test/endecode_test.c

   1 /*
   2  * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
   3  *
   4  * Licensed under the Apache License 2.0 (the "License").  You may not use
   5  * this file except in compliance with the License.  You can obtain a copy
   6  * in the file LICENSE in the source distribution or at
   7  * https://www.openssl.org/source/license.html
   8  */
   9
  10 #include <string.h>
  11 #include <openssl/core_dispatch.h>
  12 #include <openssl/evp.h>
  13 #include <openssl/pem.h>
  14 #include <openssl/rsa.h>
  15 #include <openssl/x509.h>
  16 #include <openssl/core_names.h>
  17 #include <openssl/params.h>
  18 #include <openssl/param_build.h>
  19 #include <openssl/encoder.h>
  20 #include <openssl/decoder.h>
  21
  22 #include "internal/cryptlib.h"   /* ossl_assert */
  23 #include "crypto/pem.h"          /* For PVK and "blob" PEM headers */
  24
  25 #include "helpers/predefined_dhparams.h"
  26 #include "testutil.h"
  27
  28 /* Extended test macros to allow passing file & line number */
  29 #define TEST_FL_ptr(a)               test_ptr(file, line, #a, a)
  30 #define TEST_FL_mem_eq(a, m, b, n)   test_mem_eq(file, line, #a, #b, a, m, b, n)
  31 #define TEST_FL_strn_eq(a, b, n)     test_strn_eq(file, line, #a, #b, a, n, b, n)
  32 #define TEST_FL_strn2_eq(a, m, b, n) test_strn_eq(file, line, #a, #b, a, m, b, n)
  33 #define TEST_FL_int_eq(a, b)         test_int_eq(file, line, #a, #b, a, b)
  34 #define TEST_FL_int_ge(a, b)         test_int_ge(file, line, #a, #b, a, b)
  35 #define TEST_FL_int_gt(a, b)         test_int_gt(file, line, #a, #b, a, b)
  36 #define TEST_FL_long_gt(a, b)        test_long_gt(file, line, #a, #b, a, b)
  37 #define TEST_FL_true(a)              test_true(file, line, #a, (a) != 0)
  38
  39 #if defined(OPENSSL_NO_DH) && defined(OPENSSL_NO_DSA) && defined(OPENSSL_NO_EC)
  40 # define OPENSSL_NO_KEYPARAMS
  41 #endif
  42
  43 #ifndef OPENSSL_NO_EC
  44 static BN_CTX *bnctx = NULL;
  45 static OSSL_PARAM_BLD *bld_prime_nc = NULL;
  46 static OSSL_PARAM_BLD *bld_prime = NULL;
  47 static OSSL_PARAM *ec_explicit_prime_params_nc = NULL;
  48 static OSSL_PARAM *ec_explicit_prime_params_explicit = NULL;
  49
  50 # ifndef OPENSSL_NO_EC2M
  51 static OSSL_PARAM_BLD *bld_tri_nc = NULL;
  52 static OSSL_PARAM_BLD *bld_tri = NULL;
  53 static OSSL_PARAM *ec_explicit_tri_params_nc = NULL;
  54 static OSSL_PARAM *ec_explicit_tri_params_explicit = NULL;
  55 # endif
  56 #endif
  57
  58 #ifndef OPENSSL_NO_KEYPARAMS
  59 static EVP_PKEY *make_template(const char *type, OSSL_PARAM *genparams)
  60 {
  61     EVP_PKEY *pkey = NULL;
  62     EVP_PKEY_CTX *ctx = NULL;
  63
  64 # ifndef OPENSSL_NO_DH
  65     /*
  66      * Use 512-bit DH(X) keys with predetermined parameters for efficiency,
  67      * for testing only. Use a minimum key size of 2048 for security purposes.
  68      */
  69     if (strcmp(type, "DH") == 0)
  70         return get_dh512(NULL);
  71     if (strcmp(type, "X9.42 DH") == 0)
  72         return get_dhx512(NULL);
  73 # endif
  74
  75     /*
  76      * No real need to check the errors other than for the cascade
  77      * effect.  |pkey| will simply remain NULL if something goes wrong.
  78      */
  79     (void)((ctx = EVP_PKEY_CTX_new_from_name(NULL, type, NULL)) != NULL
  80            && EVP_PKEY_paramgen_init(ctx) > 0
  81            && (genparams == NULL
  82                || EVP_PKEY_CTX_set_params(ctx, genparams) > 0)
  83            && EVP_PKEY_gen(ctx, &pkey) > 0);
  84     EVP_PKEY_CTX_free(ctx);
  85
  86     return pkey;
  87 }
  88 #endif
  89
  90 static EVP_PKEY *make_key(const char *type, EVP_PKEY *template,
  91                           OSSL_PARAM *genparams)
  92 {
  93     EVP_PKEY *pkey = NULL;
  94     EVP_PKEY_CTX *ctx =
  95         template != NULL
  96         ? EVP_PKEY_CTX_new(template, NULL)
  97         : EVP_PKEY_CTX_new_from_name(NULL, type, NULL);
  98
  99     /*
 100      * No real need to check the errors other than for the cascade
 101      * effect.  |pkey| will simply remain NULL if something goes wrong.
 102      */
 103     (void)(ctx != NULL
 104            && EVP_PKEY_keygen_init(ctx) > 0
 105            && (genparams == NULL
 106                || EVP_PKEY_CTX_set_params(ctx, genparams) > 0)
 107            && EVP_PKEY_keygen(ctx, &pkey) > 0);
 108     EVP_PKEY_CTX_free(ctx);
 109     return pkey;
 110 }
 111
 112 /* Main test driver */
 113
 114 typedef int (encoder)(const char *file, const int line,
 115                       void **encoded, long *encoded_len,
 116                       void *object, int selection,
 117                       const char *output_type, const char *output_structure,
 118                       const char *pass, const char *pcipher);
 119 typedef int (decoder)(const char *file, const int line,
 120                       void **object, void *encoded, long encoded_len,
 121                       const char *input_type, const char *structure_type,
 122                       const char *keytype, int selection, const char *pass);
 123 typedef int (tester)(const char *file, const int line,
 124                      const void *data1, size_t data1_len,
 125                      const void *data2, size_t data2_len);
 126 typedef int (checker)(const char *file, const int line,
 127                       const char *type, const void *data, size_t data_len);
 128 typedef void (dumper)(const char *label, const void *data, size_t data_len);
 129
 130 #define FLAG_DECODE_WITH_TYPE   0x0001
 131
 132 static int test_encode_decode(const char *file, const int line,
 133                               const char *type, EVP_PKEY *pkey,
 134                               int selection, const char *output_type,
 135                               const char *output_structure,
 136                               const char *pass, const char *pcipher,
 137                               encoder *encode_cb, decoder *decode_cb,
 138                               tester *test_cb, checker *check_cb,
 139                               dumper *dump_cb, int flags)
 140 {
 141     void *encoded = NULL;
 142     long encoded_len = 0;
 143     EVP_PKEY *pkey2 = NULL;
 144     void *encoded2 = NULL;
 145     long encoded2_len = 0;
 146     int ok = 0;
 147
 148     /*
 149      * Encode |pkey|, decode the result into |pkey2|, and finish off by
 150      * encoding |pkey2| as well.  That last encoding is for checking and
 151      * dumping purposes.
 152      */
 153     if (!TEST_true(encode_cb(file, line, &encoded, &encoded_len, pkey, selection,
 154                              output_type, output_structure, pass, pcipher))
 155         || !TEST_true(check_cb(file, line, type, encoded, encoded_len))
 156         || !TEST_true(decode_cb(file, line, (void **)&pkey2, encoded, encoded_len,
 157                                 output_type, output_structure,
 158                                 (flags & FLAG_DECODE_WITH_TYPE ? type : NULL),
 159                                 selection, pass))
 160         || !TEST_true(encode_cb(file, line, &encoded2, &encoded2_len, pkey2, selection,
 161                                 output_type, output_structure, pass, pcipher)))
 162         goto end;
 163
 164     if (selection == OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) {
 165         if (!TEST_int_eq(EVP_PKEY_parameters_eq(pkey, pkey2), 1))
 166             goto end;
 167     } else {
 168         if (!TEST_int_eq(EVP_PKEY_eq(pkey, pkey2), 1))
 169             goto end;
 170     }
 171
 172     /*
 173      * Double check the encoding, but only for unprotected keys,
 174      * as protected keys have a random component, which makes the output
 175      * differ.
