2 * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 #include <string.h> /* memset */
11 #include <openssl/evp.h>
12 #include <openssl/pem.h>
13 #include <openssl/encoder.h>
14 #include <openssl/provider.h>
15 #include <openssl/param_build.h>
16 #include <openssl/core_names.h>
17 #include <openssl/sha.h>
18 #include "crypto/ecx.h"
19 #include "crypto/evp.h" /* For the internal API */
20 #include "crypto/bn_dh.h" /* _bignum_ffdhe2048_p */
21 #include "internal/nelem.h"
24 static char *datadir = NULL;
27 * Do not change the order of the following defines unless you also
28 * update the for loop bounds used inside test_print_key_using_encoder() and
29 * test_print_key_using_encoder_public().
38 static void stripcr(char *buf, size_t *len)
43 for (i = *len, curr = buf, writ = buf; i > 0; i--, curr++) {
54 static int compare_with_file(const char *alg, int type, BIO *membio)
59 char *memdata, *fullfile = NULL;
92 TEST_error("Invalid file type");
96 BIO_snprintf(filename, sizeof(filename), "%s.%s", alg, suffix);
97 fullfile = test_mk_file_path(datadir, filename);
98 if (!TEST_ptr(fullfile))
101 file = BIO_new_file(fullfile, "rb");
105 if (!TEST_true(BIO_read_ex(file, buf, sizeof(buf), &readbytes))
106 || !TEST_true(BIO_eof(file))
107 || !TEST_size_t_lt(readbytes, sizeof(buf)))
110 len = BIO_get_mem_data(membio, &memdata);
111 if (!TEST_int_gt(len, 0))
115 if (type != PRIV_DER && type != PUB_DER) {
116 stripcr(memdata, &slen);
117 stripcr(buf, &readbytes);
120 if (!TEST_mem_eq(memdata, slen, buf, readbytes))
125 OPENSSL_free(fullfile);
126 (void)BIO_reset(membio);
131 static int pass_cb(char *buf, int size, int rwflag, void *u)
136 static int pass_cb_error(char *buf, int size, int rwflag, void *u)
141 static int test_print_key_using_pem(const char *alg, const EVP_PKEY *pk)
143 BIO *membio = BIO_new(BIO_s_mem());
146 if (!TEST_ptr(membio))
149 if (/* Output Encrypted private key in PEM form */
150 !TEST_true(PEM_write_bio_PrivateKey(bio_out, pk, EVP_aes_256_cbc(),
151 (unsigned char *)"pass", 4,
153 /* Output zero-length passphrase encrypted private key in PEM form */
154 || !TEST_true(PEM_write_bio_PKCS8PrivateKey(bio_out, pk,
158 || !TEST_true(PEM_write_bio_PKCS8PrivateKey(bio_out, pk,
161 || !TEST_true(PEM_write_bio_PKCS8PrivateKey(bio_out, pk,
163 NULL, 0, pass_cb, NULL))
164 || !TEST_false(PEM_write_bio_PKCS8PrivateKey(bio_out, pk,
166 NULL, 0, pass_cb_error,
168 #ifndef OPENSSL_NO_DES
169 || !TEST_true(PEM_write_bio_PKCS8PrivateKey_nid(
170 bio_out, pk, NID_pbe_WithSHA1And3_Key_TripleDES_CBC,
171 (const char *)~0, 0, NULL, NULL))
172 || !TEST_true(PEM_write_bio_PKCS8PrivateKey_nid(
173 bio_out, pk, NID_pbe_WithSHA1And3_Key_TripleDES_CBC, NULL, 0,
175 || !TEST_true(PEM_write_bio_PKCS8PrivateKey_nid(
176 bio_out, pk, NID_pbe_WithSHA1And3_Key_TripleDES_CBC, NULL, 0,
178 || !TEST_false(PEM_write_bio_PKCS8PrivateKey_nid(
179 bio_out, pk, NID_pbe_WithSHA1And3_Key_TripleDES_CBC, NULL, 0,
180 pass_cb_error, NULL))
182 /* Private key in text form */
183 || !TEST_int_gt(EVP_PKEY_print_private(membio, pk, 0, NULL), 0)
184 || !TEST_true(compare_with_file(alg, PRIV_TEXT, membio))
185 /* Public key in PEM form */
186 || !TEST_true(PEM_write_bio_PUBKEY(membio, pk))
187 || !TEST_true(compare_with_file(alg, PUB_PEM, membio))
188 /* Unencrypted private key in PEM form */
189 || !TEST_true(PEM_write_bio_PrivateKey(membio, pk,
190 NULL, NULL, 0, NULL, NULL))
191 || !TEST_true(compare_with_file(alg, PRIV_PEM, membio))
193 || !TEST_false(PEM_write_bio_PrivateKey(membio, NULL,
194 NULL, NULL, 0, NULL, NULL))
195 || !TEST_false(PEM_write_bio_PrivateKey_traditional(membio, NULL,
196 NULL, NULL, 0, NULL, NULL)))
205 static int test_print_key_type_using_encoder(const char *alg, int type,
208 const char *output_type, *output_structure;
210 OSSL_ENCODER_CTX *ctx = NULL;
211 BIO *membio = BIO_new(BIO_s_mem());
216 output_type = "TEXT";
217 output_structure = NULL;
218 selection = OSSL_KEYMGMT_SELECT_KEYPAIR
219 | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS;
224 output_structure = "PrivateKeyInfo";
225 selection = OSSL_KEYMGMT_SELECT_KEYPAIR
226 | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS;
231 output_structure = "PrivateKeyInfo";
232 selection = OSSL_KEYMGMT_SELECT_KEYPAIR
233 | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS;
237 output_type = "TEXT";
238 output_structure = NULL;
239 selection = OSSL_KEYMGMT_SELECT_PUBLIC_KEY
240 | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS;
245 output_structure = "SubjectPublicKeyInfo";
246 selection = OSSL_KEYMGMT_SELECT_PUBLIC_KEY
247 | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS;
252 output_structure = "SubjectPublicKeyInfo";
253 selection = OSSL_KEYMGMT_SELECT_PUBLIC_KEY
254 | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS;
258 TEST_error("Invalid encoding type");
262 if (!TEST_ptr(membio))
265 /* Make a context, it's valid for several prints */
266 TEST_note("Setting up a OSSL_ENCODER context with passphrase");
267 if (!TEST_ptr(ctx = OSSL_ENCODER_CTX_new_for_pkey(pk, selection,
271 /* Check that this operation is supported */
272 || !TEST_int_ne(OSSL_ENCODER_CTX_get_num_encoders(ctx), 0))
275 /* Use no cipher. This should give us an unencrypted PEM */
276 TEST_note("Testing with no encryption");
277 if (!TEST_true(OSSL_ENCODER_to_bio(ctx, membio))
278 || !TEST_true(compare_with_file(alg, type, membio)))
281 if (type == PRIV_PEM) {
282 /* Set a passphrase to be used later */
283 if (!TEST_true(OSSL_ENCODER_CTX_set_passphrase(ctx,
284 (unsigned char *)"pass",
288 /* Use a valid cipher name */
289 TEST_note("Displaying PEM encrypted with AES-256-CBC");
290 if (!TEST_true(OSSL_ENCODER_CTX_set_cipher(ctx, "AES-256-CBC", NULL))
291 || !TEST_true(OSSL_ENCODER_to_bio(ctx, bio_out)))
294 /* Use an invalid cipher name, which should generate no output */
295 TEST_note("NOT Displaying PEM encrypted with (invalid) FOO");
296 if (!TEST_false(OSSL_ENCODER_CTX_set_cipher(ctx, "FOO", NULL))
297 || !TEST_false(OSSL_ENCODER_to_bio(ctx, bio_out)))
300 /* Clear the cipher. This should give us an unencrypted PEM again */
301 TEST_note("Testing with encryption cleared (no encryption)");
302 if (!TEST_true(OSSL_ENCODER_CTX_set_cipher(ctx, NULL, NULL))
303 || !TEST_true(OSSL_ENCODER_to_bio(ctx, membio))
304 || !TEST_true(compare_with_file(alg, type, membio)))
310 OSSL_ENCODER_CTX_free(ctx);
314 static int test_print_key_using_encoder(const char *alg, const EVP_PKEY *pk)
319 for (i = PRIV_TEXT; i <= PUB_DER; i++)
320 ret = ret && test_print_key_type_using_encoder(alg, i, pk);
325 #ifndef OPENSSL_NO_ECX
326 static int test_print_key_using_encoder_public(const char *alg,
332 for (i = PUB_TEXT; i <= PUB_DER; i++)
333 ret = ret && test_print_key_type_using_encoder(alg, i, pk);
339 /* Array indexes used in test_fromdata_rsa */
349 static int test_fromdata_rsa(void)
352 EVP_PKEY_CTX *ctx = NULL, *key_ctx = NULL;
353 EVP_PKEY *pk = NULL, *copy_pk = NULL, *dup_pk = NULL;
355 * 32-bit RSA key, extracted from this command,
356 * executed with OpenSSL 1.0.2:
358 * openssl genrsa 32 | openssl rsa -text
360 static unsigned long key_numbers[] = {
370 OSSL_PARAM fromdata_params[] = {
371 OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_N, &key_numbers[N]),
372 OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_E, &key_numbers[E]),
373 OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_D, &key_numbers[D]),
374 OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_FACTOR1, &key_numbers[P]),
375 OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_FACTOR2, &key_numbers[Q]),
376 OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_EXPONENT1, &key_numbers[DP]),
377 OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_EXPONENT2, &key_numbers[DQ]),
378 OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_COEFFICIENT1, &key_numbers[QINV]),
381 BIGNUM *bn = BN_new();
382 BIGNUM *bn_from = BN_new();
384 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(NULL, "RSA", NULL)))
387 if (!TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1)
388 || !TEST_int_eq(EVP_PKEY_fromdata(ctx, &pk, EVP_PKEY_KEYPAIR,
389 fromdata_params), 1))
392 while (dup_pk == NULL) {
394 if (!TEST_int_eq(EVP_PKEY_get_bits(pk), 32)
395 || !TEST_int_eq(EVP_PKEY_get_security_bits(pk), 8)
396 || !TEST_int_eq(EVP_PKEY_get_size(pk), 4)
397 || !TEST_false(EVP_PKEY_missing_parameters(pk)))
400 EVP_PKEY_CTX_free(key_ctx);
401 if (!TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(NULL, pk, "")))
404 if (!TEST_int_gt(EVP_PKEY_check(key_ctx), 0)
405 || !TEST_int_gt(EVP_PKEY_public_check(key_ctx), 0)
406 || !TEST_int_gt(EVP_PKEY_private_check(key_ctx), 0)
407 || !TEST_int_gt(EVP_PKEY_pairwise_check(key_ctx), 0))
410 /* EVP_PKEY_copy_parameters() should fail for RSA */
411 if (!TEST_ptr(copy_pk = EVP_PKEY_new())
412 || !TEST_false(EVP_PKEY_copy_parameters(copy_pk, pk)))
414 EVP_PKEY_free(copy_pk);
417 ret = test_print_key_using_pem("RSA", pk)
418 && test_print_key_using_encoder("RSA", pk);
420 if (!ret || !TEST_ptr(dup_pk = EVP_PKEY_dup(pk)))
