test/endecode_test.c

   1 /*
   2  * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
   3  *
   4  * Licensed under the Apache License 2.0 (the "License").  You may not use
   5  * this file except in compliance with the License.  You can obtain a copy
   6  * in the file LICENSE in the source distribution or at
   7  * https://www.openssl.org/source/license.html
   8  */
   9
  10 #include <string.h>
  11 #include <openssl/core_dispatch.h>
  12 #include <openssl/evp.h>
  13 #include <openssl/pem.h>
  14 #include <openssl/rsa.h>
  15 #include <openssl/x509.h>
  16 #include <openssl/core_names.h>
  17 #include <openssl/params.h>
  18 #include <openssl/param_build.h>
  19 #include <openssl/encoder.h>
  20 #include <openssl/decoder.h>
  21
  22 #include "internal/cryptlib.h"   /* ossl_assert */
  23 #include "crypto/pem.h"          /* For PVK and "blob" PEM headers */
  24 #include "crypto/evp.h"          /* For evp_pkey_is_provided() */
  25
  26 #include "helpers/predefined_dhparams.h"
  27 #include "testutil.h"
  28
  29 /* Extended test macros to allow passing file & line number */
  30 #define TEST_FL_ptr(a)               test_ptr(file, line, #a, a)
  31 #define TEST_FL_mem_eq(a, m, b, n)   test_mem_eq(file, line, #a, #b, a, m, b, n)
  32 #define TEST_FL_strn_eq(a, b, n)     test_strn_eq(file, line, #a, #b, a, n, b, n)
  33 #define TEST_FL_strn2_eq(a, m, b, n) test_strn_eq(file, line, #a, #b, a, m, b, n)
  34 #define TEST_FL_int_eq(a, b)         test_int_eq(file, line, #a, #b, a, b)
  35 #define TEST_FL_int_ge(a, b)         test_int_ge(file, line, #a, #b, a, b)
  36 #define TEST_FL_int_gt(a, b)         test_int_gt(file, line, #a, #b, a, b)
  37 #define TEST_FL_long_gt(a, b)        test_long_gt(file, line, #a, #b, a, b)
  38 #define TEST_FL_true(a)              test_true(file, line, #a, (a) != 0)
  39
  40 #if defined(OPENSSL_NO_DH) && defined(OPENSSL_NO_DSA) && defined(OPENSSL_NO_EC)
  41 # define OPENSSL_NO_KEYPARAMS
  42 #endif
  43
  44 #ifndef OPENSSL_NO_EC
  45 static BN_CTX *bnctx = NULL;
  46 static OSSL_PARAM_BLD *bld_prime_nc = NULL;
  47 static OSSL_PARAM_BLD *bld_prime = NULL;
  48 static OSSL_PARAM *ec_explicit_prime_params_nc = NULL;
  49 static OSSL_PARAM *ec_explicit_prime_params_explicit = NULL;
  50
  51 # ifndef OPENSSL_NO_EC2M
  52 static OSSL_PARAM_BLD *bld_tri_nc = NULL;
  53 static OSSL_PARAM_BLD *bld_tri = NULL;
  54 static OSSL_PARAM *ec_explicit_tri_params_nc = NULL;
  55 static OSSL_PARAM *ec_explicit_tri_params_explicit = NULL;
  56 # endif
  57 #endif
  58
  59 #ifndef OPENSSL_NO_KEYPARAMS
  60 static EVP_PKEY *make_template(const char *type, OSSL_PARAM *genparams)
  61 {
  62     EVP_PKEY *pkey = NULL;
  63     EVP_PKEY_CTX *ctx = NULL;
  64
  65 # ifndef OPENSSL_NO_DH
  66     /*
  67      * Use 512-bit DH(X) keys with predetermined parameters for efficiency,
  68      * for testing only. Use a minimum key size of 2048 for security purposes.
  69      */
  70     if (strcmp(type, "DH") == 0)
  71         return get_dh512(NULL);
  72     if (strcmp(type, "X9.42 DH") == 0)
  73         return get_dhx512(NULL);
  74 # endif
  75
  76     /*
  77      * No real need to check the errors other than for the cascade
  78      * effect.  |pkey| will simply remain NULL if something goes wrong.
  79      */
  80     (void)((ctx = EVP_PKEY_CTX_new_from_name(NULL, type, NULL)) != NULL
  81            && EVP_PKEY_paramgen_init(ctx) > 0
  82            && (genparams == NULL
  83                || EVP_PKEY_CTX_set_params(ctx, genparams) > 0)
  84            && EVP_PKEY_gen(ctx, &pkey) > 0);
  85     EVP_PKEY_CTX_free(ctx);
  86
  87     return pkey;
  88 }
  89 #endif
  90
  91 static EVP_PKEY *make_key(const char *type, EVP_PKEY *template,
  92                           OSSL_PARAM *genparams)
  93 {
  94     EVP_PKEY *pkey = NULL;
  95     EVP_PKEY_CTX *ctx =
  96         template != NULL
  97         ? EVP_PKEY_CTX_new(template, NULL)
  98         : EVP_PKEY_CTX_new_from_name(NULL, type, NULL);
  99
 100     /*
 101      * No real need to check the errors other than for the cascade
 102      * effect.  |pkey| will simply remain NULL if something goes wrong.
 103      */
 104     (void)(ctx != NULL
 105            && EVP_PKEY_keygen_init(ctx) > 0
 106            && (genparams == NULL
 107                || EVP_PKEY_CTX_set_params(ctx, genparams) > 0)
 108            && EVP_PKEY_keygen(ctx, &pkey) > 0);
 109     EVP_PKEY_CTX_free(ctx);
 110     return pkey;
 111 }
 112
 113 /* Main test driver */
 114
 115 typedef int (encoder)(const char *file, const int line,
 116                       void **encoded, long *encoded_len,
 117                       void *object, int selection,
 118                       const char *output_type, const char *output_structure,
 119                       const char *pass, const char *pcipher);
 120 typedef int (decoder)(const char *file, const int line,
 121                       void **object, void *encoded, long encoded_len,
 122                       const char *input_type, const char *structure_type,
 123                       const char *keytype, int selection, const char *pass);
 124 typedef int (tester)(const char *file, const int line,
 125                      const void *data1, size_t data1_len,
 126                      const void *data2, size_t data2_len);
 127 typedef int (checker)(const char *file, const int line,
 128                       const char *type, const void *data, size_t data_len);
 129 typedef void (dumper)(const char *label, const void *data, size_t data_len);
 130
 131 #define FLAG_DECODE_WITH_TYPE   0x0001
 132
 133 static int test_encode_decode(const char *file, const int line,
 134                               const char *type, EVP_PKEY *pkey,
 135                               int selection, const char *output_type,
 136                               const char *output_structure,
 137                               const char *pass, const char *pcipher,
 138                               encoder *encode_cb, decoder *decode_cb,
 139                               tester *test_cb, checker *check_cb,
 140                               dumper *dump_cb, int flags)
 141 {
 142     void *encoded = NULL;
 143     long encoded_len = 0;
 144     EVP_PKEY *pkey2 = NULL;
 145     void *encoded2 = NULL;
 146     long encoded2_len = 0;
 147     int ok = 0;
 148
 149     /*
 150      * Encode |pkey|, decode the result into |pkey2|, and finish off by
 151      * encoding |pkey2| as well.  That last encoding is for checking and
 152      * dumping purposes.
 153      */
 154     if (!TEST_true(encode_cb(file, line, &encoded, &encoded_len, pkey, selection,
 155                              output_type, output_structure, pass, pcipher))
 156         || !TEST_true(check_cb(file, line, type, encoded, encoded_len))
 157         || !TEST_true(decode_cb(file, line, (void **)&pkey2, encoded, encoded_len,
 158                                 output_type, output_structure,
 159                                 (flags & FLAG_DECODE_WITH_TYPE ? type : NULL),
 160                                 selection, pass))
 161         || !TEST_true(encode_cb(file, line, &encoded2, &encoded2_len, pkey2, selection,
 162                                 output_type, output_structure, pass, pcipher)))
 163         goto end;
 164
 165     if (selection == OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) {
 166         if (!TEST_int_eq(EVP_PKEY_parameters_eq(pkey, pkey2), 1))
 167             goto end;
 168     } else {
 169         if (!TEST_int_eq(EVP_PKEY_eq(pkey, pkey2), 1))
 170             goto end;
 171     }
 172
 173     /*
 174      * Double check the encoding, but only for unprotected keys,
 175      * as protected keys have a random component, which makes the output
 176      * differ.
