2 * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
11 #include <openssl/evp.h>
12 #include <openssl/pem.h>
13 #include <openssl/rsa.h>
14 #include <openssl/x509.h>
15 #include <openssl/core_names.h>
16 #include <openssl/params.h>
17 #include <openssl/param_build.h>
18 #include <openssl/encoder.h>
19 #include <openssl/decoder.h>
21 #include "internal/pem.h" /* For PVK and "blob" PEM headers */
22 #include "internal/cryptlib.h" /* ossl_assert */
27 static BN_CTX *bnctx = NULL;
28 static OSSL_PARAM_BLD *bld_prime_nc = NULL;
29 static OSSL_PARAM_BLD *bld_prime = NULL;
30 static OSSL_PARAM *ec_explicit_prime_params_nc = NULL;
31 static OSSL_PARAM *ec_explicit_prime_params_explicit = NULL;
33 # ifndef OPENSSL_NO_EC2M
34 static OSSL_PARAM_BLD *bld_tri_nc = NULL;
35 static OSSL_PARAM_BLD *bld_tri = NULL;
36 static OSSL_PARAM *ec_explicit_tri_params_nc = NULL;
37 static OSSL_PARAM *ec_explicit_tri_params_explicit = NULL;
42 * TODO(3.0) Modify PEM_write_bio_PrivateKey_traditional() to handle
43 * provider side EVP_PKEYs (which don't necessarily have an ameth)
45 * In the mean time, we use separate "downgraded" EVP_PKEYs to test
46 * encoding/decoding with "traditional" keys.
49 static EVP_PKEY *make_template(const char *type, OSSL_PARAM *genparams)
51 EVP_PKEY *pkey = NULL;
52 EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new_from_name(NULL, type, NULL);
55 * No real need to check the errors other than for the cascade
56 * effect. |pkey| will simply remain NULL if something goes wrong.
59 && EVP_PKEY_paramgen_init(ctx) > 0
61 || EVP_PKEY_CTX_set_params(ctx, genparams) > 0)
62 && EVP_PKEY_gen(ctx, &pkey) > 0);
63 EVP_PKEY_CTX_free(ctx);
68 static EVP_PKEY *make_key(const char *type, EVP_PKEY *template,
69 OSSL_PARAM *genparams, int make_legacy)
71 EVP_PKEY *pkey = NULL;
74 ? EVP_PKEY_CTX_new(template, NULL)
75 : EVP_PKEY_CTX_new_from_name(NULL, type, NULL);
78 * No real need to check the errors other than for the cascade
79 * effect. |pkey| will simply remain NULL if something goes wrong.
82 && EVP_PKEY_keygen_init(ctx) > 0
84 || EVP_PKEY_CTX_set_params(ctx, genparams) > 0)
85 && EVP_PKEY_keygen(ctx, &pkey) > 0);
86 EVP_PKEY_CTX_free(ctx);
87 if (make_legacy && EVP_PKEY_get0(pkey) == NULL) {
95 /* Main test driver */
98 * TODO(3.0) For better error output, changed the callbacks to take __FILE__
99 * and __LINE__ as first two arguments, and have them use the lower case
100 * functions, such as test_strn_eq(), rather than the uppercase macros
101 * (TEST_strn2_eq(), for example).
104 typedef int (encoder)(void **encoded, long *encoded_len,
105 void *object, const char *pass, const char *pcipher,
106 const char *encoder_propq);
107 typedef int (decoder)(void **object,
108 void *encoded, long encoded_len,
110 typedef int (tester)(const void *data1, size_t data1_len,
111 const void *data2, size_t data2_len);
112 typedef int (checker)(const char *type, const void *data, size_t data_len);
113 typedef void (dumper)(const char *label, const void *data, size_t data_len);
115 static int test_encode_decode(const char *type, EVP_PKEY *pkey,
116 const char *pass, const char *pcipher,
120 checker *check_cb, dumper *dump_cb,
121 const char *encoder_propq, int make_legacy)
123 void *encoded = NULL;
124 long encoded_len = 0;
125 EVP_PKEY *pkey2 = NULL;
126 void *encoded2 = NULL;
127 long encoded2_len = 0;
130 if (!encode_cb(&encoded, &encoded_len, pkey,
131 pass, pcipher, encoder_propq)
132 || !check_cb(type, encoded, encoded_len)
133 || !decode_cb((void **)&pkey2, encoded, encoded_len,
135 || !TEST_int_eq(EVP_PKEY_eq(pkey, pkey2), 1))
139 * TODO(3.0) Remove this when PEM_write_bio_PrivateKey_traditional()
140 * handles provider side keys.
