test/endecode_test.c

   1 /*
   2  * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
   3  *
   4  * Licensed under the Apache License 2.0 (the "License").  You may not use
   5  * this file except in compliance with the License.  You can obtain a copy
   6  * in the file LICENSE in the source distribution or at
   7  * https://www.openssl.org/source/license.html
   8  */
   9
  10 #include <string.h>
  11 #include <openssl/core_dispatch.h>
  12 #include <openssl/evp.h>
  13 #include <openssl/pem.h>
  14 #include <openssl/rsa.h>
  15 #include <openssl/x509.h>
  16 #include <openssl/core_names.h>
  17 #include <openssl/params.h>
  18 #include <openssl/param_build.h>
  19 #include <openssl/encoder.h>
  20 #include <openssl/decoder.h>
  21
  22 #include "internal/cryptlib.h"   /* ossl_assert */
  23 #include "crypto/pem.h"          /* For PVK and "blob" PEM headers */
  24
  25 #include "helpers/predefined_dhparams.h"
  26 #include "testutil.h"
  27
  28 #if defined(OPENSSL_NO_DH) && defined(OPENSSL_NO_DSA) && defined(OPENSSL_NO_EC)
  29 # define OPENSSL_NO_KEYPARAMS
  30 #endif
  31
  32 #ifndef OPENSSL_NO_EC
  33 static BN_CTX *bnctx = NULL;
  34 static OSSL_PARAM_BLD *bld_prime_nc = NULL;
  35 static OSSL_PARAM_BLD *bld_prime = NULL;
  36 static OSSL_PARAM *ec_explicit_prime_params_nc = NULL;
  37 static OSSL_PARAM *ec_explicit_prime_params_explicit = NULL;
  38
  39 # ifndef OPENSSL_NO_EC2M
  40 static OSSL_PARAM_BLD *bld_tri_nc = NULL;
  41 static OSSL_PARAM_BLD *bld_tri = NULL;
  42 static OSSL_PARAM *ec_explicit_tri_params_nc = NULL;
  43 static OSSL_PARAM *ec_explicit_tri_params_explicit = NULL;
  44 # endif
  45 #endif
  46
  47 #ifndef OPENSSL_NO_KEYPARAMS
  48 static EVP_PKEY *make_template(const char *type, OSSL_PARAM *genparams)
  49 {
  50     EVP_PKEY *pkey = NULL;
  51     EVP_PKEY_CTX *ctx = NULL;
  52
  53 # ifndef OPENSSL_NO_DH
  54     /*
  55      * Use 512-bit DH(X) keys with predetermined parameters for efficiency,
  56      * for testing only. Use a minimum key size of 2048 for security purposes.
  57      */
  58     if (strcmp(type, "DH") == 0)
  59         return get_dh512(NULL);
  60     if (strcmp(type, "X9.42 DH") == 0)
  61         return get_dhx512(NULL);
  62 # endif
  63
  64     /*
  65      * No real need to check the errors other than for the cascade
  66      * effect.  |pkey| will simply remain NULL if something goes wrong.
  67      */
  68     (void)((ctx = EVP_PKEY_CTX_new_from_name(NULL, type, NULL)) != NULL
  69            && EVP_PKEY_paramgen_init(ctx) > 0
  70            && (genparams == NULL
  71                || EVP_PKEY_CTX_set_params(ctx, genparams) > 0)
  72            && EVP_PKEY_gen(ctx, &pkey) > 0);
  73     EVP_PKEY_CTX_free(ctx);
  74
  75     return pkey;
  76 }
  77 #endif
  78
  79 static EVP_PKEY *make_key(const char *type, EVP_PKEY *template,
  80                           OSSL_PARAM *genparams)
  81 {
  82     EVP_PKEY *pkey = NULL;
  83     EVP_PKEY_CTX *ctx =
  84         template != NULL
  85         ? EVP_PKEY_CTX_new(template, NULL)
  86         : EVP_PKEY_CTX_new_from_name(NULL, type, NULL);
  87
  88     /*
  89      * No real need to check the errors other than for the cascade
  90      * effect.  |pkey| will simply remain NULL if something goes wrong.
  91      */
  92     (void)(ctx != NULL
  93            && EVP_PKEY_keygen_init(ctx) > 0
  94            && (genparams == NULL
  95                || EVP_PKEY_CTX_set_params(ctx, genparams) > 0)
  96            && EVP_PKEY_keygen(ctx, &pkey) > 0);
  97     EVP_PKEY_CTX_free(ctx);
  98     return pkey;
  99 }
 100
 101 /* Main test driver */
 102
 103 /*
 104  * TODO(3.0) For better error output, changed the callbacks to take __FILE__
 105  * and __LINE__ as first two arguments, and have them use the lower case
 106  * functions, such as test_strn_eq(), rather than the uppercase macros
 107  * (TEST_strn2_eq(), for example).
 108  */
 109
 110 typedef int (encoder)(void **encoded, long *encoded_len,
 111                       void *object, int selection,
 112                       const char *output_type, const char *output_structure,
 113                       const char *pass, const char *pcipher);
 114 typedef int (decoder)(void **object, void *encoded, long encoded_len,
 115                       const char *keytype, const char *input_type,
 116                       int selection, const char *pass);
 117 typedef int (tester)(const void *data1, size_t data1_len,
 118                      const void *data2, size_t data2_len);
 119 typedef int (checker)(const char *type, const void *data, size_t data_len);
 120 typedef void (dumper)(const char *label, const void *data, size_t data_len);
 121
 122 #define FLAG_DECODE_WITH_TYPE   0x0001
 123
 124 static int test_encode_decode(const char *type, EVP_PKEY *pkey,
 125                               int selection, const char *output_type,
 126                               const char *output_structure,
 127                               const char *pass, const char *pcipher,
 128                               encoder *encode_cb, decoder *decode_cb,
 129                               tester *test_cb, checker *check_cb,
 130                               dumper *dump_cb, int flags)
 131 {
 132     void *encoded = NULL;
 133     long encoded_len = 0;
 134     EVP_PKEY *pkey2 = NULL;
 135     void *encoded2 = NULL;
 136     long encoded2_len = 0;
 137     int ok = 0;
 138
 139     /*
 140      * Encode |pkey|, decode the result into |pkey2|, and finish off by
 141      * encoding |pkey2| as well.  That last encoding is for checking and
 142      * dumping purposes.
 143      */
 144     if (!TEST_true(encode_cb(&encoded, &encoded_len, pkey, selection,
 145                              output_type, output_structure, pass, pcipher))
 146         || !TEST_true(check_cb(type, encoded, encoded_len))
 147         || !TEST_true(decode_cb((void **)&pkey2, encoded, encoded_len,
 148                                 (flags & FLAG_DECODE_WITH_TYPE ? type : NULL),
 149                                 output_type, selection, pass))
 150         || !TEST_true(encode_cb(&encoded2, &encoded2_len, pkey2, selection,
 151                                 output_type, output_structure, pass, pcipher)))
 152         goto end;
 153
 154     if (selection == OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) {
 155         if (!TEST_int_eq(EVP_PKEY_parameters_eq(pkey, pkey2), 1))
 156             goto end;
 157     } else {
 158         if (!TEST_int_eq(EVP_PKEY_eq(pkey, pkey2), 1))
 159             goto end;
 160     }
 161
 162     /*
 163      * Double check the encoding, but only for unprotected keys,
 164      * as protected keys have a random component, which makes the output
 165      * differ.