 177      */
 178     if ((pass == NULL && pcipher == NULL)
 179         && !test_cb(file, line, encoded, encoded_len, encoded2, encoded2_len))
 180         goto end;
 181
 182     ok = 1;
 183  end:
 184     if (!ok) {
 185         if (encoded != NULL && encoded_len != 0)
 186             dump_cb("|pkey| encoded", encoded, encoded_len);
 187         if (encoded2 != NULL && encoded2_len != 0)
 188             dump_cb("|pkey2| encoded", encoded2, encoded2_len);
 189     }
 190
 191     OPENSSL_free(encoded);
 192     OPENSSL_free(encoded2);
 193     EVP_PKEY_free(pkey2);
 194     return ok;
 195 }
 196
 197 /* Encoding and decoding methods */
 198
 199 static int encode_EVP_PKEY_prov(const char *file, const int line,
 200                                 void **encoded, long *encoded_len,
 201                                 void *object, int selection,
 202                                 const char *output_type,
 203                                 const char *output_structure,
 204                                 const char *pass, const char *pcipher)
 205 {
 206     EVP_PKEY *pkey = object;
 207     OSSL_ENCODER_CTX *ectx = NULL;
 208     BIO *mem_ser = NULL;
 209     BUF_MEM *mem_buf = NULL;
 210     const unsigned char *upass = (const unsigned char *)pass;
 211     int ok = 0;
 212
 213     if (!TEST_FL_ptr(ectx = OSSL_ENCODER_CTX_new_for_pkey(pkey, selection,
 214                                                        output_type,
 215                                                        output_structure,
 216                                                        NULL))
 217         || !TEST_FL_int_gt(OSSL_ENCODER_CTX_get_num_encoders(ectx), 0)
 218         || (pass != NULL
 219             && !TEST_FL_true(OSSL_ENCODER_CTX_set_passphrase(ectx, upass,
 220                                                           strlen(pass))))
 221         || (pcipher != NULL
 222             && !TEST_FL_true(OSSL_ENCODER_CTX_set_cipher(ectx, pcipher, NULL)))
 223         || !TEST_FL_ptr(mem_ser = BIO_new(BIO_s_mem()))
 224         || !TEST_FL_true(OSSL_ENCODER_to_bio(ectx, mem_ser))
 225         || !TEST_FL_true(BIO_get_mem_ptr(mem_ser, &mem_buf) > 0)
 226         || !TEST_FL_ptr(*encoded = mem_buf->data)
 227         || !TEST_FL_long_gt(*encoded_len = mem_buf->length, 0))
 228         goto end;
 229
 230     /* Detach the encoded output */
 231     mem_buf->data = NULL;
 232     mem_buf->length = 0;
 233     ok = 1;
 234  end:
 235     BIO_free(mem_ser);
 236     OSSL_ENCODER_CTX_free(ectx);
 237     return ok;
 238 }
 239
 240 static int decode_EVP_PKEY_prov(const char *file, const int line,
 241                                 void **object, void *encoded, long encoded_len,
 242                                 const char *input_type,
 243                                 const char *structure_type,
 244                                 const char *keytype, int selection,
 245                                 const char *pass)
 246 {
 247     EVP_PKEY *pkey = NULL, *testpkey = NULL;
 248     OSSL_DECODER_CTX *dctx = NULL;
 249     BIO *encoded_bio = NULL;
 250     const unsigned char *upass = (const unsigned char *)pass;
 251     int ok = 0;
 252     int i;
 253     const char *badtype;
 254
 255     if (strcmp(input_type, "DER") == 0)
 256         badtype = "PEM";
 257     else
 258         badtype = "DER";
 259
 260     if (!TEST_FL_ptr(encoded_bio = BIO_new_mem_buf(encoded, encoded_len)))
 261         goto end;
 262
 263     /*
 264      * We attempt the decode 3 times. The first time we provide the expected
 265      * starting input type. The second time we provide NULL for the starting
 266      * type. The third time we provide a bad starting input type.
 267      * The bad starting input type should fail. The other two should succeed
 268      * and produce the same result.
 269      */
 270     for (i = 0; i < 3; i++) {
 271         const char *testtype = (i == 0) ? input_type
 272                                         : ((i == 1) ? NULL : badtype);
 273
 274         if (!TEST_FL_ptr(dctx = OSSL_DECODER_CTX_new_for_pkey(&testpkey,
 275                                                            testtype,
 276                                                            structure_type,
 277                                                            keytype,
 278                                                            selection,
 279                                                            NULL, NULL))
 280             || (pass != NULL
 281                 && !OSSL_DECODER_CTX_set_passphrase(dctx, upass, strlen(pass)))
 282             || !TEST_FL_int_gt(BIO_reset(encoded_bio), 0)
 283                /* We expect to fail when using a bad input type */
 284             || !TEST_FL_int_eq(OSSL_DECODER_from_bio(dctx, encoded_bio),
 285                             (i == 2) ? 0 : 1))
 286             goto end;
 287         OSSL_DECODER_CTX_free(dctx);
 288         dctx = NULL;
 289
 290         if (i == 0) {
 291             pkey = testpkey;
 292             testpkey = NULL;
 293         } else if (i == 1) {
 294             if (selection == OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) {
 295                 if (!TEST_FL_int_eq(EVP_PKEY_parameters_eq(pkey, testpkey), 1))
 296                     goto end;
 297             } else {
 298                 if (!TEST_FL_int_eq(EVP_PKEY_eq(pkey, testpkey), 1))
 299                     goto end;
 300             }
 301         }
 302     }
 303     ok = 1;
 304     *object = pkey;
 305     pkey = NULL;
 306
 307  end:
 308     EVP_PKEY_free(pkey);
 309     EVP_PKEY_free(testpkey);
 310     BIO_free(encoded_bio);
 311     OSSL_DECODER_CTX_free(dctx);
 312     return ok;
 313 }
 314
 315 static int encode_EVP_PKEY_legacy_PEM(const char *file, const int line,
 316                                       void **encoded, long *encoded_len,
 317                                       void *object, ossl_unused int selection,
 318                                       ossl_unused const char *output_type,
 319                                       ossl_unused const char *output_structure,
 320                                       const char *pass, const char *pcipher)
 321 {
 322     EVP_PKEY *pkey = object;
 323     EVP_CIPHER *cipher = NULL;
 324     BIO *mem_ser = NULL;
 325     BUF_MEM *mem_buf = NULL;
 326     const unsigned char *upass = (const unsigned char *)pass;
 327     size_t passlen = 0;
 328     int ok = 0;
 329
 330     if (pcipher != NULL && pass != NULL) {
 331         passlen = strlen(pass);
 332         if (!TEST_FL_ptr(cipher = EVP_CIPHER_fetch(NULL, pcipher, NULL)))
 333             goto end;
 334     }
 335     if (!TEST_FL_ptr(mem_ser = BIO_new(BIO_s_mem()))
 336         || !TEST_FL_true(PEM_write_bio_PrivateKey_traditional(mem_ser, pkey,
 337                                                            cipher,
 338                                                            upass, passlen,
 339                                                            NULL, NULL))
 340         || !TEST_FL_true(BIO_get_mem_ptr(mem_ser, &mem_buf) > 0)
 341         || !TEST_FL_ptr(*encoded = mem_buf->data)
 342         || !TEST_FL_long_gt(*encoded_len = mem_buf->length, 0))
 343         goto end;
 344
 345     /* Detach the encoded output */
 346     mem_buf->data = NULL;
 347     mem_buf->length = 0;
 348     ok = 1;
 349  end:
 350     BIO_free(mem_ser);
 351     EVP_CIPHER_free(cipher);
 352     return ok;
 353 }
 354
 355 static int encode_EVP_PKEY_MSBLOB(const char *file, const int line,
 356                                   void **encoded, long *encoded_len,
 357                                   void *object, int selection,
 358                                   ossl_unused const char *output_type,
 359                                   ossl_unused const char *output_structure,
 360                                   ossl_unused const char *pass,
 361                                   ossl_unused const char *pcipher)
 362 {
 363     EVP_PKEY *pkey = object;
 364     BIO *mem_ser = NULL;
 365     BUF_MEM *mem_buf = NULL;
 366     int ok = 0;
 367
 368     if (!TEST_FL_ptr(mem_ser = BIO_new(BIO_s_mem())))
 369         goto end;
 370
 371     if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) {
 372         if (!TEST_FL_int_ge(i2b_PrivateKey_bio(mem_ser, pkey), 0))
 373             goto end;
 374     } else {
 375         if (!TEST_FL_int_ge(i2b_PublicKey_bio(mem_ser, pkey), 0))
 376             goto end;
 377     }
 378
 379     if (!TEST_FL_true(BIO_get_mem_ptr(mem_ser, &mem_buf) > 0)
 380         || !TEST_FL_ptr(*encoded = mem_buf->data)
 381         || !TEST_FL_long_gt(*encoded_len = mem_buf->length, 0))