143 && !TEST_ptr(EVP_PKEY_get0(pkey2)))
147 * Double check the encoding, but only for unprotected keys,
148 * as protected keys have a random component, which makes the output
151 if ((pass == NULL && pcipher == NULL)
152 && (!encode_cb(&encoded2, &encoded2_len, pkey2,
153 pass, pcipher, encoder_propq)
154 || !test_cb(encoded, encoded_len,
155 encoded2, encoded2_len)))
161 if (encoded != NULL && encoded_len != 0)
162 dump_cb("encoded result", encoded, encoded_len);
163 if (encoded2 != NULL && encoded2_len != 0)
164 dump_cb("re-encoded result", encoded2, encoded2_len);
167 OPENSSL_free(encoded);
168 OPENSSL_free(encoded2);
169 EVP_PKEY_free(pkey2);
173 /* Encoding and desencoding methods */
175 static int encode_EVP_PKEY_prov(void **encoded, long *encoded_len,
177 const char *pass, const char *pcipher,
178 const char *encoder_propq)
180 EVP_PKEY *pkey = object;
181 OSSL_ENCODER_CTX *ectx = NULL;
183 BUF_MEM *mem_buf = NULL;
184 const unsigned char *upass = (const unsigned char *)pass;
187 if (!TEST_ptr(ectx = OSSL_ENCODER_CTX_new_by_EVP_PKEY(pkey, encoder_propq))
189 && !TEST_true(OSSL_ENCODER_CTX_set_passphrase(ectx, upass,
192 && !TEST_true(OSSL_ENCODER_CTX_set_cipher(ectx, pcipher, NULL)))
193 || !TEST_ptr(mem_ser = BIO_new(BIO_s_mem()))
194 || !TEST_true(OSSL_ENCODER_to_bio(ectx, mem_ser))
195 || !TEST_true(BIO_get_mem_ptr(mem_ser, &mem_buf) > 0)
196 || !TEST_ptr(*encoded = mem_buf->data)
197 || !TEST_long_gt(*encoded_len = mem_buf->length, 0))
200 /* Detach the encoded output */
201 mem_buf->data = NULL;
206 OSSL_ENCODER_CTX_free(ectx);
210 static int decode_EVP_PKEY_prov(void **object,
211 void *encoded, long encoded_len,
214 EVP_PKEY *pkey = NULL;
215 OSSL_DECODER_CTX *dctx = NULL;
216 BIO *mem_deser = NULL;
217 const unsigned char *upass = (const unsigned char *)pass;
220 if (!TEST_ptr(dctx = OSSL_DECODER_CTX_new_by_EVP_PKEY(&pkey, NULL,
223 && !OSSL_DECODER_CTX_set_passphrase(dctx, upass,
225 || !TEST_ptr(mem_deser = BIO_new_mem_buf(encoded, encoded_len))
226 || !TEST_true(OSSL_DECODER_from_bio(dctx, mem_deser)))
232 OSSL_DECODER_CTX_free(dctx);
236 static int encode_EVP_PKEY_legacy_PEM(void **encoded,
239 const char *pass, const char *pcipher,
240 ossl_unused const char *encoder_propq)
242 EVP_PKEY *pkey = object;
243 EVP_CIPHER *cipher = NULL;
245 BUF_MEM *mem_buf = NULL;
246 const unsigned char *upass = (const unsigned char *)pass;
250 if (pcipher != NULL && pass != NULL) {
251 passlen = strlen(pass);
252 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(NULL, pcipher, NULL)))
255 if (!TEST_ptr(mem_ser = BIO_new(BIO_s_mem()))
256 || !TEST_true(PEM_write_bio_PrivateKey_traditional(mem_ser, pkey,
260 || !TEST_true(BIO_get_mem_ptr(mem_ser, &mem_buf) > 0)
261 || !TEST_ptr(*encoded = mem_buf->data)
262 || !TEST_long_gt(*encoded_len = mem_buf->length, 0))
265 /* Detach the encoded output */
266 mem_buf->data = NULL;
271 EVP_CIPHER_free(cipher);
275 #ifndef OPENSSL_NO_DSA
276 static int encode_EVP_PKEY_MSBLOB(void **encoded,
279 ossl_unused const char *pass,
280 ossl_unused const char *pcipher,
281 ossl_unused const char *encoder_propq)
283 EVP_PKEY *pkey = object;
285 BUF_MEM *mem_buf = NULL;
288 if (!TEST_ptr(mem_ser = BIO_new(BIO_s_mem()))
289 || !TEST_int_ge(i2b_PrivateKey_bio(mem_ser, pkey), 0)
290 || !TEST_true(BIO_get_mem_ptr(mem_ser, &mem_buf) > 0)
291 || !TEST_ptr(*encoded = mem_buf->data)
292 || !TEST_long_gt(*encoded_len = mem_buf->length, 0))
295 /* Detach the encoded output */
296 mem_buf->data = NULL;
304 static int encode_public_EVP_PKEY_MSBLOB(void **encoded,
307 ossl_unused const char *pass,
308 ossl_unused const char *pcipher,
309 ossl_unused const char *encoder_propq)
311 EVP_PKEY *pkey = object;
313 BUF_MEM *mem_buf = NULL;
316 if (!TEST_ptr(mem_ser = BIO_new(BIO_s_mem()))
317 || !TEST_int_ge(i2b_PublicKey_bio(mem_ser, pkey), 0)
318 || !TEST_true(BIO_get_mem_ptr(mem_ser, &mem_buf) > 0)
319 || !TEST_ptr(*encoded = mem_buf->data)
320 || !TEST_long_gt(*encoded_len = mem_buf->length, 0))
323 /* Detach the encoded output */
324 mem_buf->data = NULL;
332 # ifndef OPENSSL_NO_RC4
333 static pem_password_cb pass_pw;
334 static int pass_pw(char *buf, int size, int rwflag, void *userdata)
336 OPENSSL_strlcpy(buf, userdata, size);
