2 * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 #include <string.h> /* memset */
11 #include <openssl/evp.h>
12 #include <openssl/pem.h>
13 #include <openssl/encoder.h>
14 #include <openssl/provider.h>
15 #include <openssl/param_build.h>
16 #include <openssl/core_names.h>
17 #include <openssl/sha.h>
18 #include "crypto/ecx.h"
19 #include "crypto/evp.h" /* For the internal API */
20 #include "crypto/bn_dh.h" /* _bignum_ffdhe2048_p */
21 #include "internal/nelem.h"
24 static char *datadir = NULL;
27 * Do not change the order of the following defines unless you also
28 * update the for loop bounds used inside test_print_key_using_encoder() and
29 * test_print_key_using_encoder_public().
38 static void stripcr(char *buf, size_t *len)
43 for (i = *len, curr = buf, writ = buf; i > 0; i--, curr++) {
54 static int compare_with_file(const char *alg, int type, BIO *membio)
59 char *memdata, *fullfile = NULL;
92 TEST_error("Invalid file type");
96 BIO_snprintf(filename, sizeof(filename), "%s.%s", alg, suffix);
97 fullfile = test_mk_file_path(datadir, filename);
98 if (!TEST_ptr(fullfile))
101 file = BIO_new_file(fullfile, "rb");
105 if (!TEST_true(BIO_read_ex(file, buf, sizeof(buf), &readbytes))
106 || !TEST_true(BIO_eof(file))
107 || !TEST_size_t_lt(readbytes, sizeof(buf)))
110 len = BIO_get_mem_data(membio, &memdata);
111 if (!TEST_int_gt(len, 0))
115 if (type != PRIV_DER && type != PUB_DER) {
116 stripcr(memdata, &slen);
117 stripcr(buf, &readbytes);
120 if (!TEST_mem_eq(memdata, slen, buf, readbytes))
125 OPENSSL_free(fullfile);
126 (void)BIO_reset(membio);
131 static int pass_cb(char *buf, int size, int rwflag, void *u)
136 static int pass_cb_error(char *buf, int size, int rwflag, void *u)
141 static int test_print_key_using_pem(const char *alg, const EVP_PKEY *pk)
143 BIO *membio = BIO_new(BIO_s_mem());
146 if (!TEST_ptr(membio))
149 if (/* Output Encrypted private key in PEM form */
150 !TEST_true(PEM_write_bio_PrivateKey(bio_out, pk, EVP_aes_256_cbc(),
151 (unsigned char *)"pass", 4,
153 /* Output zero-length passphrase encrypted private key in PEM form */
154 || !TEST_true(PEM_write_bio_PKCS8PrivateKey(bio_out, pk,
158 || !TEST_true(PEM_write_bio_PKCS8PrivateKey(bio_out, pk,
161 || !TEST_true(PEM_write_bio_PKCS8PrivateKey(bio_out, pk,
163 NULL, 0, pass_cb, NULL))
164 || !TEST_false(PEM_write_bio_PKCS8PrivateKey(bio_out, pk,
166 NULL, 0, pass_cb_error,
168 #ifndef OPENSSL_NO_DES
169 || !TEST_true(PEM_write_bio_PKCS8PrivateKey_nid(
170 bio_out, pk, NID_pbe_WithSHA1And3_Key_TripleDES_CBC,
171 (const char *)~0, 0, NULL, NULL))
172 || !TEST_true(PEM_write_bio_PKCS8PrivateKey_nid(
173 bio_out, pk, NID_pbe_WithSHA1And3_Key_TripleDES_CBC, NULL, 0,
175 || !TEST_true(PEM_write_bio_PKCS8PrivateKey_nid(
176 bio_out, pk, NID_pbe_WithSHA1And3_Key_TripleDES_CBC, NULL, 0,
178 || !TEST_false(PEM_write_bio_PKCS8PrivateKey_nid(
179 bio_out, pk, NID_pbe_WithSHA1And3_Key_TripleDES_CBC, NULL, 0,
180 pass_cb_error, NULL))
182 /* Private key in text form */
183 || !TEST_int_gt(EVP_PKEY_print_private(membio, pk, 0, NULL), 0)
184 || !TEST_true(compare_with_file(alg, PRIV_TEXT, membio))
185 /* Public key in PEM form */
186 || !TEST_true(PEM_write_bio_PUBKEY(membio, pk))
187 || !TEST_true(compare_with_file(alg, PUB_PEM, membio))
188 /* Unencrypted private key in PEM form */
189 || !TEST_true(PEM_write_bio_PrivateKey(membio, pk,
190 NULL, NULL, 0, NULL, NULL))
191 || !TEST_true(compare_with_file(alg, PRIV_PEM, membio))
193 || !TEST_false(PEM_write_bio_PrivateKey(membio, NULL,
194 NULL, NULL, 0, NULL, NULL))
195 || !TEST_false(PEM_write_bio_PrivateKey_traditional(membio, NULL,
196 NULL, NULL, 0, NULL, NULL)))
205 static int test_print_key_type_using_encoder(const char *alg, int type,
208 const char *output_type, *output_structure;
210 OSSL_ENCODER_CTX *ctx = NULL;
211 BIO *membio = BIO_new(BIO_s_mem());
216 output_type = "TEXT";
217 output_structure = NULL;
218 selection = OSSL_KEYMGMT_SELECT_KEYPAIR
219 | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS;
224 output_structure = "PrivateKeyInfo";
225 selection = OSSL_KEYMGMT_SELECT_KEYPAIR
226 | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS;
231 output_structure = "PrivateKeyInfo";
232 selection = OSSL_KEYMGMT_SELECT_KEYPAIR
233 | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS;
237 output_type = "TEXT";
238 output_structure = NULL;
239 selection = OSSL_KEYMGMT_SELECT_PUBLIC_KEY
240 | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS;
245 output_structure = "SubjectPublicKeyInfo";
246 selection = OSSL_KEYMGMT_SELECT_PUBLIC_KEY
247 | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS;
252 output_structure = "SubjectPublicKeyInfo";
253 selection = OSSL_KEYMGMT_SELECT_PUBLIC_KEY
254 | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS;
258 TEST_error("Invalid encoding type");
262 if (!TEST_ptr(membio))
265 /* Make a context, it's valid for several prints */
266 TEST_note("Setting up a OSSL_ENCODER context with passphrase");
267 if (!TEST_ptr(ctx = OSSL_ENCODER_CTX_new_for_pkey(pk, selection,
271 /* Check that this operation is supported */
272 || !TEST_int_ne(OSSL_ENCODER_CTX_get_num_encoders(ctx), 0))
275 /* Use no cipher. This should give us an unencrypted PEM */
276 TEST_note("Testing with no encryption");
277 if (!TEST_true(OSSL_ENCODER_to_bio(ctx, membio))
278 || !TEST_true(compare_with_file(alg, type, membio)))
281 if (type == PRIV_PEM) {
282 /* Set a passphrase to be used later */
283 if (!TEST_true(OSSL_ENCODER_CTX_set_passphrase(ctx,
284 (unsigned char *)"pass",
288 /* Use a valid cipher name */
289 TEST_note("Displaying PEM encrypted with AES-256-CBC");
290 if (!TEST_true(OSSL_ENCODER_CTX_set_cipher(ctx, "AES-256-CBC", NULL))
291 || !TEST_true(OSSL_ENCODER_to_bio(ctx, bio_out)))
294 /* Use an invalid cipher name, which should generate no output */
295 TEST_note("NOT Displaying PEM encrypted with (invalid) FOO");
296 if (!TEST_false(OSSL_ENCODER_CTX_set_cipher(ctx, "FOO", NULL))
297 || !TEST_false(OSSL_ENCODER_to_bio(ctx, bio_out)))
300 /* Clear the cipher. This should give us an unencrypted PEM again */
301 TEST_note("Testing with encryption cleared (no encryption)");
302 if (!TEST_true(OSSL_ENCODER_CTX_set_cipher(ctx, NULL, NULL))
303 || !TEST_true(OSSL_ENCODER_to_bio(ctx, membio))
304 || !TEST_true(compare_with_file(alg, type, membio)))
310 OSSL_ENCODER_CTX_free(ctx);
314 static int test_print_key_using_encoder(const char *alg, const EVP_PKEY *pk)
319 for (i = PRIV_TEXT; i <= PUB_DER; i++)
320 ret = ret && test_print_key_type_using_encoder(alg, i, pk);
325 #ifndef OPENSSL_NO_EC
326 static int test_print_key_using_encoder_public(const char *alg,
332 for (i = PUB_TEXT; i <= PUB_DER; i++)
333 ret = ret && test_print_key_type_using_encoder(alg, i, pk);
339 /* Array indexes used in test_fromdata_rsa */
349 static int test_fromdata_rsa(void)
352 EVP_PKEY_CTX *ctx = NULL, *key_ctx = NULL;
353 EVP_PKEY *pk = NULL, *copy_pk = NULL, *dup_pk = NULL;
355 * 32-bit RSA key, extracted from this command,
356 * executed with OpenSSL 1.0.2:
358 * openssl genrsa 32 | openssl rsa -text
360 static unsigned long key_numbers[] = {
370 OSSL_PARAM fromdata_params[] = {
371 OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_N, &key_numbers[N]),
372 OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_E, &key_numbers[E]),
373 OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_D, &key_numbers[D]),
374 OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_FACTOR1, &key_numbers[P]),
375 OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_FACTOR2, &key_numbers[Q]),
376 OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_EXPONENT1, &key_numbers[DP]),
377 OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_EXPONENT2, &key_numbers[DQ]),
378 OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_COEFFICIENT1, &key_numbers[QINV]),
381 BIGNUM *bn = BN_new();
382 BIGNUM *bn_from = BN_new();
384 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(NULL, "RSA", NULL)))
387 if (!TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1)
388 || !TEST_int_eq(EVP_PKEY_fromdata(ctx, &pk, EVP_PKEY_KEYPAIR,
389 fromdata_params), 1))
392 while (dup_pk == NULL) {
394 if (!TEST_int_eq(EVP_PKEY_get_bits(pk), 32)
395 || !TEST_int_eq(EVP_PKEY_get_security_bits(pk), 8)
396 || !TEST_int_eq(EVP_PKEY_get_size(pk), 4)
397 || !TEST_false(EVP_PKEY_missing_parameters(pk)))
400 EVP_PKEY_CTX_free(key_ctx);
401 if (!TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(NULL, pk, "")))
404 if (!TEST_int_gt(EVP_PKEY_check(key_ctx), 0)
405 || !TEST_int_gt(EVP_PKEY_public_check(key_ctx), 0)
406 || !TEST_int_gt(EVP_PKEY_private_check(key_ctx), 0)
407 || !TEST_int_gt(EVP_PKEY_pairwise_check(key_ctx), 0))
410 /* EVP_PKEY_copy_parameters() should fail for RSA */
411 if (!TEST_ptr(copy_pk = EVP_PKEY_new())
412 || !TEST_false(EVP_PKEY_copy_parameters(copy_pk, pk)))
414 EVP_PKEY_free(copy_pk);
417 ret = test_print_key_using_pem("RSA", pk)
418 && test_print_key_using_encoder("RSA", pk);
420 if (!ret || !TEST_ptr(dup_pk = EVP_PKEY_dup(pk)))
422 ret = ret && TEST_int_eq(EVP_PKEY_eq(pk, dup_pk), 1);
429 /* for better diagnostics always compare key params */
430 for (i = 0; fromdata_params[i].key != NULL; ++i) {
431 if (!TEST_true(BN_set_word(bn_from, key_numbers[i]))
432 || !TEST_true(EVP_PKEY_get_bn_param(pk, fromdata_params[i].key, &bn))
433 || !TEST_BN_eq(bn, bn_from))
439 EVP_PKEY_free(copy_pk);
440 EVP_PKEY_CTX_free(key_ctx);
441 EVP_PKEY_CTX_free(ctx);
446 static int test_evp_pkey_get_bn_param_large(void)
449 EVP_PKEY_CTX *ctx = NULL, *key_ctx = NULL;
451 OSSL_PARAM_BLD *bld = NULL;
452 OSSL_PARAM *fromdata_params = NULL;
453 BIGNUM *n = NULL, *e = NULL, *d = NULL, *n_out = NULL;
455 * The buffer size chosen here for n_data larger than the buffer used
456 * internally in EVP_PKEY_get_bn_param.
