2 * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 /* We need to use some deprecated APIs */
11 #define OPENSSL_SUPPRESS_DEPRECATED
16 #include <openssl/bio.h>
17 #include <openssl/conf.h>
18 #include <openssl/crypto.h>
19 #include <openssl/err.h>
20 #include <openssl/evp.h>
21 #include <openssl/x509.h>
22 #include <openssl/pem.h>
23 #include <openssl/kdf.h>
24 #include <openssl/provider.h>
25 #include <openssl/core_names.h>
26 #include <openssl/params.h>
27 #include <openssl/param_build.h>
28 #include <openssl/dsa.h>
29 #include <openssl/dh.h>
30 #include <openssl/aes.h>
31 #include <openssl/decoder.h>
32 #include <openssl/rsa.h>
34 #include "internal/nelem.h"
35 #include "internal/sizes.h"
36 #include "crypto/evp.h"
37 #include "../e_os.h" /* strcasecmp */
39 static OSSL_LIB_CTX *testctx = NULL;
42 * kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you
43 * should never use this key anywhere but in an example.
45 static const unsigned char kExampleRSAKeyDER[] = {
46 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xf8,
47 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59,
48 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37,
49 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71,
50 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a,
51 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4,
52 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec,
53 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76,
54 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8,
55 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7,
56 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c,
57 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01,
58 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 0x6d, 0xc7,
59 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 0x32, 0x85,
60 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 0x5f, 0xee,
61 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 0x66, 0x85,
62 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 0xa4, 0x0a,
63 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 0xc2, 0x15,
64 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 0x5b, 0x83,
65 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 0x80, 0x1b,
66 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 0x99, 0x73,
67 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 0x1f, 0x99,
68 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 0xb1, 0x02,
69 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 0x40, 0x41,
70 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 0x3d, 0x59,
71 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 0xc6, 0xd9,
72 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 0x9f, 0xef,
73 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 0x46, 0x87,
74 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 0x2c, 0xdf,
75 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 0x55, 0xf5,
76 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 0xcd, 0xb5,
77 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 0xb3, 0x62,
78 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 0x9b, 0x64,
79 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 0xfa, 0xb8,
80 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 0xe8, 0xba,
81 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 0xe7, 0xfe,
82 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 0x75, 0xe7,
83 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 0x9d, 0xfe,
84 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 0xf1, 0xdb,
85 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 0x5a, 0x34,
86 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 0x84, 0x27,
87 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 0xe9, 0xc0,
88 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 0xb9, 0xba,
89 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 0x10, 0x06,
90 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 0x52, 0x2c,
91 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 0xc4, 0x1e,
92 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 0x49, 0xaf,
93 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 0xd1, 0x8a,
94 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 0x17, 0x17,
95 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 0x08, 0xf1,
96 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
100 * kExampleDSAKeyDER is a DSA private key in ASN.1, DER format. Of course, you
101 * should never use this key anywhere but in an example.
103 #ifndef OPENSSL_NO_DSA
104 static const unsigned char kExampleDSAKeyDER[] = {
105 0x30, 0x82, 0x01, 0xba, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0x9a,
106 0x05, 0x6d, 0x33, 0xcd, 0x5d, 0x78, 0xa1, 0xbb, 0xcb, 0x7d, 0x5b, 0x8d,
107 0xb4, 0xcc, 0xbf, 0x03, 0x99, 0x64, 0xde, 0x38, 0x78, 0x06, 0x15, 0x2f,
108 0x86, 0x26, 0x77, 0xf3, 0xb1, 0x85, 0x00, 0xed, 0xfc, 0x28, 0x3a, 0x42,
109 0x4d, 0xab, 0xab, 0xdf, 0xbc, 0x9c, 0x16, 0xd0, 0x22, 0x50, 0xd1, 0x38,
110 0xdd, 0x3f, 0x64, 0x05, 0x9e, 0x68, 0x7a, 0x1e, 0xf1, 0x56, 0xbf, 0x1e,
111 0x2c, 0xc5, 0x97, 0x2a, 0xfe, 0x7a, 0x22, 0xdc, 0x6c, 0x68, 0xb8, 0x2e,
112 0x06, 0xdb, 0x41, 0xca, 0x98, 0xd8, 0x54, 0xc7, 0x64, 0x48, 0x24, 0x04,
113 0x20, 0xbc, 0x59, 0xe3, 0x6b, 0xea, 0x7e, 0xfc, 0x7e, 0xc5, 0x4e, 0xd4,
114 0xd8, 0x3a, 0xed, 0xcd, 0x5d, 0x99, 0xb8, 0x5c, 0xa2, 0x8b, 0xbb, 0x0b,
115 0xac, 0xe6, 0x8e, 0x25, 0x56, 0x22, 0x3a, 0x2d, 0x3a, 0x56, 0x41, 0x14,
116 0x1f, 0x1c, 0x8f, 0x53, 0x46, 0x13, 0x85, 0x02, 0x15, 0x00, 0x98, 0x7e,
117 0x92, 0x81, 0x88, 0xc7, 0x3f, 0x70, 0x49, 0x54, 0xf6, 0x76, 0xb4, 0xa3,
118 0x9e, 0x1d, 0x45, 0x98, 0x32, 0x7f, 0x02, 0x81, 0x80, 0x69, 0x4d, 0xef,
119 0x55, 0xff, 0x4d, 0x59, 0x2c, 0x01, 0xfa, 0x6a, 0x38, 0xe0, 0x70, 0x9f,
120 0x9e, 0x66, 0x8e, 0x3e, 0x8c, 0x52, 0x22, 0x9d, 0x15, 0x7e, 0x3c, 0xef,
121 0x4c, 0x7a, 0x61, 0x26, 0xe0, 0x2b, 0x81, 0x3f, 0xeb, 0xaf, 0x35, 0x38,
122 0x8d, 0xfe, 0xed, 0x46, 0xff, 0x5f, 0x03, 0x9b, 0x81, 0x92, 0xe7, 0x6f,
123 0x76, 0x4f, 0x1d, 0xd9, 0xbb, 0x89, 0xc9, 0x3e, 0xd9, 0x0b, 0xf9, 0xf4,
124 0x78, 0x11, 0x59, 0xc0, 0x1d, 0xcd, 0x0e, 0xa1, 0x6f, 0x15, 0xf1, 0x4d,
125 0xc1, 0xc9, 0x22, 0xed, 0x8d, 0xad, 0x67, 0xc5, 0x4b, 0x95, 0x93, 0x86,
126 0xa6, 0xaf, 0x8a, 0xee, 0x06, 0x89, 0x2f, 0x37, 0x7e, 0x64, 0xaa, 0xf6,
127 0xe7, 0xb1, 0x5a, 0x0a, 0x93, 0x95, 0x5d, 0x3e, 0x53, 0x9a, 0xde, 0x8a,
128 0xc2, 0x95, 0x45, 0x81, 0xbe, 0x5c, 0x2f, 0xc2, 0xb2, 0x92, 0x58, 0x19,
129 0x72, 0x80, 0xe9, 0x79, 0xa1, 0x02, 0x81, 0x80, 0x07, 0xd7, 0x62, 0xff,
130 0xdf, 0x1a, 0x3f, 0xed, 0x32, 0xd4, 0xd4, 0x88, 0x7b, 0x2c, 0x63, 0x7f,
131 0x97, 0xdc, 0x44, 0xd4, 0x84, 0xa2, 0xdd, 0x17, 0x16, 0x85, 0x13, 0xe0,
132 0xac, 0x51, 0x8d, 0x29, 0x1b, 0x75, 0x9a, 0xe4, 0xe3, 0x8a, 0x92, 0x69,
133 0x09, 0x03, 0xc5, 0x68, 0xae, 0x5e, 0x94, 0xfe, 0xc9, 0x92, 0x6c, 0x07,
134 0xb4, 0x1e, 0x64, 0x62, 0x87, 0xc6, 0xa4, 0xfd, 0x0d, 0x5f, 0xe5, 0xf9,
135 0x1b, 0x4f, 0x85, 0x5f, 0xae, 0xf3, 0x11, 0xe5, 0x18, 0xd4, 0x4d, 0x79,
136 0x9f, 0xc4, 0x79, 0x26, 0x04, 0x27, 0xf0, 0x0b, 0xee, 0x2b, 0x86, 0x9f,
137 0x86, 0x61, 0xe6, 0x51, 0xce, 0x04, 0x9b, 0x5d, 0x6b, 0x34, 0x43, 0x8c,
138 0x85, 0x3c, 0xf1, 0x51, 0x9b, 0x08, 0x23, 0x1b, 0xf5, 0x7e, 0x33, 0x12,
139 0xea, 0xab, 0x1f, 0xb7, 0x2d, 0xe2, 0x5f, 0xe6, 0x97, 0x99, 0xb5, 0x45,
140 0x16, 0x5b, 0xc3, 0x41, 0x02, 0x14, 0x61, 0xbf, 0x51, 0x60, 0xcf, 0xc8,
141 0xf1, 0x8c, 0x82, 0x97, 0xf2, 0xf4, 0x19, 0xba, 0x2b, 0xf3, 0x16, 0xbe,
147 * kExampleBadRSAKeyDER is an RSA private key in ASN.1, DER format. The private
148 * components are not correct.