 166      */
 167     if ((pass == NULL && pcipher == NULL)
 168         && !test_cb(encoded, encoded_len, encoded2, encoded2_len))
 169         goto end;
 170
 171     ok = 1;
 172  end:
 173     if (!ok) {
 174         if (encoded != NULL && encoded_len != 0)
 175             dump_cb("|pkey| encoded", encoded, encoded_len);
 176         if (encoded2 != NULL && encoded2_len != 0)
 177             dump_cb("|pkey2| encoded", encoded2, encoded2_len);
 178     }
 179
 180     OPENSSL_free(encoded);
 181     OPENSSL_free(encoded2);
 182     EVP_PKEY_free(pkey2);
 183     return ok;
 184 }
 185
 186 /* Encoding and decoding methods */
 187
 188 static int encode_EVP_PKEY_prov(void **encoded, long *encoded_len,
 189                                 void *object, int selection,
 190                                 const char *output_type,
 191                                 const char *output_structure,
 192                                 const char *pass, const char *pcipher)
 193 {
 194     EVP_PKEY *pkey = object;
 195     OSSL_ENCODER_CTX *ectx = NULL;
 196     BIO *mem_ser = NULL;
 197     BUF_MEM *mem_buf = NULL;
 198     const unsigned char *upass = (const unsigned char *)pass;
 199     int ok = 0;
 200
 201     if (!TEST_ptr(ectx = OSSL_ENCODER_CTX_new_by_EVP_PKEY(pkey, selection,
 202                                                           output_type,
 203                                                           output_structure,
 204                                                           NULL))
 205         || !TEST_int_gt(OSSL_ENCODER_CTX_get_num_encoders(ectx), 0)
 206         || (pass != NULL
 207             && !TEST_true(OSSL_ENCODER_CTX_set_passphrase(ectx, upass,
 208                                                           strlen(pass))))
 209         || (pcipher != NULL
 210             && !TEST_true(OSSL_ENCODER_CTX_set_cipher(ectx, pcipher, NULL)))
 211         || !TEST_ptr(mem_ser = BIO_new(BIO_s_mem()))
 212         || !TEST_true(OSSL_ENCODER_to_bio(ectx, mem_ser))
 213         || !TEST_true(BIO_get_mem_ptr(mem_ser, &mem_buf) > 0)
 214         || !TEST_ptr(*encoded = mem_buf->data)
 215         || !TEST_long_gt(*encoded_len = mem_buf->length, 0))
 216         goto end;
 217
 218     /* Detach the encoded output */
 219     mem_buf->data = NULL;
 220     mem_buf->length = 0;
 221     ok = 1;
 222  end:
 223     BIO_free(mem_ser);
 224     OSSL_ENCODER_CTX_free(ectx);
 225     return ok;
 226 }
 227
 228 static int decode_EVP_PKEY_prov(void **object, void *encoded, long encoded_len,
 229                                 const char *keytype, const char *input_type,
 230                                 int selection, const char *pass)
 231 {
 232     EVP_PKEY *pkey = NULL, *testpkey = NULL;
 233     OSSL_DECODER_CTX *dctx = NULL;
 234     BIO *encoded_bio = NULL;
 235     const unsigned char *upass = (const unsigned char *)pass;
 236     int ok = 0;
 237     int i;
 238     const char *badtype;
 239
 240     if (strcmp(input_type, "DER") == 0)
 241         badtype = "PEM";
 242     else
 243         badtype = "DER";
 244
 245     if (!TEST_ptr(encoded_bio = BIO_new_mem_buf(encoded, encoded_len)))
 246         goto end;
 247
 248     /*
 249      * We attempt the decode 3 times. The first time we provide the expected
 250      * starting input type. The second time we provide NULL for the starting
 251      * type. The third time we provide a bad starting input type.
 252      * The bad starting input type should fail. The other two should succeed
 253      * and produce the same result.
 254      */
 255     for (i = 0; i < 3; i++) {
 256         const char *testtype = (i == 0) ? input_type
 257                                         : ((i == 1) ? NULL : badtype);
 258
 259         if (!TEST_ptr(dctx = OSSL_DECODER_CTX_new_by_EVP_PKEY(&testpkey,
 260                                                               testtype,
 261                                                               NULL,
 262                                                               keytype,
 263                                                               selection,
 264                                                               NULL, NULL))
 265             || (pass != NULL
 266                 && !OSSL_DECODER_CTX_set_passphrase(dctx, upass, strlen(pass)))
 267             || !TEST_int_gt(BIO_reset(encoded_bio), 0)
 268                /* We expect to fail when using a bad input type */
 269             || !TEST_int_eq(OSSL_DECODER_from_bio(dctx, encoded_bio),
 270                             (i == 2) ? 0 : 1))
 271             goto end;
 272         OSSL_DECODER_CTX_free(dctx);
 273         dctx = NULL;
 274
 275         if (i == 0) {
 276             pkey = testpkey;
 277             testpkey = NULL;
 278         } else if (i == 1) {
 279             if (selection == OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) {
 280                 if (!TEST_int_eq(EVP_PKEY_parameters_eq(pkey, testpkey), 1))
 281                     goto end;
 282             } else {
 283                 if (!TEST_int_eq(EVP_PKEY_eq(pkey, testpkey), 1))
 284                     goto end;
 285             }
 286         }
 287     }
 288     ok = 1;
 289     *object = pkey;
 290     pkey = NULL;
 291
 292  end:
 293     EVP_PKEY_free(pkey);
 294     EVP_PKEY_free(testpkey);
 295     BIO_free(encoded_bio);
 296     OSSL_DECODER_CTX_free(dctx);
 297     return ok;
 298 }
 299
 300 static int encode_EVP_PKEY_legacy_PEM(void **encoded, long *encoded_len,
 301                                       void *object, ossl_unused int selection,
 302                                       ossl_unused const char *output_type,
 303                                       ossl_unused const char *output_structure,
 304                                       const char *pass, const char *pcipher)
 305 {
 306     EVP_PKEY *pkey = object;
 307     EVP_CIPHER *cipher = NULL;
 308     BIO *mem_ser = NULL;
 309     BUF_MEM *mem_buf = NULL;
 310     const unsigned char *upass = (const unsigned char *)pass;
 311     size_t passlen = 0;
 312     int ok = 0;
 313
 314     if (pcipher != NULL && pass != NULL) {
 315         passlen = strlen(pass);
 316         if (!TEST_ptr(cipher = EVP_CIPHER_fetch(NULL, pcipher, NULL)))
 317             goto end;
 318     }
 319     if (!TEST_ptr(mem_ser = BIO_new(BIO_s_mem()))
 320         || !TEST_true(PEM_write_bio_PrivateKey_traditional(mem_ser, pkey,
 321                                                            cipher,
 322                                                            upass, passlen,
 323                                                            NULL, NULL))
 324         || !TEST_true(BIO_get_mem_ptr(mem_ser, &mem_buf) > 0)
 325         || !TEST_ptr(*encoded = mem_buf->data)
 326         || !TEST_long_gt(*encoded_len = mem_buf->length, 0))
 327         goto end;
 328
 329     /* Detach the encoded output */
 330     mem_buf->data = NULL;
 331     mem_buf->length = 0;
 332     ok = 1;
 333  end:
 334     BIO_free(mem_ser);
 335     EVP_CIPHER_free(cipher);
 336     return ok;
 337 }
 338
 339 static int encode_EVP_PKEY_MSBLOB(void **encoded, long *encoded_len,
 340                                   void *object, int selection,
 341                                   ossl_unused const char *output_type,
 342                                   ossl_unused const char *output_structure,
 343                                   ossl_unused const char *pass,
 344                                   ossl_unused const char *pcipher)
 345 {
 346     EVP_PKEY *pkey = object;
 347     BIO *mem_ser = NULL;
 348     BUF_MEM *mem_buf = NULL;
 349     int ok = 0;
 350
 351     if (!TEST_ptr(mem_ser = BIO_new(BIO_s_mem())))
 352         goto end;
 353
 354     if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) {
 355         if (!TEST_int_ge(i2b_PrivateKey_bio(mem_ser, pkey), 0))
 356             goto end;
 357     } else {
 358         if (!TEST_int_ge(i2b_PublicKey_bio(mem_ser, pkey), 0))
 359             goto end;
 360     }
 361
 362     if (!TEST_true(BIO_get_mem_ptr(mem_ser, &mem_buf) > 0)
 363         || !TEST_ptr(*encoded = mem_buf->data)
