[thirdparty/openssl.git] / test / recipes / 30-test_evp_data / evppkey_ecdsa.txt

#
# Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License").  You may not use
# this file except in compliance with the License.  You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html

# Tests start with one of these keywords
#       Cipher Decrypt Derive Digest Encoding KDF MAC PBE
#       PrivPubKeyPair Sign Verify VerifyRecover
# and continue until a blank line. Lines starting with a pound sign are ignored.
# The keyword Availablein must appear before the test name if needed.

# Public key algorithm tests

# Private keys used for PKEY operations.

# EC P-256 key

PrivateKey=P-256
-----BEGIN PRIVATE KEY-----
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgiocvtiiTxNH/xbnw
+RdYBp+DUuCPoFpJ+NuSbLVyhyWhRANCAAQsFQ9CnOcPIWwlLPXgYs4fY5zV0WXH
+JQkBywnGX14szuSDpXNtmTpkNzwz+oNlOKo5q+dDlgFbmUxBJJbn+bJ
-----END PRIVATE KEY-----

# EC public key for above

PublicKey=P-256-PUBLIC
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAELBUPQpznDyFsJSz14GLOH2Oc1dFl
x/iUJAcsJxl9eLM7kg6VzbZk6ZDc8M/qDZTiqOavnQ5YBW5lMQSSW5/myQ==
-----END PUBLIC KEY-----

PrivPubKeyPair = P-256:P-256-PUBLIC

Title = ECDSA tests

Verify = P-256
Ctrl = digest:SHA1
Input = "0123456789ABCDEF1234"
Output = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec8

# Digest too long
Verify = P-256
Ctrl = digest:SHA1
Input = "0123456789ABCDEF12345"
Output = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec8
Result = VERIFY_ERROR

# Digest too short
Verify = P-256
Ctrl = digest:SHA1
Input = "0123456789ABCDEF123"
Output = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec8
Result = VERIFY_ERROR

# Digest invalid
Verify = P-256
Ctrl = digest:SHA1
Input = "0123456789ABCDEF1235"
Output = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec8
Result = VERIFY_ERROR

# Invalid signature
Verify = P-256
Ctrl = digest:SHA1
Input = "0123456789ABCDEF1234"
Output = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec7
Result = VERIFY_ERROR

# Garbage after signature
Availablein = default
Verify = P-256
Ctrl = digest:SHA1
Input = "0123456789ABCDEF1234"
Output = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec800
Result = VERIFY_ERROR

# BER signature
Verify = P-256
Ctrl = digest:SHA1
Input = "0123456789ABCDEF1234"
Output = 3080022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec80000
Result = VERIFY_ERROR

Verify = P-256-PUBLIC
Ctrl = digest:SHA1
Input = "0123456789ABCDEF1234"
Output = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec8

Title = DigestSign and DigestVerify

DigestVerify = SHA256
Key = P-256-PUBLIC
Input = "Hello World"
Output = 3046022100e7515177ec3817b77a4a94066ab3070817b7aa9d44a8a09f040da250116e8972022100ba59b0f631258e59a9026be5d84f60685f4cf22b9165a0c2736d5c21c8ec1862

# Oneshot tests
OneShotDigestVerify = SHA256
Key = P-256-PUBLIC
Input = "Hello World"
Output = 3046022100e7515177ec3817b77a4a94066ab3070817b7aa9d44a8a09f040da250116e8972022100ba59b0f631258e59a9026be5d84f60685f4cf22b9165a0c2736d5c21c8ec1862

# Test that mdsize != tbssize fails
Sign = P-256
Ctrl = digest:SHA256
Input = "0123456789ABCDEF1234"
Result = KEYOP_ERROR

