIO_s_mem());
212 int ret = 0;
213
214 switch (type) {
215 case PRIV_TEXT:
216 output_type = "TEXT";
217 output_structure = NULL;
218 selection = OSSL_KEYMGMT_SELECT_KEYPAIR
219 | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS;
220 break;
221
222 case PRIV_PEM:
223 output_type = "PEM";
224 output_structure = "PrivateKeyInfo";
225 selection = OSSL_KEYMGMT_SELECT_KEYPAIR
226 | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS;
227 break;
228
229 case PRIV_DER:
230 output_type = "DER";
231 output_structure = "PrivateKeyInfo";
232 selection = OSSL_KEYMGMT_SELECT_KEYPAIR
233 | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS;
234 break;
235
236 case PUB_TEXT:
237 output_type = "TEXT";
238 output_structure = NULL;
239 selection = OSSL_KEYMGMT_SELECT_PUBLIC_KEY
240 | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS;
241 break;
242
243 case PUB_PEM:
244 output_type = "PEM";
245 output_structure = "SubjectPublicKeyInfo";
246 selection = OSSL_KEYMGMT_SELECT_PUBLIC_KEY
247 | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS;
248 break;
249
250 case PUB_DER:
251 output_type = "DER";
252 output_structure = "SubjectPublicKeyInfo";
253 selection = OSSL_KEYMGMT_SELECT_PUBLIC_KEY
254 | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS;
255 break;
256
257 default:
258 TEST_error("Invalid encoding type");
259 goto err;
260 }
261
262 if (!TEST_ptr(membio))
263 goto err;
264
265 /* Make a context, it's valid for several prints */
266 TEST_note("Setting up a OSSL_ENCODER context with passphrase");
267 if (!TEST_ptr(ctx = OSSL_ENCODER_CTX_new_for_pkey(pk, selection,
268 output_type,
269 output_structure,
270 NULL))
271 /* Check that this operation is supported */
272 || !TEST_int_ne(OSSL_ENCODER_CTX_get_num_encoders(ctx), 0))
273 goto err;
274
275 /* Use no cipher. This should give us an unencrypted PEM */
276 TEST_note("Testing with no encryption");
277 if (!TEST_true(OSSL_ENCODER_to_bio(ctx, membio))
278 || !TEST_true(compare_with_file(alg, type, membio)))
279 goto err;
280
281 if (type == PRIV_PEM) {
282 /* Set a passphrase to be used later */
283 if (!TEST_true(OSSL_ENCODER_CTX_set_passphrase(ctx,
284 (unsigned char *)"pass",
285 4)))
286 goto err;
287
288 /* Use a valid cipher name */
289 TEST_note("Displaying PEM encrypted with AES-256-CBC");
290 if (!TEST_true(OSSL_ENCODER_CTX_set_cipher(ctx, "AES-256-CBC", NULL))
291 || !TEST_true(OSSL_ENCODER_to_bio(ctx, bio_out)))
292 goto err;
293
294 /* Use an invalid cipher name, which should generate no output */
295 TEST_note("NOT Displaying PEM encrypted with (invalid) FOO");
296 if (!TEST_false(OSSL_ENCODER_CTX_set_cipher(ctx, "FOO", NULL))
297 || !TEST_false(OSSL_ENCODER_to_bio(ctx, bio_out)))
298 goto err;
299
300 /* Clear the cipher. This should give us an unencrypted PEM again */
301 TEST_note("Testing with encryption cleared (no encryption)");
302 if (!TEST_true(OSSL_ENCODER_CTX_set_cipher(ctx, NULL, NULL))
303 || !TEST_true(OSSL_ENCODER_to_bio(ctx, membio))
304 || !TEST_true(compare_with_file(alg, type, membio)))
305 goto err;
306 }
307 ret = 1;
308 err:
309 BIO_free(membio);
310 OSSL_ENCODER_CTX_free(ctx);
311 return ret;
312 }
313
314 static int test_print_key_using_encoder(const char *alg, const EVP_PKEY *pk)
315 {
316 int i;
317 int ret = 1;
318
319 for (i = PRIV_TEXT; i <= PUB_DER; i++)
320 ret = ret && test_print_key_type_using_encoder(alg, i, pk);
321
322 return ret;
323 }
324
325 #ifndef OPENSSL_NO_ECX
326 static int test_print_key_using_encoder_public(const char *alg,
327 const EVP_PKEY *pk)
328 {
329 int i;
330 int ret = 1;
331
332 for (i = PUB_TEXT; i <= PUB_DER; i++)
333 ret = ret && test_print_key_type_using_encoder(alg, i, pk);
334
335 return ret;
336 }
337 #endif
338
339 /* Array indexes used in test_fromdata_rsa */
340 #define N 0
341 #define E 1
342 #define D 2
343 #define P 3
344 #define Q 4
345 #define DP 5
346 #define DQ 6
347 #define QINV 7
348
349 static int test_fromdata_rsa(void)
350 {
351 int ret = 0, i;
352 EVP_PKEY_CTX *ctx = NULL, *key_ctx = NULL;
353 EVP_PKEY *pk = NULL, *copy_pk = NULL, *dup_pk = NULL;
354 /*
355 * 32-bit RSA key, extracted from this command,
356 * executed with OpenSSL 1.0.2:
357 *
358 * openssl genrsa 32 | openssl rsa -text
359 */
360 static unsigned long key_numbers[] = {
361 0xbc747fc5, /* N */
362 0x10001, /* E */
363 0x7b133399, /* D */
364 0xe963, /* P */
365 0xceb7, /* Q */
366 0x8599, /* DP */
367 0xbd87, /* DQ */
368 0xcc3b, /* QINV */
369 };
370 OSSL_PARAM fromdata_params[] = {
371 OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_N, &key_numbers[N]),
372 OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_E, &key_numbers[E]),
373 OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_D, &key_numbers[D]),
374 OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_FACTOR1, &key_numbers[P]),
375 OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_FACTOR2, &key_numbers[Q]),
376 OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_EXPONENT1, &key_numbers[DP]),
377 OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_EXPONENT2, &key_numbers[DQ]),
378 OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_COEFFICIENT1, &key_numbers[QINV]),
379 OSSL_PARAM_END
380 };
381 BIGNUM *bn = BN_new();
382 BIGNUM *bn_from = BN_new();
383
384 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(NULL, "RSA", NULL)))
385 goto err;
386
387 if (!TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1)
388 || !TEST_int_eq(EVP_PKEY_fromdata(ctx, &pk, EVP_PKEY_KEYPAIR,
389 fromdata_params), 1))
390 goto err;
391
392 while (dup_pk == NULL) {
393 ret = 0;
394 if (!TEST_int_eq(EVP_PKEY_get_bits(pk), 32)
395 || !TEST_int_eq(EVP_PKEY_get_security_bits(pk), 8)
396 || !TEST_int_eq(EVP_PKEY_get_size(pk), 4)
397 || !TEST_false(EVP_PKEY_missing_parameters(pk)))
398 goto err;
399
400 EVP_PKEY_CTX_free(key_ctx);
401 if (!TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(NULL, pk, "")))
402 goto err;
403
404 if (!TEST_int_gt(EVP_PKEY_check(key_ctx), 0)
405 || !TEST_int_gt(EVP_PKEY_public_check(key_ctx), 0)
406 || !TEST_int_gt(EVP_PKEY_private_check(key_ctx), 0)
407 || !TEST_int_gt(EVP_PKEY_pairwise_check(key_ctx), 0))
408 goto err;
409
410 /* EVP_PKEY_copy_parameters() should fail for RSA */
411 if (!TEST_ptr(copy_pk = EVP_PKEY_new())
412 || !TEST_false(EVP_PKEY_copy_parameters(copy_pk, pk)))
413 goto err;
414 EVP_PKEY_free(copy_pk);
415 copy_pk = NULL;
416
417 ret = test_print_key_using_pem("RSA", pk)
418 && test_print_key_using_encoder("RSA", pk);
419
420 if (!ret || !TEST_ptr(dup_pk = EVP_PKEY_dup(pk)))
421 goto err;
422 ret = ret && TEST_int_eq(EVP_PKEY_eq(pk, dup_pk), 1);
423 EVP_PKEY_free(pk);
424 pk = dup_pk;
425 if (!ret)
426 goto err;
427 }
428 err:
429 /* for better diagnostics always compare key params */
430 for (i = 0; fromdata_params[i].key != NULL; ++i) {
431 if (!TEST_true(BN_set_word(bn_from, key_numbers[i]))
432 || !TEST_true(EVP_PKEY_get_bn_param(pk, fromdata_params[i].key,
433 &bn))
434 || !TEST_BN_eq(bn, bn_from))
435 ret = 0;
436 }
437 BN_free(bn_from);
438 BN_free(bn);
439 EVP_PKEY_free(pk);
440 EVP_PKEY_free(copy_pk);
441 EVP_PKEY_CTX_free(key_ctx);
442 EVP_PKEY_CTX_free(ctx);
443
444 return ret;
445 }
446
447 struct check_data {
448 const char *pname;
449 BIGNUM *comparebn;
450 };
451
452 static int do_fromdata_rsa_derive(OSSL_PARAM *fromdata_params,
453 struct check_data check[],
454 int expected_nbits, int expected_sbits,
455 int expected_ksize)
456 {
457 const OSSL_PARAM *check_param = NULL;
458 BIGNUM *check_bn = NULL;
459 OSSL_PARAM *todata_params = NULL;
460 EVP_PKEY_CTX *ctx = NULL, *key_ctx = NULL;
461 EVP_PKEY *pk = NULL, *copy_pk = NULL, *dup_pk = NULL;
462 int i;
463 int ret = 0;
464
465 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(NULL, "RSA", NULL))
466 || !TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1)
467 || !TEST_int_eq(EVP_PKEY_fromdata(ctx, &pk, EVP_PKEY_KEYPAIR,
468 fromdata_params), 1))
469 goto err;
470
471 /*
472 * get the generated key parameters back and validate that the
473 * exponents/coeffs are correct
474 */
475 if (!TEST_int_eq(EVP_PKEY_todata(pk, EVP_PKEY_KEYPAIR, &todata_params), 1))
476 goto err;
477
478 for (i = 0; check[i].pname != NULL; i++) {
479 if (!TEST_ptr(check_param = OSSL_PARAM_locate_const(todata_params,
480 check[i].pname)))
481 goto err;
482 if (!TEST_int_eq(OSSL_PARAM_get_BN(check_param, &check_bn), 1))
483 goto err;
484 if (!TEST_BN_eq(check_bn, check[i].comparebn)) {
485 TEST_info("Data mismatch for parameter %s", check[i].pname);
486 goto err;
487 }
488 BN_free(check_bn);
489 check_bn = NULL;
490 }
491
492 while (dup_pk == NULL) {
493 if (!TEST_int_eq(EVP_PKEY_get_bits(pk), expected_nbits)
494 || !TEST_int_eq(EVP_PKEY_get_security_bits(pk), expected_sbits)
