2 * Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 /* We need to use some deprecated APIs */
11 #define OPENSSL_SUPPRESS_DEPRECATED
16 #include <openssl/bio.h>
17 #include <openssl/conf.h>
18 #include <openssl/crypto.h>
19 #include <openssl/err.h>
20 #include <openssl/evp.h>
21 #include <openssl/x509.h>
22 #include <openssl/pem.h>
23 #include <openssl/kdf.h>
24 #include <openssl/provider.h>
25 #include <openssl/core_names.h>
26 #include <openssl/params.h>
27 #include <openssl/param_build.h>
28 #include <openssl/dsa.h>
29 #include <openssl/dh.h>
30 #include <openssl/aes.h>
31 #include <openssl/decoder.h>
33 #include "internal/nelem.h"
34 #include "internal/sizes.h"
35 #include "crypto/evp.h"
36 #include "../e_os.h" /* strcasecmp */
38 static OSSL_LIB_CTX *testctx = NULL;
41 * kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you
42 * should never use this key anywhere but in an example.
44 static const unsigned char kExampleRSAKeyDER[] = {
45 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xf8,
46 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59,
47 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37,
48 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71,
49 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a,
50 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4,
51 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec,
52 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76,
53 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8,
54 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7,
55 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c,
56 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01,
57 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 0x6d, 0xc7,
58 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 0x32, 0x85,
59 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 0x5f, 0xee,
60 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 0x66, 0x85,
61 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 0xa4, 0x0a,
62 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 0xc2, 0x15,
63 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 0x5b, 0x83,
64 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 0x80, 0x1b,
65 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 0x99, 0x73,
66 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 0x1f, 0x99,
67 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 0xb1, 0x02,
68 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 0x40, 0x41,
69 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 0x3d, 0x59,
70 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 0xc6, 0xd9,
71 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 0x9f, 0xef,
72 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 0x46, 0x87,
73 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 0x2c, 0xdf,
74 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 0x55, 0xf5,
75 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 0xcd, 0xb5,
76 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 0xb3, 0x62,
77 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 0x9b, 0x64,
78 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 0xfa, 0xb8,
79 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 0xe8, 0xba,
80 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 0xe7, 0xfe,
81 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 0x75, 0xe7,
82 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 0x9d, 0xfe,
83 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 0xf1, 0xdb,
84 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 0x5a, 0x34,
85 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 0x84, 0x27,
86 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 0xe9, 0xc0,
87 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 0xb9, 0xba,
88 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 0x10, 0x06,
89 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 0x52, 0x2c,
90 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 0xc4, 0x1e,
91 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 0x49, 0xaf,
92 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 0xd1, 0x8a,
93 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 0x17, 0x17,
94 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 0x08, 0xf1,
95 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
99 * kExampleDSAKeyDER is a DSA private key in ASN.1, DER format. Of course, you
100 * should never use this key anywhere but in an example.
102 #ifndef OPENSSL_NO_DSA
103 static const unsigned char kExampleDSAKeyDER[] = {
104 0x30, 0x82, 0x01, 0xba, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0x9a,
105 0x05, 0x6d, 0x33, 0xcd, 0x5d, 0x78, 0xa1, 0xbb, 0xcb, 0x7d, 0x5b, 0x8d,
106 0xb4, 0xcc, 0xbf, 0x03, 0x99, 0x64, 0xde, 0x38, 0x78, 0x06, 0x15, 0x2f,
107 0x86, 0x26, 0x77, 0xf3, 0xb1, 0x85, 0x00, 0xed, 0xfc, 0x28, 0x3a, 0x42,
108 0x4d, 0xab, 0xab, 0xdf, 0xbc, 0x9c, 0x16, 0xd0, 0x22, 0x50, 0xd1, 0x38,
109 0xdd, 0x3f, 0x64, 0x05, 0x9e, 0x68, 0x7a, 0x1e, 0xf1, 0x56, 0xbf, 0x1e,
110 0x2c, 0xc5, 0x97, 0x2a, 0xfe, 0x7a, 0x22, 0xdc, 0x6c, 0x68, 0xb8, 0x2e,
111 0x06, 0xdb, 0x41, 0xca, 0x98, 0xd8, 0x54, 0xc7, 0x64, 0x48, 0x24, 0x04,
112 0x20, 0xbc, 0x59, 0xe3, 0x6b, 0xea, 0x7e, 0xfc, 0x7e, 0xc5, 0x4e, 0xd4,
113 0xd8, 0x3a, 0xed, 0xcd, 0x5d, 0x99, 0xb8, 0x5c, 0xa2, 0x8b, 0xbb, 0x0b,
114 0xac, 0xe6, 0x8e, 0x25, 0x56, 0x22, 0x3a, 0x2d, 0x3a, 0x56, 0x41, 0x14,
115 0x1f, 0x1c, 0x8f, 0x53, 0x46, 0x13, 0x85, 0x02, 0x15, 0x00, 0x98, 0x7e,
116 0x92, 0x81, 0x88, 0xc7, 0x3f, 0x70, 0x49, 0x54, 0xf6, 0x76, 0xb4, 0xa3,
117 0x9e, 0x1d, 0x45, 0x98, 0x32, 0x7f, 0x02, 0x81, 0x80, 0x69, 0x4d, 0xef,
118 0x55, 0xff, 0x4d, 0x59, 0x2c, 0x01, 0xfa, 0x6a, 0x38, 0xe0, 0x70, 0x9f,
119 0x9e, 0x66, 0x8e, 0x3e, 0x8c, 0x52, 0x22, 0x9d, 0x15, 0x7e, 0x3c, 0xef,
120 0x4c, 0x7a, 0x61, 0x26, 0xe0, 0x2b, 0x81, 0x3f, 0xeb, 0xaf, 0x35, 0x38,
121 0x8d, 0xfe, 0xed, 0x46, 0xff, 0x5f, 0x03, 0x9b, 0x81, 0x92, 0xe7, 0x6f,
122 0x76, 0x4f, 0x1d, 0xd9, 0xbb, 0x89, 0xc9, 0x3e, 0xd9, 0x0b, 0xf9, 0xf4,
123 0x78, 0x11, 0x59, 0xc0, 0x1d, 0xcd, 0x0e, 0xa1, 0x6f, 0x15, 0xf1, 0x4d,
124 0xc1, 0xc9, 0x22, 0xed, 0x8d, 0xad, 0x67, 0xc5, 0x4b, 0x95, 0x93, 0x86,
125 0xa6, 0xaf, 0x8a, 0xee, 0x06, 0x89, 0x2f, 0x37, 0x7e, 0x64, 0xaa, 0xf6,
126 0xe7, 0xb1, 0x5a, 0x0a, 0x93, 0x95, 0x5d, 0x3e, 0x53, 0x9a, 0xde, 0x8a,
127 0xc2, 0x95, 0x45, 0x81, 0xbe, 0x5c, 0x2f, 0xc2, 0xb2, 0x92, 0x58, 0x19,
128 0x72, 0x80, 0xe9, 0x79, 0xa1, 0x02, 0x81, 0x80, 0x07, 0xd7, 0x62, 0xff,
129 0xdf, 0x1a, 0x3f, 0xed, 0x32, 0xd4, 0xd4, 0x88, 0x7b, 0x2c, 0x63, 0x7f,
130 0x97, 0xdc, 0x44, 0xd4, 0x84, 0xa2, 0xdd, 0x17, 0x16, 0x85, 0x13, 0xe0,
131 0xac, 0x51, 0x8d, 0x29, 0x1b, 0x75, 0x9a, 0xe4, 0xe3, 0x8a, 0x92, 0x69,
132 0x09, 0x03, 0xc5, 0x68, 0xae, 0x5e, 0x94, 0xfe, 0xc9, 0x92, 0x6c, 0x07,
133 0xb4, 0x1e, 0x64, 0x62, 0x87, 0xc6, 0xa4, 0xfd, 0x0d, 0x5f, 0xe5, 0xf9,
134 0x1b, 0x4f, 0x85, 0x5f, 0xae, 0xf3, 0x11, 0xe5, 0x18, 0xd4, 0x4d, 0x79,
135 0x9f, 0xc4, 0x79, 0x26, 0x04, 0x27, 0xf0, 0x0b, 0xee, 0x2b, 0x86, 0x9f,
136 0x86, 0x61, 0xe6, 0x51, 0xce, 0x04, 0x9b, 0x5d, 0x6b, 0x34, 0x43, 0x8c,
137 0x85, 0x3c, 0xf1, 0x51, 0x9b, 0x08, 0x23, 0x1b, 0xf5, 0x7e, 0x33, 0x12,
138 0xea, 0xab, 0x1f, 0xb7, 0x2d, 0xe2, 0x5f, 0xe6, 0x97, 0x99, 0xb5, 0x45,
139 0x16, 0x5b, 0xc3, 0x41, 0x02, 0x14, 0x61, 0xbf, 0x51, 0x60, 0xcf, 0xc8,
140 0xf1, 0x8c, 0x82, 0x97, 0xf2, 0xf4, 0x19, 0xba, 0x2b, 0xf3, 0x16, 0xbe,
146 * kExampleBadRSAKeyDER is an RSA private key in ASN.1, DER format. The private
147 * components are not correct.
