2 * Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 /* We need to use some deprecated APIs */
11 #define OPENSSL_SUPPRESS_DEPRECATED
16 #include <openssl/bio.h>
17 #include <openssl/conf.h>
18 #include <openssl/crypto.h>
19 #include <openssl/err.h>
20 #include <openssl/evp.h>
21 #include <openssl/x509.h>
22 #include <openssl/pem.h>
23 #include <openssl/kdf.h>
24 #include <openssl/provider.h>
25 #include <openssl/core_names.h>
26 #include <openssl/params.h>
27 #include <openssl/param_build.h>
28 #include <openssl/dsa.h>
29 #include <openssl/dh.h>
30 #include <openssl/aes.h>
31 #include <openssl/decoder.h>
33 #include "internal/nelem.h"
34 #include "internal/sizes.h"
35 #include "crypto/evp.h"
36 #include "../e_os.h" /* strcasecmp */
38 static OSSL_LIB_CTX *testctx = NULL;
41 * kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you
42 * should never use this key anywhere but in an example.
44 static const unsigned char kExampleRSAKeyDER[] = {
45 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xf8,
46 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59,
47 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37,
48 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71,
49 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a,
50 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4,
51 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec,
52 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76,
53 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8,
54 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7,
55 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c,
56 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01,
57 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 0x6d, 0xc7,
58 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 0x32, 0x85,
59 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 0x5f, 0xee,
60 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 0x66, 0x85,
61 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 0xa4, 0x0a,
62 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 0xc2, 0x15,
63 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 0x5b, 0x83,
64 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 0x80, 0x1b,
65 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 0x99, 0x73,
66 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 0x1f, 0x99,
67 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 0xb1, 0x02,
68 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 0x40, 0x41,
69 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 0x3d, 0x59,
70 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 0xc6, 0xd9,
71 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 0x9f, 0xef,
72 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 0x46, 0x87,
73 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 0x2c, 0xdf,
74 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 0x55, 0xf5,
75 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 0xcd, 0xb5,
76 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 0xb3, 0x62,
77 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 0x9b, 0x64,
78 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 0xfa, 0xb8,
79 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 0xe8, 0xba,
80 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 0xe7, 0xfe,
81 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 0x75, 0xe7,
82 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 0x9d, 0xfe,
83 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 0xf1, 0xdb,
84 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 0x5a, 0x34,
85 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 0x84, 0x27,
86 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 0xe9, 0xc0,
87 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 0xb9, 0xba,
88 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 0x10, 0x06,
89 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 0x52, 0x2c,
90 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 0xc4, 0x1e,
91 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 0x49, 0xaf,
92 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 0xd1, 0x8a,
93 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 0x17, 0x17,
94 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 0x08, 0xf1,
95 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
99 * kExampleDSAKeyDER is a DSA private key in ASN.1, DER format. Of course, you
100 * should never use this key anywhere but in an example.
102 #ifndef OPENSSL_NO_DSA
103 static const unsigned char kExampleDSAKeyDER[] = {
104 0x30, 0x82, 0x01, 0xba, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0x9a,
105 0x05, 0x6d, 0x33, 0xcd, 0x5d, 0x78, 0xa1, 0xbb, 0xcb, 0x7d, 0x5b, 0x8d,
106 0xb4, 0xcc, 0xbf, 0x03, 0x99, 0x64, 0xde, 0x38, 0x78, 0x06, 0x15, 0x2f,
107 0x86, 0x26, 0x77, 0xf3, 0xb1, 0x85, 0x00, 0xed, 0xfc, 0x28, 0x3a, 0x42,
108 0x4d, 0xab, 0xab, 0xdf, 0xbc, 0x9c, 0x16, 0xd0, 0x22, 0x50, 0xd1, 0x38,
109 0xdd, 0x3f, 0x64, 0x05, 0x9e, 0x68, 0x7a, 0x1e, 0xf1, 0x56, 0xbf, 0x1e,
110 0x2c, 0xc5, 0x97, 0x2a, 0xfe, 0x7a, 0x22, 0xdc, 0x6c, 0x68, 0xb8, 0x2e,
111 0x06, 0xdb, 0x41, 0xca, 0x98, 0xd8, 0x54, 0xc7, 0x64, 0x48, 0x24, 0x04,
112 0x20, 0xbc, 0x59, 0xe3, 0x6b, 0xea, 0x7e, 0xfc, 0x7e, 0xc5, 0x4e, 0xd4,
113 0xd8, 0x3a, 0xed, 0xcd, 0x5d, 0x99, 0xb8, 0x5c, 0xa2, 0x8b, 0xbb, 0x0b,
114 0xac, 0xe6, 0x8e, 0x25, 0x56, 0x22, 0x3a, 0x2d, 0x3a, 0x56, 0x41, 0x14,
115 0x1f, 0x1c, 0x8f, 0x53, 0x46, 0x13, 0x85, 0x02, 0x15, 0x00, 0x98, 0x7e,
116 0x92, 0x81, 0x88, 0xc7, 0x3f, 0x70, 0x49, 0x54, 0xf6, 0x76, 0xb4, 0xa3,
117 0x9e, 0x1d, 0x45, 0x98, 0x32, 0x7f, 0x02, 0x81, 0x80, 0x69, 0x4d, 0xef,
118 0x55, 0xff, 0x4d, 0x59, 0x2c, 0x01, 0xfa, 0x6a, 0x38, 0xe0, 0x70, 0x9f,
119 0x9e, 0x66, 0x8e, 0x3e, 0x8c, 0x52, 0x22, 0x9d, 0x15, 0x7e, 0x3c, 0xef,
120 0x4c, 0x7a, 0x61, 0x26, 0xe0, 0x2b, 0x81, 0x3f, 0xeb, 0xaf, 0x35, 0x38,
121 0x8d, 0xfe, 0xed, 0x46, 0xff, 0x5f, 0x03, 0x9b, 0x81, 0x92, 0xe7, 0x6f,
122 0x76, 0x4f, 0x1d, 0xd9, 0xbb, 0x89, 0xc9, 0x3e, 0xd9, 0x0b, 0xf9, 0xf4,
123 0x78, 0x11, 0x59, 0xc0, 0x1d, 0xcd, 0x0e, 0xa1, 0x6f, 0x15, 0xf1, 0x4d,
124 0xc1, 0xc9, 0x22, 0xed, 0x8d, 0xad, 0x67, 0xc5, 0x4b, 0x95, 0x93, 0x86,
125 0xa6, 0xaf, 0x8a, 0xee, 0x06, 0x89, 0x2f, 0x37, 0x7e, 0x64, 0xaa, 0xf6,
126 0xe7, 0xb1, 0x5a, 0x0a, 0x93, 0x95, 0x5d, 0x3e, 0x53, 0x9a, 0xde, 0x8a,
127 0xc2, 0x95, 0x45, 0x81, 0xbe, 0x5c, 0x2f, 0xc2, 0xb2, 0x92, 0x58, 0x19,
128 0x72, 0x80, 0xe9, 0x79, 0xa1, 0x02, 0x81, 0x80, 0x07, 0xd7, 0x62, 0xff,
129 0xdf, 0x1a, 0x3f, 0xed, 0x32, 0xd4, 0xd4, 0x88, 0x7b, 0x2c, 0x63, 0x7f,
130 0x97, 0xdc, 0x44, 0xd4, 0x84, 0xa2, 0xdd, 0x17, 0x16, 0x85, 0x13, 0xe0,
131 0xac, 0x51, 0x8d, 0x29, 0x1b, 0x75, 0x9a, 0xe4, 0xe3, 0x8a, 0x92, 0x69,
132 0x09, 0x03, 0xc5, 0x68, 0xae, 0x5e, 0x94, 0xfe, 0xc9, 0x92, 0x6c, 0x07,
133 0xb4, 0x1e, 0x64, 0x62, 0x87, 0xc6, 0xa4, 0xfd, 0x0d, 0x5f, 0xe5, 0xf9,
134 0x1b, 0x4f, 0x85, 0x5f, 0xae, 0xf3, 0x11, 0xe5, 0x18, 0xd4, 0x4d, 0x79,
135 0x9f, 0xc4, 0x79, 0x26, 0x04, 0x27, 0xf0, 0x0b, 0xee, 0x2b, 0x86, 0x9f,
136 0x86, 0x61, 0xe6, 0x51, 0xce, 0x04, 0x9b, 0x5d, 0x6b, 0x34, 0x43, 0x8c,
137 0x85, 0x3c, 0xf1, 0x51, 0x9b, 0x08, 0x23, 0x1b, 0xf5, 0x7e, 0x33, 0x12,
138 0xea, 0xab, 0x1f, 0xb7, 0x2d, 0xe2, 0x5f, 0xe6, 0x97, 0x99, 0xb5, 0x45,
139 0x16, 0x5b, 0xc3, 0x41, 0x02, 0x14, 0x61, 0xbf, 0x51, 0x60, 0xcf, 0xc8,
140 0xf1, 0x8c, 0x82, 0x97, 0xf2, 0xf4, 0x19, 0xba, 0x2b, 0xf3, 0x16, 0xbe,
146 * kExampleBadRSAKeyDER is an RSA private key in ASN.1, DER format. The private
147 * components are not correct.