495 || !TEST_int_eq(EVP_PKEY_get_size(pk), expected_ksize)
496 || !TEST_false(EVP_PKEY_missing_parameters(pk)))
497 goto err;
498
499 EVP_PKEY_CTX_free(key_ctx);
500 if (!TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(NULL, pk, "")))
501 goto err;
502
503 if (!TEST_int_gt(EVP_PKEY_check(key_ctx), 0)
504 || !TEST_int_gt(EVP_PKEY_public_check(key_ctx), 0)
505 || !TEST_int_gt(EVP_PKEY_private_check(key_ctx), 0)
506 || !TEST_int_gt(EVP_PKEY_pairwise_check(key_ctx), 0))
507 goto err;
508
509 /* EVP_PKEY_copy_parameters() should fail for RSA */
510 if (!TEST_ptr(copy_pk = EVP_PKEY_new())
511 || !TEST_false(EVP_PKEY_copy_parameters(copy_pk, pk)))
512 goto err;
513 EVP_PKEY_free(copy_pk);
514 copy_pk = NULL;
515
516 if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pk)))
517 goto err;
518 if (!TEST_int_eq(EVP_PKEY_eq(pk, dup_pk), 1)) {
519 EVP_PKEY_free(dup_pk);
520 goto err;
521 }
522 EVP_PKEY_free(pk);
523 pk = dup_pk;
524 }
525 ret = 1;
526 err:
527 BN_free(check_bn);
528 EVP_PKEY_free(pk);
529 EVP_PKEY_CTX_free(ctx);
530 EVP_PKEY_CTX_free(key_ctx);
531 OSSL_PARAM_free(fromdata_params);
532 OSSL_PARAM_free(todata_params);
533 return ret;
534 }
535
536 static int test_fromdata_rsa_derive_from_pq_sp800(void)
537 {
538 OSSL_PARAM_BLD *bld = NULL;
539 BIGNUM *n = NULL, *e = NULL, *d = NULL, *p = NULL, *q = NULL;
540 BIGNUM *dmp1 = NULL, *dmq1 = NULL, *iqmp = NULL;
541 OSSL_PARAM *fromdata_params = NULL;
542 struct check_data cdata[4];
543 int ret = 0;
544 /*
545 * 512-bit RSA key, extracted from this command,
546 * openssl genrsa 512 | openssl rsa -text
547 * Note: When generating a key with EVP_PKEY_fromdata, and using
548 * crt derivation, openssl requires a minimum of 512 bits of n data,
549 * and 2048 bits in the FIPS case
550 */
551 static unsigned char n_data[] =
552 {0x00, 0xc7, 0x06, 0xd8, 0x6b, 0x3c, 0x4f, 0xb7, 0x95, 0x42, 0x44, 0x90,
553 0xbd, 0xef, 0xf3, 0xc4, 0xb5, 0xa8, 0x55, 0x9e, 0x33, 0xa3, 0x04, 0x3a,
554 0x90, 0xe5, 0x13, 0xff, 0x87, 0x69, 0x15, 0xa4, 0x8a, 0x17, 0x10, 0xcc,
555 0xdf, 0xf9, 0xc5, 0x0f, 0xf1, 0x12, 0xff, 0x12, 0x11, 0xe5, 0x6b, 0x5c,
556 0x83, 0xd9, 0x43, 0xd1, 0x8a, 0x7e, 0xa6, 0x60, 0x07, 0x2e, 0xbb, 0x03,
557 0x17, 0x2d, 0xec, 0x17, 0x87};
558 static unsigned char e_data[] = {0x01, 0x00, 0x01};
559 static unsigned char d_data[] =
560 {0x1e, 0x5e, 0x5d, 0x07, 0x7f, 0xdc, 0x6a, 0x16, 0xcc, 0x55, 0xca, 0x00,
561 0x31, 0x6c, 0xf0, 0xc7, 0x07, 0x38, 0x89, 0x3b, 0x37, 0xd4, 0x9d, 0x5b,
562 0x1e, 0x99, 0x3e, 0x94, 0x5a, 0xe4, 0x82, 0x86, 0x8a, 0x78, 0x34, 0x09,
563 0x37, 0xd5, 0xe7, 0xb4, 0xef, 0x5f, 0x83, 0x94, 0xff, 0xe5, 0x36, 0x79,
564 0x10, 0x0c, 0x38, 0xc5, 0x3a, 0x33, 0xa6, 0x7c, 0x3c, 0xcc, 0x98, 0xe0,
565 0xf5, 0xdb, 0xe6, 0x81};
566 static unsigned char p_data[] =
567 {0x00, 0xf6, 0x61, 0x38, 0x0e, 0x1f, 0x82, 0x7c, 0xb8, 0xba, 0x00, 0xd3,
568 0xac, 0xdc, 0x4e, 0x6b, 0x7e, 0xf7, 0x58, 0xf3, 0xd9, 0xd8, 0x21, 0xed,
569 0x54, 0xa3, 0x36, 0xd2, 0x2c, 0x5f, 0x06, 0x7d, 0xc5};
570 static unsigned char q_data[] =
571 {0x00, 0xce, 0xcc, 0x4a, 0xa5, 0x4f, 0xd6, 0x73, 0xd0, 0x20, 0xc3, 0x98,
572 0x64, 0x20, 0x9b, 0xc1, 0x23, 0xd8, 0x5c, 0x82, 0x4f, 0xe8, 0xa5, 0x32,
573 0xcd, 0x7e, 0x97, 0xb4, 0xde, 0xf6, 0x4c, 0x80, 0xdb};
574 static unsigned char dmp1_data[] =
575 {0x00, 0xd1, 0x07, 0xb6, 0x79, 0x34, 0xfe, 0x8e, 0x36, 0x63, 0x88, 0xa4,
576 0x0e, 0x3a, 0x73, 0x45, 0xfc, 0x58, 0x7a, 0x5d, 0x98, 0xeb, 0x28, 0x0d,
577 0xa5, 0x0b, 0x3c, 0x4d, 0xa0, 0x5b, 0x96, 0xb4, 0x49};
578 static unsigned char dmq1_data[] =
579 {0x5b, 0x47, 0x02, 0xdf, 0xaa, 0xb8, 0xae, 0x8f, 0xbc, 0x16, 0x79, 0x6a,
580 0x20, 0x96, 0x7f, 0x0e, 0x92, 0x4e, 0x6a, 0xda, 0x58, 0x86, 0xaa, 0x40,
581 0xd7, 0xd2, 0xa0, 0x6c, 0x15, 0x6c, 0xb9, 0x27};
582 static unsigned char iqmp_data[] =
583 {0x00, 0xa0, 0xd6, 0xf0, 0xe8, 0x17, 0x9e, 0xe7, 0xe6, 0x99, 0x12, 0xd6,
584 0xd9, 0x43, 0xcf, 0xed, 0x37, 0x29, 0xf5, 0x6c, 0x3e, 0xc1, 0x7f, 0x2e,
585 0x31, 0x3f, 0x64, 0x34, 0x66, 0x68, 0x5c, 0x22, 0x08};
586
587 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
588 || !TEST_ptr(n = BN_bin2bn(n_data, sizeof(n_data), NULL))
589 || !TEST_ptr(e = BN_bin2bn(e_data, sizeof(e_data), NULL))
590 || !TEST_ptr(d = BN_bin2bn(d_data, sizeof(d_data), NULL))
591 || !TEST_ptr(p = BN_bin2bn(p_data, sizeof(p_data), NULL))
592 || !TEST_ptr(q = BN_bin2bn(q_data, sizeof(q_data), NULL))
593 || !TEST_ptr(dmp1 = BN_bin2bn(dmp1_data, sizeof(dmp1_data), NULL))
594 || !TEST_ptr(dmq1 = BN_bin2bn(dmq1_data, sizeof(dmq1_data), NULL))
595 || !TEST_ptr(iqmp = BN_bin2bn(iqmp_data, sizeof(iqmp_data), NULL))
596 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_N, n))
597 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_E, e))
598 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_D, d))
599 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_FACTOR1,
600 p))
601 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_FACTOR2,
602 q))
603 || !TEST_true(OSSL_PARAM_BLD_push_int(bld,
604 OSSL_PKEY_PARAM_RSA_DERIVE_FROM_PQ, 1))
605 || !TEST_ptr(fromdata_params = OSSL_PARAM_BLD_to_param(bld)))
606 goto err;
607
608 cdata[0].pname = OSSL_PKEY_PARAM_RSA_EXPONENT1;
609 cdata[0].comparebn = dmp1;
610 cdata[1].pname = OSSL_PKEY_PARAM_RSA_EXPONENT2;
611 cdata[1].comparebn = dmq1;
612 cdata[2].pname = OSSL_PKEY_PARAM_RSA_COEFFICIENT1;
613 cdata[2].comparebn = iqmp;
614 cdata[3].pname = NULL;
615 cdata[3].comparebn = NULL;
616
617 ret = do_fromdata_rsa_derive(fromdata_params, cdata, 512, 56, 64);
618
619 err:
620 BN_free(n);
621 BN_free(e);
622 BN_free(d);
623 BN_free(p);
624 BN_free(q);
625 BN_free(dmp1);
626 BN_free(dmq1);
627 BN_free(iqmp);
628 OSSL_PARAM_BLD_free(bld);
629 return ret;
630 }
631
632 static int test_fromdata_rsa_derive_from_pq_multiprime(void)
633 {
634 OSSL_PARAM_BLD *bld = NULL;
635 BIGNUM *n = NULL, *e = NULL, *d = NULL;
636 BIGNUM *p = NULL, *q = NULL, *p2 = NULL;
637 BIGNUM *dmp1 = NULL, *dmq1 = NULL, *iqmp = NULL;
638 BIGNUM *exp3 = NULL, *coeff2 = NULL;
639 OSSL_PARAM *fromdata_params = NULL;
640 struct check_data cdata[12];
641 int ret = 0;
642 /*
643 * multiprime RSA key, extracted from this command,
644 * openssl genrsa -primes 3 | openssl rsa -text
645 * Note: When generating a key with EVP_PKEY_fromdata, and using
646 * crt derivation, openssl requires a minimum of 512 bits of n data,
647 * and 2048 bits in the FIPS case
648 */
649 static unsigned char n_data[] =
650 {0x00, 0x95, 0x78, 0x21, 0xe0, 0xca, 0x94, 0x6c, 0x0b, 0x86, 0x2a, 0x01,
651 0xde, 0xd9, 0xab, 0xee, 0x88, 0x4a, 0x27, 0x4f, 0xcc, 0x5f, 0xf1, 0x71,
652 0xe1, 0x0b, 0xc3, 0xd1, 0x88, 0x76, 0xf0, 0x83, 0x03, 0x93, 0x7e, 0x39,
653 0xfa, 0x47, 0x89, 0x34, 0x27, 0x18, 0x19, 0x97, 0xfc, 0xd4, 0xfe, 0xe5,
654 0x8a, 0xa9, 0x11, 0x83, 0xb5, 0x15, 0x4a, 0x29, 0xa6, 0xa6, 0xd0, 0x6e,
655 0x0c, 0x7f, 0x61, 0x8f, 0x7e, 0x7c, 0xfb, 0xfc, 0x04, 0x8b, 0xca, 0x44,
656 0xf8, 0x59, 0x0b, 0x22, 0x6f, 0x3f, 0x92, 0x23, 0x98, 0xb5, 0xc8, 0xf7,
657 0xff, 0xf7, 0xac, 0x6b, 0x36, 0xb3, 0xaf, 0x39, 0xde, 0x66, 0x38, 0x51,
658 0x9f, 0xbe, 0xe2, 0xfc, 0xe4, 0x6f, 0x1a, 0x0f, 0x7a, 0xde, 0x7f, 0x0f,
659 0x4e, 0xbc, 0xed, 0xa2, 0x99, 0xc5, 0xd1, 0xbf, 0x8f, 0xba, 0x92, 0x91,
660 0xe4, 0x00, 0x91, 0xbb, 0x67, 0x36, 0x7d, 0x00, 0x50, 0xda, 0x28, 0x38,
661 0xdc, 0x9f, 0xfe, 0x3f, 0x24, 0x5a, 0x0d, 0xe1, 0x8d, 0xe9, 0x45, 0x2c,
662 0xd7, 0xf2, 0x67, 0x8c, 0x0c, 0x6e, 0xdb, 0xc8, 0x8b, 0x6b, 0x38, 0x30,
663 0x21, 0x94, 0xc0, 0xe3, 0xd7, 0xe0, 0x23, 0xd3, 0xd4, 0xfa, 0xdb, 0xb9,
664 0xfe, 0x1a, 0xcc, 0xc9, 0x79, 0x19, 0x35, 0x18, 0x42, 0x30, 0xc4, 0xb5,
665 0x92, 0x33, 0x1e, 0xd4, 0xc4, 0xc0, 0x9d, 0x55, 0x37, 0xd4, 0xef, 0x54,
666 0x71, 0x81, 0x09, 0x15, 0xdb, 0x11, 0x38, 0x6b, 0x35, 0x93, 0x11, 0xdc,
667 0xb1, 0x6c, 0xd6, 0xa4, 0x37, 0x84, 0xf3, 0xb2, 0x2f, 0x1b, 0xd6, 0x05,
668 0x9f, 0x0e, 0x5c, 0x98, 0x29, 0x2f, 0x95, 0xb6, 0x55, 0xbd, 0x24, 0x44,
669 0xc5, 0xc8, 0xa2, 0x76, 0x1e, 0xf8, 0x82, 0x8a, 0xdf, 0x34, 0x72, 0x7e,
670 0xdd, 0x65, 0x4b, 0xfc, 0x6c, 0x1c, 0x96, 0x70, 0xe2, 0x69, 0xb5, 0x12,
671 0x1b, 0x59, 0x67, 0x14, 0x9d};
672 static unsigned char e_data[] = {0x01, 0x00, 0x01};
673 static unsigned char d_data[] =
674 {0x64, 0x57, 0x4d, 0x86, 0xf6, 0xf8, 0x44, 0xc0, 0x47, 0xc5, 0x13, 0x94,
675 0x63, 0x54, 0x84, 0xc1, 0x81, 0xe6, 0x7a, 0x2f, 0x9d, 0x89, 0x1d, 0x06,
676 0x13, 0x3b, 0xd6, 0x02, 0x62, 0xb6, 0x7b, 0x7d, 0x7f, 0x1a, 0x92, 0x19,
677 0x6e, 0xc4, 0xb0, 0xfa, 0x3d, 0xb7, 0x90, 0xcc, 0xee, 0xc0, 0x5f, 0xa0,
678 0x82, 0x77, 0x7b, 0x8f, 0xa9, 0x47, 0x2c, 0x46, 0xf0, 0x5d, 0xa4, 0x43,
679 0x47, 0x90, 0x5b, 0x20, 0x73, 0x0f, 0x46, 0xd4, 0x56, 0x73, 0xe7, 0x71,
680 0x41, 0x75, 0xb4, 0x1c, 0x32, 0xf5, 0x0c, 0x68, 0x8c, 0x40, 0xea, 0x1c,
681 0x30, 0x12, 0xa2, 0x65, 0x02, 0x27, 0x98, 0x4e, 0x0a, 0xbf, 0x2b, 0x72,
682 0xb2, 0x5c, 0xe3, 0xbe, 0x3e, 0xc7, 0xdb, 0x9b, 0xa2, 0x4a, 0x90, 0xc0,
