2 * Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 /* We need to use some deprecated APIs */
11 #define OPENSSL_SUPPRESS_DEPRECATED
16 #include <openssl/bio.h>
17 #include <openssl/conf.h>
18 #include <openssl/crypto.h>
19 #include <openssl/err.h>
20 #include <openssl/evp.h>
21 #include <openssl/x509.h>
22 #include <openssl/pem.h>
23 #include <openssl/kdf.h>
24 #include <openssl/provider.h>
25 #include <openssl/core_names.h>
26 #include <openssl/params.h>
27 #include <openssl/param_build.h>
28 #include <openssl/dsa.h>
29 #include <openssl/dh.h>
30 #include <openssl/aes.h>
31 #include <openssl/decoder.h>
33 #include "internal/nelem.h"
34 #include "internal/sizes.h"
35 #include "crypto/evp.h"
36 #include "../e_os.h" /* strcasecmp */
38 static OSSL_LIB_CTX
*testctx
= NULL
;
41 * kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you
42 * should never use this key anywhere but in an example.
44 static const unsigned char kExampleRSAKeyDER
[] = {
45 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xf8,
46 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59,
47 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37,
48 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71,
49 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a,
50 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4,
51 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec,
52 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76,
53 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8,
54 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7,
55 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c,
56 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01,
57 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 0x6d, 0xc7,
58 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 0x32, 0x85,
59 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 0x5f, 0xee,
60 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 0x66, 0x85,
61 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 0xa4, 0x0a,
62 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 0xc2, 0x15,
63 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 0x5b, 0x83,
64 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 0x80, 0x1b,
65 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 0x99, 0x73,
66 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 0x1f, 0x99,
67 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 0xb1, 0x02,
68 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 0x40, 0x41,
69 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 0x3d, 0x59,
70 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 0xc6, 0xd9,
71 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 0x9f, 0xef,
72 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 0x46, 0x87,
73 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 0x2c, 0xdf,
74 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 0x55, 0xf5,
75 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 0xcd, 0xb5,
76 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 0xb3, 0x62,
77 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 0x9b, 0x64,
78 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 0xfa, 0xb8,
79 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 0xe8, 0xba,
80 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 0xe7, 0xfe,
81 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 0x75, 0xe7,
82 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 0x9d, 0xfe,
83 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 0xf1, 0xdb,
84 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 0x5a, 0x34,
85 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 0x84, 0x27,
86 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 0xe9, 0xc0,
87 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 0xb9, 0xba,
88 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 0x10, 0x06,
89 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 0x52, 0x2c,
90 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 0xc4, 0x1e,
91 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 0x49, 0xaf,
92 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 0xd1, 0x8a,
93 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 0x17, 0x17,
94 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 0x08, 0xf1,
95 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
99 * kExampleDSAKeyDER is a DSA private key in ASN.1, DER format. Of course, you
100 * should never use this key anywhere but in an example.
102 #ifndef OPENSSL_NO_DSA
103 static const unsigned char kExampleDSAKeyDER
[] = {
104 0x30, 0x82, 0x01, 0xba, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0x9a,
105 0x05, 0x6d, 0x33, 0xcd, 0x5d, 0x78, 0xa1, 0xbb, 0xcb, 0x7d, 0x5b, 0x8d,
106 0xb4, 0xcc, 0xbf, 0x03, 0x99, 0x64, 0xde, 0x38, 0x78, 0x06, 0x15, 0x2f,
107 0x86, 0x26, 0x77, 0xf3, 0xb1, 0x85, 0x00, 0xed, 0xfc, 0x28, 0x3a, 0x42,
108 0x4d, 0xab, 0xab, 0xdf, 0xbc, 0x9c, 0x16, 0xd0, 0x22, 0x50, 0xd1, 0x38,
109 0xdd, 0x3f, 0x64, 0x05, 0x9e, 0x68, 0x7a, 0x1e, 0xf1, 0x56, 0xbf, 0x1e,
110 0x2c, 0xc5, 0x97, 0x2a, 0xfe, 0x7a, 0x22, 0xdc, 0x6c, 0x68, 0xb8, 0x2e,
111 0x06, 0xdb, 0x41, 0xca, 0x98, 0xd8, 0x54, 0xc7, 0x64, 0x48, 0x24, 0x04,
112 0x20, 0xbc, 0x59, 0xe3, 0x6b, 0xea, 0x7e, 0xfc, 0x7e, 0xc5, 0x4e, 0xd4,
113 0xd8, 0x3a, 0xed, 0xcd, 0x5d, 0x99, 0xb8, 0x5c, 0xa2, 0x8b, 0xbb, 0x0b,
114 0xac, 0xe6, 0x8e, 0x25, 0x56, 0x22, 0x3a, 0x2d, 0x3a, 0x56, 0x41, 0x14,
115 0x1f, 0x1c, 0x8f, 0x53, 0x46, 0x13, 0x85, 0x02, 0x15, 0x00, 0x98, 0x7e,
116 0x92, 0x81, 0x88, 0xc7, 0x3f, 0x70, 0x49, 0x54, 0xf6, 0x76, 0xb4, 0xa3,
117 0x9e, 0x1d, 0x45, 0x98, 0x32, 0x7f, 0x02, 0x81, 0x80, 0x69, 0x4d, 0xef,
118 0x55, 0xff, 0x4d, 0x59, 0x2c, 0x01, 0xfa, 0x6a, 0x38, 0xe0, 0x70, 0x9f,
119 0x9e, 0x66, 0x8e, 0x3e, 0x8c, 0x52, 0x22, 0x9d, 0x15, 0x7e, 0x3c, 0xef,
120 0x4c, 0x7a, 0x61, 0x26, 0xe0, 0x2b, 0x81, 0x3f, 0xeb, 0xaf, 0x35, 0x38,
121 0x8d, 0xfe, 0xed, 0x46, 0xff, 0x5f, 0x03, 0x9b, 0x81, 0x92, 0xe7, 0x6f,
122 0x76, 0x4f, 0x1d, 0xd9, 0xbb, 0x89, 0xc9, 0x3e, 0xd9, 0x0b, 0xf9, 0xf4,
123 0x78, 0x11, 0x59, 0xc0, 0x1d, 0xcd, 0x0e, 0xa1, 0x6f, 0x15, 0xf1, 0x4d,
124 0xc1, 0xc9, 0x22, 0xed, 0x8d, 0xad, 0x67, 0xc5, 0x4b, 0x95, 0x93, 0x86,
125 0xa6, 0xaf, 0x8a, 0xee, 0x06, 0x89, 0x2f, 0x37, 0x7e, 0x64, 0xaa, 0xf6,
126 0xe7, 0xb1, 0x5a, 0x0a, 0x93, 0x95, 0x5d, 0x3e, 0x53, 0x9a, 0xde, 0x8a,
127 0xc2, 0x95, 0x45, 0x81, 0xbe, 0x5c, 0x2f, 0xc2, 0xb2, 0x92, 0x58, 0x19,
128 0x72, 0x80, 0xe9, 0x79, 0xa1, 0x02, 0x81, 0x80, 0x07, 0xd7, 0x62, 0xff,
129 0xdf, 0x1a, 0x3f, 0xed, 0x32, 0xd4, 0xd4, 0x88, 0x7b, 0x2c, 0x63, 0x7f,
130 0x97, 0xdc, 0x44, 0xd4, 0x84, 0xa2, 0xdd, 0x17, 0x16, 0x85, 0x13, 0xe0,
131 0xac, 0x51, 0x8d, 0x29, 0x1b, 0x75, 0x9a, 0xe4, 0xe3, 0x8a, 0x92, 0x69,
132 0x09, 0x03, 0xc5, 0x68, 0xae, 0x5e, 0x94, 0xfe, 0xc9, 0x92, 0x6c, 0x07,
133 0xb4, 0x1e, 0x64, 0x62, 0x87, 0xc6, 0xa4, 0xfd, 0x0d, 0x5f, 0xe5, 0xf9,
134 0x1b, 0x4f, 0x85, 0x5f, 0xae, 0xf3, 0x11, 0xe5, 0x18, 0xd4, 0x4d, 0x79,
135 0x9f, 0xc4, 0x79, 0x26, 0x04, 0x27, 0xf0, 0x0b, 0xee, 0x2b, 0x86, 0x9f,
136 0x86, 0x61, 0xe6, 0x51, 0xce, 0x04, 0x9b, 0x5d, 0x6b, 0x34, 0x43, 0x8c,
137 0x85, 0x3c, 0xf1, 0x51, 0x9b, 0x08, 0x23, 0x1b, 0xf5, 0x7e, 0x33, 0x12,
138 0xea, 0xab, 0x1f, 0xb7, 0x2d, 0xe2, 0x5f, 0xe6, 0x97, 0x99, 0xb5, 0x45,
139 0x16, 0x5b, 0xc3, 0x41, 0x02, 0x14, 0x61, 0xbf, 0x51, 0x60, 0xcf, 0xc8,
140 0xf1, 0x8c, 0x82, 0x97, 0xf2, 0xf4, 0x19, 0xba, 0x2b, 0xf3, 0x16, 0xbe,
146 * kExampleBadRSAKeyDER is an RSA private key in ASN.1, DER format. The private
147 * components are not correct.