 364         || !TEST_long_gt(*encoded_len = mem_buf->length, 0))
 365         goto end;
 366
 367     /* Detach the encoded output */
 368     mem_buf->data = NULL;
 369     mem_buf->length = 0;
 370     ok = 1;
 371  end:
 372     BIO_free(mem_ser);
 373     return ok;
 374 }
 375
 376 static pem_password_cb pass_pw;
 377 static int pass_pw(char *buf, int size, int rwflag, void *userdata)
 378 {
 379     OPENSSL_strlcpy(buf, userdata, size);
 380     return strlen(userdata);
 381 }
 382
 383 static int encode_EVP_PKEY_PVK(void **encoded, long *encoded_len,
 384                                void *object, int selection,
 385                                ossl_unused const char *output_type,
 386                                ossl_unused const char *output_structure,
 387                                const char *pass,
 388                                ossl_unused const char *pcipher)
 389 {
 390     EVP_PKEY *pkey = object;
 391     BIO *mem_ser = NULL;
 392     BUF_MEM *mem_buf = NULL;
 393     int enc = (pass != NULL);
 394     int ok = 0;
 395
 396     if (!TEST_true(ossl_assert((selection
 397                                 & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0))
 398         || !TEST_ptr(mem_ser = BIO_new(BIO_s_mem()))
 399         || !TEST_int_ge(i2b_PVK_bio(mem_ser, pkey, enc,
 400                                     pass_pw, (void *)pass), 0)
 401         || !TEST_true(BIO_get_mem_ptr(mem_ser, &mem_buf) > 0)
 402         || !TEST_ptr(*encoded = mem_buf->data)
 403         || !TEST_long_gt(*encoded_len = mem_buf->length, 0))
 404         goto end;
 405
 406     /* Detach the encoded output */
 407     mem_buf->data = NULL;
 408     mem_buf->length = 0;
 409     ok = 1;
 410  end:
 411     BIO_free(mem_ser);
 412     return ok;
 413 }
 414
 415 static int test_text(const void *data1, size_t data1_len,
 416                      const void *data2, size_t data2_len)
 417 {
 418     return TEST_strn2_eq(data1, data1_len, data2, data2_len);
 419 }
 420
 421 static int test_mem(const void *data1, size_t data1_len,
 422                     const void *data2, size_t data2_len)
 423 {
 424     return TEST_mem_eq(data1, data1_len, data2, data2_len);
 425 }
 426
 427 /* Test cases and their dumpers / checkers */
 428
 429 static void collect_name(const char *name, void *arg)
 430 {
 431     char **namelist = arg;
 432     char *new_namelist;
 433     size_t space;
 434
 435     space = strlen(name);
 436     if (*namelist != NULL)
 437         space += strlen(*namelist) + 2 /* for comma and space */;
 438     space++; /* for terminating null byte */
 439
 440     new_namelist = OPENSSL_realloc(*namelist, space);
 441     if (new_namelist == NULL)
 442         return;
 443     if (*namelist != NULL) {
 444         strcat(new_namelist, ", ");
 445         strcat(new_namelist, name);
 446     } else {
 447         strcpy(new_namelist, name);
 448     }
 449     *namelist = new_namelist;
 450 }
 451
 452 static void dump_der(const char *label, const void *data, size_t data_len)
 453 {
 454     test_output_memory(label, data, data_len);
 455 }
 456
 457 static void dump_pem(const char *label, const void *data, size_t data_len)
 458 {
 459     test_output_string(label, data, data_len - 1);
 460 }
 461
 462 static int check_unprotected_PKCS8_DER(const char *type,
 463                                        const void *data, size_t data_len)
 464 {
 465     const unsigned char *datap = data;
 466     PKCS8_PRIV_KEY_INFO *p8inf =
 467         d2i_PKCS8_PRIV_KEY_INFO(NULL, &datap, data_len);
 468     int ok = 0;
 469
 470     if (TEST_ptr(p8inf)) {
 471         EVP_PKEY *pkey = EVP_PKCS82PKEY(p8inf);
 472         char *namelist = NULL;
 473
 474         if (TEST_ptr(pkey)) {
 475             if (!(ok = TEST_true(EVP_PKEY_is_a(pkey, type)))) {
 476                 EVP_PKEY_typenames_do_all(pkey, collect_name, &namelist);
 477                 if (namelist != NULL)
 478                     TEST_note("%s isn't any of %s", type, namelist);
 479                 OPENSSL_free(namelist);
 480             }
 481             EVP_PKEY_free(pkey);
 482         }
 483     }
 484     PKCS8_PRIV_KEY_INFO_free(p8inf);
 485     return ok;
 486 }
 487
 488 static int test_unprotected_via_DER(const char *type, EVP_PKEY *key)
 489 {
 490     return test_encode_decode(type, key,
 491                               OSSL_KEYMGMT_SELECT_KEYPAIR
 492                               | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS,
 493                               "DER", "pkcs8", NULL, NULL,
 494                               encode_EVP_PKEY_prov, decode_EVP_PKEY_prov,
 495                               test_mem, check_unprotected_PKCS8_DER,
 496                               dump_der, 0);
 497 }
 498
 499 static int check_unprotected_PKCS8_PEM(const char *type,
 500                                        const void *data, size_t data_len)
 501 {
 502     static const char expected_pem_header[] =
 503         "-----BEGIN " PEM_STRING_PKCS8INF "-----";
 504
 505     return TEST_strn_eq(data, expected_pem_header,
 506                         sizeof(expected_pem_header) - 1);
 507 }
 508
 509 static int test_unprotected_via_PEM(const char *type, EVP_PKEY *key)
 510 {
 511     return test_encode_decode(type, key, OSSL_KEYMGMT_SELECT_KEYPAIR
 512                               | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS,
 513                               "PEM", "pkcs8", NULL, NULL,
 514                               encode_EVP_PKEY_prov, decode_EVP_PKEY_prov,
 515                               test_text, check_unprotected_PKCS8_PEM,
 516                               dump_pem, 0);
 517 }
 518
 519 #ifndef OPENSSL_NO_KEYPARAMS
 520 static int check_params_DER(const char *type, const void *data, size_t data_len)
 521 {
 522     const unsigned char *datap = data;
 523     int ok = 0;
 524     int itype = NID_undef;
 525     EVP_PKEY *pkey = NULL;
 526
 527     if (strcmp(type, "DH") == 0)
 528         itype = EVP_PKEY_DH;
 529     else if (strcmp(type, "X9.42 DH") == 0)
 530         itype = EVP_PKEY_DHX;
 531     else if (strcmp(type, "DSA") ==  0)
 532         itype = EVP_PKEY_DSA;
 533     else if (strcmp(type, "EC") ==  0)
 534         itype = EVP_PKEY_EC;
 535
 536     if (itype != NID_undef) {
 537         pkey = d2i_KeyParams(itype, NULL, &datap, data_len);
 538         ok = (pkey != NULL);
 539         EVP_PKEY_free(pkey);
 540     }
 541
 542     return ok;
 543 }
 544
 545 static int check_params_PEM(const char *type,
 546                                        const void *data, size_t data_len)
 547 {
 548     static char expected_pem_header[80];
 549
 550     return
 551         TEST_int_gt(BIO_snprintf(expected_pem_header,
 552                                  sizeof(expected_pem_header),
 553                                  "-----BEGIN %s PARAMETERS-----", type), 0)
 554         && TEST_strn_eq(data, expected_pem_header, strlen(expected_pem_header));
 555 }
 556
 557 static int test_params_via_DER(const char *type, EVP_PKEY *key)
 558 {
 559     return test_encode_decode(type, key, OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS,
 560                               "DER", "type-specific", NULL, NULL,
 561                               encode_EVP_PKEY_prov, decode_EVP_PKEY_prov,
 562                               test_mem, check_params_DER,
 563                               dump_der, FLAG_DECODE_WITH_TYPE);
 564 }
 565
 566 static int test_params_via_PEM(const char *type, EVP_PKEY *key)
 567 {
 568     return test_encode_decode(type, key, OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS,
 569                               "PEM", "type-specific", NULL, NULL,
 570                               encode_EVP_PKEY_prov, decode_EVP_PKEY_prov,
 571                               test_text, check_params_PEM,
 572                               dump_pem, 0);
 573 }
 574 #endif /* !OPENSSL_NO_KEYPARAMS */
 575
 576 static int check_unprotected_legacy_PEM(const char *type,
 577                                         const void *data, size_t data_len)
 578 {
 579     static char expected_pem_header[80];
 580
 581     return
 582         TEST_int_gt(BIO_snprintf(expected_pem_header,