683 0xa7, 0xb0, 0x00, 0xf1, 0x6a, 0xff, 0xa3, 0x77, 0xf7, 0x71, 0xa2, 0x41,
684 0xe9, 0x6e, 0x7c, 0x38, 0x24, 0x46, 0xd5, 0x5c, 0x49, 0x2a, 0xe6, 0xee,
685 0x27, 0x4b, 0x2e, 0x6f, 0x16, 0x54, 0x2d, 0x37, 0x36, 0x01, 0x39, 0x2b,
686 0x23, 0x4b, 0xb4, 0x65, 0x25, 0x4d, 0x7f, 0x72, 0x20, 0x7f, 0x5d, 0xec,
687 0x50, 0xba, 0xbb, 0xaa, 0x9c, 0x3c, 0x1d, 0xa1, 0x40, 0x2c, 0x6a, 0x8b,
688 0x5f, 0x2e, 0xe0, 0xa6, 0xf7, 0x9e, 0x03, 0xb5, 0x44, 0x5f, 0x74, 0xc7,
689 0x9f, 0x89, 0x2b, 0x71, 0x2f, 0x66, 0x9f, 0x03, 0x6c, 0x96, 0xd0, 0x23,
690 0x36, 0x4d, 0xa1, 0xf0, 0x82, 0xcc, 0x43, 0xe7, 0x08, 0x93, 0x40, 0x18,
691 0xc0, 0x39, 0x73, 0x83, 0xe2, 0xec, 0x9b, 0x81, 0x9d, 0x4c, 0x86, 0xaa,
692 0x59, 0xa8, 0x67, 0x1c, 0x80, 0xdc, 0x6f, 0x7f, 0x23, 0x6b, 0x7d, 0x2c,
693 0x56, 0x99, 0xa0, 0x89, 0x7e, 0xdb, 0x8b, 0x7a, 0xaa, 0x03, 0x8e, 0x8e,
694 0x8e, 0x3a, 0x58, 0xb4, 0x03, 0x6b, 0x65, 0xfa, 0x92, 0x0a, 0x96, 0x93,
695 0xa6, 0x07, 0x60, 0x01};
696 static unsigned char p_data[] =
697 {0x06, 0x55, 0x7f, 0xbd, 0xfd, 0xa8, 0x4c, 0x94, 0x5e, 0x10, 0x8a, 0x54,
698 0x37, 0xf3, 0x64, 0x37, 0x3a, 0xca, 0x18, 0x1b, 0xdd, 0x71, 0xa5, 0x94,
699 0xc9, 0x31, 0x59, 0xa5, 0x89, 0xe9, 0xc4, 0xba, 0x55, 0x90, 0x6d, 0x9c,
700 0xcc, 0x52, 0x5d, 0x44, 0xa8, 0xbc, 0x2b, 0x3b, 0x8c, 0xbd, 0x96, 0xfa,
701 0xcd, 0x54, 0x63, 0xe3, 0xc8, 0xfe, 0x5e, 0xc6, 0x73, 0x98, 0x14, 0x7a,
702 0x54, 0x0e, 0xe7, 0x75, 0x49, 0x93, 0x20, 0x33, 0x17, 0xa9, 0x34, 0xa8,
703 0xee, 0xaf, 0x3a, 0xcc, 0xf5, 0x69, 0xfc, 0x30, 0x1a, 0xdf, 0x49, 0x61,
704 0xa4, 0xd1};
705 static unsigned char p2_data[] =
706 {0x03, 0xe2, 0x41, 0x3d, 0xb1, 0xdd, 0xad, 0xd7, 0x3b, 0xf8, 0xab, 0x32,
707 0x27, 0x8b, 0xac, 0x95, 0xc0, 0x1a, 0x3f, 0x80, 0x8e, 0x21, 0xa9, 0xb8,
708 0xa2, 0xed, 0xcf, 0x97, 0x5c, 0x61, 0x10, 0x94, 0x1b, 0xd0, 0xbe, 0x88,
709 0xc2, 0xa7, 0x20, 0xe5, 0xa5, 0xc2, 0x7a, 0x7e, 0xf0, 0xd1, 0xe4, 0x13,
710 0x75, 0xb9, 0x62, 0x90, 0xf1, 0xc3, 0x5b, 0x8c, 0xe9, 0xa9, 0x5b, 0xb7,
711 0x6d, 0xdc, 0xcd, 0x12, 0xea, 0x97, 0x05, 0x04, 0x25, 0x2a, 0x93, 0xd1,
712 0x4e, 0x05, 0x1a, 0x50, 0xa2, 0x67, 0xb8, 0x4b, 0x09, 0x15, 0x65, 0x6c,
713 0x66, 0x2d};
714 static unsigned char q_data[] =
715 {0x06, 0x13, 0x74, 0x6e, 0xde, 0x7c, 0x33, 0xc2, 0xe7, 0x05, 0x2c, 0xeb,
716 0x25, 0x7d, 0x4a, 0x07, 0x7e, 0x03, 0xcf, 0x6a, 0x23, 0x36, 0x25, 0x23,
717 0xf6, 0x5d, 0xde, 0xa3, 0x0f, 0x82, 0xe6, 0x4b, 0xec, 0x39, 0xbf, 0x37,
718 0x1f, 0x4f, 0x56, 0x1e, 0xd8, 0x62, 0x32, 0x5c, 0xf5, 0x37, 0x75, 0x20,
719 0xe2, 0x7e, 0x56, 0x82, 0xc6, 0x35, 0xd3, 0x4d, 0xfa, 0x6c, 0xc3, 0x93,
720 0xf0, 0x60, 0x53, 0x78, 0x95, 0xee, 0xf9, 0x8b, 0x2c, 0xaf, 0xb1, 0x47,
721 0x5c, 0x29, 0x0d, 0x2a, 0x47, 0x7f, 0xd0, 0x7a, 0x4e, 0x26, 0x7b, 0x47,
722 0xfb, 0x61};
723 static unsigned char dmp1_data[] =
724 {0x01, 0x13, 0x3a, 0x1f, 0x91, 0x92, 0xa3, 0x8c, 0xfb, 0x7a, 0x6b, 0x40,
725 0x68, 0x4e, 0xd3, 0xcf, 0xdc, 0x16, 0xb9, 0x88, 0xe1, 0x49, 0x8d, 0x05,
726 0x78, 0x30, 0xfc, 0x3a, 0x70, 0xf2, 0x51, 0x06, 0x1f, 0xc7, 0xe8, 0x13,
727 0x19, 0x4b, 0x51, 0xb1, 0x79, 0xc2, 0x96, 0xc4, 0x00, 0xdb, 0x9d, 0x68,
728 0xec, 0xb9, 0x4a, 0x4b, 0x3b, 0xae, 0x91, 0x7f, 0xb5, 0xd7, 0x36, 0x82,
729 0x9d, 0x09, 0xfa, 0x97, 0x99, 0xe9, 0x73, 0x29, 0xb8, 0xf6, 0x6b, 0x8d,
730 0xd1, 0x15, 0xc5, 0x31, 0x4c, 0xe6, 0xb4, 0x7b, 0xa5, 0xd4, 0x08, 0xac,
731 0x9e, 0x41};
732 static unsigned char dmq1_data[] =
733 {0x05, 0xcd, 0x33, 0xc2, 0xdd, 0x3b, 0xb8, 0xec, 0xe4, 0x4c, 0x03, 0xcc,
734 0xef, 0xba, 0x07, 0x22, 0xca, 0x47, 0x77, 0x18, 0x40, 0x50, 0xe5, 0xfb,
735 0xc5, 0xb5, 0x71, 0xed, 0x3e, 0xd5, 0x5d, 0x72, 0xa7, 0x37, 0xa8, 0x86,
736 0x48, 0xa6, 0x27, 0x74, 0x42, 0x66, 0xd8, 0xf1, 0xfb, 0xcf, 0x1d, 0x4e,
737 0xee, 0x15, 0x76, 0x23, 0x5e, 0x81, 0x6c, 0xa7, 0x2b, 0x74, 0x08, 0xf7,
738 0x4c, 0x71, 0x9d, 0xa2, 0x29, 0x7f, 0xca, 0xd5, 0x02, 0x31, 0x2c, 0x54,
739 0x18, 0x02, 0xb6, 0xa8, 0x65, 0x26, 0xfc, 0xf8, 0x9b, 0x80, 0x90, 0xfc,
740 0x75, 0x61};
741 static unsigned char iqmp_data[] =
742 {0x05, 0x78, 0xf8, 0xdd, 0x1c, 0x6f, 0x3d, 0xaf, 0x53, 0x84, 0x32, 0xa9,
743 0x35, 0x52, 0xf3, 0xd0, 0x4d, 0xf8, 0x09, 0x85, 0x3d, 0x72, 0x20, 0x8b,
744 0x47, 0xba, 0xc8, 0xce, 0xac, 0xd9, 0x76, 0x90, 0x05, 0x88, 0x63, 0x8a,
745 0x10, 0x2b, 0xcd, 0xd3, 0xbe, 0x8c, 0x16, 0x60, 0x6a, 0xfd, 0xce, 0xc7,
746 0x9f, 0xfa, 0xbb, 0xe3, 0xa6, 0xde, 0xc2, 0x8f, 0x1d, 0x25, 0xdc, 0x41,
747 0xcb, 0xa4, 0xeb, 0x76, 0xc9, 0xdc, 0x8e, 0x49, 0x0e, 0xe4, 0x7c, 0xd2,
748 0xd5, 0x6e, 0x26, 0x3c, 0x0b, 0xd3, 0xc5, 0x20, 0x4e, 0x4b, 0xb6, 0xf7,
749 0xae, 0xef};
750 static unsigned char exp3_data[] =
751 {0x02, 0x7d, 0x16, 0x24, 0xfc, 0x35, 0xf9, 0xd0, 0xb3, 0x02, 0xf2, 0x5f,
752 0xde, 0xeb, 0x27, 0x19, 0x85, 0xd0, 0xcb, 0xe4, 0x0a, 0x2f, 0x13, 0xdb,
753 0xd5, 0xba, 0xe0, 0x8c, 0x32, 0x8b, 0x97, 0xdd, 0xef, 0xbc, 0xe0, 0x7a,
754 0x2d, 0x90, 0x7e, 0x09, 0xe9, 0x1f, 0x26, 0xf2, 0xf4, 0x48, 0xea, 0x06,
755 0x76, 0x26, 0xe6, 0x3b, 0xce, 0x4e, 0xc9, 0xf9, 0x0f, 0x38, 0x90, 0x26,
756 0x87, 0x65, 0x36, 0x9a, 0xea, 0x6a, 0xfe, 0xb1, 0xdb, 0x46, 0xdf, 0x14,
757 0xfd, 0x13, 0x53, 0xfb, 0x5b, 0x35, 0x6e, 0xe7, 0xd5, 0xd8, 0x39, 0xf7,
758 0x2d, 0xb9};
759 static unsigned char coeff2_data[] =
760 {0x01, 0xba, 0x66, 0x0a, 0xa2, 0x86, 0xc0, 0x57, 0x7f, 0x4e, 0x68, 0xb1,
761 0x86, 0x63, 0x23, 0x5b, 0x0e, 0xeb, 0x93, 0x42, 0xd1, 0xaa, 0x15, 0x13,
762 0xcc, 0x29, 0x71, 0x8a, 0xb0, 0xe0, 0xc9, 0x67, 0xde, 0x1a, 0x7c, 0x1a,
763 0xef, 0xa7, 0x08, 0x85, 0xb3, 0xae, 0x98, 0x99, 0xde, 0xaf, 0x09, 0x38,
764 0xfc, 0x46, 0x29, 0x5f, 0x4f, 0x7e, 0x01, 0x6c, 0x50, 0x13, 0x95, 0x91,
765 0x4c, 0x0f, 0x00, 0xba, 0xca, 0x40, 0xa3, 0xd0, 0x58, 0xb6, 0x62, 0x4c,
766 0xd1, 0xb6, 0xd3, 0x29, 0x5d, 0x82, 0xb3, 0x3d, 0x61, 0xbe, 0x5d, 0xf0,
767 0x4b, 0xf4};
768
769 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
770 || !TEST_ptr(n = BN_bin2bn(n_data, sizeof(n_data), NULL))
771 || !TEST_ptr(e = BN_bin2bn(e_data, sizeof(e_data), NULL))
772 || !TEST_ptr(d = BN_bin2bn(d_data, sizeof(d_data), NULL))
773 || !TEST_ptr(p = BN_bin2bn(p_data, sizeof(p_data), NULL))
774 || !TEST_ptr(q = BN_bin2bn(q_data, sizeof(q_data), NULL))
775 || !TEST_ptr(p2 = BN_bin2bn(p2_data, sizeof(p2_data), NULL))
776 || !TEST_ptr(exp3 = BN_bin2bn(exp3_data, sizeof(exp3_data), NULL))
777 || !TEST_ptr(coeff2 = BN_bin2bn(coeff2_data, sizeof(coeff2_data), NULL))
778 || !TEST_ptr(dmp1 = BN_bin2bn(dmp1_data, sizeof(dmp1_data), NULL))
779 || !TEST_ptr(dmq1 = BN_bin2bn(dmq1_data, sizeof(dmq1_data), NULL))
780 || !TEST_ptr(iqmp = BN_bin2bn(iqmp_data, sizeof(iqmp_data), NULL))
781 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_N, n))
782 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_E, e))
783 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_D, d))
784 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_FACTOR1,
785 p))
786 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_FACTOR2,
787 q))
788 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_FACTOR3,
789 p2))
790 || !TEST_true(OSSL_PARAM_BLD_push_int(bld,
791 OSSL_PKEY_PARAM_RSA_DERIVE_FROM_PQ, 1))
792 || !TEST_ptr(fromdata_params = OSSL_PARAM_BLD_to_param(bld)))
793 goto err;
794
795 cdata[0].pname = OSSL_PKEY_PARAM_RSA_EXPONENT1;
796 cdata[0].comparebn = dmp1;
797 cdata[1].pname = OSSL_PKEY_PARAM_RSA_EXPONENT2;
798 cdata[1].comparebn = dmq1;
799 cdata[2].pname = OSSL_PKEY_PARAM_RSA_COEFFICIENT1;
800 cdata[2].comparebn = iqmp;
801 cdata[3].pname = OSSL_PKEY_PARAM_RSA_EXPONENT3;
802 cdata[3].comparebn = exp3;
803 cdata[4].pname = OSSL_PKEY_PARAM_RSA_COEFFICIENT2;
804 cdata[4].comparebn = coeff2;
805 cdata[5].pname = OSSL_PKEY_PARAM_RSA_N;
806 cdata[5].comparebn = n;
807 cdata[6].pname = OSSL_PKEY_PARAM_RSA_E;
808 cdata[6].comparebn = e;
809 cdata[7].pname = OSSL_PKEY_PARAM_RSA_D;
810 cdata[7].comparebn = d;
811 cdata[8].pname = OSSL_PKEY_PARAM_RSA_FACTOR1;
812 cdata[8].comparebn = p;
813 cdata[9].pname = OSSL_PKEY_PARAM_RSA_FACTOR2;
814 cdata[9].comparebn = q;
815 cdata[10].pname = OSSL_PKEY_PARAM_RSA_FACTOR3;
816 cdata[10].comparebn = p2;
817 cdata[11].pname = NULL;
818 cdata[11].comparebn = NULL;
819
820 ret = do_fromdata_rsa_derive(fromdata_params, cdata, 2048, 112, 256);
821
822 err:
823 BN_free(n);
824 BN_free(e);
825 BN_free(d);
826 BN_free(p);
827 BN_free(p2);
828 BN_free(q);
829 BN_free(dmp1);
830 BN_free(dmq1);
831 BN_free(iqmp);
832 BN_free(exp3);
833 BN_free(coeff2);
834 OSSL_PARAM_BLD_free(bld);
835 return ret;
836 }
837
838 static int test_evp_pkey_get_bn_param_large(void)
839 {
840 int ret = 0;
841 EVP_PKEY_CTX *ctx = NULL, *key_ctx = NULL;
842 EVP_PKEY *pk = NULL;
843 OSSL_PARAM_BLD *bld = NULL;
844 OSSL_PARAM *fromdata_params = NULL;
845 BIGNUM *n = NULL, *e = NULL, *d = NULL, *n_out = NULL;
846 /*
847 * The buffer size chosen here for n_data larger than the buffer used
848 * internally in EVP_PKEY_get_bn_param.