 382         goto end;
 383
 384     /* Detach the encoded output */
 385     mem_buf->data = NULL;
 386     mem_buf->length = 0;
 387     ok = 1;
 388  end:
 389     BIO_free(mem_ser);
 390     return ok;
 391 }
 392
 393 static pem_password_cb pass_pw;
 394 static int pass_pw(char *buf, int size, int rwflag, void *userdata)
 395 {
 396     OPENSSL_strlcpy(buf, userdata, size);
 397     return strlen(userdata);
 398 }
 399
 400 static int encode_EVP_PKEY_PVK(const char *file, const int line,
 401                                void **encoded, long *encoded_len,
 402                                void *object, int selection,
 403                                ossl_unused const char *output_type,
 404                                ossl_unused const char *output_structure,
 405                                const char *pass,
 406                                ossl_unused const char *pcipher)
 407 {
 408     EVP_PKEY *pkey = object;
 409     BIO *mem_ser = NULL;
 410     BUF_MEM *mem_buf = NULL;
 411     int enc = (pass != NULL);
 412     int ok = 0;
 413
 414     if (!TEST_FL_true(ossl_assert((selection
 415                                 & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0))
 416         || !TEST_FL_ptr(mem_ser = BIO_new(BIO_s_mem()))
 417         || !TEST_FL_int_ge(i2b_PVK_bio(mem_ser, pkey, enc,
 418                                     pass_pw, (void *)pass), 0)
 419         || !TEST_FL_true(BIO_get_mem_ptr(mem_ser, &mem_buf) > 0)
 420         || !TEST_FL_ptr(*encoded = mem_buf->data)
 421         || !TEST_FL_long_gt(*encoded_len = mem_buf->length, 0))
 422         goto end;
 423
 424     /* Detach the encoded output */
 425     mem_buf->data = NULL;
 426     mem_buf->length = 0;
 427     ok = 1;
 428  end:
 429     BIO_free(mem_ser);
 430     return ok;
 431 }
 432
 433 static int test_text(const char *file, const int line,
 434                      const void *data1, size_t data1_len,
 435                      const void *data2, size_t data2_len)
 436 {
 437     return TEST_FL_strn2_eq(data1, data1_len, data2, data2_len);
 438 }
 439
 440 static int test_mem(const char *file, const int line,
 441                     const void *data1, size_t data1_len,
 442                     const void *data2, size_t data2_len)
 443 {
 444     return TEST_FL_mem_eq(data1, data1_len, data2, data2_len);
 445 }
 446
 447 /* Test cases and their dumpers / checkers */
 448
 449 static void collect_name(const char *name, void *arg)
 450 {
 451     char **namelist = arg;
 452     char *new_namelist;
 453     size_t space;
 454
 455     space = strlen(name);
 456     if (*namelist != NULL)
 457         space += strlen(*namelist) + 2 /* for comma and space */;
 458     space++; /* for terminating null byte */
 459
 460     new_namelist = OPENSSL_realloc(*namelist, space);
 461     if (new_namelist == NULL)
 462         return;
 463     if (*namelist != NULL) {
 464         strcat(new_namelist, ", ");
 465         strcat(new_namelist, name);
 466     } else {
 467         strcpy(new_namelist, name);
 468     }
 469     *namelist = new_namelist;
 470 }
 471
 472 static void dump_der(const char *label, const void *data, size_t data_len)
 473 {
 474     test_output_memory(label, data, data_len);
 475 }
 476
 477 static void dump_pem(const char *label, const void *data, size_t data_len)
 478 {
 479     test_output_string(label, data, data_len - 1);
 480 }
 481
 482 static int check_unprotected_PKCS8_DER(const char *file, const int line,
 483                                        const char *type,
 484                                        const void *data, size_t data_len)
 485 {
 486     const unsigned char *datap = data;
 487     PKCS8_PRIV_KEY_INFO *p8inf =
 488         d2i_PKCS8_PRIV_KEY_INFO(NULL, &datap, data_len);
 489     int ok = 0;
 490
 491     if (TEST_FL_ptr(p8inf)) {
 492         EVP_PKEY *pkey = EVP_PKCS82PKEY(p8inf);
 493         char *namelist = NULL;
 494
 495         if (TEST_FL_ptr(pkey)) {
 496             if (!(ok = TEST_FL_true(EVP_PKEY_is_a(pkey, type)))) {
 497                 EVP_PKEY_typenames_do_all(pkey, collect_name, &namelist);
 498                 if (namelist != NULL)
 499                     TEST_note("%s isn't any of %s", type, namelist);
 500                 OPENSSL_free(namelist);
 501             }
 502             ok = ok && TEST_FL_true(evp_pkey_is_provided(pkey));
 503             EVP_PKEY_free(pkey);
 504         }
 505     }
 506     PKCS8_PRIV_KEY_INFO_free(p8inf);
 507     return ok;
 508 }
 509
 510 static int test_unprotected_via_DER(const char *type, EVP_PKEY *key)
 511 {
 512     return test_encode_decode(__FILE__, __LINE__, type, key,
 513                               OSSL_KEYMGMT_SELECT_KEYPAIR
 514                               | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS,
 515                               "DER", "pkcs8", NULL, NULL,
 516                               encode_EVP_PKEY_prov, decode_EVP_PKEY_prov,
 517                               test_mem, check_unprotected_PKCS8_DER,
 518                               dump_der, 0);
 519 }
 520
 521 static int check_unprotected_PKCS8_PEM(const char *file, const int line,
 522                                        const char *type,
 523                                        const void *data, size_t data_len)
 524 {
 525     static const char expected_pem_header[] =
 526         "-----BEGIN " PEM_STRING_PKCS8INF "-----";
 527
 528     return TEST_FL_strn_eq(data, expected_pem_header,
 529                         sizeof(expected_pem_header) - 1);
 530 }
 531
 532 static int test_unprotected_via_PEM(const char *type, EVP_PKEY *key)
 533 {
 534     return test_encode_decode(__FILE__, __LINE__, type, key, OSSL_KEYMGMT_SELECT_KEYPAIR
 535                               | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS,
 536                               "PEM", "pkcs8", NULL, NULL,
 537                               encode_EVP_PKEY_prov, decode_EVP_PKEY_prov,
 538                               test_text, check_unprotected_PKCS8_PEM,
 539                               dump_pem, 0);
 540 }
 541
 542 #ifndef OPENSSL_NO_KEYPARAMS
 543 static int check_params_DER(const char *file, const int line,
 544                             const char *type, const void *data, size_t data_len)
 545 {
 546     const unsigned char *datap = data;
 547     int ok = 0;
 548     int itype = NID_undef;
 549     EVP_PKEY *pkey = NULL;
 550
 551     if (strcmp(type, "DH") == 0)
 552         itype = EVP_PKEY_DH;
 553     else if (strcmp(type, "X9.42 DH") == 0)
 554         itype = EVP_PKEY_DHX;
 555     else if (strcmp(type, "DSA") ==  0)
 556         itype = EVP_PKEY_DSA;
 557     else if (strcmp(type, "EC") ==  0)
 558         itype = EVP_PKEY_EC;
 559
 560     if (itype != NID_undef) {
 561         pkey = d2i_KeyParams(itype, NULL, &datap, data_len);
 562         ok = (pkey != NULL);
 563         EVP_PKEY_free(pkey);
 564     }
 565
 566     return ok;
 567 }
 568
 569 static int check_params_PEM(const char *file, const int line,
 570                             const char *type,
 571                             const void *data, size_t data_len)
 572 {
 573     static char expected_pem_header[80];
 574
 575     return
 576         TEST_FL_int_gt(BIO_snprintf(expected_pem_header,
 577                                  sizeof(expected_pem_header),
 578                                  "-----BEGIN %s PARAMETERS-----", type), 0)
 579         && TEST_FL_strn_eq(data, expected_pem_header, strlen(expected_pem_header));
 580 }
 581
 582 static int test_params_via_DER(const char *type, EVP_PKEY *key)
 583 {
 584     return test_encode_decode(__FILE__, __LINE__, type, key, OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS,
 585                               "DER", "type-specific", NULL, NULL,
 586                               encode_EVP_PKEY_prov, decode_EVP_PKEY_prov,
 587                               test_mem, check_params_DER,
 588                               dump_der, FLAG_DECODE_WITH_TYPE);
 589 }
 590
 591 static int test_params_via_PEM(const char *type, EVP_PKEY *key)
 592 {
 593     return test_encode_decode(__FILE__, __LINE__, type, key, OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS,
 594                               "PEM", "type-specific", NULL, NULL,
 595                               encode_EVP_PKEY_prov, decode_EVP_PKEY_prov,
 596                               test_text, check_params_PEM,
 597                               dump_pem, 0);
 598 }
 599 #endif /* !OPENSSL_NO_KEYPARAMS */
 600
 601 static int check_unprotected_legacy_PEM(const char *file, const int line,
 602                                         const char *type,