 583                                  sizeof(expected_pem_header),
 584                                  "-----BEGIN %s PRIVATE KEY-----", type), 0)
 585         && TEST_strn_eq(data, expected_pem_header, strlen(expected_pem_header));
 586 }
 587
 588 static int test_unprotected_via_legacy_PEM(const char *type, EVP_PKEY *key)
 589 {
 590     return test_encode_decode(type, key,
 591                               OSSL_KEYMGMT_SELECT_KEYPAIR
 592                               | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS,
 593                               "PEM", "type-specific", NULL, NULL,
 594                               encode_EVP_PKEY_legacy_PEM, decode_EVP_PKEY_prov,
 595                               test_text, check_unprotected_legacy_PEM,
 596                               dump_pem, 0);
 597 }
 598
 599 static int check_MSBLOB(const char *type, const void *data, size_t data_len)
 600 {
 601     const unsigned char *datap = data;
 602     EVP_PKEY *pkey = b2i_PrivateKey(&datap, data_len);
 603     int ok = TEST_ptr(pkey);
 604
 605     EVP_PKEY_free(pkey);
 606     return ok;
 607 }
 608
 609 static int test_unprotected_via_MSBLOB(const char *type, EVP_PKEY *key)
 610 {
 611     return test_encode_decode(type, key,
 612                               OSSL_KEYMGMT_SELECT_KEYPAIR
 613                               | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS,
 614                               "MSBLOB", NULL, NULL, NULL,
 615                               encode_EVP_PKEY_MSBLOB, decode_EVP_PKEY_prov,
 616                               test_mem, check_MSBLOB,
 617                               dump_der, 0);
 618 }
 619
 620 static int check_PVK(const char *type, const void *data, size_t data_len)
 621 {
 622     const unsigned char *in = data;
 623     unsigned int saltlen = 0, keylen = 0;
 624     int ok = ossl_do_PVK_header(&in, data_len, 0, &saltlen, &keylen);
 625
 626     return ok;
 627 }
 628
 629 static int test_unprotected_via_PVK(const char *type, EVP_PKEY *key)
 630 {
 631     return test_encode_decode(type, key,
 632                               OSSL_KEYMGMT_SELECT_KEYPAIR
 633                               | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS,
 634                               "PVK", NULL, NULL, NULL,
 635                               encode_EVP_PKEY_PVK, decode_EVP_PKEY_prov,
 636                               test_mem, check_PVK,
 637                               dump_der, 0);
 638 }
 639
 640 static const char *pass_cipher = "AES-256-CBC";
 641 static const char *pass = "the holy handgrenade of antioch";
 642
 643 static int check_protected_PKCS8_DER(const char *type,
 644                                      const void *data, size_t data_len)
 645 {
 646     const unsigned char *datap = data;
 647     X509_SIG *p8 = d2i_X509_SIG(NULL, &datap, data_len);
 648     int ok = TEST_ptr(p8);
 649
 650     X509_SIG_free(p8);
 651     return ok;
 652 }
 653
 654 static int test_protected_via_DER(const char *type, EVP_PKEY *key)
 655 {
 656     return test_encode_decode(type, key,
 657                               OSSL_KEYMGMT_SELECT_KEYPAIR
 658                               | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS,
 659                               "DER", "pkcs8", pass, pass_cipher,
 660                               encode_EVP_PKEY_prov, decode_EVP_PKEY_prov,
 661                               test_mem, check_protected_PKCS8_DER,
 662                               dump_der, 0);
 663 }
 664
 665 static int check_protected_PKCS8_PEM(const char *type,
 666                                      const void *data, size_t data_len)
 667 {
 668     static const char expected_pem_header[] =
 669         "-----BEGIN " PEM_STRING_PKCS8 "-----";
 670
 671     return TEST_strn_eq(data, expected_pem_header,
 672                         sizeof(expected_pem_header) - 1);
 673 }
 674
 675 static int test_protected_via_PEM(const char *type, EVP_PKEY *key)
 676 {
 677     return test_encode_decode(type, key,
 678                               OSSL_KEYMGMT_SELECT_KEYPAIR
 679                               | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS,
 680                               "PEM", "pkcs8", pass, pass_cipher,
 681                               encode_EVP_PKEY_prov, decode_EVP_PKEY_prov,
 682                               test_text, check_protected_PKCS8_PEM,
 683                               dump_pem, 0);
 684 }
 685
 686 static int check_protected_legacy_PEM(const char *type,
 687                                       const void *data, size_t data_len)
 688 {
 689     static char expected_pem_header[80];
 690
 691     return
 692         TEST_int_gt(BIO_snprintf(expected_pem_header,
 693                                  sizeof(expected_pem_header),
 694                                  "-----BEGIN %s PRIVATE KEY-----", type), 0)
 695         && TEST_strn_eq(data, expected_pem_header, strlen(expected_pem_header))
 696         && TEST_ptr(strstr(data, "\nDEK-Info: "));
 697 }
 698
 699 static int test_protected_via_legacy_PEM(const char *type, EVP_PKEY *key)
 700 {
 701     return test_encode_decode(type, key,
 702                               OSSL_KEYMGMT_SELECT_KEYPAIR
 703                               | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS,
 704                               "PEM", "type-specific", pass, pass_cipher,
 705                               encode_EVP_PKEY_legacy_PEM, decode_EVP_PKEY_prov,
 706                               test_text, check_protected_legacy_PEM,
 707                               dump_pem, 0);
 708 }
 709
 710 #ifndef OPENSSL_NO_RC4
 711 static int test_protected_via_PVK(const char *type, EVP_PKEY *key)
 712 {
 713     return test_encode_decode(type, key,
 714                               OSSL_KEYMGMT_SELECT_KEYPAIR
 715                               | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS,
 716                               "PVK", NULL, pass, NULL,
 717                               encode_EVP_PKEY_PVK, decode_EVP_PKEY_prov,
 718                               test_mem, check_PVK, dump_der, 0);
 719 }
 720 #endif
 721
 722 static int check_public_DER(const char *type, const void *data, size_t data_len)
 723 {
 724     const unsigned char *datap = data;
 725     EVP_PKEY *pkey = d2i_PUBKEY(NULL, &datap, data_len);
 726     int ok = (TEST_ptr(pkey) && TEST_true(EVP_PKEY_is_a(pkey, type)));
 727
 728     EVP_PKEY_free(pkey);
 729     return ok;
 730 }
 731
 732 static int test_public_via_DER(const char *type, EVP_PKEY *key)
 733 {
 734     return test_encode_decode(type, key,
 735                               OSSL_KEYMGMT_SELECT_PUBLIC_KEY
 736                               | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS,
 737                               "DER", "SubjectPublicKeyInfo", NULL, NULL,
 738                               encode_EVP_PKEY_prov, decode_EVP_PKEY_prov,
 739                               test_mem, check_public_DER, dump_der, 0);
 740 }
 741
 742 static int check_public_PEM(const char *type, const void *data, size_t data_len)
 743 {
 744     static const char expected_pem_header[] =
 745         "-----BEGIN " PEM_STRING_PUBLIC "-----";
 746
 747     return
 748         TEST_strn_eq(data, expected_pem_header,
 749                      sizeof(expected_pem_header) - 1);
 750 }
 751
 752 static int test_public_via_PEM(const char *type, EVP_PKEY *key)
 753 {
 754     return test_encode_decode(type, key,
 755                               OSSL_KEYMGMT_SELECT_PUBLIC_KEY
 756                               | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS,
 757                               "PEM", "SubjectPublicKeyInfo", NULL, NULL,
 758                               encode_EVP_PKEY_prov, decode_EVP_PKEY_prov,
 759                               test_text, check_public_PEM, dump_pem, 0);
 760 }
 761
 762 static int check_public_MSBLOB(const char *type,
 763                                const void *data, size_t data_len)
 764 {
 765     const unsigned char *datap = data;
 766     EVP_PKEY *pkey = b2i_PublicKey(&datap, data_len);
 767     int ok = TEST_ptr(pkey);
 768
 769     EVP_PKEY_free(pkey);
 770     return ok;
 771 }