422 ret = ret && TEST_int_eq(EVP_PKEY_eq(pk, dup_pk), 1);
429 /* for better diagnostics always compare key params */
430 for (i = 0; fromdata_params[i].key != NULL; ++i) {
431 if (!TEST_true(BN_set_word(bn_from, key_numbers[i]))
432 || !TEST_true(EVP_PKEY_get_bn_param(pk, fromdata_params[i].key,
434 || !TEST_BN_eq(bn, bn_from))
440 EVP_PKEY_free(copy_pk);
441 EVP_PKEY_CTX_free(key_ctx);
442 EVP_PKEY_CTX_free(ctx);
452 static int do_fromdata_rsa_derive(OSSL_PARAM *fromdata_params,
453 struct check_data check[],
454 int expected_nbits, int expected_sbits,
457 const OSSL_PARAM *check_param = NULL;
458 BIGNUM *check_bn = NULL;
459 OSSL_PARAM *todata_params = NULL;
460 EVP_PKEY_CTX *ctx = NULL, *key_ctx = NULL;
461 EVP_PKEY *pk = NULL, *copy_pk = NULL, *dup_pk = NULL;
465 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(NULL, "RSA", NULL))
466 || !TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1)
467 || !TEST_int_eq(EVP_PKEY_fromdata(ctx, &pk, EVP_PKEY_KEYPAIR,
468 fromdata_params), 1))
472 * get the generated key parameters back and validate that the
473 * exponents/coeffs are correct
475 if (!TEST_int_eq(EVP_PKEY_todata(pk, EVP_PKEY_KEYPAIR, &todata_params), 1))
478 for (i = 0; check[i].pname != NULL; i++) {
479 if (!TEST_ptr(check_param = OSSL_PARAM_locate_const(todata_params,
482 if (!TEST_int_eq(OSSL_PARAM_get_BN(check_param, &check_bn), 1))
484 if (!TEST_BN_eq(check_bn, check[i].comparebn)) {
485 TEST_info("Data mismatch for parameter %s", check[i].pname);
492 while (dup_pk == NULL) {
493 if (!TEST_int_eq(EVP_PKEY_get_bits(pk), expected_nbits)
494 || !TEST_int_eq(EVP_PKEY_get_security_bits(pk), expected_sbits)
495 || !TEST_int_eq(EVP_PKEY_get_size(pk), expected_ksize)
496 || !TEST_false(EVP_PKEY_missing_parameters(pk)))
499 EVP_PKEY_CTX_free(key_ctx);
500 if (!TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(NULL, pk, "")))
503 if (!TEST_int_gt(EVP_PKEY_check(key_ctx), 0)
504 || !TEST_int_gt(EVP_PKEY_public_check(key_ctx), 0)
505 || !TEST_int_gt(EVP_PKEY_private_check(key_ctx), 0)
506 || !TEST_int_gt(EVP_PKEY_pairwise_check(key_ctx), 0))
509 /* EVP_PKEY_copy_parameters() should fail for RSA */
510 if (!TEST_ptr(copy_pk = EVP_PKEY_new())
511 || !TEST_false(EVP_PKEY_copy_parameters(copy_pk, pk)))
513 EVP_PKEY_free(copy_pk);
516 if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pk)))
518 if (!TEST_int_eq(EVP_PKEY_eq(pk, dup_pk), 1)) {
519 EVP_PKEY_free(dup_pk);
529 EVP_PKEY_CTX_free(ctx);
530 EVP_PKEY_CTX_free(key_ctx);
531 OSSL_PARAM_free(fromdata_params);
532 OSSL_PARAM_free(todata_params);
536 static int test_fromdata_rsa_derive_from_pq_sp800(void)
538 OSSL_PARAM_BLD *bld = NULL;
539 BIGNUM *n = NULL, *e = NULL, *d = NULL, *p = NULL, *q = NULL;
540 BIGNUM *dmp1 = NULL, *dmq1 = NULL, *iqmp = NULL;
541 OSSL_PARAM *fromdata_params = NULL;
542 struct check_data cdata[4];
545 * 512-bit RSA key, extracted from this command,
546 * openssl genrsa 512 | openssl rsa -text
547 * Note: When generating a key with EVP_PKEY_fromdata, and using
548 * crt derivation, openssl requires a minimum of 512 bits of n data,
549 * and 2048 bits in the FIPS case
551 static unsigned char n_data[] =
552 {0x00, 0xc7, 0x06, 0xd8, 0x6b, 0x3c, 0x4f, 0xb7, 0x95, 0x42, 0x44, 0x90,
553 0xbd, 0xef, 0xf3, 0xc4, 0xb5, 0xa8, 0x55, 0x9e, 0x33, 0xa3, 0x04, 0x3a,
554 0x90, 0xe5, 0x13, 0xff, 0x87, 0x69, 0x15, 0xa4, 0x8a, 0x17, 0x10, 0xcc,
555 0xdf, 0xf9, 0xc5, 0x0f, 0xf1, 0x12, 0xff, 0x12, 0x11, 0xe5, 0x6b, 0x5c,
556 0x83, 0xd9, 0x43, 0xd1, 0x8a, 0x7e, 0xa6, 0x60, 0x07, 0x2e, 0xbb, 0x03,
557 0x17, 0x2d, 0xec, 0x17, 0x87};
558 static unsigned char e_data[] = {0x01, 0x00, 0x01};
559 static unsigned char d_data[] =
560 {0x1e, 0x5e, 0x5d, 0x07, 0x7f, 0xdc, 0x6a, 0x16, 0xcc, 0x55, 0xca, 0x00,
561 0x31, 0x6c, 0xf0, 0xc7, 0x07, 0x38, 0x89, 0x3b, 0x37, 0xd4, 0x9d, 0x5b,
562 0x1e, 0x99, 0x3e, 0x94, 0x5a, 0xe4, 0x82, 0x86, 0x8a, 0x78, 0x34, 0x09,
563 0x37, 0xd5, 0xe7, 0xb4, 0xef, 0x5f, 0x83, 0x94, 0xff, 0xe5, 0x36, 0x79,
564 0x10, 0x0c, 0x38, 0xc5, 0x3a, 0x33, 0xa6, 0x7c, 0x3c, 0xcc, 0x98, 0xe0,
565 0xf5, 0xdb, 0xe6, 0x81};
566 static unsigned char p_data[] =
567 {0x00, 0xf6, 0x61, 0x38, 0x0e, 0x1f, 0x82, 0x7c, 0xb8, 0xba, 0x00, 0xd3,
568 0xac, 0xdc, 0x4e, 0x6b, 0x7e, 0xf7, 0x58, 0xf3, 0xd9, 0xd8, 0x21, 0xed,
569 0x54, 0xa3, 0x36, 0xd2, 0x2c, 0x5f, 0x06, 0x7d, 0xc5};
570 static unsigned char q_data[] =
571 {0x00, 0xce, 0xcc, 0x4a, 0xa5, 0x4f, 0xd6, 0x73, 0xd0, 0x20, 0xc3, 0x98,
572 0x64, 0x20, 0x9b, 0xc1, 0x23, 0xd8, 0x5c, 0x82, 0x4f, 0xe8, 0xa5, 0x32,
573 0xcd, 0x7e, 0x97, 0xb4, 0xde, 0xf6, 0x4c, 0x80, 0xdb};
574 static unsigned char dmp1_data[] =
575 {0x00, 0xd1, 0x07, 0xb6, 0x79, 0x34, 0xfe, 0x8e, 0x36, 0x63, 0x88, 0xa4,
576 0x0e, 0x3a, 0x73, 0x45, 0xfc, 0x58, 0x7a, 0x5d, 0x98, 0xeb, 0x28, 0x0d,
577 0xa5, 0x0b, 0x3c, 0x4d, 0xa0, 0x5b, 0x96, 0xb4, 0x49};
578 static unsigned char dmq1_data[] =
579 {0x5b, 0x47, 0x02, 0xdf, 0xaa, 0xb8, 0xae, 0x8f, 0xbc, 0x16, 0x79, 0x6a,
580 0x20, 0x96, 0x7f, 0x0e, 0x92, 0x4e, 0x6a, 0xda, 0x58, 0x86, 0xaa, 0x40,
581 0xd7, 0xd2, 0xa0, 0x6c, 0x15, 0x6c, 0xb9, 0x27};
582 static unsigned char iqmp_data[] =
583 {0x00, 0xa0, 0xd6, 0xf0, 0xe8, 0x17, 0x9e, 0xe7, 0xe6, 0x99, 0x12, 0xd6,
584 0xd9, 0x43, 0xcf, 0xed, 0x37, 0x29, 0xf5, 0x6c, 0x3e, 0xc1, 0x7f, 0x2e,
585 0x31, 0x3f, 0x64, 0x34, 0x66, 0x68, 0x5c, 0x22, 0x08};
587 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
588 || !TEST_ptr(n = BN_bin2bn(n_data, sizeof(n_data), NULL))
589 || !TEST_ptr(e = BN_bin2bn(e_data, sizeof(e_data), NULL))
590 || !TEST_ptr(d = BN_bin2bn(d_data, sizeof(d_data), NULL))
591 || !TEST_ptr(p = BN_bin2bn(p_data, sizeof(p_data), NULL))
592 || !TEST_ptr(q = BN_bin2bn(q_data, sizeof(q_data), NULL))
593 || !TEST_ptr(dmp1 = BN_bin2bn(dmp1_data, sizeof(dmp1_data), NULL))
594 || !TEST_ptr(dmq1 = BN_bin2bn(dmq1_data, sizeof(dmq1_data), NULL))
595 || !TEST_ptr(iqmp = BN_bin2bn(iqmp_data, sizeof(iqmp_data), NULL))
596 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_N, n))
597 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_E, e))
598 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_D, d))
599 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_FACTOR1,
601 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_FACTOR2,
603 || !TEST_true(OSSL_PARAM_BLD_push_int(bld,
604 OSSL_PKEY_PARAM_RSA_DERIVE_FROM_PQ, 1))
605 || !TEST_ptr(fromdata_params = OSSL_PARAM_BLD_to_param(bld)))
608 cdata[0].pname = OSSL_PKEY_PARAM_RSA_EXPONENT1;
609 cdata[0].comparebn = dmp1;
610 cdata[1].pname = OSSL_PKEY_PARAM_RSA_EXPONENT2;
611 cdata[1].comparebn = dmq1;
612 cdata[2].pname = OSSL_PKEY_PARAM_RSA_COEFFICIENT1;
613 cdata[2].comparebn = iqmp;
614 cdata[3].pname = NULL;
615 cdata[3].comparebn = NULL;
617 ret = do_fromdata_rsa_derive(fromdata_params, cdata, 512, 56, 64);
628 OSSL_PARAM_BLD_free(bld);
632 static int test_fromdata_rsa_derive_from_pq_multiprime(void)
634 OSSL_PARAM_BLD *bld = NULL;
635 BIGNUM *n = NULL, *e = NULL, *d = NULL;
636 BIGNUM *p = NULL, *q = NULL, *p2 = NULL;
637 BIGNUM *dmp1 = NULL, *dmq1 = NULL, *iqmp = NULL;
638 BIGNUM *exp3 = NULL, *coeff2 = NULL;
639 OSSL_PARAM *fromdata_params = NULL;
640 struct check_data cdata[12];
643 * multiprime RSA key, extracted from this command,
644 * openssl genrsa -primes 3 | openssl rsa -text
645 * Note: When generating a key with EVP_PKEY_fromdata, and using
646 * crt derivation, openssl requires a minimum of 512 bits of n data,
647 * and 2048 bits in the FIPS case
649 static unsigned char n_data[] =
650 {0x00, 0x95, 0x78, 0x21, 0xe0, 0xca, 0x94, 0x6c, 0x0b, 0x86, 0x2a, 0x01,
651 0xde, 0xd9, 0xab, 0xee, 0x88, 0x4a, 0x27, 0x4f, 0xcc, 0x5f, 0xf1, 0x71,
652 0xe1, 0x0b, 0xc3, 0xd1, 0x88, 0x76, 0xf0, 0x83, 0x03, 0x93, 0x7e, 0x39,
653 0xfa, 0x47, 0x89, 0x34, 0x27, 0x18, 0x19, 0x97, 0xfc, 0xd4, 0xfe, 0xe5,
654 0x8a, 0xa9, 0x11, 0x83, 0xb5, 0x15, 0x4a, 0x29, 0xa6, 0xa6, 0xd0, 0x6e,
655 0x0c, 0x7f, 0x61, 0x8f, 0x7e, 0x7c, 0xfb, 0xfc, 0x04, 0x8b, 0xca, 0x44,
656 0xf8, 0x59, 0x0b, 0x22, 0x6f, 0x3f, 0x92, 0x23, 0x98, 0xb5, 0xc8, 0xf7,
657 0xff, 0xf7, 0xac, 0x6b, 0x36, 0xb3, 0xaf, 0x39, 0xde, 0x66, 0x38, 0x51,
658 0x9f, 0xbe, 0xe2, 0xfc, 0xe4, 0x6f, 0x1a, 0x0f, 0x7a, 0xde, 0x7f, 0x0f,
659 0x4e, 0xbc, 0xed, 0xa2, 0x99, 0xc5, 0xd1, 0xbf, 0x8f, 0xba, 0x92, 0x91,
660 0xe4, 0x00, 0x91, 0xbb, 0x67, 0x36, 0x7d, 0x00, 0x50, 0xda, 0x28, 0x38,
661 0xdc, 0x9f, 0xfe, 0x3f, 0x24, 0x5a, 0x0d, 0xe1, 0x8d, 0xe9, 0x45, 0x2c,
662 0xd7, 0xf2, 0x67, 0x8c, 0x0c, 0x6e, 0xdb, 0xc8, 0x8b, 0x6b, 0x38, 0x30,
663 0x21, 0x94, 0xc0, 0xe3, 0xd7, 0xe0, 0x23, 0xd3, 0xd4, 0xfa, 0xdb, 0xb9,
664 0xfe, 0x1a, 0xcc, 0xc9, 0x79, 0x19, 0x35, 0x18, 0x42, 0x30, 0xc4, 0xb5,
665 0x92, 0x33, 0x1e, 0xd4, 0xc4, 0xc0, 0x9d, 0x55, 0x37, 0xd4, 0xef, 0x54,
666 0x71, 0x81, 0x09, 0x15, 0xdb, 0x11, 0x38, 0x6b, 0x35, 0x93, 0x11, 0xdc,
667 0xb1, 0x6c, 0xd6, 0xa4, 0x37, 0x84, 0xf3, 0xb2, 0x2f, 0x1b, 0xd6, 0x05,
668 0x9f, 0x0e, 0x5c, 0x98, 0x29, 0x2f, 0x95, 0xb6, 0x55, 0xbd, 0x24, 0x44,
669 0xc5, 0xc8, 0xa2, 0x76, 0x1e, 0xf8, 0x82, 0x8a, 0xdf, 0x34, 0x72, 0x7e,
670 0xdd, 0x65, 0x4b, 0xfc, 0x6c, 0x1c, 0x96, 0x70, 0xe2, 0x69, 0xb5, 0x12,
