[security] Support a list of SSL ECs (grpc#34867)

Addresses grpc#23235

src/core/tsi/ssl_transport_security.cc

@@ -153,9 +153,8 @@ static int g_ssl_ex_verified_root_cert_index = -1;
 #if !defined(OPENSSL_IS_BORINGSSL) && !defined(OPENSSL_NO_ENGINE)
 static const char kSslEnginePrefix[] = "engine:";
 #endif
-#if OPENSSL_VERSION_NUMBER >= 0x30000000
-static const int kSslEcCurveNames[] = {NID_X9_62_prime256v1};
-#endif
+static const int kSslEcCurveNames[] = {NID_X9_62_prime256v1, NID_secp384r1,
+                                       NID_secp521r1};
 
 #if OPENSSL_VERSION_NUMBER < 0x10100000
 static gpr_mu* g_openssl_mutexes = nullptr;
@@ -800,17 +799,16 @@ static tsi_result populate_ssl_context(
     return TSI_INVALID_ARGUMENT;
   }
   {
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
-    EC_KEY* ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
-    if (!SSL_CTX_set_tmp_ecdh(context, ecdh)) {
+#if OPENSSL_VERSION_NUMBER < 0x10101000L
+    if (!SSL_CTX_set1_curves(context, kSslEcCurveNames,
+                             ((sizeof(kSslEcCurveNames) / sizeof(int))))) {
       gpr_log(GPR_ERROR, "Could not set ephemeral ECDH key.");
-      EC_KEY_free(ecdh);
       return TSI_INTERNAL_ERROR;
     }
     SSL_CTX_set_options(context, SSL_OP_SINGLE_ECDH_USE);
-    EC_KEY_free(ecdh);
 #else
-    if (!SSL_CTX_set1_groups(context, kSslEcCurveNames, 1)) {
+    if (!SSL_CTX_set1_groups(context, kSslEcCurveNames,
+                             ((sizeof(kSslEcCurveNames) / sizeof(int))))) {
       gpr_log(GPR_ERROR, "Could not set ephemeral ECDH key.");
       return TSI_INTERNAL_ERROR;
     }

src/core/tsi/test_creds/BUILD

@@ -16,14 +16,29 @@ licenses(["notice"])
 
 exports_files([
     "ca.pem",
-    "server1.key",
-    "server1.pem",
+    "ca_p256.pem",
+    "ca_p384.pem",
+    "ca_p521.pem",
     "server0.key",
     "server0.pem",
+    "server1.key",
+    "server1.pem",
+    "server1_p256.key",
+    "server1_p256.pem",
+    "server1_p384.key",
+    "server1_p384.pem",
+    "server1_p521.key",
+    "server1_p521.pem",
     "client.key",
     "client.pem",
     "client-with-spiffe.key",
     "client-with-spiffe.pem",
+    "client_p256.key",
+    "client_p256.pem",
+    "client_p384.key",
+    "client_p384.pem",
+    "client_p521.key",
+    "client_p521.pem",
     "badserver.key",
     "badserver.pem",
     "badclient.key",

src/core/tsi/test_creds/README

@@ -16,7 +16,7 @@ common name which is set to badserver.test.google.com.
 Valid test credentials:
 =======================
 
-The ca is self-signed:
+The ca is self-signed with RSA:
 ----------------------
 
 $ openssl req -x509 -new -newkey rsa:2048 -nodes -keyout ca.key -out ca.pem \
@@ -128,7 +128,29 @@ $ openssl req -key leaf_signed_by_intermediate.key -new -out temp.csr -config le
 $ openssl x509 -req -days 3650 -in temp.csr -CA intermediate_ca.pem -CAkey intermediate_ca.key -CAcreateserial -out leaf_signed_by_intermediate.pem -extfile leaf_signed_by_intermediate.cnf -extensions 'v3_req'
 $ cat leaf_signed_by_intermediate.pem intermediate_ca.pem > leaf_and_intermediate_chain.pem
 