458 static unsigned char n_data[2050];
459 static const unsigned char e_data[] = {
462 static const unsigned char d_data[]= {
463 0x99, 0x33, 0x13, 0x7b
466 /* N is a large buffer */
467 memset(n_data, 0xCE, sizeof(n_data));
469 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
470 || !TEST_ptr(n = BN_bin2bn(n_data, sizeof(n_data), NULL))
471 || !TEST_ptr(e = BN_bin2bn(e_data, sizeof(e_data), NULL))
472 || !TEST_ptr(d = BN_bin2bn(d_data, sizeof(d_data), NULL))
473 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_N, n))
474 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_E, e))
475 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_D, d))
476 || !TEST_ptr(fromdata_params = OSSL_PARAM_BLD_to_param(bld))
477 || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(NULL, "RSA", NULL))
478 || !TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1)
479 || !TEST_int_eq(EVP_PKEY_fromdata(ctx, &pk, EVP_PKEY_KEYPAIR,
481 || !TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(NULL, pk, ""))
482 || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_RSA_N, &n_out))
483 || !TEST_BN_eq(n, n_out))
492 EVP_PKEY_CTX_free(key_ctx);
493 EVP_PKEY_CTX_free(ctx);
494 OSSL_PARAM_free(fromdata_params);
495 OSSL_PARAM_BLD_free(bld);
500 #ifndef OPENSSL_NO_DH
501 static int test_fromdata_dh_named_group(void)
504 int gindex = 0, pcounter = 0, hindex = 0;
505 EVP_PKEY_CTX *ctx = NULL, *key_ctx = NULL;
506 EVP_PKEY *pk = NULL, *copy_pk = NULL, *dup_pk = NULL;
508 BIGNUM *pub = NULL, *priv = NULL;
509 BIGNUM *pub_out = NULL, *priv_out = NULL;
510 BIGNUM *p = NULL, *q = NULL, *g = NULL, *j = NULL;
511 OSSL_PARAM *fromdata_params = NULL;
512 OSSL_PARAM_BLD *bld = NULL;
514 unsigned char seed_out[32];
517 * DH key data was generated using the following:
518 * openssl genpkey -algorithm DH -pkeyopt group:ffdhe2048
519 * -pkeyopt priv_len:224 -text
521 static const unsigned char priv_data[] = {
522 0x88, 0x85, 0xe7, 0x9f, 0xee, 0x6d, 0xc5, 0x7c, 0x78, 0xaf, 0x63, 0x5d,
523 0x38, 0x2a, 0xd0, 0xed, 0x56, 0x4b, 0x47, 0x21, 0x2b, 0xfa, 0x55, 0xfa,
524 0x87, 0xe8, 0xa9, 0x7b,
526 static const unsigned char pub_data[] = {
527 0x00, 0xd6, 0x2d, 0x77, 0xe0, 0xd3, 0x7d, 0xf8, 0xeb, 0x98, 0x50, 0xa1,
528 0x82, 0x22, 0x65, 0xd5, 0xd9, 0xfe, 0xc9, 0x3f, 0xbe, 0x16, 0x83, 0xbd,
529 0x33, 0xe9, 0xc6, 0x93, 0xcf, 0x08, 0xaf, 0x83, 0xfa, 0x80, 0x8a, 0x6c,
530 0x64, 0xdf, 0x70, 0x64, 0xd5, 0x0a, 0x7c, 0x5a, 0x72, 0xda, 0x66, 0xe6,
531 0xf9, 0xf5, 0x31, 0x21, 0x92, 0xb0, 0x60, 0x1a, 0xb5, 0xd3, 0xf0, 0xa5,
532 0xfa, 0x48, 0x95, 0x2e, 0x38, 0xd9, 0xc5, 0xe6, 0xda, 0xfb, 0x6c, 0x03,
533 0x9d, 0x4b, 0x69, 0xb7, 0x95, 0xe4, 0x5c, 0xc0, 0x93, 0x4f, 0x48, 0xd9,
534 0x7e, 0x06, 0x22, 0xb2, 0xde, 0xf3, 0x79, 0x24, 0xed, 0xe1, 0xd1, 0x4a,
535 0x57, 0xf1, 0x40, 0x86, 0x70, 0x42, 0x25, 0xc5, 0x27, 0x68, 0xc9, 0xfa,
536 0xe5, 0x8e, 0x62, 0x7e, 0xff, 0x49, 0x6c, 0x5b, 0xb5, 0xba, 0xf9, 0xef,
537 0x9a, 0x1a, 0x10, 0xd4, 0x81, 0x53, 0xcf, 0x83, 0x04, 0x18, 0x1c, 0xe1,
538 0xdb, 0xe1, 0x65, 0xa9, 0x7f, 0xe1, 0x33, 0xeb, 0xc3, 0x4f, 0xe3, 0xb7,
539 0x22, 0xf7, 0x1c, 0x09, 0x4f, 0xed, 0xc6, 0x07, 0x8e, 0x78, 0x05, 0x8f,
540 0x7c, 0x96, 0xd9, 0x12, 0xe0, 0x81, 0x74, 0x1a, 0xe9, 0x13, 0xc0, 0x20,
541 0x82, 0x65, 0xbb, 0x42, 0x3b, 0xed, 0x08, 0x6a, 0x84, 0x4f, 0xea, 0x77,
542 0x14, 0x32, 0xf9, 0xed, 0xc2, 0x12, 0xd6, 0xc5, 0xc6, 0xb3, 0xe5, 0xf2,
543 0x6e, 0xf6, 0x16, 0x7f, 0x37, 0xde, 0xbc, 0x09, 0xc7, 0x06, 0x6b, 0x12,
544 0xbc, 0xad, 0x2d, 0x49, 0x25, 0xd5, 0xdc, 0xf4, 0x18, 0x14, 0xd2, 0xf0,
545 0xf1, 0x1d, 0x1f, 0x3a, 0xaa, 0x15, 0x55, 0xbb, 0x0d, 0x7f, 0xbe, 0x67,
546 0xa1, 0xa7, 0xf0, 0xaa, 0xb3, 0xfb, 0x41, 0x82, 0x39, 0x49, 0x93, 0xbc,
547 0xa8, 0xee, 0x72, 0x13, 0x45, 0x65, 0x15, 0x42, 0x17, 0xaa, 0xd8, 0xab,
548 0xcf, 0x33, 0x42, 0x83, 0x42
550 static const char group_name[] = "ffdhe2048";
551 static const long priv_len = 224;
553 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
554 || !TEST_ptr(pub = BN_bin2bn(pub_data, sizeof(pub_data), NULL))
555 || !TEST_ptr(priv = BN_bin2bn(priv_data, sizeof(priv_data), NULL))
556 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
557 OSSL_PKEY_PARAM_GROUP_NAME,
559 || !TEST_true(OSSL_PARAM_BLD_push_long(bld, OSSL_PKEY_PARAM_DH_PRIV_LEN,
561 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY, pub))
562 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY, priv))
563 || !TEST_ptr(fromdata_params = OSSL_PARAM_BLD_to_param(bld)))
566 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(NULL, "DH", NULL)))
569 if (!TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1)
570 || !TEST_int_eq(EVP_PKEY_fromdata(ctx, &pk, EVP_PKEY_KEYPAIR,
571 fromdata_params), 1))
575 * A few extra checks of EVP_PKEY_get_utf8_string_param() to see that
576 * it behaves as expected with regards to string length and terminating
579 if (!TEST_true(EVP_PKEY_get_utf8_string_param(pk,
580 OSSL_PKEY_PARAM_GROUP_NAME,
581 NULL, sizeof(name_out),
583 || !TEST_size_t_eq(len, sizeof(group_name) - 1)
584 /* Just enough space to hold the group name and a terminating NUL */
585 || !TEST_true(EVP_PKEY_get_utf8_string_param(pk,
586 OSSL_PKEY_PARAM_GROUP_NAME,
590 || !TEST_size_t_eq(len, sizeof(group_name) - 1)
591 /* Too small buffer to hold the terminating NUL byte */
592 || !TEST_false(EVP_PKEY_get_utf8_string_param(pk,
593 OSSL_PKEY_PARAM_GROUP_NAME,
595 sizeof(group_name) - 1,
597 /* Too small buffer to hold the whole group name, even! */
598 || !TEST_false(EVP_PKEY_get_utf8_string_param(pk,
599 OSSL_PKEY_PARAM_GROUP_NAME,
601 sizeof(group_name) - 2,
605 while (dup_pk == NULL) {
607 if (!TEST_int_eq(EVP_PKEY_get_bits(pk), 2048)
