1 /*
2 * Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 #include <string.h> /* memset */
11 #include <openssl/evp.h>
12 #include <openssl/pem.h>
13 #include <openssl/encoder.h>
14 #include <openssl/provider.h>
15 #include <openssl/param_build.h>
16 #include <openssl/core_names.h>
17 #include <openssl/sha.h>
18 #include "crypto/ecx.h"
19 #include "crypto/evp.h" /* For the internal API */
20 #include "crypto/bn_dh.h" /* _bignum_ffdhe2048_p */
21 #include "internal/nelem.h"
22 #include "testutil.h"
23
24 static char *datadir = NULL;
25
26 /*
27 * Do not change the order of the following defines unless you also
28 * update the for loop bounds used inside test_print_key_using_encoder() and
29 * test_print_key_using_encoder_public().
30 */
31 #define PRIV_TEXT 0
32 #define PRIV_PEM 1
33 #define PRIV_DER 2
34 #define PUB_TEXT 3
35 #define PUB_PEM 4
36 #define PUB_DER 5
37
stripcr(char * buf,size_t * len)38 static void stripcr(char *buf, size_t *len)
39 {
40 size_t i;
41 char *curr, *writ;
42
43 for (i = *len, curr = buf, writ = buf; i > 0; i--, curr++) {
44 if (*curr == '\r') {
45 (*len)--;
46 continue;
47 }
48 if (curr != writ)
49 *writ = *curr;
50 writ++;
51 }
52 }
53
compare_with_file(const char * alg,int type,BIO * membio)54 static int compare_with_file(const char *alg, int type, BIO *membio)
55 {
56 char filename[80];
57 BIO *file = NULL;
58 char buf[4096];
59 char *memdata, *fullfile = NULL;
60 const char *suffix;
61 size_t readbytes;
62 int ret = 0;
63 int len;
64 size_t slen;
65
66 switch (type) {
67 case PRIV_TEXT:
68 suffix = "priv.txt";
69 break;
70
71 case PRIV_PEM:
72 suffix = "priv.pem";
73 break;
74
75 case PRIV_DER:
76 suffix = "priv.der";
77 break;
78
79 case PUB_TEXT:
80 suffix = "pub.txt";
81 break;
82
83 case PUB_PEM:
84 suffix = "pub.pem";
85 break;
86
87 case PUB_DER:
88 suffix = "pub.der";
89 break;
90
91 default:
92 TEST_error("Invalid file type");
93 goto err;
94 }
95
96 BIO_snprintf(filename, sizeof(filename), "%s.%s", alg, suffix);
97 fullfile = test_mk_file_path(datadir, filename);
98 if (!TEST_ptr(fullfile))
99 goto err;
100
101 file = BIO_new_file(fullfile, "rb");
102 if (!TEST_ptr(file))
103 goto err;
104
105 if (!TEST_true(BIO_read_ex(file, buf, sizeof(buf), &readbytes))
106 || !TEST_true(BIO_eof(file))
107 || !TEST_size_t_lt(readbytes, sizeof(buf)))
108 goto err;
109
110 len = BIO_get_mem_data(membio, &memdata);
111 if (!TEST_int_gt(len, 0))
112 goto err;
113
114 slen = len;
115 if (type != PRIV_DER && type != PUB_DER) {
116 stripcr(memdata, &slen);
117 stripcr(buf, &readbytes);
118 }
119
120 if (!TEST_mem_eq(memdata, slen, buf, readbytes))
121 goto err;
122
123 ret = 1;
124 err:
125 OPENSSL_free(fullfile);
126 (void)BIO_reset(membio);
127 BIO_free(file);
128 return ret;
129 }
130
pass_cb(char * buf,int size,int rwflag,void * u)131 static int pass_cb(char *buf, int size, int rwflag, void *u)
132 {
133 return 0;
134 }
135
pass_cb_error(char * buf,int size,int rwflag,void * u)136 static int pass_cb_error(char *buf, int size, int rwflag, void *u)
137 {
138 return -1;
139 }
140
test_print_key_using_pem(const char * alg,const EVP_PKEY * pk)141 static int test_print_key_using_pem(const char *alg, const EVP_PKEY *pk)
142 {
143 BIO *membio = BIO_new(BIO_s_mem());
144 int ret = 0;
145
146 if (!TEST_ptr(membio))
147 goto err;
148
149 if (/* Output Encrypted private key in PEM form */
150 !TEST_true(PEM_write_bio_PrivateKey(bio_out, pk, EVP_aes_256_cbc(),
151 (unsigned char *)"pass", 4,
152 NULL, NULL))
153 /* Output zero-length passphrase encrypted private key in PEM form */
154 || !TEST_true(PEM_write_bio_PKCS8PrivateKey(bio_out, pk,
155 EVP_aes_256_cbc(),
156 (const char *)~0, 0,
157 NULL, NULL))
158 || !TEST_true(PEM_write_bio_PKCS8PrivateKey(bio_out, pk,
159 EVP_aes_256_cbc(),
160 NULL, 0, NULL, ""))
161 || !TEST_true(PEM_write_bio_PKCS8PrivateKey(bio_out, pk,
162 EVP_aes_256_cbc(),
163 NULL, 0, pass_cb, NULL))
164 || !TEST_false(PEM_write_bio_PKCS8PrivateKey(bio_out, pk,
165 EVP_aes_256_cbc(),
166 NULL, 0, pass_cb_error,
167 NULL))
168 #ifndef OPENSSL_NO_DES
169 || !TEST_true(PEM_write_bio_PKCS8PrivateKey_nid(
170 bio_out, pk, NID_pbe_WithSHA1And3_Key_TripleDES_CBC,
171 (const char *)~0, 0, NULL, NULL))
172 || !TEST_true(PEM_write_bio_PKCS8PrivateKey_nid(
173 bio_out, pk, NID_pbe_WithSHA1And3_Key_TripleDES_CBC, NULL, 0,
174 NULL, ""))
175 || !TEST_true(PEM_write_bio_PKCS8PrivateKey_nid(
176 bio_out, pk, NID_pbe_WithSHA1And3_Key_TripleDES_CBC, NULL, 0,
177 pass_cb, NULL))
178 || !TEST_false(PEM_write_bio_PKCS8PrivateKey_nid(
179 bio_out, pk, NID_pbe_WithSHA1And3_Key_TripleDES_CBC, NULL, 0,
180 pass_cb_error, NULL))
181 #endif
182 /* Private key in text form */
183 || !TEST_int_gt(EVP_PKEY_print_private(membio, pk, 0, NULL), 0)
184 || !TEST_true(compare_with_file(alg, PRIV_TEXT, membio))
185 /* Public key in PEM form */
186 || !TEST_true(PEM_write_bio_PUBKEY(membio, pk))
187 || !TEST_true(compare_with_file(alg, PUB_PEM, membio))
188 /* Unencrypted private key in PEM form */
189 || !TEST_true(PEM_write_bio_PrivateKey(membio, pk,
190 NULL, NULL, 0, NULL, NULL))
191 || !TEST_true(compare_with_file(alg, PRIV_PEM, membio))
192 /* NULL key */
193 || !TEST_false(PEM_write_bio_PrivateKey(membio, NULL,
194 NULL, NULL, 0, NULL, NULL))
195 || !TEST_false(PEM_write_bio_PrivateKey_traditional(membio, NULL,
196 NULL, NULL, 0, NULL, NULL)))
197 goto err;
198
199 ret = 1;
200 err:
201 BIO_free(membio);
202 return ret;
203 }
204
test_print_key_type_using_encoder(const char * alg,int type,const EVP_PKEY * pk)205 static int test_print_key_type_using_encoder(const char *alg, int type,
206 const EVP_PKEY *pk)
207 {
208 const char *output_type, *output_structure;
209 int selection;
210 OSSL_ENCODER_CTX *ctx = NULL;
211 BIO *membio = BIO_new(BIO_s_mem());
212 int ret = 0;
213
214 switch (type) {
215 case PRIV_TEXT:
216 output_type = "TEXT";
217 output_structure = NULL;
218 selection = OSSL_KEYMGMT_SELECT_KEYPAIR
219 | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS;
220 break;
221
222 case PRIV_PEM:
223 output_type = "PEM";
224 output_structure = "PrivateKeyInfo";
225 selection = OSSL_KEYMGMT_SELECT_KEYPAIR
226 | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS;
227 break;
228
229 case PRIV_DER:
230 output_type = "DER";
231 output_structure = "PrivateKeyInfo";
232 selection = OSSL_KEYMGMT_SELECT_KEYPAIR
233 | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS;
234 break;
235
236 case PUB_TEXT:
237 output_type = "TEXT";
238 output_structure = NULL;
239 selection = OSSL_KEYMGMT_SELECT_PUBLIC_KEY
240 | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS;
241 break;
242
243 case PUB_PEM:
244 output_type = "PEM";
245 output_structure = "SubjectPublicKeyInfo";
246 selection = OSSL_KEYMGMT_SELECT_PUBLIC_KEY
247 | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS;
248 break;
249
250 case PUB_DER:
251 output_type = "DER";
252 output_structure = "SubjectPublicKeyInfo";
253 selection = OSSL_KEYMGMT_SELECT_PUBLIC_KEY
254 | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS;
255 break;
256
257 default:
258 TEST_error("Invalid encoding type");
259 goto err;
260 }
261
262 if (!TEST_ptr(membio))
263 goto err;
264
265 /* Make a context, it's valid for several prints */
266 TEST_note("Setting up a OSSL_ENCODER context with passphrase");
267 if (!TEST_ptr(ctx = OSSL_ENCODER_CTX_new_for_pkey(pk, selection,
268 output_type,
269 output_structure,
270 NULL))
271 /* Check that this operation is supported */
272 || !TEST_int_ne(OSSL_ENCODER_CTX_get_num_encoders(ctx), 0))
273 goto err;
274
275 /* Use no cipher. This should give us an unencrypted PEM */
276 TEST_note("Testing with no encryption");
277 if (!TEST_true(OSSL_ENCODER_to_bio(ctx, membio))
278 || !TEST_true(compare_with_file(alg, type, membio)))
279 goto err;
280
281 if (type == PRIV_PEM) {
282 /* Set a passphrase to be used later */
283 if (!TEST_true(OSSL_ENCODER_CTX_set_passphrase(ctx,
284 (unsigned char *)"pass",
285 4)))
286 goto err;
287
288 /* Use a valid cipher name */
289 TEST_note("Displaying PEM encrypted with AES-256-CBC");
290 if (!TEST_true(OSSL_ENCODER_CTX_set_cipher(ctx, "AES-256-CBC", NULL))
291 || !TEST_true(OSSL_ENCODER_to_bio(ctx, bio_out)))
292 goto err;
293
294 /* Use an invalid cipher name, which should generate no output */
295 TEST_note("NOT Displaying PEM encrypted with (invalid) FOO");
296 if (!TEST_false(OSSL_ENCODER_CTX_set_cipher(ctx, "FOO", NULL))
297 || !TEST_false(OSSL_ENCODER_to_bio(ctx, bio_out)))
298 goto err;
299
300 /* Clear the cipher. This should give us an unencrypted PEM again */
301 TEST_note("Testing with encryption cleared (no encryption)");
302 if (!TEST_true(OSSL_ENCODER_CTX_set_cipher(ctx, NULL, NULL))
303 || !TEST_true(OSSL_ENCODER_to_bio(ctx, membio))
304 || !TEST_true(compare_with_file(alg, type, membio)))
305 goto err;
306 }
307 ret = 1;
308 err:
309 BIO_free(membio);
310 OSSL_ENCODER_CTX_free(ctx);
311 return ret;
312 }
313
test_print_key_using_encoder(const char * alg,const EVP_PKEY * pk)314 static int test_print_key_using_encoder(const char *alg, const EVP_PKEY *pk)
315 {
316 int i;
317 int ret = 1;
318
319 for (i = PRIV_TEXT; i <= PUB_DER; i++)
320 ret = ret && test_print_key_type_using_encoder(alg, i, pk);
321
322 return ret;
323 }
324
325 #ifndef OPENSSL_NO_ECX
test_print_key_using_encoder_public(const char * alg,const EVP_PKEY * pk)326 static int test_print_key_using_encoder_public(const char *alg,
327 const EVP_PKEY *pk)
328 {
329 int i;
330 int ret = 1;
331
332 for (i = PUB_TEXT; i <= PUB_DER; i++)
333 ret = ret && test_print_key_type_using_encoder(alg, i, pk);
334
335 return ret;
336 }
337 #endif
338
339 /* Array indexes used in test_fromdata_rsa */
340 #define N 0
341 #define E 1
342 #define D 2
343 #define P 3
344 #define Q 4
345 #define DP 5
346 #define DQ 6
347 #define QINV 7
348
test_fromdata_rsa(void)349 static int test_fromdata_rsa(void)
350 {
351 int ret = 0, i;
352 EVP_PKEY_CTX *ctx = NULL, *key_ctx = NULL;
353 EVP_PKEY *pk = NULL, *copy_pk = NULL, *dup_pk = NULL;
354 /*
355 * 32-bit RSA key, extracted from this command,
356 * executed with OpenSSL 1.0.2:
357 *
358 * openssl genrsa 32 | openssl rsa -text
359 */
360 static unsigned long key_numbers[] = {
361 0xbc747fc5, /* N */
362 0x10001, /* E */
363 0x7b133399, /* D */
364 0xe963, /* P */
365 0xceb7, /* Q */
366 0x8599, /* DP */
367 0xbd87, /* DQ */
368 0xcc3b, /* QINV */
369 };
370 OSSL_PARAM fromdata_params[] = {
371 OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_N, &key_numbers[N]),
372 OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_E, &key_numbers[E]),
373 OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_D, &key_numbers[D]),
374 OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_FACTOR1, &key_numbers[P]),
375 OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_FACTOR2, &key_numbers[Q]),