 176      */
 177     if ((pass == NULL && pcipher == NULL)
 178         && !test_cb(file, line, encoded, encoded_len, encoded2, encoded2_len))
 179         goto end;
 180
 181     ok = 1;
 182  end:
 183     if (!ok) {
 184         if (encoded != NULL && encoded_len != 0)
 185             dump_cb("|pkey| encoded", encoded, encoded_len);
 186         if (encoded2 != NULL && encoded2_len != 0)
 187             dump_cb("|pkey2| encoded", encoded2, encoded2_len);
 188     }
 189
 190     OPENSSL_free(encoded);
 191     OPENSSL_free(encoded2);
 192     EVP_PKEY_free(pkey2);
 193     return ok;
 194 }
 195
 196 /* Encoding and decoding methods */
 197
 198 static int encode_EVP_PKEY_prov(const char *file, const int line,
 199                                 void **encoded, long *encoded_len,
 200                                 void *object, int selection,
 201                                 const char *output_type,
 202                                 const char *output_structure,
 203                                 const char *pass, const char *pcipher)
 204 {
 205     EVP_PKEY *pkey = object;
 206     OSSL_ENCODER_CTX *ectx = NULL;
 207     BIO *mem_ser = NULL;
 208     BUF_MEM *mem_buf = NULL;
 209     const unsigned char *upass = (const unsigned char *)pass;
 210     int ok = 0;
 211
 212     if (!TEST_FL_ptr(ectx = OSSL_ENCODER_CTX_new_for_pkey(pkey, selection,
 213                                                        output_type,
 214                                                        output_structure,
 215                                                        NULL))
 216         || !TEST_FL_int_gt(OSSL_ENCODER_CTX_get_num_encoders(ectx), 0)
 217         || (pass != NULL
 218             && !TEST_FL_true(OSSL_ENCODER_CTX_set_passphrase(ectx, upass,
 219                                                           strlen(pass))))
 220         || (pcipher != NULL
 221             && !TEST_FL_true(OSSL_ENCODER_CTX_set_cipher(ectx, pcipher, NULL)))
 222         || !TEST_FL_ptr(mem_ser = BIO_new(BIO_s_mem()))
 223         || !TEST_FL_true(OSSL_ENCODER_to_bio(ectx, mem_ser))
 224         || !TEST_FL_true(BIO_get_mem_ptr(mem_ser, &mem_buf) > 0)
 225         || !TEST_FL_ptr(*encoded = mem_buf->data)
 226         || !TEST_FL_long_gt(*encoded_len = mem_buf->length, 0))
 227         goto end;
 228
 229     /* Detach the encoded output */
 230     mem_buf->data = NULL;
 231     mem_buf->length = 0;
 232     ok = 1;
 233  end:
 234     BIO_free(mem_ser);
 235     OSSL_ENCODER_CTX_free(ectx);
 236     return ok;
 237 }
 238
 239 static int decode_EVP_PKEY_prov(const char *file, const int line,
 240                                 void **object, void *encoded, long encoded_len,
 241                                 const char *input_type,
 242                                 const char *structure_type,
 243                                 const char *keytype, int selection,
 244                                 const char *pass)
 245 {
 246     EVP_PKEY *pkey = NULL, *testpkey = NULL;
 247     OSSL_DECODER_CTX *dctx = NULL;
 248     BIO *encoded_bio = NULL;
 249     const unsigned char *upass = (const unsigned char *)pass;
 250     int ok = 0;
 251     int i;
 252     const char *badtype;
 253
 254     if (strcmp(input_type, "DER") == 0)
 255         badtype = "PEM";
 256     else
 257         badtype = "DER";
 258
 259     if (!TEST_FL_ptr(encoded_bio = BIO_new_mem_buf(encoded, encoded_len)))
 260         goto end;
 261
 262     /*
 263      * We attempt the decode 3 times. The first time we provide the expected
 264      * starting input type. The second time we provide NULL for the starting
 265      * type. The third time we provide a bad starting input type.
 266      * The bad starting input type should fail. The other two should succeed
 267      * and produce the same result.
 268      */
 269     for (i = 0; i < 3; i++) {
 270         const char *testtype = (i == 0) ? input_type
 271                                         : ((i == 1) ? NULL : badtype);
 272
 273         if (!TEST_FL_ptr(dctx = OSSL_DECODER_CTX_new_for_pkey(&testpkey,
 274                                                            testtype,
 275                                                            structure_type,
 276                                                            keytype,
 277                                                            selection,
 278                                                            NULL, NULL))
 279             || (pass != NULL
 280                 && !OSSL_DECODER_CTX_set_passphrase(dctx, upass, strlen(pass)))
 281             || !TEST_FL_int_gt(BIO_reset(encoded_bio), 0)
 282                /* We expect to fail when using a bad input type */
 283             || !TEST_FL_int_eq(OSSL_DECODER_from_bio(dctx, encoded_bio),
 284                             (i == 2) ? 0 : 1))
 285             goto end;
 286         OSSL_DECODER_CTX_free(dctx);
 287         dctx = NULL;
 288
 289         if (i == 0) {
 290             pkey = testpkey;
 291             testpkey = NULL;
 292         } else if (i == 1) {
 293             if (selection == OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) {
 294                 if (!TEST_FL_int_eq(EVP_PKEY_parameters_eq(pkey, testpkey), 1))
 295                     goto end;
 296             } else {
 297                 if (!TEST_FL_int_eq(EVP_PKEY_eq(pkey, testpkey), 1))
 298                     goto end;
 299             }
 300         }
 301     }
 302     ok = 1;
 303     *object = pkey;
 304     pkey = NULL;
 305
 306  end:
 307     EVP_PKEY_free(pkey);
 308     EVP_PKEY_free(testpkey);
 309     BIO_free(encoded_bio);
 310     OSSL_DECODER_CTX_free(dctx);
 311     return ok;
 312 }
 313
 314 static int encode_EVP_PKEY_legacy_PEM(const char *file, const int line,
 315                                       void **encoded, long *encoded_len,
 316                                       void *object, ossl_unused int selection,
 317                                       ossl_unused const char *output_type,
 318                                       ossl_unused const char *output_structure,
 319                                       const char *pass, const char *pcipher)
 320 {
 321     EVP_PKEY *pkey = object;
 322     EVP_CIPHER *cipher = NULL;
 323     BIO *mem_ser = NULL;
 324     BUF_MEM *mem_buf = NULL;
 325     const unsigned char *upass = (const unsigned char *)pass;
 326     size_t passlen = 0;
 327     int ok = 0;
 328
 329     if (pcipher != NULL && pass != NULL) {
 330         passlen = strlen(pass);
 331         if (!TEST_FL_ptr(cipher = EVP_CIPHER_fetch(NULL, pcipher, NULL)))
 332             goto end;
 333     }
 334     if (!TEST_FL_ptr(mem_ser = BIO_new(BIO_s_mem()))
 335         || !TEST_FL_true(PEM_write_bio_PrivateKey_traditional(mem_ser, pkey,
 336                                                            cipher,
 337                                                            upass, passlen,
 338                                                            NULL, NULL))
 339         || !TEST_FL_true(BIO_get_mem_ptr(mem_ser, &mem_buf) > 0)
 340         || !TEST_FL_ptr(*encoded = mem_buf->data)
 341         || !TEST_FL_long_gt(*encoded_len = mem_buf->length, 0))
 342         goto end;
 343
 344     /* Detach the encoded output */
 345     mem_buf->data = NULL;
 346     mem_buf->length = 0;
 347     ok = 1;
 348  end:
 349     BIO_free(mem_ser);
 350     EVP_CIPHER_free(cipher);
 351     return ok;
 352 }
 353
 354 static int encode_EVP_PKEY_MSBLOB(const char *file, const int line,
 355                                   void **encoded, long *encoded_len,
 356                                   void *object, int selection,
 357                                   ossl_unused const char *output_type,
 358                                   ossl_unused const char *output_structure,
 359                                   ossl_unused const char *pass,
 360                                   ossl_unused const char *pcipher)
 361 {
 362     EVP_PKEY *pkey = object;
 363     BIO *mem_ser = NULL;
 364     BUF_MEM *mem_buf = NULL;
 365     int ok = 0;
 366
 367     if (!TEST_FL_ptr(mem_ser = BIO_new(BIO_s_mem())))
 368         goto end;
 369
 370     if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) {
 371         if (!TEST_FL_int_ge(i2b_PrivateKey_bio(mem_ser, pkey), 0))
 372             goto end;
 373     } else {
 374         if (!TEST_FL_int_ge(i2b_PublicKey_bio(mem_ser, pkey), 0))
 375             goto end;
 376     }
 377
 378     if (!TEST_FL_true(BIO_get_mem_ptr(mem_ser, &mem_buf) > 0)
 379         || !TEST_FL_ptr(*encoded = mem_buf->data)
 380         || !TEST_FL_long_gt(*encoded_len = mem_buf->length, 0))