149 static const unsigned char kExampleBadRSAKeyDER[] = {
150 0x30, 0x82, 0x04, 0x27, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00,
151 0xa6, 0x1a, 0x1e, 0x6e, 0x7b, 0xee, 0xc6, 0x89, 0x66, 0xe7, 0x93, 0xef,
152 0x54, 0x12, 0x68, 0xea, 0xbf, 0x86, 0x2f, 0xdd, 0xd2, 0x79, 0xb8, 0xa9,
153 0x6e, 0x03, 0xc2, 0xa3, 0xb9, 0xa3, 0xe1, 0x4b, 0x2a, 0xb3, 0xf8, 0xb4,
154 0xcd, 0xea, 0xbe, 0x24, 0xa6, 0x57, 0x5b, 0x83, 0x1f, 0x0f, 0xf2, 0xd3,
155 0xb7, 0xac, 0x7e, 0xd6, 0x8e, 0x6e, 0x1e, 0xbf, 0xb8, 0x73, 0x8c, 0x05,
156 0x56, 0xe6, 0x35, 0x1f, 0xe9, 0x04, 0x0b, 0x09, 0x86, 0x7d, 0xf1, 0x26,
157 0x08, 0x99, 0xad, 0x7b, 0xc8, 0x4d, 0x94, 0xb0, 0x0b, 0x8b, 0x38, 0xa0,
158 0x5c, 0x62, 0xa0, 0xab, 0xd3, 0x8f, 0xd4, 0x09, 0x60, 0x72, 0x1e, 0x33,
159 0x50, 0x80, 0x6e, 0x22, 0xa6, 0x77, 0x57, 0x6b, 0x9a, 0x33, 0x21, 0x66,
160 0x87, 0x6e, 0x21, 0x7b, 0xc7, 0x24, 0x0e, 0xd8, 0x13, 0xdf, 0x83, 0xde,
161 0xcd, 0x40, 0x58, 0x1d, 0x84, 0x86, 0xeb, 0xb8, 0x12, 0x4e, 0xd2, 0xfa,
162 0x80, 0x1f, 0xe4, 0xe7, 0x96, 0x29, 0xb8, 0xcc, 0xce, 0x66, 0x6d, 0x53,
163 0xca, 0xb9, 0x5a, 0xd7, 0xf6, 0x84, 0x6c, 0x2d, 0x9a, 0x1a, 0x14, 0x1c,
164 0x4e, 0x93, 0x39, 0xba, 0x74, 0xed, 0xed, 0x87, 0x87, 0x5e, 0x48, 0x75,
165 0x36, 0xf0, 0xbc, 0x34, 0xfb, 0x29, 0xf9, 0x9f, 0x96, 0x5b, 0x0b, 0xa7,
166 0x54, 0x30, 0x51, 0x29, 0x18, 0x5b, 0x7d, 0xac, 0x0f, 0xd6, 0x5f, 0x7c,
167 0xf8, 0x98, 0x8c, 0xd8, 0x86, 0x62, 0xb3, 0xdc, 0xff, 0x0f, 0xff, 0x7a,
168 0xaf, 0x5c, 0x4c, 0x61, 0x49, 0x2e, 0xc8, 0x95, 0x86, 0xc4, 0x0e, 0x87,
169 0xfc, 0x1d, 0xcf, 0x8b, 0x7c, 0x61, 0xf6, 0xd8, 0xd0, 0x69, 0xf6, 0xcd,
170 0x8a, 0x8c, 0xf6, 0x62, 0xa2, 0x56, 0xa9, 0xe3, 0xd1, 0xcf, 0x4d, 0xa0,
171 0xf6, 0x2d, 0x20, 0x0a, 0x04, 0xb7, 0xa2, 0xf7, 0xb5, 0x99, 0x47, 0x18,
172 0x56, 0x85, 0x87, 0xc7, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01,
173 0x01, 0x00, 0x99, 0x41, 0x38, 0x1a, 0xd0, 0x96, 0x7a, 0xf0, 0x83, 0xd5,
174 0xdf, 0x94, 0xce, 0x89, 0x3d, 0xec, 0x7a, 0x52, 0x21, 0x10, 0x16, 0x06,
175 0xe0, 0xee, 0xd2, 0xe6, 0xfd, 0x4b, 0x7b, 0x19, 0x4d, 0xe1, 0xc0, 0xc0,
176 0xd5, 0x14, 0x5d, 0x79, 0xdd, 0x7e, 0x8b, 0x4b, 0xc6, 0xcf, 0xb0, 0x75,
177 0x52, 0xa3, 0x2d, 0xb1, 0x26, 0x46, 0x68, 0x9c, 0x0a, 0x1a, 0xf2, 0xe1,
178 0x09, 0xac, 0x53, 0x85, 0x8c, 0x36, 0xa9, 0x14, 0x65, 0xea, 0xa0, 0x00,
179 0xcb, 0xe3, 0x3f, 0xc4, 0x2b, 0x61, 0x2e, 0x6b, 0x06, 0x69, 0x77, 0xfd,
180 0x38, 0x7e, 0x1d, 0x3f, 0x92, 0xe7, 0x77, 0x08, 0x19, 0xa7, 0x9d, 0x29,
181 0x2d, 0xdc, 0x42, 0xc6, 0x7c, 0xd7, 0xd3, 0xa8, 0x01, 0x2c, 0xf2, 0xd5,
182 0x82, 0x57, 0xcb, 0x55, 0x3d, 0xe7, 0xaa, 0xd2, 0x06, 0x30, 0x30, 0x05,
183 0xe6, 0xf2, 0x47, 0x86, 0xba, 0xc6, 0x61, 0x64, 0xeb, 0x4f, 0x2a, 0x5e,
184 0x07, 0x29, 0xe0, 0x96, 0xb2, 0x43, 0xff, 0x5f, 0x1a, 0x54, 0x16, 0xcf,
185 0xb5, 0x56, 0x5c, 0xa0, 0x9b, 0x0c, 0xfd, 0xb3, 0xd2, 0xe3, 0x79, 0x1d,
186 0x21, 0xe2, 0xd6, 0x13, 0xc4, 0x74, 0xa6, 0xf5, 0x8e, 0x8e, 0x81, 0xbb,
187 0xb4, 0xad, 0x8a, 0xf0, 0x93, 0x0a, 0xd8, 0x0a, 0x42, 0x36, 0xbc, 0xe5,
188 0x26, 0x2a, 0x0d, 0x5d, 0x57, 0x13, 0xc5, 0x4e, 0x2f, 0x12, 0x0e, 0xef,
189 0xa7, 0x81, 0x1e, 0xc3, 0xa5, 0xdb, 0xc9, 0x24, 0xeb, 0x1a, 0xa1, 0xf9,
190 0xf6, 0xa1, 0x78, 0x98, 0x93, 0x77, 0x42, 0x45, 0x03, 0xe2, 0xc9, 0xa2,
191 0xfe, 0x2d, 0x77, 0xc8, 0xc6, 0xac, 0x9b, 0x98, 0x89, 0x6d, 0x9a, 0xe7,
192 0x61, 0x63, 0xb7, 0xf2, 0xec, 0xd6, 0xb1, 0xa1, 0x6e, 0x0a, 0x1a, 0xff,
193 0xfd, 0x43, 0x28, 0xc3, 0x0c, 0xdc, 0xf2, 0x47, 0x4f, 0x27, 0xaa, 0x99,
194 0x04, 0x8e, 0xac, 0xe8, 0x7c, 0x01, 0x02, 0x04, 0x12, 0x34, 0x56, 0x78,
195 0x02, 0x81, 0x81, 0x00, 0xca, 0x69, 0xe5, 0xbb, 0x3a, 0x90, 0x82, 0xcb,
196 0x82, 0x50, 0x2f, 0x29, 0xe2, 0x76, 0x6a, 0x57, 0x55, 0x45, 0x4e, 0x35,
197 0x18, 0x61, 0xe0, 0x12, 0x70, 0xc0, 0xab, 0xc7, 0x80, 0xa2, 0xd4, 0x46,
198 0x34, 0x03, 0xa0, 0x19, 0x26, 0x23, 0x9e, 0xef, 0x1a, 0xcb, 0x75, 0xd6,
199 0xba, 0x81, 0xf4, 0x7e, 0x52, 0xe5, 0x2a, 0xe8, 0xf1, 0x49, 0x6c, 0x0f,
200 0x1a, 0xa0, 0xf9, 0xc6, 0xe7, 0xec, 0x60, 0xe4, 0xcb, 0x2a, 0xb5, 0x56,
201 0xe9, 0x9c, 0xcd, 0x19, 0x75, 0x92, 0xb1, 0x66, 0xce, 0xc3, 0xd9, 0x3d,
202 0x11, 0xcb, 0xc4, 0x09, 0xce, 0x1e, 0x30, 0xba, 0x2f, 0x60, 0x60, 0x55,
203 0x8d, 0x02, 0xdc, 0x5d, 0xaf, 0xf7, 0x52, 0x31, 0x17, 0x07, 0x53, 0x20,
204 0x33, 0xad, 0x8c, 0xd5, 0x2f, 0x5a, 0xd0, 0x57, 0xd7, 0xd1, 0x80, 0xd6,
205 0x3a, 0x9b, 0x04, 0x4f, 0x35, 0xbf, 0xe7, 0xd5, 0xbc, 0x8f, 0xd4, 0x81,
206 0x02, 0x81, 0x81, 0x00, 0xc0, 0x9f, 0xf8, 0xcd, 0xf7, 0x3f, 0x26, 0x8a,
207 0x3d, 0x4d, 0x2b, 0x0c, 0x01, 0xd0, 0xa2, 0xb4, 0x18, 0xfe, 0xf7, 0x5e,
208 0x2f, 0x06, 0x13, 0xcd, 0x63, 0xaa, 0x12, 0xa9, 0x24, 0x86, 0xe3, 0xf3,
209 0x7b, 0xda, 0x1a, 0x3c, 0xb1, 0x38, 0x80, 0x80, 0xef, 0x64, 0x64, 0xa1,
210 0x9b, 0xfe, 0x76, 0x63, 0x8e, 0x83, 0xd2, 0xd9, 0xb9, 0x86, 0xb0, 0xe6,
211 0xa6, 0x0c, 0x7e, 0xa8, 0x84, 0x90, 0x98, 0x0c, 0x1e, 0xf3, 0x14, 0x77,
212 0xe0, 0x5f, 0x81, 0x08, 0x11, 0x8f, 0xa6, 0x23, 0xc4, 0xba, 0xc0, 0x8a,
213 0xe4, 0xc6, 0xe3, 0x5c, 0xbe, 0xc5, 0xec, 0x2c, 0xb9, 0xd8, 0x8c, 0x4d,
214 0x1a, 0x9d, 0xe7, 0x7c, 0x85, 0x4c, 0x0d, 0x71, 0x4e, 0x72, 0x33, 0x1b,
215 0xfe, 0xa9, 0x17, 0x72, 0x76, 0x56, 0x9d, 0x74, 0x7e, 0x52, 0x67, 0x9a,
216 0x87, 0x9a, 0xdb, 0x30, 0xde, 0xe4, 0x49, 0x28, 0x3b, 0xd2, 0x67, 0xaf,
217 0x02, 0x81, 0x81, 0x00, 0x89, 0x74, 0x9a, 0x8e, 0xa7, 0xb9, 0xa5, 0x28,
218 0xc0, 0x68, 0xe5, 0x6e, 0x63, 0x1c, 0x99, 0x20, 0x8f, 0x86, 0x8e, 0x12,
219 0x9e, 0x69, 0x30, 0xfa, 0x34, 0xd9, 0x92, 0x8d, 0xdb, 0x7c, 0x37, 0xfd,
220 0x28, 0xab, 0x61, 0x98, 0x52, 0x7f, 0x14, 0x1a, 0x39, 0xae, 0xfb, 0x6a,
221 0x03, 0xa3, 0xe6, 0xbd, 0xb6, 0x5b, 0x6b, 0xe5, 0x5e, 0x9d, 0xc6, 0xa5,
222 0x07, 0x27, 0x54, 0x17, 0xd0, 0x3d, 0x84, 0x9b, 0x3a, 0xa0, 0xd9, 0x1e,
223 0x99, 0x6c, 0x63, 0x17, 0xab, 0xf1, 0x1f, 0x49, 0xba, 0x95, 0xe3, 0x3b,
224 0x86, 0x8f, 0x42, 0xa4, 0x89, 0xf5, 0x94, 0x8f, 0x8b, 0x46, 0xbe, 0x84,
225 0xba, 0x4a, 0xbc, 0x0d, 0x5f, 0x46, 0xeb, 0xe8, 0xec, 0x43, 0x8c, 0x1e,
226 0xad, 0x19, 0x69, 0x2f, 0x08, 0x86, 0x7a, 0x3f, 0x7d, 0x0f, 0x07, 0x97,
227 0xf3, 0x9a, 0x7b, 0xb5, 0xb2, 0xc1, 0x8c, 0x95, 0x68, 0x04, 0xa0, 0x81,
228 0x02, 0x81, 0x80, 0x4e, 0xbf, 0x7e, 0x1b, 0xcb, 0x13, 0x61, 0x75, 0x3b,
229 0xdb, 0x59, 0x5f, 0xb1, 0xd4, 0xb8, 0xeb, 0x9e, 0x73, 0xb5, 0xe7, 0xf6,
230 0x89, 0x3d, 0x1c, 0xda, 0xf0, 0x36, 0xff, 0x35, 0xbd, 0x1e, 0x0b, 0x74,
231 0xe3, 0x9e, 0xf0, 0xf2, 0xf7, 0xd7, 0x82, 0xb7, 0x7b, 0x6a, 0x1b, 0x0e,
232 0x30, 0x4a, 0x98, 0x0e, 0xb4, 0xf9, 0x81, 0x07, 0xe4, 0x75, 0x39, 0xe9,
233 0x53, 0xca, 0xbb, 0x5c, 0xaa, 0x93, 0x07, 0x0e, 0xa8, 0x2f, 0xba, 0x98,
234 0x49, 0x30, 0xa7, 0xcc, 0x1a, 0x3c, 0x68, 0x0c, 0xe1, 0xa4, 0xb1, 0x05,
235 0xe6, 0xe0, 0x25, 0x78, 0x58, 0x14, 0x37, 0xf5, 0x1f, 0xe3, 0x22, 0xef,
236 0xa8, 0x0e, 0x22, 0xa0, 0x94, 0x3a, 0xf6, 0xc9, 0x13, 0xe6, 0x06, 0xbf,
237 0x7f, 0x99, 0xc6, 0xcc, 0xd8, 0xc6, 0xbe, 0xd9, 0x2e, 0x24, 0xc7, 0x69,
238 0x8c, 0x95, 0xba, 0xf6, 0x04, 0xb3, 0x0a, 0xf4, 0xcb, 0xf0, 0xce,
241 static const unsigned char kMsg[] = { 1, 2, 3, 4 };
243 static const unsigned char kSignature[] = {
244 0xa5, 0xf0, 0x8a, 0x47, 0x5d, 0x3c, 0xb3, 0xcc, 0xa9, 0x79, 0xaf, 0x4d,
245 0x8c, 0xae, 0x4c, 0x14, 0xef, 0xc2, 0x0b, 0x34, 0x36, 0xde, 0xf4, 0x3e,
246 0x3d, 0xbb, 0x4a, 0x60, 0x5c, 0xc8, 0x91, 0x28, 0xda, 0xfb, 0x7e, 0x04,
247 0x96, 0x7e, 0x63, 0x13, 0x90, 0xce, 0xb9, 0xb4, 0x62, 0x7a, 0xfd, 0x09,
248 0x3d, 0xc7, 0x67, 0x78, 0x54, 0x04, 0xeb, 0x52, 0x62, 0x6e, 0x24, 0x67,
249 0xb4, 0x40, 0xfc, 0x57, 0x62, 0xc6, 0xf1, 0x67, 0xc1, 0x97, 0x8f, 0x6a,
250 0xa8, 0xae, 0x44, 0x46, 0x5e, 0xab, 0x67, 0x17, 0x53, 0x19, 0x3a, 0xda,
251 0x5a, 0xc8, 0x16, 0x3e, 0x86, 0xd5, 0xc5, 0x71, 0x2f, 0xfc, 0x23, 0x48,
252 0xd9, 0x0b, 0x13, 0xdd, 0x7b, 0x5a, 0x25, 0x79, 0xef, 0xa5, 0x7b, 0x04,
253 0xed, 0x44, 0xf6, 0x18, 0x55, 0xe4, 0x0a, 0xe9, 0x57, 0x79, 0x5d, 0xd7,
254 0x55, 0xa7, 0xab, 0x45, 0x02, 0x97, 0x60, 0x42,
258 * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS #8
261 static const unsigned char kExampleRSAKeyPKCS8[] = {
262 0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
263 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
264 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
265 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5,
266 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e,
267 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34,
268 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde,
269 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8,
270 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b,
271 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83,
272 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48,