376 OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_EXPONENT1, &key_numbers[DP]),
377 OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_EXPONENT2, &key_numbers[DQ]),
378 OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_COEFFICIENT1, &key_numbers[QINV]),
379 OSSL_PARAM_END
380 };
381 BIGNUM *bn = BN_new();
382 BIGNUM *bn_from = BN_new();
383
384 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(NULL, "RSA", NULL)))
385 goto err;
386
387 if (!TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1)
388 || !TEST_int_eq(EVP_PKEY_fromdata(ctx, &pk, EVP_PKEY_KEYPAIR,
389 fromdata_params),
390 1))
391 goto err;
392
393 for (;;) {
394 ret = 0;
395 if (!TEST_int_eq(EVP_PKEY_get_bits(pk), 32)
396 || !TEST_int_eq(EVP_PKEY_get_security_bits(pk), 8)
397 || !TEST_int_eq(EVP_PKEY_get_size(pk), 4)
398 || !TEST_false(EVP_PKEY_missing_parameters(pk)))
399 goto err;
400
401 EVP_PKEY_CTX_free(key_ctx);
402 if (!TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(NULL, pk, "")))
403 goto err;
404
405 if (!TEST_int_gt(EVP_PKEY_check(key_ctx), 0)
406 || !TEST_int_gt(EVP_PKEY_public_check(key_ctx), 0)
407 || !TEST_int_gt(EVP_PKEY_private_check(key_ctx), 0)
408 || !TEST_int_gt(EVP_PKEY_pairwise_check(key_ctx), 0))
409 goto err;
410
411 /* EVP_PKEY_copy_parameters() should fail for RSA */
412 if (!TEST_ptr(copy_pk = EVP_PKEY_new())
413 || !TEST_false(EVP_PKEY_copy_parameters(copy_pk, pk)))
414 goto err;
415 EVP_PKEY_free(copy_pk);
416 copy_pk = NULL;
417
418 ret = test_print_key_using_pem("RSA", pk)
419 && test_print_key_using_encoder("RSA", pk);
420
421 if (!ret || dup_pk != NULL)
422 break;
423
424 if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pk)))
425 goto err;
426 ret = ret && TEST_int_eq(EVP_PKEY_eq(pk, dup_pk), 1);
427 EVP_PKEY_free(pk);
428 pk = dup_pk;
429 if (!ret)
430 goto err;
431 }
432 err:
433 /* for better diagnostics always compare key params */
434 for (i = 0; fromdata_params[i].key != NULL; ++i) {
435 if (!TEST_true(BN_set_word(bn_from, key_numbers[i]))
436 || !TEST_true(EVP_PKEY_get_bn_param(pk, fromdata_params[i].key,
437 &bn))
438 || !TEST_BN_eq(bn, bn_from))
439 ret = 0;
440 }
441 BN_free(bn_from);
442 BN_free(bn);
443 EVP_PKEY_free(pk);
444 EVP_PKEY_free(copy_pk);
445 EVP_PKEY_CTX_free(key_ctx);
446 EVP_PKEY_CTX_free(ctx);
447
448 return ret;
449 }
450
451 struct check_data {
452 const char *pname;
453 BIGNUM *comparebn;
454 };
455
do_fromdata_rsa_derive(OSSL_PARAM * fromdata_params,struct check_data check[],int expected_nbits,int expected_sbits,int expected_ksize)456 static int do_fromdata_rsa_derive(OSSL_PARAM *fromdata_params,
457 struct check_data check[],
458 int expected_nbits, int expected_sbits,
459 int expected_ksize)
460 {
461 const OSSL_PARAM *check_param = NULL;
462 BIGNUM *check_bn = NULL;
463 OSSL_PARAM *todata_params = NULL;
464 EVP_PKEY_CTX *ctx = NULL, *key_ctx = NULL;
465 EVP_PKEY *pk = NULL, *copy_pk = NULL, *dup_pk = NULL;
466 int i;
467 int ret = 0;
468
469 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(NULL, "RSA", NULL))
470 || !TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1)
471 || !TEST_int_eq(EVP_PKEY_fromdata(ctx, &pk, EVP_PKEY_KEYPAIR,
472 fromdata_params),
473 1))
474 goto err;
475
476 /*
477 * get the generated key parameters back and validate that the
478 * exponents/coeffs are correct
479 */
480 if (!TEST_int_eq(EVP_PKEY_todata(pk, EVP_PKEY_KEYPAIR, &todata_params), 1))
481 goto err;
482
483 for (i = 0; check[i].pname != NULL; i++) {
484 if (!TEST_ptr(check_param = OSSL_PARAM_locate_const(todata_params,
485 check[i].pname)))
486 goto err;
487 if (!TEST_int_eq(OSSL_PARAM_get_BN(check_param, &check_bn), 1))
488 goto err;
489 if (!TEST_BN_eq(check_bn, check[i].comparebn)) {
490 TEST_info("Data mismatch for parameter %s", check[i].pname);
491 goto err;
492 }
493 BN_free(check_bn);
494 check_bn = NULL;
495 }
496
497 for (;;) {
498 if (!TEST_int_eq(EVP_PKEY_get_bits(pk), expected_nbits)
499 || !TEST_int_eq(EVP_PKEY_get_security_bits(pk), expected_sbits)
500 || !TEST_int_eq(EVP_PKEY_get_size(pk), expected_ksize)
501 || !TEST_false(EVP_PKEY_missing_parameters(pk)))
502 goto err;
503
504 EVP_PKEY_CTX_free(key_ctx);
505 if (!TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(NULL, pk, "")))
506 goto err;
507
508 if (!TEST_int_gt(EVP_PKEY_check(key_ctx), 0)
509 || !TEST_int_gt(EVP_PKEY_public_check(key_ctx), 0)
510 || !TEST_int_gt(EVP_PKEY_private_check(key_ctx), 0)
511 || !TEST_int_gt(EVP_PKEY_pairwise_check(key_ctx), 0))
512 goto err;
513
514 /* EVP_PKEY_copy_parameters() should fail for RSA */
515 if (!TEST_ptr(copy_pk = EVP_PKEY_new())
516 || !TEST_false(EVP_PKEY_copy_parameters(copy_pk, pk)))
517 goto err;
518 EVP_PKEY_free(copy_pk);
519 copy_pk = NULL;
520
521 if (dup_pk != NULL)
522 break;
523
524 if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pk)))
525 goto err;
526 if (!TEST_int_eq(EVP_PKEY_eq(pk, dup_pk), 1)) {
527 EVP_PKEY_free(dup_pk);
528 goto err;
529 }
530 EVP_PKEY_free(pk);
531 pk = dup_pk;
532 }
533 ret = 1;
534 err:
535 BN_free(check_bn);
536 EVP_PKEY_free(pk);
537 EVP_PKEY_CTX_free(ctx);
538 EVP_PKEY_CTX_free(key_ctx);
539 OSSL_PARAM_free(fromdata_params);
540 OSSL_PARAM_free(todata_params);
541 return ret;
542 }
543
test_fromdata_rsa_derive_from_pq_sp800(void)544 static int test_fromdata_rsa_derive_from_pq_sp800(void)
545 {
546 OSSL_PARAM_BLD *bld = NULL;
547 BIGNUM *n = NULL, *e = NULL, *d = NULL, *p = NULL, *q = NULL;
548 BIGNUM *dmp1 = NULL, *dmq1 = NULL, *iqmp = NULL;
549 OSSL_PARAM *fromdata_params = NULL;
550 struct check_data cdata[4];
551 int ret = 0;
552 /*
553 * 512-bit RSA key, extracted from this command,
554 * openssl genrsa 512 | openssl rsa -text
555 * Note: When generating a key with EVP_PKEY_fromdata, and using
556 * crt derivation, openssl requires a minimum of 512 bits of n data,
557 * and 2048 bits in the FIPS case
558 */
559 static unsigned char n_data[] = { 0x00, 0xc7, 0x06, 0xd8, 0x6b, 0x3c, 0x4f, 0xb7, 0x95, 0x42, 0x44, 0x90,
560 0xbd, 0xef, 0xf3, 0xc4, 0xb5, 0xa8, 0x55, 0x9e, 0x33, 0xa3, 0x04, 0x3a,
561 0x90, 0xe5, 0x13, 0xff, 0x87, 0x69, 0x15, 0xa4, 0x8a, 0x17, 0x10, 0xcc,
562 0xdf, 0xf9, 0xc5, 0x0f, 0xf1, 0x12, 0xff, 0x12, 0x11, 0xe5, 0x6b, 0x5c,
563 0x83, 0xd9, 0x43, 0xd1, 0x8a, 0x7e, 0xa6, 0x60, 0x07, 0x2e, 0xbb, 0x03,
564 0x17, 0x2d, 0xec, 0x17, 0x87 };
565 static unsigned char e_data[] = { 0x01, 0x00, 0x01 };
566 static unsigned char d_data[] = { 0x1e, 0x5e, 0x5d, 0x07, 0x7f, 0xdc, 0x6a, 0x16, 0xcc, 0x55, 0xca, 0x00,
567 0x31, 0x6c, 0xf0, 0xc7, 0x07, 0x38, 0x89, 0x3b, 0x37, 0xd4, 0x9d, 0x5b,
568 0x1e, 0x99, 0x3e, 0x94, 0x5a, 0xe4, 0x82, 0x86, 0x8a, 0x78, 0x34, 0x09,
569 0x37, 0xd5, 0xe7, 0xb4, 0xef, 0x5f, 0x83, 0x94, 0xff, 0xe5, 0x36, 0x79,
570 0x10, 0x0c, 0x38, 0xc5, 0x3a, 0x33, 0xa6, 0x7c, 0x3c, 0xcc, 0x98, 0xe0,
571 0xf5, 0xdb, 0xe6, 0x81 };
572 static unsigned char p_data[] = { 0x00, 0xf6, 0x61, 0x38, 0x0e, 0x1f, 0x82, 0x7c, 0xb8, 0xba, 0x00, 0xd3,
573 0xac, 0xdc, 0x4e, 0x6b, 0x7e, 0xf7, 0x58, 0xf3, 0xd9, 0xd8, 0x21, 0xed,
574 0x54, 0xa3, 0x36, 0xd2, 0x2c, 0x5f, 0x06, 0x7d, 0xc5 };
575 static unsigned char q_data[] = { 0x00, 0xce, 0xcc, 0x4a, 0xa5, 0x4f, 0xd6, 0x73, 0xd0, 0x20, 0xc3, 0x98,
576 0x64, 0x20, 0x9b, 0xc1, 0x23, 0xd8, 0x5c, 0x82, 0x4f, 0xe8, 0xa5, 0x32,
577 0xcd, 0x7e, 0x97, 0xb4, 0xde, 0xf6, 0x4c, 0x80, 0xdb };
578 static unsigned char dmp1_data[] = { 0x00, 0xd1, 0x07, 0xb6, 0x79, 0x34, 0xfe, 0x8e, 0x36, 0x63, 0x88, 0xa4,
579 0x0e, 0x3a, 0x73, 0x45, 0xfc, 0x58, 0x7a, 0x5d, 0x98, 0xeb, 0x28, 0x0d,
580 0xa5, 0x0b, 0x3c, 0x4d, 0xa0, 0x5b, 0x96, 0xb4, 0x49 };
581 static unsigned char dmq1_data[] = { 0x5b, 0x47, 0x02, 0xdf, 0xaa, 0xb8, 0xae, 0x8f, 0xbc, 0x16, 0x79, 0x6a,
582 0x20, 0x96, 0x7f, 0x0e, 0x92, 0x4e, 0x6a, 0xda, 0x58, 0x86, 0xaa, 0x40,
583 0xd7, 0xd2, 0xa0, 0x6c, 0x15, 0x6c, 0xb9, 0x27 };
584 static unsigned char iqmp_data[] = { 0x00, 0xa0, 0xd6, 0xf0, 0xe8, 0x17, 0x9e, 0xe7, 0xe6, 0x99, 0x12, 0xd6,
585 0xd9, 0x43, 0xcf, 0xed, 0x37, 0x29, 0xf5, 0x6c, 0x3e, 0xc1, 0x7f, 0x2e,
586 0x31, 0x3f, 0x64, 0x34, 0x66, 0x68, 0x5c, 0x22, 0x08 };
587
588 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
589 || !TEST_ptr(n = BN_bin2bn(n_data, sizeof(n_data), NULL))
590 || !TEST_ptr(e = BN_bin2bn(e_data, sizeof(e_data), NULL))
591 || !TEST_ptr(d = BN_bin2bn(d_data, sizeof(d_data), NULL))
592 || !TEST_ptr(p = BN_bin2bn(p_data, sizeof(p_data), NULL))
593 || !TEST_ptr(q = BN_bin2bn(q_data, sizeof(q_data), NULL))
594 || !TEST_ptr(dmp1 = BN_bin2bn(dmp1_data, sizeof(dmp1_data), NULL))
595 || !TEST_ptr(dmq1 = BN_bin2bn(dmq1_data, sizeof(dmq1_data), NULL))
596 || !TEST_ptr(iqmp = BN_bin2bn(iqmp_data, sizeof(iqmp_data), NULL))
597 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_N, n))
598 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_E, e))
599 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_D, d))
600 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_FACTOR1,
601 p))
602 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_FACTOR2,
603 q))
604 || !TEST_true(OSSL_PARAM_BLD_push_int(bld,
605 OSSL_PKEY_PARAM_RSA_DERIVE_FROM_PQ, 1))
606 || !TEST_ptr(fromdata_params = OSSL_PARAM_BLD_to_param(bld)))
607 goto err;
608
609 cdata[0].pname = OSSL_PKEY_PARAM_RSA_EXPONENT1;
610 cdata[0].comparebn = dmp1;
611 cdata[1].pname = OSSL_PKEY_PARAM_RSA_EXPONENT2;
612 cdata[1].comparebn = dmq1;
613 cdata[2].pname = OSSL_PKEY_PARAM_RSA_COEFFICIENT1;
614 cdata[2].comparebn = iqmp;
615 cdata[3].pname = NULL;
616 cdata[3].comparebn = NULL;
617
618 ret = do_fromdata_rsa_derive(fromdata_params, cdata, 512, 56, 64);
619
620 err:
621 BN_free(n);
622 BN_free(e);
623 BN_free(d);
624 BN_free(p);
625 BN_free(q);
626 BN_free(dmp1);
627 BN_free(dmq1);
628 BN_free(iqmp);
629 OSSL_PARAM_BLD_free(bld);
630 return ret;
631 }
632
test_fromdata_rsa_derive_from_pq_multiprime(void)633 static int test_fromdata_rsa_derive_from_pq_multiprime(void)
634 {
635 OSSL_PARAM_BLD *bld = NULL;
636 BIGNUM *n = NULL, *e = NULL, *d = NULL;
637 BIGNUM *p = NULL, *q = NULL, *p2 = NULL;
638 BIGNUM *dmp1 = NULL, *dmq1 = NULL, *iqmp = NULL;
639 BIGNUM *exp3 = NULL, *coeff2 = NULL;
640 OSSL_PARAM *fromdata_params = NULL;
641 struct check_data cdata[12];
642 int ret = 0;
643 /*
644 * multiprime RSA key, extracted from this command,
645 * openssl genrsa -primes 3 | openssl rsa -text
646 * Note: When generating a key with EVP_PKEY_fromdata, and using
647 * crt derivation, openssl requires a minimum of 512 bits of n data,
648 * and 2048 bits in the FIPS case
649 */
650 static unsigned char n_data[] = { 0x00, 0x95, 0x78, 0x21, 0xe0, 0xca, 0x94, 0x6c, 0x0b, 0x86, 0x2a, 0x01,
651 0xde, 0xd9, 0xab, 0xee, 0x88, 0x4a, 0x27, 0x4f, 0xcc, 0x5f, 0xf1, 0x71,
652 0xe1, 0x0b, 0xc3, 0xd1, 0x88, 0x76, 0xf0, 0x83, 0x03, 0x93, 0x7e, 0x39,
653 0xfa, 0x47, 0x89, 0x34, 0x27, 0x18, 0x19, 0x97, 0xfc, 0xd4, 0xfe, 0xe5,