 381         goto end;
 382
 383     /* Detach the encoded output */
 384     mem_buf->data = NULL;
 385     mem_buf->length = 0;
 386     ok = 1;
 387  end:
 388     BIO_free(mem_ser);
 389     return ok;
 390 }
 391
 392 static pem_password_cb pass_pw;
 393 static int pass_pw(char *buf, int size, int rwflag, void *userdata)
 394 {
 395     OPENSSL_strlcpy(buf, userdata, size);
 396     return strlen(userdata);
 397 }
 398
 399 static int encode_EVP_PKEY_PVK(const char *file, const int line,
 400                                void **encoded, long *encoded_len,
 401                                void *object, int selection,
 402                                ossl_unused const char *output_type,
 403                                ossl_unused const char *output_structure,
 404                                const char *pass,
 405                                ossl_unused const char *pcipher)
 406 {
 407     EVP_PKEY *pkey = object;
 408     BIO *mem_ser = NULL;
 409     BUF_MEM *mem_buf = NULL;
 410     int enc = (pass != NULL);
 411     int ok = 0;
 412
 413     if (!TEST_FL_true(ossl_assert((selection
 414                                 & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0))
 415         || !TEST_FL_ptr(mem_ser = BIO_new(BIO_s_mem()))
 416         || !TEST_FL_int_ge(i2b_PVK_bio(mem_ser, pkey, enc,
 417                                     pass_pw, (void *)pass), 0)
 418         || !TEST_FL_true(BIO_get_mem_ptr(mem_ser, &mem_buf) > 0)
 419         || !TEST_FL_ptr(*encoded = mem_buf->data)
 420         || !TEST_FL_long_gt(*encoded_len = mem_buf->length, 0))
 421         goto end;
 422
 423     /* Detach the encoded output */
 424     mem_buf->data = NULL;
 425     mem_buf->length = 0;
 426     ok = 1;
 427  end:
 428     BIO_free(mem_ser);
 429     return ok;
 430 }
 431
 432 static int test_text(const char *file, const int line,
 433                      const void *data1, size_t data1_len,
 434                      const void *data2, size_t data2_len)
 435 {
 436     return TEST_FL_strn2_eq(data1, data1_len, data2, data2_len);
 437 }
 438
 439 static int test_mem(const char *file, const int line,
 440                     const void *data1, size_t data1_len,
 441                     const void *data2, size_t data2_len)
 442 {
 443     return TEST_FL_mem_eq(data1, data1_len, data2, data2_len);
 444 }
 445
 446 /* Test cases and their dumpers / checkers */
 447
 448 static void collect_name(const char *name, void *arg)
 449 {
 450     char **namelist = arg;
 451     char *new_namelist;
 452     size_t space;
 453
 454     space = strlen(name);
 455     if (*namelist != NULL)
 456         space += strlen(*namelist) + 2 /* for comma and space */;
 457     space++; /* for terminating null byte */
 458
 459     new_namelist = OPENSSL_realloc(*namelist, space);
 460     if (new_namelist == NULL)
 461         return;
 462     if (*namelist != NULL) {
 463         strcat(new_namelist, ", ");
 464         strcat(new_namelist, name);
 465     } else {
 466         strcpy(new_namelist, name);
 467     }
 468     *namelist = new_namelist;
 469 }
 470
 471 static void dump_der(const char *label, const void *data, size_t data_len)
 472 {
 473     test_output_memory(label, data, data_len);
 474 }
 475
 476 static void dump_pem(const char *label, const void *data, size_t data_len)
 477 {
 478     test_output_string(label, data, data_len - 1);
 479 }
 480
 481 static int check_unprotected_PKCS8_DER(const char *file, const int line,
 482                                        const char *type,
 483                                        const void *data, size_t data_len)
 484 {
 485     const unsigned char *datap = data;
 486     PKCS8_PRIV_KEY_INFO *p8inf =
 487         d2i_PKCS8_PRIV_KEY_INFO(NULL, &datap, data_len);
 488     int ok = 0;
 489
 490     if (TEST_FL_ptr(p8inf)) {
 491         EVP_PKEY *pkey = EVP_PKCS82PKEY(p8inf);
 492         char *namelist = NULL;
 493
 494         if (TEST_FL_ptr(pkey)) {
 495             if (!(ok = TEST_FL_true(EVP_PKEY_is_a(pkey, type)))) {
 496                 EVP_PKEY_typenames_do_all(pkey, collect_name, &namelist);
 497                 if (namelist != NULL)
 498                     TEST_note("%s isn't any of %s", type, namelist);
 499                 OPENSSL_free(namelist);
 500             }
 501             EVP_PKEY_free(pkey);
 502         }
 503     }
 504     PKCS8_PRIV_KEY_INFO_free(p8inf);
 505     return ok;
 506 }
 507
 508 static int test_unprotected_via_DER(const char *type, EVP_PKEY *key)
 509 {
 510     return test_encode_decode(__FILE__, __LINE__, type, key,
 511                               OSSL_KEYMGMT_SELECT_KEYPAIR
 512                               | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS,
 513                               "DER", "pkcs8", NULL, NULL,
 514                               encode_EVP_PKEY_prov, decode_EVP_PKEY_prov,
 515                               test_mem, check_unprotected_PKCS8_DER,
 516                               dump_der, 0);
 517 }
 518
 519 static int check_unprotected_PKCS8_PEM(const char *file, const int line,
 520                                        const char *type,
 521                                        const void *data, size_t data_len)
 522 {
 523     static const char expected_pem_header[] =
 524         "-----BEGIN " PEM_STRING_PKCS8INF "-----";
 525
 526     return TEST_FL_strn_eq(data, expected_pem_header,
 527                         sizeof(expected_pem_header) - 1);
 528 }
 529
 530 static int test_unprotected_via_PEM(const char *type, EVP_PKEY *key)
 531 {
 532     return test_encode_decode(__FILE__, __LINE__, type, key, OSSL_KEYMGMT_SELECT_KEYPAIR
 533                               | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS,
 534                               "PEM", "pkcs8", NULL, NULL,
 535                               encode_EVP_PKEY_prov, decode_EVP_PKEY_prov,
 536                               test_text, check_unprotected_PKCS8_PEM,
 537                               dump_pem, 0);
 538 }
 539
 540 #ifndef OPENSSL_NO_KEYPARAMS
 541 static int check_params_DER(const char *file, const int line,
 542                             const char *type, const void *data, size_t data_len)
 543 {
 544     const unsigned char *datap = data;
 545     int ok = 0;
 546     int itype = NID_undef;
 547     EVP_PKEY *pkey = NULL;
 548
 549     if (strcmp(type, "DH") == 0)
 550         itype = EVP_PKEY_DH;
 551     else if (strcmp(type, "X9.42 DH") == 0)
 552         itype = EVP_PKEY_DHX;
 553     else if (strcmp(type, "DSA") ==  0)
 554         itype = EVP_PKEY_DSA;
 555     else if (strcmp(type, "EC") ==  0)
 556         itype = EVP_PKEY_EC;
 557
 558     if (itype != NID_undef) {
 559         pkey = d2i_KeyParams(itype, NULL, &datap, data_len);
 560         ok = (pkey != NULL);
 561         EVP_PKEY_free(pkey);
 562     }
 563
 564     return ok;
 565 }
 566
 567 static int check_params_PEM(const char *file, const int line,
 568                             const char *type,
 569                             const void *data, size_t data_len)
 570 {
 571     static char expected_pem_header[80];
 572
 573     return
 574         TEST_FL_int_gt(BIO_snprintf(expected_pem_header,
 575                                  sizeof(expected_pem_header),
 576                                  "-----BEGIN %s PARAMETERS-----", type), 0)
 577         && TEST_FL_strn_eq(data, expected_pem_header, strlen(expected_pem_header));
 578 }
 579
 580 static int test_params_via_DER(const char *type, EVP_PKEY *key)
 581 {
 582     return test_encode_decode(__FILE__, __LINE__, type, key, OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS,
 583                               "DER", "type-specific", NULL, NULL,
 584                               encode_EVP_PKEY_prov, decode_EVP_PKEY_prov,
 585                               test_mem, check_params_DER,
 586                               dump_der, FLAG_DECODE_WITH_TYPE);
 587 }
 588
 589 static int test_params_via_PEM(const char *type, EVP_PKEY *key)
 590 {
 591     return test_encode_decode(__FILE__, __LINE__, type, key, OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS,
 592                               "PEM", "type-specific", NULL, NULL,
 593                               encode_EVP_PKEY_prov, decode_EVP_PKEY_prov,
 594                               test_text, check_params_PEM,
 595                               dump_pem, 0);
 596 }
 597 #endif /* !OPENSSL_NO_KEYPARAMS */
 598
 599 static int check_unprotected_legacy_PEM(const char *file, const int line,
 600                                         const char *type,
 601                                         const void *data, size_t data_len)