PrivateKey = P-256_NAMED_CURVE_EXPLICIT
-----BEGIN PRIVATE KEY-----
MIIBeQIBADCCAQMGByqGSM49AgEwgfcCAQEwLAYHKoZIzj0BAQIhAP////8AAAAB
AAAAAAAAAAAAAAAA////////////////MFsEIP////8AAAABAAAAAAAAAAAAAAAA
///////////////8BCBaxjXYqjqT57PrvVV2mIa8ZR0GsMxTsPY7zjw+J9JgSwMV
AMSdNgiG5wSTamZ44ROdJreBn36QBEEEaxfR8uEsQkf4vOblY6RA8ncDfYEt6zOg
9KE5RdiYwpZP40Li/hp/m47n60p8D54WK84zV2sxXs7LtkBoN79R9QIhAP////8A
AAAA//////////+85vqtpxeehPO5ysL8YyVRAgEBBG0wawIBAQQgiUTxtr5vLVjj
0BOXUa/4r82DJ30QoupYS/wlilW4gWehRANCAATM0n3q2UaDyaQ7OxzJM3B6prhW
3ev1gTwRBduzqqlwd54AUSgI+pjttW8zrWNitO8H1sf59MPWOESKxNtZ1+Nl
-----END PRIVATE KEY-----

PrivateKey = EC_EXPLICIT
-----BEGIN PRIVATE KEY-----
MIIBeQIBADCCAQMGByqGSM49AgEwgfcCAQEwLAYHKoZIzj0BAQIhAP////8AAAAB
AAAAAAAAAAAAAAAA////////////////MFsEIP////8AAAABAAAAAAAAAAAAAAAA
///////////////8BCBaxjXYqjqT57PrvVV2mIa8ZR0GsMxTsPY7zjw+J9JgSwMV
AMSdNgiG5wSTamZ44ROdJreBn36QBEEE5JcIvn36opqjEm/k59Al40rBAxWM2TPG
l0L13Je51zHpfXQ9Z2o7IQicMXP4wSfJ0qCgg2bgydqoxlYrlLGuVQIhAP////8A
AAAA//////////+85vqtpxeehPO5ysL8YyVRAgEBBG0wawIBAQQgec92jwduadCk
OjoNRI+YT5Be5TkzZXzYCyTLkMOikDmhRANCAATtECEhQbLEaiUj/Wu0qjcr81lL
46dx5zYgArz/iaSNJ3W80oO+F7v04jlQ7wxQzg96R0bwKiMeq5CcW9ZFt6xg
-----END PRIVATE KEY-----

PrivateKey = B-163
-----BEGIN PRIVATE KEY-----
MGMCAQAwEAYHKoZIzj0CAQYFK4EEAA8ETDBKAgEBBBUDnQW0mLiHVha/jqFznX/K
DnVlDgChLgMsAAQB1qZ00fPIct+QN8skv1XIHtBNp3EGLytJV0tsAUTYtGhtrzRj
e3GzYyg=
-----END PRIVATE KEY-----

PrivateKey = secp256k1
-----BEGIN PRIVATE KEY-----
MIGEAgEAMBAGByqGSM49AgEGBSuBBAAKBG0wawIBAQQgsLpFV9joHc0bisyV53XL
mrG6/Gu6ZaHoXtKP/VFX44ehRANCAARLYWGgp5nP4N8guypLSbYGCVN6ZPCnWW4x
srYkcpdbxr4neRT3zC62keCKgPbJf5SIHkJ2Tcaw6hVSrBOUFtix
-----END PRIVATE KEY-----

Title = FIPS tests

# Test that a nist curve with < 112 bits is allowed in fips mode for verifying
DigestVerify = SHA256
Key = B-163
Input = "Hello World"
Output = 302e0215027bb891747468b4b59ca2a2bf8f42d29d08866cf5021502cc311b25e9a2168e42240b07a6071070f687eb3b

# Test that a nist curve with SHA3 is allowed in fips mode
# The sign will get a mismatch error since the output signature changes on each run 
DigestSign = SHA3-512
Key = P-256
Input = "Hello World"
Result = SIGNATURE_MISMATCH

# Test that a explicit curve that is a named curve is allowed in fips mode
DigestVerify = SHA256
Key = P-256_NAMED_CURVE_EXPLICIT
Input = "Hello World"
Output = 30450220796fcf472882ed5779226dcd0217b9d2b9acfe4fa2fb0109c8ee63c63adc1033022100e306c69f7e31b9a5d54eb12ba813cddf4de4af933e4f6cea38a0817d9d831d91

Title = FIPS Negative tests (using different curves and digests)

# Test that a explicit curve is not allowed in fips mode
Availablein = fips
DigestVerify = SHA256
Securitycheck = 1
Key = EC_EXPLICIT
Input = "Hello World"
Result = DIGESTVERIFYINIT_ERROR

