2 * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
13 #include <openssl/bio.h>
14 #include <openssl/conf.h>
15 #include <openssl/crypto.h>
16 #include <openssl/err.h>
17 #include <openssl/evp.h>
18 #include <openssl/rsa.h>
19 #include <openssl/x509.h>
20 #include <openssl/pem.h>
21 #include <openssl/kdf.h>
22 #include <openssl/provider.h>
23 #include <openssl/core_names.h>
24 #include <openssl/dsa.h>
26 #include "internal/nelem.h"
27 #include "internal/evp_int.h"
30 * kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you
31 * should never use this key anywhere but in an example.
33 static const unsigned char kExampleRSAKeyDER[] = {
34 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xf8,
35 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59,
36 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37,
37 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71,
38 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a,
39 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4,
40 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec,
41 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76,
42 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8,
43 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7,
44 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c,
45 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01,
46 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 0x6d, 0xc7,
47 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 0x32, 0x85,
48 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 0x5f, 0xee,
49 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 0x66, 0x85,
50 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 0xa4, 0x0a,
51 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 0xc2, 0x15,
52 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 0x5b, 0x83,
53 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 0x80, 0x1b,
54 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 0x99, 0x73,
55 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 0x1f, 0x99,
56 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 0xb1, 0x02,
57 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 0x40, 0x41,
58 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 0x3d, 0x59,
59 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 0xc6, 0xd9,
60 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 0x9f, 0xef,
61 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 0x46, 0x87,
62 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 0x2c, 0xdf,
63 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 0x55, 0xf5,
64 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 0xcd, 0xb5,
65 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 0xb3, 0x62,
66 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 0x9b, 0x64,
67 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 0xfa, 0xb8,
68 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 0xe8, 0xba,
69 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 0xe7, 0xfe,
70 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 0x75, 0xe7,
71 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 0x9d, 0xfe,
72 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 0xf1, 0xdb,
73 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 0x5a, 0x34,
74 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 0x84, 0x27,
75 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 0xe9, 0xc0,
76 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 0xb9, 0xba,
77 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 0x10, 0x06,
78 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 0x52, 0x2c,
79 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 0xc4, 0x1e,
80 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 0x49, 0xaf,
81 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 0xd1, 0x8a,
82 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 0x17, 0x17,
83 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 0x08, 0xf1,
84 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
88 * kExampleBadRSAKeyDER is an RSA private key in ASN.1, DER format. The private
89 * components are not correct.
91 static const unsigned char kExampleBadRSAKeyDER[] = {
92 0x30, 0x82, 0x04, 0x27, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00,
93 0xa6, 0x1a, 0x1e, 0x6e, 0x7b, 0xee, 0xc6, 0x89, 0x66, 0xe7, 0x93, 0xef,
94 0x54, 0x12, 0x68, 0xea, 0xbf, 0x86, 0x2f, 0xdd, 0xd2, 0x79, 0xb8, 0xa9,
95 0x6e, 0x03, 0xc2, 0xa3, 0xb9, 0xa3, 0xe1, 0x4b, 0x2a, 0xb3, 0xf8, 0xb4,
96 0xcd, 0xea, 0xbe, 0x24, 0xa6, 0x57, 0x5b, 0x83, 0x1f, 0x0f, 0xf2, 0xd3,
97 0xb7, 0xac, 0x7e, 0xd6, 0x8e, 0x6e, 0x1e, 0xbf, 0xb8, 0x73, 0x8c, 0x05,
98 0x56, 0xe6, 0x35, 0x1f, 0xe9, 0x04, 0x0b, 0x09, 0x86, 0x7d, 0xf1, 0x26,
99 0x08, 0x99, 0xad, 0x7b, 0xc8, 0x4d, 0x94, 0xb0, 0x0b, 0x8b, 0x38, 0xa0,
100 0x5c, 0x62, 0xa0, 0xab, 0xd3, 0x8f, 0xd4, 0x09, 0x60, 0x72, 0x1e, 0x33,
101 0x50, 0x80, 0x6e, 0x22, 0xa6, 0x77, 0x57, 0x6b, 0x9a, 0x33, 0x21, 0x66,
102 0x87, 0x6e, 0x21, 0x7b, 0xc7, 0x24, 0x0e, 0xd8, 0x13, 0xdf, 0x83, 0xde,
103 0xcd, 0x40, 0x58, 0x1d, 0x84, 0x86, 0xeb, 0xb8, 0x12, 0x4e, 0xd2, 0xfa,
