]> git.ipfire.org Git - thirdparty/openssl.git/blob - test/evp_extra_test.c
projects / thirdparty / openssl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Add EVP signature with libctx methods.
[thirdparty/openssl.git] / test / evp_extra_test.c
1 /*
2 * Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 /* We need to use some deprecated APIs */
11 #define OPENSSL_SUPPRESS_DEPRECATED
12
13 #include <stdio.h>
14 #include <stdlib.h>
15 #include <string.h>
16 #include <openssl/bio.h>
17 #include <openssl/conf.h>
18 #include <openssl/crypto.h>
19 #include <openssl/err.h>
20 #include <openssl/evp.h>
21 #include <openssl/rsa.h>
22 #include <openssl/x509.h>
23 #include <openssl/pem.h>
24 #include <openssl/kdf.h>
25 #include <openssl/provider.h>
26 #include <openssl/core_names.h>
27 #include <openssl/params.h>
28 #include <openssl/dsa.h>
29 #include <openssl/dh.h>
30 #include "testutil.h"
31 #include "internal/nelem.h"
32 #include "internal/sizes.h"
33 #include "crypto/evp.h"
34
35 static OPENSSL_CTX *testctx = NULL;
36
37 /*
38 * kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you
39 * should never use this key anywhere but in an example.
40 */
41 static const unsigned char kExampleRSAKeyDER[] = {
42 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xf8,
43 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59,
44 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37,
45 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71,
46 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a,
47 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4,
48 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec,
49 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76,
50 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8,
51 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7,
52 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c,
53 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01,
54 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 0x6d, 0xc7,
55 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 0x32, 0x85,
56 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 0x5f, 0xee,
57 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 0x66, 0x85,
58 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 0xa4, 0x0a,
59 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 0xc2, 0x15,
60 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 0x5b, 0x83,
61 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 0x80, 0x1b,
62 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 0x99, 0x73,
63 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 0x1f, 0x99,
64 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 0xb1, 0x02,
65 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 0x40, 0x41,
66 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 0x3d, 0x59,
67 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 0xc6, 0xd9,
68 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 0x9f, 0xef,
69 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 0x46, 0x87,
70 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 0x2c, 0xdf,
71 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 0x55, 0xf5,
72 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 0xcd, 0xb5,
73 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 0xb3, 0x62,
74 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 0x9b, 0x64,
75 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 0xfa, 0xb8,
76 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 0xe8, 0xba,
77 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 0xe7, 0xfe,
78 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 0x75, 0xe7,
79 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 0x9d, 0xfe,
80 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 0xf1, 0xdb,
81 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 0x5a, 0x34,
82 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 0x84, 0x27,
83 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 0xe9, 0xc0,
84 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 0xb9, 0xba,
85 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 0x10, 0x06,
86 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 0x52, 0x2c,
87 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 0xc4, 0x1e,
88 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 0x49, 0xaf,
89 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 0xd1, 0x8a,
90 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 0x17, 0x17,
91 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 0x08, 0xf1,
92 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
93 };
94
95 /*
96 * kExampleDSAKeyDER is a DSA private key in ASN.1, DER format. Of course, you
97 * should never use this key anywhere but in an example.
98 */
99 #ifndef OPENSSL_NO_DSA
100 static const unsigned char kExampleDSAKeyDER[] = {
101 0x30, 0x82, 0x01, 0xba, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0x9a,
102 0x05, 0x6d, 0x33, 0xcd, 0x5d, 0x78, 0xa1, 0xbb, 0xcb, 0x7d, 0x5b, 0x8d,
103 0xb4, 0xcc, 0xbf, 0x03, 0x99, 0x64, 0xde, 0x38, 0x78, 0x06, 0x15, 0x2f,
104 0x86, 0x26, 0x77, 0xf3, 0xb1, 0x85, 0x00, 0xed, 0xfc, 0x28, 0x3a, 0x42,
105 0x4d, 0xab, 0xab, 0xdf, 0xbc, 0x9c, 0x16, 0xd0, 0x22, 0x50, 0xd1, 0x38,
106 0xdd, 0x3f, 0x64, 0x05, 0x9e, 0x68, 0x7a, 0x1e, 0xf1, 0x56, 0xbf, 0x1e,
107 0x2c, 0xc5, 0x97, 0x2a, 0xfe, 0x7a, 0x22, 0xdc, 0x6c, 0x68, 0xb8, 0x2e,
108 0x06, 0xdb, 0x41, 0xca, 0x98, 0xd8, 0x54, 0xc7, 0x64, 0x48, 0x24, 0x04,
109 0x20, 0xbc, 0x59, 0xe3, 0x6b, 0xea, 0x7e, 0xfc, 0x7e, 0xc5, 0x4e, 0xd4,
110 0xd8, 0x3a, 0xed, 0xcd, 0x5d, 0x99, 0xb8, 0x5c, 0xa2, 0x8b, 0xbb, 0x0b,
111 0xac, 0xe6, 0x8e, 0x25, 0x56, 0x22, 0x3a, 0x2d, 0x3a, 0x56, 0x41, 0x14,
112 0x1f, 0x1c, 0x8f, 0x53, 0x46, 0x13, 0x85, 0x02, 0x15, 0x00, 0x98, 0x7e,
113 0x92, 0x81, 0x88, 0xc7, 0x3f, 0x70, 0x49, 0x54, 0xf6, 0x76, 0xb4, 0xa3,
114 0x9e, 0x1d, 0x45, 0x98, 0x32, 0x7f, 0x02, 0x81, 0x80, 0x69, 0x4d, 0xef,
115 0x55, 0xff, 0x4d, 0x59, 0x2c, 0x01, 0xfa, 0x6a, 0x38, 0xe0, 0x70, 0x9f,
116 0x9e, 0x66, 0x8e, 0x3e, 0x8c, 0x52, 0x22, 0x9d, 0x15, 0x7e, 0x3c, 0xef,
117 0x4c, 0x7a, 0x61, 0x26, 0xe0, 0x2b, 0x81, 0x3f, 0xeb, 0xaf, 0x35, 0x38,
118 0x8d, 0xfe, 0xed, 0x46, 0xff, 0x5f, 0x03, 0x9b, 0x81, 0x92, 0xe7, 0x6f,
119 0x76, 0x4f, 0x1d, 0xd9, 0xbb, 0x89, 0xc9, 0x3e, 0xd9, 0x0b, 0xf9, 0xf4,
120 0x78, 0x11, 0x59, 0xc0, 0x1d, 0xcd, 0x0e, 0xa1, 0x6f, 0x15, 0xf1, 0x4d,
121 0xc1, 0xc9, 0x22, 0xed, 0x8d, 0xad, 0x67, 0xc5, 0x4b, 0x95, 0x93, 0x86,
122 0xa6, 0xaf, 0x8a, 0xee, 0x06, 0x89, 0x2f, 0x37, 0x7e, 0x64, 0xaa, 0xf6,
123 0xe7, 0xb1, 0x5a, 0x0a, 0x93, 0x95, 0x5d, 0x3e, 0x53, 0x9a, 0xde, 0x8a,
124 0xc2, 0x95, 0x45, 0x81, 0xbe, 0x5c, 0x2f, 0xc2, 0xb2, 0x92, 0x58, 0x19,
125 0x72, 0x80, 0xe9, 0x79, 0xa1, 0x02, 0x81, 0x80, 0x07, 0xd7, 0x62, 0xff,
126 0xdf, 0x1a, 0x3f, 0xed, 0x32, 0xd4, 0xd4, 0x88, 0x7b, 0x2c, 0x63, 0x7f,
127 0x97, 0xdc, 0x44, 0xd4, 0x84, 0xa2, 0xdd, 0x17, 0x16, 0x85, 0x13, 0xe0,
128 0xac, 0x51, 0x8d, 0x29, 0x1b, 0x75, 0x9a, 0xe4, 0xe3, 0x8a, 0x92, 0x69,
129 0x09, 0x03, 0xc5, 0x68, 0xae, 0x5e, 0x94, 0xfe, 0xc9, 0x92, 0x6c, 0x07,
130 0xb4, 0x1e, 0x64, 0x62, 0x87, 0xc6, 0xa4, 0xfd, 0x0d, 0x5f, 0xe5, 0xf9,
131 0x1b, 0x4f, 0x85, 0x5f, 0xae, 0xf3, 0x11, 0xe5, 0x18, 0xd4, 0x4d, 0x79,
132 0x9f, 0xc4, 0x79, 0x26, 0x04, 0x27, 0xf0, 0x0b, 0xee, 0x2b, 0x86, 0x9f,
133 0x86, 0x61, 0xe6, 0x51, 0xce, 0x04, 0x9b, 0x5d, 0x6b, 0x34, 0x43, 0x8c,
134 0x85, 0x3c, 0xf1, 0x51, 0x9b, 0x08, 0x23, 0x1b, 0xf5, 0x7e, 0x33, 0x12,
135 0xea, 0xab, 0x1f, 0xb7, 0x2d, 0xe2, 0x5f, 0xe6, 0x97, 0x99, 0xb5, 0x45,
136 0x16, 0x5b, 0xc3, 0x41, 0x02, 0x14, 0x61, 0xbf, 0x51, 0x60, 0xcf, 0xc8,
137 0xf1, 0x8c, 0x82, 0x97, 0xf2, 0xf4, 0x19, 0xba, 0x2b, 0xf3, 0x16, 0xbe,
138 0x40, 0x48
139 };
140 #endif
141
142 /*
143 * kExampleBadRSAKeyDER is an RSA private key in ASN.1, DER format. The private
144 * components are not correct.