149 static const unsigned char kExampleBadRSAKeyDER
[] = {
150 0x30, 0x82, 0x04, 0x27, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00,
151 0xa6, 0x1a, 0x1e, 0x6e, 0x7b, 0xee, 0xc6, 0x89, 0x66, 0xe7, 0x93, 0xef,
152 0x54, 0x12, 0x68, 0xea, 0xbf, 0x86, 0x2f, 0xdd, 0xd2, 0x79, 0xb8, 0xa9,
153 0x6e, 0x03, 0xc2, 0xa3, 0xb9, 0xa3, 0xe1, 0x4b, 0x2a, 0xb3, 0xf8, 0xb4,
154 0xcd, 0xea, 0xbe, 0x24, 0xa6, 0x57, 0x5b, 0x83, 0x1f, 0x0f, 0xf2, 0xd3,
155 0xb7, 0xac, 0x7e, 0xd6, 0x8e, 0x6e, 0x1e, 0xbf, 0xb8, 0x73, 0x8c, 0x05,
156 0x56, 0xe6, 0x35, 0x1f, 0xe9, 0x04, 0x0b, 0x09, 0x86, 0x7d, 0xf1, 0x26,
157 0x08, 0x99, 0xad, 0x7b, 0xc8, 0x4d, 0x94, 0xb0, 0x0b, 0x8b, 0x38, 0xa0,
158 0x5c, 0x62, 0xa0, 0xab, 0xd3, 0x8f, 0xd4, 0x09, 0x60, 0x72, 0x1e, 0x33,
159 0x50, 0x80, 0x6e, 0x22, 0xa6, 0x77, 0x57, 0x6b, 0x9a, 0x33, 0x21, 0x66,
160 0x87, 0x6e, 0x21, 0x7b, 0xc7, 0x24, 0x0e, 0xd8, 0x13, 0xdf, 0x83, 0xde,
161 0xcd, 0x40, 0x58, 0x1d, 0x84, 0x86, 0xeb, 0xb8, 0x12, 0x4e, 0xd2, 0xfa,
162 0x80, 0x1f, 0xe4, 0xe7, 0x96, 0x29, 0xb8, 0xcc, 0xce, 0x66, 0x6d, 0x53,
163 0xca, 0xb9, 0x5a, 0xd7, 0xf6, 0x84, 0x6c, 0x2d, 0x9a, 0x1a, 0x14, 0x1c,
164 0x4e, 0x93, 0x39, 0xba, 0x74, 0xed, 0xed, 0x87, 0x87, 0x5e, 0x48, 0x75,
165 0x36, 0xf0, 0xbc, 0x34, 0xfb, 0x29, 0xf9, 0x9f, 0x96, 0x5b, 0x0b, 0xa7,
166 0x54, 0x30, 0x51, 0x29, 0x18, 0x5b, 0x7d, 0xac, 0x0f, 0xd6, 0x5f, 0x7c,
167 0xf8, 0x98, 0x8c, 0xd8, 0x86, 0x62, 0xb3, 0xdc, 0xff, 0x0f, 0xff, 0x7a,
168 0xaf, 0x5c, 0x4c, 0x61, 0x49, 0x2e, 0xc8, 0x95, 0x86, 0xc4, 0x0e, 0x87,
169 0xfc, 0x1d, 0xcf, 0x8b, 0x7c, 0x61, 0xf6, 0xd8, 0xd0, 0x69, 0xf6, 0xcd,
170 0x8a, 0x8c, 0xf6, 0x62, 0xa2, 0x56, 0xa9, 0xe3, 0xd1, 0xcf, 0x4d, 0xa0,
171 0xf6, 0x2d, 0x20, 0x0a, 0x04, 0xb7, 0xa2, 0xf7, 0xb5, 0x99, 0x47, 0x18,
172 0x56, 0x85, 0x87, 0xc7, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01,
173 0x01, 0x00, 0x99, 0x41, 0x38, 0x1a, 0xd0, 0x96, 0x7a, 0xf0, 0x83, 0xd5,
174 0xdf, 0x94, 0xce, 0x89, 0x3d, 0xec, 0x7a, 0x52, 0x21, 0x10, 0x16, 0x06,
175 0xe0, 0xee, 0xd2, 0xe6, 0xfd, 0x4b, 0x7b, 0x19, 0x4d, 0xe1, 0xc0, 0xc0,
176 0xd5, 0x14, 0x5d, 0x79, 0xdd, 0x7e, 0x8b, 0x4b, 0xc6, 0xcf, 0xb0, 0x75,
177 0x52, 0xa3, 0x2d, 0xb1, 0x26, 0x46, 0x68, 0x9c, 0x0a, 0x1a, 0xf2, 0xe1,
178 0x09, 0xac, 0x53, 0x85, 0x8c, 0x36, 0xa9, 0x14, 0x65, 0xea, 0xa0, 0x00,
179 0xcb, 0xe3, 0x3f, 0xc4, 0x2b, 0x61, 0x2e, 0x6b, 0x06, 0x69, 0x77, 0xfd,
180 0x38, 0x7e, 0x1d, 0x3f, 0x92, 0xe7, 0x77, 0x08, 0x19, 0xa7, 0x9d, 0x29,
181 0x2d, 0xdc, 0x42, 0xc6, 0x7c, 0xd7, 0xd3, 0xa8, 0x01, 0x2c, 0xf2, 0xd5,
182 0x82, 0x57, 0xcb, 0x55, 0x3d, 0xe7, 0xaa, 0xd2, 0x06, 0x30, 0x30, 0x05,
183 0xe6, 0xf2, 0x47, 0x86, 0xba, 0xc6, 0x61, 0x64, 0xeb, 0x4f, 0x2a, 0x5e,
184 0x07, 0x29, 0xe0, 0x96, 0xb2, 0x43, 0xff, 0x5f, 0x1a, 0x54, 0x16, 0xcf,
185 0xb5, 0x56, 0x5c, 0xa0, 0x9b, 0x0c, 0xfd, 0xb3, 0xd2, 0xe3, 0x79, 0x1d,
186 0x21, 0xe2, 0xd6, 0x13, 0xc4, 0x74, 0xa6, 0xf5, 0x8e, 0x8e, 0x81, 0xbb,
187 0xb4, 0xad, 0x8a, 0xf0, 0x93, 0x0a, 0xd8, 0x0a, 0x42, 0x36, 0xbc, 0xe5,
188 0x26, 0x2a, 0x0d, 0x5d, 0x57, 0x13, 0xc5, 0x4e, 0x2f, 0x12, 0x0e, 0xef,
189 0xa7, 0x81, 0x1e, 0xc3, 0xa5, 0xdb, 0xc9, 0x24, 0xeb, 0x1a, 0xa1, 0xf9,
190 0xf6, 0xa1, 0x78, 0x98, 0x93, 0x77, 0x42, 0x45, 0x03, 0xe2, 0xc9, 0xa2,
191 0xfe, 0x2d, 0x77, 0xc8, 0xc6, 0xac, 0x9b, 0x98, 0x89, 0x6d, 0x9a, 0xe7,
192 0x61, 0x63, 0xb7, 0xf2, 0xec, 0xd6, 0xb1, 0xa1, 0x6e, 0x0a, 0x1a, 0xff,
193 0xfd, 0x43, 0x28, 0xc3, 0x0c, 0xdc, 0xf2, 0x47, 0x4f, 0x27, 0xaa, 0x99,
194 0x04, 0x8e, 0xac, 0xe8, 0x7c, 0x01, 0x02, 0x04, 0x12, 0x34, 0x56, 0x78,
195 0x02, 0x81, 0x81, 0x00, 0xca, 0x69, 0xe5, 0xbb, 0x3a, 0x90, 0x82, 0xcb,
196 0x82, 0x50, 0x2f, 0x29, 0xe2, 0x76, 0x6a, 0x57, 0x55, 0x45, 0x4e, 0x35,
197 0x18, 0x61, 0xe0, 0x12, 0x70, 0xc0, 0xab, 0xc7, 0x80, 0xa2, 0xd4, 0x46,
198 0x34, 0x03, 0xa0, 0x19, 0x26, 0x23, 0x9e, 0xef, 0x1a, 0xcb, 0x75, 0xd6,
199 0xba, 0x81, 0xf4, 0x7e, 0x52, 0xe5, 0x2a, 0xe8, 0xf1, 0x49, 0x6c, 0x0f,
200 0x1a, 0xa0, 0xf9, 0xc6, 0xe7, 0xec, 0x60, 0xe4, 0xcb, 0x2a, 0xb5, 0x56,
201 0xe9, 0x9c, 0xcd, 0x19, 0x75, 0x92, 0xb1, 0x66, 0xce, 0xc3, 0xd9, 0x3d,
202 0x11, 0xcb, 0xc4, 0x09, 0xce, 0x1e, 0x30, 0xba, 0x2f, 0x60, 0x60, 0x55,
203 0x8d, 0x02, 0xdc, 0x5d, 0xaf, 0xf7, 0x52, 0x31, 0x17, 0x07, 0x53, 0x20,
204 0x33, 0xad, 0x8c, 0xd5, 0x2f, 0x5a, 0xd0, 0x57, 0xd7, 0xd1, 0x80, 0xd6,
205 0x3a, 0x9b, 0x04, 0x4f, 0x35, 0xbf, 0xe7, 0xd5, 0xbc, 0x8f, 0xd4, 0x81,
206 0x02, 0x81, 0x81, 0x00, 0xc0, 0x9f, 0xf8, 0xcd, 0xf7, 0x3f, 0x26, 0x8a,
207 0x3d, 0x4d, 0x2b, 0x0c, 0x01, 0xd0, 0xa2, 0xb4, 0x18, 0xfe, 0xf7, 0x5e,
208 0x2f, 0x06, 0x13, 0xcd, 0x63, 0xaa, 0x12, 0xa9, 0x24, 0x86, 0xe3, 0xf3,
209 0x7b, 0xda, 0x1a, 0x3c, 0xb1, 0x38, 0x80, 0x80, 0xef, 0x64, 0x64, 0xa1,
210 0x9b, 0xfe, 0x76, 0x63, 0x8e, 0x83, 0xd2, 0xd9, 0xb9, 0x86, 0xb0, 0xe6,
211 0xa6, 0x0c, 0x7e, 0xa8, 0x84, 0x90, 0x98, 0x0c, 0x1e, 0xf3, 0x14, 0x77,
212 0xe0, 0x5f, 0x81, 0x08, 0x11, 0x8f, 0xa6, 0x23, 0xc4, 0xba, 0xc0, 0x8a,
213 0xe4, 0xc6, 0xe3, 0x5c, 0xbe, 0xc5, 0xec, 0x2c, 0xb9, 0xd8, 0x8c, 0x4d,
214 0x1a, 0x9d, 0xe7, 0x7c, 0x85, 0x4c, 0x0d, 0x71, 0x4e, 0x72, 0x33, 0x1b,
215 0xfe, 0xa9, 0x17, 0x72, 0x76, 0x56, 0x9d, 0x74, 0x7e, 0x52, 0x67, 0x9a,
216 0x87, 0x9a, 0xdb, 0x30, 0xde, 0xe4, 0x49, 0x28, 0x3b, 0xd2, 0x67, 0xaf,
217 0x02, 0x81, 0x81, 0x00, 0x89, 0x74, 0x9a, 0x8e, 0xa7, 0xb9, 0xa5, 0x28,
218 0xc0, 0x68, 0xe5, 0x6e, 0x63, 0x1c, 0x99, 0x20, 0x8f, 0x86, 0x8e, 0x12,
219 0x9e, 0x69, 0x30, 0xfa, 0x34, 0xd9, 0x92, 0x8d, 0xdb, 0x7c, 0x37, 0xfd,
220 0x28, 0xab, 0x61, 0x98, 0x52, 0x7f, 0x14, 0x1a, 0x39, 0xae, 0xfb, 0x6a,
221 0x03, 0xa3, 0xe6, 0xbd, 0xb6, 0x5b, 0x6b, 0xe5, 0x5e, 0x9d, 0xc6, 0xa5,
222 0x07, 0x27, 0x54, 0x17, 0xd0, 0x3d, 0x84, 0x9b, 0x3a, 0xa0, 0xd9, 0x1e,
223 0x99, 0x6c, 0x63, 0x17, 0xab, 0xf1, 0x1f, 0x49, 0xba, 0x95, 0xe3, 0x3b,
224 0x86, 0x8f, 0x42, 0xa4, 0x89, 0xf5, 0x94, 0x8f, 0x8b, 0x46, 0xbe, 0x84,
225 0xba, 0x4a, 0xbc, 0x0d, 0x5f, 0x46, 0xeb, 0xe8, 0xec, 0x43, 0x8c, 0x1e,
226 0xad, 0x19, 0x69, 0x2f, 0x08, 0x86, 0x7a, 0x3f, 0x7d, 0x0f, 0x07, 0x97,
227 0xf3, 0x9a, 0x7b, 0xb5, 0xb2, 0xc1, 0x8c, 0x95, 0x68, 0x04, 0xa0, 0x81,
228 0x02, 0x81, 0x80, 0x4e, 0xbf, 0x7e, 0x1b, 0xcb, 0x13, 0x61, 0x75, 0x3b,
229 0xdb, 0x59, 0x5f, 0xb1, 0xd4, 0xb8, 0xeb, 0x9e, 0x73, 0xb5, 0xe7, 0xf6,
230 0x89, 0x3d, 0x1c, 0xda, 0xf0, 0x36, 0xff, 0x35, 0xbd, 0x1e, 0x0b, 0x74,
231 0xe3, 0x9e, 0xf0, 0xf2, 0xf7, 0xd7, 0x82, 0xb7, 0x7b, 0x6a, 0x1b, 0x0e,
232 0x30, 0x4a, 0x98, 0x0e, 0xb4, 0xf9, 0x81, 0x07, 0xe4, 0x75, 0x39, 0xe9,
233 0x53, 0xca, 0xbb, 0x5c, 0xaa, 0x93, 0x07, 0x0e, 0xa8, 0x2f, 0xba, 0x98,
234 0x49, 0x30, 0xa7, 0xcc, 0x1a, 0x3c, 0x68, 0x0c, 0xe1, 0xa4, 0xb1, 0x05,
235 0xe6, 0xe0, 0x25, 0x78, 0x58, 0x14, 0x37, 0xf5, 0x1f, 0xe3, 0x22, 0xef,
236 0xa8, 0x0e, 0x22, 0xa0, 0x94, 0x3a, 0xf6, 0xc9, 0x13, 0xe6, 0x06, 0xbf,
237 0x7f, 0x99, 0xc6, 0xcc, 0xd8, 0xc6, 0xbe, 0xd9, 0x2e, 0x24, 0xc7, 0x69,
238 0x8c, 0x95, 0xba, 0xf6, 0x04, 0xb3, 0x0a, 0xf4, 0xcb, 0xf0, 0xce,
241 static const unsigned char kMsg
[] = { 1, 2, 3, 4 };
243 static const unsigned char kSignature
[] = {
244 0xa5, 0xf0, 0x8a, 0x47, 0x5d, 0x3c, 0xb3, 0xcc, 0xa9, 0x79, 0xaf, 0x4d,
245 0x8c, 0xae, 0x4c, 0x14, 0xef, 0xc2, 0x0b, 0x34, 0x36, 0xde, 0xf4, 0x3e,
246 0x3d, 0xbb, 0x4a, 0x60, 0x5c, 0xc8, 0x91, 0x28, 0xda, 0xfb, 0x7e, 0x04,
247 0x96, 0x7e, 0x63, 0x13, 0x90, 0xce, 0xb9, 0xb4, 0x62, 0x7a, 0xfd, 0x09,
248 0x3d, 0xc7, 0x67, 0x78, 0x54, 0x04, 0xeb, 0x52, 0x62, 0x6e, 0x24, 0x67,
249 0xb4, 0x40, 0xfc, 0x57, 0x62, 0xc6, 0xf1, 0x67, 0xc1, 0x97, 0x8f, 0x6a,
250 0xa8, 0xae, 0x44, 0x46, 0x5e, 0xab, 0x67, 0x17, 0x53, 0x19, 0x3a, 0xda,
251 0x5a, 0xc8, 0x16, 0x3e, 0x86, 0xd5, 0xc5, 0x71, 0x2f, 0xfc, 0x23, 0x48,
252 0xd9, 0x0b, 0x13, 0xdd, 0x7b, 0x5a, 0x25, 0x79, 0xef, 0xa5, 0x7b, 0x04,
253 0xed, 0x44, 0xf6, 0x18, 0x55, 0xe4, 0x0a, 0xe9, 0x57, 0x79, 0x5d, 0xd7,
254 0x55, 0xa7, 0xab, 0x45, 0x02, 0x97, 0x60, 0x42,
258 * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS #8
261 static const unsigned char kExampleRSAKeyPKCS8
[] = {
262 0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
263 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
264 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
265 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5,
266 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e,
267 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34,