273 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a,
274 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2,
275 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01,
276 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a,
277 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5,
278 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6,
279 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8,
280 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6,
281 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f,
282 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c,
283 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78,
284 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71,
285 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60,
286 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d,
287 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3,
288 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d,
289 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18,
290 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d,
291 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32,
292 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc,
293 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63,
294 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05,
295 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16,
296 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3,
297 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85,
298 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97,
299 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7,
300 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99,
301 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4,
302 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d,
303 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40,
304 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26,
305 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1,
306 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c,
307 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30,
308 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea,
309 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b,
310 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e,
311 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9,
312 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae,
313 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d,
314 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
317 #ifndef OPENSSL_NO_EC
319 * kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey
322 static const unsigned char kExampleECKeyDER[] = {
323 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x07, 0x0f, 0x08, 0x72, 0x7a,
324 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 0x4d, 0x89, 0x68, 0x77, 0x08,
325 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 0xe8, 0xd1, 0xc9, 0xce, 0x0a,
326 0x8b, 0xb4, 0x6a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
327 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69,
328 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c,
329 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9,
330 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18,
331 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16,
332 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22,
337 * kExampleBadECKeyDER is a sample EC private key encoded as an ECPrivateKey
338 * structure. The private key is equal to the order and will fail to import
340 static const unsigned char kExampleBadECKeyDER[] = {
341 0x30, 0x66, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48,
342 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03,
343 0x01, 0x07, 0x04, 0x4C, 0x30, 0x4A, 0x02, 0x01, 0x01, 0x04, 0x20, 0xFF,
344 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
345 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3,
346 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51, 0xA1, 0x23, 0x03, 0x21, 0x00,
347 0x00, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
348 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84,
349 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51
353 static const unsigned char kExampleECPubKeyDER[] = {
354 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
355 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
356 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
357 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
358 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
359 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
360 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
361 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
365 * kExampleBadECPubKeyDER is a sample EC public key with a wrong OID
366 * 1.2.840.10045.2.2 instead of 1.2.840.10045.2.1 - EC Public Key
368 static const unsigned char kExampleBadECPubKeyDER[] = {
369 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
370 0x02, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
371 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
372 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
373 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
374 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
375 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
376 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
379 static const unsigned char pExampleECParamDER[] = {
380 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07
384 typedef struct APK_DATA_st {
385 const unsigned char *kder;
391 int type; /* 0 for private, 1 for public, 2 for params */
394 static APK_DATA keydata[] = {
395 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), EVP_PKEY_RSA},
396 {kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), EVP_PKEY_RSA},
397 #ifndef OPENSSL_NO_EC
398 {kExampleECKeyDER, sizeof(kExampleECKeyDER), EVP_PKEY_EC}
402 static APK_DATA keycheckdata[] = {
403 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), EVP_PKEY_RSA, 1, 1, 1, 0},
404 {kExampleBadRSAKeyDER, sizeof(kExampleBadRSAKeyDER), EVP_PKEY_RSA,
406 #ifndef OPENSSL_NO_EC
407 {kExampleECKeyDER, sizeof(kExampleECKeyDER), EVP_PKEY_EC, 1, 1, 1, 0},
408 /* group is also associated in our pub key */
409 {kExampleECPubKeyDER, sizeof(kExampleECPubKeyDER), EVP_PKEY_EC, 0, 1, 1, 1},
410 {pExampleECParamDER, sizeof(pExampleECParamDER), EVP_PKEY_EC, 0, 0, 1, 2}
414 static EVP_PKEY *load_example_key(const char *keytype,
415 const unsigned char *data, size_t data_len)
417 const unsigned char **pdata = &data;
418 EVP_PKEY *pkey = NULL;
419 OSSL_DECODER_CTX *dctx =
420 OSSL_DECODER_CTX_new_by_EVP_PKEY(&pkey, "DER", NULL, keytype, 0,
423 /* |pkey| will be NULL on error */
424 (void)OSSL_DECODER_from_data(dctx, pdata, &data_len);
425 OSSL_DECODER_CTX_free(dctx);
429 static EVP_PKEY *load_example_rsa_key(void)
431 return load_example_key("RSA", kExampleRSAKeyDER,
432 sizeof(kExampleRSAKeyDER));
435 #ifndef OPENSSL_NO_DSA
436 static EVP_PKEY *load_example_dsa_key(void)
438 return load_example_key("DSA", kExampleDSAKeyDER,
439 sizeof(kExampleDSAKeyDER));
443 static EVP_PKEY *load_example_hmac_key(void)
445 EVP_PKEY *pkey = NULL;
446 unsigned char key[] = {
447 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
448 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
449 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
452 pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, NULL, key, sizeof(key));
459 static int test_EVP_set_default_properties(void)
465 if (!TEST_ptr(ctx = OSSL_LIB_CTX_new())
466 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
471 if (!TEST_true(EVP_set_default_properties(ctx, "provider=fizzbang"))
472 || !TEST_ptr_null(md = EVP_MD_fetch(ctx, "sha256", NULL))
473 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", "-provider")))
478 if (!TEST_true(EVP_set_default_properties(ctx, NULL))
479 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
484 OSSL_LIB_CTX_free(ctx);
488 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA)
490 * Test combinations of private, public, missing and private + public key
491 * params to ensure they are all accepted
493 static int test_EVP_PKEY_ffc_priv_pub(char *keytype)
495 OSSL_PARAM_BLD *bld = NULL;
496 OSSL_PARAM *params = NULL;
497 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
498 EVP_PKEY_CTX *pctx = NULL;
499 EVP_PKEY *pkey = NULL;
503 * Setup the parameters for our pkey object. For our purposes they don't
504 * have to actually be *valid* parameters. We just need to set something.