 772
 773 static int test_public_via_MSBLOB(const char *type, EVP_PKEY *key)
 774 {
 775     return test_encode_decode(type, key, OSSL_KEYMGMT_SELECT_PUBLIC_KEY
 776                               | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS,
 777                               "MSBLOB", NULL, NULL, NULL,
 778                               encode_EVP_PKEY_MSBLOB, decode_EVP_PKEY_prov,
 779                               test_mem, check_public_MSBLOB, dump_der, 0);
 780 }
 781
 782 #define KEYS(KEYTYPE)                           \
 783     static EVP_PKEY *key_##KEYTYPE = NULL
 784 #define MAKE_KEYS(KEYTYPE, KEYTYPEstr, params)                          \
 785     ok = ok                                                             \
 786         && TEST_ptr(key_##KEYTYPE = make_key(KEYTYPEstr, NULL, params))
 787 #define FREE_KEYS(KEYTYPE)                                              \
 788     EVP_PKEY_free(key_##KEYTYPE);                                       \
 789
 790 #define DOMAIN_KEYS(KEYTYPE)                    \
 791     static EVP_PKEY *template_##KEYTYPE = NULL; \
 792     static EVP_PKEY *key_##KEYTYPE = NULL
 793 #define MAKE_DOMAIN_KEYS(KEYTYPE, KEYTYPEstr, params)                   \
 794     ok = ok                                                             \
 795         && TEST_ptr(template_##KEYTYPE =                                \
 796                     make_template(KEYTYPEstr, params))                  \
 797         && TEST_ptr(key_##KEYTYPE =                                     \
 798                     make_key(KEYTYPEstr, template_##KEYTYPE, NULL))
 799 #define FREE_DOMAIN_KEYS(KEYTYPE)                                       \
 800     EVP_PKEY_free(template_##KEYTYPE);                                  \
 801     EVP_PKEY_free(key_##KEYTYPE)
 802
 803 #define IMPLEMENT_TEST_SUITE(KEYTYPE, KEYTYPEstr)                       \
 804     static int test_unprotected_##KEYTYPE##_via_DER(void)               \
 805     {                                                                   \
 806         return test_unprotected_via_DER(KEYTYPEstr, key_##KEYTYPE);     \
 807     }                                                                   \
 808     static int test_unprotected_##KEYTYPE##_via_PEM(void)               \
 809     {                                                                   \
 810         return test_unprotected_via_PEM(KEYTYPEstr, key_##KEYTYPE);     \
 811     }                                                                   \
 812     static int test_protected_##KEYTYPE##_via_DER(void)                 \
 813     {                                                                   \
 814         return test_protected_via_DER(KEYTYPEstr, key_##KEYTYPE);       \
 815     }                                                                   \
 816     static int test_protected_##KEYTYPE##_via_PEM(void)                 \
 817     {                                                                   \
 818         return test_protected_via_PEM(KEYTYPEstr, key_##KEYTYPE);       \
 819     }                                                                   \
 820     static int test_public_##KEYTYPE##_via_DER(void)                    \
 821     {                                                                   \
 822         return test_public_via_DER(KEYTYPEstr, key_##KEYTYPE);          \
 823     }                                                                   \
 824     static int test_public_##KEYTYPE##_via_PEM(void)                    \
 825     {                                                                   \
 826         return test_public_via_PEM(KEYTYPEstr, key_##KEYTYPE);          \
 827     }
 828
 829 #define ADD_TEST_SUITE(KEYTYPE)                                 \
 830     ADD_TEST(test_unprotected_##KEYTYPE##_via_DER);             \
 831     ADD_TEST(test_unprotected_##KEYTYPE##_via_PEM);             \
 832     ADD_TEST(test_protected_##KEYTYPE##_via_DER);               \
 833     ADD_TEST(test_protected_##KEYTYPE##_via_PEM);               \
 834     ADD_TEST(test_public_##KEYTYPE##_via_DER);                  \
 835     ADD_TEST(test_public_##KEYTYPE##_via_PEM)
 836
 837 #define IMPLEMENT_TEST_SUITE_PARAMS(KEYTYPE, KEYTYPEstr)           \
 838     static int test_params_##KEYTYPE##_via_DER(void)               \
 839     {                                                              \
 840         return test_params_via_DER(KEYTYPEstr, key_##KEYTYPE);     \
 841     }                                                              \
 842     static int test_params_##KEYTYPE##_via_PEM(void)               \
 843     {                                                              \
 844         return test_params_via_PEM(KEYTYPEstr, key_##KEYTYPE);     \
 845     }
 846
 847 #define ADD_TEST_SUITE_PARAMS(KEYTYPE)                          \
 848     ADD_TEST(test_params_##KEYTYPE##_via_DER);                  \
 849     ADD_TEST(test_params_##KEYTYPE##_via_PEM)
 850
 851 #define IMPLEMENT_TEST_SUITE_LEGACY(KEYTYPE, KEYTYPEstr)                \
 852     static int test_unprotected_##KEYTYPE##_via_legacy_PEM(void)        \
 853     {                                                                   \
 854         return                                                          \
 855             test_unprotected_via_legacy_PEM(KEYTYPEstr, key_##KEYTYPE); \
 856     }                                                                   \
 857     static int test_protected_##KEYTYPE##_via_legacy_PEM(void)          \
 858     {                                                                   \
 859         return                                                          \
 860             test_protected_via_legacy_PEM(KEYTYPEstr, key_##KEYTYPE);   \
 861     }
 862
 863 #define ADD_TEST_SUITE_LEGACY(KEYTYPE)                                  \
 864     ADD_TEST(test_unprotected_##KEYTYPE##_via_legacy_PEM);              \
 865     ADD_TEST(test_protected_##KEYTYPE##_via_legacy_PEM)
 866
 867 #define IMPLEMENT_TEST_SUITE_MSBLOB(KEYTYPE, KEYTYPEstr)                \
 868     static int test_unprotected_##KEYTYPE##_via_MSBLOB(void)            \
 869     {                                                                   \
 870         return test_unprotected_via_MSBLOB(KEYTYPEstr, key_##KEYTYPE);  \
 871     }                                                                   \
 872     static int test_public_##KEYTYPE##_via_MSBLOB(void)                 \
 873     {                                                                   \
 874         return test_public_via_MSBLOB(KEYTYPEstr, key_##KEYTYPE);       \
 875     }
 876
 877 #define ADD_TEST_SUITE_MSBLOB(KEYTYPE)                                  \
 878     ADD_TEST(test_unprotected_##KEYTYPE##_via_MSBLOB);                  \
 879     ADD_TEST(test_public_##KEYTYPE##_via_MSBLOB)
 880
 881 #define IMPLEMENT_TEST_SUITE_UNPROTECTED_PVK(KEYTYPE, KEYTYPEstr)       \
 882     static int test_unprotected_##KEYTYPE##_via_PVK(void)               \
 883     {                                                                   \
 884         return test_unprotected_via_PVK(KEYTYPEstr, key_##KEYTYPE);     \
 885     }
 886 # define ADD_TEST_SUITE_UNPROTECTED_PVK(KEYTYPE)                        \
 887     ADD_TEST(test_unprotected_##KEYTYPE##_via_PVK)
 888 #ifndef OPENSSL_NO_RC4
 889 # define IMPLEMENT_TEST_SUITE_PROTECTED_PVK(KEYTYPE, KEYTYPEstr)        \
 890     static int test_protected_##KEYTYPE##_via_PVK(void)                 \
 891     {                                                                   \
 892         return test_protected_via_PVK(KEYTYPEstr, key_##KEYTYPE);       \
 893     }
 894 # define ADD_TEST_SUITE_PROTECTED_PVK(KEYTYPE)                          \
 895     ADD_TEST(test_protected_##KEYTYPE##_via_PVK)
 896 #endif
 897
 898 #ifndef OPENSSL_NO_DH
 899 DOMAIN_KEYS(DH);
 900 IMPLEMENT_TEST_SUITE(DH, "DH")
 901 IMPLEMENT_TEST_SUITE_PARAMS(DH, "DH")
 902 DOMAIN_KEYS(DHX);
 903 IMPLEMENT_TEST_SUITE(DHX, "X9.42 DH")
 904 IMPLEMENT_TEST_SUITE_PARAMS(DHX, "X9.42 DH")
 905 /*
 906  * DH has no support for PEM_write_bio_PrivateKey_traditional(),
 907  * so no legacy tests.