671 0x1b, 0x59, 0x67, 0x14, 0x9d};
672 static unsigned char e_data[] = {0x01, 0x00, 0x01};
673 static unsigned char d_data[] =
674 {0x64, 0x57, 0x4d, 0x86, 0xf6, 0xf8, 0x44, 0xc0, 0x47, 0xc5, 0x13, 0x94,
675 0x63, 0x54, 0x84, 0xc1, 0x81, 0xe6, 0x7a, 0x2f, 0x9d, 0x89, 0x1d, 0x06,
676 0x13, 0x3b, 0xd6, 0x02, 0x62, 0xb6, 0x7b, 0x7d, 0x7f, 0x1a, 0x92, 0x19,
677 0x6e, 0xc4, 0xb0, 0xfa, 0x3d, 0xb7, 0x90, 0xcc, 0xee, 0xc0, 0x5f, 0xa0,
678 0x82, 0x77, 0x7b, 0x8f, 0xa9, 0x47, 0x2c, 0x46, 0xf0, 0x5d, 0xa4, 0x43,
679 0x47, 0x90, 0x5b, 0x20, 0x73, 0x0f, 0x46, 0xd4, 0x56, 0x73, 0xe7, 0x71,
680 0x41, 0x75, 0xb4, 0x1c, 0x32, 0xf5, 0x0c, 0x68, 0x8c, 0x40, 0xea, 0x1c,
681 0x30, 0x12, 0xa2, 0x65, 0x02, 0x27, 0x98, 0x4e, 0x0a, 0xbf, 0x2b, 0x72,
682 0xb2, 0x5c, 0xe3, 0xbe, 0x3e, 0xc7, 0xdb, 0x9b, 0xa2, 0x4a, 0x90, 0xc0,
683 0xa7, 0xb0, 0x00, 0xf1, 0x6a, 0xff, 0xa3, 0x77, 0xf7, 0x71, 0xa2, 0x41,
684 0xe9, 0x6e, 0x7c, 0x38, 0x24, 0x46, 0xd5, 0x5c, 0x49, 0x2a, 0xe6, 0xee,
685 0x27, 0x4b, 0x2e, 0x6f, 0x16, 0x54, 0x2d, 0x37, 0x36, 0x01, 0x39, 0x2b,
686 0x23, 0x4b, 0xb4, 0x65, 0x25, 0x4d, 0x7f, 0x72, 0x20, 0x7f, 0x5d, 0xec,
687 0x50, 0xba, 0xbb, 0xaa, 0x9c, 0x3c, 0x1d, 0xa1, 0x40, 0x2c, 0x6a, 0x8b,
688 0x5f, 0x2e, 0xe0, 0xa6, 0xf7, 0x9e, 0x03, 0xb5, 0x44, 0x5f, 0x74, 0xc7,
689 0x9f, 0x89, 0x2b, 0x71, 0x2f, 0x66, 0x9f, 0x03, 0x6c, 0x96, 0xd0, 0x23,
690 0x36, 0x4d, 0xa1, 0xf0, 0x82, 0xcc, 0x43, 0xe7, 0x08, 0x93, 0x40, 0x18,
691 0xc0, 0x39, 0x73, 0x83, 0xe2, 0xec, 0x9b, 0x81, 0x9d, 0x4c, 0x86, 0xaa,
692 0x59, 0xa8, 0x67, 0x1c, 0x80, 0xdc, 0x6f, 0x7f, 0x23, 0x6b, 0x7d, 0x2c,
693 0x56, 0x99, 0xa0, 0x89, 0x7e, 0xdb, 0x8b, 0x7a, 0xaa, 0x03, 0x8e, 0x8e,
694 0x8e, 0x3a, 0x58, 0xb4, 0x03, 0x6b, 0x65, 0xfa, 0x92, 0x0a, 0x96, 0x93,
695 0xa6, 0x07, 0x60, 0x01};
696 static unsigned char p_data[] =
697 {0x06, 0x55, 0x7f, 0xbd, 0xfd, 0xa8, 0x4c, 0x94, 0x5e, 0x10, 0x8a, 0x54,
698 0x37, 0xf3, 0x64, 0x37, 0x3a, 0xca, 0x18, 0x1b, 0xdd, 0x71, 0xa5, 0x94,
699 0xc9, 0x31, 0x59, 0xa5, 0x89, 0xe9, 0xc4, 0xba, 0x55, 0x90, 0x6d, 0x9c,
700 0xcc, 0x52, 0x5d, 0x44, 0xa8, 0xbc, 0x2b, 0x3b, 0x8c, 0xbd, 0x96, 0xfa,
701 0xcd, 0x54, 0x63, 0xe3, 0xc8, 0xfe, 0x5e, 0xc6, 0x73, 0x98, 0x14, 0x7a,
702 0x54, 0x0e, 0xe7, 0x75, 0x49, 0x93, 0x20, 0x33, 0x17, 0xa9, 0x34, 0xa8,
703 0xee, 0xaf, 0x3a, 0xcc, 0xf5, 0x69, 0xfc, 0x30, 0x1a, 0xdf, 0x49, 0x61,
705 static unsigned char p2_data[] =
706 {0x03, 0xe2, 0x41, 0x3d, 0xb1, 0xdd, 0xad, 0xd7, 0x3b, 0xf8, 0xab, 0x32,
707 0x27, 0x8b, 0xac, 0x95, 0xc0, 0x1a, 0x3f, 0x80, 0x8e, 0x21, 0xa9, 0xb8,
708 0xa2, 0xed, 0xcf, 0x97, 0x5c, 0x61, 0x10, 0x94, 0x1b, 0xd0, 0xbe, 0x88,
709 0xc2, 0xa7, 0x20, 0xe5, 0xa5, 0xc2, 0x7a, 0x7e, 0xf0, 0xd1, 0xe4, 0x13,
710 0x75, 0xb9, 0x62, 0x90, 0xf1, 0xc3, 0x5b, 0x8c, 0xe9, 0xa9, 0x5b, 0xb7,
711 0x6d, 0xdc, 0xcd, 0x12, 0xea, 0x97, 0x05, 0x04, 0x25, 0x2a, 0x93, 0xd1,
712 0x4e, 0x05, 0x1a, 0x50, 0xa2, 0x67, 0xb8, 0x4b, 0x09, 0x15, 0x65, 0x6c,
714 static unsigned char q_data[] =
715 {0x06, 0x13, 0x74, 0x6e, 0xde, 0x7c, 0x33, 0xc2, 0xe7, 0x05, 0x2c, 0xeb,
716 0x25, 0x7d, 0x4a, 0x07, 0x7e, 0x03, 0xcf, 0x6a, 0x23, 0x36, 0x25, 0x23,
717 0xf6, 0x5d, 0xde, 0xa3, 0x0f, 0x82, 0xe6, 0x4b, 0xec, 0x39, 0xbf, 0x37,
718 0x1f, 0x4f, 0x56, 0x1e, 0xd8, 0x62, 0x32, 0x5c, 0xf5, 0x37, 0x75, 0x20,
719 0xe2, 0x7e, 0x56, 0x82, 0xc6, 0x35, 0xd3, 0x4d, 0xfa, 0x6c, 0xc3, 0x93,
720 0xf0, 0x60, 0x53, 0x78, 0x95, 0xee, 0xf9, 0x8b, 0x2c, 0xaf, 0xb1, 0x47,
721 0x5c, 0x29, 0x0d, 0x2a, 0x47, 0x7f, 0xd0, 0x7a, 0x4e, 0x26, 0x7b, 0x47,
723 static unsigned char dmp1_data[] =
724 {0x01, 0x13, 0x3a, 0x1f, 0x91, 0x92, 0xa3, 0x8c, 0xfb, 0x7a, 0x6b, 0x40,
725 0x68, 0x4e, 0xd3, 0xcf, 0xdc, 0x16, 0xb9, 0x88, 0xe1, 0x49, 0x8d, 0x05,
726 0x78, 0x30, 0xfc, 0x3a, 0x70, 0xf2, 0x51, 0x06, 0x1f, 0xc7, 0xe8, 0x13,
727 0x19, 0x4b, 0x51, 0xb1, 0x79, 0xc2, 0x96, 0xc4, 0x00, 0xdb, 0x9d, 0x68,
728 0xec, 0xb9, 0x4a, 0x4b, 0x3b, 0xae, 0x91, 0x7f, 0xb5, 0xd7, 0x36, 0x82,
729 0x9d, 0x09, 0xfa, 0x97, 0x99, 0xe9, 0x73, 0x29, 0xb8, 0xf6, 0x6b, 0x8d,
730 0xd1, 0x15, 0xc5, 0x31, 0x4c, 0xe6, 0xb4, 0x7b, 0xa5, 0xd4, 0x08, 0xac,
732 static unsigned char dmq1_data[] =
733 {0x05, 0xcd, 0x33, 0xc2, 0xdd, 0x3b, 0xb8, 0xec, 0xe4, 0x4c, 0x03, 0xcc,
734 0xef, 0xba, 0x07, 0x22, 0xca, 0x47, 0x77, 0x18, 0x40, 0x50, 0xe5, 0xfb,
735 0xc5, 0xb5, 0x71, 0xed, 0x3e, 0xd5, 0x5d, 0x72, 0xa7, 0x37, 0xa8, 0x86,
736 0x48, 0xa6, 0x27, 0x74, 0x42, 0x66, 0xd8, 0xf1, 0xfb, 0xcf, 0x1d, 0x4e,
737 0xee, 0x15, 0x76, 0x23, 0x5e, 0x81, 0x6c, 0xa7, 0x2b, 0x74, 0x08, 0xf7,
738 0x4c, 0x71, 0x9d, 0xa2, 0x29, 0x7f, 0xca, 0xd5, 0x02, 0x31, 0x2c, 0x54,
739 0x18, 0x02, 0xb6, 0xa8, 0x65, 0x26, 0xfc, 0xf8, 0x9b, 0x80, 0x90, 0xfc,
741 static unsigned char iqmp_data[] =
742 {0x05, 0x78, 0xf8, 0xdd, 0x1c, 0x6f, 0x3d, 0xaf, 0x53, 0x84, 0x32, 0xa9,
743 0x35, 0x52, 0xf3, 0xd0, 0x4d, 0xf8, 0x09, 0x85, 0x3d, 0x72, 0x20, 0x8b,
744 0x47, 0xba, 0xc8, 0xce, 0xac, 0xd9, 0x76, 0x90, 0x05, 0x88, 0x63, 0x8a,
745 0x10, 0x2b, 0xcd, 0xd3, 0xbe, 0x8c, 0x16, 0x60, 0x6a, 0xfd, 0xce, 0xc7,
746 0x9f, 0xfa, 0xbb, 0xe3, 0xa6, 0xde, 0xc2, 0x8f, 0x1d, 0x25, 0xdc, 0x41,
747 0xcb, 0xa4, 0xeb, 0x76, 0xc9, 0xdc, 0x8e, 0x49, 0x0e, 0xe4, 0x7c, 0xd2,
748 0xd5, 0x6e, 0x26, 0x3c, 0x0b, 0xd3, 0xc5, 0x20, 0x4e, 0x4b, 0xb6, 0xf7,
750 static unsigned char exp3_data[] =
751 {0x02, 0x7d, 0x16, 0x24, 0xfc, 0x35, 0xf9, 0xd0, 0xb3, 0x02, 0xf2, 0x5f,
752 0xde, 0xeb, 0x27, 0x19, 0x85, 0xd0, 0xcb, 0xe4, 0x0a, 0x2f, 0x13, 0xdb,
753 0xd5, 0xba, 0xe0, 0x8c, 0x32, 0x8b, 0x97, 0xdd, 0xef, 0xbc, 0xe0, 0x7a,
754 0x2d, 0x90, 0x7e, 0x09, 0xe9, 0x1f, 0x26, 0xf2, 0xf4, 0x48, 0xea, 0x06,
755 0x76, 0x26, 0xe6, 0x3b, 0xce, 0x4e, 0xc9, 0xf9, 0x0f, 0x38, 0x90, 0x26,
756 0x87, 0x65, 0x36, 0x9a, 0xea, 0x6a, 0xfe, 0xb1, 0xdb, 0x46, 0xdf, 0x14,
757 0xfd, 0x13, 0x53, 0xfb, 0x5b, 0x35, 0x6e, 0xe7, 0xd5, 0xd8, 0x39, 0xf7,
759 static unsigned char coeff2_data[] =
760 {0x01, 0xba, 0x66, 0x0a, 0xa2, 0x86, 0xc0, 0x57, 0x7f, 0x4e, 0x68, 0xb1,
761 0x86, 0x63, 0x23, 0x5b, 0x0e, 0xeb, 0x93, 0x42, 0xd1, 0xaa, 0x15, 0x13,
762 0xcc, 0x29, 0x71, 0x8a, 0xb0, 0xe0, 0xc9, 0x67, 0xde, 0x1a, 0x7c, 0x1a,
763 0xef, 0xa7, 0x08, 0x85, 0xb3, 0xae, 0x98, 0x99, 0xde, 0xaf, 0x09, 0x38,
764 0xfc, 0x46, 0x29, 0x5f, 0x4f, 0x7e, 0x01, 0x6c, 0x50, 0x13, 0x95, 0x91,
765 0x4c, 0x0f, 0x00, 0xba, 0xca, 0x40, 0xa3, 0xd0, 0x58, 0xb6, 0x62, 0x4c,
766 0xd1, 0xb6, 0xd3, 0x29, 0x5d, 0x82, 0xb3, 0x3d, 0x61, 0xbe, 0x5d, 0xf0,
769 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
770 || !TEST_ptr(n = BN_bin2bn(n_data, sizeof(n_data), NULL))
771 || !TEST_ptr(e = BN_bin2bn(e_data, sizeof(e_data), NULL))
772 || !TEST_ptr(d = BN_bin2bn(d_data, sizeof(d_data), NULL))
773 || !TEST_ptr(p = BN_bin2bn(p_data, sizeof(p_data), NULL))
774 || !TEST_ptr(q = BN_bin2bn(q_data, sizeof(q_data), NULL))
775 || !TEST_ptr(p2 = BN_bin2bn(p2_data, sizeof(p2_data), NULL))
776 || !TEST_ptr(exp3 = BN_bin2bn(exp3_data, sizeof(exp3_data), NULL))
777 || !TEST_ptr(coeff2 = BN_bin2bn(coeff2_data, sizeof(coeff2_data), NULL))
778 || !TEST_ptr(dmp1 = BN_bin2bn(dmp1_data, sizeof(dmp1_data), NULL))
779 || !TEST_ptr(dmq1 = BN_bin2bn(dmq1_data, sizeof(dmq1_data), NULL))
780 || !TEST_ptr(iqmp = BN_bin2bn(iqmp_data, sizeof(iqmp_data), NULL))
781 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_N, n))
782 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_E, e))
783 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_D, d))
784 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_FACTOR1,
786 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_FACTOR2,
788 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_FACTOR3,
790 || !TEST_true(OSSL_PARAM_BLD_push_int(bld,
791 OSSL_PKEY_PARAM_RSA_DERIVE_FROM_PQ, 1))
792 || !TEST_ptr(fromdata_params = OSSL_PARAM_BLD_to_param(bld)))
795 cdata[0].pname = OSSL_PKEY_PARAM_RSA_EXPONENT1;
796 cdata[0].comparebn = dmp1;
797 cdata[1].pname = OSSL_PKEY_PARAM_RSA_EXPONENT2;
798 cdata[1].comparebn = dmq1;
799 cdata[2].pname = OSSL_PKEY_PARAM_RSA_COEFFICIENT1;
800 cdata[2].comparebn = iqmp;
801 cdata[3].pname = OSSL_PKEY_PARAM_RSA_EXPONENT3;
802 cdata[3].comparebn = exp3;
803 cdata[4].pname = OSSL_PKEY_PARAM_RSA_COEFFICIENT2;
804 cdata[4].comparebn = coeff2;
805 cdata[5].pname = OSSL_PKEY_PARAM_RSA_N;
806 cdata[5].comparebn = n;
807 cdata[6].pname = OSSL_PKEY_PARAM_RSA_E;
808 cdata[6].comparebn = e;
809 cdata[7].pname = OSSL_PKEY_PARAM_RSA_D;
810 cdata[7].comparebn = d;
811 cdata[8].pname = OSSL_PKEY_PARAM_RSA_FACTOR1;
812 cdata[8].comparebn = p;
813 cdata[9].pname = OSSL_PKEY_PARAM_RSA_FACTOR2;
814 cdata[9].comparebn = q;
815 cdata[10].pname = OSSL_PKEY_PARAM_RSA_FACTOR3;
816 cdata[10].comparebn = p2;
817 cdata[11].pname = NULL;
818 cdata[11].comparebn = NULL;
820 ret = do_fromdata_rsa_derive(fromdata_params, cdata, 2048, 112, 256);
834 OSSL_PARAM_BLD_free(bld);
838 static int test_evp_pkey_get_bn_param_large(void)
841 EVP_PKEY_CTX *ctx = NULL, *key_ctx = NULL;
843 OSSL_PARAM_BLD *bld = NULL;
844 OSSL_PARAM *fromdata_params = NULL;
845 BIGNUM *n = NULL, *e = NULL, *d = NULL, *n_out = NULL;
847 * The buffer size chosen here for n_data larger than the buffer used
848 * internally in EVP_PKEY_get_bn_param.