 602 {
 603     static char expected_pem_header[80];
 604
 605     return
 606         TEST_FL_int_gt(BIO_snprintf(expected_pem_header,
 607                                  sizeof(expected_pem_header),
 608                                  "-----BEGIN %s PRIVATE KEY-----", type), 0)
 609         && TEST_FL_strn_eq(data, expected_pem_header, strlen(expected_pem_header));
 610 }
 611
 612 static int test_unprotected_via_legacy_PEM(const char *type, EVP_PKEY *key)
 613 {
 614     return test_encode_decode(__FILE__, __LINE__, type, key,
 615                               OSSL_KEYMGMT_SELECT_KEYPAIR
 616                               | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS,
 617                               "PEM", "type-specific", NULL, NULL,
 618                               encode_EVP_PKEY_legacy_PEM, decode_EVP_PKEY_prov,
 619                               test_text, check_unprotected_legacy_PEM,
 620                               dump_pem, 0);
 621 }
 622
 623 static int check_MSBLOB(const char *file, const int line,
 624                         const char *type, const void *data, size_t data_len)
 625 {
 626     const unsigned char *datap = data;
 627     EVP_PKEY *pkey = b2i_PrivateKey(&datap, data_len);
 628     int ok = TEST_FL_ptr(pkey);
 629
 630     EVP_PKEY_free(pkey);
 631     return ok;
 632 }
 633
 634 static int test_unprotected_via_MSBLOB(const char *type, EVP_PKEY *key)
 635 {
 636     return test_encode_decode(__FILE__, __LINE__, type, key,
 637                               OSSL_KEYMGMT_SELECT_KEYPAIR
 638                               | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS,
 639                               "MSBLOB", NULL, NULL, NULL,
 640                               encode_EVP_PKEY_MSBLOB, decode_EVP_PKEY_prov,
 641                               test_mem, check_MSBLOB,
 642                               dump_der, 0);
 643 }
 644
 645 static int check_PVK(const char *file, const int line,
 646                      const char *type, const void *data, size_t data_len)
 647 {
 648     const unsigned char *in = data;
 649     unsigned int saltlen = 0, keylen = 0;
 650     int ok = ossl_do_PVK_header(&in, data_len, 0, &saltlen, &keylen);
 651
 652     return ok;
 653 }
 654
 655 static int test_unprotected_via_PVK(const char *type, EVP_PKEY *key)
 656 {
 657     return test_encode_decode(__FILE__, __LINE__, type, key,
 658                               OSSL_KEYMGMT_SELECT_KEYPAIR
 659                               | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS,
 660                               "PVK", NULL, NULL, NULL,
 661                               encode_EVP_PKEY_PVK, decode_EVP_PKEY_prov,
 662                               test_mem, check_PVK,
 663                               dump_der, 0);
 664 }
 665
 666 static const char *pass_cipher = "AES-256-CBC";
 667 static const char *pass = "the holy handgrenade of antioch";
 668
 669 static int check_protected_PKCS8_DER(const char *file, const int line,
 670                                      const char *type,
 671                                      const void *data, size_t data_len)
 672 {
 673     const unsigned char *datap = data;
 674     X509_SIG *p8 = d2i_X509_SIG(NULL, &datap, data_len);
 675     int ok = TEST_FL_ptr(p8);
 676
 677     X509_SIG_free(p8);
 678     return ok;
 679 }
 680
 681 static int test_protected_via_DER(const char *type, EVP_PKEY *key)
 682 {
 683     return test_encode_decode(__FILE__, __LINE__, type, key,
 684                               OSSL_KEYMGMT_SELECT_KEYPAIR
 685                               | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS,
 686                               "DER", "pkcs8", pass, pass_cipher,
 687                               encode_EVP_PKEY_prov, decode_EVP_PKEY_prov,
 688                               test_mem, check_protected_PKCS8_DER,
 689                               dump_der, 0);
 690 }
 691
 692 static int check_protected_PKCS8_PEM(const char *file, const int line,
 693                                      const char *type,
 694                                      const void *data, size_t data_len)
 695 {
 696     static const char expected_pem_header[] =
 697         "-----BEGIN " PEM_STRING_PKCS8 "-----";
 698
 699     return TEST_FL_strn_eq(data, expected_pem_header,
 700                         sizeof(expected_pem_header) - 1);
 701 }
 702
 703 static int test_protected_via_PEM(const char *type, EVP_PKEY *key)
 704 {
 705     return test_encode_decode(__FILE__, __LINE__, type, key,
 706                               OSSL_KEYMGMT_SELECT_KEYPAIR
 707                               | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS,
 708                               "PEM", "pkcs8", pass, pass_cipher,
 709                               encode_EVP_PKEY_prov, decode_EVP_PKEY_prov,
 710                               test_text, check_protected_PKCS8_PEM,
 711                               dump_pem, 0);
 712 }
 713
 714 static int check_protected_legacy_PEM(const char *file, const int line,
 715                                       const char *type,
 716                                       const void *data, size_t data_len)
 717 {
 718     static char expected_pem_header[80];
 719
 720     return
 721         TEST_FL_int_gt(BIO_snprintf(expected_pem_header,
 722                                  sizeof(expected_pem_header),
 723                                  "-----BEGIN %s PRIVATE KEY-----", type), 0)
 724         && TEST_FL_strn_eq(data, expected_pem_header, strlen(expected_pem_header))
 725         && TEST_FL_ptr(strstr(data, "\nDEK-Info: "));
 726 }
 727
 728 static int test_protected_via_legacy_PEM(const char *type, EVP_PKEY *key)
 729 {
 730     return test_encode_decode(__FILE__, __LINE__, type, key,
 731                               OSSL_KEYMGMT_SELECT_KEYPAIR
 732                               | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS,
 733                               "PEM", "type-specific", pass, pass_cipher,
 734                               encode_EVP_PKEY_legacy_PEM, decode_EVP_PKEY_prov,
 735                               test_text, check_protected_legacy_PEM,
 736                               dump_pem, 0);
 737 }
 738
 739 #ifndef OPENSSL_NO_RC4
 740 static int test_protected_via_PVK(const char *type, EVP_PKEY *key)
 741 {
 742     return test_encode_decode(__FILE__, __LINE__, type, key,
 743                               OSSL_KEYMGMT_SELECT_KEYPAIR
 744                               | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS,
 745                               "PVK", NULL, pass, NULL,
 746                               encode_EVP_PKEY_PVK, decode_EVP_PKEY_prov,
 747                               test_mem, check_PVK, dump_der, 0);
 748 }
 749 #endif
 750
 751 static int check_public_DER(const char *file, const int line,
 752                             const char *type, const void *data, size_t data_len)
 753 {
 754     const unsigned char *datap = data;
 755     EVP_PKEY *pkey = d2i_PUBKEY(NULL, &datap, data_len);
 756     int ok = (TEST_FL_ptr(pkey) && TEST_FL_true(EVP_PKEY_is_a(pkey, type)));
 757
 758     EVP_PKEY_free(pkey);
 759     return ok;
 760 }
 761
 762 static int test_public_via_DER(const char *type, EVP_PKEY *key)
 763 {
 764     return test_encode_decode(__FILE__, __LINE__, type, key,
 765                               OSSL_KEYMGMT_SELECT_PUBLIC_KEY
 766                               | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS,
 767                               "DER", "SubjectPublicKeyInfo", NULL, NULL,
 768                               encode_EVP_PKEY_prov, decode_EVP_PKEY_prov,
 769                               test_mem, check_public_DER, dump_der, 0);
 770 }
 771
 772 static int check_public_PEM(const char *file, const int line,
 773                             const char *type, const void *data, size_t data_len)
 774 {
 775     static const char expected_pem_header[] =
 776         "-----BEGIN " PEM_STRING_PUBLIC "-----";
 777
 778     return
 779         TEST_FL_strn_eq(data, expected_pem_header,
 780                      sizeof(expected_pem_header) - 1);
 781 }
 782
 783 static int test_public_via_PEM(const char *type, EVP_PKEY *key)
 784 {
 785     return test_encode_decode(__FILE__, __LINE__, type, key,
 786                               OSSL_KEYMGMT_SELECT_PUBLIC_KEY
 787                               | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS,
 788                               "PEM", "SubjectPublicKeyInfo", NULL, NULL,
 789                               encode_EVP_PKEY_prov, decode_EVP_PKEY_prov,