849 */
850 static unsigned char n_data[2050];
851 static const unsigned char e_data[] = {
852 0x1, 0x00, 0x01
853 };
854 static const unsigned char d_data[] = {
855 0x99, 0x33, 0x13, 0x7b
856 };
857
858 /* N is a large buffer */
859 memset(n_data, 0xCE, sizeof(n_data));
860
861 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
862 || !TEST_ptr(n = BN_bin2bn(n_data, sizeof(n_data), NULL))
863 || !TEST_ptr(e = BN_bin2bn(e_data, sizeof(e_data), NULL))
864 || !TEST_ptr(d = BN_bin2bn(d_data, sizeof(d_data), NULL))
865 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_N, n))
866 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_E, e))
867 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_D, d))
868 || !TEST_ptr(fromdata_params = OSSL_PARAM_BLD_to_param(bld))
869 || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(NULL, "RSA", NULL))
870 || !TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1)
871 || !TEST_int_eq(EVP_PKEY_fromdata(ctx, &pk, EVP_PKEY_KEYPAIR,
872 fromdata_params), 1)
873 || !TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(NULL, pk, ""))
874 || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_RSA_N, &n_out))
875 || !TEST_BN_eq(n, n_out))
876 goto err;
877 ret = 1;
878 err:
879 BN_free(n_out);
880 BN_free(n);
881 BN_free(e);
882 BN_free(d);
883 EVP_PKEY_free(pk);
884 EVP_PKEY_CTX_free(key_ctx);
885 EVP_PKEY_CTX_free(ctx);
886 OSSL_PARAM_free(fromdata_params);
887 OSSL_PARAM_BLD_free(bld);
888 return ret;
889 }
890
891
892 #ifndef OPENSSL_NO_DH
893 static int test_fromdata_dh_named_group(void)
894 {
895 int ret = 0;
896 int gindex = 0, pcounter = 0, hindex = 0;
897 EVP_PKEY_CTX *ctx = NULL, *key_ctx = NULL;
898 EVP_PKEY *pk = NULL, *copy_pk = NULL, *dup_pk = NULL;
899 size_t len;
900 BIGNUM *pub = NULL, *priv = NULL;
901 BIGNUM *pub_out = NULL, *priv_out = NULL;
902 BIGNUM *p = NULL, *q = NULL, *g = NULL, *j = NULL;
903 OSSL_PARAM *fromdata_params = NULL;
904 OSSL_PARAM_BLD *bld = NULL;
905 char name_out[80];
906 unsigned char seed_out[32];
907
908 /*
909 * DH key data was generated using the following:
910 * openssl genpkey -algorithm DH -pkeyopt group:ffdhe2048
911 * -pkeyopt priv_len:224 -text
912 */
913 static const unsigned char priv_data[] = {
914 0x88, 0x85, 0xe7, 0x9f, 0xee, 0x6d, 0xc5, 0x7c, 0x78, 0xaf, 0x63, 0x5d,
915 0x38, 0x2a, 0xd0, 0xed, 0x56, 0x4b, 0x47, 0x21, 0x2b, 0xfa, 0x55, 0xfa,
916 0x87, 0xe8, 0xa9, 0x7b,
917 };
918 static const unsigned char pub_data[] = {
919 0x00, 0xd6, 0x2d, 0x77, 0xe0, 0xd3, 0x7d, 0xf8, 0xeb, 0x98, 0x50, 0xa1,
920 0x82, 0x22, 0x65, 0xd5, 0xd9, 0xfe, 0xc9, 0x3f, 0xbe, 0x16, 0x83, 0xbd,
921 0x33, 0xe9, 0xc6, 0x93, 0xcf, 0x08, 0xaf, 0x83, 0xfa, 0x80, 0x8a, 0x6c,
922 0x64, 0xdf, 0x70, 0x64, 0xd5, 0x0a, 0x7c, 0x5a, 0x72, 0xda, 0x66, 0xe6,
923 0xf9, 0xf5, 0x31, 0x21, 0x92, 0xb0, 0x60, 0x1a, 0xb5, 0xd3, 0xf0, 0xa5,
924 0xfa, 0x48, 0x95, 0x2e, 0x38, 0xd9, 0xc5, 0xe6, 0xda, 0xfb, 0x6c, 0x03,
925 0x9d, 0x4b, 0x69, 0xb7, 0x95, 0xe4, 0x5c, 0xc0, 0x93, 0x4f, 0x48, 0xd9,
926 0x7e, 0x06, 0x22, 0xb2, 0xde, 0xf3, 0x79, 0x24, 0xed, 0xe1, 0xd1, 0x4a,
927 0x57, 0xf1, 0x40, 0x86, 0x70, 0x42, 0x25, 0xc5, 0x27, 0x68, 0xc9, 0xfa,
928 0xe5, 0x8e, 0x62, 0x7e, 0xff, 0x49, 0x6c, 0x5b, 0xb5, 0xba, 0xf9, 0xef,
929 0x9a, 0x1a, 0x10, 0xd4, 0x81, 0x53, 0xcf, 0x83, 0x04, 0x18, 0x1c, 0xe1,
930 0xdb, 0xe1, 0x65, 0xa9, 0x7f, 0xe1, 0x33, 0xeb, 0xc3, 0x4f, 0xe3, 0xb7,
931 0x22, 0xf7, 0x1c, 0x09, 0x4f, 0xed, 0xc6, 0x07, 0x8e, 0x78, 0x05, 0x8f,
932 0x7c, 0x96, 0xd9, 0x12, 0xe0, 0x81, 0x74, 0x1a, 0xe9, 0x13, 0xc0, 0x20,
933 0x82, 0x65, 0xbb, 0x42, 0x3b, 0xed, 0x08, 0x6a, 0x84, 0x4f, 0xea, 0x77,
934 0x14, 0x32, 0xf9, 0xed, 0xc2, 0x12, 0xd6, 0xc5, 0xc6, 0xb3, 0xe5, 0xf2,
935 0x6e, 0xf6, 0x16, 0x7f, 0x37, 0xde, 0xbc, 0x09, 0xc7, 0x06, 0x6b, 0x12,
936 0xbc, 0xad, 0x2d, 0x49, 0x25, 0xd5, 0xdc, 0xf4, 0x18, 0x14, 0xd2, 0xf0,
937 0xf1, 0x1d, 0x1f, 0x3a, 0xaa, 0x15, 0x55, 0xbb, 0x0d, 0x7f, 0xbe, 0x67,
938 0xa1, 0xa7, 0xf0, 0xaa, 0xb3, 0xfb, 0x41, 0x82, 0x39, 0x49, 0x93, 0xbc,
939 0xa8, 0xee, 0x72, 0x13, 0x45, 0x65, 0x15, 0x42, 0x17, 0xaa, 0xd8, 0xab,
940 0xcf, 0x33, 0x42, 0x83, 0x42
941 };
942 static const char group_name[] = "ffdhe2048";
943 static const long priv_len = 224;
944
945 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
946 || !TEST_ptr(pub = BN_bin2bn(pub_data, sizeof(pub_data), NULL))
947 || !TEST_ptr(priv = BN_bin2bn(priv_data, sizeof(priv_data), NULL))
948 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
949 OSSL_PKEY_PARAM_GROUP_NAME,
950 group_name, 0))
951 || !TEST_true(OSSL_PARAM_BLD_push_long(bld, OSSL_PKEY_PARAM_DH_PRIV_LEN,
952 priv_len))
953 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY, pub))
954 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY, priv))
955 || !TEST_ptr(fromdata_params = OSSL_PARAM_BLD_to_param(bld)))
956 goto err;
957
958 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(NULL, "DH", NULL)))
959 goto err;
960
961 if (!TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1)
962 || !TEST_int_eq(EVP_PKEY_fromdata(ctx, &pk, EVP_PKEY_KEYPAIR,
963 fromdata_params), 1))
964 goto err;
965
966 /*
967 * A few extra checks of EVP_PKEY_get_utf8_string_param() to see that
968 * it behaves as expected with regards to string length and terminating
969 * NUL byte.
970 */
971 if (!TEST_true(EVP_PKEY_get_utf8_string_param(pk,
972 OSSL_PKEY_PARAM_GROUP_NAME,
973 NULL, sizeof(name_out),
974 &len))
975 || !TEST_size_t_eq(len, sizeof(group_name) - 1)
976 /* Just enough space to hold the group name and a terminating NUL */
977 || !TEST_true(EVP_PKEY_get_utf8_string_param(pk,
978 OSSL_PKEY_PARAM_GROUP_NAME,
979 name_out,
980 sizeof(group_name),
981 &len))
982 || !TEST_size_t_eq(len, sizeof(group_name) - 1)
983 /* Too small buffer to hold the terminating NUL byte */
984 || !TEST_false(EVP_PKEY_get_utf8_string_param(pk,
985 OSSL_PKEY_PARAM_GROUP_NAME,
986 name_out,
987 sizeof(group_name) - 1,
988 &len))
989 /* Too small buffer to hold the whole group name, even! */
990 || !TEST_false(EVP_PKEY_get_utf8_string_param(pk,
991 OSSL_PKEY_PARAM_GROUP_NAME,
992 name_out,
993 sizeof(group_name) - 2,
994 &len)))
995 goto err;
996
997 while (dup_pk == NULL) {
998 ret = 0;
999 if (!TEST_int_eq(EVP_PKEY_get_bits(pk), 2048)
1000 || !TEST_int_eq(EVP_PKEY_get_security_bits(pk), 112)
1001 || !TEST_int_eq(EVP_PKEY_get_size(pk), 256)
1002 || !TEST_false(EVP_PKEY_missing_parameters(pk)))
1003 goto err;
1004
1005 if (!TEST_true(EVP_PKEY_get_utf8_string_param(pk,
1006 OSSL_PKEY_PARAM_GROUP_NAME,
1007 name_out,
1008 sizeof(name_out),
1009 &len))
1010 || !TEST_str_eq(name_out, group_name)
1011 || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_PUB_KEY,
1012 &pub_out))
1013
1014 || !TEST_BN_eq(pub, pub_out)
1015 || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_PRIV_KEY,
1016 &priv_out))
1017 || !TEST_BN_eq(priv, priv_out)
1018 || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_FFC_P, &p))
1019 || !TEST_BN_eq(&ossl_bignum_ffdhe2048_p, p)
1020 || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_FFC_Q, &q))
1021 || !TEST_ptr(q)
1022 || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_FFC_G, &g))
1023 || !TEST_BN_eq(&ossl_bignum_const_2, g)
1024 || !TEST_false(EVP_PKEY_get_bn_param(pk,
1025 OSSL_PKEY_PARAM_FFC_COFACTOR,
1026 &j))
1027 || !TEST_ptr_null(j)
1028 || !TEST_false(EVP_PKEY_get_octet_string_param(pk,
1029 OSSL_PKEY_PARAM_FFC_SEED,
1030 seed_out,
1031 sizeof(seed_out),
1032 &len))
1033 || !TEST_true(EVP_PKEY_get_int_param(pk, OSSL_PKEY_PARAM_FFC_GINDEX,
1034 &gindex))
1035 || !TEST_int_eq(gindex, -1)
1036 || !TEST_true(EVP_PKEY_get_int_param(pk, OSSL_PKEY_PARAM_FFC_H,
1037 &hindex))
1038 || !TEST_int_eq(hindex, 0)
1039 || !TEST_true(EVP_PKEY_get_int_param(pk,
1040 OSSL_PKEY_PARAM_FFC_PCOUNTER,
1041 &pcounter))
1042 || !TEST_int_eq(pcounter, -1))
1043 goto err;
1044 BN_free(p);
1045 p = NULL;
1046 BN_free(q);
1047 q = NULL;
1048 BN_free(g);
1049 g = NULL;
1050 BN_free(j);
1051 j = NULL;
1052 BN_free(pub_out);
1053 pub_out = NULL;
1054 BN_free(priv_out);
1055 priv_out = NULL;
1056
1057 if (!TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(NULL, pk, "")))
1058 goto err;
1059
1060 if (!TEST_int_gt(EVP_PKEY_check(key_ctx), 0)
1061 || !TEST_int_gt(EVP_PKEY_public_check(key_ctx), 0)
1062 || !TEST_int_gt(EVP_PKEY_private_check(key_ctx), 0)
1063 || !TEST_int_gt(EVP_PKEY_pairwise_check(key_ctx), 0))
1064 goto err;
1065 EVP_PKEY_CTX_free(key_ctx);
1066 key_ctx = NULL;
1067
1068 if (!TEST_ptr(copy_pk = EVP_PKEY_new())
1069 || !TEST_true(EVP_PKEY_copy_parameters(copy_pk, pk)))
1070 goto err;
1071 EVP_PKEY_free(copy_pk);
1072 copy_pk = NULL;
1073
1074 ret = test_print_key_using_pem("DH", pk)
1075 && test_print_key_using_encoder("DH", pk);
1076
1077 if (!ret || !TEST_ptr(dup_pk = EVP_PKEY_dup(pk)))
1078 goto err;
1079 ret = ret && TEST_int_eq(EVP_PKEY_eq(pk, dup_pk), 1);
1080 EVP_PKEY_free(pk);
1081 pk = dup_pk;
1082 if (!ret)
1083 goto err;
1084 }
1085 err:
1086 BN_free(p);
1087 BN_free(q);
1088 BN_free(g);
1089 BN_free(j);
1090 BN_free(pub);
1091 BN_free(priv);
1092 BN_free(pub_out);
1093 BN_free(priv_out);
1094 EVP_PKEY_free(copy_pk);
1095 EVP_PKEY_free(pk);
1096 EVP_PKEY_CTX_free(ctx);
1097 EVP_PKEY_CTX_free(key_ctx);
1098 OSSL_PARAM_free(fromdata_params);
1099 OSSL_PARAM_BLD_free(bld);
1100
1101 return ret;
1102 }
1103
1104 static int test_fromdata_dh_fips186_4(void)
1105 {
1106 int ret = 0;
1107 int gindex = 0, pcounter = 0, hindex = 0;
1108 EVP_PKEY_CTX *ctx = NULL, *key_ctx = NULL;
1109 EVP_PKEY *pk = NULL, *dup_pk = NULL;
1110 size_t len;
1111 BIGNUM *pub = NULL, *priv = NULL;
1112 BIGNUM *pub_out = NULL, *priv_out = NULL;
1113 BIGNUM *p = NULL, *q = NULL, *g = NULL, *j = NULL;
1114 OSSL_PARAM_BLD *bld = NULL;
1115 OSSL_PARAM *fromdata_params = NULL;
1116 char name_out[80];
1117 unsigned char seed_out[32];
1118
1119 /*
1120 * DH key data was generated using the following:
1121 * openssl genpkey -algorithm DH
1122 * -pkeyopt group:ffdhe2048 -pkeyopt priv_len:224 -text
1123 */
1124 static const unsigned char priv_data[] = {
1125 0x88, 0x85, 0xe7, 0x9f, 0xee, 0x6d, 0xc5, 0x7c, 0x78, 0xaf, 0x63, 0x5d,
1126 0x38, 0x2a, 0xd0, 0xed, 0x56, 0x4b, 0x47, 0x21, 0x2b, 0xfa, 0x55, 0xfa,
1127 0x87, 0xe8, 0xa9, 0x7b,
1128 };
1129 static const unsigned char pub_data[] = {
