VirtualBox

source: vbox/trunk/src/libs/openssl-3.3.2/test/evp_pkey_provided_test.c

Last change on this file was 108206, checked in by vboxsync, 3 months ago

openssl-3.3.2: Exported all files to OSE and removed .scm-settings ​bugref:10757
  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
File size: 89.4 KB
Line 
1/*
2 * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10#include <string.h> /* memset */
11#include <openssl/evp.h>
12#include <openssl/pem.h>
13#include <openssl/encoder.h>
14#include <openssl/provider.h>
15#include <openssl/param_build.h>
16#include <openssl/core_names.h>
17#include <openssl/sha.h>
18#include "crypto/ecx.h"
19#include "crypto/evp.h" /* For the internal API */
20#include "crypto/bn_dh.h" /* _bignum_ffdhe2048_p */
21#include "internal/nelem.h"
22#include "testutil.h"
23
24static char *datadir = NULL;
25
26/*
27 * Do not change the order of the following defines unless you also
28 * update the for loop bounds used inside test_print_key_using_encoder() and
29 * test_print_key_using_encoder_public().
30 */
31#define PRIV_TEXT 0
32#define PRIV_PEM 1
33#define PRIV_DER 2
34#define PUB_TEXT 3
35#define PUB_PEM 4
36#define PUB_DER 5
37
38static void stripcr(char *buf, size_t *len)
39{
40 size_t i;
41 char *curr, *writ;
42
43 for (i = *len, curr = buf, writ = buf; i > 0; i--, curr++) {
44 if (*curr == '\r') {
45 (*len)--;
46 continue;
47 }
48 if (curr != writ)
49 *writ = *curr;
50 writ++;
51 }
52}
53
54static int compare_with_file(const char *alg, int type, BIO *membio)
55{
56 char filename[80];
57 BIO *file = NULL;
58 char buf[4096];
59 char *memdata, *fullfile = NULL;
60 const char *suffix;
61 size_t readbytes;
62 int ret = 0;
63 int len;
64 size_t slen;
65
66 switch (type) {
67 case PRIV_TEXT:
68 suffix = "priv.txt";
69 break;
70
71 case PRIV_PEM:
72 suffix = "priv.pem";
73 break;
74
75 case PRIV_DER:
76 suffix = "priv.der";
77 break;
78
79 case PUB_TEXT:
80 suffix = "pub.txt";
81 break;
82
83 case PUB_PEM:
84 suffix = "pub.pem";
85 break;
86
87 case PUB_DER:
88 suffix = "pub.der";
89 break;
90
91 default:
92 TEST_error("Invalid file type");
93 goto err;
94 }
95
96 BIO_snprintf(filename, sizeof(filename), "%s.%s", alg, suffix);
97 fullfile = test_mk_file_path(datadir, filename);
98 if (!TEST_ptr(fullfile))
99 goto err;
100
101 file = BIO_new_file(fullfile, "rb");
102 if (!TEST_ptr(file))
103 goto err;
104
105 if (!TEST_true(BIO_read_ex(file, buf, sizeof(buf), &readbytes))
106 || !TEST_true(BIO_eof(file))
107 || !TEST_size_t_lt(readbytes, sizeof(buf)))
108 goto err;
109
110 len = BIO_get_mem_data(membio, &memdata);
111 if (!TEST_int_gt(len, 0))
112 goto err;
113
114 slen = len;
115 if (type != PRIV_DER && type != PUB_DER) {
116 stripcr(memdata, &slen);
117 stripcr(buf, &readbytes);
118 }
119
120 if (!TEST_mem_eq(memdata, slen, buf, readbytes))
121 goto err;
122
123 ret = 1;
124 err:
125 OPENSSL_free(fullfile);
126 (void)BIO_reset(membio);
127 BIO_free(file);
128 return ret;
129}
130
131static int pass_cb(char *buf, int size, int rwflag, void *u)
132{
133 return 0;
134}
135
136static int pass_cb_error(char *buf, int size, int rwflag, void *u)
137{
138 return -1;
139}
140
141static int test_print_key_using_pem(const char *alg, const EVP_PKEY *pk)
142{
143 BIO *membio = BIO_new(BIO_s_mem());
144 int ret = 0;
145
146 if (!TEST_ptr(membio))
147 goto err;
148
149 if (/* Output Encrypted private key in PEM form */
150 !TEST_true(PEM_write_bio_PrivateKey(bio_out, pk, EVP_aes_256_cbc(),
151 (unsigned char *)"pass", 4,
152 NULL, NULL))
153 /* Output zero-length passphrase encrypted private key in PEM form */
154 || !TEST_true(PEM_write_bio_PKCS8PrivateKey(bio_out, pk,
155 EVP_aes_256_cbc(),
156 (const char *)~0, 0,
157 NULL, NULL))
158 || !TEST_true(PEM_write_bio_PKCS8PrivateKey(bio_out, pk,
159 EVP_aes_256_cbc(),
160 NULL, 0, NULL, ""))
161 || !TEST_true(PEM_write_bio_PKCS8PrivateKey(bio_out, pk,
162 EVP_aes_256_cbc(),
163 NULL, 0, pass_cb, NULL))
164 || !TEST_false(PEM_write_bio_PKCS8PrivateKey(bio_out, pk,
165 EVP_aes_256_cbc(),
166 NULL, 0, pass_cb_error,
167 NULL))
168#ifndef OPENSSL_NO_DES
169 || !TEST_true(PEM_write_bio_PKCS8PrivateKey_nid(
170 bio_out, pk, NID_pbe_WithSHA1And3_Key_TripleDES_CBC,
171 (const char *)~0, 0, NULL, NULL))
172 || !TEST_true(PEM_write_bio_PKCS8PrivateKey_nid(
173 bio_out, pk, NID_pbe_WithSHA1And3_Key_TripleDES_CBC, NULL, 0,
174 NULL, ""))
175 || !TEST_true(PEM_write_bio_PKCS8PrivateKey_nid(
176 bio_out, pk, NID_pbe_WithSHA1And3_Key_TripleDES_CBC, NULL, 0,
177 pass_cb, NULL))
178 || !TEST_false(PEM_write_bio_PKCS8PrivateKey_nid(
179 bio_out, pk, NID_pbe_WithSHA1And3_Key_TripleDES_CBC, NULL, 0,
180 pass_cb_error, NULL))
181#endif
182 /* Private key in text form */
183 || !TEST_int_gt(EVP_PKEY_print_private(membio, pk, 0, NULL), 0)
184 || !TEST_true(compare_with_file(alg, PRIV_TEXT, membio))
185 /* Public key in PEM form */
186 || !TEST_true(PEM_write_bio_PUBKEY(membio, pk))
187 || !TEST_true(compare_with_file(alg, PUB_PEM, membio))
188 /* Unencrypted private key in PEM form */
189 || !TEST_true(PEM_write_bio_PrivateKey(membio, pk,
190 NULL, NULL, 0, NULL, NULL))
191 || !TEST_true(compare_with_file(alg, PRIV_PEM, membio))
192 /* NULL key */
193 || !TEST_false(PEM_write_bio_PrivateKey(membio, NULL,
194 NULL, NULL, 0, NULL, NULL))
195 || !TEST_false(PEM_write_bio_PrivateKey_traditional(membio, NULL,
196 NULL, NULL, 0, NULL, NULL)))
197 goto err;
198
199 ret = 1;
200 err:
201 BIO_free(membio);
202 return ret;
203}
204
205static int test_print_key_type_using_encoder(const char *alg, int type,
206 const EVP_PKEY *pk)
207{
208 const char *output_type, *output_structure;
209 int selection;
210 OSSL_ENCODER_CTX *ctx = NULL;
211 BIO *membio = BIO_new(BIO_s_mem());
212 int ret = 0;
213
214 switch (type) {
215 case PRIV_TEXT:
216 output_type = "TEXT";
217 output_structure = NULL;
218 selection = OSSL_KEYMGMT_SELECT_KEYPAIR
219 | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS;
220 break;
221
222 case PRIV_PEM:
223 output_type = "PEM";
224 output_structure = "PrivateKeyInfo";
225 selection = OSSL_KEYMGMT_SELECT_KEYPAIR
226 | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS;
227 break;
228
229 case PRIV_DER:
230 output_type = "DER";
231 output_structure = "PrivateKeyInfo";
232 selection = OSSL_KEYMGMT_SELECT_KEYPAIR
233 | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS;
234 break;
235
236 case PUB_TEXT:
237 output_type = "TEXT";
238 output_structure = NULL;
239 selection = OSSL_KEYMGMT_SELECT_PUBLIC_KEY
240 | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS;
241 break;
242
243 case PUB_PEM:
244 output_type = "PEM";
245 output_structure = "SubjectPublicKeyInfo";
246 selection = OSSL_KEYMGMT_SELECT_PUBLIC_KEY
247 | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS;
248 break;
249
250 case PUB_DER:
251 output_type = "DER";
252 output_structure = "SubjectPublicKeyInfo";
253 selection = OSSL_KEYMGMT_SELECT_PUBLIC_KEY
254 | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS;
255 break;
256
257 default:
258 TEST_error("Invalid encoding type");
259 goto err;
260 }
261
262 if (!TEST_ptr(membio))
263 goto err;
264
265 /* Make a context, it's valid for several prints */
266 TEST_note("Setting up a OSSL_ENCODER context with passphrase");
267 if (!TEST_ptr(ctx = OSSL_ENCODER_CTX_new_for_pkey(pk, selection,
268 output_type,
269 output_structure,
270 NULL))
271 /* Check that this operation is supported */
272 || !TEST_int_ne(OSSL_ENCODER_CTX_get_num_encoders(ctx), 0))
273 goto err;
274
275 /* Use no cipher. This should give us an unencrypted PEM */
276 TEST_note("Testing with no encryption");
277 if (!TEST_true(OSSL_ENCODER_to_bio(ctx, membio))
278 || !TEST_true(compare_with_file(alg, type, membio)))
279 goto err;
280
281 if (type == PRIV_PEM) {
282 /* Set a passphrase to be used later */
283 if (!TEST_true(OSSL_ENCODER_CTX_set_passphrase(ctx,
284 (unsigned char *)"pass",
285 4)))
286 goto err;
287
288 /* Use a valid cipher name */
289 TEST_note("Displaying PEM encrypted with AES-256-CBC");
290 if (!TEST_true(OSSL_ENCODER_CTX_set_cipher(ctx, "AES-256-CBC", NULL))
291 || !TEST_true(OSSL_ENCODER_to_bio(ctx, bio_out)))
292 goto err;
293
294 /* Use an invalid cipher name, which should generate no output */
295 TEST_note("NOT Displaying PEM encrypted with (invalid) FOO");
296 if (!TEST_false(OSSL_ENCODER_CTX_set_cipher(ctx, "FOO", NULL))
297 || !TEST_false(OSSL_ENCODER_to_bio(ctx, bio_out)))
298 goto err;
299
300 /* Clear the cipher. This should give us an unencrypted PEM again */
301 TEST_note("Testing with encryption cleared (no encryption)");
302 if (!TEST_true(OSSL_ENCODER_CTX_set_cipher(ctx, NULL, NULL))
303 || !TEST_true(OSSL_ENCODER_to_bio(ctx, membio))
304 || !TEST_true(compare_with_file(alg, type, membio)))
305 goto err;
306 }
307 ret = 1;
308err:
309 BIO_free(membio);
310 OSSL_ENCODER_CTX_free(ctx);
311 return ret;
312}
313
314static int test_print_key_using_encoder(const char *alg, const EVP_PKEY *pk)
315{
316 int i;
317 int ret = 1;
318
319 for (i = PRIV_TEXT; i <= PUB_DER; i++)
320 ret = ret && test_print_key_type_using_encoder(alg, i, pk);
321
322 return ret;
323}
324
325#ifndef OPENSSL_NO_ECX
326static int test_print_key_using_encoder_public(const char *alg,
327 const EVP_PKEY *pk)
328{
329 int i;
330 int ret = 1;
331
332 for (i = PUB_TEXT; i <= PUB_DER; i++)
333 ret = ret && test_print_key_type_using_encoder(alg, i, pk);
334
335 return ret;
336}
337#endif
338
339/* Array indexes used in test_fromdata_rsa */
340#define N 0
341#define E 1
342#define D 2
343#define P 3
344#define Q 4
345#define DP 5
346#define DQ 6
347#define QINV 7
348
349static int test_fromdata_rsa(void)
350{
351 int ret = 0, i;
352 EVP_PKEY_CTX *ctx = NULL, *key_ctx = NULL;
353 EVP_PKEY *pk = NULL, *copy_pk = NULL, *dup_pk = NULL;
354 /*
355 * 32-bit RSA key, extracted from this command,
356 * executed with OpenSSL 1.0.2:
357 *
358 * openssl genrsa 32 | openssl rsa -text
359 */
360 static unsigned long key_numbers[] = {
361 0xbc747fc5, /* N */
362 0x10001, /* E */
363 0x7b133399, /* D */
364 0xe963, /* P */
365 0xceb7, /* Q */
366 0x8599, /* DP */
367 0xbd87, /* DQ */
368 0xcc3b, /* QINV */
369 };
370 OSSL_PARAM fromdata_params[] = {
371 OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_N, &key_numbers[N]),
372 OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_E, &key_numbers[E]),
373 OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_D, &key_numbers[D]),
374 OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_FACTOR1, &key_numbers[P]),
375 OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_FACTOR2, &key_numbers[Q]),
376 OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_EXPONENT1, &key_numbers[DP]),