150 static const unsigned char kExampleBadRSAKeyDER[] = {
151 0x30, 0x82, 0x04, 0x27, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00,
152 0xa6, 0x1a, 0x1e, 0x6e, 0x7b, 0xee, 0xc6, 0x89, 0x66, 0xe7, 0x93, 0xef,
153 0x54, 0x12, 0x68, 0xea, 0xbf, 0x86, 0x2f, 0xdd, 0xd2, 0x79, 0xb8, 0xa9,
154 0x6e, 0x03, 0xc2, 0xa3, 0xb9, 0xa3, 0xe1, 0x4b, 0x2a, 0xb3, 0xf8, 0xb4,
155 0xcd, 0xea, 0xbe, 0x24, 0xa6, 0x57, 0x5b, 0x83, 0x1f, 0x0f, 0xf2, 0xd3,
156 0xb7, 0xac, 0x7e, 0xd6, 0x8e, 0x6e, 0x1e, 0xbf, 0xb8, 0x73, 0x8c, 0x05,
157 0x56, 0xe6, 0x35, 0x1f, 0xe9, 0x04, 0x0b, 0x09, 0x86, 0x7d, 0xf1, 0x26,
158 0x08, 0x99, 0xad, 0x7b, 0xc8, 0x4d, 0x94, 0xb0, 0x0b, 0x8b, 0x38, 0xa0,
159 0x5c, 0x62, 0xa0, 0xab, 0xd3, 0x8f, 0xd4, 0x09, 0x60, 0x72, 0x1e, 0x33,
160 0x50, 0x80, 0x6e, 0x22, 0xa6, 0x77, 0x57, 0x6b, 0x9a, 0x33, 0x21, 0x66,
161 0x87, 0x6e, 0x21, 0x7b, 0xc7, 0x24, 0x0e, 0xd8, 0x13, 0xdf, 0x83, 0xde,
162 0xcd, 0x40, 0x58, 0x1d, 0x84, 0x86, 0xeb, 0xb8, 0x12, 0x4e, 0xd2, 0xfa,
163 0x80, 0x1f, 0xe4, 0xe7, 0x96, 0x29, 0xb8, 0xcc, 0xce, 0x66, 0x6d, 0x53,
164 0xca, 0xb9, 0x5a, 0xd7, 0xf6, 0x84, 0x6c, 0x2d, 0x9a, 0x1a, 0x14, 0x1c,
165 0x4e, 0x93, 0x39, 0xba, 0x74, 0xed, 0xed, 0x87, 0x87, 0x5e, 0x48, 0x75,
166 0x36, 0xf0, 0xbc, 0x34, 0xfb, 0x29, 0xf9, 0x9f, 0x96, 0x5b, 0x0b, 0xa7,
167 0x54, 0x30, 0x51, 0x29, 0x18, 0x5b, 0x7d, 0xac, 0x0f, 0xd6, 0x5f, 0x7c,
168 0xf8, 0x98, 0x8c, 0xd8, 0x86, 0x62, 0xb3, 0xdc, 0xff, 0x0f, 0xff, 0x7a,
169 0xaf, 0x5c, 0x4c, 0x61, 0x49, 0x2e, 0xc8, 0x95, 0x86, 0xc4, 0x0e, 0x87,
170 0xfc, 0x1d, 0xcf, 0x8b, 0x7c, 0x61, 0xf6, 0xd8, 0xd0, 0x69, 0xf6, 0xcd,
171 0x8a, 0x8c, 0xf6, 0x62, 0xa2, 0x56, 0xa9, 0xe3, 0xd1, 0xcf, 0x4d, 0xa0,
172 0xf6, 0x2d, 0x20, 0x0a, 0x04, 0xb7, 0xa2, 0xf7, 0xb5, 0x99, 0x47, 0x18,
173 0x56, 0x85, 0x87, 0xc7, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01,
174 0x01, 0x00, 0x99, 0x41, 0x38, 0x1a, 0xd0, 0x96, 0x7a, 0xf0, 0x83, 0xd5,
175 0xdf, 0x94, 0xce, 0x89, 0x3d, 0xec, 0x7a, 0x52, 0x21, 0x10, 0x16, 0x06,
176 0xe0, 0xee, 0xd2, 0xe6, 0xfd, 0x4b, 0x7b, 0x19, 0x4d, 0xe1, 0xc0, 0xc0,
177 0xd5, 0x14, 0x5d, 0x79, 0xdd, 0x7e, 0x8b, 0x4b, 0xc6, 0xcf, 0xb0, 0x75,
178 0x52, 0xa3, 0x2d, 0xb1, 0x26, 0x46, 0x68, 0x9c, 0x0a, 0x1a, 0xf2, 0xe1,
179 0x09, 0xac, 0x53, 0x85, 0x8c, 0x36, 0xa9, 0x14, 0x65, 0xea, 0xa0, 0x00,
180 0xcb, 0xe3, 0x3f, 0xc4, 0x2b, 0x61, 0x2e, 0x6b, 0x06, 0x69, 0x77, 0xfd,
181 0x38, 0x7e, 0x1d, 0x3f, 0x92, 0xe7, 0x77, 0x08, 0x19, 0xa7, 0x9d, 0x29,
182 0x2d, 0xdc, 0x42, 0xc6, 0x7c, 0xd7, 0xd3, 0xa8, 0x01, 0x2c, 0xf2, 0xd5,
183 0x82, 0x57, 0xcb, 0x55, 0x3d, 0xe7, 0xaa, 0xd2, 0x06, 0x30, 0x30, 0x05,
184 0xe6, 0xf2, 0x47, 0x86, 0xba, 0xc6, 0x61, 0x64, 0xeb, 0x4f, 0x2a, 0x5e,
185 0x07, 0x29, 0xe0, 0x96, 0xb2, 0x43, 0xff, 0x5f, 0x1a, 0x54, 0x16, 0xcf,
186 0xb5, 0x56, 0x5c, 0xa0, 0x9b, 0x0c, 0xfd, 0xb3, 0xd2, 0xe3, 0x79, 0x1d,
187 0x21, 0xe2, 0xd6, 0x13, 0xc4, 0x74, 0xa6, 0xf5, 0x8e, 0x8e, 0x81, 0xbb,
188 0xb4, 0xad, 0x8a, 0xf0, 0x93, 0x0a, 0xd8, 0x0a, 0x42, 0x36, 0xbc, 0xe5,
189 0x26, 0x2a, 0x0d, 0x5d, 0x57, 0x13, 0xc5, 0x4e, 0x2f, 0x12, 0x0e, 0xef,
190 0xa7, 0x81, 0x1e, 0xc3, 0xa5, 0xdb, 0xc9, 0x24, 0xeb, 0x1a, 0xa1, 0xf9,
191 0xf6, 0xa1, 0x78, 0x98, 0x93, 0x77, 0x42, 0x45, 0x03, 0xe2, 0xc9, 0xa2,
192 0xfe, 0x2d, 0x77, 0xc8, 0xc6, 0xac, 0x9b, 0x98, 0x89, 0x6d, 0x9a, 0xe7,
193 0x61, 0x63, 0xb7, 0xf2, 0xec, 0xd6, 0xb1, 0xa1, 0x6e, 0x0a, 0x1a, 0xff,
194 0xfd, 0x43, 0x28, 0xc3, 0x0c, 0xdc, 0xf2, 0x47, 0x4f, 0x27, 0xaa, 0x99,
195 0x04, 0x8e, 0xac, 0xe8, 0x7c, 0x01, 0x02, 0x04, 0x12, 0x34, 0x56, 0x78,
196 0x02, 0x81, 0x81, 0x00, 0xca, 0x69, 0xe5, 0xbb, 0x3a, 0x90, 0x82, 0xcb,
197 0x82, 0x50, 0x2f, 0x29, 0xe2, 0x76, 0x6a, 0x57, 0x55, 0x45, 0x4e, 0x35,
198 0x18, 0x61, 0xe0, 0x12, 0x70, 0xc0, 0xab, 0xc7, 0x80, 0xa2, 0xd4, 0x46,
199 0x34, 0x03, 0xa0, 0x19, 0x26, 0x23, 0x9e, 0xef, 0x1a, 0xcb, 0x75, 0xd6,
200 0xba, 0x81, 0xf4, 0x7e, 0x52, 0xe5, 0x2a, 0xe8, 0xf1, 0x49, 0x6c, 0x0f,
201 0x1a, 0xa0, 0xf9, 0xc6, 0xe7, 0xec, 0x60, 0xe4, 0xcb, 0x2a, 0xb5, 0x56,
202 0xe9, 0x9c, 0xcd, 0x19, 0x75, 0x92, 0xb1, 0x66, 0xce, 0xc3, 0xd9, 0x3d,
203 0x11, 0xcb, 0xc4, 0x09, 0xce, 0x1e, 0x30, 0xba, 0x2f, 0x60, 0x60, 0x55,
204 0x8d, 0x02, 0xdc, 0x5d, 0xaf, 0xf7, 0x52, 0x31, 0x17, 0x07, 0x53, 0x20,
205 0x33, 0xad, 0x8c, 0xd5, 0x2f, 0x5a, 0xd0, 0x57, 0xd7, 0xd1, 0x80, 0xd6,
206 0x3a, 0x9b, 0x04, 0x4f, 0x35, 0xbf, 0xe7, 0xd5, 0xbc, 0x8f, 0xd4, 0x81,
207 0x02, 0x81, 0x81, 0x00, 0xc0, 0x9f, 0xf8, 0xcd, 0xf7, 0x3f, 0x26, 0x8a,
208 0x3d, 0x4d, 0x2b, 0x0c, 0x01, 0xd0, 0xa2, 0xb4, 0x18, 0xfe, 0xf7, 0x5e,
209 0x2f, 0x06, 0x13, 0xcd, 0x63, 0xaa, 0x12, 0xa9, 0x24, 0x86, 0xe3, 0xf3,
210 0x7b, 0xda, 0x1a, 0x3c, 0xb1, 0x38, 0x80, 0x80, 0xef, 0x64, 0x64, 0xa1,
211 0x9b, 0xfe, 0x76, 0x63, 0x8e, 0x83, 0xd2, 0xd9, 0xb9, 0x86, 0xb0, 0xe6,
212 0xa6, 0x0c, 0x7e, 0xa8, 0x84, 0x90, 0x98, 0x0c, 0x1e, 0xf3, 0x14, 0x77,
213 0xe0, 0x5f, 0x81, 0x08, 0x11, 0x8f, 0xa6, 0x23, 0xc4, 0xba, 0xc0, 0x8a,
214 0xe4, 0xc6, 0xe3, 0x5c, 0xbe, 0xc5, 0xec, 0x2c, 0xb9, 0xd8, 0x8c, 0x4d,
215 0x1a, 0x9d, 0xe7, 0x7c, 0x85, 0x4c, 0x0d, 0x71, 0x4e, 0x72, 0x33, 0x1b,
216 0xfe, 0xa9, 0x17, 0x72, 0x76, 0x56, 0x9d, 0x74, 0x7e, 0x52, 0x67, 0x9a,
217 0x87, 0x9a, 0xdb, 0x30, 0xde, 0xe4, 0x49, 0x28, 0x3b, 0xd2, 0x67, 0xaf,
218 0x02, 0x81, 0x81, 0x00, 0x89, 0x74, 0x9a, 0x8e, 0xa7, 0xb9, 0xa5, 0x28,
219 0xc0, 0x68, 0xe5, 0x6e, 0x63, 0x1c, 0x99, 0x20, 0x8f, 0x86, 0x8e, 0x12,
220 0x9e, 0x69, 0x30, 0xfa, 0x34, 0xd9, 0x92, 0x8d, 0xdb, 0x7c, 0x37, 0xfd,
221 0x28, 0xab, 0x61, 0x98, 0x52, 0x7f, 0x14, 0x1a, 0x39, 0xae, 0xfb, 0x6a,
222 0x03, 0xa3, 0xe6, 0xbd, 0xb6, 0x5b, 0x6b, 0xe5, 0x5e, 0x9d, 0xc6, 0xa5,
223 0x07, 0x27, 0x54, 0x17, 0xd0, 0x3d, 0x84, 0x9b, 0x3a, 0xa0, 0xd9, 0x1e,
224 0x99, 0x6c, 0x63, 0x17, 0xab, 0xf1, 0x1f, 0x49, 0xba, 0x95, 0xe3, 0x3b,
225 0x86, 0x8f, 0x42, 0xa4, 0x89, 0xf5, 0x94, 0x8f, 0x8b, 0x46, 0xbe, 0x84,
226 0xba, 0x4a, 0xbc, 0x0d, 0x5f, 0x46, 0xeb, 0xe8, 0xec, 0x43, 0x8c, 0x1e,
227 0xad, 0x19, 0x69, 0x2f, 0x08, 0x86, 0x7a, 0x3f, 0x7d, 0x0f, 0x07, 0x97,
228 0xf3, 0x9a, 0x7b, 0xb5, 0xb2, 0xc1, 0x8c, 0x95, 0x68, 0x04, 0xa0, 0x81,
229 0x02, 0x81, 0x80, 0x4e, 0xbf, 0x7e, 0x1b, 0xcb, 0x13, 0x61, 0x75, 0x3b,
230 0xdb, 0x59, 0x5f, 0xb1, 0xd4, 0xb8, 0xeb, 0x9e, 0x73, 0xb5, 0xe7, 0xf6,
231 0x89, 0x3d, 0x1c, 0xda, 0xf0, 0x36, 0xff, 0x35, 0xbd, 0x1e, 0x0b, 0x74,
232 0xe3, 0x9e, 0xf0, 0xf2, 0xf7, 0xd7, 0x82, 0xb7, 0x7b, 0x6a, 0x1b, 0x0e,
233 0x30, 0x4a, 0x98, 0x0e, 0xb4, 0xf9, 0x81, 0x07, 0xe4, 0x75, 0x39, 0xe9,
234 0x53, 0xca, 0xbb, 0x5c, 0xaa, 0x93, 0x07, 0x0e, 0xa8, 0x2f, 0xba, 0x98,
235 0x49, 0x30, 0xa7, 0xcc, 0x1a, 0x3c, 0x68, 0x0c, 0xe1, 0xa4, 0xb1, 0x05,
236 0xe6, 0xe0, 0x25, 0x78, 0x58, 0x14, 0x37, 0xf5, 0x1f, 0xe3, 0x22, 0xef,
237 0xa8, 0x0e, 0x22, 0xa0, 0x94, 0x3a, 0xf6, 0xc9, 0x13, 0xe6, 0x06, 0xbf,
238 0x7f, 0x99, 0xc6, 0xcc, 0xd8, 0xc6, 0xbe, 0xd9, 0x2e, 0x24, 0xc7, 0x69,
239 0x8c, 0x95, 0xba, 0xf6, 0x04, 0xb3, 0x0a, 0xf4, 0xcb, 0xf0, 0xce,
242 static const unsigned char kMsg[] = { 1, 2, 3, 4 };
244 static const unsigned char kSignature[] = {
245 0xa5, 0xf0, 0x8a, 0x47, 0x5d, 0x3c, 0xb3, 0xcc, 0xa9, 0x79, 0xaf, 0x4d,
246 0x8c, 0xae, 0x4c, 0x14, 0xef, 0xc2, 0x0b, 0x34, 0x36, 0xde, 0xf4, 0x3e,
247 0x3d, 0xbb, 0x4a, 0x60, 0x5c, 0xc8, 0x91, 0x28, 0xda, 0xfb, 0x7e, 0x04,
248 0x96, 0x7e, 0x63, 0x13, 0x90, 0xce, 0xb9, 0xb4, 0x62, 0x7a, 0xfd, 0x09,
249 0x3d, 0xc7, 0x67, 0x78, 0x54, 0x04, 0xeb, 0x52, 0x62, 0x6e, 0x24, 0x67,
250 0xb4, 0x40, 0xfc, 0x57, 0x62, 0xc6, 0xf1, 0x67, 0xc1, 0x97, 0x8f, 0x6a,
251 0xa8, 0xae, 0x44, 0x46, 0x5e, 0xab, 0x67, 0x17, 0x53, 0x19, 0x3a, 0xda,
252 0x5a, 0xc8, 0x16, 0x3e, 0x86, 0xd5, 0xc5, 0x71, 0x2f, 0xfc, 0x23, 0x48,
253 0xd9, 0x0b, 0x13, 0xdd, 0x7b, 0x5a, 0x25, 0x79, 0xef, 0xa5, 0x7b, 0x04,
254 0xed, 0x44, 0xf6, 0x18, 0x55, 0xe4, 0x0a, 0xe9, 0x57, 0x79, 0x5d, 0xd7,
255 0x55, 0xa7, 0xab, 0x45, 0x02, 0x97, 0x60, 0x42,
259 * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS #8
262 static const unsigned char kExampleRSAKeyPKCS8[] = {
263 0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
264 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
265 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
266 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5,
267 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e,
268 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34,
269 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde,
270 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8,
271 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b,
272 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83,
273 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48,
274 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a,
275 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2,
276 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01,
277 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a,
278 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5,
279 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6,
280 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8,
281 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6,
282 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f,
283 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c,
284 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78,
285 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71,
286 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60,
287 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d,
288 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3,
289 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d,
290 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18,
291 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d,
292 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32,
293 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc,
294 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63,
295 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05,
296 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16,
297 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3,
298 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85,
299 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97,
300 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7,
301 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99,
302 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4,
303 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d,
304 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40,