1130 0xd6, 0x2d, 0x77, 0xe0, 0xd3, 0x7d, 0xf8, 0xeb, 0x98, 0x50, 0xa1, 0x82,
1131 0x22, 0x65, 0xd5, 0xd9, 0xfe, 0xc9, 0x3f, 0xbe, 0x16, 0x83, 0xbd, 0x33,
1132 0xe9, 0xc6, 0x93, 0xcf, 0x08, 0xaf, 0x83, 0xfa, 0x80, 0x8a, 0x6c, 0x64,
1133 0xdf, 0x70, 0x64, 0xd5, 0x0a, 0x7c, 0x5a, 0x72, 0xda, 0x66, 0xe6, 0xf9,
1134 0xf5, 0x31, 0x21, 0x92, 0xb0, 0x60, 0x1a, 0xb5, 0xd3, 0xf0, 0xa5, 0xfa,
1135 0x48, 0x95, 0x2e, 0x38, 0xd9, 0xc5, 0xe6, 0xda, 0xfb, 0x6c, 0x03, 0x9d,
1136 0x4b, 0x69, 0xb7, 0x95, 0xe4, 0x5c, 0xc0, 0x93, 0x4f, 0x48, 0xd9, 0x7e,
1137 0x06, 0x22, 0xb2, 0xde, 0xf3, 0x79, 0x24, 0xed, 0xe1, 0xd1, 0x4a, 0x57,
1138 0xf1, 0x40, 0x86, 0x70, 0x42, 0x25, 0xc5, 0x27, 0x68, 0xc9, 0xfa, 0xe5,
1139 0x8e, 0x62, 0x7e, 0xff, 0x49, 0x6c, 0x5b, 0xb5, 0xba, 0xf9, 0xef, 0x9a,
1140 0x1a, 0x10, 0xd4, 0x81, 0x53, 0xcf, 0x83, 0x04, 0x18, 0x1c, 0xe1, 0xdb,
1141 0xe1, 0x65, 0xa9, 0x7f, 0xe1, 0x33, 0xeb, 0xc3, 0x4f, 0xe3, 0xb7, 0x22,
1142 0xf7, 0x1c, 0x09, 0x4f, 0xed, 0xc6, 0x07, 0x8e, 0x78, 0x05, 0x8f, 0x7c,
1143 0x96, 0xd9, 0x12, 0xe0, 0x81, 0x74, 0x1a, 0xe9, 0x13, 0xc0, 0x20, 0x82,
1144 0x65, 0xbb, 0x42, 0x3b, 0xed, 0x08, 0x6a, 0x84, 0x4f, 0xea, 0x77, 0x14,
1145 0x32, 0xf9, 0xed, 0xc2, 0x12, 0xd6, 0xc5, 0xc6, 0xb3, 0xe5, 0xf2, 0x6e,
1146 0xf6, 0x16, 0x7f, 0x37, 0xde, 0xbc, 0x09, 0xc7, 0x06, 0x6b, 0x12, 0xbc,
1147 0xad, 0x2d, 0x49, 0x25, 0xd5, 0xdc, 0xf4, 0x18, 0x14, 0xd2, 0xf0, 0xf1,
1148 0x1d, 0x1f, 0x3a, 0xaa, 0x15, 0x55, 0xbb, 0x0d, 0x7f, 0xbe, 0x67, 0xa1,
1149 0xa7, 0xf0, 0xaa, 0xb3, 0xfb, 0x41, 0x82, 0x39, 0x49, 0x93, 0xbc, 0xa8,
1150 0xee, 0x72, 0x13, 0x45, 0x65, 0x15, 0x42, 0x17, 0xaa, 0xd8, 0xab, 0xcf,
1151 0x33, 0x42, 0x83, 0x42
1152 };
1153 static const char group_name[] = "ffdhe2048";
1154 static const long priv_len = 224;
1155
1156
1157 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
1158 || !TEST_ptr(pub = BN_bin2bn(pub_data, sizeof(pub_data), NULL))
1159 || !TEST_ptr(priv = BN_bin2bn(priv_data, sizeof(priv_data), NULL))
1160 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
1161 OSSL_PKEY_PARAM_GROUP_NAME,
1162 group_name, 0))
1163 || !TEST_true(OSSL_PARAM_BLD_push_long(bld, OSSL_PKEY_PARAM_DH_PRIV_LEN,
1164 priv_len))
1165 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY, pub))
1166 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY, priv))
1167 || !TEST_ptr(fromdata_params = OSSL_PARAM_BLD_to_param(bld)))
1168 goto err;
1169
1170 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(NULL, "DH", NULL)))
1171 goto err;
1172
1173 if (!TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1)
1174 || !TEST_int_eq(EVP_PKEY_fromdata(ctx, &pk, EVP_PKEY_KEYPAIR,
1175 fromdata_params), 1))
1176 goto err;
1177
1178 while (dup_pk == NULL) {
1179 ret = 0;
1180 if (!TEST_int_eq(EVP_PKEY_get_bits(pk), 2048)
1181 || !TEST_int_eq(EVP_PKEY_get_security_bits(pk), 112)
1182 || !TEST_int_eq(EVP_PKEY_get_size(pk), 256)
1183 || !TEST_false(EVP_PKEY_missing_parameters(pk)))
1184 goto err;
1185
1186 if (!TEST_true(EVP_PKEY_get_utf8_string_param(pk,
1187 OSSL_PKEY_PARAM_GROUP_NAME,
1188 name_out,
1189 sizeof(name_out),
1190 &len))
1191 || !TEST_str_eq(name_out, group_name)
1192 || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_PUB_KEY,
1193 &pub_out))
1194 || !TEST_BN_eq(pub, pub_out)
1195 || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_PRIV_KEY,
1196 &priv_out))
1197 || !TEST_BN_eq(priv, priv_out)
1198 || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_FFC_P, &p))
1199 || !TEST_BN_eq(&ossl_bignum_ffdhe2048_p, p)
1200 || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_FFC_Q, &q))
1201 || !TEST_ptr(q)
1202 || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_FFC_G, &g))
1203 || !TEST_BN_eq(&ossl_bignum_const_2, g)
1204 || !TEST_false(EVP_PKEY_get_bn_param(pk,
1205 OSSL_PKEY_PARAM_FFC_COFACTOR,
1206 &j))
1207 || !TEST_ptr_null(j)
1208 || !TEST_false(EVP_PKEY_get_octet_string_param(pk,
1209 OSSL_PKEY_PARAM_FFC_SEED,
1210 seed_out,
1211 sizeof(seed_out),
1212 &len))
1213 || !TEST_true(EVP_PKEY_get_int_param(pk,
1214 OSSL_PKEY_PARAM_FFC_GINDEX,
1215 &gindex))
1216 || !TEST_int_eq(gindex, -1)
1217 || !TEST_true(EVP_PKEY_get_int_param(pk, OSSL_PKEY_PARAM_FFC_H,
1218 &hindex))
1219 || !TEST_int_eq(hindex, 0)
1220 || !TEST_true(EVP_PKEY_get_int_param(pk,
1221 OSSL_PKEY_PARAM_FFC_PCOUNTER,
1222 &pcounter))
1223 || !TEST_int_eq(pcounter, -1))
1224 goto err;
1225 BN_free(p);
1226 p = NULL;
1227 BN_free(q);
1228 q = NULL;
1229 BN_free(g);
1230 g = NULL;
1231 BN_free(j);
1232 j = NULL;
1233 BN_free(pub_out);
1234 pub_out = NULL;
1235 BN_free(priv_out);
1236 priv_out = NULL;
1237
1238 if (!TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(NULL, pk, "")))
1239 goto err;
1240
1241 if (!TEST_int_gt(EVP_PKEY_check(key_ctx), 0)
1242 || !TEST_int_gt(EVP_PKEY_public_check(key_ctx), 0)
1243 || !TEST_int_gt(EVP_PKEY_private_check(key_ctx), 0)
1244 || !TEST_int_gt(EVP_PKEY_pairwise_check(key_ctx), 0))
1245 goto err;
1246 EVP_PKEY_CTX_free(key_ctx);
1247 key_ctx = NULL;
1248
1249 ret = test_print_key_using_pem("DH", pk)
1250 && test_print_key_using_encoder("DH", pk);
1251
1252 if (!ret || !TEST_ptr(dup_pk = EVP_PKEY_dup(pk)))
1253 goto err;
1254 ret = ret && TEST_int_eq(EVP_PKEY_eq(pk, dup_pk), 1);
1255 EVP_PKEY_free(pk);
1256 pk = dup_pk;
1257 if (!ret)
1258 goto err;
1259 }
1260 err:
1261 BN_free(p);
1262 BN_free(q);
1263 BN_free(g);
1264 BN_free(j);
1265 BN_free(pub);
1266 BN_free(priv);
1267 BN_free(pub_out);
1268 BN_free(priv_out);
1269 EVP_PKEY_free(pk);
1270 EVP_PKEY_CTX_free(ctx);
1271 EVP_PKEY_CTX_free(key_ctx);
1272 OSSL_PARAM_free(fromdata_params);
1273 OSSL_PARAM_BLD_free(bld);
1274
1275 return ret;
1276 }
1277
1278 #endif
1279
1280
1281
1282 #ifndef OPENSSL_NO_EC
1283 # ifndef OPENSSL_NO_ECX
1284 /* Array indexes used in test_fromdata_ecx */
1285 # define PRIV_KEY 0
1286 # define PUB_KEY 1
1287
1288 # define X25519_IDX 0
1289 # define X448_IDX 1
1290 # define ED25519_IDX 2
1291 # define ED448_IDX 3
1292
1293 /*
1294 * tst uses indexes 0 ... (3 * 4 - 1)
1295 * For the 4 ECX key types (X25519_IDX..ED448_IDX)
1296 * 0..3 = public + private key.
1297 * 4..7 = private key (This will generate the public key from the private key)
1298 * 8..11 = public key
1299 */
1300 static int test_fromdata_ecx(int tst)
1301 {
1302 int ret = 0;
1303 EVP_PKEY_CTX *ctx = NULL, *ctx2 = NULL;
1304 EVP_PKEY *pk = NULL, *copy_pk = NULL, *dup_pk = NULL;
1305 const char *alg = NULL;
1306 size_t len;
1307 unsigned char out_pub[ED448_KEYLEN];
1308 unsigned char out_priv[ED448_KEYLEN];
1309 OSSL_PARAM params[3] = { OSSL_PARAM_END, OSSL_PARAM_END, OSSL_PARAM_END };
1310
1311 /* ED448_KEYLEN > X448_KEYLEN > X25519_KEYLEN == ED25519_KEYLEN */
1312 static unsigned char key_numbers[4][2][ED448_KEYLEN] = {
1313 /* X25519: Keys from RFC 7748 6.1 */
1314 {
1315 /* Private Key */
1316 {
1317 0x77, 0x07, 0x6d, 0x0a, 0x73, 0x18, 0xa5, 0x7d, 0x3c, 0x16,
1318 0xc1, 0x72, 0x51, 0xb2, 0x66, 0x45, 0xdf, 0x4c, 0x2f, 0x87,
1319 0xeb, 0xc0, 0x99, 0x2a, 0xb1, 0x77, 0xfb, 0xa5, 0x1d, 0xb9,
1320 0x2c, 0x2a
1321 },
1322 /* Public Key */
1323 {
1324 0x85, 0x20, 0xf0, 0x09, 0x89, 0x30, 0xa7, 0x54, 0x74, 0x8b,
1325 0x7d, 0xdc, 0xb4, 0x3e, 0xf7, 0x5a, 0x0d, 0xbf, 0x3a, 0x0d,
1326 0x26, 0x38, 0x1a, 0xf4, 0xeb, 0xa4, 0xa9, 0x8e, 0xaa, 0x9b,
1327 0x4e, 0x6a
1328 }
1329 },
1330 /* X448: Keys from RFC 7748 6.2 */
1331 {
1332 /* Private Key */
1333 {
1334 0x9a, 0x8f, 0x49, 0x25, 0xd1, 0x51, 0x9f, 0x57, 0x75, 0xcf,
1335 0x46, 0xb0, 0x4b, 0x58, 0x00, 0xd4, 0xee, 0x9e, 0xe8, 0xba,
1336 0xe8, 0xbc, 0x55, 0x65, 0xd4, 0x98, 0xc2, 0x8d, 0xd9, 0xc9,
1337 0xba, 0xf5, 0x74, 0xa9, 0x41, 0x97, 0x44, 0x89, 0x73, 0x91,
1338 0x00, 0x63, 0x82, 0xa6, 0xf1, 0x27, 0xab, 0x1d, 0x9a, 0xc2,
1339 0xd8, 0xc0, 0xa5, 0x98, 0x72, 0x6b
1340 },
1341 /* Public Key */
1342 {
1343 0x9b, 0x08, 0xf7, 0xcc, 0x31, 0xb7, 0xe3, 0xe6, 0x7d, 0x22,
1344 0xd5, 0xae, 0xa1, 0x21, 0x07, 0x4a, 0x27, 0x3b, 0xd2, 0xb8,
1345 0x3d, 0xe0, 0x9c, 0x63, 0xfa, 0xa7, 0x3d, 0x2c, 0x22, 0xc5,
1346 0xd9, 0xbb, 0xc8, 0x36, 0x64, 0x72, 0x41, 0xd9, 0x53, 0xd4,
1347 0x0c, 0x5b, 0x12, 0xda, 0x88, 0x12, 0x0d, 0x53, 0x17, 0x7f,
1348 0x80, 0xe5, 0x32, 0xc4, 0x1f, 0xa0
1349 }
1350 },
1351 /* ED25519: Keys from RFC 8032 */
1352 {
1353 /* Private Key */
1354 {
1355 0x9d, 0x61, 0xb1, 0x9d, 0xef, 0xfd, 0x5a, 0x60, 0xba, 0x84,
1356 0x4a, 0xf4, 0x92, 0xec, 0x2c, 0xc4, 0x44, 0x49, 0xc5, 0x69,
1357 0x7b, 0x32, 0x69, 0x19, 0x70, 0x3b, 0xac, 0x03, 0x1c, 0xae,
1358 0x7f, 0x60
1359 },
1360 /* Public Key */
1361 {
1362 0xd7, 0x5a, 0x98, 0x01, 0x82, 0xb1, 0x0a, 0xb7, 0xd5, 0x4b,
1363 0xfe, 0xd3, 0xc9, 0x64, 0x07, 0x3a, 0x0e, 0xe1, 0x72, 0xf3,
1364 0xda, 0xa6, 0x23, 0x25, 0xaf, 0x02, 0x1a, 0x68, 0xf7, 0x07,
1365 0x51, 0x1a
1366 }
1367 },
1368 /* ED448: Keys from RFC 8032 */
1369 {
1370 /* Private Key */
1371 {
1372 0x6c, 0x82, 0xa5, 0x62, 0xcb, 0x80, 0x8d, 0x10, 0xd6, 0x32,
1373 0xbe, 0x89, 0xc8, 0x51, 0x3e, 0xbf, 0x6c, 0x92, 0x9f, 0x34,
1374 0xdd, 0xfa, 0x8c, 0x9f, 0x63, 0xc9, 0x96, 0x0e, 0xf6, 0xe3,
1375 0x48, 0xa3, 0x52, 0x8c, 0x8a, 0x3f, 0xcc, 0x2f, 0x04, 0x4e,
1376 0x39, 0xa3, 0xfc, 0x5b, 0x94, 0x49, 0x2f, 0x8f, 0x03, 0x2e,
1377 0x75, 0x49, 0xa2, 0x00, 0x98, 0xf9, 0x5b
1378 },
1379 /* Public Key */
1380 {
1381 0x5f, 0xd7, 0x44, 0x9b, 0x59, 0xb4, 0x61, 0xfd, 0x2c, 0xe7,
1382 0x87, 0xec, 0x61, 0x6a, 0xd4, 0x6a, 0x1d, 0xa1, 0x34, 0x24,
1383 0x85, 0xa7, 0x0e, 0x1f, 0x8a, 0x0e, 0xa7, 0x5d, 0x80, 0xe9,
1384 0x67, 0x78, 0xed, 0xf1, 0x24, 0x76, 0x9b, 0x46, 0xc7, 0x06,
1385 0x1b, 0xd6, 0x78, 0x3d, 0xf1, 0xe5, 0x0f, 0x6c, 0xd1, 0xfa,
1386 0x1a, 0xbe, 0xaf, 0xe8, 0x25, 0x61, 0x80
1387 }
1388 }
1389 };
1390 OSSL_PARAM x25519_fromdata_params[] = {
1391 OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PRIV_KEY,
1392 key_numbers[X25519_IDX][PRIV_KEY],
1393 X25519_KEYLEN),
1394 OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PUB_KEY,
1395 key_numbers[X25519_IDX][PUB_KEY],
1396 X25519_KEYLEN),
1397 OSSL_PARAM_END
1398 };
1399 OSSL_PARAM x448_fromdata_params[] = {
1400 OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PRIV_KEY,
1401 key_numbers[X448_IDX][PRIV_KEY],
1402 X448_KEYLEN),
1403 OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PUB_KEY,
1404 key_numbers[X448_IDX][PUB_KEY],
1405 X448_KEYLEN),
1406 OSSL_PARAM_END
1407 };
1408 OSSL_PARAM ed25519_fromdata_params[] = {