104 0x80, 0x1f, 0xe4, 0xe7, 0x96, 0x29, 0xb8, 0xcc, 0xce, 0x66, 0x6d, 0x53,
105 0xca, 0xb9, 0x5a, 0xd7, 0xf6, 0x84, 0x6c, 0x2d, 0x9a, 0x1a, 0x14, 0x1c,
106 0x4e, 0x93, 0x39, 0xba, 0x74, 0xed, 0xed, 0x87, 0x87, 0x5e, 0x48, 0x75,
107 0x36, 0xf0, 0xbc, 0x34, 0xfb, 0x29, 0xf9, 0x9f, 0x96, 0x5b, 0x0b, 0xa7,
108 0x54, 0x30, 0x51, 0x29, 0x18, 0x5b, 0x7d, 0xac, 0x0f, 0xd6, 0x5f, 0x7c,
109 0xf8, 0x98, 0x8c, 0xd8, 0x86, 0x62, 0xb3, 0xdc, 0xff, 0x0f, 0xff, 0x7a,
110 0xaf, 0x5c, 0x4c, 0x61, 0x49, 0x2e, 0xc8, 0x95, 0x86, 0xc4, 0x0e, 0x87,
111 0xfc, 0x1d, 0xcf, 0x8b, 0x7c, 0x61, 0xf6, 0xd8, 0xd0, 0x69, 0xf6, 0xcd,
112 0x8a, 0x8c, 0xf6, 0x62, 0xa2, 0x56, 0xa9, 0xe3, 0xd1, 0xcf, 0x4d, 0xa0,
113 0xf6, 0x2d, 0x20, 0x0a, 0x04, 0xb7, 0xa2, 0xf7, 0xb5, 0x99, 0x47, 0x18,
114 0x56, 0x85, 0x87, 0xc7, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01,
115 0x01, 0x00, 0x99, 0x41, 0x38, 0x1a, 0xd0, 0x96, 0x7a, 0xf0, 0x83, 0xd5,
116 0xdf, 0x94, 0xce, 0x89, 0x3d, 0xec, 0x7a, 0x52, 0x21, 0x10, 0x16, 0x06,
117 0xe0, 0xee, 0xd2, 0xe6, 0xfd, 0x4b, 0x7b, 0x19, 0x4d, 0xe1, 0xc0, 0xc0,
118 0xd5, 0x14, 0x5d, 0x79, 0xdd, 0x7e, 0x8b, 0x4b, 0xc6, 0xcf, 0xb0, 0x75,
119 0x52, 0xa3, 0x2d, 0xb1, 0x26, 0x46, 0x68, 0x9c, 0x0a, 0x1a, 0xf2, 0xe1,
120 0x09, 0xac, 0x53, 0x85, 0x8c, 0x36, 0xa9, 0x14, 0x65, 0xea, 0xa0, 0x00,
121 0xcb, 0xe3, 0x3f, 0xc4, 0x2b, 0x61, 0x2e, 0x6b, 0x06, 0x69, 0x77, 0xfd,
122 0x38, 0x7e, 0x1d, 0x3f, 0x92, 0xe7, 0x77, 0x08, 0x19, 0xa7, 0x9d, 0x29,
123 0x2d, 0xdc, 0x42, 0xc6, 0x7c, 0xd7, 0xd3, 0xa8, 0x01, 0x2c, 0xf2, 0xd5,
124 0x82, 0x57, 0xcb, 0x55, 0x3d, 0xe7, 0xaa, 0xd2, 0x06, 0x30, 0x30, 0x05,
125 0xe6, 0xf2, 0x47, 0x86, 0xba, 0xc6, 0x61, 0x64, 0xeb, 0x4f, 0x2a, 0x5e,
126 0x07, 0x29, 0xe0, 0x96, 0xb2, 0x43, 0xff, 0x5f, 0x1a, 0x54, 0x16, 0xcf,
127 0xb5, 0x56, 0x5c, 0xa0, 0x9b, 0x0c, 0xfd, 0xb3, 0xd2, 0xe3, 0x79, 0x1d,
128 0x21, 0xe2, 0xd6, 0x13, 0xc4, 0x74, 0xa6, 0xf5, 0x8e, 0x8e, 0x81, 0xbb,
129 0xb4, 0xad, 0x8a, 0xf0, 0x93, 0x0a, 0xd8, 0x0a, 0x42, 0x36, 0xbc, 0xe5,
130 0x26, 0x2a, 0x0d, 0x5d, 0x57, 0x13, 0xc5, 0x4e, 0x2f, 0x12, 0x0e, 0xef,
131 0xa7, 0x81, 0x1e, 0xc3, 0xa5, 0xdb, 0xc9, 0x24, 0xeb, 0x1a, 0xa1, 0xf9,
132 0xf6, 0xa1, 0x78, 0x98, 0x93, 0x77, 0x42, 0x45, 0x03, 0xe2, 0xc9, 0xa2,
133 0xfe, 0x2d, 0x77, 0xc8, 0xc6, 0xac, 0x9b, 0x98, 0x89, 0x6d, 0x9a, 0xe7,
134 0x61, 0x63, 0xb7, 0xf2, 0xec, 0xd6, 0xb1, 0xa1, 0x6e, 0x0a, 0x1a, 0xff,
135 0xfd, 0x43, 0x28, 0xc3, 0x0c, 0xdc, 0xf2, 0x47, 0x4f, 0x27, 0xaa, 0x99,
136 0x04, 0x8e, 0xac, 0xe8, 0x7c, 0x01, 0x02, 0x04, 0x12, 0x34, 0x56, 0x78,
137 0x02, 0x81, 0x81, 0x00, 0xca, 0x69, 0xe5, 0xbb, 0x3a, 0x90, 0x82, 0xcb,
138 0x82, 0x50, 0x2f, 0x29, 0xe2, 0x76, 0x6a, 0x57, 0x55, 0x45, 0x4e, 0x35,
139 0x18, 0x61, 0xe0, 0x12, 0x70, 0xc0, 0xab, 0xc7, 0x80, 0xa2, 0xd4, 0x46,
140 0x34, 0x03, 0xa0, 0x19, 0x26, 0x23, 0x9e, 0xef, 0x1a, 0xcb, 0x75, 0xd6,
141 0xba, 0x81, 0xf4, 0x7e, 0x52, 0xe5, 0x2a, 0xe8, 0xf1, 0x49, 0x6c, 0x0f,
142 0x1a, 0xa0, 0xf9, 0xc6, 0xe7, 0xec, 0x60, 0xe4, 0xcb, 0x2a, 0xb5, 0x56,
143 0xe9, 0x9c, 0xcd, 0x19, 0x75, 0x92, 0xb1, 0x66, 0xce, 0xc3, 0xd9, 0x3d,
144 0x11, 0xcb, 0xc4, 0x09, 0xce, 0x1e, 0x30, 0xba, 0x2f, 0x60, 0x60, 0x55,
145 0x8d, 0x02, 0xdc, 0x5d, 0xaf, 0xf7, 0x52, 0x31, 0x17, 0x07, 0x53, 0x20,
146 0x33, 0xad, 0x8c, 0xd5, 0x2f, 0x5a, 0xd0, 0x57, 0xd7, 0xd1, 0x80, 0xd6,
147 0x3a, 0x9b, 0x04, 0x4f, 0x35, 0xbf, 0xe7, 0xd5, 0xbc, 0x8f, 0xd4, 0x81,
148 0x02, 0x81, 0x81, 0x00, 0xc0, 0x9f, 0xf8, 0xcd, 0xf7, 0x3f, 0x26, 0x8a,
149 0x3d, 0x4d, 0x2b, 0x0c, 0x01, 0xd0, 0xa2, 0xb4, 0x18, 0xfe, 0xf7, 0x5e,
150 0x2f, 0x06, 0x13, 0xcd, 0x63, 0xaa, 0x12, 0xa9, 0x24, 0x86, 0xe3, 0xf3,
151 0x7b, 0xda, 0x1a, 0x3c, 0xb1, 0x38, 0x80, 0x80, 0xef, 0x64, 0x64, 0xa1,
152 0x9b, 0xfe, 0x76, 0x63, 0x8e, 0x83, 0xd2, 0xd9, 0xb9, 0x86, 0xb0, 0xe6,
153 0xa6, 0x0c, 0x7e, 0xa8, 0x84, 0x90, 0x98, 0x0c, 0x1e, 0xf3, 0x14, 0x77,
154 0xe0, 0x5f, 0x81, 0x08, 0x11, 0x8f, 0xa6, 0x23, 0xc4, 0xba, 0xc0, 0x8a,
155 0xe4, 0xc6, 0xe3, 0x5c, 0xbe, 0xc5, 0xec, 0x2c, 0xb9, 0xd8, 0x8c, 0x4d,
156 0x1a, 0x9d, 0xe7, 0x7c, 0x85, 0x4c, 0x0d, 0x71, 0x4e, 0x72, 0x33, 0x1b,
157 0xfe, 0xa9, 0x17, 0x72, 0x76, 0x56, 0x9d, 0x74, 0x7e, 0x52, 0x67, 0x9a,
158 0x87, 0x9a, 0xdb, 0x30, 0xde, 0xe4, 0x49, 0x28, 0x3b, 0xd2, 0x67, 0xaf,
159 0x02, 0x81, 0x81, 0x00, 0x89, 0x74, 0x9a, 0x8e, 0xa7, 0xb9, 0xa5, 0x28,
160 0xc0, 0x68, 0xe5, 0x6e, 0x63, 0x1c, 0x99, 0x20, 0x8f, 0x86, 0x8e, 0x12,
161 0x9e, 0x69, 0x30, 0xfa, 0x34, 0xd9, 0x92, 0x8d, 0xdb, 0x7c, 0x37, 0xfd,
162 0x28, 0xab, 0x61, 0x98, 0x52, 0x7f, 0x14, 0x1a, 0x39, 0xae, 0xfb, 0x6a,
163 0x03, 0xa3, 0xe6, 0xbd, 0xb6, 0x5b, 0x6b, 0xe5, 0x5e, 0x9d, 0xc6, 0xa5,
164 0x07, 0x27, 0x54, 0x17, 0xd0, 0x3d, 0x84, 0x9b, 0x3a, 0xa0, 0xd9, 0x1e,
165 0x99, 0x6c, 0x63, 0x17, 0xab, 0xf1, 0x1f, 0x49, 0xba, 0x95, 0xe3, 0x3b,
166 0x86, 0x8f, 0x42, 0xa4, 0x89, 0xf5, 0x94, 0x8f, 0x8b, 0x46, 0xbe, 0x84,
167 0xba, 0x4a, 0xbc, 0x0d, 0x5f, 0x46, 0xeb, 0xe8, 0xec, 0x43, 0x8c, 0x1e,
168 0xad, 0x19, 0x69, 0x2f, 0x08, 0x86, 0x7a, 0x3f, 0x7d, 0x0f, 0x07, 0x97,
169 0xf3, 0x9a, 0x7b, 0xb5, 0xb2, 0xc1, 0x8c, 0x95, 0x68, 0x04, 0xa0, 0x81,
170 0x02, 0x81, 0x80, 0x4e, 0xbf, 0x7e, 0x1b, 0xcb, 0x13, 0x61, 0x75, 0x3b,
