X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=test%2Fevp_pkey_provided_test.c;h=6dcd0fe70122fea73712bc6be91f7ff27817ca8a;hp=92b3614f6e67b0664fa5fd5da6b682a76eadfab2;hb=HEAD;hpb=ed576acdf591d4164905ab98e89ca5a3b99d90ab diff --git a/test/evp_pkey_provided_test.c b/test/evp_pkey_provided_test.c index 92b3614f6e..a51a4a3c07 100644 --- a/test/evp_pkey_provided_test.c +++ b/test/evp_pkey_provided_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -14,6 +14,7 @@ #include #include #include +#include #include "crypto/ecx.h" #include "crypto/evp.h" /* For the internal API */ #include "crypto/bn_dh.h" /* _bignum_ffdhe2048_p */ @@ -127,6 +128,16 @@ static int compare_with_file(const char *alg, int type, BIO *membio) return ret; } +static int pass_cb(char *buf, int size, int rwflag, void *u) +{ + return 0; +} + +static int pass_cb_error(char *buf, int size, int rwflag, void *u) +{ + return -1; +} + static int test_print_key_using_pem(const char *alg, const EVP_PKEY *pk) { BIO *membio = BIO_new(BIO_s_mem()); @@ -139,8 +150,37 @@ static int test_print_key_using_pem(const char *alg, const EVP_PKEY *pk) !TEST_true(PEM_write_bio_PrivateKey(bio_out, pk, EVP_aes_256_cbc(), (unsigned char *)"pass", 4, NULL, NULL)) + /* Output zero-length passphrase encrypted private key in PEM form */ + || !TEST_true(PEM_write_bio_PKCS8PrivateKey(bio_out, pk, + EVP_aes_256_cbc(), + (const char *)~0, 0, + NULL, NULL)) + || !TEST_true(PEM_write_bio_PKCS8PrivateKey(bio_out, pk, + EVP_aes_256_cbc(), + NULL, 0, NULL, "")) + || !TEST_true(PEM_write_bio_PKCS8PrivateKey(bio_out, pk, + EVP_aes_256_cbc(), + NULL, 0, pass_cb, NULL)) + || !TEST_false(PEM_write_bio_PKCS8PrivateKey(bio_out, pk, + EVP_aes_256_cbc(), + NULL, 0, pass_cb_error, + NULL)) +#ifndef OPENSSL_NO_DES + || !TEST_true(PEM_write_bio_PKCS8PrivateKey_nid( + bio_out, pk, NID_pbe_WithSHA1And3_Key_TripleDES_CBC, + (const char *)~0, 0, NULL, NULL)) + || !TEST_true(PEM_write_bio_PKCS8PrivateKey_nid( + bio_out, pk, NID_pbe_WithSHA1And3_Key_TripleDES_CBC, NULL, 0, + NULL, "")) + || !TEST_true(PEM_write_bio_PKCS8PrivateKey_nid( + bio_out, pk, NID_pbe_WithSHA1And3_Key_TripleDES_CBC, NULL, 0, + pass_cb, NULL)) + || !TEST_false(PEM_write_bio_PKCS8PrivateKey_nid( + bio_out, pk, NID_pbe_WithSHA1And3_Key_TripleDES_CBC, NULL, 0, + pass_cb_error, NULL)) +#endif /* Private key in text form */ - || !TEST_true(EVP_PKEY_print_private(membio, pk, 0, NULL)) + || !TEST_int_gt(EVP_PKEY_print_private(membio, pk, 0, NULL), 0) || !TEST_true(compare_with_file(alg, PRIV_TEXT, membio)) /* Public key in PEM form */ || !TEST_true(PEM_write_bio_PUBKEY(membio, pk)) @@ -148,7 +188,12 @@ static int test_print_key_using_pem(const char *alg, const EVP_PKEY *pk) /* Unencrypted private key in PEM form */ || !TEST_true(PEM_write_bio_PrivateKey(membio, pk, NULL, NULL, 0, NULL, NULL)) - || !TEST_true(compare_with_file(alg, PRIV_PEM, membio))) + || !TEST_true(compare_with_file(alg, PRIV_PEM, membio)) + /* NULL key */ + || !TEST_false(PEM_write_bio_PrivateKey(membio, NULL, + NULL, NULL, 0, NULL, NULL)) + || !TEST_false(PEM_write_bio_PrivateKey_traditional(membio, NULL, + NULL, NULL, 0, NULL, NULL))) goto err; ret = 1; @@ -176,14 +221,14 @@ static int test_print_key_type_using_encoder(const char *alg, int type, case PRIV_PEM: output_type = "PEM"; - output_structure = "pkcs8"; + output_structure = "PrivateKeyInfo"; selection = OSSL_KEYMGMT_SELECT_KEYPAIR | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS; break; case PRIV_DER: output_type = "DER"; - output_structure = "pkcs8"; + output_structure = "PrivateKeyInfo"; selection = OSSL_KEYMGMT_SELECT_KEYPAIR | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS; break; @@ -277,7 +322,7 @@ static int test_print_key_using_encoder(const char *alg, const EVP_PKEY *pk) return ret; } -#ifndef OPENSSL_NO_EC +#ifndef OPENSSL_NO_ECX static int test_print_key_using_encoder_public(const char *alg, const EVP_PKEY *pk) { @@ -339,12 +384,12 @@ static int test_fromdata_rsa(void) if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(NULL, "RSA", NULL))) goto err; - if (!TEST_true(EVP_PKEY_fromdata_init(ctx)) - || !TEST_true(EVP_PKEY_fromdata(ctx, &pk, EVP_PKEY_KEYPAIR, - fromdata_params))) + if (!TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1) + || !TEST_int_eq(EVP_PKEY_fromdata(ctx, &pk, EVP_PKEY_KEYPAIR, + fromdata_params), 1)) goto err; - while (dup_pk == NULL) { + for (;;) { ret = 0; if (!TEST_int_eq(EVP_PKEY_get_bits(pk), 32) || !TEST_int_eq(EVP_PKEY_get_security_bits(pk), 8) @@ -356,10 +401,10 @@ static int test_fromdata_rsa(void) if (!TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(NULL, pk, ""))) goto err; - if (!TEST_true(EVP_PKEY_check(key_ctx)) - || !TEST_true(EVP_PKEY_public_check(key_ctx)) - || !TEST_true(EVP_PKEY_private_check(key_ctx)) - || !TEST_true(EVP_PKEY_pairwise_check(key_ctx))) + if (!TEST_int_gt(EVP_PKEY_check(key_ctx), 0) + || !TEST_int_gt(EVP_PKEY_public_check(key_ctx), 0) + || !TEST_int_gt(EVP_PKEY_private_check(key_ctx), 0) + || !TEST_int_gt(EVP_PKEY_pairwise_check(key_ctx), 0)) goto err; /* EVP_PKEY_copy_parameters() should fail for RSA */ @@ -372,7 +417,10 @@ static int test_fromdata_rsa(void) ret = test_print_key_using_pem("RSA", pk) && test_print_key_using_encoder("RSA", pk); - if (!ret || !TEST_ptr(dup_pk = EVP_PKEY_dup(pk))) + if (!ret || dup_pk != NULL) + break; + + if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pk))) goto err; ret = ret && TEST_int_eq(EVP_PKEY_eq(pk, dup_pk), 1); EVP_PKEY_free(pk); @@ -384,7 +432,8 @@ static int test_fromdata_rsa(void) /* for better diagnostics always compare key params */ for (i = 0; fromdata_params[i].key != NULL; ++i) { if (!TEST_true(BN_set_word(bn_from, key_numbers[i])) - || !TEST_true(EVP_PKEY_get_bn_param(pk, fromdata_params[i].key, &bn)) + || !TEST_true(EVP_PKEY_get_bn_param(pk, fromdata_params[i].key, + &bn)) || !TEST_BN_eq(bn, bn_from)) ret = 0; } @@ -398,6 +447,400 @@ static int test_fromdata_rsa(void) return ret; } +struct check_data { + const char *pname; + BIGNUM *comparebn; +}; + +static int do_fromdata_rsa_derive(OSSL_PARAM *fromdata_params, + struct check_data check[], + int expected_nbits, int expected_sbits, + int expected_ksize) +{ + const OSSL_PARAM *check_param = NULL; + BIGNUM *check_bn = NULL; + OSSL_PARAM *todata_params = NULL; + EVP_PKEY_CTX *ctx = NULL, *key_ctx = NULL; + EVP_PKEY *pk = NULL, *copy_pk = NULL, *dup_pk = NULL; + int i; + int ret = 0; + + if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(NULL, "RSA", NULL)) + || !TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1) + || !TEST_int_eq(EVP_PKEY_fromdata(ctx, &pk, EVP_PKEY_KEYPAIR, + fromdata_params), 1)) + goto err; + + /* + * get the generated key parameters back and validate that the + * exponents/coeffs are correct + */ + if (!TEST_int_eq(EVP_PKEY_todata(pk, EVP_PKEY_KEYPAIR, &todata_params), 1)) + goto err; + + for (i = 0; check[i].pname != NULL; i++) { + if (!TEST_ptr(check_param = OSSL_PARAM_locate_const(todata_params, + check[i].pname))) + goto err; + if (!TEST_int_eq(OSSL_PARAM_get_BN(check_param, &check_bn), 1)) + goto err; + if (!TEST_BN_eq(check_bn, check[i].comparebn)) { + TEST_info("Data mismatch for parameter %s", check[i].pname); + goto err; + } + BN_free(check_bn); + check_bn = NULL; + } + + for (;;) { + if (!TEST_int_eq(EVP_PKEY_get_bits(pk), expected_nbits) + || !TEST_int_eq(EVP_PKEY_get_security_bits(pk), expected_sbits) + || !TEST_int_eq(EVP_PKEY_get_size(pk), expected_ksize) + || !TEST_false(EVP_PKEY_missing_parameters(pk))) + goto err; + + EVP_PKEY_CTX_free(key_ctx); + if (!TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(NULL, pk, ""))) + goto err; + + if (!TEST_int_gt(EVP_PKEY_check(key_ctx), 0) + || !TEST_int_gt(EVP_PKEY_public_check(key_ctx), 0) + || !TEST_int_gt(EVP_PKEY_private_check(key_ctx), 0) + || !TEST_int_gt(EVP_PKEY_pairwise_check(key_ctx), 0)) + goto err; + + /* EVP_PKEY_copy_parameters() should fail for RSA */ + if (!TEST_ptr(copy_pk = EVP_PKEY_new()) + || !TEST_false(EVP_PKEY_copy_parameters(copy_pk, pk))) + goto err; + EVP_PKEY_free(copy_pk); + copy_pk = NULL; + + if (dup_pk != NULL) + break; + + if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pk))) + goto err; + if (!TEST_int_eq(EVP_PKEY_eq(pk, dup_pk), 1)) { + EVP_PKEY_free(dup_pk); + goto err; + } + EVP_PKEY_free(pk); + pk = dup_pk; + } + ret = 1; +err: + BN_free(check_bn); + EVP_PKEY_free(pk); + EVP_PKEY_CTX_free(ctx); + EVP_PKEY_CTX_free(key_ctx); + OSSL_PARAM_free(fromdata_params); + OSSL_PARAM_free(todata_params); + return ret; +} + +static int test_fromdata_rsa_derive_from_pq_sp800(void) +{ + OSSL_PARAM_BLD *bld = NULL; + BIGNUM *n = NULL, *e = NULL, *d = NULL, *p = NULL, *q = NULL; + BIGNUM *dmp1 = NULL, *dmq1 = NULL, *iqmp = NULL; + OSSL_PARAM *fromdata_params = NULL; + struct check_data cdata[4]; + int ret = 0; + /* + * 512-bit RSA key, extracted from this command, + * openssl genrsa 512 | openssl rsa -text + * Note: When generating a key with EVP_PKEY_fromdata, and using + * crt derivation, openssl requires a minimum of 512 bits of n data, + * and 2048 bits in the FIPS case + */ + static unsigned char n_data[] = + {0x00, 0xc7, 0x06, 0xd8, 0x6b, 0x3c, 0x4f, 0xb7, 0x95, 0x42, 0x44, 0x90, + 0xbd, 0xef, 0xf3, 0xc4, 0xb5, 0xa8, 0x55, 0x9e, 0x33, 0xa3, 0x04, 0x3a, + 0x90, 0xe5, 0x13, 0xff, 0x87, 0x69, 0x15, 0xa4, 0x8a, 0x17, 0x10, 0xcc, + 0xdf, 0xf9, 0xc5, 0x0f, 0xf1, 0x12, 0xff, 0x12, 0x11, 0xe5, 0x6b, 0x5c, + 0x83, 0xd9, 0x43, 0xd1, 0x8a, 0x7e, 0xa6, 0x60, 0x07, 0x2e, 0xbb, 0x03, + 0x17, 0x2d, 0xec, 0x17, 0x87}; + static unsigned char e_data[] = {0x01, 0x00, 0x01}; + static unsigned char d_data[] = + {0x1e, 0x5e, 0x5d, 0x07, 0x7f, 0xdc, 0x6a, 0x16, 0xcc, 0x55, 0xca, 0x00, + 0x31, 0x6c, 0xf0, 0xc7, 0x07, 0x38, 0x89, 0x3b, 0x37, 0xd4, 0x9d, 0x5b, + 0x1e, 0x99, 0x3e, 0x94, 0x5a, 0xe4, 0x82, 0x86, 0x8a, 0x78, 0x34, 0x09, + 0x37, 0xd5, 0xe7, 0xb4, 0xef, 0x5f, 0x83, 0x94, 0xff, 0xe5, 0x36, 0x79, + 0x10, 0x0c, 0x38, 0xc5, 0x3a, 0x33, 0xa6, 0x7c, 0x3c, 0xcc, 0x98, 0xe0, + 0xf5, 0xdb, 0xe6, 0x81}; + static unsigned char p_data[] = + {0x00, 0xf6, 0x61, 0x38, 0x0e, 0x1f, 0x82, 0x7c, 0xb8, 0xba, 0x00, 0xd3, + 0xac, 0xdc, 0x4e, 0x6b, 0x7e, 0xf7, 0x58, 0xf3, 0xd9, 0xd8, 0x21, 0xed, + 0x54, 0xa3, 0x36, 0xd2, 0x2c, 0x5f, 0x06, 0x7d, 0xc5}; + static unsigned char q_data[] = + {0x00, 0xce, 0xcc, 