305 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26,
306 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1,
307 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c,
308 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30,
309 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea,
310 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b,
311 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e,
312 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9,
313 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae,
314 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d,
315 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
318 #ifndef OPENSSL_NO_EC
320 * kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey
323 static const unsigned char kExampleECKeyDER[] = {
324 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x07, 0x0f, 0x08, 0x72, 0x7a,
325 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 0x4d, 0x89, 0x68, 0x77, 0x08,
326 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 0xe8, 0xd1, 0xc9, 0xce, 0x0a,
327 0x8b, 0xb4, 0x6a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
328 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69,
329 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c,
330 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9,
331 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18,
332 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16,
333 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22,
338 * kExampleBadECKeyDER is a sample EC private key encoded as an ECPrivateKey
339 * structure. The private key is equal to the order and will fail to import
341 static const unsigned char kExampleBadECKeyDER[] = {
342 0x30, 0x66, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48,
343 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03,
344 0x01, 0x07, 0x04, 0x4C, 0x30, 0x4A, 0x02, 0x01, 0x01, 0x04, 0x20, 0xFF,
345 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
346 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3,
347 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51, 0xA1, 0x23, 0x03, 0x21, 0x00,
348 0x00, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
349 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84,
350 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51
354 static const unsigned char kExampleECPubKeyDER[] = {
355 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
356 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
357 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
358 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
359 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
360 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
361 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
362 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
366 * kExampleBadECPubKeyDER is a sample EC public key with a wrong OID
367 * 1.2.840.10045.2.2 instead of 1.2.840.10045.2.1 - EC Public Key
369 static const unsigned char kExampleBadECPubKeyDER[] = {
370 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
371 0x02, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
372 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
373 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
374 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
375 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
376 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
377 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
380 static const unsigned char pExampleECParamDER[] = {
381 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07
385 typedef struct APK_DATA_st {
386 const unsigned char *kder;
393 int type; /* 0 for private, 1 for public, 2 for params */
396 static APK_DATA keydata[] = {
397 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA},
398 {kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), "RSA", EVP_PKEY_RSA},
399 #ifndef OPENSSL_NO_EC
400 {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC}
404 static APK_DATA keycheckdata[] = {
405 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA, 1, 1, 1, 0},
406 {kExampleBadRSAKeyDER, sizeof(kExampleBadRSAKeyDER), "RSA", EVP_PKEY_RSA,
408 #ifndef OPENSSL_NO_EC
409 {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC, 1, 1, 1, 0},
410 /* group is also associated in our pub key */
411 {kExampleECPubKeyDER, sizeof(kExampleECPubKeyDER), "EC", EVP_PKEY_EC, 0, 1, 1, 1},
412 {pExampleECParamDER, sizeof(pExampleECParamDER), "EC", EVP_PKEY_EC, 0, 0, 1, 2}
416 static EVP_PKEY *load_example_key(const char *keytype,
417 const unsigned char *data, size_t data_len)
419 const unsigned char **pdata = &data;
420 EVP_PKEY *pkey = NULL;
421 OSSL_DECODER_CTX *dctx =
422 OSSL_DECODER_CTX_new_for_pkey(&pkey, "DER", NULL, keytype, 0,
425 /* |pkey| will be NULL on error */
426 (void)OSSL_DECODER_from_data(dctx, pdata, &data_len);
427 OSSL_DECODER_CTX_free(dctx);
431 static EVP_PKEY *load_example_rsa_key(void)
433 return load_example_key("RSA", kExampleRSAKeyDER,
434 sizeof(kExampleRSAKeyDER));
437 #ifndef OPENSSL_NO_DSA
438 static EVP_PKEY *load_example_dsa_key(void)
440 return load_example_key("DSA", kExampleDSAKeyDER,
441 sizeof(kExampleDSAKeyDER));
445 static EVP_PKEY *load_example_hmac_key(void)
447 EVP_PKEY *pkey = NULL;
448 unsigned char key[] = {
449 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
450 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
451 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
454 pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, NULL, key, sizeof(key));
461 static int test_EVP_set_default_properties(void)
467 if (!TEST_ptr(ctx = OSSL_LIB_CTX_new())
468 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
473 if (!TEST_true(EVP_set_default_properties(ctx, "provider=fizzbang"))
474 || !TEST_ptr_null(md = EVP_MD_fetch(ctx, "sha256", NULL))
475 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", "-provider")))
480 if (!TEST_true(EVP_set_default_properties(ctx, NULL))
481 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
486 OSSL_LIB_CTX_free(ctx);
490 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC)
491 static int test_fromdata(char *keytype, OSSL_PARAM *params)
493 EVP_PKEY_CTX *pctx = NULL;
494 EVP_PKEY *pkey = NULL;
497 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, keytype, NULL)))
499 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
500 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
510 EVP_PKEY_CTX_free(pctx);
514 #endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA || !OPENSSL_NO_EC */
517 * Test combinations of private, public, missing and private + public key
518 * params to ensure they are all accepted
520 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA)
521 static int test_EVP_PKEY_ffc_priv_pub(char *keytype)
523 OSSL_PARAM_BLD *bld = NULL;
524 OSSL_PARAM *params = NULL;
525 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
529 * Setup the parameters for our pkey object. For our purposes they don't
530 * have to actually be *valid* parameters. We just need to set something.
532 if (!TEST_ptr(p = BN_new())
533 || !TEST_ptr(q = BN_new())
534 || !TEST_ptr(g = BN_new())
535 || !TEST_ptr(pub = BN_new())
536 || !TEST_ptr(priv = BN_new()))
539 /* Test !priv and !pub */
540 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
541 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
542 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
543 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g)))
545 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
548 if (!test_fromdata(keytype, params))
550 OSSL_PARAM_BLD_free_params(params);
551 OSSL_PARAM_BLD_free(bld);
553 /* Test priv and !pub */
554 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
555 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
556 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
557 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
558 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
561 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
564 if (!test_fromdata(keytype, params))
566 OSSL_PARAM_BLD_free_params(params);
567 OSSL_PARAM_BLD_free(bld);
569 /* Test !priv and pub */
570 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
571 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
572 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
573 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
574 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
577 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
580 if (!test_fromdata(keytype, params))
582 OSSL_PARAM_BLD_free_params(params);
583 OSSL_PARAM_BLD_free(bld);
585 /* Test priv and pub */
586 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
587 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
588 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
589 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
590 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
592 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
595 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
598 if (!test_fromdata(keytype, params))
603 OSSL_PARAM_BLD_free_params(params);
604 OSSL_PARAM_BLD_free(bld);
613 #endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA */
616 * Test combinations of private, public, missing and private + public key
617 * params to ensure they are all accepted for EC keys
619 #ifndef OPENSSL_NO_EC
620 static unsigned char ec_priv[] = {
621 0xe9, 0x25, 0xf7, 0x66, 0x58, 0xa4, 0xdd, 0x99, 0x61, 0xe7, 0xe8, 0x23,
622 0x85, 0xc2, 0xe8, 0x33, 0x27, 0xc5, 0x5c, 0xeb, 0xdb, 0x43, 0x9f, 0xd5,
623 0xf2, 0x5a, 0x75, 0x55, 0xd0, 0x2e, 0x6d, 0x16
625 static unsigned char ec_pub[] = {
626 0x04, 0xad, 0x11, 0x90, 0x77, 0x4b, 0x46, 0xee, 0x72, 0x51, 0x15, 0x97,
627 0x4a, 0x6a, 0xa7, 0xaf, 0x59, 0xfa, 0x4b, 0xf2, 0x41, 0xc8, 0x3a, 0x81,
628 0x23, 0xb6, 0x90, 0x04, 0x6c, 0x67, 0x66, 0xd0, 0xdc, 0xf2, 0x15, 0x1d,
629 0x41, 0x61, 0xb7, 0x95, 0x85, 0x38, 0x5a, 0x84, 0x56, 0xe8, 0xb3, 0x0e,
630 0xf5, 0xc6, 0x5d, 0xa4, 0x54, 0x26, 0xb0, 0xf7, 0xa5, 0x4a, 0x33, 0xf1,
631 0x08, 0x09, 0xb8, 0xdb, 0x03
634 static int test_EC_priv_pub(void)
636 OSSL_PARAM_BLD *bld = NULL;
637 OSSL_PARAM *params = NULL;
642 * Setup the parameters for our pkey object. For our purposes they don't
643 * have to actually be *valid* parameters. We just need to set something.
