2 * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 #include <openssl/evp.h>
11 #include <openssl/pem.h>
12 #include <openssl/serializer.h>
13 #include <openssl/provider.h>
14 #include <openssl/params.h>
15 #include <openssl/core_names.h>
16 #include "internal/nelem.h"
17 #include "crypto/evp.h" /* For the internal API */
20 static int test_print_key_using_pem(const EVP_PKEY
*pk
)
22 if (!TEST_true(EVP_PKEY_print_private(bio_out
, pk
, 0, NULL
))
23 /* Public key in PEM form */
24 || !TEST_true(PEM_write_bio_PUBKEY(bio_out
, pk
))
25 /* Unencrypted private key in PEM form */
26 || !TEST_true(PEM_write_bio_PrivateKey(bio_out
, pk
,
27 NULL
, NULL
, 0, NULL
, NULL
))
28 /* Encrypted private key in PEM form */
29 || !TEST_true(PEM_write_bio_PrivateKey(bio_out
, pk
, EVP_aes_256_cbc(),
30 (unsigned char *)"pass", 4,
37 static int test_print_key_using_serializer(const EVP_PKEY
*pk
)
39 const char *pq
= OSSL_SERIALIZER_PrivateKey_TO_PEM_PQ
;
40 OSSL_SERIALIZER_CTX
*ctx
= NULL
;
43 /* Make a context, it's valid for several prints */
44 TEST_note("Setting up a OSSL_SERIALIZER context with passphrase");
45 if (!TEST_ptr(ctx
= OSSL_SERIALIZER_CTX_new_by_EVP_PKEY(pk
, pq
))
46 /* Check that this operation is supported */
47 || !TEST_ptr(OSSL_SERIALIZER_CTX_get_serializer(ctx
))
48 /* Set a passphrase to be used later */
49 || !TEST_true(OSSL_SERIALIZER_CTX_set_passphrase(ctx
,
50 (unsigned char *)"pass",
54 /* Use no cipher. This should give us an unencrypted PEM */
55 TEST_note("Displaying PEM with no encryption");
56 if (!TEST_true(OSSL_SERIALIZER_to_bio(ctx
, bio_out
)))
59 /* Use a valid cipher name */
60 TEST_note("Displaying PEM encrypted with AES-256-CBC");
61 if (!TEST_true(OSSL_SERIALIZER_CTX_set_cipher(ctx
, "AES-256-CBC", NULL
))
62 || !TEST_true(OSSL_SERIALIZER_to_bio(ctx
, bio_out
)))
65 /* Use an invalid cipher name, which should generate no output */
66 TEST_note("NOT Displaying PEM encrypted with (invalid) FOO");
67 if (!TEST_false(OSSL_SERIALIZER_CTX_set_cipher(ctx
, "FOO", NULL
))
68 || !TEST_false(OSSL_SERIALIZER_to_bio(ctx
, bio_out
)))
71 /* Clear the cipher. This should give us an unencrypted PEM again */
72 TEST_note("Displaying PEM with encryption cleared (no encryption)");
73 if (!TEST_true(OSSL_SERIALIZER_CTX_set_cipher(ctx
, NULL
, NULL
))
74 || !TEST_true(OSSL_SERIALIZER_to_bio(ctx
, bio_out
)))
78 OSSL_SERIALIZER_CTX_free(ctx
);
82 /* Array indexes used in test_fromdata_rsa */
92 static int test_fromdata_rsa(void)
95 EVP_PKEY_CTX
*ctx
= NULL
, *key_ctx
= NULL
;
98 * 32-bit RSA key, extracted from this command,
99 * executed with OpenSSL 1.0.2:
101 * openssl genrsa 32 | openssl rsa -text
103 static unsigned long key_numbers
[] = {
113 OSSL_PARAM fromdata_params
[] = {
114 OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_N
, &key_numbers
[N
]),
115 OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_E
, &key_numbers
[E
]),
116 OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_D
, &key_numbers
[D
]),
117 OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_FACTOR
, &key_numbers
[P
]),
118 OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_FACTOR
, &key_numbers
[Q
]),
119 OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_EXPONENT
, &key_numbers
[DP
]),
120 OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_EXPONENT
, &key_numbers
[DQ
]),
121 OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_COEFFICIENT
, &key_numbers
[QINV
]),
125 if (!TEST_ptr(ctx
= EVP_PKEY_CTX_new_from_name(NULL
, "RSA", NULL
)))
128 if (!TEST_true(EVP_PKEY_key_fromdata_init(ctx
))
129 || !TEST_true(EVP_PKEY_fromdata(ctx
, &pk
, fromdata_params
))
130 || !TEST_int_eq(EVP_PKEY_bits(pk
), 32)
131 || !TEST_int_eq(EVP_PKEY_security_bits(pk
), 8)
132 || !TEST_int_eq(EVP_PKEY_size(pk
), 4))
135 if (!TEST_ptr(key_ctx
= EVP_PKEY_CTX_new_from_pkey(NULL
, pk
, "")))
138 if (!TEST_true(EVP_PKEY_check(key_ctx
))
139 || !TEST_true(EVP_PKEY_public_check(key_ctx
))
140 || !TEST_true(EVP_PKEY_private_check(key_ctx
))
141 || !TEST_true(EVP_PKEY_pairwise_check(key_ctx
)))
144 ret
= test_print_key_using_pem(pk
)
145 | test_print_key_using_serializer(pk
);
149 EVP_PKEY_CTX_free(key_ctx
);
150 EVP_PKEY_CTX_free(ctx
);
155 #ifndef OPENSSL_NO_DH
156 /* Array indexes used in test_fromdata_dh */
162 static int test_fromdata_dh(void)
165 EVP_PKEY_CTX
*ctx
= NULL
;
168 * 32-bit DH key, extracted from this command,
169 * executed with OpenSSL 1.0.2:
171 * openssl dhparam -out dhp.pem 32
172 * openssl genpkey -paramfile dhp.pem | openssl pkey -text
174 static unsigned long key_numbers
[] = {
175 0x666c2b06, /* priv-key */
176 0x6fa6de50, /* pub-key */
180 OSSL_PARAM fromdata_params
[] = {
181 OSSL_PARAM_ulong(OSSL_PKEY_PARAM_DH_PRIV_KEY
, &key_numbers
[PRIV_KEY
]),
182 OSSL_PARAM_ulong(OSSL_PKEY_PARAM_DH_PUB_KEY
, &key_numbers
[PUB_KEY
]),
183 OSSL_PARAM_ulong(OSSL_PKEY_PARAM_FFC_P
, &key_numbers
[FFC_P
]),
184 OSSL_PARAM_ulong(OSSL_PKEY_PARAM_FFC_G
, &key_numbers
[FFC_G
]),
188 if (!TEST_ptr(ctx
= EVP_PKEY_CTX_new_from_name(NULL
, "DH", NULL
)))
191 if (!TEST_true(EVP_PKEY_key_fromdata_init(ctx
))
192 || !TEST_true(EVP_PKEY_fromdata(ctx
, &pk
, fromdata_params
))
193 || !TEST_int_eq(EVP_PKEY_bits(pk
), 32)
194 || !TEST_int_eq(EVP_PKEY_security_bits(pk
), 0) /* Missing Q */
195 || !TEST_int_eq(EVP_PKEY_size(pk
), 4))
198 ret
= test_print_key_using_pem(pk
)
199 | test_print_key_using_serializer(pk
);
203 EVP_PKEY_CTX_free(ctx
);
209 int setup_tests(void)
211 ADD_TEST(test_fromdata_rsa
);
212 #ifndef OPENSSL_NO_DH
213 ADD_TEST(test_fromdata_dh
);