171 0xdb, 0x59, 0x5f, 0xb1, 0xd4, 0xb8, 0xeb, 0x9e, 0x73, 0xb5, 0xe7, 0xf6,
172 0x89, 0x3d, 0x1c, 0xda, 0xf0, 0x36, 0xff, 0x35, 0xbd, 0x1e, 0x0b, 0x74,
173 0xe3, 0x9e, 0xf0, 0xf2, 0xf7, 0xd7, 0x82, 0xb7, 0x7b, 0x6a, 0x1b, 0x0e,
174 0x30, 0x4a, 0x98, 0x0e, 0xb4, 0xf9, 0x81, 0x07, 0xe4, 0x75, 0x39, 0xe9,
175 0x53, 0xca, 0xbb, 0x5c, 0xaa, 0x93, 0x07, 0x0e, 0xa8, 0x2f, 0xba, 0x98,
176 0x49, 0x30, 0xa7, 0xcc, 0x1a, 0x3c, 0x68, 0x0c, 0xe1, 0xa4, 0xb1, 0x05,
177 0xe6, 0xe0, 0x25, 0x78, 0x58, 0x14, 0x37, 0xf5, 0x1f, 0xe3, 0x22, 0xef,
178 0xa8, 0x0e, 0x22, 0xa0, 0x94, 0x3a, 0xf6, 0xc9, 0x13, 0xe6, 0x06, 0xbf,
179 0x7f, 0x99, 0xc6, 0xcc, 0xd8, 0xc6, 0xbe, 0xd9, 0x2e, 0x24, 0xc7, 0x69,
180 0x8c, 0x95, 0xba, 0xf6, 0x04, 0xb3, 0x0a, 0xf4, 0xcb, 0xf0, 0xce,
183 static const unsigned char kMsg[] = { 1, 2, 3, 4 };
185 static const unsigned char kSignature[] = {
186 0xa5, 0xf0, 0x8a, 0x47, 0x5d, 0x3c, 0xb3, 0xcc, 0xa9, 0x79, 0xaf, 0x4d,
187 0x8c, 0xae, 0x4c, 0x14, 0xef, 0xc2, 0x0b, 0x34, 0x36, 0xde, 0xf4, 0x3e,
188 0x3d, 0xbb, 0x4a, 0x60, 0x5c, 0xc8, 0x91, 0x28, 0xda, 0xfb, 0x7e, 0x04,
189 0x96, 0x7e, 0x63, 0x13, 0x90, 0xce, 0xb9, 0xb4, 0x62, 0x7a, 0xfd, 0x09,
190 0x3d, 0xc7, 0x67, 0x78, 0x54, 0x04, 0xeb, 0x52, 0x62, 0x6e, 0x24, 0x67,
191 0xb4, 0x40, 0xfc, 0x57, 0x62, 0xc6, 0xf1, 0x67, 0xc1, 0x97, 0x8f, 0x6a,
192 0xa8, 0xae, 0x44, 0x46, 0x5e, 0xab, 0x67, 0x17, 0x53, 0x19, 0x3a, 0xda,
193 0x5a, 0xc8, 0x16, 0x3e, 0x86, 0xd5, 0xc5, 0x71, 0x2f, 0xfc, 0x23, 0x48,
194 0xd9, 0x0b, 0x13, 0xdd, 0x7b, 0x5a, 0x25, 0x79, 0xef, 0xa5, 0x7b, 0x04,
195 0xed, 0x44, 0xf6, 0x18, 0x55, 0xe4, 0x0a, 0xe9, 0x57, 0x79, 0x5d, 0xd7,
196 0x55, 0xa7, 0xab, 0x45, 0x02, 0x97, 0x60, 0x42,
200 * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS #8
203 static const unsigned char kExampleRSAKeyPKCS8[] = {
204 0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
205 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
206 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
207 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5,
208 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e,
209 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34,
210 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde,
211 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8,
212 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b,
213 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83,
214 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48,
215 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a,
216 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2,
217 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01,
218 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a,
219 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5,
220 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6,
221 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8,
222 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6,
223 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f,
224 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c,
225 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78,
226 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71,
227 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60,
228 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d,
229 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3,
230 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d,
231 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18,
232 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d,
233 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32,
234 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc,
235 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63,
236 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05,
237 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16,
238 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3,
239 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85,
240 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97,
241 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7,
242 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99,
243 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4,
244 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d,
245 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40,
246 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26,
247 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1,
248 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c,
249 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30,
250 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea,
251 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b,
252 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e,
253 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9,
254 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae,
255 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d,
256 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
259 #ifndef OPENSSL_NO_EC
261 * kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey
264 static const unsigned char kExampleECKeyDER[] = {