 603                                         const void *data, size_t data_len)
 604 {
 605     static char expected_pem_header[80];
 606
 607     return
 608         TEST_FL_int_gt(BIO_snprintf(expected_pem_header,
 609                                  sizeof(expected_pem_header),
 610                                  "-----BEGIN %s PRIVATE KEY-----", type), 0)
 611         && TEST_FL_strn_eq(data, expected_pem_header, strlen(expected_pem_header));
 612 }
 613
 614 static int test_unprotected_via_legacy_PEM(const char *type, EVP_PKEY *key)
 615 {
 616     return test_encode_decode(__FILE__, __LINE__, type, key,
 617                               OSSL_KEYMGMT_SELECT_KEYPAIR
 618                               | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS,
 619                               "PEM", "type-specific", NULL, NULL,
 620                               encode_EVP_PKEY_legacy_PEM, decode_EVP_PKEY_prov,
 621                               test_text, check_unprotected_legacy_PEM,
 622                               dump_pem, 0);
 623 }
 624
 625 static int check_MSBLOB(const char *file, const int line,
 626                         const char *type, const void *data, size_t data_len)
 627 {
 628     const unsigned char *datap = data;
 629     EVP_PKEY *pkey = b2i_PrivateKey(&datap, data_len);
 630     int ok = TEST_FL_ptr(pkey);
 631
 632     EVP_PKEY_free(pkey);
 633     return ok;
 634 }
 635
 636 static int test_unprotected_via_MSBLOB(const char *type, EVP_PKEY *key)
 637 {
 638     return test_encode_decode(__FILE__, __LINE__, type, key,
 639                               OSSL_KEYMGMT_SELECT_KEYPAIR
 640                               | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS,
 641                               "MSBLOB", NULL, NULL, NULL,
 642                               encode_EVP_PKEY_MSBLOB, decode_EVP_PKEY_prov,
 643                               test_mem, check_MSBLOB,
 644                               dump_der, 0);
 645 }
 646
 647 static int check_PVK(const char *file, const int line,
 648                      const char *type, const void *data, size_t data_len)
 649 {
 650     const unsigned char *in = data;
 651     unsigned int saltlen = 0, keylen = 0;
 652     int ok = ossl_do_PVK_header(&in, data_len, 0, &saltlen, &keylen);
 653
 654     return ok;
 655 }
 656
 657 static int test_unprotected_via_PVK(const char *type, EVP_PKEY *key)
 658 {
 659     return test_encode_decode(__FILE__, __LINE__, type, key,
 660                               OSSL_KEYMGMT_SELECT_KEYPAIR
 661                               | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS,
 662                               "PVK", NULL, NULL, NULL,
 663                               encode_EVP_PKEY_PVK, decode_EVP_PKEY_prov,
 664                               test_mem, check_PVK,
 665                               dump_der, 0);
 666 }
 667
 668 static const char *pass_cipher = "AES-256-CBC";
 669 static const char *pass = "the holy handgrenade of antioch";
 670
 671 static int check_protected_PKCS8_DER(const char *file, const int line,
 672                                      const char *type,
 673                                      const void *data, size_t data_len)
 674 {
 675     const unsigned char *datap = data;
 676     X509_SIG *p8 = d2i_X509_SIG(NULL, &datap, data_len);
 677     int ok = TEST_FL_ptr(p8);
 678
 679     X509_SIG_free(p8);
 680     return ok;
 681 }
 682
 683 static int test_protected_via_DER(const char *type, EVP_PKEY *key)
 684 {
 685     return test_encode_decode(__FILE__, __LINE__, type, key,
 686                               OSSL_KEYMGMT_SELECT_KEYPAIR
 687                               | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS,
 688                               "DER", "pkcs8", pass, pass_cipher,
 689                               encode_EVP_PKEY_prov, decode_EVP_PKEY_prov,
 690                               test_mem, check_protected_PKCS8_DER,
 691                               dump_der, 0);
 692 }
 693
 694 static int check_protected_PKCS8_PEM(const char *file, const int line,
 695                                      const char *type,
 696                                      const void *data, size_t data_len)
 697 {
 698     static const char expected_pem_header[] =
 699         "-----BEGIN " PEM_STRING_PKCS8 "-----";
 700
 701     return TEST_FL_strn_eq(data, expected_pem_header,
 702                         sizeof(expected_pem_header) - 1);
 703 }
 704
 705 static int test_protected_via_PEM(const char *type, EVP_PKEY *key)
 706 {
 707     return test_encode_decode(__FILE__, __LINE__, type, key,
 708                               OSSL_KEYMGMT_SELECT_KEYPAIR
 709                               | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS,
 710                               "PEM", "pkcs8", pass, pass_cipher,
 711                               encode_EVP_PKEY_prov, decode_EVP_PKEY_prov,
 712                               test_text, check_protected_PKCS8_PEM,
 713                               dump_pem, 0);
 714 }
 715
 716 static int check_protected_legacy_PEM(const char *file, const int line,
 717                                       const char *type,
 718                                       const void *data, size_t data_len)
 719 {
 720     static char expected_pem_header[80];
 721
 722     return
 723         TEST_FL_int_gt(BIO_snprintf(expected_pem_header,
 724                                  sizeof(expected_pem_header),
 725                                  "-----BEGIN %s PRIVATE KEY-----", type), 0)
 726         && TEST_FL_strn_eq(data, expected_pem_header, strlen(expected_pem_header))
 727         && TEST_FL_ptr(strstr(data, "\nDEK-Info: "));
 728 }
 729
 730 static int test_protected_via_legacy_PEM(const char *type, EVP_PKEY *key)
 731 {
 732     return test_encode_decode(__FILE__, __LINE__, type, key,
 733                               OSSL_KEYMGMT_SELECT_KEYPAIR
 734                               | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS,
 735                               "PEM", "type-specific", pass, pass_cipher,
 736                               encode_EVP_PKEY_legacy_PEM, decode_EVP_PKEY_prov,
 737                               test_text, check_protected_legacy_PEM,
 738                               dump_pem, 0);
 739 }
 740
 741 #ifndef OPENSSL_NO_RC4
 742 static int test_protected_via_PVK(const char *type, EVP_PKEY *key)
 743 {
 744     return test_encode_decode(__FILE__, __LINE__, type, key,
 745                               OSSL_KEYMGMT_SELECT_KEYPAIR
 746                               | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS,
 747                               "PVK", NULL, pass, NULL,
 748                               encode_EVP_PKEY_PVK, decode_EVP_PKEY_prov,
 749                               test_mem, check_PVK, dump_der, 0);
 750 }
 751 #endif
 752
 753 static int check_public_DER(const char *file, const int line,
 754                             const char *type, const void *data, size_t data_len)
 755 {
 756     const unsigned char *datap = data;
 757     EVP_PKEY *pkey = d2i_PUBKEY(NULL, &datap, data_len);
 758     int ok = (TEST_FL_ptr(pkey) && TEST_FL_true(EVP_PKEY_is_a(pkey, type)));
 759
 760     EVP_PKEY_free(pkey);
 761     return ok;
 762 }
 763
 764 static int test_public_via_DER(const char *type, EVP_PKEY *key)
 765 {
 766     return test_encode_decode(__FILE__, __LINE__, type, key,
 767                               OSSL_KEYMGMT_SELECT_PUBLIC_KEY
 768                               | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS,
 769                               "DER", "SubjectPublicKeyInfo", NULL, NULL,
 770                               encode_EVP_PKEY_prov, decode_EVP_PKEY_prov,
 771                               test_mem, check_public_DER, dump_der, 0);
 772 }
 773
 774 static int check_public_PEM(const char *file, const int line,
 775                             const char *type, const void *data, size_t data_len)
 776 {
 777     static const char expected_pem_header[] =
 778         "-----BEGIN " PEM_STRING_PUBLIC "-----";
 779
 780     return
 781         TEST_FL_strn_eq(data, expected_pem_header,
 782                      sizeof(expected_pem_header) - 1);
 783 }
 784
 785 static int test_public_via_PEM(const char *type, EVP_PKEY *key)
 786 {
 787     return test_encode_decode(__FILE__, __LINE__, type, key,
 788                               OSSL_KEYMGMT_SELECT_PUBLIC_KEY
 789                               | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS,
 790                               "PEM", "SubjectPublicKeyInfo", NULL, NULL,
 791                               encode_EVP_PKEY_prov, decode_EVP_PKEY_prov,