377 OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_EXPONENT2, &key_numbers[DQ]),
378 OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_COEFFICIENT1, &key_numbers[QINV]),
379 OSSL_PARAM_END
380 };
381 BIGNUM *bn = BN_new();
382 BIGNUM *bn_from = BN_new();
383
384 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(NULL, "RSA", NULL)))
385 goto err;
386
387 if (!TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1)
388 || !TEST_int_eq(EVP_PKEY_fromdata(ctx, &pk, EVP_PKEY_KEYPAIR,
389 fromdata_params), 1))
390 goto err;
391
392 for (;;) {
393 ret = 0;
394 if (!TEST_int_eq(EVP_PKEY_get_bits(pk), 32)
395 || !TEST_int_eq(EVP_PKEY_get_security_bits(pk), 8)
396 || !TEST_int_eq(EVP_PKEY_get_size(pk), 4)
397 || !TEST_false(EVP_PKEY_missing_parameters(pk)))
398 goto err;
399
400 EVP_PKEY_CTX_free(key_ctx);
401 if (!TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(NULL, pk, "")))
402 goto err;
403
404 if (!TEST_int_gt(EVP_PKEY_check(key_ctx), 0)
405 || !TEST_int_gt(EVP_PKEY_public_check(key_ctx), 0)
406 || !TEST_int_gt(EVP_PKEY_private_check(key_ctx), 0)
407 || !TEST_int_gt(EVP_PKEY_pairwise_check(key_ctx), 0))
408 goto err;
409
410 /* EVP_PKEY_copy_parameters() should fail for RSA */
411 if (!TEST_ptr(copy_pk = EVP_PKEY_new())
412 || !TEST_false(EVP_PKEY_copy_parameters(copy_pk, pk)))
413 goto err;
414 EVP_PKEY_free(copy_pk);
415 copy_pk = NULL;
416
417 ret = test_print_key_using_pem("RSA", pk)
418 && test_print_key_using_encoder("RSA", pk);
419
420 if (!ret || dup_pk != NULL)
421 break;
422
423 if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pk)))
424 goto err;
425 ret = ret && TEST_int_eq(EVP_PKEY_eq(pk, dup_pk), 1);
426 EVP_PKEY_free(pk);
427 pk = dup_pk;
428 if (!ret)
429 goto err;
430 }
431 err:
432 /* for better diagnostics always compare key params */
433 for (i = 0; fromdata_params[i].key != NULL; ++i) {
434 if (!TEST_true(BN_set_word(bn_from, key_numbers[i]))
435 || !TEST_true(EVP_PKEY_get_bn_param(pk, fromdata_params[i].key,
436 &bn))
437 || !TEST_BN_eq(bn, bn_from))
438 ret = 0;
439 }
440 BN_free(bn_from);
441 BN_free(bn);
442 EVP_PKEY_free(pk);
443 EVP_PKEY_free(copy_pk);
444 EVP_PKEY_CTX_free(key_ctx);
445 EVP_PKEY_CTX_free(ctx);
446
447 return ret;
448}
449
450struct check_data {
451 const char *pname;
452 BIGNUM *comparebn;
453};
454
455static int do_fromdata_rsa_derive(OSSL_PARAM *fromdata_params,
456 struct check_data check[],
457 int expected_nbits, int expected_sbits,
458 int expected_ksize)
459{
460 const OSSL_PARAM *check_param = NULL;
461 BIGNUM *check_bn = NULL;
462 OSSL_PARAM *todata_params = NULL;
463 EVP_PKEY_CTX *ctx = NULL, *key_ctx = NULL;
464 EVP_PKEY *pk = NULL, *copy_pk = NULL, *dup_pk = NULL;
465 int i;
466 int ret = 0;
467
468 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(NULL, "RSA", NULL))
469 || !TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1)
470 || !TEST_int_eq(EVP_PKEY_fromdata(ctx, &pk, EVP_PKEY_KEYPAIR,
471 fromdata_params), 1))
472 goto err;
473
474 /*
475 * get the generated key parameters back and validate that the
476 * exponents/coeffs are correct
477 */
478 if (!TEST_int_eq(EVP_PKEY_todata(pk, EVP_PKEY_KEYPAIR, &todata_params), 1))
479 goto err;
480
481 for (i = 0; check[i].pname != NULL; i++) {
482 if (!TEST_ptr(check_param = OSSL_PARAM_locate_const(todata_params,
483 check[i].pname)))
484 goto err;
485 if (!TEST_int_eq(OSSL_PARAM_get_BN(check_param, &check_bn), 1))
486 goto err;
487 if (!TEST_BN_eq(check_bn, check[i].comparebn)) {
488 TEST_info("Data mismatch for parameter %s", check[i].pname);
489 goto err;
490 }
491 BN_free(check_bn);
492 check_bn = NULL;
493 }
494
495 for (;;) {
496 if (!TEST_int_eq(EVP_PKEY_get_bits(pk), expected_nbits)
497 || !TEST_int_eq(EVP_PKEY_get_security_bits(pk), expected_sbits)
498 || !TEST_int_eq(EVP_PKEY_get_size(pk), expected_ksize)
499 || !TEST_false(EVP_PKEY_missing_parameters(pk)))
500 goto err;
501
502 EVP_PKEY_CTX_free(key_ctx);
503 if (!TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(NULL, pk, "")))
504 goto err;
505
506 if (!TEST_int_gt(EVP_PKEY_check(key_ctx), 0)
507 || !TEST_int_gt(EVP_PKEY_public_check(key_ctx), 0)
508 || !TEST_int_gt(EVP_PKEY_private_check(key_ctx), 0)
509 || !TEST_int_gt(EVP_PKEY_pairwise_check(key_ctx), 0))
510 goto err;
511
512 /* EVP_PKEY_copy_parameters() should fail for RSA */
513 if (!TEST_ptr(copy_pk = EVP_PKEY_new())
514 || !TEST_false(EVP_PKEY_copy_parameters(copy_pk, pk)))
515 goto err;
516 EVP_PKEY_free(copy_pk);
517 copy_pk = NULL;
518
519 if (dup_pk != NULL)
520 break;
521
522 if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pk)))
523 goto err;
524 if (!TEST_int_eq(EVP_PKEY_eq(pk, dup_pk), 1)) {
525 EVP_PKEY_free(dup_pk);
526 goto err;
527 }
528 EVP_PKEY_free(pk);
529 pk = dup_pk;
530 }
531 ret = 1;
532err:
533 BN_free(check_bn);
534 EVP_PKEY_free(pk);
535 EVP_PKEY_CTX_free(ctx);
536 EVP_PKEY_CTX_free(key_ctx);
537 OSSL_PARAM_free(fromdata_params);
538 OSSL_PARAM_free(todata_params);
539 return ret;
540}
541
542static int test_fromdata_rsa_derive_from_pq_sp800(void)
543{
544 OSSL_PARAM_BLD *bld = NULL;
545 BIGNUM *n = NULL, *e = NULL, *d = NULL, *p = NULL, *q = NULL;
546 BIGNUM *dmp1 = NULL, *dmq1 = NULL, *iqmp = NULL;
547 OSSL_PARAM *fromdata_params = NULL;
548 struct check_data cdata[4];
549 int ret = 0;
550 /*
551 * 512-bit RSA key, extracted from this command,
552 * openssl genrsa 512 | openssl rsa -text
553 * Note: When generating a key with EVP_PKEY_fromdata, and using
554 * crt derivation, openssl requires a minimum of 512 bits of n data,
555 * and 2048 bits in the FIPS case
556 */
557 static unsigned char n_data[] =
558 {0x00, 0xc7, 0x06, 0xd8, 0x6b, 0x3c, 0x4f, 0xb7, 0x95, 0x42, 0x44, 0x90,
559 0xbd, 0xef, 0xf3, 0xc4, 0xb5, 0xa8, 0x55, 0x9e, 0x33, 0xa3, 0x04, 0x3a,
560 0x90, 0xe5, 0x13, 0xff, 0x87, 0x69, 0x15, 0xa4, 0x8a, 0x17, 0x10, 0xcc,
561 0xdf, 0xf9, 0xc5, 0x0f, 0xf1, 0x12, 0xff, 0x12, 0x11, 0xe5, 0x6b, 0x5c,
562 0x83, 0xd9, 0x43, 0xd1, 0x8a, 0x7e, 0xa6, 0x60, 0x07, 0x2e, 0xbb, 0x03,
563 0x17, 0x2d, 0xec, 0x17, 0x87};
564 static unsigned char e_data[] = {0x01, 0x00, 0x01};
565 static unsigned char d_data[] =
566 {0x1e, 0x5e, 0x5d, 0x07, 0x7f, 0xdc, 0x6a, 0x16, 0xcc, 0x55, 0xca, 0x00,
567 0x31, 0x6c, 0xf0, 0xc7, 0x07, 0x38, 0x89, 0x3b, 0x37, 0xd4, 0x9d, 0x5b,
568 0x1e, 0x99, 0x3e, 0x94, 0x5a, 0xe4, 0x82, 0x86, 0x8a, 0x78, 0x34, 0x09,
569 0x37, 0xd5, 0xe7, 0xb4, 0xef, 0x5f, 0x83, 0x94, 0xff, 0xe5, 0x36, 0x79,
570 0x10, 0x0c, 0x38, 0xc5, 0x3a, 0x33, 0xa6, 0x7c, 0x3c, 0xcc, 0x98, 0xe0,
571 0xf5, 0xdb, 0xe6, 0x81};
572 static unsigned char p_data[] =
573 {0x00, 0xf6, 0x61, 0x38, 0x0e, 0x1f, 0x82, 0x7c, 0xb8, 0xba, 0x00, 0xd3,
574 0xac, 0xdc, 0x4e, 0x6b, 0x7e, 0xf7, 0x58, 0xf3, 0xd9, 0xd8, 0x21, 0xed,
575 0x54, 0xa3, 0x36, 0xd2, 0x2c, 0x5f, 0x06, 0x7d, 0xc5};
576 static unsigned char q_data[] =
577 {0x00, 0xce, 0xcc, 0x4a, 0xa5, 0x4f, 0xd6, 0x73, 0xd0, 0x20, 0xc3, 0x98,
578 0x64, 0x20, 0x9b, 0xc1, 0x23, 0xd8, 0x5c, 0x82, 0x4f, 0xe8, 0xa5, 0x32,
579 0xcd, 0x7e, 0x97, 0xb4, 0xde, 0xf6, 0x4c, 0x80, 0xdb};
580 static unsigned char dmp1_data[] =
581 {0x00, 0xd1, 0x07, 0xb6, 0x79, 0x34, 0xfe, 0x8e, 0x36, 0x63, 0x88, 0xa4,
582 0x0e, 0x3a, 0x73, 0x45, 0xfc, 0x58, 0x7a, 0x5d, 0x98, 0xeb, 0x28, 0x0d,
583 0xa5, 0x0b, 0x3c, 0x4d, 0xa0, 0x5b, 0x96, 0xb4, 0x49};
584 static unsigned char dmq1_data[] =
585 {0x5b, 0x47, 0x02, 0xdf, 0xaa, 0xb8, 0xae, 0x8f, 0xbc, 0x16, 0x79, 0x6a,
586 0x20, 0x96, 0x7f, 0x0e, 0x92, 0x4e, 0x6a, 0xda, 0x58, 0x86, 0xaa, 0x40,
587 0xd7, 0xd2, 0xa0, 0x6c, 0x15, 0x6c, 0xb9, 0x27};
588 static unsigned char iqmp_data[] =
589 {0x00, 0xa0, 0xd6, 0xf0, 0xe8, 0x17, 0x9e, 0xe7, 0xe6, 0x99, 0x12, 0xd6,
590 0xd9, 0x43, 0xcf, 0xed, 0x37, 0x29, 0xf5, 0x6c, 0x3e, 0xc1, 0x7f, 0x2e,
591 0x31, 0x3f, 0x64, 0x34, 0x66, 0x68, 0x5c, 0x22, 0x08};
592
593 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
594 || !TEST_ptr(n = BN_bin2bn(n_data, sizeof(n_data), NULL))
595 || !TEST_ptr(e = BN_bin2bn(e_data, sizeof(e_data), NULL))
596 || !TEST_ptr(d = BN_bin2bn(d_data, sizeof(d_data), NULL))
597 || !TEST_ptr(p = BN_bin2bn(p_data, sizeof(p_data), NULL))
598 || !TEST_ptr(q = BN_bin2bn(q_data, sizeof(q_data), NULL))
599 || !TEST_ptr(dmp1 = BN_bin2bn(dmp1_data, sizeof(dmp1_data), NULL))
600 || !TEST_ptr(dmq1 = BN_bin2bn(dmq1_data, sizeof(dmq1_data), NULL))
601 || !TEST_ptr(iqmp = BN_bin2bn(iqmp_data, sizeof(iqmp_data), NULL))
602 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_N, n))
603 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_E, e))
604 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_D, d))
605 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_FACTOR1,
606 p))
607 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_FACTOR2,
608 q))
609 || !TEST_true(OSSL_PARAM_BLD_push_int(bld,
610 OSSL_PKEY_PARAM_RSA_DERIVE_FROM_PQ, 1))
611 || !TEST_ptr(fromdata_params = OSSL_PARAM_BLD_to_param(bld)))
612 goto err;
613
614 cdata[0].pname = OSSL_PKEY_PARAM_RSA_EXPONENT1;
615 cdata[0].comparebn = dmp1;
616 cdata[1].pname = OSSL_PKEY_PARAM_RSA_EXPONENT2;
617 cdata[1].comparebn = dmq1;
618 cdata[2].pname = OSSL_PKEY_PARAM_RSA_COEFFICIENT1;
619 cdata[2].comparebn = iqmp;
620 cdata[3].pname = NULL;
621 cdata[3].comparebn = NULL;
622
623 ret = do_fromdata_rsa_derive(fromdata_params, cdata, 512, 56, 64);
624
625err:
626 BN_free(n);
627 BN_free(e);
628 BN_free(d);
629 BN_free(p);
630 BN_free(q);
631 BN_free(dmp1);
632 BN_free(dmq1);
633 BN_free(iqmp);
634 OSSL_PARAM_BLD_free(bld);
635 return ret;
636}
637
638static int test_fromdata_rsa_derive_from_pq_multiprime(void)
639{
640 OSSL_PARAM_BLD *bld = NULL;
641 BIGNUM *n = NULL, *e = NULL, *d = NULL;
642 BIGNUM *p = NULL, *q = NULL, *p2 = NULL;
643 BIGNUM *dmp1 = NULL, *dmq1 = NULL, *iqmp = NULL;
644 BIGNUM *exp3 = NULL, *coeff2 = NULL;
645 OSSL_PARAM *fromdata_params = NULL;
646 struct check_data cdata[12];
647 int ret = 0;
648 /*
649 * multiprime RSA key, extracted from this command,
650 * openssl genrsa -primes 3 | openssl rsa -text
651 * Note: When generating a key with EVP_PKEY_fromdata, and using
652 * crt derivation, openssl requires a minimum of 512 bits of n data,
653 * and 2048 bits in the FIPS case
654 */
655 static unsigned char n_data[] =
656 {0x00, 0x95, 0x78, 0x21, 0xe0, 0xca, 0x94, 0x6c, 0x0b, 0x86, 0x2a, 0x01,
657 0xde, 0xd9, 0xab, 0xee, 0x88, 0x4a, 0x27, 0x4f, 0xcc, 0x5f, 0xf1, 0x71,
658 0xe1, 0x0b, 0xc3, 0xd1, 0x88, 0x76, 0xf0, 0x83, 0x03, 0x93, 0x7e, 0x39,
659 0xfa, 0x47, 0x89, 0x34, 0x27, 0x18, 0x19, 0x97, 0xfc, 0xd4, 0xfe, 0xe5,
660 0x8a, 0xa9, 0x11, 0x83, 0xb5, 0x15, 0x4a, 0x29, 0xa6, 0xa6, 0xd0, 0x6e,
661 0x0c, 0x7f, 0x61, 0x8f, 0x7e, 0x7c, 0xfb, 0xfc, 0x04, 0x8b, 0xca, 0x44,