145 */
146 static const unsigned char kExampleBadRSAKeyDER[] = {
147 0x30, 0x82, 0x04, 0x27, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00,
148 0xa6, 0x1a, 0x1e, 0x6e, 0x7b, 0xee, 0xc6, 0x89, 0x66, 0xe7, 0x93, 0xef,
149 0x54, 0x12, 0x68, 0xea, 0xbf, 0x86, 0x2f, 0xdd, 0xd2, 0x79, 0xb8, 0xa9,
150 0x6e, 0x03, 0xc2, 0xa3, 0xb9, 0xa3, 0xe1, 0x4b, 0x2a, 0xb3, 0xf8, 0xb4,
151 0xcd, 0xea, 0xbe, 0x24, 0xa6, 0x57, 0x5b, 0x83, 0x1f, 0x0f, 0xf2, 0xd3,
152 0xb7, 0xac, 0x7e, 0xd6, 0x8e, 0x6e, 0x1e, 0xbf, 0xb8, 0x73, 0x8c, 0x05,
153 0x56, 0xe6, 0x35, 0x1f, 0xe9, 0x04, 0x0b, 0x09, 0x86, 0x7d, 0xf1, 0x26,
154 0x08, 0x99, 0xad, 0x7b, 0xc8, 0x4d, 0x94, 0xb0, 0x0b, 0x8b, 0x38, 0xa0,
155 0x5c, 0x62, 0xa0, 0xab, 0xd3, 0x8f, 0xd4, 0x09, 0x60, 0x72, 0x1e, 0x33,
156 0x50, 0x80, 0x6e, 0x22, 0xa6, 0x77, 0x57, 0x6b, 0x9a, 0x33, 0x21, 0x66,
157 0x87, 0x6e, 0x21, 0x7b, 0xc7, 0x24, 0x0e, 0xd8, 0x13, 0xdf, 0x83, 0xde,
158 0xcd, 0x40, 0x58, 0x1d, 0x84, 0x86, 0xeb, 0xb8, 0x12, 0x4e, 0xd2, 0xfa,
159 0x80, 0x1f, 0xe4, 0xe7, 0x96, 0x29, 0xb8, 0xcc, 0xce, 0x66, 0x6d, 0x53,
160 0xca, 0xb9, 0x5a, 0xd7, 0xf6, 0x84, 0x6c, 0x2d, 0x9a, 0x1a, 0x14, 0x1c,
161 0x4e, 0x93, 0x39, 0xba, 0x74, 0xed, 0xed, 0x87, 0x87, 0x5e, 0x48, 0x75,
162 0x36, 0xf0, 0xbc, 0x34, 0xfb, 0x29, 0xf9, 0x9f, 0x96, 0x5b, 0x0b, 0xa7,
163 0x54, 0x30, 0x51, 0x29, 0x18, 0x5b, 0x7d, 0xac, 0x0f, 0xd6, 0x5f, 0x7c,
164 0xf8, 0x98, 0x8c, 0xd8, 0x86, 0x62, 0xb3, 0xdc, 0xff, 0x0f, 0xff, 0x7a,
165 0xaf, 0x5c, 0x4c, 0x61, 0x49, 0x2e, 0xc8, 0x95, 0x86, 0xc4, 0x0e, 0x87,
166 0xfc, 0x1d, 0xcf, 0x8b, 0x7c, 0x61, 0xf6, 0xd8, 0xd0, 0x69, 0xf6, 0xcd,
167 0x8a, 0x8c, 0xf6, 0x62, 0xa2, 0x56, 0xa9, 0xe3, 0xd1, 0xcf, 0x4d, 0xa0,
168 0xf6, 0x2d, 0x20, 0x0a, 0x04, 0xb7, 0xa2, 0xf7, 0xb5, 0x99, 0x47, 0x18,
169 0x56, 0x85, 0x87, 0xc7, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01,
170 0x01, 0x00, 0x99, 0x41, 0x38, 0x1a, 0xd0, 0x96, 0x7a, 0xf0, 0x83, 0xd5,
171 0xdf, 0x94, 0xce, 0x89, 0x3d, 0xec, 0x7a, 0x52, 0x21, 0x10, 0x16, 0x06,
172 0xe0, 0xee, 0xd2, 0xe6, 0xfd, 0x4b, 0x7b, 0x19, 0x4d, 0xe1, 0xc0, 0xc0,
173 0xd5, 0x14, 0x5d, 0x79, 0xdd, 0x7e, 0x8b, 0x4b, 0xc6, 0xcf, 0xb0, 0x75,
174 0x52, 0xa3, 0x2d, 0xb1, 0x26, 0x46, 0x68, 0x9c, 0x0a, 0x1a, 0xf2, 0xe1,
175 0x09, 0xac, 0x53, 0x85, 0x8c, 0x36, 0xa9, 0x14, 0x65, 0xea, 0xa0, 0x00,
176 0xcb, 0xe3, 0x3f, 0xc4, 0x2b, 0x61, 0x2e, 0x6b, 0x06, 0x69, 0x77, 0xfd,
177 0x38, 0x7e, 0x1d, 0x3f, 0x92, 0xe7, 0x77, 0x08, 0x19, 0xa7, 0x9d, 0x29,
178 0x2d, 0xdc, 0x42, 0xc6, 0x7c, 0xd7, 0xd3, 0xa8, 0x01, 0x2c, 0xf2, 0xd5,
179 0x82, 0x57, 0xcb, 0x55, 0x3d, 0xe7, 0xaa, 0xd2, 0x06, 0x30, 0x30, 0x05,
180 0xe6, 0xf2, 0x47, 0x86, 0xba, 0xc6, 0x61, 0x64, 0xeb, 0x4f, 0x2a, 0x5e,
181 0x07, 0x29, 0xe0, 0x96, 0xb2, 0x43, 0xff, 0x5f, 0x1a, 0x54, 0x16, 0xcf,
182 0xb5, 0x56, 0x5c, 0xa0, 0x9b, 0x0c, 0xfd, 0xb3, 0xd2, 0xe3, 0x79, 0x1d,
183 0x21, 0xe2, 0xd6, 0x13, 0xc4, 0x74, 0xa6, 0xf5, 0x8e, 0x8e, 0x81, 0xbb,
184 0xb4, 0xad, 0x8a, 0xf0, 0x93, 0x0a, 0xd8, 0x0a, 0x42, 0x36, 0xbc, 0xe5,
185 0x26, 0x2a, 0x0d, 0x5d, 0x57, 0x13, 0xc5, 0x4e, 0x2f, 0x12, 0x0e, 0xef,
186 0xa7, 0x81, 0x1e, 0xc3, 0xa5, 0xdb, 0xc9, 0x24, 0xeb, 0x1a, 0xa1, 0xf9,
187 0xf6, 0xa1, 0x78, 0x98, 0x93, 0x77, 0x42, 0x45, 0x03, 0xe2, 0xc9, 0xa2,
188 0xfe, 0x2d, 0x77, 0xc8, 0xc6, 0xac, 0x9b, 0x98, 0x89, 0x6d, 0x9a, 0xe7,
189 0x61, 0x63, 0xb7, 0xf2, 0xec, 0xd6, 0xb1, 0xa1, 0x6e, 0x0a, 0x1a, 0xff,
190 0xfd, 0x43, 0x28, 0xc3, 0x0c, 0xdc, 0xf2, 0x47, 0x4f, 0x27, 0xaa, 0x99,
191 0x04, 0x8e, 0xac, 0xe8, 0x7c, 0x01, 0x02, 0x04, 0x12, 0x34, 0x56, 0x78,
192 0x02, 0x81, 0x81, 0x00, 0xca, 0x69, 0xe5, 0xbb, 0x3a, 0x90, 0x82, 0xcb,
193 0x82, 0x50, 0x2f, 0x29, 0xe2, 0x76, 0x6a, 0x57, 0x55, 0x45, 0x4e, 0x35,
194 0x18, 0x61, 0xe0, 0x12, 0x70, 0xc0, 0xab, 0xc7, 0x80, 0xa2, 0xd4, 0x46,
195 0x34, 0x03, 0xa0, 0x19, 0x26, 0x23, 0x9e, 0xef, 0x1a, 0xcb, 0x75, 0xd6,
196 0xba, 0x81, 0xf4, 0x7e, 0x52, 0xe5, 0x2a, 0xe8, 0xf1, 0x49, 0x6c, 0x0f,
197 0x1a, 0xa0, 0xf9, 0xc6, 0xe7, 0xec, 0x60, 0xe4, 0xcb, 0x2a, 0xb5, 0x56,
198 0xe9, 0x9c, 0xcd, 0x19, 0x75, 0x92, 0xb1, 0x66, 0xce, 0xc3, 0xd9, 0x3d,
199 0x11, 0xcb, 0xc4, 0x09, 0xce, 0x1e, 0x30, 0xba, 0x2f, 0x60, 0x60, 0x55,
200 0x8d, 0x02, 0xdc, 0x5d, 0xaf, 0xf7, 0x52, 0x31, 0x17, 0x07, 0x53, 0x20,
201 0x33, 0xad, 0x8c, 0xd5, 0x2f, 0x5a, 0xd0, 0x57, 0xd7, 0xd1, 0x80, 0xd6,
202 0x3a, 0x9b, 0x04, 0x4f, 0x35, 0xbf, 0xe7, 0xd5, 0xbc, 0x8f, 0xd4, 0x81,
203 0x02, 0x81, 0x81, 0x00, 0xc0, 0x9f, 0xf8, 0xcd, 0xf7, 0x3f, 0x26, 0x8a,
204 0x3d, 0x4d, 0x2b, 0x0c, 0x01, 0xd0, 0xa2, 0xb4, 0x18, 0xfe, 0xf7, 0x5e,
205 0x2f, 0x06, 0x13, 0xcd, 0x63, 0xaa, 0x12, 0xa9, 0x24, 0x86, 0xe3, 0xf3,
206 0x7b, 0xda, 0x1a, 0x3c, 0xb1, 0x38, 0x80, 0x80, 0xef, 0x64, 0x64, 0xa1,
207 0x9b, 0xfe, 0x76, 0x63, 0x8e, 0x83, 0xd2, 0xd9, 0xb9, 0x86, 0xb0, 0xe6,
208 0xa6, 0x0c, 0x7e, 0xa8, 0x84, 0x90, 0x98, 0x0c, 0x1e, 0xf3, 0x14, 0x77,
209 0xe0, 0x5f, 0x81, 0x08, 0x11, 0x8f, 0xa6, 0x23, 0xc4, 0xba, 0xc0, 0x8a,
210 0xe4, 0xc6, 0xe3, 0x5c, 0xbe, 0xc5, 0xec, 0x2c, 0xb9, 0xd8, 0x8c, 0x4d,
211 0x1a, 0x9d, 0xe7, 0x7c, 0x85, 0x4c, 0x0d, 0x71, 0x4e, 0x72, 0x33, 0x1b,
212 0xfe, 0xa9, 0x17, 0x72, 0x76, 0x56, 0x9d, 0x74, 0x7e, 0x52, 0x67, 0x9a,
213 0x87, 0x9a, 0xdb, 0x30, 0xde, 0xe4, 0x49, 0x28, 0x3b, 0xd2, 0x67, 0xaf,
214 0x02, 0x81, 0x81, 0x00, 0x89, 0x74, 0x9a, 0x8e, 0xa7, 0xb9, 0xa5, 0x28,
215 0xc0, 0x68, 0xe5, 0x6e, 0x63, 0x1c, 0x99, 0x20, 0x8f, 0x86, 0x8e, 0x12,
216 0x9e, 0x69, 0x30, 0xfa, 0x34, 0xd9, 0x92, 0x8d, 0xdb, 0x7c, 0x37, 0xfd,
217 0x28, 0xab, 0x61, 0x98, 0x52, 0x7f, 0x14, 0x1a, 0x39, 0xae, 0xfb, 0x6a,
218 0x03, 0xa3, 0xe6, 0xbd, 0xb6, 0x5b, 0x6b, 0xe5, 0x5e, 0x9d, 0xc6, 0xa5,
219 0x07, 0x27, 0x54, 0x17, 0xd0, 0x3d, 0x84, 0x9b, 0x3a, 0xa0, 0xd9, 0x1e,
220 0x99, 0x6c, 0x63, 0x17, 0xab, 0xf1, 0x1f, 0x49, 0xba, 0x95, 0xe3, 0x3b,
221 0x86, 0x8f, 0x42, 0xa4, 0x89, 0xf5, 0x94, 0x8f, 0x8b, 0x46, 0xbe, 0x84,
222 0xba, 0x4a, 0xbc, 0x0d, 0x5f, 0x46, 0xeb, 0xe8, 0xec, 0x43, 0x8c, 0x1e,
223 0xad, 0x19, 0x69, 0x2f, 0x08, 0x86, 0x7a, 0x3f, 0x7d, 0x0f, 0x07, 0x97,
224 0xf3, 0x9a, 0x7b, 0xb5, 0xb2, 0xc1, 0x8c, 0x95, 0x68, 0x04, 0xa0, 0x81,
225 0x02, 0x81, 0x80, 0x4e, 0xbf, 0x7e, 0x1b, 0xcb, 0x13, 0x61, 0x75, 0x3b,
226 0xdb, 0x59, 0x5f, 0xb1, 0xd4, 0xb8, 0xeb, 0x9e, 0x73, 0xb5, 0xe7, 0xf6,
227 0x89, 0x3d, 0x1c, 0xda, 0xf0, 0x36, 0xff, 0x35, 0xbd, 0x1e, 0x0b, 0x74,
228 0xe3, 0x9e, 0xf0, 0xf2, 0xf7, 0xd7, 0x82, 0xb7, 0x7b, 0x6a, 0x1b, 0x0e,
229 0x30, 0x4a, 0x98, 0x0e, 0xb4, 0xf9, 0x81, 0x07, 0xe4, 0x75, 0x39, 0xe9,
230 0x53, 0xca, 0xbb, 0x5c, 0xaa, 0x93, 0x07, 0x0e, 0xa8, 0x2f, 0xba, 0x98,
231 0x49, 0x30, 0xa7, 0xcc, 0x1a, 0x3c, 0x68, 0x0c, 0xe1, 0xa4, 0xb1, 0x05,
232 0xe6, 0xe0, 0x25, 0x78, 0x58, 0x14, 0x37, 0xf5, 0x1f, 0xe3, 0x22, 0xef,
233 0xa8, 0x0e, 0x22, 0xa0, 0x94, 0x3a, 0xf6, 0xc9, 0x13, 0xe6, 0x06, 0xbf,
234 0x7f, 0x99, 0xc6, 0xcc, 0xd8, 0xc6, 0xbe, 0xd9, 0x2e, 0x24, 0xc7, 0x69,
235 0x8c, 0x95, 0xba, 0xf6, 0x04, 0xb3, 0x0a, 0xf4, 0xcb, 0xf0, 0xce,
236 };
237
238 static const unsigned char kMsg[] = { 1, 2, 3, 4 };
239
240 static const unsigned char kSignature[] = {
241 0xa5, 0xf0, 0x8a, 0x47, 0x5d, 0x3c, 0xb3, 0xcc, 0xa9, 0x79, 0xaf, 0x4d,
242 0x8c, 0xae, 0x4c, 0x14, 0xef, 0xc2, 0x0b, 0x34, 0x36, 0xde, 0xf4, 0x3e,
243 0x3d, 0xbb, 0x4a, 0x60, 0x5c, 0xc8, 0x91, 0x28, 0xda, 0xfb, 0x7e, 0x04,
244 0x96, 0x7e, 0x63, 0x13, 0x90, 0xce, 0xb9, 0xb4, 0x62, 0x7a, 0xfd, 0x09,
245 0x3d, 0xc7, 0x67, 0x78, 0x54, 0x04, 0xeb, 0x52, 0x62, 0x6e, 0x24, 0x67,
246 0xb4, 0x40, 0xfc, 0x57, 0x62, 0xc6, 0xf1, 0x67, 0xc1, 0x97, 0x8f, 0x6a,
247 0xa8, 0xae, 0x44, 0x46, 0x5e, 0xab, 0x67, 0x17, 0x53, 0x19, 0x3a, 0xda,
248 0x5a, 0xc8, 0x16, 0x3e, 0x86, 0xd5, 0xc5, 0x71, 0x2f, 0xfc, 0x23, 0x48,
249 0xd9, 0x0b, 0x13, 0xdd, 0x7b, 0x5a, 0x25, 0x79, 0xef, 0xa5, 0x7b, 0x04,
250 0xed, 0x44, 0xf6, 0x18, 0x55, 0xe4, 0x0a, 0xe9, 0x57, 0x79, 0x5d, 0xd7,
251 0x55, 0xa7, 0xab, 0x45, 0x02, 0x97, 0x60, 0x42,
252 };
253
254 /*
255 * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS #8
256 * PrivateKeyInfo.
257 */
258 static const unsigned char kExampleRSAKeyPKCS8[] = {
259 0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
260 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
261 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
262 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5,
263 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e,
264 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34,
265 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde,
266 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8,
267 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b,