608 || !TEST_int_eq(EVP_PKEY_get_security_bits(pk), 112)
609 || !TEST_int_eq(EVP_PKEY_get_size(pk), 256)
610 || !TEST_false(EVP_PKEY_missing_parameters(pk)))
613 if (!TEST_true(EVP_PKEY_get_utf8_string_param(pk,
614 OSSL_PKEY_PARAM_GROUP_NAME,
618 || !TEST_str_eq(name_out, group_name)
619 || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_PUB_KEY,
622 || !TEST_BN_eq(pub, pub_out)
623 || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_PRIV_KEY,
625 || !TEST_BN_eq(priv, priv_out)
626 || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_FFC_P, &p))
627 || !TEST_BN_eq(&ossl_bignum_ffdhe2048_p, p)
628 || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_FFC_Q, &q))
630 || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_FFC_G, &g))
631 || !TEST_BN_eq(&ossl_bignum_const_2, g)
632 || !TEST_false(EVP_PKEY_get_bn_param(pk,
633 OSSL_PKEY_PARAM_FFC_COFACTOR,
636 || !TEST_false(EVP_PKEY_get_octet_string_param(pk,
637 OSSL_PKEY_PARAM_FFC_SEED,
641 || !TEST_true(EVP_PKEY_get_int_param(pk, OSSL_PKEY_PARAM_FFC_GINDEX,
643 || !TEST_int_eq(gindex, -1)
644 || !TEST_true(EVP_PKEY_get_int_param(pk, OSSL_PKEY_PARAM_FFC_H,
646 || !TEST_int_eq(hindex, 0)
647 || !TEST_true(EVP_PKEY_get_int_param(pk,
648 OSSL_PKEY_PARAM_FFC_PCOUNTER,
650 || !TEST_int_eq(pcounter, -1))
665 if (!TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(NULL, pk, "")))
668 if (!TEST_int_gt(EVP_PKEY_check(key_ctx), 0)
669 || !TEST_int_gt(EVP_PKEY_public_check(key_ctx), 0)
670 || !TEST_int_gt(EVP_PKEY_private_check(key_ctx), 0)
671 || !TEST_int_gt(EVP_PKEY_pairwise_check(key_ctx), 0))
673 EVP_PKEY_CTX_free(key_ctx);
676 if (!TEST_ptr(copy_pk = EVP_PKEY_new())
677 || !TEST_true(EVP_PKEY_copy_parameters(copy_pk, pk)))
679 EVP_PKEY_free(copy_pk);
682 ret = test_print_key_using_pem("DH", pk)
683 && test_print_key_using_encoder("DH", pk);
685 if (!ret || !TEST_ptr(dup_pk = EVP_PKEY_dup(pk)))
687 ret = ret && TEST_int_eq(EVP_PKEY_eq(pk, dup_pk), 1);
702 EVP_PKEY_free(copy_pk);
704 EVP_PKEY_CTX_free(ctx);
705 EVP_PKEY_CTX_free(key_ctx);
706 OSSL_PARAM_free(fromdata_params);
707 OSSL_PARAM_BLD_free(bld);
712 static int test_fromdata_dh_fips186_4(void)
715 int gindex = 0, pcounter = 0, hindex = 0;
716 EVP_PKEY_CTX *ctx = NULL, *key_ctx = NULL;
717 EVP_PKEY *pk = NULL, *dup_pk = NULL;
719 BIGNUM *pub = NULL, *priv = NULL;
720 BIGNUM *pub_out = NULL, *priv_out = NULL;
721 BIGNUM *p = NULL, *q = NULL, *g = NULL, *j = NULL;
722 OSSL_PARAM_BLD *bld = NULL;
723 OSSL_PARAM *fromdata_params = NULL;
725 unsigned char seed_out[32];
728 * DH key data was generated using the following:
729 * openssl genpkey -algorithm DH
730 * -pkeyopt group:ffdhe2048 -pkeyopt priv_len:224 -text
732 static const unsigned char priv_data[] = {
733 0x88, 0x85, 0xe7, 0x9f, 0xee, 0x6d, 0xc5, 0x7c, 0x78, 0xaf, 0x63, 0x5d,
734 0x38, 0x2a, 0xd0, 0xed, 0x56, 0x4b, 0x47, 0x21, 0x2b, 0xfa, 0x55, 0xfa,
735 0x87, 0xe8, 0xa9, 0x7b,
737 static const unsigned char pub_data[] = {
738 0xd6, 0x2d, 0x77, 0xe0, 0xd3, 0x7d, 0xf8, 0xeb, 0x98, 0x50, 0xa1, 0x82,
739 0x22, 0x65, 0xd5, 0xd9, 0xfe, 0xc9, 0x3f, 0xbe, 0x16, 0x83, 0xbd, 0x33,
740 0xe9, 0xc6, 0x93, 0xcf, 0x08, 0xaf, 0x83, 0xfa, 0x80, 0x8a, 0x6c, 0x64,
741 0xdf, 0x70, 0x64, 0xd5, 0x0a, 0x7c, 0x5a, 0x72, 0xda, 0x66, 0xe6, 0xf9,
742 0xf5, 0x31, 0x21, 0x92, 0xb0, 0x60, 0x1a, 0xb5, 0xd3, 0xf0, 0xa5, 0xfa,
743 0x48, 0x95, 0x2e, 0x38, 0xd9, 0xc5, 0xe6, 0xda, 0xfb, 0x6c, 0x03, 0x9d,
744 0x4b, 0x69, 0xb7, 0x95, 0xe4, 0x5c, 0xc0, 0x93, 0x4f, 0x48, 0xd9, 0x7e,
745 0x06, 0x22, 0xb2, 0xde, 0xf3, 0x79, 0x24, 0xed, 0xe1, 0xd1, 0x4a, 0x57,
746 0xf1, 0x40, 0x86, 0x70, 0x42, 0x25, 0xc5, 0x27, 0x68, 0xc9, 0xfa, 0xe5,
747 0x8e, 0x62, 0x7e, 0xff, 0x49, 0x6c, 0x5b, 0xb5, 0xba, 0xf9, 0xef, 0x9a,
748 0x1a, 0x10, 0xd4, 0x81, 0x53, 0xcf, 0x83, 0x04, 0x18, 0x1c, 0xe1, 0xdb,
749 0xe1, 0x65, 0xa9, 0x7f, 0xe1, 0x33, 0xeb, 0xc3, 0x4f, 0xe3, 0xb7, 0x22,
750 0xf7, 0x1c, 0x09, 0x4f, 0xed, 0xc6, 0x07, 0x8e, 0x78, 0x05, 0x8f, 0x7c,
751 0x96, 0xd9, 0x12, 0xe0, 0x81, 0x74, 0x1a, 0xe9, 0x13, 0xc0, 0x20, 0x82,
752 0x65, 0xbb, 0x42, 0x3b, 0xed, 0x08, 0x6a, 0x84, 0x4f, 0xea, 0x77, 0x14,
753 0x32, 0xf9, 0xed, 0xc2, 0x12, 0xd6, 0xc5, 0xc6, 0xb3, 0xe5, 0xf2, 0x6e,
754 0xf6, 0x16, 0x7f, 0x37, 0xde, 0xbc, 0x09, 0xc7, 0x06, 0x6b, 0x12, 0xbc,
755 0xad, 0x2d, 0x49, 0x25, 0xd5, 0xdc, 0xf4, 0x18, 0x14, 0xd2, 0xf0, 0xf1,
756 0x1d, 0x1f, 0x3a, 0xaa, 0x15, 0x55, 0xbb, 0x0d, 0x7f, 0xbe, 0x67, 0xa1,
757 0xa7, 0xf0, 0xaa, 0xb3, 0xfb, 0x41, 0x82, 0x39, 0x49, 0x93, 0xbc, 0xa8,
758 0xee, 0x72, 0x13, 0x45, 0x65, 0x15, 0x42, 0x17, 0xaa, 0xd8, 0xab, 0xcf,
759 0x33, 0x42, 0x83, 0x42
761 static const char group_name[] = "ffdhe2048";
762 static const long priv_len = 224;
765 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
766 || !TEST_ptr(pub = BN_bin2bn(pub_data, sizeof(pub_data), NULL))
767 || !TEST_ptr(priv = BN_bin2bn(priv_data, sizeof(priv_data), NULL))
768 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
769 OSSL_PKEY_PARAM_GROUP_NAME,
771 || !TEST_true(OSSL_PARAM_BLD_push_long(bld, OSSL_PKEY_PARAM_DH_PRIV_LEN,
773 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY, pub))
774 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY, priv))
775 || !TEST_ptr(fromdata_params = OSSL_PARAM_BLD_to_param(bld)))
778 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(NULL, "DH", NULL)))
781 if (!TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1)
782 || !TEST_int_eq(EVP_PKEY_fromdata(ctx, &pk, EVP_PKEY_KEYPAIR,
783 fromdata_params), 1))
786 while (dup_pk == NULL) {
788 if (!TEST_int_eq(EVP_PKEY_get_bits(pk), 2048)
789 || !TEST_int_eq(EVP_PKEY_get_security_bits(pk), 112)
790 || !TEST_int_eq(EVP_PKEY_get_size(pk), 256)
