2 * Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 /* We need to use some deprecated APIs */
11 #define OPENSSL_SUPPRESS_DEPRECATED
16 #include <openssl/bio.h>
17 #include <openssl/conf.h>
18 #include <openssl/crypto.h>
19 #include <openssl/err.h>
20 #include <openssl/evp.h>
21 #include <openssl/x509.h>
22 #include <openssl/pem.h>
23 #include <openssl/kdf.h>
24 #include <openssl/provider.h>
25 #include <openssl/core_names.h>
26 #include <openssl/params.h>
27 #include <openssl/param_build.h>
28 #include <openssl/dsa.h>
29 #include <openssl/dh.h>
30 #include <openssl/aes.h>
31 #include <openssl/decoder.h>
33 #include "internal/nelem.h"
34 #include "internal/sizes.h"
35 #include "crypto/evp.h"
36 #include "../e_os.h" /* strcasecmp */
38 static OSSL_LIB_CTX *testctx = NULL;
41 * kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you
42 * should never use this key anywhere but in an example.
44 static const unsigned char kExampleRSAKeyDER[] = {
45 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xf8,
46 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59,
47 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37,
48 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71,
49 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a,
50 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4,
51 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec,
52 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76,
53 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8,
54 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7,
55 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c,
56 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01,
57 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 0x6d, 0xc7,
58 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 0x32, 0x85,
59 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 0x5f, 0xee,
60 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 0x66, 0x85,
61 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 0xa4, 0x0a,
62 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 0xc2, 0x15,
63 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 0x5b, 0x83,
64 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 0x80, 0x1b,
65 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 0x99, 0x73,
66 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 0x1f, 0x99,
67 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 0xb1, 0x02,
68 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 0x40, 0x41,
69 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 0x3d, 0x59,
70 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 0xc6, 0xd9,
71 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 0x9f, 0xef,
72 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 0x46, 0x87,
73 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 0x2c, 0xdf,
74 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 0x55, 0xf5,
75 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 0xcd, 0xb5,
76 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 0xb3, 0x62,
77 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 0x9b, 0x64,
78 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 0xfa, 0xb8,
79 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 0xe8, 0xba,
80 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 0xe7, 0xfe,
81 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 0x75, 0xe7,
82 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 0x9d, 0xfe,
83 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 0xf1, 0xdb,
84 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 0x5a, 0x34,
85 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 0x84, 0x27,
86 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 0xe9, 0xc0,
87 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 0xb9, 0xba,
88 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 0x10, 0x06,
89 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 0x52, 0x2c,
90 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 0xc4, 0x1e,
91 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 0x49, 0xaf,
92 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 0xd1, 0x8a,
93 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 0x17, 0x17,
94 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 0x08, 0xf1,
95 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
99 * kExampleDSAKeyDER is a DSA private key in ASN.1, DER format. Of course, you
100 * should never use this key anywhere but in an example.
102 #ifndef OPENSSL_NO_DSA
103 static const unsigned char kExampleDSAKeyDER[] = {
104 0x30, 0x82, 0x01, 0xba, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0x9a,
105 0x05, 0x6d, 0x33, 0xcd, 0x5d, 0x78, 0xa1, 0xbb, 0xcb, 0x7d, 0x5b, 0x8d,
106 0xb4, 0xcc, 0xbf, 0x03, 0x99, 0x64, 0xde, 0x38, 0x78, 0x06, 0x15, 0x2f,
107 0x86, 0x26, 0x77, 0xf3, 0xb1, 0x85, 0x00, 0xed, 0xfc, 0x28, 0x3a, 0x42,
108 0x4d, 0xab, 0xab, 0xdf, 0xbc, 0x9c, 0x16, 0xd0, 0x22, 0x50, 0xd1, 0x38,
109 0xdd, 0x3f, 0x64, 0x05, 0x9e, 0x68, 0x7a, 0x1e, 0xf1, 0x56, 0xbf, 0x1e,
110 0x2c, 0xc5, 0x97, 0x2a, 0xfe, 0x7a, 0x22, 0xdc, 0x6c, 0x68, 0xb8, 0x2e,
111 0x06, 0xdb, 0x41, 0xca, 0x98, 0xd8, 0x54, 0xc7, 0x64, 0x48, 0x24, 0x04,
112 0x20, 0xbc, 0x59, 0xe3, 0x6b, 0xea, 0x7e, 0xfc, 0x7e, 0xc5, 0x4e, 0xd4,
113 0xd8, 0x3a, 0xed, 0xcd, 0x5d, 0x99, 0xb8, 0x5c, 0xa2, 0x8b, 0xbb, 0x0b,
114 0xac, 0xe6, 0x8e, 0x25, 0x56, 0x22, 0x3a, 0x2d, 0x3a, 0x56, 0x41, 0x14,
115 0x1f, 0x1c, 0x8f, 0x53, 0x46, 0x13, 0x85, 0x02, 0x15, 0x00, 0x98, 0x7e,
116 0x92, 0x81, 0x88, 0xc7, 0x3f, 0x70, 0x49, 0x54, 0xf6, 0x76, 0xb4, 0xa3,
117 0x9e, 0x1d, 0x45, 0x98, 0x32, 0x7f, 0x02, 0x81, 0x80, 0x69, 0x4d, 0xef,
118 0x55, 0xff, 0x4d, 0x59, 0x2c, 0x01, 0xfa, 0x6a, 0x38, 0xe0, 0x70, 0x9f,
119 0x9e, 0x66, 0x8e, 0x3e, 0x8c, 0x52, 0x22, 0x9d, 0x15, 0x7e, 0x3c, 0xef,
120 0x4c, 0x7a, 0x61, 0x26, 0xe0, 0x2b, 0x81, 0x3f, 0xeb, 0xaf, 0x35, 0x38,
121 0x8d, 0xfe, 0xed, 0x46, 0xff, 0x5f, 0x03, 0x9b, 0x81, 0x92, 0xe7, 0x6f,
122 0x76, 0x4f, 0x1d, 0xd9, 0xbb, 0x89, 0xc9, 0x3e, 0xd9, 0x0b, 0xf9, 0xf4,
123 0x78, 0x11, 0x59, 0xc0, 0x1d, 0xcd, 0x0e, 0xa1, 0x6f, 0x15, 0xf1, 0x4d,
124 0xc1, 0xc9, 0x22, 0xed, 0x8d, 0xad, 0x67, 0xc5, 0x4b, 0x95, 0x93, 0x86,
125 0xa6, 0xaf, 0x8a, 0xee, 0x06, 0x89, 0x2f, 0x37, 0x7e, 0x64, 0xaa, 0xf6,
126 0xe7, 0xb1, 0x5a, 0x0a, 0x93, 0x95, 0x5d, 0x3e, 0x53, 0x9a, 0xde, 0x8a,
127 0xc2, 0x95, 0x45, 0x81, 0xbe, 0x5c, 0x2f, 0xc2, 0xb2, 0x92, 0x58, 0x19,
128 0x72, 0x80, 0xe9, 0x79, 0xa1, 0x02, 0x81, 0x80, 0x07, 0xd7, 0x62, 0xff,
129 0xdf, 0x1a, 0x3f, 0xed, 0x32, 0xd4, 0xd4, 0x88, 0x7b, 0x2c, 0x63, 0x7f,
130 0x97, 0xdc, 0x44, 0xd4, 0x84, 0xa2, 0xdd, 0x17, 0x16, 0x85, 0x13, 0xe0,
131 0xac, 0x51, 0x8d, 0x29, 0x1b, 0x75, 0x9a, 0xe4, 0xe3, 0x8a, 0x92, 0x69,
132 0x09, 0x03, 0xc5, 0x68, 0xae, 0x5e, 0x94, 0xfe, 0xc9, 0x92, 0x6c, 0x07,
133 0xb4, 0x1e, 0x64, 0x62, 0x87, 0xc6, 0xa4, 0xfd, 0x0d, 0x5f, 0xe5, 0xf9,
134 0x1b, 0x4f, 0x85, 0x5f, 0xae, 0xf3, 0x11, 0xe5, 0x18, 0xd4, 0x4d, 0x79,
135 0x9f, 0xc4, 0x79, 0x26, 0x04, 0x27, 0xf0, 0x0b, 0xee, 0x2b, 0x86, 0x9f,
136 0x86, 0x61, 0xe6, 0x51, 0xce, 0x04, 0x9b, 0x5d, 0x6b, 0x34, 0x43, 0x8c,
137 0x85, 0x3c, 0xf1, 0x51, 0x9b, 0x08, 0x23, 0x1b, 0xf5, 0x7e, 0x33, 0x12,
138 0xea, 0xab, 0x1f, 0xb7, 0x2d, 0xe2, 0x5f, 0xe6, 0x97, 0x99, 0xb5, 0x45,
139 0x16, 0x5b, 0xc3, 0x41, 0x02, 0x14, 0x61, 0xbf, 0x51, 0x60, 0xcf, 0xc8,
140 0xf1, 0x8c, 0x82, 0x97, 0xf2, 0xf4, 0x19, 0xba, 0x2b, 0xf3, 0x16, 0xbe,
146 * kExampleBadRSAKeyDER is an RSA private key in ASN.1, DER format. The private
147 * components are not correct.