149 static const unsigned char kExampleBadRSAKeyDER[] = {
150 0x30, 0x82, 0x04, 0x27, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00,
151 0xa6, 0x1a, 0x1e, 0x6e, 0x7b, 0xee, 0xc6, 0x89, 0x66, 0xe7, 0x93, 0xef,
152 0x54, 0x12, 0x68, 0xea, 0xbf, 0x86, 0x2f, 0xdd, 0xd2, 0x79, 0xb8, 0xa9,
153 0x6e, 0x03, 0xc2, 0xa3, 0xb9, 0xa3, 0xe1, 0x4b, 0x2a, 0xb3, 0xf8, 0xb4,
154 0xcd, 0xea, 0xbe, 0x24, 0xa6, 0x57, 0x5b, 0x83, 0x1f, 0x0f, 0xf2, 0xd3,
155 0xb7, 0xac, 0x7e, 0xd6, 0x8e, 0x6e, 0x1e, 0xbf, 0xb8, 0x73, 0x8c, 0x05,
156 0x56, 0xe6, 0x35, 0x1f, 0xe9, 0x04, 0x0b, 0x09, 0x86, 0x7d, 0xf1, 0x26,
157 0x08, 0x99, 0xad, 0x7b, 0xc8, 0x4d, 0x94, 0xb0, 0x0b, 0x8b, 0x38, 0xa0,
158 0x5c, 0x62, 0xa0, 0xab, 0xd3, 0x8f, 0xd4, 0x09, 0x60, 0x72, 0x1e, 0x33,
159 0x50, 0x80, 0x6e, 0x22, 0xa6, 0x77, 0x57, 0x6b, 0x9a, 0x33, 0x21, 0x66,
160 0x87, 0x6e, 0x21, 0x7b, 0xc7, 0x24, 0x0e, 0xd8, 0x13, 0xdf, 0x83, 0xde,
161 0xcd, 0x40, 0x58, 0x1d, 0x84, 0x86, 0xeb, 0xb8, 0x12, 0x4e, 0xd2, 0xfa,
162 0x80, 0x1f, 0xe4, 0xe7, 0x96, 0x29, 0xb8, 0xcc, 0xce, 0x66, 0x6d, 0x53,
163 0xca, 0xb9, 0x5a, 0xd7, 0xf6, 0x84, 0x6c, 0x2d, 0x9a, 0x1a, 0x14, 0x1c,
164 0x4e, 0x93, 0x39, 0xba, 0x74, 0xed, 0xed, 0x87, 0x87, 0x5e, 0x48, 0x75,
165 0x36, 0xf0, 0xbc, 0x34, 0xfb, 0x29, 0xf9, 0x9f, 0x96, 0x5b, 0x0b, 0xa7,
166 0x54, 0x30, 0x51, 0x29, 0x18, 0x5b, 0x7d, 0xac, 0x0f, 0xd6, 0x5f, 0x7c,
167 0xf8, 0x98, 0x8c, 0xd8, 0x86, 0x62, 0xb3, 0xdc, 0xff, 0x0f, 0xff, 0x7a,
168 0xaf, 0x5c, 0x4c, 0x61, 0x49, 0x2e, 0xc8, 0x95, 0x86, 0xc4, 0x0e, 0x87,
169 0xfc, 0x1d, 0xcf, 0x8b, 0x7c, 0x61, 0xf6, 0xd8, 0xd0, 0x69, 0xf6, 0xcd,
170 0x8a, 0x8c, 0xf6, 0x62, 0xa2, 0x56, 0xa9, 0xe3, 0xd1, 0xcf, 0x4d, 0xa0,
171 0xf6, 0x2d, 0x20, 0x0a, 0x04, 0xb7, 0xa2, 0xf7, 0xb5, 0x99, 0x47, 0x18,
172 0x56, 0x85, 0x87, 0xc7, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01,
173 0x01, 0x00, 0x99, 0x41, 0x38, 0x1a, 0xd0, 0x96, 0x7a, 0xf0, 0x83, 0xd5,
174 0xdf, 0x94, 0xce, 0x89, 0x3d, 0xec, 0x7a, 0x52, 0x21, 0x10, 0x16, 0x06,
175 0xe0, 0xee, 0xd2, 0xe6, 0xfd, 0x4b, 0x7b, 0x19, 0x4d, 0xe1, 0xc0, 0xc0,
176 0xd5, 0x14, 0x5d, 0x79, 0xdd, 0x7e, 0x8b, 0x4b, 0xc6, 0xcf, 0xb0, 0x75,
177 0x52, 0xa3, 0x2d, 0xb1, 0x26, 0x46, 0x68, 0x9c, 0x0a, 0x1a, 0xf2, 0xe1,
178 0x09, 0xac, 0x53, 0x85, 0x8c, 0x36, 0xa9, 0x14, 0x65, 0xea, 0xa0, 0x00,
179 0xcb, 0xe3, 0x3f, 0xc4, 0x2b, 0x61, 0x2e, 0x6b, 0x06, 0x69, 0x77, 0xfd,
180 0x38, 0x7e, 0x1d, 0x3f, 0x92, 0xe7, 0x77, 0x08, 0x19, 0xa7, 0x9d, 0x29,
181 0x2d, 0xdc, 0x42, 0xc6, 0x7c, 0xd7, 0xd3, 0xa8, 0x01, 0x2c, 0xf2, 0xd5,
182 0x82, 0x57, 0xcb, 0x55, 0x3d, 0xe7, 0xaa, 0xd2, 0x06, 0x30, 0x30, 0x05,
183 0xe6, 0xf2, 0x47, 0x86, 0xba, 0xc6, 0x61, 0x64, 0xeb, 0x4f, 0x2a, 0x5e,
184 0x07, 0x29, 0xe0, 0x96, 0xb2, 0x43, 0xff, 0x5f, 0x1a, 0x54, 0x16, 0xcf,
185 0xb5, 0x56, 0x5c, 0xa0, 0x9b, 0x0c, 0xfd, 0xb3, 0xd2, 0xe3, 0x79, 0x1d,
186 0x21, 0xe2, 0xd6, 0x13, 0xc4, 0x74, 0xa6, 0xf5, 0x8e, 0x8e, 0x81, 0xbb,
187 0xb4, 0xad, 0x8a, 0xf0, 0x93, 0x0a, 0xd8, 0x0a, 0x42, 0x36, 0xbc, 0xe5,
188 0x26, 0x2a, 0x0d, 0x5d, 0x57, 0x13, 0xc5, 0x4e, 0x2f, 0x12, 0x0e, 0xef,
189 0xa7, 0x81, 0x1e, 0xc3, 0xa5, 0xdb, 0xc9, 0x24, 0xeb, 0x1a, 0xa1, 0xf9,
190 0xf6, 0xa1, 0x78, 0x98, 0x93, 0x77, 0x42, 0x45, 0x03, 0xe2, 0xc9, 0xa2,
191 0xfe, 0x2d, 0x77, 0xc8, 0xc6, 0xac, 0x9b, 0x98, 0x89, 0x6d, 0x9a, 0xe7,
192 0x61, 0x63, 0xb7, 0xf2, 0xec, 0xd6, 0xb1, 0xa1, 0x6e, 0x0a, 0x1a, 0xff,
193 0xfd, 0x43, 0x28, 0xc3, 0x0c, 0xdc, 0xf2, 0x47, 0x4f, 0x27, 0xaa, 0x99,
194 0x04, 0x8e, 0xac, 0xe8, 0x7c, 0x01, 0x02, 0x04, 0x12, 0x34, 0x56, 0x78,
195 0x02, 0x81, 0x81, 0x00, 0xca, 0x69, 0xe5, 0xbb, 0x3a, 0x90, 0x82, 0xcb,
196 0x82, 0x50, 0x2f, 0x29, 0xe2, 0x76, 0x6a, 0x57, 0x55, 0x45, 0x4e, 0x35,
197 0x18, 0x61, 0xe0, 0x12, 0x70, 0xc0, 0xab, 0xc7, 0x80, 0xa2, 0xd4, 0x46,
198 0x34, 0x03, 0xa0, 0x19, 0x26, 0x23, 0x9e, 0xef, 0x1a, 0xcb, 0x75, 0xd6,
199 0xba, 0x81, 0xf4, 0x7e, 0x52, 0xe5, 0x2a, 0xe8, 0xf1, 0x49, 0x6c, 0x0f,
200 0x1a, 0xa0, 0xf9, 0xc6, 0xe7, 0xec, 0x60, 0xe4, 0xcb, 0x2a, 0xb5, 0x56,
201 0xe9, 0x9c, 0xcd, 0x19, 0x75, 0x92, 0xb1, 0x66, 0xce, 0xc3, 0xd9, 0x3d,
202 0x11, 0xcb, 0xc4, 0x09, 0xce, 0x1e, 0x30, 0xba, 0x2f, 0x60, 0x60, 0x55,
203 0x8d, 0x02, 0xdc, 0x5d, 0xaf, 0xf7, 0x52, 0x31, 0x17, 0x07, 0x53, 0x20,
204 0x33, 0xad, 0x8c, 0xd5, 0x2f, 0x5a, 0xd0, 0x57, 0xd7, 0xd1, 0x80, 0xd6,
205 0x3a, 0x9b, 0x04, 0x4f, 0x35, 0xbf, 0xe7, 0xd5, 0xbc, 0x8f, 0xd4, 0x81,
206 0x02, 0x81, 0x81, 0x00, 0xc0, 0x9f, 0xf8, 0xcd, 0xf7, 0x3f, 0x26, 0x8a,
207 0x3d, 0x4d, 0x2b, 0x0c, 0x01, 0xd0, 0xa2, 0xb4, 0x18, 0xfe, 0xf7, 0x5e,
208 0x2f, 0x06, 0x13, 0xcd, 0x63, 0xaa, 0x12, 0xa9, 0x24, 0x86, 0xe3, 0xf3,
209 0x7b, 0xda, 0x1a, 0x3c, 0xb1, 0x38, 0x80, 0x80, 0xef, 0x64, 0x64, 0xa1,
210 0x9b, 0xfe, 0x76, 0x63, 0x8e, 0x83, 0xd2, 0xd9, 0xb9, 0x86, 0xb0, 0xe6,
211 0xa6, 0x0c, 0x7e, 0xa8, 0x84, 0x90, 0x98, 0x0c, 0x1e, 0xf3, 0x14, 0x77,
212 0xe0, 0x5f, 0x81, 0x08, 0x11, 0x8f, 0xa6, 0x23, 0xc4, 0xba, 0xc0, 0x8a,
213 0xe4, 0xc6, 0xe3, 0x5c, 0xbe, 0xc5, 0xec, 0x2c, 0xb9, 0xd8, 0x8c, 0x4d,
214 0x1a, 0x9d, 0xe7, 0x7c, 0x85, 0x4c, 0x0d, 0x71, 0x4e, 0x72, 0x33, 0x1b,
215 0xfe, 0xa9, 0x17, 0x72, 0x76, 0x56, 0x9d, 0x74, 0x7e, 0x52, 0x67, 0x9a,
216 0x87, 0x9a, 0xdb, 0x30, 0xde, 0xe4, 0x49, 0x28, 0x3b, 0xd2, 0x67, 0xaf,
217 0x02, 0x81, 0x81, 0x00, 0x89, 0x74, 0x9a, 0x8e, 0xa7, 0xb9, 0xa5, 0x28,
218 0xc0, 0x68, 0xe5, 0x6e, 0x63, 0x1c, 0x99, 0x20, 0x8f, 0x86, 0x8e, 0x12,
219 0x9e, 0x69, 0x30, 0xfa, 0x34, 0xd9, 0x92, 0x8d, 0xdb, 0x7c, 0x37, 0xfd,
220 0x28, 0xab, 0x61, 0x98, 0x52, 0x7f, 0x14, 0x1a, 0x39, 0xae, 0xfb, 0x6a,
221 0x03, 0xa3, 0xe6, 0xbd, 0xb6, 0x5b, 0x6b, 0xe5, 0x5e, 0x9d, 0xc6, 0xa5,
222 0x07, 0x27, 0x54, 0x17, 0xd0, 0x3d, 0x84, 0x9b, 0x3a, 0xa0, 0xd9, 0x1e,
223 0x99, 0x6c, 0x63, 0x17, 0xab, 0xf1, 0x1f, 0x49, 0xba, 0x95, 0xe3, 0x3b,
224 0x86, 0x8f, 0x42, 0xa4, 0x89, 0xf5, 0x94, 0x8f, 0x8b, 0x46, 0xbe, 0x84,
225 0xba, 0x4a, 0xbc, 0x0d, 0x5f, 0x46, 0xeb, 0xe8, 0xec, 0x43, 0x8c, 0x1e,
226 0xad, 0x19, 0x69, 0x2f, 0x08, 0x86, 0x7a, 0x3f, 0x7d, 0x0f, 0x07, 0x97,
227 0xf3, 0x9a, 0x7b, 0xb5, 0xb2, 0xc1, 0x8c, 0x95, 0x68, 0x04, 0xa0, 0x81,
228 0x02, 0x81, 0x80, 0x4e, 0xbf, 0x7e, 0x1b, 0xcb, 0x13, 0x61, 0x75, 0x3b,
229 0xdb, 0x59, 0x5f, 0xb1, 0xd4, 0xb8, 0xeb, 0x9e, 0x73, 0xb5, 0xe7, 0xf6,
230 0x89, 0x3d, 0x1c, 0xda, 0xf0, 0x36, 0xff, 0x35, 0xbd, 0x1e, 0x0b, 0x74,
231 0xe3, 0x9e, 0xf0, 0xf2, 0xf7, 0xd7, 0x82, 0xb7, 0x7b, 0x6a, 0x1b, 0x0e,
232 0x30, 0x4a, 0x98, 0x0e, 0xb4, 0xf9, 0x81, 0x07, 0xe4, 0x75, 0x39, 0xe9,
233 0x53, 0xca, 0xbb, 0x5c, 0xaa, 0x93, 0x07, 0x0e, 0xa8, 0x2f, 0xba, 0x98,
234 0x49, 0x30, 0xa7, 0xcc, 0x1a, 0x3c, 0x68, 0x0c, 0xe1, 0xa4, 0xb1, 0x05,
235 0xe6, 0xe0, 0x25, 0x78, 0x58, 0x14, 0x37, 0xf5, 0x1f, 0xe3, 0x22, 0xef,
236 0xa8, 0x0e, 0x22, 0xa0, 0x94, 0x3a, 0xf6, 0xc9, 0x13, 0xe6, 0x06, 0xbf,
237 0x7f, 0x99, 0xc6, 0xcc, 0xd8, 0xc6, 0xbe, 0xd9, 0x2e, 0x24, 0xc7, 0x69,
238 0x8c, 0x95, 0xba, 0xf6, 0x04, 0xb3, 0x0a, 0xf4, 0xcb, 0xf0, 0xce,
241 static const unsigned char kMsg[] = { 1, 2, 3, 4 };
243 static const unsigned char kSignature[] = {
244 0xa5, 0xf0, 0x8a, 0x47, 0x5d, 0x3c, 0xb3, 0xcc, 0xa9, 0x79, 0xaf, 0x4d,
245 0x8c, 0xae, 0x4c, 0x14, 0xef, 0xc2, 0x0b, 0x34, 0x36, 0xde, 0xf4, 0x3e,
246 0x3d, 0xbb, 0x4a, 0x60, 0x5c, 0xc8, 0x91, 0x28, 0xda, 0xfb, 0x7e, 0x04,
247 0x96, 0x7e, 0x63, 0x13, 0x90, 0xce, 0xb9, 0xb4, 0x62, 0x7a, 0xfd, 0x09,
248 0x3d, 0xc7, 0x67, 0x78, 0x54, 0x04, 0xeb, 0x52, 0x62, 0x6e, 0x24, 0x67,
249 0xb4, 0x40, 0xfc, 0x57, 0x62, 0xc6, 0xf1, 0x67, 0xc1, 0x97, 0x8f, 0x6a,
250 0xa8, 0xae, 0x44, 0x46, 0x5e, 0xab, 0x67, 0x17, 0x53, 0x19, 0x3a, 0xda,
251 0x5a, 0xc8, 0x16, 0x3e, 0x86, 0xd5, 0xc5, 0x71, 0x2f, 0xfc, 0x23, 0x48,
252 0xd9, 0x0b, 0x13, 0xdd, 0x7b, 0x5a, 0x25, 0x79, 0xef, 0xa5, 0x7b, 0x04,
253 0xed, 0x44, 0xf6, 0x18, 0x55, 0xe4, 0x0a, 0xe9, 0x57, 0x79, 0x5d, 0xd7,
254 0x55, 0xa7, 0xab, 0x45, 0x02, 0x97, 0x60, 0x42,
258 * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS #8
261 static const unsigned char kExampleRSAKeyPKCS8[] = {
262 0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
263 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
264 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
265 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5,
266 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e,
267 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34,
268 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde,
269 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8,
270 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b,
271 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83,
272 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48,