791 || !TEST_false(EVP_PKEY_missing_parameters(pk)))
794 if (!TEST_true(EVP_PKEY_get_utf8_string_param(pk,
795 OSSL_PKEY_PARAM_GROUP_NAME,
799 || !TEST_str_eq(name_out, group_name)
800 || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_PUB_KEY,
802 || !TEST_BN_eq(pub, pub_out)
803 || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_PRIV_KEY,
805 || !TEST_BN_eq(priv, priv_out)
806 || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_FFC_P, &p))
807 || !TEST_BN_eq(&ossl_bignum_ffdhe2048_p, p)
808 || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_FFC_Q, &q))
810 || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_FFC_G, &g))
811 || !TEST_BN_eq(&ossl_bignum_const_2, g)
812 || !TEST_false(EVP_PKEY_get_bn_param(pk,
813 OSSL_PKEY_PARAM_FFC_COFACTOR,
816 || !TEST_false(EVP_PKEY_get_octet_string_param(pk,
817 OSSL_PKEY_PARAM_FFC_SEED,
821 || !TEST_true(EVP_PKEY_get_int_param(pk,
822 OSSL_PKEY_PARAM_FFC_GINDEX,
824 || !TEST_int_eq(gindex, -1)
825 || !TEST_true(EVP_PKEY_get_int_param(pk, OSSL_PKEY_PARAM_FFC_H,
827 || !TEST_int_eq(hindex, 0)
828 || !TEST_true(EVP_PKEY_get_int_param(pk,
829 OSSL_PKEY_PARAM_FFC_PCOUNTER,
831 || !TEST_int_eq(pcounter, -1))
846 if (!TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(NULL, pk, "")))
849 if (!TEST_int_gt(EVP_PKEY_check(key_ctx), 0)
850 || !TEST_int_gt(EVP_PKEY_public_check(key_ctx), 0)
851 || !TEST_int_gt(EVP_PKEY_private_check(key_ctx), 0)
852 || !TEST_int_gt(EVP_PKEY_pairwise_check(key_ctx), 0))
854 EVP_PKEY_CTX_free(key_ctx);
857 ret = test_print_key_using_pem("DH", pk)
858 && test_print_key_using_encoder("DH", pk);
860 if (!ret || !TEST_ptr(dup_pk = EVP_PKEY_dup(pk)))
862 ret = ret && TEST_int_eq(EVP_PKEY_eq(pk, dup_pk), 1);
878 EVP_PKEY_CTX_free(ctx);
879 EVP_PKEY_CTX_free(key_ctx);
880 OSSL_PARAM_free(fromdata_params);
881 OSSL_PARAM_BLD_free(bld);
890 #ifndef OPENSSL_NO_EC
891 /* Array indexes used in test_fromdata_ecx */
895 # define X25519_IDX 0
897 # define ED25519_IDX 2
901 * tst uses indexes 0 ... (3 * 4 - 1)
902 * For the 4 ECX key types (X25519_IDX..ED448_IDX)
903 * 0..3 = public + private key.
904 * 4..7 = private key (This will generate the public key from the private key)
907 static int test_fromdata_ecx(int tst)
910 EVP_PKEY_CTX *ctx = NULL, *ctx2 = NULL;
911 EVP_PKEY *pk = NULL, *copy_pk = NULL, *dup_pk = NULL;
912 const char *alg = NULL;
914 unsigned char out_pub[ED448_KEYLEN];
915 unsigned char out_priv[ED448_KEYLEN];
916 OSSL_PARAM params[3] = { OSSL_PARAM_END, OSSL_PARAM_END, OSSL_PARAM_END };
918 /* ED448_KEYLEN > X448_KEYLEN > X25519_KEYLEN == ED25519_KEYLEN */
919 static unsigned char key_numbers[4][2][ED448_KEYLEN] = {
920 /* X25519: Keys from RFC 7748 6.1 */
924 0x77, 0x07, 0x6d, 0x0a, 0x73, 0x18, 0xa5, 0x7d, 0x3c, 0x16,
925 0xc1, 0x72, 0x51, 0xb2, 0x66, 0x45, 0xdf, 0x4c, 0x2f, 0x87,
926 0xeb, 0xc0, 0x99, 0x2a, 0xb1, 0x77, 0xfb, 0xa5, 0x1d, 0xb9,
931 0x85, 0x20, 0xf0, 0x09, 0x89, 0x30, 0xa7, 0x54, 0x74, 0x8b,
932 0x7d, 0xdc, 0xb4, 0x3e, 0xf7, 0x5a, 0x0d, 0xbf, 0x3a, 0x0d,
933 0x26, 0x38, 0x1a, 0xf4, 0xeb, 0xa4, 0xa9, 0x8e, 0xaa, 0x9b,
937 /* X448: Keys from RFC 7748 6.2 */
941 0x9a, 0x8f, 0x49, 0x25, 0xd1, 0x51, 0x9f, 0x57, 0x75, 0xcf,
942 0x46, 0xb0, 0x4b, 0x58, 0x00, 0xd4, 0xee, 0x9e, 0xe8, 0xba,
943 0xe8, 0xbc, 0x55, 0x65, 0xd4, 0x98, 0xc2, 0x8d, 0xd9, 0xc9,
944 0xba, 0xf5, 0x74, 0xa9, 0x41, 0x97, 0x44, 0x89, 0x73, 0x91,
945 0x00, 0x63, 0x82, 0xa6, 0xf1, 0x27, 0xab, 0x1d, 0x9a, 0xc2,
946 0xd8, 0xc0, 0xa5, 0x98, 0x72, 0x6b
950 0x9b, 0x08, 0xf7, 0xcc, 0x31, 0xb7, 0xe3, 0xe6, 0x7d, 0x22,
951 0xd5, 0xae, 0xa1, 0x21, 0x07, 0x4a, 0x27, 0x3b, 0xd2, 0xb8,
952 0x3d, 0xe0, 0x9c, 0x63, 0xfa, 0xa7, 0x3d, 0x2c, 0x22, 0xc5,
953 0xd9, 0xbb, 0xc8, 0x36, 0x64, 0x72, 0x41, 0xd9, 0x53, 0xd4,
954 0x0c, 0x5b, 0x12, 0xda, 0x88, 0x12, 0x0d, 0x53, 0x17, 0x7f,
955 0x80, 0xe5, 0x32, 0xc4, 0x1f, 0xa0
958 /* ED25519: Keys from RFC 8032 */
962 0x9d, 0x61, 0xb1, 0x9d, 0xef, 0xfd, 0x5a, 0x60, 0xba, 0x84,
963 0x4a, 0xf4, 0x92, 0xec, 0x2c, 0xc4, 0x44, 0x49, 0xc5, 0x69,
964 0x7b, 0x32, 0x69, 0x19, 0x70, 0x3b, 0xac, 0x03, 0x1c, 0xae,
969 0xd7, 0x5a, 0x98, 0x01, 0x82, 0xb1, 0x0a, 0xb7, 0xd5, 0x4b,
970 0xfe, 0xd3, 0xc9, 0x64, 0x07, 0x3a, 0x0e, 0xe1, 0x72, 0xf3,
971 0xda, 0xa6, 0x23, 0x25, 0xaf, 0x02, 0x1a, 0x68, 0xf7, 0x07,
975 /* ED448: Keys from RFC 8032 */
979 0x6c, 0x82, 0xa5, 0x62, 0xcb, 0x80, 0x8d, 0x10, 0xd6, 0x32,
980 0xbe, 0x89, 0xc8, 0x51, 0x3e, 0xbf, 0x6c, 0x92, 0x9f, 0x34,
981 0xdd, 0xfa, 0x8c, 0x9f, 0x63, 0xc9, 0x96, 0x0e, 0xf6, 0xe3,
982 0x48, 0xa3, 0x52, 0x8c, 0x8a, 0x3f, 0xcc, 0x2f, 0x04, 0x4e,
983 0x39, 0xa3, 0xfc, 0x5b, 0x94, 0x49, 0x2f, 0x8f, 0x03, 0x2e,
984 0x75, 0x49, 0xa2, 0x00, 0x98, 0xf9, 0x5b
988 0x5f, 0xd7, 0x44, 0x9b, 0x59, 0xb4, 0x61, 0xfd, 0x2c, 0xe7,
989 0x87, 0xec, 0x61, 0x6a, 0xd4, 0x6a, 0x1d, 0xa1, 0x34, 0x24,
990 0x85, 0xa7, 0x0e, 0x1f, 0x8a, 0x0e, 0xa7, 0x5d, 0x80, 0xe9,
991 0x67, 0x78, 0xed, 0xf1, 0x24, 0x76, 0x9b, 0x46, 0xc7, 0x06,
992 0x1b, 0xd6, 0x78, 0x3d, 0xf1, 0xe5, 0x0f, 0x6c, 0xd1, 0xfa,
993 0x1a, 0xbe, 0xaf, 0xe8, 0x25, 0x61, 0x80
997 OSSL_PARAM x25519_fromdata_params[] = {
998 OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PRIV_KEY,
999 key_numbers[X25519_IDX][PRIV_KEY],
1001 OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PUB_KEY,
1002 key_numbers[X25519_IDX][PUB_KEY],
1006 OSSL_PARAM x448_fromdata_params[] = {
1007 OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PRIV_KEY,
1008 key_numbers[X448_IDX][PRIV_KEY],
1010 OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PUB_KEY,
1011 key_numbers[X448_IDX][PUB_KEY],
1015 OSSL_PARAM ed25519_fromdata_params[] = {