 790                               test_text, check_public_PEM, dump_pem, 0);
 791 }
 792
 793 static int check_public_MSBLOB(const char *file, const int line,
 794                                const char *type,
 795                                const void *data, size_t data_len)
 796 {
 797     const unsigned char *datap = data;
 798     EVP_PKEY *pkey = b2i_PublicKey(&datap, data_len);
 799     int ok = TEST_FL_ptr(pkey);
 800
 801     EVP_PKEY_free(pkey);
 802     return ok;
 803 }
 804
 805 static int test_public_via_MSBLOB(const char *type, EVP_PKEY *key)
 806 {
 807     return test_encode_decode(__FILE__, __LINE__, type, key, OSSL_KEYMGMT_SELECT_PUBLIC_KEY
 808                               | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS,
 809                               "MSBLOB", NULL, NULL, NULL,
 810                               encode_EVP_PKEY_MSBLOB, decode_EVP_PKEY_prov,
 811                               test_mem, check_public_MSBLOB, dump_der, 0);
 812 }
 813
 814 #define KEYS(KEYTYPE)                           \
 815     static EVP_PKEY *key_##KEYTYPE = NULL
 816 #define MAKE_KEYS(KEYTYPE, KEYTYPEstr, params)                          \
 817     ok = ok                                                             \
 818         && TEST_ptr(key_##KEYTYPE = make_key(KEYTYPEstr, NULL, params))
 819 #define FREE_KEYS(KEYTYPE)                                              \
 820     EVP_PKEY_free(key_##KEYTYPE);                                       \
 821
 822 #define DOMAIN_KEYS(KEYTYPE)                    \
 823     static EVP_PKEY *template_##KEYTYPE = NULL; \
 824     static EVP_PKEY *key_##KEYTYPE = NULL
 825 #define MAKE_DOMAIN_KEYS(KEYTYPE, KEYTYPEstr, params)                   \
 826     ok = ok                                                             \
 827         && TEST_ptr(template_##KEYTYPE =                                \
 828                     make_template(KEYTYPEstr, params))                  \
 829         && TEST_ptr(key_##KEYTYPE =                                     \
 830                     make_key(KEYTYPEstr, template_##KEYTYPE, NULL))
 831 #define FREE_DOMAIN_KEYS(KEYTYPE)                                       \
 832     EVP_PKEY_free(template_##KEYTYPE);                                  \
 833     EVP_PKEY_free(key_##KEYTYPE)
 834
 835 #define IMPLEMENT_TEST_SUITE(KEYTYPE, KEYTYPEstr)                       \
 836     static int test_unprotected_##KEYTYPE##_via_DER(void)               \
 837     {                                                                   \
 838         return test_unprotected_via_DER(KEYTYPEstr, key_##KEYTYPE);     \
 839     }                                                                   \
 840     static int test_unprotected_##KEYTYPE##_via_PEM(void)               \
 841     {                                                                   \
 842         return test_unprotected_via_PEM(KEYTYPEstr, key_##KEYTYPE);     \
 843     }                                                                   \
 844     static int test_protected_##KEYTYPE##_via_DER(void)                 \
 845     {                                                                   \
 846         return test_protected_via_DER(KEYTYPEstr, key_##KEYTYPE);       \
 847     }                                                                   \
 848     static int test_protected_##KEYTYPE##_via_PEM(void)                 \
 849     {                                                                   \
 850         return test_protected_via_PEM(KEYTYPEstr, key_##KEYTYPE);       \
 851     }                                                                   \
 852     static int test_public_##KEYTYPE##_via_DER(void)                    \
 853     {                                                                   \
 854         return test_public_via_DER(KEYTYPEstr, key_##KEYTYPE);          \
 855     }                                                                   \
 856     static int test_public_##KEYTYPE##_via_PEM(void)                    \
 857     {                                                                   \
 858         return test_public_via_PEM(KEYTYPEstr, key_##KEYTYPE);          \
 859     }
 860
 861 #define ADD_TEST_SUITE(KEYTYPE)                                 \
 862     ADD_TEST(test_unprotected_##KEYTYPE##_via_DER);             \
 863     ADD_TEST(test_unprotected_##KEYTYPE##_via_PEM);             \
 864     ADD_TEST(test_protected_##KEYTYPE##_via_DER);               \
 865     ADD_TEST(test_protected_##KEYTYPE##_via_PEM);               \
 866     ADD_TEST(test_public_##KEYTYPE##_via_DER);                  \
 867     ADD_TEST(test_public_##KEYTYPE##_via_PEM)
 868
 869 #define IMPLEMENT_TEST_SUITE_PARAMS(KEYTYPE, KEYTYPEstr)           \
 870     static int test_params_##KEYTYPE##_via_DER(void)               \
 871     {                                                              \
 872         return test_params_via_DER(KEYTYPEstr, key_##KEYTYPE);     \
 873     }                                                              \
 874     static int test_params_##KEYTYPE##_via_PEM(void)               \
 875     {                                                              \
 876         return test_params_via_PEM(KEYTYPEstr, key_##KEYTYPE);     \
 877     }
 878
 879 #define ADD_TEST_SUITE_PARAMS(KEYTYPE)                          \
 880     ADD_TEST(test_params_##KEYTYPE##_via_DER);                  \
 881     ADD_TEST(test_params_##KEYTYPE##_via_PEM)
 882
 883 #define IMPLEMENT_TEST_SUITE_LEGACY(KEYTYPE, KEYTYPEstr)                \
 884     static int test_unprotected_##KEYTYPE##_via_legacy_PEM(void)        \
 885     {                                                                   \
 886         return                                                          \
 887             test_unprotected_via_legacy_PEM(KEYTYPEstr, key_##KEYTYPE); \
 888     }                                                                   \
 889     static int test_protected_##KEYTYPE##_via_legacy_PEM(void)          \
 890     {                                                                   \
 891         return                                                          \
 892             test_protected_via_legacy_PEM(KEYTYPEstr, key_##KEYTYPE);   \
 893     }
 894
 895 #define ADD_TEST_SUITE_LEGACY(KEYTYPE)                                  \
 896     ADD_TEST(test_unprotected_##KEYTYPE##_via_legacy_PEM);              \
 897     ADD_TEST(test_protected_##KEYTYPE##_via_legacy_PEM)
 898
 899 #define IMPLEMENT_TEST_SUITE_MSBLOB(KEYTYPE, KEYTYPEstr)                \
 900     static int test_unprotected_##KEYTYPE##_via_MSBLOB(void)            \
 901     {                                                                   \
 902         return test_unprotected_via_MSBLOB(KEYTYPEstr, key_##KEYTYPE);  \
 903     }                                                                   \
 904     static int test_public_##KEYTYPE##_via_MSBLOB(void)                 \
 905     {                                                                   \
 906         return test_public_via_MSBLOB(KEYTYPEstr, key_##KEYTYPE);       \
 907     }
 908
 909 #define ADD_TEST_SUITE_MSBLOB(KEYTYPE)                                  \
 910     ADD_TEST(test_unprotected_##KEYTYPE##_via_MSBLOB);                  \
 911     ADD_TEST(test_public_##KEYTYPE##_via_MSBLOB)
 912
 913 #define IMPLEMENT_TEST_SUITE_UNPROTECTED_PVK(KEYTYPE, KEYTYPEstr)       \
 914     static int test_unprotected_##KEYTYPE##_via_PVK(void)               \
 915     {                                                                   \
 916         return test_unprotected_via_PVK(KEYTYPEstr, key_##KEYTYPE);     \
 917     }
 918 # define ADD_TEST_SUITE_UNPROTECTED_PVK(KEYTYPE)                        \
 919     ADD_TEST(test_unprotected_##KEYTYPE##_via_PVK)
 920 #ifndef OPENSSL_NO_RC4
 921 # define IMPLEMENT_TEST_SUITE_PROTECTED_PVK(KEYTYPE, KEYTYPEstr)        \
 922     static int test_protected_##KEYTYPE##_via_PVK(void)                 \
 923     {                                                                   \
 924         return test_protected_via_PVK(KEYTYPEstr, key_##KEYTYPE);       \
 925     }
 926 # define ADD_TEST_SUITE_PROTECTED_PVK(KEYTYPE)                          \
 927     ADD_TEST(test_protected_##KEYTYPE##_via_PVK)
 928 #endif
 929
 930 #ifndef OPENSSL_NO_DH
 931 DOMAIN_KEYS(DH);
 932 IMPLEMENT_TEST_SUITE(DH, "DH")
 933 IMPLEMENT_TEST_SUITE_PARAMS(DH, "DH")
 934 DOMAIN_KEYS(DHX);
 935 IMPLEMENT_TEST_SUITE(DHX, "X9.42 DH")
 936 IMPLEMENT_TEST_SUITE_PARAMS(DHX, "X9.42 DH")
 937 /*
 938  * DH has no support for PEM_write_bio_PrivateKey_traditional(),
 939  * so no legacy tests.