 792                               test_text, check_public_PEM, dump_pem, 0);
 793 }
 794
 795 static int check_public_MSBLOB(const char *file, const int line,
 796                                const char *type,
 797                                const void *data, size_t data_len)
 798 {
 799     const unsigned char *datap = data;
 800     EVP_PKEY *pkey = b2i_PublicKey(&datap, data_len);
 801     int ok = TEST_FL_ptr(pkey);
 802
 803     EVP_PKEY_free(pkey);
 804     return ok;
 805 }
 806
 807 static int test_public_via_MSBLOB(const char *type, EVP_PKEY *key)
 808 {
 809     return test_encode_decode(__FILE__, __LINE__, type, key, OSSL_KEYMGMT_SELECT_PUBLIC_KEY
 810                               | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS,
 811                               "MSBLOB", NULL, NULL, NULL,
 812                               encode_EVP_PKEY_MSBLOB, decode_EVP_PKEY_prov,
 813                               test_mem, check_public_MSBLOB, dump_der, 0);
 814 }
 815
 816 #define KEYS(KEYTYPE)                           \
 817     static EVP_PKEY *key_##KEYTYPE = NULL
 818 #define MAKE_KEYS(KEYTYPE, KEYTYPEstr, params)                          \
 819     ok = ok                                                             \
 820         && TEST_ptr(key_##KEYTYPE = make_key(KEYTYPEstr, NULL, params))
 821 #define FREE_KEYS(KEYTYPE)                                              \
 822     EVP_PKEY_free(key_##KEYTYPE);                                       \
 823
 824 #define DOMAIN_KEYS(KEYTYPE)                    \
 825     static EVP_PKEY *template_##KEYTYPE = NULL; \
 826     static EVP_PKEY *key_##KEYTYPE = NULL
 827 #define MAKE_DOMAIN_KEYS(KEYTYPE, KEYTYPEstr, params)                   \
 828     ok = ok                                                             \
 829         && TEST_ptr(template_##KEYTYPE =                                \
 830                     make_template(KEYTYPEstr, params))                  \
 831         && TEST_ptr(key_##KEYTYPE =                                     \
 832                     make_key(KEYTYPEstr, template_##KEYTYPE, NULL))
 833 #define FREE_DOMAIN_KEYS(KEYTYPE)                                       \
 834     EVP_PKEY_free(template_##KEYTYPE);                                  \
 835     EVP_PKEY_free(key_##KEYTYPE)
 836
 837 #define IMPLEMENT_TEST_SUITE(KEYTYPE, KEYTYPEstr)                       \
 838     static int test_unprotected_##KEYTYPE##_via_DER(void)               \
 839     {                                                                   \
 840         return test_unprotected_via_DER(KEYTYPEstr, key_##KEYTYPE);     \
 841     }                                                                   \
 842     static int test_unprotected_##KEYTYPE##_via_PEM(void)               \
 843     {                                                                   \
 844         return test_unprotected_via_PEM(KEYTYPEstr, key_##KEYTYPE);     \
 845     }                                                                   \
 846     static int test_protected_##KEYTYPE##_via_DER(void)                 \
 847     {                                                                   \
 848         return test_protected_via_DER(KEYTYPEstr, key_##KEYTYPE);       \
 849     }                                                                   \
 850     static int test_protected_##KEYTYPE##_via_PEM(void)                 \
 851     {                                                                   \
 852         return test_protected_via_PEM(KEYTYPEstr, key_##KEYTYPE);       \
 853     }                                                                   \
 854     static int test_public_##KEYTYPE##_via_DER(void)                    \
 855     {                                                                   \
 856         return test_public_via_DER(KEYTYPEstr, key_##KEYTYPE);          \
 857     }                                                                   \
 858     static int test_public_##KEYTYPE##_via_PEM(void)                    \
 859     {                                                                   \
 860         return test_public_via_PEM(KEYTYPEstr, key_##KEYTYPE);          \
 861     }
 862
 863 #define ADD_TEST_SUITE(KEYTYPE)                                 \
 864     ADD_TEST(test_unprotected_##KEYTYPE##_via_DER);             \
 865     ADD_TEST(test_unprotected_##KEYTYPE##_via_PEM);             \
 866     ADD_TEST(test_protected_##KEYTYPE##_via_DER);               \
 867     ADD_TEST(test_protected_##KEYTYPE##_via_PEM);               \
 868     ADD_TEST(test_public_##KEYTYPE##_via_DER);                  \
 869     ADD_TEST(test_public_##KEYTYPE##_via_PEM)
 870
 871 #define IMPLEMENT_TEST_SUITE_PARAMS(KEYTYPE, KEYTYPEstr)           \
 872     static int test_params_##KEYTYPE##_via_DER(void)               \
 873     {                                                              \
 874         return test_params_via_DER(KEYTYPEstr, key_##KEYTYPE);     \
 875     }                                                              \
 876     static int test_params_##KEYTYPE##_via_PEM(void)               \
 877     {                                                              \
 878         return test_params_via_PEM(KEYTYPEstr, key_##KEYTYPE);     \
 879     }
 880
 881 #define ADD_TEST_SUITE_PARAMS(KEYTYPE)                          \
 882     ADD_TEST(test_params_##KEYTYPE##_via_DER);                  \
 883     ADD_TEST(test_params_##KEYTYPE##_via_PEM)
 884
 885 #define IMPLEMENT_TEST_SUITE_LEGACY(KEYTYPE, KEYTYPEstr)                \
 886     static int test_unprotected_##KEYTYPE##_via_legacy_PEM(void)        \
 887     {                                                                   \
 888         return                                                          \
 889             test_unprotected_via_legacy_PEM(KEYTYPEstr, key_##KEYTYPE); \
 890     }                                                                   \
 891     static int test_protected_##KEYTYPE##_via_legacy_PEM(void)          \
 892     {                                                                   \
 893         return                                                          \
 894             test_protected_via_legacy_PEM(KEYTYPEstr, key_##KEYTYPE);   \
 895     }
 896
 897 #define ADD_TEST_SUITE_LEGACY(KEYTYPE)                                  \
 898     ADD_TEST(test_unprotected_##KEYTYPE##_via_legacy_PEM);              \
 899     ADD_TEST(test_protected_##KEYTYPE##_via_legacy_PEM)
 900
 901 #define IMPLEMENT_TEST_SUITE_MSBLOB(KEYTYPE, KEYTYPEstr)                \
 902     static int test_unprotected_##KEYTYPE##_via_MSBLOB(void)            \
 903     {                                                                   \
 904         return test_unprotected_via_MSBLOB(KEYTYPEstr, key_##KEYTYPE);  \
 905     }                                                                   \
 906     static int test_public_##KEYTYPE##_via_MSBLOB(void)                 \
 907     {                                                                   \
 908         return test_public_via_MSBLOB(KEYTYPEstr, key_##KEYTYPE);       \
 909     }
 910
 911 #define ADD_TEST_SUITE_MSBLOB(KEYTYPE)                                  \
 912     ADD_TEST(test_unprotected_##KEYTYPE##_via_MSBLOB);                  \
 913     ADD_TEST(test_public_##KEYTYPE##_via_MSBLOB)
 914
 915 #define IMPLEMENT_TEST_SUITE_UNPROTECTED_PVK(KEYTYPE, KEYTYPEstr)       \
 916     static int test_unprotected_##KEYTYPE##_via_PVK(void)               \
 917     {                                                                   \
 918         return test_unprotected_via_PVK(KEYTYPEstr, key_##KEYTYPE);     \
 919     }
 920 # define ADD_TEST_SUITE_UNPROTECTED_PVK(KEYTYPE)                        \
 921     ADD_TEST(test_unprotected_##KEYTYPE##_via_PVK)
 922 #ifndef OPENSSL_NO_RC4
 923 # define IMPLEMENT_TEST_SUITE_PROTECTED_PVK(KEYTYPE, KEYTYPEstr)        \
 924     static int test_protected_##KEYTYPE##_via_PVK(void)                 \
 925     {                                                                   \
 926         return test_protected_via_PVK(KEYTYPEstr, key_##KEYTYPE);       \
 927     }
 928 # define ADD_TEST_SUITE_PROTECTED_PVK(KEYTYPE)                          \
 929     ADD_TEST(test_protected_##KEYTYPE##_via_PVK)
 930 #endif
 931
 932 #ifndef OPENSSL_NO_DH
 933 DOMAIN_KEYS(DH);
 934 IMPLEMENT_TEST_SUITE(DH, "DH")
 935 IMPLEMENT_TEST_SUITE_PARAMS(DH, "DH")
 936 DOMAIN_KEYS(DHX);
 937 IMPLEMENT_TEST_SUITE(DHX, "X9.42 DH")
 938 IMPLEMENT_TEST_SUITE_PARAMS(DHX, "X9.42 DH")
 939 /*
 940  * DH has no support for PEM_write_bio_PrivateKey_traditional(),
 941  * so no legacy tests.