1016 OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PRIV_KEY,
1017 key_numbers[ED25519_IDX][PRIV_KEY],
1019 OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PUB_KEY,
1020 key_numbers[ED25519_IDX][PUB_KEY],
1024 OSSL_PARAM ed448_fromdata_params[] = {
1025 OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PRIV_KEY,
1026 key_numbers[ED448_IDX][PRIV_KEY],
1028 OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PUB_KEY,
1029 key_numbers[ED448_IDX][PUB_KEY],
1033 OSSL_PARAM *fromdata_params = NULL;
1034 int bits = 0, security_bits = 0, size = 0;
1035 OSSL_PARAM *orig_fromdata_params = NULL;
1039 fromdata_params = x25519_fromdata_params;
1041 security_bits = X25519_SECURITY_BITS;
1042 size = X25519_KEYLEN;
1047 fromdata_params = x448_fromdata_params;
1049 security_bits = X448_SECURITY_BITS;
1055 fromdata_params = ed25519_fromdata_params;
1056 bits = ED25519_BITS;
1057 security_bits = ED25519_SECURITY_BITS;
1058 size = ED25519_SIGSIZE;
1063 fromdata_params = ed448_fromdata_params;
1065 security_bits = ED448_SECURITY_BITS;
1066 size = ED448_SIGSIZE;
1073 ctx = EVP_PKEY_CTX_new_from_name(NULL, alg, NULL);
1077 orig_fromdata_params = fromdata_params;
1079 /* public key only */
1081 } else if (tst > 3) {
1082 /* private key only */
1083 params[0] = fromdata_params[0];
1084 params[1] = fromdata_params[2];
1085 fromdata_params = params;
1088 if (!TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1)
1089 || !TEST_int_eq(EVP_PKEY_fromdata(ctx, &pk, EVP_PKEY_KEYPAIR,
1090 fromdata_params), 1))
1093 while (dup_pk == NULL) {
1095 if (!TEST_int_eq(EVP_PKEY_get_bits(pk), bits)
1096 || !TEST_int_eq(EVP_PKEY_get_security_bits(pk), security_bits)
1097 || !TEST_int_eq(EVP_PKEY_get_size(pk), size)
1098 || !TEST_false(EVP_PKEY_missing_parameters(pk)))
1101 if (!TEST_ptr(ctx2 = EVP_PKEY_CTX_new_from_pkey(NULL, pk, NULL)))
1104 if (!TEST_int_gt(EVP_PKEY_check(ctx2), 0))
1106 if (!TEST_true(EVP_PKEY_get_octet_string_param(
1107 pk, orig_fromdata_params[PRIV_KEY].key,
1108 out_priv, sizeof(out_priv), &len))
1109 || !TEST_mem_eq(out_priv, len,
1110 orig_fromdata_params[PRIV_KEY].data,
1111 orig_fromdata_params[PRIV_KEY].data_size)
1112 || !TEST_true(EVP_PKEY_get_octet_string_param(
1113 pk, orig_fromdata_params[PUB_KEY].key,
1114 out_pub, sizeof(out_pub), &len))
1115 || !TEST_mem_eq(out_pub, len,
1116 orig_fromdata_params[PUB_KEY].data,
1117 orig_fromdata_params[PUB_KEY].data_size))
1120 /* The private key check should fail if there is only a public key */
1121 if (!TEST_int_gt(EVP_PKEY_public_check(ctx2), 0)
1122 || !TEST_int_le(EVP_PKEY_private_check(ctx2), 0)
1123 || !TEST_int_le(EVP_PKEY_check(ctx2), 0))
1126 EVP_PKEY_CTX_free(ctx2);
1129 if (!TEST_ptr(copy_pk = EVP_PKEY_new())
1130 /* This should succeed because there are no parameters to copy */
1131 || !TEST_true(EVP_PKEY_copy_parameters(copy_pk, pk)))
1133 if (!TEST_ptr(ctx2 = EVP_PKEY_CTX_new_from_pkey(NULL, copy_pk, NULL))
1134 /* This should fail because copy_pk has no pubkey */
1135 || !TEST_int_le(EVP_PKEY_public_check(ctx2), 0))
1137 EVP_PKEY_CTX_free(ctx2);
1139 EVP_PKEY_free(copy_pk);
1143 ret = test_print_key_using_encoder_public(alg, pk);
1145 ret = test_print_key_using_pem(alg, pk)
1146 && test_print_key_using_encoder(alg, pk);
1148 if (!ret || !TEST_ptr(dup_pk = EVP_PKEY_dup(pk)))
1150 ret = ret && TEST_int_eq(EVP_PKEY_eq(pk, dup_pk), 1);
1159 EVP_PKEY_free(copy_pk);
1160 EVP_PKEY_CTX_free(ctx);
1161 EVP_PKEY_CTX_free(ctx2);
1166 static int test_fromdata_ec(void)
1169 EVP_PKEY_CTX *ctx = NULL;
1170 EVP_PKEY *pk = NULL, *copy_pk = NULL, *dup_pk = NULL;
1171 OSSL_PARAM_BLD *bld = NULL;
1172 BIGNUM *ec_priv_bn = NULL;
1173 BIGNUM *bn_priv = NULL;
1174 OSSL_PARAM *fromdata_params = NULL;
1175 const char *alg = "EC";
1176 const char *curve = "prime256v1";
1177 const char bad_curve[] = "nonexistent-curve";
1178 OSSL_PARAM nokey_params[2] = {
1182 /* UNCOMPRESSED FORMAT */
1183 static const unsigned char ec_pub_keydata[] = {
1184 POINT_CONVERSION_UNCOMPRESSED,
1185 0x1b, 0x93, 0x67, 0x55, 0x1c, 0x55, 0x9f, 0x63,
1186 0xd1, 0x22, 0xa4, 0xd8, 0xd1, 0x0a, 0x60, 0x6d,
1187 0x02, 0xa5, 0x77, 0x57, 0xc8, 0xa3, 0x47, 0x73,
1188 0x3a, 0x6a, 0x08, 0x28, 0x39, 0xbd, 0xc9, 0xd2,
1189 0x80, 0xec, 0xe9, 0xa7, 0x08, 0x29, 0x71, 0x2f,
1190 0xc9, 0x56, 0x82, 0xee, 0x9a, 0x85, 0x0f, 0x6d,
1191 0x7f, 0x59, 0x5f, 0x8c, 0xd1, 0x96, 0x0b, 0xdf,
1192 0x29, 0x3e, 0x49, 0x07, 0x88, 0x3f, 0x9a, 0x29
1194 /* SAME BUT COMPRESSED FORMAT */
1195 static const unsigned char ec_pub_keydata_compressed[] = {
1196 POINT_CONVERSION_COMPRESSED+1,
1197 0x1b, 0x93, 0x67, 0x55, 0x1c, 0x55, 0x9f, 0x63,
1198 0xd1, 0x22, 0xa4, 0xd8, 0xd1, 0x0a, 0x60, 0x6d,
1199 0x02, 0xa5, 0x77, 0x57, 0xc8, 0xa3, 0x47, 0x73,
1200 0x3a, 0x6a, 0x08, 0x28, 0x39, 0xbd, 0xc9, 0xd2
1202 static const unsigned char ec_priv_keydata[] = {
1203 0x33, 0xd0, 0x43, 0x83, 0xa9, 0x89, 0x56, 0x03,
1204 0xd2, 0xd7, 0xfe, 0x6b, 0x01, 0x6f, 0xe4, 0x59,
1205 0xcc, 0x0d, 0x9a, 0x24, 0x6c, 0x86, 0x1b, 0x2e,
1206 0xdc, 0x4b, 0x4d, 0x35, 0x43, 0xe1, 0x1b, 0xad
1208 unsigned char out_pub[sizeof(ec_pub_keydata)];
1209 char out_curve_name[80];
1210 const OSSL_PARAM *gettable = NULL;
1212 EC_GROUP *group = NULL;
1213 BIGNUM *group_a = NULL;
1214 BIGNUM *group_b = NULL;
1215 BIGNUM *group_p = NULL;
1221 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new()))
1223 if (!TEST_ptr(ec_priv_bn = BN_bin2bn(ec_priv_keydata,
1224 sizeof(ec_priv_keydata), NULL)))
1227 if (OSSL_PARAM_BLD_push_utf8_string(bld, OSSL_PKEY_PARAM_GROUP_NAME,
1231 * We intentionally provide the input point in compressed format,
1232 * and avoid setting `OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT`.