850 static unsigned char n_data[2050];
851 static const unsigned char e_data[] = {
854 static const unsigned char d_data[] = {
855 0x99, 0x33, 0x13, 0x7b
858 /* N is a large buffer */
859 memset(n_data, 0xCE, sizeof(n_data));
861 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
862 || !TEST_ptr(n = BN_bin2bn(n_data, sizeof(n_data), NULL))
863 || !TEST_ptr(e = BN_bin2bn(e_data, sizeof(e_data), NULL))
864 || !TEST_ptr(d = BN_bin2bn(d_data, sizeof(d_data), NULL))
865 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_N, n))
866 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_E, e))
867 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_D, d))
868 || !TEST_ptr(fromdata_params = OSSL_PARAM_BLD_to_param(bld))
869 || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(NULL, "RSA", NULL))
870 || !TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1)
871 || !TEST_int_eq(EVP_PKEY_fromdata(ctx, &pk, EVP_PKEY_KEYPAIR,
873 || !TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(NULL, pk, ""))
874 || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_RSA_N, &n_out))
875 || !TEST_BN_eq(n, n_out))
884 EVP_PKEY_CTX_free(key_ctx);
885 EVP_PKEY_CTX_free(ctx);
886 OSSL_PARAM_free(fromdata_params);
887 OSSL_PARAM_BLD_free(bld);
892 #ifndef OPENSSL_NO_DH
893 static int test_fromdata_dh_named_group(void)
896 int gindex = 0, pcounter = 0, hindex = 0;
897 EVP_PKEY_CTX *ctx = NULL, *key_ctx = NULL;
898 EVP_PKEY *pk = NULL, *copy_pk = NULL, *dup_pk = NULL;
900 BIGNUM *pub = NULL, *priv = NULL;
901 BIGNUM *pub_out = NULL, *priv_out = NULL;
902 BIGNUM *p = NULL, *q = NULL, *g = NULL, *j = NULL;
903 OSSL_PARAM *fromdata_params = NULL;
904 OSSL_PARAM_BLD *bld = NULL;
906 unsigned char seed_out[32];
909 * DH key data was generated using the following:
910 * openssl genpkey -algorithm DH -pkeyopt group:ffdhe2048
911 * -pkeyopt priv_len:224 -text
913 static const unsigned char priv_data[] = {
914 0x88, 0x85, 0xe7, 0x9f, 0xee, 0x6d, 0xc5, 0x7c, 0x78, 0xaf, 0x63, 0x5d,
915 0x38, 0x2a, 0xd0, 0xed, 0x56, 0x4b, 0x47, 0x21, 0x2b, 0xfa, 0x55, 0xfa,
916 0x87, 0xe8, 0xa9, 0x7b,
918 static const unsigned char pub_data[] = {
919 0x00, 0xd6, 0x2d, 0x77, 0xe0, 0xd3, 0x7d, 0xf8, 0xeb, 0x98, 0x50, 0xa1,
920 0x82, 0x22, 0x65, 0xd5, 0xd9, 0xfe, 0xc9, 0x3f, 0xbe, 0x16, 0x83, 0xbd,
921 0x33, 0xe9, 0xc6, 0x93, 0xcf, 0x08, 0xaf, 0x83, 0xfa, 0x80, 0x8a, 0x6c,
922 0x64, 0xdf, 0x70, 0x64, 0xd5, 0x0a, 0x7c, 0x5a, 0x72, 0xda, 0x66, 0xe6,
923 0xf9, 0xf5, 0x31, 0x21, 0x92, 0xb0, 0x60, 0x1a, 0xb5, 0xd3, 0xf0, 0xa5,
924 0xfa, 0x48, 0x95, 0x2e, 0x38, 0xd9, 0xc5, 0xe6, 0xda, 0xfb, 0x6c, 0x03,
925 0x9d, 0x4b, 0x69, 0xb7, 0x95, 0xe4, 0x5c, 0xc0, 0x93, 0x4f, 0x48, 0xd9,
926 0x7e, 0x06, 0x22, 0xb2, 0xde, 0xf3, 0x79, 0x24, 0xed, 0xe1, 0xd1, 0x4a,
927 0x57, 0xf1, 0x40, 0x86, 0x70, 0x42, 0x25, 0xc5, 0x27, 0x68, 0xc9, 0xfa,
928 0xe5, 0x8e, 0x62, 0x7e, 0xff, 0x49, 0x6c, 0x5b, 0xb5, 0xba, 0xf9, 0xef,
929 0x9a, 0x1a, 0x10, 0xd4, 0x81, 0x53, 0xcf, 0x83, 0x04, 0x18, 0x1c, 0xe1,
930 0xdb, 0xe1, 0x65, 0xa9, 0x7f, 0xe1, 0x33, 0xeb, 0xc3, 0x4f, 0xe3, 0xb7,
931 0x22, 0xf7, 0x1c, 0x09, 0x4f, 0xed, 0xc6, 0x07, 0x8e, 0x78, 0x05, 0x8f,
932 0x7c, 0x96, 0xd9, 0x12, 0xe0, 0x81, 0x74, 0x1a, 0xe9, 0x13, 0xc0, 0x20,
933 0x82, 0x65, 0xbb, 0x42, 0x3b, 0xed, 0x08, 0x6a, 0x84, 0x4f, 0xea, 0x77,
934 0x14, 0x32, 0xf9, 0xed, 0xc2, 0x12, 0xd6, 0xc5, 0xc6, 0xb3, 0xe5, 0xf2,
935 0x6e, 0xf6, 0x16, 0x7f, 0x37, 0xde, 0xbc, 0x09, 0xc7, 0x06, 0x6b, 0x12,
936 0xbc, 0xad, 0x2d, 0x49, 0x25, 0xd5, 0xdc, 0xf4, 0x18, 0x14, 0xd2, 0xf0,
937 0xf1, 0x1d, 0x1f, 0x3a, 0xaa, 0x15, 0x55, 0xbb, 0x0d, 0x7f, 0xbe, 0x67,
938 0xa1, 0xa7, 0xf0, 0xaa, 0xb3, 0xfb, 0x41, 0x82, 0x39, 0x49, 0x93, 0xbc,
939 0xa8, 0xee, 0x72, 0x13, 0x45, 0x65, 0x15, 0x42, 0x17, 0xaa, 0xd8, 0xab,
940 0xcf, 0x33, 0x42, 0x83, 0x42
942 static const char group_name[] = "ffdhe2048";
943 static const long priv_len = 224;
945 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
946 || !TEST_ptr(pub = BN_bin2bn(pub_data, sizeof(pub_data), NULL))
947 || !TEST_ptr(priv = BN_bin2bn(priv_data, sizeof(priv_data), NULL))
948 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
949 OSSL_PKEY_PARAM_GROUP_NAME,
951 || !TEST_true(OSSL_PARAM_BLD_push_long(bld, OSSL_PKEY_PARAM_DH_PRIV_LEN,
953 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY, pub))
954 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY, priv))
955 || !TEST_ptr(fromdata_params = OSSL_PARAM_BLD_to_param(bld)))
958 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(NULL, "DH", NULL)))
961 if (!TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1)
962 || !TEST_int_eq(EVP_PKEY_fromdata(ctx, &pk, EVP_PKEY_KEYPAIR,
963 fromdata_params), 1))
967 * A few extra checks of EVP_PKEY_get_utf8_string_param() to see that
968 * it behaves as expected with regards to string length and terminating
971 if (!TEST_true(EVP_PKEY_get_utf8_string_param(pk,
972 OSSL_PKEY_PARAM_GROUP_NAME,
973 NULL, sizeof(name_out),
975 || !TEST_size_t_eq(len, sizeof(group_name) - 1)
976 /* Just enough space to hold the group name and a terminating NUL */
977 || !TEST_true(EVP_PKEY_get_utf8_string_param(pk,
978 OSSL_PKEY_PARAM_GROUP_NAME,
982 || !TEST_size_t_eq(len, sizeof(group_name) - 1)
983 /* Too small buffer to hold the terminating NUL byte */
984 || !TEST_false(EVP_PKEY_get_utf8_string_param(pk,
985 OSSL_PKEY_PARAM_GROUP_NAME,
987 sizeof(group_name) - 1,
989 /* Too small buffer to hold the whole group name, even! */
990 || !TEST_false(EVP_PKEY_get_utf8_string_param(pk,
991 OSSL_PKEY_PARAM_GROUP_NAME,
993 sizeof(group_name) - 2,
997 while (dup_pk == NULL) {
999 if (!TEST_int_eq(EVP_PKEY_get_bits(pk), 2048)
1000 || !TEST_int_eq(EVP_PKEY_get_security_bits(pk), 112)
1001 || !TEST_int_eq(EVP_PKEY_get_size(pk), 256)
1002 || !TEST_false(EVP_PKEY_missing_parameters(pk)))
1005 if (!TEST_true(EVP_PKEY_get_utf8_string_param(pk,
1006 OSSL_PKEY_PARAM_GROUP_NAME,
1010 || !TEST_str_eq(name_out, group_name)
1011 || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_PUB_KEY,
1014 || !TEST_BN_eq(pub, pub_out)
1015 || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_PRIV_KEY,
1017 || !TEST_BN_eq(priv, priv_out)
1018 || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_FFC_P, &p))
1019 || !TEST_BN_eq(&ossl_bignum_ffdhe2048_p, p)
1020 || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_FFC_Q, &q))
1022 || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_FFC_G, &g))
1023 || !TEST_BN_eq(&ossl_bignum_const_2, g)
1024 || !TEST_false(EVP_PKEY_get_bn_param(pk,
1025 OSSL_PKEY_PARAM_FFC_COFACTOR,
1027 || !TEST_ptr_null(j)
1028 || !TEST_false(EVP_PKEY_get_octet_string_param(pk,
1029 OSSL_PKEY_PARAM_FFC_SEED,
1033 || !TEST_true(EVP_PKEY_get_int_param(pk, OSSL_PKEY_PARAM_FFC_GINDEX,
1035 || !TEST_int_eq(gindex, -1)
1036 || !TEST_true(EVP_PKEY_get_int_param(pk, OSSL_PKEY_PARAM_FFC_H,