 942  */
 943 #endif
 944 #ifndef OPENSSL_NO_DSA
 945 DOMAIN_KEYS(DSA);
 946 IMPLEMENT_TEST_SUITE(DSA, "DSA")
 947 IMPLEMENT_TEST_SUITE_PARAMS(DSA, "DSA")
 948 IMPLEMENT_TEST_SUITE_LEGACY(DSA, "DSA")
 949 IMPLEMENT_TEST_SUITE_MSBLOB(DSA, "DSA")
 950 IMPLEMENT_TEST_SUITE_UNPROTECTED_PVK(DSA, "DSA")
 951 # ifndef OPENSSL_NO_RC4
 952 IMPLEMENT_TEST_SUITE_PROTECTED_PVK(DSA, "DSA")
 953 # endif
 954 #endif
 955 #ifndef OPENSSL_NO_EC
 956 DOMAIN_KEYS(EC);
 957 IMPLEMENT_TEST_SUITE(EC, "EC")
 958 IMPLEMENT_TEST_SUITE_PARAMS(EC, "EC")
 959 IMPLEMENT_TEST_SUITE_LEGACY(EC, "EC")
 960 DOMAIN_KEYS(ECExplicitPrimeNamedCurve);
 961 IMPLEMENT_TEST_SUITE(ECExplicitPrimeNamedCurve, "EC")
 962 IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitPrimeNamedCurve, "EC")
 963 DOMAIN_KEYS(ECExplicitPrime2G);
 964 IMPLEMENT_TEST_SUITE(ECExplicitPrime2G, "EC")
 965 IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitPrime2G, "EC")
 966 # ifndef OPENSSL_NO_EC2M
 967 DOMAIN_KEYS(ECExplicitTriNamedCurve);
 968 IMPLEMENT_TEST_SUITE(ECExplicitTriNamedCurve, "EC")
 969 IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitTriNamedCurve, "EC")
 970 DOMAIN_KEYS(ECExplicitTri2G);
 971 IMPLEMENT_TEST_SUITE(ECExplicitTri2G, "EC")
 972 IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitTri2G, "EC")
 973 # endif
 974 KEYS(ED25519);
 975 IMPLEMENT_TEST_SUITE(ED25519, "ED25519")
 976 KEYS(ED448);
 977 IMPLEMENT_TEST_SUITE(ED448, "ED448")
 978 KEYS(X25519);
 979 IMPLEMENT_TEST_SUITE(X25519, "X25519")
 980 KEYS(X448);
 981 IMPLEMENT_TEST_SUITE(X448, "X448")
 982 /*
 983  * ED25519, ED448, X25519 and X448 have no support for
 984  * PEM_write_bio_PrivateKey_traditional(), so no legacy tests.
 985  */
 986 #endif
 987 KEYS(RSA);
 988 IMPLEMENT_TEST_SUITE(RSA, "RSA")
 989 IMPLEMENT_TEST_SUITE_LEGACY(RSA, "RSA")
 990 KEYS(RSA_PSS);
 991 IMPLEMENT_TEST_SUITE(RSA_PSS, "RSA-PSS")
 992 /*
 993  * RSA-PSS has no support for PEM_write_bio_PrivateKey_traditional(),
 994  * so no legacy tests.
 995  */
 996 IMPLEMENT_TEST_SUITE_MSBLOB(RSA, "RSA")
 997 IMPLEMENT_TEST_SUITE_UNPROTECTED_PVK(RSA, "RSA")
 998 #ifndef OPENSSL_NO_RC4
 999 IMPLEMENT_TEST_SUITE_PROTECTED_PVK(RSA, "RSA")
1000 #endif
1001
1002 #ifndef OPENSSL_NO_EC
1003 /* Explicit parameters that match a named curve */
1004 static int do_create_ec_explicit_prime_params(OSSL_PARAM_BLD *bld,
1005                                               const unsigned char *gen,
1006                                               size_t gen_len)
1007 {
1008     BIGNUM *a, *b, *prime, *order;
1009
1010     /* Curve prime256v1 */
1011     static const unsigned char prime_data[] = {
1012         0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00,
1013         0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1014         0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff,
1015         0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
1016         0xff
1017     };
1018     static const unsigned char a_data[] = {
1019         0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00,
1020         0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1021         0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff,
1022         0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
1023         0xfc
1024     };
1025     static const unsigned char b_data[] = {
1026         0x5a, 0xc6, 0x35, 0xd8, 0xaa, 0x3a, 0x93, 0xe7,
1027         0xb3, 0xeb, 0xbd, 0x55, 0x76, 0x98, 0x86, 0xbc,
1028         0x65, 0x1d, 0x06, 0xb0, 0xcc, 0x53, 0xb0, 0xf6,
1029         0x3b, 0xce, 0x3c, 0x3e, 0x27, 0xd2, 0x60, 0x4b
1030     };
1031     static const unsigned char seed[] = {
1032         0xc4, 0x9d, 0x36, 0x08, 0x86, 0xe7, 0x04, 0x93,
1033         0x6a, 0x66, 0x78, 0xe1, 0x13, 0x9d, 0x26, 0xb7,
1034         0x81, 0x9f, 0x7e, 0x90
1035     };
1036     static const unsigned char order_data[] = {
1037         0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00,
1038         0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
1039         0xff, 0xbc, 0xe6, 0xfa, 0xad, 0xa7, 0x17, 0x9e,
1040         0x84, 0xf3, 0xb9, 0xca, 0xc2, 0xfc, 0x63, 0x25, 0x51
1041     };
1042     return TEST_ptr(a = BN_CTX_get(bnctx))
1043            && TEST_ptr(b = BN_CTX_get(bnctx))
1044            && TEST_ptr(prime = BN_CTX_get(bnctx))
1045            && TEST_ptr(order = BN_CTX_get(bnctx))
1046            && TEST_ptr(BN_bin2bn(prime_data, sizeof(prime_data), prime))
1047            && TEST_ptr(BN_bin2bn(a_data, sizeof(a_data), a))
1048            && TEST_ptr(BN_bin2bn(b_data, sizeof(b_data), b))
1049            && TEST_ptr(BN_bin2bn(order_data, sizeof(order_data), order))
1050            && TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
1051                             OSSL_PKEY_PARAM_EC_FIELD_TYPE, SN_X9_62_prime_field,
1052                             0))
1053            && TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_P, prime))
1054            && TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_A, a))
1055            && TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_B, b))
1056            && TEST_true(OSSL_PARAM_BLD_push_BN(bld,
1057                             OSSL_PKEY_PARAM_EC_ORDER, order))
1058            && TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
1059                             OSSL_PKEY_PARAM_EC_GENERATOR, gen, gen_len))
1060            && TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
1061                             OSSL_PKEY_PARAM_EC_SEED, seed, sizeof(seed)))
1062            && TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_COFACTOR,
1063                                                BN_value_one()));
1064 }
1065
1066 static int create_ec_explicit_prime_params_namedcurve(OSSL_PARAM_BLD *bld)
1067 {
1068     static const unsigned char prime256v1_gen[] = {
1069         0x04,
1070         0x6b, 0x17, 0xd1, 0xf2, 0xe1, 0x2c, 0x42, 0x47,
1071         0xf8, 0xbc, 0xe6, 0xe5, 0x63, 0xa4, 0x40, 0xf2,
1072         0x77, 0x03, 0x7d, 0x81, 0x2d, 0xeb, 0x33, 0xa0,
1073         0xf4, 0xa1, 0x39, 0x45, 0xd8, 0x98, 0xc2, 0x96,
1074         0x4f, 0xe3, 0x42, 0xe2, 0xfe, 0x1a, 0x7f, 0x9b,
1075         0x8e, 0xe7, 0xeb, 0x4a, 0x7c, 0x0f, 0x9e, 0x16,