506 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, keytype, NULL))
507 || !TEST_ptr(p = BN_new())
508 || !TEST_ptr(q = BN_new())
509 || !TEST_ptr(g = BN_new())
510 || !TEST_ptr(pub = BN_new())
511 || !TEST_ptr(priv = BN_new()))
514 /* Test !priv and !pub */
515 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
516 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
517 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
518 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g)))
520 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
523 if (!TEST_int_gt(EVP_PKEY_key_fromdata_init(pctx), 0)
524 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, params), 0))
532 OSSL_PARAM_BLD_free_params(params);
533 OSSL_PARAM_BLD_free(bld);
535 /* Test priv and !pub */
536 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
537 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
538 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
539 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
540 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
543 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
546 if (!TEST_int_gt(EVP_PKEY_key_fromdata_init(pctx), 0)
547 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, params), 0))
555 OSSL_PARAM_BLD_free_params(params);
556 OSSL_PARAM_BLD_free(bld);
558 /* Test !priv and pub */
559 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
560 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
561 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
562 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
563 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
566 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
569 if (!TEST_int_gt(EVP_PKEY_key_fromdata_init(pctx), 0)
570 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, params), 0))
578 OSSL_PARAM_BLD_free_params(params);
579 OSSL_PARAM_BLD_free(bld);
581 /* Test priv and pub */
582 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
583 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
584 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
585 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
586 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
588 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
591 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
594 if (!TEST_int_gt(EVP_PKEY_key_fromdata_init(pctx), 0)
595 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, params), 0))
604 EVP_PKEY_CTX_free(pctx);
605 OSSL_PARAM_BLD_free_params(params);
606 OSSL_PARAM_BLD_free(bld);
615 #endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA */
617 static int test_EVP_Enveloped(void)
620 EVP_CIPHER_CTX *ctx = NULL;
621 EVP_PKEY *keypair = NULL;
622 unsigned char *kek = NULL;
623 unsigned char iv[EVP_MAX_IV_LENGTH];
624 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8 };
625 int len, kek_len, ciphertext_len, plaintext_len;
626 unsigned char ciphertext[32], plaintext[16];
627 const EVP_CIPHER *type = EVP_aes_256_cbc();
629 if (!TEST_ptr(keypair = load_example_rsa_key())
630 || !TEST_ptr(kek = OPENSSL_zalloc(EVP_PKEY_size(keypair)))
631 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
632 || !TEST_true(EVP_SealInit(ctx, type, &kek, &kek_len, iv,
634 || !TEST_true(EVP_SealUpdate(ctx, ciphertext, &ciphertext_len,
636 || !TEST_true(EVP_SealFinal(ctx, ciphertext + ciphertext_len,
640 ciphertext_len += len;
642 if (!TEST_true(EVP_OpenInit(ctx, type, kek, kek_len, iv, keypair))
643 || !TEST_true(EVP_OpenUpdate(ctx, plaintext, &plaintext_len,
644 ciphertext, ciphertext_len))
645 || !TEST_true(EVP_OpenFinal(ctx, plaintext + plaintext_len, &len)))
648 plaintext_len += len;
649 if (!TEST_mem_eq(msg, sizeof(msg), plaintext, plaintext_len))
655 EVP_PKEY_free(keypair);
656 EVP_CIPHER_CTX_free(ctx);
661 * Test 0: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, RSA)
662 * Test 1: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, DSA)
663 * Test 2: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, HMAC)
664 * Test 3: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, RSA)
665 * Test 4: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, DSA)
666 * Test 5: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch diegst, HMAC)
667 * Test 6: Use an MD BIO to do the Update calls instead (RSA)
668 * Test 7: Use an MD BIO to do the Update calls instead (DSA)
669 * Test 8: Use an MD BIO to do the Update calls instead (HMAC)
671 static int test_EVP_DigestSignInit(int tst)
674 EVP_PKEY *pkey = NULL;
675 unsigned char *sig = NULL;
677 EVP_MD_CTX *md_ctx = NULL, *md_ctx_verify = NULL;
678 EVP_MD_CTX *a_md_ctx = NULL, *a_md_ctx_verify = NULL;
679 BIO *mdbio = NULL, *membio = NULL;
682 EVP_MD *mdexp = NULL;
685 membio = BIO_new(BIO_s_mem());
686 mdbio = BIO_new(BIO_f_md());
687 if (!TEST_ptr(membio) || !TEST_ptr(mdbio))
689 BIO_push(mdbio, membio);
690 if (!TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx), 0))
693 if (!TEST_ptr(a_md_ctx = md_ctx = EVP_MD_CTX_new())
694 || !TEST_ptr(a_md_ctx_verify = md_ctx_verify = EVP_MD_CTX_new()))
698 if (tst == 0 || tst == 3 || tst == 6) {
699 if (!TEST_ptr(pkey = load_example_rsa_key()))
701 } else if (tst == 1 || tst == 4 || tst == 7) {
702 #ifndef OPENSSL_NO_DSA
703 if (!TEST_ptr(pkey = load_example_dsa_key()))
710 if (!TEST_ptr(pkey = load_example_hmac_key()))
714 if (tst >= 3 && tst <= 5)
715 md = mdexp = EVP_MD_fetch(NULL, "SHA256", NULL);
719 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, md, NULL, pkey)))
723 if (!BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written))
726 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
730 /* Determine the size of the signature. */
731 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len))
732 || !TEST_ptr(sig = OPENSSL_malloc(sig_len))
733 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
737 if (!TEST_int_gt(BIO_reset(mdbio), 0)
738 || !TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx_verify), 0))
743 * Ensure that the signature round-trips (Verification isn't supported for
744 * HMAC via EVP_DigestVerify*)
746 if (tst != 2 && tst != 5 && tst != 8) {
747 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, md,
752 if (!TEST_true(BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written)))
755 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg,
759 if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)))
768 EVP_MD_CTX_free(a_md_ctx);
769 EVP_MD_CTX_free(a_md_ctx_verify);
777 static int test_EVP_DigestVerifyInit(void)
780 EVP_PKEY *pkey = NULL;
781 EVP_MD_CTX *md_ctx = NULL;
783 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new())
784 || !TEST_ptr(pkey = load_example_rsa_key()))
787 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, EVP_sha256(), NULL, pkey))
788 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)))
789 || !TEST_true(EVP_DigestVerifyFinal(md_ctx, kSignature,
790 sizeof(kSignature))))
795 EVP_MD_CTX_free(md_ctx);
801 * Test corner cases of EVP_DigestInit/Update/Final API call behavior.
803 static int test_EVP_Digest(void)
806 EVP_MD_CTX *md_ctx = NULL;
807 unsigned char md[EVP_MAX_MD_SIZE];
809 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
812 if (!TEST_true(EVP_DigestInit_ex(md_ctx, EVP_sha256(), NULL))
813 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
814 || !TEST_true(EVP_DigestFinal(md_ctx, md, NULL))
815 /* EVP_DigestFinal resets the EVP_MD_CTX. */
816 || !TEST_ptr_eq(EVP_MD_CTX_md(md_ctx), NULL))
819 if (!TEST_true(EVP_DigestInit_ex(md_ctx, EVP_sha256(), NULL))
820 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
821 || !TEST_true(EVP_DigestFinal_ex(md_ctx, md, NULL))
822 /* EVP_DigestFinal_ex does not reset the EVP_MD_CTX. */
823 || !TEST_ptr(EVP_MD_CTX_md(md_ctx))
825 * EVP_DigestInit_ex with NULL type should work on
826 * pre-initialized context.
828 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
831 if (!TEST_true(EVP_DigestInit_ex(md_ctx, EVP_shake256(), NULL))
832 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
833 || !TEST_true(EVP_DigestFinalXOF(md_ctx, md, sizeof(md)))
834 /* EVP_DigestFinalXOF does not reset the EVP_MD_CTX. */
835 || !TEST_ptr(EVP_MD_CTX_md(md_ctx))
836 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
841 EVP_MD_CTX_free(md_ctx);
845 static int test_d2i_AutoPrivateKey(int i)
848 const unsigned char *p;
849 EVP_PKEY *pkey = NULL;
850 const APK_DATA *ak = &keydata[i];
851 const unsigned char *input = ak->kder;
852 size_t input_len = ak->size;
853 int expected_id = ak->evptype;
856 if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len))
857 || !TEST_ptr_eq(p, input + input_len)
858 || !TEST_int_eq(EVP_PKEY_id(pkey), expected_id))
868 #ifndef OPENSSL_NO_EC
870 static const unsigned char ec_public_sect163k1_validxy[] = {
871 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
872 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
873 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
874 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x02, 0xd1, 0x7b,
875 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
876 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
879 static const unsigned char ec_public_sect163k1_badx[] = {
880 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
881 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
882 0x0a, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
883 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0xb0, 0x02, 0xd1, 0x7b,
884 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
885 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
888 static const unsigned char ec_public_sect163k1_bady[] = {
889 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
890 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
891 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
892 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x0a, 0xd1, 0x7b,
893 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
894 0x6a, 0xd8, 0x17, 0x65, 0x41, 0xe6
897 static struct ec_der_pub_keys_st {
898 const unsigned char *der;
901 } ec_der_pub_keys[] = {
902 { ec_public_sect163k1_validxy, sizeof(ec_public_sect163k1_validxy), 1 },
903 { ec_public_sect163k1_badx, sizeof(ec_public_sect163k1_badx), 0 },
904 { ec_public_sect163k1_bady, sizeof(ec_public_sect163k1_bady), 0 },
908 * Tests the range of the decoded EC char2 public point.
909 * See ec_GF2m_simple_oct2point().
911 static int test_invalide_ec_char2_pub_range_decode(int id)
915 EC_KEY *eckey = NULL;
917 if (!TEST_ptr(bio = BIO_new_mem_buf(ec_der_pub_keys[id].der,
918 ec_der_pub_keys[id].len)))
920 eckey = d2i_EC_PUBKEY_bio(bio, NULL);
921 ret = (ec_der_pub_keys[id].valid && TEST_ptr(eckey))
922 || TEST_ptr_null(eckey);
929 /* Tests loading a bad key in PKCS8 format */
930 static int test_EVP_PKCS82PKEY(void)
933 const unsigned char *derp = kExampleBadECKeyDER;
934 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
935 EVP_PKEY *pkey = NULL;
937 if (!TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &derp,
938 sizeof(kExampleBadECKeyDER))))
941 if (!TEST_ptr_eq(derp,
942 kExampleBadECKeyDER + sizeof(kExampleBadECKeyDER)))
945 if (!TEST_ptr_null(pkey = EVP_PKCS82PKEY(p8inf)))
951 PKCS8_PRIV_KEY_INFO_free(p8inf);
958 /* This uses kExampleRSAKeyDER and kExampleRSAKeyPKCS8 to verify encoding */
959 static int test_privatekey_to_pkcs8(void)
961 EVP_PKEY *pkey = NULL;
967 if (!TEST_ptr(membio = BIO_new(BIO_s_mem()))
968 || !TEST_ptr(pkey = load_example_rsa_key())
969 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL,
970 NULL, 0, NULL, NULL),
972 || !TEST_int_gt(membuf_len = BIO_get_mem_data(membio, &membuf), 0)
974 || !TEST_mem_eq(membuf, (size_t)membuf_len,
975 kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8))
977 * We try to write PEM as well, just to see that it doesn't err, but
978 * assume that the result is correct.
980 || !TEST_int_gt(PEM_write_bio_PKCS8PrivateKey(membio, pkey, NULL,
981 NULL, 0, NULL, NULL),
988 BIO_free_all(membio);
992 #ifndef OPENSSL_NO_EC
993 static const struct {
995 const char *encoding_name;
997 { OPENSSL_EC_EXPLICIT_CURVE, OSSL_PKEY_EC_ENCODING_EXPLICIT },
998 { OPENSSL_EC_NAMED_CURVE, OSSL_PKEY_EC_ENCODING_GROUP }
1001 static int ec_export_get_encoding_cb(const OSSL_PARAM params[], void *arg)
1003 const OSSL_PARAM *p;
1004 const char *enc_name = NULL;
1010 if (!TEST_ptr(p = OSSL_PARAM_locate_const(params,
1011 OSSL_PKEY_PARAM_EC_ENCODING))
1012 || !TEST_true(OSSL_PARAM_get_utf8_string_ptr(p, &enc_name)))
1015 for (i = 0; i < OSSL_NELEM(ec_encodings); i++) {
1016 if (strcasecmp(enc_name, ec_encodings[i].encoding_name) == 0) {
1017 *enc = ec_encodings[i].encoding;
1022 return (*enc != -1);
1025 static int test_EC_keygen_with_enc(int idx)
1027 EVP_PKEY *params = NULL, *key = NULL;
1028 EVP_PKEY_CTX *pctx = NULL, *kctx = NULL;
1032 enc = ec_encodings[idx].encoding;
1034 /* Create key parameters */
1035 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "EC", NULL))
1036 || !TEST_true(EVP_PKEY_paramgen_init(pctx))
1037 || !TEST_true(EVP_PKEY_CTX_set_group_name(pctx, "P-256"))
1038 || !TEST_true(EVP_PKEY_CTX_set_ec_param_enc(pctx, enc))
1039 || !TEST_true(EVP_PKEY_paramgen(pctx, ¶ms))
1040 || !TEST_ptr(params))
1044 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx, params, NULL))
1045 || !TEST_true(EVP_PKEY_keygen_init(kctx))
1046 || !TEST_true(EVP_PKEY_keygen(kctx, &key))
1050 /* Check that the encoding got all the way into the key */
1051 if (!TEST_true(evp_keymgmt_util_export(key, OSSL_KEYMGMT_SELECT_ALL,
1052 ec_export_get_encoding_cb, &enc))
1053 || !TEST_int_eq(enc, ec_encodings[idx].encoding))
1059 EVP_PKEY_free(params);
1060 EVP_PKEY_CTX_free(kctx);
1061 EVP_PKEY_CTX_free(pctx);
1066 #if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
1068 static int test_EVP_SM2_verify(void)
1070 const char *pubkey =
1071 "-----BEGIN PUBLIC KEY-----\n"
1072 "MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEp1KLWq1ZE2jmoAnnBJE1LBGxVr18\n"
1073 "YvvqECWCpXfAQ9qUJ+UmthnUPf0iM3SaXKHe6PlLIDyNlWMWb9RUh/yU3g==\n"
1074 "-----END PUBLIC KEY-----\n";
1076 const char *msg = "message digest";
1077 const char *id = "ALICE123@YAHOO.COM";
1079 const uint8_t signature[] = {
1080 0x30, 0x44, 0x02, 0x20, 0x5b, 0xdb, 0xab, 0x81, 0x4f, 0xbb,
1081 0x8b, 0x69, 0xb1, 0x05, 0x9c, 0x99, 0x3b, 0xb2, 0x45, 0x06,
1082 0x4a, 0x30, 0x15, 0x59, 0x84, 0xcd, 0xee, 0x30, 0x60, 0x36,
1083 0x57, 0x87, 0xef, 0x5c, 0xd0, 0xbe, 0x02, 0x20, 0x43, 0x8d,
1084 0x1f, 0xc7, 0x77, 0x72, 0x39, 0xbb, 0x72, 0xe1, 0xfd, 0x07,
1085 0x58, 0xd5, 0x82, 0xc8, 0x2d, 0xba, 0x3b, 0x2c, 0x46, 0x24,
1086 0xe3, 0x50, 0xff, 0x04, 0xc7, 0xa0, 0x71, 0x9f, 0xa4, 0x70
1091 EVP_PKEY *pkey = NULL;
1092 EVP_MD_CTX *mctx = NULL;
1093 EVP_PKEY_CTX *pctx = NULL;
1095 bio = BIO_new_mem_buf(pubkey, strlen(pubkey));
1096 if (!TEST_true(bio != NULL))
1099 pkey = PEM_read_bio_PUBKEY(bio, NULL, NULL, NULL);
1100 if (!TEST_true(pkey != NULL))
1103 if (!TEST_true(EVP_PKEY_is_a(pkey, "SM2")))
1106 if (!TEST_ptr(mctx = EVP_MD_CTX_new()))
1109 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new(pkey, NULL)))
1112 EVP_MD_CTX_set_pkey_ctx(mctx, pctx);
1114 if (!TEST_true(EVP_DigestVerifyInit(mctx, NULL, EVP_sm3(), NULL, pkey)))
1117 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(pctx, id, strlen(id)), 0))
1120 if (!TEST_true(EVP_DigestVerifyUpdate(mctx, msg, strlen(msg))))
1123 if (!TEST_true(EVP_DigestVerifyFinal(mctx, signature, sizeof(signature))))
1129 EVP_PKEY_free(pkey);
1130 EVP_PKEY_CTX_free(pctx);
1131 EVP_MD_CTX_free(mctx);
1135 static int test_EVP_SM2(void)
1138 EVP_PKEY *pkey = NULL;
1139 EVP_PKEY *pkeyparams = NULL;
1140 EVP_PKEY_CTX *pctx = NULL;
1141 EVP_PKEY_CTX *kctx = NULL;
1142 EVP_PKEY_CTX *sctx = NULL;
1144 unsigned char *sig = NULL;
1145 EVP_MD_CTX *md_ctx = NULL;
1146 EVP_MD_CTX *md_ctx_verify = NULL;
1147 EVP_PKEY_CTX *cctx = NULL;
1149 uint8_t ciphertext[128];
1150 size_t ctext_len = sizeof(ciphertext);
1152 uint8_t plaintext[8];
1153 size_t ptext_len = sizeof(plaintext);
1155 uint8_t sm2_id[] = {1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r'};
1157 OSSL_PARAM sparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
1158 OSSL_PARAM gparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
1162 pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_SM2, NULL);
1163 if (!TEST_ptr(pctx))
1166 if (!TEST_true(EVP_PKEY_paramgen_init(pctx) == 1))
1169 /* TODO is this even needed? */
1170 if (!TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, NID_sm2)))
1173 if (!TEST_true(EVP_PKEY_paramgen(pctx, &pkeyparams)))
1176 kctx = EVP_PKEY_CTX_new(pkeyparams, NULL);
1177 if (!TEST_ptr(kctx))
1180 if (!TEST_true(EVP_PKEY_keygen_init(kctx)))
1183 if (!TEST_true(EVP_PKEY_keygen(kctx, &pkey)))
1186 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1189 if (!TEST_ptr(md_ctx_verify = EVP_MD_CTX_new()))
1192 if (!TEST_ptr(sctx = EVP_PKEY_CTX_new(pkey, NULL)))
1195 EVP_MD_CTX_set_pkey_ctx(md_ctx, sctx);
1196 EVP_MD_CTX_set_pkey_ctx(md_ctx_verify, sctx);
1198 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, EVP_sm3(), NULL, pkey)))
1201 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
1204 if(!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
1207 /* Determine the size of the signature. */
1208 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len)))
1211 if (!TEST_ptr(sig = OPENSSL_malloc(sig_len)))
1214 if (!TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
1217 /* Ensure that the signature round-trips. */
1219 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, EVP_sm3(), NULL, pkey)))
1222 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
1225 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg))))
1228 if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)))
1231 /* now check encryption/decryption */
1233 gparams[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
1234 mdname, sizeof(mdname));
1235 for (i = 0; i < 2; i++) {
1236 EVP_PKEY_CTX_free(cctx);
1238 sparams[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
1239 i == 0 ? "SM3" : "SHA2-256",
1242 if (!TEST_ptr(cctx = EVP_PKEY_CTX_new(pkey, NULL)))
1245 if (!TEST_true(EVP_PKEY_encrypt_init(cctx)))
1248 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
1251 if (!TEST_true(EVP_PKEY_encrypt(cctx, ciphertext, &ctext_len, kMsg,
1255 if (!TEST_true(EVP_PKEY_decrypt_init(cctx)))
1258 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
1261 if (!TEST_true(EVP_PKEY_decrypt(cctx, plaintext, &ptext_len, ciphertext,
1265 if (!TEST_true(EVP_PKEY_CTX_get_params(cctx, gparams)))
1268 /* Test we're still using the digest we think we are */
1269 if (i == 0 && !TEST_int_eq(strcmp(mdname, "SM3"), 0))
1271 if (i == 1 && !TEST_int_eq(strcmp(mdname, "SHA2-256"), 0))
1274 if (!TEST_true(ptext_len == sizeof(kMsg)))
1277 if (!TEST_true(memcmp(plaintext, kMsg, sizeof(kMsg)) == 0))
1283 EVP_PKEY_CTX_free(pctx);
1284 EVP_PKEY_CTX_free(kctx);
1285 EVP_PKEY_CTX_free(sctx);
1286 EVP_PKEY_CTX_free(cctx);
1287 EVP_PKEY_free(pkey);
1288 EVP_PKEY_free(pkeyparams);
1289 EVP_MD_CTX_free(md_ctx);
1290 EVP_MD_CTX_free(md_ctx_verify);
1297 static struct keys_st {
1303 EVP_PKEY_HMAC, "0123456789", NULL
1305 EVP_PKEY_POLY1305, "01234567890123456789012345678901", NULL
1307 EVP_PKEY_SIPHASH, "0123456789012345", NULL
1309 #ifndef OPENSSL_NO_EC
1311 EVP_PKEY_X25519, "01234567890123456789012345678901",
1312 "abcdefghijklmnopqrstuvwxyzabcdef"
1314 EVP_PKEY_ED25519, "01234567890123456789012345678901",
1315 "abcdefghijklmnopqrstuvwxyzabcdef"
1318 "01234567890123456789012345678901234567890123456789012345",
1319 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd"
1322 "012345678901234567890123456789012345678901234567890123456",
1323 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcde"
1328 static int test_set_get_raw_keys_int(int tst, int pub, int uselibctx)
1331 unsigned char buf[80];
1333 size_t inlen, len = 0;
1336 /* Check if this algorithm supports public keys */
1337 if (keys[tst].pub == NULL)
1340 memset(buf, 0, sizeof(buf));
1343 inlen = strlen(keys[tst].pub);
1344 in = (unsigned char *)keys[tst].pub;
1346 pkey = EVP_PKEY_new_raw_public_key_ex(
1348 OBJ_nid2sn(keys[tst].type),
1353 pkey = EVP_PKEY_new_raw_public_key(keys[tst].type,
1359 inlen = strlen(keys[tst].priv);
1360 in = (unsigned char *)keys[tst].priv;
1362 pkey = EVP_PKEY_new_raw_private_key_ex(
1363 testctx, OBJ_nid2sn(keys[tst].type),
1368 pkey = EVP_PKEY_new_raw_private_key(keys[tst].type,
1376 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, NULL, &len)))
1377 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, NULL, &len)))
1378 || !TEST_true(len == inlen)
1379 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, buf, &len)))
1380 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, buf, &len)))
1381 || !TEST_mem_eq(in, inlen, buf, len))
1386 EVP_PKEY_free(pkey);
1390 static int test_set_get_raw_keys(int tst)
1392 return test_set_get_raw_keys_int(tst, 0, 0)
1393 && test_set_get_raw_keys_int(tst, 0, 1)
1394 && test_set_get_raw_keys_int(tst, 1, 0)
1395 && test_set_get_raw_keys_int(tst, 1, 1);
1398 #ifndef OPENSSL_NO_DEPRECATED_3_0
1399 static int pkey_custom_check(EVP_PKEY *pkey)
1404 static int pkey_custom_pub_check(EVP_PKEY *pkey)
1409 static int pkey_custom_param_check(EVP_PKEY *pkey)
1414 static EVP_PKEY_METHOD *custom_pmeth;
1417 static int test_EVP_PKEY_check(int i)
1420 const unsigned char *p;
1421 EVP_PKEY *pkey = NULL;
1422 #ifndef OPENSSL_NO_EC
1423 EC_KEY *eckey = NULL;
1425 EVP_PKEY_CTX *ctx = NULL;
1426 #ifndef OPENSSL_NO_DEPRECATED_3_0
1427 EVP_PKEY_CTX *ctx2 = NULL;
1429 const APK_DATA *ak = &keycheckdata[i];
1430 const unsigned char *input = ak->kder;
1431 size_t input_len = ak->size;
1432 int expected_id = ak->evptype;
1433 int expected_check = ak->check;
1434 int expected_pub_check = ak->pub_check;
1435 int expected_param_check = ak->param_check;
1436 int type = ak->type;
1443 if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len))
1444 || !TEST_ptr_eq(p, input + input_len)
1445 || !TEST_int_eq(EVP_PKEY_id(pkey), expected_id))
1448 #ifndef OPENSSL_NO_EC
1450 if (!TEST_ptr(pubkey = BIO_new_mem_buf(input, input_len))
1451 || !TEST_ptr(eckey = d2i_EC_PUBKEY_bio(pubkey, NULL))
1452 || !TEST_ptr(pkey = EVP_PKEY_new())
1453 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
1457 if (!TEST_ptr(eckey = d2i_ECParameters(NULL, &p, input_len))
1458 || !TEST_ptr_eq(p, input + input_len)
1459 || !TEST_ptr(pkey = EVP_PKEY_new())
1460 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
1468 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new(pkey, NULL)))
1471 if (!TEST_int_eq(EVP_PKEY_check(ctx), expected_check))
1474 if (!TEST_int_eq(EVP_PKEY_public_check(ctx), expected_pub_check))
1477 if (!TEST_int_eq(EVP_PKEY_param_check(ctx), expected_param_check))
1480 #ifndef OPENSSL_NO_DEPRECATED_3_0
1481 ctx2 = EVP_PKEY_CTX_new_id(0xdefaced, NULL);
1482 /* assign the pkey directly, as an internal test */
1483 EVP_PKEY_up_ref(pkey);
1486 if (!TEST_int_eq(EVP_PKEY_check(ctx2), 0xbeef))
1489 if (!TEST_int_eq(EVP_PKEY_public_check(ctx2), 0xbeef))
1492 if (!TEST_int_eq(EVP_PKEY_param_check(ctx2), 0xbeef))
1499 EVP_PKEY_CTX_free(ctx);
1500 #ifndef OPENSSL_NO_DEPRECATED_3_0
1501 EVP_PKEY_CTX_free(ctx2);
1503 EVP_PKEY_free(pkey);
1508 #ifndef OPENSSL_NO_CMAC
1509 static int get_cmac_val(EVP_PKEY *pkey, unsigned char *mac)
1511 EVP_MD_CTX *mdctx = EVP_MD_CTX_new();
1512 const char msg[] = "Hello World";
1516 if (!TEST_ptr(mdctx)
1517 || !TEST_true(EVP_DigestSignInit(mdctx, NULL, NULL, NULL, pkey))
1518 || !TEST_true(EVP_DigestSignUpdate(mdctx, msg, sizeof(msg)))
1519 || !TEST_true(EVP_DigestSignFinal(mdctx, mac, &maclen))
1520 || !TEST_size_t_eq(maclen, AES_BLOCK_SIZE))
1523 EVP_MD_CTX_free(mdctx);
1527 static int test_CMAC_keygen(void)
1529 static unsigned char key[] = {
1530 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
1531 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
1532 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
1535 * This is a legacy method for CMACs, but should still work.
1536 * This verifies that it works without an ENGINE.
1538 EVP_PKEY_CTX *kctx = EVP_PKEY_CTX_new_id(EVP_PKEY_CMAC, NULL);
1540 EVP_PKEY *pkey = NULL;
1541 unsigned char mac[AES_BLOCK_SIZE];
1542 # if !defined(OPENSSL_NO_DEPRECATED_3_0)
1543 unsigned char mac2[AES_BLOCK_SIZE];
1546 /* Test a CMAC key created using the "generated" method */
1547 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0)
1548 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
1549 EVP_PKEY_CTRL_CIPHER,
1550 0, (void *)EVP_aes_256_ecb()), 0)
1551 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
1552 EVP_PKEY_CTRL_SET_MAC_KEY,
1553 sizeof(key), (void *)key), 0)
1554 || !TEST_int_gt(EVP_PKEY_keygen(kctx, &pkey), 0)
1556 || !TEST_true(get_cmac_val(pkey, mac)))
1559 # if !defined(OPENSSL_NO_DEPRECATED_3_0)
1560 EVP_PKEY_free(pkey);
1563 * Test a CMAC key using the direct method, and compare with the mac
1566 pkey = EVP_PKEY_new_CMAC_key(NULL, key, sizeof(key), EVP_aes_256_ecb());
1568 || !TEST_true(get_cmac_val(pkey, mac2))
1569 || !TEST_mem_eq(mac, sizeof(mac), mac2, sizeof(mac2)))
1576 EVP_PKEY_free(pkey);
1577 EVP_PKEY_CTX_free(kctx);
1582 static int test_HKDF(void)
1585 unsigned char out[20];
1588 unsigned char salt[] = "0123456789";
1589 unsigned char key[] = "012345678901234567890123456789";
1590 unsigned char info[] = "infostring";
1591 const unsigned char expected[] = {
1592 0xe5, 0x07, 0x70, 0x7f, 0xc6, 0x78, 0xd6, 0x54, 0x32, 0x5f, 0x7e, 0xc5,
1593 0x7b, 0x59, 0x3e, 0xd8, 0x03, 0x6b, 0xed, 0xca
1595 size_t expectedlen = sizeof(expected);
1597 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL)))
1600 /* We do this twice to test reuse of the EVP_PKEY_CTX */
1601 for (i = 0; i < 2; i++) {
1602 outlen = sizeof(out);
1603 memset(out, 0, outlen);
1605 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
1606 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
1607 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
1608 sizeof(salt) - 1), 0)
1609 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
1610 sizeof(key) - 1), 0)
1611 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
1612 sizeof(info) - 1), 0)
1613 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
1614 || !TEST_mem_eq(out, outlen, expected, expectedlen))
1621 EVP_PKEY_CTX_free(pctx);
1626 static int test_emptyikm_HKDF(void)
1629 unsigned char out[20];
1632 unsigned char salt[] = "9876543210";
1633 unsigned char key[] = "";
1634 unsigned char info[] = "stringinfo";
1635 const unsigned char expected[] = {
1636 0x68, 0x81, 0xa5, 0x3e, 0x5b, 0x9c, 0x7b, 0x6f, 0x2e, 0xec, 0xc8, 0x47,
1637 0x7c, 0xfa, 0x47, 0x35, 0x66, 0x82, 0x15, 0x30
1639 size_t expectedlen = sizeof(expected);
1641 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL)))
1644 outlen = sizeof(out);
1645 memset(out, 0, outlen);
1647 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
1648 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
1649 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
1650 sizeof(salt) - 1), 0)
1651 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
1652 sizeof(key) - 1), 0)
1653 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
1654 sizeof(info) - 1), 0)
1655 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
1656 || !TEST_mem_eq(out, outlen, expected, expectedlen))
1662 EVP_PKEY_CTX_free(pctx);
1667 #ifndef OPENSSL_NO_EC
1668 static int test_X509_PUBKEY_inplace(void)
1671 X509_PUBKEY *xp = NULL;
1672 const unsigned char *p = kExampleECPubKeyDER;
1673 size_t input_len = sizeof(kExampleECPubKeyDER);
1675 if (!TEST_ptr(xp = d2i_X509_PUBKEY(NULL, &p, input_len)))
1678 if (!TEST_ptr(X509_PUBKEY_get0(xp)))
1681 p = kExampleBadECPubKeyDER;
1682 input_len = sizeof(kExampleBadECPubKeyDER);
1684 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len)))
1687 if (!TEST_true(X509_PUBKEY_get0(xp) == NULL))
1693 X509_PUBKEY_free(xp);
1696 #endif /* OPENSSL_NO_EC */
1698 /* Test getting and setting parameters on an EVP_PKEY_CTX */
1699 static int test_EVP_PKEY_CTX_get_set_params(EVP_PKEY *pkey)
1701 EVP_MD_CTX *mdctx = NULL;
1702 EVP_PKEY_CTX *ctx = NULL;
1703 const OSSL_PARAM *params;
1704 OSSL_PARAM ourparams[2], *param = ourparams, *param_md;
1707 char mdname[OSSL_MAX_NAME_SIZE];
1710 /* Initialise a sign operation */
1711 ctx = EVP_PKEY_CTX_new(pkey, NULL);
1713 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0))
1717 * We should be able to query the parameters now.