273 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a,
274 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2,
275 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01,
276 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a,
277 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5,
278 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6,
279 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8,
280 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6,
281 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f,
282 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c,
283 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78,
284 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71,
285 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60,
286 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d,
287 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3,
288 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d,
289 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18,
290 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d,
291 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32,
292 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc,
293 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63,
294 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05,
295 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16,
296 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3,
297 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85,
298 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97,
299 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7,
300 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99,
301 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4,
302 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d,
303 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40,
304 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26,
305 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1,
306 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c,
307 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30,
308 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea,
309 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b,
310 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e,
311 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9,
312 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae,
313 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d,
314 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
317 #ifndef OPENSSL_NO_EC
319 * kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey
322 static const unsigned char kExampleECKeyDER[] = {
323 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x07, 0x0f, 0x08, 0x72, 0x7a,
324 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 0x4d, 0x89, 0x68, 0x77, 0x08,
325 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 0xe8, 0xd1, 0xc9, 0xce, 0x0a,
326 0x8b, 0xb4, 0x6a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
327 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69,
328 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c,
329 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9,
330 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18,
331 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16,
332 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22,
337 * kExampleBadECKeyDER is a sample EC private key encoded as an ECPrivateKey
338 * structure. The private key is equal to the order and will fail to import
340 static const unsigned char kExampleBadECKeyDER[] = {
341 0x30, 0x66, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48,
342 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03,
343 0x01, 0x07, 0x04, 0x4C, 0x30, 0x4A, 0x02, 0x01, 0x01, 0x04, 0x20, 0xFF,
344 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
345 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3,
346 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51, 0xA1, 0x23, 0x03, 0x21, 0x00,
347 0x00, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
348 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84,
349 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51
353 static const unsigned char kExampleECPubKeyDER[] = {
354 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
355 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
356 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
357 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
358 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
359 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
360 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
361 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
365 * kExampleBadECPubKeyDER is a sample EC public key with a wrong OID
366 * 1.2.840.10045.2.2 instead of 1.2.840.10045.2.1 - EC Public Key
368 static const unsigned char kExampleBadECPubKeyDER[] = {
369 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
370 0x02, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
371 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
372 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
373 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
374 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
375 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
376 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
379 static const unsigned char pExampleECParamDER[] = {
380 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07
384 typedef struct APK_DATA_st {
385 const unsigned char *kder;
391 int type; /* 0 for private, 1 for public, 2 for params */
394 static APK_DATA keydata[] = {
395 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), EVP_PKEY_RSA},
396 {kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), EVP_PKEY_RSA},
397 #ifndef OPENSSL_NO_EC
398 {kExampleECKeyDER, sizeof(kExampleECKeyDER), EVP_PKEY_EC}
402 static APK_DATA keycheckdata[] = {
403 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), EVP_PKEY_RSA, 1, 1, 1, 0},
404 {kExampleBadRSAKeyDER, sizeof(kExampleBadRSAKeyDER), EVP_PKEY_RSA,
406 #ifndef OPENSSL_NO_EC
407 {kExampleECKeyDER, sizeof(kExampleECKeyDER), EVP_PKEY_EC, 1, 1, 1, 0},
408 /* group is also associated in our pub key */
409 {kExampleECPubKeyDER, sizeof(kExampleECPubKeyDER), EVP_PKEY_EC, 0, 1, 1, 1},
410 {pExampleECParamDER, sizeof(pExampleECParamDER), EVP_PKEY_EC, 0, 0, 1, 2}
414 static EVP_PKEY *load_example_key(const char *keytype,
415 const unsigned char *data, size_t data_len)
417 const unsigned char **pdata = &data;
418 EVP_PKEY *pkey = NULL;
419 OSSL_DECODER_CTX *dctx =
420 OSSL_DECODER_CTX_new_by_EVP_PKEY(&pkey, "DER", NULL, keytype, 0,
423 /* |pkey| will be NULL on error */
424 (void)OSSL_DECODER_from_data(dctx, pdata, &data_len);
425 OSSL_DECODER_CTX_free(dctx);
429 static EVP_PKEY *load_example_rsa_key(void)
431 return load_example_key("RSA", kExampleRSAKeyDER,
432 sizeof(kExampleRSAKeyDER));
435 #ifndef OPENSSL_NO_DSA
436 static EVP_PKEY *load_example_dsa_key(void)
438 return load_example_key("DSA", kExampleDSAKeyDER,
439 sizeof(kExampleDSAKeyDER));
443 static EVP_PKEY *load_example_hmac_key(void)
445 EVP_PKEY *pkey = NULL;
446 unsigned char key[] = {
447 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
448 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
449 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
452 pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, NULL, key, sizeof(key));
459 static int test_EVP_set_default_properties(void)
465 if (!TEST_ptr(ctx = OSSL_LIB_CTX_new())
466 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
471 if (!TEST_true(EVP_set_default_properties(ctx, "provider=fizzbang"))
472 || !TEST_ptr_null(md = EVP_MD_fetch(ctx, "sha256", NULL))
473 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", "-provider")))
478 if (!TEST_true(EVP_set_default_properties(ctx, NULL))
479 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
484 OSSL_LIB_CTX_free(ctx);
488 #if !defined(OPENSSL_NO_DH) && !defined(OPENSSL_NO_DSA)
490 * Test combinations of private, public, missing and private + public key
491 * params to ensure they are all accepted
493 static int test_EVP_PKEY_ffc_priv_pub(char *keytype)
495 OSSL_PARAM_BLD *bld = NULL;
496 OSSL_PARAM *params = NULL;
497 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
498 EVP_PKEY_CTX *pctx = NULL;
499 EVP_PKEY *pkey = NULL;
503 * Setup the parameters for our pkey object. For our purposes they don't
504 * have to actually be *valid* parameters. We just need to set something.