+ECDSA CAs and certs/keys
+------------------------
 
+For P256, P384 or P521 curves, assign $NAME to prime256v1, secp384r1 or secp521r1 and $SUFFIX to p256, p384 or p521 respectively.
+
+$ openssl ecparam -name $NAME -genkey -noout -out temp.pem
+$ openssl pkcs8 -topk8 -in temp.pem -out ca_${SUFFIX}.key -nocrypt
+$ rm temp.pem
+$ openssl req -x509 -days 3650 -new -key ca_${SUFFIX}.key -nodes -out ca_${SUFFIX}.pem -config ca-openssl.cnf -extensions 'v3_req'
+
+Sign client certs (with common name testclient) with the above CAs:
+$ openssl ecparam -name $NAME -genkey -noout -out temp.pem
+$ openssl pkcs8 -topk8 -in temp.pem -out client_${SUFFIX}.key -nocrypt
+$ rm temp.pem
+$ openssl req -key client_${SUFFIX}.key -new -out temp.csr
+$ openssl x509 -req -days 3650 -in temp.csr -CA ca_${SUFFIX}.pem -CAkey ca_${SUFFIX}.key -CAcreateserial -out client_${SUFFIX}.pem
+
+Sign server certs (with common name *.test.google.com) with the above CAs:
+$ openssl ecparam -name $NAME -genkey -noout -out temp.pem
+$ openssl pkcs8 -topk8 -in temp.pem -out server1_${SUFFIX}.key -nocrypt
+$ rm temp.pem
+$ openssl req -key server1_${SUFFIX}.key -new -out temp.csr -config server1-openssl.cnf
+$ openssl x509 -req -days 3650 -in temp.csr -CA ca_${SUFFIX}.pem -CAkey ca_${SUFFIX}.key -CAcreateserial -out server1_${SUFFIX}.pem -extensions 'v3_req' -extfile server1-openssl.cnf
 
 Clean up:
 ---------

src/core/tsi/test_creds/ca_p256.key

@@ -0,0 +1,5 @@
+-----BEGIN PRIVATE KEY-----
+MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgGXLU0TtzErcyGDE/
+fhbphpw2Zdhw3iZmUvnxsFG08iKhRANCAAR1Y4rj/7GFUANxiV8QcKvYC8pdbIsy
+jfe1qgcyL6gwxxbqokJllnvfTGdcH65l9M4xCSKWe+PeghI+i9NTu7R0
+-----END PRIVATE KEY-----

src/core/tsi/test_creds/ca_p256.pem

@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIIB7TCCAZOgAwIBAgIUPLuUtYXNndWg+lpfpgmhpyGhLF8wCgYIKoZIzj0EAwIw
+VjELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGElu
+dGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEPMA0GA1UEAwwGdGVzdGNhMB4XDTIzMTEw
+MzE2MjcwMFoXDTMzMTAzMTE2MjcwMFowVjELMAkGA1UEBhMCQVUxEzARBgNVBAgM
+ClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEP
+MA0GA1UEAwwGdGVzdGNhMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEdWOK4/+x
+hVADcYlfEHCr2AvKXWyLMo33taoHMi+oMMcW6qJCZZZ730xnXB+uZfTOMQkilnvj
+3oISPovTU7u0dKM/MD0wDAYDVR0TBAUwAwEB/zAOBgNVHQ8BAf8EBAMCAgQwHQYD
+VR0OBBYEFAwTlsQiF6A70bdNxAl4Y1x+3uVlMAoGCCqGSM49BAMCA0gAMEUCIQC+
+T4oowHyHutdr+Iu1X0wNoJ3Hodxp+ihtgou95+Tw8gIgFW4DMB0mATGgi8zIXREx
+1yXBQ+a2DYE6lSUUPChRUB8=
+-----END CERTIFICATE-----