 908  */
 909 #endif
 910 #ifndef OPENSSL_NO_DSA
 911 DOMAIN_KEYS(DSA);
 912 IMPLEMENT_TEST_SUITE(DSA, "DSA")
 913 IMPLEMENT_TEST_SUITE_PARAMS(DSA, "DSA")
 914 IMPLEMENT_TEST_SUITE_LEGACY(DSA, "DSA")
 915 IMPLEMENT_TEST_SUITE_MSBLOB(DSA, "DSA")
 916 IMPLEMENT_TEST_SUITE_UNPROTECTED_PVK(DSA, "DSA")
 917 # ifndef OPENSSL_NO_RC4
 918 IMPLEMENT_TEST_SUITE_PROTECTED_PVK(DSA, "DSA")
 919 # endif
 920 #endif
 921 #ifndef OPENSSL_NO_EC
 922 DOMAIN_KEYS(EC);
 923 IMPLEMENT_TEST_SUITE(EC, "EC")
 924 IMPLEMENT_TEST_SUITE_PARAMS(EC, "EC")
 925 IMPLEMENT_TEST_SUITE_LEGACY(EC, "EC")
 926 DOMAIN_KEYS(ECExplicitPrimeNamedCurve);
 927 IMPLEMENT_TEST_SUITE(ECExplicitPrimeNamedCurve, "EC")
 928 IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitPrimeNamedCurve, "EC")
 929 DOMAIN_KEYS(ECExplicitPrime2G);
 930 IMPLEMENT_TEST_SUITE(ECExplicitPrime2G, "EC")
 931 IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitPrime2G, "EC")
 932 # ifndef OPENSSL_NO_EC2M
 933 DOMAIN_KEYS(ECExplicitTriNamedCurve);
 934 IMPLEMENT_TEST_SUITE(ECExplicitTriNamedCurve, "EC")
 935 IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitTriNamedCurve, "EC")
 936 DOMAIN_KEYS(ECExplicitTri2G);
 937 IMPLEMENT_TEST_SUITE(ECExplicitTri2G, "EC")
 938 IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitTri2G, "EC")
 939 # endif
 940 KEYS(ED25519);
 941 IMPLEMENT_TEST_SUITE(ED25519, "ED25519")
 942 KEYS(ED448);
 943 IMPLEMENT_TEST_SUITE(ED448, "ED448")
 944 KEYS(X25519);
 945 IMPLEMENT_TEST_SUITE(X25519, "X25519")
 946 KEYS(X448);
 947 IMPLEMENT_TEST_SUITE(X448, "X448")
 948 /*
 949  * ED25519, ED448, X25519 and X448 have no support for
 950  * PEM_write_bio_PrivateKey_traditional(), so no legacy tests.
 951  */
 952 #endif
 953 KEYS(RSA);
 954 IMPLEMENT_TEST_SUITE(RSA, "RSA")
 955 IMPLEMENT_TEST_SUITE_LEGACY(RSA, "RSA")
 956 KEYS(RSA_PSS);
 957 IMPLEMENT_TEST_SUITE(RSA_PSS, "RSA-PSS")
 958 /*
 959  * RSA-PSS has no support for PEM_write_bio_PrivateKey_traditional(),
 960  * so no legacy tests.
 961  */
 962 IMPLEMENT_TEST_SUITE_MSBLOB(RSA, "RSA")
 963 IMPLEMENT_TEST_SUITE_UNPROTECTED_PVK(RSA, "RSA")
 964 #ifndef OPENSSL_NO_RC4
 965 IMPLEMENT_TEST_SUITE_PROTECTED_PVK(RSA, "RSA")
 966 #endif
 967
 968 #ifndef OPENSSL_NO_EC
 969 /* Explicit parameters that match a named curve */
 970 static int do_create_ec_explicit_prime_params(OSSL_PARAM_BLD *bld,
 971                                               const unsigned char *gen,
 972                                               size_t gen_len)
 973 {
 974     BIGNUM *a, *b, *prime, *order;
 975
 976     /* Curve prime256v1 */
 977     static const unsigned char prime_data[] = {
 978         0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00,
 979         0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 980         0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff,
 981         0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
 982         0xff
 983     };
 984     static const unsigned char a_data[] = {
 985         0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00,
 986         0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 987         0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff,
 988         0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
 989         0xfc
 990     };
 991     static const unsigned char b_data[] = {
 992         0x5a, 0xc6, 0x35, 0xd8, 0xaa, 0x3a, 0x93, 0xe7,
 993         0xb3, 0xeb, 0xbd, 0x55, 0x76, 0x98, 0x86, 0xbc,
 994         0x65, 0x1d, 0x06, 0xb0, 0xcc, 0x53, 0xb0, 0xf6,
 995         0x3b, 0xce, 0x3c, 0x3e, 0x27, 0xd2, 0x60, 0x4b
 996     };
 997     static const unsigned char seed[] = {
 998         0xc4, 0x9d, 0x36, 0x08, 0x86, 0xe7, 0x04, 0x93,
 999         0x6a, 0x66, 0x78, 0xe1, 0x13, 0x9d, 0x26, 0xb7,
1000         0x81, 0x9f, 0x7e, 0x90
1001     };
1002     static const unsigned char order_data[] = {
1003         0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00,
1004         0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
1005         0xff, 0xbc, 0xe6, 0xfa, 0xad, 0xa7, 0x17, 0x9e,
1006         0x84, 0xf3, 0xb9, 0xca, 0xc2, 0xfc, 0x63, 0x25, 0x51
1007     };
1008     return TEST_ptr(a = BN_CTX_get(bnctx))
1009            && TEST_ptr(b = BN_CTX_get(bnctx))
1010            && TEST_ptr(prime = BN_CTX_get(bnctx))
1011            && TEST_ptr(order = BN_CTX_get(bnctx))
1012            && TEST_ptr(BN_bin2bn(prime_data, sizeof(prime_data), prime))
1013            && TEST_ptr(BN_bin2bn(a_data, sizeof(a_data), a))
1014            && TEST_ptr(BN_bin2bn(b_data, sizeof(b_data), b))
1015            && TEST_ptr(BN_bin2bn(order_data, sizeof(order_data), order))
1016            && TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
1017                             OSSL_PKEY_PARAM_EC_FIELD_TYPE, SN_X9_62_prime_field,
1018                             0))
1019            && TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_P, prime))
1020            && TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_A, a))
1021            && TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_B, b))
1022            && TEST_true(OSSL_PARAM_BLD_push_BN(bld,
1023                             OSSL_PKEY_PARAM_EC_ORDER, order))
1024            && TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
1025                             OSSL_PKEY_PARAM_EC_GENERATOR, gen, gen_len))
1026            && TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
1027                             OSSL_PKEY_PARAM_EC_SEED, seed, sizeof(seed)))
1028            && TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_COFACTOR,
1029                                                BN_value_one()));
1030 }
1031
1032 static int create_ec_explicit_prime_params_namedcurve(OSSL_PARAM_BLD *bld)
1033 {
1034     static const unsigned char prime256v1_gen[] = {
1035         0x04,
1036         0x6b, 0x17, 0xd1, 0xf2, 0xe1, 0x2c, 0x42, 0x47,
1037         0xf8, 0xbc, 0xe6, 0xe5, 0x63, 0xa4, 0x40, 0xf2,
1038         0x77, 0x03, 0x7d, 0x81, 0x2d, 0xeb, 0x33, 0xa0,
1039         0xf4, 0xa1, 0x39, 0x45, 0xd8, 0x98, 0xc2, 0x96,
1040         0x4f, 0xe3, 0x42, 0xe2, 0xfe, 0x1a, 0x7f, 0x9b,
1041         0x8e, 0xe7, 0xeb, 0x4a, 0x7c, 0x0f, 0x9e, 0x16,
