2 * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 #include <string.h> /* memset */
11 #include <openssl/evp.h>
12 #include <openssl/pem.h>
13 #include <openssl/encoder.h>
14 #include <openssl/provider.h>
15 #include <openssl/param_build.h>
16 #include <openssl/core_names.h>
17 #include <openssl/sha.h>
18 #include "crypto/ecx.h"
19 #include "crypto/evp.h" /* For the internal API */
20 #include "crypto/bn_dh.h" /* _bignum_ffdhe2048_p */
21 #include "internal/nelem.h"
24 static char *datadir = NULL;
27 * Do not change the order of the following defines unless you also
28 * update the for loop bounds used inside test_print_key_using_encoder() and
29 * test_print_key_using_encoder_public().
38 static void stripcr(char *buf, size_t *len)
43 for (i = *len, curr = buf, writ = buf; i > 0; i--, curr++) {
54 static int compare_with_file(const char *alg, int type, BIO *membio)
59 char *memdata, *fullfile = NULL;
92 TEST_error("Invalid file type");
96 BIO_snprintf(filename, sizeof(filename), "%s.%s", alg, suffix);
97 fullfile = test_mk_file_path(datadir, filename);
98 if (!TEST_ptr(fullfile))
101 file = BIO_new_file(fullfile, "rb");
105 if (!TEST_true(BIO_read_ex(file, buf, sizeof(buf), &readbytes))
106 || !TEST_true(BIO_eof(file))
107 || !TEST_size_t_lt(readbytes, sizeof(buf)))
110 len = BIO_get_mem_data(membio, &memdata);
111 if (!TEST_int_gt(len, 0))
115 if (type != PRIV_DER && type != PUB_DER) {
116 stripcr(memdata, &slen);
117 stripcr(buf, &readbytes);
120 if (!TEST_mem_eq(memdata, slen, buf, readbytes))
125 OPENSSL_free(fullfile);
126 (void)BIO_reset(membio);
131 static int pass_cb(char *buf, int size, int rwflag, void *u)
136 static int pass_cb_error(char *buf, int size, int rwflag, void *u)
141 static int test_print_key_using_pem(const char *alg, const EVP_PKEY *pk)
143 BIO *membio = BIO_new(BIO_s_mem());
146 if (!TEST_ptr(membio))
149 if (/* Output Encrypted private key in PEM form */
150 !TEST_true(PEM_write_bio_PrivateKey(bio_out, pk, EVP_aes_256_cbc(),
151 (unsigned char *)"pass", 4,
153 /* Output zero-length passphrase encrypted private key in PEM form */
154 || !TEST_true(PEM_write_bio_PKCS8PrivateKey(bio_out, pk,
158 || !TEST_true(PEM_write_bio_PKCS8PrivateKey(bio_out, pk,
161 || !TEST_true(PEM_write_bio_PKCS8PrivateKey(bio_out, pk,
163 NULL, 0, pass_cb, NULL))
164 || !TEST_false(PEM_write_bio_PKCS8PrivateKey(bio_out, pk,
166 NULL, 0, pass_cb_error,
168 #ifndef OPENSSL_NO_DES
169 || !TEST_true(PEM_write_bio_PKCS8PrivateKey_nid(
170 bio_out, pk, NID_pbe_WithSHA1And3_Key_TripleDES_CBC,
171 (const char *)~0, 0, NULL, NULL))
172 || !TEST_true(PEM_write_bio_PKCS8PrivateKey_nid(
173 bio_out, pk, NID_pbe_WithSHA1And3_Key_TripleDES_CBC, NULL, 0,
175 || !TEST_true(PEM_write_bio_PKCS8PrivateKey_nid(
176 bio_out, pk, NID_pbe_WithSHA1And3_Key_TripleDES_CBC, NULL, 0,
178 || !TEST_false(PEM_write_bio_PKCS8PrivateKey_nid(
179 bio_out, pk, NID_pbe_WithSHA1And3_Key_TripleDES_CBC, NULL, 0,
180 pass_cb_error, NULL))
182 /* Private key in text form */
183 || !TEST_int_gt(EVP_PKEY_print_private(membio, pk, 0, NULL), 0)
184 || !TEST_true(compare_with_file(alg, PRIV_TEXT, membio))
185 /* Public key in PEM form */
186 || !TEST_true(PEM_write_bio_PUBKEY(membio, pk))
187 || !TEST_true(compare_with_file(alg, PUB_PEM, membio))
188 /* Unencrypted private key in PEM form */
189 || !TEST_true(PEM_write_bio_PrivateKey(membio, pk,
190 NULL, NULL, 0, NULL, NULL))
191 || !TEST_true(compare_with_file(alg, PRIV_PEM, membio))
193 || !TEST_false(PEM_write_bio_PrivateKey(membio, NULL,
194 NULL, NULL, 0, NULL, NULL))
195 || !TEST_false(PEM_write_bio_PrivateKey_traditional(membio, NULL,
196 NULL, NULL, 0, NULL, NULL)))
205 static int test_print_key_type_using_encoder(const char *alg, int type,
208 const char *output_type, *output_structure;
210 OSSL_ENCODER_CTX *ctx = NULL;
211 BIO *membio = BIO_new(BIO_s_mem());
216 output_type = "TEXT";
217 output_structure = NULL;
218 selection = OSSL_KEYMGMT_SELECT_KEYPAIR
219 | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS;
224 output_structure = "PrivateKeyInfo";
225 selection = OSSL_KEYMGMT_SELECT_KEYPAIR
226 | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS;
231 output_structure = "PrivateKeyInfo";
232 selection = OSSL_KEYMGMT_SELECT_KEYPAIR
233 | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS;
237 output_type = "TEXT";
238 output_structure = NULL;
239 selection = OSSL_KEYMGMT_SELECT_PUBLIC_KEY
240 | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS;
245 output_structure = "SubjectPublicKeyInfo";
246 selection = OSSL_KEYMGMT_SELECT_PUBLIC_KEY
247 | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS;
252 output_structure = "SubjectPublicKeyInfo";
253 selection = OSSL_KEYMGMT_SELECT_PUBLIC_KEY
254 | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS;
258 TEST_error("Invalid encoding type");
262 if (!TEST_ptr(membio))
265 /* Make a context, it's valid for several prints */
266 TEST_note("Setting up a OSSL_ENCODER context with passphrase");
267 if (!TEST_ptr(ctx = OSSL_ENCODER_CTX_new_for_pkey(pk, selection,
271 /* Check that this operation is supported */
272 || !TEST_int_ne(OSSL_ENCODER_CTX_get_num_encoders(ctx), 0))
275 /* Use no cipher. This should give us an unencrypted PEM */
276 TEST_note("Testing with no encryption");
277 if (!TEST_true(OSSL_ENCODER_to_bio(ctx, membio))
278 || !TEST_true(compare_with_file(alg, type, membio)))
281 if (type == PRIV_PEM) {
282 /* Set a passphrase to be used later */
283 if (!TEST_true(OSSL_ENCODER_CTX_set_passphrase(ctx,
284 (unsigned char *)"pass",
288 /* Use a valid cipher name */
289 TEST_note("Displaying PEM encrypted with AES-256-CBC");
290 if (!TEST_true(OSSL_ENCODER_CTX_set_cipher(ctx, "AES-256-CBC", NULL))
291 || !TEST_true(OSSL_ENCODER_to_bio(ctx, bio_out)))
294 /* Use an invalid cipher name, which should generate no output */
295 TEST_note("NOT Displaying PEM encrypted with (invalid) FOO");
296 if (!TEST_false(OSSL_ENCODER_CTX_set_cipher(ctx, "FOO", NULL))
297 || !TEST_false(OSSL_ENCODER_to_bio(ctx, bio_out)))
300 /* Clear the cipher. This should give us an unencrypted PEM again */
301 TEST_note("Testing with encryption cleared (no encryption)");
302 if (!TEST_true(OSSL_ENCODER_CTX_set_cipher(ctx, NULL, NULL))
303 || !TEST_true(OSSL_ENCODER_to_bio(ctx, membio))
304 || !TEST_true(compare_with_file(alg, type, membio)))
310 OSSL_ENCODER_CTX_free(ctx);
314 static int test_print_key_using_encoder(const char *alg, const EVP_PKEY *pk)
319 for (i = PRIV_TEXT; i <= PUB_DER; i++)
320 ret = ret && test_print_key_type_using_encoder(alg, i, pk);
325 #ifndef OPENSSL_NO_ECX
326 static int test_print_key_using_encoder_public(const char *alg,
332 for (i = PUB_TEXT; i <= PUB_DER; i++)
333 ret = ret && test_print_key_type_using_encoder(alg, i, pk);
339 /* Array indexes used in test_fromdata_rsa */
349 static int test_fromdata_rsa(void)
352 EVP_PKEY_CTX *ctx = NULL, *key_ctx = NULL;
353 EVP_PKEY *pk = NULL, *copy_pk = NULL, *dup_pk = NULL;
355 * 32-bit RSA key, extracted from this command,
356 * executed with OpenSSL 1.0.2:
358 * openssl genrsa 32 | openssl rsa -text
360 static unsigned long key_numbers[] = {
370 OSSL_PARAM fromdata_params[] = {
371 OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_N, &key_numbers[N]),
372 OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_E, &key_numbers[E]),
373 OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_D, &key_numbers[D]),
374 OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_FACTOR1, &key_numbers[P]),
375 OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_FACTOR2, &key_numbers[Q]),
376 OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_EXPONENT1, &key_numbers[DP]),
377 OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_EXPONENT2, &key_numbers[DQ]),
378 OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_COEFFICIENT1, &key_numbers[QINV]),
381 BIGNUM *bn = BN_new();
382 BIGNUM *bn_from = BN_new();
384 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(NULL, "RSA", NULL)))
387 if (!TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1)
388 || !TEST_int_eq(EVP_PKEY_fromdata(ctx, &pk, EVP_PKEY_KEYPAIR,
389 fromdata_params), 1))
394 if (!TEST_int_eq(EVP_PKEY_get_bits(pk), 32)
395 || !TEST_int_eq(EVP_PKEY_get_security_bits(pk), 8)
396 || !TEST_int_eq(EVP_PKEY_get_size(pk), 4)
397 || !TEST_false(EVP_PKEY_missing_parameters(pk)))
400 EVP_PKEY_CTX_free(key_ctx);
401 if (!TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(NULL, pk, "")))
404 if (!TEST_int_gt(EVP_PKEY_check(key_ctx), 0)
405 || !TEST_int_gt(EVP_PKEY_public_check(key_ctx), 0)
406 || !TEST_int_gt(EVP_PKEY_private_check(key_ctx), 0)
407 || !TEST_int_gt(EVP_PKEY_pairwise_check(key_ctx), 0))
410 /* EVP_PKEY_copy_parameters() should fail for RSA */
411 if (!TEST_ptr(copy_pk = EVP_PKEY_new())
412 || !TEST_false(EVP_PKEY_copy_parameters(copy_pk, pk)))
414 EVP_PKEY_free(copy_pk);
417 ret = test_print_key_using_pem("RSA", pk)
418 && test_print_key_using_encoder("RSA", pk);
420 if (!ret || dup_pk != NULL)
423 if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pk)))