149 static const unsigned char kExampleBadRSAKeyDER[] = {
150 0x30, 0x82, 0x04, 0x27, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00,
151 0xa6, 0x1a, 0x1e, 0x6e, 0x7b, 0xee, 0xc6, 0x89, 0x66, 0xe7, 0x93, 0xef,
152 0x54, 0x12, 0x68, 0xea, 0xbf, 0x86, 0x2f, 0xdd, 0xd2, 0x79, 0xb8, 0xa9,
153 0x6e, 0x03, 0xc2, 0xa3, 0xb9, 0xa3, 0xe1, 0x4b, 0x2a, 0xb3, 0xf8, 0xb4,
154 0xcd, 0xea, 0xbe, 0x24, 0xa6, 0x57, 0x5b, 0x83, 0x1f, 0x0f, 0xf2, 0xd3,
155 0xb7, 0xac, 0x7e, 0xd6, 0x8e, 0x6e, 0x1e, 0xbf, 0xb8, 0x73, 0x8c, 0x05,
156 0x56, 0xe6, 0x35, 0x1f, 0xe9, 0x04, 0x0b, 0x09, 0x86, 0x7d, 0xf1, 0x26,
157 0x08, 0x99, 0xad, 0x7b, 0xc8, 0x4d, 0x94, 0xb0, 0x0b, 0x8b, 0x38, 0xa0,
158 0x5c, 0x62, 0xa0, 0xab, 0xd3, 0x8f, 0xd4, 0x09, 0x60, 0x72, 0x1e, 0x33,
159 0x50, 0x80, 0x6e, 0x22, 0xa6, 0x77, 0x57, 0x6b, 0x9a, 0x33, 0x21, 0x66,
160 0x87, 0x6e, 0x21, 0x7b, 0xc7, 0x24, 0x0e, 0xd8, 0x13, 0xdf, 0x83, 0xde,
161 0xcd, 0x40, 0x58, 0x1d, 0x84, 0x86, 0xeb, 0xb8, 0x12, 0x4e, 0xd2, 0xfa,
162 0x80, 0x1f, 0xe4, 0xe7, 0x96, 0x29, 0xb8, 0xcc, 0xce, 0x66, 0x6d, 0x53,
163 0xca, 0xb9, 0x5a, 0xd7, 0xf6, 0x84, 0x6c, 0x2d, 0x9a, 0x1a, 0x14, 0x1c,
164 0x4e, 0x93, 0x39, 0xba, 0x74, 0xed, 0xed, 0x87, 0x87, 0x5e, 0x48, 0x75,
165 0x36, 0xf0, 0xbc, 0x34, 0xfb, 0x29, 0xf9, 0x9f, 0x96, 0x5b, 0x0b, 0xa7,
166 0x54, 0x30, 0x51, 0x29, 0x18, 0x5b, 0x7d, 0xac, 0x0f, 0xd6, 0x5f, 0x7c,
167 0xf8, 0x98, 0x8c, 0xd8, 0x86, 0x62, 0xb3, 0xdc, 0xff, 0x0f, 0xff, 0x7a,
168 0xaf, 0x5c, 0x4c, 0x61, 0x49, 0x2e, 0xc8, 0x95, 0x86, 0xc4, 0x0e, 0x87,
169 0xfc, 0x1d, 0xcf, 0x8b, 0x7c, 0x61, 0xf6, 0xd8, 0xd0, 0x69, 0xf6, 0xcd,
170 0x8a, 0x8c, 0xf6, 0x62, 0xa2, 0x56, 0xa9, 0xe3, 0xd1, 0xcf, 0x4d, 0xa0,
171 0xf6, 0x2d, 0x20, 0x0a, 0x04, 0xb7, 0xa2, 0xf7, 0xb5, 0x99, 0x47, 0x18,
172 0x56, 0x85, 0x87, 0xc7, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01,
173 0x01, 0x00, 0x99, 0x41, 0x38, 0x1a, 0xd0, 0x96, 0x7a, 0xf0, 0x83, 0xd5,
174 0xdf, 0x94, 0xce, 0x89, 0x3d, 0xec, 0x7a, 0x52, 0x21, 0x10, 0x16, 0x06,
175 0xe0, 0xee, 0xd2, 0xe6, 0xfd, 0x4b, 0x7b, 0x19, 0x4d, 0xe1, 0xc0, 0xc0,
176 0xd5, 0x14, 0x5d, 0x79, 0xdd, 0x7e, 0x8b, 0x4b, 0xc6, 0xcf, 0xb0, 0x75,
177 0x52, 0xa3, 0x2d, 0xb1, 0x26, 0x46, 0x68, 0x9c, 0x0a, 0x1a, 0xf2, 0xe1,
178 0x09, 0xac, 0x53, 0x85, 0x8c, 0x36, 0xa9, 0x14, 0x65, 0xea, 0xa0, 0x00,
179 0xcb, 0xe3, 0x3f, 0xc4, 0x2b, 0x61, 0x2e, 0x6b, 0x06, 0x69, 0x77, 0xfd,
180 0x38, 0x7e, 0x1d, 0x3f, 0x92, 0xe7, 0x77, 0x08, 0x19, 0xa7, 0x9d, 0x29,
181 0x2d, 0xdc, 0x42, 0xc6, 0x7c, 0xd7, 0xd3, 0xa8, 0x01, 0x2c, 0xf2, 0xd5,
182 0x82, 0x57, 0xcb, 0x55, 0x3d, 0xe7, 0xaa, 0xd2, 0x06, 0x30, 0x30, 0x05,
183 0xe6, 0xf2, 0x47, 0x86, 0xba, 0xc6, 0x61, 0x64, 0xeb, 0x4f, 0x2a, 0x5e,
184 0x07, 0x29, 0xe0, 0x96, 0xb2, 0x43, 0xff, 0x5f, 0x1a, 0x54, 0x16, 0xcf,
185 0xb5, 0x56, 0x5c, 0xa0, 0x9b, 0x0c, 0xfd, 0xb3, 0xd2, 0xe3, 0x79, 0x1d,
186 0x21, 0xe2, 0xd6, 0x13, 0xc4, 0x74, 0xa6, 0xf5, 0x8e, 0x8e, 0x81, 0xbb,
187 0xb4, 0xad, 0x8a, 0xf0, 0x93, 0x0a, 0xd8, 0x0a, 0x42, 0x36, 0xbc, 0xe5,
188 0x26, 0x2a, 0x0d, 0x5d, 0x57, 0x13, 0xc5, 0x4e, 0x2f, 0x12, 0x0e, 0xef,
189 0xa7, 0x81, 0x1e, 0xc3, 0xa5, 0xdb, 0xc9, 0x24, 0xeb, 0x1a, 0xa1, 0xf9,
190 0xf6, 0xa1, 0x78, 0x98, 0x93, 0x77, 0x42, 0x45, 0x03, 0xe2, 0xc9, 0xa2,
191 0xfe, 0x2d, 0x77, 0xc8, 0xc6, 0xac, 0x9b, 0x98, 0x89, 0x6d, 0x9a, 0xe7,
192 0x61, 0x63, 0xb7, 0xf2, 0xec, 0xd6, 0xb1, 0xa1, 0x6e, 0x0a, 0x1a, 0xff,
193 0xfd, 0x43, 0x28, 0xc3, 0x0c, 0xdc, 0xf2, 0x47, 0x4f, 0x27, 0xaa, 0x99,
194 0x04, 0x8e, 0xac, 0xe8, 0x7c, 0x01, 0x02, 0x04, 0x12, 0x34, 0x56, 0x78,
195 0x02, 0x81, 0x81, 0x00, 0xca, 0x69, 0xe5, 0xbb, 0x3a, 0x90, 0x82, 0xcb,
196 0x82, 0x50, 0x2f, 0x29, 0xe2, 0x76, 0x6a, 0x57, 0x55, 0x45, 0x4e, 0x35,
197 0x18, 0x61, 0xe0, 0x12, 0x70, 0xc0, 0xab, 0xc7, 0x80, 0xa2, 0xd4, 0x46,
198 0x34, 0x03, 0xa0, 0x19, 0x26, 0x23, 0x9e, 0xef, 0x1a, 0xcb, 0x75, 0xd6,
199 0xba, 0x81, 0xf4, 0x7e, 0x52, 0xe5, 0x2a, 0xe8, 0xf1, 0x49, 0x6c, 0x0f,
200 0x1a, 0xa0, 0xf9, 0xc6, 0xe7, 0xec, 0x60, 0xe4, 0xcb, 0x2a, 0xb5, 0x56,
201 0xe9, 0x9c, 0xcd, 0x19, 0x75, 0x92, 0xb1, 0x66, 0xce, 0xc3, 0xd9, 0x3d,
202 0x11, 0xcb, 0xc4, 0x09, 0xce, 0x1e, 0x30, 0xba, 0x2f, 0x60, 0x60, 0x55,
203 0x8d, 0x02, 0xdc, 0x5d, 0xaf, 0xf7, 0x52, 0x31, 0x17, 0x07, 0x53, 0x20,
204 0x33, 0xad, 0x8c, 0xd5, 0x2f, 0x5a, 0xd0, 0x57, 0xd7, 0xd1, 0x80, 0xd6,
205 0x3a, 0x9b, 0x04, 0x4f, 0x35, 0xbf, 0xe7, 0xd5, 0xbc, 0x8f, 0xd4, 0x81,
206 0x02, 0x81, 0x81, 0x00, 0xc0, 0x9f, 0xf8, 0xcd, 0xf7, 0x3f, 0x26, 0x8a,
207 0x3d, 0x4d, 0x2b, 0x0c, 0x01, 0xd0, 0xa2, 0xb4, 0x18, 0xfe, 0xf7, 0x5e,
208 0x2f, 0x06, 0x13, 0xcd, 0x63, 0xaa, 0x12, 0xa9, 0x24, 0x86, 0xe3, 0xf3,
209 0x7b, 0xda, 0x1a, 0x3c, 0xb1, 0x38, 0x80, 0x80, 0xef, 0x64, 0x64, 0xa1,
210 0x9b, 0xfe, 0x76, 0x63, 0x8e, 0x83, 0xd2, 0xd9, 0xb9, 0x86, 0xb0, 0xe6,
211 0xa6, 0x0c, 0x7e, 0xa8, 0x84, 0x90, 0x98, 0x0c, 0x1e, 0xf3, 0x14, 0x77,
212 0xe0, 0x5f, 0x81, 0x08, 0x11, 0x8f, 0xa6, 0x23, 0xc4, 0xba, 0xc0, 0x8a,
213 0xe4, 0xc6, 0xe3, 0x5c, 0xbe, 0xc5, 0xec, 0x2c, 0xb9, 0xd8, 0x8c, 0x4d,
214 0x1a, 0x9d, 0xe7, 0x7c, 0x85, 0x4c, 0x0d, 0x71, 0x4e, 0x72, 0x33, 0x1b,
215 0xfe, 0xa9, 0x17, 0x72, 0x76, 0x56, 0x9d, 0x74, 0x7e, 0x52, 0x67, 0x9a,
216 0x87, 0x9a, 0xdb, 0x30, 0xde, 0xe4, 0x49, 0x28, 0x3b, 0xd2, 0x67, 0xaf,
217 0x02, 0x81, 0x81, 0x00, 0x89, 0x74, 0x9a, 0x8e, 0xa7, 0xb9, 0xa5, 0x28,
218 0xc0, 0x68, 0xe5, 0x6e, 0x63, 0x1c, 0x99, 0x20, 0x8f, 0x86, 0x8e, 0x12,
219 0x9e, 0x69, 0x30, 0xfa, 0x34, 0xd9, 0x92, 0x8d, 0xdb, 0x7c, 0x37, 0xfd,
220 0x28, 0xab, 0x61, 0x98, 0x52, 0x7f, 0x14, 0x1a, 0x39, 0xae, 0xfb, 0x6a,
221 0x03, 0xa3, 0xe6, 0xbd, 0xb6, 0x5b, 0x6b, 0xe5, 0x5e, 0x9d, 0xc6, 0xa5,
222 0x07, 0x27, 0x54, 0x17, 0xd0, 0x3d, 0x84, 0x9b, 0x3a, 0xa0, 0xd9, 0x1e,
223 0x99, 0x6c, 0x63, 0x17, 0xab, 0xf1, 0x1f, 0x49, 0xba, 0x95, 0xe3, 0x3b,
224 0x86, 0x8f, 0x42, 0xa4, 0x89, 0xf5, 0x94, 0x8f, 0x8b, 0x46, 0xbe, 0x84,
225 0xba, 0x4a, 0xbc, 0x0d, 0x5f, 0x46, 0xeb, 0xe8, 0xec, 0x43, 0x8c, 0x1e,
226 0xad, 0x19, 0x69, 0x2f, 0x08, 0x86, 0x7a, 0x3f, 0x7d, 0x0f, 0x07, 0x97,
227 0xf3, 0x9a, 0x7b, 0xb5, 0xb2, 0xc1, 0x8c, 0x95, 0x68, 0x04, 0xa0, 0x81,
228 0x02, 0x81, 0x80, 0x4e, 0xbf, 0x7e, 0x1b, 0xcb, 0x13, 0x61, 0x75, 0x3b,
229 0xdb, 0x59, 0x5f, 0xb1, 0xd4, 0xb8, 0xeb, 0x9e, 0x73, 0xb5, 0xe7, 0xf6,
230 0x89, 0x3d, 0x1c, 0xda, 0xf0, 0x36, 0xff, 0x35, 0xbd, 0x1e, 0x0b, 0x74,
231 0xe3, 0x9e, 0xf0, 0xf2, 0xf7, 0xd7, 0x82, 0xb7, 0x7b, 0x6a, 0x1b, 0x0e,
232 0x30, 0x4a, 0x98, 0x0e, 0xb4, 0xf9, 0x81, 0x07, 0xe4, 0x75, 0x39, 0xe9,
233 0x53, 0xca, 0xbb, 0x5c, 0xaa, 0x93, 0x07, 0x0e, 0xa8, 0x2f, 0xba, 0x98,
234 0x49, 0x30, 0xa7, 0xcc, 0x1a, 0x3c, 0x68, 0x0c, 0xe1, 0xa4, 0xb1, 0x05,
235 0xe6, 0xe0, 0x25, 0x78, 0x58, 0x14, 0x37, 0xf5, 0x1f, 0xe3, 0x22, 0xef,
236 0xa8, 0x0e, 0x22, 0xa0, 0x94, 0x3a, 0xf6, 0xc9, 0x13, 0xe6, 0x06, 0xbf,
237 0x7f, 0x99, 0xc6, 0xcc, 0xd8, 0xc6, 0xbe, 0xd9, 0x2e, 0x24, 0xc7, 0x69,
238 0x8c, 0x95, 0xba, 0xf6, 0x04, 0xb3, 0x0a, 0xf4, 0xcb, 0xf0, 0xce,
241 static const unsigned char kMsg[] = { 1, 2, 3, 4 };
243 static const unsigned char kSignature[] = {
244 0xa5, 0xf0, 0x8a, 0x47, 0x5d, 0x3c, 0xb3, 0xcc, 0xa9, 0x79, 0xaf, 0x4d,
245 0x8c, 0xae, 0x4c, 0x14, 0xef, 0xc2, 0x0b, 0x34, 0x36, 0xde, 0xf4, 0x3e,
246 0x3d, 0xbb, 0x4a, 0x60, 0x5c, 0xc8, 0x91, 0x28, 0xda, 0xfb, 0x7e, 0x04,
247 0x96, 0x7e, 0x63, 0x13, 0x90, 0xce, 0xb9, 0xb4, 0x62, 0x7a, 0xfd, 0x09,
248 0x3d, 0xc7, 0x67, 0x78, 0x54, 0x04, 0xeb, 0x52, 0x62, 0x6e, 0x24, 0x67,
249 0xb4, 0x40, 0xfc, 0x57, 0x62, 0xc6, 0xf1, 0x67, 0xc1, 0x97, 0x8f, 0x6a,
250 0xa8, 0xae, 0x44, 0x46, 0x5e, 0xab, 0x67, 0x17, 0x53, 0x19, 0x3a, 0xda,
251 0x5a, 0xc8, 0x16, 0x3e, 0x86, 0xd5, 0xc5, 0x71, 0x2f, 0xfc, 0x23, 0x48,
252 0xd9, 0x0b, 0x13, 0xdd, 0x7b, 0x5a, 0x25, 0x79, 0xef, 0xa5, 0x7b, 0x04,
253 0xed, 0x44, 0xf6, 0x18, 0x55, 0xe4, 0x0a, 0xe9, 0x57, 0x79, 0x5d, 0xd7,
254 0x55, 0xa7, 0xab, 0x45, 0x02, 0x97, 0x60, 0x42,
258 * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS #8
261 static const unsigned char kExampleRSAKeyPKCS8[] = {
262 0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
263 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
264 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
265 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5,
266 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e,
267 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34,
268 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde,
269 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8,
270 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b,
271 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83,
272 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48,
273 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a,
274 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2,