268 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde,
269 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8,
270 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b,
271 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83,
272 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48,
273 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a,
274 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2,
275 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01,
276 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a,
277 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5,
278 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6,
279 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8,
280 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6,
281 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f,
282 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c,
283 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78,
284 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71,
285 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60,
286 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d,
287 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3,
288 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d,
289 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18,
290 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d,
291 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32,
292 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc,
293 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63,
294 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05,
295 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16,
296 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3,
297 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85,
298 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97,
299 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7,
300 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99,
301 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4,
302 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d,
303 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40,
304 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26,
305 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1,
306 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c,
307 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30,
308 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea,
309 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b,
310 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e,
311 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9,
312 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae,
313 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d,
314 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
317 #ifndef OPENSSL_NO_EC
319 * kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey
322 static const unsigned char kExampleECKeyDER
[] = {
323 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x07, 0x0f, 0x08, 0x72, 0x7a,
324 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 0x4d, 0x89, 0x68, 0x77, 0x08,
325 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 0xe8, 0xd1, 0xc9, 0xce, 0x0a,
326 0x8b, 0xb4, 0x6a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
327 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69,
328 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c,
329 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9,
330 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18,
331 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16,
332 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22,
337 * kExampleBadECKeyDER is a sample EC private key encoded as an ECPrivateKey
338 * structure. The private key is equal to the order and will fail to import
340 static const unsigned char kExampleBadECKeyDER
[] = {
341 0x30, 0x66, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48,
342 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03,
343 0x01, 0x07, 0x04, 0x4C, 0x30, 0x4A, 0x02, 0x01, 0x01, 0x04, 0x20, 0xFF,
344 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
345 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3,
346 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51, 0xA1, 0x23, 0x03, 0x21, 0x00,
347 0x00, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
348 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84,
349 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51
353 static const unsigned char kExampleECPubKeyDER
[] = {
354 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
355 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
356 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
357 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
358 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
359 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
360 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
361 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
365 * kExampleBadECPubKeyDER is a sample EC public key with a wrong OID
366 * 1.2.840.10045.2.2 instead of 1.2.840.10045.2.1 - EC Public Key
368 static const unsigned char kExampleBadECPubKeyDER
[] = {
369 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
370 0x02, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
371 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
372 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
373 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
374 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
375 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
376 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
379 static const unsigned char pExampleECParamDER
[] = {
380 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07
384 typedef struct APK_DATA_st
{
385 const unsigned char *kder
;
391 int type
; /* 0 for private, 1 for public, 2 for params */
394 static APK_DATA keydata
[] = {
395 {kExampleRSAKeyDER
, sizeof(kExampleRSAKeyDER
), EVP_PKEY_RSA
},
396 {kExampleRSAKeyPKCS8
, sizeof(kExampleRSAKeyPKCS8
), EVP_PKEY_RSA
},
397 #ifndef OPENSSL_NO_EC
398 {kExampleECKeyDER
, sizeof(kExampleECKeyDER
), EVP_PKEY_EC
}
402 static APK_DATA keycheckdata
[] = {
403 {kExampleRSAKeyDER
, sizeof(kExampleRSAKeyDER
), EVP_PKEY_RSA
, 1, 1, 1, 0},
404 {kExampleBadRSAKeyDER
, sizeof(kExampleBadRSAKeyDER
), EVP_PKEY_RSA
,
406 #ifndef OPENSSL_NO_EC
407 {kExampleECKeyDER
, sizeof(kExampleECKeyDER
), EVP_PKEY_EC
, 1, 1, 1, 0},
408 /* group is also associated in our pub key */
409 {kExampleECPubKeyDER
, sizeof(kExampleECPubKeyDER
), EVP_PKEY_EC
, 0, 1, 1, 1},
410 {pExampleECParamDER
, sizeof(pExampleECParamDER
), EVP_PKEY_EC
, 0, 0, 1, 2}
414 static EVP_PKEY
*load_example_key(const char *keytype
,
415 const unsigned char *data
, size_t data_len
)
417 const unsigned char **pdata
= &data
;
418 EVP_PKEY
*pkey
= NULL
;
419 OSSL_DECODER_CTX
*dctx
=
420 OSSL_DECODER_CTX_new_by_EVP_PKEY(&pkey
, "DER", NULL
, keytype
, 0,
423 /* |pkey| will be NULL on error */
424 (void)OSSL_DECODER_from_data(dctx
, pdata
, &data_len
);
425 OSSL_DECODER_CTX_free(dctx
);
429 static EVP_PKEY
*load_example_rsa_key(void)
431 return load_example_key("RSA", kExampleRSAKeyDER
,
432 sizeof(kExampleRSAKeyDER
));
435 #ifndef OPENSSL_NO_DSA
436 static EVP_PKEY
*load_example_dsa_key(void)
438 EVP_PKEY
*ret
= NULL
;
439 const unsigned char *derp
= kExampleDSAKeyDER
;
440 EVP_PKEY
*pkey
= NULL
;
443 if (!TEST_true(d2i_DSAPrivateKey(&dsa
, &derp
, sizeof(kExampleDSAKeyDER
))))
446 if (!TEST_ptr(pkey
= EVP_PKEY_new())
447 || !TEST_true(EVP_PKEY_set1_DSA(pkey
, dsa
)))
461 static EVP_PKEY
*load_example_hmac_key(void)
463 EVP_PKEY
*pkey
= NULL
;
464 unsigned char key
[] = {
465 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
466 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
467 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
470 pkey
= EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC
, NULL
, key
, sizeof(key
));
477 static int test_EVP_set_default_properties(void)
483 if (!TEST_ptr(ctx
= OSSL_LIB_CTX_new())
484 || !TEST_ptr(md
= EVP_MD_fetch(ctx
, "sha256", NULL
)))
489 if (!TEST_true(EVP_set_default_properties(ctx
, "provider=fizzbang"))
490 || !TEST_ptr_null(md
= EVP_MD_fetch(ctx
, "sha256", NULL
))
491 || !TEST_ptr(md
= EVP_MD_fetch(ctx
, "sha256", "-provider")))
496 if (!TEST_true(EVP_set_default_properties(ctx
, NULL
))
497 || !TEST_ptr(md
= EVP_MD_fetch(ctx
, "sha256", NULL
)))
502 OSSL_LIB_CTX_free(ctx
);
506 static int test_EVP_Enveloped(void)
509 EVP_CIPHER_CTX
*ctx
= NULL
;
510 EVP_PKEY
*keypair
= NULL
;
511 unsigned char *kek
= NULL
;
512 unsigned char iv
[EVP_MAX_IV_LENGTH
];
513 static const unsigned char msg
[] = { 1, 2, 3, 4, 5, 6, 7, 8 };
514 int len
, kek_len
, ciphertext_len
, plaintext_len
;
515 unsigned char ciphertext
[32], plaintext
[16];
516 const EVP_CIPHER
*type
= EVP_aes_256_cbc();
518 if (!TEST_ptr(keypair
= load_example_rsa_key())
519 || !TEST_ptr(kek
= OPENSSL_zalloc(EVP_PKEY_size(keypair
)))
520 || !TEST_ptr(ctx
= EVP_CIPHER_CTX_new())
521 || !TEST_true(EVP_SealInit(ctx
, type
, &kek
, &kek_len
, iv
,
523 || !TEST_true(EVP_SealUpdate(ctx
, ciphertext
, &ciphertext_len
,
525 || !TEST_true(EVP_SealFinal(ctx
, ciphertext
+ ciphertext_len
,
529 ciphertext_len
+= len
;
531 if (!TEST_true(EVP_OpenInit(ctx
, type
, kek
, kek_len
, iv
, keypair
))
532 || !TEST_true(EVP_OpenUpdate(ctx
, plaintext
, &plaintext_len
,
533 ciphertext
, ciphertext_len
))
534 || !TEST_true(EVP_OpenFinal(ctx
, plaintext
+ plaintext_len
, &len
)))
537 plaintext_len
+= len
;
538 if (!TEST_mem_eq(msg
, sizeof(msg
), plaintext
, plaintext_len
))
544 EVP_PKEY_free(keypair
);
545 EVP_CIPHER_CTX_free(ctx
);
550 * Test 0: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, RSA)
551 * Test 1: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, DSA)
552 * Test 2: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, HMAC)
553 * Test 3: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, RSA)
554 * Test 4: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, DSA)
555 * Test 5: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch diegst, HMAC)
556 * Test 6: Use an MD BIO to do the Update calls instead (RSA)
557 * Test 7: Use an MD BIO to do the Update calls instead (DSA)
558 * Test 8: Use an MD BIO to do the Update calls instead (HMAC)
560 static int test_EVP_DigestSignInit(int tst
)
563 EVP_PKEY
*pkey
= NULL
;
564 unsigned char *sig
= NULL
;
566 EVP_MD_CTX
*md_ctx
= NULL
, *md_ctx_verify
= NULL
;
567 EVP_MD_CTX
*a_md_ctx
= NULL
, *a_md_ctx_verify
= NULL
;
568 BIO
*mdbio
= NULL
, *membio
= NULL
;
571 EVP_MD
*mdexp
= NULL
;
574 membio
= BIO_new(BIO_s_mem());
575 mdbio
= BIO_new(BIO_f_md());
576 if (!TEST_ptr(membio
) || !TEST_ptr(mdbio
))
578 BIO_push(mdbio
, membio
);
579 if (!TEST_int_gt(BIO_get_md_ctx(mdbio
, &md_ctx
), 0))
582 if (!TEST_ptr(a_md_ctx
= md_ctx
= EVP_MD_CTX_new())
583 || !TEST_ptr(a_md_ctx_verify
= md_ctx_verify
= EVP_MD_CTX_new()))
587 if (tst
== 0 || tst
== 3 || tst
== 6) {
588 if (!TEST_ptr(pkey
= load_example_rsa_key()))
590 } else if (tst
== 1 || tst
== 4 || tst
== 7) {
591 #ifndef OPENSSL_NO_DSA
592 if (!TEST_ptr(pkey
= load_example_dsa_key()))
599 if (!TEST_ptr(pkey
= load_example_hmac_key()))
603 if (tst
>= 3 && tst
<= 5)
604 md
= mdexp
= EVP_MD_fetch(NULL
, "SHA256", NULL
);
608 if (!TEST_true(EVP_DigestSignInit(md_ctx
, NULL
, md
, NULL
, pkey
)))
612 if (!BIO_write_ex(mdbio
, kMsg
, sizeof(kMsg
), &written
))
615 if (!TEST_true(EVP_DigestSignUpdate(md_ctx
, kMsg
, sizeof(kMsg
))))
619 /* Determine the size of the signature. */
620 if (!TEST_true(EVP_DigestSignFinal(md_ctx
, NULL
, &sig_len
))
621 || !TEST_ptr(sig
= OPENSSL_malloc(sig_len
))
622 || !TEST_true(EVP_DigestSignFinal(md_ctx
, sig
, &sig_len
)))
626 if (!TEST_int_gt(BIO_reset(mdbio
), 0)
627 || !TEST_int_gt(BIO_get_md_ctx(mdbio
, &md_ctx_verify
), 0))
632 * Ensure that the signature round-trips (Verification isn't supported for
633 * HMAC via EVP_DigestVerify*)
635 if (tst
!= 2 && tst
!= 5 && tst
!= 8) {
636 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify
, NULL
, md
,
641 if (!TEST_true(BIO_write_ex(mdbio
, kMsg
, sizeof(kMsg
), &written
)))
644 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify
, kMsg
,
648 if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify
, sig
, sig_len
)))
657 EVP_MD_CTX_free(a_md_ctx
);
658 EVP_MD_CTX_free(a_md_ctx_verify
);
666 static int test_EVP_DigestVerifyInit(void)
669 EVP_PKEY
*pkey
= NULL
;
670 EVP_MD_CTX
*md_ctx
= NULL
;
672 if (!TEST_ptr(md_ctx
= EVP_MD_CTX_new())
673 || !TEST_ptr(pkey
= load_example_rsa_key()))
676 if (!TEST_true(EVP_DigestVerifyInit(md_ctx
, NULL
, EVP_sha256(), NULL
, pkey
))
677 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx
, kMsg
, sizeof(kMsg
)))
678 || !TEST_true(EVP_DigestVerifyFinal(md_ctx
, kSignature
,
679 sizeof(kSignature
))))
684 EVP_MD_CTX_free(md_ctx
);
689 static int test_d2i_AutoPrivateKey(int i
)
692 const unsigned char *p
;
693 EVP_PKEY
*pkey
= NULL
;
694 const APK_DATA
*ak
= &keydata
[i
];
695 const unsigned char *input
= ak
->kder
;
696 size_t input_len
= ak
->size
;
697 int expected_id
= ak
->evptype
;
700 if (!TEST_ptr(pkey
= d2i_AutoPrivateKey(NULL
, &p
, input_len
))
701 || !TEST_ptr_eq(p
, input
+ input_len
)
702 || !TEST_int_eq(EVP_PKEY_id(pkey
), expected_id
))
712 #ifndef OPENSSL_NO_EC
714 static const unsigned char ec_public_sect163k1_validxy
[] = {
715 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
716 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
717 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
718 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x02, 0xd1, 0x7b,
719 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
720 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
723 static const unsigned char ec_public_sect163k1_badx
[] = {
724 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
725 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
726 0x0a, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
727 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0xb0, 0x02, 0xd1, 0x7b,
728 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
729 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
732 static const unsigned char ec_public_sect163k1_bady
[] = {
733 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
734 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
735 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
736 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x0a, 0xd1, 0x7b,
737 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
738 0x6a, 0xd8, 0x17, 0x65, 0x41, 0xe6
741 static struct ec_der_pub_keys_st
{
742 const unsigned char *der
;
745 } ec_der_pub_keys
[] = {
746 { ec_public_sect163k1_validxy
, sizeof(ec_public_sect163k1_validxy
), 1 },
747 { ec_public_sect163k1_badx
, sizeof(ec_public_sect163k1_badx
), 0 },
748 { ec_public_sect163k1_bady
, sizeof(ec_public_sect163k1_bady
), 0 },
752 * Tests the range of the decoded EC char2 public point.
753 * See ec_GF2m_simple_oct2point().
755 static int test_invalide_ec_char2_pub_range_decode(int id
)
759 EC_KEY
*eckey
= NULL
;
761 if (!TEST_ptr(bio
= BIO_new_mem_buf(ec_der_pub_keys
[id
].der
,
762 ec_der_pub_keys
[id
].len
)))
764 eckey
= d2i_EC_PUBKEY_bio(bio
, NULL
);
765 ret
= (ec_der_pub_keys
[id
].valid
&& TEST_ptr(eckey
))
766 || TEST_ptr_null(eckey
);
773 /* Tests loading a bad key in PKCS8 format */
774 static int test_EVP_PKCS82PKEY(void)
777 const unsigned char *derp
= kExampleBadECKeyDER
;
778 PKCS8_PRIV_KEY_INFO
*p8inf
= NULL
;
779 EVP_PKEY
*pkey
= NULL
;
781 if (!TEST_ptr(p8inf
= d2i_PKCS8_PRIV_KEY_INFO(NULL
, &derp
,
782 sizeof(kExampleBadECKeyDER
))))
785 if (!TEST_ptr_eq(derp
,
786 kExampleBadECKeyDER
+ sizeof(kExampleBadECKeyDER
)))
789 if (!TEST_ptr_null(pkey
= EVP_PKCS82PKEY(p8inf
)))
795 PKCS8_PRIV_KEY_INFO_free(p8inf
);
802 /* This uses kExampleRSAKeyDER and kExampleRSAKeyPKCS8 to verify encoding */
803 static int test_privatekey_to_pkcs8(void)
805 EVP_PKEY
*pkey
= NULL
;
811 if (!TEST_ptr(membio
= BIO_new(BIO_s_mem()))
812 || !TEST_ptr(pkey
= load_example_rsa_key())
813 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio
, pkey
, NULL
,
814 NULL
, 0, NULL
, NULL
),
816 || !TEST_int_gt(membuf_len
= BIO_get_mem_data(membio
, &membuf
), 0)
818 || !TEST_mem_eq(membuf
, (size_t)membuf_len
,
819 kExampleRSAKeyPKCS8
, sizeof(kExampleRSAKeyPKCS8
))
821 * We try to write PEM as well, just to see that it doesn't err, but
822 * assume that the result is correct.
824 || !TEST_int_gt(PEM_write_bio_PKCS8PrivateKey(membio
, pkey
, NULL
,
825 NULL
, 0, NULL
, NULL
),
832 BIO_free_all(membio
);
836 #ifndef OPENSSL_NO_EC
837 static const struct {
839 const char *encoding_name
;
841 { OPENSSL_EC_EXPLICIT_CURVE
, OSSL_PKEY_EC_ENCODING_EXPLICIT
},
842 { OPENSSL_EC_NAMED_CURVE
, OSSL_PKEY_EC_ENCODING_GROUP
}
845 static int ec_export_get_encoding_cb(const OSSL_PARAM params
[], void *arg
)
848 const char *enc_name
= NULL
;
854 if (!TEST_ptr(p
= OSSL_PARAM_locate_const(params
,
855 OSSL_PKEY_PARAM_EC_ENCODING
))
856 || !TEST_true(OSSL_PARAM_get_utf8_string_ptr(p
, &enc_name
)))
859 for (i
= 0; i
< OSSL_NELEM(ec_encodings
); i
++) {
860 if (strcasecmp(enc_name
, ec_encodings
[i
].encoding_name
) == 0) {
861 *enc
= ec_encodings
[i
].encoding
;
869 static int test_EC_keygen_with_enc(int idx
)
871 EVP_PKEY
*params
= NULL
, *key
= NULL
;
872 EVP_PKEY_CTX
*pctx
= NULL
, *kctx
= NULL
;
876 enc
= ec_encodings
[idx
].encoding
;
878 /* Create key parameters */
879 if (!TEST_ptr(pctx
= EVP_PKEY_CTX_new_from_name(testctx
, "EC", NULL
))
880 || !TEST_true(EVP_PKEY_paramgen_init(pctx
))
881 || !TEST_true(EVP_PKEY_CTX_set_group_name(pctx
, "P-256"))
882 || !TEST_true(EVP_PKEY_CTX_set_ec_param_enc(pctx
, enc
))
883 || !TEST_true(EVP_PKEY_paramgen(pctx
, ¶ms
))
884 || !TEST_ptr(params
))
888 if (!TEST_ptr(kctx
= EVP_PKEY_CTX_new_from_pkey(testctx
, params
, NULL
))
889 || !TEST_true(EVP_PKEY_keygen_init(kctx
))
890 || !TEST_true(EVP_PKEY_keygen(kctx
, &key
))
894 /* Check that the encoding got all the way into the key */
895 if (!TEST_true(evp_keymgmt_util_export(key
, OSSL_KEYMGMT_SELECT_ALL
,
896 ec_export_get_encoding_cb
, &enc
))
897 || !TEST_int_eq(enc
, ec_encodings
[idx
].encoding
))
903 EVP_PKEY_free(params
);
904 EVP_PKEY_CTX_free(kctx
);
905 EVP_PKEY_CTX_free(pctx
);
910 #if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
912 static int test_EVP_SM2_verify(void)
915 "-----BEGIN PUBLIC KEY-----\n"
916 "MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEp1KLWq1ZE2jmoAnnBJE1LBGxVr18\n"
917 "YvvqECWCpXfAQ9qUJ+UmthnUPf0iM3SaXKHe6PlLIDyNlWMWb9RUh/yU3g==\n"
918 "-----END PUBLIC KEY-----\n";
920 const char *msg
= "message digest";
921 const char *id
= "ALICE123@YAHOO.COM";
923 const uint8_t signature
[] = {
924 0x30, 0x44, 0x02, 0x20, 0x5b, 0xdb, 0xab, 0x81, 0x4f, 0xbb,
925 0x8b, 0x69, 0xb1, 0x05, 0x9c, 0x99, 0x3b, 0xb2, 0x45, 0x06,
926 0x4a, 0x30, 0x15, 0x59, 0x84, 0xcd, 0xee, 0x30, 0x60, 0x36,
927 0x57, 0x87, 0xef, 0x5c, 0xd0, 0xbe, 0x02, 0x20, 0x43, 0x8d,
928 0x1f, 0xc7, 0x77, 0x72, 0x39, 0xbb, 0x72, 0xe1, 0xfd, 0x07,
929 0x58, 0xd5, 0x82, 0xc8, 0x2d, 0xba, 0x3b, 0x2c, 0x46, 0x24,
930 0xe3, 0x50, 0xff, 0x04, 0xc7, 0xa0, 0x71, 0x9f, 0xa4, 0x70
935 EVP_PKEY
*pkey
= NULL
;
936 EVP_MD_CTX
*mctx
= NULL
;
937 EVP_PKEY_CTX
*pctx
= NULL
;
939 bio
= BIO_new_mem_buf(pubkey
, strlen(pubkey
));
940 if (!TEST_true(bio
!= NULL
))
943 pkey
= PEM_read_bio_PUBKEY(bio
, NULL
, NULL
, NULL
);
944 if (!TEST_true(pkey
!= NULL
))
947 if (!TEST_true(EVP_PKEY_is_a(pkey
, "SM2")))
950 if (!TEST_ptr(mctx
= EVP_MD_CTX_new()))
953 if (!TEST_ptr(pctx
= EVP_PKEY_CTX_new(pkey
, NULL
)))
956 EVP_MD_CTX_set_pkey_ctx(mctx
, pctx
);
958 if (!TEST_true(EVP_DigestVerifyInit(mctx
, NULL
, EVP_sm3(), NULL
, pkey
)))
961 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(pctx
, id
, strlen(id
)), 0))
964 if (!TEST_true(EVP_DigestVerifyUpdate(mctx
, msg
, strlen(msg
))))
967 if (!TEST_true(EVP_DigestVerifyFinal(mctx
, signature
, sizeof(signature
))))
974 EVP_PKEY_CTX_free(pctx
);
975 EVP_MD_CTX_free(mctx
);
979 static int test_EVP_SM2(void)
982 EVP_PKEY
*pkey
= NULL
;
983 EVP_PKEY
*pkeyparams
= NULL
;
984 EVP_PKEY_CTX
*pctx
= NULL
;
985 EVP_PKEY_CTX
*kctx
= NULL
;
986 EVP_PKEY_CTX
*sctx
= NULL
;
988 unsigned char *sig
= NULL
;
989 EVP_MD_CTX
*md_ctx
= NULL
;
990 EVP_MD_CTX
*md_ctx_verify
= NULL
;
991 EVP_PKEY_CTX
*cctx
= NULL
;
993 uint8_t ciphertext
[128];
994 size_t ctext_len
= sizeof(ciphertext
);
996 uint8_t plaintext
[8];
997 size_t ptext_len
= sizeof(plaintext
);
999 uint8_t sm2_id
[] = {1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r'};
1001 OSSL_PARAM sparams
[2] = {OSSL_PARAM_END
, OSSL_PARAM_END
};
1002 OSSL_PARAM gparams
[2] = {OSSL_PARAM_END
, OSSL_PARAM_END
};
1006 pctx
= EVP_PKEY_CTX_new_id(EVP_PKEY_SM2
, NULL
);
1007 if (!TEST_ptr(pctx
))
1010 if (!TEST_true(EVP_PKEY_paramgen_init(pctx
) == 1))
1013 /* TODO is this even needed? */
1014 if (!TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx
, NID_sm2
)))
1017 if (!TEST_true(EVP_PKEY_paramgen(pctx
, &pkeyparams
)))
1020 kctx
= EVP_PKEY_CTX_new(pkeyparams
, NULL
);
1021 if (!TEST_ptr(kctx
))
1024 if (!TEST_true(EVP_PKEY_keygen_init(kctx
)))
1027 if (!TEST_true(EVP_PKEY_keygen(kctx
, &pkey
)))
1030 if (!TEST_ptr(md_ctx
= EVP_MD_CTX_new()))
1033 if (!TEST_ptr(md_ctx_verify
= EVP_MD_CTX_new()))
1036 if (!TEST_ptr(sctx
= EVP_PKEY_CTX_new(pkey
, NULL
)))
1039 EVP_MD_CTX_set_pkey_ctx(md_ctx
, sctx
);
1040 EVP_MD_CTX_set_pkey_ctx(md_ctx_verify
, sctx
);
1042 if (!TEST_true(EVP_DigestSignInit(md_ctx
, NULL
, EVP_sm3(), NULL
, pkey
)))
1045 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx
, sm2_id
, sizeof(sm2_id
)), 0))
1048 if(!TEST_true(EVP_DigestSignUpdate(md_ctx
, kMsg
, sizeof(kMsg
))))
1051 /* Determine the size of the signature. */
1052 if (!TEST_true(EVP_DigestSignFinal(md_ctx
, NULL
, &sig_len
)))
1055 if (!TEST_ptr(sig
= OPENSSL_malloc(sig_len
)))
1058 if (!TEST_true(EVP_DigestSignFinal(md_ctx
, sig
, &sig_len
)))
1061 /* Ensure that the signature round-trips. */
1063 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify
, NULL
, EVP_sm3(), NULL
, pkey
)))
1066 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx
, sm2_id
, sizeof(sm2_id
)), 0))
1069 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify
, kMsg
, sizeof(kMsg
))))
1072 if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify
, sig
, sig_len
)))
1075 /* now check encryption/decryption */
1077 gparams
[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST
,
1078 mdname
, sizeof(mdname
));
1079 for (i
= 0; i
< 2; i
++) {
1080 EVP_PKEY_CTX_free(cctx
);
1082 sparams
[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST
,
1083 i
== 0 ? "SM3" : "SHA2-256",
1086 if (!TEST_ptr(cctx
= EVP_PKEY_CTX_new(pkey
, NULL
)))
1089 if (!TEST_true(EVP_PKEY_encrypt_init(cctx
)))
1092 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx
, sparams
)))
1095 if (!TEST_true(EVP_PKEY_encrypt(cctx
, ciphertext
, &ctext_len
, kMsg
,
1099 if (!TEST_true(EVP_PKEY_decrypt_init(cctx
)))
1102 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx
, sparams
)))
1105 if (!TEST_true(EVP_PKEY_decrypt(cctx
, plaintext
, &ptext_len
, ciphertext
,
1109 if (!TEST_true(EVP_PKEY_CTX_get_params(cctx
, gparams
)))
1112 /* Test we're still using the digest we think we are */
1113 if (i
== 0 && !TEST_int_eq(strcmp(mdname
, "SM3"), 0))
1115 if (i
== 1 && !TEST_int_eq(strcmp(mdname
, "SHA2-256"), 0))
1118 if (!TEST_true(ptext_len
== sizeof(kMsg
)))
1121 if (!TEST_true(memcmp(plaintext
, kMsg
, sizeof(kMsg
)) == 0))
1127 EVP_PKEY_CTX_free(pctx
);
1128 EVP_PKEY_CTX_free(kctx
);
1129 EVP_PKEY_CTX_free(sctx
);
1130 EVP_PKEY_CTX_free(cctx
);
1131 EVP_PKEY_free(pkey
);
1132 EVP_PKEY_free(pkeyparams
);
1133 EVP_MD_CTX_free(md_ctx
);
1134 EVP_MD_CTX_free(md_ctx_verify
);
1141 static struct keys_st
{
1147 EVP_PKEY_HMAC
, "0123456789", NULL
1149 EVP_PKEY_POLY1305
, "01234567890123456789012345678901", NULL
1151 EVP_PKEY_SIPHASH
, "0123456789012345", NULL
1153 #ifndef OPENSSL_NO_EC
1155 EVP_PKEY_X25519
, "01234567890123456789012345678901",
1156 "abcdefghijklmnopqrstuvwxyzabcdef"
1158 EVP_PKEY_ED25519
, "01234567890123456789012345678901",
1159 "abcdefghijklmnopqrstuvwxyzabcdef"
1162 "01234567890123456789012345678901234567890123456789012345",
1163 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd"
1166 "012345678901234567890123456789012345678901234567890123456",
1167 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcde"
1172 static int test_set_get_raw_keys_int(int tst
, int pub
, int uselibctx
)
1175 unsigned char buf
[80];
1177 size_t inlen
, len
= 0;
1180 /* Check if this algorithm supports public keys */
1181 if (keys
[tst
].pub
== NULL
)
1184 memset(buf
, 0, sizeof(buf
));
1187 inlen
= strlen(keys
[tst
].pub
);
1188 in
= (unsigned char *)keys
[tst
].pub
;
1190 pkey
= EVP_PKEY_new_raw_public_key_ex(
1192 OBJ_nid2sn(keys
[tst
].type
),
1197 pkey
= EVP_PKEY_new_raw_public_key(keys
[tst
].type
,
1203 inlen
= strlen(keys
[tst
].priv
);
1204 in
= (unsigned char *)keys
[tst
].priv
;
1206 pkey
= EVP_PKEY_new_raw_private_key_ex(
1207 testctx
, OBJ_nid2sn(keys
[tst
].type
),
1212 pkey
= EVP_PKEY_new_raw_private_key(keys
[tst
].type
,
1220 || (!pub
&& !TEST_true(EVP_PKEY_get_raw_private_key(pkey
, NULL
, &len
)))
1221 || (pub
&& !TEST_true(EVP_PKEY_get_raw_public_key(pkey
, NULL
, &len
)))
1222 || !TEST_true(len
== inlen
)
1223 || (!pub
&& !TEST_true(EVP_PKEY_get_raw_private_key(pkey
, buf
, &len
)))
1224 || (pub
&& !TEST_true(EVP_PKEY_get_raw_public_key(pkey
, buf
, &len
)))
1225 || !TEST_mem_eq(in
, inlen
, buf
, len
))
1230 EVP_PKEY_free(pkey
);
1234 static int test_set_get_raw_keys(int tst
)
1236 return test_set_get_raw_keys_int(tst
, 0, 0)
1237 && test_set_get_raw_keys_int(tst
, 0, 1)
1238 && test_set_get_raw_keys_int(tst
, 1, 0)
1239 && test_set_get_raw_keys_int(tst
, 1, 1);
1242 #ifndef OPENSSL_NO_DEPRECATED_3_0
1243 static int pkey_custom_check(EVP_PKEY
*pkey
)
1248 static int pkey_custom_pub_check(EVP_PKEY
*pkey
)
1253 static int pkey_custom_param_check(EVP_PKEY
*pkey
)
1258 static EVP_PKEY_METHOD
*custom_pmeth
;
1261 static int test_EVP_PKEY_check(int i
)
1264 const unsigned char *p
;
1265 EVP_PKEY
*pkey
= NULL
;
1266 #ifndef OPENSSL_NO_EC
1267 EC_KEY
*eckey
= NULL
;
1269 EVP_PKEY_CTX
*ctx
= NULL
;
1270 #ifndef OPENSSL_NO_DEPRECATED_3_0
1271 EVP_PKEY_CTX
*ctx2
= NULL
;
1273 const APK_DATA
*ak
= &keycheckdata
[i
];
1274 const unsigned char *input
= ak
->kder
;
1275 size_t input_len
= ak
->size
;
1276 int expected_id
= ak
->evptype
;
1277 int expected_check
= ak
->check
;
1278 int expected_pub_check
= ak
->pub_check
;
1279 int expected_param_check
= ak
->param_check
;
1280 int type
= ak
->type
;
1287 if (!TEST_ptr(pkey
= d2i_AutoPrivateKey(NULL
, &p
, input_len
))
1288 || !TEST_ptr_eq(p
, input
+ input_len
)
1289 || !TEST_int_eq(EVP_PKEY_id(pkey
), expected_id
))
1292 #ifndef OPENSSL_NO_EC
1294 if (!TEST_ptr(pubkey
= BIO_new_mem_buf(input
, input_len
))
1295 || !TEST_ptr(eckey
= d2i_EC_PUBKEY_bio(pubkey
, NULL
))
1296 || !TEST_ptr(pkey
= EVP_PKEY_new())
1297 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey
, eckey
)))
1301 if (!TEST_ptr(eckey
= d2i_ECParameters(NULL
, &p
, input_len
))
1302 || !TEST_ptr_eq(p
, input
+ input_len
)
1303 || !TEST_ptr(pkey
= EVP_PKEY_new())
1304 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey
, eckey
)))
1312 if (!TEST_ptr(ctx
= EVP_PKEY_CTX_new(pkey
, NULL
)))
1315 if (!TEST_int_eq(EVP_PKEY_check(ctx
), expected_check
))
1318 if (!TEST_int_eq(EVP_PKEY_public_check(ctx
), expected_pub_check
))
1321 if (!TEST_int_eq(EVP_PKEY_param_check(ctx
), expected_param_check
))
1324 #ifndef OPENSSL_NO_DEPRECATED_3_0
1325 ctx2
= EVP_PKEY_CTX_new_id(0xdefaced, NULL
);
1326 /* assign the pkey directly, as an internal test */
1327 EVP_PKEY_up_ref(pkey
);
1330 if (!TEST_int_eq(EVP_PKEY_check(ctx2
), 0xbeef))
1333 if (!TEST_int_eq(EVP_PKEY_public_check(ctx2
), 0xbeef))
1336 if (!TEST_int_eq(EVP_PKEY_param_check(ctx2
), 0xbeef))
1343 EVP_PKEY_CTX_free(ctx
);
1344 #ifndef OPENSSL_NO_DEPRECATED_3_0
1345 EVP_PKEY_CTX_free(ctx2
);
1347 EVP_PKEY_free(pkey
);
1352 #ifndef OPENSSL_NO_CMAC
1353 static int get_cmac_val(EVP_PKEY
*pkey
, unsigned char *mac
)
1355 EVP_MD_CTX
*mdctx
= EVP_MD_CTX_new();
1356 const char msg
[] = "Hello World";
1360 if (!TEST_ptr(mdctx
)
1361 || !TEST_true(EVP_DigestSignInit(mdctx
, NULL
, NULL
, NULL
, pkey
))
1362 || !TEST_true(EVP_DigestSignUpdate(mdctx
, msg
, sizeof(msg
)))
1363 || !TEST_true(EVP_DigestSignFinal(mdctx
, mac
, &maclen
))
1364 || !TEST_size_t_eq(maclen
, AES_BLOCK_SIZE
))
1367 EVP_MD_CTX_free(mdctx
);
1371 static int test_CMAC_keygen(void)
1373 static unsigned char key
[] = {
1374 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
1375 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
1376 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
1379 * This is a legacy method for CMACs, but should still work.
1380 * This verifies that it works without an ENGINE.
1382 EVP_PKEY_CTX
*kctx
= EVP_PKEY_CTX_new_id(EVP_PKEY_CMAC
, NULL
);
1384 EVP_PKEY
*pkey
= NULL
;
1385 unsigned char mac
[AES_BLOCK_SIZE
], mac2
[AES_BLOCK_SIZE
];
1387 /* Test a CMAC key created using the "generated" method */
1388 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx
), 0)
1389 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx
, -1, EVP_PKEY_OP_KEYGEN
,
1390 EVP_PKEY_CTRL_CIPHER
,
1391 0, (void *)EVP_aes_256_ecb()), 0)
1392 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx
, -1, EVP_PKEY_OP_KEYGEN
,
1393 EVP_PKEY_CTRL_SET_MAC_KEY
,
1394 sizeof(key
), (void *)key
), 0)
1395 || !TEST_int_gt(EVP_PKEY_keygen(kctx
, &pkey
), 0)
1397 || !TEST_true(get_cmac_val(pkey
, mac
)))
1400 EVP_PKEY_free(pkey
);
1403 * Test a CMAC key using the direct method, and compare with the mac
1406 pkey
= EVP_PKEY_new_CMAC_key(NULL
, key
, sizeof(key
), EVP_aes_256_ecb());
1408 || !TEST_true(get_cmac_val(pkey
, mac2
))
1409 || !TEST_mem_eq(mac
, sizeof(mac
), mac2
, sizeof(mac2
)))
1415 EVP_PKEY_free(pkey
);
1416 EVP_PKEY_CTX_free(kctx
);
1421 static int test_HKDF(void)
1424 unsigned char out
[20];
1427 unsigned char salt
[] = "0123456789";
1428 unsigned char key
[] = "012345678901234567890123456789";
1429 unsigned char info
[] = "infostring";
1430 const unsigned char expected
[] = {
1431 0xe5, 0x07, 0x70, 0x7f, 0xc6, 0x78, 0xd6, 0x54, 0x32, 0x5f, 0x7e, 0xc5,
1432 0x7b, 0x59, 0x3e, 0xd8, 0x03, 0x6b, 0xed, 0xca
1434 size_t expectedlen
= sizeof(expected
);
1436 if (!TEST_ptr(pctx
= EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF
, NULL
)))
1439 /* We do this twice to test reuse of the EVP_PKEY_CTX */
1440 for (i
= 0; i
< 2; i
++) {
1441 outlen
= sizeof(out
);
1442 memset(out
, 0, outlen
);
1444 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx
), 0)
1445 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx
, EVP_sha256()), 0)
1446 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx
, salt
,
1447 sizeof(salt
) - 1), 0)
1448 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx
, key
,
1449 sizeof(key
) - 1), 0)
1450 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx
, info
,
1451 sizeof(info
) - 1), 0)
1452 || !TEST_int_gt(EVP_PKEY_derive(pctx
, out
, &outlen
), 0)
1453 || !TEST_mem_eq(out
, outlen
, expected
, expectedlen
))
1460 EVP_PKEY_CTX_free(pctx
);
1465 static int test_emptyikm_HKDF(void)
1468 unsigned char out
[20];
1471 unsigned char salt
[] = "9876543210";
1472 unsigned char key
[] = "";
1473 unsigned char info
[] = "stringinfo";
1474 const unsigned char expected
[] = {
1475 0x68, 0x81, 0xa5, 0x3e, 0x5b, 0x9c, 0x7b, 0x6f, 0x2e, 0xec, 0xc8, 0x47,
1476 0x7c, 0xfa, 0x47, 0x35, 0x66, 0x82, 0x15, 0x30
1478 size_t expectedlen
= sizeof(expected
);
1480 if (!TEST_ptr(pctx
= EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF
, NULL
)))
1483 outlen
= sizeof(out
);
1484 memset(out
, 0, outlen
);
1486 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx
), 0)
1487 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx
, EVP_sha256()), 0)
1488 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx
, salt
,
1489 sizeof(salt
) - 1), 0)
1490 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx
, key
,
1491 sizeof(key
) - 1), 0)
1492 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx
, info
,
1493 sizeof(info
) - 1), 0)
1494 || !TEST_int_gt(EVP_PKEY_derive(pctx
, out
, &outlen
), 0)
1495 || !TEST_mem_eq(out
, outlen
, expected
, expectedlen
))
1501 EVP_PKEY_CTX_free(pctx
);
1506 #ifndef OPENSSL_NO_EC
1507 static int test_X509_PUBKEY_inplace(void)
1510 X509_PUBKEY
*xp
= NULL
;
1511 const unsigned char *p
= kExampleECPubKeyDER
;
1512 size_t input_len
= sizeof(kExampleECPubKeyDER
);
1514 if (!TEST_ptr(xp
= d2i_X509_PUBKEY(NULL
, &p
, input_len
)))
1517 if (!TEST_ptr(X509_PUBKEY_get0(xp
)))
1520 p
= kExampleBadECPubKeyDER
;
1521 input_len
= sizeof(kExampleBadECPubKeyDER
);
1523 if (!TEST_ptr(xp
= d2i_X509_PUBKEY(&xp
, &p
, input_len
)))
1526 if (!TEST_true(X509_PUBKEY_get0(xp
) == NULL
))
1532 X509_PUBKEY_free(xp
);
1535 #endif /* OPENSSL_NO_EC */
1537 /* Test getting and setting parameters on an EVP_PKEY_CTX */
1538 static int test_EVP_PKEY_CTX_get_set_params(EVP_PKEY
*pkey
)
1540 EVP_MD_CTX
*mdctx
= NULL
;
1541 EVP_PKEY_CTX
*ctx
= NULL
;
1542 const OSSL_PARAM
*params
;
1543 OSSL_PARAM ourparams
[2], *param
= ourparams
, *param_md
;
1546 char mdname
[OSSL_MAX_NAME_SIZE
];
1549 /* Initialise a sign operation */
1550 ctx
= EVP_PKEY_CTX_new(pkey
, NULL
);
1552 || !TEST_int_gt(EVP_PKEY_sign_init(ctx
), 0))
1556 * We should be able to query the parameters now.