425 ret = ret && TEST_int_eq(EVP_PKEY_eq(pk, dup_pk), 1);
432 /* for better diagnostics always compare key params */
433 for (i = 0; fromdata_params[i].key != NULL; ++i) {
434 if (!TEST_true(BN_set_word(bn_from, key_numbers[i]))
435 || !TEST_true(EVP_PKEY_get_bn_param(pk, fromdata_params[i].key,
437 || !TEST_BN_eq(bn, bn_from))
443 EVP_PKEY_free(copy_pk);
444 EVP_PKEY_CTX_free(key_ctx);
445 EVP_PKEY_CTX_free(ctx);
455 static int do_fromdata_rsa_derive(OSSL_PARAM *fromdata_params,
456 struct check_data check[],
457 int expected_nbits, int expected_sbits,
460 const OSSL_PARAM *check_param = NULL;
461 BIGNUM *check_bn = NULL;
462 OSSL_PARAM *todata_params = NULL;
463 EVP_PKEY_CTX *ctx = NULL, *key_ctx = NULL;
464 EVP_PKEY *pk = NULL, *copy_pk = NULL, *dup_pk = NULL;
468 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(NULL, "RSA", NULL))
469 || !TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1)
470 || !TEST_int_eq(EVP_PKEY_fromdata(ctx, &pk, EVP_PKEY_KEYPAIR,
471 fromdata_params), 1))
475 * get the generated key parameters back and validate that the
476 * exponents/coeffs are correct
478 if (!TEST_int_eq(EVP_PKEY_todata(pk, EVP_PKEY_KEYPAIR, &todata_params), 1))
481 for (i = 0; check[i].pname != NULL; i++) {
482 if (!TEST_ptr(check_param = OSSL_PARAM_locate_const(todata_params,
485 if (!TEST_int_eq(OSSL_PARAM_get_BN(check_param, &check_bn), 1))
487 if (!TEST_BN_eq(check_bn, check[i].comparebn)) {
488 TEST_info("Data mismatch for parameter %s", check[i].pname);
496 if (!TEST_int_eq(EVP_PKEY_get_bits(pk), expected_nbits)
497 || !TEST_int_eq(EVP_PKEY_get_security_bits(pk), expected_sbits)
498 || !TEST_int_eq(EVP_PKEY_get_size(pk), expected_ksize)
499 || !TEST_false(EVP_PKEY_missing_parameters(pk)))
502 EVP_PKEY_CTX_free(key_ctx);
503 if (!TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(NULL, pk, "")))
506 if (!TEST_int_gt(EVP_PKEY_check(key_ctx), 0)
507 || !TEST_int_gt(EVP_PKEY_public_check(key_ctx), 0)
508 || !TEST_int_gt(EVP_PKEY_private_check(key_ctx), 0)
509 || !TEST_int_gt(EVP_PKEY_pairwise_check(key_ctx), 0))
512 /* EVP_PKEY_copy_parameters() should fail for RSA */
513 if (!TEST_ptr(copy_pk = EVP_PKEY_new())
514 || !TEST_false(EVP_PKEY_copy_parameters(copy_pk, pk)))
516 EVP_PKEY_free(copy_pk);
522 if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pk)))
524 if (!TEST_int_eq(EVP_PKEY_eq(pk, dup_pk), 1)) {
525 EVP_PKEY_free(dup_pk);
535 EVP_PKEY_CTX_free(ctx);
536 EVP_PKEY_CTX_free(key_ctx);
537 OSSL_PARAM_free(fromdata_params);
538 OSSL_PARAM_free(todata_params);
542 static int test_fromdata_rsa_derive_from_pq_sp800(void)
544 OSSL_PARAM_BLD *bld = NULL;
545 BIGNUM *n = NULL, *e = NULL, *d = NULL, *p = NULL, *q = NULL;
546 BIGNUM *dmp1 = NULL, *dmq1 = NULL, *iqmp = NULL;
547 OSSL_PARAM *fromdata_params = NULL;
548 struct check_data cdata[4];
551 * 512-bit RSA key, extracted from this command,
552 * openssl genrsa 512 | openssl rsa -text
553 * Note: When generating a key with EVP_PKEY_fromdata, and using
554 * crt derivation, openssl requires a minimum of 512 bits of n data,
555 * and 2048 bits in the FIPS case
557 static unsigned char n_data[] =
558 {0x00, 0xc7, 0x06, 0xd8, 0x6b, 0x3c, 0x4f, 0xb7, 0x95, 0x42, 0x44, 0x90,
559 0xbd, 0xef, 0xf3, 0xc4, 0xb5, 0xa8, 0x55, 0x9e, 0x33, 0xa3, 0x04, 0x3a,
560 0x90, 0xe5, 0x13, 0xff, 0x87, 0x69, 0x15, 0xa4, 0x8a, 0x17, 0x10, 0xcc,
561 0xdf, 0xf9, 0xc5, 0x0f, 0xf1, 0x12, 0xff, 0x12, 0x11, 0xe5, 0x6b, 0x5c,
562 0x83, 0xd9, 0x43, 0xd1, 0x8a, 0x7e, 0xa6, 0x60, 0x07, 0x2e, 0xbb, 0x03,
563 0x17, 0x2d, 0xec, 0x17, 0x87};
564 static unsigned char e_data[] = {0x01, 0x00, 0x01};
565 static unsigned char d_data[] =
566 {0x1e, 0x5e, 0x5d, 0x07, 0x7f, 0xdc, 0x6a, 0x16, 0xcc, 0x55, 0xca, 0x00,
567 0x31, 0x6c, 0xf0, 0xc7, 0x07, 0x38, 0x89, 0x3b, 0x37, 0xd4, 0x9d, 0x5b,
568 0x1e, 0x99, 0x3e, 0x94, 0x5a, 0xe4, 0x82, 0x86, 0x8a, 0x78, 0x34, 0x09,
569 0x37, 0xd5, 0xe7, 0xb4, 0xef, 0x5f, 0x83, 0x94, 0xff, 0xe5, 0x36, 0x79,
570 0x10, 0x0c, 0x38, 0xc5, 0x3a, 0x33, 0xa6, 0x7c, 0x3c, 0xcc, 0x98, 0xe0,
571 0xf5, 0xdb, 0xe6, 0x81};
572 static unsigned char p_data[] =
573 {0x00, 0xf6, 0x61, 0x38, 0x0e, 0x1f, 0x82, 0x7c, 0xb8, 0xba, 0x00, 0xd3,
574 0xac, 0xdc, 0x4e, 0x6b, 0x7e, 0xf7, 0x58, 0xf3, 0xd9, 0xd8, 0x21, 0xed,
575 0x54, 0xa3, 0x36, 0xd2, 0x2c, 0x5f, 0x06, 0x7d, 0xc5};
576 static unsigned char q_data[] =
577 {0x00, 0xce, 0xcc, 0x4a, 0xa5, 0x4f, 0xd6, 0x73, 0xd0, 0x20, 0xc3, 0x98,
578 0x64, 0x20, 0x9b, 0xc1, 0x23, 0xd8, 0x5c, 0x82, 0x4f, 0xe8, 0xa5, 0x32,
579 0xcd, 0x7e, 0x97, 0xb4, 0xde, 0xf6, 0x4c, 0x80, 0xdb};
580 static unsigned char dmp1_data[] =
581 {0x00, 0xd1, 0x07, 0xb6, 0x79, 0x34, 0xfe, 0x8e, 0x36, 0x63, 0x88, 0xa4,
582 0x0e, 0x3a, 0x73, 0x45, 0xfc, 0x58, 0x7a, 0x5d, 0x98, 0xeb, 0x28, 0x0d,
583 0xa5, 0x0b, 0x3c, 0x4d, 0xa0, 0x5b, 0x96, 0xb4, 0x49};
584 static unsigned char dmq1_data[] =
585 {0x5b, 0x47, 0x02, 0xdf, 0xaa, 0xb8, 0xae, 0x8f, 0xbc, 0x16, 0x79, 0x6a,
586 0x20, 0x96, 0x7f, 0x0e, 0x92, 0x4e, 0x6a, 0xda, 0x58, 0x86, 0xaa, 0x40,
587 0xd7, 0xd2, 0xa0, 0x6c, 0x15, 0x6c, 0xb9, 0x27};
588 static unsigned char iqmp_data[] =
589 {0x00, 0xa0, 0xd6, 0xf0, 0xe8, 0x17, 0x9e, 0xe7, 0xe6, 0x99, 0x12, 0xd6,
590 0xd9, 0x43, 0xcf, 0xed, 0x37, 0x29, 0xf5, 0x6c, 0x3e, 0xc1, 0x7f, 0x2e,
591 0x31, 0x3f, 0x64, 0x34, 0x66, 0x68, 0x5c, 0x22, 0x08};
593 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
594 || !TEST_ptr(n = BN_bin2bn(n_data, sizeof(n_data), NULL))
595 || !TEST_ptr(e = BN_bin2bn(e_data, sizeof(e_data), NULL))
596 || !TEST_ptr(d = BN_bin2bn(d_data, sizeof(d_data), NULL))
597 || !TEST_ptr(p = BN_bin2bn(p_data, sizeof(p_data), NULL))
598 || !TEST_ptr(q = BN_bin2bn(q_data, sizeof(q_data), NULL))
599 || !TEST_ptr(dmp1 = BN_bin2bn(dmp1_data, sizeof(dmp1_data), NULL))
600 || !TEST_ptr(dmq1 = BN_bin2bn(dmq1_data, sizeof(dmq1_data), NULL))
601 || !TEST_ptr(iqmp = BN_bin2bn(iqmp_data, sizeof(iqmp_data), NULL))
602 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_N, n))
603 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_E, e))
604 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_D, d))
605 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_FACTOR1,
607 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_FACTOR2,
609 || !TEST_true(OSSL_PARAM_BLD_push_int(bld,
610 OSSL_PKEY_PARAM_RSA_DERIVE_FROM_PQ, 1))
611 || !TEST_ptr(fromdata_params = OSSL_PARAM_BLD_to_param(bld)))
614 cdata[0].pname = OSSL_PKEY_PARAM_RSA_EXPONENT1;
615 cdata[0].comparebn = dmp1;
616 cdata[1].pname = OSSL_PKEY_PARAM_RSA_EXPONENT2;
617 cdata[1].comparebn = dmq1;
618 cdata[2].pname = OSSL_PKEY_PARAM_RSA_COEFFICIENT1;
619 cdata[2].comparebn = iqmp;
620 cdata[3].pname = NULL;
621 cdata[3].comparebn = NULL;
623 ret = do_fromdata_rsa_derive(fromdata_params, cdata, 512, 56, 64);
634 OSSL_PARAM_BLD_free(bld);
638 static int test_fromdata_rsa_derive_from_pq_multiprime(void)
640 OSSL_PARAM_BLD *bld = NULL;
641 BIGNUM *n = NULL, *e = NULL, *d = NULL;
642 BIGNUM *p = NULL, *q = NULL, *p2 = NULL;
643 BIGNUM *dmp1 = NULL, *dmq1 = NULL, *iqmp = NULL;
644 BIGNUM *exp3 = NULL, *coeff2 = NULL;
645 OSSL_PARAM *fromdata_params = NULL;
646 struct check_data cdata[12];
649 * multiprime RSA key, extracted from this command,
650 * openssl genrsa -primes 3 | openssl rsa -text
651 * Note: When generating a key with EVP_PKEY_fromdata, and using
652 * crt derivation, openssl requires a minimum of 512 bits of n data,
653 * and 2048 bits in the FIPS case
655 static unsigned char n_data[] =
656 {0x00, 0x95, 0x78, 0x21, 0xe0, 0xca, 0x94, 0x6c, 0x0b, 0x86, 0x2a, 0x01,
657 0xde, 0xd9, 0xab, 0xee, 0x88, 0x4a, 0x27, 0x4f, 0xcc, 0x5f, 0xf1, 0x71,
658 0xe1, 0x0b, 0xc3, 0xd1, 0x88, 0x76, 0xf0, 0x83, 0x03, 0x93, 0x7e, 0x39,
659 0xfa, 0x47, 0x89, 0x34, 0x27, 0x18, 0x19, 0x97, 0xfc, 0xd4, 0xfe, 0xe5,
660 0x8a, 0xa9, 0x11, 0x83, 0xb5, 0x15, 0x4a, 0x29, 0xa6, 0xa6, 0xd0, 0x6e,
661 0x0c, 0x7f, 0x61, 0x8f, 0x7e, 0x7c, 0xfb, 0xfc, 0x04, 0x8b, 0xca, 0x44,
662 0xf8, 0x59, 0x0b, 0x22, 0x6f, 0x3f, 0x92, 0x23, 0x98, 0xb5, 0xc8, 0xf7,
663 0xff, 0xf7, 0xac, 0x6b, 0x36, 0xb3, 0xaf, 0x39, 0xde, 0x66, 0x38, 0x51,
664 0x9f, 0xbe, 0xe2, 0xfc, 0xe4, 0x6f, 0x1a, 0x0f, 0x7a, 0xde, 0x7f, 0x0f,
665 0x4e, 0xbc, 0xed, 0xa2, 0x99, 0xc5, 0xd1, 0xbf, 0x8f, 0xba, 0x92, 0x91,
666 0xe4, 0x00, 0x91, 0xbb, 0x67, 0x36, 0x7d, 0x00, 0x50, 0xda, 0x28, 0x38,
667 0xdc, 0x9f, 0xfe, 0x3f, 0x24, 0x5a, 0x0d, 0xe1, 0x8d, 0xe9, 0x45, 0x2c,
668 0xd7, 0xf2, 0x67, 0x8c, 0x0c, 0x6e, 0xdb, 0xc8, 0x8b, 0x6b, 0x38, 0x30,
669 0x21, 0x94, 0xc0, 0xe3, 0xd7, 0xe0, 0x23, 0xd3, 0xd4, 0xfa, 0xdb, 0xb9,
670 0xfe, 0x1a, 0xcc, 0xc9, 0x79, 0x19, 0x35, 0x18, 0x42, 0x30, 0xc4, 0xb5,
671 0x92, 0x33, 0x1e, 0xd4, 0xc4, 0xc0, 0x9d, 0x55, 0x37, 0xd4, 0xef, 0x54,
672 0x71, 0x81, 0x09, 0x15, 0xdb, 0x11, 0x38, 0x6b, 0x35, 0x93, 0x11, 0xdc,
673 0xb1, 0x6c, 0xd6, 0xa4, 0x37, 0x84, 0xf3, 0xb2, 0x2f, 0x1b, 0xd6, 0x05,
674 0x9f, 0x0e, 0x5c, 0x98, 0x29, 0x2f, 0x95, 0xb6, 0x55, 0xbd, 0x24, 0x44,
675 0xc5, 0xc8, 0xa2, 0x76, 0x1e, 0xf8, 0x82, 0x8a, 0xdf, 0x34, 0x72, 0x7e,
676 0xdd, 0x65, 0x4b, 0xfc, 0x6c, 0x1c, 0x96, 0x70, 0xe2, 0x69, 0xb5, 0x12,