337 return strlen(userdata);
340 static int encode_EVP_PKEY_PVK(void **encoded, long *encoded_len,
343 ossl_unused const char *pcipher,
344 ossl_unused const char *encoder_propq)
346 EVP_PKEY *pkey = object;
348 BUF_MEM *mem_buf = NULL;
349 int enc = (pass != NULL);
352 if (!TEST_ptr(mem_ser = BIO_new(BIO_s_mem()))
353 || !TEST_int_ge(i2b_PVK_bio(mem_ser, pkey, enc,
354 pass_pw, (void *)pass), 0)
355 || !TEST_true(BIO_get_mem_ptr(mem_ser, &mem_buf) > 0)
356 || !TEST_ptr(*encoded = mem_buf->data)
357 || !TEST_long_gt(*encoded_len = mem_buf->length, 0))
360 /* Detach the encoded output */
361 mem_buf->data = NULL;
371 static int test_text(const void *data1, size_t data1_len,
372 const void *data2, size_t data2_len)
374 return TEST_strn2_eq(data1, data1_len, data2, data2_len);
377 static int test_mem(const void *data1, size_t data1_len,
378 const void *data2, size_t data2_len)
380 return TEST_mem_eq(data1, data1_len, data2, data2_len);
383 /* Test cases and their dumpers / checkers */
385 static void dump_der(const char *label, const void *data, size_t data_len)
387 test_output_memory(label, data, data_len);
390 static void dump_pem(const char *label, const void *data, size_t data_len)
392 test_output_string(label, data, data_len - 1);
395 static int check_unprotected_PKCS8_DER(const char *type,
396 const void *data, size_t data_len)
398 const unsigned char *datap = data;
399 PKCS8_PRIV_KEY_INFO *p8inf =
400 d2i_PKCS8_PRIV_KEY_INFO(NULL, &datap, data_len);
403 if (TEST_ptr(p8inf)) {
404 EVP_PKEY *pkey = EVP_PKCS82PKEY(p8inf);
406 ok = (TEST_ptr(pkey) && TEST_true(EVP_PKEY_is_a(pkey, type)));
409 PKCS8_PRIV_KEY_INFO_free(p8inf);
413 static int test_unprotected_via_DER(const char *type, EVP_PKEY *key)
415 return test_encode_decode(type, key, NULL, NULL,
416 encode_EVP_PKEY_prov,
417 decode_EVP_PKEY_prov,
419 check_unprotected_PKCS8_DER, dump_der,
420 OSSL_ENCODER_PrivateKey_TO_DER_PQ,
424 static int check_unprotected_PKCS8_PEM(const char *type,
425 const void *data, size_t data_len)
427 static const char pem_header[] = "-----BEGIN " PEM_STRING_PKCS8INF "-----";
429 return TEST_strn_eq(data, pem_header, sizeof(pem_header) - 1);
432 static int test_unprotected_via_PEM(const char *type, EVP_PKEY *key)
434 return test_encode_decode(type, key, NULL, NULL,
435 encode_EVP_PKEY_prov,
436 decode_EVP_PKEY_prov,
438 check_unprotected_PKCS8_PEM, dump_pem,
439 OSSL_ENCODER_PrivateKey_TO_PEM_PQ,
443 static int check_unprotected_legacy_PEM(const char *type,
444 const void *data, size_t data_len)
446 static char pem_header[80];
449 TEST_int_gt(BIO_snprintf(pem_header, sizeof(pem_header),
450 "-----BEGIN %s PRIVATE KEY-----", type), 0)
451 && TEST_strn_eq(data, pem_header, strlen(pem_header));
454 static int test_unprotected_via_legacy_PEM(const char *type, EVP_PKEY *key)
456 return test_encode_decode(type, key, NULL, NULL,
457 encode_EVP_PKEY_legacy_PEM,
458 decode_EVP_PKEY_prov,
460 check_unprotected_legacy_PEM, dump_pem,
464 #ifndef OPENSSL_NO_DSA
465 static int check_MSBLOB(const char *type, const void *data, size_t data_len)
467 const unsigned char *datap = data;
468 EVP_PKEY *pkey = b2i_PrivateKey(&datap, data_len);
469 int ok = TEST_ptr(pkey);
475 static int test_unprotected_via_MSBLOB(const char *type, EVP_PKEY *key)
477 return test_encode_decode(type, key, NULL, NULL,
478 encode_EVP_PKEY_MSBLOB,
479 decode_EVP_PKEY_prov,
481 check_MSBLOB, dump_der,
485 # ifndef OPENSSL_NO_RC4
486 static int check_PVK(const char *type, const void *data, size_t data_len)
488 const unsigned char *in = data;
489 unsigned int saltlen = 0, keylen = 0;
490 int ok = ossl_do_PVK_header(&in, data_len, 0, &saltlen, &keylen);
495 static int test_unprotected_via_PVK(const char *type, EVP_PKEY *key)
497 return test_encode_decode(type, key, NULL, NULL,
499 decode_EVP_PKEY_prov,
507 static const char *pass_cipher = "AES-256-CBC";
508 static const char *pass = "the holy handgrenade of antioch";
510 static int check_protected_PKCS8_DER(const char *type,
511 const void *data, size_t data_len)
513 const unsigned char *datap = data;
514 X509_SIG *p8 = d2i_X509_SIG(NULL, &datap, data_len);
515 int ok = TEST_ptr(p8);
521 static int test_protected_via_DER(const char *type, EVP_PKEY *key)