 940  */
 941 #endif
 942 #ifndef OPENSSL_NO_DSA
 943 DOMAIN_KEYS(DSA);
 944 IMPLEMENT_TEST_SUITE(DSA, "DSA")
 945 IMPLEMENT_TEST_SUITE_PARAMS(DSA, "DSA")
 946 IMPLEMENT_TEST_SUITE_LEGACY(DSA, "DSA")
 947 IMPLEMENT_TEST_SUITE_MSBLOB(DSA, "DSA")
 948 IMPLEMENT_TEST_SUITE_UNPROTECTED_PVK(DSA, "DSA")
 949 # ifndef OPENSSL_NO_RC4
 950 IMPLEMENT_TEST_SUITE_PROTECTED_PVK(DSA, "DSA")
 951 # endif
 952 #endif
 953 #ifndef OPENSSL_NO_EC
 954 DOMAIN_KEYS(EC);
 955 IMPLEMENT_TEST_SUITE(EC, "EC")
 956 IMPLEMENT_TEST_SUITE_PARAMS(EC, "EC")
 957 IMPLEMENT_TEST_SUITE_LEGACY(EC, "EC")
 958 DOMAIN_KEYS(ECExplicitPrimeNamedCurve);
 959 IMPLEMENT_TEST_SUITE(ECExplicitPrimeNamedCurve, "EC")
 960 IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitPrimeNamedCurve, "EC")
 961 DOMAIN_KEYS(ECExplicitPrime2G);
 962 IMPLEMENT_TEST_SUITE(ECExplicitPrime2G, "EC")
 963 IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitPrime2G, "EC")
 964 # ifndef OPENSSL_NO_EC2M
 965 DOMAIN_KEYS(ECExplicitTriNamedCurve);
 966 IMPLEMENT_TEST_SUITE(ECExplicitTriNamedCurve, "EC")
 967 IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitTriNamedCurve, "EC")
 968 DOMAIN_KEYS(ECExplicitTri2G);
 969 IMPLEMENT_TEST_SUITE(ECExplicitTri2G, "EC")
 970 IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitTri2G, "EC")
 971 # endif
 972 KEYS(ED25519);
 973 IMPLEMENT_TEST_SUITE(ED25519, "ED25519")
 974 KEYS(ED448);
 975 IMPLEMENT_TEST_SUITE(ED448, "ED448")
 976 KEYS(X25519);
 977 IMPLEMENT_TEST_SUITE(X25519, "X25519")
 978 KEYS(X448);
 979 IMPLEMENT_TEST_SUITE(X448, "X448")
 980 /*
 981  * ED25519, ED448, X25519 and X448 have no support for
 982  * PEM_write_bio_PrivateKey_traditional(), so no legacy tests.
 983  */
 984 #endif
 985 KEYS(RSA);
 986 IMPLEMENT_TEST_SUITE(RSA, "RSA")
 987 IMPLEMENT_TEST_SUITE_LEGACY(RSA, "RSA")
 988 KEYS(RSA_PSS);
 989 IMPLEMENT_TEST_SUITE(RSA_PSS, "RSA-PSS")
 990 /*
 991  * RSA-PSS has no support for PEM_write_bio_PrivateKey_traditional(),
 992  * so no legacy tests.
 993  */
 994 IMPLEMENT_TEST_SUITE_MSBLOB(RSA, "RSA")
 995 IMPLEMENT_TEST_SUITE_UNPROTECTED_PVK(RSA, "RSA")
 996 #ifndef OPENSSL_NO_RC4
 997 IMPLEMENT_TEST_SUITE_PROTECTED_PVK(RSA, "RSA")
 998 #endif
 999
1000 #ifndef OPENSSL_NO_EC
1001 /* Explicit parameters that match a named curve */
1002 static int do_create_ec_explicit_prime_params(OSSL_PARAM_BLD *bld,
1003                                               const unsigned char *gen,
1004                                               size_t gen_len)
1005 {
1006     BIGNUM *a, *b, *prime, *order;
1007
1008     /* Curve prime256v1 */
1009     static const unsigned char prime_data[] = {
1010         0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00,
1011         0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1012         0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff,
1013         0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
1014         0xff
1015     };
1016     static const unsigned char a_data[] = {
1017         0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00,
1018         0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1019         0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff,
1020         0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
1021         0xfc
1022     };
1023     static const unsigned char b_data[] = {
1024         0x5a, 0xc6, 0x35, 0xd8, 0xaa, 0x3a, 0x93, 0xe7,
1025         0xb3, 0xeb, 0xbd, 0x55, 0x76, 0x98, 0x86, 0xbc,
1026         0x65, 0x1d, 0x06, 0xb0, 0xcc, 0x53, 0xb0, 0xf6,
1027         0x3b, 0xce, 0x3c, 0x3e, 0x27, 0xd2, 0x60, 0x4b
1028     };
1029     static const unsigned char seed[] = {
1030         0xc4, 0x9d, 0x36, 0x08, 0x86, 0xe7, 0x04, 0x93,
1031         0x6a, 0x66, 0x78, 0xe1, 0x13, 0x9d, 0x26, 0xb7,
1032         0x81, 0x9f, 0x7e, 0x90
1033     };
1034     static const unsigned char order_data[] = {
1035         0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00,
1036         0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
1037         0xff, 0xbc, 0xe6, 0xfa, 0xad, 0xa7, 0x17, 0x9e,
1038         0x84, 0xf3, 0xb9, 0xca, 0xc2, 0xfc, 0x63, 0x25, 0x51
1039     };
1040     return TEST_ptr(a = BN_CTX_get(bnctx))
1041            && TEST_ptr(b = BN_CTX_get(bnctx))
1042            && TEST_ptr(prime = BN_CTX_get(bnctx))
1043            && TEST_ptr(order = BN_CTX_get(bnctx))
1044            && TEST_ptr(BN_bin2bn(prime_data, sizeof(prime_data), prime))
1045            && TEST_ptr(BN_bin2bn(a_data, sizeof(a_data), a))
1046            && TEST_ptr(BN_bin2bn(b_data, sizeof(b_data), b))
1047            && TEST_ptr(BN_bin2bn(order_data, sizeof(order_data), order))
1048            && TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
1049                             OSSL_PKEY_PARAM_EC_FIELD_TYPE, SN_X9_62_prime_field,
1050                             0))
1051            && TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_P, prime))
1052            && TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_A, a))
1053            && TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_B, b))
1054            && TEST_true(OSSL_PARAM_BLD_push_BN(bld,
1055                             OSSL_PKEY_PARAM_EC_ORDER, order))
1056            && TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
1057                             OSSL_PKEY_PARAM_EC_GENERATOR, gen, gen_len))
1058            && TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
1059                             OSSL_PKEY_PARAM_EC_SEED, seed, sizeof(seed)))
1060            && TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_COFACTOR,
1061                                                BN_value_one()));
1062 }
1063
1064 static int create_ec_explicit_prime_params_namedcurve(OSSL_PARAM_BLD *bld)
1065 {
1066     static const unsigned char prime256v1_gen[] = {
1067         0x04,
1068         0x6b, 0x17, 0xd1, 0xf2, 0xe1, 0x2c, 0x42, 0x47,
1069         0xf8, 0xbc, 0xe6, 0xe5, 0x63, 0xa4, 0x40, 0xf2,
1070         0x77, 0x03, 0x7d, 0x81, 0x2d, 0xeb, 0x33, 0xa0,
1071         0xf4, 0xa1, 0x39, 0x45, 0xd8, 0x98, 0xc2, 0x96,
1072         0x4f, 0xe3, 0x42, 0xe2, 0xfe, 0x1a, 0x7f, 0x9b,
1073         0x8e, 0xe7, 0xeb, 0x4a, 0x7c, 0x0f, 0x9e, 0x16,