662 0xf8, 0x59, 0x0b, 0x22, 0x6f, 0x3f, 0x92, 0x23, 0x98, 0xb5, 0xc8, 0xf7,
663 0xff, 0xf7, 0xac, 0x6b, 0x36, 0xb3, 0xaf, 0x39, 0xde, 0x66, 0x38, 0x51,
664 0x9f, 0xbe, 0xe2, 0xfc, 0xe4, 0x6f, 0x1a, 0x0f, 0x7a, 0xde, 0x7f, 0x0f,
665 0x4e, 0xbc, 0xed, 0xa2, 0x99, 0xc5, 0xd1, 0xbf, 0x8f, 0xba, 0x92, 0x91,
666 0xe4, 0x00, 0x91, 0xbb, 0x67, 0x36, 0x7d, 0x00, 0x50, 0xda, 0x28, 0x38,
667 0xdc, 0x9f, 0xfe, 0x3f, 0x24, 0x5a, 0x0d, 0xe1, 0x8d, 0xe9, 0x45, 0x2c,
668 0xd7, 0xf2, 0x67, 0x8c, 0x0c, 0x6e, 0xdb, 0xc8, 0x8b, 0x6b, 0x38, 0x30,
669 0x21, 0x94, 0xc0, 0xe3, 0xd7, 0xe0, 0x23, 0xd3, 0xd4, 0xfa, 0xdb, 0xb9,
670 0xfe, 0x1a, 0xcc, 0xc9, 0x79, 0x19, 0x35, 0x18, 0x42, 0x30, 0xc4, 0xb5,
671 0x92, 0x33, 0x1e, 0xd4, 0xc4, 0xc0, 0x9d, 0x55, 0x37, 0xd4, 0xef, 0x54,
672 0x71, 0x81, 0x09, 0x15, 0xdb, 0x11, 0x38, 0x6b, 0x35, 0x93, 0x11, 0xdc,
673 0xb1, 0x6c, 0xd6, 0xa4, 0x37, 0x84, 0xf3, 0xb2, 0x2f, 0x1b, 0xd6, 0x05,
674 0x9f, 0x0e, 0x5c, 0x98, 0x29, 0x2f, 0x95, 0xb6, 0x55, 0xbd, 0x24, 0x44,
675 0xc5, 0xc8, 0xa2, 0x76, 0x1e, 0xf8, 0x82, 0x8a, 0xdf, 0x34, 0x72, 0x7e,
676 0xdd, 0x65, 0x4b, 0xfc, 0x6c, 0x1c, 0x96, 0x70, 0xe2, 0x69, 0xb5, 0x12,
677 0x1b, 0x59, 0x67, 0x14, 0x9d};
678 static unsigned char e_data[] = {0x01, 0x00, 0x01};
679 static unsigned char d_data[] =
680 {0x64, 0x57, 0x4d, 0x86, 0xf6, 0xf8, 0x44, 0xc0, 0x47, 0xc5, 0x13, 0x94,
681 0x63, 0x54, 0x84, 0xc1, 0x81, 0xe6, 0x7a, 0x2f, 0x9d, 0x89, 0x1d, 0x06,
682 0x13, 0x3b, 0xd6, 0x02, 0x62, 0xb6, 0x7b, 0x7d, 0x7f, 0x1a, 0x92, 0x19,
683 0x6e, 0xc4, 0xb0, 0xfa, 0x3d, 0xb7, 0x90, 0xcc, 0xee, 0xc0, 0x5f, 0xa0,
684 0x82, 0x77, 0x7b, 0x8f, 0xa9, 0x47, 0x2c, 0x46, 0xf0, 0x5d, 0xa4, 0x43,
685 0x47, 0x90, 0x5b, 0x20, 0x73, 0x0f, 0x46, 0xd4, 0x56, 0x73, 0xe7, 0x71,
686 0x41, 0x75, 0xb4, 0x1c, 0x32, 0xf5, 0x0c, 0x68, 0x8c, 0x40, 0xea, 0x1c,
687 0x30, 0x12, 0xa2, 0x65, 0x02, 0x27, 0x98, 0x4e, 0x0a, 0xbf, 0x2b, 0x72,
688 0xb2, 0x5c, 0xe3, 0xbe, 0x3e, 0xc7, 0xdb, 0x9b, 0xa2, 0x4a, 0x90, 0xc0,
689 0xa7, 0xb0, 0x00, 0xf1, 0x6a, 0xff, 0xa3, 0x77, 0xf7, 0x71, 0xa2, 0x41,
690 0xe9, 0x6e, 0x7c, 0x38, 0x24, 0x46, 0xd5, 0x5c, 0x49, 0x2a, 0xe6, 0xee,
691 0x27, 0x4b, 0x2e, 0x6f, 0x16, 0x54, 0x2d, 0x37, 0x36, 0x01, 0x39, 0x2b,
692 0x23, 0x4b, 0xb4, 0x65, 0x25, 0x4d, 0x7f, 0x72, 0x20, 0x7f, 0x5d, 0xec,
693 0x50, 0xba, 0xbb, 0xaa, 0x9c, 0x3c, 0x1d, 0xa1, 0x40, 0x2c, 0x6a, 0x8b,
694 0x5f, 0x2e, 0xe0, 0xa6, 0xf7, 0x9e, 0x03, 0xb5, 0x44, 0x5f, 0x74, 0xc7,
695 0x9f, 0x89, 0x2b, 0x71, 0x2f, 0x66, 0x9f, 0x03, 0x6c, 0x96, 0xd0, 0x23,
696 0x36, 0x4d, 0xa1, 0xf0, 0x82, 0xcc, 0x43, 0xe7, 0x08, 0x93, 0x40, 0x18,
697 0xc0, 0x39, 0x73, 0x83, 0xe2, 0xec, 0x9b, 0x81, 0x9d, 0x4c, 0x86, 0xaa,
698 0x59, 0xa8, 0x67, 0x1c, 0x80, 0xdc, 0x6f, 0x7f, 0x23, 0x6b, 0x7d, 0x2c,
699 0x56, 0x99, 0xa0, 0x89, 0x7e, 0xdb, 0x8b, 0x7a, 0xaa, 0x03, 0x8e, 0x8e,
700 0x8e, 0x3a, 0x58, 0xb4, 0x03, 0x6b, 0x65, 0xfa, 0x92, 0x0a, 0x96, 0x93,
701 0xa6, 0x07, 0x60, 0x01};
702 static unsigned char p_data[] =
703 {0x06, 0x55, 0x7f, 0xbd, 0xfd, 0xa8, 0x4c, 0x94, 0x5e, 0x10, 0x8a, 0x54,
704 0x37, 0xf3, 0x64, 0x37, 0x3a, 0xca, 0x18, 0x1b, 0xdd, 0x71, 0xa5, 0x94,
705 0xc9, 0x31, 0x59, 0xa5, 0x89, 0xe9, 0xc4, 0xba, 0x55, 0x90, 0x6d, 0x9c,
706 0xcc, 0x52, 0x5d, 0x44, 0xa8, 0xbc, 0x2b, 0x3b, 0x8c, 0xbd, 0x96, 0xfa,
707 0xcd, 0x54, 0x63, 0xe3, 0xc8, 0xfe, 0x5e, 0xc6, 0x73, 0x98, 0x14, 0x7a,
708 0x54, 0x0e, 0xe7, 0x75, 0x49, 0x93, 0x20, 0x33, 0x17, 0xa9, 0x34, 0xa8,
709 0xee, 0xaf, 0x3a, 0xcc, 0xf5, 0x69, 0xfc, 0x30, 0x1a, 0xdf, 0x49, 0x61,
710 0xa4, 0xd1};
711 static unsigned char p2_data[] =
712 {0x03, 0xe2, 0x41, 0x3d, 0xb1, 0xdd, 0xad, 0xd7, 0x3b, 0xf8, 0xab, 0x32,
713 0x27, 0x8b, 0xac, 0x95, 0xc0, 0x1a, 0x3f, 0x80, 0x8e, 0x21, 0xa9, 0xb8,
714 0xa2, 0xed, 0xcf, 0x97, 0x5c, 0x61, 0x10, 0x94, 0x1b, 0xd0, 0xbe, 0x88,
715 0xc2, 0xa7, 0x20, 0xe5, 0xa5, 0xc2, 0x7a, 0x7e, 0xf0, 0xd1, 0xe4, 0x13,
716 0x75, 0xb9, 0x62, 0x90, 0xf1, 0xc3, 0x5b, 0x8c, 0xe9, 0xa9, 0x5b, 0xb7,
717 0x6d, 0xdc, 0xcd, 0x12, 0xea, 0x97, 0x05, 0x04, 0x25, 0x2a, 0x93, 0xd1,
718 0x4e, 0x05, 0x1a, 0x50, 0xa2, 0x67, 0xb8, 0x4b, 0x09, 0x15, 0x65, 0x6c,
719 0x66, 0x2d};
720 static unsigned char q_data[] =
721 {0x06, 0x13, 0x74, 0x6e, 0xde, 0x7c, 0x33, 0xc2, 0xe7, 0x05, 0x2c, 0xeb,
722 0x25, 0x7d, 0x4a, 0x07, 0x7e, 0x03, 0xcf, 0x6a, 0x23, 0x36, 0x25, 0x23,
723 0xf6, 0x5d, 0xde, 0xa3, 0x0f, 0x82, 0xe6, 0x4b, 0xec, 0x39, 0xbf, 0x37,
724 0x1f, 0x4f, 0x56, 0x1e, 0xd8, 0x62, 0x32, 0x5c, 0xf5, 0x37, 0x75, 0x20,
725 0xe2, 0x7e, 0x56, 0x82, 0xc6, 0x35, 0xd3, 0x4d, 0xfa, 0x6c, 0xc3, 0x93,
726 0xf0, 0x60, 0x53, 0x78, 0x95, 0xee, 0xf9, 0x8b, 0x2c, 0xaf, 0xb1, 0x47,
727 0x5c, 0x29, 0x0d, 0x2a, 0x47, 0x7f, 0xd0, 0x7a, 0x4e, 0x26, 0x7b, 0x47,
728 0xfb, 0x61};
729 static unsigned char dmp1_data[] =
730 {0x01, 0x13, 0x3a, 0x1f, 0x91, 0x92, 0xa3, 0x8c, 0xfb, 0x7a, 0x6b, 0x40,
731 0x68, 0x4e, 0xd3, 0xcf, 0xdc, 0x16, 0xb9, 0x88, 0xe1, 0x49, 0x8d, 0x05,
732 0x78, 0x30, 0xfc, 0x3a, 0x70, 0xf2, 0x51, 0x06, 0x1f, 0xc7, 0xe8, 0x13,
733 0x19, 0x4b, 0x51, 0xb1, 0x79, 0xc2, 0x96, 0xc4, 0x00, 0xdb, 0x9d, 0x68,
734 0xec, 0xb9, 0x4a, 0x4b, 0x3b, 0xae, 0x91, 0x7f, 0xb5, 0xd7, 0x36, 0x82,
735 0x9d, 0x09, 0xfa, 0x97, 0x99, 0xe9, 0x73, 0x29, 0xb8, 0xf6, 0x6b, 0x8d,
736 0xd1, 0x15, 0xc5, 0x31, 0x4c, 0xe6, 0xb4, 0x7b, 0xa5, 0xd4, 0x08, 0xac,
737 0x9e, 0x41};
738 static unsigned char dmq1_data[] =
739 {0x05, 0xcd, 0x33, 0xc2, 0xdd, 0x3b, 0xb8, 0xec, 0xe4, 0x4c, 0x03, 0xcc,
740 0xef, 0xba, 0x07, 0x22, 0xca, 0x47, 0x77, 0x18, 0x40, 0x50, 0xe5, 0xfb,
741 0xc5, 0xb5, 0x71, 0xed, 0x3e, 0xd5, 0x5d, 0x72, 0xa7, 0x37, 0xa8, 0x86,
742 0x48, 0xa6, 0x27, 0x74, 0x42, 0x66, 0xd8, 0xf1, 0xfb, 0xcf, 0x1d, 0x4e,
743 0xee, 0x15, 0x76, 0x23, 0x5e, 0x81, 0x6c, 0xa7, 0x2b, 0x74, 0x08, 0xf7,
744 0x4c, 0x71, 0x9d, 0xa2, 0x29, 0x7f, 0xca, 0xd5, 0x02, 0x31, 0x2c, 0x54,
745 0x18, 0x02, 0xb6, 0xa8, 0x65, 0x26, 0xfc, 0xf8, 0x9b, 0x80, 0x90, 0xfc,
746 0x75, 0x61};
747 static unsigned char iqmp_data[] =
748 {0x05, 0x78, 0xf8, 0xdd, 0x1c, 0x6f, 0x3d, 0xaf, 0x53, 0x84, 0x32, 0xa9,
749 0x35, 0x52, 0xf3, 0xd0, 0x4d, 0xf8, 0x09, 0x85, 0x3d, 0x72, 0x20, 0x8b,
750 0x47, 0xba, 0xc8, 0xce, 0xac, 0xd9, 0x76, 0x90, 0x05, 0x88, 0x63, 0x8a,
751 0x10, 0x2b, 0xcd, 0xd3, 0xbe, 0x8c, 0x16, 0x60, 0x6a, 0xfd, 0xce, 0xc7,
752 0x9f, 0xfa, 0xbb, 0xe3, 0xa6, 0xde, 0xc2, 0x8f, 0x1d, 0x25, 0xdc, 0x41,
753 0xcb, 0xa4, 0xeb, 0x76, 0xc9, 0xdc, 0x8e, 0x49, 0x0e, 0xe4, 0x7c, 0xd2,
754 0xd5, 0x6e, 0x26, 0x3c, 0x0b, 0xd3, 0xc5, 0x20, 0x4e, 0x4b, 0xb6, 0xf7,
755 0xae, 0xef};
756 static unsigned char exp3_data[] =
757 {0x02, 0x7d, 0x16, 0x24, 0xfc, 0x35, 0xf9, 0xd0, 0xb3, 0x02, 0xf2, 0x5f,
758 0xde, 0xeb, 0x27, 0x19, 0x85, 0xd0, 0xcb, 0xe4, 0x0a, 0x2f, 0x13, 0xdb,
759 0xd5, 0xba, 0xe0, 0x8c, 0x32, 0x8b, 0x97, 0xdd, 0xef, 0xbc, 0xe0, 0x7a,
760 0x2d, 0x90, 0x7e, 0x09, 0xe9, 0x1f, 0x26, 0xf2, 0xf4, 0x48, 0xea, 0x06,
761 0x76, 0x26, 0xe6, 0x3b, 0xce, 0x4e, 0xc9, 0xf9, 0x0f, 0x38, 0x90, 0x26,
762 0x87, 0x65, 0x36, 0x9a, 0xea, 0x6a, 0xfe, 0xb1, 0xdb, 0x46, 0xdf, 0x14,
763 0xfd, 0x13, 0x53, 0xfb, 0x5b, 0x35, 0x6e, 0xe7, 0xd5, 0xd8, 0x39, 0xf7,
764 0x2d, 0xb9};
765 static unsigned char coeff2_data[] =
766 {0x01, 0xba, 0x66, 0x0a, 0xa2, 0x86, 0xc0, 0x57, 0x7f, 0x4e, 0x68, 0xb1,
767 0x86, 0x63, 0x23, 0x5b, 0x0e, 0xeb, 0x93, 0x42, 0xd1, 0xaa, 0x15, 0x13,
768 0xcc, 0x29, 0x71, 0x8a, 0xb0, 0xe0, 0xc9, 0x67, 0xde, 0x1a, 0x7c, 0x1a,
769 0xef, 0xa7, 0x08, 0x85, 0xb3, 0xae, 0x98, 0x99, 0xde, 0xaf, 0x09, 0x38,
770 0xfc, 0x46, 0x29, 0x5f, 0x4f, 0x7e, 0x01, 0x6c, 0x50, 0x13, 0x95, 0x91,
771 0x4c, 0x0f, 0x00, 0xba, 0xca, 0x40, 0xa3, 0xd0, 0x58, 0xb6, 0x62, 0x4c,
772 0xd1, 0xb6, 0xd3, 0x29, 0x5d, 0x82, 0xb3, 0x3d, 0x61, 0xbe, 0x5d, 0xf0,
773 0x4b, 0xf4};
774
775 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
776 || !TEST_ptr(n = BN_bin2bn(n_data, sizeof(n_data), NULL))
777 || !TEST_ptr(e = BN_bin2bn(e_data, sizeof(e_data), NULL))
778 || !TEST_ptr(d = BN_bin2bn(d_data, sizeof(d_data), NULL))
779 || !TEST_ptr(p = BN_bin2bn(p_data, sizeof(p_data), NULL))
780 || !TEST_ptr(q = BN_bin2bn(q_data, sizeof(q_data), NULL))
781 || !TEST_ptr(p2 = BN_bin2bn(p2_data, sizeof(p2_data), NULL))
782 || !TEST_ptr(exp3 = BN_bin2bn(exp3_data, sizeof(exp3_data), NULL))
783 || !TEST_ptr(coeff2 = BN_bin2bn(coeff2_data, sizeof(coeff2_data), NULL))
784 || !TEST_ptr(dmp1 = BN_bin2bn(dmp1_data, sizeof(dmp1_data), NULL))
785 || !TEST_ptr(dmq1 = BN_bin2bn(dmq1_data, sizeof(dmq1_data), NULL))
786 || !TEST_ptr(iqmp = BN_bin2bn(iqmp_data, sizeof(iqmp_data), NULL))
787 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_N, n))
788 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_E, e))
789 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_D, d))
790 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_FACTOR1,
791 p))
792 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_FACTOR2,
793 q))
794 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_FACTOR3,
795 p2))
796 || !TEST_true(OSSL_PARAM_BLD_push_int(bld,
797 OSSL_PKEY_PARAM_RSA_DERIVE_FROM_PQ, 1))
798 || !TEST_ptr(fromdata_params = OSSL_PARAM_BLD_to_param(bld)))
799 goto err;
800
801 cdata[0].pname = OSSL_PKEY_PARAM_RSA_EXPONENT1;
802 cdata[0].comparebn = dmp1;
803 cdata[1].pname = OSSL_PKEY_PARAM_RSA_EXPONENT2;
804 cdata[1].comparebn = dmq1;
805 cdata[2].pname = OSSL_PKEY_PARAM_RSA_COEFFICIENT1;
806 cdata[2].comparebn = iqmp;
807 cdata[3].pname = OSSL_PKEY_PARAM_RSA_EXPONENT3;
808 cdata[3].comparebn = exp3;
809 cdata[4].pname = OSSL_PKEY_PARAM_RSA_COEFFICIENT2;
810 cdata[4].comparebn = coeff2;
811 cdata[5].pname = OSSL_PKEY_PARAM_RSA_N;
812 cdata[5].comparebn = n;
813 cdata[6].pname = OSSL_PKEY_PARAM_RSA_E;
814 cdata[6].comparebn = e;
815 cdata[7].pname = OSSL_PKEY_PARAM_RSA_D;
816 cdata[7].comparebn = d;
817 cdata[8].pname = OSSL_PKEY_PARAM_RSA_FACTOR1;
818 cdata[8].comparebn = p;
819 cdata[9].pname = OSSL_PKEY_PARAM_RSA_FACTOR2;
820 cdata[9].comparebn = q;
821 cdata[10].pname = OSSL_PKEY_PARAM_RSA_FACTOR3;
822 cdata[10].comparebn = p2;
823 cdata[11].pname = NULL;
824 cdata[11].comparebn = NULL;
825
826 ret = do_fromdata_rsa_derive(fromdata_params, cdata, 2048, 112, 256);
827
828err:
829 BN_free(n);
830 BN_free(e);
831 BN_free(d);
832 BN_free(p);
833 BN_free(p2);
834 BN_free(q);
835 BN_free(dmp1);
836 BN_free(dmq1);
837 BN_free(iqmp);
838 BN_free(exp3);
839 BN_free(coeff2);
840 OSSL_PARAM_BLD_free(bld);
841 return ret;
842}
843
844static int test_evp_pkey_get_bn_param_large(void)
845{
846 int ret = 0;
847 EVP_PKEY_CTX *ctx = NULL, *key_ctx = NULL;
848 EVP_PKEY *pk = NULL;
849 OSSL_PARAM_BLD *bld = NULL;
850 OSSL_PARAM *fromdata_params = NULL;
851 BIGNUM *n = NULL, *e = NULL, *d = NULL, *n_out = NULL;
852 /*
853 * The buffer size chosen here for n_data larger than the buffer used
854 * internally in EVP_PKEY_get_bn_param.