506 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, keytype, NULL))
507 || !TEST_ptr(p = BN_new())
508 || !TEST_ptr(q = BN_new())
509 || !TEST_ptr(g = BN_new())
510 || !TEST_ptr(pub = BN_new())
511 || !TEST_ptr(priv = BN_new()))
514 /* Test !priv and !pub */
515 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
516 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
517 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
518 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g)))
520 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
523 if (!TEST_int_gt(EVP_PKEY_key_fromdata_init(pctx), 0)
524 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, params), 0))
532 OSSL_PARAM_BLD_free_params(params);
533 OSSL_PARAM_BLD_free(bld);
535 /* Test priv and !pub */
536 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
537 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
538 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
539 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
540 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
543 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
546 if (!TEST_int_gt(EVP_PKEY_key_fromdata_init(pctx), 0)
547 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, params), 0))
555 OSSL_PARAM_BLD_free_params(params);
556 OSSL_PARAM_BLD_free(bld);
558 /* Test !priv and pub */
559 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
560 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
561 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
562 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
563 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
566 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
569 if (!TEST_int_gt(EVP_PKEY_key_fromdata_init(pctx), 0)
570 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, params), 0))
578 OSSL_PARAM_BLD_free_params(params);
579 OSSL_PARAM_BLD_free(bld);
581 /* Test priv and pub */
582 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
583 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
584 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
585 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
586 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
588 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
591 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
594 if (!TEST_int_gt(EVP_PKEY_key_fromdata_init(pctx), 0)
595 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, params), 0))
604 EVP_PKEY_CTX_free(pctx);
605 OSSL_PARAM_BLD_free_params(params);
606 OSSL_PARAM_BLD_free(bld);
615 #endif /* !OPENSSL_NO_DH && !OPENSSL_NO_DSA */
617 static int test_EVP_Enveloped(void)
620 EVP_CIPHER_CTX *ctx = NULL;
621 EVP_PKEY *keypair = NULL;
622 unsigned char *kek = NULL;
623 unsigned char iv[EVP_MAX_IV_LENGTH];
624 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8 };
625 int len, kek_len, ciphertext_len, plaintext_len;
626 unsigned char ciphertext[32], plaintext[16];
627 const EVP_CIPHER *type = EVP_aes_256_cbc();
629 if (!TEST_ptr(keypair = load_example_rsa_key())
630 || !TEST_ptr(kek = OPENSSL_zalloc(EVP_PKEY_size(keypair)))
631 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
632 || !TEST_true(EVP_SealInit(ctx, type, &kek, &kek_len, iv,
634 || !TEST_true(EVP_SealUpdate(ctx, ciphertext, &ciphertext_len,
636 || !TEST_true(EVP_SealFinal(ctx, ciphertext + ciphertext_len,
640 ciphertext_len += len;
642 if (!TEST_true(EVP_OpenInit(ctx, type, kek, kek_len, iv, keypair))
643 || !TEST_true(EVP_OpenUpdate(ctx, plaintext, &plaintext_len,
644 ciphertext, ciphertext_len))
645 || !TEST_true(EVP_OpenFinal(ctx, plaintext + plaintext_len, &len)))
648 plaintext_len += len;
649 if (!TEST_mem_eq(msg, sizeof(msg), plaintext, plaintext_len))
655 EVP_PKEY_free(keypair);
656 EVP_CIPHER_CTX_free(ctx);
661 * Test 0: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, RSA)
662 * Test 1: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, DSA)
663 * Test 2: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, HMAC)
664 * Test 3: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, RSA)
665 * Test 4: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, DSA)
666 * Test 5: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch diegst, HMAC)
667 * Test 6: Use an MD BIO to do the Update calls instead (RSA)
668 * Test 7: Use an MD BIO to do the Update calls instead (DSA)
669 * Test 8: Use an MD BIO to do the Update calls instead (HMAC)
671 static int test_EVP_DigestSignInit(int tst)
674 EVP_PKEY *pkey = NULL;
675 unsigned char *sig = NULL;
677 EVP_MD_CTX *md_ctx = NULL, *md_ctx_verify = NULL;
678 EVP_MD_CTX *a_md_ctx = NULL, *a_md_ctx_verify = NULL;
679 BIO *mdbio = NULL, *membio = NULL;
682 EVP_MD *mdexp = NULL;
685 membio = BIO_new(BIO_s_mem());
686 mdbio = BIO_new(BIO_f_md());
687 if (!TEST_ptr(membio) || !TEST_ptr(mdbio))
689 BIO_push(mdbio, membio);
690 if (!TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx), 0))
693 if (!TEST_ptr(a_md_ctx = md_ctx = EVP_MD_CTX_new())
694 || !TEST_ptr(a_md_ctx_verify = md_ctx_verify = EVP_MD_CTX_new()))
698 if (tst == 0 || tst == 3 || tst == 6) {
699 if (!TEST_ptr(pkey = load_example_rsa_key()))
701 } else if (tst == 1 || tst == 4 || tst == 7) {
702 #ifndef OPENSSL_NO_DSA
703 if (!TEST_ptr(pkey = load_example_dsa_key()))
710 if (!TEST_ptr(pkey = load_example_hmac_key()))
714 if (tst >= 3 && tst <= 5)
715 md = mdexp = EVP_MD_fetch(NULL, "SHA256", NULL);
719 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, md, NULL, pkey)))
723 if (!BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written))
726 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
730 /* Determine the size of the signature. */
731 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len))
732 || !TEST_ptr(sig = OPENSSL_malloc(sig_len))
733 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
737 if (!TEST_int_gt(BIO_reset(mdbio), 0)
738 || !TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx_verify), 0))
743 * Ensure that the signature round-trips (Verification isn't supported for
744 * HMAC via EVP_DigestVerify*)
746 if (tst != 2 && tst != 5 && tst != 8) {
747 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, md,
752 if (!TEST_true(BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written)))
755 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg,
759 if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)))
768 EVP_MD_CTX_free(a_md_ctx);
769 EVP_MD_CTX_free(a_md_ctx_verify);
777 static int test_EVP_DigestVerifyInit(void)
780 EVP_PKEY *pkey = NULL;
781 EVP_MD_CTX *md_ctx = NULL;
783 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new())
784 || !TEST_ptr(pkey = load_example_rsa_key()))
787 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, EVP_sha256(), NULL, pkey))
788 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)))
789 || !TEST_true(EVP_DigestVerifyFinal(md_ctx, kSignature,
790 sizeof(kSignature))))
795 EVP_MD_CTX_free(md_ctx);
801 * Test corner cases of EVP_DigestInit/Update/Final API call behavior.
803 static int test_EVP_Digest(void)
806 EVP_MD_CTX *md_ctx = NULL;
807 unsigned char md[EVP_MAX_MD_SIZE];
809 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
812 if (!TEST_true(EVP_DigestInit_ex(md_ctx, EVP_sha256(), NULL))
813 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
814 || !TEST_true(EVP_DigestFinal(md_ctx, md, NULL))
815 /* EVP_DigestFinal resets the EVP_MD_CTX. */
816 || !TEST_ptr_eq(EVP_MD_CTX_md(md_ctx), NULL))
819 if (!TEST_true(EVP_DigestInit_ex(md_ctx, EVP_sha256(), NULL))
820 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
821 || !TEST_true(EVP_DigestFinal_ex(md_ctx, md, NULL))
822 /* EVP_DigestFinal_ex does not reset the EVP_MD_CTX. */
823 || !TEST_ptr(EVP_MD_CTX_md(md_ctx))
825 * EVP_DigestInit_ex with NULL type should work on
826 * pre-initialized context.
828 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
831 if (!TEST_true(EVP_DigestInit_ex(md_ctx, EVP_shake256(), NULL))
832 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
833 || !TEST_true(EVP_DigestFinalXOF(md_ctx, md, sizeof(md)))
834 /* EVP_DigestFinalXOF does not reset the EVP_MD_CTX. */
835 || !TEST_ptr(EVP_MD_CTX_md(md_ctx))
836 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
841 EVP_MD_CTX_free(md_ctx);
845 static int test_d2i_AutoPrivateKey(int i)
848 const unsigned char *p;
849 EVP_PKEY *pkey = NULL;
850 const APK_DATA *ak = &keydata[i];
851 const unsigned char *input = ak->kder;
852 size_t input_len = ak->size;
853 int expected_id = ak->evptype;
856 if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len))
857 || !TEST_ptr_eq(p, input + input_len)
858 || !TEST_int_eq(EVP_PKEY_id(pkey), expected_id))
868 #ifndef OPENSSL_NO_EC
870 static const unsigned char ec_public_sect163k1_validxy[] = {
871 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
872 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
873 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
874 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x02, 0xd1, 0x7b,
875 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
876 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
879 static const unsigned char ec_public_sect163k1_badx[] = {
880 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
881 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
882 0x0a, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
883 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0xb0, 0x02, 0xd1, 0x7b,
884 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
885 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
888 static const unsigned char ec_public_sect163k1_bady[] = {
889 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
890 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
891 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
892 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x0a, 0xd1, 0x7b,
893 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
894 0x6a, 0xd8, 0x17, 0x65, 0x41, 0xe6
897 static struct ec_der_pub_keys_st {
898 const unsigned char *der;
901 } ec_der_pub_keys[] = {
902 { ec_public_sect163k1_validxy, sizeof(ec_public_sect163k1_validxy), 1 },
903 { ec_public_sect163k1_badx, sizeof(ec_public_sect163k1_badx), 0 },
904 { ec_public_sect163k1_bady, sizeof(ec_public_sect163k1_bady), 0 },
908 * Tests the range of the decoded EC char2 public point.
909 * See ec_GF2m_simple_oct2point().