275 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01,
276 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a,
277 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5,
278 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6,
279 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8,
280 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6,
281 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f,
282 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c,
283 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78,
284 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71,
285 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60,
286 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d,
287 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3,
288 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d,
289 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18,
290 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d,
291 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32,
292 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc,
293 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63,
294 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05,
295 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16,
296 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3,
297 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85,
298 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97,
299 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7,
300 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99,
301 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4,
302 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d,
303 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40,
304 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26,
305 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1,
306 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c,
307 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30,
308 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea,
309 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b,
310 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e,
311 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9,
312 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae,
313 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d,
314 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
317 #ifndef OPENSSL_NO_EC
319 * kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey
322 static const unsigned char kExampleECKeyDER[] = {
323 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x07, 0x0f, 0x08, 0x72, 0x7a,
324 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 0x4d, 0x89, 0x68, 0x77, 0x08,
325 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 0xe8, 0xd1, 0xc9, 0xce, 0x0a,
326 0x8b, 0xb4, 0x6a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
327 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69,
328 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c,
329 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9,
330 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18,
331 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16,
332 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22,
337 * kExampleBadECKeyDER is a sample EC private key encoded as an ECPrivateKey
338 * structure. The private key is equal to the order and will fail to import
340 static const unsigned char kExampleBadECKeyDER[] = {
341 0x30, 0x66, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48,
342 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03,
343 0x01, 0x07, 0x04, 0x4C, 0x30, 0x4A, 0x02, 0x01, 0x01, 0x04, 0x20, 0xFF,
344 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
345 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3,
346 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51, 0xA1, 0x23, 0x03, 0x21, 0x00,
347 0x00, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
348 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84,
349 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51
353 static const unsigned char kExampleECPubKeyDER[] = {
354 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
355 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
356 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
357 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
358 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
359 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
360 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
361 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
365 * kExampleBadECPubKeyDER is a sample EC public key with a wrong OID
366 * 1.2.840.10045.2.2 instead of 1.2.840.10045.2.1 - EC Public Key
368 static const unsigned char kExampleBadECPubKeyDER[] = {
369 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
370 0x02, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
371 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
372 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
373 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
374 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
375 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
376 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
379 static const unsigned char pExampleECParamDER[] = {
380 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07
384 typedef struct APK_DATA_st {
385 const unsigned char *kder;
391 int type; /* 0 for private, 1 for public, 2 for params */
394 static APK_DATA keydata[] = {
395 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), EVP_PKEY_RSA},
396 {kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), EVP_PKEY_RSA},
397 #ifndef OPENSSL_NO_EC
398 {kExampleECKeyDER, sizeof(kExampleECKeyDER), EVP_PKEY_EC}
402 static APK_DATA keycheckdata[] = {
403 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), EVP_PKEY_RSA, 1, 1, 1, 0},
404 {kExampleBadRSAKeyDER, sizeof(kExampleBadRSAKeyDER), EVP_PKEY_RSA,
406 #ifndef OPENSSL_NO_EC
407 {kExampleECKeyDER, sizeof(kExampleECKeyDER), EVP_PKEY_EC, 1, 1, 1, 0},
408 /* group is also associated in our pub key */
409 {kExampleECPubKeyDER, sizeof(kExampleECPubKeyDER), EVP_PKEY_EC, 0, 1, 1, 1},
410 {pExampleECParamDER, sizeof(pExampleECParamDER), EVP_PKEY_EC, 0, 0, 1, 2}
414 static EVP_PKEY *load_example_key(const char *keytype,
415 const unsigned char *data, size_t data_len)
417 const unsigned char **pdata = &data;
418 EVP_PKEY *pkey = NULL;
419 OSSL_DECODER_CTX *dctx =
420 OSSL_DECODER_CTX_new_by_EVP_PKEY(&pkey, "DER", NULL, keytype, 0,
423 /* |pkey| will be NULL on error */
424 (void)OSSL_DECODER_from_data(dctx, pdata, &data_len);
425 OSSL_DECODER_CTX_free(dctx);
429 static EVP_PKEY *load_example_rsa_key(void)
431 return load_example_key("RSA", kExampleRSAKeyDER,
432 sizeof(kExampleRSAKeyDER));
435 #ifndef OPENSSL_NO_DSA
436 static EVP_PKEY *load_example_dsa_key(void)
438 EVP_PKEY *ret = NULL;
439 const unsigned char *derp = kExampleDSAKeyDER;
440 EVP_PKEY *pkey = NULL;
443 if (!TEST_true(d2i_DSAPrivateKey(&dsa, &derp, sizeof(kExampleDSAKeyDER))))
446 if (!TEST_ptr(pkey = EVP_PKEY_new())
447 || !TEST_true(EVP_PKEY_set1_DSA(pkey, dsa)))
461 static EVP_PKEY *load_example_hmac_key(void)
463 EVP_PKEY *pkey = NULL;
464 unsigned char key[] = {
465 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
466 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
467 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
470 pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, NULL, key, sizeof(key));
477 static int test_EVP_set_default_properties(void)
483 if (!TEST_ptr(ctx = OSSL_LIB_CTX_new())
484 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
489 if (!TEST_true(EVP_set_default_properties(ctx, "provider=fizzbang"))
490 || !TEST_ptr_null(md = EVP_MD_fetch(ctx, "sha256", NULL))
491 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", "-provider")))
496 if (!TEST_true(EVP_set_default_properties(ctx, NULL))
497 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
502 OSSL_LIB_CTX_free(ctx);
506 static int test_EVP_Enveloped(void)
509 EVP_CIPHER_CTX *ctx = NULL;
510 EVP_PKEY *keypair = NULL;
511 unsigned char *kek = NULL;
512 unsigned char iv[EVP_MAX_IV_LENGTH];
513 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8 };
514 int len, kek_len, ciphertext_len, plaintext_len;
515 unsigned char ciphertext[32], plaintext[16];
516 const EVP_CIPHER *type = EVP_aes_256_cbc();
518 if (!TEST_ptr(keypair = load_example_rsa_key())
519 || !TEST_ptr(kek = OPENSSL_zalloc(EVP_PKEY_size(keypair)))
520 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