645 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
648 /* Test !priv and !pub */
649 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
650 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
651 OSSL_PKEY_PARAM_GROUP_NAME,
654 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
657 if (!test_fromdata("EC", params))
659 OSSL_PARAM_BLD_free_params(params);
660 OSSL_PARAM_BLD_free(bld);
662 /* Test priv and !pub */
663 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
664 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
665 OSSL_PKEY_PARAM_GROUP_NAME,
667 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
670 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
673 if (!test_fromdata("EC", params))
675 OSSL_PARAM_BLD_free_params(params);
676 OSSL_PARAM_BLD_free(bld);
678 /* Test !priv and pub */
679 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
680 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
681 OSSL_PKEY_PARAM_GROUP_NAME,
683 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
684 OSSL_PKEY_PARAM_PUB_KEY,
685 ec_pub, sizeof(ec_pub))))
687 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
690 if (!test_fromdata("EC", params))
692 OSSL_PARAM_BLD_free_params(params);
693 OSSL_PARAM_BLD_free(bld);
695 /* Test priv and pub */
696 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
697 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
698 OSSL_PKEY_PARAM_GROUP_NAME,
700 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
701 OSSL_PKEY_PARAM_PUB_KEY,
702 ec_pub, sizeof(ec_pub)))
703 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
704 OSSL_PKEY_PARAM_PUB_KEY,
705 ec_pub, sizeof(ec_pub))))
707 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
710 if (!test_fromdata("EC", params))
715 OSSL_PARAM_BLD_free_params(params);
716 OSSL_PARAM_BLD_free(bld);
722 /* Test that using a legacy EC key with only a private key in it works */
723 # ifndef OPENSSL_NO_DEPRECATED_3_0
724 static int test_EC_priv_only_legacy(void)
728 EC_KEY *eckey = NULL;
729 EVP_PKEY *pkey = NULL;
730 EVP_MD_CTX *ctx = NULL;
732 /* Create the low level EC_KEY */
733 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
736 eckey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
737 if (!TEST_ptr(eckey))
740 if (!TEST_true(EC_KEY_set_private_key(eckey, priv)))
743 pkey = EVP_PKEY_new();
747 if (!TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
751 ctx = EVP_MD_CTX_new();
756 * The EVP_DigestSignInit function should create the key on the provider
757 * side which is sufficient for this test.
759 if (!TEST_true(EVP_DigestSignInit(ctx, NULL, NULL, NULL, pkey)))
765 EVP_MD_CTX_free(ctx);
772 # endif /* OPENSSL_NO_DEPRECATED_3_0 */
773 #endif /* OPENSSL_NO_EC */
775 static int test_EVP_Enveloped(void)
778 EVP_CIPHER_CTX *ctx = NULL;
779 EVP_PKEY *keypair = NULL;
780 unsigned char *kek = NULL;
781 unsigned char iv[EVP_MAX_IV_LENGTH];
782 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8 };
783 int len, kek_len, ciphertext_len, plaintext_len;
784 unsigned char ciphertext[32], plaintext[16];
785 const EVP_CIPHER *type = EVP_aes_256_cbc();
787 if (!TEST_ptr(keypair = load_example_rsa_key())
788 || !TEST_ptr(kek = OPENSSL_zalloc(EVP_PKEY_size(keypair)))
789 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
790 || !TEST_true(EVP_SealInit(ctx, type, &kek, &kek_len, iv,
792 || !TEST_true(EVP_SealUpdate(ctx, ciphertext, &ciphertext_len,
794 || !TEST_true(EVP_SealFinal(ctx, ciphertext + ciphertext_len,
798 ciphertext_len += len;
800 if (!TEST_true(EVP_OpenInit(ctx, type, kek, kek_len, iv, keypair))
801 || !TEST_true(EVP_OpenUpdate(ctx, plaintext, &plaintext_len,
802 ciphertext, ciphertext_len))
803 || !TEST_true(EVP_OpenFinal(ctx, plaintext + plaintext_len, &len)))
806 plaintext_len += len;
807 if (!TEST_mem_eq(msg, sizeof(msg), plaintext, plaintext_len))
813 EVP_PKEY_free(keypair);
814 EVP_CIPHER_CTX_free(ctx);
819 * Test 0: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, RSA)
820 * Test 1: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, DSA)
821 * Test 2: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, HMAC)
822 * Test 3: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, RSA)
823 * Test 4: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, DSA)
824 * Test 5: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch diegst, HMAC)
825 * Test 6: Use an MD BIO to do the Update calls instead (RSA)
826 * Test 7: Use an MD BIO to do the Update calls instead (DSA)
827 * Test 8: Use an MD BIO to do the Update calls instead (HMAC)
829 static int test_EVP_DigestSignInit(int tst)
832 EVP_PKEY *pkey = NULL;
833 unsigned char *sig = NULL;
835 EVP_MD_CTX *md_ctx = NULL, *md_ctx_verify = NULL;
836 EVP_MD_CTX *a_md_ctx = NULL, *a_md_ctx_verify = NULL;
837 BIO *mdbio = NULL, *membio = NULL;
840 EVP_MD *mdexp = NULL;
843 membio = BIO_new(BIO_s_mem());
844 mdbio = BIO_new(BIO_f_md());
845 if (!TEST_ptr(membio) || !TEST_ptr(mdbio))
847 BIO_push(mdbio, membio);
848 if (!TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx), 0))
851 if (!TEST_ptr(a_md_ctx = md_ctx = EVP_MD_CTX_new())
852 || !TEST_ptr(a_md_ctx_verify = md_ctx_verify = EVP_MD_CTX_new()))
856 if (tst == 0 || tst == 3 || tst == 6) {
857 if (!TEST_ptr(pkey = load_example_rsa_key()))
859 } else if (tst == 1 || tst == 4 || tst == 7) {
860 #ifndef OPENSSL_NO_DSA
861 if (!TEST_ptr(pkey = load_example_dsa_key()))
868 if (!TEST_ptr(pkey = load_example_hmac_key()))
872 if (tst >= 3 && tst <= 5)
873 md = mdexp = EVP_MD_fetch(NULL, "SHA256", NULL);
877 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, md, NULL, pkey)))
881 if (!BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written))
884 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
888 /* Determine the size of the signature. */
889 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len))
890 || !TEST_ptr(sig = OPENSSL_malloc(sig_len))
891 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
895 if (!TEST_int_gt(BIO_reset(mdbio), 0)
896 || !TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx_verify), 0))
901 * Ensure that the signature round-trips (Verification isn't supported for
902 * HMAC via EVP_DigestVerify*)
904 if (tst != 2 && tst != 5 && tst != 8) {
905 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, md,
910 if (!TEST_true(BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written)))
913 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg,
917 if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)))
926 EVP_MD_CTX_free(a_md_ctx);
927 EVP_MD_CTX_free(a_md_ctx_verify);
935 static int test_EVP_DigestVerifyInit(void)
938 EVP_PKEY *pkey = NULL;
939 EVP_MD_CTX *md_ctx = NULL;
941 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new())
942 || !TEST_ptr(pkey = load_example_rsa_key()))
945 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, EVP_sha256(), NULL, pkey))
946 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)))
947 || !TEST_true(EVP_DigestVerifyFinal(md_ctx, kSignature,
948 sizeof(kSignature))))
953 EVP_MD_CTX_free(md_ctx);
959 * Test corner cases of EVP_DigestInit/Update/Final API call behavior.
961 static int test_EVP_Digest(void)
964 EVP_MD_CTX *md_ctx = NULL;
965 unsigned char md[EVP_MAX_MD_SIZE];
967 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
970 if (!TEST_true(EVP_DigestInit_ex(md_ctx, EVP_sha256(), NULL))
971 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
972 || !TEST_true(EVP_DigestFinal(md_ctx, md, NULL))
973 /* EVP_DigestFinal resets the EVP_MD_CTX. */
974 || !TEST_ptr_eq(EVP_MD_CTX_md(md_ctx), NULL))
977 if (!TEST_true(EVP_DigestInit_ex(md_ctx, EVP_sha256(), NULL))
978 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
979 || !TEST_true(EVP_DigestFinal_ex(md_ctx, md, NULL))
980 /* EVP_DigestFinal_ex does not reset the EVP_MD_CTX. */
981 || !TEST_ptr(EVP_MD_CTX_md(md_ctx))
983 * EVP_DigestInit_ex with NULL type should work on
984 * pre-initialized context.
986 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
989 if (!TEST_true(EVP_DigestInit_ex(md_ctx, EVP_shake256(), NULL))
990 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
991 || !TEST_true(EVP_DigestFinalXOF(md_ctx, md, sizeof(md)))
992 /* EVP_DigestFinalXOF does not reset the EVP_MD_CTX. */
993 || !TEST_ptr(EVP_MD_CTX_md(md_ctx))
994 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
999 EVP_MD_CTX_free(md_ctx);
1003 static int test_d2i_AutoPrivateKey(int i)
1006 const unsigned char *p;
1007 EVP_PKEY *pkey = NULL;
1008 const APK_DATA *ak = &keydata[i];
1009 const unsigned char *input = ak->kder;
1010 size_t input_len = ak->size;
1011 int expected_id = ak->evptype;
1014 if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len))
1015 || !TEST_ptr_eq(p, input + input_len)
1016 || !TEST_int_eq(EVP_PKEY_id(pkey), expected_id))
1022 EVP_PKEY_free(pkey);
1026 #ifndef OPENSSL_NO_EC
1028 static const unsigned char ec_public_sect163k1_validxy[] = {
1029 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1030 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1031 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1032 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x02, 0xd1, 0x7b,
1033 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1034 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
1037 static const unsigned char ec_public_sect163k1_badx[] = {
1038 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1039 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1040 0x0a, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1041 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0xb0, 0x02, 0xd1, 0x7b,
1042 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1043 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
1046 static const unsigned char ec_public_sect163k1_bady[] = {
1047 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1048 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1049 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1050 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x0a, 0xd1, 0x7b,
1051 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1052 0x6a, 0xd8, 0x17, 0x65, 0x41, 0xe6
1055 static struct ec_der_pub_keys_st {
1056 const unsigned char *der;
1059 } ec_der_pub_keys[] = {
1060 { ec_public_sect163k1_validxy, sizeof(ec_public_sect163k1_validxy), 1 },
1061 { ec_public_sect163k1_badx, sizeof(ec_public_sect163k1_badx), 0 },
1062 { ec_public_sect163k1_bady, sizeof(ec_public_sect163k1_bady), 0 },
1066 * Tests the range of the decoded EC char2 public point.
1067 * See ec_GF2m_simple_oct2point().
1069 static int test_invalide_ec_char2_pub_range_decode(int id)
1074 pkey = load_example_key("EC", ec_der_pub_keys[id].der,
1075 ec_der_pub_keys[id].len);
1077 ret = (ec_der_pub_keys[id].valid && TEST_ptr(pkey))
1078 || TEST_ptr_null(pkey);
1079 EVP_PKEY_free(pkey);
1083 /* Tests loading a bad key in PKCS8 format */
1084 static int test_EVP_PKCS82PKEY(void)
1087 const unsigned char *derp = kExampleBadECKeyDER;
1088 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
1089 EVP_PKEY *pkey = NULL;
1091 if (!TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &derp,
1092 sizeof(kExampleBadECKeyDER))))
1095 if (!TEST_ptr_eq(derp,
1096 kExampleBadECKeyDER + sizeof(kExampleBadECKeyDER)))
1099 if (!TEST_ptr_null(pkey = EVP_PKCS82PKEY(p8inf)))
1105 PKCS8_PRIV_KEY_INFO_free(p8inf);
1106 EVP_PKEY_free(pkey);
1112 /* This uses kExampleRSAKeyDER and kExampleRSAKeyPKCS8 to verify encoding */
1113 static int test_privatekey_to_pkcs8(void)
1115 EVP_PKEY *pkey = NULL;
1117 char *membuf = NULL;
1118 long membuf_len = 0;
1121 if (!TEST_ptr(membio = BIO_new(BIO_s_mem()))
1122 || !TEST_ptr(pkey = load_example_rsa_key())
1123 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL,
1124 NULL, 0, NULL, NULL),
1126 || !TEST_int_gt(membuf_len = BIO_get_mem_data(membio, &membuf), 0)
1127 || !TEST_ptr(membuf)
1128 || !TEST_mem_eq(membuf, (size_t)membuf_len,
1129 kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8))
1131 * We try to write PEM as well, just to see that it doesn't err, but
1132 * assume that the result is correct.
1134 || !TEST_int_gt(PEM_write_bio_PKCS8PrivateKey(membio, pkey, NULL,
1135 NULL, 0, NULL, NULL),
1141 EVP_PKEY_free(pkey);
1142 BIO_free_all(membio);
1146 #ifndef OPENSSL_NO_EC
1147 static const struct {
1149 const char *encoding_name;
1150 } ec_encodings[] = {
1151 { OPENSSL_EC_EXPLICIT_CURVE, OSSL_PKEY_EC_ENCODING_EXPLICIT },
1152 { OPENSSL_EC_NAMED_CURVE, OSSL_PKEY_EC_ENCODING_GROUP }
1155 static int ec_export_get_encoding_cb(const OSSL_PARAM params[], void *arg)
1157 const OSSL_PARAM *p;
1158 const char *enc_name = NULL;
1164 if (!TEST_ptr(p = OSSL_PARAM_locate_const(params,
1165 OSSL_PKEY_PARAM_EC_ENCODING))
1166 || !TEST_true(OSSL_PARAM_get_utf8_string_ptr(p, &enc_name)))
1169 for (i = 0; i < OSSL_NELEM(ec_encodings); i++) {
1170 if (strcasecmp(enc_name, ec_encodings[i].encoding_name) == 0) {
1171 *enc = ec_encodings[i].encoding;
1176 return (*enc != -1);
1179 static int test_EC_keygen_with_enc(int idx)
1181 EVP_PKEY *params = NULL, *key = NULL;
1182 EVP_PKEY_CTX *pctx = NULL, *kctx = NULL;
1186 enc = ec_encodings[idx].encoding;
1188 /* Create key parameters */
1189 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "EC", NULL))
1190 || !TEST_true(EVP_PKEY_paramgen_init(pctx))
1191 || !TEST_true(EVP_PKEY_CTX_set_group_name(pctx, "P-256"))
1192 || !TEST_true(EVP_PKEY_CTX_set_ec_param_enc(pctx, enc))
1193 || !TEST_true(EVP_PKEY_paramgen(pctx, ¶ms))
1194 || !TEST_ptr(params))
1198 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx, params, NULL))
1199 || !TEST_true(EVP_PKEY_keygen_init(kctx))
1200 || !TEST_true(EVP_PKEY_keygen(kctx, &key))
1204 /* Check that the encoding got all the way into the key */
1205 if (!TEST_true(evp_keymgmt_util_export(key, OSSL_KEYMGMT_SELECT_ALL,
1206 ec_export_get_encoding_cb, &enc))
1207 || !TEST_int_eq(enc, ec_encodings[idx].encoding))
1213 EVP_PKEY_free(params);
1214 EVP_PKEY_CTX_free(kctx);
1215 EVP_PKEY_CTX_free(pctx);
1220 #if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
1222 static int test_EVP_SM2_verify(void)
1224 const char *pubkey =
1225 "-----BEGIN PUBLIC KEY-----\n"
1226 "MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEp1KLWq1ZE2jmoAnnBJE1LBGxVr18\n"
1227 "YvvqECWCpXfAQ9qUJ+UmthnUPf0iM3SaXKHe6PlLIDyNlWMWb9RUh/yU3g==\n"
1228 "-----END PUBLIC KEY-----\n";
1230 const char *msg = "message digest";
1231 const char *id = "ALICE123@YAHOO.COM";
1233 const uint8_t signature[] = {
1234 0x30, 0x44, 0x02, 0x20, 0x5b, 0xdb, 0xab, 0x81, 0x4f, 0xbb,
1235 0x8b, 0x69, 0xb1, 0x05, 0x9c, 0x99, 0x3b, 0xb2, 0x45, 0x06,
1236 0x4a, 0x30, 0x15, 0x59, 0x84, 0xcd, 0xee, 0x30, 0x60, 0x36,
1237 0x57, 0x87, 0xef, 0x5c, 0xd0, 0xbe, 0x02, 0x20, 0x43, 0x8d,
1238 0x1f, 0xc7, 0x77, 0x72, 0x39, 0xbb, 0x72, 0xe1, 0xfd, 0x07,
1239 0x58, 0xd5, 0x82, 0xc8, 0x2d, 0xba, 0x3b, 0x2c, 0x46, 0x24,
1240 0xe3, 0x50, 0xff, 0x04, 0xc7, 0xa0, 0x71, 0x9f, 0xa4, 0x70
1245 EVP_PKEY *pkey = NULL;
1246 EVP_MD_CTX *mctx = NULL;
1247 EVP_PKEY_CTX *pctx = NULL;
1249 bio = BIO_new_mem_buf(pubkey, strlen(pubkey));
1250 if (!TEST_true(bio != NULL))
1253 pkey = PEM_read_bio_PUBKEY(bio, NULL, NULL, NULL);
1254 if (!TEST_true(pkey != NULL))
1257 if (!TEST_true(EVP_PKEY_is_a(pkey, "SM2")))
1260 if (!TEST_ptr(mctx = EVP_MD_CTX_new()))
1263 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new(pkey, NULL)))
1266 EVP_MD_CTX_set_pkey_ctx(mctx, pctx);
1268 if (!TEST_true(EVP_DigestVerifyInit(mctx, NULL, EVP_sm3(), NULL, pkey)))
1271 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(pctx, id, strlen(id)), 0))
1274 if (!TEST_true(EVP_DigestVerifyUpdate(mctx, msg, strlen(msg))))
1277 if (!TEST_true(EVP_DigestVerifyFinal(mctx, signature, sizeof(signature))))
1283 EVP_PKEY_free(pkey);
1284 EVP_PKEY_CTX_free(pctx);
1285 EVP_MD_CTX_free(mctx);
1289 static int test_EVP_SM2(void)
1292 EVP_PKEY *pkey = NULL;
1293 EVP_PKEY *pkeyparams = NULL;
1294 EVP_PKEY_CTX *pctx = NULL;
1295 EVP_PKEY_CTX *kctx = NULL;
1296 EVP_PKEY_CTX *sctx = NULL;
1298 unsigned char *sig = NULL;
1299 EVP_MD_CTX *md_ctx = NULL;
1300 EVP_MD_CTX *md_ctx_verify = NULL;
1301 EVP_PKEY_CTX *cctx = NULL;
1303 uint8_t ciphertext[128];
1304 size_t ctext_len = sizeof(ciphertext);
1306 uint8_t plaintext[8];
1307 size_t ptext_len = sizeof(plaintext);
1309 uint8_t sm2_id[] = {1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r'};
1311 OSSL_PARAM sparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
1312 OSSL_PARAM gparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
1316 pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_SM2, NULL);
1317 if (!TEST_ptr(pctx))
1320 if (!TEST_true(EVP_PKEY_paramgen_init(pctx) == 1))
1323 /* TODO is this even needed? */
1324 if (!TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, NID_sm2)))
1327 if (!TEST_true(EVP_PKEY_paramgen(pctx, &pkeyparams)))
1330 kctx = EVP_PKEY_CTX_new(pkeyparams, NULL);
1331 if (!TEST_ptr(kctx))
1334 if (!TEST_true(EVP_PKEY_keygen_init(kctx)))
1337 if (!TEST_true(EVP_PKEY_keygen(kctx, &pkey)))
1340 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1343 if (!TEST_ptr(md_ctx_verify = EVP_MD_CTX_new()))
1346 if (!TEST_ptr(sctx = EVP_PKEY_CTX_new(pkey, NULL)))
1349 EVP_MD_CTX_set_pkey_ctx(md_ctx, sctx);
1350 EVP_MD_CTX_set_pkey_ctx(md_ctx_verify, sctx);
1352 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, EVP_sm3(), NULL, pkey)))
1355 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
1358 if(!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
1361 /* Determine the size of the signature. */
1362 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len)))
1365 if (!TEST_ptr(sig = OPENSSL_malloc(sig_len)))
1368 if (!TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
1371 /* Ensure that the signature round-trips. */
1373 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, EVP_sm3(), NULL, pkey)))
1376 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
1379 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg))))
1382 if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)))
1385 /* now check encryption/decryption */
1387 gparams[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
1388 mdname, sizeof(mdname));
1389 for (i = 0; i < 2; i++) {
1390 EVP_PKEY_CTX_free(cctx);
1392 sparams[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
1393 i == 0 ? "SM3" : "SHA2-256",
1396 if (!TEST_ptr(cctx = EVP_PKEY_CTX_new(pkey, NULL)))
1399 if (!TEST_true(EVP_PKEY_encrypt_init(cctx)))
1402 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
1405 if (!TEST_true(EVP_PKEY_encrypt(cctx, ciphertext, &ctext_len, kMsg,
1409 if (!TEST_true(EVP_PKEY_decrypt_init(cctx)))
1412 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
1415 if (!TEST_true(EVP_PKEY_decrypt(cctx, plaintext, &ptext_len, ciphertext,
1419 if (!TEST_true(EVP_PKEY_CTX_get_params(cctx, gparams)))
1422 /* Test we're still using the digest we think we are */
1423 if (i == 0 && !TEST_int_eq(strcmp(mdname, "SM3"), 0))
1425 if (i == 1 && !TEST_int_eq(strcmp(mdname, "SHA2-256"), 0))
1428 if (!TEST_true(ptext_len == sizeof(kMsg)))
1431 if (!TEST_true(memcmp(plaintext, kMsg, sizeof(kMsg)) == 0))
1437 EVP_PKEY_CTX_free(pctx);
1438 EVP_PKEY_CTX_free(kctx);
1439 EVP_PKEY_CTX_free(sctx);
1440 EVP_PKEY_CTX_free(cctx);
1441 EVP_PKEY_free(pkey);
1442 EVP_PKEY_free(pkeyparams);
1443 EVP_MD_CTX_free(md_ctx);
1444 EVP_MD_CTX_free(md_ctx_verify);
1451 static struct keys_st {
1457 EVP_PKEY_HMAC, "0123456789", NULL
1459 EVP_PKEY_POLY1305, "01234567890123456789012345678901", NULL
1461 EVP_PKEY_SIPHASH, "0123456789012345", NULL
1463 #ifndef OPENSSL_NO_EC
1465 EVP_PKEY_X25519, "01234567890123456789012345678901",
1466 "abcdefghijklmnopqrstuvwxyzabcdef"
1468 EVP_PKEY_ED25519, "01234567890123456789012345678901",
1469 "abcdefghijklmnopqrstuvwxyzabcdef"
1472 "01234567890123456789012345678901234567890123456789012345",
1473 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd"
1476 "012345678901234567890123456789012345678901234567890123456",
1477 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcde"
1482 static int test_set_get_raw_keys_int(int tst, int pub, int uselibctx)
1485 unsigned char buf[80];
1487 size_t inlen, len = 0;
1490 /* Check if this algorithm supports public keys */
1491 if (keys[tst].pub == NULL)
1494 memset(buf, 0, sizeof(buf));
1497 inlen = strlen(keys[tst].pub);
1498 in = (unsigned char *)keys[tst].pub;
1500 pkey = EVP_PKEY_new_raw_public_key_ex(
1502 OBJ_nid2sn(keys[tst].type),
1507 pkey = EVP_PKEY_new_raw_public_key(keys[tst].type,
1513 inlen = strlen(keys[tst].priv);
1514 in = (unsigned char *)keys[tst].priv;
1516 pkey = EVP_PKEY_new_raw_private_key_ex(
1517 testctx, OBJ_nid2sn(keys[tst].type),
1522 pkey = EVP_PKEY_new_raw_private_key(keys[tst].type,
1530 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, NULL, &len)))
1531 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, NULL, &len)))
1532 || !TEST_true(len == inlen)
1533 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, buf, &len)))
1534 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, buf, &len)))
1535 || !TEST_mem_eq(in, inlen, buf, len))
1540 EVP_PKEY_free(pkey);
1544 static int test_set_get_raw_keys(int tst)
1546 return test_set_get_raw_keys_int(tst, 0, 0)
1547 && test_set_get_raw_keys_int(tst, 0, 1)
1548 && test_set_get_raw_keys_int(tst, 1, 0)
1549 && test_set_get_raw_keys_int(tst, 1, 1);
1552 #ifndef OPENSSL_NO_DEPRECATED_3_0
1553 static int pkey_custom_check(EVP_PKEY *pkey)
1558 static int pkey_custom_pub_check(EVP_PKEY *pkey)
1563 static int pkey_custom_param_check(EVP_PKEY *pkey)
1568 static EVP_PKEY_METHOD *custom_pmeth;
1571 static int test_EVP_PKEY_check(int i)
1574 EVP_PKEY *pkey = NULL;
1575 EVP_PKEY_CTX *ctx = NULL;
1576 #ifndef OPENSSL_NO_DEPRECATED_3_0
1577 EVP_PKEY_CTX *ctx2 = NULL;
1579 const APK_DATA *ak = &keycheckdata[i];
1580 const unsigned char *input = ak->kder;
1581 size_t input_len = ak->size;
1582 int expected_id = ak->evptype;
1583 int expected_check = ak->check;
1584 int expected_pub_check = ak->pub_check;
1585 int expected_param_check = ak->param_check;
1586 int type = ak->type;
1588 if (!TEST_ptr(pkey = load_example_key(ak->keytype, input, input_len)))
1591 && !TEST_int_eq(EVP_PKEY_id(pkey), expected_id))
1594 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new(pkey, NULL)))
1597 if (!TEST_int_eq(EVP_PKEY_check(ctx), expected_check))
1600 if (!TEST_int_eq(EVP_PKEY_public_check(ctx), expected_pub_check))
1603 if (!TEST_int_eq(EVP_PKEY_param_check(ctx), expected_param_check))
1606 #ifndef OPENSSL_NO_DEPRECATED_3_0
1607 ctx2 = EVP_PKEY_CTX_new_id(0xdefaced, NULL);
1608 /* assign the pkey directly, as an internal test */
1609 EVP_PKEY_up_ref(pkey);
1612 if (!TEST_int_eq(EVP_PKEY_check(ctx2), 0xbeef))
1615 if (!TEST_int_eq(EVP_PKEY_public_check(ctx2), 0xbeef))
1618 if (!TEST_int_eq(EVP_PKEY_param_check(ctx2), 0xbeef))
1625 EVP_PKEY_CTX_free(ctx);
1626 #ifndef OPENSSL_NO_DEPRECATED_3_0
1627 EVP_PKEY_CTX_free(ctx2);
1629 EVP_PKEY_free(pkey);
1633 #ifndef OPENSSL_NO_CMAC
1634 static int get_cmac_val(EVP_PKEY *pkey, unsigned char *mac)
1636 EVP_MD_CTX *mdctx = EVP_MD_CTX_new();
1637 const char msg[] = "Hello World";
1641 if (!TEST_ptr(mdctx)
1642 || !TEST_true(EVP_DigestSignInit(mdctx, NULL, NULL, NULL, pkey))
1643 || !TEST_true(EVP_DigestSignUpdate(mdctx, msg, sizeof(msg)))
1644 || !TEST_true(EVP_DigestSignFinal(mdctx, mac, &maclen))
1645 || !TEST_size_t_eq(maclen, AES_BLOCK_SIZE))
1648 EVP_MD_CTX_free(mdctx);
1652 static int test_CMAC_keygen(void)
1654 static unsigned char key[] = {
1655 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
1656 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
1657 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
1660 * This is a legacy method for CMACs, but should still work.
1661 * This verifies that it works without an ENGINE.
1663 EVP_PKEY_CTX *kctx = EVP_PKEY_CTX_new_id(EVP_PKEY_CMAC, NULL);
1665 EVP_PKEY *pkey = NULL;
1666 unsigned char mac[AES_BLOCK_SIZE];
1667 # if !defined(OPENSSL_NO_DEPRECATED_3_0)
1668 unsigned char mac2[AES_BLOCK_SIZE];
1671 /* Test a CMAC key created using the "generated" method */
1672 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0)
1673 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
1674 EVP_PKEY_CTRL_CIPHER,
1675 0, (void *)EVP_aes_256_ecb()), 0)
1676 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
1677 EVP_PKEY_CTRL_SET_MAC_KEY,
1678 sizeof(key), (void *)key), 0)
1679 || !TEST_int_gt(EVP_PKEY_keygen(kctx, &pkey), 0)
1681 || !TEST_true(get_cmac_val(pkey, mac)))
1684 # if !defined(OPENSSL_NO_DEPRECATED_3_0)
1685 EVP_PKEY_free(pkey);
1688 * Test a CMAC key using the direct method, and compare with the mac
1691 pkey = EVP_PKEY_new_CMAC_key(NULL, key, sizeof(key), EVP_aes_256_ecb());
1693 || !TEST_true(get_cmac_val(pkey, mac2))
1694 || !TEST_mem_eq(mac, sizeof(mac), mac2, sizeof(mac2)))
1701 EVP_PKEY_free(pkey);
1702 EVP_PKEY_CTX_free(kctx);
1707 static int test_HKDF(void)
1710 unsigned char out[20];
1713 unsigned char salt[] = "0123456789";
1714 unsigned char key[] = "012345678901234567890123456789";
1715 unsigned char info[] = "infostring";
1716 const unsigned char expected[] = {
1717 0xe5, 0x07, 0x70, 0x7f, 0xc6, 0x78, 0xd6, 0x54, 0x32, 0x5f, 0x7e, 0xc5,
1718 0x7b, 0x59, 0x3e, 0xd8, 0x03, 0x6b, 0xed, 0xca
1720 size_t expectedlen = sizeof(expected);
1722 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL)))
1725 /* We do this twice to test reuse of the EVP_PKEY_CTX */
1726 for (i = 0; i < 2; i++) {
1727 outlen = sizeof(out);
1728 memset(out, 0, outlen);
1730 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
1731 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
1732 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
1733 sizeof(salt) - 1), 0)
1734 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
1735 sizeof(key) - 1), 0)
1736 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
1737 sizeof(info) - 1), 0)
1738 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
1739 || !TEST_mem_eq(out, outlen, expected, expectedlen))
1746 EVP_PKEY_CTX_free(pctx);
1751 static int test_emptyikm_HKDF(void)
1754 unsigned char out[20];
1757 unsigned char salt[] = "9876543210";
1758 unsigned char key[] = "";
1759 unsigned char info[] = "stringinfo";
1760 const unsigned char expected[] = {
1761 0x68, 0x81, 0xa5, 0x3e, 0x5b, 0x9c, 0x7b, 0x6f, 0x2e, 0xec, 0xc8, 0x47,
1762 0x7c, 0xfa, 0x47, 0x35, 0x66, 0x82, 0x15, 0x30
1764 size_t expectedlen = sizeof(expected);
1766 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL)))
1769 outlen = sizeof(out);
1770 memset(out, 0, outlen);
1772 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
1773 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
1774 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
1775 sizeof(salt) - 1), 0)
1776 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
1777 sizeof(key) - 1), 0)
1778 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
1779 sizeof(info) - 1), 0)
1780 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
1781 || !TEST_mem_eq(out, outlen, expected, expectedlen))
1787 EVP_PKEY_CTX_free(pctx);
1792 #ifndef OPENSSL_NO_EC
1793 static int test_X509_PUBKEY_inplace(void)
1796 X509_PUBKEY *xp = NULL;
1797 const unsigned char *p = kExampleECPubKeyDER;
1798 size_t input_len = sizeof(kExampleECPubKeyDER);
1800 if (!TEST_ptr(xp = d2i_X509_PUBKEY(NULL, &p, input_len)))
1803 if (!TEST_ptr(X509_PUBKEY_get0(xp)))
1806 p = kExampleBadECPubKeyDER;
1807 input_len = sizeof(kExampleBadECPubKeyDER);
1809 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len)))
1812 if (!TEST_true(X509_PUBKEY_get0(xp) == NULL))
1818 X509_PUBKEY_free(xp);
1821 #endif /* OPENSSL_NO_EC */
1823 /* Test getting and setting parameters on an EVP_PKEY_CTX */
1824 static int test_EVP_PKEY_CTX_get_set_params(EVP_PKEY *pkey)
1826 EVP_MD_CTX *mdctx = NULL;
1827 EVP_PKEY_CTX *ctx = NULL;
1828 const OSSL_PARAM *params;
1829 OSSL_PARAM ourparams[2], *param = ourparams, *param_md;
1832 char mdname[OSSL_MAX_NAME_SIZE];
1835 /* Initialise a sign operation */
1836 ctx = EVP_PKEY_CTX_new(pkey, NULL);
1838 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0))
1842 * We should be able to query the parameters now.
1844 params = EVP_PKEY_CTX_settable_params(ctx);
1845 if (!TEST_ptr(params)
1846 || !TEST_ptr(OSSL_PARAM_locate_const(params,
1847 OSSL_SIGNATURE_PARAM_DIGEST)))
1850 params = EVP_PKEY_CTX_gettable_params(ctx);
1851 if (!TEST_ptr(params)
1852 || !TEST_ptr(OSSL_PARAM_locate_const(params,
1853 OSSL_SIGNATURE_PARAM_ALGORITHM_ID))
1854 || !TEST_ptr(OSSL_PARAM_locate_const(params,
1855 OSSL_SIGNATURE_PARAM_DIGEST)))
1859 * Test getting and setting params via EVP_PKEY_CTX_set_params() and
1860 * EVP_PKEY_CTX_get_params()
1862 strcpy(mdname, "SHA512");
1864 *param++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
1866 *param++ = OSSL_PARAM_construct_end();
1868 if (!TEST_true(EVP_PKEY_CTX_set_params(ctx, ourparams)))
1872 *param_md = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
1873 mdname, sizeof(mdname));
1874 if (!TEST_true(EVP_PKEY_CTX_get_params(ctx, ourparams))
1875 || !TEST_str_eq(mdname, "SHA512"))
1879 * Test the TEST_PKEY_CTX_set_signature_md() and
1880 * TEST_PKEY_CTX_get_signature_md() functions
1882 if (!TEST_int_gt(EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()), 0)
1883 || !TEST_int_gt(EVP_PKEY_CTX_get_signature_md(ctx, &md), 0)
1884 || !TEST_ptr_eq(md, EVP_sha256()))
1888 * Test getting MD parameters via an associated EVP_PKEY_CTX
1890 mdctx = EVP_MD_CTX_new();
1891 if (!TEST_ptr(mdctx)
1892 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, "SHA1", NULL, NULL,
1897 * We now have an EVP_MD_CTX with an EVP_PKEY_CTX inside it. We should be
1898 * able to obtain the digest's settable parameters from the provider.