268 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83,
269 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48,
270 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a,
271 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2,
272 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01,
273 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a,
274 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5,
275 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6,
276 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8,
277 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6,
278 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f,
279 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c,
280 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78,
281 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71,
282 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60,
283 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d,
284 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3,
285 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d,
286 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18,
287 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d,
288 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32,
289 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc,
290 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63,
291 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05,
292 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16,
293 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3,
294 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85,
295 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97,
296 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7,
297 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99,
298 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4,
299 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d,
300 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40,
301 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26,
302 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1,
303 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c,
304 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30,
305 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea,
306 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b,
307 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e,
308 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9,
309 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae,
310 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d,
311 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
312 };
313
314 #ifndef OPENSSL_NO_EC
315 /*
316 * kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey
317 * structure.
318 */
319 static const unsigned char kExampleECKeyDER[] = {
320 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x07, 0x0f, 0x08, 0x72, 0x7a,
321 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 0x4d, 0x89, 0x68, 0x77, 0x08,
322 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 0xe8, 0xd1, 0xc9, 0xce, 0x0a,
323 0x8b, 0xb4, 0x6a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
324 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69,
325 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c,
326 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9,
327 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18,
328 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16,
329 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22,
330 0xc1,
331 };
332
333 /*
334 * kExampleBadECKeyDER is a sample EC private key encoded as an ECPrivateKey
335 * structure. The private key is equal to the order and will fail to import
336 */
337 static const unsigned char kExampleBadECKeyDER[] = {
338 0x30, 0x66, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48,
339 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03,
340 0x01, 0x07, 0x04, 0x4C, 0x30, 0x4A, 0x02, 0x01, 0x01, 0x04, 0x20, 0xFF,
341 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
342 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3,
343 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51, 0xA1, 0x23, 0x03, 0x21, 0x00,
344 0x00, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
345 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84,
346 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51
347 };
348
349 /* prime256v1 */
350 static const unsigned char kExampleECPubKeyDER[] = {
351 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
352 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
353 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
354 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
355 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
356 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
357 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
358 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
359 };
360
361 /*
362 * kExampleBadECPubKeyDER is a sample EC public key with a wrong OID
363 * 1.2.840.10045.2.2 instead of 1.2.840.10045.2.1 - EC Public Key
364 */
365 static const unsigned char kExampleBadECPubKeyDER[] = {
366 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
367 0x02, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
368 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
369 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
370 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
371 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
372 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
373 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
374 };
375
376 static const unsigned char pExampleECParamDER[] = {
377 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07
378 };
379 #endif
380
381 typedef struct APK_DATA_st {
382 const unsigned char *kder;
383 size_t size;
384 int evptype;
385 int check;
386 int pub_check;
387 int param_check;
388 int type; /* 0 for private, 1 for public, 2 for params */
389 } APK_DATA;
390
391 static APK_DATA keydata[] = {
392 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), EVP_PKEY_RSA},
393 {kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), EVP_PKEY_RSA},
394 #ifndef OPENSSL_NO_EC
395 {kExampleECKeyDER, sizeof(kExampleECKeyDER), EVP_PKEY_EC}
396 #endif
397 };
398
399 static APK_DATA keycheckdata[] = {
400 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), EVP_PKEY_RSA, 1, -2, -2, 0},
401 {kExampleBadRSAKeyDER, sizeof(kExampleBadRSAKeyDER), EVP_PKEY_RSA,
402 0, -2, -2, 0},
403 #ifndef OPENSSL_NO_EC
404 {kExampleECKeyDER, sizeof(kExampleECKeyDER), EVP_PKEY_EC, 1, 1, 1, 0},
405 /* group is also associated in our pub key */
406 {kExampleECPubKeyDER, sizeof(kExampleECPubKeyDER), EVP_PKEY_EC, 0, 1, 1, 1},
407 {pExampleECParamDER, sizeof(pExampleECParamDER), EVP_PKEY_EC, 0, 0, 1, 2}
408 #endif
409 };
410
411 static EVP_PKEY *load_example_rsa_key(void)
412 {
413 EVP_PKEY *ret = NULL;
414 const unsigned char *derp = kExampleRSAKeyDER;
415 EVP_PKEY *pkey = NULL;
416 RSA *rsa = NULL;
417
418 if (!TEST_true(d2i_RSAPrivateKey(&rsa, &derp, sizeof(kExampleRSAKeyDER))))
419 return NULL;
420
421 if (!TEST_ptr(pkey = EVP_PKEY_new())
422 || !TEST_true(EVP_PKEY_set1_RSA(pkey, rsa)))
423 goto end;
424
425 ret = pkey;
426 pkey = NULL;
427
428 end:
429 EVP_PKEY_free(pkey);
430 RSA_free(rsa);
431
432 return ret;
433 }
434
435 #ifndef OPENSSL_NO_DSA
436 static EVP_PKEY *load_example_dsa_key(void)
437 {
438 EVP_PKEY *ret = NULL;
439 const unsigned char *derp = kExampleDSAKeyDER;
440 EVP_PKEY *pkey = NULL;
441 DSA *dsa = NULL;
442
443 if (!TEST_true(d2i_DSAPrivateKey(&dsa, &derp, sizeof(kExampleDSAKeyDER))))
444 return NULL;
445
446 if (!TEST_ptr(pkey = EVP_PKEY_new())
447 || !TEST_true(EVP_PKEY_set1_DSA(pkey, dsa)))
448 goto end;
449
450 ret = pkey;
451 pkey = NULL;
452
453 end:
454 EVP_PKEY_free(pkey);
455 DSA_free(dsa);
456
457 return ret;
458 }
459 #endif
460
461 static EVP_PKEY *load_example_hmac_key(void)
462 {
463 EVP_PKEY *pkey = NULL;
464 unsigned char key[] = {
465 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
466 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
467 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
468 };
469
470 pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, NULL, key, sizeof(key));
471 if (!TEST_ptr(pkey))
472 return NULL;
473
474 return pkey;
475 }
476
477 static int test_EVP_set_default_properties(void)
478 {
479 OPENSSL_CTX *ctx;
480 EVP_MD *md = NULL;
481 int res = 0;