523 return test_encode_decode(type, key, pass, pass_cipher,
524 encode_EVP_PKEY_prov,
525 decode_EVP_PKEY_prov,
527 check_protected_PKCS8_DER, dump_der,
528 OSSL_ENCODER_PrivateKey_TO_DER_PQ,
532 static int check_protected_PKCS8_PEM(const char *type,
533 const void *data, size_t data_len)
535 static const char pem_header[] = "-----BEGIN " PEM_STRING_PKCS8 "-----";
537 return TEST_strn_eq(data, pem_header, sizeof(pem_header) - 1);
540 static int test_protected_via_PEM(const char *type, EVP_PKEY *key)
542 return test_encode_decode(type, key, pass, pass_cipher,
543 encode_EVP_PKEY_prov,
544 decode_EVP_PKEY_prov,
546 check_protected_PKCS8_PEM, dump_pem,
547 OSSL_ENCODER_PrivateKey_TO_PEM_PQ,
551 static int check_protected_legacy_PEM(const char *type,
552 const void *data, size_t data_len)
554 static char pem_header[80];
557 TEST_int_gt(BIO_snprintf(pem_header, sizeof(pem_header),
558 "-----BEGIN %s PRIVATE KEY-----", type), 0)
559 && TEST_strn_eq(data, pem_header, strlen(pem_header))
560 && TEST_ptr(strstr(data, "\nDEK-Info: "));
563 static int test_protected_via_legacy_PEM(const char *type, EVP_PKEY *key)
565 return test_encode_decode(type, key, pass, pass_cipher,
566 encode_EVP_PKEY_legacy_PEM,
567 decode_EVP_PKEY_prov,
569 check_protected_legacy_PEM, dump_pem,
573 #if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_RC4)
574 static int test_protected_via_PVK(const char *type, EVP_PKEY *key)
576 return test_encode_decode(type, key, pass, NULL,
578 decode_EVP_PKEY_prov,
585 static int check_public_DER(const char *type, const void *data, size_t data_len)
587 const unsigned char *datap = data;
588 EVP_PKEY *pkey = d2i_PUBKEY(NULL, &datap, data_len);
589 int ok = (TEST_ptr(pkey) && TEST_true(EVP_PKEY_is_a(pkey, type)));
595 static int test_public_via_DER(const char *type, EVP_PKEY *key)
597 return test_encode_decode(type, key, NULL, NULL,
598 encode_EVP_PKEY_prov,
599 decode_EVP_PKEY_prov,
601 check_public_DER, dump_der,
602 OSSL_ENCODER_PUBKEY_TO_DER_PQ,
606 static int check_public_PEM(const char *type, const void *data, size_t data_len)
608 static const char pem_header[] = "-----BEGIN " PEM_STRING_PUBLIC "-----";
611 TEST_strn_eq(data, pem_header, sizeof(pem_header) - 1);
614 static int test_public_via_PEM(const char *type, EVP_PKEY *key)
616 return test_encode_decode(type, key, NULL, NULL,
617 encode_EVP_PKEY_prov,
618 decode_EVP_PKEY_prov,
620 check_public_PEM, dump_pem,
621 OSSL_ENCODER_PUBKEY_TO_PEM_PQ,
625 #ifndef OPENSSL_NO_DSA
626 static int check_public_MSBLOB(const char *type,
627 const void *data, size_t data_len)
629 const unsigned char *datap = data;
630 EVP_PKEY *pkey = b2i_PublicKey(&datap, data_len);
631 int ok = TEST_ptr(pkey);
637 static int test_public_via_MSBLOB(const char *type, EVP_PKEY *key)
639 return test_encode_decode(type, key, NULL, NULL,
640 encode_public_EVP_PKEY_MSBLOB,
641 decode_EVP_PKEY_prov,
643 check_public_MSBLOB, dump_der,
648 #define KEYS(KEYTYPE) \
649 static EVP_PKEY *key_##KEYTYPE = NULL; \
650 static EVP_PKEY *legacy_key_##KEYTYPE = NULL
651 #define MAKE_KEYS(KEYTYPE, KEYTYPEstr, params) \
653 && TEST_ptr(key_##KEYTYPE = \
654 make_key(KEYTYPEstr, NULL, params, 0)) \
655 && TEST_ptr(legacy_key_##KEYTYPE = \
656 make_key(KEYTYPEstr, NULL, params, 1))
657 #define FREE_KEYS(KEYTYPE) \
658 EVP_PKEY_free(key_##KEYTYPE); \
659 EVP_PKEY_free(legacy_key_##KEYTYPE)
661 #define DOMAIN_KEYS(KEYTYPE) \
662 static EVP_PKEY *template_##KEYTYPE = NULL; \
663 static EVP_PKEY *key_##KEYTYPE = NULL; \
664 static EVP_PKEY *legacy_key_##KEYTYPE = NULL
665 #define MAKE_DOMAIN_KEYS(KEYTYPE, KEYTYPEstr, params) \
667 && TEST_ptr(template_##KEYTYPE = \
668 make_template(KEYTYPEstr, params)) \
669 && TEST_ptr(key_##KEYTYPE = \
670 make_key(KEYTYPEstr, template_##KEYTYPE, NULL, 0)) \
671 && TEST_ptr(legacy_key_##KEYTYPE = \
672 make_key(KEYTYPEstr, template_##KEYTYPE, NULL, 1))
673 #define FREE_DOMAIN_KEYS(KEYTYPE) \
674 EVP_PKEY_free(template_##KEYTYPE); \
675 EVP_PKEY_free(key_##KEYTYPE); \
676 EVP_PKEY_free(legacy_key_##KEYTYPE)
678 #define IMPLEMENT_TEST_SUITE(KEYTYPE, KEYTYPEstr) \
679 static int test_unprotected_##KEYTYPE##_via_DER(void) \
681 return test_unprotected_via_DER(KEYTYPEstr, key_##KEYTYPE); \