855 */
856 static unsigned char n_data[2050];
857 static const unsigned char e_data[] = {
858 0x1, 0x00, 0x01
859 };
860 static const unsigned char d_data[] = {
861 0x99, 0x33, 0x13, 0x7b
862 };
863
864 /* N is a large buffer */
865 memset(n_data, 0xCE, sizeof(n_data));
866
867 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
868 || !TEST_ptr(n = BN_bin2bn(n_data, sizeof(n_data), NULL))
869 || !TEST_ptr(e = BN_bin2bn(e_data, sizeof(e_data), NULL))
870 || !TEST_ptr(d = BN_bin2bn(d_data, sizeof(d_data), NULL))
871 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_N, n))
872 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_E, e))
873 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_D, d))
874 || !TEST_ptr(fromdata_params = OSSL_PARAM_BLD_to_param(bld))
875 || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(NULL, "RSA", NULL))
876 || !TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1)
877 || !TEST_int_eq(EVP_PKEY_fromdata(ctx, &pk, EVP_PKEY_KEYPAIR,
878 fromdata_params), 1)
879 || !TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(NULL, pk, ""))
880 || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_RSA_N, &n_out))
881 || !TEST_BN_eq(n, n_out))
882 goto err;
883 ret = 1;
884 err:
885 BN_free(n_out);
886 BN_free(n);
887 BN_free(e);
888 BN_free(d);
889 EVP_PKEY_free(pk);
890 EVP_PKEY_CTX_free(key_ctx);
891 EVP_PKEY_CTX_free(ctx);
892 OSSL_PARAM_free(fromdata_params);
893 OSSL_PARAM_BLD_free(bld);
894 return ret;
895}
896
897
898#ifndef OPENSSL_NO_DH
899static int test_fromdata_dh_named_group(void)
900{
901 int ret = 0;
902 int gindex = 0, pcounter = 0, hindex = 0;
903 EVP_PKEY_CTX *ctx = NULL, *key_ctx = NULL;
904 EVP_PKEY *pk = NULL, *copy_pk = NULL, *dup_pk = NULL;
905 size_t len;
906 BIGNUM *pub = NULL, *priv = NULL;
907 BIGNUM *pub_out = NULL, *priv_out = NULL;
908 BIGNUM *p = NULL, *q = NULL, *g = NULL, *j = NULL;
909 OSSL_PARAM *fromdata_params = NULL;
910 OSSL_PARAM_BLD *bld = NULL;
911 char name_out[80];
912 unsigned char seed_out[32];
913
914 /*
915 * DH key data was generated using the following:
916 * openssl genpkey -algorithm DH -pkeyopt group:ffdhe2048
917 * -pkeyopt priv_len:224 -text
918 */
919 static const unsigned char priv_data[] = {
920 0x88, 0x85, 0xe7, 0x9f, 0xee, 0x6d, 0xc5, 0x7c, 0x78, 0xaf, 0x63, 0x5d,
921 0x38, 0x2a, 0xd0, 0xed, 0x56, 0x4b, 0x47, 0x21, 0x2b, 0xfa, 0x55, 0xfa,
922 0x87, 0xe8, 0xa9, 0x7b,
923 };
924 static const unsigned char pub_data[] = {
925 0x00, 0xd6, 0x2d, 0x77, 0xe0, 0xd3, 0x7d, 0xf8, 0xeb, 0x98, 0x50, 0xa1,
926 0x82, 0x22, 0x65, 0xd5, 0xd9, 0xfe, 0xc9, 0x3f, 0xbe, 0x16, 0x83, 0xbd,
927 0x33, 0xe9, 0xc6, 0x93, 0xcf, 0x08, 0xaf, 0x83, 0xfa, 0x80, 0x8a, 0x6c,
928 0x64, 0xdf, 0x70, 0x64, 0xd5, 0x0a, 0x7c, 0x5a, 0x72, 0xda, 0x66, 0xe6,
929 0xf9, 0xf5, 0x31, 0x21, 0x92, 0xb0, 0x60, 0x1a, 0xb5, 0xd3, 0xf0, 0xa5,
930 0xfa, 0x48, 0x95, 0x2e, 0x38, 0xd9, 0xc5, 0xe6, 0xda, 0xfb, 0x6c, 0x03,
931 0x9d, 0x4b, 0x69, 0xb7, 0x95, 0xe4, 0x5c, 0xc0, 0x93, 0x4f, 0x48, 0xd9,
932 0x7e, 0x06, 0x22, 0xb2, 0xde, 0xf3, 0x79, 0x24, 0xed, 0xe1, 0xd1, 0x4a,
933 0x57, 0xf1, 0x40, 0x86, 0x70, 0x42, 0x25, 0xc5, 0x27, 0x68, 0xc9, 0xfa,
934 0xe5, 0x8e, 0x62, 0x7e, 0xff, 0x49, 0x6c, 0x5b, 0xb5, 0xba, 0xf9, 0xef,
935 0x9a, 0x1a, 0x10, 0xd4, 0x81, 0x53, 0xcf, 0x83, 0x04, 0x18, 0x1c, 0xe1,
936 0xdb, 0xe1, 0x65, 0xa9, 0x7f, 0xe1, 0x33, 0xeb, 0xc3, 0x4f, 0xe3, 0xb7,
937 0x22, 0xf7, 0x1c, 0x09, 0x4f, 0xed, 0xc6, 0x07, 0x8e, 0x78, 0x05, 0x8f,
938 0x7c, 0x96, 0xd9, 0x12, 0xe0, 0x81, 0x74, 0x1a, 0xe9, 0x13, 0xc0, 0x20,
939 0x82, 0x65, 0xbb, 0x42, 0x3b, 0xed, 0x08, 0x6a, 0x84, 0x4f, 0xea, 0x77,
940 0x14, 0x32, 0xf9, 0xed, 0xc2, 0x12, 0xd6, 0xc5, 0xc6, 0xb3, 0xe5, 0xf2,
941 0x6e, 0xf6, 0x16, 0x7f, 0x37, 0xde, 0xbc, 0x09, 0xc7, 0x06, 0x6b, 0x12,
942 0xbc, 0xad, 0x2d, 0x49, 0x25, 0xd5, 0xdc, 0xf4, 0x18, 0x14, 0xd2, 0xf0,
943 0xf1, 0x1d, 0x1f, 0x3a, 0xaa, 0x15, 0x55, 0xbb, 0x0d, 0x7f, 0xbe, 0x67,
944 0xa1, 0xa7, 0xf0, 0xaa, 0xb3, 0xfb, 0x41, 0x82, 0x39, 0x49, 0x93, 0xbc,
945 0xa8, 0xee, 0x72, 0x13, 0x45, 0x65, 0x15, 0x42, 0x17, 0xaa, 0xd8, 0xab,
946 0xcf, 0x33, 0x42, 0x83, 0x42
947 };
948 static const char group_name[] = "ffdhe2048";
949 static const long priv_len = 224;
950
951 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
952 || !TEST_ptr(pub = BN_bin2bn(pub_data, sizeof(pub_data), NULL))
953 || !TEST_ptr(priv = BN_bin2bn(priv_data, sizeof(priv_data), NULL))
954 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
955 OSSL_PKEY_PARAM_GROUP_NAME,
956 group_name, 0))
957 || !TEST_true(OSSL_PARAM_BLD_push_long(bld, OSSL_PKEY_PARAM_DH_PRIV_LEN,
958 priv_len))
959 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY, pub))
960 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY, priv))
961 || !TEST_ptr(fromdata_params = OSSL_PARAM_BLD_to_param(bld)))
962 goto err;
963
964 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(NULL, "DH", NULL)))
965 goto err;
966
967 if (!TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1)
968 || !TEST_int_eq(EVP_PKEY_fromdata(ctx, &pk, EVP_PKEY_KEYPAIR,
969 fromdata_params), 1))
970 goto err;
971
972 /*
973 * A few extra checks of EVP_PKEY_get_utf8_string_param() to see that
974 * it behaves as expected with regards to string length and terminating
975 * NUL byte.
976 */
977 if (!TEST_true(EVP_PKEY_get_utf8_string_param(pk,
978 OSSL_PKEY_PARAM_GROUP_NAME,
979 NULL, sizeof(name_out),
980 &len))
981 || !TEST_size_t_eq(len, sizeof(group_name) - 1)
982 /* Just enough space to hold the group name and a terminating NUL */
983 || !TEST_true(EVP_PKEY_get_utf8_string_param(pk,
984 OSSL_PKEY_PARAM_GROUP_NAME,
985 name_out,
986 sizeof(group_name),
987 &len))
988 || !TEST_size_t_eq(len, sizeof(group_name) - 1)
989 /* Too small buffer to hold the terminating NUL byte */
990 || !TEST_false(EVP_PKEY_get_utf8_string_param(pk,
991 OSSL_PKEY_PARAM_GROUP_NAME,
992 name_out,
993 sizeof(group_name) - 1,
994 &len))
995 /* Too small buffer to hold the whole group name, even! */
996 || !TEST_false(EVP_PKEY_get_utf8_string_param(pk,
997 OSSL_PKEY_PARAM_GROUP_NAME,
998 name_out,
999 sizeof(group_name) - 2,
1000 &len)))
1001 goto err;
1002
1003 for (;;) {
1004 ret = 0;
1005 if (!TEST_int_eq(EVP_PKEY_get_bits(pk), 2048)
1006 || !TEST_int_eq(EVP_PKEY_get_security_bits(pk), 112)
1007 || !TEST_int_eq(EVP_PKEY_get_size(pk), 256)
1008 || !TEST_false(EVP_PKEY_missing_parameters(pk)))
1009 goto err;
1010
1011 if (!TEST_true(EVP_PKEY_get_utf8_string_param(pk,
1012 OSSL_PKEY_PARAM_GROUP_NAME,
1013 name_out,
1014 sizeof(name_out),
1015 &len))
1016 || !TEST_str_eq(name_out, group_name)
1017 || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_PUB_KEY,
1018 &pub_out))
1019
1020 || !TEST_BN_eq(pub, pub_out)
1021 || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_PRIV_KEY,
1022 &priv_out))
1023 || !TEST_BN_eq(priv, priv_out)
1024 || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_FFC_P, &p))
1025 || !TEST_BN_eq(&ossl_bignum_ffdhe2048_p, p)
1026 || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_FFC_Q, &q))
1027 || !TEST_ptr(q)
1028 || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_FFC_G, &g))
1029 || !TEST_BN_eq(&ossl_bignum_const_2, g)
1030 || !TEST_false(EVP_PKEY_get_bn_param(pk,
1031 OSSL_PKEY_PARAM_FFC_COFACTOR,
1032 &j))
1033 || !TEST_ptr_null(j)
1034 || !TEST_false(EVP_PKEY_get_octet_string_param(pk,
1035 OSSL_PKEY_PARAM_FFC_SEED,
1036 seed_out,
1037 sizeof(seed_out),
1038 &len))
1039 || !TEST_true(EVP_PKEY_get_int_param(pk, OSSL_PKEY_PARAM_FFC_GINDEX,
1040 &gindex))
1041 || !TEST_int_eq(gindex, -1)
1042 || !TEST_true(EVP_PKEY_get_int_param(pk, OSSL_PKEY_PARAM_FFC_H,
1043 &hindex))
1044 || !TEST_int_eq(hindex, 0)
1045 || !TEST_true(EVP_PKEY_get_int_param(pk,
1046 OSSL_PKEY_PARAM_FFC_PCOUNTER,
1047 &pcounter))
1048 || !TEST_int_eq(pcounter, -1))
1049 goto err;
1050 BN_free(p);
1051 p = NULL;
1052 BN_free(q);
1053 q = NULL;
1054 BN_free(g);
1055 g = NULL;
1056 BN_free(j);
1057 j = NULL;
1058 BN_free(pub_out);
1059 pub_out = NULL;
1060 BN_free(priv_out);
1061 priv_out = NULL;
1062
1063 if (!TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(NULL, pk, "")))
1064 goto err;
1065
1066 if (!TEST_int_gt(EVP_PKEY_check(key_ctx), 0)
1067 || !TEST_int_gt(EVP_PKEY_public_check(key_ctx), 0)