# Test that a curve with < 112 bits is not allowed in fips mode for signing
Availablein = fips
DigestSign = SHA3-512
Securitycheck = 1
Key = B-163
Input = "Hello World"
Result = DIGESTSIGNINIT_ERROR

# Test that a non nist curve is not allowed in fips mode
Availablein = fips
DigestSign = SHA3-512
Securitycheck = 1
Key = secp256k1
Input = "Hello World"
Result = DIGESTSIGNINIT_ERROR

# Test that SHA1 is not allowed in fips mode for signing
Availablein = fips
DigestSign = SHA1
Securitycheck = 1
Key = B-163
Input = "Hello World"
Result = DIGESTSIGNINIT_ERROR

# Test that SHA1 is not allowed in fips mode for signing
Availablein = fips
Sign = P-256
Securitycheck = 1
Ctrl = digest:SHA1
Input = "0123456789ABCDEF1234"
Result = PKEY_CTRL_ERROR

# Invalid non-approved digest
Availablein = fips
DigestVerify = MD5
Securitycheck = 1
Key = P-256-PUBLIC
Result = DIGESTVERIFYINIT_ERROR
Commit	Line	Data
5ccada09	1	#
aff636a4	2	# Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved.
5ccada09 SL	3	#
	4	# Licensed under the Apache License 2.0 (the "License"). You may not use
	5	# this file except in compliance with the License. You can obtain a copy
	6	# in the file LICENSE in the source distribution or at
	7	# https://www.openssl.org/source/license.html
	8
	9	# Tests start with one of these keywords
	10	# Cipher Decrypt Derive Digest Encoding KDF MAC PBE
	11	# PrivPubKeyPair Sign Verify VerifyRecover
	12	# and continue until a blank line. Lines starting with a pound sign are ignored.
	13	# The keyword Availablein must appear before the test name if needed.
	14
	15	# Public key algorithm tests
	16
	17	# Private keys used for PKEY operations.
	18
	19	# EC P-256 key
	20
	21	PrivateKey=P-256
	22	-----BEGIN PRIVATE KEY-----
	23	MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgiocvtiiTxNH/xbnw
	24	+RdYBp+DUuCPoFpJ+NuSbLVyhyWhRANCAAQsFQ9CnOcPIWwlLPXgYs4fY5zV0WXH
	25	+JQkBywnGX14szuSDpXNtmTpkNzwz+oNlOKo5q+dDlgFbmUxBJJbn+bJ
	26	-----END PRIVATE KEY-----
	27
	28	# EC public key for above
	29
	30	PublicKey=P-256-PUBLIC
	31	-----BEGIN PUBLIC KEY-----
	32	MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAELBUPQpznDyFsJSz14GLOH2Oc1dFl
	33	x/iUJAcsJxl9eLM7kg6VzbZk6ZDc8M/qDZTiqOavnQ5YBW5lMQSSW5/myQ==
	34	-----END PUBLIC KEY-----
	35
	36	PrivPubKeyPair = P-256:P-256-PUBLIC
	37
	38	Title = ECDSA tests
	39
	40	Verify = P-256
	41	Ctrl = digest:SHA1
	42	Input = "0123456789ABCDEF1234"
	43	Output = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec8
	44
	45	# Digest too long
	46	Verify = P-256
	47	Ctrl = digest:SHA1
	48	Input = "0123456789ABCDEF12345"
	49	Output = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec8
	50	Result = VERIFY_ERROR
	51
	52	# Digest too short
	53	Verify = P-256
	54	Ctrl = digest:SHA1
	55	Input = "0123456789ABCDEF123"
	56	Output = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec8
	57	Result = VERIFY_ERROR
	58
	59	# Digest invalid
	60	Verify = P-256
	61	Ctrl = digest:SHA1
	62	Input = "0123456789ABCDEF1235"
	63	Output = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec8
	64	Result = VERIFY_ERROR
	65
	66	# Invalid signature
67	Verify = P-256
68	Ctrl = digest:SHA1
69	Input = "0123456789ABCDEF1234"
70	Output = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec7
71	Result = VERIFY_ERROR
72
73	# Garbage after signature
74	Availablein = default
75	Verify = P-256
76	Ctrl = digest:SHA1
77	Input = "0123456789ABCDEF1234"
78	Output = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec800
79	Result = VERIFY_ERROR
80
81	# BER signature
82	Verify = P-256
83	Ctrl = digest:SHA1
84	Input = "0123456789ABCDEF1234"
85	Output = 3080022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec80000
86	Result = VERIFY_ERROR
87
88	Verify = P-256-PUBLIC
89	Ctrl = digest:SHA1
90	Input = "0123456789ABCDEF1234"
91	Output = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec8
92
5ccada09 SL	93	Title = DigestSign and DigestVerify
	94
	95	DigestVerify = SHA256
	96	Key = P-256-PUBLIC
	97	Input = "Hello World"
	98	Output = 3046022100e7515177ec3817b77a4a94066ab3070817b7aa9d44a8a09f040da250116e8972022100ba59b0f631258e59a9026be5d84f60685f4cf22b9165a0c2736d5c21c8ec1862
	99
5ccada09 SL	100	# Oneshot tests
	101	OneShotDigestVerify = SHA256
	102	Key = P-256-PUBLIC
	103	Input = "Hello World"
	104	Output = 3046022100e7515177ec3817b77a4a94066ab3070817b7aa9d44a8a09f040da250116e8972022100ba59b0f631258e59a9026be5d84f60685f4cf22b9165a0c2736d5c21c8ec1862
0645110e	105
28332028 SL	106	# Test that mdsize != tbssize fails
	107	Sign = P-256
	108	Ctrl = digest:SHA256
	109	Input = "0123456789ABCDEF1234"
	110	Result = KEYOP_ERROR
	111
0645110e SL	112	PrivateKey = P-256_NAMED_CURVE_EXPLICIT
	113	-----BEGIN PRIVATE KEY-----
	114	MIIBeQIBADCCAQMGByqGSM49AgEwgfcCAQEwLAYHKoZIzj0BAQIhAP////8AAAAB
	115	AAAAAAAAAAAAAAAA////////////////MFsEIP////8AAAABAAAAAAAAAAAAAAAA
	116	///////////////8BCBaxjXYqjqT57PrvVV2mIa8ZR0GsMxTsPY7zjw+J9JgSwMV
	117	AMSdNgiG5wSTamZ44ROdJreBn36QBEEEaxfR8uEsQkf4vOblY6RA8ncDfYEt6zOg
	118	9KE5RdiYwpZP40Li/hp/m47n60p8D54WK84zV2sxXs7LtkBoN79R9QIhAP////8A
	119	AAAA//////////+85vqtpxeehPO5ysL8YyVRAgEBBG0wawIBAQQgiUTxtr5vLVjj
	120	0BOXUa/4r82DJ30QoupYS/wlilW4gWehRANCAATM0n3q2UaDyaQ7OxzJM3B6prhW
	121	3ev1gTwRBduzqqlwd54AUSgI+pjttW8zrWNitO8H1sf59MPWOESKxNtZ1+Nl
	122	-----END PRIVATE KEY-----
	123
	124	PrivateKey = EC_EXPLICIT
	125	-----BEGIN PRIVATE KEY-----
	126	MIIBeQIBADCCAQMGByqGSM49AgEwgfcCAQEwLAYHKoZIzj0BAQIhAP////8AAAAB
	127	AAAAAAAAAAAAAAAA////////////////MFsEIP////8AAAABAAAAAAAAAAAAAAAA
	128	///////////////8BCBaxjXYqjqT57PrvVV2mIa8ZR0GsMxTsPY7zjw+J9JgSwMV
	129	AMSdNgiG5wSTamZ44ROdJreBn36QBEEE5JcIvn36opqjEm/k59Al40rBAxWM2TPG
	130	l0L13Je51zHpfXQ9Z2o7IQicMXP4wSfJ0qCgg2bgydqoxlYrlLGuVQIhAP////8A
	131	AAAA//////////+85vqtpxeehPO5ysL8YyVRAgEBBG0wawIBAQQgec92jwduadCk
	132	OjoNRI+YT5Be5TkzZXzYCyTLkMOikDmhRANCAATtECEhQbLEaiUj/Wu0qjcr81lL
	133	46dx5zYgArz/iaSNJ3W80oO+F7v04jlQ7wxQzg96R0bwKiMeq5CcW9ZFt6xg