521 || !TEST_true(EVP_SealInit(ctx, type, &kek, &kek_len, iv,
523 || !TEST_true(EVP_SealUpdate(ctx, ciphertext, &ciphertext_len,
525 || !TEST_true(EVP_SealFinal(ctx, ciphertext + ciphertext_len,
529 ciphertext_len += len;
531 if (!TEST_true(EVP_OpenInit(ctx, type, kek, kek_len, iv, keypair))
532 || !TEST_true(EVP_OpenUpdate(ctx, plaintext, &plaintext_len,
533 ciphertext, ciphertext_len))
534 || !TEST_true(EVP_OpenFinal(ctx, plaintext + plaintext_len, &len)))
537 plaintext_len += len;
538 if (!TEST_mem_eq(msg, sizeof(msg), plaintext, plaintext_len))
544 EVP_PKEY_free(keypair);
545 EVP_CIPHER_CTX_free(ctx);
550 * Test 0: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, RSA)
551 * Test 1: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, DSA)
552 * Test 2: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, HMAC)
553 * Test 3: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, RSA)
554 * Test 4: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, DSA)
555 * Test 5: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch diegst, HMAC)
556 * Test 6: Use an MD BIO to do the Update calls instead (RSA)
557 * Test 7: Use an MD BIO to do the Update calls instead (DSA)
558 * Test 8: Use an MD BIO to do the Update calls instead (HMAC)
560 static int test_EVP_DigestSignInit(int tst)
563 EVP_PKEY *pkey = NULL;
564 unsigned char *sig = NULL;
566 EVP_MD_CTX *md_ctx = NULL, *md_ctx_verify = NULL;
567 EVP_MD_CTX *a_md_ctx = NULL, *a_md_ctx_verify = NULL;
568 BIO *mdbio = NULL, *membio = NULL;
571 EVP_MD *mdexp = NULL;
574 membio = BIO_new(BIO_s_mem());
575 mdbio = BIO_new(BIO_f_md());
576 if (!TEST_ptr(membio) || !TEST_ptr(mdbio))
578 BIO_push(mdbio, membio);
579 if (!TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx), 0))
582 if (!TEST_ptr(a_md_ctx = md_ctx = EVP_MD_CTX_new())
583 || !TEST_ptr(a_md_ctx_verify = md_ctx_verify = EVP_MD_CTX_new()))
587 if (tst == 0 || tst == 3 || tst == 6) {
588 if (!TEST_ptr(pkey = load_example_rsa_key()))
590 } else if (tst == 1 || tst == 4 || tst == 7) {
591 #ifndef OPENSSL_NO_DSA
592 if (!TEST_ptr(pkey = load_example_dsa_key()))
599 if (!TEST_ptr(pkey = load_example_hmac_key()))
603 if (tst >= 3 && tst <= 5)
604 md = mdexp = EVP_MD_fetch(NULL, "SHA256", NULL);
608 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, md, NULL, pkey)))
612 if (!BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written))
615 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
619 /* Determine the size of the signature. */
620 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len))
621 || !TEST_ptr(sig = OPENSSL_malloc(sig_len))
622 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
626 if (!TEST_int_gt(BIO_reset(mdbio), 0)
627 || !TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx_verify), 0))
632 * Ensure that the signature round-trips (Verification isn't supported for
633 * HMAC via EVP_DigestVerify*)
635 if (tst != 2 && tst != 5 && tst != 8) {
636 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, md,
641 if (!TEST_true(BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written)))
644 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg,
648 if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)))
657 EVP_MD_CTX_free(a_md_ctx);
658 EVP_MD_CTX_free(a_md_ctx_verify);
666 static int test_EVP_DigestVerifyInit(void)
669 EVP_PKEY *pkey = NULL;
670 EVP_MD_CTX *md_ctx = NULL;
672 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new())
673 || !TEST_ptr(pkey = load_example_rsa_key()))
676 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, EVP_sha256(), NULL, pkey))
677 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)))
678 || !TEST_true(EVP_DigestVerifyFinal(md_ctx, kSignature,
679 sizeof(kSignature))))
684 EVP_MD_CTX_free(md_ctx);
690 * Test corner cases of EVP_DigestInit/Update/Final API call behavior.
692 static int test_EVP_Digest(void)
695 EVP_MD_CTX *md_ctx = NULL;
696 unsigned char md[EVP_MAX_MD_SIZE];
698 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
701 if (!TEST_true(EVP_DigestInit_ex(md_ctx, EVP_sha256(), NULL))
702 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
703 || !TEST_true(EVP_DigestFinal(md_ctx, md, NULL))
704 /* EVP_DigestFinal resets the EVP_MD_CTX. */
705 || !TEST_ptr_eq(EVP_MD_CTX_md(md_ctx), NULL))
708 if (!TEST_true(EVP_DigestInit_ex(md_ctx, EVP_sha256(), NULL))
709 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
710 || !TEST_true(EVP_DigestFinal_ex(md_ctx, md, NULL))
711 /* EVP_DigestFinal_ex does not reset the EVP_MD_CTX. */
712 || !TEST_ptr(EVP_MD_CTX_md(md_ctx))
714 * EVP_DigestInit_ex with NULL type should work on
715 * pre-initialized context.
717 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
720 if (!TEST_true(EVP_DigestInit_ex(md_ctx, EVP_shake256(), NULL))
721 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
722 || !TEST_true(EVP_DigestFinalXOF(md_ctx, md, sizeof(md)))
723 /* EVP_DigestFinalXOF does not reset the EVP_MD_CTX. */
724 || !TEST_ptr(EVP_MD_CTX_md(md_ctx))
725 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
730 EVP_MD_CTX_free(md_ctx);
734 static int test_d2i_AutoPrivateKey(int i)
737 const unsigned char *p;
738 EVP_PKEY *pkey = NULL;
739 const APK_DATA *ak = &keydata[i];
740 const unsigned char *input = ak->kder;
741 size_t input_len = ak->size;
742 int expected_id = ak->evptype;
745 if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len))
746 || !TEST_ptr_eq(p, input + input_len)
747 || !TEST_int_eq(EVP_PKEY_id(pkey), expected_id))
757 #ifndef OPENSSL_NO_EC
759 static const unsigned char ec_public_sect163k1_validxy[] = {
760 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
761 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
762 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
763 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x02, 0xd1, 0x7b,
764 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
765 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
768 static const unsigned char ec_public_sect163k1_badx[] = {
769 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
770 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
771 0x0a, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
772 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0xb0, 0x02, 0xd1, 0x7b,
773 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
774 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
777 static const unsigned char ec_public_sect163k1_bady[] = {
778 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
779 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
780 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
781 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x0a, 0xd1, 0x7b,
782 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
783 0x6a, 0xd8, 0x17, 0x65, 0x41, 0xe6
786 static struct ec_der_pub_keys_st {
787 const unsigned char *der;
790 } ec_der_pub_keys[] = {
791 { ec_public_sect163k1_validxy, sizeof(ec_public_sect163k1_validxy), 1 },
792 { ec_public_sect163k1_badx, sizeof(ec_public_sect163k1_badx), 0 },
793 { ec_public_sect163k1_bady, sizeof(ec_public_sect163k1_bady), 0 },
797 * Tests the range of the decoded EC char2 public point.
798 * See ec_GF2m_simple_oct2point().
800 static int test_invalide_ec_char2_pub_range_decode(int id)
804 EC_KEY *eckey = NULL;
806 if (!TEST_ptr(bio = BIO_new_mem_buf(ec_der_pub_keys[id].der,
807 ec_der_pub_keys[id].len)))
809 eckey = d2i_EC_PUBKEY_bio(bio, NULL);
810 ret = (ec_der_pub_keys[id].valid && TEST_ptr(eckey))
811 || TEST_ptr_null(eckey);
818 /* Tests loading a bad key in PKCS8 format */
819 static int test_EVP_PKCS82PKEY(void)
822 const unsigned char *derp = kExampleBadECKeyDER;
823 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
824 EVP_PKEY *pkey = NULL;
826 if (!TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &derp,
827 sizeof(kExampleBadECKeyDER))))
830 if (!TEST_ptr_eq(derp,
831 kExampleBadECKeyDER + sizeof(kExampleBadECKeyDER)))
834 if (!TEST_ptr_null(pkey = EVP_PKCS82PKEY(p8inf)))
840 PKCS8_PRIV_KEY_INFO_free(p8inf);
847 /* This uses kExampleRSAKeyDER and kExampleRSAKeyPKCS8 to verify encoding */
848 static int test_privatekey_to_pkcs8(void)
850 EVP_PKEY *pkey = NULL;
856 if (!TEST_ptr(membio = BIO_new(BIO_s_mem()))
857 || !TEST_ptr(pkey = load_example_rsa_key())
858 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL,
859 NULL, 0, NULL, NULL),
861 || !TEST_int_gt(membuf_len = BIO_get_mem_data(membio, &membuf), 0)
863 || !TEST_mem_eq(membuf, (size_t)membuf_len,
864 kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8))
866 * We try to write PEM as well, just to see that it doesn't err, but
867 * assume that the result is correct.