src/core/tsi/test_creds/ca_p384.key

@@ -0,0 +1,6 @@
+-----BEGIN PRIVATE KEY-----
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDBS37qQ3DuoihlwFOS2
+zwN9egL1Vi+tpeBXElrm7/+7A/SA2OENZfXeQnb1HpqcgaOhZANiAATy4kYuJN4L
+27TvhbEY/dXD3MuZm71pQQOjqES1aghcPTFR04WDWIIVmzTuUUjz4XAcrOf1CsTu
+T1NEXZnHX/8A99OYsw/nlPRhvjAhPZ/kK5KH7NWK9+N7suf7QFP0PJU=
+-----END PRIVATE KEY-----

src/core/tsi/test_creds/ca_p384.pem

@@ -0,0 +1,14 @@
+-----BEGIN CERTIFICATE-----
+MIICKjCCAbCgAwIBAgIUQ5u1l9zc4BdSXdyGzv369f5bg48wCgYIKoZIzj0EAwIw
+VjELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGElu
+dGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEPMA0GA1UEAwwGdGVzdGNhMB4XDTIzMTEw
+MzE2MzA0NloXDTMzMTAzMTE2MzA0NlowVjELMAkGA1UEBhMCQVUxEzARBgNVBAgM
+ClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEP
+MA0GA1UEAwwGdGVzdGNhMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE8uJGLiTeC9u0
+74WxGP3Vw9zLmZu9aUEDo6hEtWoIXD0xUdOFg1iCFZs07lFI8+FwHKzn9QrE7k9T
+RF2Zx1//APfTmLMP55T0Yb4wIT2f5CuSh+zVivfje7Ln+0BT9DyVoz8wPTAMBgNV
+HRMEBTADAQH/MA4GA1UdDwEB/wQEAwICBDAdBgNVHQ4EFgQUb8tXaPFgds0JZZoJ
+YnC/wJlCbVQwCgYIKoZIzj0EAwIDaAAwZQIxAK8RnPWkSWG0cEf++GtjkHJ3y25Y
+KLkZ6uWM4nZIGzZPqEJbS5gIM6suXFjRtwRQqAIwEfAG1ncStBs3s3qx5XFcd/Uj
+7V61x1CjF+QVvMD0KW7xJB7Yl+EbY+2Y2xnG4PJL
+-----END CERTIFICATE-----

src/core/tsi/test_creds/ca_p521.key

@@ -0,0 +1,8 @@
+-----BEGIN PRIVATE KEY-----
+MIHuAgEAMBAGByqGSM49AgEGBSuBBAAjBIHWMIHTAgEBBEIBQ6PfMspzmbOlPa0e
+0UfWb7NGIIKvgCMmGVPSP7wR+jX//eJRO+YeLmcLq6zWOOs+5Z6oPKHR5Et5nht4
+FQR62gShgYkDgYYABAFRBRdfON+9qLmJlo0tHLIw9d4fIMYsM8hnbUPBAuIalAMo
+nDKdN8753qgnp74d9WQsYHtsw9dn6/0qwbh4qpYSrAE1nvVbh3zUkAqLQNkqV8cu
+fPCDLMvFDl3iy4hoOmK+fNYi+NS3gn6P1o6UIjN0xQEc7l/zUaw0D5VZqRoiniuR
+gA==
+-----END PRIVATE KEY-----