482
483 if (!TEST_ptr(ctx = OPENSSL_CTX_new())
484 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
485 goto err;
486 EVP_MD_free(md);
487 md = NULL;
488
489 if (!TEST_true(EVP_set_default_properties(ctx, "provider=fizzbang"))
490 || !TEST_ptr_null(md = EVP_MD_fetch(ctx, "sha256", NULL))
491 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", "-provider")))
492 goto err;
493 EVP_MD_free(md);
494 md = NULL;
495
496 if (!TEST_true(EVP_set_default_properties(ctx, NULL))
497 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
498 goto err;
499 res = 1;
500 err:
501 EVP_MD_free(md);
502 OPENSSL_CTX_free(ctx);
503 return res;
504 }
505
506 static int test_EVP_Enveloped(void)
507 {
508 int ret = 0;
509 EVP_CIPHER_CTX *ctx = NULL;
510 EVP_PKEY *keypair = NULL;
511 unsigned char *kek = NULL;
512 unsigned char iv[EVP_MAX_IV_LENGTH];
513 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8 };
514 int len, kek_len, ciphertext_len, plaintext_len;
515 unsigned char ciphertext[32], plaintext[16];
516 const EVP_CIPHER *type = EVP_aes_256_cbc();
517
518 if (!TEST_ptr(keypair = load_example_rsa_key())
519 || !TEST_ptr(kek = OPENSSL_zalloc(EVP_PKEY_size(keypair)))
520 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
521 || !TEST_true(EVP_SealInit(ctx, type, &kek, &kek_len, iv,
522 &keypair, 1))
523 || !TEST_true(EVP_SealUpdate(ctx, ciphertext, &ciphertext_len,
524 msg, sizeof(msg)))
525 || !TEST_true(EVP_SealFinal(ctx, ciphertext + ciphertext_len,
526 &len)))
527 goto err;
528
529 ciphertext_len += len;
530
531 if (!TEST_true(EVP_OpenInit(ctx, type, kek, kek_len, iv, keypair))
532 || !TEST_true(EVP_OpenUpdate(ctx, plaintext, &plaintext_len,
533 ciphertext, ciphertext_len))
534 || !TEST_true(EVP_OpenFinal(ctx, plaintext + plaintext_len, &len)))
535 goto err;
536
537 plaintext_len += len;
538 if (!TEST_mem_eq(msg, sizeof(msg), plaintext, plaintext_len))
539 goto err;
540
541 ret = 1;
542 err:
543 OPENSSL_free(kek);
544 EVP_PKEY_free(keypair);
545 EVP_CIPHER_CTX_free(ctx);
546 return ret;
547 }
548
549 /*
550 * Test 0: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, RSA)
551 * Test 1: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, DSA)
552 * Test 2: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, HMAC)
553 * Test 3: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, RSA)
554 * Test 4: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, DSA)
555 * Test 5: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch diegst, HMAC)
556 * Test 6: Use an MD BIO to do the Update calls instead (RSA)
557 * Test 7: Use an MD BIO to do the Update calls instead (DSA)
558 * Test 8: Use an MD BIO to do the Update calls instead (HMAC)
559 */
560 static int test_EVP_DigestSignInit(int tst)
561 {
562 int ret = 0;
563 EVP_PKEY *pkey = NULL;
564 unsigned char *sig = NULL;
565 size_t sig_len = 0;
566 EVP_MD_CTX *md_ctx = NULL, *md_ctx_verify = NULL;
567 EVP_MD_CTX *a_md_ctx = NULL, *a_md_ctx_verify = NULL;
568 BIO *mdbio = NULL, *membio = NULL;
569 size_t written;
570 const EVP_MD *md;
571 EVP_MD *mdexp = NULL;
572
573 if (tst >= 6) {
574 membio = BIO_new(BIO_s_mem());
575 mdbio = BIO_new(BIO_f_md());
576 if (!TEST_ptr(membio) || !TEST_ptr(mdbio))
577 goto out;
578 BIO_push(mdbio, membio);
579 if (!TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx), 0))
580 goto out;
581 } else {
582 if (!TEST_ptr(a_md_ctx = md_ctx = EVP_MD_CTX_new())
583 || !TEST_ptr(a_md_ctx_verify = md_ctx_verify = EVP_MD_CTX_new()))
584 goto out;
585 }
586
587 if (tst == 0 || tst == 3 || tst == 6) {
588 if (!TEST_ptr(pkey = load_example_rsa_key()))
589 goto out;
590 } else if (tst == 1 || tst == 4 || tst == 7) {
591 #ifndef OPENSSL_NO_DSA
592 if (!TEST_ptr(pkey = load_example_dsa_key()))
593 goto out;
594 #else
595 ret = 1;
596 goto out;
597 #endif
598 } else {
599 if (!TEST_ptr(pkey = load_example_hmac_key()))
600 goto out;
601 }
602
603 if (tst >= 3 && tst <= 5)
604 md = mdexp = EVP_MD_fetch(NULL, "SHA256", NULL);
605 else
606 md = EVP_sha256();
607
608 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, md, NULL, pkey)))
609 goto out;
610
611 if (tst >= 6) {
612 if (!BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written))
613 goto out;
614 } else {
615 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
616 goto out;
617 }
618
619 /* Determine the size of the signature. */
620 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len))
621 || !TEST_ptr(sig = OPENSSL_malloc(sig_len))
622 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
623 goto out;
624
625 if (tst >= 6) {
626 if (!TEST_int_gt(BIO_reset(mdbio), 0)
627 || !TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx_verify), 0))
628 goto out;
629 }
630
631 /*
632 * Ensure that the signature round-trips (Verification isn't supported for
633 * HMAC via EVP_DigestVerify*)
634 */
635 if (tst != 2 && tst != 5 && tst != 8) {
636 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, md,
637 NULL, pkey)))
638 goto out;
639
640 if (tst >= 6) {
641 if (!TEST_true(BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written)))
642 goto out;
643 } else {
644 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg,
645 sizeof(kMsg))))
646 goto out;
647 }
648 if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)))
649 goto out;
650 }
651
652 ret = 1;
653
654 out:
655 BIO_free(membio);
656 BIO_free(mdbio);
657 EVP_MD_CTX_free(a_md_ctx);
658 EVP_MD_CTX_free(a_md_ctx_verify);
659 EVP_PKEY_free(pkey);
660 OPENSSL_free(sig);
661 EVP_MD_free(mdexp);
662
663 return ret;
664 }
665
666 static int test_EVP_DigestVerifyInit(void)
667 {
668 int ret = 0;
669 EVP_PKEY *pkey = NULL;
670 EVP_MD_CTX *md_ctx = NULL;
671
672 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new())
673 || !TEST_ptr(pkey = load_example_rsa_key()))
674 goto out;
675
676 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, EVP_sha256(), NULL, pkey))
677 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)))
678 || !TEST_true(EVP_DigestVerifyFinal(md_ctx, kSignature,
679 sizeof(kSignature))))
680 goto out;
681 ret = 1;
682
683 out:
684 EVP_MD_CTX_free(md_ctx);
685 EVP_PKEY_free(pkey);
686 return ret;
687 }
688
689 static int test_d2i_AutoPrivateKey(int i)
690 {
691 int ret = 0;
692 const unsigned char *p;
693 EVP_PKEY *pkey = NULL;
694 const APK_DATA *ak = &keydata[i];
695 const unsigned char *input = ak->kder;
696 size_t input_len = ak->size;
697 int expected_id = ak->evptype;
698
699 p = input;
700 if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len))
701 || !TEST_ptr_eq(p, input + input_len)
702 || !TEST_int_eq(EVP_PKEY_id(pkey), expected_id))
703 goto done;
704
705 ret = 1;
706
707 done:
708 EVP_PKEY_free(pkey);
709 return ret;
710 }
711
712 #ifndef OPENSSL_NO_EC
713
714 static const unsigned char ec_public_sect163k1_validxy[] = {
715 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
716 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
717 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
718 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x02, 0xd1, 0x7b,
719 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
720 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
721 };
722
723 static const unsigned char ec_public_sect163k1_badx[] = {
724 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
725 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
726 0x0a, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
727 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0xb0, 0x02, 0xd1, 0x7b,
728 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
729 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
730 };
731
732 static const unsigned char ec_public_sect163k1_bady[] = {
733 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
734 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
735 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
736 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x0a, 0xd1, 0x7b,
737 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
738 0x6a, 0xd8, 0x17, 0x65, 0x41, 0xe6
739 };
740
741 static struct ec_der_pub_keys_st {
742 const unsigned char *der;
743 size_t len;
744 int valid;
745 } ec_der_pub_keys[] = {
746 { ec_public_sect163k1_validxy, sizeof(ec_public_sect163k1_validxy), 1 },
747 { ec_public_sect163k1_badx, sizeof(ec_public_sect163k1_badx), 0 },
748 { ec_public_sect163k1_bady, sizeof(ec_public_sect163k1_bady), 0 },
749 };
750
751 /*
752 * Tests the range of the decoded EC char2 public point.
753 * See ec_GF2m_simple_oct2point().
754 */
755 static int test_invalide_ec_char2_pub_range_decode(int id)
756 {
757 int ret = 0;
758 BIO *bio = NULL;
759 EC_KEY *eckey = NULL;
760
761 if (!TEST_ptr(bio = BIO_new_mem_buf(ec_der_pub_keys[id].der,
762 ec_der_pub_keys[id].len)))
763 goto err;
764 eckey = d2i_EC_PUBKEY_bio(bio, NULL);
765 ret = (ec_der_pub_keys[id].valid && TEST_ptr(eckey))
766 || TEST_ptr_null(eckey);
767 err:
768 EC_KEY_free(eckey);
769 BIO_free(bio);
770 return ret;
771 }
772
773 /* Tests loading a bad key in PKCS8 format */
774 static int test_EVP_PKCS82PKEY(void)
775 {
776 int ret = 0;
777 const unsigned char *derp = kExampleBadECKeyDER;
778 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
779 EVP_PKEY *pkey = NULL;
780
781 if (!TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &derp,
782 sizeof(kExampleBadECKeyDER))))
783 goto done;
784
785 if (!TEST_ptr_eq(derp,
786 kExampleBadECKeyDER + sizeof(kExampleBadECKeyDER)))
787 goto done;
788
789 if (!TEST_ptr_null(pkey = EVP_PKCS82PKEY(p8inf)))
790 goto done;
791
792 ret = 1;
793
794 done:
795 PKCS8_PRIV_KEY_INFO_free(p8inf);
796 EVP_PKEY_free(pkey);
797
798 return ret;
799 }
800 #endif
801
802 /* This uses kExampleRSAKeyDER and kExampleRSAKeyPKCS8 to verify encoding */
803 static int test_privatekey_to_pkcs8(void)
804 {
805 EVP_PKEY *pkey = NULL;
806 BIO *membio = NULL;
807 char *membuf = NULL;
808 long membuf_len = 0;
809 int ok = 0;
810
811 if (!TEST_ptr(membio = BIO_new(BIO_s_mem()))
812 || !TEST_ptr(pkey = load_example_rsa_key())
813 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL,
814 NULL, 0, NULL, NULL),
815 0)
816 || !TEST_int_gt(membuf_len = BIO_get_mem_data(membio, &membuf), 0)
817 || !TEST_ptr(membuf)
818 || !TEST_mem_eq(membuf, (size_t)membuf_len,
819 kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8))
820 /*
821 * We try to write PEM as well, just to see that it doesn't err, but
822 * assume that the result is correct.
823 */
824 || !TEST_int_gt(PEM_write_bio_PKCS8PrivateKey(membio, pkey, NULL,
825 NULL, 0, NULL, NULL),
826 0))
827 goto done;
828
829 ok = 1;
830 done:
831 EVP_PKEY_free(pkey);
832 BIO_free_all(membio);
833 return ok;
834 }
835
836 #if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
837
838 static int test_EVP_SM2_verify(void)
839 {
840 /* From https://tools.ietf.org/html/draft-shen-sm2-ecdsa-02#appendix-A */
841 const char *pubkey =
842 "-----BEGIN PUBLIC KEY-----\n"
843 "MIIBMzCB7AYHKoZIzj0CATCB4AIBATAsBgcqhkjOPQEBAiEAhULWnkwETxjouSQ1\n"
844 "v2/33kVyg5FcRVF9ci7biwjx38MwRAQgeHlotPoyw/0kF4Quc7v+/y88hItoMdfg\n"
845 "7GUiizk35JgEIGPkxtOyOwyEnPhCQUhL/kj2HVmlsWugbm4S0donxSSaBEEEQh3r\n"
846 "1hti6rZ0ZDTrw8wxXjIiCzut1QvcTE5sFH/t1D0GgFEry7QsB9RzSdIVO3DE5df9\n"
847 "/L+jbqGoWEG55G4JogIhAIVC1p5MBE8Y6LkkNb9v990pdyBjBIVijVrnTufDLnm3\n"
848 "AgEBA0IABArkx3mKoPEZRxvuEYJb5GICu3nipYRElel8BP9N8lSKfAJA+I8c1OFj\n"
849 "Uqc8F7fxbwc1PlOhdtaEqf4Ma7eY6Fc=\n"
850 "-----END PUBLIC KEY-----\n";
851
852 const char *msg = "message digest";
853 const char *id = "ALICE123@YAHOO.COM";
854
855 const uint8_t signature[] = {
856 0x30, 0x44, 0x02, 0x20,
857
858 0x40, 0xF1, 0xEC, 0x59, 0xF7, 0x93, 0xD9, 0xF4, 0x9E, 0x09, 0xDC,
859 0xEF, 0x49, 0x13, 0x0D, 0x41, 0x94, 0xF7, 0x9F, 0xB1, 0xEE, 0xD2,
860 0xCA, 0xA5, 0x5B, 0xAC, 0xDB, 0x49, 0xC4, 0xE7, 0x55, 0xD1,
861
862 0x02, 0x20,
863
864 0x6F, 0xC6, 0xDA, 0xC3, 0x2C, 0x5D, 0x5C, 0xF1, 0x0C, 0x77, 0xDF,
865 0xB2, 0x0F, 0x7C, 0x2E, 0xB6, 0x67, 0xA4, 0x57, 0x87, 0x2F, 0xB0,
866 0x9E, 0xC5, 0x63, 0x27, 0xA6, 0x7E, 0xC7, 0xDE, 0xEB, 0xE7
867 };
868
869 int rc = 0;
870 BIO *bio = NULL;
871 EVP_PKEY *pkey = NULL;
872 EVP_MD_CTX *mctx = NULL;
873 EVP_PKEY_CTX *pctx = NULL;
874
875 bio = BIO_new_mem_buf(pubkey, strlen(pubkey));
876 if (!TEST_true(bio != NULL))
877 goto done;
878
879 pkey = PEM_read_bio_PUBKEY(bio, NULL, NULL, NULL);
880 if (!TEST_true(pkey != NULL))
881 goto done;
882
883 if (!TEST_true(EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2)))
884 goto done;
885
886 if (!TEST_ptr(mctx = EVP_MD_CTX_new()))
887 goto done;
888
889 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new(pkey, NULL)))
890 goto done;
891
892 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(pctx, (const uint8_t *)id,
893 strlen(id)), 0))
894 goto done;
895
896 EVP_MD_CTX_set_pkey_ctx(mctx, pctx);
897
898 if (!TEST_true(EVP_DigestVerifyInit(mctx, NULL, EVP_sm3(), NULL, pkey)))
899 goto done;
900
901 if (!TEST_true(EVP_DigestVerifyUpdate(mctx, msg, strlen(msg))))
902 goto done;
903
904 if (!TEST_true(EVP_DigestVerifyFinal(mctx, signature, sizeof(signature))))
905 goto done;
906 rc = 1;
907
908 done:
909 BIO_free(bio);
910 EVP_PKEY_free(pkey);
911 EVP_PKEY_CTX_free(pctx);
912 EVP_MD_CTX_free(mctx);
913 return rc;
914 }
915
916 static int test_EVP_SM2(void)
917 {
918 int ret = 0;
919 EVP_PKEY *pkey = NULL;
920 EVP_PKEY *params = NULL;
921 EVP_PKEY_CTX *pctx = NULL;
922 EVP_PKEY_CTX *kctx = NULL;
923 EVP_PKEY_CTX *sctx = NULL;
924 size_t sig_len = 0;
925 unsigned char *sig = NULL;
926 EVP_MD_CTX *md_ctx = NULL;
927 EVP_MD_CTX *md_ctx_verify = NULL;
928 EVP_PKEY_CTX *cctx = NULL;
929
930 uint8_t ciphertext[128];
931 size_t ctext_len = sizeof(ciphertext);
932
933 uint8_t plaintext[8];
934 size_t ptext_len = sizeof(plaintext);
935
936 uint8_t sm2_id[] = {1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r'};
937
938 pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
939 if (!TEST_ptr(pctx))
940 goto done;
941
942 if (!TEST_true(EVP_PKEY_paramgen_init(pctx) == 1))
943 goto done;
944
945 if (!TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, NID_sm2)))
946 goto done;
947
948 if (!TEST_true(EVP_PKEY_paramgen(pctx, &params)))
949 goto done;
950
951 kctx = EVP_PKEY_CTX_new(params, NULL);
952 if (!TEST_ptr(kctx))
953 goto done;
954
955 if (!TEST_true(EVP_PKEY_keygen_init(kctx)))
956 goto done;
957
958 if (!TEST_true(EVP_PKEY_keygen(kctx, &pkey)))
959 goto done;
960
961 if (!TEST_true(EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2)))
962 goto done;
963
964 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
965 goto done;
966
967 if (!TEST_ptr(md_ctx_verify = EVP_MD_CTX_new()))
968 goto done;
969
970 if (!TEST_ptr(sctx = EVP_PKEY_CTX_new(pkey, NULL)))
971 goto done;
972
973 EVP_MD_CTX_set_pkey_ctx(md_ctx, sctx);
974 EVP_MD_CTX_set_pkey_ctx(md_ctx_verify, sctx);
975
976 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
977 goto done;
978
979 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, EVP_sm3(), NULL, pkey)))
980 goto done;
981
982 if(!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
983 goto done;
984
985 /* Determine the size of the signature. */
986 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len)))
987 goto done;
988
989 if (!TEST_ptr(sig = OPENSSL_malloc(sig_len)))
990 goto done;
991
992 if (!TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
993 goto done;
994
995 /* Ensure that the signature round-trips. */
996
997 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, EVP_sm3(), NULL, pkey)))