1068 || !TEST_int_gt(EVP_PKEY_private_check(key_ctx), 0)
1069 || !TEST_int_gt(EVP_PKEY_pairwise_check(key_ctx), 0))
1070 goto err;
1071 EVP_PKEY_CTX_free(key_ctx);
1072 key_ctx = NULL;
1073
1074 if (!TEST_ptr(copy_pk = EVP_PKEY_new())
1075 || !TEST_true(EVP_PKEY_copy_parameters(copy_pk, pk)))
1076 goto err;
1077 EVP_PKEY_free(copy_pk);
1078 copy_pk = NULL;
1079
1080 ret = test_print_key_using_pem("DH", pk)
1081 && test_print_key_using_encoder("DH", pk);
1082
1083 if (!ret || dup_pk != NULL)
1084 break;
1085
1086 if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pk)))
1087 goto err;
1088 ret = ret && TEST_int_eq(EVP_PKEY_eq(pk, dup_pk), 1);
1089 EVP_PKEY_free(pk);
1090 pk = dup_pk;
1091 if (!ret)
1092 goto err;
1093 }
1094err:
1095 BN_free(p);
1096 BN_free(q);
1097 BN_free(g);
1098 BN_free(j);
1099 BN_free(pub);
1100 BN_free(priv);
1101 BN_free(pub_out);
1102 BN_free(priv_out);
1103 EVP_PKEY_free(copy_pk);
1104 EVP_PKEY_free(pk);
1105 EVP_PKEY_CTX_free(ctx);
1106 EVP_PKEY_CTX_free(key_ctx);
1107 OSSL_PARAM_free(fromdata_params);
1108 OSSL_PARAM_BLD_free(bld);
1109
1110 return ret;
1111}
1112
1113static int test_fromdata_dh_fips186_4(void)
1114{
1115 int ret = 0;
1116 int gindex = 0, pcounter = 0, hindex = 0;
1117 EVP_PKEY_CTX *ctx = NULL, *key_ctx = NULL;
1118 EVP_PKEY *pk = NULL, *dup_pk = NULL;
1119 size_t len;
1120 BIGNUM *pub = NULL, *priv = NULL;
1121 BIGNUM *pub_out = NULL, *priv_out = NULL;
1122 BIGNUM *p = NULL, *q = NULL, *g = NULL, *j = NULL;
1123 OSSL_PARAM_BLD *bld = NULL;
1124 OSSL_PARAM *fromdata_params = NULL;
1125 char name_out[80];
1126 unsigned char seed_out[32];
1127
1128 /*
1129 * DH key data was generated using the following:
1130 * openssl genpkey -algorithm DH
1131 * -pkeyopt group:ffdhe2048 -pkeyopt priv_len:224 -text
1132 */
1133 static const unsigned char priv_data[] = {
1134 0x88, 0x85, 0xe7, 0x9f, 0xee, 0x6d, 0xc5, 0x7c, 0x78, 0xaf, 0x63, 0x5d,
1135 0x38, 0x2a, 0xd0, 0xed, 0x56, 0x4b, 0x47, 0x21, 0x2b, 0xfa, 0x55, 0xfa,
1136 0x87, 0xe8, 0xa9, 0x7b,
1137 };
1138 static const unsigned char pub_data[] = {
1139 0xd6, 0x2d, 0x77, 0xe0, 0xd3, 0x7d, 0xf8, 0xeb, 0x98, 0x50, 0xa1, 0x82,
1140 0x22, 0x65, 0xd5, 0xd9, 0xfe, 0xc9, 0x3f, 0xbe, 0x16, 0x83, 0xbd, 0x33,
1141 0xe9, 0xc6, 0x93, 0xcf, 0x08, 0xaf, 0x83, 0xfa, 0x80, 0x8a, 0x6c, 0x64,
1142 0xdf, 0x70, 0x64, 0xd5, 0x0a, 0x7c, 0x5a, 0x72, 0xda, 0x66, 0xe6, 0xf9,
1143 0xf5, 0x31, 0x21, 0x92, 0xb0, 0x60, 0x1a, 0xb5, 0xd3, 0xf0, 0xa5, 0xfa,
1144 0x48, 0x95, 0x2e, 0x38, 0xd9, 0xc5, 0xe6, 0xda, 0xfb, 0x6c, 0x03, 0x9d,
1145 0x4b, 0x69, 0xb7, 0x95, 0xe4, 0x5c, 0xc0, 0x93, 0x4f, 0x48, 0xd9, 0x7e,
1146 0x06, 0x22, 0xb2, 0xde, 0xf3, 0x79, 0x24, 0xed, 0xe1, 0xd1, 0x4a, 0x57,
1147 0xf1, 0x40, 0x86, 0x70, 0x42, 0x25, 0xc5, 0x27, 0x68, 0xc9, 0xfa, 0xe5,
1148 0x8e, 0x62, 0x7e, 0xff, 0x49, 0x6c, 0x5b, 0xb5, 0xba, 0xf9, 0xef, 0x9a,
1149 0x1a, 0x10, 0xd4, 0x81, 0x53, 0xcf, 0x83, 0x04, 0x18, 0x1c, 0xe1, 0xdb,
1150 0xe1, 0x65, 0xa9, 0x7f, 0xe1, 0x33, 0xeb, 0xc3, 0x4f, 0xe3, 0xb7, 0x22,
1151 0xf7, 0x1c, 0x09, 0x4f, 0xed, 0xc6, 0x07, 0x8e, 0x78, 0x05, 0x8f, 0x7c,
1152 0x96, 0xd9, 0x12, 0xe0, 0x81, 0x74, 0x1a, 0xe9, 0x13, 0xc0, 0x20, 0x82,
1153 0x65, 0xbb, 0x42, 0x3b, 0xed, 0x08, 0x6a, 0x84, 0x4f, 0xea, 0x77, 0x14,
1154 0x32, 0xf9, 0xed, 0xc2, 0x12, 0xd6, 0xc5, 0xc6, 0xb3, 0xe5, 0xf2, 0x6e,
1155 0xf6, 0x16, 0x7f, 0x37, 0xde, 0xbc, 0x09, 0xc7, 0x06, 0x6b, 0x12, 0xbc,
1156 0xad, 0x2d, 0x49, 0x25, 0xd5, 0xdc, 0xf4, 0x18, 0x14, 0xd2, 0xf0, 0xf1,
1157 0x1d, 0x1f, 0x3a, 0xaa, 0x15, 0x55, 0xbb, 0x0d, 0x7f, 0xbe, 0x67, 0xa1,
1158 0xa7, 0xf0, 0xaa, 0xb3, 0xfb, 0x41, 0x82, 0x39, 0x49, 0x93, 0xbc, 0xa8,
1159 0xee, 0x72, 0x13, 0x45, 0x65, 0x15, 0x42, 0x17, 0xaa, 0xd8, 0xab, 0xcf,
1160 0x33, 0x42, 0x83, 0x42
1161 };
1162 static const char group_name[] = "ffdhe2048";
1163 static const long priv_len = 224;
1164
1165
1166 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
1167 || !TEST_ptr(pub = BN_bin2bn(pub_data, sizeof(pub_data), NULL))
1168 || !TEST_ptr(priv = BN_bin2bn(priv_data, sizeof(priv_data), NULL))
1169 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
1170 OSSL_PKEY_PARAM_GROUP_NAME,
1171 group_name, 0))
1172 || !TEST_true(OSSL_PARAM_BLD_push_long(bld, OSSL_PKEY_PARAM_DH_PRIV_LEN,
1173 priv_len))
1174 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY, pub))
1175 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY, priv))
1176 || !TEST_ptr(fromdata_params = OSSL_PARAM_BLD_to_param(bld)))
1177 goto err;
1178
1179 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(NULL, "DH", NULL)))
1180 goto err;
1181
1182 if (!TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1)
1183 || !TEST_int_eq(EVP_PKEY_fromdata(ctx, &pk, EVP_PKEY_KEYPAIR,
1184 fromdata_params), 1))
1185 goto err;
1186
1187 for (;;) {
1188 ret = 0;
1189 if (!TEST_int_eq(EVP_PKEY_get_bits(pk), 2048)
1190 || !TEST_int_eq(EVP_PKEY_get_security_bits(pk), 112)
1191 || !TEST_int_eq(EVP_PKEY_get_size(pk), 256)
1192 || !TEST_false(EVP_PKEY_missing_parameters(pk)))
1193 goto err;
1194
1195 if (!TEST_true(EVP_PKEY_get_utf8_string_param(pk,
1196 OSSL_PKEY_PARAM_GROUP_NAME,
1197 name_out,
1198 sizeof(name_out),
1199 &len))
1200 || !TEST_str_eq(name_out, group_name)
1201 || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_PUB_KEY,
1202 &pub_out))
1203 || !TEST_BN_eq(pub, pub_out)
1204 || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_PRIV_KEY,
1205 &priv_out))
1206 || !TEST_BN_eq(priv, priv_out)
1207 || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_FFC_P, &p))
1208 || !TEST_BN_eq(&ossl_bignum_ffdhe2048_p, p)
1209 || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_FFC_Q, &q))
1210 || !TEST_ptr(q)
1211 || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_FFC_G, &g))
1212 || !TEST_BN_eq(&ossl_bignum_const_2, g)
1213 || !TEST_false(EVP_PKEY_get_bn_param(pk,
1214 OSSL_PKEY_PARAM_FFC_COFACTOR,
1215 &j))
1216 || !TEST_ptr_null(j)
1217 || !TEST_false(EVP_PKEY_get_octet_string_param(pk,
1218 OSSL_PKEY_PARAM_FFC_SEED,
1219 seed_out,
1220 sizeof(seed_out),
1221 &len))
1222 || !TEST_true(EVP_PKEY_get_int_param(pk,
1223 OSSL_PKEY_PARAM_FFC_GINDEX,
1224 &gindex))
1225 || !TEST_int_eq(gindex, -1)
1226 || !TEST_true(EVP_PKEY_get_int_param(pk, OSSL_PKEY_PARAM_FFC_H,
1227 &hindex))
1228 || !TEST_int_eq(hindex, 0)
1229 || !TEST_true(EVP_PKEY_get_int_param(pk,
1230 OSSL_PKEY_PARAM_FFC_PCOUNTER,
1231 &pcounter))
1232 || !TEST_int_eq(pcounter, -1))
1233 goto err;
1234 BN_free(p);
1235 p = NULL;
1236 BN_free(q);
1237 q = NULL;
1238 BN_free(g);
1239 g = NULL;
1240 BN_free(j);
1241 j = NULL;
1242 BN_free(pub_out);
1243 pub_out = NULL;
1244 BN_free(priv_out);
1245 priv_out = NULL;
1246
1247 if (!TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(NULL, pk, "")))
1248 goto err;
1249
1250 if (!TEST_int_gt(EVP_PKEY_check(key_ctx), 0)
1251 || !TEST_int_gt(EVP_PKEY_public_check(key_ctx), 0)
1252 || !TEST_int_gt(EVP_PKEY_private_check(key_ctx), 0)
1253 || !TEST_int_gt(EVP_PKEY_pairwise_check(key_ctx), 0))
1254 goto err;
1255 EVP_PKEY_CTX_free(key_ctx);
1256 key_ctx = NULL;
1257
1258 ret = test_print_key_using_pem("DH", pk)
1259 && test_print_key_using_encoder("DH", pk);
1260
1261 if (!ret || dup_pk != NULL)
1262 break;
1263
1264 if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pk)))
1265 goto err;
1266 ret = ret && TEST_int_eq(EVP_PKEY_eq(pk, dup_pk), 1);
1267 EVP_PKEY_free(pk);
1268 pk = dup_pk;
1269 if (!ret)
1270 goto err;
1271 }
1272err:
1273 BN_free(p);
1274 BN_free(q);
1275 BN_free(g);
1276 BN_free(j);
1277 BN_free(pub);
1278 BN_free(priv);
1279 BN_free(pub_out);
1280 BN_free(priv_out);
1281 EVP_PKEY_free(pk);
1282 EVP_PKEY_CTX_free(ctx);
1283 EVP_PKEY_CTX_free(key_ctx);
1284 OSSL_PARAM_free(fromdata_params);
1285 OSSL_PARAM_BLD_free(bld);
1286
1287 return ret;
1288}
1289
1290#endif
1291
1292
1293
1294#ifndef OPENSSL_NO_EC
1295# ifndef OPENSSL_NO_ECX
1296/* Array indexes used in test_fromdata_ecx */
1297# define PRIV_KEY 0
1298# define PUB_KEY 1
1299
1300# define X25519_IDX 0
1301# define X448_IDX 1
1302# define ED25519_IDX 2
1303# define ED448_IDX 3
1304
1305/*
1306 * tst uses indexes 0 ... (3 * 4 - 1)
1307 * For the 4 ECX key types (X25519_IDX..ED448_IDX)
1308 * 0..3 = public + private key.