654 0x8a, 0xa9, 0x11, 0x83, 0xb5, 0x15, 0x4a, 0x29, 0xa6, 0xa6, 0xd0, 0x6e,
655 0x0c, 0x7f, 0x61, 0x8f, 0x7e, 0x7c, 0xfb, 0xfc, 0x04, 0x8b, 0xca, 0x44,
656 0xf8, 0x59, 0x0b, 0x22, 0x6f, 0x3f, 0x92, 0x23, 0x98, 0xb5, 0xc8, 0xf7,
657 0xff, 0xf7, 0xac, 0x6b, 0x36, 0xb3, 0xaf, 0x39, 0xde, 0x66, 0x38, 0x51,
658 0x9f, 0xbe, 0xe2, 0xfc, 0xe4, 0x6f, 0x1a, 0x0f, 0x7a, 0xde, 0x7f, 0x0f,
659 0x4e, 0xbc, 0xed, 0xa2, 0x99, 0xc5, 0xd1, 0xbf, 0x8f, 0xba, 0x92, 0x91,
660 0xe4, 0x00, 0x91, 0xbb, 0x67, 0x36, 0x7d, 0x00, 0x50, 0xda, 0x28, 0x38,
661 0xdc, 0x9f, 0xfe, 0x3f, 0x24, 0x5a, 0x0d, 0xe1, 0x8d, 0xe9, 0x45, 0x2c,
662 0xd7, 0xf2, 0x67, 0x8c, 0x0c, 0x6e, 0xdb, 0xc8, 0x8b, 0x6b, 0x38, 0x30,
663 0x21, 0x94, 0xc0, 0xe3, 0xd7, 0xe0, 0x23, 0xd3, 0xd4, 0xfa, 0xdb, 0xb9,
664 0xfe, 0x1a, 0xcc, 0xc9, 0x79, 0x19, 0x35, 0x18, 0x42, 0x30, 0xc4, 0xb5,
665 0x92, 0x33, 0x1e, 0xd4, 0xc4, 0xc0, 0x9d, 0x55, 0x37, 0xd4, 0xef, 0x54,
666 0x71, 0x81, 0x09, 0x15, 0xdb, 0x11, 0x38, 0x6b, 0x35, 0x93, 0x11, 0xdc,
667 0xb1, 0x6c, 0xd6, 0xa4, 0x37, 0x84, 0xf3, 0xb2, 0x2f, 0x1b, 0xd6, 0x05,
668 0x9f, 0x0e, 0x5c, 0x98, 0x29, 0x2f, 0x95, 0xb6, 0x55, 0xbd, 0x24, 0x44,
669 0xc5, 0xc8, 0xa2, 0x76, 0x1e, 0xf8, 0x82, 0x8a, 0xdf, 0x34, 0x72, 0x7e,
670 0xdd, 0x65, 0x4b, 0xfc, 0x6c, 0x1c, 0x96, 0x70, 0xe2, 0x69, 0xb5, 0x12,
671 0x1b, 0x59, 0x67, 0x14, 0x9d };
672 static unsigned char e_data[] = { 0x01, 0x00, 0x01 };
673 static unsigned char d_data[] = { 0x64, 0x57, 0x4d, 0x86, 0xf6, 0xf8, 0x44, 0xc0, 0x47, 0xc5, 0x13, 0x94,
674 0x63, 0x54, 0x84, 0xc1, 0x81, 0xe6, 0x7a, 0x2f, 0x9d, 0x89, 0x1d, 0x06,
675 0x13, 0x3b, 0xd6, 0x02, 0x62, 0xb6, 0x7b, 0x7d, 0x7f, 0x1a, 0x92, 0x19,
676 0x6e, 0xc4, 0xb0, 0xfa, 0x3d, 0xb7, 0x90, 0xcc, 0xee, 0xc0, 0x5f, 0xa0,
677 0x82, 0x77, 0x7b, 0x8f, 0xa9, 0x47, 0x2c, 0x46, 0xf0, 0x5d, 0xa4, 0x43,
678 0x47, 0x90, 0x5b, 0x20, 0x73, 0x0f, 0x46, 0xd4, 0x56, 0x73, 0xe7, 0x71,
679 0x41, 0x75, 0xb4, 0x1c, 0x32, 0xf5, 0x0c, 0x68, 0x8c, 0x40, 0xea, 0x1c,
680 0x30, 0x12, 0xa2, 0x65, 0x02, 0x27, 0x98, 0x4e, 0x0a, 0xbf, 0x2b, 0x72,
681 0xb2, 0x5c, 0xe3, 0xbe, 0x3e, 0xc7, 0xdb, 0x9b, 0xa2, 0x4a, 0x90, 0xc0,
682 0xa7, 0xb0, 0x00, 0xf1, 0x6a, 0xff, 0xa3, 0x77, 0xf7, 0x71, 0xa2, 0x41,
683 0xe9, 0x6e, 0x7c, 0x38, 0x24, 0x46, 0xd5, 0x5c, 0x49, 0x2a, 0xe6, 0xee,
684 0x27, 0x4b, 0x2e, 0x6f, 0x16, 0x54, 0x2d, 0x37, 0x36, 0x01, 0x39, 0x2b,
685 0x23, 0x4b, 0xb4, 0x65, 0x25, 0x4d, 0x7f, 0x72, 0x20, 0x7f, 0x5d, 0xec,
686 0x50, 0xba, 0xbb, 0xaa, 0x9c, 0x3c, 0x1d, 0xa1, 0x40, 0x2c, 0x6a, 0x8b,
687 0x5f, 0x2e, 0xe0, 0xa6, 0xf7, 0x9e, 0x03, 0xb5, 0x44, 0x5f, 0x74, 0xc7,
688 0x9f, 0x89, 0x2b, 0x71, 0x2f, 0x66, 0x9f, 0x03, 0x6c, 0x96, 0xd0, 0x23,
689 0x36, 0x4d, 0xa1, 0xf0, 0x82, 0xcc, 0x43, 0xe7, 0x08, 0x93, 0x40, 0x18,
690 0xc0, 0x39, 0x73, 0x83, 0xe2, 0xec, 0x9b, 0x81, 0x9d, 0x4c, 0x86, 0xaa,
691 0x59, 0xa8, 0x67, 0x1c, 0x80, 0xdc, 0x6f, 0x7f, 0x23, 0x6b, 0x7d, 0x2c,
692 0x56, 0x99, 0xa0, 0x89, 0x7e, 0xdb, 0x8b, 0x7a, 0xaa, 0x03, 0x8e, 0x8e,
693 0x8e, 0x3a, 0x58, 0xb4, 0x03, 0x6b, 0x65, 0xfa, 0x92, 0x0a, 0x96, 0x93,
694 0xa6, 0x07, 0x60, 0x01 };
695 static unsigned char p_data[] = { 0x06, 0x55, 0x7f, 0xbd, 0xfd, 0xa8, 0x4c, 0x94, 0x5e, 0x10, 0x8a, 0x54,
696 0x37, 0xf3, 0x64, 0x37, 0x3a, 0xca, 0x18, 0x1b, 0xdd, 0x71, 0xa5, 0x94,
697 0xc9, 0x31, 0x59, 0xa5, 0x89, 0xe9, 0xc4, 0xba, 0x55, 0x90, 0x6d, 0x9c,
698 0xcc, 0x52, 0x5d, 0x44, 0xa8, 0xbc, 0x2b, 0x3b, 0x8c, 0xbd, 0x96, 0xfa,
699 0xcd, 0x54, 0x63, 0xe3, 0xc8, 0xfe, 0x5e, 0xc6, 0x73, 0x98, 0x14, 0x7a,
700 0x54, 0x0e, 0xe7, 0x75, 0x49, 0x93, 0x20, 0x33, 0x17, 0xa9, 0x34, 0xa8,
701 0xee, 0xaf, 0x3a, 0xcc, 0xf5, 0x69, 0xfc, 0x30, 0x1a, 0xdf, 0x49, 0x61,
702 0xa4, 0xd1 };
703 static unsigned char p2_data[] = { 0x03, 0xe2, 0x41, 0x3d, 0xb1, 0xdd, 0xad, 0xd7, 0x3b, 0xf8, 0xab, 0x32,
704 0x27, 0x8b, 0xac, 0x95, 0xc0, 0x1a, 0x3f, 0x80, 0x8e, 0x21, 0xa9, 0xb8,
705 0xa2, 0xed, 0xcf, 0x97, 0x5c, 0x61, 0x10, 0x94, 0x1b, 0xd0, 0xbe, 0x88,
706 0xc2, 0xa7, 0x20, 0xe5, 0xa5, 0xc2, 0x7a, 0x7e, 0xf0, 0xd1, 0xe4, 0x13,
707 0x75, 0xb9, 0x62, 0x90, 0xf1, 0xc3, 0x5b, 0x8c, 0xe9, 0xa9, 0x5b, 0xb7,
708 0x6d, 0xdc, 0xcd, 0x12, 0xea, 0x97, 0x05, 0x04, 0x25, 0x2a, 0x93, 0xd1,
709 0x4e, 0x05, 0x1a, 0x50, 0xa2, 0x67, 0xb8, 0x4b, 0x09, 0x15, 0x65, 0x6c,
710 0x66, 0x2d };
711 static unsigned char q_data[] = { 0x06, 0x13, 0x74, 0x6e, 0xde, 0x7c, 0x33, 0xc2, 0xe7, 0x05, 0x2c, 0xeb,
712 0x25, 0x7d, 0x4a, 0x07, 0x7e, 0x03, 0xcf, 0x6a, 0x23, 0x36, 0x25, 0x23,
713 0xf6, 0x5d, 0xde, 0xa3, 0x0f, 0x82, 0xe6, 0x4b, 0xec, 0x39, 0xbf, 0x37,
714 0x1f, 0x4f, 0x56, 0x1e, 0xd8, 0x62, 0x32, 0x5c, 0xf5, 0x37, 0x75, 0x20,
715 0xe2, 0x7e, 0x56, 0x82, 0xc6, 0x35, 0xd3, 0x4d, 0xfa, 0x6c, 0xc3, 0x93,
716 0xf0, 0x60, 0x53, 0x78, 0x95, 0xee, 0xf9, 0x8b, 0x2c, 0xaf, 0xb1, 0x47,
717 0x5c, 0x29, 0x0d, 0x2a, 0x47, 0x7f, 0xd0, 0x7a, 0x4e, 0x26, 0x7b, 0x47,
718 0xfb, 0x61 };
719 static unsigned char dmp1_data[] = { 0x01, 0x13, 0x3a, 0x1f, 0x91, 0x92, 0xa3, 0x8c, 0xfb, 0x7a, 0x6b, 0x40,
720 0x68, 0x4e, 0xd3, 0xcf, 0xdc, 0x16, 0xb9, 0x88, 0xe1, 0x49, 0x8d, 0x05,
721 0x78, 0x30, 0xfc, 0x3a, 0x70, 0xf2, 0x51, 0x06, 0x1f, 0xc7, 0xe8, 0x13,
722 0x19, 0x4b, 0x51, 0xb1, 0x79, 0xc2, 0x96, 0xc4, 0x00, 0xdb, 0x9d, 0x68,
723 0xec, 0xb9, 0x4a, 0x4b, 0x3b, 0xae, 0x91, 0x7f, 0xb5, 0xd7, 0x36, 0x82,
724 0x9d, 0x09, 0xfa, 0x97, 0x99, 0xe9, 0x73, 0x29, 0xb8, 0xf6, 0x6b, 0x8d,
725 0xd1, 0x15, 0xc5, 0x31, 0x4c, 0xe6, 0xb4, 0x7b, 0xa5, 0xd4, 0x08, 0xac,
726 0x9e, 0x41 };
727 static unsigned char dmq1_data[] = { 0x05, 0xcd, 0x33, 0xc2, 0xdd, 0x3b, 0xb8, 0xec, 0xe4, 0x4c, 0x03, 0xcc,
728 0xef, 0xba, 0x07, 0x22, 0xca, 0x47, 0x77, 0x18, 0x40, 0x50, 0xe5, 0xfb,
729 0xc5, 0xb5, 0x71, 0xed, 0x3e, 0xd5, 0x5d, 0x72, 0xa7, 0x37, 0xa8, 0x86,
730 0x48, 0xa6, 0x27, 0x74, 0x42, 0x66, 0xd8, 0xf1, 0xfb, 0xcf, 0x1d, 0x4e,
731 0xee, 0x15, 0x76, 0x23, 0x5e, 0x81, 0x6c, 0xa7, 0x2b, 0x74, 0x08, 0xf7,
732 0x4c, 0x71, 0x9d, 0xa2, 0x29, 0x7f, 0xca, 0xd5, 0x02, 0x31, 0x2c, 0x54,
733 0x18, 0x02, 0xb6, 0xa8, 0x65, 0x26, 0xfc, 0xf8, 0x9b, 0x80, 0x90, 0xfc,
734 0x75, 0x61 };
735 static unsigned char iqmp_data[] = { 0x05, 0x78, 0xf8, 0xdd, 0x1c, 0x6f, 0x3d, 0xaf, 0x53, 0x84, 0x32, 0xa9,
736 0x35, 0x52, 0xf3, 0xd0, 0x4d, 0xf8, 0x09, 0x85, 0x3d, 0x72, 0x20, 0x8b,
737 0x47, 0xba, 0xc8, 0xce, 0xac, 0xd9, 0x76, 0x90, 0x05, 0x88, 0x63, 0x8a,
738 0x10, 0x2b, 0xcd, 0xd3, 0xbe, 0x8c, 0x16, 0x60, 0x6a, 0xfd, 0xce, 0xc7,
739 0x9f, 0xfa, 0xbb, 0xe3, 0xa6, 0xde, 0xc2, 0x8f, 0x1d, 0x25, 0xdc, 0x41,
740 0xcb, 0xa4, 0xeb, 0x76, 0xc9, 0xdc, 0x8e, 0x49, 0x0e, 0xe4, 0x7c, 0xd2,
741 0xd5, 0x6e, 0x26, 0x3c, 0x0b, 0xd3, 0xc5, 0x20, 0x4e, 0x4b, 0xb6, 0xf7,
742 0xae, 0xef };
743 static unsigned char exp3_data[] = { 0x02, 0x7d, 0x16, 0x24, 0xfc, 0x35, 0xf9, 0xd0, 0xb3, 0x02, 0xf2, 0x5f,
744 0xde, 0xeb, 0x27, 0x19, 0x85, 0xd0, 0xcb, 0xe4, 0x0a, 0x2f, 0x13, 0xdb,
745 0xd5, 0xba, 0xe0, 0x8c, 0x32, 0x8b, 0x97, 0xdd, 0xef, 0xbc, 0xe0, 0x7a,
746 0x2d, 0x90, 0x7e, 0x09, 0xe9, 0x1f, 0x26, 0xf2, 0xf4, 0x48, 0xea, 0x06,
747 0x76, 0x26, 0xe6, 0x3b, 0xce, 0x4e, 0xc9, 0xf9, 0x0f, 0x38, 0x90, 0x26,
748 0x87, 0x65, 0x36, 0x9a, 0xea, 0x6a, 0xfe, 0xb1, 0xdb, 0x46, 0xdf, 0x14,
749 0xfd, 0x13, 0x53, 0xfb, 0x5b, 0x35, 0x6e, 0xe7, 0xd5, 0xd8, 0x39, 0xf7,
750 0x2d, 0xb9 };
751 static unsigned char coeff2_data[] = { 0x01, 0xba, 0x66, 0x0a, 0xa2, 0x86, 0xc0, 0x57, 0x7f, 0x4e, 0x68, 0xb1,
752 0x86, 0x63, 0x23, 0x5b, 0x0e, 0xeb, 0x93, 0x42, 0xd1, 0xaa, 0x15, 0x13,
753 0xcc, 0x29, 0x71, 0x8a, 0xb0, 0xe0, 0xc9, 0x67, 0xde, 0x1a, 0x7c, 0x1a,
754 0xef, 0xa7, 0x08, 0x85, 0xb3, 0xae, 0x98, 0x99, 0xde, 0xaf, 0x09, 0x38,
755 0xfc, 0x46, 0x29, 0x5f, 0x4f, 0x7e, 0x01, 0x6c, 0x50, 0x13, 0x95, 0x91,
756 0x4c, 0x0f, 0x00, 0xba, 0xca, 0x40, 0xa3, 0xd0, 0x58, 0xb6, 0x62, 0x4c,
757 0xd1, 0xb6, 0xd3, 0x29, 0x5d, 0x82, 0xb3, 0x3d, 0x61, 0xbe, 0x5d, 0xf0,
758 0x4b, 0xf4 };
759
760 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
761 || !TEST_ptr(n = BN_bin2bn(n_data, sizeof(n_data), NULL))
762 || !TEST_ptr(e = BN_bin2bn(e_data, sizeof(e_data), NULL))
763 || !TEST_ptr(d = BN_bin2bn(d_data, sizeof(d_data), NULL))
764 || !TEST_ptr(p = BN_bin2bn(p_data, sizeof(p_data), NULL))
765 || !TEST_ptr(q = BN_bin2bn(q_data, sizeof(q_data), NULL))
766 || !TEST_ptr(p2 = BN_bin2bn(p2_data, sizeof(p2_data), NULL))
767 || !TEST_ptr(exp3 = BN_bin2bn(exp3_data, sizeof(exp3_data), NULL))
768 || !TEST_ptr(coeff2 = BN_bin2bn(coeff2_data, sizeof(coeff2_data), NULL))
769 || !TEST_ptr(dmp1 = BN_bin2bn(dmp1_data, sizeof(dmp1_data), NULL))
770 || !TEST_ptr(dmq1 = BN_bin2bn(dmq1_data, sizeof(dmq1_data), NULL))
771 || !TEST_ptr(iqmp = BN_bin2bn(iqmp_data, sizeof(iqmp_data), NULL))
772 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_N, n))
773 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_E, e))
774 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_D, d))
775 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_FACTOR1,
776 p))
777 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_FACTOR2,
778 q))
779 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_FACTOR3,
780 p2))
781 || !TEST_true(OSSL_PARAM_BLD_push_int(bld,
782 OSSL_PKEY_PARAM_RSA_DERIVE_FROM_PQ, 1))
783 || !TEST_ptr(fromdata_params = OSSL_PARAM_BLD_to_param(bld)))
784 goto err;
785
786 cdata[0].pname = OSSL_PKEY_PARAM_RSA_EXPONENT1;
787 cdata[0].comparebn = dmp1;
788 cdata[1].pname = OSSL_PKEY_PARAM_RSA_EXPONENT2;
789 cdata[1].comparebn = dmq1;
790 cdata[2].pname = OSSL_PKEY_PARAM_RSA_COEFFICIENT1;
791 cdata[2].comparebn = iqmp;
792 cdata[3].pname = OSSL_PKEY_PARAM_RSA_EXPONENT3;
793 cdata[3].comparebn = exp3;
794 cdata[4].pname = OSSL_PKEY_PARAM_RSA_COEFFICIENT2;
795 cdata[4].comparebn = coeff2;
796 cdata[5].pname = OSSL_PKEY_PARAM_RSA_N;
797 cdata[5].comparebn = n;
798 cdata[6].pname = OSSL_PKEY_PARAM_RSA_E;
799 cdata[6].comparebn = e;
800 cdata[7].pname = OSSL_PKEY_PARAM_RSA_D;
801 cdata[7].comparebn = d;
802 cdata[8].pname = OSSL_PKEY_PARAM_RSA_FACTOR1;
803 cdata[8].comparebn = p;
804 cdata[9].pname = OSSL_PKEY_PARAM_RSA_FACTOR2;
805 cdata[9].comparebn = q;
806 cdata[10].pname = OSSL_PKEY_PARAM_RSA_FACTOR3;
807 cdata[10].comparebn = p2;
808 cdata[11].pname = NULL;
809 cdata[11].comparebn = NULL;
810
811 ret = do_fromdata_rsa_derive(fromdata_params, cdata, 2048, 112, 256);
812
813 err:
814 BN_free(n);
815 BN_free(e);
816 BN_free(d);
817 BN_free(p);
818 BN_free(p2);
819 BN_free(q);
820 BN_free(dmp1);
821 BN_free(dmq1);
822 BN_free(iqmp);
823 BN_free(exp3);
824 BN_free(coeff2);
825 OSSL_PARAM_BLD_free(bld);
826 return ret;
827 }
828
test_evp_pkey_get_bn_param_large(void)829 static int test_evp_pkey_get_bn_param_large(void)
830 {
831 int ret = 0;
832 EVP_PKEY_CTX *ctx = NULL, *key_ctx = NULL;
833 EVP_PKEY *pk = NULL;
834 OSSL_PARAM_BLD *bld = NULL;
835 OSSL_PARAM *fromdata_params = NULL;
836 BIGNUM *n = NULL, *e = NULL, *d = NULL, *n_out = NULL;
837 /*
838 * The buffer size chosen here for n_data larger than the buffer used
839 * internally in EVP_PKEY_get_bn_param.
840 */
841 static unsigned char n_data[2050];
842 static const unsigned char e_data[] = {
843 0x1, 0x00, 0x01
844 };
845 static const unsigned char d_data[] = {
846 0x99, 0x33, 0x13, 0x7b
847 };
848
849 /* N is a large buffer */
850 memset(n_data, 0xCE, sizeof(n_data));
851
852 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
853 || !TEST_ptr(n = BN_bin2bn(n_data, sizeof(n_data), NULL))
854 || !TEST_ptr(e = BN_bin2bn(e_data, sizeof(e_data), NULL))
855 || !TEST_ptr(d = BN_bin2bn(d_data, sizeof(d_data), NULL))
856 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_N, n))
857 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_E, e))
858 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_D, d))
859 || !TEST_ptr(fromdata_params = OSSL_PARAM_BLD_to_param(bld))
860 || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(NULL, "RSA", NULL))
861 || !TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1)
862 || !TEST_int_eq(EVP_PKEY_fromdata(ctx, &pk, EVP_PKEY_KEYPAIR,
863 fromdata_params),
864 1)
865 || !TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(NULL, pk, ""))
866 || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_RSA_N, &n_out))
867 || !TEST_BN_eq(n, n_out))
868 goto err;
869 ret = 1;
870 err:
871 BN_free(n_out);
872 BN_free(n);
873 BN_free(e);
874 BN_free(d);
875 EVP_PKEY_free(pk);
876 EVP_PKEY_CTX_free(key_ctx);
877 EVP_PKEY_CTX_free(ctx);
878 OSSL_PARAM_free(fromdata_params);
879 OSSL_PARAM_BLD_free(bld);
880 return ret;
881 }
882
883 #ifndef OPENSSL_NO_DH
test_fromdata_dh_named_group(void)884 static int test_fromdata_dh_named_group(void)
885 {
886 int ret = 0;
887 int gindex = 0, pcounter = 0, hindex = 0;
888 EVP_PKEY_CTX *ctx = NULL, *key_ctx = NULL;
889 EVP_PKEY *pk = NULL, *copy_pk = NULL, *dup_pk = NULL;
890 size_t len;
891 BIGNUM *pub = NULL, *priv = NULL;
892 BIGNUM *pub_out = NULL, *priv_out = NULL;
893 BIGNUM *p = NULL, *q = NULL, *g = NULL, *j = NULL;
894 OSSL_PARAM *fromdata_params = NULL;
895 OSSL_PARAM_BLD *bld = NULL;
896 char name_out[80];
897 unsigned char seed_out[32];
898
899 /*
900 * DH key data was generated using the following:
901 * openssl genpkey -algorithm DH -pkeyopt group:ffdhe2048
902 * -pkeyopt priv_len:224 -text
903 */
904 static const unsigned char priv_data[] = {
905 0x88,
906 0x85,
907 0xe7,
908 0x9f,
909 0xee,
910 0x6d,
911 0xc5,
912 0x7c,
913 0x78,
914 0xaf,
915 0x63,
916 0x5d,
917 0x38,
918 0x2a,
919 0xd0,
920 0xed,
921 0x56,
922 0x4b,
923 0x47,
924 0x21,
925 0x2b,
926 0xfa,
927 0x55,
928 0xfa,
929 0x87,
930 0xe8,
931 0xa9,
932 0x7b,
933 };
934 static const unsigned char pub_data[] = {
935 0x00, 0xd6, 0x2d, 0x77, 0xe0, 0xd3, 0x7d, 0xf8, 0xeb, 0x98, 0x50, 0xa1,
936 0x82, 0x22, 0x65, 0xd5, 0xd9, 0xfe, 0xc9, 0x3f, 0xbe, 0x16, 0x83, 0xbd,
937 0x33, 0xe9, 0xc6, 0x93, 0xcf, 0x08, 0xaf, 0x83, 0xfa, 0x80, 0x8a, 0x6c,
938 0x64, 0xdf, 0x70, 0x64, 0xd5, 0x0a, 0x7c, 0x5a, 0x72, 0xda, 0x66, 0xe6,
939 0xf9, 0xf5, 0x31, 0x21, 0x92, 0xb0, 0x60, 0x1a, 0xb5, 0xd3, 0xf0, 0xa5,
940 0xfa, 0x48, 0x95, 0x2e, 0x38, 0xd9, 0xc5, 0xe6, 0xda, 0xfb, 0x6c, 0x03,
941 0x9d, 0x4b, 0x69, 0xb7, 0x95, 0xe4, 0x5c, 0xc0, 0x93, 0x4f, 0x48, 0xd9,
942 0x7e, 0x06, 0x22, 0xb2, 0xde, 0xf3, 0x79, 0x24, 0xed, 0xe1, 0xd1, 0x4a,
943 0x57, 0xf1, 0x40, 0x86, 0x70, 0x42, 0x25, 0xc5, 0x27, 0x68, 0xc9, 0xfa,
944 0xe5, 0x8e, 0x62, 0x7e, 0xff, 0x49, 0x6c, 0x5b, 0xb5, 0xba, 0xf9, 0xef,
945 0x9a, 0x1a, 0x10, 0xd4, 0x81, 0x53, 0xcf, 0x83, 0x04, 0x18, 0x1c, 0xe1,
946 0xdb, 0xe1, 0x65, 0xa9, 0x7f, 0xe1, 0x33, 0xeb, 0xc3, 0x4f, 0xe3, 0xb7,
947 0x22, 0xf7, 0x1c, 0x09, 0x4f, 0xed, 0xc6, 0x07, 0x8e, 0x78, 0x05, 0x8f,
948 0x7c, 0x96, 0xd9, 0x12, 0xe0, 0x81, 0x74, 0x1a, 0xe9, 0x13, 0xc0, 0x20,
949 0x82, 0x65, 0xbb, 0x42, 0x3b, 0xed, 0x08, 0x6a, 0x84, 0x4f, 0xea, 0x77,
950 0x14, 0x32, 0xf9, 0xed, 0xc2, 0x12, 0xd6, 0xc5, 0xc6, 0xb3, 0xe5, 0xf2,
951 0x6e, 0xf6, 0x16, 0x7f, 0x37, 0xde, 0xbc, 0x09, 0xc7, 0x06, 0x6b, 0x12,
952 0xbc, 0xad, 0x2d, 0x49, 0x25, 0xd5, 0xdc, 0xf4, 0x18, 0x14, 0xd2, 0xf0,
953 0xf1, 0x1d, 0x1f, 0x3a, 0xaa, 0x15, 0x55, 0xbb, 0x0d, 0x7f, 0xbe, 0x67,
954 0xa1, 0xa7, 0xf0, 0xaa, 0xb3, 0xfb, 0x41, 0x82, 0x39, 0x49, 0x93, 0xbc,
955 0xa8, 0xee, 0x72, 0x13, 0x45, 0x65, 0x15, 0x42, 0x17, 0xaa, 0xd8, 0xab,
956 0xcf, 0x33, 0x42, 0x83, 0x42
957 };
958 static const char group_name[] = "ffdhe2048";
959 static const long priv_len = 224;
960
961 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
962 || !TEST_ptr(pub = BN_bin2bn(pub_data, sizeof(pub_data), NULL))
963 || !TEST_ptr(priv = BN_bin2bn(priv_data, sizeof(priv_data), NULL))
964 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
965 OSSL_PKEY_PARAM_GROUP_NAME,
966 group_name, 0))
967 || !TEST_true(OSSL_PARAM_BLD_push_long(bld, OSSL_PKEY_PARAM_DH_PRIV_LEN,
968 priv_len))
969 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY, pub))
970 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY, priv))
971 || !TEST_ptr(fromdata_params = OSSL_PARAM_BLD_to_param(bld)))
972 goto err;
973
974 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(NULL, "DH", NULL)))
975 goto err;
976
977 if (!TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1)
978 || !TEST_int_eq(EVP_PKEY_fromdata(ctx, &pk, EVP_PKEY_KEYPAIR,
979 fromdata_params),
980 1))
981 goto err;
982
983 /*
984 * A few extra checks of EVP_PKEY_get_utf8_string_param() to see that
985 * it behaves as expected with regards to string length and terminating
986 * NUL byte.
987 */
988 if (!TEST_true(EVP_PKEY_get_utf8_string_param(pk,
989 OSSL_PKEY_PARAM_GROUP_NAME,
990 NULL, sizeof(name_out),
991 &len))
992 || !TEST_size_t_eq(len, sizeof(group_name) - 1)
993 /* Just enough space to hold the group name and a terminating NUL */
994 || !TEST_true(EVP_PKEY_get_utf8_string_param(pk,
995 OSSL_PKEY_PARAM_GROUP_NAME,
996 name_out,
997 sizeof(group_name),
998 &len))
999 || !TEST_size_t_eq(len, sizeof(group_name) - 1)
1000 /* Too small buffer to hold the terminating NUL byte */
1001 || !TEST_false(EVP_PKEY_get_utf8_string_param(pk,
1002 OSSL_PKEY_PARAM_GROUP_NAME,
1003 name_out,
1004 sizeof(group_name) - 1,
1005 &len))
1006 /* Too small buffer to hold the whole group name, even! */
1007 || !TEST_false(EVP_PKEY_get_utf8_string_param(pk,
1008 OSSL_PKEY_PARAM_GROUP_NAME,
1009 name_out,
1010 sizeof(group_name) - 2,
1011 &len)))
1012 goto err;
1013
1014 for (;;) {
1015 ret = 0;
1016 if (!TEST_int_eq(EVP_PKEY_get_bits(pk), 2048)
1017 || !TEST_int_eq(EVP_PKEY_get_security_bits(pk), 112)
1018 || !TEST_int_eq(EVP_PKEY_get_size(pk), 256)
1019 || !TEST_false(EVP_PKEY_missing_parameters(pk)))
1020 goto err;
1021
1022 if (!TEST_true(EVP_PKEY_get_utf8_string_param(pk,
1023 OSSL_PKEY_PARAM_GROUP_NAME,
1024 name_out,
1025 sizeof(name_out),
1026 &len))
1027 || !TEST_str_eq(name_out, group_name)
1028 || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_PUB_KEY,
1029 &pub_out))
1030
1031 || !TEST_BN_eq(pub, pub_out)
1032 || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_PRIV_KEY,
1033 &priv_out))
1034 || !TEST_BN_eq(priv, priv_out)
1035 || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_FFC_P, &p))
1036 || !TEST_BN_eq(&ossl_bignum_ffdhe2048_p, p)
1037 || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_FFC_Q, &q))
1038 || !TEST_ptr(q)
1039 || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_FFC_G, &g))
1040 || !TEST_BN_eq(&ossl_bignum_const_2, g)
1041 || !TEST_false(EVP_PKEY_get_bn_param(pk,
1042 OSSL_PKEY_PARAM_FFC_COFACTOR,
1043 &j))
1044 || !TEST_ptr_null(j)
1045 || !TEST_false(EVP_PKEY_get_octet_string_param(pk,
1046 OSSL_PKEY_PARAM_FFC_SEED,
1047 seed_out,
1048 sizeof(seed_out),
1049 &len))
1050 || !TEST_true(EVP_PKEY_get_int_param(pk, OSSL_PKEY_PARAM_FFC_GINDEX,
1051 &gindex))
1052 || !TEST_int_eq(gindex, -1)
1053 || !TEST_true(EVP_PKEY_get_int_param(pk, OSSL_PKEY_PARAM_FFC_H,
1054 &hindex))
1055 || !TEST_int_eq(hindex, 0)
1056 || !TEST_true(EVP_PKEY_get_int_param(pk,
1057 OSSL_PKEY_PARAM_FFC_PCOUNTER,
1058 &pcounter))
1059 || !TEST_int_eq(pcounter, -1))
1060 goto err;
1061 BN_free(p);
1062 p = NULL;
1063 BN_free(q);
1064 q = NULL;
1065 BN_free(g);
1066 g = NULL;
1067 BN_free(j);
1068 j = NULL;
1069 BN_free(pub_out);
1070 pub_out = NULL;
1071 BN_free(priv_out);
1072 priv_out = NULL;
1073
1074 if (!TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(NULL, pk, "")))
1075 goto err;
1076
1077 if (!TEST_int_gt(EVP_PKEY_check(key_ctx), 0)
1078 || !TEST_int_gt(EVP_PKEY_public_check(key_ctx), 0)
1079 || !TEST_int_gt(EVP_PKEY_private_check(key_ctx), 0)
1080 || !TEST_int_gt(EVP_PKEY_pairwise_check(key_ctx), 0))
1081 goto err;
1082 EVP_PKEY_CTX_free(key_ctx);
1083 key_ctx = NULL;
1084
1085 if (!TEST_ptr(copy_pk = EVP_PKEY_new())
1086 || !TEST_true(EVP_PKEY_copy_parameters(copy_pk, pk)))
1087 goto err;
1088 EVP_PKEY_free(copy_pk);
1089 copy_pk = NULL;
1090
1091 ret = test_print_key_using_pem("DH", pk)
1092 && test_print_key_using_encoder("DH", pk);
1093
1094 if (!ret || dup_pk != NULL)
1095 break;
1096
1097 if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pk)))
1098 goto err;
1099 ret = ret && TEST_int_eq(EVP_PKEY_eq(pk, dup_pk), 1);
1100 EVP_PKEY_free(pk);
1101 pk = dup_pk;
1102 if (!ret)
1103 goto err;
1104 }
1105 err:
1106 BN_free(p);
1107 BN_free(q);
1108 BN_free(g);
1109 BN_free(j);
1110 BN_free(pub);
1111 BN_free(priv);
1112 BN_free(pub_out);
1113 BN_free(priv_out);
1114 EVP_PKEY_free(copy_pk);
1115 EVP_PKEY_free(pk);
1116 EVP_PKEY_CTX_free(ctx);
1117 EVP_PKEY_CTX_free(key_ctx);
1118 OSSL_PARAM_free(fromdata_params);
1119 OSSL_PARAM_BLD_free(bld);
1120
1121 return ret;
1122 }
1123
test_fromdata_dh_fips186_4(void)1124 static int test_fromdata_dh_fips186_4(void)
1125 {
1126 int ret = 0;
1127 int gindex = 0, pcounter = 0, hindex = 0;
1128 EVP_PKEY_CTX *ctx = NULL, *key_ctx = NULL;
1129 EVP_PKEY *pk = NULL, *dup_pk = NULL;
1130 size_t len;
1131 BIGNUM *pub = NULL, *priv = NULL;
1132 BIGNUM *pub_out = NULL, *priv_out = NULL;
1133 BIGNUM *p = NULL, *q = NULL, *g = NULL, *j = NULL;
1134 OSSL_PARAM_BLD *bld = NULL;
1135 OSSL_PARAM *fromdata_params = NULL;
1136 char name_out[80];
1137 unsigned char seed_out[32];
1138
1139 /*
1140 * DH key data was generated using the following:
1141 * openssl genpkey -algorithm DH
1142 * -pkeyopt group:ffdhe2048 -pkeyopt priv_len:224 -text
1143 */
1144 static const unsigned char priv_data[] = {
1145 0x88,
1146 0x85,
1147 0xe7,
1148 0x9f,
1149 0xee,
1150 0x6d,
1151 0xc5,
1152 0x7c,
1153 0x78,
1154 0xaf,
1155 0x63,
1156 0x5d,
1157 0x38,
1158 0x2a,
1159 0xd0,
1160 0xed,
1161 0x56,
1162 0x4b,
1163 0x47,