911 static int test_invalide_ec_char2_pub_range_decode(int id)
915 EC_KEY *eckey = NULL;
917 if (!TEST_ptr(bio = BIO_new_mem_buf(ec_der_pub_keys[id].der,
918 ec_der_pub_keys[id].len)))
920 eckey = d2i_EC_PUBKEY_bio(bio, NULL);
921 ret = (ec_der_pub_keys[id].valid && TEST_ptr(eckey))
922 || TEST_ptr_null(eckey);
929 /* Tests loading a bad key in PKCS8 format */
930 static int test_EVP_PKCS82PKEY(void)
933 const unsigned char *derp = kExampleBadECKeyDER;
934 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
935 EVP_PKEY *pkey = NULL;
937 if (!TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &derp,
938 sizeof(kExampleBadECKeyDER))))
941 if (!TEST_ptr_eq(derp,
942 kExampleBadECKeyDER + sizeof(kExampleBadECKeyDER)))
945 if (!TEST_ptr_null(pkey = EVP_PKCS82PKEY(p8inf)))
951 PKCS8_PRIV_KEY_INFO_free(p8inf);
958 /* This uses kExampleRSAKeyDER and kExampleRSAKeyPKCS8 to verify encoding */
959 static int test_privatekey_to_pkcs8(void)
961 EVP_PKEY *pkey = NULL;
967 if (!TEST_ptr(membio = BIO_new(BIO_s_mem()))
968 || !TEST_ptr(pkey = load_example_rsa_key())
969 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL,
970 NULL, 0, NULL, NULL),
972 || !TEST_int_gt(membuf_len = BIO_get_mem_data(membio, &membuf), 0)
974 || !TEST_mem_eq(membuf, (size_t)membuf_len,
975 kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8))
977 * We try to write PEM as well, just to see that it doesn't err, but
978 * assume that the result is correct.
980 || !TEST_int_gt(PEM_write_bio_PKCS8PrivateKey(membio, pkey, NULL,
981 NULL, 0, NULL, NULL),
988 BIO_free_all(membio);
992 #ifndef OPENSSL_NO_EC
993 static const struct {
995 const char *encoding_name;
997 { OPENSSL_EC_EXPLICIT_CURVE, OSSL_PKEY_EC_ENCODING_EXPLICIT },
998 { OPENSSL_EC_NAMED_CURVE, OSSL_PKEY_EC_ENCODING_GROUP }
1001 static int ec_export_get_encoding_cb(const OSSL_PARAM params[], void *arg)
1003 const OSSL_PARAM *p;
1004 const char *enc_name = NULL;
1010 if (!TEST_ptr(p = OSSL_PARAM_locate_const(params,
1011 OSSL_PKEY_PARAM_EC_ENCODING))
1012 || !TEST_true(OSSL_PARAM_get_utf8_string_ptr(p, &enc_name)))
1015 for (i = 0; i < OSSL_NELEM(ec_encodings); i++) {
1016 if (strcasecmp(enc_name, ec_encodings[i].encoding_name) == 0) {
1017 *enc = ec_encodings[i].encoding;
1022 return (*enc != -1);
1025 static int test_EC_keygen_with_enc(int idx)
1027 EVP_PKEY *params = NULL, *key = NULL;
1028 EVP_PKEY_CTX *pctx = NULL, *kctx = NULL;
1032 enc = ec_encodings[idx].encoding;
1034 /* Create key parameters */
1035 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "EC", NULL))
1036 || !TEST_true(EVP_PKEY_paramgen_init(pctx))
1037 || !TEST_true(EVP_PKEY_CTX_set_group_name(pctx, "P-256"))
1038 || !TEST_true(EVP_PKEY_CTX_set_ec_param_enc(pctx, enc))
1039 || !TEST_true(EVP_PKEY_paramgen(pctx, ¶ms))
1040 || !TEST_ptr(params))
1044 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx, params, NULL))
1045 || !TEST_true(EVP_PKEY_keygen_init(kctx))
1046 || !TEST_true(EVP_PKEY_keygen(kctx, &key))
1050 /* Check that the encoding got all the way into the key */
1051 if (!TEST_true(evp_keymgmt_util_export(key, OSSL_KEYMGMT_SELECT_ALL,
1052 ec_export_get_encoding_cb, &enc))
1053 || !TEST_int_eq(enc, ec_encodings[idx].encoding))
1059 EVP_PKEY_free(params);
1060 EVP_PKEY_CTX_free(kctx);
1061 EVP_PKEY_CTX_free(pctx);
1066 #if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
1068 static int test_EVP_SM2_verify(void)
1070 const char *pubkey =
1071 "-----BEGIN PUBLIC KEY-----\n"
1072 "MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEp1KLWq1ZE2jmoAnnBJE1LBGxVr18\n"
1073 "YvvqECWCpXfAQ9qUJ+UmthnUPf0iM3SaXKHe6PlLIDyNlWMWb9RUh/yU3g==\n"
1074 "-----END PUBLIC KEY-----\n";
1076 const char *msg = "message digest";
1077 const char *id = "ALICE123@YAHOO.COM";
1079 const uint8_t signature[] = {
1080 0x30, 0x44, 0x02, 0x20, 0x5b, 0xdb, 0xab, 0x81, 0x4f, 0xbb,
1081 0x8b, 0x69, 0xb1, 0x05, 0x9c, 0x99, 0x3b, 0xb2, 0x45, 0x06,
1082 0x4a, 0x30, 0x15, 0x59, 0x84, 0xcd, 0xee, 0x30, 0x60, 0x36,
1083 0x57, 0x87, 0xef, 0x5c, 0xd0, 0xbe, 0x02, 0x20, 0x43, 0x8d,
1084 0x1f, 0xc7, 0x77, 0x72, 0x39, 0xbb, 0x72, 0xe1, 0xfd, 0x07,
1085 0x58, 0xd5, 0x82, 0xc8, 0x2d, 0xba, 0x3b, 0x2c, 0x46, 0x24,
1086 0xe3, 0x50, 0xff, 0x04, 0xc7, 0xa0, 0x71, 0x9f, 0xa4, 0x70
1091 EVP_PKEY *pkey = NULL;
1092 EVP_MD_CTX *mctx = NULL;
1093 EVP_PKEY_CTX *pctx = NULL;
1095 bio = BIO_new_mem_buf(pubkey, strlen(pubkey));
1096 if (!TEST_true(bio != NULL))
1099 pkey = PEM_read_bio_PUBKEY(bio, NULL, NULL, NULL);
1100 if (!TEST_true(pkey != NULL))
1103 if (!TEST_true(EVP_PKEY_is_a(pkey, "SM2")))
1106 if (!TEST_ptr(mctx = EVP_MD_CTX_new()))
1109 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new(pkey, NULL)))
1112 EVP_MD_CTX_set_pkey_ctx(mctx, pctx);
1114 if (!TEST_true(EVP_DigestVerifyInit(mctx, NULL, EVP_sm3(), NULL, pkey)))
1117 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(pctx, id, strlen(id)), 0))
1120 if (!TEST_true(EVP_DigestVerifyUpdate(mctx, msg, strlen(msg))))
1123 if (!TEST_true(EVP_DigestVerifyFinal(mctx, signature, sizeof(signature))))
1129 EVP_PKEY_free(pkey);
1130 EVP_PKEY_CTX_free(pctx);
1131 EVP_MD_CTX_free(mctx);
1135 static int test_EVP_SM2(void)
1138 EVP_PKEY *pkey = NULL;
1139 EVP_PKEY *pkeyparams = NULL;
1140 EVP_PKEY_CTX *pctx = NULL;
1141 EVP_PKEY_CTX *kctx = NULL;
1142 EVP_PKEY_CTX *sctx = NULL;
1144 unsigned char *sig = NULL;
1145 EVP_MD_CTX *md_ctx = NULL;
1146 EVP_MD_CTX *md_ctx_verify = NULL;
1147 EVP_PKEY_CTX *cctx = NULL;
1149 uint8_t ciphertext[128];
1150 size_t ctext_len = sizeof(ciphertext);
1152 uint8_t plaintext[8];
1153 size_t ptext_len = sizeof(plaintext);
1155 uint8_t sm2_id[] = {1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r'};
1157 OSSL_PARAM sparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
1158 OSSL_PARAM gparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
1162 pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_SM2, NULL);
1163 if (!TEST_ptr(pctx))
1166 if (!TEST_true(EVP_PKEY_paramgen_init(pctx) == 1))
1169 /* TODO is this even needed? */
1170 if (!TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, NID_sm2)))
1173 if (!TEST_true(EVP_PKEY_paramgen(pctx, &pkeyparams)))
1176 kctx = EVP_PKEY_CTX_new(pkeyparams, NULL);
1177 if (!TEST_ptr(kctx))
1180 if (!TEST_true(EVP_PKEY_keygen_init(kctx)))
1183 if (!TEST_true(EVP_PKEY_keygen(kctx, &pkey)))
1186 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1189 if (!TEST_ptr(md_ctx_verify = EVP_MD_CTX_new()))
1192 if (!TEST_ptr(sctx = EVP_PKEY_CTX_new(pkey, NULL)))
1195 EVP_MD_CTX_set_pkey_ctx(md_ctx, sctx);
1196 EVP_MD_CTX_set_pkey_ctx(md_ctx_verify, sctx);
1198 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, EVP_sm3(), NULL, pkey)))
1201 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
1204 if(!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
1207 /* Determine the size of the signature. */
1208 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len)))
1211 if (!TEST_ptr(sig = OPENSSL_malloc(sig_len)))
1214 if (!TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
1217 /* Ensure that the signature round-trips. */
1219 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, EVP_sm3(), NULL, pkey)))
1222 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
1225 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg))))
1228 if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)))
1231 /* now check encryption/decryption */
1233 gparams[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
1234 mdname, sizeof(mdname));
1235 for (i = 0; i < 2; i++) {
1236 EVP_PKEY_CTX_free(cctx);
1238 sparams[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
1239 i == 0 ? "SM3" : "SHA2-256",
1242 if (!TEST_ptr(cctx = EVP_PKEY_CTX_new(pkey, NULL)))
1245 if (!TEST_true(EVP_PKEY_encrypt_init(cctx)))
1248 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
1251 if (!TEST_true(EVP_PKEY_encrypt(cctx, ciphertext, &ctext_len, kMsg,
1255 if (!TEST_true(EVP_PKEY_decrypt_init(cctx)))
1258 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
1261 if (!TEST_true(EVP_PKEY_decrypt(cctx, plaintext, &ptext_len, ciphertext,
1265 if (!TEST_true(EVP_PKEY_CTX_get_params(cctx, gparams)))
1268 /* Test we're still using the digest we think we are */
1269 if (i == 0 && !TEST_int_eq(strcmp(mdname, "SM3"), 0))
1271 if (i == 1 && !TEST_int_eq(strcmp(mdname, "SHA2-256"), 0))
1274 if (!TEST_true(ptext_len == sizeof(kMsg)))
1277 if (!TEST_true(memcmp(plaintext, kMsg, sizeof(kMsg)) == 0))
1283 EVP_PKEY_CTX_free(pctx);
1284 EVP_PKEY_CTX_free(kctx);
1285 EVP_PKEY_CTX_free(sctx);
1286 EVP_PKEY_CTX_free(cctx);
1287 EVP_PKEY_free(pkey);
1288 EVP_PKEY_free(pkeyparams);
1289 EVP_MD_CTX_free(md_ctx);
1290 EVP_MD_CTX_free(md_ctx_verify);
1297 static struct keys_st {
1303 EVP_PKEY_HMAC, "0123456789", NULL
1305 EVP_PKEY_POLY1305, "01234567890123456789012345678901", NULL
1307 EVP_PKEY_SIPHASH, "0123456789012345", NULL
1309 #ifndef OPENSSL_NO_EC
1311 EVP_PKEY_X25519, "01234567890123456789012345678901",
1312 "abcdefghijklmnopqrstuvwxyzabcdef"