1038 || !TEST_int_eq(hindex, 0)
1039 || !TEST_true(EVP_PKEY_get_int_param(pk,
1040 OSSL_PKEY_PARAM_FFC_PCOUNTER,
1042 || !TEST_int_eq(pcounter, -1))
1057 if (!TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(NULL, pk, "")))
1060 if (!TEST_int_gt(EVP_PKEY_check(key_ctx), 0)
1061 || !TEST_int_gt(EVP_PKEY_public_check(key_ctx), 0)
1062 || !TEST_int_gt(EVP_PKEY_private_check(key_ctx), 0)
1063 || !TEST_int_gt(EVP_PKEY_pairwise_check(key_ctx), 0))
1065 EVP_PKEY_CTX_free(key_ctx);
1068 if (!TEST_ptr(copy_pk = EVP_PKEY_new())
1069 || !TEST_true(EVP_PKEY_copy_parameters(copy_pk, pk)))
1071 EVP_PKEY_free(copy_pk);
1074 ret = test_print_key_using_pem("DH", pk)
1075 && test_print_key_using_encoder("DH", pk);
1077 if (!ret || !TEST_ptr(dup_pk = EVP_PKEY_dup(pk)))
1079 ret = ret && TEST_int_eq(EVP_PKEY_eq(pk, dup_pk), 1);
1094 EVP_PKEY_free(copy_pk);
1096 EVP_PKEY_CTX_free(ctx);
1097 EVP_PKEY_CTX_free(key_ctx);
1098 OSSL_PARAM_free(fromdata_params);
1099 OSSL_PARAM_BLD_free(bld);
1104 static int test_fromdata_dh_fips186_4(void)
1107 int gindex = 0, pcounter = 0, hindex = 0;
1108 EVP_PKEY_CTX *ctx = NULL, *key_ctx = NULL;
1109 EVP_PKEY *pk = NULL, *dup_pk = NULL;
1111 BIGNUM *pub = NULL, *priv = NULL;
1112 BIGNUM *pub_out = NULL, *priv_out = NULL;
1113 BIGNUM *p = NULL, *q = NULL, *g = NULL, *j = NULL;
1114 OSSL_PARAM_BLD *bld = NULL;
1115 OSSL_PARAM *fromdata_params = NULL;
1117 unsigned char seed_out[32];
1120 * DH key data was generated using the following:
1121 * openssl genpkey -algorithm DH
1122 * -pkeyopt group:ffdhe2048 -pkeyopt priv_len:224 -text
1124 static const unsigned char priv_data[] = {
1125 0x88, 0x85, 0xe7, 0x9f, 0xee, 0x6d, 0xc5, 0x7c, 0x78, 0xaf, 0x63, 0x5d,
1126 0x38, 0x2a, 0xd0, 0xed, 0x56, 0x4b, 0x47, 0x21, 0x2b, 0xfa, 0x55, 0xfa,
1127 0x87, 0xe8, 0xa9, 0x7b,
1129 static const unsigned char pub_data[] = {
1130 0xd6, 0x2d, 0x77, 0xe0, 0xd3, 0x7d, 0xf8, 0xeb, 0x98, 0x50, 0xa1, 0x82,
1131 0x22, 0x65, 0xd5, 0xd9, 0xfe, 0xc9, 0x3f, 0xbe, 0x16, 0x83, 0xbd, 0x33,
1132 0xe9, 0xc6, 0x93, 0xcf, 0x08, 0xaf, 0x83, 0xfa, 0x80, 0x8a, 0x6c, 0x64,
1133 0xdf, 0x70, 0x64, 0xd5, 0x0a, 0x7c, 0x5a, 0x72, 0xda, 0x66, 0xe6, 0xf9,
1134 0xf5, 0x31, 0x21, 0x92, 0xb0, 0x60, 0x1a, 0xb5, 0xd3, 0xf0, 0xa5, 0xfa,
1135 0x48, 0x95, 0x2e, 0x38, 0xd9, 0xc5, 0xe6, 0xda, 0xfb, 0x6c, 0x03, 0x9d,
1136 0x4b, 0x69, 0xb7, 0x95, 0xe4, 0x5c, 0xc0, 0x93, 0x4f, 0x48, 0xd9, 0x7e,
1137 0x06, 0x22, 0xb2, 0xde, 0xf3, 0x79, 0x24, 0xed, 0xe1, 0xd1, 0x4a, 0x57,
1138 0xf1, 0x40, 0x86, 0x70, 0x42, 0x25, 0xc5, 0x27, 0x68, 0xc9, 0xfa, 0xe5,
1139 0x8e, 0x62, 0x7e, 0xff, 0x49, 0x6c, 0x5b, 0xb5, 0xba, 0xf9, 0xef, 0x9a,
1140 0x1a, 0x10, 0xd4, 0x81, 0x53, 0xcf, 0x83, 0x04, 0x18, 0x1c, 0xe1, 0xdb,
1141 0xe1, 0x65, 0xa9, 0x7f, 0xe1, 0x33, 0xeb, 0xc3, 0x4f, 0xe3, 0xb7, 0x22,
1142 0xf7, 0x1c, 0x09, 0x4f, 0xed, 0xc6, 0x07, 0x8e, 0x78, 0x05, 0x8f, 0x7c,
1143 0x96, 0xd9, 0x12, 0xe0, 0x81, 0x74, 0x1a, 0xe9, 0x13, 0xc0, 0x20, 0x82,
1144 0x65, 0xbb, 0x42, 0x3b, 0xed, 0x08, 0x6a, 0x84, 0x4f, 0xea, 0x77, 0x14,
1145 0x32, 0xf9, 0xed, 0xc2, 0x12, 0xd6, 0xc5, 0xc6, 0xb3, 0xe5, 0xf2, 0x6e,
1146 0xf6, 0x16, 0x7f, 0x37, 0xde, 0xbc, 0x09, 0xc7, 0x06, 0x6b, 0x12, 0xbc,
1147 0xad, 0x2d, 0x49, 0x25, 0xd5, 0xdc, 0xf4, 0x18, 0x14, 0xd2, 0xf0, 0xf1,
1148 0x1d, 0x1f, 0x3a, 0xaa, 0x15, 0x55, 0xbb, 0x0d, 0x7f, 0xbe, 0x67, 0xa1,
1149 0xa7, 0xf0, 0xaa, 0xb3, 0xfb, 0x41, 0x82, 0x39, 0x49, 0x93, 0xbc, 0xa8,
1150 0xee, 0x72, 0x13, 0x45, 0x65, 0x15, 0x42, 0x17, 0xaa, 0xd8, 0xab, 0xcf,
1151 0x33, 0x42, 0x83, 0x42
1153 static const char group_name[] = "ffdhe2048";
1154 static const long priv_len = 224;
1157 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
1158 || !TEST_ptr(pub = BN_bin2bn(pub_data, sizeof(pub_data), NULL))
1159 || !TEST_ptr(priv = BN_bin2bn(priv_data, sizeof(priv_data), NULL))
1160 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
1161 OSSL_PKEY_PARAM_GROUP_NAME,
1163 || !TEST_true(OSSL_PARAM_BLD_push_long(bld, OSSL_PKEY_PARAM_DH_PRIV_LEN,
1165 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY, pub))
1166 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY, priv))
1167 || !TEST_ptr(fromdata_params = OSSL_PARAM_BLD_to_param(bld)))
1170 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(NULL, "DH", NULL)))
1173 if (!TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1)
1174 || !TEST_int_eq(EVP_PKEY_fromdata(ctx, &pk, EVP_PKEY_KEYPAIR,
1175 fromdata_params), 1))
1178 while (dup_pk == NULL) {
1180 if (!TEST_int_eq(EVP_PKEY_get_bits(pk), 2048)
1181 || !TEST_int_eq(EVP_PKEY_get_security_bits(pk), 112)
1182 || !TEST_int_eq(EVP_PKEY_get_size(pk), 256)
1183 || !TEST_false(EVP_PKEY_missing_parameters(pk)))
1186 if (!TEST_true(EVP_PKEY_get_utf8_string_param(pk,
1187 OSSL_PKEY_PARAM_GROUP_NAME,
1191 || !TEST_str_eq(name_out, group_name)
1192 || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_PUB_KEY,
1194 || !TEST_BN_eq(pub, pub_out)
1195 || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_PRIV_KEY,
1197 || !TEST_BN_eq(priv, priv_out)
1198 || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_FFC_P, &p))
1199 || !TEST_BN_eq(&ossl_bignum_ffdhe2048_p, p)
1200 || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_FFC_Q, &q))
1202 || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_FFC_G, &g))
1203 || !TEST_BN_eq(&ossl_bignum_const_2, g)
1204 || !TEST_false(EVP_PKEY_get_bn_param(pk,
1205 OSSL_PKEY_PARAM_FFC_COFACTOR,
1207 || !TEST_ptr_null(j)
1208 || !TEST_false(EVP_PKEY_get_octet_string_param(pk,
1209 OSSL_PKEY_PARAM_FFC_SEED,
1213 || !TEST_true(EVP_PKEY_get_int_param(pk,
1214 OSSL_PKEY_PARAM_FFC_GINDEX,
1216 || !TEST_int_eq(gindex, -1)
1217 || !TEST_true(EVP_PKEY_get_int_param(pk, OSSL_PKEY_PARAM_FFC_H,
1219 || !TEST_int_eq(hindex, 0)
1220 || !TEST_true(EVP_PKEY_get_int_param(pk,
1221 OSSL_PKEY_PARAM_FFC_PCOUNTER,
1223 || !TEST_int_eq(pcounter, -1))
1238 if (!TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(NULL, pk, "")))
1241 if (!TEST_int_gt(EVP_PKEY_check(key_ctx), 0)
1242 || !TEST_int_gt(EVP_PKEY_public_check(key_ctx), 0)
1243 || !TEST_int_gt(EVP_PKEY_private_check(key_ctx), 0)
1244 || !TEST_int_gt(EVP_PKEY_pairwise_check(key_ctx), 0))
1246 EVP_PKEY_CTX_free(key_ctx);
1249 ret = test_print_key_using_pem("DH", pk)
1250 && test_print_key_using_encoder("DH", pk);
1252 if (!ret || !TEST_ptr(dup_pk = EVP_PKEY_dup(pk)))
1254 ret = ret && TEST_int_eq(EVP_PKEY_eq(pk, dup_pk), 1);
1270 EVP_PKEY_CTX_free(ctx);
1271 EVP_PKEY_CTX_free(key_ctx);
1272 OSSL_PARAM_free(fromdata_params);
1273 OSSL_PARAM_BLD_free(bld);
1282 #ifndef OPENSSL_NO_EC
1283 # ifndef OPENSSL_NO_ECX
1284 /* Array indexes used in test_fromdata_ecx */
1288 # define X25519_IDX 0
1290 # define ED25519_IDX 2
1291 # define ED448_IDX 3
1294 * tst uses indexes 0 ... (3 * 4 - 1)
1295 * For the 4 ECX key types (X25519_IDX..ED448_IDX)
1296 * 0..3 = public + private key.
1297 * 4..7 = private key (This will generate the public key from the private key)
1298 * 8..11 = public key
1300 static int test_fromdata_ecx(int tst)
1303 EVP_PKEY_CTX *ctx = NULL, *ctx2 = NULL;
1304 EVP_PKEY *pk = NULL, *copy_pk = NULL, *dup_pk = NULL;
1305 const char *alg = NULL;
1307 unsigned char out_pub[ED448_KEYLEN];
1308 unsigned char out_priv[ED448_KEYLEN];
1309 OSSL_PARAM params[3] = { OSSL_PARAM_END, OSSL_PARAM_END, OSSL_PARAM_END };
1311 /* ED448_KEYLEN > X448_KEYLEN > X25519_KEYLEN == ED25519_KEYLEN */
1312 static unsigned char key_numbers[4][2][ED448_KEYLEN] = {
1313 /* X25519: Keys from RFC 7748 6.1 */
1317 0x77, 0x07, 0x6d, 0x0a, 0x73, 0x18, 0xa5, 0x7d, 0x3c, 0x16,
1318 0xc1, 0x72, 0x51, 0xb2, 0x66, 0x45, 0xdf, 0x4c, 0x2f, 0x87,
1319 0xeb, 0xc0, 0x99, 0x2a, 0xb1, 0x77, 0xfb, 0xa5, 0x1d, 0xb9,
1324 0x85, 0x20, 0xf0, 0x09, 0x89, 0x30, 0xa7, 0x54, 0x74, 0x8b,
1325 0x7d, 0xdc, 0xb4, 0x3e, 0xf7, 0x5a, 0x0d, 0xbf, 0x3a, 0x0d,
1326 0x26, 0x38, 0x1a, 0xf4, 0xeb, 0xa4, 0xa9, 0x8e, 0xaa, 0x9b,
1330 /* X448: Keys from RFC 7748 6.2 */
1334 0x9a, 0x8f, 0x49, 0x25, 0xd1, 0x51, 0x9f, 0x57, 0x75, 0xcf,
1335 0x46, 0xb0, 0x4b, 0x58, 0x00, 0xd4, 0xee, 0x9e, 0xe8, 0xba,
1336 0xe8, 0xbc, 0x55, 0x65, 0xd4, 0x98, 0xc2, 0x8d, 0xd9, 0xc9,
1337 0xba, 0xf5, 0x74, 0xa9, 0x41, 0x97, 0x44, 0x89, 0x73, 0x91,
1338 0x00, 0x63, 0x82, 0xa6, 0xf1, 0x27, 0xab, 0x1d, 0x9a, 0xc2,
1339 0xd8, 0xc0, 0xa5, 0x98, 0x72, 0x6b
1343 0x9b, 0x08, 0xf7, 0xcc, 0x31, 0xb7, 0xe3, 0xe6, 0x7d, 0x22,
1344 0xd5, 0xae, 0xa1, 0x21, 0x07, 0x4a, 0x27, 0x3b, 0xd2, 0xb8,
1345 0x3d, 0xe0, 0x9c, 0x63, 0xfa, 0xa7, 0x3d, 0x2c, 0x22, 0xc5,
1346 0xd9, 0xbb, 0xc8, 0x36, 0x64, 0x72, 0x41, 0xd9, 0x53, 0xd4,
1347 0x0c, 0x5b, 0x12, 0xda, 0x88, 0x12, 0x0d, 0x53, 0x17, 0x7f,
1348 0x80, 0xe5, 0x32, 0xc4, 0x1f, 0xa0
1351 /* ED25519: Keys from RFC 8032 */
1355 0x9d, 0x61, 0xb1, 0x9d, 0xef, 0xfd, 0x5a, 0x60, 0xba, 0x84,
1356 0x4a, 0xf4, 0x92, 0xec, 0x2c, 0xc4, 0x44, 0x49, 0xc5, 0x69,
1357 0x7b, 0x32, 0x69, 0x19, 0x70, 0x3b, 0xac, 0x03, 0x1c, 0xae,
1362 0xd7, 0x5a, 0x98, 0x01, 0x82, 0xb1, 0x0a, 0xb7, 0xd5, 0x4b,
1363 0xfe, 0xd3, 0xc9, 0x64, 0x07, 0x3a, 0x0e, 0xe1, 0x72, 0xf3,
1364 0xda, 0xa6, 0x23, 0x25, 0xaf, 0x02, 0x1a, 0x68, 0xf7, 0x07,
1368 /* ED448: Keys from RFC 8032 */
1372 0x6c, 0x82, 0xa5, 0x62, 0xcb, 0x80, 0x8d, 0x10, 0xd6, 0x32,
1373 0xbe, 0x89, 0xc8, 0x51, 0x3e, 0xbf, 0x6c, 0x92, 0x9f, 0x34,
1374 0xdd, 0xfa, 0x8c, 0x9f, 0x63, 0xc9, 0x96, 0x0e, 0xf6, 0xe3,
1375 0x48, 0xa3, 0x52, 0x8c, 0x8a, 0x3f, 0xcc, 0x2f, 0x04, 0x4e,
1376 0x39, 0xa3, 0xfc, 0x5b, 0x94, 0x49, 0x2f, 0x8f, 0x03, 0x2e,
1377 0x75, 0x49, 0xa2, 0x00, 0x98, 0xf9, 0x5b
1381 0x5f, 0xd7, 0x44, 0x9b, 0x59, 0xb4, 0x61, 0xfd, 0x2c, 0xe7,
1382 0x87, 0xec, 0x61, 0x6a, 0xd4, 0x6a, 0x1d, 0xa1, 0x34, 0x24,
1383 0x85, 0xa7, 0x0e, 0x1f, 0x8a, 0x0e, 0xa7, 0x5d, 0x80, 0xe9,
1384 0x67, 0x78, 0xed, 0xf1, 0x24, 0x76, 0x9b, 0x46, 0xc7, 0x06,
1385 0x1b, 0xd6, 0x78, 0x3d, 0xf1, 0xe5, 0x0f, 0x6c, 0xd1, 0xfa,
1386 0x1a, 0xbe, 0xaf, 0xe8, 0x25, 0x61, 0x80
1390 OSSL_PARAM x25519_fromdata_params[] = {
1391 OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PRIV_KEY,
1392 key_numbers[X25519_IDX][PRIV_KEY],
1394 OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PUB_KEY,
1395 key_numbers[X25519_IDX][PUB_KEY],
1399 OSSL_PARAM x448_fromdata_params[] = {
1400 OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PRIV_KEY,
1401 key_numbers[X448_IDX][PRIV_KEY],
1403 OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PUB_KEY,
1404 key_numbers[X448_IDX][PUB_KEY],
1408 OSSL_PARAM ed25519_fromdata_params[] = {
1409 OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PRIV_KEY,
1410 key_numbers[ED25519_IDX][PRIV_KEY],
1412 OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PUB_KEY,
1413 key_numbers[ED25519_IDX][PUB_KEY],
1417 OSSL_PARAM ed448_fromdata_params[] = {
1418 OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PRIV_KEY,
1419 key_numbers[ED448_IDX][PRIV_KEY],
1421 OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PUB_KEY,
1422 key_numbers[ED448_IDX][PUB_KEY],
1426 OSSL_PARAM *fromdata_params = NULL;
1427 int bits = 0, security_bits = 0, size = 0;
1428 OSSL_PARAM *orig_fromdata_params = NULL;
1432 fromdata_params = x25519_fromdata_params;
1434 security_bits = X25519_SECURITY_BITS;
1435 size = X25519_KEYLEN;
1440 fromdata_params = x448_fromdata_params;
1442 security_bits = X448_SECURITY_BITS;
1448 fromdata_params = ed25519_fromdata_params;
1449 bits = ED25519_BITS;
1450 security_bits = ED25519_SECURITY_BITS;
1451 size = ED25519_SIGSIZE;
1456 fromdata_params = ed448_fromdata_params;
1458 security_bits = ED448_SECURITY_BITS;
1459 size = ED448_SIGSIZE;
1466 ctx = EVP_PKEY_CTX_new_from_name(NULL, alg, NULL);
1470 orig_fromdata_params = fromdata_params;
1472 /* public key only */
1474 } else if (tst > 3) {
1475 /* private key only */
1476 params[0] = fromdata_params[0];
1477 params[1] = fromdata_params[2];
1478 fromdata_params = params;
1481 if (!TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1)
1482 || !TEST_int_eq(EVP_PKEY_fromdata(ctx, &pk, EVP_PKEY_KEYPAIR,
1483 fromdata_params), 1))
1486 while (dup_pk == NULL) {
1488 if (!TEST_int_eq(EVP_PKEY_get_bits(pk), bits)
1489 || !TEST_int_eq(EVP_PKEY_get_security_bits(pk), security_bits)
1490 || !TEST_int_eq(EVP_PKEY_get_size(pk), size)
1491 || !TEST_false(EVP_PKEY_missing_parameters(pk)))
1494 if (!TEST_ptr(ctx2 = EVP_PKEY_CTX_new_from_pkey(NULL, pk, NULL)))
1497 if (!TEST_int_gt(EVP_PKEY_check(ctx2), 0))
1499 if (!TEST_true(EVP_PKEY_get_octet_string_param(
1500 pk, orig_fromdata_params[PRIV_KEY].key,
1501 out_priv, sizeof(out_priv), &len))
1502 || !TEST_mem_eq(out_priv, len,
1503 orig_fromdata_params[PRIV_KEY].data,
1504 orig_fromdata_params[PRIV_KEY].data_size)
1505 || !TEST_true(EVP_PKEY_get_octet_string_param(
1506 pk, orig_fromdata_params[PUB_KEY].key,
1507 out_pub, sizeof(out_pub), &len))
1508 || !TEST_mem_eq(out_pub, len,
1509 orig_fromdata_params[PUB_KEY].data,
1510 orig_fromdata_params[PUB_KEY].data_size))
1513 /* The private key check should fail if there is only a public key */
1514 if (!TEST_int_gt(EVP_PKEY_public_check(ctx2), 0)
1515 || !TEST_int_le(EVP_PKEY_private_check(ctx2), 0)
1516 || !TEST_int_le(EVP_PKEY_check(ctx2), 0))
1519 EVP_PKEY_CTX_free(ctx2);
1522 if (!TEST_ptr(copy_pk = EVP_PKEY_new())
1523 /* This should succeed because there are no parameters to copy */
1524 || !TEST_true(EVP_PKEY_copy_parameters(copy_pk, pk)))
1526 EVP_PKEY_free(copy_pk);
1530 ret = test_print_key_using_encoder_public(alg, pk);
1532 ret = test_print_key_using_pem(alg, pk)
1533 && test_print_key_using_encoder(alg, pk);
1535 if (!ret || !TEST_ptr(dup_pk = EVP_PKEY_dup(pk)))
1537 ret = ret && TEST_int_eq(EVP_PKEY_eq(pk, dup_pk), 1);
1546 EVP_PKEY_free(copy_pk);
1547 EVP_PKEY_CTX_free(ctx);
1548 EVP_PKEY_CTX_free(ctx2);
1552 # endif /* OPENSSL_NO_ECX */
1554 static int test_fromdata_ec(void)
1557 EVP_PKEY_CTX *ctx = NULL;
1558 EVP_PKEY *pk = NULL, *copy_pk = NULL, *dup_pk = NULL;
1559 OSSL_PARAM_BLD *bld = NULL;
1560 BIGNUM *ec_priv_bn = NULL;
1561 BIGNUM *bn_priv = NULL;
1562 OSSL_PARAM *fromdata_params = NULL;
1563 const char *alg = "EC";
1564 const char *curve = "prime256v1";
1565 const char bad_curve[] = "nonexistent-curve";
1566 OSSL_PARAM nokey_params[2] = {
1570 /* UNCOMPRESSED FORMAT */
1571 static const unsigned char ec_pub_keydata[] = {
1572 POINT_CONVERSION_UNCOMPRESSED,
1573 0x1b, 0x93, 0x67, 0x55, 0x1c, 0x55, 0x9f, 0x63,
1574 0xd1, 0x22, 0xa4, 0xd8, 0xd1, 0x0a, 0x60, 0x6d,
1575 0x02, 0xa5, 0x77, 0x57, 0xc8, 0xa3, 0x47, 0x73,
1576 0x3a, 0x6a, 0x08, 0x28, 0x39, 0xbd, 0xc9, 0xd2,
1577 0x80, 0xec, 0xe9, 0xa7, 0x08, 0x29, 0x71, 0x2f,
1578 0xc9, 0x56, 0x82, 0xee, 0x9a, 0x85, 0x0f, 0x6d,
1579 0x7f, 0x59, 0x5f, 0x8c, 0xd1, 0x96, 0x0b, 0xdf,
1580 0x29, 0x3e, 0x49, 0x07, 0x88, 0x3f, 0x9a, 0x29
1582 /* SAME BUT COMPRESSED FORMAT */
1583 static const unsigned char ec_pub_keydata_compressed[] = {
1584 POINT_CONVERSION_COMPRESSED+1,
1585 0x1b, 0x93, 0x67, 0x55, 0x1c, 0x55, 0x9f, 0x63,
1586 0xd1, 0x22, 0xa4, 0xd8, 0xd1, 0x0a, 0x60, 0x6d,
1587 0x02, 0xa5, 0x77, 0x57, 0xc8, 0xa3, 0x47, 0x73,
1588 0x3a, 0x6a, 0x08, 0x28, 0x39, 0xbd, 0xc9, 0xd2
1590 static const unsigned char ec_priv_keydata[] = {
1591 0x33, 0xd0, 0x43, 0x83, 0xa9, 0x89, 0x56, 0x03,
1592 0xd2, 0xd7, 0xfe, 0x6b, 0x01, 0x6f, 0xe4, 0x59,
1593 0xcc, 0x0d, 0x9a, 0x24, 0x6c, 0x86, 0x1b, 0x2e,
1594 0xdc, 0x4b, 0x4d, 0x35, 0x43, 0xe1, 0x1b, 0xad
1596 unsigned char out_pub[sizeof(ec_pub_keydata)];
1597 char out_curve_name[80];
1598 const OSSL_PARAM *gettable = NULL;
1600 EC_GROUP *group = NULL;
1601 BIGNUM *group_a = NULL;
1602 BIGNUM *group_b = NULL;
1603 BIGNUM *group_p = NULL;
1609 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new()))
1611 if (!TEST_ptr(ec_priv_bn = BN_bin2bn(ec_priv_keydata,
1612 sizeof(ec_priv_keydata), NULL)))
1615 if (OSSL_PARAM_BLD_push_utf8_string(bld, OSSL_PKEY_PARAM_GROUP_NAME,
1619 * We intentionally provide the input point in compressed format,
1620 * and avoid setting `OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT`.
1622 * Later on we check what format is used when exporting the
1623 * `OSSL_PKEY_PARAM_PUB_KEY` and expect to default to uncompressed
1626 if (OSSL_PARAM_BLD_push_octet_string(bld, OSSL_PKEY_PARAM_PUB_KEY,
1627 ec_pub_keydata_compressed,
1628 sizeof(ec_pub_keydata_compressed)) <= 0)
1630 if (OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY, ec_priv_bn) <= 0)
1632 if (!TEST_ptr(fromdata_params = OSSL_PARAM_BLD_to_param(bld)))
1634 ctx = EVP_PKEY_CTX_new_from_name(NULL, alg, NULL);
1638 /* try importing parameters with bad curve first */
1640 OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME,
1641 (char *)bad_curve, sizeof(bad_curve));
1642 if (!TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1)
1643 || !TEST_int_eq(EVP_PKEY_fromdata(ctx, &pk, EVP_PKEY_KEY_PARAMETERS,
1645 || !TEST_ptr_null(pk))
1648 if (!TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1)
1649 || !TEST_int_eq(EVP_PKEY_fromdata(ctx, &pk, EVP_PKEY_KEYPAIR,
1650 fromdata_params), 1))
1653 while (dup_pk == NULL) {
1655 if (!TEST_int_eq(EVP_PKEY_get_bits(pk), 256)
1656 || !TEST_int_eq(EVP_PKEY_get_security_bits(pk), 128)
1657 || !TEST_int_eq(EVP_PKEY_get_size(pk), 2 + 35 * 2)
1658 || !TEST_false(EVP_PKEY_missing_parameters(pk)))
1661 if (!TEST_ptr(copy_pk = EVP_PKEY_new())
1662 || !TEST_true(EVP_PKEY_copy_parameters(copy_pk, pk)))
1664 EVP_PKEY_free(copy_pk);
1667 if (!TEST_ptr(gettable = EVP_PKEY_gettable_params(pk))
1668 || !TEST_ptr(OSSL_PARAM_locate_const(gettable,
1669 OSSL_PKEY_PARAM_GROUP_NAME))
1670 || !TEST_ptr(OSSL_PARAM_locate_const(gettable,
1671 OSSL_PKEY_PARAM_PUB_KEY))
1672 || !TEST_ptr(OSSL_PARAM_locate_const(gettable,
1673 OSSL_PKEY_PARAM_PRIV_KEY)))
1676 if (!TEST_ptr(group = EC_GROUP_new_by_curve_name(OBJ_sn2nid(curve)))
1677 || !TEST_ptr(group_p = BN_new())
1678 || !TEST_ptr(group_a = BN_new())
1679 || !TEST_ptr(group_b = BN_new())
1680 || !TEST_true(EC_GROUP_get_curve(group, group_p, group_a, group_b, NULL)))
1683 if (!TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_EC_A, &a))
1684 || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_EC_B, &b))
1685 || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_EC_P, &p)))
1688 if (!TEST_BN_eq(group_p, p) || !TEST_BN_eq(group_a, a)
1689 || !TEST_BN_eq(group_b, b))
1692 if (!EVP_PKEY_get_utf8_string_param(pk, OSSL_PKEY_PARAM_GROUP_NAME,
1694 sizeof(out_curve_name),
1696 || !TEST_str_eq(out_curve_name, curve)
1697 || !EVP_PKEY_get_octet_string_param(pk, OSSL_PKEY_PARAM_PUB_KEY,
1698 out_pub, sizeof(out_pub), &len)
1701 * Our providers use uncompressed format by default if
1702 * `OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT` was not
1703 * explicitly set, irrespective of the format used for the
1704 * input point given as a param to create this key.