1234 * Later on we check what format is used when exporting the
1235 * `OSSL_PKEY_PARAM_PUB_KEY` and expect to default to uncompressed
1238 if (OSSL_PARAM_BLD_push_octet_string(bld, OSSL_PKEY_PARAM_PUB_KEY,
1239 ec_pub_keydata_compressed,
1240 sizeof(ec_pub_keydata_compressed)) <= 0)
1242 if (OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY, ec_priv_bn) <= 0)
1244 if (!TEST_ptr(fromdata_params = OSSL_PARAM_BLD_to_param(bld)))
1246 ctx = EVP_PKEY_CTX_new_from_name(NULL, alg, NULL);
1250 /* try importing parameters with bad curve first */
1252 OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME,
1253 (char *)bad_curve, sizeof(bad_curve));
1254 if (!TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1)
1255 || !TEST_int_eq(EVP_PKEY_fromdata(ctx, &pk, EVP_PKEY_KEY_PARAMETERS,
1257 || !TEST_ptr_null(pk))
1260 if (!TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1)
1261 || !TEST_int_eq(EVP_PKEY_fromdata(ctx, &pk, EVP_PKEY_KEYPAIR,
1262 fromdata_params), 1))
1265 while (dup_pk == NULL) {
1267 if (!TEST_int_eq(EVP_PKEY_get_bits(pk), 256)
1268 || !TEST_int_eq(EVP_PKEY_get_security_bits(pk), 128)
1269 || !TEST_int_eq(EVP_PKEY_get_size(pk), 2 + 35 * 2)
1270 || !TEST_false(EVP_PKEY_missing_parameters(pk)))
1273 if (!TEST_ptr(copy_pk = EVP_PKEY_new())
1274 || !TEST_true(EVP_PKEY_copy_parameters(copy_pk, pk)))
1276 EVP_PKEY_free(copy_pk);
1279 if (!TEST_ptr(gettable = EVP_PKEY_gettable_params(pk))
1280 || !TEST_ptr(OSSL_PARAM_locate_const(gettable,
1281 OSSL_PKEY_PARAM_GROUP_NAME))
1282 || !TEST_ptr(OSSL_PARAM_locate_const(gettable,
1283 OSSL_PKEY_PARAM_PUB_KEY))
1284 || !TEST_ptr(OSSL_PARAM_locate_const(gettable,
1285 OSSL_PKEY_PARAM_PRIV_KEY)))
1288 if (!TEST_ptr(group = EC_GROUP_new_by_curve_name(OBJ_sn2nid(curve)))
1289 || !TEST_ptr(group_p = BN_new())
1290 || !TEST_ptr(group_a = BN_new())
1291 || !TEST_ptr(group_b = BN_new())
1292 || !TEST_true(EC_GROUP_get_curve(group, group_p, group_a, group_b, NULL)))
1295 if (!TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_EC_A, &a))
1296 || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_EC_B, &b))
1297 || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_EC_P, &p)))
1300 if (!TEST_BN_eq(group_p, p) || !TEST_BN_eq(group_a, a)
1301 || !TEST_BN_eq(group_b, b))
1304 if (!EVP_PKEY_get_utf8_string_param(pk, OSSL_PKEY_PARAM_GROUP_NAME,
1306 sizeof(out_curve_name),
1308 || !TEST_str_eq(out_curve_name, curve)
1309 || !EVP_PKEY_get_octet_string_param(pk, OSSL_PKEY_PARAM_PUB_KEY,
1310 out_pub, sizeof(out_pub), &len)
1313 * Our providers use uncompressed format by default if
1314 * `OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT` was not
1315 * explicitly set, irrespective of the format used for the
1316 * input point given as a param to create this key.
1318 || !TEST_true(out_pub[0] == POINT_CONVERSION_UNCOMPRESSED)
1319 || !TEST_mem_eq(out_pub + 1, len - 1,
1320 ec_pub_keydata + 1, sizeof(ec_pub_keydata) - 1)
1322 || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_PRIV_KEY,
1324 || !TEST_BN_eq(ec_priv_bn, bn_priv))
1329 ret = test_print_key_using_pem(alg, pk)
1330 && test_print_key_using_encoder(alg, pk);
1332 if (!ret || !TEST_ptr(dup_pk = EVP_PKEY_dup(pk)))
1334 ret = ret && TEST_int_eq(EVP_PKEY_eq(pk, dup_pk), 1);
1342 EC_GROUP_free(group);
1350 BN_free(ec_priv_bn);
1351 OSSL_PARAM_free(fromdata_params);
1352 OSSL_PARAM_BLD_free(bld);
1354 EVP_PKEY_free(copy_pk);
1355 EVP_PKEY_CTX_free(ctx);
1359 static int test_ec_dup_no_operation(void)
1362 EVP_PKEY_CTX *pctx = NULL, *ctx = NULL, *kctx = NULL;
1363 EVP_PKEY *param = NULL, *pkey = NULL;
1365 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL))
1366 || !TEST_int_gt(EVP_PKEY_paramgen_init(pctx), 0)
1367 || !TEST_int_gt(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx,
1368 NID_X9_62_prime256v1), 0)
1369 || !TEST_int_gt(EVP_PKEY_paramgen(pctx, ¶m), 0)
1370 || !TEST_ptr(param))
1373 EVP_PKEY_CTX_free(pctx);
1376 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(NULL, param, NULL))
1377 || !TEST_ptr(kctx = EVP_PKEY_CTX_dup(ctx))
1378 || !TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0)
1379 || !TEST_int_gt(EVP_PKEY_keygen(kctx, &pkey), 0))
1383 EVP_PKEY_free(pkey);
1384 EVP_PKEY_free(param);
1385 EVP_PKEY_CTX_free(ctx);
1386 EVP_PKEY_CTX_free(kctx);
1387 EVP_PKEY_CTX_free(pctx);
1391 /* Test that keygen doesn't support EVP_PKEY_CTX_dup */
1392 static int test_ec_dup_keygen_operation(void)
1395 EVP_PKEY_CTX *pctx = NULL, *ctx = NULL, *kctx = NULL;
1396 EVP_PKEY *param = NULL, *pkey = NULL;
1398 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL))
1399 || !TEST_int_gt(EVP_PKEY_paramgen_init(pctx), 0)
1400 || !TEST_int_gt(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx,
1401 NID_X9_62_prime256v1), 0)
1402 || !TEST_int_gt(EVP_PKEY_paramgen(pctx, ¶m), 0)
1403 || !TEST_ptr(param))
1406 EVP_PKEY_CTX_free(pctx);
1409 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(NULL, param, NULL))
1410 || !TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
1411 || !TEST_ptr_null(kctx = EVP_PKEY_CTX_dup(ctx)))
1415 EVP_PKEY_free(pkey);
1416 EVP_PKEY_free(param);
1417 EVP_PKEY_CTX_free(ctx);
1418 EVP_PKEY_CTX_free(kctx);
1419 EVP_PKEY_CTX_free(pctx);
1423 #endif /* OPENSSL_NO_EC */
1425 #ifndef OPENSSL_NO_DSA
1426 static int test_fromdata_dsa_fips186_4(void)
1429 EVP_PKEY_CTX *ctx = NULL, *key_ctx = NULL;
1430 EVP_PKEY *pk = NULL, *copy_pk = NULL, *dup_pk = NULL;
1431 BIGNUM *pub = NULL, *priv = NULL;
1432 BIGNUM *p = NULL, *q = NULL, *g = NULL;
1433 BIGNUM *pub_out = NULL, *priv_out = NULL;
1434 BIGNUM *p_out = NULL, *q_out = NULL, *g_out = NULL, *j_out = NULL;
1435 int gindex_out = 0, pcounter_out = 0, hindex_out = 0;
1437 unsigned char seed_out[32];
1439 OSSL_PARAM_BLD *bld = NULL;
1440 OSSL_PARAM *fromdata_params = NULL;
1443 * DSA parameter data was generated using the following:
1444 * openssl genpkey -genparam -algorithm DSA -pkeyopt pbits:2048 \
1445 * -pkeyopt qbits:256 -pkeyopt type:0 \
1446 * -pkeyopt gindex:1 -out dsa_params.pem -text