1042         0x2b, 0xce, 0x33, 0x57, 0x6b, 0x31, 0x5e, 0xce,
1043         0xcb, 0xb6, 0x40, 0x68, 0x37, 0xbf, 0x51, 0xf5
1044     };
1045     return do_create_ec_explicit_prime_params(bld, prime256v1_gen,
1046                                               sizeof(prime256v1_gen));
1047 }
1048
1049 static int create_ec_explicit_prime_params(OSSL_PARAM_BLD *bld)
1050 {
1051     /* 2G */
1052     static const unsigned char prime256v1_gen2[] = {
1053         0x04,
1054         0xe4, 0x97, 0x08, 0xbe, 0x7d, 0xfa, 0xa2, 0x9a,
1055         0xa3, 0x12, 0x6f, 0xe4, 0xe7, 0xd0, 0x25, 0xe3,
1056         0x4a, 0xc1, 0x03, 0x15, 0x8c, 0xd9, 0x33, 0xc6,
1057         0x97, 0x42, 0xf5, 0xdc, 0x97, 0xb9, 0xd7, 0x31,
1058         0xe9, 0x7d, 0x74, 0x3d, 0x67, 0x6a, 0x3b, 0x21,
1059         0x08, 0x9c, 0x31, 0x73, 0xf8, 0xc1, 0x27, 0xc9,
1060         0xd2, 0xa0, 0xa0, 0x83, 0x66, 0xe0, 0xc9, 0xda,
1061         0xa8, 0xc6, 0x56, 0x2b, 0x94, 0xb1, 0xae, 0x55
1062     };
1063     return do_create_ec_explicit_prime_params(bld, prime256v1_gen2,
1064                                               sizeof(prime256v1_gen2));
1065 }
1066
1067 # ifndef OPENSSL_NO_EC2M
1068 static int do_create_ec_explicit_trinomial_params(OSSL_PARAM_BLD *bld,
1069                                                   const unsigned char *gen,
1070                                                   size_t gen_len)
1071 {
1072     BIGNUM *a, *b, *poly, *order, *cofactor;
1073     /* sect233k1 characteristic-two-field tpBasis */
1074     static const unsigned char poly_data[] = {
1075         0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1076         0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00,
1077         0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
1078     };
1079     static const unsigned char a_data[] = {
1080         0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1081         0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1082         0x00, 0x00, 0x00, 0x00, 0x00, 0x00
1083     };
1084     static const unsigned char b_data[] = {
1085         0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1086         0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1087         0x00, 0x00, 0x00, 0x00, 0x00, 0x01
1088     };
1089     static const unsigned char order_data[] = {
1090         0x00, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1091         0x00, 0x00, 0x00, 0x06, 0x9D, 0x5B, 0xB9, 0x15, 0xBC, 0xD4, 0x6E, 0xFB,
1092         0x1A, 0xD5, 0xF1, 0x73, 0xAB, 0xDF
1093     };
1094     static const unsigned char cofactor_data[]= {
1095         0x4
1096     };
1097     return TEST_ptr(a = BN_CTX_get(bnctx))
1098            && TEST_ptr(b = BN_CTX_get(bnctx))
1099            && TEST_ptr(poly = BN_CTX_get(bnctx))
1100            && TEST_ptr(order = BN_CTX_get(bnctx))
1101            && TEST_ptr(cofactor = BN_CTX_get(bnctx))
1102            && TEST_ptr(BN_bin2bn(poly_data, sizeof(poly_data), poly))
1103            && TEST_ptr(BN_bin2bn(a_data, sizeof(a_data), a))
1104            && TEST_ptr(BN_bin2bn(b_data, sizeof(b_data), b))
1105            && TEST_ptr(BN_bin2bn(order_data, sizeof(order_data), order))
1106            && TEST_ptr(BN_bin2bn(cofactor_data, sizeof(cofactor_data), cofactor))
1107            && TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
1108                             OSSL_PKEY_PARAM_EC_FIELD_TYPE,
1109                             SN_X9_62_characteristic_two_field, 0))
1110            && TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_P, poly))
1111            && TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_A, a))
1112            && TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_B, b))
1113            && TEST_true(OSSL_PARAM_BLD_push_BN(bld,
1114                             OSSL_PKEY_PARAM_EC_ORDER, order))
1115            && TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
1116                             OSSL_PKEY_PARAM_EC_GENERATOR, gen, gen_len))
1117            && TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_COFACTOR,
1118                                                cofactor));
1119 }
1120
1121 static int create_ec_explicit_trinomial_params_namedcurve(OSSL_PARAM_BLD *bld)
1122 {
1123     static const unsigned char gen[] = {
1124         0x04,
1125         0x01, 0x72, 0x32, 0xBA, 0x85, 0x3A, 0x7E, 0x73, 0x1A, 0xF1, 0x29, 0xF2,
1126         0x2F, 0xF4, 0x14, 0x95, 0x63, 0xA4, 0x19, 0xC2, 0x6B, 0xF5, 0x0A, 0x4C,
1127         0x9D, 0x6E, 0xEF, 0xAD, 0x61, 0x26,
1128         0x01, 0xDB, 0x53, 0x7D, 0xEC, 0xE8, 0x19, 0xB7, 0xF7, 0x0F, 0x55, 0x5A,
1129         0x67, 0xC4, 0x27, 0xA8, 0xCD, 0x9B, 0xF1, 0x8A, 0xEB, 0x9B, 0x56, 0xE0,
1130         0xC1, 0x10, 0x56, 0xFA, 0xE6, 0xA3
1131     };
1132     return do_create_ec_explicit_trinomial_params(bld, gen, sizeof(gen));
1133 }
1134
1135 static int create_ec_explicit_trinomial_params(OSSL_PARAM_BLD *bld)
1136 {
1137     static const unsigned char gen2[] = {
1138         0x04,
1139         0x00, 0xd7, 0xba, 0xd0, 0x26, 0x6c, 0x31, 0x6a, 0x78, 0x76, 0x01, 0xd1,
1140         0x32, 0x4b, 0x8f, 0x30, 0x29, 0x2d, 0x78, 0x30, 0xca, 0x43, 0xaa, 0xf0,
1141         0xa2, 0x5a, 0xd4, 0x0f, 0xb3, 0xf4,
1142         0x00, 0x85, 0x4b, 0x1b, 0x8d, 0x50, 0x10, 0xa5, 0x1c, 0x80, 0xf7, 0x86,
1143         0x40, 0x62, 0x4c, 0x87, 0xd1, 0x26, 0x7a, 0x9c, 0x5c, 0xe9, 0x82, 0x29,
1144         0xd1, 0x67, 0x70, 0x41, 0xea, 0xcb
1145     };
1146     return do_create_ec_explicit_trinomial_params(bld, gen2, sizeof(gen2));
1147 }
1148 # endif /* OPENSSL_NO_EC2M */
1149 #endif /* OPENSSL_NO_EC */
1150
1151 int setup_tests(void)
1152 {
1153 # ifndef OPENSSL_NO_RC4
1154     int use_legacy = OSSL_PROVIDER_available(NULL, "legacy");
1155 #endif
1156     int ok = 1;
1157
1158 #ifndef OPENSSL_NO_DSA
1159     static size_t qbits = 160;  /* PVK only tolerates 160 Q bits */
1160     static size_t pbits = 1024; /* With 160 Q bits, we MUST use 1024 P bits */
1161     OSSL_PARAM DSA_params[] = {
1162         OSSL_PARAM_size_t("pbits", &pbits),
1163         OSSL_PARAM_size_t("qbits", &qbits),
1164         OSSL_PARAM_END
1165     };
1166 #endif
1167
1168 #ifndef OPENSSL_NO_EC
1169     static char groupname[] = "prime256v1";
1170     OSSL_PARAM EC_params[] = {