1409 OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PRIV_KEY,
1410 key_numbers[ED25519_IDX][PRIV_KEY],
1411 ED25519_KEYLEN),
1412 OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PUB_KEY,
1413 key_numbers[ED25519_IDX][PUB_KEY],
1414 ED25519_KEYLEN),
1415 OSSL_PARAM_END
1416 };
1417 OSSL_PARAM ed448_fromdata_params[] = {
1418 OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PRIV_KEY,
1419 key_numbers[ED448_IDX][PRIV_KEY],
1420 ED448_KEYLEN),
1421 OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PUB_KEY,
1422 key_numbers[ED448_IDX][PUB_KEY],
1423 ED448_KEYLEN),
1424 OSSL_PARAM_END
1425 };
1426 OSSL_PARAM *fromdata_params = NULL;
1427 int bits = 0, security_bits = 0, size = 0;
1428 OSSL_PARAM *orig_fromdata_params = NULL;
1429
1430 switch (tst & 3) {
1431 case X25519_IDX:
1432 fromdata_params = x25519_fromdata_params;
1433 bits = X25519_BITS;
1434 security_bits = X25519_SECURITY_BITS;
1435 size = X25519_KEYLEN;
1436 alg = "X25519";
1437 break;
1438
1439 case X448_IDX:
1440 fromdata_params = x448_fromdata_params;
1441 bits = X448_BITS;
1442 security_bits = X448_SECURITY_BITS;
1443 size = X448_KEYLEN;
1444 alg = "X448";
1445 break;
1446
1447 case ED25519_IDX:
1448 fromdata_params = ed25519_fromdata_params;
1449 bits = ED25519_BITS;
1450 security_bits = ED25519_SECURITY_BITS;
1451 size = ED25519_SIGSIZE;
1452 alg = "ED25519";
1453 break;
1454
1455 case ED448_IDX:
1456 fromdata_params = ed448_fromdata_params;
1457 bits = ED448_BITS;
1458 security_bits = ED448_SECURITY_BITS;
1459 size = ED448_SIGSIZE;
1460 alg = "ED448";
1461 break;
1462 default:
1463 goto err;
1464 }
1465
1466 ctx = EVP_PKEY_CTX_new_from_name(NULL, alg, NULL);
1467 if (!TEST_ptr(ctx))
1468 goto err;
1469
1470 orig_fromdata_params = fromdata_params;
1471 if (tst > 7) {
1472 /* public key only */
1473 fromdata_params++;
1474 } else if (tst > 3) {
1475 /* private key only */
1476 params[0] = fromdata_params[0];
1477 params[1] = fromdata_params[2];
1478 fromdata_params = params;
1479 }
1480
1481 if (!TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1)
1482 || !TEST_int_eq(EVP_PKEY_fromdata(ctx, &pk, EVP_PKEY_KEYPAIR,
1483 fromdata_params), 1))
1484 goto err;
1485
1486 while (dup_pk == NULL) {
1487 ret = 0;
1488 if (!TEST_int_eq(EVP_PKEY_get_bits(pk), bits)
1489 || !TEST_int_eq(EVP_PKEY_get_security_bits(pk), security_bits)
1490 || !TEST_int_eq(EVP_PKEY_get_size(pk), size)
1491 || !TEST_false(EVP_PKEY_missing_parameters(pk)))
1492 goto err;
1493
1494 if (!TEST_ptr(ctx2 = EVP_PKEY_CTX_new_from_pkey(NULL, pk, NULL)))
1495 goto err;
1496 if (tst <= 7) {
1497 if (!TEST_int_gt(EVP_PKEY_check(ctx2), 0))
1498 goto err;
1499 if (!TEST_true(EVP_PKEY_get_octet_string_param(
1500 pk, orig_fromdata_params[PRIV_KEY].key,
1501 out_priv, sizeof(out_priv), &len))
1502 || !TEST_mem_eq(out_priv, len,
1503 orig_fromdata_params[PRIV_KEY].data,
1504 orig_fromdata_params[PRIV_KEY].data_size)
1505 || !TEST_true(EVP_PKEY_get_octet_string_param(
1506 pk, orig_fromdata_params[PUB_KEY].key,
1507 out_pub, sizeof(out_pub), &len))
1508 || !TEST_mem_eq(out_pub, len,
1509 orig_fromdata_params[PUB_KEY].data,
1510 orig_fromdata_params[PUB_KEY].data_size))
1511 goto err;
1512 } else {
1513 /* The private key check should fail if there is only a public key */
1514 if (!TEST_int_gt(EVP_PKEY_public_check(ctx2), 0)
1515 || !TEST_int_le(EVP_PKEY_private_check(ctx2), 0)
1516 || !TEST_int_le(EVP_PKEY_check(ctx2), 0))
1517 goto err;
1518 }
1519 EVP_PKEY_CTX_free(ctx2);
1520 ctx2 = NULL;
1521
1522 if (!TEST_ptr(copy_pk = EVP_PKEY_new())
1523 /* This should succeed because there are no parameters to copy */
1524 || !TEST_true(EVP_PKEY_copy_parameters(copy_pk, pk)))
1525 goto err;
1526 if (!TEST_ptr(ctx2 = EVP_PKEY_CTX_new_from_pkey(NULL, copy_pk, NULL))
1527 /* This should fail because copy_pk has no pubkey */
1528 || !TEST_int_le(EVP_PKEY_public_check(ctx2), 0))
1529 goto err;
1530 EVP_PKEY_CTX_free(ctx2);
1531 ctx2 = NULL;
1532 EVP_PKEY_free(copy_pk);
1533 copy_pk = NULL;
1534
1535 if (tst > 7)
1536 ret = test_print_key_using_encoder_public(alg, pk);
1537 else
1538 ret = test_print_key_using_pem(alg, pk)
1539 && test_print_key_using_encoder(alg, pk);
1540
1541 if (!ret || !TEST_ptr(dup_pk = EVP_PKEY_dup(pk)))
1542 goto err;
1543 ret = ret && TEST_int_eq(EVP_PKEY_eq(pk, dup_pk), 1);
1544 EVP_PKEY_free(pk);
1545 pk = dup_pk;
1546 if (!ret)
1547 goto err;
1548 }
1549
1550 err:
1551 EVP_PKEY_free(pk);
1552 EVP_PKEY_free(copy_pk);
1553 EVP_PKEY_CTX_free(ctx);
1554 EVP_PKEY_CTX_free(ctx2);
1555
1556 return ret;
1557 }
1558 # endif /* OPENSSL_NO_ECX */
1559
1560 static int test_fromdata_ec(void)
1561 {
1562 int ret = 0;
1563 EVP_PKEY_CTX *ctx = NULL;
1564 EVP_PKEY *pk = NULL, *copy_pk = NULL, *dup_pk = NULL;
1565 OSSL_PARAM_BLD *bld = NULL;
1566 BIGNUM *ec_priv_bn = NULL;
1567 BIGNUM *bn_priv = NULL;
1568 OSSL_PARAM *fromdata_params = NULL;
1569 const char *alg = "EC";
1570 const char *curve = "prime256v1";
1571 const char bad_curve[] = "nonexistent-curve";
1572 OSSL_PARAM nokey_params[2] = {
1573 OSSL_PARAM_END,
1574 OSSL_PARAM_END
1575 };
1576 /* UNCOMPRESSED FORMAT */
1577 static const unsigned char ec_pub_keydata[] = {
1578 POINT_CONVERSION_UNCOMPRESSED,
1579 0x1b, 0x93, 0x67, 0x55, 0x1c, 0x55, 0x9f, 0x63,
1580 0xd1, 0x22, 0xa4, 0xd8, 0xd1, 0x0a, 0x60, 0x6d,
1581 0x02, 0xa5, 0x77, 0x57, 0xc8, 0xa3, 0x47, 0x73,
1582 0x3a, 0x6a, 0x08, 0x28, 0x39, 0xbd, 0xc9, 0xd2,
1583 0x80, 0xec, 0xe9, 0xa7, 0x08, 0x29, 0x71, 0x2f,
1584 0xc9, 0x56, 0x82, 0xee, 0x9a, 0x85, 0x0f, 0x6d,
1585 0x7f, 0x59, 0x5f, 0x8c, 0xd1, 0x96, 0x0b, 0xdf,
1586 0x29, 0x3e, 0x49, 0x07, 0x88, 0x3f, 0x9a, 0x29
1587 };
1588 /* SAME BUT COMPRESSED FORMAT */
1589 static const unsigned char ec_pub_keydata_compressed[] = {
1590 POINT_CONVERSION_COMPRESSED+1,
1591 0x1b, 0x93, 0x67, 0x55, 0x1c, 0x55, 0x9f, 0x63,
1592 0xd1, 0x22, 0xa4, 0xd8, 0xd1, 0x0a, 0x60, 0x6d,
1593 0x02, 0xa5, 0x77, 0x57, 0xc8, 0xa3, 0x47, 0x73,
1594 0x3a, 0x6a, 0x08, 0x28, 0x39, 0xbd, 0xc9, 0xd2
1595 };
1596 static const unsigned char ec_priv_keydata[] = {
1597 0x33, 0xd0, 0x43, 0x83, 0xa9, 0x89, 0x56, 0x03,
1598 0xd2, 0xd7, 0xfe, 0x6b, 0x01, 0x6f, 0xe4, 0x59,
1599 0xcc, 0x0d, 0x9a, 0x24, 0x6c, 0x86, 0x1b, 0x2e,
1600 0xdc, 0x4b, 0x4d, 0x35, 0x43, 0xe1, 0x1b, 0xad
1601 };
1602 unsigned char out_pub[sizeof(ec_pub_keydata)];
1603 char out_curve_name[80];
1604 const OSSL_PARAM *gettable = NULL;
1605 size_t len;
1606 EC_GROUP *group = NULL;
1607 BIGNUM *group_a = NULL;
1608 BIGNUM *group_b = NULL;
1609 BIGNUM *group_p = NULL;
1610 BIGNUM *a = NULL;
1611 BIGNUM *b = NULL;
1612 BIGNUM *p = NULL;
1613
1614
1615 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new()))
1616 goto err;
1617 if (!TEST_ptr(ec_priv_bn = BN_bin2bn(ec_priv_keydata,
1618 sizeof(ec_priv_keydata), NULL)))
1619 goto err;
1620
1621 if (OSSL_PARAM_BLD_push_utf8_string(bld, OSSL_PKEY_PARAM_GROUP_NAME,
1622 curve, 0) <= 0)
1623 goto err;
1624 /*
1625 * We intentionally provide the input point in compressed format,
1626 * and avoid setting `OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT`.
1627 *
1628 * Later on we check what format is used when exporting the
1629 * `OSSL_PKEY_PARAM_PUB_KEY` and expect to default to uncompressed
1630 * format.
1631 */
1632 if (OSSL_PARAM_BLD_push_octet_string(bld, OSSL_PKEY_PARAM_PUB_KEY,
1633 ec_pub_keydata_compressed,
1634 sizeof(ec_pub_keydata_compressed)) <= 0)
1635 goto err;
1636 if (OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY, ec_priv_bn) <= 0)
1637 goto err;
1638 if (!TEST_ptr(fromdata_params = OSSL_PARAM_BLD_to_param(bld)))
1639 goto err;
1640 ctx = EVP_PKEY_CTX_new_from_name(NULL, alg, NULL);
1641 if (!TEST_ptr(ctx))
1642 goto err;
1643
1644 /* try importing parameters with bad curve first */
1645 nokey_params[0] =
1646 OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME,
1647 (char *)bad_curve, sizeof(bad_curve));
1648 if (!TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1)
1649 || !TEST_int_eq(EVP_PKEY_fromdata(ctx, &pk, EVP_PKEY_KEY_PARAMETERS,
1650 nokey_params), 0)
1651 || !TEST_ptr_null(pk))
1652 goto err;
1653
1654 if (!TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1)
1655 || !TEST_int_eq(EVP_PKEY_fromdata(ctx, &pk, EVP_PKEY_KEYPAIR,
1656 fromdata_params), 1))
1657 goto err;
1658
1659 while (dup_pk == NULL) {
1660 ret = 0;
1661 if (!TEST_int_eq(EVP_PKEY_get_bits(pk), 256)
1662 || !TEST_int_eq(EVP_PKEY_get_security_bits(pk), 128)
1663 || !TEST_int_eq(EVP_PKEY_get_size(pk), 2 + 35 * 2)
1664 || !TEST_false(EVP_PKEY_missing_parameters(pk)))
1665 goto err;
1666
1667 if (!TEST_ptr(copy_pk = EVP_PKEY_new())
1668 || !TEST_true(EVP_PKEY_copy_parameters(copy_pk, pk)))
1669 goto err;
1670 EVP_PKEY_free(copy_pk);
1671 copy_pk = NULL;
1672
1673 if (!TEST_ptr(gettable = EVP_PKEY_gettable_params(pk))
1674 || !TEST_ptr(OSSL_PARAM_locate_const(gettable,
1675 OSSL_PKEY_PARAM_GROUP_NAME))
1676 || !TEST_ptr(OSSL_PARAM_locate_const(gettable,
1677 OSSL_PKEY_PARAM_PUB_KEY))
1678 || !TEST_ptr(OSSL_PARAM_locate_const(gettable,
1679 OSSL_PKEY_PARAM_PRIV_KEY)))
1680 goto err;
1681
1682 if (!TEST_ptr(group = EC_GROUP_new_by_curve_name(OBJ_sn2nid(curve)))
1683 || !TEST_ptr(group_p = BN_new())
1684 || !TEST_ptr(group_a = BN_new())
1685 || !TEST_ptr(group_b = BN_new())
1686 || !TEST_true(EC_GROUP_get_curve(group, group_p, group_a, group_b, NULL)))
1687 goto err;
1688
1689 if (!TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_EC_A, &a))
1690 || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_EC_B, &b))
1691 || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_EC_P, &p)))
1692 goto err;
1693
1694 if (!TEST_BN_eq(group_p, p) || !TEST_BN_eq(group_a, a)
1695 || !TEST_BN_eq(group_b, b))
1696 goto err;
1697
1698 if (!EVP_PKEY_get_utf8_string_param(pk, OSSL_PKEY_PARAM_GROUP_NAME,
1699 out_curve_name,
1700 sizeof(out_curve_name),
1701 &len)
1702 || !TEST_str_eq(out_curve_name, curve)
1703 || !EVP_PKEY_get_octet_string_param(pk, OSSL_PKEY_PARAM_PUB_KEY,
1704 out_pub, sizeof(out_pub), &len)
1705
1706 /*
1707 * Our providers use uncompressed format by default if
1708 * `OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT` was not
1709 * explicitly set, irrespective of the format used for the
1710 * input point given as a param to create this key.