998 goto done;
999
1000 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg))))
1001 goto done;
1002
1003 if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)))
1004 goto done;
1005
1006 /* now check encryption/decryption */
1007
1008 if (!TEST_ptr(cctx = EVP_PKEY_CTX_new(pkey, NULL)))
1009 goto done;
1010
1011 if (!TEST_true(EVP_PKEY_encrypt_init(cctx)))
1012 goto done;
1013
1014 if (!TEST_true(EVP_PKEY_encrypt(cctx, ciphertext, &ctext_len, kMsg, sizeof(kMsg))))
1015 goto done;
1016
1017 if (!TEST_true(EVP_PKEY_decrypt_init(cctx)))
1018 goto done;
1019
1020 if (!TEST_true(EVP_PKEY_decrypt(cctx, plaintext, &ptext_len, ciphertext, ctext_len)))
1021 goto done;
1022
1023 if (!TEST_true(ptext_len == sizeof(kMsg)))
1024 goto done;
1025
1026 if (!TEST_true(memcmp(plaintext, kMsg, sizeof(kMsg)) == 0))
1027 goto done;
1028
1029 ret = 1;
1030 done:
1031 EVP_PKEY_CTX_free(pctx);
1032 EVP_PKEY_CTX_free(kctx);
1033 EVP_PKEY_CTX_free(sctx);
1034 EVP_PKEY_CTX_free(cctx);
1035 EVP_PKEY_free(pkey);
1036 EVP_PKEY_free(params);
1037 EVP_MD_CTX_free(md_ctx);
1038 EVP_MD_CTX_free(md_ctx_verify);
1039 OPENSSL_free(sig);
1040 return ret;
1041 }
1042
1043 #endif
1044
1045 static struct keys_st {
1046 int type;
1047 char *priv;
1048 char *pub;
1049 } keys[] = {
1050 {
1051 EVP_PKEY_HMAC, "0123456789", NULL
1052 }, {
1053 EVP_PKEY_POLY1305, "01234567890123456789012345678901", NULL
1054 }, {
1055 EVP_PKEY_SIPHASH, "0123456789012345", NULL
1056 },
1057 #ifndef OPENSSL_NO_EC
1058 {
1059 EVP_PKEY_X25519, "01234567890123456789012345678901",
1060 "abcdefghijklmnopqrstuvwxyzabcdef"
1061 }, {
1062 EVP_PKEY_ED25519, "01234567890123456789012345678901",
1063 "abcdefghijklmnopqrstuvwxyzabcdef"
1064 }, {
1065 EVP_PKEY_X448,
1066 "01234567890123456789012345678901234567890123456789012345",
1067 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd"
1068 }, {
1069 EVP_PKEY_ED448,
1070 "012345678901234567890123456789012345678901234567890123456",
1071 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcde"
1072 }
1073 #endif
1074 };
1075
1076 static int test_set_get_raw_keys_int(int tst, int pub, int uselibctx)
1077 {
1078 int ret = 0;
1079 unsigned char buf[80];
1080 unsigned char *in;
1081 size_t inlen, len = 0;
1082 EVP_PKEY *pkey;
1083
1084 /* Check if this algorithm supports public keys */
1085 if (keys[tst].pub == NULL)
1086 return 1;
1087
1088 memset(buf, 0, sizeof(buf));
1089
1090 if (pub) {
1091 inlen = strlen(keys[tst].pub);
1092 in = (unsigned char *)keys[tst].pub;
1093 if (uselibctx) {
1094 pkey = EVP_PKEY_new_raw_public_key_with_libctx(
1095 testctx,
1096 OBJ_nid2sn(keys[tst].type),
1097 NULL,
1098 in,
1099 inlen);
1100 } else {
1101 pkey = EVP_PKEY_new_raw_public_key(keys[tst].type,
1102 NULL,
1103 in,
1104 inlen);
1105 }
1106 } else {
1107 inlen = strlen(keys[tst].priv);
1108 in = (unsigned char *)keys[tst].priv;
1109 if (uselibctx) {
1110 pkey = EVP_PKEY_new_raw_private_key_with_libctx(
1111 testctx, OBJ_nid2sn(keys[tst].type),
1112 NULL,
1113 in,
1114 inlen);
1115 } else {
1116 pkey = EVP_PKEY_new_raw_private_key(keys[tst].type,
1117 NULL,
1118 in,
1119 inlen);
1120 }
1121 }
1122
1123 if (!TEST_ptr(pkey)
1124 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, NULL, &len)))
1125 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, NULL, &len)))
1126 || !TEST_true(len == inlen)
1127 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, buf, &len)))
1128 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, buf, &len)))
1129 || !TEST_mem_eq(in, inlen, buf, len))
1130 goto done;
1131
1132 ret = 1;
1133 done:
1134 EVP_PKEY_free(pkey);
1135 return ret;
1136 }
1137
1138 static int test_set_get_raw_keys(int tst)
1139 {
1140 return test_set_get_raw_keys_int(tst, 0, 0)
1141 && test_set_get_raw_keys_int(tst, 0, 1)
1142 && test_set_get_raw_keys_int(tst, 1, 0)
1143 && test_set_get_raw_keys_int(tst, 1, 1);
1144 }
1145
1146 #ifndef OPENSSL_NO_DEPRECATED_3_0
1147 static int pkey_custom_check(EVP_PKEY *pkey)
1148 {
1149 return 0xbeef;
1150 }
1151
1152 static int pkey_custom_pub_check(EVP_PKEY *pkey)
1153 {
1154 return 0xbeef;
1155 }
1156
1157 static int pkey_custom_param_check(EVP_PKEY *pkey)
1158 {
1159 return 0xbeef;
1160 }
1161
1162 static EVP_PKEY_METHOD *custom_pmeth;
1163 #endif
1164
1165 static int test_EVP_PKEY_check(int i)
1166 {
1167 int ret = 0;
1168 const unsigned char *p;
1169 EVP_PKEY *pkey = NULL;
1170 #ifndef OPENSSL_NO_EC
1171 EC_KEY *eckey = NULL;
1172 #endif
1173 EVP_PKEY_CTX *ctx = NULL;
1174 #ifndef OPENSSL_NO_DEPRECATED_3_0
1175 EVP_PKEY_CTX *ctx2 = NULL;
1176 #endif
1177 const APK_DATA *ak = &keycheckdata[i];
1178 const unsigned char *input = ak->kder;
1179 size_t input_len = ak->size;
1180 int expected_id = ak->evptype;
1181 int expected_check = ak->check;
1182 int expected_pub_check = ak->pub_check;
1183 int expected_param_check = ak->param_check;
1184 int type = ak->type;
1185 BIO *pubkey = NULL;
1186
1187 p = input;
1188
1189 switch (type) {
1190 case 0:
1191 if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len))
1192 || !TEST_ptr_eq(p, input + input_len)
1193 || !TEST_int_eq(EVP_PKEY_id(pkey), expected_id))
1194 goto done;
1195 break;
1196 #ifndef OPENSSL_NO_EC
1197 case 1:
1198 if (!TEST_ptr(pubkey = BIO_new_mem_buf(input, input_len))
1199 || !TEST_ptr(eckey = d2i_EC_PUBKEY_bio(pubkey, NULL))
1200 || !TEST_ptr(pkey = EVP_PKEY_new())
1201 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
1202 goto done;
1203 break;
1204 case 2:
1205 if (!TEST_ptr(eckey = d2i_ECParameters(NULL, &p, input_len))
1206 || !TEST_ptr_eq(p, input + input_len)
1207 || !TEST_ptr(pkey = EVP_PKEY_new())
1208 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
1209 goto done;
1210 break;
1211 #endif
1212 default:
1213 return 0;
1214 }
1215
1216 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new(pkey, NULL)))
1217 goto done;
1218
1219 if (!TEST_int_eq(EVP_PKEY_check(ctx), expected_check))
1220 goto done;
1221
1222 if (!TEST_int_eq(EVP_PKEY_public_check(ctx), expected_pub_check))
1223 goto done;
1224
1225 if (!TEST_int_eq(EVP_PKEY_param_check(ctx), expected_param_check))
1226 goto done;
1227
1228 #ifndef OPENSSL_NO_DEPRECATED_3_0
1229 ctx2 = EVP_PKEY_CTX_new_id(0xdefaced, NULL);
1230 /* assign the pkey directly, as an internal test */
1231 EVP_PKEY_up_ref(pkey);
1232 ctx2->pkey = pkey;
1233
1234 if (!TEST_int_eq(EVP_PKEY_check(ctx2), 0xbeef))
1235 goto done;
1236
1237 if (!TEST_int_eq(EVP_PKEY_public_check(ctx2), 0xbeef))
1238 goto done;
1239
1240 if (!TEST_int_eq(EVP_PKEY_param_check(ctx2), 0xbeef))
1241 goto done;
1242 #endif
1243
1244 ret = 1;
1245
1246 done:
1247 EVP_PKEY_CTX_free(ctx);
1248 #ifndef OPENSSL_NO_DEPRECATED_3_0
1249 EVP_PKEY_CTX_free(ctx2);
1250 #endif
1251 EVP_PKEY_free(pkey);
1252 BIO_free(pubkey);
1253 return ret;
1254 }
1255
1256 #ifndef OPENSSL_NO_CMAC
1257 static int test_CMAC_keygen(void)
1258 {
1259 /*
1260 * This is a legacy method for CMACs, but should still work.
1261 * This verifies that it works without an ENGINE.