0x4a, 0xa5, 0x4f, 0xd6, 0x73, 0xd0, 0x20, 0xc3, 0x98, + 0x64, 0x20, 0x9b, 0xc1, 0x23, 0xd8, 0x5c, 0x82, 0x4f, 0xe8, 0xa5, 0x32, + 0xcd, 0x7e, 0x97, 0xb4, 0xde, 0xf6, 0x4c, 0x80, 0xdb}; + static unsigned char dmp1_data[] = + {0x00, 0xd1, 0x07, 0xb6, 0x79, 0x34, 0xfe, 0x8e, 0x36, 0x63, 0x88, 0xa4, + 0x0e, 0x3a, 0x73, 0x45, 0xfc, 0x58, 0x7a, 0x5d, 0x98, 0xeb, 0x28, 0x0d, + 0xa5, 0x0b, 0x3c, 0x4d, 0xa0, 0x5b, 0x96, 0xb4, 0x49}; + static unsigned char dmq1_data[] = + {0x5b, 0x47, 0x02, 0xdf, 0xaa, 0xb8, 0xae, 0x8f, 0xbc, 0x16, 0x79, 0x6a, + 0x20, 0x96, 0x7f, 0x0e, 0x92, 0x4e, 0x6a, 0xda, 0x58, 0x86, 0xaa, 0x40, + 0xd7, 0xd2, 0xa0, 0x6c, 0x15, 0x6c, 0xb9, 0x27}; + static unsigned char iqmp_data[] = + {0x00, 0xa0, 0xd6, 0xf0, 0xe8, 0x17, 0x9e, 0xe7, 0xe6, 0x99, 0x12, 0xd6, + 0xd9, 0x43, 0xcf, 0xed, 0x37, 0x29, 0xf5, 0x6c, 0x3e, 0xc1, 0x7f, 0x2e, + 0x31, 0x3f, 0x64, 0x34, 0x66, 0x68, 0x5c, 0x22, 0x08}; + + if (!TEST_ptr(bld = OSSL_PARAM_BLD_new()) + || !TEST_ptr(n = BN_bin2bn(n_data, sizeof(n_data), NULL)) + || !TEST_ptr(e = BN_bin2bn(e_data, sizeof(e_data), NULL)) + || !TEST_ptr(d = BN_bin2bn(d_data, sizeof(d_data), NULL)) + || !TEST_ptr(p = BN_bin2bn(p_data, sizeof(p_data), NULL)) + || !TEST_ptr(q = BN_bin2bn(q_data, sizeof(q_data), NULL)) + || !TEST_ptr(dmp1 = BN_bin2bn(dmp1_data, sizeof(dmp1_data), NULL)) + || !TEST_ptr(dmq1 = BN_bin2bn(dmq1_data, sizeof(dmq1_data), NULL)) + || !TEST_ptr(iqmp = BN_bin2bn(iqmp_data, sizeof(iqmp_data), NULL)) + || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_N, n)) + || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_E, e)) + || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_D, d)) + || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_FACTOR1, + p)) + || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_FACTOR2, + q)) + || !TEST_true(OSSL_PARAM_BLD_push_int(bld, + OSSL_PKEY_PARAM_RSA_DERIVE_FROM_PQ, 1)) + || !TEST_ptr(fromdata_params = OSSL_PARAM_BLD_to_param(bld))) + goto err; + + cdata[0].pname = OSSL_PKEY_PARAM_RSA_EXPONENT1; + cdata[0].comparebn = dmp1; + cdata[1].pname = OSSL_PKEY_PARAM_RSA_EXPONENT2; + cdata[1].comparebn = dmq1; + cdata[2].pname = OSSL_PKEY_PARAM_RSA_COEFFICIENT1; + cdata[2].comparebn = iqmp; + cdata[3].pname = NULL; + cdata[3].comparebn = NULL; + + ret = do_fromdata_rsa_derive(fromdata_params, cdata, 512, 56, 64); + +err: + BN_free(n); + BN_free(e); + BN_free(d); + BN_free(p); + BN_free(q); + BN_free(dmp1); + BN_free(dmq1); + BN_free(iqmp); + OSSL_PARAM_BLD_free(bld); + return ret; +} + +static int test_fromdata_rsa_derive_from_pq_multiprime(void) +{ + OSSL_PARAM_BLD *bld = NULL; + BIGNUM *n = NULL, *e = NULL, *d = NULL; + BIGNUM *p = NULL, *q = NULL, *p2 = NULL; + BIGNUM *dmp1 = NULL, *dmq1 = NULL, *iqmp = NULL; + BIGNUM *exp3 = NULL, *coeff2 = NULL; + OSSL_PARAM *fromdata_params = NULL; + struct check_data cdata[12]; + int ret = 0; + /* + * multiprime RSA key, extracted from this command, + * openssl genrsa -primes 3 | openssl rsa -text + * Note: When generating a key with EVP_PKEY_fromdata, and using + * crt derivation, openssl requires a minimum of 512 bits of n data, + * and 2048 bits in the FIPS case + */ + static unsigned char n_data[] = + {0x00, 0x95, 0x78, 0x21, 0xe0, 0xca, 0x94, 0x6c, 0x0b, 0x86, 0x2a, 0x01, + 0xde, 0xd9, 0xab, 0xee, 0x88, 0x4a, 0x27, 0x4f, 0xcc, 0x5f, 0xf1, 0x71, + 0xe1, 0x0b, 0xc3, 0xd1, 0x88, 0x76, 0xf0, 0x83, 0x03, 0x93, 0x7e, 0x39, + 0xfa, 0x47, 0x89, 0x34, 0x27, 0x18, 0x19, 0x97, 0xfc, 0xd4, 0xfe, 0xe5, + 0x8a, 0xa9, 0x11, 0x83, 0xb5, 0x15, 0x4a, 0x29, 0xa6, 0xa6, 0xd0, 0x6e, + 0x0c, 0x7f, 0x61, 0x8f, 0x7e, 0x7c, 0xfb, 0xfc, 0x04, 0x8b, 0xca, 0x44, + 0xf8, 0x59, 0x0b, 0x22, 0x6f, 0x3f, 0x92, 0x23, 0x98, 0xb5, 0xc8, 0xf7, + 0xff, 0xf7, 0xac, 0x6b, 0x36, 0xb3, 0xaf, 0x39, 0xde, 0x66, 0x38, 0x51, + 0x9f, 0xbe, 0xe2, 0xfc, 0xe4, 0x6f, 0x1a, 0x0f, 0x7a, 0xde, 0x7f, 0x0f, + 0x4e, 0xbc, 0xed, 0xa2, 0x99, 0xc5, 0xd1, 0xbf, 0x8f, 0xba, 0x92, 0x91, + 0xe4, 0x00, 0x91, 0xbb, 0x67, 0x36, 0x7d, 0x00, 0x50, 0xda, 0x28, 0x38, + 0xdc, 0x9f, 0xfe, 0x3f, 0x24, 0x5a, 0x0d, 0xe1, 0x8d, 0xe9, 0x45, 0x2c, + 0xd7, 0xf2, 0x67, 0x8c, 0x0c, 0x6e, 0xdb, 0xc8, 0x8b, 0x6b, 0x38, 0x30, + 0x21, 0x94, 0xc0, 0xe3, 0xd7, 0xe0, 0x23, 0xd3, 0xd4, 0xfa, 0xdb, 0xb9, + 0xfe, 0x1a, 0xcc, 0xc9, 0x79, 0x19, 0x35, 0x18, 0x42, 0x30, 0xc4, 0xb5, + 0x92, 0x33, 0x1e, 0xd4, 0xc4, 0xc0, 0x9d, 0x55, 0x37, 0xd4, 0xef, 0x54, + 0x71, 0x81, 0x09, 0x15, 0xdb, 0x11, 0x38, 0x6b, 0x35, 0x93, 0x11, 0xdc, + 0xb1, 0x6c, 0xd6, 0xa4, 0x37, 0x84, 0xf3, 0xb2, 0x2f, 0x1b, 0xd6, 0x05, + 0x9f, 0x0e, 0x5c, 0x98, 0x29, 0x2f, 0x95, 0xb6, 0x55, 0xbd, 0x24, 0x44, + 0xc5, 0xc8, 0xa2, 0x76, 0x1e, 0xf8, 0x82, 0x8a, 0xdf, 0x34, 0x72, 0x7e, + 0xdd, 0x65, 0x4b, 0xfc, 0x6c, 0x1c, 0x96, 0x70, 0xe2, 0x69, 0xb5, 0x12, + 0x1b, 0x59, 0x67, 0x14, 0x9d}; + static unsigned char e_data[] = {0x01, 0x00, 0x01}; + static unsigned char d_data[] = + {0x64, 0x57, 0x4d, 0x86, 0xf6, 0xf8, 0x44, 0xc0, 0x47, 0xc5, 0x13, 0x94, + 0x63, 0x54, 0x84, 0xc1, 0x81, 0xe6, 0x7a, 0x2f, 0x9d, 0x89, 0x1d, 0x06, + 0x13, 0x3b, 0xd6, 0x02, 0x62, 0xb6, 0x7b, 0x7d, 0x7f, 0x1a, 0x92, 0x19, + 0x6e, 0xc4, 0xb0, 0xfa, 0x3d, 0xb7, 0x90, 0xcc, 0xee, 0xc0, 0x5f, 