1076         0x2b, 0xce, 0x33, 0x57, 0x6b, 0x31, 0x5e, 0xce,
1077         0xcb, 0xb6, 0x40, 0x68, 0x37, 0xbf, 0x51, 0xf5
1078     };
1079     return do_create_ec_explicit_prime_params(bld, prime256v1_gen,
1080                                               sizeof(prime256v1_gen));
1081 }
1082
1083 static int create_ec_explicit_prime_params(OSSL_PARAM_BLD *bld)
1084 {
1085     /* 2G */
1086     static const unsigned char prime256v1_gen2[] = {
1087         0x04,
1088         0xe4, 0x97, 0x08, 0xbe, 0x7d, 0xfa, 0xa2, 0x9a,
1089         0xa3, 0x12, 0x6f, 0xe4, 0xe7, 0xd0, 0x25, 0xe3,
1090         0x4a, 0xc1, 0x03, 0x15, 0x8c, 0xd9, 0x33, 0xc6,
1091         0x97, 0x42, 0xf5, 0xdc, 0x97, 0xb9, 0xd7, 0x31,
1092         0xe9, 0x7d, 0x74, 0x3d, 0x67, 0x6a, 0x3b, 0x21,
1093         0x08, 0x9c, 0x31, 0x73, 0xf8, 0xc1, 0x27, 0xc9,
1094         0xd2, 0xa0, 0xa0, 0x83, 0x66, 0xe0, 0xc9, 0xda,
1095         0xa8, 0xc6, 0x56, 0x2b, 0x94, 0xb1, 0xae, 0x55
1096     };
1097     return do_create_ec_explicit_prime_params(bld, prime256v1_gen2,
1098                                               sizeof(prime256v1_gen2));
1099 }
1100
1101 # ifndef OPENSSL_NO_EC2M
1102 static int do_create_ec_explicit_trinomial_params(OSSL_PARAM_BLD *bld,
1103                                                   const unsigned char *gen,
1104                                                   size_t gen_len)
1105 {
1106     BIGNUM *a, *b, *poly, *order, *cofactor;
1107     /* sect233k1 characteristic-two-field tpBasis */
1108     static const unsigned char poly_data[] = {
1109         0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1110         0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00,
1111         0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
1112     };
1113     static const unsigned char a_data[] = {
1114         0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1115         0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1116         0x00, 0x00, 0x00, 0x00, 0x00, 0x00
1117     };
1118     static const unsigned char b_data[] = {
1119         0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1120         0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1121         0x00, 0x00, 0x00, 0x00, 0x00, 0x01
1122     };
1123     static const unsigned char order_data[] = {
1124         0x00, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1125         0x00, 0x00, 0x00, 0x06, 0x9D, 0x5B, 0xB9, 0x15, 0xBC, 0xD4, 0x6E, 0xFB,
1126         0x1A, 0xD5, 0xF1, 0x73, 0xAB, 0xDF
1127     };
1128     static const unsigned char cofactor_data[]= {
1129         0x4
1130     };
1131     return TEST_ptr(a = BN_CTX_get(bnctx))
1132            && TEST_ptr(b = BN_CTX_get(bnctx))
1133            && TEST_ptr(poly = BN_CTX_get(bnctx))
1134            && TEST_ptr(order = BN_CTX_get(bnctx))
1135            && TEST_ptr(cofactor = BN_CTX_get(bnctx))
1136            && TEST_ptr(BN_bin2bn(poly_data, sizeof(poly_data), poly))
1137            && TEST_ptr(BN_bin2bn(a_data, sizeof(a_data), a))
1138            && TEST_ptr(BN_bin2bn(b_data, sizeof(b_data), b))
1139            && TEST_ptr(BN_bin2bn(order_data, sizeof(order_data), order))
1140            && TEST_ptr(BN_bin2bn(cofactor_data, sizeof(cofactor_data), cofactor))
1141            && TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
1142                             OSSL_PKEY_PARAM_EC_FIELD_TYPE,
1143                             SN_X9_62_characteristic_two_field, 0))
1144            && TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_P, poly))
1145            && TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_A, a))
1146            && TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_B, b))
1147            && TEST_true(OSSL_PARAM_BLD_push_BN(bld,
1148                             OSSL_PKEY_PARAM_EC_ORDER, order))
1149            && TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
1150                             OSSL_PKEY_PARAM_EC_GENERATOR, gen, gen_len))
1151            && TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_EC_COFACTOR,
1152                                                cofactor));
1153 }
1154
1155 static int create_ec_explicit_trinomial_params_namedcurve(OSSL_PARAM_BLD *bld)
1156 {
1157     static const unsigned char gen[] = {
1158         0x04,
1159         0x01, 0x72, 0x32, 0xBA, 0x85, 0x3A, 0x7E, 0x73, 0x1A, 0xF1, 0x29, 0xF2,
1160         0x2F, 0xF4, 0x14, 0x95, 0x63, 0xA4, 0x19, 0xC2, 0x6B, 0xF5, 0x0A, 0x4C,
1161         0x9D, 0x6E, 0xEF, 0xAD, 0x61, 0x26,
1162         0x01, 0xDB, 0x53, 0x7D, 0xEC, 0xE8, 0x19, 0xB7, 0xF7, 0x0F, 0x55, 0x5A,
1163         0x67, 0xC4, 0x27, 0xA8, 0xCD, 0x9B, 0xF1, 0x8A, 0xEB, 0x9B, 0x56, 0xE0,
1164         0xC1, 0x10, 0x56, 0xFA, 0xE6, 0xA3
1165     };
1166     return do_create_ec_explicit_trinomial_params(bld, gen, sizeof(gen));
1167 }
1168
1169 static int create_ec_explicit_trinomial_params(OSSL_PARAM_BLD *bld)
1170 {
1171     static const unsigned char gen2[] = {
1172         0x04,
1173         0x00, 0xd7, 0xba, 0xd0, 0x26, 0x6c, 0x31, 0x6a, 0x78, 0x76, 0x01, 0xd1,
1174         0x32, 0x4b, 0x8f, 0x30, 0x29, 0x2d, 0x78, 0x30, 0xca, 0x43, 0xaa, 0xf0,
1175         0xa2, 0x5a, 0xd4, 0x0f, 0xb3, 0xf4,
1176         0x00, 0x85, 0x4b, 0x1b, 0x8d, 0x50, 0x10, 0xa5, 0x1c, 0x80, 0xf7, 0x86,
1177         0x40, 0x62, 0x4c, 0x87, 0xd1, 0x26, 0x7a, 0x9c, 0x5c, 0xe9, 0x82, 0x29,
1178         0xd1, 0x67, 0x70, 0x41, 0xea, 0xcb
1179     };
1180     return do_create_ec_explicit_trinomial_params(bld, gen2, sizeof(gen2));
1181 }
1182 # endif /* OPENSSL_NO_EC2M */
1183 #endif /* OPENSSL_NO_EC */
1184
1185 int setup_tests(void)
1186 {
1187 # ifndef OPENSSL_NO_RC4
1188     int use_legacy = OSSL_PROVIDER_available(NULL, "legacy");
1189 #endif
1190     int ok = 1;
1191
1192 #ifndef OPENSSL_NO_DSA
1193     static size_t qbits = 160;  /* PVK only tolerates 160 Q bits */
1194     static size_t pbits = 1024; /* With 160 Q bits, we MUST use 1024 P bits */
1195     OSSL_PARAM DSA_params[] = {
1196         OSSL_PARAM_size_t("pbits", &pbits),
1197         OSSL_PARAM_size_t("qbits", &qbits),
1198         OSSL_PARAM_END
1199     };
1200 #endif
1201
1202 #ifndef OPENSSL_NO_EC
1203     static char groupname[] = "prime256v1";
1204     OSSL_PARAM EC_params[] = {