1262 */
1263 EVP_PKEY_CTX *kctx = EVP_PKEY_CTX_new_id(EVP_PKEY_CMAC, NULL);
1264 int ret = 0;
1265
1266 if (!TEST_true(EVP_PKEY_keygen_init(kctx) > 0)
1267 && !TEST_true(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
1268 EVP_PKEY_CTRL_CIPHER,
1269 0, (void *)EVP_aes_256_ecb()) > 0))
1270 goto done;
1271 ret = 1;
1272
1273 done:
1274 EVP_PKEY_CTX_free(kctx);
1275 return ret;
1276 }
1277 #endif
1278
1279 static int test_HKDF(void)
1280 {
1281 EVP_PKEY_CTX *pctx;
1282 unsigned char out[20];
1283 size_t outlen;
1284 int i, ret = 0;
1285 unsigned char salt[] = "0123456789";
1286 unsigned char key[] = "012345678901234567890123456789";
1287 unsigned char info[] = "infostring";
1288 const unsigned char expected[] = {
1289 0xe5, 0x07, 0x70, 0x7f, 0xc6, 0x78, 0xd6, 0x54, 0x32, 0x5f, 0x7e, 0xc5,
1290 0x7b, 0x59, 0x3e, 0xd8, 0x03, 0x6b, 0xed, 0xca
1291 };
1292 size_t expectedlen = sizeof(expected);
1293
1294 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL)))
1295 goto done;
1296
1297 /* We do this twice to test reuse of the EVP_PKEY_CTX */
1298 for (i = 0; i < 2; i++) {
1299 outlen = sizeof(out);
1300 memset(out, 0, outlen);
1301
1302 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
1303 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
1304 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
1305 sizeof(salt) - 1), 0)
1306 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
1307 sizeof(key) - 1), 0)
1308 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
1309 sizeof(info) - 1), 0)
1310 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
1311 || !TEST_mem_eq(out, outlen, expected, expectedlen))
1312 goto done;
1313 }
1314
1315 ret = 1;
1316
1317 done:
1318 EVP_PKEY_CTX_free(pctx);
1319
1320 return ret;
1321 }
1322
1323 static int test_emptyikm_HKDF(void)
1324 {
1325 EVP_PKEY_CTX *pctx;
1326 unsigned char out[20];
1327 size_t outlen;
1328 int ret = 0;
1329 unsigned char salt[] = "9876543210";
1330 unsigned char key[] = "";
1331 unsigned char info[] = "stringinfo";
1332 const unsigned char expected[] = {
1333 0x68, 0x81, 0xa5, 0x3e, 0x5b, 0x9c, 0x7b, 0x6f, 0x2e, 0xec, 0xc8, 0x47,
1334 0x7c, 0xfa, 0x47, 0x35, 0x66, 0x82, 0x15, 0x30
1335 };
1336 size_t expectedlen = sizeof(expected);
1337
1338 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL)))
1339 goto done;
1340
1341 outlen = sizeof(out);
1342 memset(out, 0, outlen);
1343
1344 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
1345 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
1346 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
1347 sizeof(salt) - 1), 0)
1348 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
1349 sizeof(key) - 1), 0)
1350 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
1351 sizeof(info) - 1), 0)
1352 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
1353 || !TEST_mem_eq(out, outlen, expected, expectedlen))
1354 goto done;
1355
1356 ret = 1;
1357
1358 done:
1359 EVP_PKEY_CTX_free(pctx);
1360
1361 return ret;
1362 }
1363
1364 #ifndef OPENSSL_NO_EC
1365 static int test_X509_PUBKEY_inplace(void)
1366 {
1367 int ret = 0;
1368 X509_PUBKEY *xp = NULL;
1369 const unsigned char *p = kExampleECPubKeyDER;
1370 size_t input_len = sizeof(kExampleECPubKeyDER);
1371
1372 if (!TEST_ptr(xp = d2i_X509_PUBKEY(NULL, &p, input_len)))
1373 goto done;
1374
1375 if (!TEST_ptr(X509_PUBKEY_get0(xp)))
1376 goto done;
1377
1378 p = kExampleBadECPubKeyDER;
1379 input_len = sizeof(kExampleBadECPubKeyDER);
1380
1381 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len)))
1382 goto done;
1383
1384 if (!TEST_true(X509_PUBKEY_get0(xp) == NULL))
1385 goto done;
1386
1387 ret = 1;
1388
1389 done:
1390 X509_PUBKEY_free(xp);
1391 return ret;
1392 }
1393 #endif /* OPENSSL_NO_EC */
1394
1395 /* Test getting and setting parameters on an EVP_PKEY_CTX */
1396 static int test_EVP_PKEY_CTX_get_set_params(EVP_PKEY *pkey)
1397 {
1398 EVP_MD_CTX *mdctx = NULL;
1399 EVP_PKEY_CTX *ctx = NULL;
1400 const OSSL_PARAM *params;
1401 OSSL_PARAM ourparams[2], *param = ourparams, *param_md;
1402 int ret = 0;
1403 const EVP_MD *md;
1404 char mdname[OSSL_MAX_NAME_SIZE];
1405 char ssl3ms[48];
1406
1407 /* Initialise a sign operation */
1408 ctx = EVP_PKEY_CTX_new(pkey, NULL);
1409 if (!TEST_ptr(ctx)
1410 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0))
1411 goto err;
1412
1413 /*
1414 * We should be able to query the parameters now.
1415 */
1416 params = EVP_PKEY_CTX_settable_params(ctx);
1417 if (!TEST_ptr(params)
1418 || !TEST_ptr(OSSL_PARAM_locate_const(params,
1419 OSSL_SIGNATURE_PARAM_DIGEST)))
1420 goto err;
1421
1422 params = EVP_PKEY_CTX_gettable_params(ctx);
1423 if (!TEST_ptr(params)
1424 || !TEST_ptr(OSSL_PARAM_locate_const(params,
1425 OSSL_SIGNATURE_PARAM_ALGORITHM_ID))
1426 || !TEST_ptr(OSSL_PARAM_locate_const(params,
1427 OSSL_SIGNATURE_PARAM_DIGEST)))
1428 goto err;
1429
1430 /*
1431 * Test getting and setting params via EVP_PKEY_CTX_set_params() and
1432 * EVP_PKEY_CTX_get_params()
1433 */
1434 strcpy(mdname, "SHA512");
1435 param_md = param;
1436 *param++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
1437 mdname, 0);
1438 *param++ = OSSL_PARAM_construct_end();
1439
1440 if (!TEST_true(EVP_PKEY_CTX_set_params(ctx, ourparams)))
1441 goto err;
1442
1443 mdname[0] = '\0';
1444 *param_md = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
1445 mdname, sizeof(mdname));
1446 if (!TEST_true(EVP_PKEY_CTX_get_params(ctx, ourparams))
1447 || !TEST_str_eq(mdname, "SHA512"))
1448 goto err;
1449
1450 /*
1451 * Test the TEST_PKEY_CTX_set_signature_md() and
1452 * TEST_PKEY_CTX_get_signature_md() functions
1453 */
1454 if (!TEST_int_gt(EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()), 0)
1455 || !TEST_int_gt(EVP_PKEY_CTX_get_signature_md(ctx, &md), 0)
1456 || !TEST_ptr_eq(md, EVP_sha256()))
1457 goto err;
1458
1459 /*
1460 * Test getting MD parameters via an associated EVP_PKEY_CTX
1461 */
1462 mdctx = EVP_MD_CTX_new();
1463 if (!TEST_ptr(mdctx)
1464 || !TEST_true(EVP_DigestSignInit_with_libctx(mdctx, NULL,
1465 "SHA1", NULL, NULL,
1466 pkey)))
1467 goto err;
1468
1469 /*
1470 * We now have an EVP_MD_CTX with an EVP_PKEY_CTX inside it. We should be
1471 * able to obtain the digest's settable parameters from the provider.
1472 */
1473 params = EVP_MD_CTX_settable_params(mdctx);
1474 if (!TEST_ptr(params)
1475 || !TEST_int_eq(strcmp(params[0].key, OSSL_DIGEST_PARAM_SSL3_MS), 0)
1476 /* The final key should be NULL */
1477 || !TEST_ptr_null(params[1].key))
1478 goto err;
1479
1480 param = ourparams;
1481 memset(ssl3ms, 0, sizeof(ssl3ms));
1482 *param++ = OSSL_PARAM_construct_octet_string(OSSL_DIGEST_PARAM_SSL3_MS,
1483 ssl3ms, sizeof(ssl3ms));
1484 *param++ = OSSL_PARAM_construct_end();
1485
1486 if (!TEST_true(EVP_MD_CTX_set_params(mdctx, ourparams)))
1487 goto err;
1488
1489 ret = 1;
1490
1491 err:
1492 EVP_MD_CTX_free(mdctx);
1493 EVP_PKEY_CTX_free(ctx);
1494
1495 return ret;
1496 }
1497
1498 #ifndef OPENSSL_NO_DSA
1499 static int test_DSA_get_set_params(void)
1500 {
1501 DSA *dsa = NULL;
1502 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
1503 EVP_PKEY *pkey = NULL;
1504 int ret = 0;
1505
1506 /*
1507 * Setup the parameters for our DSA object. For our purposes they don't
1508 * have to actually be *valid* parameters. We just need to set something.
1509 */
1510 dsa = DSA_new();
1511 p = BN_new();
1512 q = BN_new();
1513 g = BN_new();
1514 pub = BN_new();
1515 priv = BN_new();
1516 if (!TEST_ptr(dsa)
1517 || !TEST_ptr(p)
1518 || !TEST_ptr(q)
1519 || !TEST_ptr(g)
1520 || !TEST_ptr(pub)
1521 || !DSA_set0_pqg(dsa, p, q, g)
1522 || !DSA_set0_key(dsa, pub, priv))
1523 goto err;
1524 p = q = g = pub = priv = NULL;
1525
1526 pkey = EVP_PKEY_new();
1527 if (!TEST_ptr(pkey)
1528 || !TEST_true(EVP_PKEY_assign_DSA(pkey, dsa)))
1529 goto err;
1530
1531 dsa = NULL;
1532
1533 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
1534
1535 err:
1536 EVP_PKEY_free(pkey);
1537 DSA_free(dsa);
1538 BN_free(p);
1539 BN_free(q);
1540 BN_free(g);
1541 BN_free(pub);
1542 BN_free(priv);
1543
1544 return ret;
1545 }
1546 #endif
1547
1548 static int test_RSA_get_set_params(void)
1549 {
1550 RSA *rsa = NULL;
1551 BIGNUM *n = NULL, *e = NULL, *d = NULL;
1552 EVP_PKEY *pkey = NULL;
1553 int ret = 0;
1554
1555 /*
1556 * Setup the parameters for our RSA object. For our purposes they don't
1557 * have to actually be *valid* parameters. We just need to set something.
1558 */
1559 rsa = RSA_new();
1560 n = BN_new();
1561 e = BN_new();
1562 d = BN_new();
1563 if (!TEST_ptr(rsa)
1564 || !TEST_ptr(n)
1565 || !TEST_ptr(e)
1566 || !TEST_ptr(d)
1567 || !RSA_set0_key(rsa, n, e, d))
1568 goto err;
1569 n = e = d = NULL;
1570
1571 pkey = EVP_PKEY_new();
1572 if (!TEST_ptr(pkey)
1573 || !TEST_true(EVP_PKEY_assign_RSA(pkey, rsa)))
1574 goto err;
1575
1576 rsa = NULL;
1577
1578 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
1579
1580 err:
1581 EVP_PKEY_free(pkey);
1582 RSA_free(rsa);
1583 BN_free(n);
1584 BN_free(e);
1585 BN_free(d);
1586
1587 return ret;
1588 }
1589
1590 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
1591 static int test_decrypt_null_chunks(void)
1592 {
1593 EVP_CIPHER_CTX* ctx = NULL;
1594 const unsigned char key[32] = {
1595 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
1596 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
1597 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1
1598 };
1599 unsigned char iv[12] = {
1600 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b
1601 };
1602 unsigned char msg[] = "It was the best of times, it was the worst of times";
1603 unsigned char ciphertext[80];
1604 unsigned char plaintext[80];
1605 /* We initialise tmp to a non zero value on purpose */
1606 int ctlen, ptlen, tmp = 99;
1607 int ret = 0;
1608 const int enc_offset = 10, dec_offset = 20;
1609
1610 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
1611 || !TEST_true(EVP_EncryptInit_ex(ctx, EVP_chacha20_poly1305(), NULL,
1612 key, iv))
1613 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &ctlen, msg,
1614 enc_offset))
1615 /* Deliberate add a zero length update */
1616 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp, NULL,
1617 0))
1618 || !TEST_int_eq(tmp, 0)
1619 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp,
1620 msg + enc_offset,
1621 sizeof(msg) - enc_offset))
1622 || !TEST_int_eq(ctlen += tmp, sizeof(msg))
1623 || !TEST_true(EVP_EncryptFinal(ctx, ciphertext + ctlen, &tmp))
1624 || !TEST_int_eq(tmp, 0))
1625 goto err;
1626
1627 /* Deliberately initialise tmp to a non zero value */
1628 tmp = 99;
1629 if (!TEST_true(EVP_DecryptInit_ex(ctx, EVP_chacha20_poly1305(), NULL, key,
1630 iv))
1631 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext, &ptlen, ciphertext,
1632 dec_offset))
1633 /*
1634 * Deliberately add a zero length update. We also deliberately do
1635 * this at a different offset than for encryption.