869 || !TEST_int_gt(PEM_write_bio_PKCS8PrivateKey(membio, pkey, NULL,
870 NULL, 0, NULL, NULL),
877 BIO_free_all(membio);
881 #ifndef OPENSSL_NO_EC
882 static const struct {
884 const char *encoding_name;
886 { OPENSSL_EC_EXPLICIT_CURVE, OSSL_PKEY_EC_ENCODING_EXPLICIT },
887 { OPENSSL_EC_NAMED_CURVE, OSSL_PKEY_EC_ENCODING_GROUP }
890 static int ec_export_get_encoding_cb(const OSSL_PARAM params[], void *arg)
893 const char *enc_name = NULL;
899 if (!TEST_ptr(p = OSSL_PARAM_locate_const(params,
900 OSSL_PKEY_PARAM_EC_ENCODING))
901 || !TEST_true(OSSL_PARAM_get_utf8_string_ptr(p, &enc_name)))
904 for (i = 0; i < OSSL_NELEM(ec_encodings); i++) {
905 if (strcasecmp(enc_name, ec_encodings[i].encoding_name) == 0) {
906 *enc = ec_encodings[i].encoding;
914 static int test_EC_keygen_with_enc(int idx)
916 EVP_PKEY *params = NULL, *key = NULL;
917 EVP_PKEY_CTX *pctx = NULL, *kctx = NULL;
921 enc = ec_encodings[idx].encoding;
923 /* Create key parameters */
924 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "EC", NULL))
925 || !TEST_true(EVP_PKEY_paramgen_init(pctx))
926 || !TEST_true(EVP_PKEY_CTX_set_group_name(pctx, "P-256"))
927 || !TEST_true(EVP_PKEY_CTX_set_ec_param_enc(pctx, enc))
928 || !TEST_true(EVP_PKEY_paramgen(pctx, ¶ms))
929 || !TEST_ptr(params))
933 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx, params, NULL))
934 || !TEST_true(EVP_PKEY_keygen_init(kctx))
935 || !TEST_true(EVP_PKEY_keygen(kctx, &key))
939 /* Check that the encoding got all the way into the key */
940 if (!TEST_true(evp_keymgmt_util_export(key, OSSL_KEYMGMT_SELECT_ALL,
941 ec_export_get_encoding_cb, &enc))
942 || !TEST_int_eq(enc, ec_encodings[idx].encoding))
948 EVP_PKEY_free(params);
949 EVP_PKEY_CTX_free(kctx);
950 EVP_PKEY_CTX_free(pctx);
955 #if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
957 static int test_EVP_SM2_verify(void)
960 "-----BEGIN PUBLIC KEY-----\n"
961 "MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEp1KLWq1ZE2jmoAnnBJE1LBGxVr18\n"
962 "YvvqECWCpXfAQ9qUJ+UmthnUPf0iM3SaXKHe6PlLIDyNlWMWb9RUh/yU3g==\n"
963 "-----END PUBLIC KEY-----\n";
965 const char *msg = "message digest";
966 const char *id = "ALICE123@YAHOO.COM";
968 const uint8_t signature[] = {
969 0x30, 0x44, 0x02, 0x20, 0x5b, 0xdb, 0xab, 0x81, 0x4f, 0xbb,
970 0x8b, 0x69, 0xb1, 0x05, 0x9c, 0x99, 0x3b, 0xb2, 0x45, 0x06,
971 0x4a, 0x30, 0x15, 0x59, 0x84, 0xcd, 0xee, 0x30, 0x60, 0x36,
972 0x57, 0x87, 0xef, 0x5c, 0xd0, 0xbe, 0x02, 0x20, 0x43, 0x8d,
973 0x1f, 0xc7, 0x77, 0x72, 0x39, 0xbb, 0x72, 0xe1, 0xfd, 0x07,
974 0x58, 0xd5, 0x82, 0xc8, 0x2d, 0xba, 0x3b, 0x2c, 0x46, 0x24,
975 0xe3, 0x50, 0xff, 0x04, 0xc7, 0xa0, 0x71, 0x9f, 0xa4, 0x70
980 EVP_PKEY *pkey = NULL;
981 EVP_MD_CTX *mctx = NULL;
982 EVP_PKEY_CTX *pctx = NULL;
984 bio = BIO_new_mem_buf(pubkey, strlen(pubkey));
985 if (!TEST_true(bio != NULL))
988 pkey = PEM_read_bio_PUBKEY(bio, NULL, NULL, NULL);
989 if (!TEST_true(pkey != NULL))
992 if (!TEST_true(EVP_PKEY_is_a(pkey, "SM2")))
995 if (!TEST_ptr(mctx = EVP_MD_CTX_new()))
998 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new(pkey, NULL)))
1001 EVP_MD_CTX_set_pkey_ctx(mctx, pctx);
1003 if (!TEST_true(EVP_DigestVerifyInit(mctx, NULL, EVP_sm3(), NULL, pkey)))
1006 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(pctx, id, strlen(id)), 0))
1009 if (!TEST_true(EVP_DigestVerifyUpdate(mctx, msg, strlen(msg))))
1012 if (!TEST_true(EVP_DigestVerifyFinal(mctx, signature, sizeof(signature))))
1018 EVP_PKEY_free(pkey);
1019 EVP_PKEY_CTX_free(pctx);
1020 EVP_MD_CTX_free(mctx);
1024 static int test_EVP_SM2(void)
1027 EVP_PKEY *pkey = NULL;
1028 EVP_PKEY *pkeyparams = NULL;
1029 EVP_PKEY_CTX *pctx = NULL;
1030 EVP_PKEY_CTX *kctx = NULL;
1031 EVP_PKEY_CTX *sctx = NULL;
1033 unsigned char *sig = NULL;
1034 EVP_MD_CTX *md_ctx = NULL;
1035 EVP_MD_CTX *md_ctx_verify = NULL;
1036 EVP_PKEY_CTX *cctx = NULL;
1038 uint8_t ciphertext[128];
1039 size_t ctext_len = sizeof(ciphertext);
1041 uint8_t plaintext[8];
1042 size_t ptext_len = sizeof(plaintext);
1044 uint8_t sm2_id[] = {1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r'};
1046 OSSL_PARAM sparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
1047 OSSL_PARAM gparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
1051 pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_SM2, NULL);
1052 if (!TEST_ptr(pctx))
1055 if (!TEST_true(EVP_PKEY_paramgen_init(pctx) == 1))
1058 /* TODO is this even needed? */
1059 if (!TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, NID_sm2)))
1062 if (!TEST_true(EVP_PKEY_paramgen(pctx, &pkeyparams)))
1065 kctx = EVP_PKEY_CTX_new(pkeyparams, NULL);
1066 if (!TEST_ptr(kctx))
1069 if (!TEST_true(EVP_PKEY_keygen_init(kctx)))
1072 if (!TEST_true(EVP_PKEY_keygen(kctx, &pkey)))
1075 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1078 if (!TEST_ptr(md_ctx_verify = EVP_MD_CTX_new()))
1081 if (!TEST_ptr(sctx = EVP_PKEY_CTX_new(pkey, NULL)))
1084 EVP_MD_CTX_set_pkey_ctx(md_ctx, sctx);
1085 EVP_MD_CTX_set_pkey_ctx(md_ctx_verify, sctx);
1087 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, EVP_sm3(), NULL, pkey)))
1090 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
1093 if(!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
1096 /* Determine the size of the signature. */
1097 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len)))
1100 if (!TEST_ptr(sig = OPENSSL_malloc(sig_len)))
1103 if (!TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
1106 /* Ensure that the signature round-trips. */
1108 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, EVP_sm3(), NULL, pkey)))
1111 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
1114 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg))))
1117 if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)))
1120 /* now check encryption/decryption */
1122 gparams[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
1123 mdname, sizeof(mdname));
1124 for (i = 0; i < 2; i++) {
1125 EVP_PKEY_CTX_free(cctx);
1127 sparams[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
1128 i == 0 ? "SM3" : "SHA2-256",
1131 if (!TEST_ptr(cctx = EVP_PKEY_CTX_new(pkey, NULL)))
1134 if (!TEST_true(EVP_PKEY_encrypt_init(cctx)))
1137 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
1140 if (!TEST_true(EVP_PKEY_encrypt(cctx, ciphertext, &ctext_len, kMsg,
1144 if (!TEST_true(EVP_PKEY_decrypt_init(cctx)))
1147 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
1150 if (!TEST_true(EVP_PKEY_decrypt(cctx, plaintext, &ptext_len, ciphertext,
1154 if (!TEST_true(EVP_PKEY_CTX_get_params(cctx, gparams)))
1157 /* Test we're still using the digest we think we are */
1158 if (i == 0 && !TEST_int_eq(strcmp(mdname, "SM3"), 0))
1160 if (i == 1 && !TEST_int_eq(strcmp(mdname, "SHA2-256"), 0))
1163 if (!TEST_true(ptext_len == sizeof(kMsg)))
1166 if (!TEST_true(memcmp(plaintext, kMsg, sizeof(kMsg)) == 0))
1172 EVP_PKEY_CTX_free(pctx);
1173 EVP_PKEY_CTX_free(kctx);
1174 EVP_PKEY_CTX_free(sctx);
1175 EVP_PKEY_CTX_free(cctx);
1176 EVP_PKEY_free(pkey);
1177 EVP_PKEY_free(pkeyparams);
1178 EVP_MD_CTX_free(md_ctx);
1179 EVP_MD_CTX_free(md_ctx_verify);
1186 static struct keys_st {
1192 EVP_PKEY_HMAC, "0123456789", NULL
1194 EVP_PKEY_POLY1305, "01234567890123456789012345678901", NULL
1196 EVP_PKEY_SIPHASH, "0123456789012345", NULL
1198 #ifndef OPENSSL_NO_EC
1200 EVP_PKEY_X25519, "01234567890123456789012345678901",
1201 "abcdefghijklmnopqrstuvwxyzabcdef"
1203 EVP_PKEY_ED25519, "01234567890123456789012345678901",
1204 "abcdefghijklmnopqrstuvwxyzabcdef"
1207 "01234567890123456789012345678901234567890123456789012345",
1208 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd"
1211 "012345678901234567890123456789012345678901234567890123456",
1212 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcde"
1217 static int test_set_get_raw_keys_int(int tst, int pub, int uselibctx)
1220 unsigned char buf[80];
1222 size_t inlen, len = 0;
1225 /* Check if this algorithm supports public keys */
1226 if (keys[tst].pub == NULL)
1229 memset(buf, 0, sizeof(buf));
1232 inlen = strlen(keys[tst].pub);
1233 in = (unsigned char *)keys[tst].pub;
1235 pkey = EVP_PKEY_new_raw_public_key_ex(
1237 OBJ_nid2sn(keys[tst].type),