1711 */
1712 || !TEST_true(out_pub[0] == POINT_CONVERSION_UNCOMPRESSED)
1713 || !TEST_mem_eq(out_pub + 1, len - 1,
1714 ec_pub_keydata + 1, sizeof(ec_pub_keydata) - 1)
1715
1716 || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_PRIV_KEY,
1717 &bn_priv))
1718 || !TEST_BN_eq(ec_priv_bn, bn_priv))
1719 goto err;
1720 BN_free(bn_priv);
1721 bn_priv = NULL;
1722
1723 ret = test_print_key_using_pem(alg, pk)
1724 && test_print_key_using_encoder(alg, pk);
1725
1726 if (!ret || !TEST_ptr(dup_pk = EVP_PKEY_dup(pk)))
1727 goto err;
1728 ret = ret && TEST_int_eq(EVP_PKEY_eq(pk, dup_pk), 1);
1729 EVP_PKEY_free(pk);
1730 pk = dup_pk;
1731 if (!ret)
1732 goto err;
1733 }
1734
1735 err:
1736 EC_GROUP_free(group);
1737 BN_free(group_a);
1738 BN_free(group_b);
1739 BN_free(group_p);
1740 BN_free(a);
1741 BN_free(b);
1742 BN_free(p);
1743 BN_free(bn_priv);
1744 BN_free(ec_priv_bn);
1745 OSSL_PARAM_free(fromdata_params);
1746 OSSL_PARAM_BLD_free(bld);
1747 EVP_PKEY_free(pk);
1748 EVP_PKEY_free(copy_pk);
1749 EVP_PKEY_CTX_free(ctx);
1750 return ret;
1751 }
1752
1753 static int test_ec_dup_no_operation(void)
1754 {
1755 int ret = 0;
1756 EVP_PKEY_CTX *pctx = NULL, *ctx = NULL, *kctx = NULL;
1757 EVP_PKEY *param = NULL, *pkey = NULL;
1758
1759 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL))
1760 || !TEST_int_gt(EVP_PKEY_paramgen_init(pctx), 0)
1761 || !TEST_int_gt(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx,
1762 NID_X9_62_prime256v1), 0)
1763 || !TEST_int_gt(EVP_PKEY_paramgen(pctx, &param), 0)
1764 || !TEST_ptr(param))
1765 goto err;
1766
1767 EVP_PKEY_CTX_free(pctx);
1768 pctx = NULL;
1769
1770 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(NULL, param, NULL))
1771 || !TEST_ptr(kctx = EVP_PKEY_CTX_dup(ctx))
1772 || !TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0)
1773 || !TEST_int_gt(EVP_PKEY_keygen(kctx, &pkey), 0))
1774 goto err;
1775 ret = 1;
1776 err:
1777 EVP_PKEY_free(pkey);
1778 EVP_PKEY_free(param);
1779 EVP_PKEY_CTX_free(ctx);
1780 EVP_PKEY_CTX_free(kctx);
1781 EVP_PKEY_CTX_free(pctx);
1782 return ret;
1783 }
1784
1785 /* Test that keygen doesn't support EVP_PKEY_CTX_dup */
1786 static int test_ec_dup_keygen_operation(void)
1787 {
1788 int ret = 0;
1789 EVP_PKEY_CTX *pctx = NULL, *ctx = NULL, *kctx = NULL;
1790 EVP_PKEY *param = NULL, *pkey = NULL;
1791
1792 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL))
1793 || !TEST_int_gt(EVP_PKEY_paramgen_init(pctx), 0)
1794 || !TEST_int_gt(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx,
1795 NID_X9_62_prime256v1), 0)
1796 || !TEST_int_gt(EVP_PKEY_paramgen(pctx, &param), 0)
1797 || !TEST_ptr(param))
1798 goto err;
1799
1800 EVP_PKEY_CTX_free(pctx);
1801 pctx = NULL;
1802
1803 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(NULL, param, NULL))
1804 || !TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
1805 || !TEST_ptr_null(kctx = EVP_PKEY_CTX_dup(ctx)))
1806 goto err;
1807 ret = 1;
1808 err:
1809 EVP_PKEY_free(pkey);
1810 EVP_PKEY_free(param);
1811 EVP_PKEY_CTX_free(ctx);
1812 EVP_PKEY_CTX_free(kctx);
1813 EVP_PKEY_CTX_free(pctx);
1814 return ret;
1815 }
1816
1817 #endif /* OPENSSL_NO_EC */
1818
1819 #ifndef OPENSSL_NO_DSA
1820 static int test_fromdata_dsa_fips186_4(void)
1821 {
1822 int ret = 0;
1823 EVP_PKEY_CTX *ctx = NULL, *key_ctx = NULL;
1824 EVP_PKEY *pk = NULL, *copy_pk = NULL, *dup_pk = NULL;
1825 BIGNUM *pub = NULL, *priv = NULL;
1826 BIGNUM *p = NULL, *q = NULL, *g = NULL;
1827 BIGNUM *pub_out = NULL, *priv_out = NULL;
1828 BIGNUM *p_out = NULL, *q_out = NULL, *g_out = NULL, *j_out = NULL;
1829 int gindex_out = 0, pcounter_out = 0, hindex_out = 0;
1830 char name_out[80];
1831 unsigned char seed_out[32];
1832 size_t len;
1833 OSSL_PARAM_BLD *bld = NULL;
1834 OSSL_PARAM *fromdata_params = NULL;
1835
1836 /*
1837 * DSA parameter data was generated using the following:
1838 * openssl genpkey -genparam -algorithm DSA -pkeyopt pbits:2048 \
1839 * -pkeyopt qbits:256 -pkeyopt type:0 \
1840 * -pkeyopt gindex:1 -out dsa_params.pem -text
1841 */
1842 static const unsigned char p_data[] = {
1843 0x00, 0xa0, 0xb7, 0x02, 0xc4, 0xac, 0xa6, 0x42, 0xab, 0xf2, 0x34, 0x0b,
1844 0x22, 0x47, 0x1f, 0x33, 0xcf, 0xd5, 0x04, 0xe4, 0x3e, 0xec, 0xa1, 0x21,
1845 0xc8, 0x41, 0x2b, 0xef, 0xb8, 0x1f, 0x0b, 0x5b, 0x88, 0x8b, 0x67, 0xf8,
1846 0x68, 0x6d, 0x7c, 0x4d, 0x96, 0x5f, 0x3c, 0x66, 0xef, 0x58, 0x34, 0xd7,
1847 0xf6, 0xa2, 0x1b, 0xad, 0xc8, 0x12, 0x52, 0xb8, 0xe8, 0x2a, 0x63, 0xcc,
1848 0xea, 0xe7, 0x4e, 0xc8, 0x34, 0x4c, 0x58, 0x59, 0x0a, 0xc2, 0x4a, 0xe4,
1849 0xb4, 0x64, 0x20, 0xf4, 0xf6, 0x0a, 0xcf, 0x86, 0x01, 0x6c, 0x7f, 0x23,
1850 0x4a, 0x51, 0x07, 0x99, 0x42, 0x28, 0x7a, 0xff, 0x18, 0x67, 0x52, 0x64,
1851 0xf2, 0x9a, 0x62, 0x30, 0xc3, 0x00, 0xde, 0x23, 0xe9, 0x11, 0x95, 0x7e,
1852 0xd1, 0x3d, 0x8d, 0xb4, 0x0e, 0x9f, 0x9e, 0xb1, 0x30, 0x03, 0xf0, 0x73,
1853 0xa8, 0x40, 0x48, 0x42, 0x7b, 0x60, 0xa0, 0xc4, 0xf2, 0x3b, 0x2d, 0x0a,
1854 0x0c, 0xb8, 0x19, 0xfb, 0xb4, 0xf8, 0xe0, 0x2a, 0xc7, 0xf1, 0xc0, 0xc6,
1855 0x86, 0x14, 0x60, 0x12, 0x0f, 0xc0, 0xde, 0x4a, 0x67, 0xec, 0xc7, 0xde,
1856 0x76, 0x21, 0x1a, 0x55, 0x7f, 0x86, 0xc3, 0x97, 0x98, 0xce, 0xf5, 0xcd,
1857 0xf0, 0xe7, 0x12, 0xd6, 0x93, 0xee, 0x1b, 0x9b, 0x61, 0xef, 0x05, 0x8c,
1858 0x45, 0x46, 0xd9, 0x64, 0x6f, 0xbe, 0x27, 0xaa, 0x67, 0x01, 0xcc, 0x71,
1859 0xb1, 0x60, 0xce, 0x21, 0xd8, 0x51, 0x17, 0x27, 0x0d, 0x90, 0x3d, 0x18,
1860 0x7c, 0x87, 0x15, 0x8e, 0x48, 0x4c, 0x6c, 0xc5, 0x72, 0xeb, 0xb7, 0x56,
1861 0xf5, 0x6b, 0x60, 0x8f, 0xc2, 0xfd, 0x3f, 0x46, 0x5c, 0x00, 0x91, 0x85,
1862 0x79, 0x45, 0x5b, 0x1c, 0x82, 0xc4, 0x87, 0x50, 0x79, 0xba, 0xcc, 0x1c,
1863 0x32, 0x7e, 0x2e, 0xb8, 0x2e, 0xc5, 0x4e, 0xd1, 0x9b, 0xdb, 0x66, 0x79,
1864 0x7c, 0xfe, 0xaf, 0x6a, 0x05
1865 };
1866 static const unsigned char q_data[] = {
1867 0xa8, 0xcd, 0xf4, 0x33, 0x7b, 0x13, 0x0a, 0x24, 0xc1, 0xde, 0x4a, 0x04,
1868 0x7b, 0x4b, 0x71, 0x51, 0x32, 0xe9, 0x47, 0x74, 0xbd, 0x0c, 0x21, 0x40,
1869 0x84, 0x12, 0x0a, 0x17, 0x73, 0xdb, 0x29, 0xc7
1870 };
1871 static const unsigned char g_data[] = {
1872 0x6c, 0xc6, 0xa4, 0x3e, 0x61, 0x84, 0xc1, 0xff, 0x6f, 0x4a, 0x1a, 0x6b,
1873 0xb0, 0x24, 0x4b, 0xd2, 0x92, 0x5b, 0x29, 0x5c, 0x61, 0xb8, 0xc9, 0x2b,
1874 0xd6, 0xf7, 0x59, 0xfd, 0xd8, 0x70, 0x66, 0x77, 0xfc, 0xc1, 0xa4, 0xd4,
1875 0xb0, 0x1e, 0xd5, 0xbf, 0x59, 0x98, 0xb3, 0x66, 0x8b, 0xf4, 0x2e, 0xe6,
1876 0x12, 0x3e, 0xcc, 0xf8, 0x02, 0xb8, 0xc6, 0xc3, 0x47, 0xd2, 0xf5, 0xaa,
1877 0x0c, 0x5f, 0x51, 0xf5, 0xd0, 0x4c, 0x55, 0x3d, 0x07, 0x73, 0xa6, 0x57,
1878 0xce, 0x5a, 0xad, 0x42, 0x0c, 0x13, 0x0f, 0xe2, 0x31, 0x25, 0x8e, 0x72,
1879 0x12, 0x73, 0x10, 0xdb, 0x7f, 0x79, 0xeb, 0x59, 0xfc, 0xfe, 0xf7, 0x0c,
1880 0x1a, 0x81, 0x53, 0x96, 0x22, 0xb8, 0xe7, 0x58, 0xd8, 0x67, 0x80, 0x60,
1881 0xad, 0x8b, 0x55, 0x1c, 0x91, 0xf0, 0x72, 0x9a, 0x7e, 0xad, 0x37, 0xf1,
1882 0x77, 0x18, 0x96, 0x8a, 0x68, 0x70, 0xfc, 0x71, 0xa9, 0xa2, 0xe8, 0x35,
1883 0x27, 0x78, 0xf2, 0xef, 0x59, 0x36, 0x6d, 0x7c, 0xb6, 0x98, 0xd8, 0x1e,
1884 0xfa, 0x25, 0x73, 0x97, 0x45, 0x58, 0xe3, 0xae, 0xbd, 0x52, 0x54, 0x05,
1885 0xd8, 0x26, 0x26, 0xba, 0xba, 0x05, 0xb5, 0xe9, 0xe5, 0x76, 0xae, 0x25,
1886 0xdd, 0xfc, 0x10, 0x89, 0x5a, 0xa9, 0xee, 0x59, 0xc5, 0x79, 0x8b, 0xeb,
1887 0x1e, 0x2c, 0x61, 0xab, 0x0d, 0xd1, 0x10, 0x04, 0x91, 0x32, 0x77, 0x4a,
1888 0xa6, 0x64, 0x53, 0xda, 0x4c, 0xd7, 0x3a, 0x29, 0xd4, 0xf3, 0x82, 0x25,
1889 0x1d, 0x6f, 0x4a, 0x7f, 0xd3, 0x08, 0x3b, 0x42, 0x30, 0x10, 0xd8, 0xd0,
1890 0x97, 0x3a, 0xeb, 0x92, 0x63, 0xec, 0x93, 0x2b, 0x6f, 0x32, 0xd8, 0xcd,
1891 0x80, 0xd3, 0xc0, 0x4c, 0x03, 0xd5, 0xca, 0xbc, 0x8f, 0xc7, 0x43, 0x53,
1892 0x64, 0x66, 0x1c, 0x82, 0x2d, 0xfb, 0xff, 0x39, 0xba, 0xd6, 0x42, 0x62,
1893 0x02, 0x6f, 0x96, 0x36
1894 };
1895 static const unsigned char seed_data[] = {
1896 0x64, 0x46, 0x07, 0x32, 0x8d, 0x70, 0x9c, 0xb3, 0x8a, 0x35, 0xde, 0x62,
1897 0x00, 0xf2, 0x6d, 0x52, 0x37, 0x4d, 0xb3, 0x84, 0xe1, 0x9d, 0x41, 0x04,
1898 0xda, 0x7b, 0xdc, 0x0d, 0x8b, 0x5e, 0xe0, 0x84
1899 };
1900 const int gindex = 1;
1901 const int pcounter = 53;
1902 /*
1903 * The keypair was generated using
1904 * openssl genpkey -paramfile dsa_params.pem --pkeyopt pcounter:53 \
1905 * -pkeyopt gindex:1 \
1906 * -pkeyopt hexseed:644607328d709cb38a35de6200f26d -text
1907 */
1908 static const unsigned char priv_data[] = {
1909 0x00, 0x8f, 0xc5, 0x9e, 0xd0, 0xf7, 0x2a, 0x0b, 0x66, 0xf1, 0x32, 0x73,
1910 0xae, 0xf6, 0xd9, 0xd4, 0xdb, 0x2d, 0x96, 0x55, 0x89, 0xff, 0xef, 0xa8,
1911 0x5f, 0x47, 0x8f, 0xca, 0x02, 0x8a, 0xe1, 0x35, 0x90
1912 };
1913 static const unsigned char pub_data[] = {
1914 0x44, 0x19, 0xc9, 0x46, 0x45, 0x57, 0xc1, 0xa9, 0xd8, 0x30, 0x99, 0x29,
1915 0x6a, 0x4b, 0x63, 0x71, 0x69, 0x96, 0x35, 0x17, 0xb2, 0x62, 0x9b, 0x80,
1916 0x0a, 0x95, 0x9d, 0x6a, 0xc0, 0x32, 0x0d, 0x07, 0x5f, 0x19, 0x44, 0x02,
1917 0xf1, 0xbd, 0xce, 0xdf, 0x10, 0xf8, 0x02, 0x5d, 0x7d, 0x98, 0x8a, 0x73,
1918 0x89, 0x00, 0xb6, 0x24, 0xd6, 0x33, 0xe7, 0xcf, 0x8b, 0x49, 0x2a, 0xaf,
1919 0x13, 0x1c, 0xb2, 0x52, 0x15, 0xfd, 0x9b, 0xd5, 0x40, 0x4a, 0x1a, 0xda,
1920 0x29, 0x4c, 0x92, 0x7e, 0x66, 0x06, 0xdb, 0x61, 0x86, 0xac, 0xb5, 0xda,
1921 0x3c, 0x7d, 0x73, 0x7e, 0x54, 0x32, 0x68, 0xa5, 0x02, 0xbc, 0x59, 0x47,
1922 0x84, 0xd3, 0x87, 0x71, 0x5f, 0xeb, 0x43, 0x45, 0x24, 0xd3, 0xec, 0x08,
1923 0x52, 0xc2, 0x89, 0x2d, 0x9c, 0x1a, 0xcc, 0x91, 0x65, 0x5d, 0xa3, 0xa1,
1924 0x35, 0x31, 0x10, 0x1c, 0x3a, 0xa8, 0x4d, 0x18, 0xd5, 0x06, 0xaf, 0xb2,
1925 0xec, 0x5c, 0x89, 0x9e, 0x90, 0x86, 0x10, 0x01, 0xeb, 0x51, 0xd5, 0x1b,
1926 0x9c, 0xcb, 0x66, 0x07, 0x3f, 0xc4, 0x6e, 0x0a, 0x1b, 0x73, 0xa0, 0x4b,
1927 0x5f, 0x4d, 0xab, 0x35, 0x28, 0xfa, 0xda, 0x3a, 0x0c, 0x08, 0xe8, 0xf3,
1928 0xef, 0x42, 0x67, 0xbc, 0x21, 0xf2, 0xc2, 0xb8, 0xff, 0x1a, 0x81, 0x05,
1929 0x68, 0x73, 0x62, 0xdf, 0xd7, 0xab, 0x0f, 0x22, 0x89, 0x57, 0x96, 0xd4,
1930 0x93, 0xaf, 0xa1, 0x21, 0xa3, 0x48, 0xe9, 0xf0, 0x97, 0x47, 0xa0, 0x27,
1931 0xba, 0x87, 0xb8, 0x15, 0x5f, 0xff, 0x2c, 0x50, 0x41, 0xf1, 0x7e, 0xc6,
1932 0x81, 0xc4, 0x51, 0xf1, 0xfd, 0xd6, 0x86, 0xf7, 0x69, 0x97, 0xf1, 0x49,
1933 0xc9, 0xf9, 0xf4, 0x9b, 0xf4, 0xe8, 0x85, 0xa7, 0xbd, 0x36, 0x55, 0x4a,
1934 0x3d, 0xe8, 0x65, 0x09, 0x7b, 0xb7, 0x12, 0x64, 0xd2, 0x0a, 0x53, 0x60,
1935 0x48, 0xd1, 0x8a, 0xbd
1936 };
1937
1938 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
1939 || !TEST_ptr(pub = BN_bin2bn(pub_data, sizeof(pub_data), NULL))
1940 || !TEST_ptr(priv = BN_bin2bn(priv_data, sizeof(priv_data), NULL))
1941 || !TEST_ptr(p = BN_bin2bn(p_data, sizeof(p_data), NULL))
1942 || !TEST_ptr(q = BN_bin2bn(q_data, sizeof(q_data), NULL))
1943 || !TEST_ptr(g = BN_bin2bn(g_data, sizeof(g_data), NULL))
1944
1945 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
1946 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
1947 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
1948 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
1949 OSSL_PKEY_PARAM_FFC_SEED,
1950 seed_data,
1951 sizeof(seed_data)))
1952 || !TEST_true(OSSL_PARAM_BLD_push_int(bld, OSSL_PKEY_PARAM_FFC_GINDEX,
1953 gindex))
1954 || !TEST_true(OSSL_PARAM_BLD_push_int(bld,
1955 OSSL_PKEY_PARAM_FFC_PCOUNTER,
1956 pcounter))
1957 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
1958 pub))
1959 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
1960 priv))
1961 || !TEST_ptr(fromdata_params = OSSL_PARAM_BLD_to_param(bld)))
1962 goto err;
1963
1964 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(NULL, "DSA", NULL)))
1965 goto err;
1966
1967 if (!TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1)
1968 || !TEST_int_eq(EVP_PKEY_fromdata(ctx, &pk, EVP_PKEY_KEYPAIR,
1969 fromdata_params), 1))
1970 goto err;
1971
1972 while (dup_pk == NULL) {
1973 ret = 0;
1974 if (!TEST_int_eq(EVP_PKEY_get_bits(pk), 2048)
1975 || !TEST_int_eq(EVP_PKEY_get_security_bits(pk), 112)
1976 || !TEST_int_eq(EVP_PKEY_get_size(pk), 2 + 2 * (3 + sizeof(q_data)))
1977 || !TEST_false(EVP_PKEY_missing_parameters(pk)))
1978 goto err;
1979
1980 if (!TEST_false(EVP_PKEY_get_utf8_string_param(pk,
1981 OSSL_PKEY_PARAM_GROUP_NAME,
1982 name_out,
1983 sizeof(name_out),
1984 &len))
1985 || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_PUB_KEY,
1986 &pub_out))
1987 || !TEST_BN_eq(pub, pub_out)
1988 || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_PRIV_KEY,
1989 &priv_out))
1990 || !TEST_BN_eq(priv, priv_out)
1991 || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_FFC_P,
1992 &p_out))
1993 || !TEST_BN_eq(p, p_out)
1994 || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_FFC_Q,
1995 &q_out))
1996 || !TEST_BN_eq(q, q_out)
1997 || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_FFC_G,
1998 &g_out))
1999 || !TEST_BN_eq(g, g_out)
2000 || !TEST_false(EVP_PKEY_get_bn_param(pk,
2001 OSSL_PKEY_PARAM_FFC_COFACTOR,
2002 &j_out))
2003 || !TEST_ptr_null(j_out)
2004 || !TEST_true(EVP_PKEY_get_octet_string_param(pk,
2005 OSSL_PKEY_PARAM_FFC_SEED,
2006 seed_out,
2007 sizeof(seed_out),
2008 &len))
2009 || !TEST_true(EVP_PKEY_get_int_param(pk,
2010 OSSL_PKEY_PARAM_FFC_GINDEX,
2011 &gindex_out))
2012 || !TEST_int_eq(gindex, gindex_out)
2013 || !TEST_true(EVP_PKEY_get_int_param(pk, OSSL_PKEY_PARAM_FFC_H,
2014 &hindex_out))
2015 || !TEST_int_eq(hindex_out, 0)
2016 || !TEST_true(EVP_PKEY_get_int_param(pk,
2017 OSSL_PKEY_PARAM_FFC_PCOUNTER,
2018 &pcounter_out))
2019 || !TEST_int_eq(pcounter, pcounter_out))
2020 goto err;
2021 BN_free(p);
2022 p = NULL;
2023 BN_free(q);
2024 q = NULL;
2025 BN_free(g);
2026 g = NULL;
2027 BN_free(j_out);
2028 j_out = NULL;
2029 BN_free(pub_out);
2030 pub_out = NULL;
2031 BN_free(priv_out);
2032 priv_out = NULL;
2033
2034 if (!TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(NULL, pk, "")))
2035 goto err;
2036
2037 if (!TEST_int_gt(EVP_PKEY_check(key_ctx), 0)
2038 || !TEST_int_gt(EVP_PKEY_public_check(key_ctx), 0)
2039 || !TEST_int_gt(EVP_PKEY_private_check(key_ctx), 0)
2040 || !TEST_int_gt(EVP_PKEY_pairwise_check(key_ctx), 0))
2041 goto err;
2042 EVP_PKEY_CTX_free(key_ctx);
2043 key_ctx = NULL;
2044
2045 if (!TEST_ptr(copy_pk = EVP_PKEY_new())
2046 || !TEST_true(EVP_PKEY_copy_parameters(copy_pk, pk)))
2047 goto err;
2048 EVP_PKEY_free(copy_pk);
2049 copy_pk = NULL;
2050
2051 ret = test_print_key_using_pem("DSA", pk)
2052 && test_print_key_using_encoder("DSA", pk);
2053
2054 if (!ret || !TEST_ptr(dup_pk = EVP_PKEY_dup(pk)))
2055 goto err;
2056 ret = ret && TEST_int_eq(EVP_PKEY_eq(pk, dup_pk), 1);
2057 EVP_PKEY_free(pk);
2058 pk = dup_pk;
2059 if (!ret)
2060 goto err;
2061 }
2062
2063 err:
2064 OSSL_PARAM_free(fromdata_params);
2065 OSSL_PARAM_BLD_free(bld);
2066 BN_free(p);
2067 BN_free(q);
2068 BN_free(g);
2069 BN_free(pub);
2070 BN_free(priv);
2071 BN_free(p_out);
2072 BN_free(q_out);
2073 BN_free(g_out);
2074 BN_free(pub_out);
2075 BN_free(priv_out);
2076 BN_free(j_out);
2077 EVP_PKEY_free(pk);
2078 EVP_PKEY_free(copy_pk);
2079 EVP_PKEY_CTX_free(ctx);
2080 EVP_PKEY_CTX_free(key_ctx);
2081
2082 return ret;
2083 }
2084
2085 static int test_check_dsa(void)
2086 {
2087 int ret = 0;
2088 EVP_PKEY_CTX *ctx = NULL;
2089
2090 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(NULL, "DSA", NULL))
2091 || !TEST_int_le(EVP_PKEY_check(ctx), 0)
2092 || !TEST_int_le(EVP_PKEY_public_check(ctx), 0)
2093 || !TEST_int_le(EVP_PKEY_private_check(ctx), 0)
2094 || !TEST_int_le(EVP_PKEY_pairwise_check(ctx), 0))
2095 goto err;
2096
2097 ret = 1;
2098 err:
2099 EVP_PKEY_CTX_free(ctx);
2100
2101 return ret;
2102 }
2103 #endif /* OPENSSL_NO_DSA */
2104
2105
2106 static OSSL_PARAM *do_construct_hkdf_params(char *digest, char *key,
2107 size_t keylen, char *salt)
2108 {
2109 OSSL_PARAM *params = OPENSSL_malloc(sizeof(OSSL_PARAM) * 5);
2110 OSSL_PARAM *p = params;
2111
2112 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, digest, 0);
2113 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT,
2114 salt, strlen(salt));
2115 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY,
2116 (unsigned char *)key, keylen);
2117 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MODE,
2118 "EXTRACT_ONLY", 0);
2119 *p = OSSL_PARAM_construct_end();
2120
2121 return params;
2122 }
2123
2124 static int test_evp_pkey_ctx_dup_kdf(void)
2125 {
2126 int ret = 0;
2127 size_t len = 0, dlen = 0;
2128 EVP_PKEY_CTX *pctx = NULL, *dctx = NULL;
2129 OSSL_PARAM *params = NULL;
2130
2131 if (!TEST_ptr(params = do_construct_hkdf_params("sha256", "secret", 6,
2132 "salt")))
2133 goto err;
2134 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(NULL, "HKDF", NULL)))
2135 goto err;
2136 if (!TEST_int_eq(EVP_PKEY_derive_init_ex(pctx, params), 1))
2137 goto err;
2138 if (!TEST_ptr(dctx = EVP_PKEY_CTX_dup(pctx)))
2139 goto err;
2140 if (!TEST_int_eq(EVP_PKEY_derive(pctx, NULL, &len), 1)
2141 || !TEST_size_t_eq(len, SHA256_DIGEST_LENGTH)
2142 || !TEST_int_eq(EVP_PKEY_derive(dctx, NULL, &dlen), 1)
2143 || !TEST_size_t_eq(dlen, SHA256_DIGEST_LENGTH))
2144 goto err;
2145 ret = 1;
2146 err:
2147 OPENSSL_free(params);
2148 EVP_PKEY_CTX_free(dctx);
2149 EVP_PKEY_CTX_free(pctx);
2150 return ret;
2151 }
2152
2153 int setup_tests(void)
2154 {
2155 if (!test_skip_common_options()) {
2156 TEST_error("Error parsing test options\n");
2157 return 0;
2158 }
2159
2160 if (!TEST_ptr(datadir = test_get_argument(0)))
2161 return 0;
2162
2163 ADD_TEST(test_evp_pkey_ctx_dup_kdf);
2164 ADD_TEST(test_evp_pkey_get_bn_param_large);
2165 ADD_TEST(test_fromdata_rsa);
2166 ADD_TEST(test_fromdata_rsa_derive_from_pq_sp800);
2167 ADD_TEST(test_fromdata_rsa_derive_from_pq_multiprime);
2168 #ifndef OPENSSL_NO_DH
2169 ADD_TEST(test_fromdata_dh_fips186_4);
2170 ADD_TEST(test_fromdata_dh_named_group);
2171 #endif
2172 #ifndef OPENSSL_NO_DSA
2173 ADD_TEST(test_check_dsa);
2174 ADD_TEST(test_fromdata_dsa_fips186_4);
2175 #endif
2176 #ifndef OPENSSL_NO_EC
2177 # ifndef OPENSSL_NO_ECX
2178 ADD_ALL_TESTS(test_fromdata_ecx, 4 * 3);
2179 # endif
2180 ADD_TEST(test_fromdata_ec);
2181 ADD_TEST(test_ec_dup_no_operation);
2182 ADD_TEST(test_ec_dup_keygen_operation);
2183 #endif
2184 return 1;
2185 }
A mirror of the official openssl repository