677 0x1b, 0x59, 0x67, 0x14, 0x9d};
678 static unsigned char e_data[] = {0x01, 0x00, 0x01};
679 static unsigned char d_data[] =
680 {0x64, 0x57, 0x4d, 0x86, 0xf6, 0xf8, 0x44, 0xc0, 0x47, 0xc5, 0x13, 0x94,
681 0x63, 0x54, 0x84, 0xc1, 0x81, 0xe6, 0x7a, 0x2f, 0x9d, 0x89, 0x1d, 0x06,
682 0x13, 0x3b, 0xd6, 0x02, 0x62, 0xb6, 0x7b, 0x7d, 0x7f, 0x1a, 0x92, 0x19,
683 0x6e, 0xc4, 0xb0, 0xfa, 0x3d, 0xb7, 0x90, 0xcc, 0xee, 0xc0, 0x5f, 0xa0,
684 0x82, 0x77, 0x7b, 0x8f, 0xa9, 0x47, 0x2c, 0x46, 0xf0, 0x5d, 0xa4, 0x43,
685 0x47, 0x90, 0x5b, 0x20, 0x73, 0x0f, 0x46, 0xd4, 0x56, 0x73, 0xe7, 0x71,
686 0x41, 0x75, 0xb4, 0x1c, 0x32, 0xf5, 0x0c, 0x68, 0x8c, 0x40, 0xea, 0x1c,
687 0x30, 0x12, 0xa2, 0x65, 0x02, 0x27, 0x98, 0x4e, 0x0a, 0xbf, 0x2b, 0x72,
688 0xb2, 0x5c, 0xe3, 0xbe, 0x3e, 0xc7, 0xdb, 0x9b, 0xa2, 0x4a, 0x90, 0xc0,
689 0xa7, 0xb0, 0x00, 0xf1, 0x6a, 0xff, 0xa3, 0x77, 0xf7, 0x71, 0xa2, 0x41,
690 0xe9, 0x6e, 0x7c, 0x38, 0x24, 0x46, 0xd5, 0x5c, 0x49, 0x2a, 0xe6, 0xee,
691 0x27, 0x4b, 0x2e, 0x6f, 0x16, 0x54, 0x2d, 0x37, 0x36, 0x01, 0x39, 0x2b,
692 0x23, 0x4b, 0xb4, 0x65, 0x25, 0x4d, 0x7f, 0x72, 0x20, 0x7f, 0x5d, 0xec,
693 0x50, 0xba, 0xbb, 0xaa, 0x9c, 0x3c, 0x1d, 0xa1, 0x40, 0x2c, 0x6a, 0x8b,
694 0x5f, 0x2e, 0xe0, 0xa6, 0xf7, 0x9e, 0x03, 0xb5, 0x44, 0x5f, 0x74, 0xc7,
695 0x9f, 0x89, 0x2b, 0x71, 0x2f, 0x66, 0x9f, 0x03, 0x6c, 0x96, 0xd0, 0x23,
696 0x36, 0x4d, 0xa1, 0xf0, 0x82, 0xcc, 0x43, 0xe7, 0x08, 0x93, 0x40, 0x18,
697 0xc0, 0x39, 0x73, 0x83, 0xe2, 0xec, 0x9b, 0x81, 0x9d, 0x4c, 0x86, 0xaa,
698 0x59, 0xa8, 0x67, 0x1c, 0x80, 0xdc, 0x6f, 0x7f, 0x23, 0x6b, 0x7d, 0x2c,
699 0x56, 0x99, 0xa0, 0x89, 0x7e, 0xdb, 0x8b, 0x7a, 0xaa, 0x03, 0x8e, 0x8e,
700 0x8e, 0x3a, 0x58, 0xb4, 0x03, 0x6b, 0x65, 0xfa, 0x92, 0x0a, 0x96, 0x93,
701 0xa6, 0x07, 0x60, 0x01};
702 static unsigned char p_data[] =
703 {0x06, 0x55, 0x7f, 0xbd, 0xfd, 0xa8, 0x4c, 0x94, 0x5e, 0x10, 0x8a, 0x54,
704 0x37, 0xf3, 0x64, 0x37, 0x3a, 0xca, 0x18, 0x1b, 0xdd, 0x71, 0xa5, 0x94,
705 0xc9, 0x31, 0x59, 0xa5, 0x89, 0xe9, 0xc4, 0xba, 0x55, 0x90, 0x6d, 0x9c,
706 0xcc, 0x52, 0x5d, 0x44, 0xa8, 0xbc, 0x2b, 0x3b, 0x8c, 0xbd, 0x96, 0xfa,
707 0xcd, 0x54, 0x63, 0xe3, 0xc8, 0xfe, 0x5e, 0xc6, 0x73, 0x98, 0x14, 0x7a,
708 0x54, 0x0e, 0xe7, 0x75, 0x49, 0x93, 0x20, 0x33, 0x17, 0xa9, 0x34, 0xa8,
709 0xee, 0xaf, 0x3a, 0xcc, 0xf5, 0x69, 0xfc, 0x30, 0x1a, 0xdf, 0x49, 0x61,
711 static unsigned char p2_data[] =
712 {0x03, 0xe2, 0x41, 0x3d, 0xb1, 0xdd, 0xad, 0xd7, 0x3b, 0xf8, 0xab, 0x32,
713 0x27, 0x8b, 0xac, 0x95, 0xc0, 0x1a, 0x3f, 0x80, 0x8e, 0x21, 0xa9, 0xb8,
714 0xa2, 0xed, 0xcf, 0x97, 0x5c, 0x61, 0x10, 0x94, 0x1b, 0xd0, 0xbe, 0x88,
715 0xc2, 0xa7, 0x20, 0xe5, 0xa5, 0xc2, 0x7a, 0x7e, 0xf0, 0xd1, 0xe4, 0x13,
716 0x75, 0xb9, 0x62, 0x90, 0xf1, 0xc3, 0x5b, 0x8c, 0xe9, 0xa9, 0x5b, 0xb7,
717 0x6d, 0xdc, 0xcd, 0x12, 0xea, 0x97, 0x05, 0x04, 0x25, 0x2a, 0x93, 0xd1,
718 0x4e, 0x05, 0x1a, 0x50, 0xa2, 0x67, 0xb8, 0x4b, 0x09, 0x15, 0x65, 0x6c,
720 static unsigned char q_data[] =
721 {0x06, 0x13, 0x74, 0x6e, 0xde, 0x7c, 0x33, 0xc2, 0xe7, 0x05, 0x2c, 0xeb,
722 0x25, 0x7d, 0x4a, 0x07, 0x7e, 0x03, 0xcf, 0x6a, 0x23, 0x36, 0x25, 0x23,
723 0xf6, 0x5d, 0xde, 0xa3, 0x0f, 0x82, 0xe6, 0x4b, 0xec, 0x39, 0xbf, 0x37,
724 0x1f, 0x4f, 0x56, 0x1e, 0xd8, 0x62, 0x32, 0x5c, 0xf5, 0x37, 0x75, 0x20,
725 0xe2, 0x7e, 0x56, 0x82, 0xc6, 0x35, 0xd3, 0x4d, 0xfa, 0x6c, 0xc3, 0x93,
726 0xf0, 0x60, 0x53, 0x78, 0x95, 0xee, 0xf9, 0x8b, 0x2c, 0xaf, 0xb1, 0x47,
727 0x5c, 0x29, 0x0d, 0x2a, 0x47, 0x7f, 0xd0, 0x7a, 0x4e, 0x26, 0x7b, 0x47,
729 static unsigned char dmp1_data[] =
730 {0x01, 0x13, 0x3a, 0x1f, 0x91, 0x92, 0xa3, 0x8c, 0xfb, 0x7a, 0x6b, 0x40,
731 0x68, 0x4e, 0xd3, 0xcf, 0xdc, 0x16, 0xb9, 0x88, 0xe1, 0x49, 0x8d, 0x05,
732 0x78, 0x30, 0xfc, 0x3a, 0x70, 0xf2, 0x51, 0x06, 0x1f, 0xc7, 0xe8, 0x13,
733 0x19, 0x4b, 0x51, 0xb1, 0x79, 0xc2, 0x96, 0xc4, 0x00, 0xdb, 0x9d, 0x68,
734 0xec, 0xb9, 0x4a, 0x4b, 0x3b, 0xae, 0x91, 0x7f, 0xb5, 0xd7, 0x36, 0x82,
735 0x9d, 0x09, 0xfa, 0x97, 0x99, 0xe9, 0x73, 0x29, 0xb8, 0xf6, 0x6b, 0x8d,
736 0xd1, 0x15, 0xc5, 0x31, 0x4c, 0xe6, 0xb4, 0x7b, 0xa5, 0xd4, 0x08, 0xac,
738 static unsigned char dmq1_data[] =
739 {0x05, 0xcd, 0x33, 0xc2, 0xdd, 0x3b, 0xb8, 0xec, 0xe4, 0x4c, 0x03, 0xcc,
740 0xef, 0xba, 0x07, 0x22, 0xca, 0x47, 0x77, 0x18, 0x40, 0x50, 0xe5, 0xfb,
741 0xc5, 0xb5, 0x71, 0xed, 0x3e, 0xd5, 0x5d, 0x72, 0xa7, 0x37, 0xa8, 0x86,
742 0x48, 0xa6, 0x27, 0x74, 0x42, 0x66, 0xd8, 0xf1, 0xfb, 0xcf, 0x1d, 0x4e,
743 0xee, 0x15, 0x76, 0x23, 0x5e, 0x81, 0x6c, 0xa7, 0x2b, 0x74, 0x08, 0xf7,
744 0x4c, 0x71, 0x9d, 0xa2, 0x29, 0x7f, 0xca, 0xd5, 0x02, 0x31, 0x2c, 0x54,
745 0x18, 0x02, 0xb6, 0xa8, 0x65, 0x26, 0xfc, 0xf8, 0x9b, 0x80, 0x90, 0xfc,
747 static unsigned char iqmp_data[] =
748 {0x05, 0x78, 0xf8, 0xdd, 0x1c, 0x6f, 0x3d, 0xaf, 0x53, 0x84, 0x32, 0xa9,
749 0x35, 0x52, 0xf3, 0xd0, 0x4d, 0xf8, 0x09, 0x85, 0x3d, 0x72, 0x20, 0x8b,
750 0x47, 0xba, 0xc8, 0xce, 0xac, 0xd9, 0x76, 0x90, 0x05, 0x88, 0x63, 0x8a,
751 0x10, 0x2b, 0xcd, 0xd3, 0xbe, 0x8c, 0x16, 0x60, 0x6a, 0xfd, 0xce, 0xc7,
752 0x9f, 0xfa, 0xbb, 0xe3, 0xa6, 0xde, 0xc2, 0x8f, 0x1d, 0x25, 0xdc, 0x41,
753 0xcb, 0xa4, 0xeb, 0x76, 0xc9, 0xdc, 0x8e, 0x49, 0x0e, 0xe4, 0x7c, 0xd2,
754 0xd5, 0x6e, 0x26, 0x3c, 0x0b, 0xd3, 0xc5, 0x20, 0x4e, 0x4b, 0xb6, 0xf7,
756 static unsigned char exp3_data[] =
757 {0x02, 0x7d, 0x16, 0x24, 0xfc, 0x35, 0xf9, 0xd0, 0xb3, 0x02, 0xf2, 0x5f,
758 0xde, 0xeb, 0x27, 0x19, 0x85, 0xd0, 0xcb, 0xe4, 0x0a, 0x2f, 0x13, 0xdb,
759 0xd5, 0xba, 0xe0, 0x8c, 0x32, 0x8b, 0x97, 0xdd, 0xef, 0xbc, 0xe0, 0x7a,
760 0x2d, 0x90, 0x7e, 0x09, 0xe9, 0x1f, 0x26, 0xf2, 0xf4, 0x48, 0xea, 0x06,
761 0x76, 0x26, 0xe6, 0x3b, 0xce, 0x4e, 0xc9, 0xf9, 0x0f, 0x38, 0x90, 0x26,
762 0x87, 0x65, 0x36, 0x9a, 0xea, 0x6a, 0xfe, 0xb1, 0xdb, 0x46, 0xdf, 0x14,
763 0xfd, 0x13, 0x53, 0xfb, 0x5b, 0x35, 0x6e, 0xe7, 0xd5, 0xd8, 0x39, 0xf7,
765 static unsigned char coeff2_data[] =
766 {0x01, 0xba, 0x66, 0x0a, 0xa2, 0x86, 0xc0, 0x57, 0x7f, 0x4e, 0x68, 0xb1,
767 0x86, 0x63, 0x23, 0x5b, 0x0e, 0xeb, 0x93, 0x42, 0xd1, 0xaa, 0x15, 0x13,
768 0xcc, 0x29, 0x71, 0x8a, 0xb0, 0xe0, 0xc9, 0x67, 0xde, 0x1a, 0x7c, 0x1a,
769 0xef, 0xa7, 0x08, 0x85, 0xb3, 0xae, 0x98, 0x99, 0xde, 0xaf, 0x09, 0x38,
770 0xfc, 0x46, 0x29, 0x5f, 0x4f, 0x7e, 0x01, 0x6c, 0x50, 0x13, 0x95, 0x91,
771 0x4c, 0x0f, 0x00, 0xba, 0xca, 0x40, 0xa3, 0xd0, 0x58, 0xb6, 0x62, 0x4c,
772 0xd1, 0xb6, 0xd3, 0x29, 0x5d, 0x82, 0xb3, 0x3d, 0x61, 0xbe, 0x5d, 0xf0,
775 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
776 || !TEST_ptr(n = BN_bin2bn(n_data, sizeof(n_data), NULL))
777 || !TEST_ptr(e = BN_bin2bn(e_data, sizeof(e_data), NULL))
778 || !TEST_ptr(d = BN_bin2bn(d_data, sizeof(d_data), NULL))
779 || !TEST_ptr(p = BN_bin2bn(p_data, sizeof(p_data), NULL))
780 || !TEST_ptr(q = BN_bin2bn(q_data, sizeof(q_data), NULL))
781 || !TEST_ptr(p2 = BN_bin2bn(p2_data, sizeof(p2_data), NULL))
782 || !TEST_ptr(exp3 = BN_bin2bn(exp3_data, sizeof(exp3_data), NULL))
783 || !TEST_ptr(coeff2 = BN_bin2bn(coeff2_data, sizeof(coeff2_data), NULL))
784 || !TEST_ptr(dmp1 = BN_bin2bn(dmp1_data, sizeof(dmp1_data), NULL))
785 || !TEST_ptr(dmq1 = BN_bin2bn(dmq1_data, sizeof(dmq1_data), NULL))
786 || !TEST_ptr(iqmp = BN_bin2bn(iqmp_data, sizeof(iqmp_data), NULL))
787 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_N, n))
788 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_E, e))
789 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_D, d))
790 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_FACTOR1,
792 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_FACTOR2,
794 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_FACTOR3,
796 || !TEST_true(OSSL_PARAM_BLD_push_int(bld,
797 OSSL_PKEY_PARAM_RSA_DERIVE_FROM_PQ, 1))
798 || !TEST_ptr(fromdata_params = OSSL_PARAM_BLD_to_param(bld)))
801 cdata[0].pname = OSSL_PKEY_PARAM_RSA_EXPONENT1;
802 cdata[0].comparebn = dmp1;
803 cdata[1].pname = OSSL_PKEY_PARAM_RSA_EXPONENT2;
804 cdata[1].comparebn = dmq1;
805 cdata[2].pname = OSSL_PKEY_PARAM_RSA_COEFFICIENT1;
806 cdata[2].comparebn = iqmp;
807 cdata[3].pname = OSSL_PKEY_PARAM_RSA_EXPONENT3;
808 cdata[3].comparebn = exp3;
809 cdata[4].pname = OSSL_PKEY_PARAM_RSA_COEFFICIENT2;
810 cdata[4].comparebn = coeff2;
811 cdata[5].pname = OSSL_PKEY_PARAM_RSA_N;
812 cdata[5].comparebn = n;
813 cdata[6].pname = OSSL_PKEY_PARAM_RSA_E;
814 cdata[6].comparebn = e;
815 cdata[7].pname = OSSL_PKEY_PARAM_RSA_D;
816 cdata[7].comparebn = d;
817 cdata[8].pname = OSSL_PKEY_PARAM_RSA_FACTOR1;
818 cdata[8].comparebn = p;
819 cdata[9].pname = OSSL_PKEY_PARAM_RSA_FACTOR2;
820 cdata[9].comparebn = q;
821 cdata[10].pname = OSSL_PKEY_PARAM_RSA_FACTOR3;
822 cdata[10].comparebn = p2;
823 cdata[11].pname = NULL;
824 cdata[11].comparebn = NULL;
826 ret = do_fromdata_rsa_derive(fromdata_params, cdata, 2048, 112, 256);
840 OSSL_PARAM_BLD_free(bld);
844 static int test_evp_pkey_get_bn_param_large(void)
847 EVP_PKEY_CTX *ctx = NULL, *key_ctx = NULL;
849 OSSL_PARAM_BLD *bld = NULL;
850 OSSL_PARAM *fromdata_params = NULL;
851 BIGNUM *n = NULL, *e = NULL, *d = NULL, *n_out = NULL;
853 * The buffer size chosen here for n_data larger than the buffer used
854 * internally in EVP_PKEY_get_bn_param.
856 static unsigned char n_data[2050];
857 static const unsigned char e_data[] = {
860 static const unsigned char d_data[] = {
861 0x99, 0x33, 0x13, 0x7b
864 /* N is a large buffer */
865 memset(n_data, 0xCE, sizeof(n_data));
867 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
868 || !TEST_ptr(n = BN_bin2bn(n_data, sizeof(n_data), NULL))
869 || !TEST_ptr(e = BN_bin2bn(e_data, sizeof(e_data), NULL))
870 || !TEST_ptr(d = BN_bin2bn(d_data, sizeof(d_data), NULL))
871 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_N, n))
872 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_E, e))
873 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_D, d))
874 || !TEST_ptr(fromdata_params = OSSL_PARAM_BLD_to_param(bld))
875 || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(NULL, "RSA", NULL))
876 || !TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1)
877 || !TEST_int_eq(EVP_PKEY_fromdata(ctx, &pk, EVP_PKEY_KEYPAIR,
879 || !TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(NULL, pk, ""))
880 || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_RSA_N, &n_out))
881 || !TEST_BN_eq(n, n_out))
890 EVP_PKEY_CTX_free(key_ctx);
891 EVP_PKEY_CTX_free(ctx);
892 OSSL_PARAM_free(fromdata_params);
893 OSSL_PARAM_BLD_free(bld);
898 #ifndef OPENSSL_NO_DH
899 static int test_fromdata_dh_named_group(void)
902 int gindex = 0, pcounter = 0, hindex = 0;
903 EVP_PKEY_CTX *ctx = NULL, *key_ctx = NULL;
904 EVP_PKEY *pk = NULL, *copy_pk = NULL, *dup_pk = NULL;
906 BIGNUM *pub = NULL, *priv = NULL;
907 BIGNUM *pub_out = NULL, *priv_out = NULL;
908 BIGNUM *p = NULL, *q = NULL, *g = NULL, *j = NULL;
909 OSSL_PARAM *fromdata_params = NULL;
910 OSSL_PARAM_BLD *bld = NULL;
912 unsigned char seed_out[32];
915 * DH key data was generated using the following:
916 * openssl genpkey -algorithm DH -pkeyopt group:ffdhe2048
917 * -pkeyopt priv_len:224 -text
919 static const unsigned char priv_data[] = {
920 0x88, 0x85, 0xe7, 0x9f, 0xee, 0x6d, 0xc5, 0x7c, 0x78, 0xaf, 0x63, 0x5d,
921 0x38, 0x2a, 0xd0, 0xed, 0x56, 0x4b, 0x47, 0x21, 0x2b, 0xfa, 0x55, 0xfa,
922 0x87, 0xe8, 0xa9, 0x7b,
924 static const unsigned char pub_data[] = {
925 0x00, 0xd6, 0x2d, 0x77, 0xe0, 0xd3, 0x7d, 0xf8, 0xeb, 0x98, 0x50, 0xa1,
926 0x82, 0x22, 0x65, 0xd5, 0xd9, 0xfe, 0xc9, 0x3f, 0xbe, 0x16, 0x83, 0xbd,
927 0x33, 0xe9, 0xc6, 0x93, 0xcf, 0x08, 0xaf, 0x83, 0xfa, 0x80, 0x8a, 0x6c,
928 0x64, 0xdf, 0x70, 0x64, 0xd5, 0x0a, 0x7c, 0x5a, 0x72, 0xda, 0x66, 0xe6,
929 0xf9, 0xf5, 0x31, 0x21, 0x92, 0xb0, 0x60, 0x1a, 0xb5, 0xd3, 0xf0, 0xa5,
930 0xfa, 0x48, 0x95, 0x2e, 0x38, 0xd9, 0xc5, 0xe6, 0xda, 0xfb, 0x6c, 0x03,
931 0x9d, 0x4b, 0x69, 0xb7, 0x95, 0xe4, 0x5c, 0xc0, 0x93, 0x4f, 0x48, 0xd9,
932 0x7e, 0x06, 0x22, 0xb2, 0xde, 0xf3, 0x79, 0x24, 0xed, 0xe1, 0xd1, 0x4a,
933 0x57, 0xf1, 0x40, 0x86, 0x70, 0x42, 0x25, 0xc5, 0x27, 0x68, 0xc9, 0xfa,
934 0xe5, 0x8e, 0x62, 0x7e, 0xff, 0x49, 0x6c, 0x5b, 0xb5, 0xba, 0xf9, 0xef,
935 0x9a, 0x1a, 0x10, 0xd4, 0x81, 0x53, 0xcf, 0x83, 0x04, 0x18, 0x1c, 0xe1,
936 0xdb, 0xe1, 0x65, 0xa9, 0x7f, 0xe1, 0x33, 0xeb, 0xc3, 0x4f, 0xe3, 0xb7,
937 0x22, 0xf7, 0x1c, 0x09, 0x4f, 0xed, 0xc6, 0x07, 0x8e, 0x78, 0x05, 0x8f,
938 0x7c, 0x96, 0xd9, 0x12, 0xe0, 0x81, 0x74, 0x1a, 0xe9, 0x13, 0xc0, 0x20,
939 0x82, 0x65, 0xbb, 0x42, 0x3b, 0xed, 0x08, 0x6a, 0x84, 0x4f, 0xea, 0x77,
940 0x14, 0x32, 0xf9, 0xed, 0xc2, 0x12, 0xd6, 0xc5, 0xc6, 0xb3, 0xe5, 0xf2,
941 0x6e, 0xf6, 0x16, 0x7f, 0x37, 0xde, 0xbc, 0x09, 0xc7, 0x06, 0x6b, 0x12,
942 0xbc, 0xad, 0x2d, 0x49, 0x25, 0xd5, 0xdc, 0xf4, 0x18, 0x14, 0xd2, 0xf0,
943 0xf1, 0x1d, 0x1f, 0x3a, 0xaa, 0x15, 0x55, 0xbb, 0x0d, 0x7f, 0xbe, 0x67,
944 0xa1, 0xa7, 0xf0, 0xaa, 0xb3, 0xfb, 0x41, 0x82, 0x39, 0x49, 0x93, 0xbc,
945 0xa8, 0xee, 0x72, 0x13, 0x45, 0x65, 0x15, 0x42, 0x17, 0xaa, 0xd8, 0xab,
946 0xcf, 0x33, 0x42, 0x83, 0x42
948 static const char group_name[] = "ffdhe2048";
949 static const long priv_len = 224;
951 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
952 || !TEST_ptr(pub = BN_bin2bn(pub_data, sizeof(pub_data), NULL))
953 || !TEST_ptr(priv = BN_bin2bn(priv_data, sizeof(priv_data), NULL))
954 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
955 OSSL_PKEY_PARAM_GROUP_NAME,
957 || !TEST_true(OSSL_PARAM_BLD_push_long(bld, OSSL_PKEY_PARAM_DH_PRIV_LEN,
959 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY, pub))
960 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY, priv))
961 || !TEST_ptr(fromdata_params = OSSL_PARAM_BLD_to_param(bld)))
964 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(NULL, "DH", NULL)))
967 if (!TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1)
968 || !TEST_int_eq(EVP_PKEY_fromdata(ctx, &pk, EVP_PKEY_KEYPAIR,
969 fromdata_params), 1))
973 * A few extra checks of EVP_PKEY_get_utf8_string_param() to see that
974 * it behaves as expected with regards to string length and terminating
977 if (!TEST_true(EVP_PKEY_get_utf8_string_param(pk,
978 OSSL_PKEY_PARAM_GROUP_NAME,
979 NULL, sizeof(name_out),
981 || !TEST_size_t_eq(len, sizeof(group_name) - 1)
982 /* Just enough space to hold the group name and a terminating NUL */
983 || !TEST_true(EVP_PKEY_get_utf8_string_param(pk,
984 OSSL_PKEY_PARAM_GROUP_NAME,
988 || !TEST_size_t_eq(len, sizeof(group_name) - 1)
989 /* Too small buffer to hold the terminating NUL byte */
990 || !TEST_false(EVP_PKEY_get_utf8_string_param(pk,
991 OSSL_PKEY_PARAM_GROUP_NAME,
993 sizeof(group_name) - 1,
995 /* Too small buffer to hold the whole group name, even! */
996 || !TEST_false(EVP_PKEY_get_utf8_string_param(pk,
997 OSSL_PKEY_PARAM_GROUP_NAME,
999 sizeof(group_name) - 2,
1005 if (!TEST_int_eq(EVP_PKEY_get_bits(pk), 2048)
1006 || !TEST_int_eq(EVP_PKEY_get_security_bits(pk), 112)
1007 || !TEST_int_eq(EVP_PKEY_get_size(pk), 256)
1008 || !TEST_false(EVP_PKEY_missing_parameters(pk)))
1011 if (!TEST_true(EVP_PKEY_get_utf8_string_param(pk,
1012 OSSL_PKEY_PARAM_GROUP_NAME,
1016 || !TEST_str_eq(name_out, group_name)
1017 || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_PUB_KEY,
1020 || !TEST_BN_eq(pub, pub_out)
1021 || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_PRIV_KEY,
1023 || !TEST_BN_eq(priv, priv_out)
1024 || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_FFC_P, &p))
1025 || !TEST_BN_eq(&ossl_bignum_ffdhe2048_p, p)
1026 || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_FFC_Q, &q))
1028 || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_FFC_G, &g))
1029 || !TEST_BN_eq(&ossl_bignum_const_2, g)
1030 || !TEST_false(EVP_PKEY_get_bn_param(pk,
1031 OSSL_PKEY_PARAM_FFC_COFACTOR,
1033 || !TEST_ptr_null(j)
1034 || !TEST_false(EVP_PKEY_get_octet_string_param(pk,
1035 OSSL_PKEY_PARAM_FFC_SEED,
1039 || !TEST_true(EVP_PKEY_get_int_param(pk, OSSL_PKEY_PARAM_FFC_GINDEX,
1041 || !TEST_int_eq(gindex, -1)
1042 || !TEST_true(EVP_PKEY_get_int_param(pk, OSSL_PKEY_PARAM_FFC_H,
1044 || !TEST_int_eq(hindex, 0)
1045 || !TEST_true(EVP_PKEY_get_int_param(pk,
1046 OSSL_PKEY_PARAM_FFC_PCOUNTER,
1048 || !TEST_int_eq(pcounter, -1))
1063 if (!TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(NULL, pk, "")))
1066 if (!TEST_int_gt(EVP_PKEY_check(key_ctx), 0)
1067 || !TEST_int_gt(EVP_PKEY_public_check(key_ctx), 0)
1068 || !TEST_int_gt(EVP_PKEY_private_check(key_ctx), 0)
1069 || !TEST_int_gt(EVP_PKEY_pairwise_check(key_ctx), 0))
1071 EVP_PKEY_CTX_free(key_ctx);
1074 if (!TEST_ptr(copy_pk = EVP_PKEY_new())
1075 || !TEST_true(EVP_PKEY_copy_parameters(copy_pk, pk)))
1077 EVP_PKEY_free(copy_pk);
1080 ret = test_print_key_using_pem("DH", pk)
1081 && test_print_key_using_encoder("DH", pk);
1083 if (!ret || dup_pk != NULL)
1086 if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pk)))
1088 ret = ret && TEST_int_eq(EVP_PKEY_eq(pk, dup_pk), 1);
1103 EVP_PKEY_free(copy_pk);
1105 EVP_PKEY_CTX_free(ctx);
1106 EVP_PKEY_CTX_free(key_ctx);
1107 OSSL_PARAM_free(fromdata_params);
1108 OSSL_PARAM_BLD_free(bld);
1113 static int test_fromdata_dh_fips186_4(void)
1116 int gindex = 0, pcounter = 0, hindex = 0;
1117 EVP_PKEY_CTX *ctx = NULL, *key_ctx = NULL;
1118 EVP_PKEY *pk = NULL, *dup_pk = NULL;
1120 BIGNUM *pub = NULL, *priv = NULL;
1121 BIGNUM *pub_out = NULL, *priv_out = NULL;
1122 BIGNUM *p = NULL, *q = NULL, *g = NULL, *j = NULL;
1123 OSSL_PARAM_BLD *bld = NULL;
1124 OSSL_PARAM *fromdata_params = NULL;
1126 unsigned char seed_out[32];
1129 * DH key data was generated using the following:
1130 * openssl genpkey -algorithm DH
1131 * -pkeyopt group:ffdhe2048 -pkeyopt priv_len:224 -text
1133 static const unsigned char priv_data[] = {
1134 0x88, 0x85, 0xe7, 0x9f, 0xee, 0x6d, 0xc5, 0x7c, 0x78, 0xaf, 0x63, 0x5d,
1135 0x38, 0x2a, 0xd0, 0xed, 0x56, 0x4b, 0x47, 0x21, 0x2b, 0xfa, 0x55, 0xfa,
1136 0x87, 0xe8, 0xa9, 0x7b,
1138 static const unsigned char pub_data[] = {
1139 0xd6, 0x2d, 0x77, 0xe0, 0xd3, 0x7d, 0xf8, 0xeb, 0x98, 0x50, 0xa1, 0x82,
1140 0x22, 0x65, 0xd5, 0xd9, 0xfe, 0xc9, 0x3f, 0xbe, 0x16, 0x83, 0xbd, 0x33,
1141 0xe9, 0xc6, 0x93, 0xcf, 0x08, 0xaf, 0x83, 0xfa, 0x80, 0x8a, 0x6c, 0x64,
1142 0xdf, 0x70, 0x64, 0xd5, 0x0a, 0x7c, 0x5a, 0x72, 0xda, 0x66, 0xe6, 0xf9,
1143 0xf5, 0x31, 0x21, 0x92, 0xb0, 0x60, 0x1a, 0xb5, 0xd3, 0xf0, 0xa5, 0xfa,
1144 0x48, 0x95, 0x2e, 0x38, 0xd9, 0xc5, 0xe6, 0xda, 0xfb, 0x6c, 0x03, 0x9d,
1145 0x4b, 0x69, 0xb7, 0x95, 0xe4, 0x5c, 0xc0, 0x93, 0x4f, 0x48, 0xd9, 0x7e,
1146 0x06, 0x22, 0xb2, 0xde, 0xf3, 0x79, 0x24, 0xed, 0xe1, 0xd1, 0x4a, 0x57,
1147 0xf1, 0x40, 0x86, 0x70, 0x42, 0x25, 0xc5, 0x27, 0x68, 0xc9, 0xfa, 0xe5,
1148 0x8e, 0x62, 0x7e, 0xff, 0x49, 0x6c, 0x5b, 0xb5, 0xba, 0xf9, 0xef, 0x9a,
1149 0x1a, 0x10, 0xd4, 0x81, 0x53, 0xcf, 0x83, 0x04, 0x18, 0x1c, 0xe1, 0xdb,
1150 0xe1, 0x65, 0xa9, 0x7f, 0xe1, 0x33, 0xeb, 0xc3, 0x4f, 0xe3, 0xb7, 0x22,
1151 0xf7, 0x1c, 0x09, 0x4f, 0xed, 0xc6, 0x07, 0x8e, 0x78, 0x05, 0x8f, 0x7c,
1152 0x96, 0xd9, 0x12, 0xe0, 0x81, 0x74, 0x1a, 0xe9, 0x13, 0xc0, 0x20, 0x82,
1153 0x65, 0xbb, 0x42, 0x3b, 0xed, 0x08, 0x6a, 0x84, 0x4f, 0xea, 0x77, 0x14,
1154 0x32, 0xf9, 0xed, 0xc2, 0x12, 0xd6, 0xc5, 0xc6, 0xb3, 0xe5, 0xf2, 0x6e,
1155 0xf6, 0x16, 0x7f, 0x37, 0xde, 0xbc, 0x09, 0xc7, 0x06, 0x6b, 0x12, 0xbc,
1156 0xad, 0x2d, 0x49, 0x25, 0xd5, 0xdc, 0xf4, 0x18, 0x14, 0xd2, 0xf0, 0xf1,
1157 0x1d, 0x1f, 0x3a, 0xaa, 0x15, 0x55, 0xbb, 0x0d, 0x7f, 0xbe, 0x67, 0xa1,
1158 0xa7, 0xf0, 0xaa, 0xb3, 0xfb, 0x41, 0x82, 0x39, 0x49, 0x93, 0xbc, 0xa8,
1159 0xee, 0x72, 0x13, 0x45, 0x65, 0x15, 0x42, 0x17, 0xaa, 0xd8, 0xab, 0xcf,
1160 0x33, 0x42, 0x83, 0x42
1162 static const char group_name[] = "ffdhe2048";
1163 static const long priv_len = 224;
1166 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
1167 || !TEST_ptr(pub = BN_bin2bn(pub_data, sizeof(pub_data), NULL))
1168 || !TEST_ptr(priv = BN_bin2bn(priv_data, sizeof(priv_data), NULL))
1169 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
1170 OSSL_PKEY_PARAM_GROUP_NAME,
1172 || !TEST_true(OSSL_PARAM_BLD_push_long(bld, OSSL_PKEY_PARAM_DH_PRIV_LEN,
1174 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY, pub))
1175 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY, priv))
1176 || !TEST_ptr(fromdata_params = OSSL_PARAM_BLD_to_param(bld)))
1179 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(NULL, "DH", NULL)))
1182 if (!TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1)
1183 || !TEST_int_eq(EVP_PKEY_fromdata(ctx, &pk, EVP_PKEY_KEYPAIR,
1184 fromdata_params), 1))
1189 if (!TEST_int_eq(EVP_PKEY_get_bits(pk), 2048)
1190 || !TEST_int_eq(EVP_PKEY_get_security_bits(pk), 112)
1191 || !TEST_int_eq(EVP_PKEY_get_size(pk), 256)
1192 || !TEST_false(EVP_PKEY_missing_parameters(pk)))
1195 if (!TEST_true(EVP_PKEY_get_utf8_string_param(pk,
1196 OSSL_PKEY_PARAM_GROUP_NAME,
1200 || !TEST_str_eq(name_out, group_name)
1201 || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_PUB_KEY,
1203 || !TEST_BN_eq(pub, pub_out)
1204 || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_PRIV_KEY,
1206 || !TEST_BN_eq(priv, priv_out)
1207 || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_FFC_P, &p))
1208 || !TEST_BN_eq(&ossl_bignum_ffdhe2048_p, p)
1209 || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_FFC_Q, &q))
1211 || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_FFC_G, &g))
1212 || !TEST_BN_eq(&ossl_bignum_const_2, g)
1213 || !TEST_false(EVP_PKEY_get_bn_param(pk,
1214 OSSL_PKEY_PARAM_FFC_COFACTOR,
1216 || !TEST_ptr_null(j)
1217 || !TEST_false(EVP_PKEY_get_octet_string_param(pk,
1218 OSSL_PKEY_PARAM_FFC_SEED,
1222 || !TEST_true(EVP_PKEY_get_int_param(pk,
1223 OSSL_PKEY_PARAM_FFC_GINDEX,
1225 || !TEST_int_eq(gindex, -1)
1226 || !TEST_true(EVP_PKEY_get_int_param(pk, OSSL_PKEY_PARAM_FFC_H,
1228 || !TEST_int_eq(hindex, 0)
1229 || !TEST_true(EVP_PKEY_get_int_param(pk,
1230 OSSL_PKEY_PARAM_FFC_PCOUNTER,
1232 || !TEST_int_eq(pcounter, -1))
1247 if (!TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(NULL, pk, "")))
1250 if (!TEST_int_gt(EVP_PKEY_check(key_ctx), 0)
1251 || !TEST_int_gt(EVP_PKEY_public_check(key_ctx), 0)
1252 || !TEST_int_gt(EVP_PKEY_private_check(key_ctx), 0)
1253 || !TEST_int_gt(EVP_PKEY_pairwise_check(key_ctx), 0))
1255 EVP_PKEY_CTX_free(key_ctx);
1258 ret = test_print_key_using_pem("DH", pk)
1259 && test_print_key_using_encoder("DH", pk);
1261 if (!ret || dup_pk != NULL)
1264 if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pk)))
1266 ret = ret && TEST_int_eq(EVP_PKEY_eq(pk, dup_pk), 1);
1282 EVP_PKEY_CTX_free(ctx);
1283 EVP_PKEY_CTX_free(key_ctx);
1284 OSSL_PARAM_free(fromdata_params);
1285 OSSL_PARAM_BLD_free(bld);
1294 #ifndef OPENSSL_NO_EC
1295 # ifndef OPENSSL_NO_ECX
1296 /* Array indexes used in test_fromdata_ecx */
1300 # define X25519_IDX 0
1302 # define ED25519_IDX 2
1303 # define ED448_IDX 3
1306 * tst uses indexes 0 ... (3 * 4 - 1)
1307 * For the 4 ECX key types (X25519_IDX..ED448_IDX)
1308 * 0..3 = public + private key.
1309 * 4..7 = private key (This will generate the public key from the private key)
1310 * 8..11 = public key
1312 static int test_fromdata_ecx(int tst)
1315 EVP_PKEY_CTX *ctx = NULL, *ctx2 = NULL;
1316 EVP_PKEY *pk = NULL, *copy_pk = NULL, *dup_pk = NULL;
1317 const char *alg = NULL;
1319 unsigned char out_pub[ED448_KEYLEN];
1320 unsigned char out_priv[ED448_KEYLEN];
1321 OSSL_PARAM params[3] = { OSSL_PARAM_END, OSSL_PARAM_END, OSSL_PARAM_END };
1323 /* ED448_KEYLEN > X448_KEYLEN > X25519_KEYLEN == ED25519_KEYLEN */
1324 static unsigned char key_numbers[4][2][ED448_KEYLEN] = {
1325 /* X25519: Keys from RFC 7748 6.1 */
1329 0x77, 0x07, 0x6d, 0x0a, 0x73, 0x18, 0xa5, 0x7d, 0x3c, 0x16,
1330 0xc1, 0x72, 0x51, 0xb2, 0x66, 0x45, 0xdf, 0x4c, 0x2f, 0x87,
1331 0xeb, 0xc0, 0x99, 0x2a, 0xb1, 0x77, 0xfb, 0xa5, 0x1d, 0xb9,
1336 0x85, 0x20, 0xf0, 0x09, 0x89, 0x30, 0xa7, 0x54, 0x74, 0x8b,
1337 0x7d, 0xdc, 0xb4, 0x3e, 0xf7, 0x5a, 0x0d, 0xbf, 0x3a, 0x0d,
1338 0x26, 0x38, 0x1a, 0xf4, 0xeb, 0xa4, 0xa9, 0x8e, 0xaa, 0x9b,
1342 /* X448: Keys from RFC 7748 6.2 */
1346 0x9a, 0x8f, 0x49, 0x25, 0xd1, 0x51, 0x9f, 0x57, 0x75, 0xcf,
1347 0x46, 0xb0, 0x4b, 0x58, 0x00, 0xd4, 0xee, 0x9e, 0xe8, 0xba,
1348 0xe8, 0xbc, 0x55, 0x65, 0xd4, 0x98, 0xc2, 0x8d, 0xd9, 0xc9,
1349 0xba, 0xf5, 0x74, 0xa9, 0x41, 0x97, 0x44, 0x89, 0x73, 0x91,
1350 0x00, 0x63, 0x82, 0xa6, 0xf1, 0x27, 0xab, 0x1d, 0x9a, 0xc2,
1351 0xd8, 0xc0, 0xa5, 0x98, 0x72, 0x6b
1355 0x9b, 0x08, 0xf7, 0xcc, 0x31, 0xb7, 0xe3, 0xe6, 0x7d, 0x22,
1356 0xd5, 0xae, 0xa1, 0x21, 0x07, 0x4a, 0x27, 0x3b, 0xd2, 0xb8,
1357 0x3d, 0xe0, 0x9c, 0x63, 0xfa, 0xa7, 0x3d, 0x2c, 0x22, 0xc5,
1358 0xd9, 0xbb, 0xc8, 0x36, 0x64, 0x72, 0x41, 0xd9, 0x53, 0xd4,
1359 0x0c, 0x5b, 0x12, 0xda, 0x88, 0x12, 0x0d, 0x53, 0x17, 0x7f,
1360 0x80, 0xe5, 0x32, 0xc4, 0x1f, 0xa0
1363 /* ED25519: Keys from RFC 8032 */
1367 0x9d, 0x61, 0xb1, 0x9d, 0xef, 0xfd, 0x5a, 0x60, 0xba, 0x84,
1368 0x4a, 0xf4, 0x92, 0xec, 0x2c, 0xc4, 0x44, 0x49, 0xc5, 0x69,
1369 0x7b, 0x32, 0x69, 0x19, 0x70, 0x3b, 0xac, 0x03, 0x1c, 0xae,
1374 0xd7, 0x5a, 0x98, 0x01, 0x82, 0xb1, 0x0a, 0xb7, 0xd5, 0x4b,
1375 0xfe, 0xd3, 0xc9, 0x64, 0x07, 0x3a, 0x0e, 0xe1, 0x72, 0xf3,
1376 0xda, 0xa6, 0x23, 0x25, 0xaf, 0x02, 0x1a, 0x68, 0xf7, 0x07,
1380 /* ED448: Keys from RFC 8032 */
1384 0x6c, 0x82, 0xa5, 0x62, 0xcb, 0x80, 0x8d, 0x10, 0xd6, 0x32,
1385 0xbe, 0x89, 0xc8, 0x51, 0x3e, 0xbf, 0x6c, 0x92, 0x9f, 0x34,
1386 0xdd, 0xfa, 0x8c, 0x9f, 0x63, 0xc9, 0x96, 0x0e, 0xf6, 0xe3,
1387 0x48, 0xa3, 0x52, 0x8c, 0x8a, 0x3f, 0xcc, 0x2f, 0x04, 0x4e,
1388 0x39, 0xa3, 0xfc, 0x5b, 0x94, 0x49, 0x2f, 0x8f, 0x03, 0x2e,
1389 0x75, 0x49, 0xa2, 0x00, 0x98, 0xf9, 0x5b
1393 0x5f, 0xd7, 0x44, 0x9b, 0x59, 0xb4, 0x61, 0xfd, 0x2c, 0xe7,
1394 0x87, 0xec, 0x61, 0x6a, 0xd4, 0x6a, 0x1d, 0xa1, 0x34, 0x24,
1395 0x85, 0xa7, 0x0e, 0x1f, 0x8a, 0x0e, 0xa7, 0x5d, 0x80, 0xe9,
1396 0x67, 0x78, 0xed, 0xf1, 0x24, 0x76, 0x9b, 0x46, 0xc7, 0x06,
1397 0x1b, 0xd6, 0x78, 0x3d, 0xf1, 0xe5, 0x0f, 0x6c, 0xd1, 0xfa,
1398 0x1a, 0xbe, 0xaf, 0xe8, 0x25, 0x61, 0x80
1402 OSSL_PARAM x25519_fromdata_params[] = {
1403 OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PRIV_KEY,
1404 key_numbers[X25519_IDX][PRIV_KEY],
1406 OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PUB_KEY,
1407 key_numbers[X25519_IDX][PUB_KEY],
1411 OSSL_PARAM x448_fromdata_params[] = {
1412 OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PRIV_KEY,
1413 key_numbers[X448_IDX][PRIV_KEY],
1415 OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PUB_KEY,
1416 key_numbers[X448_IDX][PUB_KEY],
1420 OSSL_PARAM ed25519_fromdata_params[] = {
1421 OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PRIV_KEY,
1422 key_numbers[ED25519_IDX][PRIV_KEY],
1424 OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PUB_KEY,
1425 key_numbers[ED25519_IDX][PUB_KEY],
1429 OSSL_PARAM ed448_fromdata_params[] = {
1430 OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PRIV_KEY,
1431 key_numbers[ED448_IDX][PRIV_KEY],
1433 OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PUB_KEY,
1434 key_numbers[ED448_IDX][PUB_KEY],
1438 OSSL_PARAM *fromdata_params = NULL;
1439 int bits = 0, security_bits = 0, size = 0;
1440 OSSL_PARAM *orig_fromdata_params = NULL;
1444 fromdata_params = x25519_fromdata_params;
1446 security_bits = X25519_SECURITY_BITS;
1447 size = X25519_KEYLEN;
1452 fromdata_params = x448_fromdata_params;
1454 security_bits = X448_SECURITY_BITS;
1460 fromdata_params = ed25519_fromdata_params;
1461 bits = ED25519_BITS;
1462 security_bits = ED25519_SECURITY_BITS;
1463 size = ED25519_SIGSIZE;
1468 fromdata_params = ed448_fromdata_params;
1470 security_bits = ED448_SECURITY_BITS;
1471 size = ED448_SIGSIZE;
1478 ctx = EVP_PKEY_CTX_new_from_name(NULL, alg, NULL);
1482 orig_fromdata_params = fromdata_params;
1484 /* public key only */
1486 } else if (tst > 3) {
1487 /* private key only */
1488 params[0] = fromdata_params[0];
1489 params[1] = fromdata_params[2];
1490 fromdata_params = params;
1493 if (!TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1)
1494 || !TEST_int_eq(EVP_PKEY_fromdata(ctx, &pk, EVP_PKEY_KEYPAIR,
1495 fromdata_params), 1))
1500 if (!TEST_int_eq(EVP_PKEY_get_bits(pk), bits)
1501 || !TEST_int_eq(EVP_PKEY_get_security_bits(pk), security_bits)
1502 || !TEST_int_eq(EVP_PKEY_get_size(pk), size)
1503 || !TEST_false(EVP_PKEY_missing_parameters(pk)))
1506 if (!TEST_ptr(ctx2 = EVP_PKEY_CTX_new_from_pkey(NULL, pk, NULL)))
1509 if (!TEST_int_gt(EVP_PKEY_check(ctx2), 0))
1511 if (!TEST_true(EVP_PKEY_get_octet_string_param(
1512 pk, orig_fromdata_params[PRIV_KEY].key,
1513 out_priv, sizeof(out_priv), &len))
1514 || !TEST_mem_eq(out_priv, len,
1515 orig_fromdata_params[PRIV_KEY].data,
1516 orig_fromdata_params[PRIV_KEY].data_size)
1517 || !TEST_true(EVP_PKEY_get_octet_string_param(
1518 pk, orig_fromdata_params[PUB_KEY].key,
1519 out_pub, sizeof(out_pub), &len))
1520 || !TEST_mem_eq(out_pub, len,
1521 orig_fromdata_params[PUB_KEY].data,
1522 orig_fromdata_params[PUB_KEY].data_size))
1525 /* The private key check should fail if there is only a public key */
1526 if (!TEST_int_gt(EVP_PKEY_public_check(ctx2), 0)
1527 || !TEST_int_le(EVP_PKEY_private_check(ctx2), 0)
1528 || !TEST_int_le(EVP_PKEY_check(ctx2), 0))
1531 EVP_PKEY_CTX_free(ctx2);
1534 if (!TEST_ptr(copy_pk = EVP_PKEY_new())
1535 /* This should succeed because there are no parameters to copy */
1536 || !TEST_true(EVP_PKEY_copy_parameters(copy_pk, pk)))
1538 if (!TEST_ptr(ctx2 = EVP_PKEY_CTX_new_from_pkey(NULL, copy_pk, NULL))
1539 /* This should fail because copy_pk has no pubkey */
1540 || !TEST_int_le(EVP_PKEY_public_check(ctx2), 0))
1542 EVP_PKEY_CTX_free(ctx2);
1544 EVP_PKEY_free(copy_pk);
1548 ret = test_print_key_using_encoder_public(alg, pk);
1550 ret = test_print_key_using_pem(alg, pk)
1551 && test_print_key_using_encoder(alg, pk);
1553 if (!ret || dup_pk != NULL)
1556 if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pk)))
1558 ret = ret && TEST_int_eq(EVP_PKEY_eq(pk, dup_pk), 1);
1567 EVP_PKEY_free(copy_pk);
1568 EVP_PKEY_CTX_free(ctx);
1569 EVP_PKEY_CTX_free(ctx2);
1573 # endif /* OPENSSL_NO_ECX */
1575 static int test_fromdata_ec(void)
1578 EVP_PKEY_CTX *ctx = NULL;
1579 EVP_PKEY *pk = NULL, *copy_pk = NULL, *dup_pk = NULL;
1580 OSSL_PARAM_BLD *bld = NULL;
1581 BIGNUM *ec_priv_bn = NULL;
1582 BIGNUM *bn_priv = NULL;
1583 OSSL_PARAM *fromdata_params = NULL;
1584 const char *alg = "EC";
1585 const char *curve = "prime256v1";
1586 const char bad_curve[] = "nonexistent-curve";
1587 OSSL_PARAM nokey_params[2] = {
1591 /* UNCOMPRESSED FORMAT */
1592 static const unsigned char ec_pub_keydata[] = {
1593 POINT_CONVERSION_UNCOMPRESSED,
1594 0x1b, 0x93, 0x67, 0x55, 0x1c, 0x55, 0x9f, 0x63,
1595 0xd1, 0x22, 0xa4, 0xd8, 0xd1, 0x0a, 0x60, 0x6d,
1596 0x02, 0xa5, 0x77, 0x57, 0xc8, 0xa3, 0x47, 0x73,
1597 0x3a, 0x6a, 0x08, 0x28, 0x39, 0xbd, 0xc9, 0xd2,
1598 0x80, 0xec, 0xe9, 0xa7, 0x08, 0x29, 0x71, 0x2f,
1599 0xc9, 0x56, 0x82, 0xee, 0x9a, 0x85, 0x0f, 0x6d,
1600 0x7f, 0x59, 0x5f, 0x8c, 0xd1, 0x96, 0x0b, 0xdf,
1601 0x29, 0x3e, 0x49, 0x07, 0x88, 0x3f, 0x9a, 0x29
1603 /* SAME BUT COMPRESSED FORMAT */
1604 static const unsigned char ec_pub_keydata_compressed[] = {
1605 POINT_CONVERSION_COMPRESSED+1,
1606 0x1b, 0x93, 0x67, 0x55, 0x1c, 0x55, 0x9f, 0x63,
1607 0xd1, 0x22, 0xa4, 0xd8, 0xd1, 0x0a, 0x60, 0x6d,
1608 0x02, 0xa5, 0x77, 0x57, 0xc8, 0xa3, 0x47, 0x73,
1609 0x3a, 0x6a, 0x08, 0x28, 0x39, 0xbd, 0xc9, 0xd2
1611 static const unsigned char ec_priv_keydata[] = {
1612 0x33, 0xd0, 0x43, 0x83, 0xa9, 0x89, 0x56, 0x03,
1613 0xd2, 0xd7, 0xfe, 0x6b, 0x01, 0x6f, 0xe4, 0x59,
1614 0xcc, 0x0d, 0x9a, 0x24, 0x6c, 0x86, 0x1b, 0x2e,
1615 0xdc, 0x4b, 0x4d, 0x35, 0x43, 0xe1, 0x1b, 0xad
1617 unsigned char out_pub[sizeof(ec_pub_keydata)];
1618 char out_curve_name[80];
1619 const OSSL_PARAM *gettable = NULL;
1621 EC_GROUP *group = NULL;
1622 BIGNUM *group_a = NULL;
1623 BIGNUM *group_b = NULL;
1624 BIGNUM *group_p = NULL;
1630 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new()))
1632 if (!TEST_ptr(ec_priv_bn = BN_bin2bn(ec_priv_keydata,
1633 sizeof(ec_priv_keydata), NULL)))
1636 if (OSSL_PARAM_BLD_push_utf8_string(bld, OSSL_PKEY_PARAM_GROUP_NAME,
1640 * We intentionally provide the input point in compressed format,
1641 * and avoid setting `OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT`.
1643 * Later on we check what format is used when exporting the
1644 * `OSSL_PKEY_PARAM_PUB_KEY` and expect to default to uncompressed
1647 if (OSSL_PARAM_BLD_push_octet_string(bld, OSSL_PKEY_PARAM_PUB_KEY,
1648 ec_pub_keydata_compressed,
1649 sizeof(ec_pub_keydata_compressed)) <= 0)
1651 if (OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY, ec_priv_bn) <= 0)
1653 if (!TEST_ptr(fromdata_params = OSSL_PARAM_BLD_to_param(bld)))
1655 ctx = EVP_PKEY_CTX_new_from_name(NULL, alg, NULL);
1659 /* try importing parameters with bad curve first */
1661 OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME,
1662 (char *)bad_curve, sizeof(bad_curve));
1663 if (!TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1)
1664 || !TEST_int_eq(EVP_PKEY_fromdata(ctx, &pk, EVP_PKEY_KEY_PARAMETERS,
1666 || !TEST_ptr_null(pk))
1669 if (!TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1)
1670 || !TEST_int_eq(EVP_PKEY_fromdata(ctx, &pk, EVP_PKEY_KEYPAIR,
1671 fromdata_params), 1))
1676 if (!TEST_int_eq(EVP_PKEY_get_bits(pk), 256)
1677 || !TEST_int_eq(EVP_PKEY_get_security_bits(pk), 128)
1678 || !TEST_int_eq(EVP_PKEY_get_size(pk), 2 + 35 * 2)
1679 || !TEST_false(EVP_PKEY_missing_parameters(pk)))
1682 if (!TEST_ptr(copy_pk = EVP_PKEY_new())
1683 || !TEST_true(EVP_PKEY_copy_parameters(copy_pk, pk)))
1685 EVP_PKEY_free(copy_pk);
1688 if (!TEST_ptr(gettable = EVP_PKEY_gettable_params(pk))
1689 || !TEST_ptr(OSSL_PARAM_locate_const(gettable,
1690 OSSL_PKEY_PARAM_GROUP_NAME))
1691 || !TEST_ptr(OSSL_PARAM_locate_const(gettable,
1692 OSSL_PKEY_PARAM_PUB_KEY))
1693 || !TEST_ptr(OSSL_PARAM_locate_const(gettable,
1694 OSSL_PKEY_PARAM_PRIV_KEY)))
1697 if (!TEST_ptr(group = EC_GROUP_new_by_curve_name(OBJ_sn2nid(curve)))
1698 || !TEST_ptr(group_p = BN_new())
1699 || !TEST_ptr(group_a = BN_new())
1700 || !TEST_ptr(group_b = BN_new())
1701 || !TEST_true(EC_GROUP_get_curve(group, group_p, group_a, group_b, NULL)))
1704 if (!TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_EC_A, &a))
1705 || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_EC_B, &b))
1706 || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_EC_P, &p)))
1709 if (!TEST_BN_eq(group_p, p) || !TEST_BN_eq(group_a, a)
1710 || !TEST_BN_eq(group_b, b))
1713 EC_GROUP_free(group);
1722 if (!EVP_PKEY_get_utf8_string_param(pk, OSSL_PKEY_PARAM_GROUP_NAME,
1724 sizeof(out_curve_name),
1726 || !TEST_str_eq(out_curve_name, curve)
1727 || !EVP_PKEY_get_octet_string_param(pk, OSSL_PKEY_PARAM_PUB_KEY,
1728 out_pub, sizeof(out_pub), &len)
1731 * Our providers use uncompressed format by default if
1732 * `OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT` was not
1733 * explicitly set, irrespective of the format used for the
1734 * input point given as a param to create this key.
1736 || !TEST_true(out_pub[0] == POINT_CONVERSION_UNCOMPRESSED)
1737 || !TEST_mem_eq(out_pub + 1, len - 1,
1738 ec_pub_keydata + 1, sizeof(ec_pub_keydata) - 1)
1740 || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_PRIV_KEY,
1742 || !TEST_BN_eq(ec_priv_bn, bn_priv))
1747 ret = test_print_key_using_pem(alg, pk)
1748 && test_print_key_using_encoder(alg, pk);
1750 if (!ret || dup_pk != NULL)
1753 if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pk)))
1755 ret = ret && TEST_int_eq(EVP_PKEY_eq(pk, dup_pk), 1);
1763 EC_GROUP_free(group);
1771 BN_free(ec_priv_bn);
1772 OSSL_PARAM_free(fromdata_params);
1773 OSSL_PARAM_BLD_free(bld);
1775 EVP_PKEY_free(copy_pk);
1776 EVP_PKEY_CTX_free(ctx);
1780 static int test_ec_dup_no_operation(void)
1783 EVP_PKEY_CTX *pctx = NULL, *ctx = NULL, *kctx = NULL;
1784 EVP_PKEY *param = NULL, *pkey = NULL;
1786 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL))
1787 || !TEST_int_gt(EVP_PKEY_paramgen_init(pctx), 0)
1788 || !TEST_int_gt(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx,
1789 NID_X9_62_prime256v1), 0)
1790 || !TEST_int_gt(EVP_PKEY_paramgen(pctx, ¶m), 0)
1791 || !TEST_ptr(param))
1794 EVP_PKEY_CTX_free(pctx);
1797 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(NULL, param, NULL))
1798 || !TEST_ptr(kctx = EVP_PKEY_CTX_dup(ctx))
1799 || !TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0)
1800 || !TEST_int_gt(EVP_PKEY_keygen(kctx, &pkey), 0))
1804 EVP_PKEY_free(pkey);
1805 EVP_PKEY_free(param);
1806 EVP_PKEY_CTX_free(ctx);
1807 EVP_PKEY_CTX_free(kctx);
1808 EVP_PKEY_CTX_free(pctx);
1812 /* Test that keygen doesn't support EVP_PKEY_CTX_dup */
1813 static int test_ec_dup_keygen_operation(void)
1816 EVP_PKEY_CTX *pctx = NULL, *ctx = NULL, *kctx = NULL;
1817 EVP_PKEY *param = NULL, *pkey = NULL;
1819 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL))
1820 || !TEST_int_gt(EVP_PKEY_paramgen_init(pctx), 0)
1821 || !TEST_int_gt(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx,
1822 NID_X9_62_prime256v1), 0)
1823 || !TEST_int_gt(EVP_PKEY_paramgen(pctx, ¶m), 0)
1824 || !TEST_ptr(param))
1827 EVP_PKEY_CTX_free(pctx);
1830 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(NULL, param, NULL))
1831 || !TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
1832 || !TEST_ptr_null(kctx = EVP_PKEY_CTX_dup(ctx)))
1836 EVP_PKEY_free(pkey);
1837 EVP_PKEY_free(param);
1838 EVP_PKEY_CTX_free(ctx);
1839 EVP_PKEY_CTX_free(kctx);
1840 EVP_PKEY_CTX_free(pctx);
1844 #endif /* OPENSSL_NO_EC */
1846 #ifndef OPENSSL_NO_DSA
1847 static int test_fromdata_dsa_fips186_4(void)
1850 EVP_PKEY_CTX *ctx = NULL, *key_ctx = NULL;
1851 EVP_PKEY *pk = NULL, *copy_pk = NULL, *dup_pk = NULL;
1852 BIGNUM *pub = NULL, *priv = NULL;
1853 BIGNUM *p = NULL, *q = NULL, *g = NULL;
1854 BIGNUM *pub_out = NULL, *priv_out = NULL;
1855 BIGNUM *p_out = NULL, *q_out = NULL, *g_out = NULL, *j_out = NULL;
1856 int gindex_out = 0, pcounter_out = 0, hindex_out = 0;
1858 unsigned char seed_out[32];
1860 OSSL_PARAM_BLD *bld = NULL;
1861 OSSL_PARAM *fromdata_params = NULL;
1864 * DSA parameter data was generated using the following:
1865 * openssl genpkey -genparam -algorithm DSA -pkeyopt pbits:2048 \
1866 * -pkeyopt qbits:256 -pkeyopt type:0 \
1867 * -pkeyopt gindex:1 -out dsa_params.pem -text
1869 static const unsigned char p_data[] = {
1870 0x00, 0xa0, 0xb7, 0x02, 0xc4, 0xac, 0xa6, 0x42, 0xab, 0xf2, 0x34, 0x0b,
1871 0x22, 0x47, 0x1f, 0x33, 0xcf, 0xd5, 0x04, 0xe4, 0x3e, 0xec, 0xa1, 0x21,
1872 0xc8, 0x41, 0x2b, 0xef, 0xb8, 0x1f, 0x0b, 0x5b, 0x88, 0x8b, 0x67, 0xf8,
1873 0x68, 0x6d, 0x7c, 0x4d, 0x96, 0x5f, 0x3c, 0x66, 0xef, 0x58, 0x34, 0xd7,
1874 0xf6, 0xa2, 0x1b, 0xad, 0xc8, 0x12, 0x52, 0xb8, 0xe8, 0x2a, 0x63, 0xcc,
1875 0xea, 0xe7, 0x4e, 0xc8, 0x34, 0x4c, 0x58, 0x59, 0x0a, 0xc2, 0x4a, 0xe4,
1876 0xb4, 0x64, 0x20, 0xf4, 0xf6, 0x0a, 0xcf, 0x86, 0x01, 0x6c, 0x7f, 0x23,
1877 0x4a, 0x51, 0x07, 0x99, 0x42, 0x28, 0x7a, 0xff, 0x18, 0x67, 0x52, 0x64,
1878 0xf2, 0x9a, 0x62, 0x30, 0xc3, 0x00, 0xde, 0x23, 0xe9, 0x11, 0x95, 0x7e,
1879 0xd1, 0x3d, 0x8d, 0xb4, 0x0e, 0x9f, 0x9e, 0xb1, 0x30, 0x03, 0xf0, 0x73,
1880 0xa8, 0x40, 0x48, 0x42, 0x7b, 0x60, 0xa0, 0xc4, 0xf2, 0x3b, 0x2d, 0x0a,
1881 0x0c, 0xb8, 0x19, 0xfb, 0xb4, 0xf8, 0xe0, 0x2a, 0xc7, 0xf1, 0xc0, 0xc6,
1882 0x86, 0x14, 0x60, 0x12, 0x0f, 0xc0, 0xde, 0x4a, 0x67, 0xec, 0xc7, 0xde,
1883 0x76, 0x21, 0x1a, 0x55, 0x7f, 0x86, 0xc3, 0x97, 0x98, 0xce, 0xf5, 0xcd,
1884 0xf0, 0xe7, 0x12, 0xd6, 0x93, 0xee, 0x1b, 0x9b, 0x61, 0xef, 0x05, 0x8c,
1885 0x45, 0x46, 0xd9, 0x64, 0x6f, 0xbe, 0x27, 0xaa, 0x67, 0x01, 0xcc, 0x71,
1886 0xb1, 0x60, 0xce, 0x21, 0xd8, 0x51, 0x17, 0x27, 0x0d, 0x90, 0x3d, 0x18,
1887 0x7c, 0x87, 0x15, 0x8e, 0x48, 0x4c, 0x6c, 0xc5, 0x72, 0xeb, 0xb7, 0x56,
1888 0xf5, 0x6b, 0x60, 0x8f, 0xc2, 0xfd, 0x3f, 0x46, 0x5c, 0x00, 0x91, 0x85,
1889 0x79, 0x45, 0x5b, 0x1c, 0x82, 0xc4, 0x87, 0x50, 0x79, 0xba, 0xcc, 0x1c,
1890 0x32, 0x7e, 0x2e, 0xb8, 0x2e, 0xc5, 0x4e, 0xd1, 0x9b, 0xdb, 0x66, 0x79,
1891 0x7c, 0xfe, 0xaf, 0x6a, 0x05
1893 static const unsigned char q_data[] = {
1894 0xa8, 0xcd, 0xf4, 0x33, 0x7b, 0x13, 0x0a, 0x24, 0xc1, 0xde, 0x4a, 0x04,
1895 0x7b, 0x4b, 0x71, 0x51, 0x32, 0xe9, 0x47, 0x74, 0xbd, 0x0c, 0x21, 0x40,
1896 0x84, 0x12, 0x0a, 0x17, 0x73, 0xdb, 0x29, 0xc7
1898 static const unsigned char g_data[] = {
1899 0x6c, 0xc6, 0xa4, 0x3e, 0x61, 0x84, 0xc1, 0xff, 0x6f, 0x4a, 0x1a, 0x6b,
1900 0xb0, 0x24, 0x4b, 0xd2, 0x92, 0x5b, 0x29, 0x5c, 0x61, 0xb8, 0xc9, 0x2b,
1901 0xd6, 0xf7, 0x59, 0xfd, 0xd8, 0x70, 0x66, 0x77, 0xfc, 0xc1, 0xa4, 0xd4,
1902 0xb0, 0x1e, 0xd5, 0xbf, 0x59, 0x98, 0xb3, 0x66, 0x8b, 0xf4, 0x2e, 0xe6,
1903 0x12, 0x3e, 0xcc, 0xf8, 0x02, 0xb8, 0xc6, 0xc3, 0x47, 0xd2, 0xf5, 0xaa,
1904 0x0c, 0x5f, 0x51, 0xf5, 0xd0, 0x4c, 0x55, 0x3d, 0x07, 0x73, 0xa6, 0x57,
1905 0xce, 0x5a, 0xad, 0x42, 0x0c, 0x13, 0x0f, 0xe2, 0x31, 0x25, 0x8e, 0x72,
1906 0x12, 0x73, 0x10, 0xdb, 0x7f, 0x79, 0xeb, 0x59, 0xfc, 0xfe, 0xf7, 0x0c,
1907 0x1a, 0x81, 0x53, 0x96, 0x22, 0xb8, 0xe7, 0x58, 0xd8, 0x67, 0x80, 0x60,
1908 0xad, 0x8b, 0x55, 0x1c, 0x91, 0xf0, 0x72, 0x9a, 0x7e, 0xad, 0x37, 0xf1,
1909 0x77, 0x18, 0x96, 0x8a, 0x68, 0x70, 0xfc, 0x71, 0xa9, 0xa2, 0xe8, 0x35,
1910 0x27, 0x78, 0xf2, 0xef, 0x59, 0x36, 0x6d, 0x7c, 0xb6, 0x98, 0xd8, 0x1e,
1911 0xfa, 0x25, 0x73, 0x97, 0x45, 0x58, 0xe3, 0xae, 0xbd, 0x52, 0x54, 0x05,
1912 0xd8, 0x26, 0x26, 0xba, 0xba, 0x05, 0xb5, 0xe9, 0xe5, 0x76, 0xae, 0x25,
1913 0xdd, 0xfc, 0x10, 0x89, 0x5a, 0xa9, 0xee, 0x59, 0xc5, 0x79, 0x8b, 0xeb,
1914 0x1e, 0x2c, 0x61, 0xab, 0x0d, 0xd1, 0x10, 0x04, 0x91, 0x32, 0x77, 0x4a,
1915 0xa6, 0x64, 0x53, 0xda, 0x4c, 0xd7, 0x3a, 0x29, 0xd4, 0xf3, 0x82, 0x25,
1916 0x1d, 0x6f, 0x4a, 0x7f, 0xd3, 0x08, 0x3b, 0x42, 0x30, 0x10, 0xd8, 0xd0,
1917 0x97, 0x3a, 0xeb, 0x92, 0x63, 0xec, 0x93, 0x2b, 0x6f, 0x32, 0xd8, 0xcd,
1918 0x80, 0xd3, 0xc0, 0x4c, 0x03, 0xd5, 0xca, 0xbc, 0x8f, 0xc7, 0x43, 0x53,
1919 0x64, 0x66, 0x1c, 0x82, 0x2d, 0xfb, 0xff, 0x39, 0xba, 0xd6, 0x42, 0x62,
1920 0x02, 0x6f, 0x96, 0x36
1922 static const unsigned char seed_data[] = {
1923 0x64, 0x46, 0x07, 0x32, 0x8d, 0x70, 0x9c, 0xb3, 0x8a, 0x35, 0xde, 0x62,
1924 0x00, 0xf2, 0x6d, 0x52, 0x37, 0x4d, 0xb3, 0x84, 0xe1, 0x9d, 0x41, 0x04,
1925 0xda, 0x7b, 0xdc, 0x0d, 0x8b, 0x5e, 0xe0, 0x84
1927 const int gindex = 1;
1928 const int pcounter = 53;
1930 * The keypair was generated using
1931 * openssl genpkey -paramfile dsa_params.pem --pkeyopt pcounter:53 \
1932 * -pkeyopt gindex:1 \
1933 * -pkeyopt hexseed:644607328d709cb38a35de6200f26d -text
1935 static const unsigned char priv_data[] = {
1936 0x00, 0x8f, 0xc5, 0x9e, 0xd0, 0xf7, 0x2a, 0x0b, 0x66, 0xf1, 0x32, 0x73,
1937 0xae, 0xf6, 0xd9, 0xd4, 0xdb, 0x2d, 0x96, 0x55, 0x89, 0xff, 0xef, 0xa8,
1938 0x5f, 0x47, 0x8f, 0xca, 0x02, 0x8a, 0xe1, 0x35, 0x90
1940 static const unsigned char pub_data[] = {