1242 pkey = EVP_PKEY_new_raw_public_key(keys[tst].type,
1248 inlen = strlen(keys[tst].priv);
1249 in = (unsigned char *)keys[tst].priv;
1251 pkey = EVP_PKEY_new_raw_private_key_ex(
1252 testctx, OBJ_nid2sn(keys[tst].type),
1257 pkey = EVP_PKEY_new_raw_private_key(keys[tst].type,
1265 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, NULL, &len)))
1266 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, NULL, &len)))
1267 || !TEST_true(len == inlen)
1268 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, buf, &len)))
1269 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, buf, &len)))
1270 || !TEST_mem_eq(in, inlen, buf, len))
1275 EVP_PKEY_free(pkey);
1279 static int test_set_get_raw_keys(int tst)
1281 return test_set_get_raw_keys_int(tst, 0, 0)
1282 && test_set_get_raw_keys_int(tst, 0, 1)
1283 && test_set_get_raw_keys_int(tst, 1, 0)
1284 && test_set_get_raw_keys_int(tst, 1, 1);
1287 #ifndef OPENSSL_NO_DEPRECATED_3_0
1288 static int pkey_custom_check(EVP_PKEY *pkey)
1293 static int pkey_custom_pub_check(EVP_PKEY *pkey)
1298 static int pkey_custom_param_check(EVP_PKEY *pkey)
1303 static EVP_PKEY_METHOD *custom_pmeth;
1306 static int test_EVP_PKEY_check(int i)
1309 const unsigned char *p;
1310 EVP_PKEY *pkey = NULL;
1311 #ifndef OPENSSL_NO_EC
1312 EC_KEY *eckey = NULL;
1314 EVP_PKEY_CTX *ctx = NULL;
1315 #ifndef OPENSSL_NO_DEPRECATED_3_0
1316 EVP_PKEY_CTX *ctx2 = NULL;
1318 const APK_DATA *ak = &keycheckdata[i];
1319 const unsigned char *input = ak->kder;
1320 size_t input_len = ak->size;
1321 int expected_id = ak->evptype;
1322 int expected_check = ak->check;
1323 int expected_pub_check = ak->pub_check;
1324 int expected_param_check = ak->param_check;
1325 int type = ak->type;
1332 if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len))
1333 || !TEST_ptr_eq(p, input + input_len)
1334 || !TEST_int_eq(EVP_PKEY_id(pkey), expected_id))
1337 #ifndef OPENSSL_NO_EC
1339 if (!TEST_ptr(pubkey = BIO_new_mem_buf(input, input_len))
1340 || !TEST_ptr(eckey = d2i_EC_PUBKEY_bio(pubkey, NULL))
1341 || !TEST_ptr(pkey = EVP_PKEY_new())
1342 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
1346 if (!TEST_ptr(eckey = d2i_ECParameters(NULL, &p, input_len))
1347 || !TEST_ptr_eq(p, input + input_len)
1348 || !TEST_ptr(pkey = EVP_PKEY_new())
1349 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
1357 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new(pkey, NULL)))
1360 if (!TEST_int_eq(EVP_PKEY_check(ctx), expected_check))
1363 if (!TEST_int_eq(EVP_PKEY_public_check(ctx), expected_pub_check))
1366 if (!TEST_int_eq(EVP_PKEY_param_check(ctx), expected_param_check))
1369 #ifndef OPENSSL_NO_DEPRECATED_3_0
1370 ctx2 = EVP_PKEY_CTX_new_id(0xdefaced, NULL);
1371 /* assign the pkey directly, as an internal test */
1372 EVP_PKEY_up_ref(pkey);
1375 if (!TEST_int_eq(EVP_PKEY_check(ctx2), 0xbeef))
1378 if (!TEST_int_eq(EVP_PKEY_public_check(ctx2), 0xbeef))
1381 if (!TEST_int_eq(EVP_PKEY_param_check(ctx2), 0xbeef))
1388 EVP_PKEY_CTX_free(ctx);
1389 #ifndef OPENSSL_NO_DEPRECATED_3_0
1390 EVP_PKEY_CTX_free(ctx2);
1392 EVP_PKEY_free(pkey);
1397 #ifndef OPENSSL_NO_CMAC
1398 static int get_cmac_val(EVP_PKEY *pkey, unsigned char *mac)
1400 EVP_MD_CTX *mdctx = EVP_MD_CTX_new();
1401 const char msg[] = "Hello World";
1405 if (!TEST_ptr(mdctx)
1406 || !TEST_true(EVP_DigestSignInit(mdctx, NULL, NULL, NULL, pkey))
1407 || !TEST_true(EVP_DigestSignUpdate(mdctx, msg, sizeof(msg)))
1408 || !TEST_true(EVP_DigestSignFinal(mdctx, mac, &maclen))
1409 || !TEST_size_t_eq(maclen, AES_BLOCK_SIZE))
1412 EVP_MD_CTX_free(mdctx);
1416 static int test_CMAC_keygen(void)
1418 static unsigned char key[] = {
1419 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
1420 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
1421 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
1424 * This is a legacy method for CMACs, but should still work.
1425 * This verifies that it works without an ENGINE.
1427 EVP_PKEY_CTX *kctx = EVP_PKEY_CTX_new_id(EVP_PKEY_CMAC, NULL);
1429 EVP_PKEY *pkey = NULL;
1430 unsigned char mac[AES_BLOCK_SIZE], mac2[AES_BLOCK_SIZE];
1432 /* Test a CMAC key created using the "generated" method */
1433 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0)
1434 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
1435 EVP_PKEY_CTRL_CIPHER,
1436 0, (void *)EVP_aes_256_ecb()), 0)
1437 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
1438 EVP_PKEY_CTRL_SET_MAC_KEY,
1439 sizeof(key), (void *)key), 0)
1440 || !TEST_int_gt(EVP_PKEY_keygen(kctx, &pkey), 0)
1442 || !TEST_true(get_cmac_val(pkey, mac)))
1445 EVP_PKEY_free(pkey);
1448 * Test a CMAC key using the direct method, and compare with the mac
1451 pkey = EVP_PKEY_new_CMAC_key(NULL, key, sizeof(key), EVP_aes_256_ecb());
1453 || !TEST_true(get_cmac_val(pkey, mac2))
1454 || !TEST_mem_eq(mac, sizeof(mac), mac2, sizeof(mac2)))
1460 EVP_PKEY_free(pkey);
1461 EVP_PKEY_CTX_free(kctx);
1466 static int test_HKDF(void)
1469 unsigned char out[20];
1472 unsigned char salt[] = "0123456789";
1473 unsigned char key[] = "012345678901234567890123456789";
1474 unsigned char info[] = "infostring";
1475 const unsigned char expected[] = {
1476 0xe5, 0x07, 0x70, 0x7f, 0xc6, 0x78, 0xd6, 0x54, 0x32, 0x5f, 0x7e, 0xc5,
1477 0x7b, 0x59, 0x3e, 0xd8, 0x03, 0x6b, 0xed, 0xca
1479 size_t expectedlen = sizeof(expected);
1481 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL)))
1484 /* We do this twice to test reuse of the EVP_PKEY_CTX */
1485 for (i = 0; i < 2; i++) {
1486 outlen = sizeof(out);
1487 memset(out, 0, outlen);
1489 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
1490 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
1491 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
1492 sizeof(salt) - 1), 0)
1493 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
1494 sizeof(key) - 1), 0)
1495 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
1496 sizeof(info) - 1), 0)
1497 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
1498 || !TEST_mem_eq(out, outlen, expected, expectedlen))
1505 EVP_PKEY_CTX_free(pctx);
1510 static int test_emptyikm_HKDF(void)
1513 unsigned char out[20];
1516 unsigned char salt[] = "9876543210";
1517 unsigned char key[] = "";
1518 unsigned char info[] = "stringinfo";
1519 const unsigned char expected[] = {
1520 0x68, 0x81, 0xa5, 0x3e, 0x5b, 0x9c, 0x7b, 0x6f, 0x2e, 0xec, 0xc8, 0x47,
1521 0x7c, 0xfa, 0x47, 0x35, 0x66, 0x82, 0x15, 0x30
1523 size_t expectedlen = sizeof(expected);
1525 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL)))
1528 outlen = sizeof(out);
1529 memset(out, 0, outlen);
1531 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
1532 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
1533 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
1534 sizeof(salt) - 1), 0)
1535 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
1536 sizeof(key) - 1), 0)
1537 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
1538 sizeof(info) - 1), 0)
1539 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
1540 || !TEST_mem_eq(out, outlen, expected, expectedlen))
1546 EVP_PKEY_CTX_free(pctx);
1551 #ifndef OPENSSL_NO_EC
1552 static int test_X509_PUBKEY_inplace(void)
1555 X509_PUBKEY *xp = NULL;
1556 const unsigned char *p = kExampleECPubKeyDER;
1557 size_t input_len = sizeof(kExampleECPubKeyDER);
1559 if (!TEST_ptr(xp = d2i_X509_PUBKEY(NULL, &p, input_len)))
1562 if (!TEST_ptr(X509_PUBKEY_get0(xp)))
1565 p = kExampleBadECPubKeyDER;
1566 input_len = sizeof(kExampleBadECPubKeyDER);
1568 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len)))
1571 if (!TEST_true(X509_PUBKEY_get0(xp) == NULL))
1577 X509_PUBKEY_free(xp);
1580 #endif /* OPENSSL_NO_EC */
1582 /* Test getting and setting parameters on an EVP_PKEY_CTX */
1583 static int test_EVP_PKEY_CTX_get_set_params(EVP_PKEY *pkey)
1585 EVP_MD_CTX *mdctx = NULL;
1586 EVP_PKEY_CTX *ctx = NULL;
1587 const OSSL_PARAM *params;
1588 OSSL_PARAM ourparams[2], *param = ourparams, *param_md;
1591 char mdname[OSSL_MAX_NAME_SIZE];
1594 /* Initialise a sign operation */
1595 ctx = EVP_PKEY_CTX_new(pkey, NULL);
1597 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0))
1601 * We should be able to query the parameters now.