1314 EVP_PKEY_ED25519, "01234567890123456789012345678901",
1315 "abcdefghijklmnopqrstuvwxyzabcdef"
1318 "01234567890123456789012345678901234567890123456789012345",
1319 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd"
1322 "012345678901234567890123456789012345678901234567890123456",
1323 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcde"
1328 static int test_set_get_raw_keys_int(int tst, int pub, int uselibctx)
1331 unsigned char buf[80];
1333 size_t inlen, len = 0;
1336 /* Check if this algorithm supports public keys */
1337 if (keys[tst].pub == NULL)
1340 memset(buf, 0, sizeof(buf));
1343 inlen = strlen(keys[tst].pub);
1344 in = (unsigned char *)keys[tst].pub;
1346 pkey = EVP_PKEY_new_raw_public_key_ex(
1348 OBJ_nid2sn(keys[tst].type),
1353 pkey = EVP_PKEY_new_raw_public_key(keys[tst].type,
1359 inlen = strlen(keys[tst].priv);
1360 in = (unsigned char *)keys[tst].priv;
1362 pkey = EVP_PKEY_new_raw_private_key_ex(
1363 testctx, OBJ_nid2sn(keys[tst].type),
1368 pkey = EVP_PKEY_new_raw_private_key(keys[tst].type,
1376 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, NULL, &len)))
1377 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, NULL, &len)))
1378 || !TEST_true(len == inlen)
1379 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, buf, &len)))
1380 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, buf, &len)))
1381 || !TEST_mem_eq(in, inlen, buf, len))
1386 EVP_PKEY_free(pkey);
1390 static int test_set_get_raw_keys(int tst)
1392 return test_set_get_raw_keys_int(tst, 0, 0)
1393 && test_set_get_raw_keys_int(tst, 0, 1)
1394 && test_set_get_raw_keys_int(tst, 1, 0)
1395 && test_set_get_raw_keys_int(tst, 1, 1);
1398 #ifndef OPENSSL_NO_DEPRECATED_3_0
1399 static int pkey_custom_check(EVP_PKEY *pkey)
1404 static int pkey_custom_pub_check(EVP_PKEY *pkey)
1409 static int pkey_custom_param_check(EVP_PKEY *pkey)
1414 static EVP_PKEY_METHOD *custom_pmeth;
1417 static int test_EVP_PKEY_check(int i)
1420 const unsigned char *p;
1421 EVP_PKEY *pkey = NULL;
1422 #ifndef OPENSSL_NO_EC
1423 EC_KEY *eckey = NULL;
1425 EVP_PKEY_CTX *ctx = NULL;
1426 #ifndef OPENSSL_NO_DEPRECATED_3_0
1427 EVP_PKEY_CTX *ctx2 = NULL;
1429 const APK_DATA *ak = &keycheckdata[i];
1430 const unsigned char *input = ak->kder;
1431 size_t input_len = ak->size;
1432 int expected_id = ak->evptype;
1433 int expected_check = ak->check;
1434 int expected_pub_check = ak->pub_check;
1435 int expected_param_check = ak->param_check;
1436 int type = ak->type;
1443 if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len))
1444 || !TEST_ptr_eq(p, input + input_len)
1445 || !TEST_int_eq(EVP_PKEY_id(pkey), expected_id))
1448 #ifndef OPENSSL_NO_EC
1450 if (!TEST_ptr(pubkey = BIO_new_mem_buf(input, input_len))
1451 || !TEST_ptr(eckey = d2i_EC_PUBKEY_bio(pubkey, NULL))
1452 || !TEST_ptr(pkey = EVP_PKEY_new())
1453 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
1457 if (!TEST_ptr(eckey = d2i_ECParameters(NULL, &p, input_len))
1458 || !TEST_ptr_eq(p, input + input_len)
1459 || !TEST_ptr(pkey = EVP_PKEY_new())
1460 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
1468 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new(pkey, NULL)))
1471 if (!TEST_int_eq(EVP_PKEY_check(ctx), expected_check))
1474 if (!TEST_int_eq(EVP_PKEY_public_check(ctx), expected_pub_check))
1477 if (!TEST_int_eq(EVP_PKEY_param_check(ctx), expected_param_check))
1480 #ifndef OPENSSL_NO_DEPRECATED_3_0
1481 ctx2 = EVP_PKEY_CTX_new_id(0xdefaced, NULL);
1482 /* assign the pkey directly, as an internal test */
1483 EVP_PKEY_up_ref(pkey);
1486 if (!TEST_int_eq(EVP_PKEY_check(ctx2), 0xbeef))
1489 if (!TEST_int_eq(EVP_PKEY_public_check(ctx2), 0xbeef))
1492 if (!TEST_int_eq(EVP_PKEY_param_check(ctx2), 0xbeef))
1499 EVP_PKEY_CTX_free(ctx);
1500 #ifndef OPENSSL_NO_DEPRECATED_3_0
1501 EVP_PKEY_CTX_free(ctx2);
1503 EVP_PKEY_free(pkey);
1508 #ifndef OPENSSL_NO_CMAC
1509 static int get_cmac_val(EVP_PKEY *pkey, unsigned char *mac)
1511 EVP_MD_CTX *mdctx = EVP_MD_CTX_new();
1512 const char msg[] = "Hello World";
1516 if (!TEST_ptr(mdctx)
1517 || !TEST_true(EVP_DigestSignInit(mdctx, NULL, NULL, NULL, pkey))
1518 || !TEST_true(EVP_DigestSignUpdate(mdctx, msg, sizeof(msg)))
1519 || !TEST_true(EVP_DigestSignFinal(mdctx, mac, &maclen))
1520 || !TEST_size_t_eq(maclen, AES_BLOCK_SIZE))
1523 EVP_MD_CTX_free(mdctx);
1527 static int test_CMAC_keygen(void)
1529 static unsigned char key[] = {
1530 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
1531 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
1532 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
1535 * This is a legacy method for CMACs, but should still work.
1536 * This verifies that it works without an ENGINE.
1538 EVP_PKEY_CTX *kctx = EVP_PKEY_CTX_new_id(EVP_PKEY_CMAC, NULL);
1540 EVP_PKEY *pkey = NULL;
1541 unsigned char mac[AES_BLOCK_SIZE], mac2[AES_BLOCK_SIZE];
1543 /* Test a CMAC key created using the "generated" method */
1544 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0)
1545 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
1546 EVP_PKEY_CTRL_CIPHER,
1547 0, (void *)EVP_aes_256_ecb()), 0)
1548 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
1549 EVP_PKEY_CTRL_SET_MAC_KEY,
1550 sizeof(key), (void *)key), 0)
1551 || !TEST_int_gt(EVP_PKEY_keygen(kctx, &pkey), 0)
1553 || !TEST_true(get_cmac_val(pkey, mac)))
1556 EVP_PKEY_free(pkey);
1559 * Test a CMAC key using the direct method, and compare with the mac
1562 pkey = EVP_PKEY_new_CMAC_key(NULL, key, sizeof(key), EVP_aes_256_ecb());
1564 || !TEST_true(get_cmac_val(pkey, mac2))
1565 || !TEST_mem_eq(mac, sizeof(mac), mac2, sizeof(mac2)))
1571 EVP_PKEY_free(pkey);
1572 EVP_PKEY_CTX_free(kctx);
1577 static int test_HKDF(void)
1580 unsigned char out[20];
1583 unsigned char salt[] = "0123456789";
1584 unsigned char key[] = "012345678901234567890123456789";
1585 unsigned char info[] = "infostring";
1586 const unsigned char expected[] = {
1587 0xe5, 0x07, 0x70, 0x7f, 0xc6, 0x78, 0xd6, 0x54, 0x32, 0x5f, 0x7e, 0xc5,
1588 0x7b, 0x59, 0x3e, 0xd8, 0x03, 0x6b, 0xed, 0xca
1590 size_t expectedlen = sizeof(expected);
1592 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL)))
1595 /* We do this twice to test reuse of the EVP_PKEY_CTX */
1596 for (i = 0; i < 2; i++) {
1597 outlen = sizeof(out);
1598 memset(out, 0, outlen);
1600 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
1601 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
1602 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
1603 sizeof(salt) - 1), 0)
1604 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
1605 sizeof(key) - 1), 0)
1606 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
1607 sizeof(info) - 1), 0)
1608 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
1609 || !TEST_mem_eq(out, outlen, expected, expectedlen))
1616 EVP_PKEY_CTX_free(pctx);
1621 static int test_emptyikm_HKDF(void)
1624 unsigned char out[20];
1627 unsigned char salt[] = "9876543210";
1628 unsigned char key[] = "";
1629 unsigned char info[] = "stringinfo";
1630 const unsigned char expected[] = {
1631 0x68, 0x81, 0xa5, 0x3e, 0x5b, 0x9c, 0x7b, 0x6f, 0x2e, 0xec, 0xc8, 0x47,
1632 0x7c, 0xfa, 0x47, 0x35, 0x66, 0x82, 0x15, 0x30
1634 size_t expectedlen = sizeof(expected);
1636 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL)))
1639 outlen = sizeof(out);
1640 memset(out, 0, outlen);
1642 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
1643 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
1644 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
1645 sizeof(salt) - 1), 0)
1646 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
1647 sizeof(key) - 1), 0)
1648 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
1649 sizeof(info) - 1), 0)
1650 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
1651 || !TEST_mem_eq(out, outlen, expected, expectedlen))
1657 EVP_PKEY_CTX_free(pctx);
1662 #ifndef OPENSSL_NO_EC
1663 static int test_X509_PUBKEY_inplace(void)
1666 X509_PUBKEY *xp = NULL;
1667 const unsigned char *p = kExampleECPubKeyDER;
1668 size_t input_len = sizeof(kExampleECPubKeyDER);
1670 if (!TEST_ptr(xp = d2i_X509_PUBKEY(NULL, &p, input_len)))
1673 if (!TEST_ptr(X509_PUBKEY_get0(xp)))
1676 p = kExampleBadECPubKeyDER;
1677 input_len = sizeof(kExampleBadECPubKeyDER);
1679 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len)))
1682 if (!TEST_true(X509_PUBKEY_get0(xp) == NULL))
1688 X509_PUBKEY_free(xp);
1691 #endif /* OPENSSL_NO_EC */
1693 /* Test getting and setting parameters on an EVP_PKEY_CTX */
1694 static int test_EVP_PKEY_CTX_get_set_params(EVP_PKEY *pkey)
1696 EVP_MD_CTX *mdctx = NULL;
1697 EVP_PKEY_CTX *ctx = NULL;
1698 const OSSL_PARAM *params;
1699 OSSL_PARAM ourparams[2], *param = ourparams, *param_md;
1702 char mdname[OSSL_MAX_NAME_SIZE];
1705 /* Initialise a sign operation */
1706 ctx = EVP_PKEY_CTX_new(pkey, NULL);
1708 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0))
1712 * We should be able to query the parameters now.