683 static int test_unprotected_##KEYTYPE##_via_PEM(void) \
685 return test_unprotected_via_PEM(KEYTYPEstr, key_##KEYTYPE); \
687 static int test_protected_##KEYTYPE##_via_DER(void) \
689 return test_protected_via_DER(KEYTYPEstr, key_##KEYTYPE); \
691 static int test_protected_##KEYTYPE##_via_PEM(void) \
693 return test_protected_via_PEM(KEYTYPEstr, key_##KEYTYPE); \
695 static int test_public_##KEYTYPE##_via_DER(void) \
697 return test_public_via_DER(KEYTYPEstr, key_##KEYTYPE); \
699 static int test_public_##KEYTYPE##_via_PEM(void) \
701 return test_public_via_PEM(KEYTYPEstr, key_##KEYTYPE); \
704 #define ADD_TEST_SUITE(KEYTYPE) \
705 ADD_TEST(test_unprotected_##KEYTYPE##_via_DER); \
706 ADD_TEST(test_unprotected_##KEYTYPE##_via_PEM); \
707 ADD_TEST(test_protected_##KEYTYPE##_via_DER); \
708 ADD_TEST(test_protected_##KEYTYPE##_via_PEM); \
709 ADD_TEST(test_public_##KEYTYPE##_via_DER); \
710 ADD_TEST(test_public_##KEYTYPE##_via_PEM)
712 #define IMPLEMENT_TEST_SUITE_LEGACY(KEYTYPE, KEYTYPEstr) \
713 static int test_unprotected_##KEYTYPE##_via_legacy_PEM(void) \
715 return test_unprotected_via_legacy_PEM(KEYTYPEstr, \
716 legacy_key_##KEYTYPE); \
718 static int test_protected_##KEYTYPE##_via_legacy_PEM(void) \
720 return test_protected_via_legacy_PEM(KEYTYPEstr, \
721 legacy_key_##KEYTYPE); \
724 #define ADD_TEST_SUITE_LEGACY(KEYTYPE) \
725 ADD_TEST(test_unprotected_##KEYTYPE##_via_legacy_PEM); \
726 ADD_TEST(test_protected_##KEYTYPE##_via_legacy_PEM)
728 #ifndef OPENSSL_NO_DSA
729 # define IMPLEMENT_TEST_SUITE_MSBLOB(KEYTYPE, KEYTYPEstr) \
730 static int test_unprotected_##KEYTYPE##_via_MSBLOB(void) \
732 return test_unprotected_via_MSBLOB(KEYTYPEstr, key_##KEYTYPE); \
734 static int test_public_##KEYTYPE##_via_MSBLOB(void) \
736 return test_public_via_MSBLOB(KEYTYPEstr, key_##KEYTYPE); \
739 # define ADD_TEST_SUITE_MSBLOB(KEYTYPE) \
740 ADD_TEST(test_unprotected_##KEYTYPE##_via_MSBLOB); \
741 ADD_TEST(test_public_##KEYTYPE##_via_MSBLOB)
743 # ifndef OPENSSL_NO_RC4
744 # define IMPLEMENT_TEST_SUITE_PVK(KEYTYPE, KEYTYPEstr) \
745 static int test_unprotected_##KEYTYPE##_via_PVK(void) \
747 return test_unprotected_via_PVK(KEYTYPEstr, key_##KEYTYPE); \
749 static int test_protected_##KEYTYPE##_via_PVK(void) \
751 return test_protected_via_PVK(KEYTYPEstr, key_##KEYTYPE); \
754 # define ADD_TEST_SUITE_PVK(KEYTYPE) \
755 ADD_TEST(test_unprotected_##KEYTYPE##_via_PVK); \
756 ADD_TEST(test_protected_##KEYTYPE##_via_PVK)
760 #ifndef OPENSSL_NO_DH
762 IMPLEMENT_TEST_SUITE(DH, "DH")
764 IMPLEMENT_TEST_SUITE(DHX, "X9.42 DH")
766 * DH has no support for PEM_write_bio_PrivateKey_traditional(),
767 * so no legacy tests.
770 #ifndef OPENSSL_NO_DSA
772 IMPLEMENT_TEST_SUITE(DSA, "DSA")
773 IMPLEMENT_TEST_SUITE_LEGACY(DSA, "DSA")
774 IMPLEMENT_TEST_SUITE_MSBLOB(DSA, "DSA")
775 # ifndef OPENSSL_NO_RC4
776 IMPLEMENT_TEST_SUITE_PVK(DSA, "DSA")
779 #ifndef OPENSSL_NO_EC
781 IMPLEMENT_TEST_SUITE(EC, "EC")
782 IMPLEMENT_TEST_SUITE_LEGACY(EC, "EC")
783 DOMAIN_KEYS(ECExplicitPrimeNamedCurve);
784 IMPLEMENT_TEST_SUITE(ECExplicitPrimeNamedCurve, "EC")
785 IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitPrimeNamedCurve, "EC")
786 DOMAIN_KEYS(ECExplicitPrime2G);
787 IMPLEMENT_TEST_SUITE(ECExplicitPrime2G, "EC")
788 IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitPrime2G, "EC")
789 # ifndef OPENSSL_NO_EC2M
790 DOMAIN_KEYS(ECExplicitTriNamedCurve);
791 IMPLEMENT_TEST_SUITE(ECExplicitTriNamedCurve, "EC")
792 IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitTriNamedCurve, "EC")
793 DOMAIN_KEYS(ECExplicitTri2G);
794 IMPLEMENT_TEST_SUITE(ECExplicitTri2G, "EC")
795 IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitTri2G, "EC")
798 IMPLEMENT_TEST_SUITE(ED25519, "ED25519")
800 IMPLEMENT_TEST_SUITE(ED448, "ED448")
802 IMPLEMENT_TEST_SUITE(X25519, "X25519")
804 IMPLEMENT_TEST_SUITE(X448, "X448")
806 * ED25519, ED448, X25519 and X448 have no support for
807 * PEM_write_bio_PrivateKey_traditional(), so no legacy tests.
811 IMPLEMENT_TEST_SUITE(RSA, "RSA")
812 IMPLEMENT_TEST_SUITE_LEGACY(RSA, "RSA")
814 IMPLEMENT_TEST_SUITE(RSA_PSS, "RSA-PSS")
816 * RSA-PSS has no support for PEM_write_bio_PrivateKey_traditional(),
817 * so no legacy tests.