1205         OSSL_PARAM_utf8_string("group", groupname, sizeof(groupname) - 1),
1206         OSSL_PARAM_END
1207     };
1208 #endif
1209
1210     /* 7 is the default magic number */
1211     static unsigned int rsapss_min_saltlen = 7;
1212     OSSL_PARAM RSA_PSS_params[] = {
1213         OSSL_PARAM_uint("saltlen", &rsapss_min_saltlen),
1214         OSSL_PARAM_END
1215     };
1216
1217 #ifndef OPENSSL_NO_EC
1218     if (!TEST_ptr(bnctx = BN_CTX_new_ex(NULL))
1219         || !TEST_ptr(bld_prime_nc = OSSL_PARAM_BLD_new())
1220         || !TEST_ptr(bld_prime = OSSL_PARAM_BLD_new())
1221         || !create_ec_explicit_prime_params_namedcurve(bld_prime_nc)
1222         || !create_ec_explicit_prime_params(bld_prime)
1223         || !TEST_ptr(ec_explicit_prime_params_nc = OSSL_PARAM_BLD_to_param(bld_prime_nc))
1224         || !TEST_ptr(ec_explicit_prime_params_explicit = OSSL_PARAM_BLD_to_param(bld_prime))
1225 # ifndef OPENSSL_NO_EC2M
1226         || !TEST_ptr(bld_tri_nc = OSSL_PARAM_BLD_new())
1227         || !TEST_ptr(bld_tri = OSSL_PARAM_BLD_new())
1228         || !create_ec_explicit_trinomial_params_namedcurve(bld_tri_nc)
1229         || !create_ec_explicit_trinomial_params(bld_tri)
1230         || !TEST_ptr(ec_explicit_tri_params_nc = OSSL_PARAM_BLD_to_param(bld_tri_nc))
1231         || !TEST_ptr(ec_explicit_tri_params_explicit = OSSL_PARAM_BLD_to_param(bld_tri))
1232 # endif
1233         )
1234         return 0;
1235 #endif
1236
1237     TEST_info("Generating keys...");
1238
1239 #ifndef OPENSSL_NO_DH
1240     MAKE_DOMAIN_KEYS(DH, "DH", NULL);
1241     MAKE_DOMAIN_KEYS(DHX, "X9.42 DH", NULL);
1242     TEST_info("Generating keys...DH done");
1243 #endif
1244 #ifndef OPENSSL_NO_DSA
1245     MAKE_DOMAIN_KEYS(DSA, "DSA", DSA_params);
1246     TEST_info("Generating keys...DSA done");
1247 #endif
1248 #ifndef OPENSSL_NO_EC
1249     MAKE_DOMAIN_KEYS(EC, "EC", EC_params);
1250     MAKE_DOMAIN_KEYS(ECExplicitPrimeNamedCurve, "EC", ec_explicit_prime_params_nc);
1251     MAKE_DOMAIN_KEYS(ECExplicitPrime2G, "EC", ec_explicit_prime_params_explicit);
1252 # ifndef OPENSSL_NO_EC2M
1253     MAKE_DOMAIN_KEYS(ECExplicitTriNamedCurve, "EC", ec_explicit_tri_params_nc);
1254     MAKE_DOMAIN_KEYS(ECExplicitTri2G, "EC", ec_explicit_tri_params_explicit);
1255 # endif
1256     MAKE_KEYS(ED25519, "ED25519", NULL);
1257     MAKE_KEYS(ED448, "ED448", NULL);
1258     MAKE_KEYS(X25519, "X25519", NULL);
1259     MAKE_KEYS(X448, "X448", NULL);
1260     TEST_info("Generating keys...EC done");
1261 #endif
1262     MAKE_KEYS(RSA, "RSA", NULL);
1263     TEST_info("Generating keys...RSA done");
1264     MAKE_KEYS(RSA_PSS, "RSA-PSS", RSA_PSS_params);
1265     TEST_info("Generating keys...RSA_PSS done");
1266
1267     if (ok) {
1268 #ifndef OPENSSL_NO_DH
1269         ADD_TEST_SUITE(DH);
1270         ADD_TEST_SUITE_PARAMS(DH);
1271         ADD_TEST_SUITE(DHX);
1272         ADD_TEST_SUITE_PARAMS(DHX);
1273         /*
1274          * DH has no support for PEM_write_bio_PrivateKey_traditional(),
1275          * so no legacy tests.
1276          */
1277 #endif
1278 #ifndef OPENSSL_NO_DSA
1279         ADD_TEST_SUITE(DSA);
1280         ADD_TEST_SUITE_PARAMS(DSA);
1281         ADD_TEST_SUITE_LEGACY(DSA);
1282         ADD_TEST_SUITE_MSBLOB(DSA);
1283         ADD_TEST_SUITE_UNPROTECTED_PVK(DSA);
1284 # ifndef OPENSSL_NO_RC4
1285         if (use_legacy) {
1286             ADD_TEST_SUITE_PROTECTED_PVK(DSA);
1287         }
1288 # endif
1289 #endif
1290 #ifndef OPENSSL_NO_EC
1291         ADD_TEST_SUITE(EC);
1292         ADD_TEST_SUITE_PARAMS(EC);
1293         ADD_TEST_SUITE_LEGACY(EC);
1294         ADD_TEST_SUITE(ECExplicitPrimeNamedCurve);
1295         ADD_TEST_SUITE_LEGACY(ECExplicitPrimeNamedCurve);
1296         ADD_TEST_SUITE(ECExplicitPrime2G);
1297         ADD_TEST_SUITE_LEGACY(ECExplicitPrime2G);
1298 # ifndef OPENSSL_NO_EC2M
1299         ADD_TEST_SUITE(ECExplicitTriNamedCurve);
1300         ADD_TEST_SUITE_LEGACY(ECExplicitTriNamedCurve);
1301         ADD_TEST_SUITE(ECExplicitTri2G);
1302         ADD_TEST_SUITE_LEGACY(ECExplicitTri2G);
1303 # endif
1304         ADD_TEST_SUITE(ED25519);
1305         ADD_TEST_SUITE(ED448);
1306         ADD_TEST_SUITE(X25519);
1307         ADD_TEST_SUITE(X448);
1308         /*
1309          * ED25519, ED448, X25519 and X448 have no support for
1310          * PEM_write_bio_PrivateKey_traditional(), so no legacy tests.
1311          */
1312 #endif
1313         ADD_TEST_SUITE(RSA);
1314         ADD_TEST_SUITE_LEGACY(RSA);
1315         ADD_TEST_SUITE(RSA_PSS);
1316         /*
1317          * RSA-PSS has no support for PEM_write_bio_PrivateKey_traditional(),
1318          * so no legacy tests.
1319          */
1320         ADD_TEST_SUITE_MSBLOB(RSA);
1321         ADD_TEST_SUITE_UNPROTECTED_PVK(RSA);
1322 # ifndef OPENSSL_NO_RC4
1323         if (use_legacy) {
1324             ADD_TEST_SUITE_PROTECTED_PVK(RSA);
1325         }
1326 # endif
1327     }
1328
1329     return 1;
1330 }
1331
1332 void cleanup_tests(void)
1333 {
1334 #ifndef OPENSSL_NO_EC
1335     OSSL_PARAM_BLD_free_params(ec_explicit_prime_params_nc);
1336     OSSL_PARAM_BLD_free_params(ec_explicit_prime_params_explicit);
1337     OSSL_PARAM_BLD_free(bld_prime_nc);
1338     OSSL_PARAM_BLD_free(bld_prime);
1339 # ifndef OPENSSL_NO_EC2M
1340     OSSL_PARAM_BLD_free_params(ec_explicit_tri_params_nc);
1341     OSSL_PARAM_BLD_free_params(ec_explicit_tri_params_explicit);
1342     OSSL_PARAM_BLD_free(bld_tri_nc);
1343     OSSL_PARAM_BLD_free(bld_tri);
1344 # endif
1345     BN_CTX_free(bnctx);
1346 #endif /* OPENSSL_NO_EC */
1347
1348 #ifndef OPENSSL_NO_DH
1349     FREE_DOMAIN_KEYS(DH);
1350     FREE_DOMAIN_KEYS(DHX);
1351 #endif
1352 #ifndef OPENSSL_NO_DSA
1353     FREE_DOMAIN_KEYS(DSA);
1354 #endif
1355 #ifndef OPENSSL_NO_EC
1356     FREE_DOMAIN_KEYS(EC);
1357     FREE_DOMAIN_KEYS(ECExplicitPrimeNamedCurve);
1358     FREE_DOMAIN_KEYS(ECExplicitPrime2G);
1359 # ifndef OPENSSL_NO_EC2M
1360     FREE_DOMAIN_KEYS(ECExplicitTriNamedCurve);
1361     FREE_DOMAIN_KEYS(ECExplicitTri2G);
1362 # endif
1363     FREE_KEYS(ED25519);
1364     FREE_KEYS(ED448);
1365     FREE_KEYS(X25519);
1366     FREE_KEYS(X448);
1367 #endif
1368     FREE_KEYS(RSA);
1369     FREE_KEYS(RSA_PSS);
1370 }