1558 params
= EVP_PKEY_CTX_settable_params(ctx
);
1559 if (!TEST_ptr(params
)
1560 || !TEST_ptr(OSSL_PARAM_locate_const(params
,
1561 OSSL_SIGNATURE_PARAM_DIGEST
)))
1564 params
= EVP_PKEY_CTX_gettable_params(ctx
);
1565 if (!TEST_ptr(params
)
1566 || !TEST_ptr(OSSL_PARAM_locate_const(params
,
1567 OSSL_SIGNATURE_PARAM_ALGORITHM_ID
))
1568 || !TEST_ptr(OSSL_PARAM_locate_const(params
,
1569 OSSL_SIGNATURE_PARAM_DIGEST
)))
1573 * Test getting and setting params via EVP_PKEY_CTX_set_params() and
1574 * EVP_PKEY_CTX_get_params()
1576 strcpy(mdname
, "SHA512");
1578 *param
++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST
,
1580 *param
++ = OSSL_PARAM_construct_end();
1582 if (!TEST_true(EVP_PKEY_CTX_set_params(ctx
, ourparams
)))
1586 *param_md
= OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST
,
1587 mdname
, sizeof(mdname
));
1588 if (!TEST_true(EVP_PKEY_CTX_get_params(ctx
, ourparams
))
1589 || !TEST_str_eq(mdname
, "SHA512"))
1593 * Test the TEST_PKEY_CTX_set_signature_md() and
1594 * TEST_PKEY_CTX_get_signature_md() functions
1596 if (!TEST_int_gt(EVP_PKEY_CTX_set_signature_md(ctx
, EVP_sha256()), 0)
1597 || !TEST_int_gt(EVP_PKEY_CTX_get_signature_md(ctx
, &md
), 0)
1598 || !TEST_ptr_eq(md
, EVP_sha256()))
1602 * Test getting MD parameters via an associated EVP_PKEY_CTX
1604 mdctx
= EVP_MD_CTX_new();
1605 if (!TEST_ptr(mdctx
)
1606 || !TEST_true(EVP_DigestSignInit_ex(mdctx
, NULL
, "SHA1", NULL
, NULL
,
1611 * We now have an EVP_MD_CTX with an EVP_PKEY_CTX inside it. We should be
1612 * able to obtain the digest's settable parameters from the provider.
1614 params
= EVP_MD_CTX_settable_params(mdctx
);
1615 if (!TEST_ptr(params
)
1616 || !TEST_int_eq(strcmp(params
[0].key
, OSSL_DIGEST_PARAM_SSL3_MS
), 0)
1617 /* The final key should be NULL */
1618 || !TEST_ptr_null(params
[1].key
))
1622 memset(ssl3ms
, 0, sizeof(ssl3ms
));
1623 *param
++ = OSSL_PARAM_construct_octet_string(OSSL_DIGEST_PARAM_SSL3_MS
,
1624 ssl3ms
, sizeof(ssl3ms
));
1625 *param
++ = OSSL_PARAM_construct_end();
1627 if (!TEST_true(EVP_MD_CTX_set_params(mdctx
, ourparams
)))
1633 EVP_MD_CTX_free(mdctx
);
1634 EVP_PKEY_CTX_free(ctx
);
1639 #ifndef OPENSSL_NO_DSA
1640 static int test_DSA_get_set_params(void)
1643 BIGNUM
*p
= NULL
, *q
= NULL
, *g
= NULL
, *pub
= NULL
, *priv
= NULL
;
1644 EVP_PKEY
*pkey
= NULL
;
1648 * Setup the parameters for our DSA object. For our purposes they don't
1649 * have to actually be *valid* parameters. We just need to set something.
1662 || !DSA_set0_pqg(dsa
, p
, q
, g
)
1663 || !DSA_set0_key(dsa
, pub
, priv
))
1665 p
= q
= g
= pub
= priv
= NULL
;
1667 pkey
= EVP_PKEY_new();
1669 || !TEST_true(EVP_PKEY_assign_DSA(pkey
, dsa
)))
1674 ret
= test_EVP_PKEY_CTX_get_set_params(pkey
);
1677 EVP_PKEY_free(pkey
);
1689 static int test_RSA_get_set_params(void)
1691 OSSL_PARAM_BLD
*bld
= NULL
;
1692 OSSL_PARAM
*params
= NULL
;
1693 BIGNUM
*n
= NULL
, *e
= NULL
, *d
= NULL
;
1694 EVP_PKEY_CTX
*pctx
= NULL
;
1695 EVP_PKEY
*pkey
= NULL
;
1699 * Setup the parameters for our RSA object. For our purposes they don't
1700 * have to actually be *valid* parameters. We just need to set something.
1702 if (!TEST_ptr(pctx
= EVP_PKEY_CTX_new_from_name(testctx
, "RSA", NULL
))
1703 || !TEST_ptr(bld
= OSSL_PARAM_BLD_new())
1704 || !TEST_ptr(n
= BN_new())
1705 || !TEST_ptr(e
= BN_new())
1706 || !TEST_ptr(d
= BN_new()))
1708 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_RSA_N
, n
))
1709 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_RSA_E
, e
))
1710 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_RSA_D
, d
)))
1712 if (!TEST_ptr(params
= OSSL_PARAM_BLD_to_param(bld
)))
1715 if (!TEST_int_gt(EVP_PKEY_key_fromdata_init(pctx
), 0)
1716 || !TEST_int_gt(EVP_PKEY_fromdata(pctx
, &pkey
, params
), 0))
1719 if (!TEST_ptr(pkey
))
1722 ret
= test_EVP_PKEY_CTX_get_set_params(pkey
);
1725 EVP_PKEY_free(pkey
);
1726 EVP_PKEY_CTX_free(pctx
);
1727 OSSL_PARAM_BLD_free_params(params
);
1728 OSSL_PARAM_BLD_free(bld
);
1736 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
1737 static int test_decrypt_null_chunks(void)
1739 EVP_CIPHER_CTX
* ctx
= NULL
;
1740 const unsigned char key
[32] = {
1741 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
1742 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
1743 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1
1745 unsigned char iv
[12] = {
1746 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b
1748 unsigned char msg
[] = "It was the best of times, it was the worst of times";
1749 unsigned char ciphertext
[80];
1750 unsigned char plaintext
[80];
1751 /* We initialise tmp to a non zero value on purpose */
1752 int ctlen
, ptlen
, tmp
= 99;
1754 const int enc_offset
= 10, dec_offset
= 20;
1756 if (!TEST_ptr(ctx
= EVP_CIPHER_CTX_new())
1757 || !TEST_true(EVP_EncryptInit_ex(ctx
, EVP_chacha20_poly1305(), NULL
,
1759 || !TEST_true(EVP_EncryptUpdate(ctx
, ciphertext
, &ctlen
, msg
,
1761 /* Deliberate add a zero length update */
1762 || !TEST_true(EVP_EncryptUpdate(ctx
, ciphertext
+ ctlen
, &tmp
, NULL
,
1764 || !TEST_int_eq(tmp
, 0)
1765 || !TEST_true(EVP_EncryptUpdate(ctx
, ciphertext
+ ctlen
, &tmp
,
1767 sizeof(msg
) - enc_offset
))
1768 || !TEST_int_eq(ctlen
+= tmp
, sizeof(msg
))
1769 || !TEST_true(EVP_EncryptFinal(ctx
, ciphertext
+ ctlen
, &tmp
))
1770 || !TEST_int_eq(tmp
, 0))
1773 /* Deliberately initialise tmp to a non zero value */
1775 if (!TEST_true(EVP_DecryptInit_ex(ctx
, EVP_chacha20_poly1305(), NULL
, key
,
1777 || !TEST_true(EVP_DecryptUpdate(ctx
, plaintext
, &ptlen
, ciphertext
,
1780 * Deliberately add a zero length update. We also deliberately do
1781 * this at a different offset than for encryption.
1783 || !TEST_true(EVP_DecryptUpdate(ctx
, plaintext
+ ptlen
, &tmp
, NULL
,
1785 || !TEST_int_eq(tmp
, 0)
1786 || !TEST_true(EVP_DecryptUpdate(ctx
, plaintext
+ ptlen
, &tmp
,
1787 ciphertext
+ dec_offset
,
1788 ctlen
- dec_offset
))
1789 || !TEST_int_eq(ptlen
+= tmp
, sizeof(msg
))
1790 || !TEST_true(EVP_DecryptFinal(ctx
, plaintext
+ ptlen
, &tmp
))
1791 || !TEST_int_eq(tmp
, 0)
1792 || !TEST_mem_eq(msg
, sizeof(msg
), plaintext
, ptlen
))
1797 EVP_CIPHER_CTX_free(ctx
);
1800 #endif /* !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) */
1802 #ifndef OPENSSL_NO_DH
1803 static int test_EVP_PKEY_set1_DH(void)
1805 DH
*x942dh
= NULL
, *noqdh
= NULL
;
1806 EVP_PKEY
*pkey1
= NULL
, *pkey2
= NULL
;
1808 BIGNUM
*p
, *g
= NULL
;
1810 if (!TEST_ptr(p
= BN_new())
1811 || !TEST_ptr(g
= BN_new())
1812 || !BN_set_word(p
, 9999)
1813 || !BN_set_word(g
, 2)
1814 || !TEST_ptr(noqdh
= DH_new())
1815 || !DH_set0_pqg(noqdh
, p
, NULL
, g
))
1819 x942dh
= DH_get_2048_256();
1820 pkey1
= EVP_PKEY_new();
1821 pkey2
= EVP_PKEY_new();
1822 if (!TEST_ptr(x942dh
)
1825 || !TEST_ptr(pkey2
))
1828 if(!TEST_true(EVP_PKEY_set1_DH(pkey1
, x942dh
))
1829 || !TEST_int_eq(EVP_PKEY_id(pkey1
), EVP_PKEY_DHX
))
1832 if(!TEST_true(EVP_PKEY_set1_DH(pkey2
, noqdh
))
1833 || !TEST_int_eq(EVP_PKEY_id(pkey2
), EVP_PKEY_DH
))
1840 EVP_PKEY_free(pkey1
);
1841 EVP_PKEY_free(pkey2
);
1850 * We test what happens with an empty template. For the sake of this test,
1851 * the template must be ignored, and we know that's the case for RSA keys
1852 * (this might arguably be a misfeature, but that's what we currently do,
1853 * even in provider code, since that's how the legacy RSA implementation
1856 static int test_keygen_with_empty_template(int n
)
1858 EVP_PKEY_CTX
*ctx
= NULL
;
1859 EVP_PKEY
*pkey
= NULL
;
1860 EVP_PKEY
*tkey
= NULL
;
1865 /* We do test with no template at all as well */
1866 if (!TEST_ptr(ctx
= EVP_PKEY_CTX_new_id(EVP_PKEY_RSA
, NULL
)))
1870 /* Here we create an empty RSA key that serves as our template */
1871 if (!TEST_ptr(tkey
= EVP_PKEY_new())
1872 || !TEST_true(EVP_PKEY_set_type(tkey
, EVP_PKEY_RSA
))
1873 || !TEST_ptr(ctx
= EVP_PKEY_CTX_new(tkey
, NULL
)))
1878 if (!TEST_int_gt(EVP_PKEY_keygen_init(ctx
), 0)
1879 || !TEST_int_gt(EVP_PKEY_keygen(ctx
, &pkey
), 0))
1884 EVP_PKEY_CTX_free(ctx
);
1885 EVP_PKEY_free(pkey
);
1886 EVP_PKEY_free(tkey
);
1891 * Test that we fail if we attempt to use an algorithm that is not available
1892 * in the current library context (unless we are using an algorithm that
1893 * should be made available via legacy codepaths).