1448 static const unsigned char p_data[] = {
1449 0x00, 0xa0, 0xb7, 0x02, 0xc4, 0xac, 0xa6, 0x42, 0xab, 0xf2, 0x34, 0x0b,
1450 0x22, 0x47, 0x1f, 0x33, 0xcf, 0xd5, 0x04, 0xe4, 0x3e, 0xec, 0xa1, 0x21,
1451 0xc8, 0x41, 0x2b, 0xef, 0xb8, 0x1f, 0x0b, 0x5b, 0x88, 0x8b, 0x67, 0xf8,
1452 0x68, 0x6d, 0x7c, 0x4d, 0x96, 0x5f, 0x3c, 0x66, 0xef, 0x58, 0x34, 0xd7,
1453 0xf6, 0xa2, 0x1b, 0xad, 0xc8, 0x12, 0x52, 0xb8, 0xe8, 0x2a, 0x63, 0xcc,
1454 0xea, 0xe7, 0x4e, 0xc8, 0x34, 0x4c, 0x58, 0x59, 0x0a, 0xc2, 0x4a, 0xe4,
1455 0xb4, 0x64, 0x20, 0xf4, 0xf6, 0x0a, 0xcf, 0x86, 0x01, 0x6c, 0x7f, 0x23,
1456 0x4a, 0x51, 0x07, 0x99, 0x42, 0x28, 0x7a, 0xff, 0x18, 0x67, 0x52, 0x64,
1457 0xf2, 0x9a, 0x62, 0x30, 0xc3, 0x00, 0xde, 0x23, 0xe9, 0x11, 0x95, 0x7e,
1458 0xd1, 0x3d, 0x8d, 0xb4, 0x0e, 0x9f, 0x9e, 0xb1, 0x30, 0x03, 0xf0, 0x73,
1459 0xa8, 0x40, 0x48, 0x42, 0x7b, 0x60, 0xa0, 0xc4, 0xf2, 0x3b, 0x2d, 0x0a,
1460 0x0c, 0xb8, 0x19, 0xfb, 0xb4, 0xf8, 0xe0, 0x2a, 0xc7, 0xf1, 0xc0, 0xc6,
1461 0x86, 0x14, 0x60, 0x12, 0x0f, 0xc0, 0xde, 0x4a, 0x67, 0xec, 0xc7, 0xde,
1462 0x76, 0x21, 0x1a, 0x55, 0x7f, 0x86, 0xc3, 0x97, 0x98, 0xce, 0xf5, 0xcd,
1463 0xf0, 0xe7, 0x12, 0xd6, 0x93, 0xee, 0x1b, 0x9b, 0x61, 0xef, 0x05, 0x8c,
1464 0x45, 0x46, 0xd9, 0x64, 0x6f, 0xbe, 0x27, 0xaa, 0x67, 0x01, 0xcc, 0x71,
1465 0xb1, 0x60, 0xce, 0x21, 0xd8, 0x51, 0x17, 0x27, 0x0d, 0x90, 0x3d, 0x18,
1466 0x7c, 0x87, 0x15, 0x8e, 0x48, 0x4c, 0x6c, 0xc5, 0x72, 0xeb, 0xb7, 0x56,
1467 0xf5, 0x6b, 0x60, 0x8f, 0xc2, 0xfd, 0x3f, 0x46, 0x5c, 0x00, 0x91, 0x85,
1468 0x79, 0x45, 0x5b, 0x1c, 0x82, 0xc4, 0x87, 0x50, 0x79, 0xba, 0xcc, 0x1c,
1469 0x32, 0x7e, 0x2e, 0xb8, 0x2e, 0xc5, 0x4e, 0xd1, 0x9b, 0xdb, 0x66, 0x79,
1470 0x7c, 0xfe, 0xaf, 0x6a, 0x05
1472 static const unsigned char q_data[] = {
1473 0xa8, 0xcd, 0xf4, 0x33, 0x7b, 0x13, 0x0a, 0x24, 0xc1, 0xde, 0x4a, 0x04,
1474 0x7b, 0x4b, 0x71, 0x51, 0x32, 0xe9, 0x47, 0x74, 0xbd, 0x0c, 0x21, 0x40,
1475 0x84, 0x12, 0x0a, 0x17, 0x73, 0xdb, 0x29, 0xc7
1477 static const unsigned char g_data[] = {
1478 0x6c, 0xc6, 0xa4, 0x3e, 0x61, 0x84, 0xc1, 0xff, 0x6f, 0x4a, 0x1a, 0x6b,
1479 0xb0, 0x24, 0x4b, 0xd2, 0x92, 0x5b, 0x29, 0x5c, 0x61, 0xb8, 0xc9, 0x2b,
1480 0xd6, 0xf7, 0x59, 0xfd, 0xd8, 0x70, 0x66, 0x77, 0xfc, 0xc1, 0xa4, 0xd4,
1481 0xb0, 0x1e, 0xd5, 0xbf, 0x59, 0x98, 0xb3, 0x66, 0x8b, 0xf4, 0x2e, 0xe6,
1482 0x12, 0x3e, 0xcc, 0xf8, 0x02, 0xb8, 0xc6, 0xc3, 0x47, 0xd2, 0xf5, 0xaa,
1483 0x0c, 0x5f, 0x51, 0xf5, 0xd0, 0x4c, 0x55, 0x3d, 0x07, 0x73, 0xa6, 0x57,
1484 0xce, 0x5a, 0xad, 0x42, 0x0c, 0x13, 0x0f, 0xe2, 0x31, 0x25, 0x8e, 0x72,
1485 0x12, 0x73, 0x10, 0xdb, 0x7f, 0x79, 0xeb, 0x59, 0xfc, 0xfe, 0xf7, 0x0c,
1486 0x1a, 0x81, 0x53, 0x96, 0x22, 0xb8, 0xe7, 0x58, 0xd8, 0x67, 0x80, 0x60,
1487 0xad, 0x8b, 0x55, 0x1c, 0x91, 0xf0, 0x72, 0x9a, 0x7e, 0xad, 0x37, 0xf1,
1488 0x77, 0x18, 0x96, 0x8a, 0x68, 0x70, 0xfc, 0x71, 0xa9, 0xa2, 0xe8, 0x35,
1489 0x27, 0x78, 0xf2, 0xef, 0x59, 0x36, 0x6d, 0x7c, 0xb6, 0x98, 0xd8, 0x1e,
1490 0xfa, 0x25, 0x73, 0x97, 0x45, 0x58, 0xe3, 0xae, 0xbd, 0x52, 0x54, 0x05,
1491 0xd8, 0x26, 0x26, 0xba, 0xba, 0x05, 0xb5, 0xe9, 0xe5, 0x76, 0xae, 0x25,
1492 0xdd, 0xfc, 0x10, 0x89, 0x5a, 0xa9, 0xee, 0x59, 0xc5, 0x79, 0x8b, 0xeb,
1493 0x1e, 0x2c, 0x61, 0xab, 0x0d, 0xd1, 0x10, 0x04, 0x91, 0x32, 0x77, 0x4a,
1494 0xa6, 0x64, 0x53, 0xda, 0x4c, 0xd7, 0x3a, 0x29, 0xd4, 0xf3, 0x82, 0x25,
1495 0x1d, 0x6f, 0x4a, 0x7f, 0xd3, 0x08, 0x3b, 0x42, 0x30, 0x10, 0xd8, 0xd0,
1496 0x97, 0x3a, 0xeb, 0x92, 0x63, 0xec, 0x93, 0x2b, 0x6f, 0x32, 0xd8, 0xcd,
1497 0x80, 0xd3, 0xc0, 0x4c, 0x03, 0xd5, 0xca, 0xbc, 0x8f, 0xc7, 0x43, 0x53,
1498 0x64, 0x66, 0x1c, 0x82, 0x2d, 0xfb, 0xff, 0x39, 0xba, 0xd6, 0x42, 0x62,
1499 0x02, 0x6f, 0x96, 0x36
1501 static const unsigned char seed_data[] = {
1502 0x64, 0x46, 0x07, 0x32, 0x8d, 0x70, 0x9c, 0xb3, 0x8a, 0x35, 0xde, 0x62,
1503 0x00, 0xf2, 0x6d, 0x52, 0x37, 0x4d, 0xb3, 0x84, 0xe1, 0x9d, 0x41, 0x04,
1504 0xda, 0x7b, 0xdc, 0x0d, 0x8b, 0x5e, 0xe0, 0x84
1506 const int gindex = 1;
1507 const int pcounter = 53;
1509 * The keypair was generated using
1510 * openssl genpkey -paramfile dsa_params.pem --pkeyopt pcounter:53 \
1511 * -pkeyopt gindex:1 \
1512 * -pkeyopt hexseed:644607328d709cb38a35de6200f26d -text
1514 static const unsigned char priv_data[] = {
1515 0x00, 0x8f, 0xc5, 0x9e, 0xd0, 0xf7, 0x2a, 0x0b, 0x66, 0xf1, 0x32, 0x73,
1516 0xae, 0xf6, 0xd9, 0xd4, 0xdb, 0x2d, 0x96, 0x55, 0x89, 0xff, 0xef, 0xa8,
1517 0x5f, 0x47, 0x8f, 0xca, 0x02, 0x8a, 0xe1, 0x35, 0x90
1519 static const unsigned char pub_data[] = {
1520 0x44, 0x19, 0xc9, 0x46, 0x45, 0x57, 0xc1, 0xa9, 0xd8, 0x30, 0x99, 0x29,
1521 0x6a, 0x4b, 0x63, 0x71, 0x69, 0x96, 0x35, 0x17, 0xb2, 0x62, 0x9b, 0x80,
1522 0x0a, 0x95, 0x9d, 0x6a, 0xc0, 0x32, 0x0d, 0x07, 0x5f, 0x19, 0x44, 0x02,
1523 0xf1, 0xbd, 0xce, 0xdf, 0x10, 0xf8, 0x02, 0x5d, 0x7d, 0x98, 0x8a, 0x73,
1524 0x89, 0x00, 0xb6, 0x24, 0xd6, 0x33, 0xe7, 0xcf, 0x8b, 0x49, 0x2a, 0xaf,
1525 0x13, 0x1c, 0xb2, 0x52, 0x15, 0xfd, 0x9b, 0xd5, 0x40, 0x4a, 0x1a, 0xda,
1526 0x29, 0x4c, 0x92, 0x7e, 0x66, 0x06, 0xdb, 0x61, 0x86, 0xac, 0xb5, 0xda,
1527 0x3c, 0x7d, 0x73, 0x7e, 0x54, 0x32, 0x68, 0xa5, 0x02, 0xbc, 0x59, 0x47,
1528 0x84, 0xd3, 0x87, 0x71, 0x5f, 0xeb, 0x43, 0x45, 0x24, 0xd3, 0xec, 0x08,
1529 0x52, 0xc2, 0x89, 0x2d, 0x9c, 0x1a, 0xcc, 0x91, 0x65, 0x5d, 0xa3, 0xa1,
1530 0x35, 0x31, 0x10, 0x1c, 0x3a, 0xa8, 0x4d, 0x18, 0xd5, 0x06, 0xaf, 0xb2,
1531 0xec, 0x5c, 0x89, 0x9e, 0x90, 0x86, 0x10, 0x01, 0xeb, 0x51, 0xd5, 0x1b,
1532 0x9c, 0xcb, 0x66, 0x07, 0x3f, 0xc4, 0x6e, 0x0a, 0x1b, 0x73, 0xa0, 0x4b,
1533 0x5f, 0x4d, 0xab, 0x35, 0x28, 0xfa, 0xda, 0x3a, 0x0c, 0x08, 0xe8, 0xf3,
1534 0xef, 0x42, 0x67, 0xbc, 0x21, 0xf2, 0xc2, 0xb8, 0xff, 0x1a, 0x81, 0x05,
1535 0x68, 0x73, 0x62, 0xdf, 0xd7, 0xab, 0x0f, 0x22, 0x89, 0x57, 0x96, 0xd4,
1536 0x93, 0xaf, 0xa1, 0x21, 0xa3, 0x48, 0xe9, 0xf0, 0x97, 0x47, 0xa0, 0x27,
1537 0xba, 0x87, 0xb8, 0x15, 0x5f, 0xff, 0x2c, 0x50, 0x41, 0xf1, 0x7e, 0xc6,
1538 0x81, 0xc4, 0x51, 0xf1, 0xfd, 0xd6, 0x86, 0xf7, 0x69, 0x97, 0xf1, 0x49,
1539 0xc9, 0xf9, 0xf4, 0x9b, 0xf4, 0xe8, 0x85, 0xa7, 0xbd, 0x36, 0x55, 0x4a,