1941 0x44, 0x19, 0xc9, 0x46, 0x45, 0x57, 0xc1, 0xa9, 0xd8, 0x30, 0x99, 0x29,
1942 0x6a, 0x4b, 0x63, 0x71, 0x69, 0x96, 0x35, 0x17, 0xb2, 0x62, 0x9b, 0x80,
1943 0x0a, 0x95, 0x9d, 0x6a, 0xc0, 0x32, 0x0d, 0x07, 0x5f, 0x19, 0x44, 0x02,
1944 0xf1, 0xbd, 0xce, 0xdf, 0x10, 0xf8, 0x02, 0x5d, 0x7d, 0x98, 0x8a, 0x73,
1945 0x89, 0x00, 0xb6, 0x24, 0xd6, 0x33, 0xe7, 0xcf, 0x8b, 0x49, 0x2a, 0xaf,
1946 0x13, 0x1c, 0xb2, 0x52, 0x15, 0xfd, 0x9b, 0xd5, 0x40, 0x4a, 0x1a, 0xda,
1947 0x29, 0x4c, 0x92, 0x7e, 0x66, 0x06, 0xdb, 0x61, 0x86, 0xac, 0xb5, 0xda,
1948 0x3c, 0x7d, 0x73, 0x7e, 0x54, 0x32, 0x68, 0xa5, 0x02, 0xbc, 0x59, 0x47,
1949 0x84, 0xd3, 0x87, 0x71, 0x5f, 0xeb, 0x43, 0x45, 0x24, 0xd3, 0xec, 0x08,
1950 0x52, 0xc2, 0x89, 0x2d, 0x9c, 0x1a, 0xcc, 0x91, 0x65, 0x5d, 0xa3, 0xa1,
1951 0x35, 0x31, 0x10, 0x1c, 0x3a, 0xa8, 0x4d, 0x18, 0xd5, 0x06, 0xaf, 0xb2,
1952 0xec, 0x5c, 0x89, 0x9e, 0x90, 0x86, 0x10, 0x01, 0xeb, 0x51, 0xd5, 0x1b,
1953 0x9c, 0xcb, 0x66, 0x07, 0x3f, 0xc4, 0x6e, 0x0a, 0x1b, 0x73, 0xa0, 0x4b,
1954 0x5f, 0x4d, 0xab, 0x35, 0x28, 0xfa, 0xda, 0x3a, 0x0c, 0x08, 0xe8, 0xf3,
1955 0xef, 0x42, 0x67, 0xbc, 0x21, 0xf2, 0xc2, 0xb8, 0xff, 0x1a, 0x81, 0x05,
1956 0x68, 0x73, 0x62, 0xdf, 0xd7, 0xab, 0x0f, 0x22, 0x89, 0x57, 0x96, 0xd4,
1957 0x93, 0xaf, 0xa1, 0x21, 0xa3, 0x48, 0xe9, 0xf0, 0x97, 0x47, 0xa0, 0x27,
1958 0xba, 0x87, 0xb8, 0x15, 0x5f, 0xff, 0x2c, 0x50, 0x41, 0xf1, 0x7e, 0xc6,
1959 0x81, 0xc4, 0x51, 0xf1, 0xfd, 0xd6, 0x86, 0xf7, 0x69, 0x97, 0xf1, 0x49,
1960 0xc9, 0xf9, 0xf4, 0x9b, 0xf4, 0xe8, 0x85, 0xa7, 0xbd, 0x36, 0x55, 0x4a,
1961 0x3d, 0xe8, 0x65, 0x09, 0x7b, 0xb7, 0x12, 0x64, 0xd2, 0x0a, 0x53, 0x60,
1962 0x48, 0xd1, 0x8a, 0xbd
1965 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
1966 || !TEST_ptr(pub = BN_bin2bn(pub_data, sizeof(pub_data), NULL))
1967 || !TEST_ptr(priv = BN_bin2bn(priv_data, sizeof(priv_data), NULL))
1968 || !TEST_ptr(p = BN_bin2bn(p_data, sizeof(p_data), NULL))
1969 || !TEST_ptr(q = BN_bin2bn(q_data, sizeof(q_data), NULL))
1970 || !TEST_ptr(g = BN_bin2bn(g_data, sizeof(g_data), NULL))
1972 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
1973 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
1974 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
1975 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
1976 OSSL_PKEY_PARAM_FFC_SEED,
1979 || !TEST_true(OSSL_PARAM_BLD_push_int(bld, OSSL_PKEY_PARAM_FFC_GINDEX,
1981 || !TEST_true(OSSL_PARAM_BLD_push_int(bld,
1982 OSSL_PKEY_PARAM_FFC_PCOUNTER,
1984 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
1986 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
1988 || !TEST_ptr(fromdata_params = OSSL_PARAM_BLD_to_param(bld)))
1991 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(NULL, "DSA", NULL)))
1994 if (!TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1)
1995 || !TEST_int_eq(EVP_PKEY_fromdata(ctx, &pk, EVP_PKEY_KEYPAIR,
1996 fromdata_params), 1))
2001 if (!TEST_int_eq(EVP_PKEY_get_bits(pk), 2048)
2002 || !TEST_int_eq(EVP_PKEY_get_security_bits(pk), 112)
2003 || !TEST_int_eq(EVP_PKEY_get_size(pk), 2 + 2 * (3 + sizeof(q_data)))
2004 || !TEST_false(EVP_PKEY_missing_parameters(pk)))
2007 if (!TEST_false(EVP_PKEY_get_utf8_string_param(pk,
2008 OSSL_PKEY_PARAM_GROUP_NAME,
2012 || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_PUB_KEY,
2014 || !TEST_BN_eq(pub, pub_out)
2015 || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_PRIV_KEY,
2017 || !TEST_BN_eq(priv, priv_out)
2018 || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_FFC_P,
2020 || !TEST_BN_eq(p, p_out)
2021 || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_FFC_Q,
2023 || !TEST_BN_eq(q, q_out)
2024 || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_FFC_G,
2026 || !TEST_BN_eq(g, g_out)
2027 || !TEST_false(EVP_PKEY_get_bn_param(pk,
2028 OSSL_PKEY_PARAM_FFC_COFACTOR,
2030 || !TEST_ptr_null(j_out)
2031 || !TEST_true(EVP_PKEY_get_octet_string_param(pk,
2032 OSSL_PKEY_PARAM_FFC_SEED,
2036 || !TEST_true(EVP_PKEY_get_int_param(pk,
2037 OSSL_PKEY_PARAM_FFC_GINDEX,
2039 || !TEST_int_eq(gindex, gindex_out)
2040 || !TEST_true(EVP_PKEY_get_int_param(pk, OSSL_PKEY_PARAM_FFC_H,
2042 || !TEST_int_eq(hindex_out, 0)
2043 || !TEST_true(EVP_PKEY_get_int_param(pk,
2044 OSSL_PKEY_PARAM_FFC_PCOUNTER,
2046 || !TEST_int_eq(pcounter, pcounter_out))
2061 if (!TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(NULL, pk, "")))
2064 if (!TEST_int_gt(EVP_PKEY_check(key_ctx), 0)
2065 || !TEST_int_gt(EVP_PKEY_public_check(key_ctx), 0)
2066 || !TEST_int_gt(EVP_PKEY_private_check(key_ctx), 0)
2067 || !TEST_int_gt(EVP_PKEY_pairwise_check(key_ctx), 0))
2069 EVP_PKEY_CTX_free(key_ctx);
2072 if (!TEST_ptr(copy_pk = EVP_PKEY_new())
2073 || !TEST_true(EVP_PKEY_copy_parameters(copy_pk, pk)))
2075 EVP_PKEY_free(copy_pk);
2078 ret = test_print_key_using_pem("DSA", pk)
2079 && test_print_key_using_encoder("DSA", pk);
2081 if (!ret || dup_pk != NULL)
2084 if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pk)))
2086 ret = ret && TEST_int_eq(EVP_PKEY_eq(pk, dup_pk), 1);
2094 OSSL_PARAM_free(fromdata_params);
2095 OSSL_PARAM_BLD_free(bld);
2108 EVP_PKEY_free(copy_pk);
2109 EVP_PKEY_CTX_free(ctx);
2110 EVP_PKEY_CTX_free(key_ctx);
2115 static int test_check_dsa(void)
2118 EVP_PKEY_CTX *ctx = NULL;
2120 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(NULL, "DSA", NULL))
2121 || !TEST_int_le(EVP_PKEY_check(ctx), 0)
2122 || !TEST_int_le(EVP_PKEY_public_check(ctx), 0)
2123 || !TEST_int_le(EVP_PKEY_private_check(ctx), 0)
2124 || !TEST_int_le(EVP_PKEY_pairwise_check(ctx), 0))
2129 EVP_PKEY_CTX_free(ctx);
2133 #endif /* OPENSSL_NO_DSA */
2136 static OSSL_PARAM *do_construct_hkdf_params(char *digest, char *key,
2137 size_t keylen, char *salt)
2139 OSSL_PARAM *params = OPENSSL_malloc(sizeof(OSSL_PARAM) * 5);
2140 OSSL_PARAM *p = params;
2142 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, digest, 0);
2143 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT,
2144 salt, strlen(salt));
2145 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY,
2146 (unsigned char *)key, keylen);
2147 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MODE,
2149 *p = OSSL_PARAM_construct_end();
2154 static int test_evp_pkey_ctx_dup_kdf(void)
2157 size_t len = 0, dlen = 0;
2158 EVP_PKEY_CTX *pctx = NULL, *dctx = NULL;
2159 OSSL_PARAM *params = NULL;
2161 if (!TEST_ptr(params = do_construct_hkdf_params("sha256", "secret", 6,
2164 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(NULL, "HKDF", NULL)))
2166 if (!TEST_int_eq(EVP_PKEY_derive_init_ex(pctx, params), 1))
2168 if (!TEST_ptr(dctx = EVP_PKEY_CTX_dup(pctx)))
2170 if (!TEST_int_eq(EVP_PKEY_derive(pctx, NULL, &len), 1)
2171 || !TEST_size_t_eq(len, SHA256_DIGEST_LENGTH)
2172 || !TEST_int_eq(EVP_PKEY_derive(dctx, NULL, &dlen), 1)
2173 || !TEST_size_t_eq(dlen, SHA256_DIGEST_LENGTH))
2177 OPENSSL_free(params);
2178 EVP_PKEY_CTX_free(dctx);
2179 EVP_PKEY_CTX_free(pctx);
2183 int setup_tests(void)
2185 if (!test_skip_common_options()) {
2186 TEST_error("Error parsing test options\n");
2190 if (!TEST_ptr(datadir = test_get_argument(0)))
2193 ADD_TEST(test_evp_pkey_ctx_dup_kdf);
2194 ADD_TEST(test_evp_pkey_get_bn_param_large);
2195 ADD_TEST(test_fromdata_rsa);
2196 ADD_TEST(test_fromdata_rsa_derive_from_pq_sp800);
2197 ADD_TEST(test_fromdata_rsa_derive_from_pq_multiprime);
2198 #ifndef OPENSSL_NO_DH
2199 ADD_TEST(test_fromdata_dh_fips186_4);
2200 ADD_TEST(test_fromdata_dh_named_group);
2202 #ifndef OPENSSL_NO_DSA
2203 ADD_TEST(test_check_dsa);
2204 ADD_TEST(test_fromdata_dsa_fips186_4);
2206 #ifndef OPENSSL_NO_EC
2207 # ifndef OPENSSL_NO_ECX
2208 ADD_ALL_TESTS(test_fromdata_ecx, 4 * 3);
2210 ADD_TEST(test_fromdata_ec);
2211 ADD_TEST(test_ec_dup_no_operation);
2212 ADD_TEST(test_ec_dup_keygen_operation);