1714 params = EVP_PKEY_CTX_settable_params(ctx);
1715 if (!TEST_ptr(params)
1716 || !TEST_ptr(OSSL_PARAM_locate_const(params,
1717 OSSL_SIGNATURE_PARAM_DIGEST)))
1720 params = EVP_PKEY_CTX_gettable_params(ctx);
1721 if (!TEST_ptr(params)
1722 || !TEST_ptr(OSSL_PARAM_locate_const(params,
1723 OSSL_SIGNATURE_PARAM_ALGORITHM_ID))
1724 || !TEST_ptr(OSSL_PARAM_locate_const(params,
1725 OSSL_SIGNATURE_PARAM_DIGEST)))
1729 * Test getting and setting params via EVP_PKEY_CTX_set_params() and
1730 * EVP_PKEY_CTX_get_params()
1732 strcpy(mdname, "SHA512");
1734 *param++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
1736 *param++ = OSSL_PARAM_construct_end();
1738 if (!TEST_true(EVP_PKEY_CTX_set_params(ctx, ourparams)))
1742 *param_md = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
1743 mdname, sizeof(mdname));
1744 if (!TEST_true(EVP_PKEY_CTX_get_params(ctx, ourparams))
1745 || !TEST_str_eq(mdname, "SHA512"))
1749 * Test the TEST_PKEY_CTX_set_signature_md() and
1750 * TEST_PKEY_CTX_get_signature_md() functions
1752 if (!TEST_int_gt(EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()), 0)
1753 || !TEST_int_gt(EVP_PKEY_CTX_get_signature_md(ctx, &md), 0)
1754 || !TEST_ptr_eq(md, EVP_sha256()))
1758 * Test getting MD parameters via an associated EVP_PKEY_CTX
1760 mdctx = EVP_MD_CTX_new();
1761 if (!TEST_ptr(mdctx)
1762 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, "SHA1", NULL, NULL,
1767 * We now have an EVP_MD_CTX with an EVP_PKEY_CTX inside it. We should be
1768 * able to obtain the digest's settable parameters from the provider.
1770 params = EVP_MD_CTX_settable_params(mdctx);
1771 if (!TEST_ptr(params)
1772 || !TEST_int_eq(strcmp(params[0].key, OSSL_DIGEST_PARAM_SSL3_MS), 0)
1773 /* The final key should be NULL */
1774 || !TEST_ptr_null(params[1].key))
1778 memset(ssl3ms, 0, sizeof(ssl3ms));
1779 *param++ = OSSL_PARAM_construct_octet_string(OSSL_DIGEST_PARAM_SSL3_MS,
1780 ssl3ms, sizeof(ssl3ms));
1781 *param++ = OSSL_PARAM_construct_end();
1783 if (!TEST_true(EVP_MD_CTX_set_params(mdctx, ourparams)))
1789 EVP_MD_CTX_free(mdctx);
1790 EVP_PKEY_CTX_free(ctx);
1795 #ifndef OPENSSL_NO_DSA
1796 static int test_DSA_get_set_params(void)
1798 OSSL_PARAM_BLD *bld = NULL;
1799 OSSL_PARAM *params = NULL;
1800 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
1801 EVP_PKEY_CTX *pctx = NULL;
1802 EVP_PKEY *pkey = NULL;
1806 * Setup the parameters for our DSA object. For our purposes they don't
1807 * have to actually be *valid* parameters. We just need to set something.
1809 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "DSA", NULL))
1810 || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
1811 || !TEST_ptr(p = BN_new())
1812 || !TEST_ptr(q = BN_new())
1813 || !TEST_ptr(g = BN_new())
1814 || !TEST_ptr(pub = BN_new())
1815 || !TEST_ptr(priv = BN_new()))
1817 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
1818 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
1819 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
1820 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
1822 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
1825 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
1828 if (!TEST_int_gt(EVP_PKEY_key_fromdata_init(pctx), 0)
1829 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, params), 0))
1832 if (!TEST_ptr(pkey))
1835 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
1838 EVP_PKEY_free(pkey);
1839 EVP_PKEY_CTX_free(pctx);
1840 OSSL_PARAM_BLD_free_params(params);
1841 OSSL_PARAM_BLD_free(bld);
1852 * Test combinations of private, public, missing and private + public key
1853 * params to ensure they are all accepted
1855 static int test_DSA_priv_pub(void)
1857 return test_EVP_PKEY_ffc_priv_pub("DSA");
1860 #endif /* !OPENSSL_NO_DSA */
1862 static int test_RSA_get_set_params(void)
1864 OSSL_PARAM_BLD *bld = NULL;
1865 OSSL_PARAM *params = NULL;
1866 BIGNUM *n = NULL, *e = NULL, *d = NULL;
1867 EVP_PKEY_CTX *pctx = NULL;
1868 EVP_PKEY *pkey = NULL;
1872 * Setup the parameters for our RSA object. For our purposes they don't
1873 * have to actually be *valid* parameters. We just need to set something.
1875 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA", NULL))
1876 || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
1877 || !TEST_ptr(n = BN_new())
1878 || !TEST_ptr(e = BN_new())
1879 || !TEST_ptr(d = BN_new()))
1881 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_N, n))
1882 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_E, e))
1883 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_D, d)))
1885 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
1888 if (!TEST_int_gt(EVP_PKEY_key_fromdata_init(pctx), 0)
1889 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, params), 0))
1892 if (!TEST_ptr(pkey))
1895 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
1898 EVP_PKEY_free(pkey);
1899 EVP_PKEY_CTX_free(pctx);
1900 OSSL_PARAM_BLD_free_params(params);
1901 OSSL_PARAM_BLD_free(bld);
1909 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
1910 static int test_decrypt_null_chunks(void)
1912 EVP_CIPHER_CTX* ctx = NULL;
1913 const unsigned char key[32] = {
1914 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
1915 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
1916 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1
1918 unsigned char iv[12] = {
1919 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b
1921 unsigned char msg[] = "It was the best of times, it was the worst of times";
1922 unsigned char ciphertext[80];
1923 unsigned char plaintext[80];
1924 /* We initialise tmp to a non zero value on purpose */
1925 int ctlen, ptlen, tmp = 99;
1927 const int enc_offset = 10, dec_offset = 20;
1929 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
1930 || !TEST_true(EVP_EncryptInit_ex(ctx, EVP_chacha20_poly1305(), NULL,
1932 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &ctlen, msg,
1934 /* Deliberate add a zero length update */
1935 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp, NULL,
1937 || !TEST_int_eq(tmp, 0)
1938 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp,
1940 sizeof(msg) - enc_offset))
1941 || !TEST_int_eq(ctlen += tmp, sizeof(msg))
1942 || !TEST_true(EVP_EncryptFinal(ctx, ciphertext + ctlen, &tmp))
1943 || !TEST_int_eq(tmp, 0))
1946 /* Deliberately initialise tmp to a non zero value */
1948 if (!TEST_true(EVP_DecryptInit_ex(ctx, EVP_chacha20_poly1305(), NULL, key,
1950 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext, &ptlen, ciphertext,
1953 * Deliberately add a zero length update. We also deliberately do
1954 * this at a different offset than for encryption.
1956 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp, NULL,
1958 || !TEST_int_eq(tmp, 0)
1959 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp,
1960 ciphertext + dec_offset,
1961 ctlen - dec_offset))
1962 || !TEST_int_eq(ptlen += tmp, sizeof(msg))
1963 || !TEST_true(EVP_DecryptFinal(ctx, plaintext + ptlen, &tmp))
1964 || !TEST_int_eq(tmp, 0)
1965 || !TEST_mem_eq(msg, sizeof(msg), plaintext, ptlen))
1970 EVP_CIPHER_CTX_free(ctx);
1973 #endif /* !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) */
1975 #ifndef OPENSSL_NO_DH
1977 * Test combinations of private, public, missing and private + public key
1978 * params to ensure they are all accepted
1980 static int test_DH_priv_pub(void)
1982 return test_EVP_PKEY_ffc_priv_pub("DH");
1985 # ifndef OPENSSL_NO_DEPRECATED_3_0
1986 static int test_EVP_PKEY_set1_DH(void)
1988 DH *x942dh = NULL, *noqdh = NULL;
1989 EVP_PKEY *pkey1 = NULL, *pkey2 = NULL;
1991 BIGNUM *p, *g = NULL;
1993 if (!TEST_ptr(p = BN_new())
1994 || !TEST_ptr(g = BN_new())
1995 || !BN_set_word(p, 9999)
1996 || !BN_set_word(g, 2)
1997 || !TEST_ptr(noqdh = DH_new())
1998 || !DH_set0_pqg(noqdh, p, NULL, g))
2002 x942dh = DH_get_2048_256();
2003 pkey1 = EVP_PKEY_new();
2004 pkey2 = EVP_PKEY_new();
2005 if (!TEST_ptr(x942dh)
2008 || !TEST_ptr(pkey2))
2011 if(!TEST_true(EVP_PKEY_set1_DH(pkey1, x942dh))
2012 || !TEST_int_eq(EVP_PKEY_id(pkey1), EVP_PKEY_DHX))
2015 if(!TEST_true(EVP_PKEY_set1_DH(pkey2, noqdh))
2016 || !TEST_int_eq(EVP_PKEY_id(pkey2), EVP_PKEY_DH))
2023 EVP_PKEY_free(pkey1);
2024 EVP_PKEY_free(pkey2);
2030 # endif /* !OPENSSL_NO_DEPRECATED_3_0 */
2031 #endif /* !OPENSSL_NO_DH */
2034 * We test what happens with an empty template. For the sake of this test,
2035 * the template must be ignored, and we know that's the case for RSA keys
2036 * (this might arguably be a misfeature, but that's what we currently do,
2037 * even in provider code, since that's how the legacy RSA implementation
2040 static int test_keygen_with_empty_template(int n)
2042 EVP_PKEY_CTX *ctx = NULL;
2043 EVP_PKEY *pkey = NULL;
2044 EVP_PKEY *tkey = NULL;
2049 /* We do test with no template at all as well */
2050 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL)))
2054 /* Here we create an empty RSA key that serves as our template */
2055 if (!TEST_ptr(tkey = EVP_PKEY_new())
2056 || !TEST_true(EVP_PKEY_set_type(tkey, EVP_PKEY_RSA))
2057 || !TEST_ptr(ctx = EVP_PKEY_CTX_new(tkey, NULL)))
2062 if (!TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
2063 || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0))
2068 EVP_PKEY_CTX_free(ctx);
2069 EVP_PKEY_free(pkey);
2070 EVP_PKEY_free(tkey);
2075 * Test that we fail if we attempt to use an algorithm that is not available
2076 * in the current library context (unless we are using an algorithm that
2077 * should be made available via legacy codepaths).