1164 0x21,
1165 0x2b,
1166 0xfa,
1167 0x55,
1168 0xfa,
1169 0x87,
1170 0xe8,
1171 0xa9,
1172 0x7b,
1173 };
1174 static const unsigned char pub_data[] = {
1175 0xd6, 0x2d, 0x77, 0xe0, 0xd3, 0x7d, 0xf8, 0xeb, 0x98, 0x50, 0xa1, 0x82,
1176 0x22, 0x65, 0xd5, 0xd9, 0xfe, 0xc9, 0x3f, 0xbe, 0x16, 0x83, 0xbd, 0x33,
1177 0xe9, 0xc6, 0x93, 0xcf, 0x08, 0xaf, 0x83, 0xfa, 0x80, 0x8a, 0x6c, 0x64,
1178 0xdf, 0x70, 0x64, 0xd5, 0x0a, 0x7c, 0x5a, 0x72, 0xda, 0x66, 0xe6, 0xf9,
1179 0xf5, 0x31, 0x21, 0x92, 0xb0, 0x60, 0x1a, 0xb5, 0xd3, 0xf0, 0xa5, 0xfa,
1180 0x48, 0x95, 0x2e, 0x38, 0xd9, 0xc5, 0xe6, 0xda, 0xfb, 0x6c, 0x03, 0x9d,
1181 0x4b, 0x69, 0xb7, 0x95, 0xe4, 0x5c, 0xc0, 0x93, 0x4f, 0x48, 0xd9, 0x7e,
1182 0x06, 0x22, 0xb2, 0xde, 0xf3, 0x79, 0x24, 0xed, 0xe1, 0xd1, 0x4a, 0x57,
1183 0xf1, 0x40, 0x86, 0x70, 0x42, 0x25, 0xc5, 0x27, 0x68, 0xc9, 0xfa, 0xe5,
1184 0x8e, 0x62, 0x7e, 0xff, 0x49, 0x6c, 0x5b, 0xb5, 0xba, 0xf9, 0xef, 0x9a,
1185 0x1a, 0x10, 0xd4, 0x81, 0x53, 0xcf, 0x83, 0x04, 0x18, 0x1c, 0xe1, 0xdb,
1186 0xe1, 0x65, 0xa9, 0x7f, 0xe1, 0x33, 0xeb, 0xc3, 0x4f, 0xe3, 0xb7, 0x22,
1187 0xf7, 0x1c, 0x09, 0x4f, 0xed, 0xc6, 0x07, 0x8e, 0x78, 0x05, 0x8f, 0x7c,
1188 0x96, 0xd9, 0x12, 0xe0, 0x81, 0x74, 0x1a, 0xe9, 0x13, 0xc0, 0x20, 0x82,
1189 0x65, 0xbb, 0x42, 0x3b, 0xed, 0x08, 0x6a, 0x84, 0x4f, 0xea, 0x77, 0x14,
1190 0x32, 0xf9, 0xed, 0xc2, 0x12, 0xd6, 0xc5, 0xc6, 0xb3, 0xe5, 0xf2, 0x6e,
1191 0xf6, 0x16, 0x7f, 0x37, 0xde, 0xbc, 0x09, 0xc7, 0x06, 0x6b, 0x12, 0xbc,
1192 0xad, 0x2d, 0x49, 0x25, 0xd5, 0xdc, 0xf4, 0x18, 0x14, 0xd2, 0xf0, 0xf1,
1193 0x1d, 0x1f, 0x3a, 0xaa, 0x15, 0x55, 0xbb, 0x0d, 0x7f, 0xbe, 0x67, 0xa1,
1194 0xa7, 0xf0, 0xaa, 0xb3, 0xfb, 0x41, 0x82, 0x39, 0x49, 0x93, 0xbc, 0xa8,
1195 0xee, 0x72, 0x13, 0x45, 0x65, 0x15, 0x42, 0x17, 0xaa, 0xd8, 0xab, 0xcf,
1196 0x33, 0x42, 0x83, 0x42
1197 };
1198 static const char group_name[] = "ffdhe2048";
1199 static const long priv_len = 224;
1200
1201 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
1202 || !TEST_ptr(pub = BN_bin2bn(pub_data, sizeof(pub_data), NULL))
1203 || !TEST_ptr(priv = BN_bin2bn(priv_data, sizeof(priv_data), NULL))
1204 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
1205 OSSL_PKEY_PARAM_GROUP_NAME,
1206 group_name, 0))
1207 || !TEST_true(OSSL_PARAM_BLD_push_long(bld, OSSL_PKEY_PARAM_DH_PRIV_LEN,
1208 priv_len))
1209 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY, pub))
1210 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY, priv))
1211 || !TEST_ptr(fromdata_params = OSSL_PARAM_BLD_to_param(bld)))
1212 goto err;
1213
1214 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(NULL, "DH", NULL)))
1215 goto err;
1216
1217 if (!TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1)
1218 || !TEST_int_eq(EVP_PKEY_fromdata(ctx, &pk, EVP_PKEY_KEYPAIR,
1219 fromdata_params),
1220 1))
1221 goto err;
1222
1223 for (;;) {
1224 ret = 0;
1225 if (!TEST_int_eq(EVP_PKEY_get_bits(pk), 2048)
1226 || !TEST_int_eq(EVP_PKEY_get_security_bits(pk), 112)
1227 || !TEST_int_eq(EVP_PKEY_get_size(pk), 256)
1228 || !TEST_false(EVP_PKEY_missing_parameters(pk)))
1229 goto err;
1230
1231 if (!TEST_true(EVP_PKEY_get_utf8_string_param(pk,
1232 OSSL_PKEY_PARAM_GROUP_NAME,
1233 name_out,
1234 sizeof(name_out),
1235 &len))
1236 || !TEST_str_eq(name_out, group_name)
1237 || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_PUB_KEY,
1238 &pub_out))
1239 || !TEST_BN_eq(pub, pub_out)
1240 || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_PRIV_KEY,
1241 &priv_out))
1242 || !TEST_BN_eq(priv, priv_out)
1243 || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_FFC_P, &p))
1244 || !TEST_BN_eq(&ossl_bignum_ffdhe2048_p, p)
1245 || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_FFC_Q, &q))
1246 || !TEST_ptr(q)
1247 || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_FFC_G, &g))
1248 || !TEST_BN_eq(&ossl_bignum_const_2, g)
1249 || !TEST_false(EVP_PKEY_get_bn_param(pk,
1250 OSSL_PKEY_PARAM_FFC_COFACTOR,
1251 &j))
1252 || !TEST_ptr_null(j)
1253 || !TEST_false(EVP_PKEY_get_octet_string_param(pk,
1254 OSSL_PKEY_PARAM_FFC_SEED,
1255 seed_out,
1256 sizeof(seed_out),
1257 &len))
1258 || !TEST_true(EVP_PKEY_get_int_param(pk,
1259 OSSL_PKEY_PARAM_FFC_GINDEX,
1260 &gindex))
1261 || !TEST_int_eq(gindex, -1)
1262 || !TEST_true(EVP_PKEY_get_int_param(pk, OSSL_PKEY_PARAM_FFC_H,
1263 &hindex))
1264 || !TEST_int_eq(hindex, 0)
1265 || !TEST_true(EVP_PKEY_get_int_param(pk,
1266 OSSL_PKEY_PARAM_FFC_PCOUNTER,
1267 &pcounter))
1268 || !TEST_int_eq(pcounter, -1))
1269 goto err;
1270 BN_free(p);
1271 p = NULL;
1272 BN_free(q);
1273 q = NULL;
1274 BN_free(g);
1275 g = NULL;
1276 BN_free(j);
1277 j = NULL;
1278 BN_free(pub_out);
1279 pub_out = NULL;
1280 BN_free(priv_out);
1281 priv_out = NULL;
1282
1283 if (!TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(NULL, pk, "")))
1284 goto err;
1285
1286 if (!TEST_int_gt(EVP_PKEY_check(key_ctx), 0)
1287 || !TEST_int_gt(EVP_PKEY_public_check(key_ctx), 0)
1288 || !TEST_int_gt(EVP_PKEY_private_check(key_ctx), 0)
1289 || !TEST_int_gt(EVP_PKEY_pairwise_check(key_ctx), 0))
1290 goto err;
1291 EVP_PKEY_CTX_free(key_ctx);
1292 key_ctx = NULL;
1293
1294 ret = test_print_key_using_pem("DH", pk)
1295 && test_print_key_using_encoder("DH", pk);
1296
1297 if (!ret || dup_pk != NULL)
1298 break;
1299
1300 if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pk)))
1301 goto err;
1302 ret = ret && TEST_int_eq(EVP_PKEY_eq(pk, dup_pk), 1);
1303 EVP_PKEY_free(pk);
1304 pk = dup_pk;
1305 if (!ret)
1306 goto err;
1307 }
1308 err:
1309 BN_free(p);
1310 BN_free(q);
1311 BN_free(g);
1312 BN_free(j);
1313 BN_free(pub);
1314 BN_free(priv);
1315 BN_free(pub_out);
1316 BN_free(priv_out);
1317 EVP_PKEY_free(pk);
1318 EVP_PKEY_CTX_free(ctx);
1319 EVP_PKEY_CTX_free(key_ctx);
1320 OSSL_PARAM_free(fromdata_params);
1321 OSSL_PARAM_BLD_free(bld);
1322
1323 return ret;
1324 }
1325
1326 #endif
1327
1328 #ifndef OPENSSL_NO_EC
1329 #ifndef OPENSSL_NO_ECX
1330 /* Array indexes used in test_fromdata_ecx */
1331 #define PRIV_KEY 0
1332 #define PUB_KEY 1
1333
1334 #define X25519_IDX 0
1335 #define X448_IDX 1
1336 #define ED25519_IDX 2
1337 #define ED448_IDX 3
1338
1339 /*
1340 * tst uses indexes 0 ... (3 * 4 - 1)
1341 * For the 4 ECX key types (X25519_IDX..ED448_IDX)
1342 * 0..3 = public + private key.
1343 * 4..7 = private key (This will generate the public key from the private key)
1344 * 8..11 = public key
1345 */
test_fromdata_ecx(int tst)1346 static int test_fromdata_ecx(int tst)
1347 {
1348 int ret = 0;
1349 EVP_PKEY_CTX *ctx = NULL, *ctx2 = NULL;
1350 EVP_PKEY *pk = NULL, *copy_pk = NULL, *dup_pk = NULL;
1351 const char *alg = NULL;
1352 size_t len;
1353 unsigned char out_pub[ED448_KEYLEN];
1354 unsigned char out_priv[ED448_KEYLEN];
1355 OSSL_PARAM params[3] = { OSSL_PARAM_END, OSSL_PARAM_END, OSSL_PARAM_END };
1356
1357 /* ED448_KEYLEN > X448_KEYLEN > X25519_KEYLEN == ED25519_KEYLEN */
1358 static unsigned char key_numbers[4][2][ED448_KEYLEN] = {
1359 /* X25519: Keys from RFC 7748 6.1 */
1360 {
1361 /* Private Key */
1362 {
1363 0x77, 0x07, 0x6d, 0x0a, 0x73, 0x18, 0xa5, 0x7d, 0x3c, 0x16,
1364 0xc1, 0x72, 0x51, 0xb2, 0x66, 0x45, 0xdf, 0x4c, 0x2f, 0x87,
1365 0xeb, 0xc0, 0x99, 0x2a, 0xb1, 0x77, 0xfb, 0xa5, 0x1d, 0xb9,
1366 0x2c, 0x2a },
1367 /* Public Key */
1368 {
1369 0x85, 0x20, 0xf0, 0x09, 0x89, 0x30, 0xa7, 0x54, 0x74, 0x8b,
1370 0x7d, 0xdc, 0xb4, 0x3e, 0xf7, 0x5a, 0x0d, 0xbf, 0x3a, 0x0d,
1371 0x26, 0x38, 0x1a, 0xf4, 0xeb, 0xa4, 0xa9, 0x8e, 0xaa, 0x9b,
1372 0x4e, 0x6a } },
1373 /* X448: Keys from RFC 7748 6.2 */
1374 {
1375 /* Private Key */
1376 {
1377 0x9a, 0x8f, 0x49, 0x25, 0xd1, 0x51, 0x9f, 0x57, 0x75, 0xcf,
1378 0x46, 0xb0, 0x4b, 0x58, 0x00, 0xd4, 0xee, 0x9e, 0xe8, 0xba,
1379 0xe8, 0xbc, 0x55, 0x65, 0xd4, 0x98, 0xc2, 0x8d, 0xd9, 0xc9,
1380 0xba, 0xf5, 0x74, 0xa9, 0x41, 0x97, 0x44, 0x89, 0x73, 0x91,
1381 0x00, 0x63, 0x82, 0xa6, 0xf1, 0x27, 0xab, 0x1d, 0x9a, 0xc2,
1382 0xd8, 0xc0, 0xa5, 0x98, 0x72, 0x6b },
1383 /* Public Key */
1384 {
1385 0x9b, 0x08, 0xf7, 0xcc, 0x31, 0xb7, 0xe3, 0xe6, 0x7d, 0x22,
1386 0xd5, 0xae, 0xa1, 0x21, 0x07, 0x4a, 0x27, 0x3b, 0xd2, 0xb8,
1387 0x3d, 0xe0, 0x9c, 0x63, 0xfa, 0xa7, 0x3d, 0x2c, 0x22, 0xc5,
1388 0xd9, 0xbb, 0xc8, 0x36, 0x64, 0x72, 0x41, 0xd9, 0x53, 0xd4,
1389 0x0c, 0x5b, 0x12, 0xda, 0x88, 0x12, 0x0d, 0x53, 0x17, 0x7f,
1390 0x80, 0xe5, 0x32, 0xc4, 0x1f, 0xa0 } },
1391 /* ED25519: Keys from RFC 8032 */
1392 {
1393 /* Private Key */
1394 {
1395 0x9d, 0x61, 0xb1, 0x9d, 0xef, 0xfd, 0x5a, 0x60, 0xba, 0x84,
1396 0x4a, 0xf4, 0x92, 0xec, 0x2c, 0xc4, 0x44, 0x49, 0xc5, 0x69,
1397 0x7b, 0x32, 0x69, 0x19, 0x70, 0x3b, 0xac, 0x03, 0x1c, 0xae,
1398 0x7f, 0x60 },
1399 /* Public Key */
1400 {
1401 0xd7, 0x5a, 0x98, 0x01, 0x82, 0xb1, 0x0a, 0xb7, 0xd5, 0x4b,
1402 0xfe, 0xd3, 0xc9, 0x64, 0x07, 0x3a, 0x0e, 0xe1, 0x72, 0xf3,
1403 0xda, 0xa6, 0x23, 0x25, 0xaf, 0x02, 0x1a, 0x68, 0xf7, 0x07,
1404 0x51, 0x1a } },
1405 /* ED448: Keys from RFC 8032 */
1406 {
1407 /* Private Key */
1408 {
1409 0x6c, 0x82, 0xa5, 0x62, 0xcb, 0x80, 0x8d, 0x10, 0xd6, 0x32,
1410 0xbe, 0x89, 0xc8, 0x51, 0x3e, 0xbf, 0x6c, 0x92, 0x9f, 0x34,
1411 0xdd, 0xfa, 0x8c, 0x9f, 0x63, 0xc9, 0x96, 0x0e, 0xf6, 0xe3,
1412 0x48, 0xa3, 0x52, 0x8c, 0x8a, 0x3f, 0xcc, 0x2f, 0x04, 0x4e,
1413 0x39, 0xa3, 0xfc, 0x5b, 0x94, 0x49, 0x2f, 0x8f, 0x03, 0x2e,
1414 0x75, 0x49, 0xa2, 0x00, 0x98, 0xf9, 0x5b },
1415 /* Public Key */
1416 {
1417 0x5f, 0xd7, 0x44, 0x9b, 0x59, 0xb4, 0x61, 0xfd, 0x2c, 0xe7,
1418 0x87, 0xec, 0x61, 0x6a, 0xd4, 0x6a, 0x1d, 0xa1, 0x34, 0x24,
1419 0x85, 0xa7, 0x0e, 0x1f, 0x8a, 0x0e, 0xa7, 0x5d, 0x80, 0xe9,
1420 0x67, 0x78, 0xed, 0xf1, 0x24, 0x76, 0x9b, 0x46, 0xc7, 0x06,
1421 0x1b, 0xd6, 0x78, 0x3d, 0xf1, 0xe5, 0x0f, 0x6c, 0xd1, 0xfa,
1422 0x1a, 0xbe, 0xaf, 0xe8, 0x25, 0x61, 0x80 } }
1423 };
1424 OSSL_PARAM x25519_fromdata_params[] = {
1425 OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PRIV_KEY,
1426 key_numbers[X25519_IDX][PRIV_KEY],
1427 X25519_KEYLEN),
1428 OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PUB_KEY,
1429 key_numbers[X25519_IDX][PUB_KEY],
1430 X25519_KEYLEN),
1431 OSSL_PARAM_END
1432 };
1433 OSSL_PARAM x448_fromdata_params[] = {
1434 OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PRIV_KEY,
1435 key_numbers[X448_IDX][PRIV_KEY],
1436 X448_KEYLEN),
1437 OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PUB_KEY,
1438 key_numbers[X448_IDX][PUB_KEY],
1439 X448_KEYLEN),
1440 OSSL_PARAM_END
1441 };
1442 OSSL_PARAM ed25519_fromdata_params[] = {
1443 OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PRIV_KEY,