1171         OSSL_PARAM_utf8_string("group", groupname, sizeof(groupname) - 1),
1172         OSSL_PARAM_END
1173     };
1174 #endif
1175
1176     /* 7 is the default magic number */
1177     static unsigned int rsapss_min_saltlen = 7;
1178     OSSL_PARAM RSA_PSS_params[] = {
1179         OSSL_PARAM_uint("saltlen", &rsapss_min_saltlen),
1180         OSSL_PARAM_END
1181     };
1182
1183 #ifndef OPENSSL_NO_EC
1184     if (!TEST_ptr(bnctx = BN_CTX_new_ex(NULL))
1185         || !TEST_ptr(bld_prime_nc = OSSL_PARAM_BLD_new())
1186         || !TEST_ptr(bld_prime = OSSL_PARAM_BLD_new())
1187         || !create_ec_explicit_prime_params_namedcurve(bld_prime_nc)
1188         || !create_ec_explicit_prime_params(bld_prime)
1189         || !TEST_ptr(ec_explicit_prime_params_nc = OSSL_PARAM_BLD_to_param(bld_prime_nc))
1190         || !TEST_ptr(ec_explicit_prime_params_explicit = OSSL_PARAM_BLD_to_param(bld_prime))
1191 # ifndef OPENSSL_NO_EC2M
1192         || !TEST_ptr(bld_tri_nc = OSSL_PARAM_BLD_new())
1193         || !TEST_ptr(bld_tri = OSSL_PARAM_BLD_new())
1194         || !create_ec_explicit_trinomial_params_namedcurve(bld_tri_nc)
1195         || !create_ec_explicit_trinomial_params(bld_tri)
1196         || !TEST_ptr(ec_explicit_tri_params_nc = OSSL_PARAM_BLD_to_param(bld_tri_nc))
1197         || !TEST_ptr(ec_explicit_tri_params_explicit = OSSL_PARAM_BLD_to_param(bld_tri))
1198 # endif
1199         )
1200         return 0;
1201 #endif
1202
1203     TEST_info("Generating keys...");
1204
1205 #ifndef OPENSSL_NO_DH
1206     MAKE_DOMAIN_KEYS(DH, "DH", NULL);
1207     MAKE_DOMAIN_KEYS(DHX, "X9.42 DH", NULL);
1208     TEST_info("Generating keys...DH done");
1209 #endif
1210 #ifndef OPENSSL_NO_DSA
1211     MAKE_DOMAIN_KEYS(DSA, "DSA", DSA_params);
1212     TEST_info("Generating keys...DSA done");
1213 #endif
1214 #ifndef OPENSSL_NO_EC
1215     MAKE_DOMAIN_KEYS(EC, "EC", EC_params);
1216     MAKE_DOMAIN_KEYS(ECExplicitPrimeNamedCurve, "EC", ec_explicit_prime_params_nc);
1217     MAKE_DOMAIN_KEYS(ECExplicitPrime2G, "EC", ec_explicit_prime_params_explicit);
1218 # ifndef OPENSSL_NO_EC2M
1219     MAKE_DOMAIN_KEYS(ECExplicitTriNamedCurve, "EC", ec_explicit_tri_params_nc);
1220     MAKE_DOMAIN_KEYS(ECExplicitTri2G, "EC", ec_explicit_tri_params_explicit);
1221 # endif
1222     MAKE_KEYS(ED25519, "ED25519", NULL);
1223     MAKE_KEYS(ED448, "ED448", NULL);
1224     MAKE_KEYS(X25519, "X25519", NULL);
1225     MAKE_KEYS(X448, "X448", NULL);
1226     TEST_info("Generating keys...EC done");
1227 #endif
1228     MAKE_KEYS(RSA, "RSA", NULL);
1229     TEST_info("Generating keys...RSA done");
1230     MAKE_KEYS(RSA_PSS, "RSA-PSS", RSA_PSS_params);
1231     TEST_info("Generating keys...RSA_PSS done");
1232
1233     if (ok) {
1234 #ifndef OPENSSL_NO_DH
1235         ADD_TEST_SUITE(DH);
1236         ADD_TEST_SUITE_PARAMS(DH);
1237         ADD_TEST_SUITE(DHX);
1238         ADD_TEST_SUITE_PARAMS(DHX);
1239         /*
1240          * DH has no support for PEM_write_bio_PrivateKey_traditional(),
1241          * so no legacy tests.
1242          */
1243 #endif
1244 #ifndef OPENSSL_NO_DSA
1245         ADD_TEST_SUITE(DSA);
1246         ADD_TEST_SUITE_PARAMS(DSA);
1247         ADD_TEST_SUITE_LEGACY(DSA);
1248         ADD_TEST_SUITE_MSBLOB(DSA);
1249         ADD_TEST_SUITE_UNPROTECTED_PVK(DSA);
1250 # ifndef OPENSSL_NO_RC4
1251         if (use_legacy) {
1252             ADD_TEST_SUITE_PROTECTED_PVK(DSA);
1253         }
1254 # endif
1255 #endif
1256 #ifndef OPENSSL_NO_EC
1257         ADD_TEST_SUITE(EC);
1258         ADD_TEST_SUITE_PARAMS(EC);
1259         ADD_TEST_SUITE_LEGACY(EC);
1260         ADD_TEST_SUITE(ECExplicitPrimeNamedCurve);
1261         ADD_TEST_SUITE_LEGACY(ECExplicitPrimeNamedCurve);
1262         ADD_TEST_SUITE(ECExplicitPrime2G);
1263         ADD_TEST_SUITE_LEGACY(ECExplicitPrime2G);
1264 # ifndef OPENSSL_NO_EC2M
1265         ADD_TEST_SUITE(ECExplicitTriNamedCurve);
1266         ADD_TEST_SUITE_LEGACY(ECExplicitTriNamedCurve);
1267         ADD_TEST_SUITE(ECExplicitTri2G);
1268         ADD_TEST_SUITE_LEGACY(ECExplicitTri2G);
1269 # endif
1270         ADD_TEST_SUITE(ED25519);
1271         ADD_TEST_SUITE(ED448);
1272         ADD_TEST_SUITE(X25519);
1273         ADD_TEST_SUITE(X448);
1274         /*
1275          * ED25519, ED448, X25519 and X448 have no support for
1276          * PEM_write_bio_PrivateKey_traditional(), so no legacy tests.
1277          */
1278 #endif
1279         ADD_TEST_SUITE(RSA);
1280         ADD_TEST_SUITE_LEGACY(RSA);
1281         ADD_TEST_SUITE(RSA_PSS);
1282         /*
1283          * RSA-PSS has no support for PEM_write_bio_PrivateKey_traditional(),
1284          * so no legacy tests.
1285          */
1286         ADD_TEST_SUITE_MSBLOB(RSA);
1287         ADD_TEST_SUITE_UNPROTECTED_PVK(RSA);
1288 # ifndef OPENSSL_NO_RC4
1289         if (use_legacy) {
1290             ADD_TEST_SUITE_PROTECTED_PVK(RSA);
1291         }
1292 # endif
1293     }
1294
1295     return 1;
1296 }
1297
1298 void cleanup_tests(void)
1299 {
1300 #ifndef OPENSSL_NO_EC
1301     OSSL_PARAM_BLD_free_params(ec_explicit_prime_params_nc);
1302     OSSL_PARAM_BLD_free_params(ec_explicit_prime_params_explicit);
1303     OSSL_PARAM_BLD_free(bld_prime_nc);
1304     OSSL_PARAM_BLD_free(bld_prime);
1305 # ifndef OPENSSL_NO_EC2M
1306     OSSL_PARAM_BLD_free_params(ec_explicit_tri_params_nc);
1307     OSSL_PARAM_BLD_free_params(ec_explicit_tri_params_explicit);
1308     OSSL_PARAM_BLD_free(bld_tri_nc);
1309     OSSL_PARAM_BLD_free(bld_tri);
1310 # endif
1311     BN_CTX_free(bnctx);
1312 #endif /* OPENSSL_NO_EC */
1313
1314 #ifndef OPENSSL_NO_DH
1315     FREE_DOMAIN_KEYS(DH);
1316     FREE_DOMAIN_KEYS(DHX);
1317 #endif
1318 #ifndef OPENSSL_NO_DSA
1319     FREE_DOMAIN_KEYS(DSA);
1320 #endif
1321 #ifndef OPENSSL_NO_EC
1322     FREE_DOMAIN_KEYS(EC);
1323     FREE_DOMAIN_KEYS(ECExplicitPrimeNamedCurve);
1324     FREE_DOMAIN_KEYS(ECExplicitPrime2G);
1325 # ifndef OPENSSL_NO_EC2M
1326     FREE_DOMAIN_KEYS(ECExplicitTriNamedCurve);
1327     FREE_DOMAIN_KEYS(ECExplicitTri2G);
1328 # endif
1329     FREE_KEYS(ED25519);
1330     FREE_KEYS(ED448);
1331     FREE_KEYS(X25519);
1332     FREE_KEYS(X448);
1333 #endif
1334     FREE_KEYS(RSA);
1335     FREE_KEYS(RSA_PSS);
1336 }