0xa0, + 0x82, 0x77, 0x7b, 0x8f, 0xa9, 0x47, 0x2c, 0x46, 0xf0, 0x5d, 0xa4, 0x43, + 0x47, 0x90, 0x5b, 0x20, 0x73, 0x0f, 0x46, 0xd4, 0x56, 0x73, 0xe7, 0x71, + 0x41, 0x75, 0xb4, 0x1c, 0x32, 0xf5, 0x0c, 0x68, 0x8c, 0x40, 0xea, 0x1c, + 0x30, 0x12, 0xa2, 0x65, 0x02, 0x27, 0x98, 0x4e, 0x0a, 0xbf, 0x2b, 0x72, + 0xb2, 0x5c, 0xe3, 0xbe, 0x3e, 0xc7, 0xdb, 0x9b, 0xa2, 0x4a, 0x90, 0xc0, + 0xa7, 0xb0, 0x00, 0xf1, 0x6a, 0xff, 0xa3, 0x77, 0xf7, 0x71, 0xa2, 0x41, + 0xe9, 0x6e, 0x7c, 0x38, 0x24, 0x46, 0xd5, 0x5c, 0x49, 0x2a, 0xe6, 0xee, + 0x27, 0x4b, 0x2e, 0x6f, 0x16, 0x54, 0x2d, 0x37, 0x36, 0x01, 0x39, 0x2b, + 0x23, 0x4b, 0xb4, 0x65, 0x25, 0x4d, 0x7f, 0x72, 0x20, 0x7f, 0x5d, 0xec, + 0x50, 0xba, 0xbb, 0xaa, 0x9c, 0x3c, 0x1d, 0xa1, 0x40, 0x2c, 0x6a, 0x8b, + 0x5f, 0x2e, 0xe0, 0xa6, 0xf7, 0x9e, 0x03, 0xb5, 0x44, 0x5f, 0x74, 0xc7, + 0x9f, 0x89, 0x2b, 0x71, 0x2f, 0x66, 0x9f, 0x03, 0x6c, 0x96, 0xd0, 0x23, + 0x36, 0x4d, 0xa1, 0xf0, 0x82, 0xcc, 0x43, 0xe7, 0x08, 0x93, 0x40, 0x18, + 0xc0, 0x39, 0x73, 0x83, 0xe2, 0xec, 0x9b, 0x81, 0x9d, 0x4c, 0x86, 0xaa, + 0x59, 0xa8, 0x67, 0x1c, 0x80, 0xdc, 0x6f, 0x7f, 0x23, 0x6b, 0x7d, 0x2c, + 0x56, 0x99, 0xa0, 0x89, 0x7e, 0xdb, 0x8b, 0x7a, 0xaa, 0x03, 0x8e, 0x8e, + 0x8e, 0x3a, 0x58, 0xb4, 0x03, 0x6b, 0x65, 0xfa, 0x92, 0x0a, 0x96, 0x93, + 0xa6, 0x07, 0x60, 0x01}; + static unsigned char p_data[] = + {0x06, 0x55, 0x7f, 0xbd, 0xfd, 0xa8, 0x4c, 0x94, 0x5e, 0x10, 0x8a, 0x54, + 0x37, 0xf3, 0x64, 0x37, 0x3a, 0xca, 0x18, 0x1b, 0xdd, 0x71, 0xa5, 0x94, + 0xc9, 0x31, 0x59, 0xa5, 0x89, 0xe9, 0xc4, 0xba, 0x55, 0x90, 0x6d, 0x9c, + 0xcc, 0x52, 0x5d, 0x44, 0xa8, 0xbc, 0x2b, 0x3b, 0x8c, 0xbd, 0x96, 0xfa, + 0xcd, 0x54, 0x63, 0xe3, 0xc8, 0xfe, 0x5e, 0xc6, 0x73, 0x98, 0x14, 0x7a, + 0x54, 0x0e, 0xe7, 0x75, 0x49, 0x93, 0x20, 0x33, 0x17, 0xa9, 0x34, 0xa8, + 0xee, 0xaf, 0x3a, 0xcc, 0xf5, 0x69, 0xfc, 0x30, 0x1a, 0xdf, 0x49, 0x61, + 0xa4, 0xd1}; + static unsigned char p2_data[] = + {0x03, 0xe2, 0x41, 0x3d, 0xb1, 0xdd, 0xad, 0xd7, 0x3b, 0xf8, 0xab, 0x32, + 0x27, 0x8b, 0xac, 0x95, 0xc0, 0x1a, 0x3f, 0x80, 0x8e, 0x21, 0xa9, 0xb8, + 0xa2, 0xed, 0xcf, 0x97, 0x5c, 0x61, 0x10, 0x94, 0x1b, 0xd0, 0xbe, 0x88, + 0xc2, 0xa7, 0x20, 0xe5, 0xa5, 0xc2, 0x7a, 0x7e, 0xf0, 0xd1, 0xe4, 0x13, + 0x75, 0xb9, 0x62, 0x90, 0xf1, 0xc3, 0x5b, 0x8c, 0xe9, 0xa9, 0x5b, 0xb7, + 0x6d, 0xdc, 0xcd, 0x12, 0xea, 0x97, 0x05, 0x04, 0x25, 0x2a, 0x93, 0xd1, + 0x4e, 0x05, 0x1a, 0x50, 0xa2, 0x67, 0xb8, 0x4b, 0x09, 0x15, 0x65, 0x6c, + 0x66, 0x2d}; + static unsigned char q_data[] = + {0x06, 0x13, 0x74, 0x6e, 0xde, 0x7c, 0x33, 0xc2, 0xe7, 0x05, 0x2c, 0xeb, + 0x25, 0x7d, 0x4a, 0x07, 0x7e, 0x03, 0xcf, 0x6a, 0x23, 0x36, 0x25, 0x23, + 0xf6, 0x5d, 0xde, 0xa3, 0x0f, 0x82, 0xe6, 0x4b, 0xec, 0x39, 0xbf, 0x37, + 0x1f, 0x4f, 0x56, 0x1e, 0xd8, 0x62, 0x32, 0x5c, 0xf5, 0x37, 0x75, 0x20, + 0xe2, 0x7e, 0x56, 0x82, 0xc6, 0x35, 0xd3, 0x4d, 0xfa, 0x6c, 0xc3, 0x93, + 0xf0, 0x60, 0x53, 0x78, 0x95, 0xee, 0xf9, 0x8b, 0x2c, 0xaf, 0xb1, 0x47, + 0x5c, 0x29, 0x0d, 0x2a, 0x47, 0x7f, 0xd0, 0x7a, 0x4e, 0x26, 0x7b, 0x47, + 0xfb, 0x61}; + static unsigned char dmp1_data[] = + {0x01, 0x13, 0x3a, 0x1f, 0x91, 0x92, 0xa3, 0x8c, 0xfb, 0x7a, 0x6b, 0x40, + 0x68, 0x4e, 0xd3, 0xcf, 0xdc, 0x16, 0xb9, 0x88, 0xe1, 0x49, 0x8d, 0x05, + 0x78, 0x30, 0xfc, 0x3a, 0x70, 0xf2, 0x51, 0x06, 0x1f, 0xc7, 0xe8, 0x13, + 0x19, 0x4b, 0x51, 0xb1, 0x79, 0xc2, 0x96, 0xc4, 0x00, 0xdb, 0x9d, 0x68, + 0xec, 0xb9, 0x4a, 0x4b, 0x3b, 0xae, 0x91, 0x7f, 0xb5, 0xd7, 0x36, 0x82, + 0x9d, 0x09, 0xfa, 0x97, 0x99, 0xe9, 0x73, 0x29, 0xb8, 0xf6, 0x6b, 0x8d, + 0xd1, 0x15, 0xc5, 0x31, 0x4c, 0xe6, 0xb4, 0x7b, 0xa5, 0xd4, 0x08, 0xac, + 0x9e, 0x41}; + static unsigned char dmq1_data[] = + {0x05, 0xcd, 0x33, 0xc2, 0xdd, 0x3b, 0xb8, 0xec, 0xe4, 0x4c, 0x03, 0xcc, + 0xef, 0xba, 0x07, 0x22, 0xca, 0x47, 0x77, 0x18, 0x40, 0x50, 0xe5, 0xfb, + 0xc5, 0xb5, 0x71, 0xed, 0x3e, 0xd5, 0x5d, 0x72, 0xa7, 0x37, 0xa8, 0x86, + 0x48, 0xa6, 0x27, 0x74, 0x42, 0x66, 0xd8, 0xf1, 0xfb, 0xcf, 0x1d, 0x4e, + 0xee, 0x15, 0x76, 0x23, 0x5e, 0x81, 0x6c, 0xa7, 0x2b, 0x74, 0x08, 0xf7, + 0x4c, 0x71, 0x9d, 0xa2, 0x29, 0x7f, 0xca, 0xd5, 0x02, 0x31, 0x2c, 0x54, + 0x18, 0x02, 0xb6, 0xa8, 0x65, 0x26, 0xfc, 0xf8, 0x9b, 0x80, 0x90, 0xfc, + 0x75, 0x61}; + static unsigned char iqmp_data[] = + {0x05, 0x78, 0xf8, 0xdd, 0x1c, 0x6f, 0x3d, 0xaf, 0x53, 0x84, 0x32, 0xa9, + 0x35, 0x52, 0xf3, 0xd0, 0x4d, 0xf8, 0x09, 0x85, 0x3d, 0x72, 0x20, 0x8b, + 0x47, 0xba, 0xc8, 0xce, 0xac, 0xd9, 0x76, 0x90, 0x05, 0x88, 0x63, 0x8a, + 0x10, 0x2b, 0xcd, 0xd3, 0xbe, 0x8c, 0x16, 0x60, 0x6a, 0xfd, 0xce, 0xc7, + 0x9f, 0xfa, 0xbb, 0xe3, 0xa6, 0xde, 0xc2, 0x8f, 0x1d, 0x25, 0xdc, 0x41, + 0xcb, 0xa4, 0xeb, 0x76, 0xc9, 0xdc, 0x8e, 0x49, 0x0e, 0xe4, 0x7c, 0xd2, + 0xd5, 0x6e, 0x26, 0x3c, 0x0b, 0xd3, 0xc5, 0x20, 0x4e, 0x4b, 0xb6, 0xf7, + 0xae, 0xef}; + static unsigned char exp3_data[] = + {0x02, 0x7d, 0x16, 0x24, 0xfc, 0x35, 0xf9, 0xd0, 0xb3, 0x02, 0xf2, 0x5f, + 0xde, 0xeb, 0x27, 0x19, 0x85, 0xd0, 0xcb, 0xe4, 0x0a, 0x2f, 0x13, 0xdb, + 0xd5, 0xba, 0xe0, 0x8c, 0x32, 0x8b, 0x97, 0xdd, 0xef, 0xbc, 0xe0, 0x7a, + 0x2d, 0x90, 0x7e, 0x09, 0xe9, 0x1f, 0x26, 0xf2, 0xf4, 0x48, 0xea, 0x06, + 0x76, 0x26, 0xe6, 0x3b, 0xce, 0x4e, 0xc9, 0xf9, 0x0f, 0x38, 0x90, 0x26, + 0x87, 0x65, 0x36, 0x9a, 0xea, 