1719 params = EVP_PKEY_CTX_settable_params(ctx);
1720 if (!TEST_ptr(params)
1721 || !TEST_ptr(OSSL_PARAM_locate_const(params,
1722 OSSL_SIGNATURE_PARAM_DIGEST)))
1725 params = EVP_PKEY_CTX_gettable_params(ctx);
1726 if (!TEST_ptr(params)
1727 || !TEST_ptr(OSSL_PARAM_locate_const(params,
1728 OSSL_SIGNATURE_PARAM_ALGORITHM_ID))
1729 || !TEST_ptr(OSSL_PARAM_locate_const(params,
1730 OSSL_SIGNATURE_PARAM_DIGEST)))
1734 * Test getting and setting params via EVP_PKEY_CTX_set_params() and
1735 * EVP_PKEY_CTX_get_params()
1737 strcpy(mdname, "SHA512");
1739 *param++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
1741 *param++ = OSSL_PARAM_construct_end();
1743 if (!TEST_true(EVP_PKEY_CTX_set_params(ctx, ourparams)))
1747 *param_md = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
1748 mdname, sizeof(mdname));
1749 if (!TEST_true(EVP_PKEY_CTX_get_params(ctx, ourparams))
1750 || !TEST_str_eq(mdname, "SHA512"))
1754 * Test the TEST_PKEY_CTX_set_signature_md() and
1755 * TEST_PKEY_CTX_get_signature_md() functions
1757 if (!TEST_int_gt(EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()), 0)
1758 || !TEST_int_gt(EVP_PKEY_CTX_get_signature_md(ctx, &md), 0)
1759 || !TEST_ptr_eq(md, EVP_sha256()))
1763 * Test getting MD parameters via an associated EVP_PKEY_CTX
1765 mdctx = EVP_MD_CTX_new();
1766 if (!TEST_ptr(mdctx)
1767 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, "SHA1", NULL, NULL,
1772 * We now have an EVP_MD_CTX with an EVP_PKEY_CTX inside it. We should be
1773 * able to obtain the digest's settable parameters from the provider.
1775 params = EVP_MD_CTX_settable_params(mdctx);
1776 if (!TEST_ptr(params)
1777 || !TEST_int_eq(strcmp(params[0].key, OSSL_DIGEST_PARAM_SSL3_MS), 0)
1778 /* The final key should be NULL */
1779 || !TEST_ptr_null(params[1].key))
1783 memset(ssl3ms, 0, sizeof(ssl3ms));
1784 *param++ = OSSL_PARAM_construct_octet_string(OSSL_DIGEST_PARAM_SSL3_MS,
1785 ssl3ms, sizeof(ssl3ms));
1786 *param++ = OSSL_PARAM_construct_end();
1788 if (!TEST_true(EVP_MD_CTX_set_params(mdctx, ourparams)))
1794 EVP_MD_CTX_free(mdctx);
1795 EVP_PKEY_CTX_free(ctx);
1800 #ifndef OPENSSL_NO_DSA
1801 static int test_DSA_get_set_params(void)
1803 OSSL_PARAM_BLD *bld = NULL;
1804 OSSL_PARAM *params = NULL;
1805 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
1806 EVP_PKEY_CTX *pctx = NULL;
1807 EVP_PKEY *pkey = NULL;
1811 * Setup the parameters for our DSA object. For our purposes they don't
1812 * have to actually be *valid* parameters. We just need to set something.
1814 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "DSA", NULL))
1815 || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
1816 || !TEST_ptr(p = BN_new())
1817 || !TEST_ptr(q = BN_new())
1818 || !TEST_ptr(g = BN_new())
1819 || !TEST_ptr(pub = BN_new())
1820 || !TEST_ptr(priv = BN_new()))
1822 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
1823 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
1824 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
1825 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
1827 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
1830 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
1833 if (!TEST_int_gt(EVP_PKEY_key_fromdata_init(pctx), 0)
1834 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, params), 0))
1837 if (!TEST_ptr(pkey))
1840 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
1843 EVP_PKEY_free(pkey);
1844 EVP_PKEY_CTX_free(pctx);
1845 OSSL_PARAM_BLD_free_params(params);
1846 OSSL_PARAM_BLD_free(bld);
1857 * Test combinations of private, public, missing and private + public key
1858 * params to ensure they are all accepted
1860 static int test_DSA_priv_pub(void)
1862 return test_EVP_PKEY_ffc_priv_pub("DSA");
1865 #endif /* !OPENSSL_NO_DSA */
1867 static int test_RSA_get_set_params(void)
1869 OSSL_PARAM_BLD *bld = NULL;
1870 OSSL_PARAM *params = NULL;
1871 BIGNUM *n = NULL, *e = NULL, *d = NULL;
1872 EVP_PKEY_CTX *pctx = NULL;
1873 EVP_PKEY *pkey = NULL;
1877 * Setup the parameters for our RSA object. For our purposes they don't
1878 * have to actually be *valid* parameters. We just need to set something.
1880 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA", NULL))
1881 || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
1882 || !TEST_ptr(n = BN_new())
1883 || !TEST_ptr(e = BN_new())
1884 || !TEST_ptr(d = BN_new()))
1886 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_N, n))
1887 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_E, e))
1888 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_D, d)))
1890 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
1893 if (!TEST_int_gt(EVP_PKEY_key_fromdata_init(pctx), 0)
1894 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, params), 0))
1897 if (!TEST_ptr(pkey))
1900 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
1903 EVP_PKEY_free(pkey);
1904 EVP_PKEY_CTX_free(pctx);
1905 OSSL_PARAM_BLD_free_params(params);
1906 OSSL_PARAM_BLD_free(bld);
1914 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
1915 static int test_decrypt_null_chunks(void)
1917 EVP_CIPHER_CTX* ctx = NULL;
1918 const unsigned char key[32] = {
1919 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
1920 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
1921 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1
1923 unsigned char iv[12] = {
1924 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b
1926 unsigned char msg[] = "It was the best of times, it was the worst of times";
1927 unsigned char ciphertext[80];
1928 unsigned char plaintext[80];
1929 /* We initialise tmp to a non zero value on purpose */
1930 int ctlen, ptlen, tmp = 99;
1932 const int enc_offset = 10, dec_offset = 20;
1934 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
1935 || !TEST_true(EVP_EncryptInit_ex(ctx, EVP_chacha20_poly1305(), NULL,
1937 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &ctlen, msg,
1939 /* Deliberate add a zero length update */
1940 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp, NULL,
1942 || !TEST_int_eq(tmp, 0)
1943 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp,
1945 sizeof(msg) - enc_offset))
1946 || !TEST_int_eq(ctlen += tmp, sizeof(msg))
1947 || !TEST_true(EVP_EncryptFinal(ctx, ciphertext + ctlen, &tmp))
1948 || !TEST_int_eq(tmp, 0))
1951 /* Deliberately initialise tmp to a non zero value */
1953 if (!TEST_true(EVP_DecryptInit_ex(ctx, EVP_chacha20_poly1305(), NULL, key,
1955 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext, &ptlen, ciphertext,
1958 * Deliberately add a zero length update. We also deliberately do
1959 * this at a different offset than for encryption.
1961 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp, NULL,
1963 || !TEST_int_eq(tmp, 0)
1964 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp,
1965 ciphertext + dec_offset,
1966 ctlen - dec_offset))
1967 || !TEST_int_eq(ptlen += tmp, sizeof(msg))
1968 || !TEST_true(EVP_DecryptFinal(ctx, plaintext + ptlen, &tmp))
1969 || !TEST_int_eq(tmp, 0)
1970 || !TEST_mem_eq(msg, sizeof(msg), plaintext, ptlen))
1975 EVP_CIPHER_CTX_free(ctx);
1978 #endif /* !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) */
1980 #ifndef OPENSSL_NO_DH
1982 * Test combinations of private, public, missing and private + public key
1983 * params to ensure they are all accepted
1985 static int test_DH_priv_pub(void)
1987 return test_EVP_PKEY_ffc_priv_pub("DH");
1990 # ifndef OPENSSL_NO_DEPRECATED_3_0
1991 static int test_EVP_PKEY_set1_DH(void)
1993 DH *x942dh = NULL, *noqdh = NULL;
1994 EVP_PKEY *pkey1 = NULL, *pkey2 = NULL;
1996 BIGNUM *p, *g = NULL;
1998 if (!TEST_ptr(p = BN_new())
1999 || !TEST_ptr(g = BN_new())
2000 || !BN_set_word(p, 9999)
2001 || !BN_set_word(g, 2)
2002 || !TEST_ptr(noqdh = DH_new())
2003 || !DH_set0_pqg(noqdh, p, NULL, g))
2007 x942dh = DH_get_2048_256();
2008 pkey1 = EVP_PKEY_new();
2009 pkey2 = EVP_PKEY_new();
2010 if (!TEST_ptr(x942dh)
2013 || !TEST_ptr(pkey2))
2016 if(!TEST_true(EVP_PKEY_set1_DH(pkey1, x942dh))
2017 || !TEST_int_eq(EVP_PKEY_id(pkey1), EVP_PKEY_DHX))
2020 if(!TEST_true(EVP_PKEY_set1_DH(pkey2, noqdh))
2021 || !TEST_int_eq(EVP_PKEY_id(pkey2), EVP_PKEY_DH))
2028 EVP_PKEY_free(pkey1);
2029 EVP_PKEY_free(pkey2);
2035 # endif /* !OPENSSL_NO_DEPRECATED_3_0 */
2036 #endif /* !OPENSSL_NO_DH */
2039 * We test what happens with an empty template. For the sake of this test,
2040 * the template must be ignored, and we know that's the case for RSA keys
2041 * (this might arguably be a misfeature, but that's what we currently do,
2042 * even in provider code, since that's how the legacy RSA implementation
2045 static int test_keygen_with_empty_template(int n)
2047 EVP_PKEY_CTX *ctx = NULL;
2048 EVP_PKEY *pkey = NULL;
2049 EVP_PKEY *tkey = NULL;
2054 /* We do test with no template at all as well */
2055 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL)))
2059 /* Here we create an empty RSA key that serves as our template */
2060 if (!TEST_ptr(tkey = EVP_PKEY_new())
2061 || !TEST_true(EVP_PKEY_set_type(tkey, EVP_PKEY_RSA))
2062 || !TEST_ptr(ctx = EVP_PKEY_CTX_new(tkey, NULL)))
2067 if (!TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
2068 || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0))
2073 EVP_PKEY_CTX_free(ctx);
2074 EVP_PKEY_free(pkey);
2075 EVP_PKEY_free(tkey);
2080 * Test that we fail if we attempt to use an algorithm that is not available
2081 * in the current library context (unless we are using an algorithm that
2082 * should be made available via legacy codepaths).