1309 * 4..7 = private key (This will generate the public key from the private key)
1310 * 8..11 = public key
1311 */
1312static int test_fromdata_ecx(int tst)
1313{
1314 int ret = 0;
1315 EVP_PKEY_CTX *ctx = NULL, *ctx2 = NULL;
1316 EVP_PKEY *pk = NULL, *copy_pk = NULL, *dup_pk = NULL;
1317 const char *alg = NULL;
1318 size_t len;
1319 unsigned char out_pub[ED448_KEYLEN];
1320 unsigned char out_priv[ED448_KEYLEN];
1321 OSSL_PARAM params[3] = { OSSL_PARAM_END, OSSL_PARAM_END, OSSL_PARAM_END };
1322
1323 /* ED448_KEYLEN > X448_KEYLEN > X25519_KEYLEN == ED25519_KEYLEN */
1324 static unsigned char key_numbers[4][2][ED448_KEYLEN] = {
1325 /* X25519: Keys from RFC 7748 6.1 */
1326 {
1327 /* Private Key */
1328 {
1329 0x77, 0x07, 0x6d, 0x0a, 0x73, 0x18, 0xa5, 0x7d, 0x3c, 0x16,
1330 0xc1, 0x72, 0x51, 0xb2, 0x66, 0x45, 0xdf, 0x4c, 0x2f, 0x87,
1331 0xeb, 0xc0, 0x99, 0x2a, 0xb1, 0x77, 0xfb, 0xa5, 0x1d, 0xb9,
1332 0x2c, 0x2a
1333 },
1334 /* Public Key */
1335 {
1336 0x85, 0x20, 0xf0, 0x09, 0x89, 0x30, 0xa7, 0x54, 0x74, 0x8b,
1337 0x7d, 0xdc, 0xb4, 0x3e, 0xf7, 0x5a, 0x0d, 0xbf, 0x3a, 0x0d,
1338 0x26, 0x38, 0x1a, 0xf4, 0xeb, 0xa4, 0xa9, 0x8e, 0xaa, 0x9b,
1339 0x4e, 0x6a
1340 }
1341 },
1342 /* X448: Keys from RFC 7748 6.2 */
1343 {
1344 /* Private Key */
1345 {
1346 0x9a, 0x8f, 0x49, 0x25, 0xd1, 0x51, 0x9f, 0x57, 0x75, 0xcf,
1347 0x46, 0xb0, 0x4b, 0x58, 0x00, 0xd4, 0xee, 0x9e, 0xe8, 0xba,
1348 0xe8, 0xbc, 0x55, 0x65, 0xd4, 0x98, 0xc2, 0x8d, 0xd9, 0xc9,
1349 0xba, 0xf5, 0x74, 0xa9, 0x41, 0x97, 0x44, 0x89, 0x73, 0x91,
1350 0x00, 0x63, 0x82, 0xa6, 0xf1, 0x27, 0xab, 0x1d, 0x9a, 0xc2,
1351 0xd8, 0xc0, 0xa5, 0x98, 0x72, 0x6b
1352 },
1353 /* Public Key */
1354 {
1355 0x9b, 0x08, 0xf7, 0xcc, 0x31, 0xb7, 0xe3, 0xe6, 0x7d, 0x22,
1356 0xd5, 0xae, 0xa1, 0x21, 0x07, 0x4a, 0x27, 0x3b, 0xd2, 0xb8,
1357 0x3d, 0xe0, 0x9c, 0x63, 0xfa, 0xa7, 0x3d, 0x2c, 0x22, 0xc5,
1358 0xd9, 0xbb, 0xc8, 0x36, 0x64, 0x72, 0x41, 0xd9, 0x53, 0xd4,
1359 0x0c, 0x5b, 0x12, 0xda, 0x88, 0x12, 0x0d, 0x53, 0x17, 0x7f,
1360 0x80, 0xe5, 0x32, 0xc4, 0x1f, 0xa0
1361 }
1362 },
1363 /* ED25519: Keys from RFC 8032 */
1364 {
1365 /* Private Key */
1366 {
1367 0x9d, 0x61, 0xb1, 0x9d, 0xef, 0xfd, 0x5a, 0x60, 0xba, 0x84,
1368 0x4a, 0xf4, 0x92, 0xec, 0x2c, 0xc4, 0x44, 0x49, 0xc5, 0x69,
1369 0x7b, 0x32, 0x69, 0x19, 0x70, 0x3b, 0xac, 0x03, 0x1c, 0xae,
1370 0x7f, 0x60
1371 },
1372 /* Public Key */
1373 {
1374 0xd7, 0x5a, 0x98, 0x01, 0x82, 0xb1, 0x0a, 0xb7, 0xd5, 0x4b,
1375 0xfe, 0xd3, 0xc9, 0x64, 0x07, 0x3a, 0x0e, 0xe1, 0x72, 0xf3,
1376 0xda, 0xa6, 0x23, 0x25, 0xaf, 0x02, 0x1a, 0x68, 0xf7, 0x07,
1377 0x51, 0x1a
1378 }
1379 },
1380 /* ED448: Keys from RFC 8032 */
1381 {
1382 /* Private Key */
1383 {
1384 0x6c, 0x82, 0xa5, 0x62, 0xcb, 0x80, 0x8d, 0x10, 0xd6, 0x32,
1385 0xbe, 0x89, 0xc8, 0x51, 0x3e, 0xbf, 0x6c, 0x92, 0x9f, 0x34,
1386 0xdd, 0xfa, 0x8c, 0x9f, 0x63, 0xc9, 0x96, 0x0e, 0xf6, 0xe3,
1387 0x48, 0xa3, 0x52, 0x8c, 0x8a, 0x3f, 0xcc, 0x2f, 0x04, 0x4e,
1388 0x39, 0xa3, 0xfc, 0x5b, 0x94, 0x49, 0x2f, 0x8f, 0x03, 0x2e,
1389 0x75, 0x49, 0xa2, 0x00, 0x98, 0xf9, 0x5b
1390 },
1391 /* Public Key */
1392 {
1393 0x5f, 0xd7, 0x44, 0x9b, 0x59, 0xb4, 0x61, 0xfd, 0x2c, 0xe7,
1394 0x87, 0xec, 0x61, 0x6a, 0xd4, 0x6a, 0x1d, 0xa1, 0x34, 0x24,
1395 0x85, 0xa7, 0x0e, 0x1f, 0x8a, 0x0e, 0xa7, 0x5d, 0x80, 0xe9,
1396 0x67, 0x78, 0xed, 0xf1, 0x24, 0x76, 0x9b, 0x46, 0xc7, 0x06,
1397 0x1b, 0xd6, 0x78, 0x3d, 0xf1, 0xe5, 0x0f, 0x6c, 0xd1, 0xfa,
1398 0x1a, 0xbe, 0xaf, 0xe8, 0x25, 0x61, 0x80
1399 }
1400 }
1401 };
1402 OSSL_PARAM x25519_fromdata_params[] = {
1403 OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PRIV_KEY,
1404 key_numbers[X25519_IDX][PRIV_KEY],
1405 X25519_KEYLEN),
1406 OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PUB_KEY,
1407 key_numbers[X25519_IDX][PUB_KEY],
1408 X25519_KEYLEN),
1409 OSSL_PARAM_END
1410 };
1411 OSSL_PARAM x448_fromdata_params[] = {
1412 OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PRIV_KEY,
1413 key_numbers[X448_IDX][PRIV_KEY],
1414 X448_KEYLEN),
1415 OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PUB_KEY,
1416 key_numbers[X448_IDX][PUB_KEY],
1417 X448_KEYLEN),
1418 OSSL_PARAM_END
1419 };
1420 OSSL_PARAM ed25519_fromdata_params[] = {
1421 OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PRIV_KEY,
1422 key_numbers[ED25519_IDX][PRIV_KEY],
1423 ED25519_KEYLEN),
1424 OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PUB_KEY,
1425 key_numbers[ED25519_IDX][PUB_KEY],
1426 ED25519_KEYLEN),
1427 OSSL_PARAM_END
1428 };
1429 OSSL_PARAM ed448_fromdata_params[] = {
1430 OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PRIV_KEY,
1431 key_numbers[ED448_IDX][PRIV_KEY],
1432 ED448_KEYLEN),
1433 OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PUB_KEY,
1434 key_numbers[ED448_IDX][PUB_KEY],
1435 ED448_KEYLEN),
1436 OSSL_PARAM_END
1437 };
1438 OSSL_PARAM *fromdata_params = NULL;
1439 int bits = 0, security_bits = 0, size = 0;
1440 OSSL_PARAM *orig_fromdata_params = NULL;
1441
1442 switch (tst & 3) {
1443 case X25519_IDX:
1444 fromdata_params = x25519_fromdata_params;
1445 bits = X25519_BITS;
1446 security_bits = X25519_SECURITY_BITS;
1447 size = X25519_KEYLEN;
1448 alg = "X25519";
1449 break;
1450
1451 case X448_IDX:
1452 fromdata_params = x448_fromdata_params;
1453 bits = X448_BITS;
1454 security_bits = X448_SECURITY_BITS;
1455 size = X448_KEYLEN;
1456 alg = "X448";
1457 break;
1458
1459 case ED25519_IDX:
1460 fromdata_params = ed25519_fromdata_params;
1461 bits = ED25519_BITS;
1462 security_bits = ED25519_SECURITY_BITS;
1463 size = ED25519_SIGSIZE;
1464 alg = "ED25519";
1465 break;
1466
1467 case ED448_IDX:
1468 fromdata_params = ed448_fromdata_params;
1469 bits = ED448_BITS;
1470 security_bits = ED448_SECURITY_BITS;
1471 size = ED448_SIGSIZE;
1472 alg = "ED448";
1473 break;
1474 default:
1475 goto err;
1476 }
1477
1478 ctx = EVP_PKEY_CTX_new_from_name(NULL, alg, NULL);
1479 if (!TEST_ptr(ctx))
1480 goto err;
1481
1482 orig_fromdata_params = fromdata_params;
1483 if (tst > 7) {
1484 /* public key only */
1485 fromdata_params++;
1486 } else if (tst > 3) {
1487 /* private key only */
1488 params[0] = fromdata_params[0];
1489 params[1] = fromdata_params[2];
1490 fromdata_params = params;
1491 }
1492
1493 if (!TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1)
1494 || !TEST_int_eq(EVP_PKEY_fromdata(ctx, &pk, EVP_PKEY_KEYPAIR,
1495 fromdata_params), 1))
1496 goto err;
1497
1498 for (;;) {
1499 ret = 0;
1500 if (!TEST_int_eq(EVP_PKEY_get_bits(pk), bits)
1501 || !TEST_int_eq(EVP_PKEY_get_security_bits(pk), security_bits)
1502 || !TEST_int_eq(EVP_PKEY_get_size(pk), size)
1503 || !TEST_false(EVP_PKEY_missing_parameters(pk)))
1504 goto err;
1505
1506 if (!TEST_ptr(ctx2 = EVP_PKEY_CTX_new_from_pkey(NULL, pk, NULL)))
1507 goto err;
1508 if (tst <= 7) {
1509 if (!TEST_int_gt(EVP_PKEY_check(ctx2), 0))
1510 goto err;
1511 if (!TEST_true(EVP_PKEY_get_octet_string_param(
1512 pk, orig_fromdata_params[PRIV_KEY].key,
1513 out_priv, sizeof(out_priv), &len))
1514 || !TEST_mem_eq(out_priv, len,
1515 orig_fromdata_params[PRIV_KEY].data,
1516 orig_fromdata_params[PRIV_KEY].data_size)
1517 || !TEST_true(EVP_PKEY_get_octet_string_param(
1518 pk, orig_fromdata_params[PUB_KEY].key,
1519 out_pub, sizeof(out_pub), &len))
1520 || !TEST_mem_eq(out_pub, len,
1521 orig_fromdata_params[PUB_KEY].data,
1522 orig_fromdata_params[PUB_KEY].data_size))
1523 goto err;
1524 } else {
1525 /* The private key check should fail if there is only a public key */
1526 if (!TEST_int_gt(EVP_PKEY_public_check(ctx2), 0)
1527 || !TEST_int_le(EVP_PKEY_private_check(ctx2), 0)
1528 || !TEST_int_le(EVP_PKEY_check(ctx2), 0))
1529 goto err;
1530 }
1531 EVP_PKEY_CTX_free(ctx2);
1532 ctx2 = NULL;
1533
1534 if (!TEST_ptr(copy_pk = EVP_PKEY_new())
1535 /* This should succeed because there are no parameters to copy */
1536 || !TEST_true(EVP_PKEY_copy_parameters(copy_pk, pk)))
1537 goto err;
1538 if (!TEST_ptr(ctx2 = EVP_PKEY_CTX_new_from_pkey(NULL, copy_pk, NULL))
1539 /* This should fail because copy_pk has no pubkey */
1540 || !TEST_int_le(EVP_PKEY_public_check(ctx2), 0))
1541 goto err;
1542 EVP_PKEY_CTX_free(ctx2);
1543 ctx2 = NULL;
1544 EVP_PKEY_free(copy_pk);
1545 copy_pk = NULL;
1546
1547 if (tst > 7)
1548 ret = test_print_key_using_encoder_public(alg, pk);
1549 else
1550 ret = test_print_key_using_pem(alg, pk)
1551 && test_print_key_using_encoder(alg, pk);
1552
1553 if (!ret || dup_pk != NULL)
1554 break;
1555
1556 if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pk)))
1557 goto err;
1558 ret = ret && TEST_int_eq(EVP_PKEY_eq(pk, dup_pk), 1);
1559 EVP_PKEY_free(pk);
1560 pk = dup_pk;
1561 if (!ret)
1562 goto err;
1563 }
1564
1565err:
1566 EVP_PKEY_free(pk);
1567 EVP_PKEY_free(copy_pk);
1568 EVP_PKEY_CTX_free(ctx);
1569 EVP_PKEY_CTX_free(ctx2);
1570
1571 return ret;
1572}
1573# endif /* OPENSSL_NO_ECX */
1574
1575static int test_fromdata_ec(void)
1576{
1577 int ret = 0;
1578 EVP_PKEY_CTX *ctx = NULL;
1579 EVP_PKEY *pk = NULL, *copy_pk = NULL, *dup_pk = NULL;
1580 OSSL_PARAM_BLD *bld = NULL;
1581 BIGNUM *ec_priv_bn = NULL;
1582 BIGNUM *bn_priv = NULL;
1583 OSSL_PARAM *fromdata_params = NULL;
1584 const char *alg = "EC";
1585 const char *curve = "prime256v1";
1586 const char bad_curve[] = "nonexistent-curve";
1587 OSSL_PARAM nokey_params[2] = {
1588 OSSL_PARAM_END,
1589 OSSL_PARAM_END
1590 };
1591 /* UNCOMPRESSED FORMAT */
1592 static const unsigned char ec_pub_keydata[] = {
1593 POINT_CONVERSION_UNCOMPRESSED,
1594 0x1b, 0x93, 0x67, 0x55, 0x1c, 0x55, 0x9f, 0x63,
1595 0xd1, 0x22, 0xa4, 0xd8, 0xd1, 0x0a, 0x60, 0x6d,
1596 0x02, 0xa5, 0x77, 0x57, 0xc8, 0xa3, 0x47, 0x73,
1597 0x3a, 0x6a, 0x08, 0x28, 0x39, 0xbd, 0xc9, 0xd2,
1598 0x80, 0xec, 0xe9, 0xa7, 0x08, 0x29, 0x71, 0x2f,
1599 0xc9, 0x56, 0x82, 0xee, 0x9a, 0x85, 0x0f, 0x6d,
1600 0x7f, 0x59, 0x5f, 0x8c, 0xd1, 0x96, 0x0b, 0xdf,
1601 0x29, 0x3e, 0x49, 0x07, 0x88, 0x3f, 0x9a, 0x29
1602 };
1603 /* SAME BUT COMPRESSED FORMAT */
1604 static const unsigned char ec_pub_keydata_compressed[] = {
1605 POINT_CONVERSION_COMPRESSED+1,
1606 0x1b, 0x93, 0x67, 0x55, 0x1c, 0x55, 0x9f, 0x63,
1607 0xd1, 0x22, 0xa4, 0xd8, 0xd1, 0x0a, 0x60, 0x6d,
1608 0x02, 0xa5, 0x77, 0x57, 0xc8, 0xa3, 0x47, 0x73,
1609 0x3a, 0x6a, 0x08, 0x28, 0x39, 0xbd, 0xc9, 0xd2
1610 };
1611 static const unsigned char ec_priv_keydata[] = {
1612 0x33, 0xd0, 0x43, 0x83, 0xa9, 0x89, 0x56, 0x03,
1613 0xd2, 0xd7, 0xfe, 0x6b, 0x01, 0x6f, 0xe4, 0x59,
1614 0xcc, 0x0d, 0x9a, 0x24, 0x6c, 0x86, 0x1b, 0x2e,
1615 0xdc, 0x4b, 0x4d, 0x35, 0x43, 0xe1, 0x1b, 0xad
1616 };
1617 unsigned char out_pub[sizeof(ec_pub_keydata)];
1618 char out_curve_name[80];
1619 const OSSL_PARAM *gettable = NULL;
1620 size_t len;
1621 EC_GROUP *group = NULL;
1622 BIGNUM *group_a = NULL;
1623 BIGNUM *group_b = NULL;
1624 BIGNUM *group_p = NULL;
1625 BIGNUM *a = NULL;
1626 BIGNUM *b = NULL;
1627 BIGNUM *p = NULL;
1628
1629
1630 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new()))
1631 goto err;
1632 if (!TEST_ptr(ec_priv_bn = BN_bin2bn(ec_priv_keydata,
1633 sizeof(ec_priv_keydata), NULL)))
1634 goto err;
1635
1636 if (OSSL_PARAM_BLD_push_utf8_string(bld, OSSL_PKEY_PARAM_GROUP_NAME,
1637 curve, 0) <= 0)
1638 goto err;
1639 /*
1640 * We intentionally provide the input point in compressed format,
1641 * and avoid setting `OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT`.
1642 *
1643 * Later on we check what format is used when exporting the
1644 * `OSSL_PKEY_PARAM_PUB_KEY` and expect to default to uncompressed
1645 * format.