0x6a, 0xfe, 0xb1, 0xdb, 0x46, 0xdf, 0x14, + 0xfd, 0x13, 0x53, 0xfb, 0x5b, 0x35, 0x6e, 0xe7, 0xd5, 0xd8, 0x39, 0xf7, + 0x2d, 0xb9}; + static unsigned char coeff2_data[] = + {0x01, 0xba, 0x66, 0x0a, 0xa2, 0x86, 0xc0, 0x57, 0x7f, 0x4e, 0x68, 0xb1, + 0x86, 0x63, 0x23, 0x5b, 0x0e, 0xeb, 0x93, 0x42, 0xd1, 0xaa, 0x15, 0x13, + 0xcc, 0x29, 0x71, 0x8a, 0xb0, 0xe0, 0xc9, 0x67, 0xde, 0x1a, 0x7c, 0x1a, + 0xef, 0xa7, 0x08, 0x85, 0xb3, 0xae, 0x98, 0x99, 0xde, 0xaf, 0x09, 0x38, + 0xfc, 0x46, 0x29, 0x5f, 0x4f, 0x7e, 0x01, 0x6c, 0x50, 0x13, 0x95, 0x91, + 0x4c, 0x0f, 0x00, 0xba, 0xca, 0x40, 0xa3, 0xd0, 0x58, 0xb6, 0x62, 0x4c, + 0xd1, 0xb6, 0xd3, 0x29, 0x5d, 0x82, 0xb3, 0x3d, 0x61, 0xbe, 0x5d, 0xf0, + 0x4b, 0xf4}; + + if (!TEST_ptr(bld = OSSL_PARAM_BLD_new()) + || !TEST_ptr(n = BN_bin2bn(n_data, sizeof(n_data), NULL)) + || !TEST_ptr(e = BN_bin2bn(e_data, sizeof(e_data), NULL)) + || !TEST_ptr(d = BN_bin2bn(d_data, sizeof(d_data), NULL)) + || !TEST_ptr(p = BN_bin2bn(p_data, sizeof(p_data), NULL)) + || !TEST_ptr(q = BN_bin2bn(q_data, sizeof(q_data), NULL)) + || !TEST_ptr(p2 = BN_bin2bn(p2_data, sizeof(p2_data), NULL)) + || !TEST_ptr(exp3 = BN_bin2bn(exp3_data, sizeof(exp3_data), NULL)) + || !TEST_ptr(coeff2 = BN_bin2bn(coeff2_data, sizeof(coeff2_data), NULL)) + || !TEST_ptr(dmp1 = BN_bin2bn(dmp1_data, sizeof(dmp1_data), NULL)) + || !TEST_ptr(dmq1 = BN_bin2bn(dmq1_data, sizeof(dmq1_data), NULL)) + || !TEST_ptr(iqmp = BN_bin2bn(iqmp_data, sizeof(iqmp_data), NULL)) + || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_N, n)) + || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_E, e)) + || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_D, d)) + || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_FACTOR1, + p)) + || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_FACTOR2, + q)) + || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_FACTOR3, + p2)) + || !TEST_true(OSSL_PARAM_BLD_push_int(bld, + OSSL_PKEY_PARAM_RSA_DERIVE_FROM_PQ, 1)) + || !TEST_ptr(fromdata_params = OSSL_PARAM_BLD_to_param(bld))) + goto err; + + cdata[0].pname = OSSL_PKEY_PARAM_RSA_EXPONENT1; + cdata[0].comparebn = dmp1; + cdata[1].pname = OSSL_PKEY_PARAM_RSA_EXPONENT2; + cdata[1].comparebn = dmq1; + cdata[2].pname = OSSL_PKEY_PARAM_RSA_COEFFICIENT1; + cdata[2].comparebn = iqmp; + cdata[3].pname = OSSL_PKEY_PARAM_RSA_EXPONENT3; + cdata[3].comparebn = exp3; + cdata[4].pname = OSSL_PKEY_PARAM_RSA_COEFFICIENT2; + cdata[4].comparebn = coeff2; + cdata[5].pname = OSSL_PKEY_PARAM_RSA_N; + cdata[5].comparebn = n; + cdata[6].pname = OSSL_PKEY_PARAM_RSA_E; + cdata[6].comparebn = e; + cdata[7].pname = OSSL_PKEY_PARAM_RSA_D; + cdata[7].comparebn = d; + cdata[8].pname = OSSL_PKEY_PARAM_RSA_FACTOR1; + cdata[8].comparebn = p; + cdata[9].pname = OSSL_PKEY_PARAM_RSA_FACTOR2; + cdata[9].comparebn = q; + cdata[10].pname = OSSL_PKEY_PARAM_RSA_FACTOR3; + cdata[10].comparebn = p2; + cdata[11].pname = NULL; + cdata[11].comparebn = NULL; + + ret = do_fromdata_rsa_derive(fromdata_params, cdata, 2048, 112, 256); + +err: + BN_free(n); + BN_free(e); + BN_free(d); + BN_free(p); + BN_free(p2); + BN_free(q); + BN_free(dmp1); + BN_free(dmq1); + BN_free(iqmp); + BN_free(exp3); + BN_free(coeff2); + OSSL_PARAM_BLD_free(bld); + return ret; +} + static int test_evp_pkey_get_bn_param_large(void) { int ret = 0; @@ -414,7 +857,7 @@ static int test_evp_pkey_get_bn_param_large(void) static const unsigned char e_data[] = { 0x1, 0x00, 0x01 }; - static const unsigned char d_data[]= { + static const unsigned char d_data[] = { 0x99, 0x33, 0x13, 0x7b }; @@ -430,9 +873,9 @@ static int test_evp_pkey_get_bn_param_large(void) || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_D, d)) || !TEST_ptr(fromdata_params = OSSL_PARAM_BLD_to_param(bld)) || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(NULL, "RSA", NULL)) - || !TEST_true(EVP_PKEY_fromdata_init(ctx)) - || !TEST_true(EVP_PKEY_fromdata(ctx, &pk, EVP_PKEY_KEYPAIR, - fromdata_params)) + || !TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1) + || !TEST_int_eq(EVP_PKEY_fromdata(ctx, &pk, EVP_PKEY_KEYPAIR, + fromdata_params), 1) || !TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(NULL, pk, "")) || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_RSA_N, &n_out)) || !TEST_BN_eq(n, n_out)) @@ -521,12 +964,43 @@ static int test_fromdata_dh_named_group(void) if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(NULL, "DH", NULL))) goto err; - if (!TEST_true(EVP_PKEY_fromdata_init(ctx)) - || !TEST_true(EVP_PKEY_fromdata(ctx, &pk, EVP_PKEY_KEYPAIR, - fromdata_params))) + if (!TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1) + || !TEST_int_eq(EVP_PKEY_fromdata(ctx, &pk, EVP_PKEY_KEYPAIR, + fromdata_params), 1)) goto err; - while (dup_pk == NULL) { + /* + * A few extra checks of EVP_PKEY_get_utf8_string_param() to see that + * it behaves as expected with regards to string length and terminating + * NUL byte. + */ + if (!TEST_true(EVP_PKEY_get_utf8_string_param(pk, + OSSL_PKEY_PARAM_GROUP_NAME, + NULL, sizeof(name_out), + &len)) + || !TEST_size_t_eq(len, sizeof(group_name) - 1) + /* Just enough space to hold the group name and a terminating NUL */ + || !TEST_true(EVP_PKEY_get_utf8_string_param(pk, + OSSL_PKEY_PARAM_GROUP_NAME, + name_out, + sizeof(group_name), + &len)) + || !TEST_size_t_eq(len, sizeof(group_name) - 1) + /* Too small buffer to hold the terminating NUL byte */ + || !TEST_false(EVP_PKEY_get_utf8_string_param(pk, + OSSL_PKEY_PARAM_GROUP_NAME, + name_out, + sizeof(group_name) - 1, + &len)) + /* Too small buffer to hold the whole group name, even! */ + || !TEST_false(EVP_PKEY_get_utf8_string_param(pk, + OSSL_PKEY_PARAM_GROUP_NAME, + name_out, + sizeof(group_name) - 2, + &len))) + goto err; + + for (;;) { ret = 0; if (!TEST_int_eq(EVP_PKEY_get_bits(pk), 2048) || !TEST_int_eq(EVP_PKEY_get_security_bits(pk), 112) @@ -589,10 +1063,10 @@ static int test_fromdata_dh_named_group(void) if (!TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(NULL, pk, ""))) goto err; - if (!TEST_true(EVP_PKEY_check(key_ctx)) - || !TEST_true(EVP_PKEY_public_check(key_ctx)) - || !TEST_true(EVP_PKEY_private_check(key_ctx)) - || !TEST_true(EVP_PKEY_pairwise_check(key_ctx))) + if (!TEST_int_gt(EVP_PKEY_check(key_ctx), 0) + || !TEST_int_gt(EVP_PKEY_public_check(key_ctx), 0) + || !TEST_int_gt(EVP_PKEY_private_check(key_ctx), 0) + || !TEST_int_gt(EVP_PKEY_pairwise_check(key_ctx), 0)) goto err; EVP_PKEY_CTX_free(key_ctx); key_ctx = NULL; @@ -606,7 +1080,10 @@ static int test_fromdata_dh_named_group(void) ret = test_print_key_using_pem("DH", pk) && test_print_key_using_encoder("DH", pk); - if (!ret || !TEST_ptr(dup_pk = EVP_PKEY_dup(pk))) + if (!ret || dup_pk != NULL) + break; + + if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pk))) goto err; ret = ret && TEST_int_eq(EVP_PKEY_eq(pk, dup_pk), 1); EVP_PKEY_free(pk); @@ -702,12 +1179,12 @@ static int test_fromdata_dh_fips186_4(void) if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(NULL, "DH", NULL))) goto err; - if (!TEST_true(EVP_PKEY_fromdata_init(ctx)) - || !TEST_true(EVP_PKEY_fromdata(ctx, &pk, EVP_PKEY_KEYPAIR, - fromdata_params))) + if (!TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1) + || !TEST_int_eq(EVP_PKEY_fromdata(ctx, &pk, EVP_PKEY_KEYPAIR, + fromdata_params), 1)) goto err; - while (dup_pk == NULL) { + for (;;) { ret = 0; if (!TEST_int_eq(EVP_PKEY_get_bits(pk), 2048) || !TEST_int_eq(EVP_PKEY_get_security_bits(pk), 112) @@ -770,10 +1247,10 @@ static int test_fromdata_dh_fips186_4(void) if (!TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(NULL, pk, ""))) goto err; - if (!TEST_true(EVP_PKEY_check(key_ctx)) - || !TEST_true(EVP_PKEY_public_check(key_ctx)) - || !TEST_true(EVP_PKEY_private_check(key_ctx)) - || !TEST_true(EVP_PKEY_pairwise_check(key_ctx))) + if (!TEST_int_gt(EVP_PKEY_check(key_ctx), 0) + || !TEST_int_gt(EVP_PKEY_public_check(key_ctx), 0) + || !TEST_int_gt(EVP_PKEY_private_check(key_ctx), 0) + || !TEST_int_gt(EVP_PKEY_pairwise_check(key_ctx), 0)) goto err; EVP_PKEY_CTX_free(key_ctx); key_ctx = NULL; @@ -781,7 +1258,10 @@ static int test_fromdata_dh_fips186_4(void) ret = test_print_key_using_pem("DH", pk) && test_print_key_using_encoder("DH", pk); - if (!ret || !TEST_ptr(dup_pk = EVP_PKEY_dup(pk))) + if (!ret || dup_pk != NULL) + break; + + if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pk))) goto err; ret = ret && TEST_int_eq(EVP_PKEY_eq(pk, dup_pk), 1); EVP_PKEY_free(pk); @@ -812,6 +1292,7 @@ err: #ifndef OPENSSL_NO_EC +# ifndef OPENSSL_NO_ECX /* Array indexes used in test_fromdata_ecx */ # define PRIV_KEY 0 # define PUB_KEY 1 @@ -979,7 +1460,7 @@ static int test_fromdata_ecx(int tst) fromdata_params = ed25519_fromdata_params; bits = ED25519_BITS; security_bits = ED25519_SECURITY_BITS; - size = ED25519_KEYLEN; + size = ED25519_SIGSIZE; alg = "ED25519"; break; @@ -987,7 +1468,7 @@ static int test_fromdata_ecx(int tst) fromdata_params = ed448_fromdata_params; bits = ED448_BITS; security_bits = ED448_SECURITY_BITS; - size = ED448_KEYLEN; + size = ED448_SIGSIZE; alg = "ED448"; break; default: @@ -1009,12 +1490,12 @@ static int test_fromdata_ecx(int tst) fromdata_params = params; } - if (!TEST_true(EVP_PKEY_fromdata_init(ctx)) - || !TEST_true(EVP_PKEY_fromdata(ctx, &pk, EVP_PKEY_KEYPAIR, - fromdata_params))) + if (!TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1) + || !TEST_int_eq(EVP_PKEY_fromdata(ctx, &pk, EVP_PKEY_KEYPAIR, + fromdata_params), 1)) goto err; - while (dup_pk == NULL) { + for (;;) { ret = 0; if (!TEST_int_eq(EVP_PKEY_get_bits(pk), bits) || !TEST_int_eq(EVP_PKEY_get_security_bits(pk), security_bits) @@ -1025,7 +1506,7 @@ static int test_fromdata_ecx(int tst) if (!TEST_ptr(ctx2 = EVP_PKEY_CTX_new_from_pkey(NULL, pk, NULL))) goto err; if (tst <= 7) { - if (!TEST_true(EVP_PKEY_check(ctx2))) + if (!TEST_int_gt(EVP_PKEY_check(ctx2), 0)) goto err; if (!TEST_true(EVP_PKEY_get_octet_string_param( pk, orig_fromdata_params[PRIV_KEY].key, @@ -1042,9 +1523,9 @@ static int test_fromdata_ecx(int tst) goto err; } else { /* The private key check should fail if there is only a public key */ - if (!TEST_true(EVP_PKEY_public_check(ctx2)) - || !TEST_false(EVP_PKEY_private_check(ctx2)) - || !TEST_false(EVP_PKEY_check(ctx2))) + if (!TEST_int_gt(EVP_PKEY_public_check(ctx2), 0) + || !TEST_int_le(EVP_PKEY_private_check(ctx2), 