819 #ifndef OPENSSL_NO_DSA
820 IMPLEMENT_TEST_SUITE_MSBLOB(RSA, "RSA")
821 # ifndef OPENSSL_NO_RC4
822 IMPLEMENT_TEST_SUITE_PVK(RSA, "RSA")
826 #ifndef OPENSSL_NO_EC
827 /* Explicit parameters that match a named curve */
828 static int do_create_ec_explicit_prime_params(OSSL_PARAM_BLD *bld,
829 const unsigned char *gen,
832 BIGNUM *a, *b, *prime, *order;
834 /* Curve prime256v1 */
835 static const unsigned char prime_data[] = {
836 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00,
837 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
838 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff,
839 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
842 static const unsigned char a_data[] = {
843 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00,
844 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
845 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff,
846 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
849 static const unsigned char b_data[] = {
850 0x5a, 0xc6, 0x35, 0xd8, 0xaa, 0x3a, 0x93, 0xe7,
851 0xb3, 0xeb, 0xbd, 0x55, 0x76, 0x98, 0x86, 0xbc,
852 0x65, 0x1d, 0x06, 0xb0, 0xcc, 0x53, 0xb0, 0xf6,
853 0x3b, 0xce, 0x3c, 0x3e, 0x27, 0xd2, 0x60, 0x4b
855 static const unsigned char seed[] = {
856 0xc4, 0x9d, 0x36, 0x08, 0x86, 0xe7, 0x04, 0x93,
857 0x6a, 0x66, 0x78, 0xe1, 0x13, 0x9d, 0x26, 0xb7,
858 0x81, 0x9f, 0x7e, 0x90
860 static const unsigned char order_data[] = {
861 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00,
862 0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
863 0xff, 0xbc, 0xe6, 0xfa, 0xad, 0xa7, 0x17, 0x9e,
864 0x84, 0xf3, 0xb9, 0xca, 0xc2, 0xfc, 0x63, 0x25, 0x51
866 return TEST_ptr(a = BN_CTX_get(bnctx))
867 && TEST_ptr(b = BN_CTX_get(bnctx))
868 && TEST_ptr(prime = BN_CTX_get(bnctx))
869 && TEST_ptr(order = BN_CTX_get(bnctx))
870 && TEST_ptr(BN_bin2bn(prime_data, sizeof(prime_data), prime))
871 && TEST_ptr(BN_bin2bn(a_data, sizeof(a_data), a))
872 && TEST_ptr(BN_bin2bn(b_data, sizeof(b_data), b))
873 && TEST_ptr(BN_bin2bn(order_data, sizeof(order_data), order))
874 && TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
875 OSSL_PKEY_PARAM_EC_FIELD_TYPE, SN_X9_62_prime_field,
877 && TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_P, prime))
878 && TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_A, a))
879 && TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_B, b))
880 && TEST_true(OSSL_PARAM_BLD_push_BN(bld,
881 OSSL_PKEY_PARAM_EC_ORDER, order))
882 && TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
883 OSSL_PKEY_PARAM_EC_GENERATOR, gen, gen_len))
884 && TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
885 OSSL_PKEY_PARAM_EC_SEED, seed, sizeof(seed)))
886 && TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_COFACTOR,
890 static int create_ec_explicit_prime_params_namedcurve(OSSL_PARAM_BLD *bld)
892 static const unsigned char prime256v1_gen[] = {
894 0x6b, 0x17, 0xd1, 0xf2, 0xe1, 0x2c, 0x42, 0x47,
895 0xf8, 0xbc, 0xe6, 0xe5, 0x63, 0xa4, 0x40, 0xf2,
896 0x77, 0x03, 0x7d, 0x81, 0x2d, 0xeb, 0x33, 0xa0,
897 0xf4, 0xa1, 0x39, 0x45, 0xd8, 0x98, 0xc2, 0x96,
898 0x4f, 0xe3, 0x42, 0xe2, 0xfe, 0x1a, 0x7f, 0x9b,
899 0x8e, 0xe7, 0xeb, 0x4a, 0x7c, 0x0f, 0x9e, 0x16,
900 0x2b, 0xce, 0x33, 0x57, 0x6b, 0x31, 0x5e, 0xce,
901 0xcb, 0xb6, 0x40, 0x68, 0x37, 0xbf, 0x51, 0xf5
903 return do_create_ec_explicit_prime_params(bld, prime256v1_gen,
904 sizeof(prime256v1_gen));
907 static int create_ec_explicit_prime_params(OSSL_PARAM_BLD *bld)
910 static const unsigned char prime256v1_gen2[] = {
912 0xe4, 0x97, 0x08, 0xbe, 0x7d, 0xfa, 0xa2, 0x9a,
913 0xa3, 0x12, 0x6f, 0xe4, 0xe7, 0xd0, 0x25, 0xe3,
914 0x4a, 0xc1, 0x03, 0x15, 0x8c, 0xd9, 0x33, 0xc6,
915 0x97, 0x42, 0xf5, 0xdc, 0x97, 0xb9, 0xd7, 0x31,
916 0xe9, 0x7d, 0x74, 0x3d, 0x67, 0x6a, 0x3b, 0x21,
917 0x08, 0x9c, 0x31, 0x73, 0xf8, 0xc1, 0x27, 0xc9,
918 0xd2, 0xa0, 0xa0, 0x83, 0x66, 0xe0, 0xc9, 0xda,
919 0xa8, 0xc6, 0x56, 0x2b, 0x94, 0xb1, 0xae, 0x55
921 return do_create_ec_explicit_prime_params(bld, prime256v1_gen2,
922 sizeof(prime256v1_gen2));
925 # ifndef OPENSSL_NO_EC2M
926 static int do_create_ec_explicit_trinomial_params(OSSL_PARAM_BLD *bld,