1900 params = EVP_MD_CTX_settable_params(mdctx);
1901 if (!TEST_ptr(params)
1902 || !TEST_int_eq(strcmp(params[0].key, OSSL_DIGEST_PARAM_SSL3_MS), 0)
1903 /* The final key should be NULL */
1904 || !TEST_ptr_null(params[1].key))
1908 memset(ssl3ms, 0, sizeof(ssl3ms));
1909 *param++ = OSSL_PARAM_construct_octet_string(OSSL_DIGEST_PARAM_SSL3_MS,
1910 ssl3ms, sizeof(ssl3ms));
1911 *param++ = OSSL_PARAM_construct_end();
1913 if (!TEST_true(EVP_MD_CTX_set_params(mdctx, ourparams)))
1919 EVP_MD_CTX_free(mdctx);
1920 EVP_PKEY_CTX_free(ctx);
1925 #ifndef OPENSSL_NO_DSA
1926 static int test_DSA_get_set_params(void)
1928 OSSL_PARAM_BLD *bld = NULL;
1929 OSSL_PARAM *params = NULL;
1930 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
1931 EVP_PKEY_CTX *pctx = NULL;
1932 EVP_PKEY *pkey = NULL;
1936 * Setup the parameters for our DSA object. For our purposes they don't
1937 * have to actually be *valid* parameters. We just need to set something.
1939 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "DSA", NULL))
1940 || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
1941 || !TEST_ptr(p = BN_new())
1942 || !TEST_ptr(q = BN_new())
1943 || !TEST_ptr(g = BN_new())
1944 || !TEST_ptr(pub = BN_new())
1945 || !TEST_ptr(priv = BN_new()))
1947 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
1948 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
1949 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
1950 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
1952 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
1955 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
1958 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
1959 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
1963 if (!TEST_ptr(pkey))
1966 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
1969 EVP_PKEY_free(pkey);
1970 EVP_PKEY_CTX_free(pctx);
1971 OSSL_PARAM_BLD_free_params(params);
1972 OSSL_PARAM_BLD_free(bld);
1983 * Test combinations of private, public, missing and private + public key
1984 * params to ensure they are all accepted
1986 static int test_DSA_priv_pub(void)
1988 return test_EVP_PKEY_ffc_priv_pub("DSA");
1991 #endif /* !OPENSSL_NO_DSA */
1993 static int test_RSA_get_set_params(void)
1995 OSSL_PARAM_BLD *bld = NULL;
1996 OSSL_PARAM *params = NULL;
1997 BIGNUM *n = NULL, *e = NULL, *d = NULL;
1998 EVP_PKEY_CTX *pctx = NULL;
1999 EVP_PKEY *pkey = NULL;
2003 * Setup the parameters for our RSA object. For our purposes they don't
2004 * have to actually be *valid* parameters. We just need to set something.
2006 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA", NULL))
2007 || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
2008 || !TEST_ptr(n = BN_new())
2009 || !TEST_ptr(e = BN_new())
2010 || !TEST_ptr(d = BN_new()))
2012 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_N, n))
2013 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_E, e))
2014 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_D, d)))
2016 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
2019 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
2020 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
2024 if (!TEST_ptr(pkey))
2027 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
2030 EVP_PKEY_free(pkey);
2031 EVP_PKEY_CTX_free(pctx);
2032 OSSL_PARAM_BLD_free_params(params);
2033 OSSL_PARAM_BLD_free(bld);
2041 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
2042 static int test_decrypt_null_chunks(void)
2044 EVP_CIPHER_CTX* ctx = NULL;
2045 const unsigned char key[32] = {
2046 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
2047 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
2048 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1
2050 unsigned char iv[12] = {
2051 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b
2053 unsigned char msg[] = "It was the best of times, it was the worst of times";
2054 unsigned char ciphertext[80];
2055 unsigned char plaintext[80];
2056 /* We initialise tmp to a non zero value on purpose */
2057 int ctlen, ptlen, tmp = 99;
2059 const int enc_offset = 10, dec_offset = 20;
2061 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
2062 || !TEST_true(EVP_EncryptInit_ex(ctx, EVP_chacha20_poly1305(), NULL,
2064 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &ctlen, msg,
2066 /* Deliberate add a zero length update */
2067 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp, NULL,
2069 || !TEST_int_eq(tmp, 0)
2070 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp,
2072 sizeof(msg) - enc_offset))
2073 || !TEST_int_eq(ctlen += tmp, sizeof(msg))
2074 || !TEST_true(EVP_EncryptFinal(ctx, ciphertext + ctlen, &tmp))
2075 || !TEST_int_eq(tmp, 0))
2078 /* Deliberately initialise tmp to a non zero value */
2080 if (!TEST_true(EVP_DecryptInit_ex(ctx, EVP_chacha20_poly1305(), NULL, key,
2082 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext, &ptlen, ciphertext,
2085 * Deliberately add a zero length update. We also deliberately do
2086 * this at a different offset than for encryption.
2088 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp, NULL,
2090 || !TEST_int_eq(tmp, 0)
2091 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp,
2092 ciphertext + dec_offset,
2093 ctlen - dec_offset))
2094 || !TEST_int_eq(ptlen += tmp, sizeof(msg))
2095 || !TEST_true(EVP_DecryptFinal(ctx, plaintext + ptlen, &tmp))
2096 || !TEST_int_eq(tmp, 0)
2097 || !TEST_mem_eq(msg, sizeof(msg), plaintext, ptlen))
2102 EVP_CIPHER_CTX_free(ctx);
2105 #endif /* !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) */
2107 #ifndef OPENSSL_NO_DH
2109 * Test combinations of private, public, missing and private + public key
2110 * params to ensure they are all accepted
2112 static int test_DH_priv_pub(void)
2114 return test_EVP_PKEY_ffc_priv_pub("DH");
2117 # ifndef OPENSSL_NO_DEPRECATED_3_0
2118 static int test_EVP_PKEY_set1_DH(void)
2120 DH *x942dh = NULL, *noqdh = NULL;
2121 EVP_PKEY *pkey1 = NULL, *pkey2 = NULL;
2123 BIGNUM *p, *g = NULL;
2125 if (!TEST_ptr(p = BN_new())
2126 || !TEST_ptr(g = BN_new())
2127 || !BN_set_word(p, 9999)
2128 || !BN_set_word(g, 2)
2129 || !TEST_ptr(noqdh = DH_new())
2130 || !DH_set0_pqg(noqdh, p, NULL, g))
2134 x942dh = DH_get_2048_256();
2135 pkey1 = EVP_PKEY_new();
2136 pkey2 = EVP_PKEY_new();
2137 if (!TEST_ptr(x942dh)
2140 || !TEST_ptr(pkey2))
2143 if(!TEST_true(EVP_PKEY_set1_DH(pkey1, x942dh))
2144 || !TEST_int_eq(EVP_PKEY_id(pkey1), EVP_PKEY_DHX))
2147 if(!TEST_true(EVP_PKEY_set1_DH(pkey2, noqdh))
2148 || !TEST_int_eq(EVP_PKEY_id(pkey2), EVP_PKEY_DH))
2155 EVP_PKEY_free(pkey1);
2156 EVP_PKEY_free(pkey2);
2162 # endif /* !OPENSSL_NO_DEPRECATED_3_0 */
2163 #endif /* !OPENSSL_NO_DH */
2166 * We test what happens with an empty template. For the sake of this test,
2167 * the template must be ignored, and we know that's the case for RSA keys
2168 * (this might arguably be a misfeature, but that's what we currently do,
2169 * even in provider code, since that's how the legacy RSA implementation
2172 static int test_keygen_with_empty_template(int n)
2174 EVP_PKEY_CTX *ctx = NULL;
2175 EVP_PKEY *pkey = NULL;
2176 EVP_PKEY *tkey = NULL;
2181 /* We do test with no template at all as well */
2182 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL)))
2186 /* Here we create an empty RSA key that serves as our template */
2187 if (!TEST_ptr(tkey = EVP_PKEY_new())
2188 || !TEST_true(EVP_PKEY_set_type(tkey, EVP_PKEY_RSA))
2189 || !TEST_ptr(ctx = EVP_PKEY_CTX_new(tkey, NULL)))
2194 if (!TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
2195 || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0))
2200 EVP_PKEY_CTX_free(ctx);
2201 EVP_PKEY_free(pkey);
2202 EVP_PKEY_free(tkey);
2207 * Test that we fail if we attempt to use an algorithm that is not available
2208 * in the current library context (unless we are using an algorithm that
2209 * should be made available via legacy codepaths).
2214 static int test_pkey_ctx_fail_without_provider(int tst)
2216 OSSL_LIB_CTX *tmpctx = OSSL_LIB_CTX_new();
2217 OSSL_PROVIDER *nullprov = NULL;
2218 EVP_PKEY_CTX *pctx = NULL;
2219 const char *keytype = NULL;
2220 int expect_null = 0;
2223 if (!TEST_ptr(tmpctx))
2226 nullprov = OSSL_PROVIDER_load(tmpctx, "null");
2227 if (!TEST_ptr(nullprov))
2231 * We check for certain algos in the null provider.
2232 * If an algo is expected to have a provider keymgmt, contructing an
2233 * EVP_PKEY_CTX is expected to fail (return NULL).
2234 * Otherwise, if it's expected to have legacy support, contructing an
2235 * EVP_PKEY_CTX is expected to succeed (return non-NULL).
2245 #ifdef OPENSSL_NO_EC
2246 TEST_info("EC disable, skipping SM2 check...");
2249 #ifdef OPENSSL_NO_SM2
2250 TEST_info("SM2 disable, skipping SM2 check...");
2255 TEST_error("No test for case %d", tst);
2259 pctx = EVP_PKEY_CTX_new_from_name(tmpctx, keytype, "");
2260 if (expect_null ? !TEST_ptr_null(pctx) : !TEST_ptr(pctx))
2263 #if defined(OPENSSL_NO_EC) || defined(OPENSSL_NO_SM2)
2269 EVP_PKEY_CTX_free(pctx);
2270 OSSL_PROVIDER_unload(nullprov);
2271 OSSL_LIB_CTX_free(tmpctx);
2275 static int test_rand_agglomeration(void)
2279 OSSL_PARAM params[3], *p = params;
2281 unsigned int step = 7;
2282 static unsigned char seed[] = "It does not matter how slowly you go "
2283 "as long as you do not stop.";
2284 unsigned char out[sizeof(seed)];
2286 if (!TEST_int_ne(sizeof(seed) % step, 0)
2287 || !TEST_ptr(rand = EVP_RAND_fetch(NULL, "TEST-RAND", NULL)))
2289 ctx = EVP_RAND_CTX_new(rand, NULL);
2290 EVP_RAND_free(rand);
2294 memset(out, 0, sizeof(out));
2295 *p++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY,
2296 seed, sizeof(seed));
2297 *p++ = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_MAX_REQUEST, &step);
2298 *p = OSSL_PARAM_construct_end();
2299 res = TEST_true(EVP_RAND_set_ctx_params(ctx, params))
2300 && TEST_true(EVP_RAND_generate(ctx, out, sizeof(out), 0, 1, NULL, 0))
2301 && TEST_mem_eq(seed, sizeof(seed), out, sizeof(out));
2302 EVP_RAND_CTX_free(ctx);
2307 * Test that we correctly return the original or "running" IV after
2308 * an encryption operation.