0) + || !TEST_int_le(EVP_PKEY_check(ctx2), 0)) goto err; } EVP_PKEY_CTX_free(ctx2); @@ -1054,6 +1535,12 @@ static int test_fromdata_ecx(int tst) /* This should succeed because there are no parameters to copy */ || !TEST_true(EVP_PKEY_copy_parameters(copy_pk, pk))) goto err; + if (!TEST_ptr(ctx2 = EVP_PKEY_CTX_new_from_pkey(NULL, copy_pk, NULL)) + /* This should fail because copy_pk has no pubkey */ + || !TEST_int_le(EVP_PKEY_public_check(ctx2), 0)) + goto err; + EVP_PKEY_CTX_free(ctx2); + ctx2 = NULL; EVP_PKEY_free(copy_pk); copy_pk = NULL; @@ -1063,7 +1550,10 @@ static int test_fromdata_ecx(int tst) ret = test_print_key_using_pem(alg, pk) && test_print_key_using_encoder(alg, pk); - if (!ret || !TEST_ptr(dup_pk = EVP_PKEY_dup(pk))) + if (!ret || dup_pk != NULL) + break; + + if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pk))) goto err; ret = ret && TEST_int_eq(EVP_PKEY_eq(pk, dup_pk), 1); EVP_PKEY_free(pk); @@ -1080,8 +1570,7 @@ err: return ret; } - -#define CURVE_NAME 2 +# endif /* OPENSSL_NO_ECX */ static int test_fromdata_ec(void) { @@ -1094,6 +1583,11 @@ static int test_fromdata_ec(void) OSSL_PARAM *fromdata_params = NULL; const char *alg = "EC"; const char *curve = "prime256v1"; + const char bad_curve[] = "nonexistent-curve"; + OSSL_PARAM nokey_params[2] = { + OSSL_PARAM_END, + OSSL_PARAM_END + }; /* UNCOMPRESSED FORMAT */ static const unsigned char ec_pub_keydata[] = { POINT_CONVERSION_UNCOMPRESSED, @@ -1106,13 +1600,20 @@ static int test_fromdata_ec(void) 0x7f, 0x59, 0x5f, 0x8c, 0xd1, 0x96, 0x0b, 0xdf, 0x29, 0x3e, 0x49, 0x07, 0x88, 0x3f, 0x9a, 0x29 }; + /* SAME BUT COMPRESSED FORMAT */ + static const unsigned char ec_pub_keydata_compressed[] = { + POINT_CONVERSION_COMPRESSED+1, + 0x1b, 0x93, 0x67, 0x55, 0x1c, 0x55, 0x9f, 0x63, + 0xd1, 0x22, 0xa4, 0xd8, 0xd1, 0x0a, 0x60, 0x6d, + 0x02, 0xa5, 0x77, 0x57, 0xc8, 0xa3, 0x47, 0x73, + 0x3a, 0x6a, 0x08, 0x28, 0x39, 0xbd, 0xc9, 0xd2 + }; static const unsigned char ec_priv_keydata[] = { 0x33, 0xd0, 0x43, 0x83, 0xa9, 0x89, 0x56, 0x03, 0xd2, 0xd7, 0xfe, 0x6b, 0x01, 0x6f, 0xe4, 0x59, 0xcc, 0x0d, 0x9a, 0x24, 0x6c, 0x86, 0x1b, 0x2e, 0xdc, 0x4b, 0x4d, 0x35, 0x43, 0xe1, 0x1b, 0xad }; - const int compressed_sz = 1 + (sizeof(ec_pub_keydata) - 1) / 2; unsigned char out_pub[sizeof(ec_pub_keydata)]; char out_curve_name[80]; const OSSL_PARAM *gettable = NULL; @@ -1135,9 +1636,17 @@ static int test_fromdata_ec(void) if (OSSL_PARAM_BLD_push_utf8_string(bld, OSSL_PKEY_PARAM_GROUP_NAME, curve, 0) <= 0) goto err; + /* + * We intentionally provide the input point in compressed format, + * and avoid setting `OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT`. + * + * Later on we check what format is used when exporting the + * `OSSL_PKEY_PARAM_PUB_KEY` and expect to default to uncompressed + * format. + */ if (OSSL_PARAM_BLD_push_octet_string(bld, OSSL_PKEY_PARAM_PUB_KEY, - ec_pub_keydata, - sizeof(ec_pub_keydata)) <= 0) + ec_pub_keydata_compressed, + sizeof(ec_pub_keydata_compressed)) <= 0) goto err; if (OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY, ec_priv_bn) <= 0) goto err; @@ -1147,12 +1656,22 @@ static int test_fromdata_ec(void) if (!TEST_ptr(ctx)) goto err; - if (!TEST_true(EVP_PKEY_fromdata_init(ctx)) - || !TEST_true(EVP_PKEY_fromdata(ctx, &pk, EVP_PKEY_KEYPAIR, - fromdata_params))) + /* try importing parameters with bad curve first */ + nokey_params[0] = + OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME, + (char *)bad_curve, sizeof(bad_curve)); + if (!TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1) + || !TEST_int_eq(EVP_PKEY_fromdata(ctx, &pk, EVP_PKEY_KEY_PARAMETERS, + nokey_params), 0) + || !TEST_ptr_null(pk)) goto err; - while (dup_pk == NULL) { + if (!TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1) + || !TEST_int_eq(EVP_PKEY_fromdata(ctx, &pk, EVP_PKEY_KEYPAIR, + fromdata_params), 1)) + goto err; + + for (;;) { ret = 0; if (!TEST_int_eq(EVP_PKEY_get_bits(pk), 256) || !TEST_int_eq(EVP_PKEY_get_security_bits(pk), 128) @@ -1191,6 +1710,15 @@ static int test_fromdata_ec(void) || !TEST_BN_eq(group_b, b)) goto err; + EC_GROUP_free(group); + group = NULL; + BN_free(group_p); + group_p = NULL; + BN_free(group_a); + group_a = NULL; + BN_free(group_b); + group_b = NULL; + if (!EVP_PKEY_get_utf8_string_param(pk, OSSL_PKEY_PARAM_GROUP_NAME, out_curve_name, sizeof(out_curve_name), @@ -1198,9 +1726,17 @@ static int test_fromdata_ec(void) || !TEST_str_eq(out_curve_name, curve) || !EVP_PKEY_get_octet_string_param(pk, OSSL_PKEY_PARAM_PUB_KEY, out_pub, sizeof(out_pub), &len) - || !TEST_true(out_pub[0] == (POINT_CONVERSION_COMPRESSED + 1)) + + /* + * Our providers use uncompressed format by default if + * `OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT` was not + * explicitly set, irrespective of the format used for the + * input point given as a param to create this key. + */ + || !TEST_true(out_pub[0] == POINT_CONVERSION_UNCOMPRESSED) || !TEST_mem_eq(out_pub + 1, len - 1, - ec_pub_keydata + 1, compressed_sz - 1) + ec_pub_keydata + 1, sizeof(ec_pub_keydata) - 1) + || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_PRIV_KEY, &bn_priv)) || !TEST_BN_eq(ec_priv_bn, bn_priv)) @@ -1211,7 +1747,10 @@ static int test_fromdata_ec(void) ret = test_print_key_using_pem(alg, pk) && test_print_key_using_encoder(alg, pk); - if (!ret || !TEST_ptr(dup_pk = EVP_PKEY_dup(pk))) + if (!ret || dup_pk != NULL) + break; + + if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pk))) goto err; ret = ret && TEST_int_eq(EVP_PKEY_eq(pk, dup_pk), 1); EVP_PKEY_free(pk); @@ -1452,12 +1991,12 @@ static int test_fromdata_dsa_fips186_4(void) if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(NULL, "DSA", NULL))) goto err; - if (!TEST_true(EVP_PKEY_fromdata_init(ctx)) - || !TEST_true(EVP_PKEY_fromdata(ctx, &pk, EVP_PKEY_KEYPAIR, - fromdata_params))) + if (!TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1) + || !TEST_int_eq(EVP_PKEY_fromdata(ctx, &pk, EVP_PKEY_KEYPAIR, + fromdata_params), 1)) goto err; - while (dup_pk == NULL) { + for (;;) { ret = 0; if (!TEST_int_eq(EVP_PKEY_get_bits(pk), 2048) || !TEST_int_eq(EVP_PKEY_get_security_bits(pk), 112) @@ -1506,12 +2045,12 @@ static int test_fromdata_dsa_fips186_4(void) &pcounter_out)) || !TEST_int_eq(pcounter, pcounter_out)) goto err; - BN_free(p); - p = NULL; - BN_free(q); - q = NULL; - BN_free(g); - g = NULL; + BN_free(p_out); + p_out = NULL; + BN_free(q_out); + q_out = NULL; + BN_free(g_out); + g_out = NULL; BN_free(j_out); j_out = NULL; BN_free(pub_out); @@ -1522,10 +2061,10 @@ static int test_fromdata_dsa_fips186_4(void) if (!TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(NULL, pk, ""))) goto err; - if (!TEST_true(EVP_PKEY_check(key_ctx)) - || !TEST_true(EVP_PKEY_public_check(key_ctx)) - || !TEST_true(EVP_PKEY_private_check(key_ctx)) - || !TEST_true(EVP_PKEY_pairwise_check(key_ctx))) + if (!TEST_int_gt(EVP_PKEY_check(key_ctx), 0) + || !TEST_int_gt(EVP_PKEY_public_check(key_ctx), 0) + || !TEST_int_gt(EVP_PKEY_private_check(key_ctx), 0) + || !TEST_int_gt(EVP_PKEY_pairwise_check(key_ctx), 0)) goto err; EVP_PKEY_CTX_free(key_ctx); key_ctx = NULL; @@ -1539,7 +2078,10 @@ static int test_fromdata_dsa_fips186_4(void) ret = test_print_key_using_pem("DSA", pk) && test_print_key_using_encoder("DSA", pk); - if (!ret || !TEST_ptr(dup_pk = EVP_PKEY_dup(pk))) + if (!ret || dup_pk != NULL) + break; + + if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pk))) goto err; ret = ret && TEST_int_eq(EVP_PKEY_eq(pk, dup_pk), 1); EVP_PKEY_free(pk); @@ -1576,10 +2118,10 @@ static int test_check_dsa(void) EVP_PKEY_CTX *ctx = NULL; if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(NULL, "DSA", NULL)) - || !TEST_false(EVP_PKEY_check(ctx)) - || !TEST_false(EVP_PKEY_public_check(ctx)) - || !TEST_false(EVP_PKEY_private_check(ctx)) - || !TEST_false(EVP_PKEY_pairwise_check(ctx))) + || !TEST_int_le(EVP_PKEY_check(ctx), 0) + || !TEST_int_le(EVP_PKEY_public_check(ctx), 0) + || !TEST_int_le(EVP_PKEY_private_check(ctx), 0) + || !TEST_int_le(EVP_PKEY_pairwise_check(ctx), 0)) goto err; ret = 1; @@ -1591,6 +2133,53 @@ static int test_check_dsa(void) #endif /* OPENSSL_NO_DSA */ +static OSSL_PARAM *do_construct_hkdf_params(char *digest, char *key, + size_t keylen, char *salt) +{ + OSSL_PARAM *params = OPENSSL_malloc(sizeof(OSSL_PARAM) * 5); + OSSL_PARAM *p = params; + + *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, digest, 0); + *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT, + salt, strlen(salt)); + *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, + (unsigned char *)key, keylen); + *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MODE, + "EXTRACT_ONLY", 0); + *p = OSSL_PARAM_construct_end(); + + return params; +} + +static int test_evp_pkey_ctx_dup_kdf(void) +{ + int ret = 0; + size_t len = 0, dlen = 0; + EVP_PKEY_CTX *pctx = NULL, *dctx = NULL; + OSSL_PARAM *params = NULL; + + if (!TEST_ptr(params = do_construct_hkdf_params("sha256", "secret", 6, + "salt"))) + goto err; + if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(NULL, "HKDF", NULL))) + goto err; + if (!TEST_int_eq(EVP_PKEY_derive_init_ex(pctx, params), 1)) + goto err; + if (!TEST_ptr(dctx = EVP_PKEY_CTX_dup(pctx))) + goto err; + if (!TEST_int_eq(EVP_PKEY_derive(pctx, NULL, &len), 1) + || !TEST_size_t_eq(len, SHA256_DIGEST_LENGTH) + || !TEST_int_eq(EVP_PKEY_derive(dctx, NULL, &dlen), 1) + || !TEST_size_t_eq(dlen, SHA256_DIGEST_LENGTH)) + goto err; + ret = 1; +err: + OPENSSL_free(params); + EVP_PKEY_CTX_free(dctx); + EVP_PKEY_CTX_free(pctx); + return ret; +} + int setup_tests(void) { if (!test_skip_common_options()) { @@ -1601,8 +2190,11 @@ int setup_tests(void) if (!TEST_ptr(datadir = test_get_argument(0))) return 0; + ADD_TEST(test_evp_pkey_ctx_dup_kdf); ADD_TEST(test_evp_pkey_get_bn_param_large); ADD_TEST(test_fromdata_rsa); + ADD_TEST(test_fromdata_rsa_derive_from_pq_sp800); + ADD_TEST(test_fromdata_rsa_derive_from_pq_multiprime); #ifndef OPENSSL_NO_DH ADD_TEST(test_fromdata_dh_fips186_4); ADD_TEST(test_fromdata_dh_named_group); @@ -1612,7 +2204,9 @@ int setup_tests(void) ADD_TEST(test_fromdata_dsa_fips186_4); #endif #ifndef OPENSSL_NO_EC +# ifndef OPENSSL_NO_ECX ADD_ALL_TESTS(test_fromdata_ecx, 4 * 3); +# endif ADD_TEST(test_fromdata_ec); ADD_TEST(test_ec_dup_no_operation); ADD_TEST(test_ec_dup_keygen_operation);