1540 0x3d, 0xe8, 0x65, 0x09, 0x7b, 0xb7, 0x12, 0x64, 0xd2, 0x0a, 0x53, 0x60,
1541 0x48, 0xd1, 0x8a, 0xbd
1544 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
1545 || !TEST_ptr(pub = BN_bin2bn(pub_data, sizeof(pub_data), NULL))
1546 || !TEST_ptr(priv = BN_bin2bn(priv_data, sizeof(priv_data), NULL))
1547 || !TEST_ptr(p = BN_bin2bn(p_data, sizeof(p_data), NULL))
1548 || !TEST_ptr(q = BN_bin2bn(q_data, sizeof(q_data), NULL))
1549 || !TEST_ptr(g = BN_bin2bn(g_data, sizeof(g_data), NULL))
1551 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
1552 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
1553 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
1554 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
1555 OSSL_PKEY_PARAM_FFC_SEED,
1558 || !TEST_true(OSSL_PARAM_BLD_push_int(bld, OSSL_PKEY_PARAM_FFC_GINDEX,
1560 || !TEST_true(OSSL_PARAM_BLD_push_int(bld,
1561 OSSL_PKEY_PARAM_FFC_PCOUNTER,
1563 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
1565 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
1567 || !TEST_ptr(fromdata_params = OSSL_PARAM_BLD_to_param(bld)))
1570 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(NULL, "DSA", NULL)))
1573 if (!TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1)
1574 || !TEST_int_eq(EVP_PKEY_fromdata(ctx, &pk, EVP_PKEY_KEYPAIR,
1575 fromdata_params), 1))
1578 while (dup_pk == NULL) {
1580 if (!TEST_int_eq(EVP_PKEY_get_bits(pk), 2048)
1581 || !TEST_int_eq(EVP_PKEY_get_security_bits(pk), 112)
1582 || !TEST_int_eq(EVP_PKEY_get_size(pk), 2 + 2 * (3 + sizeof(q_data)))
1583 || !TEST_false(EVP_PKEY_missing_parameters(pk)))
1586 if (!TEST_false(EVP_PKEY_get_utf8_string_param(pk,
1587 OSSL_PKEY_PARAM_GROUP_NAME,
1591 || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_PUB_KEY,
1593 || !TEST_BN_eq(pub, pub_out)
1594 || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_PRIV_KEY,
1596 || !TEST_BN_eq(priv, priv_out)
1597 || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_FFC_P,
1599 || !TEST_BN_eq(p, p_out)
1600 || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_FFC_Q,
1602 || !TEST_BN_eq(q, q_out)
1603 || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_FFC_G,
1605 || !TEST_BN_eq(g, g_out)
1606 || !TEST_false(EVP_PKEY_get_bn_param(pk,
1607 OSSL_PKEY_PARAM_FFC_COFACTOR,
1609 || !TEST_ptr_null(j_out)
1610 || !TEST_true(EVP_PKEY_get_octet_string_param(pk,
1611 OSSL_PKEY_PARAM_FFC_SEED,
1615 || !TEST_true(EVP_PKEY_get_int_param(pk,
1616 OSSL_PKEY_PARAM_FFC_GINDEX,
1618 || !TEST_int_eq(gindex, gindex_out)
1619 || !TEST_true(EVP_PKEY_get_int_param(pk, OSSL_PKEY_PARAM_FFC_H,
1621 || !TEST_int_eq(hindex_out, 0)
1622 || !TEST_true(EVP_PKEY_get_int_param(pk,
1623 OSSL_PKEY_PARAM_FFC_PCOUNTER,
1625 || !TEST_int_eq(pcounter, pcounter_out))
1640 if (!TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(NULL, pk, "")))
1643 if (!TEST_int_gt(EVP_PKEY_check(key_ctx), 0)
1644 || !TEST_int_gt(EVP_PKEY_public_check(key_ctx), 0)
1645 || !TEST_int_gt(EVP_PKEY_private_check(key_ctx), 0)
1646 || !TEST_int_gt(EVP_PKEY_pairwise_check(key_ctx), 0))
1648 EVP_PKEY_CTX_free(key_ctx);
1651 if (!TEST_ptr(copy_pk = EVP_PKEY_new())
1652 || !TEST_true(EVP_PKEY_copy_parameters(copy_pk, pk)))
1654 EVP_PKEY_free(copy_pk);
1657 ret = test_print_key_using_pem("DSA", pk)
1658 && test_print_key_using_encoder("DSA", pk);
1660 if (!ret || !TEST_ptr(dup_pk = EVP_PKEY_dup(pk)))
1662 ret = ret && TEST_int_eq(EVP_PKEY_eq(pk, dup_pk), 1);
1670 OSSL_PARAM_free(fromdata_params);
1671 OSSL_PARAM_BLD_free(bld);
1684 EVP_PKEY_free(copy_pk);
1685 EVP_PKEY_CTX_free(ctx);
1686 EVP_PKEY_CTX_free(key_ctx);
1691 static int test_check_dsa(void)
1694 EVP_PKEY_CTX *ctx = NULL;
1696 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(NULL, "DSA", NULL))
1697 || !TEST_int_le(EVP_PKEY_check(ctx), 0)
1698 || !TEST_int_le(EVP_PKEY_public_check(ctx), 0)
1699 || !TEST_int_le(EVP_PKEY_private_check(ctx), 0)
1700 || !TEST_int_le(EVP_PKEY_pairwise_check(ctx), 0))
1705 EVP_PKEY_CTX_free(ctx);
1709 #endif /* OPENSSL_NO_DSA */
1712 static OSSL_PARAM *do_construct_hkdf_params(char *digest, char *key,
1713 size_t keylen, char *salt)
1715 OSSL_PARAM *params = OPENSSL_malloc(sizeof(OSSL_PARAM) * 5);
1716 OSSL_PARAM *p = params;
1718 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, digest, 0);
1719 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT,
1720 salt, strlen(salt));
1721 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY,
1722 (unsigned char *)key, keylen);
1723 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MODE,
1725 *p = OSSL_PARAM_construct_end();
1730 static int test_evp_pkey_ctx_dup_kdf(void)
1733 size_t len = 0, dlen = 0;
1734 EVP_PKEY_CTX *pctx = NULL, *dctx = NULL;
1735 OSSL_PARAM *params = NULL;
1737 if (!TEST_ptr(params = do_construct_hkdf_params("sha256", "secret", 6,
1740 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(NULL, "HKDF", NULL)))
1742 if (!TEST_int_eq(EVP_PKEY_derive_init_ex(pctx, params), 1))
1744 if (!TEST_ptr(dctx = EVP_PKEY_CTX_dup(pctx)))
1746 if (!TEST_int_eq(EVP_PKEY_derive(pctx, NULL, &len), 1)
1747 || !TEST_size_t_eq(len, SHA256_DIGEST_LENGTH)
1748 || !TEST_int_eq(EVP_PKEY_derive(dctx, NULL, &dlen), 1)
1749 || !TEST_size_t_eq(dlen, SHA256_DIGEST_LENGTH))
1753 OPENSSL_free(params);
1754 EVP_PKEY_CTX_free(dctx);
1755 EVP_PKEY_CTX_free(pctx);
1759 int setup_tests(void)
1761 if (!test_skip_common_options()) {
1762 TEST_error("Error parsing test options\n");
1766 if (!TEST_ptr(datadir = test_get_argument(0)))
1769 ADD_TEST(test_evp_pkey_ctx_dup_kdf);
1770 ADD_TEST(test_evp_pkey_get_bn_param_large);
1771 ADD_TEST(test_fromdata_rsa);
1772 #ifndef OPENSSL_NO_DH
1773 ADD_TEST(test_fromdata_dh_fips186_4);
1774 ADD_TEST(test_fromdata_dh_named_group);
1776 #ifndef OPENSSL_NO_DSA
1777 ADD_TEST(test_check_dsa);
1778 ADD_TEST(test_fromdata_dsa_fips186_4);
1780 #ifndef OPENSSL_NO_EC
1781 ADD_ALL_TESTS(test_fromdata_ecx, 4 * 3);
1782 ADD_TEST(test_fromdata_ec);
1783 ADD_TEST(test_ec_dup_no_operation);
1784 ADD_TEST(test_ec_dup_keygen_operation);