src/core/tsi/test_creds/ca_p521.pem

@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE-----
+MIICdDCCAdagAwIBAgIUKWOObDjdan+iuXsgkA6IDD68O2swCgYIKoZIzj0EAwIw
+VjELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGElu
+dGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEPMA0GA1UEAwwGdGVzdGNhMB4XDTIzMTEw
+MzE2MzIzM1oXDTMzMTAzMTE2MzIzM1owVjELMAkGA1UEBhMCQVUxEzARBgNVBAgM
+ClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEP
+MA0GA1UEAwwGdGVzdGNhMIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQBUQUXXzjf
+vai5iZaNLRyyMPXeHyDGLDPIZ21DwQLiGpQDKJwynTfO+d6oJ6e+HfVkLGB7bMPX
+Z+v9KsG4eKqWEqwBNZ71W4d81JAKi0DZKlfHLnzwgyzLxQ5d4suIaDpivnzWIvjU
+t4J+j9aOlCIzdMUBHO5f81GsNA+VWakaIp4rkYCjPzA9MAwGA1UdEwQFMAMBAf8w
+DgYDVR0PAQH/BAQDAgIEMB0GA1UdDgQWBBTJAGZMKQJ9qfu5hutnaruWRZl2zjAK
+BggqhkjOPQQDAgOBiwAwgYcCQUUZ/IXyiGqtbxzdIHqv/1D+rp8aarvdaOTNB2JJ
+tB+1K70n+scJpIG8z7JE69HfX4wDk7abumj57IOxWu0y8kttAkIAlBTyuSm0qiH4
+Z6NzTDgSdw6Z6ufZQC+2HGRAOt/55XgmYURg+u9BNcYGUAHNpWjffgpe5ZMM3mwu
+IxgpucHjxPg=
+-----END CERTIFICATE-----

src/core/tsi/test_creds/client_p256.key

@@ -0,0 +1,5 @@
+-----BEGIN PRIVATE KEY-----
+MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgf/INCWORFRUTDFz8
+Cs/JBWd2bikxsZ3WQaiB+PhllGShRANCAATQBhts3haEdFCU9wRsuranYR2M/Hpu
+ot70CuQx3/8NHVoPDhBJmY8cT3Kl+cZbZZQVgI4K73654dCQX6iEKAr+
+-----END PRIVATE KEY-----

src/core/tsi/test_creds/client_p256.pem

@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE-----
+MIIBqjCCAVECFHEbCKugIii9thZRk2zjetwgBvMMMAoGCCqGSM49BAMCMFYxCzAJ
+BgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5l
+dCBXaWRnaXRzIFB0eSBMdGQxDzANBgNVBAMMBnRlc3RjYTAeFw0yMzExMDMxNjQ2
+MzlaFw0zMzEwMzExNjQ2MzlaMFoxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21l
+LVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxEzARBgNV
+BAMMCnRlc3RjbGllbnQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATQBhts3haE
+dFCU9wRsuranYR2M/Hpuot70CuQx3/8NHVoPDhBJmY8cT3Kl+cZbZZQVgI4K7365
+4dCQX6iEKAr+MAoGCCqGSM49BAMCA0cAMEQCIDH4032bdUo8bI7edpUZsY5P4uvc
+BPLhFiExTVcylcqgAiAkMLgS02akwRmLwlQeJYqVhl5bdN8IbpItL4NXlbkbZA==
+-----END CERTIFICATE-----

src/core/tsi/test_creds/client_p384.key

@@ -0,0 +1,6 @@
+-----BEGIN PRIVATE KEY-----
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDCG55oUtgGStvL54n21
+gMY9Yt1Qs8SsJzZ8/51JmG1EIFWV0krJzJ/1z5I1wwLwRDqhZANiAAR3G/m1B73j
+aZ2BstNrjFKpdarWPTLLwuiozfzRYk/0NBPiVVByk6hYGqLsFS1+xuqLEdMviayK
+45LI41NfJ1RSoZ2/ozN/+oALK+L0mVkHKQwWDLidKFVETPL9eS3UX/U=
+-----END PRIVATE KEY-----

src/core/tsi/test_creds/client_p384.pem

@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIIB6TCCAW4CFBUrSSmZFLN1F4DSQ8GmD6ujE59NMAoGCCqGSM49BAMCMFYxCzAJ
+BgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5l
+dCBXaWRnaXRzIFB0eSBMdGQxDzANBgNVBAMMBnRlc3RjYTAeFw0yMzExMDMxNjQ3
+MzNaFw0zMzEwMzExNjQ3MzNaMFoxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21l
+LVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxEzARBgNV
+BAMMCnRlc3RjbGllbnQwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAR3G/m1B73jaZ2B
+stNrjFKpdarWPTLLwuiozfzRYk/0NBPiVVByk6hYGqLsFS1+xuqLEdMviayK45LI
+41NfJ1RSoZ2/ozN/+oALK+L0mVkHKQwWDLidKFVETPL9eS3UX/UwCgYIKoZIzj0E
+AwIDaQAwZgIxALyQfGdP8QNaNTG4thV6AMOMbeEZ7ic3ab3VUbrzGJL2Bm2QknAa
+aIKH7H/nfRo3zQIxAMuAfX6ua9m7O4juEsJUiWmCikU56OdCvJ7LdLz23Jr6BTFs
+lCwoCJMXp4SvFBjkXA==
+-----END CERTIFICATE-----