2309 * Run multiple times for some different relevant algorithms/modes.
2311 static int test_evp_iv(int idx)
2314 EVP_CIPHER_CTX *ctx = NULL;
2315 unsigned char key[16] = {0x4c, 0x43, 0xdb, 0xdd, 0x42, 0x73, 0x47, 0xd1,
2316 0xe5, 0x62, 0x7d, 0xcd, 0x4d, 0x76, 0x4d, 0x57};
2317 unsigned char init_iv[EVP_MAX_IV_LENGTH] =
2318 {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82,
2319 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34};
2320 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8,
2321 9, 10, 11, 12, 13, 14, 15, 16 };
2322 unsigned char ciphertext[32], oiv[16], iv[16];
2323 unsigned char *ref_iv;
2324 unsigned char cbc_state[16] = {0x10, 0x2f, 0x05, 0xcc, 0xc2, 0x55, 0x72, 0xb9,
2325 0x88, 0xe6, 0x4a, 0x17, 0x10, 0x74, 0x22, 0x5e};
2327 unsigned char ofb_state[16] = {0x76, 0xe6, 0x66, 0x61, 0xd0, 0x8a, 0xe4, 0x64,
2328 0xdd, 0x66, 0xbf, 0x00, 0xf0, 0xe3, 0x6f, 0xfd};
2329 unsigned char gcm_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
2330 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
2331 unsigned char ccm_state[7] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98};
2332 #ifndef OPENSSL_NO_OCB
2333 unsigned char ocb_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
2334 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
2336 int len = sizeof(ciphertext);
2337 size_t ivlen, ref_len;
2338 const EVP_CIPHER *type = NULL;
2342 type = EVP_aes_128_cbc();
2345 type = (type != NULL) ? type :
2346 EVP_CIPHER_fetch(testctx, "aes-128-cbc", NULL);
2348 ref_len = sizeof(cbc_state);
2351 type = EVP_aes_128_ofb();
2354 type = (type != NULL) ? type :
2355 EVP_CIPHER_fetch(testctx, "aes-128-ofb", NULL);
2357 ref_len = sizeof(ofb_state);
2360 type = EVP_aes_128_gcm();
2363 type = (type != NULL) ? type :
2364 EVP_CIPHER_fetch(testctx, "aes-128-gcm", NULL);
2366 ref_len = sizeof(gcm_state);
2369 type = EVP_aes_128_ccm();
2372 type = (type != NULL) ? type :
2373 EVP_CIPHER_fetch(testctx, "aes-128-ccm", NULL);
2375 ref_len = sizeof(ccm_state);
2377 #ifdef OPENSSL_NO_OCB
2383 type = EVP_aes_128_ocb();
2386 type = (type != NULL) ? type :
2387 EVP_CIPHER_fetch(testctx, "aes-128-ocb", NULL);
2389 ref_len = sizeof(ocb_state);
2397 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new()))
2398 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv))
2399 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg,
2401 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv)))
2402 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))
2403 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len)))
2405 ivlen = EVP_CIPHER_CTX_iv_length(ctx);
2406 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen)
2407 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen))
2412 EVP_CIPHER_CTX_free(ctx);
2414 EVP_CIPHER_free((EVP_CIPHER *)type);
2418 #ifndef OPENSSL_NO_EC
2419 static int ecpub_nids[] = { NID_brainpoolP256r1, NID_X9_62_prime256v1,
2420 NID_secp384r1, NID_secp521r1, NID_sect233k1, NID_sect233r1, NID_sect283r1,
2421 NID_sect409k1, NID_sect409r1, NID_sect571k1, NID_sect571r1,
2422 NID_brainpoolP384r1, NID_brainpoolP512r1};
2424 static int test_ecpub(int idx)
2426 int ret = 0, len, savelen;
2428 unsigned char buf[1024];
2430 EVP_PKEY *pkey = NULL;
2431 EVP_PKEY_CTX *ctx = NULL;
2432 # ifndef OPENSSL_NO_DEPRECATED_3_0
2433 const unsigned char *q;
2434 EVP_PKEY *pkey2 = NULL;
2438 nid = ecpub_nids[idx];
2440 ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
2442 || !TEST_true(EVP_PKEY_keygen_init(ctx))
2443 || !TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid))
2444 || !TEST_true(EVP_PKEY_keygen(ctx, &pkey)))
2446 len = i2d_PublicKey(pkey, NULL);
2448 if (!TEST_int_ge(len, 1)
2449 || !TEST_int_lt(len, 1024))
2452 len = i2d_PublicKey(pkey, &p);
2453 if (!TEST_int_ge(len, 1)
2454 || !TEST_int_eq(len, savelen))
2457 # ifndef OPENSSL_NO_DEPRECATED_3_0
2458 /* Now try to decode the just-created DER. */
2460 if (!TEST_ptr((pkey2 = EVP_PKEY_new()))
2461 || !TEST_ptr((ec = EC_KEY_new_by_curve_name(nid)))
2462 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey2, ec)))
2464 /* EC_KEY ownership transferred */
2466 if (!TEST_ptr(d2i_PublicKey(EVP_PKEY_EC, &pkey2, &q, savelen)))
2468 /* The keys should match. */
2469 if (!TEST_int_eq(EVP_PKEY_cmp(pkey, pkey2), 1))
2476 EVP_PKEY_CTX_free(ctx);
2477 EVP_PKEY_free(pkey);
2478 # ifndef OPENSSL_NO_DEPRECATED_3_0
2479 EVP_PKEY_free(pkey2);
2486 static int test_EVP_rsa_pss_with_keygen_bits(void)
2495 md = EVP_get_digestbyname("sha256");
2496 ret = TEST_ptr((ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA_PSS, NULL)))
2497 && TEST_true(EVP_PKEY_keygen_init(ctx))
2498 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 512), 0)
2499 && TEST_true(EVP_PKEY_CTX_set_rsa_pss_keygen_md(ctx, md))
2500 && TEST_true(EVP_PKEY_keygen(ctx, &pkey));
2502 EVP_PKEY_free(pkey);
2503 EVP_PKEY_CTX_free(ctx);
2507 static int success = 1;
2508 static void md_names(const char *name, void *vctx)
2510 OSSL_LIB_CTX *ctx = (OSSL_LIB_CTX *)vctx;
2511 /* Force a namemap update */
2512 EVP_CIPHER *aes128 = EVP_CIPHER_fetch(ctx, "AES-128-CBC", NULL);
2514 if (!TEST_ptr(aes128))
2517 EVP_CIPHER_free(aes128);
2521 * Test that changing the namemap in a user callback works in a names_do_all
2524 static int test_names_do_all(void)
2526 /* We use a custom libctx so that we know the state of the namemap */
2527 OSSL_LIB_CTX *ctx = OSSL_LIB_CTX_new();
2528 EVP_MD *sha256 = NULL;
2534 sha256 = EVP_MD_fetch(ctx, "SHA2-256", NULL);
2535 if (!TEST_ptr(sha256))
2539 * We loop through all the names for a given digest. This should still work
2540 * even if the namemap changes part way through.
2542 if (!TEST_true(EVP_MD_names_do_all(sha256, md_names, ctx)))
2545 if (!TEST_true(success))
2550 EVP_MD_free(sha256);
2551 OSSL_LIB_CTX_free(ctx);
2555 int setup_tests(void)
2557 testctx = OSSL_LIB_CTX_new();
2559 if (!TEST_ptr(testctx))
2562 ADD_TEST(test_EVP_set_default_properties);
2563 ADD_ALL_TESTS(test_EVP_DigestSignInit, 9);
2564 ADD_TEST(test_EVP_DigestVerifyInit);
2565 ADD_TEST(test_EVP_Digest);
2566 ADD_TEST(test_EVP_Enveloped);
2567 ADD_ALL_TESTS(test_d2i_AutoPrivateKey, OSSL_NELEM(keydata));
2568 ADD_TEST(test_privatekey_to_pkcs8);
2569 #ifndef OPENSSL_NO_EC
2570 ADD_TEST(test_EVP_PKCS82PKEY);
2572 #ifndef OPENSSL_NO_EC
2573 ADD_ALL_TESTS(test_EC_keygen_with_enc, OSSL_NELEM(ec_encodings));
2575 #if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
2576 ADD_TEST(test_EVP_SM2);
2577 ADD_TEST(test_EVP_SM2_verify);
2579 ADD_ALL_TESTS(test_set_get_raw_keys, OSSL_NELEM(keys));
2580 #ifndef OPENSSL_NO_DEPRECATED_3_0
2581 custom_pmeth = EVP_PKEY_meth_new(0xdefaced, 0);
2582 if (!TEST_ptr(custom_pmeth))
2584 EVP_PKEY_meth_set_check(custom_pmeth, pkey_custom_check);
2585 EVP_PKEY_meth_set_public_check(custom_pmeth, pkey_custom_pub_check);
2586 EVP_PKEY_meth_set_param_check(custom_pmeth, pkey_custom_param_check);
2587 if (!TEST_int_eq(EVP_PKEY_meth_add0(custom_pmeth), 1))
2590 ADD_ALL_TESTS(test_EVP_PKEY_check, OSSL_NELEM(keycheckdata));
2591 #ifndef OPENSSL_NO_CMAC
2592 ADD_TEST(test_CMAC_keygen);
2594 ADD_TEST(test_HKDF);
2595 ADD_TEST(test_emptyikm_HKDF);
2596 #ifndef OPENSSL_NO_EC
2597 ADD_TEST(test_X509_PUBKEY_inplace);
2598 ADD_ALL_TESTS(test_invalide_ec_char2_pub_range_decode,
2599 OSSL_NELEM(ec_der_pub_keys));
2601 #ifndef OPENSSL_NO_DSA
2602 ADD_TEST(test_DSA_get_set_params);
2603 ADD_TEST(test_DSA_priv_pub);
2605 ADD_TEST(test_RSA_get_set_params);
2606 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
2607 ADD_TEST(test_decrypt_null_chunks);
2609 #ifndef OPENSSL_NO_DH
2610 ADD_TEST(test_DH_priv_pub);
2611 # ifndef OPENSSL_NO_DEPRECATED_3_0
2612 ADD_TEST(test_EVP_PKEY_set1_DH);
2615 #ifndef OPENSSL_NO_EC
2616 ADD_TEST(test_EC_priv_pub);
2617 # ifndef OPENSSL_NO_DEPRECATED_3_0
2618 ADD_TEST(test_EC_priv_only_legacy);
2621 ADD_ALL_TESTS(test_keygen_with_empty_template, 2);
2622 ADD_ALL_TESTS(test_pkey_ctx_fail_without_provider, 2);
2624 ADD_TEST(test_rand_agglomeration);
2625 ADD_ALL_TESTS(test_evp_iv, 10);
2626 ADD_TEST(test_EVP_rsa_pss_with_keygen_bits);
2627 #ifndef OPENSSL_NO_EC
2628 ADD_ALL_TESTS(test_ecpub, OSSL_NELEM(ecpub_nids));
2631 ADD_TEST(test_names_do_all);
2636 void cleanup_tests(void)
2638 OSSL_LIB_CTX_free(testctx);
projects / openssl.git / blob