265 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x07, 0x0f, 0x08, 0x72, 0x7a,
266 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 0x4d, 0x89, 0x68, 0x77, 0x08,
267 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 0xe8, 0xd1, 0xc9, 0xce, 0x0a,
268 0x8b, 0xb4, 0x6a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
269 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69,
270 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c,
271 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9,
272 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18,
273 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16,
274 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22,
279 * kExampleBadECKeyDER is a sample EC private key encoded as an ECPrivateKey
280 * structure. The private key is equal to the order and will fail to import
282 static const unsigned char kExampleBadECKeyDER[] = {
283 0x30, 0x66, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48,
284 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03,
285 0x01, 0x07, 0x04, 0x4C, 0x30, 0x4A, 0x02, 0x01, 0x01, 0x04, 0x20, 0xFF,
286 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
287 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3,
288 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51, 0xA1, 0x23, 0x03, 0x21, 0x00,
289 0x00, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
290 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84,
291 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51
295 static const unsigned char kExampleECPubKeyDER[] = {
296 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
297 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
298 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
299 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
300 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
301 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
302 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
303 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
307 * kExampleBadECPubKeyDER is a sample EC public key with a wrong OID
308 * 1.2.840.10045.2.2 instead of 1.2.840.10045.2.1 - EC Public Key
310 static const unsigned char kExampleBadECPubKeyDER[] = {
311 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
312 0x02, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
313 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
314 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
315 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
316 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
317 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
318 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
321 static const unsigned char pExampleECParamDER[] = {
322 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07
326 typedef struct APK_DATA_st {
327 const unsigned char *kder;
333 int type; /* 0 for private, 1 for public, 2 for params */
336 static APK_DATA keydata[] = {
337 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), EVP_PKEY_RSA},
338 {kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), EVP_PKEY_RSA},
339 #ifndef OPENSSL_NO_EC
340 {kExampleECKeyDER, sizeof(kExampleECKeyDER), EVP_PKEY_EC}
344 static APK_DATA keycheckdata[] = {
345 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), EVP_PKEY_RSA, 1, -2, -2, 0},
346 {kExampleBadRSAKeyDER, sizeof(kExampleBadRSAKeyDER), EVP_PKEY_RSA,
348 #ifndef OPENSSL_NO_EC
349 {kExampleECKeyDER, sizeof(kExampleECKeyDER), EVP_PKEY_EC, 1, 1, 1, 0},
350 /* group is also associated in our pub key */
351 {kExampleECPubKeyDER, sizeof(kExampleECPubKeyDER), EVP_PKEY_EC, 0, 1, 1, 1},
352 {pExampleECParamDER, sizeof(pExampleECParamDER), EVP_PKEY_EC, 0, 0, 1, 2}
356 static EVP_PKEY *load_example_rsa_key(void)
358 EVP_PKEY *ret = NULL;
359 const unsigned char *derp = kExampleRSAKeyDER;
360 EVP_PKEY *pkey = NULL;
363 if (!TEST_true(d2i_RSAPrivateKey(&rsa, &derp, sizeof(kExampleRSAKeyDER))))
366 if (!TEST_ptr(pkey = EVP_PKEY_new())
367 || !TEST_true(EVP_PKEY_set1_RSA(pkey, rsa)))
380 static int test_EVP_Enveloped(void)
383 EVP_CIPHER_CTX *ctx = NULL;
384 EVP_PKEY *keypair = NULL;
385 unsigned char *kek = NULL;
386 unsigned char iv[EVP_MAX_IV_LENGTH];
387 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8 };
388 int len, kek_len, ciphertext_len, plaintext_len;
389 unsigned char ciphertext[32], plaintext[16];
390 const EVP_CIPHER *type = EVP_aes_256_cbc();
392 if (!TEST_ptr(keypair = load_example_rsa_key())
393 || !TEST_ptr(kek = OPENSSL_zalloc(EVP_PKEY_size(keypair)))
394 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
395 || !TEST_true(EVP_SealInit(ctx, type, &kek, &kek_len, iv,
397 || !TEST_true(EVP_SealUpdate(ctx, ciphertext, &ciphertext_len,
399 || !TEST_true(EVP_SealFinal(ctx, ciphertext + ciphertext_len,
403 ciphertext_len += len;
405 if (!TEST_true(EVP_OpenInit(ctx, type, kek, kek_len, iv, keypair))
406 || !TEST_true(EVP_OpenUpdate(ctx, plaintext, &plaintext_len,
407 ciphertext, ciphertext_len))
408 || !TEST_true(EVP_OpenFinal(ctx, plaintext + plaintext_len, &len)))
411 plaintext_len += len;