src/core/tsi/test_creds/client_p521.key

@@ -0,0 +1,8 @@
+-----BEGIN PRIVATE KEY-----
+MIHuAgEAMBAGByqGSM49AgEGBSuBBAAjBIHWMIHTAgEBBEIBppzS8G/BisQYQ9ZS
+mUtjProQYh7ZbnXws+pAbSWuTBTDdy4M4DVabZT1Xz5F8vxHl19/6sPCSER2Q9ZO
+JcAENzihgYkDgYYABAF7CDUfwYbWRJA0pg6+6EF9a4fFu6KKbpaOZyLnf6M+A4cz
+MGZgld2gv7sKkbYqKLgWqubBl3xO29MNJtr44CpXeAA3fkUxGJH71nI7ciWWtD5j
+Y1uw9Jg4iECAHkUMkah0uMbS3Z3/MKZDnFcCn/lBViEKLyjqhGxGK3Imq14JREUE
+nA==
+-----END PRIVATE KEY-----

src/core/tsi/test_creds/client_p521.pem

@@ -0,0 +1,14 @@
+-----BEGIN CERTIFICATE-----
+MIICMzCCAZQCFHpikmBZFARTiGZY/fLaXFwemK7JMAoGCCqGSM49BAMCMFYxCzAJ
+BgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5l
+dCBXaWRnaXRzIFB0eSBMdGQxDzANBgNVBAMMBnRlc3RjYTAeFw0yMzExMDMxNjQ4
+MThaFw0zMzEwMzExNjQ4MThaMFoxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21l
+LVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxEzARBgNV
+BAMMCnRlc3RjbGllbnQwgZswEAYHKoZIzj0CAQYFK4EEACMDgYYABAF7CDUfwYbW
+RJA0pg6+6EF9a4fFu6KKbpaOZyLnf6M+A4czMGZgld2gv7sKkbYqKLgWqubBl3xO
+29MNJtr44CpXeAA3fkUxGJH71nI7ciWWtD5jY1uw9Jg4iECAHkUMkah0uMbS3Z3/
+MKZDnFcCn/lBViEKLyjqhGxGK3Imq14JREUEnDAKBggqhkjOPQQDAgOBjAAwgYgC
+QgHKR5TNOimX3u5CfyLmlLQfq2XV1p87T83VzcMZAZVLt0uY8HGVKgfz7lTZmeDU
+QLFdRfyL7xWU73E/IakzwxQ8XwJCAcMiStKsd/fEqakBOMaSrKf4HW0BKfBMknzX
+nB4jk/HrpAFH73U8RaEHkWNvZAZMRuuf42JEvD/WYo1NzkDKQCYv
+-----END CERTIFICATE-----

src/core/tsi/test_creds/server1_p256.key

@@ -0,0 +1,5 @@
+-----BEGIN PRIVATE KEY-----
+MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgX3lS1sVqqA4Y1okH
+gpPua6BQDQEx16BKNU7RJ2JnmHWhRANCAATSCk+bxOa91Fea4DIaxOk6Kr/BZ64I
+bdGfQhL5vpOr1lttUYY3Vrw0nRRpqwTfb/4ckWBCe0A2gJ3ZimcziDuW
+-----END PRIVATE KEY-----