1898 static int test_pkey_ctx_fail_without_provider(int tst
)
1900 OSSL_LIB_CTX
*tmpctx
= OSSL_LIB_CTX_new();
1901 OSSL_PROVIDER
*nullprov
= NULL
;
1902 EVP_PKEY_CTX
*pctx
= NULL
;
1903 const char *keytype
= NULL
;
1904 int expect_null
= 0;
1907 if (!TEST_ptr(tmpctx
))
1910 nullprov
= OSSL_PROVIDER_load(tmpctx
, "null");
1911 if (!TEST_ptr(nullprov
))
1915 * We check for certain algos in the null provider.
1916 * If an algo is expected to have a provider keymgmt, contructing an
1917 * EVP_PKEY_CTX is expected to fail (return NULL).
1918 * Otherwise, if it's expected to have legacy support, contructing an
1919 * EVP_PKEY_CTX is expected to succeed (return non-NULL).
1929 #ifdef OPENSSL_NO_EC
1930 TEST_info("EC disable, skipping SM2 check...");
1933 #ifdef OPENSSL_NO_SM2
1934 TEST_info("SM2 disable, skipping SM2 check...");
1939 TEST_error("No test for case %d", tst
);
1943 pctx
= EVP_PKEY_CTX_new_from_name(tmpctx
, keytype
, "");
1944 if (expect_null
? !TEST_ptr_null(pctx
) : !TEST_ptr(pctx
))
1947 #if defined(OPENSSL_NO_EC) || defined(OPENSSL_NO_SM2)
1953 EVP_PKEY_CTX_free(pctx
);
1954 OSSL_PROVIDER_unload(nullprov
);
1955 OSSL_LIB_CTX_free(tmpctx
);
1959 static int test_rand_agglomeration(void)
1963 OSSL_PARAM params
[3], *p
= params
;
1965 unsigned int step
= 7;
1966 static unsigned char seed
[] = "It does not matter how slowly you go "
1967 "as long as you do not stop.";
1968 unsigned char out
[sizeof(seed
)];
1970 if (!TEST_int_ne(sizeof(seed
) % step
, 0)
1971 || !TEST_ptr(rand
= EVP_RAND_fetch(NULL
, "TEST-RAND", NULL
)))
1973 ctx
= EVP_RAND_CTX_new(rand
, NULL
);
1974 EVP_RAND_free(rand
);
1978 memset(out
, 0, sizeof(out
));
1979 *p
++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY
,
1980 seed
, sizeof(seed
));
1981 *p
++ = OSSL_PARAM_construct_uint(OSSL_DRBG_PARAM_MAX_REQUEST
, &step
);
1982 *p
= OSSL_PARAM_construct_end();
1983 res
= TEST_true(EVP_RAND_set_ctx_params(ctx
, params
))
1984 && TEST_true(EVP_RAND_generate(ctx
, out
, sizeof(out
), 0, 1, NULL
, 0))
1985 && TEST_mem_eq(seed
, sizeof(seed
), out
, sizeof(out
));
1986 EVP_RAND_CTX_free(ctx
);
1991 * Test that we correctly return the original or "running" IV after
1992 * an encryption operation.
1993 * Run multiple times for some different relevant algorithms/modes.
1995 static int test_evp_iv(int idx
)
1998 EVP_CIPHER_CTX
*ctx
= NULL
;
1999 unsigned char key
[16] = {0x4c, 0x43, 0xdb, 0xdd, 0x42, 0x73, 0x47, 0xd1,
2000 0xe5, 0x62, 0x7d, 0xcd, 0x4d, 0x76, 0x4d, 0x57};
2001 unsigned char init_iv
[EVP_MAX_IV_LENGTH
] =
2002 {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82,
2003 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34};
2004 static const unsigned char msg
[] = { 1, 2, 3, 4, 5, 6, 7, 8,
2005 9, 10, 11, 12, 13, 14, 15, 16 };
2006 unsigned char ciphertext
[32], oiv
[16], iv
[16];
2007 unsigned char *ref_iv
;
2008 unsigned char cbc_state
[16] = {0x10, 0x2f, 0x05, 0xcc, 0xc2, 0x55, 0x72, 0xb9,
2009 0x88, 0xe6, 0x4a, 0x17, 0x10, 0x74, 0x22, 0x5e};
2011 unsigned char ofb_state
[16] = {0x76, 0xe6, 0x66, 0x61, 0xd0, 0x8a, 0xe4, 0x64,
2012 0xdd, 0x66, 0xbf, 0x00, 0xf0, 0xe3, 0x6f, 0xfd};
2013 unsigned char gcm_state
[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
2014 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
2015 unsigned char ccm_state
[7] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98};
2016 #ifndef OPENSSL_NO_OCB
2017 unsigned char ocb_state
[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
2018 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
2020 int len
= sizeof(ciphertext
);
2021 size_t ivlen
, ref_len
;
2022 const EVP_CIPHER
*type
= NULL
;
2026 type
= EVP_aes_128_cbc();
2029 type
= (type
!= NULL
) ? type
:
2030 EVP_CIPHER_fetch(testctx
, "aes-128-cbc", NULL
);
2032 ref_len
= sizeof(cbc_state
);
2035 type
= EVP_aes_128_ofb();
2038 type
= (type
!= NULL
) ? type
:
2039 EVP_CIPHER_fetch(testctx
, "aes-128-ofb", NULL
);
2041 ref_len
= sizeof(ofb_state
);
2044 type
= EVP_aes_128_gcm();
2047 type
= (type
!= NULL
) ? type
:
2048 EVP_CIPHER_fetch(testctx
, "aes-128-gcm", NULL
);
2050 ref_len
= sizeof(gcm_state
);
2053 type
= EVP_aes_128_ccm();
2056 type
= (type
!= NULL
) ? type
:
2057 EVP_CIPHER_fetch(testctx
, "aes-128-ccm", NULL
);
2059 ref_len
= sizeof(ccm_state
);
2061 #ifdef OPENSSL_NO_OCB
2067 type
= EVP_aes_128_ocb();
2070 type
= (type
!= NULL
) ? type
:
2071 EVP_CIPHER_fetch(testctx
, "aes-128-ocb", NULL
);
2073 ref_len
= sizeof(ocb_state
);
2081 || !TEST_ptr((ctx
= EVP_CIPHER_CTX_new()))
2082 || !TEST_true(EVP_EncryptInit_ex(ctx
, type
, NULL
, key
, init_iv
))
2083 || !TEST_true(EVP_EncryptUpdate(ctx
, ciphertext
, &len
, msg
,
2085 || !TEST_true(EVP_CIPHER_CTX_get_iv(ctx
, oiv
, sizeof(oiv
)))
2086 || !TEST_true(EVP_CIPHER_CTX_get_iv_state(ctx
, iv
, sizeof(iv
)))
2087 || !TEST_true(EVP_EncryptFinal_ex(ctx
, ciphertext
, &len
)))
2089 ivlen
= EVP_CIPHER_CTX_iv_length(ctx
);
2090 if (!TEST_mem_eq(init_iv
, ivlen
, oiv
, ivlen
)
2091 || !TEST_mem_eq(ref_iv
, ref_len
, iv
, ivlen
))
2096 EVP_CIPHER_CTX_free(ctx
);
2098 EVP_CIPHER_free((EVP_CIPHER
*)type
);
2102 int setup_tests(void)
2104 testctx
= OSSL_LIB_CTX_new();
2106 if (!TEST_ptr(testctx
))
2109 ADD_TEST(test_EVP_set_default_properties
);
2110 ADD_ALL_TESTS(test_EVP_DigestSignInit
, 9);
2111 ADD_TEST(test_EVP_DigestVerifyInit
);
2112 ADD_TEST(test_EVP_Enveloped
);
2113 ADD_ALL_TESTS(test_d2i_AutoPrivateKey
, OSSL_NELEM(keydata
));
2114 ADD_TEST(test_privatekey_to_pkcs8
);
2115 #ifndef OPENSSL_NO_EC
2116 ADD_TEST(test_EVP_PKCS82PKEY
);
2118 #ifndef OPENSSL_NO_EC
2119 ADD_ALL_TESTS(test_EC_keygen_with_enc
, OSSL_NELEM(ec_encodings
));
2121 #if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
2122 ADD_TEST(test_EVP_SM2
);
2123 ADD_TEST(test_EVP_SM2_verify
);
2125 ADD_ALL_TESTS(test_set_get_raw_keys
, OSSL_NELEM(keys
));
2126 #ifndef OPENSSL_NO_DEPRECATED_3_0
2127 custom_pmeth
= EVP_PKEY_meth_new(0xdefaced, 0);
2128 if (!TEST_ptr(custom_pmeth
))
2130 EVP_PKEY_meth_set_check(custom_pmeth
, pkey_custom_check
);
2131 EVP_PKEY_meth_set_public_check(custom_pmeth
, pkey_custom_pub_check
);
2132 EVP_PKEY_meth_set_param_check(custom_pmeth
, pkey_custom_param_check
);
2133 if (!TEST_int_eq(EVP_PKEY_meth_add0(custom_pmeth
), 1))
2136 ADD_ALL_TESTS(test_EVP_PKEY_check
, OSSL_NELEM(keycheckdata
));
2137 #ifndef OPENSSL_NO_CMAC
2138 ADD_TEST(test_CMAC_keygen
);
2140 ADD_TEST(test_HKDF
);
2141 ADD_TEST(test_emptyikm_HKDF
);
2142 #ifndef OPENSSL_NO_EC
2143 ADD_TEST(test_X509_PUBKEY_inplace
);
2144 ADD_ALL_TESTS(test_invalide_ec_char2_pub_range_decode
,
2145 OSSL_NELEM(ec_der_pub_keys
));
2147 #ifndef OPENSSL_NO_DSA
2148 ADD_TEST(test_DSA_get_set_params
);
2150 ADD_TEST(test_RSA_get_set_params
);
2151 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
2152 ADD_TEST(test_decrypt_null_chunks
);
2154 #ifndef OPENSSL_NO_DH
2155 ADD_TEST(test_EVP_PKEY_set1_DH
);
2157 ADD_ALL_TESTS(test_keygen_with_empty_template
, 2);
2158 ADD_ALL_TESTS(test_pkey_ctx_fail_without_provider
, 2);
2160 ADD_TEST(test_rand_agglomeration
);
2161 ADD_ALL_TESTS(test_evp_iv
, 10);
2166 void cleanup_tests(void)
2168 OSSL_LIB_CTX_free(testctx
);