1444 key_numbers[ED25519_IDX][PRIV_KEY],
1445 ED25519_KEYLEN),
1446 OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PUB_KEY,
1447 key_numbers[ED25519_IDX][PUB_KEY],
1448 ED25519_KEYLEN),
1449 OSSL_PARAM_END
1450 };
1451 OSSL_PARAM ed448_fromdata_params[] = {
1452 OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PRIV_KEY,
1453 key_numbers[ED448_IDX][PRIV_KEY],
1454 ED448_KEYLEN),
1455 OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PUB_KEY,
1456 key_numbers[ED448_IDX][PUB_KEY],
1457 ED448_KEYLEN),
1458 OSSL_PARAM_END
1459 };
1460 OSSL_PARAM *fromdata_params = NULL;
1461 int bits = 0, security_bits = 0, size = 0;
1462 OSSL_PARAM *orig_fromdata_params = NULL;
1463
1464 switch (tst & 3) {
1465 case X25519_IDX:
1466 fromdata_params = x25519_fromdata_params;
1467 bits = X25519_BITS;
1468 security_bits = X25519_SECURITY_BITS;
1469 size = X25519_KEYLEN;
1470 alg = "X25519";
1471 break;
1472
1473 case X448_IDX:
1474 fromdata_params = x448_fromdata_params;
1475 bits = X448_BITS;
1476 security_bits = X448_SECURITY_BITS;
1477 size = X448_KEYLEN;
1478 alg = "X448";
1479 break;
1480
1481 case ED25519_IDX:
1482 fromdata_params = ed25519_fromdata_params;
1483 bits = ED25519_BITS;
1484 security_bits = ED25519_SECURITY_BITS;
1485 size = ED25519_SIGSIZE;
1486 alg = "ED25519";
1487 break;
1488
1489 case ED448_IDX:
1490 fromdata_params = ed448_fromdata_params;
1491 bits = ED448_BITS;
1492 security_bits = ED448_SECURITY_BITS;
1493 size = ED448_SIGSIZE;
1494 alg = "ED448";
1495 break;
1496 default:
1497 goto err;
1498 }
1499
1500 ctx = EVP_PKEY_CTX_new_from_name(NULL, alg, NULL);
1501 if (!TEST_ptr(ctx))
1502 goto err;
1503
1504 orig_fromdata_params = fromdata_params;
1505 if (tst > 7) {
1506 /* public key only */
1507 fromdata_params++;
1508 } else if (tst > 3) {
1509 /* private key only */
1510 params[0] = fromdata_params[0];
1511 params[1] = fromdata_params[2];
1512 fromdata_params = params;
1513 }
1514
1515 if (!TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1)
1516 || !TEST_int_eq(EVP_PKEY_fromdata(ctx, &pk, EVP_PKEY_KEYPAIR,
1517 fromdata_params),
1518 1))
1519 goto err;
1520
1521 for (;;) {
1522 ret = 0;
1523 if (!TEST_int_eq(EVP_PKEY_get_bits(pk), bits)
1524 || !TEST_int_eq(EVP_PKEY_get_security_bits(pk), security_bits)
1525 || !TEST_int_eq(EVP_PKEY_get_size(pk), size)
1526 || !TEST_false(EVP_PKEY_missing_parameters(pk)))
1527 goto err;
1528
1529 if (!TEST_ptr(ctx2 = EVP_PKEY_CTX_new_from_pkey(NULL, pk, NULL)))
1530 goto err;
1531 if (tst <= 7) {
1532 if (!TEST_int_gt(EVP_PKEY_check(ctx2), 0))
1533 goto err;
1534 if (!TEST_true(EVP_PKEY_get_octet_string_param(
1535 pk, orig_fromdata_params[PRIV_KEY].key,
1536 out_priv, sizeof(out_priv), &len))
1537 || !TEST_mem_eq(out_priv, len,
1538 orig_fromdata_params[PRIV_KEY].data,
1539 orig_fromdata_params[PRIV_KEY].data_size)
1540 || !TEST_true(EVP_PKEY_get_octet_string_param(
1541 pk, orig_fromdata_params[PUB_KEY].key,
1542 out_pub, sizeof(out_pub), &len))
1543 || !TEST_mem_eq(out_pub, len,
1544 orig_fromdata_params[PUB_KEY].data,
1545 orig_fromdata_params[PUB_KEY].data_size))
1546 goto err;
1547 } else {
1548 /* The private key check should fail if there is only a public key */
1549 if (!TEST_int_gt(EVP_PKEY_public_check(ctx2), 0)
1550 || !TEST_int_le(EVP_PKEY_private_check(ctx2), 0)
1551 || !TEST_int_le(EVP_PKEY_check(ctx2), 0))
1552 goto err;
1553 }
1554 EVP_PKEY_CTX_free(ctx2);
1555 ctx2 = NULL;
1556
1557 if (!TEST_ptr(copy_pk = EVP_PKEY_new())
1558 /* This should succeed because there are no parameters to copy */
1559 || !TEST_true(EVP_PKEY_copy_parameters(copy_pk, pk)))
1560 goto err;
1561 if (!TEST_ptr(ctx2 = EVP_PKEY_CTX_new_from_pkey(NULL, copy_pk, NULL))
1562 /* This should fail because copy_pk has no pubkey */
1563 || !TEST_int_le(EVP_PKEY_public_check(ctx2), 0))
1564 goto err;
1565 EVP_PKEY_CTX_free(ctx2);
1566 ctx2 = NULL;
1567 EVP_PKEY_free(copy_pk);
1568 copy_pk = NULL;
1569
1570 if (tst > 7)
1571 ret = test_print_key_using_encoder_public(alg, pk);
1572 else
1573 ret = test_print_key_using_pem(alg, pk)
1574 && test_print_key_using_encoder(alg, pk);
1575
1576 if (!ret || dup_pk != NULL)
1577 break;
1578
1579 if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pk)))
1580 goto err;
1581 ret = ret && TEST_int_eq(EVP_PKEY_eq(pk, dup_pk), 1);
1582 EVP_PKEY_free(pk);
1583 pk = dup_pk;
1584 if (!ret)
1585 goto err;
1586 }
1587
1588 err:
1589 EVP_PKEY_free(pk);
1590 EVP_PKEY_free(copy_pk);
1591 EVP_PKEY_CTX_free(ctx);
1592 EVP_PKEY_CTX_free(ctx2);
1593
1594 return ret;
1595 }
1596 #endif /* OPENSSL_NO_ECX */
1597
test_fromdata_ec(void)1598 static int test_fromdata_ec(void)
1599 {
1600 int ret = 0;
1601 EVP_PKEY_CTX *ctx = NULL;
1602 EVP_PKEY *pk = NULL, *copy_pk = NULL, *dup_pk = NULL;
1603 OSSL_PARAM_BLD *bld = NULL;
1604 BIGNUM *ec_priv_bn = NULL;
1605 BIGNUM *bn_priv = NULL;
1606 OSSL_PARAM *fromdata_params = NULL;
1607 const char *alg = "EC";
1608 const char *curve = "prime256v1";
1609 const char bad_curve[] = "nonexistent-curve";
1610 OSSL_PARAM nokey_params[2] = {
1611 OSSL_PARAM_END,
1612 OSSL_PARAM_END
1613 };
1614 /* UNCOMPRESSED FORMAT */
1615 static const unsigned char ec_pub_keydata[] = {
1616 POINT_CONVERSION_UNCOMPRESSED,
1617 0x1b, 0x93, 0x67, 0x55, 0x1c, 0x55, 0x9f, 0x63,
1618 0xd1, 0x22, 0xa4, 0xd8, 0xd1, 0x0a, 0x60, 0x6d,
1619 0x02, 0xa5, 0x77, 0x57, 0xc8, 0xa3, 0x47, 0x73,
1620 0x3a, 0x6a, 0x08, 0x28, 0x39, 0xbd, 0xc9, 0xd2,
1621 0x80, 0xec, 0xe9, 0xa7, 0x08, 0x29, 0x71, 0x2f,
1622 0xc9, 0x56, 0x82, 0xee, 0x9a, 0x85, 0x0f, 0x6d,
1623 0x7f, 0x59, 0x5f, 0x8c, 0xd1, 0x96, 0x0b, 0xdf,
1624 0x29, 0x3e, 0x49, 0x07, 0x88, 0x3f, 0x9a, 0x29
1625 };
1626 /* SAME BUT COMPRESSED FORMAT */
1627 static const unsigned char ec_pub_keydata_compressed[] = {
1628 POINT_CONVERSION_COMPRESSED + 1,
1629 0x1b, 0x93, 0x67, 0x55, 0x1c, 0x55, 0x9f, 0x63,
1630 0xd1, 0x22, 0xa4, 0xd8, 0xd1, 0x0a, 0x60, 0x6d,
1631 0x02, 0xa5, 0x77, 0x57, 0xc8, 0xa3, 0x47, 0x73,
1632 0x3a, 0x6a, 0x08, 0x28, 0x39, 0xbd, 0xc9, 0xd2
1633 };
1634 static const unsigned char ec_priv_keydata[] = {
1635 0x33, 0xd0, 0x43, 0x83, 0xa9, 0x89, 0x56, 0x03,
1636 0xd2, 0xd7, 0xfe, 0x6b, 0x01, 0x6f, 0xe4, 0x59,
1637 0xcc, 0x0d, 0x9a, 0x24, 0x6c, 0x86, 0x1b, 0x2e,
1638 0xdc, 0x4b, 0x4d, 0x35, 0x43, 0xe1, 0x1b, 0xad
1639 };
1640 unsigned char out_pub[sizeof(ec_pub_keydata)];
1641 char out_curve_name[80];
1642 const OSSL_PARAM *gettable = NULL;
1643 size_t len;
1644 EC_GROUP *group = NULL;
1645 BIGNUM *group_a = NULL;
1646 BIGNUM *group_b = NULL;
1647 BIGNUM *group_p = NULL;
1648 BIGNUM *a = NULL;
1649 BIGNUM *b = NULL;
1650 BIGNUM *p = NULL;
1651
1652 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new()))
1653 goto err;
1654 if (!TEST_ptr(ec_priv_bn = BN_bin2bn(ec_priv_keydata,
1655 sizeof(ec_priv_keydata), NULL)))
1656 goto err;
1657
1658 if (OSSL_PARAM_BLD_push_utf8_string(bld, OSSL_PKEY_PARAM_GROUP_NAME,
1659 curve, 0)
1660 <= 0)
1661 goto err;
1662 /*
1663 * We intentionally provide the input point in compressed format,
1664 * and avoid setting `OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT`.
1665 *
1666 * Later on we check what format is used when exporting the
1667 * `OSSL_PKEY_PARAM_PUB_KEY` and expect to default to uncompressed
1668 * format.
1669 */
1670 if (OSSL_PARAM_BLD_push_octet_string(bld, OSSL_PKEY_PARAM_PUB_KEY,
1671 ec_pub_keydata_compressed,
1672 sizeof(ec_pub_keydata_compressed))
1673 <= 0)
1674 goto err;
1675 if (OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY, ec_priv_bn) <= 0)
1676 goto err;
1677 if (!TEST_ptr(fromdata_params = OSSL_PARAM_BLD_to_param(bld)))
1678 goto err;
1679 ctx = EVP_PKEY_CTX_new_from_name(NULL, alg, NULL);
1680 if (!TEST_ptr(ctx))
1681 goto err;
1682
1683 /* try importing parameters with bad curve first */
1684 nokey_params[0] = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME,
1685 (char *)bad_curve, sizeof(bad_curve));
1686 if (!TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1)
1687 || !TEST_int_eq(EVP_PKEY_fromdata(ctx, &pk, EVP_PKEY_KEY_PARAMETERS,
1688 nokey_params),
1689 0)
1690 || !TEST_ptr_null(pk))
1691 goto err;
1692
1693 if (!TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1)
1694 || !TEST_int_eq(EVP_PKEY_fromdata(ctx, &pk, EVP_PKEY_KEYPAIR,
1695 fromdata_params),
1696 1))
1697 goto err;
1698
1699 for (;;) {
1700 ret = 0;
1701 if (!TEST_int_eq(EVP_PKEY_get_bits(pk), 256)
1702 || !TEST_int_eq(EVP_PKEY_get_security_bits(pk), 128)
1703 || !TEST_int_eq(EVP_PKEY_get_size(pk), 2 + 35 * 2)
1704 || !TEST_false(EVP_PKEY_missing_parameters(pk)))
1705 goto err;
1706
1707 if (!TEST_ptr(copy_pk = EVP_PKEY_new())
1708 || !TEST_true(EVP_PKEY_copy_parameters(copy_pk, pk)))
1709 goto err;
1710 EVP_PKEY_free(copy_pk);
1711 copy_pk = NULL;
1712
1713 if (!TEST_ptr(gettable = EVP_PKEY_gettable_params(pk))
1714 || !TEST_ptr(OSSL_PARAM_locate_const(gettable,
1715 OSSL_PKEY_PARAM_GROUP_NAME))
1716 || !TEST_ptr(OSSL_PARAM_locate_const(gettable,
1717 OSSL_PKEY_PARAM_PUB_KEY))
1718 || !TEST_ptr(OSSL_PARAM_locate_const(gettable,
1719 OSSL_PKEY_PARAM_PRIV_KEY)))
1720 goto err;
1721
1722 if (!TEST_ptr(group = EC_GROUP_new_by_curve_name(OBJ_sn2nid(curve)))
1723 || !TEST_ptr(group_p = BN_new())
1724 || !TEST_ptr(group_a = BN_new())
1725 || !TEST_ptr(group_b = BN_new())
1726 || !TEST_true(EC_GROUP_get_curve(group, group_p, group_a, group_b, NULL)))
1727 goto err;
1728
1729 if (!TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_EC_A, &a))
1730 || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_EC_B, &b))
1731 || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_EC_P, &p)))
1732 goto err;
1733
1734 if (!TEST_BN_eq(group_p, p) || !TEST_BN_eq(group_a, a)
1735 || !TEST_BN_eq(group_b, b))
1736 goto err;
1737
1738 EC_GROUP_free(group);
1739 group = NULL;
1740 BN_free(group_p);
1741 group_p = NULL;
1742 BN_free(group_a);
1743 group_a = NULL;
1744 BN_free(group_b);
1745 group_b = NULL;
1746
1747 if (!EVP_PKEY_get_utf8_string_param(pk, OSSL_PKEY_PARAM_GROUP_NAME,
1748 out_curve_name,
1749 sizeof(out_curve_name),
1750 &len)
1751 || !TEST_str_eq(out_curve_name, curve)
1752 || !EVP_PKEY_get_octet_string_param(pk, OSSL_PKEY_PARAM_PUB_KEY,
1753 out_pub, sizeof(out_pub), &len)
1754
1755 /*
1756 * Our providers use uncompressed format by default if
1757 * `OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT` was not
1758 * explicitly set, irrespective of the format used for the
1759 * input point given as a param to create this key.
1760 */
1761 || !TEST_true(out_pub[0] == POINT_CONVERSION_UNCOMPRESSED)
1762 || !TEST_mem_eq(out_pub + 1, len - 1,
1763 ec_pub_keydata + 1, sizeof(ec_pub_keydata) - 1)
1764
1765 || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_PRIV_KEY,
1766 &bn_priv))
1767 || !TEST_BN_eq(ec_priv_bn, bn_priv))
1768 goto err;
1769 BN_free(bn_priv);
1770 bn_priv = NULL;
1771
1772 ret = test_print_key_using_pem(alg, pk)
1773 && test_print_key_using_encoder(alg, pk);
1774
1775 if (!ret || dup_pk != NULL)
1776 break;
1777
1778 if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pk)))
1779 goto err;
1780 ret = ret && TEST_int_eq(EVP_PKEY_eq(pk, dup_pk), 1);
1781 EVP_PKEY_free(pk);
1782 pk = dup_pk;
1783 if (!ret)
1784 goto err;
1785 }
1786
1787 err:
1788 EC_GROUP_free(group);
1789 BN_free(group_a);
1790 BN_free(group_b);
1791 BN_free(group_p);
1792 BN_free(a);
1793 BN_free(b);
1794 BN_free(p);
1795 BN_free(bn_priv);
1796 BN_free(ec_priv_bn);
1797 OSSL_PARAM_free(fromdata_params);
1798 OSSL_PARAM_BLD_free(bld);
1799 EVP_PKEY_free(pk);
1800 EVP_PKEY_free(copy_pk);
1801 EVP_PKEY_CTX_free(ctx);
1802 return ret;
1803 }
1804
test_ec_dup_no_operation(void)1805 static int test_ec_dup_no_operation(void)
1806 {
1807 int ret = 0;
1808 EVP_PKEY_CTX *pctx = NULL, *ctx = NULL, *kctx = NULL;
1809 EVP_PKEY *param = NULL, *pkey = NULL;
1810
1811 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL))
1812 || !TEST_int_gt(EVP_PKEY_paramgen_init(pctx), 0)
1813 || !TEST_int_gt(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx,
1814 NID_X9_62_prime256v1),
1815 0)
1816 || !TEST_int_gt(EVP_PKEY_paramgen(pctx, ¶m), 0)
1817 || !TEST_ptr(param))
1818 goto err;
1819
1820 EVP_PKEY_CTX_free(pctx);
1821 pctx = NULL;
1822
1823 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(NULL, param, NULL))
1824 || !TEST_ptr(kctx = EVP_PKEY_CTX_dup(ctx))
1825 || !TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0)
1826 || !TEST_int_gt(EVP_PKEY_keygen(kctx, &pkey), 0))
1827 goto err;
1828 ret = 1;
1829 err:
1830 EVP_PKEY_free(pkey);
1831 EVP_PKEY_free(param);
1832 EVP_PKEY_CTX_free(ctx);
1833 EVP_PKEY_CTX_free(kctx);
1834 EVP_PKEY_CTX_free(pctx);
1835 return ret;
1836 }
1837
1838 /* Test that keygen doesn't support EVP_PKEY_CTX_dup */
test_ec_dup_keygen_operation(void)1839 static int test_ec_dup_keygen_operation(void)
1840 {
1841 int ret = 0;
1842 EVP_PKEY_CTX *pctx = NULL, *ctx = NULL, *kctx = NULL;
1843 EVP_PKEY *param = NULL, *pkey = NULL;
1844
1845 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL))
1846 || !TEST_int_gt(EVP_PKEY_paramgen_init(pctx), 0)
1847 || !TEST_int_gt(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx,
1848 NID_X9_62_prime256v1),
1849 0)
1850 || !TEST_int_gt(EVP_PKEY_paramgen(pctx, ¶m), 0)
1851 || !TEST_ptr(param))
1852 goto err;
1853
1854 EVP_PKEY_CTX_free(pctx);
1855 pctx = NULL;
1856
1857 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(NULL, param, NULL))
1858 || !TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
1859 || !TEST_ptr_null(kctx = EVP_PKEY_CTX_dup(ctx)))
1860 goto err;
1861 ret = 1;
1862 err:
1863 EVP_PKEY_free(pkey);
1864 EVP_PKEY_free(param);
1865 EVP_PKEY_CTX_free(ctx);
1866 EVP_PKEY_CTX_free(kctx);
1867 EVP_PKEY_CTX_free(pctx);
1868 return ret;
1869 }
1870
1871 #endif /* OPENSSL_NO_EC */
1872
1873 #ifndef OPENSSL_NO_DSA
test_fromdata_dsa_fips186_4(void)1874 static int test_fromdata_dsa_fips186_4(void)
1875 {
1876 int ret = 0;
1877 EVP_PKEY_CTX *ctx = NULL, *key_ctx = NULL;
1878 EVP_PKEY *pk = NULL, *copy_pk = NULL, *dup_pk = NULL;
1879 BIGNUM *pub = NULL, *priv = NULL;
1880 BIGNUM *p = NULL, *q = NULL, *g = NULL;
1881 BIGNUM *pub_out = NULL, *priv_out = NULL;
1882 BIGNUM *p_out = NULL, *q_out = NULL, *g_out = NULL, *j_out = NULL;
1883 int gindex_out = 0, pcounter_out = 0, hindex_out = 0;
1884 char name_out[80];
1885 unsigned char seed_out[32];
1886 size_t len;
1887 OSSL_PARAM_BLD *bld = NULL;
1888 OSSL_PARAM *fromdata_params = NULL;
1889
1890 /*
1891 * DSA parameter data was generated using the following:
1892 * openssl genpkey -genparam -algorithm DSA -pkeyopt pbits:2048 \
1893 * -pkeyopt qbits:256 -pkeyopt type:0 \
1894 * -pkeyopt gindex:1 -out dsa_params.pem -text
1895 */
1896 static const unsigned char p_data[] = {
1897 0x00, 0xa0, 0xb7, 0x02, 0xc4, 0xac, 0xa6, 0x42, 0xab, 0xf2, 0x34, 0x0b,
1898 0x22, 0x47, 0x1f, 0x33, 0xcf, 0xd5, 0x04, 0xe4, 0x3e, 0xec, 0xa1, 0x21,
1899 0xc8, 0x41, 0x2b, 0xef, 0xb8, 0x1f, 0x0b, 0x5b, 0x88, 0x8b, 0x67, 0xf8,
1900 0x68, 0x6d, 0x7c, 0x4d, 0x96, 0x5f, 0x3c, 0x66, 0xef, 0x58, 0x34, 0xd7,
1901 0xf6, 0xa2, 0x1b, 0xad, 0xc8, 0x12, 0x52, 0xb8, 0xe8, 0x2a, 0x63, 0xcc,
1902 0xea, 0xe7, 0x4e, 0xc8, 0x34, 0x4c, 0x58, 0x59, 0x0a, 0xc2, 0x4a, 0xe4,
1903 0xb4, 0x64, 0x20, 0xf4, 0xf6, 0x0a, 0xcf, 0x86, 0x01, 0x6c, 0x7f, 0x23,
1904 0x4a, 0x51, 0x07, 0x99, 0x42, 0x28, 0x7a, 0xff, 0x18, 0x67, 0x52, 0x64,
1905 0xf2, 0x9a, 0x62, 0x30, 0xc3, 0x00, 0xde, 0x23, 0xe9, 0x11, 0x95, 0x7e,
1906 0xd1, 0x3d, 0x8d, 0xb4, 0x0e, 0x9f, 0x9e, 0xb1, 0x30, 0x03, 0xf0, 0x73,
1907 0xa8, 0x40, 0x48, 0x42, 0x7b, 0x60, 0xa0, 0xc4, 0xf2, 0x3b, 0x2d, 0x0a,
1908 0x0c, 0xb8, 0x19, 0xfb, 0xb4, 0xf8, 0xe0, 0x2a, 0xc7, 0xf1, 0xc0, 0xc6,
1909 0x86, 0x14, 0x60, 0x12, 0x0f, 0xc0, 0xde, 0x4a, 0x67, 0xec, 0xc7, 0xde,
1910 0x76, 0x21, 0x1a, 0x55, 0x7f, 0x86, 0xc3, 0x97, 0x98, 0xce, 0xf5, 0xcd,
1911 0xf0, 0xe7, 0x12, 0xd6, 0x93, 0xee, 0x1b, 0x9b, 0x61, 0xef, 0x05, 0x8c,
1912 0x45, 0x46, 0xd9, 0x64, 0x6f, 0xbe, 0x27, 0xaa, 0x67, 0x01, 0xcc, 0x71,
1913 0xb1, 0x60, 0xce, 0x21, 0xd8, 0x51, 0x17, 0x27, 0x0d, 0x90, 0x3d, 0x18,
1914 0x7c, 0x87, 0x15, 0x8e, 0x48, 0x4c, 0x6c, 0xc5, 0x72, 0xeb, 0xb7, 0x56,
1915 0xf5, 0x6b, 0x60, 0x8f, 0xc2, 0xfd, 0x3f, 0x46, 0x5c, 0x00, 0x91, 0x85,
1916 0x79, 0x45, 0x5b, 0x1c, 0x82, 0xc4, 0x87, 0x50, 0x79, 0xba, 0xcc, 0x1c,
1917 0x32, 0x7e, 0x2e, 0xb8, 0x2e, 0xc5, 0x4e, 0xd1, 0x9b, 0xdb, 0x66, 0x79,
1918 0x7c, 0xfe, 0xaf, 0x6a, 0x05
1919 };
1920 static const unsigned char q_data[] = {
1921 0xa8, 0xcd, 0xf4, 0x33, 0x7b, 0x13, 0x0a, 0x24, 0xc1, 0xde, 0x4a, 0x04,
1922 0x7b, 0x4b, 0x71, 0x51, 0x32, 0xe9, 0x47, 0x74, 0xbd, 0x0c, 0x21, 0x40,
1923 0x84, 0x12, 0x0a, 0x17, 0x73, 0xdb, 0x29, 0xc7
1924 };
1925 static const unsigned char g_data[] = {
1926 0x6c, 0xc6, 0xa4, 0x3e, 0x61, 0x84, 0xc1, 0xff, 0x6f, 0x4a, 0x1a, 0x6b,
1927 0xb0, 0x24, 0x4b, 0xd2, 0x92, 0x5b, 0x29, 0x5c, 0x61, 0xb8, 0xc9, 0x2b,
1928 0xd6, 0xf7, 0x59, 0xfd, 0xd8, 0x70, 0x66, 0x77, 0xfc, 0xc1, 0xa4, 0xd4,
1929 0xb0, 0x1e, 0xd5, 0xbf, 0x59, 0x98, 0xb3, 0x66, 0x8b, 0xf4, 0x2e, 0xe6,
1930 0x12, 0x3e, 0xcc, 0xf8, 0x02, 0xb8, 0xc6, 0xc3, 0x47, 0xd2, 0xf5, 0xaa,
1931 0x0c, 0x5f, 0x51, 0xf5, 0xd0, 0x4c, 0x55, 0x3d, 0x07, 0x73, 0xa6, 0x57,
1932 0xce, 0x5a, 0xad, 0x42, 0x0c, 0x13, 0x0f, 0xe2, 0x31, 0x25, 0x8e, 0x72,
1933 0x12, 0x73, 0x10, 0xdb, 0x7f, 0x79, 0xeb, 0x59, 0xfc, 0xfe, 0xf7, 0x0c,
1934 0x1a, 0x81, 0x53, 0x96, 0x22, 0xb8, 0xe7, 0x58, 0xd8, 0x67, 0x80, 0x60,
1935 0xad, 0x8b, 0x55, 0x1c, 0x91, 0xf0, 0x72, 0x9a, 0x7e, 0xad, 0x37, 0xf1,
1936 0x77, 0x18, 0x96, 0x8a, 0x68, 0x70, 0xfc, 0x71, 0xa9, 0xa2, 0xe8, 0x35,
1937 0x27, 0x78, 0xf2, 0xef, 0x59, 0x36, 0x6d, 0x7c, 0xb6, 0x98, 0xd8, 0x1e,
1938 0xfa, 0x25, 0x73, 0x97, 0x45, 0x58, 0xe3, 0xae, 0xbd, 0x52, 0x54, 0x05,
1939 0xd8, 0x26, 0x26, 0xba, 0xba, 0x05, 0xb5, 0xe9, 0xe5, 0x76, 0xae, 0x25,
1940 0xdd, 0xfc, 0x10, 0x89, 0x5a, 0xa9, 0xee, 0x59, 0xc5, 0x79, 0x8b, 0xeb,
1941 0x1e, 0x2c, 0x61, 0xab, 0x0d, 0xd1, 0x10, 0x04, 0x91, 0x32, 0x77, 0x4a,
1942 0xa6, 0x64, 0x53, 0xda, 0x4c, 0xd7, 0x3a, 0x29, 0xd4, 0xf3, 0x82, 0x25,
1943 0x1d, 0x6f, 0x4a, 0x7f, 0xd3, 0x08, 0x3b, 0x42, 0x30, 0x10, 0xd8, 0xd0,
1944 0x97, 0x3a, 0xeb, 0x92, 0x63, 0xec, 0x93, 0x2b, 0x6f, 0x32, 0xd8, 0xcd,
1945 0x80, 0xd3, 0xc0, 0x4c, 0x03, 0xd5, 0xca, 0xbc, 0x8f, 0xc7, 0x43, 0x53,
1946 0x64, 0x66, 0x1c, 0x82, 0x2d, 0xfb, 0xff, 0x39, 0xba, 0xd6, 0x42, 0x62,
1947 0x02, 0x6f, 0x96, 0x36
1948 };
1949 static const unsigned char seed_data[] = {
1950 0x64, 0x46, 0x07, 0x32, 0x8d, 0x70, 0x9c, 0xb3, 0x8a, 0x35, 0xde, 0x62,
1951 0x00, 0xf2, 0x6d, 0x52, 0x37, 0x4d, 0xb3, 0x84, 0xe1, 0x9d, 0x41, 0x04,
1952 0xda, 0x7b, 0xdc, 0x0d, 0x8b, 0x5e, 0xe0, 0x84
1953 };
1954 const int gindex = 1;
1955 const int pcounter = 53;
1956 /*
1957 * The keypair was generated using
1958 * openssl genpkey -paramfile dsa_params.pem --pkeyopt pcounter:53 \
1959 * -pkeyopt gindex:1 \
1960 * -pkeyopt hexseed:644607328d709cb38a35de6200f26d -text
1961 */
1962 static const unsigned char priv_data[] = {
1963 0x00, 0x8f, 0xc5, 0x9e, 0xd0, 0xf7, 0x2a, 0x0b, 0x66, 0xf1, 0x32, 0x73,
1964 0xae, 0xf6, 0xd9, 0xd4, 0xdb, 0x2d, 0x96, 0x55, 0x89, 0xff, 0xef, 0xa8,
1965 0x5f, 0x47, 0x8f, 0xca, 0x02, 0x8a, 0xe1, 0x35, 0x90
1966 };
1967 static const unsigned char pub_data[] = {
1968 0x44, 0x19, 0xc9, 0x46, 0x45, 0x57, 0xc1, 0xa9, 0xd8, 0x30, 0x99, 0x29,
1969 0x6a, 0x4b, 0x63, 0x71, 0x69, 0x96, 0x35, 0x17, 0xb2, 0x62, 0x9b, 0x80,
1970 0x0a, 0x95, 0x9d, 0x6a, 0xc0, 0x32, 0x0d, 0x07, 0x5f, 0x19, 0x44, 0x02,
1971 0xf1, 0xbd, 0xce, 0xdf, 0x10, 0xf8, 0x02, 0x5d, 0x7d, 0x98, 0x8a, 0x73,
1972 0x89, 0x00, 0xb6, 0x24, 0xd6, 0x33, 0xe7, 0xcf, 0x8b, 0x49, 0x2a, 0xaf,
1973 0x13, 0x1c, 0xb2, 0x52, 0x15, 0xfd, 0x9b, 0xd5, 0x40, 0x4a, 0x1a, 0xda,
1974 0x29, 0x4c, 0x92, 0x7e, 0x66, 0x06, 0xdb, 0x61, 0x86, 0xac, 0xb5, 0xda,
1975 0x3c, 0x7d, 0x73, 0x7e, 0x54, 0x32, 0x68, 0xa5, 0x02, 0xbc, 0x59, 0x47,
1976 0x84, 0xd3, 0x87, 0x71, 0x5f, 0xeb, 0x43, 0x45, 0x24, 0xd3, 0xec, 0x08,
1977 0x52, 0xc2, 0x89, 0x2d, 0x9c, 0x1a, 0xcc, 0x91, 0x65, 0x5d, 0xa3, 0xa1,
1978 0x35, 0x31, 0x10, 0x1c, 0x3a, 0xa8, 0x4d, 0x18, 0xd5, 0x06, 0xaf, 0xb2,
1979 0xec, 0x5c, 0x89, 0x9e, 0x90, 0x86, 0x10, 0x01, 0xeb, 0x51, 0xd5, 0x1b,
1980 0x9c, 0xcb, 0x66, 0x07, 0x3f, 0xc4, 0x6e, 0x0a, 0x1b, 0x73, 0xa0, 0x4b,
1981 0x5f, 0x4d, 0xab, 0x35, 0x28, 0xfa, 0xda, 0x3a, 0x0c, 0x08, 0xe8, 0xf3,