src/core/tsi/test_creds/server1_p256.pem

@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICajCCAhCgAwIBAgIUMzJGWNICD8UXAJZPxK6rLYLg+ywwCgYIKoZIzj0EAwIw
+VjELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGElu
+dGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEPMA0GA1UEAwwGdGVzdGNhMB4XDTIzMTEw
+MzE3MDgzOVoXDTMzMTAzMTE3MDgzOVowZTELMAkGA1UEBhMCVVMxETAPBgNVBAgM
+CElsbGlub2lzMRAwDgYDVQQHDAdDaGljYWdvMRUwEwYDVQQKDAxFeGFtcGxlLCBD
+by4xGjAYBgNVBAMMESoudGVzdC5nb29nbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZI
+zj0DAQcDQgAE0gpPm8TmvdRXmuAyGsTpOiq/wWeuCG3Rn0IS+b6Tq9ZbbVGGN1a8
+NJ0UaasE32/+HJFgQntANoCd2YpnM4g7lqOBrDCBqTAJBgNVHRMEAjAAMAsGA1Ud
+DwQEAwIF4DBPBgNVHREESDBGghAqLnRlc3QuZ29vZ2xlLmZyghh3YXRlcnpvb2ku
+dGVzdC5nb29nbGUuYmWCEioudGVzdC55b3V0dWJlLmNvbYcEwKgBAzAdBgNVHQ4E
+FgQUvxQhs4Mo4oQb5yFMnRXgYLZCxA0wHwYDVR0jBBgwFoAUDBOWxCIXoDvRt03E
+CXhjXH7e5WUwCgYIKoZIzj0EAwIDSAAwRQIhAIXof8XuM6DC1zaTedKenL1kEGF1
+NK3LHr8ga0MqkfeIAiAqwDgN/+vL4M1MhBbHJjhJqwSsTu/xOCzEsz4rnPn3yA==
+-----END CERTIFICATE-----

src/core/tsi/test_creds/server1_p384.key

@@ -0,0 +1,6 @@
+-----BEGIN PRIVATE KEY-----
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDBOMbTE7k26YMVxFgw7
+NEiptA2loi/OqNbhMtKZIWk3mQsANaSismkI+5XqvRFDOrihZANiAAQT/Fc/XtkC
+tQopM6yOWEbr5N+AQ3deMnhmJtJmqUjRaqJtFfC6DoPalKmSIJuiTt9kcTnX7GVu
+IP9PzNbcZhvBxaWvgd7Nqw82DMjXbhQZ0mYDxv4YE8baRubwi1kPzOw=
+-----END PRIVATE KEY-----

src/core/tsi/test_creds/server1_p384.pem

@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICpzCCAi2gAwIBAgIUKP1CPRwkJL8veW/rZ44TeLxhgf4wCgYIKoZIzj0EAwIw
+VjELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGElu
+dGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEPMA0GA1UEAwwGdGVzdGNhMB4XDTIzMTEw
+MzE3MDU1OFoXDTMzMTAzMTE3MDU1OFowZTELMAkGA1UEBhMCVVMxETAPBgNVBAgM
+CElsbGlub2lzMRAwDgYDVQQHDAdDaGljYWdvMRUwEwYDVQQKDAxFeGFtcGxlLCBD
+by4xGjAYBgNVBAMMESoudGVzdC5nb29nbGUuY29tMHYwEAYHKoZIzj0CAQYFK4EE
+ACIDYgAEE/xXP17ZArUKKTOsjlhG6+TfgEN3XjJ4ZibSZqlI0WqibRXwug6D2pSp
+kiCbok7fZHE51+xlbiD/T8zW3GYbwcWlr4HezasPNgzI124UGdJmA8b+GBPG2kbm
+8ItZD8zso4GsMIGpMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgXgME8GA1UdEQRIMEaC
+ECoudGVzdC5nb29nbGUuZnKCGHdhdGVyem9vaS50ZXN0Lmdvb2dsZS5iZYISKi50
+ZXN0LnlvdXR1YmUuY29thwTAqAEDMB0GA1UdDgQWBBQWdCAVIpUBjNOCSObz1XRq
+G24wbTAfBgNVHSMEGDAWgBRvy1do8WB2zQllmglicL/AmUJtVDAKBggqhkjOPQQD
+AgNoADBlAjEAigxqqVOPY/4yw9NJbLuy7rgCSIgmflU31Jv9pcShnB+lu09Ojntk
+lBVp6rvp3RK4AjBIYmXoXApZuhej7srweQ/GF332d4eQ/XdEvRRvueFJ+Z/5YRQK
+9QpyJqwWVXCmx8E=
+-----END CERTIFICATE-----