2087 static int test_pkey_ctx_fail_without_provider(int tst)
2089 OSSL_LIB_CTX *tmpctx = OSSL_LIB_CTX_new();
2090 OSSL_PROVIDER *nullprov = NULL;
2091 EVP_PKEY_CTX *pctx = NULL;
2092 const char *keytype = NULL;
2093 int expect_null = 0;
2096 if (!TEST_ptr(tmpctx))
2099 nullprov = OSSL_PROVIDER_load(tmpctx, "null");
2100 if (!TEST_ptr(nullprov))
2104 * We check for certain algos in the null provider.
2105 * If an algo is expected to have a provider keymgmt, contructing an
2106 * EVP_PKEY_CTX is expected to fail (return NULL).
2107 * Otherwise, if it's expected to have legacy support, contructing an
2108 * EVP_PKEY_CTX is expected to succeed (return non-NULL).
2118 #ifdef OPENSSL_NO_EC
2119 TEST_info("EC disable, skipping SM2 check...");
2122 #ifdef OPENSSL_NO_SM2
2123 TEST_info("SM2 disable, skipping SM2 check...");
2128 TEST_error("No test for case %d", tst);
2132 pctx = EVP_PKEY_CTX_new_from_name(tmpctx, keytype, "");
2133 if (expect_null ? !TEST_ptr_null(pctx) : !TEST_ptr(pctx))
2136 #if defined(OPENSSL_NO_EC) || defined(OPENSSL_NO_SM2)
2142 EVP_PKEY_CTX_free(pctx);
2143 OSSL_PROVIDER_unload(nullprov);
2144 OSSL_LIB_CTX_free(tmpctx);
2148 static int test_rand_agglomeration(void)
2152 OSSL_PARAM params[3], *p = params;
2154 unsigned int step = 7;
2155 static unsigned char seed[] = "It does not matter how slowly you go "
2156 "as long as you do not stop.";
2157 unsigned char out[sizeof(seed)];
2159 if (!TEST_int_ne(sizeof(seed) % step, 0)
2160 || !TEST_ptr(rand = EVP_RAND_fetch(NULL, "TEST-RAND", NULL)))
2162 ctx = EVP_RAND_CTX_new(rand, NULL);
2163 EVP_RAND_free(rand);
2167 memset(out, 0, sizeof(out));
2168 *p++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY,
2169 seed, sizeof(seed));
2170 *p++ = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_MAX_REQUEST, &step);
2171 *p = OSSL_PARAM_construct_end();
2172 res = TEST_true(EVP_RAND_set_ctx_params(ctx, params))
2173 && TEST_true(EVP_RAND_generate(ctx, out, sizeof(out), 0, 1, NULL, 0))
2174 && TEST_mem_eq(seed, sizeof(seed), out, sizeof(out));
2175 EVP_RAND_CTX_free(ctx);
2180 * Test that we correctly return the original or "running" IV after
2181 * an encryption operation.
2182 * Run multiple times for some different relevant algorithms/modes.
2184 static int test_evp_iv(int idx)
2187 EVP_CIPHER_CTX *ctx = NULL;
2188 unsigned char key[16] = {0x4c, 0x43, 0xdb, 0xdd, 0x42, 0x73, 0x47, 0xd1,
2189 0xe5, 0x62, 0x7d, 0xcd, 0x4d, 0x76, 0x4d, 0x57};
2190 unsigned char init_iv[EVP_MAX_IV_LENGTH] =
2191 {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82,
2192 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34};
2193 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8,
2194 9, 10, 11, 12, 13, 14, 15, 16 };
2195 unsigned char ciphertext[32], oiv[16], iv[16];
2196 unsigned char *ref_iv;
2197 unsigned char cbc_state[16] = {0x10, 0x2f, 0x05, 0xcc, 0xc2, 0x55, 0x72, 0xb9,
2198 0x88, 0xe6, 0x4a, 0x17, 0x10, 0x74, 0x22, 0x5e};
2200 unsigned char ofb_state[16] = {0x76, 0xe6, 0x66, 0x61, 0xd0, 0x8a, 0xe4, 0x64,
2201 0xdd, 0x66, 0xbf, 0x00, 0xf0, 0xe3, 0x6f, 0xfd};
2202 unsigned char gcm_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
2203 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
2204 unsigned char ccm_state[7] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98};
2205 #ifndef OPENSSL_NO_OCB
2206 unsigned char ocb_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
2207 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
2209 int len = sizeof(ciphertext);
2210 size_t ivlen, ref_len;
2211 const EVP_CIPHER *type = NULL;
2215 type = EVP_aes_128_cbc();
2218 type = (type != NULL) ? type :
2219 EVP_CIPHER_fetch(testctx, "aes-128-cbc", NULL);
2221 ref_len = sizeof(cbc_state);
2224 type = EVP_aes_128_ofb();
2227 type = (type != NULL) ? type :
2228 EVP_CIPHER_fetch(testctx, "aes-128-ofb", NULL);
2230 ref_len = sizeof(ofb_state);
2233 type = EVP_aes_128_gcm();
2236 type = (type != NULL) ? type :
2237 EVP_CIPHER_fetch(testctx, "aes-128-gcm", NULL);
2239 ref_len = sizeof(gcm_state);
2242 type = EVP_aes_128_ccm();
2245 type = (type != NULL) ? type :
2246 EVP_CIPHER_fetch(testctx, "aes-128-ccm", NULL);
2248 ref_len = sizeof(ccm_state);
2250 #ifdef OPENSSL_NO_OCB
2256 type = EVP_aes_128_ocb();
2259 type = (type != NULL) ? type :
2260 EVP_CIPHER_fetch(testctx, "aes-128-ocb", NULL);
2262 ref_len = sizeof(ocb_state);
2270 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new()))
2271 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv))
2272 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg,
2274 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv)))
2275 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))
2276 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len)))
2278 ivlen = EVP_CIPHER_CTX_iv_length(ctx);
2279 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen)
2280 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen))
2285 EVP_CIPHER_CTX_free(ctx);
2287 EVP_CIPHER_free((EVP_CIPHER *)type);
2291 int setup_tests(void)
2293 testctx = OSSL_LIB_CTX_new();
2295 if (!TEST_ptr(testctx))
2298 ADD_TEST(test_EVP_set_default_properties);
2299 ADD_ALL_TESTS(test_EVP_DigestSignInit, 9);
2300 ADD_TEST(test_EVP_DigestVerifyInit);
2301 ADD_TEST(test_EVP_Digest);
2302 ADD_TEST(test_EVP_Enveloped);
2303 ADD_ALL_TESTS(test_d2i_AutoPrivateKey, OSSL_NELEM(keydata));
2304 ADD_TEST(test_privatekey_to_pkcs8);
2305 #ifndef OPENSSL_NO_EC
2306 ADD_TEST(test_EVP_PKCS82PKEY);
2308 #ifndef OPENSSL_NO_EC
2309 ADD_ALL_TESTS(test_EC_keygen_with_enc, OSSL_NELEM(ec_encodings));
2311 #if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
2312 ADD_TEST(test_EVP_SM2);
2313 ADD_TEST(test_EVP_SM2_verify);
2315 ADD_ALL_TESTS(test_set_get_raw_keys, OSSL_NELEM(keys));
2316 #ifndef OPENSSL_NO_DEPRECATED_3_0
2317 custom_pmeth = EVP_PKEY_meth_new(0xdefaced, 0);
2318 if (!TEST_ptr(custom_pmeth))
2320 EVP_PKEY_meth_set_check(custom_pmeth, pkey_custom_check);
2321 EVP_PKEY_meth_set_public_check(custom_pmeth, pkey_custom_pub_check);
2322 EVP_PKEY_meth_set_param_check(custom_pmeth, pkey_custom_param_check);
2323 if (!TEST_int_eq(EVP_PKEY_meth_add0(custom_pmeth), 1))
2326 ADD_ALL_TESTS(test_EVP_PKEY_check, OSSL_NELEM(keycheckdata));
2327 #ifndef OPENSSL_NO_CMAC
2328 ADD_TEST(test_CMAC_keygen);
2330 ADD_TEST(test_HKDF);
2331 ADD_TEST(test_emptyikm_HKDF);
2332 #ifndef OPENSSL_NO_EC
2333 ADD_TEST(test_X509_PUBKEY_inplace);
2334 ADD_ALL_TESTS(test_invalide_ec_char2_pub_range_decode,
2335 OSSL_NELEM(ec_der_pub_keys));
2337 #ifndef OPENSSL_NO_DSA
2338 ADD_TEST(test_DSA_get_set_params);
2339 ADD_TEST(test_DSA_priv_pub);
2341 ADD_TEST(test_RSA_get_set_params);
2342 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
2343 ADD_TEST(test_decrypt_null_chunks);
2345 #ifndef OPENSSL_NO_DH
2346 ADD_TEST(test_DH_priv_pub);
2347 # ifndef OPENSSL_NO_DEPRECATED_3_0
2348 ADD_TEST(test_EVP_PKEY_set1_DH);
2351 ADD_ALL_TESTS(test_keygen_with_empty_template, 2);
2352 ADD_ALL_TESTS(test_pkey_ctx_fail_without_provider, 2);
2354 ADD_TEST(test_rand_agglomeration);
2355 ADD_ALL_TESTS(test_evp_iv, 10);
2360 void cleanup_tests(void)
2362 OSSL_LIB_CTX_free(testctx);