1706 || !TEST_true(out_pub[0] == POINT_CONVERSION_UNCOMPRESSED)
1707 || !TEST_mem_eq(out_pub + 1, len - 1,
1708 ec_pub_keydata + 1, sizeof(ec_pub_keydata) - 1)
1710 || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_PRIV_KEY,
1712 || !TEST_BN_eq(ec_priv_bn, bn_priv))
1717 ret = test_print_key_using_pem(alg, pk)
1718 && test_print_key_using_encoder(alg, pk);
1720 if (!ret || !TEST_ptr(dup_pk = EVP_PKEY_dup(pk)))
1722 ret = ret && TEST_int_eq(EVP_PKEY_eq(pk, dup_pk), 1);
1730 EC_GROUP_free(group);
1738 BN_free(ec_priv_bn);
1739 OSSL_PARAM_free(fromdata_params);
1740 OSSL_PARAM_BLD_free(bld);
1742 EVP_PKEY_free(copy_pk);
1743 EVP_PKEY_CTX_free(ctx);
1747 static int test_ec_dup_no_operation(void)
1750 EVP_PKEY_CTX *pctx = NULL, *ctx = NULL, *kctx = NULL;
1751 EVP_PKEY *param = NULL, *pkey = NULL;
1753 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL))
1754 || !TEST_int_gt(EVP_PKEY_paramgen_init(pctx), 0)
1755 || !TEST_int_gt(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx,
1756 NID_X9_62_prime256v1), 0)
1757 || !TEST_int_gt(EVP_PKEY_paramgen(pctx, ¶m), 0)
1758 || !TEST_ptr(param))
1761 EVP_PKEY_CTX_free(pctx);
1764 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(NULL, param, NULL))
1765 || !TEST_ptr(kctx = EVP_PKEY_CTX_dup(ctx))
1766 || !TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0)
1767 || !TEST_int_gt(EVP_PKEY_keygen(kctx, &pkey), 0))
1771 EVP_PKEY_free(pkey);
1772 EVP_PKEY_free(param);
1773 EVP_PKEY_CTX_free(ctx);
1774 EVP_PKEY_CTX_free(kctx);
1775 EVP_PKEY_CTX_free(pctx);
1779 /* Test that keygen doesn't support EVP_PKEY_CTX_dup */
1780 static int test_ec_dup_keygen_operation(void)
1783 EVP_PKEY_CTX *pctx = NULL, *ctx = NULL, *kctx = NULL;
1784 EVP_PKEY *param = NULL, *pkey = NULL;
1786 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL))
1787 || !TEST_int_gt(EVP_PKEY_paramgen_init(pctx), 0)
1788 || !TEST_int_gt(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx,
1789 NID_X9_62_prime256v1), 0)
1790 || !TEST_int_gt(EVP_PKEY_paramgen(pctx, ¶m), 0)
1791 || !TEST_ptr(param))
1794 EVP_PKEY_CTX_free(pctx);
1797 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(NULL, param, NULL))
1798 || !TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
1799 || !TEST_ptr_null(kctx = EVP_PKEY_CTX_dup(ctx)))
1803 EVP_PKEY_free(pkey);
1804 EVP_PKEY_free(param);
1805 EVP_PKEY_CTX_free(ctx);
1806 EVP_PKEY_CTX_free(kctx);
1807 EVP_PKEY_CTX_free(pctx);
1811 #endif /* OPENSSL_NO_EC */
1813 #ifndef OPENSSL_NO_DSA
1814 static int test_fromdata_dsa_fips186_4(void)
1817 EVP_PKEY_CTX *ctx = NULL, *key_ctx = NULL;
1818 EVP_PKEY *pk = NULL, *copy_pk = NULL, *dup_pk = NULL;
1819 BIGNUM *pub = NULL, *priv = NULL;
1820 BIGNUM *p = NULL, *q = NULL, *g = NULL;
1821 BIGNUM *pub_out = NULL, *priv_out = NULL;
1822 BIGNUM *p_out = NULL, *q_out = NULL, *g_out = NULL, *j_out = NULL;
1823 int gindex_out = 0, pcounter_out = 0, hindex_out = 0;
1825 unsigned char seed_out[32];
1827 OSSL_PARAM_BLD *bld = NULL;
1828 OSSL_PARAM *fromdata_params = NULL;
1831 * DSA parameter data was generated using the following:
1832 * openssl genpkey -genparam -algorithm DSA -pkeyopt pbits:2048 \
1833 * -pkeyopt qbits:256 -pkeyopt type:0 \
1834 * -pkeyopt gindex:1 -out dsa_params.pem -text
1836 static const unsigned char p_data[] = {
1837 0x00, 0xa0, 0xb7, 0x02, 0xc4, 0xac, 0xa6, 0x42, 0xab, 0xf2, 0x34, 0x0b,
1838 0x22, 0x47, 0x1f, 0x33, 0xcf, 0xd5, 0x04, 0xe4, 0x3e, 0xec, 0xa1, 0x21,
1839 0xc8, 0x41, 0x2b, 0xef, 0xb8, 0x1f, 0x0b, 0x5b, 0x88, 0x8b, 0x67, 0xf8,
1840 0x68, 0x6d, 0x7c, 0x4d, 0x96, 0x5f, 0x3c, 0x66, 0xef, 0x58, 0x34, 0xd7,
1841 0xf6, 0xa2, 0x1b, 0xad, 0xc8, 0x12, 0x52, 0xb8, 0xe8, 0x2a, 0x63, 0xcc,
1842 0xea, 0xe7, 0x4e, 0xc8, 0x34, 0x4c, 0x58, 0x59, 0x0a, 0xc2, 0x4a, 0xe4,
1843 0xb4, 0x64, 0x20, 0xf4, 0xf6, 0x0a, 0xcf, 0x86, 0x01, 0x6c, 0x7f, 0x23,
1844 0x4a, 0x51, 0x07, 0x99, 0x42, 0x28, 0x7a, 0xff, 0x18, 0x67, 0x52, 0x64,
1845 0xf2, 0x9a, 0x62, 0x30, 0xc3, 0x00, 0xde, 0x23, 0xe9, 0x11, 0x95, 0x7e,
1846 0xd1, 0x3d, 0x8d, 0xb4, 0x0e, 0x9f, 0x9e, 0xb1, 0x30, 0x03, 0xf0, 0x73,
1847 0xa8, 0x40, 0x48, 0x42, 0x7b, 0x60, 0xa0, 0xc4, 0xf2, 0x3b, 0x2d, 0x0a,
1848 0x0c, 0xb8, 0x19, 0xfb, 0xb4, 0xf8, 0xe0, 0x2a, 0xc7, 0xf1, 0xc0, 0xc6,
1849 0x86, 0x14, 0x60, 0x12, 0x0f, 0xc0, 0xde, 0x4a, 0x67, 0xec, 0xc7, 0xde,
1850 0x76, 0x21, 0x1a, 0x55, 0x7f, 0x86, 0xc3, 0x97, 0x98, 0xce, 0xf5, 0xcd,
1851 0xf0, 0xe7, 0x12, 0xd6, 0x93, 0xee, 0x1b, 0x9b, 0x61, 0xef, 0x05, 0x8c,
1852 0x45, 0x46, 0xd9, 0x64, 0x6f, 0xbe, 0x27, 0xaa, 0x67, 0x01, 0xcc, 0x71,
1853 0xb1, 0x60, 0xce, 0x21, 0xd8, 0x51, 0x17, 0x27, 0x0d, 0x90, 0x3d, 0x18,
1854 0x7c, 0x87, 0x15, 0x8e, 0x48, 0x4c, 0x6c, 0xc5, 0x72, 0xeb, 0xb7, 0x56,
1855 0xf5, 0x6b, 0x60, 0x8f, 0xc2, 0xfd, 0x3f, 0x46, 0x5c, 0x00, 0x91, 0x85,
1856 0x79, 0x45, 0x5b, 0x1c, 0x82, 0xc4, 0x87, 0x50, 0x79, 0xba, 0xcc, 0x1c,
1857 0x32, 0x7e, 0x2e, 0xb8, 0x2e, 0xc5, 0x4e, 0xd1, 0x9b, 0xdb, 0x66, 0x79,
1858 0x7c, 0xfe, 0xaf, 0x6a, 0x05
1860 static const unsigned char q_data[] = {
1861 0xa8, 0xcd, 0xf4, 0x33, 0x7b, 0x13, 0x0a, 0x24, 0xc1, 0xde, 0x4a, 0x04,
1862 0x7b, 0x4b, 0x71, 0x51, 0x32, 0xe9, 0x47, 0x74, 0xbd, 0x0c, 0x21, 0x40,
1863 0x84, 0x12, 0x0a, 0x17, 0x73, 0xdb, 0x29, 0xc7
1865 static const unsigned char g_data[] = {
1866 0x6c, 0xc6, 0xa4, 0x3e, 0x61, 0x84, 0xc1, 0xff, 0x6f, 0x4a, 0x1a, 0x6b,
1867 0xb0, 0x24, 0x4b, 0xd2, 0x92, 0x5b, 0x29, 0x5c, 0x61, 0xb8, 0xc9, 0x2b,
1868 0xd6, 0xf7, 0x59, 0xfd, 0xd8, 0x70, 0x66, 0x77, 0xfc, 0xc1, 0xa4, 0xd4,
1869 0xb0, 0x1e, 0xd5, 0xbf, 0x59, 0x98, 0xb3, 0x66, 0x8b, 0xf4, 0x2e, 0xe6,
1870 0x12, 0x3e, 0xcc, 0xf8, 0x02, 0xb8, 0xc6, 0xc3, 0x47, 0xd2, 0xf5, 0xaa,
1871 0x0c, 0x5f, 0x51, 0xf5, 0xd0, 0x4c, 0x55, 0x3d, 0x07, 0x73, 0xa6, 0x57,
1872 0xce, 0x5a, 0xad, 0x42, 0x0c, 0x13, 0x0f, 0xe2, 0x31, 0x25, 0x8e, 0x72,
1873 0x12, 0x73, 0x10, 0xdb, 0x7f, 0x79, 0xeb, 0x59, 0xfc, 0xfe, 0xf7, 0x0c,
1874 0x1a, 0x81, 0x53, 0x96, 0x22, 0xb8, 0xe7, 0x58, 0xd8, 0x67, 0x80, 0x60,
1875 0xad, 0x8b, 0x55, 0x1c, 0x91, 0xf0, 0x72, 0x9a, 0x7e, 0xad, 0x37, 0xf1,
1876 0x77, 0x18, 0x96, 0x8a, 0x68, 0x70, 0xfc, 0x71, 0xa9, 0xa2, 0xe8, 0x35,
1877 0x27, 0x78, 0xf2, 0xef, 0x59, 0x36, 0x6d, 0x7c, 0xb6, 0x98, 0xd8, 0x1e,
1878 0xfa, 0x25, 0x73, 0x97, 0x45, 0x58, 0xe3, 0xae, 0xbd, 0x52, 0x54, 0x05,
1879 0xd8, 0x26, 0x26, 0xba, 0xba, 0x05, 0xb5, 0xe9, 0xe5, 0x76, 0xae, 0x25,
1880 0xdd, 0xfc, 0x10, 0x89, 0x5a, 0xa9, 0xee, 0x59, 0xc5, 0x79, 0x8b, 0xeb,
1881 0x1e, 0x2c, 0x61, 0xab, 0x0d, 0xd1, 0x10, 0x04, 0x91, 0x32, 0x77, 0x4a,
1882 0xa6, 0x64, 0x53, 0xda, 0x4c, 0xd7, 0x3a, 0x29, 0xd4, 0xf3, 0x82, 0x25,
1883 0x1d, 0x6f, 0x4a, 0x7f, 0xd3, 0x08, 0x3b, 0x42, 0x30, 0x10, 0xd8, 0xd0,
1884 0x97, 0x3a, 0xeb, 0x92, 0x63, 0xec, 0x93, 0x2b, 0x6f, 0x32, 0xd8, 0xcd,
1885 0x80, 0xd3, 0xc0, 0x4c, 0x03, 0xd5, 0xca, 0xbc, 0x8f, 0xc7, 0x43, 0x53,
1886 0x64, 0x66, 0x1c, 0x82, 0x2d, 0xfb, 0xff, 0x39, 0xba, 0xd6, 0x42, 0x62,
1887 0x02, 0x6f, 0x96, 0x36
1889 static const unsigned char seed_data[] = {
1890 0x64, 0x46, 0x07, 0x32, 0x8d, 0x70, 0x9c, 0xb3, 0x8a, 0x35, 0xde, 0x62,
1891 0x00, 0xf2, 0x6d, 0x52, 0x37, 0x4d, 0xb3, 0x84, 0xe1, 0x9d, 0x41, 0x04,
1892 0xda, 0x7b, 0xdc, 0x0d, 0x8b, 0x5e, 0xe0, 0x84
1894 const int gindex = 1;
1895 const int pcounter = 53;
1897 * The keypair was generated using
1898 * openssl genpkey -paramfile dsa_params.pem --pkeyopt pcounter:53 \
1899 * -pkeyopt gindex:1 \
1900 * -pkeyopt hexseed:644607328d709cb38a35de6200f26d -text
1902 static const unsigned char priv_data[] = {
1903 0x00, 0x8f, 0xc5, 0x9e, 0xd0, 0xf7, 0x2a, 0x0b, 0x66, 0xf1, 0x32, 0x73,
1904 0xae, 0xf6, 0xd9, 0xd4, 0xdb, 0x2d, 0x96, 0x55, 0x89, 0xff, 0xef, 0xa8,
1905 0x5f, 0x47, 0x8f, 0xca, 0x02, 0x8a, 0xe1, 0x35, 0x90
1907 static const unsigned char pub_data[] = {