src/core/tsi/test_creds/server1_p521.key

@@ -0,0 +1,8 @@
+-----BEGIN PRIVATE KEY-----
+MIHuAgEAMBAGByqGSM49AgEGBSuBBAAjBIHWMIHTAgEBBEIAopSSX3MXcdFj5ZMn
+6LAw90RqFabicgAumGtTdBpUg2Uh8WckBVaPZ2tCeByxBFzOdxbfRdoAh5HqDvYu
+gs//TqmhgYkDgYYABAHlLIip/GcdqheCKfcP+urfriemnLCtrwGHvmMCEwUmsi79
+/uw8KKC+53kkF/obVxWLW11zPTGvZTNB7o869vsNDwCUcivWDvIQTUcxLqfT+QLq
+3NK3AyKJsG2U8e5p3vziqwLQEHRkTukV/sZbd2l2PxC4LoRQnYpGJ1tAxqLvAfYF
+fw==
+-----END PRIVATE KEY-----

src/core/tsi/test_creds/server1_p521.pem

@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC8jCCAlOgAwIBAgIUG9PQMKWv/CO/fNFce9JE9YuIa74wCgYIKoZIzj0EAwIw
+VjELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGElu
+dGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEPMA0GA1UEAwwGdGVzdGNhMB4XDTIzMTEw
+MzE3MDgwMloXDTMzMTAzMTE3MDgwMlowZTELMAkGA1UEBhMCVVMxETAPBgNVBAgM
+CElsbGlub2lzMRAwDgYDVQQHDAdDaGljYWdvMRUwEwYDVQQKDAxFeGFtcGxlLCBD
+by4xGjAYBgNVBAMMESoudGVzdC5nb29nbGUuY29tMIGbMBAGByqGSM49AgEGBSuB
+BAAjA4GGAAQB5SyIqfxnHaoXgin3D/rq364nppywra8Bh75jAhMFJrIu/f7sPCig
+vud5JBf6G1cVi1tdcz0xr2UzQe6POvb7DQ8AlHIr1g7yEE1HMS6n0/kC6tzStwMi
+ibBtlPHuad784qsC0BB0ZE7pFf7GW3dpdj8QuC6EUJ2KRidbQMai7wH2BX+jgaww
+gakwCQYDVR0TBAIwADALBgNVHQ8EBAMCBeAwTwYDVR0RBEgwRoIQKi50ZXN0Lmdv
+b2dsZS5mcoIYd2F0ZXJ6b29pLnRlc3QuZ29vZ2xlLmJlghIqLnRlc3QueW91dHVi
+ZS5jb22HBMCoAQMwHQYDVR0OBBYEFPYv3eqdBfB9MAawZ6NwhJQEa2WRMB8GA1Ud
+IwQYMBaAFMkAZkwpAn2p+7mG62dqu5ZFmXbOMAoGCCqGSM49BAMCA4GMADCBiAJC
+AbAAt3BoGPWnHzlh8pEY8y5j23xaPtcvJRYhpWU+jklcoKqRfC0gwHystNfuSduT
+Oyc88KHtxL1jGJ/Iar7Bok7vAkIBPJ+Eo++AWSbthCfRfi3JKk3CVx5BgDfKiFBW
+31Dr6b9NgZik1NCrjWEiGCyRXQS9J582RT8s/Lbt8VlBPMwCzS0=
+-----END CERTIFICATE-----