1636 */
1637 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp, NULL,
1638 0))
1639 || !TEST_int_eq(tmp, 0)
1640 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp,
1641 ciphertext + dec_offset,
1642 ctlen - dec_offset))
1643 || !TEST_int_eq(ptlen += tmp, sizeof(msg))
1644 || !TEST_true(EVP_DecryptFinal(ctx, plaintext + ptlen, &tmp))
1645 || !TEST_int_eq(tmp, 0)
1646 || !TEST_mem_eq(msg, sizeof(msg), plaintext, ptlen))
1647 goto err;
1648
1649 ret = 1;
1650 err:
1651 EVP_CIPHER_CTX_free(ctx);
1652 return ret;
1653 }
1654 #endif /* !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) */
1655
1656 #ifndef OPENSSL_NO_DH
1657 static int test_EVP_PKEY_set1_DH(void)
1658 {
1659 DH *x942dh = NULL, *noqdh = NULL;
1660 EVP_PKEY *pkey1 = NULL, *pkey2 = NULL;
1661 int ret = 0;
1662 BIGNUM *p, *g = NULL;
1663
1664 if (!TEST_ptr(p = BN_new())
1665 || !TEST_ptr(g = BN_new())
1666 || !BN_set_word(p, 9999)
1667 || !BN_set_word(g, 2)
1668 || !TEST_ptr(noqdh = DH_new())
1669 || !DH_set0_pqg(noqdh, p, NULL, g))
1670 goto err;
1671 p = g = NULL;
1672
1673 x942dh = DH_get_2048_256();
1674 pkey1 = EVP_PKEY_new();
1675 pkey2 = EVP_PKEY_new();
1676 if (!TEST_ptr(x942dh)
1677 || !TEST_ptr(noqdh)
1678 || !TEST_ptr(pkey1)
1679 || !TEST_ptr(pkey2))
1680 goto err;
1681
1682 if(!TEST_true(EVP_PKEY_set1_DH(pkey1, x942dh))
1683 || !TEST_int_eq(EVP_PKEY_id(pkey1), EVP_PKEY_DHX))
1684 goto err;
1685
1686 if(!TEST_true(EVP_PKEY_set1_DH(pkey2, noqdh))
1687 || !TEST_int_eq(EVP_PKEY_id(pkey2), EVP_PKEY_DH))
1688 goto err;
1689
1690 ret = 1;
1691 err:
1692 BN_free(p);
1693 BN_free(g);
1694 EVP_PKEY_free(pkey1);
1695 EVP_PKEY_free(pkey2);
1696 DH_free(x942dh);
1697 DH_free(noqdh);
1698
1699 return ret;
1700 }
1701 #endif
1702
1703 /*
1704 * We test what happens with an empty template. For the sake of this test,
1705 * the template must be ignored, and we know that's the case for RSA keys
1706 * (this might arguably be a misfeature, but that's what we currently do,
1707 * even in provider code, since that's how the legacy RSA implementation
1708 * does things)
1709 */
1710 static int test_keygen_with_empty_template(int n)
1711 {
1712 EVP_PKEY_CTX *ctx = NULL;
1713 EVP_PKEY *pkey = NULL;
1714 EVP_PKEY *tkey = NULL;
1715 int ret = 0;
1716
1717 switch (n) {
1718 case 0:
1719 /* We do test with no template at all as well */
1720 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL)))
1721 goto err;
1722 break;
1723 case 1:
1724 /* Here we create an empty RSA key that serves as our template */
1725 if (!TEST_ptr(tkey = EVP_PKEY_new())
1726 || !TEST_true(EVP_PKEY_set_type(tkey, EVP_PKEY_RSA))
1727 || !TEST_ptr(ctx = EVP_PKEY_CTX_new(tkey, NULL)))
1728 goto err;
1729 break;
1730 }
1731
1732 if (!TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
1733 || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0))
1734 goto err;
1735
1736 ret = 1;
1737 err:
1738 EVP_PKEY_CTX_free(ctx);
1739 EVP_PKEY_free(pkey);
1740 EVP_PKEY_free(tkey);
1741 return ret;
1742 }
1743
1744 /*
1745 * Test that we fail if we attempt to use an algorithm that is not available
1746 * in the current library context (unless we are using an algorithm that should
1747 * be made available via legacy codepaths).
1748 */
1749 static int test_pkey_ctx_fail_without_provider(int tst)
1750 {
1751 OPENSSL_CTX *tmpctx = OPENSSL_CTX_new();
1752 OSSL_PROVIDER *nullprov = NULL;
1753 EVP_PKEY_CTX *pctx = NULL;
1754 int ret = 0;
1755
1756 if (!TEST_ptr(tmpctx))
1757 goto err;
1758
1759 nullprov = OSSL_PROVIDER_load(tmpctx, "null");
1760 if (!TEST_ptr(nullprov))
1761 goto err;
1762
1763 pctx = EVP_PKEY_CTX_new_from_name(tmpctx, tst == 0 ? "RSA" : "HMAC", "");
1764
1765 /* RSA is not available via any provider so we expect this to fail */
1766 if (tst == 0 && !TEST_ptr_null(pctx))
1767 goto err;
1768
1769 /*
1770 * HMAC is always available because it is implemented via legacy codepaths
1771 * and not in a provider at all. We expect this to pass.
1772 */
1773 if (tst == 1 && !TEST_ptr(pctx))
1774 goto err;
1775
1776 ret = 1;
1777
1778 err:
1779 EVP_PKEY_CTX_free(pctx);
1780 OSSL_PROVIDER_unload(nullprov);
1781 OPENSSL_CTX_free(tmpctx);
1782 return ret;
1783 }
1784
1785 static int test_rand_agglomeration(void)
1786 {
1787 EVP_RAND *rand;
1788 EVP_RAND_CTX *ctx;
1789 OSSL_PARAM params[3], *p = params;
1790 int res;
1791 unsigned int step = 7;
1792 static unsigned char seed[] = "It does not matter how slowly you go "
1793 "as long as you do not stop.";
1794 unsigned char out[sizeof(seed)];
1795
1796 if (!TEST_int_ne(sizeof(seed) % step, 0)
1797 || !TEST_ptr(rand = EVP_RAND_fetch(NULL, "TEST-RAND", NULL)))
1798 return 0;
1799 ctx = EVP_RAND_CTX_new(rand, NULL);
1800 EVP_RAND_free(rand);
1801 if (!TEST_ptr(ctx))
1802 return 0;
1803
1804 memset(out, 0, sizeof(out));
1805 *p++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY,
1806 seed, sizeof(seed));
1807 *p++ = OSSL_PARAM_construct_uint(OSSL_DRBG_PARAM_MAX_REQUEST, &step);
1808 *p = OSSL_PARAM_construct_end();
1809 res = TEST_true(EVP_RAND_set_ctx_params(ctx, params))
1810 && TEST_true(EVP_RAND_generate(ctx, out, sizeof(out), 0, 1, NULL, 0))
1811 && TEST_mem_eq(seed, sizeof(seed), out, sizeof(out));
1812 EVP_RAND_CTX_free(ctx);
1813 return res;
1814 }
1815
1816 int setup_tests(void)
1817 {
1818 testctx = OPENSSL_CTX_new();
1819
1820 if (!TEST_ptr(testctx))
1821 return 0;
1822
1823 ADD_TEST(test_EVP_set_default_properties);
1824 ADD_ALL_TESTS(test_EVP_DigestSignInit, 9);
1825 ADD_TEST(test_EVP_DigestVerifyInit);
1826 ADD_TEST(test_EVP_Enveloped);
1827 ADD_ALL_TESTS(test_d2i_AutoPrivateKey, OSSL_NELEM(keydata));
1828 ADD_TEST(test_privatekey_to_pkcs8);
1829 #ifndef OPENSSL_NO_EC
1830 ADD_TEST(test_EVP_PKCS82PKEY);
1831 #endif
1832 #if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
1833 ADD_TEST(test_EVP_SM2);
1834 ADD_TEST(test_EVP_SM2_verify);
1835 #endif
1836 ADD_ALL_TESTS(test_set_get_raw_keys, OSSL_NELEM(keys));
1837 #ifndef OPENSSL_NO_DEPRECATED_3_0
1838 custom_pmeth = EVP_PKEY_meth_new(0xdefaced, 0);
1839 if (!TEST_ptr(custom_pmeth))
1840 return 0;
1841 EVP_PKEY_meth_set_check(custom_pmeth, pkey_custom_check);
1842 EVP_PKEY_meth_set_public_check(custom_pmeth, pkey_custom_pub_check);
1843 EVP_PKEY_meth_set_param_check(custom_pmeth, pkey_custom_param_check);
1844 if (!TEST_int_eq(EVP_PKEY_meth_add0(custom_pmeth), 1))
1845 return 0;
1846 #endif
1847 ADD_ALL_TESTS(test_EVP_PKEY_check, OSSL_NELEM(keycheckdata));
1848 #ifndef OPENSSL_NO_CMAC
1849 ADD_TEST(test_CMAC_keygen);
1850 #endif
1851 ADD_TEST(test_HKDF);
1852 ADD_TEST(test_emptyikm_HKDF);
1853 #ifndef OPENSSL_NO_EC
1854 ADD_TEST(test_X509_PUBKEY_inplace);
1855 ADD_ALL_TESTS(test_invalide_ec_char2_pub_range_decode,
1856 OSSL_NELEM(ec_der_pub_keys));
1857 #endif
1858 #ifndef OPENSSL_NO_DSA
1859 ADD_TEST(test_DSA_get_set_params);
1860 #endif
1861 ADD_TEST(test_RSA_get_set_params);
1862 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
1863 ADD_TEST(test_decrypt_null_chunks);
1864 #endif
1865 #ifndef OPENSSL_NO_DH
1866 ADD_TEST(test_EVP_PKEY_set1_DH);
1867 #endif
1868 ADD_ALL_TESTS(test_keygen_with_empty_template, 2);
1869 ADD_ALL_TESTS(test_pkey_ctx_fail_without_provider, 2);
1870
1871 ADD_TEST(test_rand_agglomeration);
1872
1873 return 1;
1874 }
1875
1876 void cleanup_tests(void)
1877 {
1878 OPENSSL_CTX_free(testctx);
1879 }
A mirror of the official openssl repository