412 if (!TEST_mem_eq(msg, sizeof(msg), plaintext, plaintext_len))
418 EVP_PKEY_free(keypair);
419 EVP_CIPHER_CTX_free(ctx);
424 static int test_EVP_DigestSignInit(void)
427 EVP_PKEY *pkey = NULL;
428 unsigned char *sig = NULL;
430 EVP_MD_CTX *md_ctx, *md_ctx_verify = NULL;
432 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new())
433 || !TEST_ptr(md_ctx_verify = EVP_MD_CTX_new())
434 || !TEST_ptr(pkey = load_example_rsa_key()))
437 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, EVP_sha256(), NULL, pkey))
438 || !TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
441 /* Determine the size of the signature. */
442 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len))
443 || !TEST_size_t_eq(sig_len, (size_t)EVP_PKEY_size(pkey)))
446 if (!TEST_ptr(sig = OPENSSL_malloc(sig_len))
447 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
450 /* Ensure that the signature round-trips. */
451 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, EVP_sha256(),
453 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify,
455 || !TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)))
461 EVP_MD_CTX_free(md_ctx);
462 EVP_MD_CTX_free(md_ctx_verify);
469 static int test_EVP_DigestVerifyInit(void)
472 EVP_PKEY *pkey = NULL;
473 EVP_MD_CTX *md_ctx = NULL;
475 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new())
476 || !TEST_ptr(pkey = load_example_rsa_key()))
479 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, EVP_sha256(), NULL, pkey))
480 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)))
481 || !TEST_true(EVP_DigestVerifyFinal(md_ctx, kSignature,
482 sizeof(kSignature))))
487 EVP_MD_CTX_free(md_ctx);
492 static int test_d2i_AutoPrivateKey(int i)
495 const unsigned char *p;
496 EVP_PKEY *pkey = NULL;
497 const APK_DATA *ak = &keydata[i];
498 const unsigned char *input = ak->kder;
499 size_t input_len = ak->size;
500 int expected_id = ak->evptype;
503 if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len))
504 || !TEST_ptr_eq(p, input + input_len)
505 || !TEST_int_eq(EVP_PKEY_id(pkey), expected_id))
515 #ifndef OPENSSL_NO_EC
517 static const unsigned char ec_public_sect163k1_validxy[] = {
518 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
519 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
520 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
521 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x02, 0xd1, 0x7b,
522 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
523 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
526 static const unsigned char ec_public_sect163k1_badx[] = {
527 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
528 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
529 0x0a, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
530 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0xb0, 0x02, 0xd1, 0x7b,
531 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
532 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
535 static const unsigned char ec_public_sect163k1_bady[] = {
536 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
537 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
538 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
539 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x0a, 0xd1, 0x7b,
540 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
541 0x6a, 0xd8, 0x17, 0x65, 0x41, 0xe6
544 static struct ec_der_pub_keys_st {
545 const unsigned char *der;
548 } ec_der_pub_keys[] = {
549 { ec_public_sect163k1_validxy, sizeof(ec_public_sect163k1_validxy), 1 },
550 { ec_public_sect163k1_badx, sizeof(ec_public_sect163k1_badx), 0 },
551 { ec_public_sect163k1_bady, sizeof(ec_public_sect163k1_bady), 0 },
555 * Tests the range of the decoded EC char2 public point.
556 * See ec_GF2m_simple_oct2point().
558 static int test_invalide_ec_char2_pub_range_decode(int id)
562 EC_KEY *eckey = NULL;
564 if (!TEST_ptr(bio = BIO_new_mem_buf(ec_der_pub_keys[id].der,
565 ec_der_pub_keys[id].len)))
567 eckey = d2i_EC_PUBKEY_bio(bio, NULL);
568 ret = (ec_der_pub_keys[id].valid && TEST_ptr(eckey))
569 || TEST_ptr_null(eckey);
576 /* Tests loading a bad key in PKCS8 format */
577 static int test_EVP_PKCS82PKEY(void)
580 const unsigned char *derp = kExampleBadECKeyDER;
581 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
582 EVP_PKEY *pkey = NULL;
584 if (!TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &derp,
585 sizeof(kExampleBadECKeyDER))))
588 if (!TEST_ptr_eq(derp,
589 kExampleBadECKeyDER + sizeof(kExampleBadECKeyDER)))
592 if (!TEST_ptr_null(pkey = EVP_PKCS82PKEY(p8inf)))
598 PKCS8_PRIV_KEY_INFO_free(p8inf);
605 #if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODE)
607 static int test_EVP_SM2_verify(void)
609 /* From https://tools.ietf.org/html/draft-shen-sm2-ecdsa-02#appendix-A */
611 "-----BEGIN PUBLIC KEY-----\n"
612 "MIIBMzCB7AYHKoZIzj0CATCB4AIBATAsBgcqhkjOPQEBAiEAhULWnkwETxjouSQ1\n"
613 "v2/33kVyg5FcRVF9ci7biwjx38MwRAQgeHlotPoyw/0kF4Quc7v+/y88hItoMdfg\n"
614 "7GUiizk35JgEIGPkxtOyOwyEnPhCQUhL/kj2HVmlsWugbm4S0donxSSaBEEEQh3r\n"
615 "1hti6rZ0ZDTrw8wxXjIiCzut1QvcTE5sFH/t1D0GgFEry7QsB9RzSdIVO3DE5df9\n"