1074         0x2b, 0xce, 0x33, 0x57, 0x6b, 0x31, 0x5e, 0xce,
1075         0xcb, 0xb6, 0x40, 0x68, 0x37, 0xbf, 0x51, 0xf5
1076     };
1077     return do_create_ec_explicit_prime_params(bld, prime256v1_gen,
1078                                               sizeof(prime256v1_gen));
1079 }
1080
1081 static int create_ec_explicit_prime_params(OSSL_PARAM_BLD *bld)
1082 {
1083     /* 2G */
1084     static const unsigned char prime256v1_gen2[] = {
1085         0x04,
1086         0xe4, 0x97, 0x08, 0xbe, 0x7d, 0xfa, 0xa2, 0x9a,
1087         0xa3, 0x12, 0x6f, 0xe4, 0xe7, 0xd0, 0x25, 0xe3,
1088         0x4a, 0xc1, 0x03, 0x15, 0x8c, 0xd9, 0x33, 0xc6,
1089         0x97, 0x42, 0xf5, 0xdc, 0x97, 0xb9, 0xd7, 0x31,
1090         0xe9, 0x7d, 0x74, 0x3d, 0x67, 0x6a, 0x3b, 0x21,
1091         0x08, 0x9c, 0x31, 0x73, 0xf8, 0xc1, 0x27, 0xc9,
1092         0xd2, 0xa0, 0xa0, 0x83, 0x66, 0xe0, 0xc9, 0xda,
1093         0xa8, 0xc6, 0x56, 0x2b, 0x94, 0xb1, 0xae, 0x55
1094     };
1095     return do_create_ec_explicit_prime_params(bld, prime256v1_gen2,
1096                                               sizeof(prime256v1_gen2));
1097 }
1098
1099 # ifndef OPENSSL_NO_EC2M
1100 static int do_create_ec_explicit_trinomial_params(OSSL_PARAM_BLD *bld,
1101                                                   const unsigned char *gen,
1102                                                   size_t gen_len)
1103 {
1104     BIGNUM *a, *b, *poly, *order, *cofactor;
1105     /* sect233k1 characteristic-two-field tpBasis */
1106     static const unsigned char poly_data[] = {
1107         0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1108         0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00,
1109         0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
1110     };
1111     static const unsigned char a_data[] = {
1112         0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1113         0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1114         0x00, 0x00, 0x00, 0x00, 0x00, 0x00
1115     };
1116     static const unsigned char b_data[] = {
1117         0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1118         0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1119         0x00, 0x00, 0x00, 0x00, 0x00, 0x01
1120     };
1121     static const unsigned char order_data[] = {
1122         0x00, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1123         0x00, 0x00, 0x00, 0x06, 0x9D, 0x5B, 0xB9, 0x15, 0xBC, 0xD4, 0x6E, 0xFB,
1124         0x1A, 0xD5, 0xF1, 0x73, 0xAB, 0xDF
1125     };
1126     static const unsigned char cofactor_data[]= {
1127         0x4
1128     };
1129     return TEST_ptr(a = BN_CTX_get(bnctx))
1130            && TEST_ptr(b = BN_CTX_get(bnctx))
1131            && TEST_ptr(poly = BN_CTX_get(bnctx))
1132            && TEST_ptr(order = BN_CTX_get(bnctx))
1133            && TEST_ptr(cofactor = BN_CTX_get(bnctx))
1134            && TEST_ptr(BN_bin2bn(poly_data, sizeof(poly_data), poly))
1135            && TEST_ptr(BN_bin2bn(a_data, sizeof(a_data), a))
1136            && TEST_ptr(BN_bin2bn(b_data, sizeof(b_data), b))
1137            && TEST_ptr(BN_bin2bn(order_data, sizeof(order_data), order))
1138            && TEST_ptr(BN_bin2bn(cofactor_data, sizeof(cofactor_data), cofactor))
1139            && TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
1140                             OSSL_PKEY_PARAM_EC_FIELD_TYPE,
1141                             SN_X9_62_characteristic_two_field, 0))
1142            && TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_P, poly))
1143            && TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_A, a))
1144            && TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_B, b))
1145            && TEST_true(OSSL_PARAM_BLD_push_BN(bld,
1146                             OSSL_PKEY_PARAM_EC_ORDER, order))
1147            && TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
1148                             OSSL_PKEY_PARAM_EC_GENERATOR, gen, gen_len))
1149            && TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_COFACTOR,
1150                                                cofactor));
1151 }
1152
1153 static int create_ec_explicit_trinomial_params_namedcurve(OSSL_PARAM_BLD *bld)
1154 {
1155     static const unsigned char gen[] = {
1156         0x04,
1157         0x01, 0x72, 0x32, 0xBA, 0x85, 0x3A, 0x7E, 0x73, 0x1A, 0xF1, 0x29, 0xF2,
1158         0x2F, 0xF4, 0x14, 0x95, 0x63, 0xA4, 0x19, 0xC2, 0x6B, 0xF5, 0x0A, 0x4C,
1159         0x9D, 0x6E, 0xEF, 0xAD, 0x61, 0x26,
1160         0x01, 0xDB, 0x53, 0x7D, 0xEC, 0xE8, 0x19, 0xB7, 0xF7, 0x0F, 0x55, 0x5A,
1161         0x67, 0xC4, 0x27, 0xA8, 0xCD, 0x9B, 0xF1, 0x8A, 0xEB, 0x9B, 0x56, 0xE0,
1162         0xC1, 0x10, 0x56, 0xFA, 0xE6, 0xA3
1163     };
1164     return do_create_ec_explicit_trinomial_params(bld, gen, sizeof(gen));
1165 }
1166
1167 static int create_ec_explicit_trinomial_params(OSSL_PARAM_BLD *bld)
1168 {
1169     static const unsigned char gen2[] = {
1170         0x04,
1171         0x00, 0xd7, 0xba, 0xd0, 0x26, 0x6c, 0x31, 0x6a, 0x78, 0x76, 0x01, 0xd1,
1172         0x32, 0x4b, 0x8f, 0x30, 0x29, 0x2d, 0x78, 0x30, 0xca, 0x43, 0xaa, 0xf0,
1173         0xa2, 0x5a, 0xd4, 0x0f, 0xb3, 0xf4,
1174         0x00, 0x85, 0x4b, 0x1b, 0x8d, 0x50, 0x10, 0xa5, 0x1c, 0x80, 0xf7, 0x86,
1175         0x40, 0x62, 0x4c, 0x87, 0xd1, 0x26, 0x7a, 0x9c, 0x5c, 0xe9, 0x82, 0x29,
1176         0xd1, 0x67, 0x70, 0x41, 0xea, 0xcb
1177     };
1178     return do_create_ec_explicit_trinomial_params(bld, gen2, sizeof(gen2));
1179 }
1180 # endif /* OPENSSL_NO_EC2M */
1181 #endif /* OPENSSL_NO_EC */
1182
1183 int setup_tests(void)
1184 {
1185 # ifndef OPENSSL_NO_RC4
1186     int use_legacy = OSSL_PROVIDER_available(NULL, "legacy");
1187 #endif
1188     int ok = 1;
1189
1190 #ifndef OPENSSL_NO_DSA
1191     static size_t qbits = 160;  /* PVK only tolerates 160 Q bits */
1192     static size_t pbits = 1024; /* With 160 Q bits, we MUST use 1024 P bits */
1193     OSSL_PARAM DSA_params[] = {
1194         OSSL_PARAM_size_t("pbits", &pbits),
1195         OSSL_PARAM_size_t("qbits", &qbits),
1196         OSSL_PARAM_END
1197     };
1198 #endif
1199
1200 #ifndef OPENSSL_NO_EC
1201     static char groupname[] = "prime256v1";
1202     OSSL_PARAM EC_params[] = {