	134	-----END PRIVATE KEY-----
	135
	136	PrivateKey = B-163
	137	-----BEGIN PRIVATE KEY-----
	138	MGMCAQAwEAYHKoZIzj0CAQYFK4EEAA8ETDBKAgEBBBUDnQW0mLiHVha/jqFznX/K
	139	DnVlDgChLgMsAAQB1qZ00fPIct+QN8skv1XIHtBNp3EGLytJV0tsAUTYtGhtrzRj
	140	e3GzYyg=
	141	-----END PRIVATE KEY-----
	142
	143	PrivateKey = secp256k1
	144	-----BEGIN PRIVATE KEY-----
	145	MIGEAgEAMBAGByqGSM49AgEGBSuBBAAKBG0wawIBAQQgsLpFV9joHc0bisyV53XL
	146	mrG6/Gu6ZaHoXtKP/VFX44ehRANCAARLYWGgp5nP4N8guypLSbYGCVN6ZPCnWW4x
	147	srYkcpdbxr4neRT3zC62keCKgPbJf5SIHkJ2Tcaw6hVSrBOUFtix
	148	-----END PRIVATE KEY-----
	149
	150	Title = FIPS tests
	151
	152	# Test that a nist curve with < 112 bits is allowed in fips mode for verifying
	153	DigestVerify = SHA256
	154	Key = B-163
	155	Input = "Hello World"
	156	Output = 302e0215027bb891747468b4b59ca2a2bf8f42d29d08866cf5021502cc311b25e9a2168e42240b07a6071070f687eb3b
	157
	158	# Test that a nist curve with SHA3 is allowed in fips mode
	159	# The sign will get a mismatch error since the output signature changes on each run
	160	DigestSign = SHA3-512
	161	Key = P-256
	162	Input = "Hello World"
	163	Result = SIGNATURE_MISMATCH
	164
	165	# Test that a explicit curve that is a named curve is allowed in fips mode
	166	DigestVerify = SHA256
	167	Key = P-256_NAMED_CURVE_EXPLICIT
	168	Input = "Hello World"
	169	Output = 30450220796fcf472882ed5779226dcd0217b9d2b9acfe4fa2fb0109c8ee63c63adc1033022100e306c69f7e31b9a5d54eb12ba813cddf4de4af933e4f6cea38a0817d9d831d91
	170
	171	Title = FIPS Negative tests (using different curves and digests)
	172
	173	# Test that a explicit curve is not allowed in fips mode
	174	Availablein = fips
	175	DigestVerify = SHA256
7a810fac	176	Securitycheck = 1
0645110e SL	177	Key = EC_EXPLICIT
	178	Input = "Hello World"
	179	Result = DIGESTVERIFYINIT_ERROR
	180
	181	# Test that a curve with < 112 bits is not allowed in fips mode for signing
	182	Availablein = fips
	183	DigestSign = SHA3-512
7a810fac	184	Securitycheck = 1
0645110e SL	185	Key = B-163
	186	Input = "Hello World"
	187	Result = DIGESTSIGNINIT_ERROR
	188
	189	# Test that a non nist curve is not allowed in fips mode
	190	Availablein = fips
	191	DigestSign = SHA3-512
7a810fac	192	Securitycheck = 1
0645110e SL	193	Key = secp256k1
	194	Input = "Hello World"
	195	Result = DIGESTSIGNINIT_ERROR
28332028 SL	196
	197	# Test that SHA1 is not allowed in fips mode for signing
	198	Availablein = fips
	199	DigestSign = SHA1
	200	Securitycheck = 1
	201	Key = B-163
	202	Input = "Hello World"
	203	Result = DIGESTSIGNINIT_ERROR
	204
	205	# Test that SHA1 is not allowed in fips mode for signing
	206	Availablein = fips
	207	Sign = P-256
38e12964	208	Securitycheck = 1
28332028 SL	209	Ctrl = digest:SHA1
	210	Input = "0123456789ABCDEF1234"
	211	Result = PKEY_CTRL_ERROR
6a2ab4a9 TM	212
	213	# Invalid non-approved digest
	214	Availablein = fips
	215	DigestVerify = MD5
	216	Securitycheck = 1
	217	Key = P-256-PUBLIC
	218	Result = DIGESTVERIFYINIT_ERROR