1603 params = EVP_PKEY_CTX_settable_params(ctx);
1604 if (!TEST_ptr(params)
1605 || !TEST_ptr(OSSL_PARAM_locate_const(params,
1606 OSSL_SIGNATURE_PARAM_DIGEST)))
1609 params = EVP_PKEY_CTX_gettable_params(ctx);
1610 if (!TEST_ptr(params)
1611 || !TEST_ptr(OSSL_PARAM_locate_const(params,
1612 OSSL_SIGNATURE_PARAM_ALGORITHM_ID))
1613 || !TEST_ptr(OSSL_PARAM_locate_const(params,
1614 OSSL_SIGNATURE_PARAM_DIGEST)))
1618 * Test getting and setting params via EVP_PKEY_CTX_set_params() and
1619 * EVP_PKEY_CTX_get_params()
1621 strcpy(mdname, "SHA512");
1623 *param++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
1625 *param++ = OSSL_PARAM_construct_end();
1627 if (!TEST_true(EVP_PKEY_CTX_set_params(ctx, ourparams)))
1631 *param_md = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
1632 mdname, sizeof(mdname));
1633 if (!TEST_true(EVP_PKEY_CTX_get_params(ctx, ourparams))
1634 || !TEST_str_eq(mdname, "SHA512"))
1638 * Test the TEST_PKEY_CTX_set_signature_md() and
1639 * TEST_PKEY_CTX_get_signature_md() functions
1641 if (!TEST_int_gt(EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()), 0)
1642 || !TEST_int_gt(EVP_PKEY_CTX_get_signature_md(ctx, &md), 0)
1643 || !TEST_ptr_eq(md, EVP_sha256()))
1647 * Test getting MD parameters via an associated EVP_PKEY_CTX
1649 mdctx = EVP_MD_CTX_new();
1650 if (!TEST_ptr(mdctx)
1651 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, "SHA1", NULL, NULL,
1656 * We now have an EVP_MD_CTX with an EVP_PKEY_CTX inside it. We should be
1657 * able to obtain the digest's settable parameters from the provider.
1659 params = EVP_MD_CTX_settable_params(mdctx);
1660 if (!TEST_ptr(params)
1661 || !TEST_int_eq(strcmp(params[0].key, OSSL_DIGEST_PARAM_SSL3_MS), 0)
1662 /* The final key should be NULL */
1663 || !TEST_ptr_null(params[1].key))
1667 memset(ssl3ms, 0, sizeof(ssl3ms));
1668 *param++ = OSSL_PARAM_construct_octet_string(OSSL_DIGEST_PARAM_SSL3_MS,
1669 ssl3ms, sizeof(ssl3ms));
1670 *param++ = OSSL_PARAM_construct_end();
1672 if (!TEST_true(EVP_MD_CTX_set_params(mdctx, ourparams)))
1678 EVP_MD_CTX_free(mdctx);
1679 EVP_PKEY_CTX_free(ctx);
1684 #ifndef OPENSSL_NO_DSA
1685 static int test_DSA_get_set_params(void)
1688 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
1689 EVP_PKEY *pkey = NULL;
1693 * Setup the parameters for our DSA object. For our purposes they don't
1694 * have to actually be *valid* parameters. We just need to set something.
1707 || !DSA_set0_pqg(dsa, p, q, g)
1708 || !DSA_set0_key(dsa, pub, priv))
1710 p = q = g = pub = priv = NULL;
1712 pkey = EVP_PKEY_new();
1714 || !TEST_true(EVP_PKEY_assign_DSA(pkey, dsa)))
1719 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
1722 EVP_PKEY_free(pkey);
1734 static int test_RSA_get_set_params(void)
1736 OSSL_PARAM_BLD *bld = NULL;
1737 OSSL_PARAM *params = NULL;
1738 BIGNUM *n = NULL, *e = NULL, *d = NULL;
1739 EVP_PKEY_CTX *pctx = NULL;
1740 EVP_PKEY *pkey = NULL;
1744 * Setup the parameters for our RSA object. For our purposes they don't
1745 * have to actually be *valid* parameters. We just need to set something.
1747 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA", NULL))
1748 || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
1749 || !TEST_ptr(n = BN_new())
1750 || !TEST_ptr(e = BN_new())
1751 || !TEST_ptr(d = BN_new()))
1753 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_N, n))
1754 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_E, e))
1755 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_D, d)))
1757 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
1760 if (!TEST_int_gt(EVP_PKEY_key_fromdata_init(pctx), 0)
1761 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, params), 0))
1764 if (!TEST_ptr(pkey))
1767 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
1770 EVP_PKEY_free(pkey);
1771 EVP_PKEY_CTX_free(pctx);
1772 OSSL_PARAM_BLD_free_params(params);
1773 OSSL_PARAM_BLD_free(bld);
1781 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
1782 static int test_decrypt_null_chunks(void)
1784 EVP_CIPHER_CTX* ctx = NULL;
1785 const unsigned char key[32] = {
1786 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
1787 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
1788 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1
1790 unsigned char iv[12] = {
1791 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b
1793 unsigned char msg[] = "It was the best of times, it was the worst of times";
1794 unsigned char ciphertext[80];
1795 unsigned char plaintext[80];
1796 /* We initialise tmp to a non zero value on purpose */
1797 int ctlen, ptlen, tmp = 99;
1799 const int enc_offset = 10, dec_offset = 20;
1801 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
1802 || !TEST_true(EVP_EncryptInit_ex(ctx, EVP_chacha20_poly1305(), NULL,
1804 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &ctlen, msg,
1806 /* Deliberate add a zero length update */
1807 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp, NULL,
1809 || !TEST_int_eq(tmp, 0)
1810 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp,
1812 sizeof(msg) - enc_offset))
1813 || !TEST_int_eq(ctlen += tmp, sizeof(msg))
1814 || !TEST_true(EVP_EncryptFinal(ctx, ciphertext + ctlen, &tmp))
1815 || !TEST_int_eq(tmp, 0))
1818 /* Deliberately initialise tmp to a non zero value */
1820 if (!TEST_true(EVP_DecryptInit_ex(ctx, EVP_chacha20_poly1305(), NULL, key,
1822 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext, &ptlen, ciphertext,
1825 * Deliberately add a zero length update. We also deliberately do
1826 * this at a different offset than for encryption.
1828 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp, NULL,
1830 || !TEST_int_eq(tmp, 0)
1831 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp,
1832 ciphertext + dec_offset,
1833 ctlen - dec_offset))
1834 || !TEST_int_eq(ptlen += tmp, sizeof(msg))
1835 || !TEST_true(EVP_DecryptFinal(ctx, plaintext + ptlen, &tmp))
1836 || !TEST_int_eq(tmp, 0)
1837 || !TEST_mem_eq(msg, sizeof(msg), plaintext, ptlen))
1842 EVP_CIPHER_CTX_free(ctx);
1845 #endif /* !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) */
1847 #if !defined(OPENSSL_NO_DH) && !defined(OPENSSL_NO_DEPRECATED_3_0)
1848 static int test_EVP_PKEY_set1_DH(void)
1850 DH *x942dh = NULL, *noqdh = NULL;
1851 EVP_PKEY *pkey1 = NULL, *pkey2 = NULL;
1853 BIGNUM *p, *g = NULL;
1855 if (!TEST_ptr(p = BN_new())
1856 || !TEST_ptr(g = BN_new())
1857 || !BN_set_word(p, 9999)
1858 || !BN_set_word(g, 2)
1859 || !TEST_ptr(noqdh = DH_new())
1860 || !DH_set0_pqg(noqdh, p, NULL, g))
1864 x942dh = DH_get_2048_256();
1865 pkey1 = EVP_PKEY_new();
1866 pkey2 = EVP_PKEY_new();
1867 if (!TEST_ptr(x942dh)
1870 || !TEST_ptr(pkey2))
1873 if(!TEST_true(EVP_PKEY_set1_DH(pkey1, x942dh))
1874 || !TEST_int_eq(EVP_PKEY_id(pkey1), EVP_PKEY_DHX))
1877 if(!TEST_true(EVP_PKEY_set1_DH(pkey2, noqdh))
1878 || !TEST_int_eq(EVP_PKEY_id(pkey2), EVP_PKEY_DH))
1885 EVP_PKEY_free(pkey1);
1886 EVP_PKEY_free(pkey2);
1895 * We test what happens with an empty template. For the sake of this test,
1896 * the template must be ignored, and we know that's the case for RSA keys
1897 * (this might arguably be a misfeature, but that's what we currently do,
1898 * even in provider code, since that's how the legacy RSA implementation
1901 static int test_keygen_with_empty_template(int n)
1903 EVP_PKEY_CTX *ctx = NULL;
1904 EVP_PKEY *pkey = NULL;
1905 EVP_PKEY *tkey = NULL;
1910 /* We do test with no template at all as well */
1911 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL)))
1915 /* Here we create an empty RSA key that serves as our template */
1916 if (!TEST_ptr(tkey = EVP_PKEY_new())
1917 || !TEST_true(EVP_PKEY_set_type(tkey, EVP_PKEY_RSA))
1918 || !TEST_ptr(ctx = EVP_PKEY_CTX_new(tkey, NULL)))
1923 if (!TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
1924 || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0))
1929 EVP_PKEY_CTX_free(ctx);
1930 EVP_PKEY_free(pkey);
1931 EVP_PKEY_free(tkey);
1936 * Test that we fail if we attempt to use an algorithm that is not available
1937 * in the current library context (unless we are using an algorithm that
1938 * should be made available via legacy codepaths).