2082 static int test_pkey_ctx_fail_without_provider(int tst)
2084 OSSL_LIB_CTX *tmpctx = OSSL_LIB_CTX_new();
2085 OSSL_PROVIDER *nullprov = NULL;
2086 EVP_PKEY_CTX *pctx = NULL;
2087 const char *keytype = NULL;
2088 int expect_null = 0;
2091 if (!TEST_ptr(tmpctx))
2094 nullprov = OSSL_PROVIDER_load(tmpctx, "null");
2095 if (!TEST_ptr(nullprov))
2099 * We check for certain algos in the null provider.
2100 * If an algo is expected to have a provider keymgmt, contructing an
2101 * EVP_PKEY_CTX is expected to fail (return NULL).
2102 * Otherwise, if it's expected to have legacy support, contructing an
2103 * EVP_PKEY_CTX is expected to succeed (return non-NULL).
2113 #ifdef OPENSSL_NO_EC
2114 TEST_info("EC disable, skipping SM2 check...");
2117 #ifdef OPENSSL_NO_SM2
2118 TEST_info("SM2 disable, skipping SM2 check...");
2123 TEST_error("No test for case %d", tst);
2127 pctx = EVP_PKEY_CTX_new_from_name(tmpctx, keytype, "");
2128 if (expect_null ? !TEST_ptr_null(pctx) : !TEST_ptr(pctx))
2131 #if defined(OPENSSL_NO_EC) || defined(OPENSSL_NO_SM2)
2137 EVP_PKEY_CTX_free(pctx);
2138 OSSL_PROVIDER_unload(nullprov);
2139 OSSL_LIB_CTX_free(tmpctx);
2143 static int test_rand_agglomeration(void)
2147 OSSL_PARAM params[3], *p = params;
2149 unsigned int step = 7;
2150 static unsigned char seed[] = "It does not matter how slowly you go "
2151 "as long as you do not stop.";
2152 unsigned char out[sizeof(seed)];
2154 if (!TEST_int_ne(sizeof(seed) % step, 0)
2155 || !TEST_ptr(rand = EVP_RAND_fetch(NULL, "TEST-RAND", NULL)))
2157 ctx = EVP_RAND_CTX_new(rand, NULL);
2158 EVP_RAND_free(rand);
2162 memset(out, 0, sizeof(out));
2163 *p++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY,
2164 seed, sizeof(seed));
2165 *p++ = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_MAX_REQUEST, &step);
2166 *p = OSSL_PARAM_construct_end();
2167 res = TEST_true(EVP_RAND_set_ctx_params(ctx, params))
2168 && TEST_true(EVP_RAND_generate(ctx, out, sizeof(out), 0, 1, NULL, 0))
2169 && TEST_mem_eq(seed, sizeof(seed), out, sizeof(out));
2170 EVP_RAND_CTX_free(ctx);
2175 * Test that we correctly return the original or "running" IV after
2176 * an encryption operation.
2177 * Run multiple times for some different relevant algorithms/modes.
2179 static int test_evp_iv(int idx)
2182 EVP_CIPHER_CTX *ctx = NULL;
2183 unsigned char key[16] = {0x4c, 0x43, 0xdb, 0xdd, 0x42, 0x73, 0x47, 0xd1,
2184 0xe5, 0x62, 0x7d, 0xcd, 0x4d, 0x76, 0x4d, 0x57};
2185 unsigned char init_iv[EVP_MAX_IV_LENGTH] =
2186 {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82,
2187 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34};
2188 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8,
2189 9, 10, 11, 12, 13, 14, 15, 16 };
2190 unsigned char ciphertext[32], oiv[16], iv[16];
2191 unsigned char *ref_iv;
2192 unsigned char cbc_state[16] = {0x10, 0x2f, 0x05, 0xcc, 0xc2, 0x55, 0x72, 0xb9,
2193 0x88, 0xe6, 0x4a, 0x17, 0x10, 0x74, 0x22, 0x5e};
2195 unsigned char ofb_state[16] = {0x76, 0xe6, 0x66, 0x61, 0xd0, 0x8a, 0xe4, 0x64,
2196 0xdd, 0x66, 0xbf, 0x00, 0xf0, 0xe3, 0x6f, 0xfd};
2197 unsigned char gcm_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
2198 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
2199 unsigned char ccm_state[7] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98};
2200 #ifndef OPENSSL_NO_OCB
2201 unsigned char ocb_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
2202 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
2204 int len = sizeof(ciphertext);
2205 size_t ivlen, ref_len;
2206 const EVP_CIPHER *type = NULL;
2210 type = EVP_aes_128_cbc();
2213 type = (type != NULL) ? type :
2214 EVP_CIPHER_fetch(testctx, "aes-128-cbc", NULL);
2216 ref_len = sizeof(cbc_state);
2219 type = EVP_aes_128_ofb();
2222 type = (type != NULL) ? type :
2223 EVP_CIPHER_fetch(testctx, "aes-128-ofb", NULL);
2225 ref_len = sizeof(ofb_state);
2228 type = EVP_aes_128_gcm();
2231 type = (type != NULL) ? type :
2232 EVP_CIPHER_fetch(testctx, "aes-128-gcm", NULL);
2234 ref_len = sizeof(gcm_state);
2237 type = EVP_aes_128_ccm();
2240 type = (type != NULL) ? type :
2241 EVP_CIPHER_fetch(testctx, "aes-128-ccm", NULL);
2243 ref_len = sizeof(ccm_state);
2245 #ifdef OPENSSL_NO_OCB
2251 type = EVP_aes_128_ocb();
2254 type = (type != NULL) ? type :
2255 EVP_CIPHER_fetch(testctx, "aes-128-ocb", NULL);
2257 ref_len = sizeof(ocb_state);
2265 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new()))
2266 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv))
2267 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg,
2269 || !TEST_true(EVP_CIPHER_CTX_get_iv(ctx, oiv, sizeof(oiv)))
2270 || !TEST_true(EVP_CIPHER_CTX_get_iv_state(ctx, iv, sizeof(iv)))
2271 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len)))
2273 ivlen = EVP_CIPHER_CTX_iv_length(ctx);
2274 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen)
2275 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen))
2280 EVP_CIPHER_CTX_free(ctx);
2282 EVP_CIPHER_free((EVP_CIPHER *)type);
2286 int setup_tests(void)
2288 testctx = OSSL_LIB_CTX_new();
2290 if (!TEST_ptr(testctx))
2293 ADD_TEST(test_EVP_set_default_properties);
2294 ADD_ALL_TESTS(test_EVP_DigestSignInit, 9);
2295 ADD_TEST(test_EVP_DigestVerifyInit);
2296 ADD_TEST(test_EVP_Digest);
2297 ADD_TEST(test_EVP_Enveloped);
2298 ADD_ALL_TESTS(test_d2i_AutoPrivateKey, OSSL_NELEM(keydata));
2299 ADD_TEST(test_privatekey_to_pkcs8);
2300 #ifndef OPENSSL_NO_EC
2301 ADD_TEST(test_EVP_PKCS82PKEY);
2303 #ifndef OPENSSL_NO_EC
2304 ADD_ALL_TESTS(test_EC_keygen_with_enc, OSSL_NELEM(ec_encodings));
2306 #if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
2307 ADD_TEST(test_EVP_SM2);
2308 ADD_TEST(test_EVP_SM2_verify);
2310 ADD_ALL_TESTS(test_set_get_raw_keys, OSSL_NELEM(keys));
2311 #ifndef OPENSSL_NO_DEPRECATED_3_0
2312 custom_pmeth = EVP_PKEY_meth_new(0xdefaced, 0);
2313 if (!TEST_ptr(custom_pmeth))
2315 EVP_PKEY_meth_set_check(custom_pmeth, pkey_custom_check);
2316 EVP_PKEY_meth_set_public_check(custom_pmeth, pkey_custom_pub_check);
2317 EVP_PKEY_meth_set_param_check(custom_pmeth, pkey_custom_param_check);
2318 if (!TEST_int_eq(EVP_PKEY_meth_add0(custom_pmeth), 1))
2321 ADD_ALL_TESTS(test_EVP_PKEY_check, OSSL_NELEM(keycheckdata));
2322 #ifndef OPENSSL_NO_CMAC
2323 ADD_TEST(test_CMAC_keygen);
2325 ADD_TEST(test_HKDF);
2326 ADD_TEST(test_emptyikm_HKDF);
2327 #ifndef OPENSSL_NO_EC
2328 ADD_TEST(test_X509_PUBKEY_inplace);
2329 ADD_ALL_TESTS(test_invalide_ec_char2_pub_range_decode,
2330 OSSL_NELEM(ec_der_pub_keys));
2332 #ifndef OPENSSL_NO_DSA
2333 ADD_TEST(test_DSA_get_set_params);
2334 ADD_TEST(test_DSA_priv_pub);
2336 ADD_TEST(test_RSA_get_set_params);
2337 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
2338 ADD_TEST(test_decrypt_null_chunks);
2340 #ifndef OPENSSL_NO_DH
2341 ADD_TEST(test_DH_priv_pub);
2342 # ifndef OPENSSL_NO_DEPRECATED_3_0
2343 ADD_TEST(test_EVP_PKEY_set1_DH);
2346 ADD_ALL_TESTS(test_keygen_with_empty_template, 2);
2347 ADD_ALL_TESTS(test_pkey_ctx_fail_without_provider, 2);
2349 ADD_TEST(test_rand_agglomeration);
2350 ADD_ALL_TESTS(test_evp_iv, 10);
2355 void cleanup_tests(void)
2357 OSSL_LIB_CTX_free(testctx);