927 const unsigned char *gen,
930 BIGNUM *a, *b, *poly, *order, *cofactor;
931 /* sect233k1 characteristic-two-field tpBasis */
932 static const unsigned char poly_data[] = {
933 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
934 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00,
935 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
937 static const unsigned char a_data[] = {
938 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
939 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
940 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
942 static const unsigned char b_data[] = {
943 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
944 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
945 0x00, 0x00, 0x00, 0x00, 0x00, 0x01
947 static const unsigned char order_data[] = {
948 0x00, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
949 0x00, 0x00, 0x00, 0x06, 0x9D, 0x5B, 0xB9, 0x15, 0xBC, 0xD4, 0x6E, 0xFB,
950 0x1A, 0xD5, 0xF1, 0x73, 0xAB, 0xDF
952 static const unsigned char cofactor_data[]= {
955 return TEST_ptr(a = BN_CTX_get(bnctx))
956 && TEST_ptr(b = BN_CTX_get(bnctx))
957 && TEST_ptr(poly = BN_CTX_get(bnctx))
958 && TEST_ptr(order = BN_CTX_get(bnctx))
959 && TEST_ptr(cofactor = BN_CTX_get(bnctx))
960 && TEST_ptr(BN_bin2bn(poly_data, sizeof(poly_data), poly))
961 && TEST_ptr(BN_bin2bn(a_data, sizeof(a_data), a))
962 && TEST_ptr(BN_bin2bn(b_data, sizeof(b_data), b))
963 && TEST_ptr(BN_bin2bn(order_data, sizeof(order_data), order))
964 && TEST_ptr(BN_bin2bn(cofactor_data, sizeof(cofactor_data), cofactor))
965 && TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
966 OSSL_PKEY_PARAM_EC_FIELD_TYPE,
967 SN_X9_62_characteristic_two_field, 0))
968 && TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_P, poly))
969 && TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_A, a))
970 && TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_B, b))
971 && TEST_true(OSSL_PARAM_BLD_push_BN(bld,
972 OSSL_PKEY_PARAM_EC_ORDER, order))
973 && TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
974 OSSL_PKEY_PARAM_EC_GENERATOR, gen, gen_len))
975 && TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_COFACTOR,
979 static int create_ec_explicit_trinomial_params_namedcurve(OSSL_PARAM_BLD *bld)
981 static const unsigned char gen[] = {
983 0x01, 0x72, 0x32, 0xBA, 0x85, 0x3A, 0x7E, 0x73, 0x1A, 0xF1, 0x29, 0xF2,
984 0x2F, 0xF4, 0x14, 0x95, 0x63, 0xA4, 0x19, 0xC2, 0x6B, 0xF5, 0x0A, 0x4C,
985 0x9D, 0x6E, 0xEF, 0xAD, 0x61, 0x26,
986 0x01, 0xDB, 0x53, 0x7D, 0xEC, 0xE8, 0x19, 0xB7, 0xF7, 0x0F, 0x55, 0x5A,
987 0x67, 0xC4, 0x27, 0xA8, 0xCD, 0x9B, 0xF1, 0x8A, 0xEB, 0x9B, 0x56, 0xE0,
988 0xC1, 0x10, 0x56, 0xFA, 0xE6, 0xA3
990 return do_create_ec_explicit_trinomial_params(bld, gen, sizeof(gen));
993 static int create_ec_explicit_trinomial_params(OSSL_PARAM_BLD *bld)
995 static const unsigned char gen2[] = {
997 0x00, 0xd7, 0xba, 0xd0, 0x26, 0x6c, 0x31, 0x6a, 0x78, 0x76, 0x01, 0xd1,
998 0x32, 0x4b, 0x8f, 0x30, 0x29, 0x2d, 0x78, 0x30, 0xca, 0x43, 0xaa, 0xf0,
999 0xa2, 0x5a, 0xd4, 0x0f, 0xb3, 0xf4,
1000 0x00, 0x85, 0x4b, 0x1b, 0x8d, 0x50, 0x10, 0xa5, 0x1c, 0x80, 0xf7, 0x86,
1001 0x40, 0x62, 0x4c, 0x87, 0xd1, 0x26, 0x7a, 0x9c, 0x5c, 0xe9, 0x82, 0x29,
1002 0xd1, 0x67, 0x70, 0x41, 0xea, 0xcb
1004 return do_create_ec_explicit_trinomial_params(bld, gen2, sizeof(gen2));
1006 # endif /* OPENSSL_NO_EC2M */
1007 #endif /* OPENSSL_NO_EC */
1009 int setup_tests(void)
1013 #ifndef OPENSSL_NO_DSA
1014 static size_t qbits = 160; /* PVK only tolerates 160 Q bits */
1015 static size_t pbits = 1024; /* With 160 Q bits, we MUST use 1024 P bits */
1016 OSSL_PARAM DSA_params[] = {
1017 OSSL_PARAM_size_t("pbits", &pbits),
1018 OSSL_PARAM_size_t("qbits", &qbits),
1023 #ifndef OPENSSL_NO_EC
1024 static char groupname[] = "prime256v1";
1025 OSSL_PARAM EC_params[] = {
1026 OSSL_PARAM_utf8_string("group", groupname, sizeof(groupname) - 1),
1031 /* 7 is the default magic number */
1032 static unsigned int rsapss_min_saltlen = 7;
1033 OSSL_PARAM RSA_PSS_params[] = {
1034 OSSL_PARAM_uint("saltlen", &rsapss_min_saltlen),