1646 */
1647 if (OSSL_PARAM_BLD_push_octet_string(bld, OSSL_PKEY_PARAM_PUB_KEY,
1648 ec_pub_keydata_compressed,
1649 sizeof(ec_pub_keydata_compressed)) <= 0)
1650 goto err;
1651 if (OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY, ec_priv_bn) <= 0)
1652 goto err;
1653 if (!TEST_ptr(fromdata_params = OSSL_PARAM_BLD_to_param(bld)))
1654 goto err;
1655 ctx = EVP_PKEY_CTX_new_from_name(NULL, alg, NULL);
1656 if (!TEST_ptr(ctx))
1657 goto err;
1658
1659 /* try importing parameters with bad curve first */
1660 nokey_params[0] =
1661 OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME,
1662 (char *)bad_curve, sizeof(bad_curve));
1663 if (!TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1)
1664 || !TEST_int_eq(EVP_PKEY_fromdata(ctx, &pk, EVP_PKEY_KEY_PARAMETERS,
1665 nokey_params), 0)
1666 || !TEST_ptr_null(pk))
1667 goto err;
1668
1669 if (!TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1)
1670 || !TEST_int_eq(EVP_PKEY_fromdata(ctx, &pk, EVP_PKEY_KEYPAIR,
1671 fromdata_params), 1))
1672 goto err;
1673
1674 for (;;) {
1675 ret = 0;
1676 if (!TEST_int_eq(EVP_PKEY_get_bits(pk), 256)
1677 || !TEST_int_eq(EVP_PKEY_get_security_bits(pk), 128)
1678 || !TEST_int_eq(EVP_PKEY_get_size(pk), 2 + 35 * 2)
1679 || !TEST_false(EVP_PKEY_missing_parameters(pk)))
1680 goto err;
1681
1682 if (!TEST_ptr(copy_pk = EVP_PKEY_new())
1683 || !TEST_true(EVP_PKEY_copy_parameters(copy_pk, pk)))
1684 goto err;
1685 EVP_PKEY_free(copy_pk);
1686 copy_pk = NULL;
1687
1688 if (!TEST_ptr(gettable = EVP_PKEY_gettable_params(pk))
1689 || !TEST_ptr(OSSL_PARAM_locate_const(gettable,
1690 OSSL_PKEY_PARAM_GROUP_NAME))
1691 || !TEST_ptr(OSSL_PARAM_locate_const(gettable,
1692 OSSL_PKEY_PARAM_PUB_KEY))
1693 || !TEST_ptr(OSSL_PARAM_locate_const(gettable,
1694 OSSL_PKEY_PARAM_PRIV_KEY)))
1695 goto err;
1696
1697 if (!TEST_ptr(group = EC_GROUP_new_by_curve_name(OBJ_sn2nid(curve)))
1698 || !TEST_ptr(group_p = BN_new())
1699 || !TEST_ptr(group_a = BN_new())
1700 || !TEST_ptr(group_b = BN_new())
1701 || !TEST_true(EC_GROUP_get_curve(group, group_p, group_a, group_b, NULL)))
1702 goto err;
1703
1704 if (!TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_EC_A, &a))
1705 || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_EC_B, &b))
1706 || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_EC_P, &p)))
1707 goto err;
1708
1709 if (!TEST_BN_eq(group_p, p) || !TEST_BN_eq(group_a, a)
1710 || !TEST_BN_eq(group_b, b))
1711 goto err;
1712
1713 EC_GROUP_free(group);
1714 group = NULL;
1715 BN_free(group_p);
1716 group_p = NULL;
1717 BN_free(group_a);
1718 group_a = NULL;
1719 BN_free(group_b);
1720 group_b = NULL;
1721
1722 if (!EVP_PKEY_get_utf8_string_param(pk, OSSL_PKEY_PARAM_GROUP_NAME,
1723 out_curve_name,
1724 sizeof(out_curve_name),
1725 &len)
1726 || !TEST_str_eq(out_curve_name, curve)
1727 || !EVP_PKEY_get_octet_string_param(pk, OSSL_PKEY_PARAM_PUB_KEY,
1728 out_pub, sizeof(out_pub), &len)
1729
1730 /*
1731 * Our providers use uncompressed format by default if
1732 * `OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT` was not
1733 * explicitly set, irrespective of the format used for the
1734 * input point given as a param to create this key.
1735 */
1736 || !TEST_true(out_pub[0] == POINT_CONVERSION_UNCOMPRESSED)
1737 || !TEST_mem_eq(out_pub + 1, len - 1,
1738 ec_pub_keydata + 1, sizeof(ec_pub_keydata) - 1)
1739
1740 || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_PRIV_KEY,
1741 &bn_priv))
1742 || !TEST_BN_eq(ec_priv_bn, bn_priv))
1743 goto err;
1744 BN_free(bn_priv);
1745 bn_priv = NULL;
1746
1747 ret = test_print_key_using_pem(alg, pk)
1748 && test_print_key_using_encoder(alg, pk);
1749
1750 if (!ret || dup_pk != NULL)
1751 break;
1752
1753 if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pk)))
1754 goto err;
1755 ret = ret && TEST_int_eq(EVP_PKEY_eq(pk, dup_pk), 1);
1756 EVP_PKEY_free(pk);
1757 pk = dup_pk;
1758 if (!ret)
1759 goto err;
1760 }
1761
1762err:
1763 EC_GROUP_free(group);
1764 BN_free(group_a);
1765 BN_free(group_b);
1766 BN_free(group_p);
1767 BN_free(a);
1768 BN_free(b);
1769 BN_free(p);
1770 BN_free(bn_priv);
1771 BN_free(ec_priv_bn);
1772 OSSL_PARAM_free(fromdata_params);
1773 OSSL_PARAM_BLD_free(bld);
1774 EVP_PKEY_free(pk);
1775 EVP_PKEY_free(copy_pk);
1776 EVP_PKEY_CTX_free(ctx);
1777 return ret;
1778}
1779
1780static int test_ec_dup_no_operation(void)
1781{
1782 int ret = 0;
1783 EVP_PKEY_CTX *pctx = NULL, *ctx = NULL, *kctx = NULL;
1784 EVP_PKEY *param = NULL, *pkey = NULL;
1785
1786 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL))
1787 || !TEST_int_gt(EVP_PKEY_paramgen_init(pctx), 0)
1788 || !TEST_int_gt(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx,
1789 NID_X9_62_prime256v1), 0)
1790 || !TEST_int_gt(EVP_PKEY_paramgen(pctx, &param), 0)
1791 || !TEST_ptr(param))
1792 goto err;
1793
1794 EVP_PKEY_CTX_free(pctx);
1795 pctx = NULL;
1796
1797 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(NULL, param, NULL))
1798 || !TEST_ptr(kctx = EVP_PKEY_CTX_dup(ctx))
1799 || !TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0)
1800 || !TEST_int_gt(EVP_PKEY_keygen(kctx, &pkey), 0))
1801 goto err;
1802 ret = 1;
1803err:
1804 EVP_PKEY_free(pkey);
1805 EVP_PKEY_free(param);
1806 EVP_PKEY_CTX_free(ctx);
1807 EVP_PKEY_CTX_free(kctx);
1808 EVP_PKEY_CTX_free(pctx);
1809 return ret;
1810}
1811
1812/* Test that keygen doesn't support EVP_PKEY_CTX_dup */
1813static int test_ec_dup_keygen_operation(void)
1814{
1815 int ret = 0;
1816 EVP_PKEY_CTX *pctx = NULL, *ctx = NULL, *kctx = NULL;
1817 EVP_PKEY *param = NULL, *pkey = NULL;
1818
1819 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL))
1820 || !TEST_int_gt(EVP_PKEY_paramgen_init(pctx), 0)
1821 || !TEST_int_gt(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx,
1822 NID_X9_62_prime256v1), 0)
1823 || !TEST_int_gt(EVP_PKEY_paramgen(pctx, &param), 0)
1824 || !TEST_ptr(param))
1825 goto err;
1826
1827 EVP_PKEY_CTX_free(pctx);
1828 pctx = NULL;
1829
1830 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(NULL, param, NULL))
1831 || !TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
1832 || !TEST_ptr_null(kctx = EVP_PKEY_CTX_dup(ctx)))
1833 goto err;
1834 ret = 1;
1835err:
1836 EVP_PKEY_free(pkey);
1837 EVP_PKEY_free(param);
1838 EVP_PKEY_CTX_free(ctx);
1839 EVP_PKEY_CTX_free(kctx);
1840 EVP_PKEY_CTX_free(pctx);
1841 return ret;
1842}
1843
1844#endif /* OPENSSL_NO_EC */
1845
1846#ifndef OPENSSL_NO_DSA
1847static int test_fromdata_dsa_fips186_4(void)
1848{
1849 int ret = 0;
1850 EVP_PKEY_CTX *ctx = NULL, *key_ctx = NULL;
1851 EVP_PKEY *pk = NULL, *copy_pk = NULL, *dup_pk = NULL;
1852 BIGNUM *pub = NULL, *priv = NULL;
1853 BIGNUM *p = NULL, *q = NULL, *g = NULL;
1854 BIGNUM *pub_out = NULL, *priv_out = NULL;
1855 BIGNUM *p_out = NULL, *q_out = NULL, *g_out = NULL, *j_out = NULL;
1856 int gindex_out = 0, pcounter_out = 0, hindex_out = 0;
1857 char name_out[80];
1858 unsigned char seed_out[32];
1859 size_t len;
1860 OSSL_PARAM_BLD *bld = NULL;
1861 OSSL_PARAM *fromdata_params = NULL;
1862
1863 /*
1864 * DSA parameter data was generated using the following:
1865 * openssl genpkey -genparam -algorithm DSA -pkeyopt pbits:2048 \
1866 * -pkeyopt qbits:256 -pkeyopt type:0 \
1867 * -pkeyopt gindex:1 -out dsa_params.pem -text
1868 */
1869 static const unsigned char p_data[] = {
1870 0x00, 0xa0, 0xb7, 0x02, 0xc4, 0xac, 0xa6, 0x42, 0xab, 0xf2, 0x34, 0x0b,
1871 0x22, 0x47, 0x1f, 0x33, 0xcf, 0xd5, 0x04, 0xe4, 0x3e, 0xec, 0xa1, 0x21,
1872 0xc8, 0x41, 0x2b, 0xef, 0xb8, 0x1f, 0x0b, 0x5b, 0x88, 0x8b, 0x67, 0xf8,
1873 0x68, 0x6d, 0x7c, 0x4d, 0x96, 0x5f, 0x3c, 0x66, 0xef, 0x58, 0x34, 0xd7,
1874 0xf6, 0xa2, 0x1b, 0xad, 0xc8, 0x12, 0x52, 0xb8, 0xe8, 0x2a, 0x63, 0xcc,
1875 0xea, 0xe7, 0x4e, 0xc8, 0x34, 0x4c, 0x58, 0x59, 0x0a, 0xc2, 0x4a, 0xe4,
1876 0xb4, 0x64, 0x20, 0xf4, 0xf6, 0x0a, 0xcf, 0x86, 0x01, 0x6c, 0x7f, 0x23,
1877 0x4a, 0x51, 0x07, 0x99, 0x42, 0x28, 0x7a, 0xff, 0x18, 0x67, 0x52, 0x64,
1878 0xf2, 0x9a, 0x62, 0x30, 0xc3, 0x00, 0xde, 0x23, 0xe9, 0x11, 0x95, 0x7e,
1879 0xd1, 0x3d, 0x8d, 0xb4, 0x0e, 0x9f, 0x9e, 0xb1, 0x30, 0x03, 0xf0, 0x73,
1880 0xa8, 0x40, 0x48, 0x42, 0x7b, 0x60, 0xa0, 0xc4, 0xf2, 0x3b, 0x2d, 0x0a,
1881 0x0c, 0xb8, 0x19, 0xfb, 0xb4, 0xf8, 0xe0, 0x2a, 0xc7, 0xf1, 0xc0, 0xc6,
1882 0x86, 0x14, 0x60, 0x12, 0x0f, 0xc0, 0xde, 0x4a, 0x67, 0xec, 0xc7, 0xde,
1883 0x76, 0x21, 0x1a, 0x55, 0x7f, 0x86, 0xc3, 0x97, 0x98, 0xce, 0xf5, 0xcd,
1884 0xf0, 0xe7, 0x12, 0xd6, 0x93, 0xee, 0x1b, 0x9b, 0x61, 0xef, 0x05, 0x8c,
1885 0x45, 0x46, 0xd9, 0x64, 0x6f, 0xbe, 0x27, 0xaa, 0x67, 0x01, 0xcc, 0x71,
1886 0xb1, 0x60, 0xce, 0x21, 0xd8, 0x51, 0x17, 0x27, 0x0d, 0x90, 0x3d, 0x18,
1887 0x7c, 0x87, 0x15, 0x8e, 0x48, 0x4c, 0x6c, 0xc5, 0x72, 0xeb, 0xb7, 0x56,
1888 0xf5, 0x6b, 0x60, 0x8f, 0xc2, 0xfd, 0x3f, 0x46, 0x5c, 0x00, 0x91, 0x85,
1889 0x79, 0x45, 0x5b, 0x1c, 0x82, 0xc4, 0x87, 0x50, 0x79, 0xba, 0xcc, 0x1c,
1890 0x32, 0x7e, 0x2e, 0xb8, 0x2e, 0xc5, 0x4e, 0xd1, 0x9b, 0xdb, 0x66, 0x79,
1891 0x7c, 0xfe, 0xaf, 0x6a, 0x05
1892 };
1893 static const unsigned char q_data[] = {
1894 0xa8, 0xcd, 0xf4, 0x33, 0x7b, 0x13, 0x0a, 0x24, 0xc1, 0xde, 0x4a, 0x04,
1895 0x7b, 0x4b, 0x71, 0x51, 0x32, 0xe9, 0x47, 0x74, 0xbd, 0x0c, 0x21, 0x40,
1896 0x84, 0x12, 0x0a, 0x17, 0x73, 0xdb, 0x29, 0xc7
1897 };
1898 static const unsigned char g_data[] = {
1899 0x6c, 0xc6, 0xa4, 0x3e, 0x61, 0x84, 0xc1, 0xff, 0x6f, 0x4a, 0x1a, 0x6b,
1900 0xb0, 0x24, 0x4b, 0xd2, 0x92, 0x5b, 0x29, 0x5c, 0x61, 0xb8, 0xc9, 0x2b,
1901 0xd6, 0xf7, 0x59, 0xfd, 0xd8, 0x70, 0x66, 0x77, 0xfc, 0xc1, 0xa4, 0xd4,
1902 0xb0, 0x1e, 0xd5, 0xbf, 0x59, 0x98, 0xb3, 0x66, 0x8b, 0xf4, 0x2e, 0xe6,
1903 0x12, 0x3e, 0xcc, 0xf8, 0x02, 0xb8, 0xc6, 0xc3, 0x47, 0xd2, 0xf5, 0xaa,
1904 0x0c, 0x5f, 0x51, 0xf5, 0xd0, 0x4c, 0x55, 0x3d, 0x07, 0x73, 0xa6, 0x57,
1905 0xce, 0x5a, 0xad, 0x42, 0x0c, 0x13, 0x0f, 0xe2, 0x31, 0x25, 0x8e, 0x72,
1906 0x12, 0x73, 0x10, 0xdb, 0x7f, 0x79, 0xeb, 0x59, 0xfc, 0xfe, 0xf7, 0x0c,
1907 0x1a, 0x81, 0x53, 0x96, 0x22, 0xb8, 0xe7, 0x58, 0xd8, 0x67, 0x80, 0x60,
1908 0xad, 0x8b, 0x55, 0x1c, 0x91, 0xf0, 0x72, 0x9a, 0x7e, 0xad, 0x37, 0xf1,
1909 0x77, 0x18, 0x96, 0x8a, 0x68, 0x70, 0xfc, 0x71, 0xa9, 0xa2, 0xe8, 0x35,
1910 0x27, 0x78, 0xf2, 0xef, 0x59, 0x36, 0x6d, 0x7c, 0xb6, 0x98, 0xd8, 0x1e,
1911 0xfa, 0x25, 0x73, 0x97, 0x45, 0x58, 0xe3, 0xae, 0xbd, 0x52, 0x54, 0x05,
1912 0xd8, 0x26, 0x26, 0xba, 0xba, 0x05, 0xb5, 0xe9, 0xe5, 0x76, 0xae, 0x25,
1913 0xdd, 0xfc, 0x10, 0x89, 0x5a, 0xa9, 0xee, 0x59, 0xc5, 0x79, 0x8b, 0xeb,
1914 0x1e, 0x2c, 0x61, 0xab, 0x0d, 0xd1, 0x10, 0x04, 0x91, 0x32, 0x77, 0x4a,
1915 0xa6, 0x64, 0x53, 0xda, 0x4c, 0xd7, 0x3a, 0x29, 0xd4, 0xf3, 0x82, 0x25,
1916 0x1d, 0x6f, 0x4a, 0x7f, 0xd3, 0x08, 0x3b, 0x42, 0x30, 0x10, 0xd8, 0xd0,