1982 0xef, 0x42, 0x67, 0xbc, 0x21, 0xf2, 0xc2, 0xb8, 0xff, 0x1a, 0x81, 0x05,
1983 0x68, 0x73, 0x62, 0xdf, 0xd7, 0xab, 0x0f, 0x22, 0x89, 0x57, 0x96, 0xd4,
1984 0x93, 0xaf, 0xa1, 0x21, 0xa3, 0x48, 0xe9, 0xf0, 0x97, 0x47, 0xa0, 0x27,
1985 0xba, 0x87, 0xb8, 0x15, 0x5f, 0xff, 0x2c, 0x50, 0x41, 0xf1, 0x7e, 0xc6,
1986 0x81, 0xc4, 0x51, 0xf1, 0xfd, 0xd6, 0x86, 0xf7, 0x69, 0x97, 0xf1, 0x49,
1987 0xc9, 0xf9, 0xf4, 0x9b, 0xf4, 0xe8, 0x85, 0xa7, 0xbd, 0x36, 0x55, 0x4a,
1988 0x3d, 0xe8, 0x65, 0x09, 0x7b, 0xb7, 0x12, 0x64, 0xd2, 0x0a, 0x53, 0x60,
1989 0x48, 0xd1, 0x8a, 0xbd
1990 };
1991
1992 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
1993 || !TEST_ptr(pub = BN_bin2bn(pub_data, sizeof(pub_data), NULL))
1994 || !TEST_ptr(priv = BN_bin2bn(priv_data, sizeof(priv_data), NULL))
1995 || !TEST_ptr(p = BN_bin2bn(p_data, sizeof(p_data), NULL))
1996 || !TEST_ptr(q = BN_bin2bn(q_data, sizeof(q_data), NULL))
1997 || !TEST_ptr(g = BN_bin2bn(g_data, sizeof(g_data), NULL))
1998
1999 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
2000 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
2001 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
2002 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
2003 OSSL_PKEY_PARAM_FFC_SEED,
2004 seed_data,
2005 sizeof(seed_data)))
2006 || !TEST_true(OSSL_PARAM_BLD_push_int(bld, OSSL_PKEY_PARAM_FFC_GINDEX,
2007 gindex))
2008 || !TEST_true(OSSL_PARAM_BLD_push_int(bld,
2009 OSSL_PKEY_PARAM_FFC_PCOUNTER,
2010 pcounter))
2011 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
2012 pub))
2013 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
2014 priv))
2015 || !TEST_ptr(fromdata_params = OSSL_PARAM_BLD_to_param(bld)))
2016 goto err;
2017
2018 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(NULL, "DSA", NULL)))
2019 goto err;
2020
2021 if (!TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1)
2022 || !TEST_int_eq(EVP_PKEY_fromdata(ctx, &pk, EVP_PKEY_KEYPAIR,
2023 fromdata_params),
2024 1))
2025 goto err;
2026
2027 for (;;) {
2028 ret = 0;
2029 if (!TEST_int_eq(EVP_PKEY_get_bits(pk), 2048)
2030 || !TEST_int_eq(EVP_PKEY_get_security_bits(pk), 112)
2031 || !TEST_int_eq(EVP_PKEY_get_size(pk), 2 + 2 * (3 + sizeof(q_data)))
2032 || !TEST_false(EVP_PKEY_missing_parameters(pk)))
2033 goto err;
2034
2035 if (!TEST_false(EVP_PKEY_get_utf8_string_param(pk,
2036 OSSL_PKEY_PARAM_GROUP_NAME,
2037 name_out,
2038 sizeof(name_out),
2039 &len))
2040 || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_PUB_KEY,
2041 &pub_out))
2042 || !TEST_BN_eq(pub, pub_out)
2043 || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_PRIV_KEY,
2044 &priv_out))
2045 || !TEST_BN_eq(priv, priv_out)
2046 || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_FFC_P,
2047 &p_out))
2048 || !TEST_BN_eq(p, p_out)
2049 || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_FFC_Q,
2050 &q_out))
2051 || !TEST_BN_eq(q, q_out)
2052 || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_FFC_G,
2053 &g_out))
2054 || !TEST_BN_eq(g, g_out)
2055 || !TEST_false(EVP_PKEY_get_bn_param(pk,
2056 OSSL_PKEY_PARAM_FFC_COFACTOR,
2057 &j_out))
2058 || !TEST_ptr_null(j_out)
2059 || !TEST_true(EVP_PKEY_get_octet_string_param(pk,
2060 OSSL_PKEY_PARAM_FFC_SEED,
2061 seed_out,
2062 sizeof(seed_out),
2063 &len))
2064 || !TEST_true(EVP_PKEY_get_int_param(pk,
2065 OSSL_PKEY_PARAM_FFC_GINDEX,
2066 &gindex_out))
2067 || !TEST_int_eq(gindex, gindex_out)
2068 || !TEST_true(EVP_PKEY_get_int_param(pk, OSSL_PKEY_PARAM_FFC_H,
2069 &hindex_out))
2070 || !TEST_int_eq(hindex_out, 0)
2071 || !TEST_true(EVP_PKEY_get_int_param(pk,
2072 OSSL_PKEY_PARAM_FFC_PCOUNTER,
2073 &pcounter_out))
2074 || !TEST_int_eq(pcounter, pcounter_out))
2075 goto err;
2076 BN_free(p_out);
2077 p_out = NULL;
2078 BN_free(q_out);
2079 q_out = NULL;
2080 BN_free(g_out);
2081 g_out = NULL;
2082 BN_free(j_out);
2083 j_out = NULL;
2084 BN_free(pub_out);
2085 pub_out = NULL;
2086 BN_free(priv_out);
2087 priv_out = NULL;
2088
2089 if (!TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(NULL, pk, "")))
2090 goto err;
2091
2092 if (!TEST_int_gt(EVP_PKEY_check(key_ctx), 0)
2093 || !TEST_int_gt(EVP_PKEY_public_check(key_ctx), 0)
2094 || !TEST_int_gt(EVP_PKEY_private_check(key_ctx), 0)
2095 || !TEST_int_gt(EVP_PKEY_pairwise_check(key_ctx), 0))
2096 goto err;
2097 EVP_PKEY_CTX_free(key_ctx);
2098 key_ctx = NULL;
2099
2100 if (!TEST_ptr(copy_pk = EVP_PKEY_new())
2101 || !TEST_true(EVP_PKEY_copy_parameters(copy_pk, pk)))
2102 goto err;
2103 EVP_PKEY_free(copy_pk);
2104 copy_pk = NULL;
2105
2106 ret = test_print_key_using_pem("DSA", pk)
2107 && test_print_key_using_encoder("DSA", pk);
2108
2109 if (!ret || dup_pk != NULL)
2110 break;
2111
2112 if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pk)))
2113 goto err;
2114 ret = ret && TEST_int_eq(EVP_PKEY_eq(pk, dup_pk), 1);
2115 EVP_PKEY_free(pk);
2116 pk = dup_pk;
2117 if (!ret)
2118 goto err;
2119 }
2120
2121 err:
2122 OSSL_PARAM_free(fromdata_params);
2123 OSSL_PARAM_BLD_free(bld);
2124 BN_free(p);
2125 BN_free(q);
2126 BN_free(g);
2127 BN_free(pub);
2128 BN_free(priv);
2129 BN_free(p_out);
2130 BN_free(q_out);
2131 BN_free(g_out);
2132 BN_free(pub_out);
2133 BN_free(priv_out);
2134 BN_free(j_out);
2135 EVP_PKEY_free(pk);
2136 EVP_PKEY_free(copy_pk);
2137 EVP_PKEY_CTX_free(ctx);
2138 EVP_PKEY_CTX_free(key_ctx);
2139
2140 return ret;
2141 }
2142
test_check_dsa(void)2143 static int test_check_dsa(void)
2144 {
2145 int ret = 0;
2146 EVP_PKEY_CTX *ctx = NULL;
2147
2148 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(NULL, "DSA", NULL))
2149 || !TEST_int_le(EVP_PKEY_check(ctx), 0)
2150 || !TEST_int_le(EVP_PKEY_public_check(ctx), 0)
2151 || !TEST_int_le(EVP_PKEY_private_check(ctx), 0)
2152 || !TEST_int_le(EVP_PKEY_pairwise_check(ctx), 0))
2153 goto err;
2154
2155 ret = 1;
2156 err:
2157 EVP_PKEY_CTX_free(ctx);
2158
2159 return ret;
2160 }
2161 #endif /* OPENSSL_NO_DSA */
2162
do_construct_hkdf_params(char * digest,char * key,size_t keylen,char * salt)2163 static OSSL_PARAM *do_construct_hkdf_params(char *digest, char *key,
2164 size_t keylen, char *salt)
2165 {
2166 OSSL_PARAM *params = OPENSSL_malloc(sizeof(OSSL_PARAM) * 5);
2167 OSSL_PARAM *p = params;
2168
2169 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, digest, 0);
2170 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT,
2171 salt, strlen(salt));
2172 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY,
2173 (unsigned char *)key, keylen);
2174 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MODE,
2175 "EXTRACT_ONLY", 0);
2176 *p = OSSL_PARAM_construct_end();
2177
2178 return params;
2179 }
2180
test_evp_pkey_ctx_dup_kdf(void)2181 static int test_evp_pkey_ctx_dup_kdf(void)
2182 {
2183 int ret = 0;
2184 size_t len = 0, dlen = 0;
2185 EVP_PKEY_CTX *pctx = NULL, *dctx = NULL;
2186 OSSL_PARAM *params = NULL;
2187
2188 if (!TEST_ptr(params = do_construct_hkdf_params("sha256", "secret", 6,
2189 "salt")))
2190 goto err;
2191 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(NULL, "HKDF", NULL)))
2192 goto err;
2193 if (!TEST_int_eq(EVP_PKEY_derive_init_ex(pctx, params), 1))
2194 goto err;
2195 if (!TEST_ptr(dctx = EVP_PKEY_CTX_dup(pctx)))
2196 goto err;
2197 if (!TEST_int_eq(EVP_PKEY_derive(pctx, NULL, &len), 1)
2198 || !TEST_size_t_eq(len, SHA256_DIGEST_LENGTH)
2199 || !TEST_int_eq(EVP_PKEY_derive(dctx, NULL, &dlen), 1)
2200 || !TEST_size_t_eq(dlen, SHA256_DIGEST_LENGTH))
2201 goto err;
2202 ret = 1;
2203 err:
2204 OPENSSL_free(params);
2205 EVP_PKEY_CTX_free(dctx);
2206 EVP_PKEY_CTX_free(pctx);
2207 return ret;
2208 }
2209
2210 static const char *name_dup_algs[] = {
2211 #ifndef OPENSSL_NO_ECX
2212 "ED25519",
2213 #endif
2214 #ifndef OPENSSL_NO_ML_KEM
2215 "ML-KEM-512",
2216 #endif
2217 #ifndef OPENSSL_NO_ML_DSA
2218 "ML-DSA-44",
2219 #endif
2220 NULL
2221 };
2222
test_name_dup(int idx)2223 static int test_name_dup(int idx)
2224 {
2225 const char *alg = name_dup_algs[idx];
2226 EVP_PKEY *key = NULL;
2227 EVP_PKEY_CTX *factory = NULL, *ctx = NULL;
2228 int i, ret = 0;
2229
2230 if (alg == NULL
2231 || (factory = EVP_PKEY_CTX_new_from_name(NULL, alg, NULL)) == NULL)
2232 return 1;
2233 TEST_info("Testing fresh context dup for: %s", alg);
2234
2235 /* Run twice to check that *repeated* use works */
2236 for (i = 0; i < 2; ++i) {
2237 EVP_PKEY_CTX_free(ctx);
2238 EVP_PKEY_free(key);
2239 key = NULL;
2240 if (!TEST_ptr(ctx = EVP_PKEY_CTX_dup(factory))
2241 || !TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
2242 || !TEST_int_gt(EVP_PKEY_keygen(ctx, &key), 0)) {
2243 ERR_print_errors(bio_err);
2244 goto end;
2245 }
2246 }
2247 ret = 1;
2248
2249 end:
2250 EVP_PKEY_CTX_free(factory);
2251 EVP_PKEY_CTX_free(ctx);
2252 EVP_PKEY_free(key);
2253
2254 return ret;
2255 }
2256
setup_tests(void)2257 int setup_tests(void)
2258 {
2259 if (!test_skip_common_options()) {
2260 TEST_error("Error parsing test options\n");
2261 return 0;
2262 }
2263
2264 if (!TEST_ptr(datadir = test_get_argument(0)))
2265 return 0;
2266
2267 ADD_TEST(test_evp_pkey_ctx_dup_kdf);
2268 ADD_ALL_TESTS(test_name_dup, OSSL_NELEM(name_dup_algs));
2269 ADD_TEST(test_evp_pkey_get_bn_param_large);
2270 ADD_TEST(test_fromdata_rsa);
2271 ADD_TEST(test_fromdata_rsa_derive_from_pq_sp800);
2272 ADD_TEST(test_fromdata_rsa_derive_from_pq_multiprime);
2273 #ifndef OPENSSL_NO_DH
2274 ADD_TEST(test_fromdata_dh_fips186_4);
2275 ADD_TEST(test_fromdata_dh_named_group);
2276 #endif
2277 #ifndef OPENSSL_NO_DSA
2278 ADD_TEST(test_check_dsa);
2279 ADD_TEST(test_fromdata_dsa_fips186_4);
2280 #endif
2281 #ifndef OPENSSL_NO_EC
2282 #ifndef OPENSSL_NO_ECX
2283 ADD_ALL_TESTS(test_fromdata_ecx, 4 * 3);
2284 #endif
2285 ADD_TEST(test_fromdata_ec);
2286 ADD_TEST(test_ec_dup_no_operation);
2287 ADD_TEST(test_ec_dup_keygen_operation);
2288 #endif
2289 return 1;
2290 }
2291