616 "/L+jbqGoWEG55G4JogIhAIVC1p5MBE8Y6LkkNb9v990pdyBjBIVijVrnTufDLnm3\n"
617 "AgEBA0IABArkx3mKoPEZRxvuEYJb5GICu3nipYRElel8BP9N8lSKfAJA+I8c1OFj\n"
618 "Uqc8F7fxbwc1PlOhdtaEqf4Ma7eY6Fc=\n"
619 "-----END PUBLIC KEY-----\n";
621 const char *msg = "message digest";
622 const char *id = "ALICE123@YAHOO.COM";
624 const uint8_t signature[] = {
625 0x30, 0x44, 0x02, 0x20,
627 0x40, 0xF1, 0xEC, 0x59, 0xF7, 0x93, 0xD9, 0xF4, 0x9E, 0x09, 0xDC,
628 0xEF, 0x49, 0x13, 0x0D, 0x41, 0x94, 0xF7, 0x9F, 0xB1, 0xEE, 0xD2,
629 0xCA, 0xA5, 0x5B, 0xAC, 0xDB, 0x49, 0xC4, 0xE7, 0x55, 0xD1,
633 0x6F, 0xC6, 0xDA, 0xC3, 0x2C, 0x5D, 0x5C, 0xF1, 0x0C, 0x77, 0xDF,
634 0xB2, 0x0F, 0x7C, 0x2E, 0xB6, 0x67, 0xA4, 0x57, 0x87, 0x2F, 0xB0,
635 0x9E, 0xC5, 0x63, 0x27, 0xA6, 0x7E, 0xC7, 0xDE, 0xEB, 0xE7
640 EVP_PKEY *pkey = NULL;
641 EVP_MD_CTX *mctx = NULL;
642 EVP_PKEY_CTX *pctx = NULL;
644 bio = BIO_new_mem_buf(pubkey, strlen(pubkey));
645 if (!TEST_true(bio != NULL))
648 pkey = PEM_read_bio_PUBKEY(bio, NULL, NULL, NULL);
649 if (!TEST_true(pkey != NULL))
652 if (!TEST_true(EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2)))
655 if (!TEST_ptr(mctx = EVP_MD_CTX_new()))
658 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new(pkey, NULL)))
661 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(pctx, (const uint8_t *)id,
665 EVP_MD_CTX_set_pkey_ctx(mctx, pctx);
667 if (!TEST_true(EVP_DigestVerifyInit(mctx, NULL, EVP_sm3(), NULL, pkey)))
670 if (!TEST_true(EVP_DigestVerifyUpdate(mctx, msg, strlen(msg))))
673 if (!TEST_true(EVP_DigestVerifyFinal(mctx, signature, sizeof(signature))))
680 EVP_PKEY_CTX_free(pctx);
681 EVP_MD_CTX_free(mctx);
685 static int test_EVP_SM2(void)
688 EVP_PKEY *pkey = NULL;
689 EVP_PKEY *params = NULL;
690 EVP_PKEY_CTX *pctx = NULL;
691 EVP_PKEY_CTX *kctx = NULL;
692 EVP_PKEY_CTX *sctx = NULL;
694 unsigned char *sig = NULL;
695 EVP_MD_CTX *md_ctx = NULL;
696 EVP_MD_CTX *md_ctx_verify = NULL;
697 EVP_PKEY_CTX *cctx = NULL;
699 uint8_t ciphertext[128];
700 size_t ctext_len = sizeof(ciphertext);
702 uint8_t plaintext[8];
703 size_t ptext_len = sizeof(plaintext);
705 uint8_t sm2_id[] = {1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r'};
707 pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
711 if (!TEST_true(EVP_PKEY_paramgen_init(pctx) == 1))
714 if (!TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, NID_sm2)))
717 if (!TEST_true(EVP_PKEY_paramgen(pctx, ¶ms)))
720 kctx = EVP_PKEY_CTX_new(params, NULL);
724 if (!TEST_true(EVP_PKEY_keygen_init(kctx)))
727 if (!TEST_true(EVP_PKEY_keygen(kctx, &pkey)))
730 if (!TEST_true(EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2)))
733 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
736 if (!TEST_ptr(md_ctx_verify = EVP_MD_CTX_new()))
739 if (!TEST_ptr(sctx = EVP_PKEY_CTX_new(pkey, NULL)))
742 EVP_MD_CTX_set_pkey_ctx(md_ctx, sctx);
743 EVP_MD_CTX_set_pkey_ctx(md_ctx_verify, sctx);
745 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
748 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, EVP_sm3(), NULL, pkey)))
751 if(!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
754 /* Determine the size of the signature. */
755 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len)))
758 if (!TEST_size_t_eq(sig_len, (size_t)EVP_PKEY_size(pkey)))
761 if (!TEST_ptr(sig = OPENSSL_malloc(sig_len)))
764 if (!TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
767 /* Ensure that the signature round-trips. */
769 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, EVP_sm3(), NULL, pkey)))
772 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg))))
775 if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)))
778 /* now check encryption/decryption */
780 if (!TEST_ptr(cctx = EVP_PKEY_CTX_new(pkey, NULL)))
783 if (!TEST_true(EVP_PKEY_encrypt_init(cctx)))
786 if (!TEST_true(EVP_PKEY_encrypt(cctx, ciphertext, &ctext_len, kMsg, sizeof(kMsg))))
789 if (!TEST_true(EVP_PKEY_decrypt_init(cctx)))
792 if (!TEST_true(EVP_PKEY_decrypt(cctx, plaintext, &ptext_len, ciphertext, ctext_len)))
795 if (!TEST_true(ptext_len == sizeof(kMsg)))
798 if (!TEST_true(memcmp(plaintext, kMsg, sizeof(kMsg)) == 0))
803 EVP_PKEY_CTX_free(pctx);
804 EVP_PKEY_CTX_free(kctx);
805 EVP_PKEY_CTX_free(sctx);
806 EVP_PKEY_CTX_free(cctx);
808 EVP_PKEY_free(params);
809 EVP_MD_CTX_free(md_ctx);
810 EVP_MD_CTX_free(md_ctx_verify);
817 static struct keys_st {
823 EVP_PKEY_HMAC, "0123456789", NULL
825 EVP_PKEY_POLY1305, "01234567890123456789012345678901", NULL
827 EVP_PKEY_SIPHASH, "0123456789012345", NULL
829 #ifndef OPENSSL_NO_EC
831 EVP_PKEY_X25519, "01234567890123456789012345678901",
832 "abcdefghijklmnopqrstuvwxyzabcdef"
834 EVP_PKEY_ED25519, "01234567890123456789012345678901",
835 "abcdefghijklmnopqrstuvwxyzabcdef"
838 "01234567890123456789012345678901234567890123456789012345",
839 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd"
842 "012345678901234567890123456789012345678901234567890123456",
843 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcde"
848 static int test_set_get_raw_keys_int(int tst, int pub)
851 unsigned char buf[80];
853 size_t inlen, len = 0;
856 /* Check if this algorithm supports public keys */
857 if (keys[tst].pub == NULL)
860 memset(buf, 0, sizeof(buf));
863 inlen = strlen(keys[tst].pub);
864 in = (unsigned char *)keys[tst].pub;
865 pkey = EVP_PKEY_new_raw_public_key(keys[tst].type,
870 inlen = strlen(keys[tst].priv);
871 in = (unsigned char *)keys[tst].priv;
872 pkey = EVP_PKEY_new_raw_private_key(keys[tst].type,
879 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, NULL, &len)))
880 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, NULL, &len)))
881 || !TEST_true(len == inlen)
882 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, buf, &len)))
883 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, buf, &len)))
884 || !TEST_mem_eq(in, inlen, buf, len))
893 static int test_set_get_raw_keys(int tst)
895 return test_set_get_raw_keys_int(tst, 0)
896 && test_set_get_raw_keys_int(tst, 1);
899 static int pkey_custom_check(EVP_PKEY *pkey)
904 static int pkey_custom_pub_check(EVP_PKEY *pkey)
909 static int pkey_custom_param_check(EVP_PKEY *pkey)
914 static EVP_PKEY_METHOD *custom_pmeth;
916 static int test_EVP_PKEY_check(int i)
919 const unsigned char *p;
920 EVP_PKEY *pkey = NULL;
921 #ifndef OPENSSL_NO_EC
922 EC_KEY *eckey = NULL;
924 EVP_PKEY_CTX *ctx = NULL;
925 EVP_PKEY_CTX *ctx2 = NULL;
926 const APK_DATA *ak = &keycheckdata[i];
927 const unsigned char *input = ak->kder;
928 size_t input_len = ak->size;
929 int expected_id = ak->evptype;
930 int expected_check = ak->check;
931 int expected_pub_check = ak->pub_check;
932 int expected_param_check = ak->param_check;
940 if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len))
941 || !TEST_ptr_eq(p, input + input_len)
942 || !TEST_int_eq(EVP_PKEY_id(pkey), expected_id))
945 #ifndef OPENSSL_NO_EC
947 if (!TEST_ptr(pubkey = BIO_new_mem_buf(input, input_len))
948 || !TEST_ptr(eckey = d2i_EC_PUBKEY_bio(pubkey, NULL))
949 || !TEST_ptr(pkey = EVP_PKEY_new())
950 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
954 if (!TEST_ptr(eckey = d2i_ECParameters(NULL, &p, input_len))
955 || !TEST_ptr_eq(p, input + input_len)
956 || !TEST_ptr(pkey = EVP_PKEY_new())
957 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
965 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new(pkey, NULL)))
968 if (!TEST_int_eq(EVP_PKEY_check(ctx), expected_check))
971 if (!TEST_int_eq(EVP_PKEY_public_check(ctx), expected_pub_check))
974 if (!TEST_int_eq(EVP_PKEY_param_check(ctx), expected_param_check))
977 ctx2 = EVP_PKEY_CTX_new_id(0xdefaced, NULL);
978 /* assign the pkey directly, as an internal test */
979 EVP_PKEY_up_ref(pkey);
982 if (!TEST_int_eq(EVP_PKEY_check(ctx2), 0xbeef))
985 if (!TEST_int_eq(EVP_PKEY_public_check(ctx2), 0xbeef))
988 if (!TEST_int_eq(EVP_PKEY_param_check(ctx2), 0xbeef))
994 EVP_PKEY_CTX_free(ctx);
995 EVP_PKEY_CTX_free(ctx2);
1001 static int test_HKDF(void)
1004 unsigned char out[20];
1007 unsigned char salt[] = "0123456789";
1008 unsigned char key[] = "012345678901234567890123456789";
1009 unsigned char info[] = "infostring";
1010 const unsigned char expected[] = {
1011 0xe5, 0x07, 0x70, 0x7f, 0xc6, 0x78, 0xd6, 0x54, 0x32, 0x5f, 0x7e, 0xc5,
1012 0x7b, 0x59, 0x3e, 0xd8, 0x03, 0x6b, 0xed, 0xca
1014 size_t expectedlen = sizeof(expected);
1016 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL)))
1019 /* We do this twice to test reuse of the EVP_PKEY_CTX */
1020 for (i = 0; i < 2; i++) {
1021 outlen = sizeof(out);
1022 memset(out, 0, outlen);
1024 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
1025 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
1026 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
1027 sizeof(salt) - 1), 0)
1028 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
1029 sizeof(key) - 1), 0)
1030 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
1031 sizeof(info) - 1), 0)
1032 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
1033 || !TEST_mem_eq(out, outlen, expected, expectedlen))
1040 EVP_PKEY_CTX_free(pctx);
1045 #ifndef OPENSSL_NO_EC
1046 static int test_X509_PUBKEY_inplace(void)
1049 X509_PUBKEY *xp = NULL;
1050 const unsigned char *p = kExampleECPubKeyDER;
1051 size_t input_len = sizeof(kExampleECPubKeyDER);
1053 if (!TEST_ptr(xp = d2i_X509_PUBKEY(NULL, &p, input_len)))
1056 if (!TEST_ptr(X509_PUBKEY_get0(xp)))
1059 p = kExampleBadECPubKeyDER;
1060 input_len = sizeof(kExampleBadECPubKeyDER);
1062 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len)))
1065 if (!TEST_true(X509_PUBKEY_get0(xp) == NULL))
1071 X509_PUBKEY_free(xp);
1074 #endif /* OPENSSL_NO_EC */
1076 #ifndef OPENSSL_NO_DSA
1077 /* Test getting and setting parameters on an EVP_PKEY_CTX */
1078 static int test_EVP_PKEY_CTX_get_set_params(void)
1080 EVP_PKEY_CTX *ctx = NULL;
1081 EVP_SIGNATURE *dsaimpl = NULL;
1082 const OSSL_PARAM *params;
1083 OSSL_PARAM ourparams[2], *param = ourparams;
1085 BIGNUM *p = NULL, *q = NULL, *g = NULL;
1086 EVP_PKEY *pkey = NULL;
1089 size_t mdsize = SHA512_DIGEST_LENGTH;
1092 * Setup the parameters for our DSA object. For our purposes they don't have
1093 * to actually be *valid* parameters. We just need to set something. We
1094 * don't even need a pub_key/priv_key.
1104 || !DSA_set0_pqg(dsa, p, q, g))
1108 pkey = EVP_PKEY_new();
1110 || !TEST_true(EVP_PKEY_assign_DSA(pkey, dsa)))
1115 /* Initialise a sign operation */
1116 ctx = EVP_PKEY_CTX_new(pkey, NULL);
1117 dsaimpl = EVP_SIGNATURE_fetch(NULL, "DSA", NULL);
1119 || !TEST_ptr(dsaimpl)
1120 || !TEST_int_gt(EVP_PKEY_sign_init_ex(ctx, dsaimpl), 0))
1124 * We should be able to query the parameters now. The default DSA
1125 * implementation supports exactly one parameter - so we expect to see that
1126 * returned and no more.
1128 params = EVP_PKEY_CTX_settable_params(ctx);
1129 if (!TEST_ptr(params)
1130 || !TEST_int_eq(strcmp(params[0].key,
1131 OSSL_SIGNATURE_PARAM_DIGEST_SIZE), 0)
1132 || !TEST_int_eq(strcmp(params[1].key, OSSL_SIGNATURE_PARAM_DIGEST),
1134 /* The final key should be NULL */
1135 || !TEST_ptr_null(params[2].key))
1138 /* Gettable params are the same as the settable ones */
1139 params = EVP_PKEY_CTX_gettable_params(ctx);
1140 if (!TEST_ptr(params)
1141 || !TEST_int_eq(strcmp(params[0].key,
1142 OSSL_SIGNATURE_PARAM_DIGEST_SIZE), 0)
1143 || !TEST_int_eq(strcmp(params[1].key, OSSL_SIGNATURE_PARAM_DIGEST),
1145 /* The final key should be NULL */
1146 || !TEST_ptr_null(params[2].key))
1150 * Test getting and setting params via EVP_PKEY_CTX_set_params() and
1151 * EVP_PKEY_CTX_get_params()
1153 *param++ = OSSL_PARAM_construct_size_t(OSSL_SIGNATURE_PARAM_DIGEST_SIZE,
1155 *param++ = OSSL_PARAM_construct_end();
1157 if (!TEST_true(EVP_PKEY_CTX_set_params(ctx, ourparams)))
1161 if (!TEST_true(EVP_PKEY_CTX_get_params(ctx, ourparams))
1162 || !TEST_size_t_eq(mdsize, SHA512_DIGEST_LENGTH))
1166 * Test the TEST_PKEY_CTX_set_signature_md() and
1167 * TEST_PKEY_CTX_get_signature_md() functions
1169 if (!TEST_int_gt(EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()), 0)
1170 || !TEST_int_gt(EVP_PKEY_CTX_get_signature_md(ctx, &md), 0)
1171 || !TEST_ptr_eq(md, EVP_sha256()))
1177 EVP_PKEY_CTX_free(ctx);
1178 EVP_SIGNATURE_free(dsaimpl);
1179 EVP_PKEY_free(pkey);
1189 int setup_tests(void)
1191 ADD_TEST(test_EVP_DigestSignInit);
1192 ADD_TEST(test_EVP_DigestVerifyInit);
1193 ADD_TEST(test_EVP_Enveloped);
1194 ADD_ALL_TESTS(test_d2i_AutoPrivateKey, OSSL_NELEM(keydata));
1195 #ifndef OPENSSL_NO_EC
1196 ADD_TEST(test_EVP_PKCS82PKEY);
1198 #if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODE)
1199 ADD_TEST(test_EVP_SM2);
1200 ADD_TEST(test_EVP_SM2_verify);
1202 ADD_ALL_TESTS(test_set_get_raw_keys, OSSL_NELEM(keys));
1203 custom_pmeth = EVP_PKEY_meth_new(0xdefaced, 0);
1204 if (!TEST_ptr(custom_pmeth))
1206 EVP_PKEY_meth_set_check(custom_pmeth, pkey_custom_check);
1207 EVP_PKEY_meth_set_public_check(custom_pmeth, pkey_custom_pub_check);
1208 EVP_PKEY_meth_set_param_check(custom_pmeth, pkey_custom_param_check);
1209 if (!TEST_int_eq(EVP_PKEY_meth_add0(custom_pmeth), 1))
1211 ADD_ALL_TESTS(test_EVP_PKEY_check, OSSL_NELEM(keycheckdata));
1212 ADD_TEST(test_HKDF);
1213 #ifndef OPENSSL_NO_EC
1214 ADD_TEST(test_X509_PUBKEY_inplace);
1215 ADD_ALL_TESTS(test_invalide_ec_char2_pub_range_decode,
1216 OSSL_NELEM(ec_der_pub_keys));
1218 #ifndef OPENSSL_NO_DSA
1219 ADD_TEST(test_EVP_PKEY_CTX_get_set_params);