1203         OSSL_PARAM_utf8_string("group", groupname, sizeof(groupname) - 1),
1204         OSSL_PARAM_END
1205     };
1206 #endif
1207
1208     /* 7 is the default magic number */
1209     static unsigned int rsapss_min_saltlen = 7;
1210     OSSL_PARAM RSA_PSS_params[] = {
1211         OSSL_PARAM_uint("saltlen", &rsapss_min_saltlen),
1212         OSSL_PARAM_END
1213     };
1214
1215 #ifndef OPENSSL_NO_EC
1216     if (!TEST_ptr(bnctx = BN_CTX_new_ex(NULL))
1217         || !TEST_ptr(bld_prime_nc = OSSL_PARAM_BLD_new())
1218         || !TEST_ptr(bld_prime = OSSL_PARAM_BLD_new())
1219         || !create_ec_explicit_prime_params_namedcurve(bld_prime_nc)
1220         || !create_ec_explicit_prime_params(bld_prime)
1221         || !TEST_ptr(ec_explicit_prime_params_nc = OSSL_PARAM_BLD_to_param(bld_prime_nc))
1222         || !TEST_ptr(ec_explicit_prime_params_explicit = OSSL_PARAM_BLD_to_param(bld_prime))
1223 # ifndef OPENSSL_NO_EC2M
1224         || !TEST_ptr(bld_tri_nc = OSSL_PARAM_BLD_new())
1225         || !TEST_ptr(bld_tri = OSSL_PARAM_BLD_new())
1226         || !create_ec_explicit_trinomial_params_namedcurve(bld_tri_nc)
1227         || !create_ec_explicit_trinomial_params(bld_tri)
1228         || !TEST_ptr(ec_explicit_tri_params_nc = OSSL_PARAM_BLD_to_param(bld_tri_nc))
1229         || !TEST_ptr(ec_explicit_tri_params_explicit = OSSL_PARAM_BLD_to_param(bld_tri))
1230 # endif
1231         )
1232         return 0;
1233 #endif
1234
1235     TEST_info("Generating keys...");
1236
1237 #ifndef OPENSSL_NO_DH
1238     MAKE_DOMAIN_KEYS(DH, "DH", NULL);
1239     MAKE_DOMAIN_KEYS(DHX, "X9.42 DH", NULL);
1240     TEST_info("Generating keys...DH done");
1241 #endif
1242 #ifndef OPENSSL_NO_DSA
1243     MAKE_DOMAIN_KEYS(DSA, "DSA", DSA_params);
1244     TEST_info("Generating keys...DSA done");
1245 #endif
1246 #ifndef OPENSSL_NO_EC
1247     MAKE_DOMAIN_KEYS(EC, "EC", EC_params);
1248     MAKE_DOMAIN_KEYS(ECExplicitPrimeNamedCurve, "EC", ec_explicit_prime_params_nc);
1249     MAKE_DOMAIN_KEYS(ECExplicitPrime2G, "EC", ec_explicit_prime_params_explicit);
1250 # ifndef OPENSSL_NO_EC2M
1251     MAKE_DOMAIN_KEYS(ECExplicitTriNamedCurve, "EC", ec_explicit_tri_params_nc);
1252     MAKE_DOMAIN_KEYS(ECExplicitTri2G, "EC", ec_explicit_tri_params_explicit);
1253 # endif
1254     MAKE_KEYS(ED25519, "ED25519", NULL);
1255     MAKE_KEYS(ED448, "ED448", NULL);
1256     MAKE_KEYS(X25519, "X25519", NULL);
1257     MAKE_KEYS(X448, "X448", NULL);
1258     TEST_info("Generating keys...EC done");
1259 #endif
1260     MAKE_KEYS(RSA, "RSA", NULL);
1261     TEST_info("Generating keys...RSA done");
1262     MAKE_KEYS(RSA_PSS, "RSA-PSS", RSA_PSS_params);
1263     TEST_info("Generating keys...RSA_PSS done");
1264
1265     if (ok) {
1266 #ifndef OPENSSL_NO_DH
1267         ADD_TEST_SUITE(DH);
1268         ADD_TEST_SUITE_PARAMS(DH);
1269         ADD_TEST_SUITE(DHX);
1270         ADD_TEST_SUITE_PARAMS(DHX);
1271         /*
1272          * DH has no support for PEM_write_bio_PrivateKey_traditional(),
1273          * so no legacy tests.
1274          */
1275 #endif
1276 #ifndef OPENSSL_NO_DSA
1277         ADD_TEST_SUITE(DSA);
1278         ADD_TEST_SUITE_PARAMS(DSA);
1279         ADD_TEST_SUITE_LEGACY(DSA);
1280         ADD_TEST_SUITE_MSBLOB(DSA);
1281         ADD_TEST_SUITE_UNPROTECTED_PVK(DSA);
1282 # ifndef OPENSSL_NO_RC4
1283         if (use_legacy) {
1284             ADD_TEST_SUITE_PROTECTED_PVK(DSA);
1285         }
1286 # endif
1287 #endif
1288 #ifndef OPENSSL_NO_EC
1289         ADD_TEST_SUITE(EC);
1290         ADD_TEST_SUITE_PARAMS(EC);
1291         ADD_TEST_SUITE_LEGACY(EC);
1292         ADD_TEST_SUITE(ECExplicitPrimeNamedCurve);
1293         ADD_TEST_SUITE_LEGACY(ECExplicitPrimeNamedCurve);
1294         ADD_TEST_SUITE(ECExplicitPrime2G);
1295         ADD_TEST_SUITE_LEGACY(ECExplicitPrime2G);
1296 # ifndef OPENSSL_NO_EC2M
1297         ADD_TEST_SUITE(ECExplicitTriNamedCurve);
1298         ADD_TEST_SUITE_LEGACY(ECExplicitTriNamedCurve);
1299         ADD_TEST_SUITE(ECExplicitTri2G);
1300         ADD_TEST_SUITE_LEGACY(ECExplicitTri2G);
1301 # endif
1302         ADD_TEST_SUITE(ED25519);
1303         ADD_TEST_SUITE(ED448);
1304         ADD_TEST_SUITE(X25519);
1305         ADD_TEST_SUITE(X448);
1306         /*
1307          * ED25519, ED448, X25519 and X448 have no support for
1308          * PEM_write_bio_PrivateKey_traditional(), so no legacy tests.
1309          */
1310 #endif
1311         ADD_TEST_SUITE(RSA);
1312         ADD_TEST_SUITE_LEGACY(RSA);
1313         ADD_TEST_SUITE(RSA_PSS);
1314         /*
1315          * RSA-PSS has no support for PEM_write_bio_PrivateKey_traditional(),
1316          * so no legacy tests.
1317          */
1318         ADD_TEST_SUITE_MSBLOB(RSA);
1319         ADD_TEST_SUITE_UNPROTECTED_PVK(RSA);
1320 # ifndef OPENSSL_NO_RC4
1321         if (use_legacy) {
1322             ADD_TEST_SUITE_PROTECTED_PVK(RSA);
1323         }
1324 # endif
1325     }
1326
1327     return 1;
1328 }
1329
1330 void cleanup_tests(void)
1331 {
1332 #ifndef OPENSSL_NO_EC
1333     OSSL_PARAM_BLD_free_params(ec_explicit_prime_params_nc);
1334     OSSL_PARAM_BLD_free_params(ec_explicit_prime_params_explicit);
1335     OSSL_PARAM_BLD_free(bld_prime_nc);
1336     OSSL_PARAM_BLD_free(bld_prime);
1337 # ifndef OPENSSL_NO_EC2M
1338     OSSL_PARAM_BLD_free_params(ec_explicit_tri_params_nc);
1339     OSSL_PARAM_BLD_free_params(ec_explicit_tri_params_explicit);
1340     OSSL_PARAM_BLD_free(bld_tri_nc);
1341     OSSL_PARAM_BLD_free(bld_tri);
1342 # endif
1343     BN_CTX_free(bnctx);
1344 #endif /* OPENSSL_NO_EC */
1345
1346 #ifndef OPENSSL_NO_DH
1347     FREE_DOMAIN_KEYS(DH);
1348     FREE_DOMAIN_KEYS(DHX);
1349 #endif
1350 #ifndef OPENSSL_NO_DSA
1351     FREE_DOMAIN_KEYS(DSA);
1352 #endif
1353 #ifndef OPENSSL_NO_EC
1354     FREE_DOMAIN_KEYS(EC);
1355     FREE_DOMAIN_KEYS(ECExplicitPrimeNamedCurve);
1356     FREE_DOMAIN_KEYS(ECExplicitPrime2G);
1357 # ifndef OPENSSL_NO_EC2M
1358     FREE_DOMAIN_KEYS(ECExplicitTriNamedCurve);
1359     FREE_DOMAIN_KEYS(ECExplicitTri2G);
1360 # endif
1361     FREE_KEYS(ED25519);
1362     FREE_KEYS(ED448);
1363     FREE_KEYS(X25519);
1364     FREE_KEYS(X448);
1365 #endif
1366     FREE_KEYS(RSA);
1367     FREE_KEYS(RSA_PSS);
1368 }