1943 static int test_pkey_ctx_fail_without_provider(int tst)
1945 OSSL_LIB_CTX *tmpctx = OSSL_LIB_CTX_new();
1946 OSSL_PROVIDER *nullprov = NULL;
1947 EVP_PKEY_CTX *pctx = NULL;
1948 const char *keytype = NULL;
1949 int expect_null = 0;
1952 if (!TEST_ptr(tmpctx))
1955 nullprov = OSSL_PROVIDER_load(tmpctx, "null");
1956 if (!TEST_ptr(nullprov))
1960 * We check for certain algos in the null provider.
1961 * If an algo is expected to have a provider keymgmt, contructing an
1962 * EVP_PKEY_CTX is expected to fail (return NULL).
1963 * Otherwise, if it's expected to have legacy support, contructing an
1964 * EVP_PKEY_CTX is expected to succeed (return non-NULL).
1974 #ifdef OPENSSL_NO_EC
1975 TEST_info("EC disable, skipping SM2 check...");
1978 #ifdef OPENSSL_NO_SM2
1979 TEST_info("SM2 disable, skipping SM2 check...");
1984 TEST_error("No test for case %d", tst);
1988 pctx = EVP_PKEY_CTX_new_from_name(tmpctx, keytype, "");
1989 if (expect_null ? !TEST_ptr_null(pctx) : !TEST_ptr(pctx))
1992 #if defined(OPENSSL_NO_EC) || defined(OPENSSL_NO_SM2)
1998 EVP_PKEY_CTX_free(pctx);
1999 OSSL_PROVIDER_unload(nullprov);
2000 OSSL_LIB_CTX_free(tmpctx);
2004 static int test_rand_agglomeration(void)
2008 OSSL_PARAM params[3], *p = params;
2010 unsigned int step = 7;
2011 static unsigned char seed[] = "It does not matter how slowly you go "
2012 "as long as you do not stop.";
2013 unsigned char out[sizeof(seed)];
2015 if (!TEST_int_ne(sizeof(seed) % step, 0)
2016 || !TEST_ptr(rand = EVP_RAND_fetch(NULL, "TEST-RAND", NULL)))
2018 ctx = EVP_RAND_CTX_new(rand, NULL);
2019 EVP_RAND_free(rand);
2023 memset(out, 0, sizeof(out));
2024 *p++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY,
2025 seed, sizeof(seed));
2026 *p++ = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_MAX_REQUEST, &step);
2027 *p = OSSL_PARAM_construct_end();
2028 res = TEST_true(EVP_RAND_set_ctx_params(ctx, params))
2029 && TEST_true(EVP_RAND_generate(ctx, out, sizeof(out), 0, 1, NULL, 0))
2030 && TEST_mem_eq(seed, sizeof(seed), out, sizeof(out));
2031 EVP_RAND_CTX_free(ctx);
2036 * Test that we correctly return the original or "running" IV after
2037 * an encryption operation.
2038 * Run multiple times for some different relevant algorithms/modes.
2040 static int test_evp_iv(int idx)
2043 EVP_CIPHER_CTX *ctx = NULL;
2044 unsigned char key[16] = {0x4c, 0x43, 0xdb, 0xdd, 0x42, 0x73, 0x47, 0xd1,
2045 0xe5, 0x62, 0x7d, 0xcd, 0x4d, 0x76, 0x4d, 0x57};
2046 unsigned char init_iv[EVP_MAX_IV_LENGTH] =
2047 {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82,
2048 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34};
2049 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8,
2050 9, 10, 11, 12, 13, 14, 15, 16 };
2051 unsigned char ciphertext[32], oiv[16], iv[16];
2052 unsigned char *ref_iv;
2053 unsigned char cbc_state[16] = {0x10, 0x2f, 0x05, 0xcc, 0xc2, 0x55, 0x72, 0xb9,
2054 0x88, 0xe6, 0x4a, 0x17, 0x10, 0x74, 0x22, 0x5e};
2056 unsigned char ofb_state[16] = {0x76, 0xe6, 0x66, 0x61, 0xd0, 0x8a, 0xe4, 0x64,
2057 0xdd, 0x66, 0xbf, 0x00, 0xf0, 0xe3, 0x6f, 0xfd};
2058 unsigned char gcm_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
2059 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
2060 unsigned char ccm_state[7] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98};
2061 #ifndef OPENSSL_NO_OCB
2062 unsigned char ocb_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
2063 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
2065 int len = sizeof(ciphertext);
2066 size_t ivlen, ref_len;
2067 const EVP_CIPHER *type = NULL;
2071 type = EVP_aes_128_cbc();
2074 type = (type != NULL) ? type :
2075 EVP_CIPHER_fetch(testctx, "aes-128-cbc", NULL);
2077 ref_len = sizeof(cbc_state);
2080 type = EVP_aes_128_ofb();
2083 type = (type != NULL) ? type :
2084 EVP_CIPHER_fetch(testctx, "aes-128-ofb", NULL);
2086 ref_len = sizeof(ofb_state);
2089 type = EVP_aes_128_gcm();
2092 type = (type != NULL) ? type :
2093 EVP_CIPHER_fetch(testctx, "aes-128-gcm", NULL);
2095 ref_len = sizeof(gcm_state);
2098 type = EVP_aes_128_ccm();
2101 type = (type != NULL) ? type :
2102 EVP_CIPHER_fetch(testctx, "aes-128-ccm", NULL);
2104 ref_len = sizeof(ccm_state);
2106 #ifdef OPENSSL_NO_OCB
2112 type = EVP_aes_128_ocb();
2115 type = (type != NULL) ? type :
2116 EVP_CIPHER_fetch(testctx, "aes-128-ocb", NULL);
2118 ref_len = sizeof(ocb_state);
2126 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new()))
2127 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv))
2128 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg,
2130 || !TEST_true(EVP_CIPHER_CTX_get_iv(ctx, oiv, sizeof(oiv)))
2131 || !TEST_true(EVP_CIPHER_CTX_get_iv_state(ctx, iv, sizeof(iv)))
2132 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len)))
2134 ivlen = EVP_CIPHER_CTX_iv_length(ctx);
2135 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen)
2136 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen))
2141 EVP_CIPHER_CTX_free(ctx);
2143 EVP_CIPHER_free((EVP_CIPHER *)type);
2147 int setup_tests(void)
2149 testctx = OSSL_LIB_CTX_new();
2151 if (!TEST_ptr(testctx))
2154 ADD_TEST(test_EVP_set_default_properties);
2155 ADD_ALL_TESTS(test_EVP_DigestSignInit, 9);
2156 ADD_TEST(test_EVP_DigestVerifyInit);
2157 ADD_TEST(test_EVP_Digest);
2158 ADD_TEST(test_EVP_Enveloped);
2159 ADD_ALL_TESTS(test_d2i_AutoPrivateKey, OSSL_NELEM(keydata));
2160 ADD_TEST(test_privatekey_to_pkcs8);
2161 #ifndef OPENSSL_NO_EC
2162 ADD_TEST(test_EVP_PKCS82PKEY);
2164 #ifndef OPENSSL_NO_EC
2165 ADD_ALL_TESTS(test_EC_keygen_with_enc, OSSL_NELEM(ec_encodings));
2167 #if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
2168 ADD_TEST(test_EVP_SM2);
2169 ADD_TEST(test_EVP_SM2_verify);
2171 ADD_ALL_TESTS(test_set_get_raw_keys, OSSL_NELEM(keys));
2172 #ifndef OPENSSL_NO_DEPRECATED_3_0
2173 custom_pmeth = EVP_PKEY_meth_new(0xdefaced, 0);
2174 if (!TEST_ptr(custom_pmeth))
2176 EVP_PKEY_meth_set_check(custom_pmeth, pkey_custom_check);
2177 EVP_PKEY_meth_set_public_check(custom_pmeth, pkey_custom_pub_check);
2178 EVP_PKEY_meth_set_param_check(custom_pmeth, pkey_custom_param_check);
2179 if (!TEST_int_eq(EVP_PKEY_meth_add0(custom_pmeth), 1))
2182 ADD_ALL_TESTS(test_EVP_PKEY_check, OSSL_NELEM(keycheckdata));
2183 #ifndef OPENSSL_NO_CMAC
2184 ADD_TEST(test_CMAC_keygen);
2186 ADD_TEST(test_HKDF);
2187 ADD_TEST(test_emptyikm_HKDF);
2188 #ifndef OPENSSL_NO_EC
2189 ADD_TEST(test_X509_PUBKEY_inplace);
2190 ADD_ALL_TESTS(test_invalide_ec_char2_pub_range_decode,
2191 OSSL_NELEM(ec_der_pub_keys));
2193 #ifndef OPENSSL_NO_DSA
2194 ADD_TEST(test_DSA_get_set_params);
2196 ADD_TEST(test_RSA_get_set_params);
2197 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
2198 ADD_TEST(test_decrypt_null_chunks);
2200 #if !defined(OPENSSL_NO_DH) && !defined(OPENSSL_NO_DEPRECATED_3_0)
2201 ADD_TEST(test_EVP_PKEY_set1_DH);
2203 ADD_ALL_TESTS(test_keygen_with_empty_template, 2);
2204 ADD_ALL_TESTS(test_pkey_ctx_fail_without_provider, 2);
2206 ADD_TEST(test_rand_agglomeration);
2207 ADD_ALL_TESTS(test_evp_iv, 10);
2212 void cleanup_tests(void)
2214 OSSL_LIB_CTX_free(testctx);