2 * Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 /* We need to use some deprecated APIs */
11 #define OPENSSL_SUPPRESS_DEPRECATED
16 #include <openssl/bio.h>
17 #include <openssl/conf.h>
18 #include <openssl/crypto.h>
19 #include <openssl/err.h>
20 #include <openssl/evp.h>
21 #include <openssl/rsa.h>
22 #include <openssl/x509.h>
23 #include <openssl/pem.h>
24 #include <openssl/kdf.h>
25 #include <openssl/provider.h>
26 #include <openssl/core_names.h>
27 #include <openssl/params.h>
28 #include <openssl/dsa.h>
29 #include <openssl/dh.h>
30 #include <openssl/aes.h>
32 #include "internal/nelem.h"
33 #include "internal/sizes.h"
34 #include "crypto/evp.h"
35 #include "../e_os.h" /* strcasecmp */
37 #ifndef OPENSSL_NO_SM2
39 * TODO(3.0) remove when provider SM2 keymgmt is implemented and
40 * EVP_PKEY_set_alias_type() works with provider-native keys.
45 static OPENSSL_CTX
*testctx
= NULL
;
48 * kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you
49 * should never use this key anywhere but in an example.
51 static const unsigned char kExampleRSAKeyDER
[] = {
52 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xf8,
53 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59,
54 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37,
55 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71,
56 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a,
57 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4,
58 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec,
59 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76,
60 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8,
61 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7,
62 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c,
63 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01,
64 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 0x6d, 0xc7,
65 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 0x32, 0x85,
66 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 0x5f, 0xee,
67 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 0x66, 0x85,
68 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 0xa4, 0x0a,
69 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 0xc2, 0x15,
70 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 0x5b, 0x83,
71 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 0x80, 0x1b,
72 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 0x99, 0x73,
73 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 0x1f, 0x99,
74 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 0xb1, 0x02,
75 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 0x40, 0x41,
76 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 0x3d, 0x59,
77 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 0xc6, 0xd9,
78 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 0x9f, 0xef,
79 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 0x46, 0x87,
80 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 0x2c, 0xdf,
81 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 0x55, 0xf5,
82 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 0xcd, 0xb5,
83 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 0xb3, 0x62,
84 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 0x9b, 0x64,
85 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 0xfa, 0xb8,
86 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 0xe8, 0xba,
87 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 0xe7, 0xfe,
88 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 0x75, 0xe7,
89 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 0x9d, 0xfe,
90 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 0xf1, 0xdb,
91 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 0x5a, 0x34,
92 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 0x84, 0x27,
93 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 0xe9, 0xc0,
94 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 0xb9, 0xba,
95 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 0x10, 0x06,
96 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 0x52, 0x2c,
97 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 0xc4, 0x1e,
98 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 0x49, 0xaf,
99 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 0xd1, 0x8a,
100 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 0x17, 0x17,
101 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 0x08, 0xf1,
102 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
106 * kExampleDSAKeyDER is a DSA private key in ASN.1, DER format. Of course, you
107 * should never use this key anywhere but in an example.
109 #ifndef OPENSSL_NO_DSA
110 static const unsigned char kExampleDSAKeyDER
[] = {
111 0x30, 0x82, 0x01, 0xba, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0x9a,
112 0x05, 0x6d, 0x33, 0xcd, 0x5d, 0x78, 0xa1, 0xbb, 0xcb, 0x7d, 0x5b, 0x8d,
113 0xb4, 0xcc, 0xbf, 0x03, 0x99, 0x64, 0xde, 0x38, 0x78, 0x06, 0x15, 0x2f,
114 0x86, 0x26, 0x77, 0xf3, 0xb1, 0x85, 0x00, 0xed, 0xfc, 0x28, 0x3a, 0x42,
115 0x4d, 0xab, 0xab, 0xdf, 0xbc, 0x9c, 0x16, 0xd0, 0x22, 0x50, 0xd1, 0x38,
116 0xdd, 0x3f, 0x64, 0x05, 0x9e, 0x68, 0x7a, 0x1e, 0xf1, 0x56, 0xbf, 0x1e,
117 0x2c, 0xc5, 0x97, 0x2a, 0xfe, 0x7a, 0x22, 0xdc, 0x6c, 0x68, 0xb8, 0x2e,
118 0x06, 0xdb, 0x41, 0xca, 0x98, 0xd8, 0x54, 0xc7, 0x64, 0x48, 0x24, 0x04,
119 0x20, 0xbc, 0x59, 0xe3, 0x6b, 0xea, 0x7e, 0xfc, 0x7e, 0xc5, 0x4e, 0xd4,
120 0xd8, 0x3a, 0xed, 0xcd, 0x5d, 0x99, 0xb8, 0x5c, 0xa2, 0x8b, 0xbb, 0x0b,
121 0xac, 0xe6, 0x8e, 0x25, 0x56, 0x22, 0x3a, 0x2d, 0x3a, 0x56, 0x41, 0x14,
122 0x1f, 0x1c, 0x8f, 0x53, 0x46, 0x13, 0x85, 0x02, 0x15, 0x00, 0x98, 0x7e,
123 0x92, 0x81, 0x88, 0xc7, 0x3f, 0x70, 0x49, 0x54, 0xf6, 0x76, 0xb4, 0xa3,
124 0x9e, 0x1d, 0x45, 0x98, 0x32, 0x7f, 0x02, 0x81, 0x80, 0x69, 0x4d, 0xef,
125 0x55, 0xff, 0x4d, 0x59, 0x2c, 0x01, 0xfa, 0x6a, 0x38, 0xe0, 0x70, 0x9f,
126 0x9e, 0x66, 0x8e, 0x3e, 0x8c, 0x52, 0x22, 0x9d, 0x15, 0x7e, 0x3c, 0xef,
127 0x4c, 0x7a, 0x61, 0x26, 0xe0, 0x2b, 0x81, 0x3f, 0xeb, 0xaf, 0x35, 0x38,
128 0x8d, 0xfe, 0xed, 0x46, 0xff, 0x5f, 0x03, 0x9b, 0x81, 0x92, 0xe7, 0x6f,
129 0x76, 0x4f, 0x1d, 0xd9, 0xbb, 0x89, 0xc9, 0x3e, 0xd9, 0x0b, 0xf9, 0xf4,
130 0x78, 0x11, 0x59, 0xc0, 0x1d, 0xcd, 0x0e, 0xa1, 0x6f, 0x15, 0xf1, 0x4d,
131 0xc1, 0xc9, 0x22, 0xed, 0x8d, 0xad, 0x67, 0xc5, 0x4b, 0x95, 0x93, 0x86,
132 0xa6, 0xaf, 0x8a, 0xee, 0x06, 0x89, 0x2f, 0x37, 0x7e, 0x64, 0xaa, 0xf6,
133 0xe7, 0xb1, 0x5a, 0x0a, 0x93, 0x95, 0x5d, 0x3e, 0x53, 0x9a, 0xde, 0x8a,
134 0xc2, 0x95, 0x45, 0x81, 0xbe, 0x5c, 0x2f, 0xc2, 0xb2, 0x92, 0x58, 0x19,
135 0x72, 0x80, 0xe9, 0x79, 0xa1, 0x02, 0x81, 0x80, 0x07, 0xd7, 0x62, 0xff,
136 0xdf, 0x1a, 0x3f, 0xed, 0x32, 0xd4, 0xd4, 0x88, 0x7b, 0x2c, 0x63, 0x7f,
137 0x97, 0xdc, 0x44, 0xd4, 0x84, 0xa2, 0xdd, 0x17, 0x16, 0x85, 0x13, 0xe0,
138 0xac, 0x51, 0x8d, 0x29, 0x1b, 0x75, 0x9a, 0xe4, 0xe3, 0x8a, 0x92, 0x69,
139 0x09, 0x03, 0xc5, 0x68, 0xae, 0x5e, 0x94, 0xfe, 0xc9, 0x92, 0x6c, 0x07,
140 0xb4, 0x1e, 0x64, 0x62, 0x87, 0xc6, 0xa4, 0xfd, 0x0d, 0x5f, 0xe5, 0xf9,
141 0x1b, 0x4f, 0x85, 0x5f, 0xae, 0xf3, 0x11, 0xe5, 0x18, 0xd4, 0x4d, 0x79,
142 0x9f, 0xc4, 0x79, 0x26, 0x04, 0x27, 0xf0, 0x0b, 0xee, 0x2b, 0x86, 0x9f,
143 0x86, 0x61, 0xe6, 0x51, 0xce, 0x04, 0x9b, 0x5d, 0x6b, 0x34, 0x43, 0x8c,
144 0x85, 0x3c, 0xf1, 0x51, 0x9b, 0x08, 0x23, 0x1b, 0xf5, 0x7e, 0x33, 0x12,
145 0xea, 0xab, 0x1f, 0xb7, 0x2d, 0xe2, 0x5f, 0xe6, 0x97, 0x99, 0xb5, 0x45,
146 0x16, 0x5b, 0xc3, 0x41, 0x02, 0x14, 0x61, 0xbf, 0x51, 0x60, 0xcf, 0xc8,
147 0xf1, 0x8c, 0x82, 0x97, 0xf2, 0xf4, 0x19, 0xba, 0x2b, 0xf3, 0x16, 0xbe,
153 * kExampleBadRSAKeyDER is an RSA private key in ASN.1, DER format. The private
154 * components are not correct.
156 static const unsigned char kExampleBadRSAKeyDER
[] = {
157 0x30, 0x82, 0x04, 0x27, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00,
158 0xa6, 0x1a, 0x1e, 0x6e, 0x7b, 0xee, 0xc6, 0x89, 0x66, 0xe7, 0x93, 0xef,
159 0x54, 0x12, 0x68, 0xea, 0xbf, 0x86, 0x2f, 0xdd, 0xd2, 0x79, 0xb8, 0xa9,
160 0x6e, 0x03, 0xc2, 0xa3, 0xb9, 0xa3, 0xe1, 0x4b, 0x2a, 0xb3, 0xf8, 0xb4,
161 0xcd, 0xea, 0xbe, 0x24, 0xa6, 0x57, 0x5b, 0x83, 0x1f, 0x0f, 0xf2, 0xd3,
162 0xb7, 0xac, 0x7e, 0xd6, 0x8e, 0x6e, 0x1e, 0xbf, 0xb8, 0x73, 0x8c, 0x05,
163 0x56, 0xe6, 0x35, 0x1f, 0xe9, 0x04, 0x0b, 0x09, 0x86, 0x7d, 0xf1, 0x26,
164 0x08, 0x99, 0xad, 0x7b, 0xc8, 0x4d, 0x94, 0xb0, 0x0b, 0x8b, 0x38, 0xa0,
165 0x5c, 0x62, 0xa0, 0xab, 0xd3, 0x8f, 0xd4, 0x09, 0x60, 0x72, 0x1e, 0x33,
166 0x50, 0x80, 0x6e, 0x22, 0xa6, 0x77, 0x57, 0x6b, 0x9a, 0x33, 0x21, 0x66,
167 0x87, 0x6e, 0x21, 0x7b, 0xc7, 0x24, 0x0e, 0xd8, 0x13, 0xdf, 0x83, 0xde,
168 0xcd, 0x40, 0x58, 0x1d, 0x84, 0x86, 0xeb, 0xb8, 0x12, 0x4e, 0xd2, 0xfa,
169 0x80, 0x1f, 0xe4, 0xe7, 0x96, 0x29, 0xb8, 0xcc, 0xce, 0x66, 0x6d, 0x53,
170 0xca, 0xb9, 0x5a, 0xd7, 0xf6, 0x84, 0x6c, 0x2d, 0x9a, 0x1a, 0x14, 0x1c,
171 0x4e, 0x93, 0x39, 0xba, 0x74, 0xed, 0xed, 0x87, 0x87, 0x5e, 0x48, 0x75,
172 0x36, 0xf0, 0xbc, 0x34, 0xfb, 0x29, 0xf9, 0x9f, 0x96, 0x5b, 0x0b, 0xa7,
173 0x54, 0x30, 0x51, 0x29, 0x18, 0x5b, 0x7d, 0xac, 0x0f, 0xd6, 0x5f, 0x7c,
174 0xf8, 0x98, 0x8c, 0xd8, 0x86, 0x62, 0xb3, 0xdc, 0xff, 0x0f, 0xff, 0x7a,
175 0xaf, 0x5c, 0x4c, 0x61, 0x49, 0x2e, 0xc8, 0x95, 0x86, 0xc4, 0x0e, 0x87,
176 0xfc, 0x1d, 0xcf, 0x8b, 0x7c, 0x61, 0xf6, 0xd8, 0xd0, 0x69, 0xf6, 0xcd,
177 0x8a, 0x8c, 0xf6, 0x62, 0xa2, 0x56, 0xa9, 0xe3, 0xd1, 0xcf, 0x4d, 0xa0,
178 0xf6, 0x2d, 0x20, 0x0a, 0x04, 0xb7, 0xa2, 0xf7, 0xb5, 0x99, 0x47, 0x18,
179 0x56, 0x85, 0x87, 0xc7, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01,
180 0x01, 0x00, 0x99, 0x41, 0x38, 0x1a, 0xd0, 0x96, 0x7a, 0xf0, 0x83, 0xd5,
181 0xdf, 0x94, 0xce, 0x89, 0x3d, 0xec, 0x7a, 0x52, 0x21, 0x10, 0x16, 0x06,
182 0xe0, 0xee, 0xd2, 0xe6, 0xfd, 0x4b, 0x7b, 0x19, 0x4d, 0xe1, 0xc0, 0xc0,
183 0xd5, 0x14, 0x5d, 0x79, 0xdd, 0x7e, 0x8b, 0x4b, 0xc6, 0xcf, 0xb0, 0x75,
184 0x52, 0xa3, 0x2d, 0xb1, 0x26, 0x46, 0x68, 0x9c, 0x0a, 0x1a, 0xf2, 0xe1,
185 0x09, 0xac, 0x53, 0x85, 0x8c, 0x36, 0xa9, 0x14, 0x65, 0xea, 0xa0, 0x00,
186 0xcb, 0xe3, 0x3f, 0xc4, 0x2b, 0x61, 0x2e, 0x6b, 0x06, 0x69, 0x77, 0xfd,
187 0x38, 0x7e, 0x1d, 0x3f, 0x92, 0xe7, 0x77, 0x08, 0x19, 0xa7, 0x9d, 0x29,
188 0x2d, 0xdc, 0x42, 0xc6, 0x7c, 0xd7, 0xd3, 0xa8, 0x01, 0x2c, 0xf2, 0xd5,
189 0x82, 0x57, 0xcb, 0x55, 0x3d, 0xe7, 0xaa, 0xd2, 0x06, 0x30, 0x30, 0x05,
190 0xe6, 0xf2, 0x47, 0x86, 0xba, 0xc6, 0x61, 0x64, 0xeb, 0x4f, 0x2a, 0x5e,
191 0x07, 0x29, 0xe0, 0x96, 0xb2, 0x43, 0xff, 0x5f, 0x1a, 0x54, 0x16, 0xcf,
192 0xb5, 0x56, 0x5c, 0xa0, 0x9b, 0x0c, 0xfd, 0xb3, 0xd2, 0xe3, 0x79, 0x1d,
193 0x21, 0xe2, 0xd6, 0x13, 0xc4, 0x74, 0xa6, 0xf5, 0x8e, 0x8e, 0x81, 0xbb,
194 0xb4, 0xad, 0x8a, 0xf0, 0x93, 0x0a, 0xd8, 0x0a, 0x42, 0x36, 0xbc, 0xe5,
195 0x26, 0x2a, 0x0d, 0x5d, 0x57, 0x13, 0xc5, 0x4e, 0x2f, 0x12, 0x0e, 0xef,
196 0xa7, 0x81, 0x1e, 0xc3, 0xa5, 0xdb, 0xc9, 0x24, 0xeb, 0x1a, 0xa1, 0xf9,
197 0xf6, 0xa1, 0x78, 0x98, 0x93, 0x77, 0x42, 0x45, 0x03, 0xe2, 0xc9, 0xa2,
198 0xfe, 0x2d, 0x77, 0xc8, 0xc6, 0xac, 0x9b, 0x98, 0x89, 0x6d, 0x9a, 0xe7,
199 0x61, 0x63, 0xb7, 0xf2, 0xec, 0xd6, 0xb1, 0xa1, 0x6e, 0x0a, 0x1a, 0xff,
200 0xfd, 0x43, 0x28, 0xc3, 0x0c, 0xdc, 0xf2, 0x47, 0x4f, 0x27, 0xaa, 0x99,
201 0x04, 0x8e, 0xac, 0xe8, 0x7c, 0x01, 0x02, 0x04, 0x12, 0x34, 0x56, 0x78,
202 0x02, 0x81, 0x81, 0x00, 0xca, 0x69, 0xe5, 0xbb, 0x3a, 0x90, 0x82, 0xcb,
203 0x82, 0x50, 0x2f, 0x29, 0xe2, 0x76, 0x6a, 0x57, 0x55, 0x45, 0x4e, 0x35,
204 0x18, 0x61, 0xe0, 0x12, 0x70, 0xc0, 0xab, 0xc7, 0x80, 0xa2, 0xd4, 0x46,
205 0x34, 0x03, 0xa0, 0x19, 0x26, 0x23, 0x9e, 0xef, 0x1a, 0xcb, 0x75, 0xd6,
206 0xba, 0x81, 0xf4, 0x7e, 0x52, 0xe5, 0x2a, 0xe8, 0xf1, 0x49, 0x6c, 0x0f,
207 0x1a, 0xa0, 0xf9, 0xc6, 0xe7, 0xec, 0x60, 0xe4, 0xcb, 0x2a, 0xb5, 0x56,
208 0xe9, 0x9c, 0xcd, 0x19, 0x75, 0x92, 0xb1, 0x66, 0xce, 0xc3, 0xd9, 0x3d,
209 0x11, 0xcb, 0xc4, 0x09, 0xce, 0x1e, 0x30, 0xba, 0x2f, 0x60, 0x60, 0x55,
210 0x8d, 0x02, 0xdc, 0x5d, 0xaf, 0xf7, 0x52, 0x31, 0x17, 0x07, 0x53, 0x20,
211 0x33, 0xad, 0x8c, 0xd5, 0x2f, 0x5a, 0xd0, 0x57, 0xd7, 0xd1, 0x80, 0xd6,
212 0x3a, 0x9b, 0x04, 0x4f, 0x35, 0xbf, 0xe7, 0xd5, 0xbc, 0x8f, 0xd4, 0x81,
213 0x02, 0x81, 0x81, 0x00, 0xc0, 0x9f, 0xf8, 0xcd, 0xf7, 0x3f, 0x26, 0x8a,
214 0x3d, 0x4d, 0x2b, 0x0c, 0x01, 0xd0, 0xa2, 0xb4, 0x18, 0xfe, 0xf7, 0x5e,
215 0x2f, 0x06, 0x13, 0xcd, 0x63, 0xaa, 0x12, 0xa9, 0x24, 0x86, 0xe3, 0xf3,
216 0x7b, 0xda, 0x1a, 0x3c, 0xb1, 0x38, 0x80, 0x80, 0xef, 0x64, 0x64, 0xa1,
217 0x9b, 0xfe, 0x76, 0x63, 0x8e, 0x83, 0xd2, 0xd9, 0xb9, 0x86, 0xb0, 0xe6,
218 0xa6, 0x0c, 0x7e, 0xa8, 0x84, 0x90, 0x98, 0x0c, 0x1e, 0xf3, 0x14, 0x77,
219 0xe0, 0x5f, 0x81, 0x08, 0x11, 0x8f, 0xa6, 0x23, 0xc4, 0xba, 0xc0, 0x8a,
220 0xe4, 0xc6, 0xe3, 0x5c, 0xbe, 0xc5, 0xec, 0x2c, 0xb9, 0xd8, 0x8c, 0x4d,
221 0x1a, 0x9d, 0xe7, 0x7c, 0x85, 0x4c, 0x0d, 0x71, 0x4e, 0x72, 0x33, 0x1b,
222 0xfe, 0xa9, 0x17, 0x72, 0x76, 0x56, 0x9d, 0x74, 0x7e, 0x52, 0x67, 0x9a,
223 0x87, 0x9a, 0xdb, 0x30, 0xde, 0xe4, 0x49, 0x28, 0x3b, 0xd2, 0x67, 0xaf,
224 0x02, 0x81, 0x81, 0x00, 0x89, 0x74, 0x9a, 0x8e, 0xa7, 0xb9, 0xa5, 0x28,
225 0xc0, 0x68, 0xe5, 0x6e, 0x63, 0x1c, 0x99, 0x20, 0x8f, 0x86, 0x8e, 0x12,
226 0x9e, 0x69, 0x30, 0xfa, 0x34, 0xd9, 0x92, 0x8d, 0xdb, 0x7c, 0x37, 0xfd,
227 0x28, 0xab, 0x61, 0x98, 0x52, 0x7f, 0x14, 0x1a, 0x39, 0xae, 0xfb, 0x6a,
228 0x03, 0xa3, 0xe6, 0xbd, 0xb6, 0x5b, 0x6b, 0xe5, 0x5e, 0x9d, 0xc6, 0xa5,
229 0x07, 0x27, 0x54, 0x17, 0xd0, 0x3d, 0x84, 0x9b, 0x3a, 0xa0, 0xd9, 0x1e,
230 0x99, 0x6c, 0x63, 0x17, 0xab, 0xf1, 0x1f, 0x49, 0xba, 0x95, 0xe3, 0x3b,
231 0x86, 0x8f, 0x42, 0xa4, 0x89, 0xf5, 0x94, 0x8f, 0x8b, 0x46, 0xbe, 0x84,
232 0xba, 0x4a, 0xbc, 0x0d, 0x5f, 0x46, 0xeb, 0xe8, 0xec, 0x43, 0x8c, 0x1e,
233 0xad, 0x19, 0x69, 0x2f, 0x08, 0x86, 0x7a, 0x3f, 0x7d, 0x0f, 0x07, 0x97,
234 0xf3, 0x9a, 0x7b, 0xb5, 0xb2, 0xc1, 0x8c, 0x95, 0x68, 0x04, 0xa0, 0x81,
235 0x02, 0x81, 0x80, 0x4e, 0xbf, 0x7e, 0x1b, 0xcb, 0x13, 0x61, 0x75, 0x3b,
236 0xdb, 0x59, 0x5f, 0xb1, 0xd4, 0xb8, 0xeb, 0x9e, 0x73, 0xb5, 0xe7, 0xf6,
237 0x89, 0x3d, 0x1c, 0xda, 0xf0, 0x36, 0xff, 0x35, 0xbd, 0x1e, 0x0b, 0x74,
238 0xe3, 0x9e, 0xf0, 0xf2, 0xf7, 0xd7, 0x82, 0xb7, 0x7b, 0x6a, 0x1b, 0x0e,
239 0x30, 0x4a, 0x98, 0x0e, 0xb4, 0xf9, 0x81, 0x07, 0xe4, 0x75, 0x39, 0xe9,
240 0x53, 0xca, 0xbb, 0x5c, 0xaa, 0x93, 0x07, 0x0e, 0xa8, 0x2f, 0xba, 0x98,
241 0x49, 0x30, 0xa7, 0xcc, 0x1a, 0x3c, 0x68, 0x0c, 0xe1, 0xa4, 0xb1, 0x05,
242 0xe6, 0xe0, 0x25, 0x78, 0x58, 0x14, 0x37, 0xf5, 0x1f, 0xe3, 0x22, 0xef,
243 0xa8, 0x0e, 0x22, 0xa0, 0x94, 0x3a, 0xf6, 0xc9, 0x13, 0xe6, 0x06, 0xbf,
244 0x7f, 0x99, 0xc6, 0xcc, 0xd8, 0xc6, 0xbe, 0xd9, 0x2e, 0x24, 0xc7, 0x69,
245 0x8c, 0x95, 0xba, 0xf6, 0x04, 0xb3, 0x0a, 0xf4, 0xcb, 0xf0, 0xce,
248 static const unsigned char kMsg
[] = { 1, 2, 3, 4 };
250 static const unsigned char kSignature
[] = {
251 0xa5, 0xf0, 0x8a, 0x47, 0x5d, 0x3c, 0xb3, 0xcc, 0xa9, 0x79, 0xaf, 0x4d,
252 0x8c, 0xae, 0x4c, 0x14, 0xef, 0xc2, 0x0b, 0x34, 0x36, 0xde, 0xf4, 0x3e,
253 0x3d, 0xbb, 0x4a, 0x60, 0x5c, 0xc8, 0x91, 0x28, 0xda, 0xfb, 0x7e, 0x04,
254 0x96, 0x7e, 0x63, 0x13, 0x90, 0xce, 0xb9, 0xb4, 0x62, 0x7a, 0xfd, 0x09,
255 0x3d, 0xc7, 0x67, 0x78, 0x54, 0x04, 0xeb, 0x52, 0x62, 0x6e, 0x24, 0x67,
256 0xb4, 0x40, 0xfc, 0x57, 0x62, 0xc6, 0xf1, 0x67, 0xc1, 0x97, 0x8f, 0x6a,
257 0xa8, 0xae, 0x44, 0x46, 0x5e, 0xab, 0x67, 0x17, 0x53, 0x19, 0x3a, 0xda,
258 0x5a, 0xc8, 0x16, 0x3e, 0x86, 0xd5, 0xc5, 0x71, 0x2f, 0xfc, 0x23, 0x48,
259 0xd9, 0x0b, 0x13, 0xdd, 0x7b, 0x5a, 0x25, 0x79, 0xef, 0xa5, 0x7b, 0x04,
260 0xed, 0x44, 0xf6, 0x18, 0x55, 0xe4, 0x0a, 0xe9, 0x57, 0x79, 0x5d, 0xd7,
261 0x55, 0xa7, 0xab, 0x45, 0x02, 0x97, 0x60, 0x42,
265 * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS #8
268 static const unsigned char kExampleRSAKeyPKCS8
[] = {
269 0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
270 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
271 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
272 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5,
273 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e,
274 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34,
275 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde,
276 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8,
277 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b,
278 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83,
279 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48,
280 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a,
281 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2,
282 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01,
283 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a,
284 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5,
285 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6,
286 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8,
287 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6,
288 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f,
289 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c,
290 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78,
291 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71,
292 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60,
293 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d,
294 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3,
295 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d,
296 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18,
297 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d,
298 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32,
299 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc,
300 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63,
301 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05,
302 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16,
303 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3,
304 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85,
305 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97,
306 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7,
307 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99,
308 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4,
309 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d,
310 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40,
311 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26,
312 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1,
313 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c,
314 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30,
315 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea,
316 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b,
317 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e,
318 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9,
319 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae,
320 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d,
321 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
324 #ifndef OPENSSL_NO_EC
326 * kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey
329 static const unsigned char kExampleECKeyDER
[] = {
330 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x07, 0x0f, 0x08, 0x72, 0x7a,
331 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 0x4d, 0x89, 0x68, 0x77, 0x08,
332 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 0xe8, 0xd1, 0xc9, 0xce, 0x0a,
333 0x8b, 0xb4, 0x6a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
334 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69,
335 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c,
336 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9,
337 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18,
338 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16,
339 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22,
344 * kExampleBadECKeyDER is a sample EC private key encoded as an ECPrivateKey
345 * structure. The private key is equal to the order and will fail to import
347 static const unsigned char kExampleBadECKeyDER
[] = {
348 0x30, 0x66, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48,
349 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03,
350 0x01, 0x07, 0x04, 0x4C, 0x30, 0x4A, 0x02, 0x01, 0x01, 0x04, 0x20, 0xFF,
351 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
352 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3,
353 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51, 0xA1, 0x23, 0x03, 0x21, 0x00,
354 0x00, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
355 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84,
356 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51
360 static const unsigned char kExampleECPubKeyDER
[] = {
361 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
362 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
363 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
364 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
365 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
366 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
367 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
368 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
372 * kExampleBadECPubKeyDER is a sample EC public key with a wrong OID
373 * 1.2.840.10045.2.2 instead of 1.2.840.10045.2.1 - EC Public Key
375 static const unsigned char kExampleBadECPubKeyDER
[] = {
376 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
377 0x02, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
378 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
379 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
380 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
381 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
382 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
383 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
386 static const unsigned char pExampleECParamDER
[] = {
387 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07
391 typedef struct APK_DATA_st
{
392 const unsigned char *kder
;
398 int type
; /* 0 for private, 1 for public, 2 for params */
401 static APK_DATA keydata
[] = {
402 {kExampleRSAKeyDER
, sizeof(kExampleRSAKeyDER
), EVP_PKEY_RSA
},
403 {kExampleRSAKeyPKCS8
, sizeof(kExampleRSAKeyPKCS8
), EVP_PKEY_RSA
},
404 #ifndef OPENSSL_NO_EC
405 {kExampleECKeyDER
, sizeof(kExampleECKeyDER
), EVP_PKEY_EC
}
409 static APK_DATA keycheckdata
[] = {
410 {kExampleRSAKeyDER
, sizeof(kExampleRSAKeyDER
), EVP_PKEY_RSA
, 1, -2, -2, 0},
411 {kExampleBadRSAKeyDER
, sizeof(kExampleBadRSAKeyDER
), EVP_PKEY_RSA
,
413 #ifndef OPENSSL_NO_EC
414 {kExampleECKeyDER
, sizeof(kExampleECKeyDER
), EVP_PKEY_EC
, 1, 1, 1, 0},
415 /* group is also associated in our pub key */
416 {kExampleECPubKeyDER
, sizeof(kExampleECPubKeyDER
), EVP_PKEY_EC
, 0, 1, 1, 1},
417 {pExampleECParamDER
, sizeof(pExampleECParamDER
), EVP_PKEY_EC
, 0, 0, 1, 2}
421 static EVP_PKEY
*load_example_rsa_key(void)
423 EVP_PKEY
*ret
= NULL
;
424 const unsigned char *derp
= kExampleRSAKeyDER
;
425 EVP_PKEY
*pkey
= NULL
;
428 if (!TEST_true(d2i_RSAPrivateKey(&rsa
, &derp
, sizeof(kExampleRSAKeyDER
))))
431 if (!TEST_ptr(pkey
= EVP_PKEY_new())
432 || !TEST_true(EVP_PKEY_set1_RSA(pkey
, rsa
)))
445 #ifndef OPENSSL_NO_DSA
446 static EVP_PKEY
*load_example_dsa_key(void)
448 EVP_PKEY
*ret
= NULL
;
449 const unsigned char *derp
= kExampleDSAKeyDER
;
450 EVP_PKEY
*pkey
= NULL
;
453 if (!TEST_true(d2i_DSAPrivateKey(&dsa
, &derp
, sizeof(kExampleDSAKeyDER
))))
456 if (!TEST_ptr(pkey
= EVP_PKEY_new())
457 || !TEST_true(EVP_PKEY_set1_DSA(pkey
, dsa
)))
471 static EVP_PKEY
*load_example_hmac_key(void)
473 EVP_PKEY
*pkey
= NULL
;
474 unsigned char key
[] = {
475 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
476 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
477 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
480 pkey
= EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC
, NULL
, key
, sizeof(key
));
487 static int test_EVP_set_default_properties(void)
493 if (!TEST_ptr(ctx
= OPENSSL_CTX_new())
494 || !TEST_ptr(md
= EVP_MD_fetch(ctx
, "sha256", NULL
)))
499 if (!TEST_true(EVP_set_default_properties(ctx
, "provider=fizzbang"))
500 || !TEST_ptr_null(md
= EVP_MD_fetch(ctx
, "sha256", NULL
))
501 || !TEST_ptr(md
= EVP_MD_fetch(ctx
, "sha256", "-provider")))
506 if (!TEST_true(EVP_set_default_properties(ctx
, NULL
))
507 || !TEST_ptr(md
= EVP_MD_fetch(ctx
, "sha256", NULL
)))
512 OPENSSL_CTX_free(ctx
);
516 static int test_EVP_Enveloped(void)
519 EVP_CIPHER_CTX
*ctx
= NULL
;
520 EVP_PKEY
*keypair
= NULL
;
521 unsigned char *kek
= NULL
;
522 unsigned char iv
[EVP_MAX_IV_LENGTH
];
523 static const unsigned char msg
[] = { 1, 2, 3, 4, 5, 6, 7, 8 };
524 int len
, kek_len
, ciphertext_len
, plaintext_len
;
525 unsigned char ciphertext
[32], plaintext
[16];
526 const EVP_CIPHER
*type
= EVP_aes_256_cbc();
528 if (!TEST_ptr(keypair
= load_example_rsa_key())
529 || !TEST_ptr(kek
= OPENSSL_zalloc(EVP_PKEY_size(keypair
)))
530 || !TEST_ptr(ctx
= EVP_CIPHER_CTX_new())
531 || !TEST_true(EVP_SealInit(ctx
, type
, &kek
, &kek_len
, iv
,
533 || !TEST_true(EVP_SealUpdate(ctx
, ciphertext
, &ciphertext_len
,
535 || !TEST_true(EVP_SealFinal(ctx
, ciphertext
+ ciphertext_len
,
539 ciphertext_len
+= len
;
541 if (!TEST_true(EVP_OpenInit(ctx
, type
, kek
, kek_len
, iv
, keypair
))
542 || !TEST_true(EVP_OpenUpdate(ctx
, plaintext
, &plaintext_len
,
543 ciphertext
, ciphertext_len
))
544 || !TEST_true(EVP_OpenFinal(ctx
, plaintext
+ plaintext_len
, &len
)))
547 plaintext_len
+= len
;
548 if (!TEST_mem_eq(msg
, sizeof(msg
), plaintext
, plaintext_len
))
554 EVP_PKEY_free(keypair
);
555 EVP_CIPHER_CTX_free(ctx
);
560 * Test 0: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, RSA)
561 * Test 1: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, DSA)
562 * Test 2: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, HMAC)
563 * Test 3: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, RSA)
564 * Test 4: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, DSA)
565 * Test 5: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch diegst, HMAC)
566 * Test 6: Use an MD BIO to do the Update calls instead (RSA)
567 * Test 7: Use an MD BIO to do the Update calls instead (DSA)
568 * Test 8: Use an MD BIO to do the Update calls instead (HMAC)
570 static int test_EVP_DigestSignInit(int tst
)
573 EVP_PKEY
*pkey
= NULL
;
574 unsigned char *sig
= NULL
;
576 EVP_MD_CTX
*md_ctx
= NULL
, *md_ctx_verify
= NULL
;
577 EVP_MD_CTX
*a_md_ctx
= NULL
, *a_md_ctx_verify
= NULL
;
578 BIO
*mdbio
= NULL
, *membio
= NULL
;
581 EVP_MD
*mdexp
= NULL
;
584 membio
= BIO_new(BIO_s_mem());
585 mdbio
= BIO_new(BIO_f_md());
586 if (!TEST_ptr(membio
) || !TEST_ptr(mdbio
))
588 BIO_push(mdbio
, membio
);
589 if (!TEST_int_gt(BIO_get_md_ctx(mdbio
, &md_ctx
), 0))
592 if (!TEST_ptr(a_md_ctx
= md_ctx
= EVP_MD_CTX_new())
593 || !TEST_ptr(a_md_ctx_verify
= md_ctx_verify
= EVP_MD_CTX_new()))
597 if (tst
== 0 || tst
== 3 || tst
== 6) {
598 if (!TEST_ptr(pkey
= load_example_rsa_key()))
600 } else if (tst
== 1 || tst
== 4 || tst
== 7) {
601 #ifndef OPENSSL_NO_DSA
602 if (!TEST_ptr(pkey
= load_example_dsa_key()))
609 if (!TEST_ptr(pkey
= load_example_hmac_key()))
613 if (tst
>= 3 && tst
<= 5)
614 md
= mdexp
= EVP_MD_fetch(NULL
, "SHA256", NULL
);
618 if (!TEST_true(EVP_DigestSignInit(md_ctx
, NULL
, md
, NULL
, pkey
)))
622 if (!BIO_write_ex(mdbio
, kMsg
, sizeof(kMsg
), &written
))
625 if (!TEST_true(EVP_DigestSignUpdate(md_ctx
, kMsg
, sizeof(kMsg
))))
629 /* Determine the size of the signature. */
630 if (!TEST_true(EVP_DigestSignFinal(md_ctx
, NULL
, &sig_len
))
631 || !TEST_ptr(sig
= OPENSSL_malloc(sig_len
))
632 || !TEST_true(EVP_DigestSignFinal(md_ctx
, sig
, &sig_len
)))
636 if (!TEST_int_gt(BIO_reset(mdbio
), 0)
637 || !TEST_int_gt(BIO_get_md_ctx(mdbio
, &md_ctx_verify
), 0))
642 * Ensure that the signature round-trips (Verification isn't supported for
643 * HMAC via EVP_DigestVerify*)
645 if (tst
!= 2 && tst
!= 5 && tst
!= 8) {
646 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify
, NULL
, md
,
651 if (!TEST_true(BIO_write_ex(mdbio
, kMsg
, sizeof(kMsg
), &written
)))
654 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify
, kMsg
,
658 if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify
, sig
, sig_len
)))
667 EVP_MD_CTX_free(a_md_ctx
);
668 EVP_MD_CTX_free(a_md_ctx_verify
);
676 static int test_EVP_DigestVerifyInit(void)
679 EVP_PKEY
*pkey
= NULL
;
680 EVP_MD_CTX
*md_ctx
= NULL
;
682 if (!TEST_ptr(md_ctx
= EVP_MD_CTX_new())
683 || !TEST_ptr(pkey
= load_example_rsa_key()))
686 if (!TEST_true(EVP_DigestVerifyInit(md_ctx
, NULL
, EVP_sha256(), NULL
, pkey
))
687 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx
, kMsg
, sizeof(kMsg
)))
688 || !TEST_true(EVP_DigestVerifyFinal(md_ctx
, kSignature
,
689 sizeof(kSignature
))))
694 EVP_MD_CTX_free(md_ctx
);
699 static int test_d2i_AutoPrivateKey(int i
)
702 const unsigned char *p
;
703 EVP_PKEY
*pkey
= NULL
;
704 const APK_DATA
*ak
= &keydata
[i
];
705 const unsigned char *input
= ak
->kder
;
706 size_t input_len
= ak
->size
;
707 int expected_id
= ak
->evptype
;
710 if (!TEST_ptr(pkey
= d2i_AutoPrivateKey(NULL
, &p
, input_len
))
711 || !TEST_ptr_eq(p
, input
+ input_len
)
712 || !TEST_int_eq(EVP_PKEY_id(pkey
), expected_id
))
722 #ifndef OPENSSL_NO_EC
724 static const unsigned char ec_public_sect163k1_validxy
[] = {
725 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
726 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
727 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
728 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x02, 0xd1, 0x7b,
729 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
730 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
733 static const unsigned char ec_public_sect163k1_badx
[] = {
734 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
735 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
736 0x0a, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
737 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0xb0, 0x02, 0xd1, 0x7b,
738 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
739 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
742 static const unsigned char ec_public_sect163k1_bady
[] = {
743 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
744 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
745 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
746 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x0a, 0xd1, 0x7b,
747 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
748 0x6a, 0xd8, 0x17, 0x65, 0x41, 0xe6
751 static struct ec_der_pub_keys_st
{
752 const unsigned char *der
;
755 } ec_der_pub_keys
[] = {
756 { ec_public_sect163k1_validxy
, sizeof(ec_public_sect163k1_validxy
), 1 },
757 { ec_public_sect163k1_badx
, sizeof(ec_public_sect163k1_badx
), 0 },
758 { ec_public_sect163k1_bady
, sizeof(ec_public_sect163k1_bady
), 0 },
762 * Tests the range of the decoded EC char2 public point.
763 * See ec_GF2m_simple_oct2point().
765 static int test_invalide_ec_char2_pub_range_decode(int id
)
769 EC_KEY
*eckey
= NULL
;
771 if (!TEST_ptr(bio
= BIO_new_mem_buf(ec_der_pub_keys
[id
].der
,
772 ec_der_pub_keys
[id
].len
)))
774 eckey
= d2i_EC_PUBKEY_bio(bio
, NULL
);
775 ret
= (ec_der_pub_keys
[id
].valid
&& TEST_ptr(eckey
))
776 || TEST_ptr_null(eckey
);
783 /* Tests loading a bad key in PKCS8 format */
784 static int test_EVP_PKCS82PKEY(void)
787 const unsigned char *derp
= kExampleBadECKeyDER
;
788 PKCS8_PRIV_KEY_INFO
*p8inf
= NULL
;
789 EVP_PKEY
*pkey
= NULL
;
791 if (!TEST_ptr(p8inf
= d2i_PKCS8_PRIV_KEY_INFO(NULL
, &derp
,
792 sizeof(kExampleBadECKeyDER
))))
795 if (!TEST_ptr_eq(derp
,
796 kExampleBadECKeyDER
+ sizeof(kExampleBadECKeyDER
)))
799 if (!TEST_ptr_null(pkey
= EVP_PKCS82PKEY(p8inf
)))
805 PKCS8_PRIV_KEY_INFO_free(p8inf
);
812 /* This uses kExampleRSAKeyDER and kExampleRSAKeyPKCS8 to verify encoding */
813 static int test_privatekey_to_pkcs8(void)
815 EVP_PKEY
*pkey
= NULL
;
821 if (!TEST_ptr(membio
= BIO_new(BIO_s_mem()))
822 || !TEST_ptr(pkey
= load_example_rsa_key())
823 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio
, pkey
, NULL
,
824 NULL
, 0, NULL
, NULL
),
826 || !TEST_int_gt(membuf_len
= BIO_get_mem_data(membio
, &membuf
), 0)
828 || !TEST_mem_eq(membuf
, (size_t)membuf_len
,
829 kExampleRSAKeyPKCS8
, sizeof(kExampleRSAKeyPKCS8
))
831 * We try to write PEM as well, just to see that it doesn't err, but
832 * assume that the result is correct.
834 || !TEST_int_gt(PEM_write_bio_PKCS8PrivateKey(membio
, pkey
, NULL
,
835 NULL
, 0, NULL
, NULL
),
842 BIO_free_all(membio
);
846 #ifndef OPENSSL_NO_EC
847 static const struct {
849 const char *encoding_name
;
851 { OPENSSL_EC_EXPLICIT_CURVE
, OSSL_PKEY_EC_ENCODING_EXPLICIT
},
852 { OPENSSL_EC_NAMED_CURVE
, OSSL_PKEY_EC_ENCODING_GROUP
}
855 static int ec_export_get_encoding_cb(const OSSL_PARAM params
[], void *arg
)
858 const char *enc_name
= NULL
;
864 if (!TEST_ptr(p
= OSSL_PARAM_locate_const(params
,
865 OSSL_PKEY_PARAM_EC_ENCODING
))
866 || !TEST_true(OSSL_PARAM_get_utf8_string_ptr(p
, &enc_name
)))
869 for (i
= 0; i
< OSSL_NELEM(ec_encodings
); i
++) {
870 if (strcasecmp(enc_name
, ec_encodings
[i
].encoding_name
) == 0) {
871 *enc
= ec_encodings
[i
].encoding
;
879 static int test_EC_keygen_with_enc(int idx
)
881 EVP_PKEY
*params
= NULL
, *key
= NULL
;
882 EVP_PKEY_CTX
*pctx
= NULL
, *kctx
= NULL
;
886 enc
= ec_encodings
[idx
].encoding
;
888 /* Create key parameters */
889 if (!TEST_ptr(pctx
= EVP_PKEY_CTX_new_from_name(testctx
, "EC", NULL
))
890 || !TEST_true(EVP_PKEY_paramgen_init(pctx
))
891 || !TEST_true(EVP_PKEY_CTX_set_group_name(pctx
, "P-256"))
892 || !TEST_true(EVP_PKEY_CTX_set_ec_param_enc(pctx
, enc
))
893 || !TEST_true(EVP_PKEY_paramgen(pctx
, ¶ms
))
894 || !TEST_ptr(params
))
898 if (!TEST_ptr(kctx
= EVP_PKEY_CTX_new_from_pkey(testctx
, params
, NULL
))
899 || !TEST_true(EVP_PKEY_keygen_init(kctx
))
900 || !TEST_true(EVP_PKEY_keygen(kctx
, &key
))
904 /* Check that the encoding got all the way into the key */
905 if (!TEST_true(evp_keymgmt_util_export(key
, OSSL_KEYMGMT_SELECT_ALL
,
906 ec_export_get_encoding_cb
, &enc
))
907 || !TEST_int_eq(enc
, ec_encodings
[idx
].encoding
))
913 EVP_PKEY_free(params
);
914 EVP_PKEY_CTX_free(kctx
);
915 EVP_PKEY_CTX_free(pctx
);
920 #if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
922 static int test_EVP_SM2_verify(void)
925 "-----BEGIN PUBLIC KEY-----\n"
926 "MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEp1KLWq1ZE2jmoAnnBJE1LBGxVr18\n"
927 "YvvqECWCpXfAQ9qUJ+UmthnUPf0iM3SaXKHe6PlLIDyNlWMWb9RUh/yU3g==\n"
928 "-----END PUBLIC KEY-----\n";
930 const char *msg
= "message digest";
931 const char *id
= "ALICE123@YAHOO.COM";
933 const uint8_t signature
[] = {
934 0x30, 0x44, 0x02, 0x20, 0x5b, 0xdb, 0xab, 0x81, 0x4f, 0xbb,
935 0x8b, 0x69, 0xb1, 0x05, 0x9c, 0x99, 0x3b, 0xb2, 0x45, 0x06,
936 0x4a, 0x30, 0x15, 0x59, 0x84, 0xcd, 0xee, 0x30, 0x60, 0x36,
937 0x57, 0x87, 0xef, 0x5c, 0xd0, 0xbe, 0x02, 0x20, 0x43, 0x8d,
938 0x1f, 0xc7, 0x77, 0x72, 0x39, 0xbb, 0x72, 0xe1, 0xfd, 0x07,
939 0x58, 0xd5, 0x82, 0xc8, 0x2d, 0xba, 0x3b, 0x2c, 0x46, 0x24,
940 0xe3, 0x50, 0xff, 0x04, 0xc7, 0xa0, 0x71, 0x9f, 0xa4, 0x70
945 EVP_PKEY
*pkey
= NULL
;
946 EVP_MD_CTX
*mctx
= NULL
;
947 EVP_PKEY_CTX
*pctx
= NULL
;
949 bio
= BIO_new_mem_buf(pubkey
, strlen(pubkey
));
950 if (!TEST_true(bio
!= NULL
))
953 pkey
= PEM_read_bio_PUBKEY(bio
, NULL
, NULL
, NULL
);
954 if (!TEST_true(pkey
!= NULL
))
958 if (!TEST_ptr(EVP_PKEY_get0(pkey
)))
962 if (!TEST_true(EVP_PKEY_set_alias_type(pkey
, EVP_PKEY_SM2
)))
965 if (!TEST_ptr(mctx
= EVP_MD_CTX_new()))
968 if (!TEST_ptr(pctx
= EVP_PKEY_CTX_new(pkey
, NULL
)))
971 EVP_MD_CTX_set_pkey_ctx(mctx
, pctx
);
973 if (!TEST_true(EVP_DigestVerifyInit(mctx
, NULL
, EVP_sm3(), NULL
, pkey
)))
976 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(pctx
, id
, strlen(id
)), 0))
979 if (!TEST_true(EVP_DigestVerifyUpdate(mctx
, msg
, strlen(msg
))))
982 if (!TEST_true(EVP_DigestVerifyFinal(mctx
, signature
, sizeof(signature
))))
989 EVP_PKEY_CTX_free(pctx
);
990 EVP_MD_CTX_free(mctx
);
994 static int test_EVP_SM2(void)
997 EVP_PKEY
*pkey
= NULL
;
998 EVP_PKEY
*params
= NULL
;
999 EVP_PKEY_CTX
*pctx
= NULL
;
1000 EVP_PKEY_CTX
*kctx
= NULL
;
1001 EVP_PKEY_CTX
*sctx
= NULL
;
1003 unsigned char *sig
= NULL
;
1004 EVP_MD_CTX
*md_ctx
= NULL
;
1005 EVP_MD_CTX
*md_ctx_verify
= NULL
;
1006 EVP_PKEY_CTX
*cctx
= NULL
;
1008 uint8_t ciphertext
[128];
1009 size_t ctext_len
= sizeof(ciphertext
);
1011 uint8_t plaintext
[8];
1012 size_t ptext_len
= sizeof(plaintext
);
1014 uint8_t sm2_id
[] = {1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r'};
1016 pctx
= EVP_PKEY_CTX_new_id(EVP_PKEY_SM2
, NULL
);
1017 if (!TEST_ptr(pctx
))
1020 if (!TEST_true(EVP_PKEY_paramgen_init(pctx
) == 1))
1023 /* TODO is this even needed? */
1024 if (!TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx
, NID_sm2
)))
1027 if (!TEST_true(EVP_PKEY_paramgen(pctx
, ¶ms
)))
1030 kctx
= EVP_PKEY_CTX_new(params
, NULL
);
1031 if (!TEST_ptr(kctx
))
1034 if (!TEST_true(EVP_PKEY_keygen_init(kctx
)))
1037 if (!TEST_true(EVP_PKEY_keygen(kctx
, &pkey
)))
1040 if (!TEST_ptr(md_ctx
= EVP_MD_CTX_new()))
1043 if (!TEST_ptr(md_ctx_verify
= EVP_MD_CTX_new()))
1046 if (!TEST_ptr(sctx
= EVP_PKEY_CTX_new(pkey
, NULL
)))
1049 EVP_MD_CTX_set_pkey_ctx(md_ctx
, sctx
);
1050 EVP_MD_CTX_set_pkey_ctx(md_ctx_verify
, sctx
);
1052 if (!TEST_true(EVP_DigestSignInit(md_ctx
, NULL
, EVP_sm3(), NULL
, pkey
)))
1055 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx
, sm2_id
, sizeof(sm2_id
)), 0))
1058 if(!TEST_true(EVP_DigestSignUpdate(md_ctx
, kMsg
, sizeof(kMsg
))))
1061 /* Determine the size of the signature. */
1062 if (!TEST_true(EVP_DigestSignFinal(md_ctx
, NULL
, &sig_len
)))
1065 if (!TEST_ptr(sig
= OPENSSL_malloc(sig_len
)))
1068 if (!TEST_true(EVP_DigestSignFinal(md_ctx
, sig
, &sig_len
)))
1071 /* Ensure that the signature round-trips. */
1073 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify
, NULL
, EVP_sm3(), NULL
, pkey
)))
1076 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx
, sm2_id
, sizeof(sm2_id
)), 0))
1079 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify
, kMsg
, sizeof(kMsg
))))
1082 if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify
, sig
, sig_len
)))
1085 /* now check encryption/decryption */
1087 * SM2 public key encrytion is not moved into default provider yet,
1088 * so we make sure the key gets downgraded for the moment being.
1089 * TODO Remove this call when provided SM2 encryption is implemented
1091 if (!TEST_ptr(EVP_PKEY_get0(pkey
)))
1094 if (!TEST_ptr(cctx
= EVP_PKEY_CTX_new(pkey
, NULL
)))
1097 if (!TEST_true(EVP_PKEY_encrypt_init(cctx
)))
1100 if (!TEST_true(EVP_PKEY_encrypt(cctx
, ciphertext
, &ctext_len
, kMsg
, sizeof(kMsg
))))
1103 if (!TEST_true(EVP_PKEY_decrypt_init(cctx
)))
1106 if (!TEST_true(EVP_PKEY_decrypt(cctx
, plaintext
, &ptext_len
, ciphertext
, ctext_len
)))
1109 if (!TEST_true(ptext_len
== sizeof(kMsg
)))
1112 if (!TEST_true(memcmp(plaintext
, kMsg
, sizeof(kMsg
)) == 0))
1117 EVP_PKEY_CTX_free(pctx
);
1118 EVP_PKEY_CTX_free(kctx
);
1119 EVP_PKEY_CTX_free(sctx
);
1120 EVP_PKEY_CTX_free(cctx
);
1121 EVP_PKEY_free(pkey
);
1122 EVP_PKEY_free(params
);
1123 EVP_MD_CTX_free(md_ctx
);
1124 EVP_MD_CTX_free(md_ctx_verify
);
1131 static struct keys_st
{
1137 EVP_PKEY_HMAC
, "0123456789", NULL
1139 EVP_PKEY_POLY1305
, "01234567890123456789012345678901", NULL
1141 EVP_PKEY_SIPHASH
, "0123456789012345", NULL
1143 #ifndef OPENSSL_NO_EC
1145 EVP_PKEY_X25519
, "01234567890123456789012345678901",
1146 "abcdefghijklmnopqrstuvwxyzabcdef"
1148 EVP_PKEY_ED25519
, "01234567890123456789012345678901",
1149 "abcdefghijklmnopqrstuvwxyzabcdef"
1152 "01234567890123456789012345678901234567890123456789012345",
1153 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd"
1156 "012345678901234567890123456789012345678901234567890123456",
1157 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcde"
1162 static int test_set_get_raw_keys_int(int tst
, int pub
, int uselibctx
)
1165 unsigned char buf
[80];
1167 size_t inlen
, len
= 0;
1170 /* Check if this algorithm supports public keys */
1171 if (keys
[tst
].pub
== NULL
)
1174 memset(buf
, 0, sizeof(buf
));
1177 inlen
= strlen(keys
[tst
].pub
);
1178 in
= (unsigned char *)keys
[tst
].pub
;
1180 pkey
= EVP_PKEY_new_raw_public_key_with_libctx(
1182 OBJ_nid2sn(keys
[tst
].type
),
1187 pkey
= EVP_PKEY_new_raw_public_key(keys
[tst
].type
,
1193 inlen
= strlen(keys
[tst
].priv
);
1194 in
= (unsigned char *)keys
[tst
].priv
;
1196 pkey
= EVP_PKEY_new_raw_private_key_with_libctx(
1197 testctx
, OBJ_nid2sn(keys
[tst
].type
),
1202 pkey
= EVP_PKEY_new_raw_private_key(keys
[tst
].type
,
1210 || (!pub
&& !TEST_true(EVP_PKEY_get_raw_private_key(pkey
, NULL
, &len
)))
1211 || (pub
&& !TEST_true(EVP_PKEY_get_raw_public_key(pkey
, NULL
, &len
)))
1212 || !TEST_true(len
== inlen
)
1213 || (!pub
&& !TEST_true(EVP_PKEY_get_raw_private_key(pkey
, buf
, &len
)))
1214 || (pub
&& !TEST_true(EVP_PKEY_get_raw_public_key(pkey
, buf
, &len
)))
1215 || !TEST_mem_eq(in
, inlen
, buf
, len
))
1220 EVP_PKEY_free(pkey
);
1224 static int test_set_get_raw_keys(int tst
)
1226 return test_set_get_raw_keys_int(tst
, 0, 0)
1227 && test_set_get_raw_keys_int(tst
, 0, 1)
1228 && test_set_get_raw_keys_int(tst
, 1, 0)
1229 && test_set_get_raw_keys_int(tst
, 1, 1);
1232 #ifndef OPENSSL_NO_DEPRECATED_3_0
1233 static int pkey_custom_check(EVP_PKEY
*pkey
)
1238 static int pkey_custom_pub_check(EVP_PKEY
*pkey
)
1243 static int pkey_custom_param_check(EVP_PKEY
*pkey
)
1248 static EVP_PKEY_METHOD
*custom_pmeth
;
1251 static int test_EVP_PKEY_check(int i
)
1254 const unsigned char *p
;
1255 EVP_PKEY
*pkey
= NULL
;
1256 #ifndef OPENSSL_NO_EC
1257 EC_KEY
*eckey
= NULL
;
1259 EVP_PKEY_CTX
*ctx
= NULL
;
1260 #ifndef OPENSSL_NO_DEPRECATED_3_0
1261 EVP_PKEY_CTX
*ctx2
= NULL
;
1263 const APK_DATA
*ak
= &keycheckdata
[i
];
1264 const unsigned char *input
= ak
->kder
;
1265 size_t input_len
= ak
->size
;
1266 int expected_id
= ak
->evptype
;
1267 int expected_check
= ak
->check
;
1268 int expected_pub_check
= ak
->pub_check
;
1269 int expected_param_check
= ak
->param_check
;
1270 int type
= ak
->type
;
1277 if (!TEST_ptr(pkey
= d2i_AutoPrivateKey(NULL
, &p
, input_len
))
1278 || !TEST_ptr_eq(p
, input
+ input_len
)
1279 || !TEST_int_eq(EVP_PKEY_id(pkey
), expected_id
))
1282 #ifndef OPENSSL_NO_EC
1284 if (!TEST_ptr(pubkey
= BIO_new_mem_buf(input
, input_len
))
1285 || !TEST_ptr(eckey
= d2i_EC_PUBKEY_bio(pubkey
, NULL
))
1286 || !TEST_ptr(pkey
= EVP_PKEY_new())
1287 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey
, eckey
)))
1291 if (!TEST_ptr(eckey
= d2i_ECParameters(NULL
, &p
, input_len
))
1292 || !TEST_ptr_eq(p
, input
+ input_len
)
1293 || !TEST_ptr(pkey
= EVP_PKEY_new())
1294 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey
, eckey
)))
1302 if (!TEST_ptr(ctx
= EVP_PKEY_CTX_new(pkey
, NULL
)))
1305 if (!TEST_int_eq(EVP_PKEY_check(ctx
), expected_check
))
1308 if (!TEST_int_eq(EVP_PKEY_public_check(ctx
), expected_pub_check
))
1311 if (!TEST_int_eq(EVP_PKEY_param_check(ctx
), expected_param_check
))
1314 #ifndef OPENSSL_NO_DEPRECATED_3_0
1315 ctx2
= EVP_PKEY_CTX_new_id(0xdefaced, NULL
);
1316 /* assign the pkey directly, as an internal test */
1317 EVP_PKEY_up_ref(pkey
);
1320 if (!TEST_int_eq(EVP_PKEY_check(ctx2
), 0xbeef))
1323 if (!TEST_int_eq(EVP_PKEY_public_check(ctx2
), 0xbeef))
1326 if (!TEST_int_eq(EVP_PKEY_param_check(ctx2
), 0xbeef))
1333 EVP_PKEY_CTX_free(ctx
);
1334 #ifndef OPENSSL_NO_DEPRECATED_3_0
1335 EVP_PKEY_CTX_free(ctx2
);
1337 EVP_PKEY_free(pkey
);
1342 #ifndef OPENSSL_NO_CMAC
1343 static int get_cmac_val(EVP_PKEY
*pkey
, unsigned char *mac
)
1345 EVP_MD_CTX
*mdctx
= EVP_MD_CTX_new();
1346 const char msg
[] = "Hello World";
1350 if (!TEST_ptr(mdctx
)
1351 || !TEST_true(EVP_DigestSignInit(mdctx
, NULL
, NULL
, NULL
, pkey
))
1352 || !TEST_true(EVP_DigestSignUpdate(mdctx
, msg
, sizeof(msg
)))
1353 || !TEST_true(EVP_DigestSignFinal(mdctx
, mac
, &maclen
))
1354 || !TEST_size_t_eq(maclen
, AES_BLOCK_SIZE
))
1357 EVP_MD_CTX_free(mdctx
);
1361 static int test_CMAC_keygen(void)
1363 static unsigned char key
[] = {
1364 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
1365 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
1366 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
1369 * This is a legacy method for CMACs, but should still work.
1370 * This verifies that it works without an ENGINE.
1372 EVP_PKEY_CTX
*kctx
= EVP_PKEY_CTX_new_id(EVP_PKEY_CMAC
, NULL
);
1374 EVP_PKEY
*pkey
= NULL
;
1375 unsigned char mac
[AES_BLOCK_SIZE
], mac2
[AES_BLOCK_SIZE
];
1377 /* Test a CMAC key created using the "generated" method */
1378 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx
), 0)
1379 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx
, -1, EVP_PKEY_OP_KEYGEN
,
1380 EVP_PKEY_CTRL_CIPHER
,
1381 0, (void *)EVP_aes_256_ecb()), 0)
1382 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx
, -1, EVP_PKEY_OP_KEYGEN
,
1383 EVP_PKEY_CTRL_SET_MAC_KEY
,
1384 sizeof(key
), (void *)key
), 0)
1385 || !TEST_int_gt(EVP_PKEY_keygen(kctx
, &pkey
), 0)
1387 || !TEST_true(get_cmac_val(pkey
, mac
)))
1390 EVP_PKEY_free(pkey
);
1393 * Test a CMAC key using the direct method, and compare with the mac
1396 pkey
= EVP_PKEY_new_CMAC_key(NULL
, key
, sizeof(key
), EVP_aes_256_ecb());
1398 || !TEST_true(get_cmac_val(pkey
, mac2
))
1399 || !TEST_mem_eq(mac
, sizeof(mac
), mac2
, sizeof(mac2
)))
1405 EVP_PKEY_free(pkey
);
1406 EVP_PKEY_CTX_free(kctx
);
1411 static int test_HKDF(void)
1414 unsigned char out
[20];
1417 unsigned char salt
[] = "0123456789";
1418 unsigned char key
[] = "012345678901234567890123456789";
1419 unsigned char info
[] = "infostring";
1420 const unsigned char expected
[] = {
1421 0xe5, 0x07, 0x70, 0x7f, 0xc6, 0x78, 0xd6, 0x54, 0x32, 0x5f, 0x7e, 0xc5,
1422 0x7b, 0x59, 0x3e, 0xd8, 0x03, 0x6b, 0xed, 0xca
1424 size_t expectedlen
= sizeof(expected
);
1426 if (!TEST_ptr(pctx
= EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF
, NULL
)))
1429 /* We do this twice to test reuse of the EVP_PKEY_CTX */
1430 for (i
= 0; i
< 2; i
++) {
1431 outlen
= sizeof(out
);
1432 memset(out
, 0, outlen
);
1434 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx
), 0)
1435 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx
, EVP_sha256()), 0)
1436 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx
, salt
,
1437 sizeof(salt
) - 1), 0)
1438 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx
, key
,
1439 sizeof(key
) - 1), 0)
1440 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx
, info
,
1441 sizeof(info
) - 1), 0)
1442 || !TEST_int_gt(EVP_PKEY_derive(pctx
, out
, &outlen
), 0)
1443 || !TEST_mem_eq(out
, outlen
, expected
, expectedlen
))
1450 EVP_PKEY_CTX_free(pctx
);
1455 static int test_emptyikm_HKDF(void)
1458 unsigned char out
[20];
1461 unsigned char salt
[] = "9876543210";
1462 unsigned char key
[] = "";
1463 unsigned char info
[] = "stringinfo";
1464 const unsigned char expected
[] = {
1465 0x68, 0x81, 0xa5, 0x3e, 0x5b, 0x9c, 0x7b, 0x6f, 0x2e, 0xec, 0xc8, 0x47,
1466 0x7c, 0xfa, 0x47, 0x35, 0x66, 0x82, 0x15, 0x30
1468 size_t expectedlen
= sizeof(expected
);
1470 if (!TEST_ptr(pctx
= EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF
, NULL
)))
1473 outlen
= sizeof(out
);
1474 memset(out
, 0, outlen
);
1476 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx
), 0)
1477 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx
, EVP_sha256()), 0)
1478 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx
, salt
,
1479 sizeof(salt
) - 1), 0)
1480 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx
, key
,
1481 sizeof(key
) - 1), 0)
1482 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx
, info
,
1483 sizeof(info
) - 1), 0)
1484 || !TEST_int_gt(EVP_PKEY_derive(pctx
, out
, &outlen
), 0)
1485 || !TEST_mem_eq(out
, outlen
, expected
, expectedlen
))
1491 EVP_PKEY_CTX_free(pctx
);
1496 #ifndef OPENSSL_NO_EC
1497 static int test_X509_PUBKEY_inplace(void)
1500 X509_PUBKEY
*xp
= NULL
;
1501 const unsigned char *p
= kExampleECPubKeyDER
;
1502 size_t input_len
= sizeof(kExampleECPubKeyDER
);
1504 if (!TEST_ptr(xp
= d2i_X509_PUBKEY(NULL
, &p
, input_len
)))
1507 if (!TEST_ptr(X509_PUBKEY_get0(xp
)))
1510 p
= kExampleBadECPubKeyDER
;
1511 input_len
= sizeof(kExampleBadECPubKeyDER
);
1513 if (!TEST_ptr(xp
= d2i_X509_PUBKEY(&xp
, &p
, input_len
)))
1516 if (!TEST_true(X509_PUBKEY_get0(xp
) == NULL
))
1522 X509_PUBKEY_free(xp
);
1525 #endif /* OPENSSL_NO_EC */
1527 /* Test getting and setting parameters on an EVP_PKEY_CTX */
1528 static int test_EVP_PKEY_CTX_get_set_params(EVP_PKEY
*pkey
)
1530 EVP_MD_CTX
*mdctx
= NULL
;
1531 EVP_PKEY_CTX
*ctx
= NULL
;
1532 const OSSL_PARAM
*params
;
1533 OSSL_PARAM ourparams
[2], *param
= ourparams
, *param_md
;
1536 char mdname
[OSSL_MAX_NAME_SIZE
];
1539 /* Initialise a sign operation */
1540 ctx
= EVP_PKEY_CTX_new(pkey
, NULL
);
1542 || !TEST_int_gt(EVP_PKEY_sign_init(ctx
), 0))
1546 * We should be able to query the parameters now.
1548 params
= EVP_PKEY_CTX_settable_params(ctx
);
1549 if (!TEST_ptr(params
)
1550 || !TEST_ptr(OSSL_PARAM_locate_const(params
,
1551 OSSL_SIGNATURE_PARAM_DIGEST
)))
1554 params
= EVP_PKEY_CTX_gettable_params(ctx
);
1555 if (!TEST_ptr(params
)
1556 || !TEST_ptr(OSSL_PARAM_locate_const(params
,
1557 OSSL_SIGNATURE_PARAM_ALGORITHM_ID
))
1558 || !TEST_ptr(OSSL_PARAM_locate_const(params
,
1559 OSSL_SIGNATURE_PARAM_DIGEST
)))
1563 * Test getting and setting params via EVP_PKEY_CTX_set_params() and
1564 * EVP_PKEY_CTX_get_params()
1566 strcpy(mdname
, "SHA512");
1568 *param
++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST
,
1570 *param
++ = OSSL_PARAM_construct_end();
1572 if (!TEST_true(EVP_PKEY_CTX_set_params(ctx
, ourparams
)))
1576 *param_md
= OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST
,
1577 mdname
, sizeof(mdname
));
1578 if (!TEST_true(EVP_PKEY_CTX_get_params(ctx
, ourparams
))
1579 || !TEST_str_eq(mdname
, "SHA512"))
1583 * Test the TEST_PKEY_CTX_set_signature_md() and
1584 * TEST_PKEY_CTX_get_signature_md() functions
1586 if (!TEST_int_gt(EVP_PKEY_CTX_set_signature_md(ctx
, EVP_sha256()), 0)
1587 || !TEST_int_gt(EVP_PKEY_CTX_get_signature_md(ctx
, &md
), 0)
1588 || !TEST_ptr_eq(md
, EVP_sha256()))
1592 * Test getting MD parameters via an associated EVP_PKEY_CTX
1594 mdctx
= EVP_MD_CTX_new();
1595 if (!TEST_ptr(mdctx
)
1596 || !TEST_true(EVP_DigestSignInit_with_libctx(mdctx
, NULL
,
1602 * We now have an EVP_MD_CTX with an EVP_PKEY_CTX inside it. We should be
1603 * able to obtain the digest's settable parameters from the provider.
1605 params
= EVP_MD_CTX_settable_params(mdctx
);
1606 if (!TEST_ptr(params
)
1607 || !TEST_int_eq(strcmp(params
[0].key
, OSSL_DIGEST_PARAM_SSL3_MS
), 0)
1608 /* The final key should be NULL */
1609 || !TEST_ptr_null(params
[1].key
))
1613 memset(ssl3ms
, 0, sizeof(ssl3ms
));
1614 *param
++ = OSSL_PARAM_construct_octet_string(OSSL_DIGEST_PARAM_SSL3_MS
,
1615 ssl3ms
, sizeof(ssl3ms
));
1616 *param
++ = OSSL_PARAM_construct_end();
1618 if (!TEST_true(EVP_MD_CTX_set_params(mdctx
, ourparams
)))
1624 EVP_MD_CTX_free(mdctx
);
1625 EVP_PKEY_CTX_free(ctx
);
1630 #ifndef OPENSSL_NO_DSA
1631 static int test_DSA_get_set_params(void)
1634 BIGNUM
*p
= NULL
, *q
= NULL
, *g
= NULL
, *pub
= NULL
, *priv
= NULL
;
1635 EVP_PKEY
*pkey
= NULL
;
1639 * Setup the parameters for our DSA object. For our purposes they don't
1640 * have to actually be *valid* parameters. We just need to set something.
1653 || !DSA_set0_pqg(dsa
, p
, q
, g
)
1654 || !DSA_set0_key(dsa
, pub
, priv
))
1656 p
= q
= g
= pub
= priv
= NULL
;
1658 pkey
= EVP_PKEY_new();
1660 || !TEST_true(EVP_PKEY_assign_DSA(pkey
, dsa
)))
1665 ret
= test_EVP_PKEY_CTX_get_set_params(pkey
);
1668 EVP_PKEY_free(pkey
);
1680 static int test_RSA_get_set_params(void)
1683 BIGNUM
*n
= NULL
, *e
= NULL
, *d
= NULL
;
1684 EVP_PKEY
*pkey
= NULL
;
1688 * Setup the parameters for our RSA object. For our purposes they don't
1689 * have to actually be *valid* parameters. We just need to set something.
1699 || !RSA_set0_key(rsa
, n
, e
, d
))
1703 pkey
= EVP_PKEY_new();
1705 || !TEST_true(EVP_PKEY_assign_RSA(pkey
, rsa
)))
1710 ret
= test_EVP_PKEY_CTX_get_set_params(pkey
);
1713 EVP_PKEY_free(pkey
);
1722 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
1723 static int test_decrypt_null_chunks(void)
1725 EVP_CIPHER_CTX
* ctx
= NULL
;
1726 const unsigned char key
[32] = {
1727 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
1728 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
1729 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1
1731 unsigned char iv
[12] = {
1732 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b
1734 unsigned char msg
[] = "It was the best of times, it was the worst of times";
1735 unsigned char ciphertext
[80];
1736 unsigned char plaintext
[80];
1737 /* We initialise tmp to a non zero value on purpose */
1738 int ctlen
, ptlen
, tmp
= 99;
1740 const int enc_offset
= 10, dec_offset
= 20;
1742 if (!TEST_ptr(ctx
= EVP_CIPHER_CTX_new())
1743 || !TEST_true(EVP_EncryptInit_ex(ctx
, EVP_chacha20_poly1305(), NULL
,
1745 || !TEST_true(EVP_EncryptUpdate(ctx
, ciphertext
, &ctlen
, msg
,
1747 /* Deliberate add a zero length update */
1748 || !TEST_true(EVP_EncryptUpdate(ctx
, ciphertext
+ ctlen
, &tmp
, NULL
,
1750 || !TEST_int_eq(tmp
, 0)
1751 || !TEST_true(EVP_EncryptUpdate(ctx
, ciphertext
+ ctlen
, &tmp
,
1753 sizeof(msg
) - enc_offset
))
1754 || !TEST_int_eq(ctlen
+= tmp
, sizeof(msg
))
1755 || !TEST_true(EVP_EncryptFinal(ctx
, ciphertext
+ ctlen
, &tmp
))
1756 || !TEST_int_eq(tmp
, 0))
1759 /* Deliberately initialise tmp to a non zero value */
1761 if (!TEST_true(EVP_DecryptInit_ex(ctx
, EVP_chacha20_poly1305(), NULL
, key
,
1763 || !TEST_true(EVP_DecryptUpdate(ctx
, plaintext
, &ptlen
, ciphertext
,
1766 * Deliberately add a zero length update. We also deliberately do
1767 * this at a different offset than for encryption.
1769 || !TEST_true(EVP_DecryptUpdate(ctx
, plaintext
+ ptlen
, &tmp
, NULL
,
1771 || !TEST_int_eq(tmp
, 0)
1772 || !TEST_true(EVP_DecryptUpdate(ctx
, plaintext
+ ptlen
, &tmp
,
1773 ciphertext
+ dec_offset
,
1774 ctlen
- dec_offset
))
1775 || !TEST_int_eq(ptlen
+= tmp
, sizeof(msg
))
1776 || !TEST_true(EVP_DecryptFinal(ctx
, plaintext
+ ptlen
, &tmp
))
1777 || !TEST_int_eq(tmp
, 0)
1778 || !TEST_mem_eq(msg
, sizeof(msg
), plaintext
, ptlen
))
1783 EVP_CIPHER_CTX_free(ctx
);
1786 #endif /* !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) */
1788 #ifndef OPENSSL_NO_DH
1789 static int test_EVP_PKEY_set1_DH(void)
1791 DH
*x942dh
= NULL
, *noqdh
= NULL
;
1792 EVP_PKEY
*pkey1
= NULL
, *pkey2
= NULL
;
1794 BIGNUM
*p
, *g
= NULL
;
1796 if (!TEST_ptr(p
= BN_new())
1797 || !TEST_ptr(g
= BN_new())
1798 || !BN_set_word(p
, 9999)
1799 || !BN_set_word(g
, 2)
1800 || !TEST_ptr(noqdh
= DH_new())
1801 || !DH_set0_pqg(noqdh
, p
, NULL
, g
))
1805 x942dh
= DH_get_2048_256();
1806 pkey1
= EVP_PKEY_new();
1807 pkey2
= EVP_PKEY_new();
1808 if (!TEST_ptr(x942dh
)
1811 || !TEST_ptr(pkey2
))
1814 if(!TEST_true(EVP_PKEY_set1_DH(pkey1
, x942dh
))
1815 || !TEST_int_eq(EVP_PKEY_id(pkey1
), EVP_PKEY_DHX
))
1818 if(!TEST_true(EVP_PKEY_set1_DH(pkey2
, noqdh
))
1819 || !TEST_int_eq(EVP_PKEY_id(pkey2
), EVP_PKEY_DH
))
1826 EVP_PKEY_free(pkey1
);
1827 EVP_PKEY_free(pkey2
);
1836 * We test what happens with an empty template. For the sake of this test,
1837 * the template must be ignored, and we know that's the case for RSA keys
1838 * (this might arguably be a misfeature, but that's what we currently do,
1839 * even in provider code, since that's how the legacy RSA implementation
1842 static int test_keygen_with_empty_template(int n
)
1844 EVP_PKEY_CTX
*ctx
= NULL
;
1845 EVP_PKEY
*pkey
= NULL
;
1846 EVP_PKEY
*tkey
= NULL
;
1851 /* We do test with no template at all as well */
1852 if (!TEST_ptr(ctx
= EVP_PKEY_CTX_new_id(EVP_PKEY_RSA
, NULL
)))
1856 /* Here we create an empty RSA key that serves as our template */
1857 if (!TEST_ptr(tkey
= EVP_PKEY_new())
1858 || !TEST_true(EVP_PKEY_set_type(tkey
, EVP_PKEY_RSA
))
1859 || !TEST_ptr(ctx
= EVP_PKEY_CTX_new(tkey
, NULL
)))
1864 if (!TEST_int_gt(EVP_PKEY_keygen_init(ctx
), 0)
1865 || !TEST_int_gt(EVP_PKEY_keygen(ctx
, &pkey
), 0))
1870 EVP_PKEY_CTX_free(ctx
);
1871 EVP_PKEY_free(pkey
);
1872 EVP_PKEY_free(tkey
);
1877 * Test that we fail if we attempt to use an algorithm that is not available
1878 * in the current library context (unless we are using an algorithm that
1879 * should be made available via legacy codepaths).
1884 static int test_pkey_ctx_fail_without_provider(int tst
)
1886 OPENSSL_CTX
*tmpctx
= OPENSSL_CTX_new();
1887 OSSL_PROVIDER
*nullprov
= NULL
;
1888 EVP_PKEY_CTX
*pctx
= NULL
;
1889 const char *keytype
= NULL
;
1890 int expect_null
= 0;
1893 if (!TEST_ptr(tmpctx
))
1896 nullprov
= OSSL_PROVIDER_load(tmpctx
, "null");
1897 if (!TEST_ptr(nullprov
))
1901 * We check for certain algos in the null provider.
1902 * If an algo is expected to have a provider keymgmt, contructing an
1903 * EVP_PKEY_CTX is expected to fail (return NULL).
1904 * Otherwise, if it's expected to have legacy support, contructing an
1905 * EVP_PKEY_CTX is expected to succeed (return non-NULL).
1915 #ifdef OPENSSL_NO_EC
1916 TEST_info("EC disable, skipping SM2 check...");
1919 #ifdef OPENSSL_NO_SM2
1920 TEST_info("SM2 disable, skipping SM2 check...");
1925 TEST_error("No test for case %d", tst
);
1929 pctx
= EVP_PKEY_CTX_new_from_name(tmpctx
, keytype
, "");
1930 if (expect_null
? !TEST_ptr_null(pctx
) : !TEST_ptr(pctx
))
1933 #if defined(OPENSSL_NO_EC) || defined(OPENSSL_NO_SM2)
1939 EVP_PKEY_CTX_free(pctx
);
1940 OSSL_PROVIDER_unload(nullprov
);
1941 OPENSSL_CTX_free(tmpctx
);
1945 static int test_rand_agglomeration(void)
1949 OSSL_PARAM params
[3], *p
= params
;
1951 unsigned int step
= 7;
1952 static unsigned char seed
[] = "It does not matter how slowly you go "
1953 "as long as you do not stop.";
1954 unsigned char out
[sizeof(seed
)];
1956 if (!TEST_int_ne(sizeof(seed
) % step
, 0)
1957 || !TEST_ptr(rand
= EVP_RAND_fetch(NULL
, "TEST-RAND", NULL
)))
1959 ctx
= EVP_RAND_CTX_new(rand
, NULL
);
1960 EVP_RAND_free(rand
);
1964 memset(out
, 0, sizeof(out
));
1965 *p
++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY
,
1966 seed
, sizeof(seed
));
1967 *p
++ = OSSL_PARAM_construct_uint(OSSL_DRBG_PARAM_MAX_REQUEST
, &step
);
1968 *p
= OSSL_PARAM_construct_end();
1969 res
= TEST_true(EVP_RAND_set_ctx_params(ctx
, params
))
1970 && TEST_true(EVP_RAND_generate(ctx
, out
, sizeof(out
), 0, 1, NULL
, 0))
1971 && TEST_mem_eq(seed
, sizeof(seed
), out
, sizeof(out
));
1972 EVP_RAND_CTX_free(ctx
);
1977 * Test that we correctly return the original or "running" IV after
1978 * an encryption operation.
1979 * Run multiple times for some different relevant algorithms/modes.
1981 static int test_evp_iv(int idx
)
1984 EVP_CIPHER_CTX
*ctx
= NULL
;
1985 unsigned char key
[16] = {0x4c, 0x43, 0xdb, 0xdd, 0x42, 0x73, 0x47, 0xd1,
1986 0xe5, 0x62, 0x7d, 0xcd, 0x4d, 0x76, 0x4d, 0x57};
1987 unsigned char init_iv
[EVP_MAX_IV_LENGTH
] =
1988 {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82,
1989 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34};
1990 static const unsigned char msg
[] = { 1, 2, 3, 4, 5, 6, 7, 8,
1991 9, 10, 11, 12, 13, 14, 15, 16 };
1992 unsigned char ciphertext
[32], oiv
[16], iv
[16];
1993 unsigned char *ref_iv
;
1994 unsigned char cbc_state
[16] = {0x10, 0x2f, 0x05, 0xcc, 0xc2, 0x55, 0x72, 0xb9,
1995 0x88, 0xe6, 0x4a, 0x17, 0x10, 0x74, 0x22, 0x5e};
1997 unsigned char ofb_state
[16] = {0x76, 0xe6, 0x66, 0x61, 0xd0, 0x8a, 0xe4, 0x64,
1998 0xdd, 0x66, 0xbf, 0x00, 0xf0, 0xe3, 0x6f, 0xfd};
1999 unsigned char gcm_state
[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
2000 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
2001 unsigned char ccm_state
[7] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98};
2002 #ifndef OPENSSL_NO_OCB
2003 unsigned char ocb_state
[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
2004 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
2006 int len
= sizeof(ciphertext
);
2007 size_t ivlen
, ref_len
;
2008 const EVP_CIPHER
*type
= NULL
;
2012 type
= EVP_aes_128_cbc();
2015 type
= (type
!= NULL
) ? type
:
2016 EVP_CIPHER_fetch(testctx
, "aes-128-cbc", NULL
);
2018 ref_len
= sizeof(cbc_state
);
2021 type
= EVP_aes_128_ofb();
2024 type
= (type
!= NULL
) ? type
:
2025 EVP_CIPHER_fetch(testctx
, "aes-128-ofb", NULL
);
2027 ref_len
= sizeof(ofb_state
);
2030 type
= EVP_aes_128_gcm();
2033 type
= (type
!= NULL
) ? type
:
2034 EVP_CIPHER_fetch(testctx
, "aes-128-gcm", NULL
);
2036 ref_len
= sizeof(gcm_state
);
2039 type
= EVP_aes_128_ccm();
2042 type
= (type
!= NULL
) ? type
:
2043 EVP_CIPHER_fetch(testctx
, "aes-128-ccm", NULL
);
2045 ref_len
= sizeof(ccm_state
);
2047 #ifdef OPENSSL_NO_OCB
2053 type
= EVP_aes_128_ocb();
2056 type
= (type
!= NULL
) ? type
:
2057 EVP_CIPHER_fetch(testctx
, "aes-128-ocb", NULL
);
2059 ref_len
= sizeof(ocb_state
);
2067 || !TEST_ptr((ctx
= EVP_CIPHER_CTX_new()))
2068 || !TEST_true(EVP_EncryptInit_ex(ctx
, type
, NULL
, key
, init_iv
))
2069 || !TEST_true(EVP_EncryptUpdate(ctx
, ciphertext
, &len
, msg
,
2071 || !TEST_true(EVP_CIPHER_CTX_get_iv(ctx
, oiv
, sizeof(oiv
)))
2072 || !TEST_true(EVP_CIPHER_CTX_get_iv_state(ctx
, iv
, sizeof(iv
)))
2073 || !TEST_true(EVP_EncryptFinal_ex(ctx
, ciphertext
, &len
)))
2075 ivlen
= EVP_CIPHER_CTX_iv_length(ctx
);
2076 if (!TEST_mem_eq(init_iv
, ivlen
, oiv
, ivlen
)
2077 || !TEST_mem_eq(ref_iv
, ref_len
, iv
, ivlen
))
2082 EVP_CIPHER_CTX_free(ctx
);
2084 EVP_CIPHER_free((EVP_CIPHER
*)type
);
2088 int setup_tests(void)
2090 testctx
= OPENSSL_CTX_new();
2092 if (!TEST_ptr(testctx
))
2095 ADD_TEST(test_EVP_set_default_properties
);
2096 ADD_ALL_TESTS(test_EVP_DigestSignInit
, 9);
2097 ADD_TEST(test_EVP_DigestVerifyInit
);
2098 ADD_TEST(test_EVP_Enveloped
);
2099 ADD_ALL_TESTS(test_d2i_AutoPrivateKey
, OSSL_NELEM(keydata
));
2100 ADD_TEST(test_privatekey_to_pkcs8
);
2101 #ifndef OPENSSL_NO_EC
2102 ADD_TEST(test_EVP_PKCS82PKEY
);
2104 #ifndef OPENSSL_NO_EC
2105 ADD_ALL_TESTS(test_EC_keygen_with_enc
, OSSL_NELEM(ec_encodings
));
2107 #if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
2108 ADD_TEST(test_EVP_SM2
);
2109 ADD_TEST(test_EVP_SM2_verify
);
2111 ADD_ALL_TESTS(test_set_get_raw_keys
, OSSL_NELEM(keys
));
2112 #ifndef OPENSSL_NO_DEPRECATED_3_0
2113 custom_pmeth
= EVP_PKEY_meth_new(0xdefaced, 0);
2114 if (!TEST_ptr(custom_pmeth
))
2116 EVP_PKEY_meth_set_check(custom_pmeth
, pkey_custom_check
);
2117 EVP_PKEY_meth_set_public_check(custom_pmeth
, pkey_custom_pub_check
);
2118 EVP_PKEY_meth_set_param_check(custom_pmeth
, pkey_custom_param_check
);
2119 if (!TEST_int_eq(EVP_PKEY_meth_add0(custom_pmeth
), 1))
2122 ADD_ALL_TESTS(test_EVP_PKEY_check
, OSSL_NELEM(keycheckdata
));
2123 #ifndef OPENSSL_NO_CMAC
2124 ADD_TEST(test_CMAC_keygen
);
2126 ADD_TEST(test_HKDF
);
2127 ADD_TEST(test_emptyikm_HKDF
);
2128 #ifndef OPENSSL_NO_EC
2129 ADD_TEST(test_X509_PUBKEY_inplace
);
2130 ADD_ALL_TESTS(test_invalide_ec_char2_pub_range_decode
,
2131 OSSL_NELEM(ec_der_pub_keys
));
2133 #ifndef OPENSSL_NO_DSA
2134 ADD_TEST(test_DSA_get_set_params
);
2136 ADD_TEST(test_RSA_get_set_params
);
2137 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
2138 ADD_TEST(test_decrypt_null_chunks
);
2140 #ifndef OPENSSL_NO_DH
2141 ADD_TEST(test_EVP_PKEY_set1_DH
);
2143 ADD_ALL_TESTS(test_keygen_with_empty_template
, 2);
2144 ADD_ALL_TESTS(test_pkey_ctx_fail_without_provider
, 2);
2146 ADD_TEST(test_rand_agglomeration
);
2147 ADD_ALL_TESTS(test_evp_iv
, 10);
2152 void cleanup_tests(void)
2154 OPENSSL_CTX_free(testctx
);