1038 #ifndef OPENSSL_NO_EC
1039 if (!TEST_ptr(bnctx = BN_CTX_new_ex(NULL))
1040 || !TEST_ptr(bld_prime_nc = OSSL_PARAM_BLD_new())
1041 || !TEST_ptr(bld_prime = OSSL_PARAM_BLD_new())
1042 || !create_ec_explicit_prime_params_namedcurve(bld_prime_nc)
1043 || !create_ec_explicit_prime_params(bld_prime)
1044 || !TEST_ptr(ec_explicit_prime_params_nc = OSSL_PARAM_BLD_to_param(bld_prime_nc))
1045 || !TEST_ptr(ec_explicit_prime_params_explicit = OSSL_PARAM_BLD_to_param(bld_prime))
1046 # ifndef OPENSSL_NO_EC2M
1047 || !TEST_ptr(bld_tri_nc = OSSL_PARAM_BLD_new())
1048 || !TEST_ptr(bld_tri = OSSL_PARAM_BLD_new())
1049 || !create_ec_explicit_trinomial_params_namedcurve(bld_tri_nc)
1050 || !create_ec_explicit_trinomial_params(bld_tri)
1051 || !TEST_ptr(ec_explicit_tri_params_nc = OSSL_PARAM_BLD_to_param(bld_tri_nc))
1052 || !TEST_ptr(ec_explicit_tri_params_explicit = OSSL_PARAM_BLD_to_param(bld_tri))
1058 TEST_info("Generating keys...");
1060 #ifndef OPENSSL_NO_DH
1061 MAKE_DOMAIN_KEYS(DH, "DH", NULL);
1062 MAKE_DOMAIN_KEYS(DHX, "X9.42 DH", NULL);
1064 #ifndef OPENSSL_NO_DSA
1065 MAKE_DOMAIN_KEYS(DSA, "DSA", DSA_params);
1067 #ifndef OPENSSL_NO_EC
1068 MAKE_DOMAIN_KEYS(EC, "EC", EC_params);
1069 MAKE_DOMAIN_KEYS(ECExplicitPrimeNamedCurve, "EC", ec_explicit_prime_params_nc);
1070 MAKE_DOMAIN_KEYS(ECExplicitPrime2G, "EC", ec_explicit_prime_params_explicit);
1071 # ifndef OPENSSL_NO_EC2M
1072 MAKE_DOMAIN_KEYS(ECExplicitTriNamedCurve, "EC", ec_explicit_tri_params_nc);
1073 MAKE_DOMAIN_KEYS(ECExplicitTri2G, "EC", ec_explicit_tri_params_explicit);
1075 MAKE_KEYS(ED25519, "ED25519", NULL);
1076 MAKE_KEYS(ED448, "ED448", NULL);
1077 MAKE_KEYS(X25519, "X25519", NULL);
1078 MAKE_KEYS(X448, "X448", NULL);
1080 MAKE_KEYS(RSA, "RSA", NULL);
1081 MAKE_KEYS(RSA_PSS, "RSA-PSS", RSA_PSS_params);
1082 TEST_info("Generating key... done");
1085 #ifndef OPENSSL_NO_DH
1087 ADD_TEST_SUITE(DHX);
1089 * DH has no support for PEM_write_bio_PrivateKey_traditional(),
1090 * so no legacy tests.
1093 #ifndef OPENSSL_NO_DSA
1094 ADD_TEST_SUITE(DSA);
1095 ADD_TEST_SUITE_LEGACY(DSA);
1096 ADD_TEST_SUITE_MSBLOB(DSA);
1097 # ifndef OPENSSL_NO_RC4
1098 ADD_TEST_SUITE_PVK(DSA);
1101 #ifndef OPENSSL_NO_EC
1103 ADD_TEST_SUITE_LEGACY(EC);
1104 ADD_TEST_SUITE(ECExplicitPrimeNamedCurve);
1105 ADD_TEST_SUITE_LEGACY(ECExplicitPrimeNamedCurve);
1106 ADD_TEST_SUITE(ECExplicitPrime2G);
1107 ADD_TEST_SUITE_LEGACY(ECExplicitPrime2G);
1108 # ifndef OPENSSL_NO_EC2M
1109 ADD_TEST_SUITE(ECExplicitTriNamedCurve);
1110 ADD_TEST_SUITE_LEGACY(ECExplicitTriNamedCurve);
1111 ADD_TEST_SUITE(ECExplicitTri2G);
1112 ADD_TEST_SUITE_LEGACY(ECExplicitTri2G);
1114 ADD_TEST_SUITE(ED25519);
1115 ADD_TEST_SUITE(ED448);
1116 ADD_TEST_SUITE(X25519);
1117 ADD_TEST_SUITE(X448);
1119 * ED25519, ED448, X25519 and X448 have no support for
1120 * PEM_write_bio_PrivateKey_traditional(), so no legacy tests.
1123 ADD_TEST_SUITE(RSA);
1124 ADD_TEST_SUITE_LEGACY(RSA);
1125 ADD_TEST_SUITE(RSA_PSS);
1127 * RSA-PSS has no support for PEM_write_bio_PrivateKey_traditional(),
1128 * so no legacy tests.
1130 #ifndef OPENSSL_NO_DSA
1131 ADD_TEST_SUITE_MSBLOB(RSA);
1132 # ifndef OPENSSL_NO_RC4
1133 ADD_TEST_SUITE_PVK(RSA);
1141 void cleanup_tests(void)
1143 #ifndef OPENSSL_NO_EC
1144 OSSL_PARAM_BLD_free_params(ec_explicit_prime_params_nc);
1145 OSSL_PARAM_BLD_free_params(ec_explicit_prime_params_explicit);
1146 OSSL_PARAM_BLD_free(bld_prime_nc);
1147 OSSL_PARAM_BLD_free(bld_prime);
1148 # ifndef OPENSSL_NO_EC2M
1149 OSSL_PARAM_BLD_free_params(ec_explicit_tri_params_nc);
1150 OSSL_PARAM_BLD_free_params(ec_explicit_tri_params_explicit);
1151 OSSL_PARAM_BLD_free(bld_tri_nc);
1152 OSSL_PARAM_BLD_free(bld_tri);
1155 #endif /* OPENSSL_NO_EC */
1157 #ifndef OPENSSL_NO_DH
1158 FREE_DOMAIN_KEYS(DH);
1159 FREE_DOMAIN_KEYS(DHX);
1161 #ifndef OPENSSL_NO_DSA
1162 FREE_DOMAIN_KEYS(DSA);
1164 #ifndef OPENSSL_NO_EC
1165 FREE_DOMAIN_KEYS(EC);
1166 FREE_DOMAIN_KEYS(ECExplicitPrimeNamedCurve);
1167 FREE_DOMAIN_KEYS(ECExplicitPrime2G);
1168 # ifndef OPENSSL_NO_EC2M
1169 FREE_DOMAIN_KEYS(ECExplicitTriNamedCurve);
1170 FREE_DOMAIN_KEYS(ECExplicitTri2G);