1908 0x44, 0x19, 0xc9, 0x46, 0x45, 0x57, 0xc1, 0xa9, 0xd8, 0x30, 0x99, 0x29,
1909 0x6a, 0x4b, 0x63, 0x71, 0x69, 0x96, 0x35, 0x17, 0xb2, 0x62, 0x9b, 0x80,
1910 0x0a, 0x95, 0x9d, 0x6a, 0xc0, 0x32, 0x0d, 0x07, 0x5f, 0x19, 0x44, 0x02,
1911 0xf1, 0xbd, 0xce, 0xdf, 0x10, 0xf8, 0x02, 0x5d, 0x7d, 0x98, 0x8a, 0x73,
1912 0x89, 0x00, 0xb6, 0x24, 0xd6, 0x33, 0xe7, 0xcf, 0x8b, 0x49, 0x2a, 0xaf,
1913 0x13, 0x1c, 0xb2, 0x52, 0x15, 0xfd, 0x9b, 0xd5, 0x40, 0x4a, 0x1a, 0xda,
1914 0x29, 0x4c, 0x92, 0x7e, 0x66, 0x06, 0xdb, 0x61, 0x86, 0xac, 0xb5, 0xda,
1915 0x3c, 0x7d, 0x73, 0x7e, 0x54, 0x32, 0x68, 0xa5, 0x02, 0xbc, 0x59, 0x47,
1916 0x84, 0xd3, 0x87, 0x71, 0x5f, 0xeb, 0x43, 0x45, 0x24, 0xd3, 0xec, 0x08,
1917 0x52, 0xc2, 0x89, 0x2d, 0x9c, 0x1a, 0xcc, 0x91, 0x65, 0x5d, 0xa3, 0xa1,
1918 0x35, 0x31, 0x10, 0x1c, 0x3a, 0xa8, 0x4d, 0x18, 0xd5, 0x06, 0xaf, 0xb2,
1919 0xec, 0x5c, 0x89, 0x9e, 0x90, 0x86, 0x10, 0x01, 0xeb, 0x51, 0xd5, 0x1b,
1920 0x9c, 0xcb, 0x66, 0x07, 0x3f, 0xc4, 0x6e, 0x0a, 0x1b, 0x73, 0xa0, 0x4b,
1921 0x5f, 0x4d, 0xab, 0x35, 0x28, 0xfa, 0xda, 0x3a, 0x0c, 0x08, 0xe8, 0xf3,
1922 0xef, 0x42, 0x67, 0xbc, 0x21, 0xf2, 0xc2, 0xb8, 0xff, 0x1a, 0x81, 0x05,
1923 0x68, 0x73, 0x62, 0xdf, 0xd7, 0xab, 0x0f, 0x22, 0x89, 0x57, 0x96, 0xd4,
1924 0x93, 0xaf, 0xa1, 0x21, 0xa3, 0x48, 0xe9, 0xf0, 0x97, 0x47, 0xa0, 0x27,
1925 0xba, 0x87, 0xb8, 0x15, 0x5f, 0xff, 0x2c, 0x50, 0x41, 0xf1, 0x7e, 0xc6,
1926 0x81, 0xc4, 0x51, 0xf1, 0xfd, 0xd6, 0x86, 0xf7, 0x69, 0x97, 0xf1, 0x49,
1927 0xc9, 0xf9, 0xf4, 0x9b, 0xf4, 0xe8, 0x85, 0xa7, 0xbd, 0x36, 0x55, 0x4a,
1928 0x3d, 0xe8, 0x65, 0x09, 0x7b, 0xb7, 0x12, 0x64, 0xd2, 0x0a, 0x53, 0x60,
1929 0x48, 0xd1, 0x8a, 0xbd
1932 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
1933 || !TEST_ptr(pub = BN_bin2bn(pub_data, sizeof(pub_data), NULL))
1934 || !TEST_ptr(priv = BN_bin2bn(priv_data, sizeof(priv_data), NULL))
1935 || !TEST_ptr(p = BN_bin2bn(p_data, sizeof(p_data), NULL))
1936 || !TEST_ptr(q = BN_bin2bn(q_data, sizeof(q_data), NULL))
1937 || !TEST_ptr(g = BN_bin2bn(g_data, sizeof(g_data), NULL))
1939 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
1940 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
1941 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
1942 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
1943 OSSL_PKEY_PARAM_FFC_SEED,
1946 || !TEST_true(OSSL_PARAM_BLD_push_int(bld, OSSL_PKEY_PARAM_FFC_GINDEX,
1948 || !TEST_true(OSSL_PARAM_BLD_push_int(bld,
1949 OSSL_PKEY_PARAM_FFC_PCOUNTER,
1951 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
1953 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
1955 || !TEST_ptr(fromdata_params = OSSL_PARAM_BLD_to_param(bld)))
1958 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(NULL, "DSA", NULL)))
1961 if (!TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1)
1962 || !TEST_int_eq(EVP_PKEY_fromdata(ctx, &pk, EVP_PKEY_KEYPAIR,
1963 fromdata_params), 1))
1966 while (dup_pk == NULL) {
1968 if (!TEST_int_eq(EVP_PKEY_get_bits(pk), 2048)
1969 || !TEST_int_eq(EVP_PKEY_get_security_bits(pk), 112)
1970 || !TEST_int_eq(EVP_PKEY_get_size(pk), 2 + 2 * (3 + sizeof(q_data)))
1971 || !TEST_false(EVP_PKEY_missing_parameters(pk)))
1974 if (!TEST_false(EVP_PKEY_get_utf8_string_param(pk,
1975 OSSL_PKEY_PARAM_GROUP_NAME,
1979 || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_PUB_KEY,
1981 || !TEST_BN_eq(pub, pub_out)
1982 || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_PRIV_KEY,
1984 || !TEST_BN_eq(priv, priv_out)
1985 || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_FFC_P,
1987 || !TEST_BN_eq(p, p_out)
1988 || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_FFC_Q,
1990 || !TEST_BN_eq(q, q_out)
1991 || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_FFC_G,
1993 || !TEST_BN_eq(g, g_out)
1994 || !TEST_false(EVP_PKEY_get_bn_param(pk,
1995 OSSL_PKEY_PARAM_FFC_COFACTOR,
1997 || !TEST_ptr_null(j_out)
1998 || !TEST_true(EVP_PKEY_get_octet_string_param(pk,
1999 OSSL_PKEY_PARAM_FFC_SEED,
2003 || !TEST_true(EVP_PKEY_get_int_param(pk,
2004 OSSL_PKEY_PARAM_FFC_GINDEX,
2006 || !TEST_int_eq(gindex, gindex_out)
2007 || !TEST_true(EVP_PKEY_get_int_param(pk, OSSL_PKEY_PARAM_FFC_H,
2009 || !TEST_int_eq(hindex_out, 0)
2010 || !TEST_true(EVP_PKEY_get_int_param(pk,
2011 OSSL_PKEY_PARAM_FFC_PCOUNTER,
2013 || !TEST_int_eq(pcounter, pcounter_out))
2028 if (!TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(NULL, pk, "")))
2031 if (!TEST_int_gt(EVP_PKEY_check(key_ctx), 0)
2032 || !TEST_int_gt(EVP_PKEY_public_check(key_ctx), 0)
2033 || !TEST_int_gt(EVP_PKEY_private_check(key_ctx), 0)
2034 || !TEST_int_gt(EVP_PKEY_pairwise_check(key_ctx), 0))
2036 EVP_PKEY_CTX_free(key_ctx);
2039 if (!TEST_ptr(copy_pk = EVP_PKEY_new())
2040 || !TEST_true(EVP_PKEY_copy_parameters(copy_pk, pk)))
2042 EVP_PKEY_free(copy_pk);
2045 ret = test_print_key_using_pem("DSA", pk)
2046 && test_print_key_using_encoder("DSA", pk);
2048 if (!ret || !TEST_ptr(dup_pk = EVP_PKEY_dup(pk)))
2050 ret = ret && TEST_int_eq(EVP_PKEY_eq(pk, dup_pk), 1);
2058 OSSL_PARAM_free(fromdata_params);
2059 OSSL_PARAM_BLD_free(bld);
2072 EVP_PKEY_free(copy_pk);
2073 EVP_PKEY_CTX_free(ctx);
2074 EVP_PKEY_CTX_free(key_ctx);
2079 static int test_check_dsa(void)
2082 EVP_PKEY_CTX *ctx = NULL;
2084 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(NULL, "DSA", NULL))
2085 || !TEST_int_le(EVP_PKEY_check(ctx), 0)
2086 || !TEST_int_le(EVP_PKEY_public_check(ctx), 0)
2087 || !TEST_int_le(EVP_PKEY_private_check(ctx), 0)
2088 || !TEST_int_le(EVP_PKEY_pairwise_check(ctx), 0))
2093 EVP_PKEY_CTX_free(ctx);
2097 #endif /* OPENSSL_NO_DSA */
2100 static OSSL_PARAM *do_construct_hkdf_params(char *digest, char *key,
2101 size_t keylen, char *salt)
2103 OSSL_PARAM *params = OPENSSL_malloc(sizeof(OSSL_PARAM) * 5);
2104 OSSL_PARAM *p = params;
2106 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, digest, 0);
2107 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT,
2108 salt, strlen(salt));
2109 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY,
2110 (unsigned char *)key, keylen);
2111 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MODE,
2113 *p = OSSL_PARAM_construct_end();
2118 static int test_evp_pkey_ctx_dup_kdf(void)
2121 size_t len = 0, dlen = 0;
2122 EVP_PKEY_CTX *pctx = NULL, *dctx = NULL;
2123 OSSL_PARAM *params = NULL;
2125 if (!TEST_ptr(params = do_construct_hkdf_params("sha256", "secret", 6,
2128 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(NULL, "HKDF", NULL)))
2130 if (!TEST_int_eq(EVP_PKEY_derive_init_ex(pctx, params), 1))
2132 if (!TEST_ptr(dctx = EVP_PKEY_CTX_dup(pctx)))
2134 if (!TEST_int_eq(EVP_PKEY_derive(pctx, NULL, &len), 1)
2135 || !TEST_size_t_eq(len, SHA256_DIGEST_LENGTH)
2136 || !TEST_int_eq(EVP_PKEY_derive(dctx, NULL, &dlen), 1)
2137 || !TEST_size_t_eq(dlen, SHA256_DIGEST_LENGTH))
2141 OPENSSL_free(params);
2142 EVP_PKEY_CTX_free(dctx);
2143 EVP_PKEY_CTX_free(pctx);
2147 int setup_tests(void)
2149 if (!test_skip_common_options()) {
2150 TEST_error("Error parsing test options\n");
2154 if (!TEST_ptr(datadir = test_get_argument(0)))
2157 ADD_TEST(test_evp_pkey_ctx_dup_kdf);
2158 ADD_TEST(test_evp_pkey_get_bn_param_large);
2159 ADD_TEST(test_fromdata_rsa);
2160 ADD_TEST(test_fromdata_rsa_derive_from_pq_sp800);
2161 ADD_TEST(test_fromdata_rsa_derive_from_pq_multiprime);
2162 #ifndef OPENSSL_NO_DH
2163 ADD_TEST(test_fromdata_dh_fips186_4);
2164 ADD_TEST(test_fromdata_dh_named_group);
2166 #ifndef OPENSSL_NO_DSA
2167 ADD_TEST(test_check_dsa);
2168 ADD_TEST(test_fromdata_dsa_fips186_4);
2170 #ifndef OPENSSL_NO_EC
2171 # ifndef OPENSSL_NO_ECX
2172 ADD_ALL_TESTS(test_fromdata_ecx, 4 * 3);
2174 ADD_TEST(test_fromdata_ec);
2175 ADD_TEST(test_ec_dup_no_operation);
2176 ADD_TEST(test_ec_dup_keygen_operation);