1917 0x97, 0x3a, 0xeb, 0x92, 0x63, 0xec, 0x93, 0x2b, 0x6f, 0x32, 0xd8, 0xcd,
1918 0x80, 0xd3, 0xc0, 0x4c, 0x03, 0xd5, 0xca, 0xbc, 0x8f, 0xc7, 0x43, 0x53,
1919 0x64, 0x66, 0x1c, 0x82, 0x2d, 0xfb, 0xff, 0x39, 0xba, 0xd6, 0x42, 0x62,
1920 0x02, 0x6f, 0x96, 0x36
1921 };
1922 static const unsigned char seed_data[] = {
1923 0x64, 0x46, 0x07, 0x32, 0x8d, 0x70, 0x9c, 0xb3, 0x8a, 0x35, 0xde, 0x62,
1924 0x00, 0xf2, 0x6d, 0x52, 0x37, 0x4d, 0xb3, 0x84, 0xe1, 0x9d, 0x41, 0x04,
1925 0xda, 0x7b, 0xdc, 0x0d, 0x8b, 0x5e, 0xe0, 0x84
1926 };
1927 const int gindex = 1;
1928 const int pcounter = 53;
1929 /*
1930 * The keypair was generated using
1931 * openssl genpkey -paramfile dsa_params.pem --pkeyopt pcounter:53 \
1932 * -pkeyopt gindex:1 \
1933 * -pkeyopt hexseed:644607328d709cb38a35de6200f26d -text
1934 */
1935 static const unsigned char priv_data[] = {
1936 0x00, 0x8f, 0xc5, 0x9e, 0xd0, 0xf7, 0x2a, 0x0b, 0x66, 0xf1, 0x32, 0x73,
1937 0xae, 0xf6, 0xd9, 0xd4, 0xdb, 0x2d, 0x96, 0x55, 0x89, 0xff, 0xef, 0xa8,
1938 0x5f, 0x47, 0x8f, 0xca, 0x02, 0x8a, 0xe1, 0x35, 0x90
1939 };
1940 static const unsigned char pub_data[] = {
1941 0x44, 0x19, 0xc9, 0x46, 0x45, 0x57, 0xc1, 0xa9, 0xd8, 0x30, 0x99, 0x29,
1942 0x6a, 0x4b, 0x63, 0x71, 0x69, 0x96, 0x35, 0x17, 0xb2, 0x62, 0x9b, 0x80,
1943 0x0a, 0x95, 0x9d, 0x6a, 0xc0, 0x32, 0x0d, 0x07, 0x5f, 0x19, 0x44, 0x02,
1944 0xf1, 0xbd, 0xce, 0xdf, 0x10, 0xf8, 0x02, 0x5d, 0x7d, 0x98, 0x8a, 0x73,
1945 0x89, 0x00, 0xb6, 0x24, 0xd6, 0x33, 0xe7, 0xcf, 0x8b, 0x49, 0x2a, 0xaf,
1946 0x13, 0x1c, 0xb2, 0x52, 0x15, 0xfd, 0x9b, 0xd5, 0x40, 0x4a, 0x1a, 0xda,
1947 0x29, 0x4c, 0x92, 0x7e, 0x66, 0x06, 0xdb, 0x61, 0x86, 0xac, 0xb5, 0xda,
1948 0x3c, 0x7d, 0x73, 0x7e, 0x54, 0x32, 0x68, 0xa5, 0x02, 0xbc, 0x59, 0x47,
1949 0x84, 0xd3, 0x87, 0x71, 0x5f, 0xeb, 0x43, 0x45, 0x24, 0xd3, 0xec, 0x08,
1950 0x52, 0xc2, 0x89, 0x2d, 0x9c, 0x1a, 0xcc, 0x91, 0x65, 0x5d, 0xa3, 0xa1,
1951 0x35, 0x31, 0x10, 0x1c, 0x3a, 0xa8, 0x4d, 0x18, 0xd5, 0x06, 0xaf, 0xb2,
1952 0xec, 0x5c, 0x89, 0x9e, 0x90, 0x86, 0x10, 0x01, 0xeb, 0x51, 0xd5, 0x1b,
1953 0x9c, 0xcb, 0x66, 0x07, 0x3f, 0xc4, 0x6e, 0x0a, 0x1b, 0x73, 0xa0, 0x4b,
1954 0x5f, 0x4d, 0xab, 0x35, 0x28, 0xfa, 0xda, 0x3a, 0x0c, 0x08, 0xe8, 0xf3,
1955 0xef, 0x42, 0x67, 0xbc, 0x21, 0xf2, 0xc2, 0xb8, 0xff, 0x1a, 0x81, 0x05,
1956 0x68, 0x73, 0x62, 0xdf, 0xd7, 0xab, 0x0f, 0x22, 0x89, 0x57, 0x96, 0xd4,
1957 0x93, 0xaf, 0xa1, 0x21, 0xa3, 0x48, 0xe9, 0xf0, 0x97, 0x47, 0xa0, 0x27,
1958 0xba, 0x87, 0xb8, 0x15, 0x5f, 0xff, 0x2c, 0x50, 0x41, 0xf1, 0x7e, 0xc6,
1959 0x81, 0xc4, 0x51, 0xf1, 0xfd, 0xd6, 0x86, 0xf7, 0x69, 0x97, 0xf1, 0x49,
1960 0xc9, 0xf9, 0xf4, 0x9b, 0xf4, 0xe8, 0x85, 0xa7, 0xbd, 0x36, 0x55, 0x4a,
1961 0x3d, 0xe8, 0x65, 0x09, 0x7b, 0xb7, 0x12, 0x64, 0xd2, 0x0a, 0x53, 0x60,
1962 0x48, 0xd1, 0x8a, 0xbd
1963 };
1964
1965 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
1966 || !TEST_ptr(pub = BN_bin2bn(pub_data, sizeof(pub_data), NULL))
1967 || !TEST_ptr(priv = BN_bin2bn(priv_data, sizeof(priv_data), NULL))
1968 || !TEST_ptr(p = BN_bin2bn(p_data, sizeof(p_data), NULL))
1969 || !TEST_ptr(q = BN_bin2bn(q_data, sizeof(q_data), NULL))
1970 || !TEST_ptr(g = BN_bin2bn(g_data, sizeof(g_data), NULL))
1971
1972 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
1973 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
1974 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
1975 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
1976 OSSL_PKEY_PARAM_FFC_SEED,
1977 seed_data,
1978 sizeof(seed_data)))
1979 || !TEST_true(OSSL_PARAM_BLD_push_int(bld, OSSL_PKEY_PARAM_FFC_GINDEX,
1980 gindex))
1981 || !TEST_true(OSSL_PARAM_BLD_push_int(bld,
1982 OSSL_PKEY_PARAM_FFC_PCOUNTER,
1983 pcounter))
1984 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
1985 pub))
1986 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
1987 priv))
1988 || !TEST_ptr(fromdata_params = OSSL_PARAM_BLD_to_param(bld)))
1989 goto err;
1990
1991 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(NULL, "DSA", NULL)))
1992 goto err;
1993
1994 if (!TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1)
1995 || !TEST_int_eq(EVP_PKEY_fromdata(ctx, &pk, EVP_PKEY_KEYPAIR,
1996 fromdata_params), 1))
1997 goto err;
1998
1999 for (;;) {
2000 ret = 0;
2001 if (!TEST_int_eq(EVP_PKEY_get_bits(pk), 2048)
2002 || !TEST_int_eq(EVP_PKEY_get_security_bits(pk), 112)
2003 || !TEST_int_eq(EVP_PKEY_get_size(pk), 2 + 2 * (3 + sizeof(q_data)))
2004 || !TEST_false(EVP_PKEY_missing_parameters(pk)))
2005 goto err;
2006
2007 if (!TEST_false(EVP_PKEY_get_utf8_string_param(pk,
2008 OSSL_PKEY_PARAM_GROUP_NAME,
2009 name_out,
2010 sizeof(name_out),
2011 &len))
2012 || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_PUB_KEY,
2013 &pub_out))
2014 || !TEST_BN_eq(pub, pub_out)
2015 || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_PRIV_KEY,
2016 &priv_out))
2017 || !TEST_BN_eq(priv, priv_out)
2018 || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_FFC_P,
2019 &p_out))
2020 || !TEST_BN_eq(p, p_out)
2021 || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_FFC_Q,
2022 &q_out))
2023 || !TEST_BN_eq(q, q_out)
2024 || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_FFC_G,
2025 &g_out))
2026 || !TEST_BN_eq(g, g_out)
2027 || !TEST_false(EVP_PKEY_get_bn_param(pk,
2028 OSSL_PKEY_PARAM_FFC_COFACTOR,
2029 &j_out))
2030 || !TEST_ptr_null(j_out)
2031 || !TEST_true(EVP_PKEY_get_octet_string_param(pk,
2032 OSSL_PKEY_PARAM_FFC_SEED,
2033 seed_out,
2034 sizeof(seed_out),
2035 &len))
2036 || !TEST_true(EVP_PKEY_get_int_param(pk,
2037 OSSL_PKEY_PARAM_FFC_GINDEX,
2038 &gindex_out))
2039 || !TEST_int_eq(gindex, gindex_out)
2040 || !TEST_true(EVP_PKEY_get_int_param(pk, OSSL_PKEY_PARAM_FFC_H,
2041 &hindex_out))
2042 || !TEST_int_eq(hindex_out, 0)
2043 || !TEST_true(EVP_PKEY_get_int_param(pk,
2044 OSSL_PKEY_PARAM_FFC_PCOUNTER,
2045 &pcounter_out))
2046 || !TEST_int_eq(pcounter, pcounter_out))
2047 goto err;
2048 BN_free(p_out);
2049 p_out = NULL;
2050 BN_free(q_out);
2051 q_out = NULL;
2052 BN_free(g_out);
2053 g_out = NULL;
2054 BN_free(j_out);
2055 j_out = NULL;
2056 BN_free(pub_out);
2057 pub_out = NULL;
2058 BN_free(priv_out);
2059 priv_out = NULL;
2060
2061 if (!TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(NULL, pk, "")))
2062 goto err;
2063
2064 if (!TEST_int_gt(EVP_PKEY_check(key_ctx), 0)
2065 || !TEST_int_gt(EVP_PKEY_public_check(key_ctx), 0)
2066 || !TEST_int_gt(EVP_PKEY_private_check(key_ctx), 0)
2067 || !TEST_int_gt(EVP_PKEY_pairwise_check(key_ctx), 0))
2068 goto err;
2069 EVP_PKEY_CTX_free(key_ctx);
2070 key_ctx = NULL;
2071
2072 if (!TEST_ptr(copy_pk = EVP_PKEY_new())
2073 || !TEST_true(EVP_PKEY_copy_parameters(copy_pk, pk)))
2074 goto err;
2075 EVP_PKEY_free(copy_pk);
2076 copy_pk = NULL;
2077
2078 ret = test_print_key_using_pem("DSA", pk)
2079 && test_print_key_using_encoder("DSA", pk);
2080
2081 if (!ret || dup_pk != NULL)
2082 break;
2083
2084 if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pk)))
2085 goto err;
2086 ret = ret && TEST_int_eq(EVP_PKEY_eq(pk, dup_pk), 1);
2087 EVP_PKEY_free(pk);
2088 pk = dup_pk;
2089 if (!ret)
2090 goto err;
2091 }
2092
2093 err:
2094 OSSL_PARAM_free(fromdata_params);
2095 OSSL_PARAM_BLD_free(bld);
2096 BN_free(p);
2097 BN_free(q);
2098 BN_free(g);
2099 BN_free(pub);
2100 BN_free(priv);
2101 BN_free(p_out);
2102 BN_free(q_out);
2103 BN_free(g_out);
2104 BN_free(pub_out);
2105 BN_free(priv_out);
2106 BN_free(j_out);
2107 EVP_PKEY_free(pk);
2108 EVP_PKEY_free(copy_pk);
2109 EVP_PKEY_CTX_free(ctx);
2110 EVP_PKEY_CTX_free(key_ctx);
2111
2112 return ret;
2113}
2114
2115static int test_check_dsa(void)
2116{
2117 int ret = 0;
2118 EVP_PKEY_CTX *ctx = NULL;
2119
2120 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(NULL, "DSA", NULL))
2121 || !TEST_int_le(EVP_PKEY_check(ctx), 0)
2122 || !TEST_int_le(EVP_PKEY_public_check(ctx), 0)
2123 || !TEST_int_le(EVP_PKEY_private_check(ctx), 0)
2124 || !TEST_int_le(EVP_PKEY_pairwise_check(ctx), 0))
2125 goto err;
2126
2127 ret = 1;
2128 err:
2129 EVP_PKEY_CTX_free(ctx);
2130
2131 return ret;
2132}
2133#endif /* OPENSSL_NO_DSA */
2134
2135
2136static OSSL_PARAM *do_construct_hkdf_params(char *digest, char *key,
2137 size_t keylen, char *salt)
2138{
2139 OSSL_PARAM *params = OPENSSL_malloc(sizeof(OSSL_PARAM) * 5);
2140 OSSL_PARAM *p = params;
2141
2142 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, digest, 0);
2143 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT,
2144 salt, strlen(salt));
2145 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY,
2146 (unsigned char *)key, keylen);
2147 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MODE,
2148 "EXTRACT_ONLY", 0);
2149 *p = OSSL_PARAM_construct_end();
2150
2151 return params;
2152}
2153
2154static int test_evp_pkey_ctx_dup_kdf(void)
2155{
2156 int ret = 0;
2157 size_t len = 0, dlen = 0;
2158 EVP_PKEY_CTX *pctx = NULL, *dctx = NULL;
2159 OSSL_PARAM *params = NULL;
2160
2161 if (!TEST_ptr(params = do_construct_hkdf_params("sha256", "secret", 6,
2162 "salt")))
2163 goto err;
2164 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(NULL, "HKDF", NULL)))
2165 goto err;
2166 if (!TEST_int_eq(EVP_PKEY_derive_init_ex(pctx, params), 1))
2167 goto err;
2168 if (!TEST_ptr(dctx = EVP_PKEY_CTX_dup(pctx)))
2169 goto err;
2170 if (!TEST_int_eq(EVP_PKEY_derive(pctx, NULL, &len), 1)
2171 || !TEST_size_t_eq(len, SHA256_DIGEST_LENGTH)
2172 || !TEST_int_eq(EVP_PKEY_derive(dctx, NULL, &dlen), 1)
2173 || !TEST_size_t_eq(dlen, SHA256_DIGEST_LENGTH))
2174 goto err;
2175 ret = 1;
2176err:
2177 OPENSSL_free(params);
2178 EVP_PKEY_CTX_free(dctx);
2179 EVP_PKEY_CTX_free(pctx);
2180 return ret;
2181}
2182
2183int setup_tests(void)
2184{
2185 if (!test_skip_common_options()) {
2186 TEST_error("Error parsing test options\n");
2187 return 0;
2188 }
2189
2190 if (!TEST_ptr(datadir = test_get_argument(0)))
2191 return 0;
2192
2193 ADD_TEST(test_evp_pkey_ctx_dup_kdf);
2194 ADD_TEST(test_evp_pkey_get_bn_param_large);
2195 ADD_TEST(test_fromdata_rsa);
2196 ADD_TEST(test_fromdata_rsa_derive_from_pq_sp800);
2197 ADD_TEST(test_fromdata_rsa_derive_from_pq_multiprime);
2198#ifndef OPENSSL_NO_DH
2199 ADD_TEST(test_fromdata_dh_fips186_4);
2200 ADD_TEST(test_fromdata_dh_named_group);
2201#endif
2202#ifndef OPENSSL_NO_DSA
2203 ADD_TEST(test_check_dsa);
2204 ADD_TEST(test_fromdata_dsa_fips186_4);
2205#endif
2206#ifndef OPENSSL_NO_EC
2207# ifndef OPENSSL_NO_ECX
2208 ADD_ALL_TESTS(test_fromdata_ecx, 4 * 3);
2209# endif
2210 ADD_TEST(test_fromdata_ec);
2211 ADD_TEST(test_ec_dup_no_operation);
2212 ADD_TEST(test_ec_dup_keygen_operation);
2213#endif
2214 return 1;
2215}
Note: See TracBrowser for help on using the repository browser.

© 2025 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette