2 * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
13 #include <openssl/bio.h>
14 #include <openssl/conf.h>
15 #include <openssl/crypto.h>
16 #include <openssl/err.h>
17 #include <openssl/evp.h>
18 #include <openssl/rsa.h>
19 #include <openssl/x509.h>
20 #include <openssl/pem.h>
21 #include <openssl/kdf.h>
22 #include <openssl/provider.h>
23 #include <openssl/core_names.h>
24 #include <openssl/dsa.h>
25 #include <openssl/dh.h>
27 #include "internal/nelem.h"
28 #include "crypto/evp.h"
31 * kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you
32 * should never use this key anywhere but in an example.
34 static const unsigned char kExampleRSAKeyDER[] = {
35 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xf8,
36 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59,
37 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37,
38 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71,
39 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a,
40 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4,
41 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec,
42 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76,
43 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8,
44 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7,
45 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c,
46 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01,
47 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 0x6d, 0xc7,
48 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 0x32, 0x85,
49 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 0x5f, 0xee,
50 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 0x66, 0x85,
51 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 0xa4, 0x0a,
52 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 0xc2, 0x15,
53 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 0x5b, 0x83,
54 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 0x80, 0x1b,
55 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 0x99, 0x73,
56 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 0x1f, 0x99,
57 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 0xb1, 0x02,
58 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 0x40, 0x41,
59 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 0x3d, 0x59,
60 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 0xc6, 0xd9,
61 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 0x9f, 0xef,
62 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 0x46, 0x87,
63 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 0x2c, 0xdf,
64 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 0x55, 0xf5,
65 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 0xcd, 0xb5,
66 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 0xb3, 0x62,
67 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 0x9b, 0x64,
68 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 0xfa, 0xb8,
69 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 0xe8, 0xba,
70 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 0xe7, 0xfe,
71 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 0x75, 0xe7,
72 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 0x9d, 0xfe,
73 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 0xf1, 0xdb,
74 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 0x5a, 0x34,
75 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 0x84, 0x27,
76 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 0xe9, 0xc0,
77 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 0xb9, 0xba,
78 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 0x10, 0x06,
79 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 0x52, 0x2c,
80 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 0xc4, 0x1e,
81 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 0x49, 0xaf,
82 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 0xd1, 0x8a,
83 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 0x17, 0x17,
84 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 0x08, 0xf1,
85 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
89 * kExampleDSAKeyDER is a DSA private key in ASN.1, DER format. Of course, you
90 * should never use this key anywhere but in an example.
92 #ifndef OPENSSL_NO_DSA
93 static const unsigned char kExampleDSAKeyDER[] = {
94 0x30, 0x82, 0x01, 0xba, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0x9a,
95 0x05, 0x6d, 0x33, 0xcd, 0x5d, 0x78, 0xa1, 0xbb, 0xcb, 0x7d, 0x5b, 0x8d,
96 0xb4, 0xcc, 0xbf, 0x03, 0x99, 0x64, 0xde, 0x38, 0x78, 0x06, 0x15, 0x2f,
97 0x86, 0x26, 0x77, 0xf3, 0xb1, 0x85, 0x00, 0xed, 0xfc, 0x28, 0x3a, 0x42,
98 0x4d, 0xab, 0xab, 0xdf, 0xbc, 0x9c, 0x16, 0xd0, 0x22, 0x50, 0xd1, 0x38,
99 0xdd, 0x3f, 0x64, 0x05, 0x9e, 0x68, 0x7a, 0x1e, 0xf1, 0x56, 0xbf, 0x1e,
100 0x2c, 0xc5, 0x97, 0x2a, 0xfe, 0x7a, 0x22, 0xdc, 0x6c, 0x68, 0xb8, 0x2e,
101 0x06, 0xdb, 0x41, 0xca, 0x98, 0xd8, 0x54, 0xc7, 0x64, 0x48, 0x24, 0x04,
102 0x20, 0xbc, 0x59, 0xe3, 0x6b, 0xea, 0x7e, 0xfc, 0x7e, 0xc5, 0x4e, 0xd4,
103 0xd8, 0x3a, 0xed, 0xcd, 0x5d, 0x99, 0xb8, 0x5c, 0xa2, 0x8b, 0xbb, 0x0b,
104 0xac, 0xe6, 0x8e, 0x25, 0x56, 0x22, 0x3a, 0x2d, 0x3a, 0x56, 0x41, 0x14,
105 0x1f, 0x1c, 0x8f, 0x53, 0x46, 0x13, 0x85, 0x02, 0x15, 0x00, 0x98, 0x7e,
106 0x92, 0x81, 0x88, 0xc7, 0x3f, 0x70, 0x49, 0x54, 0xf6, 0x76, 0xb4, 0xa3,
107 0x9e, 0x1d, 0x45, 0x98, 0x32, 0x7f, 0x02, 0x81, 0x80, 0x69, 0x4d, 0xef,
108 0x55, 0xff, 0x4d, 0x59, 0x2c, 0x01, 0xfa, 0x6a, 0x38, 0xe0, 0x70, 0x9f,
109 0x9e, 0x66, 0x8e, 0x3e, 0x8c, 0x52, 0x22, 0x9d, 0x15, 0x7e, 0x3c, 0xef,
110 0x4c, 0x7a, 0x61, 0x26, 0xe0, 0x2b, 0x81, 0x3f, 0xeb, 0xaf, 0x35, 0x38,
111 0x8d, 0xfe, 0xed, 0x46, 0xff, 0x5f, 0x03, 0x9b, 0x81, 0x92, 0xe7, 0x6f,
112 0x76, 0x4f, 0x1d, 0xd9, 0xbb, 0x89, 0xc9, 0x3e, 0xd9, 0x0b, 0xf9, 0xf4,
113 0x78, 0x11, 0x59, 0xc0, 0x1d, 0xcd, 0x0e, 0xa1, 0x6f, 0x15, 0xf1, 0x4d,
114 0xc1, 0xc9, 0x22, 0xed, 0x8d, 0xad, 0x67, 0xc5, 0x4b, 0x95, 0x93, 0x86,
115 0xa6, 0xaf, 0x8a, 0xee, 0x06, 0x89, 0x2f, 0x37, 0x7e, 0x64, 0xaa, 0xf6,
116 0xe7, 0xb1, 0x5a, 0x0a, 0x93, 0x95, 0x5d, 0x3e, 0x53, 0x9a, 0xde, 0x8a,
117 0xc2, 0x95, 0x45, 0x81, 0xbe, 0x5c, 0x2f, 0xc2, 0xb2, 0x92, 0x58, 0x19,
118 0x72, 0x80, 0xe9, 0x79, 0xa1, 0x02, 0x81, 0x80, 0x07, 0xd7, 0x62, 0xff,
119 0xdf, 0x1a, 0x3f, 0xed, 0x32, 0xd4, 0xd4, 0x88, 0x7b, 0x2c, 0x63, 0x7f,
120 0x97, 0xdc, 0x44, 0xd4, 0x84, 0xa2, 0xdd, 0x17, 0x16, 0x85, 0x13, 0xe0,
121 0xac, 0x51, 0x8d, 0x29, 0x1b, 0x75, 0x9a, 0xe4, 0xe3, 0x8a, 0x92, 0x69,
122 0x09, 0x03, 0xc5, 0x68, 0xae, 0x5e, 0x94, 0xfe, 0xc9, 0x92, 0x6c, 0x07,
123 0xb4, 0x1e, 0x64, 0x62, 0x87, 0xc6, 0xa4, 0xfd, 0x0d, 0x5f, 0xe5, 0xf9,
124 0x1b, 0x4f, 0x85, 0x5f, 0xae, 0xf3, 0x11, 0xe5, 0x18, 0xd4, 0x4d, 0x79,
125 0x9f, 0xc4, 0x79, 0x26, 0x04, 0x27, 0xf0, 0x0b, 0xee, 0x2b, 0x86, 0x9f,
126 0x86, 0x61, 0xe6, 0x51, 0xce, 0x04, 0x9b, 0x5d, 0x6b, 0x34, 0x43, 0x8c,
127 0x85, 0x3c, 0xf1, 0x51, 0x9b, 0x08, 0x23, 0x1b, 0xf5, 0x7e, 0x33, 0x12,
128 0xea, 0xab, 0x1f, 0xb7, 0x2d, 0xe2, 0x5f, 0xe6, 0x97, 0x99, 0xb5, 0x45,
129 0x16, 0x5b, 0xc3, 0x41, 0x02, 0x14, 0x61, 0xbf, 0x51, 0x60, 0xcf, 0xc8,
130 0xf1, 0x8c, 0x82, 0x97, 0xf2, 0xf4, 0x19, 0xba, 0x2b, 0xf3, 0x16, 0xbe,
136 * kExampleBadRSAKeyDER is an RSA private key in ASN.1, DER format. The private
137 * components are not correct.
139 static const unsigned char kExampleBadRSAKeyDER[] = {
140 0x30, 0x82, 0x04, 0x27, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00,
141 0xa6, 0x1a, 0x1e, 0x6e, 0x7b, 0xee, 0xc6, 0x89, 0x66, 0xe7, 0x93, 0xef,
142 0x54, 0x12, 0x68, 0xea, 0xbf, 0x86, 0x2f, 0xdd, 0xd2, 0x79, 0xb8, 0xa9,
143 0x6e, 0x03, 0xc2, 0xa3, 0xb9, 0xa3, 0xe1, 0x4b, 0x2a, 0xb3, 0xf8, 0xb4,
144 0xcd, 0xea, 0xbe, 0x24, 0xa6, 0x57, 0x5b, 0x83, 0x1f, 0x0f, 0xf2, 0xd3,
145 0xb7, 0xac, 0x7e, 0xd6, 0x8e, 0x6e, 0x1e, 0xbf, 0xb8, 0x73, 0x8c, 0x05,
146 0x56, 0xe6, 0x35, 0x1f, 0xe9, 0x04, 0x0b, 0x09, 0x86, 0x7d, 0xf1, 0x26,
147 0x08, 0x99, 0xad, 0x7b, 0xc8, 0x4d, 0x94, 0xb0, 0x0b, 0x8b, 0x38, 0xa0,
148 0x5c, 0x62, 0xa0, 0xab, 0xd3, 0x8f, 0xd4, 0x09, 0x60, 0x72, 0x1e, 0x33,
149 0x50, 0x80, 0x6e, 0x22, 0xa6, 0x77, 0x57, 0x6b, 0x9a, 0x33, 0x21, 0x66,
150 0x87, 0x6e, 0x21, 0x7b, 0xc7, 0x24, 0x0e, 0xd8, 0x13, 0xdf, 0x83, 0xde,
151 0xcd, 0x40, 0x58, 0x1d, 0x84, 0x86, 0xeb, 0xb8, 0x12, 0x4e, 0xd2, 0xfa,
152 0x80, 0x1f, 0xe4, 0xe7, 0x96, 0x29, 0xb8, 0xcc, 0xce, 0x66, 0x6d, 0x53,
153 0xca, 0xb9, 0x5a, 0xd7, 0xf6, 0x84, 0x6c, 0x2d, 0x9a, 0x1a, 0x14, 0x1c,
154 0x4e, 0x93, 0x39, 0xba, 0x74, 0xed, 0xed, 0x87, 0x87, 0x5e, 0x48, 0x75,
155 0x36, 0xf0, 0xbc, 0x34, 0xfb, 0x29, 0xf9, 0x9f, 0x96, 0x5b, 0x0b, 0xa7,
156 0x54, 0x30, 0x51, 0x29, 0x18, 0x5b, 0x7d, 0xac, 0x0f, 0xd6, 0x5f, 0x7c,
157 0xf8, 0x98, 0x8c, 0xd8, 0x86, 0x62, 0xb3, 0xdc, 0xff, 0x0f, 0xff, 0x7a,
158 0xaf, 0x5c, 0x4c, 0x61, 0x49, 0x2e, 0xc8, 0x95, 0x86, 0xc4, 0x0e, 0x87,
159 0xfc, 0x1d, 0xcf, 0x8b, 0x7c, 0x61, 0xf6, 0xd8, 0xd0, 0x69, 0xf6, 0xcd,
160 0x8a, 0x8c, 0xf6, 0x62, 0xa2, 0x56, 0xa9, 0xe3, 0xd1, 0xcf, 0x4d, 0xa0,
161 0xf6, 0x2d, 0x20, 0x0a, 0x04, 0xb7, 0xa2, 0xf7, 0xb5, 0x99, 0x47, 0x18,
162 0x56, 0x85, 0x87, 0xc7, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01,
163 0x01, 0x00, 0x99, 0x41, 0x38, 0x1a, 0xd0, 0x96, 0x7a, 0xf0, 0x83, 0xd5,
164 0xdf, 0x94, 0xce, 0x89, 0x3d, 0xec, 0x7a, 0x52, 0x21, 0x10, 0x16, 0x06,
165 0xe0, 0xee, 0xd2, 0xe6, 0xfd, 0x4b, 0x7b, 0x19, 0x4d, 0xe1, 0xc0, 0xc0,
166 0xd5, 0x14, 0x5d, 0x79, 0xdd, 0x7e, 0x8b, 0x4b, 0xc6, 0xcf, 0xb0, 0x75,
167 0x52, 0xa3, 0x2d, 0xb1, 0x26, 0x46, 0x68, 0x9c, 0x0a, 0x1a, 0xf2, 0xe1,
168 0x09, 0xac, 0x53, 0x85, 0x8c, 0x36, 0xa9, 0x14, 0x65, 0xea, 0xa0, 0x00,
169 0xcb, 0xe3, 0x3f, 0xc4, 0x2b, 0x61, 0x2e, 0x6b, 0x06, 0x69, 0x77, 0xfd,
170 0x38, 0x7e, 0x1d, 0x3f, 0x92, 0xe7, 0x77, 0x08, 0x19, 0xa7, 0x9d, 0x29,
171 0x2d, 0xdc, 0x42, 0xc6, 0x7c, 0xd7, 0xd3, 0xa8, 0x01, 0x2c, 0xf2, 0xd5,
172 0x82, 0x57, 0xcb, 0x55, 0x3d, 0xe7, 0xaa, 0xd2, 0x06, 0x30, 0x30, 0x05,
173 0xe6, 0xf2, 0x47, 0x86, 0xba, 0xc6, 0x61, 0x64, 0xeb, 0x4f, 0x2a, 0x5e,
174 0x07, 0x29, 0xe0, 0x96, 0xb2, 0x43, 0xff, 0x5f, 0x1a, 0x54, 0x16, 0xcf,
175 0xb5, 0x56, 0x5c, 0xa0, 0x9b, 0x0c, 0xfd, 0xb3, 0xd2, 0xe3, 0x79, 0x1d,
176 0x21, 0xe2, 0xd6, 0x13, 0xc4, 0x74, 0xa6, 0xf5, 0x8e, 0x8e, 0x81, 0xbb,
177 0xb4, 0xad, 0x8a, 0xf0, 0x93, 0x0a, 0xd8, 0x0a, 0x42, 0x36, 0xbc, 0xe5,
178 0x26, 0x2a, 0x0d, 0x5d, 0x57, 0x13, 0xc5, 0x4e, 0x2f, 0x12, 0x0e, 0xef,
179 0xa7, 0x81, 0x1e, 0xc3, 0xa5, 0xdb, 0xc9, 0x24, 0xeb, 0x1a, 0xa1, 0xf9,
180 0xf6, 0xa1, 0x78, 0x98, 0x93, 0x77, 0x42, 0x45, 0x03, 0xe2, 0xc9, 0xa2,
181 0xfe, 0x2d, 0x77, 0xc8, 0xc6, 0xac, 0x9b, 0x98, 0x89, 0x6d, 0x9a, 0xe7,
182 0x61, 0x63, 0xb7, 0xf2, 0xec, 0xd6, 0xb1, 0xa1, 0x6e, 0x0a, 0x1a, 0xff,
183 0xfd, 0x43, 0x28, 0xc3, 0x0c, 0xdc, 0xf2, 0x47, 0x4f, 0x27, 0xaa, 0x99,
184 0x04, 0x8e, 0xac, 0xe8, 0x7c, 0x01, 0x02, 0x04, 0x12, 0x34, 0x56, 0x78,
185 0x02, 0x81, 0x81, 0x00, 0xca, 0x69, 0xe5, 0xbb, 0x3a, 0x90, 0x82, 0xcb,
186 0x82, 0x50, 0x2f, 0x29, 0xe2, 0x76, 0x6a, 0x57, 0x55, 0x45, 0x4e, 0x35,
187 0x18, 0x61, 0xe0, 0x12, 0x70, 0xc0, 0xab, 0xc7, 0x80, 0xa2, 0xd4, 0x46,
188 0x34, 0x03, 0xa0, 0x19, 0x26, 0x23, 0x9e, 0xef, 0x1a, 0xcb, 0x75, 0xd6,
189 0xba, 0x81, 0xf4, 0x7e, 0x52, 0xe5, 0x2a, 0xe8, 0xf1, 0x49, 0x6c, 0x0f,
190 0x1a, 0xa0, 0xf9, 0xc6, 0xe7, 0xec, 0x60, 0xe4, 0xcb, 0x2a, 0xb5, 0x56,
191 0xe9, 0x9c, 0xcd, 0x19, 0x75, 0x92, 0xb1, 0x66, 0xce, 0xc3, 0xd9, 0x3d,
192 0x11, 0xcb, 0xc4, 0x09, 0xce, 0x1e, 0x30, 0xba, 0x2f, 0x60, 0x60, 0x55,
193 0x8d, 0x02, 0xdc, 0x5d, 0xaf, 0xf7, 0x52, 0x31, 0x17, 0x07, 0x53, 0x20,
194 0x33, 0xad, 0x8c, 0xd5, 0x2f, 0x5a, 0xd0, 0x57, 0xd7, 0xd1, 0x80, 0xd6,
195 0x3a, 0x9b, 0x04, 0x4f, 0x35, 0xbf, 0xe7, 0xd5, 0xbc, 0x8f, 0xd4, 0x81,
196 0x02, 0x81, 0x81, 0x00, 0xc0, 0x9f, 0xf8, 0xcd, 0xf7, 0x3f, 0x26, 0x8a,
197 0x3d, 0x4d, 0x2b, 0x0c, 0x01, 0xd0, 0xa2, 0xb4, 0x18, 0xfe, 0xf7, 0x5e,
198 0x2f, 0x06, 0x13, 0xcd, 0x63, 0xaa, 0x12, 0xa9, 0x24, 0x86, 0xe3, 0xf3,
199 0x7b, 0xda, 0x1a, 0x3c, 0xb1, 0x38, 0x80, 0x80, 0xef, 0x64, 0x64, 0xa1,
200 0x9b, 0xfe, 0x76, 0x63, 0x8e, 0x83, 0xd2, 0xd9, 0xb9, 0x86, 0xb0, 0xe6,
201 0xa6, 0x0c, 0x7e, 0xa8, 0x84, 0x90, 0x98, 0x0c, 0x1e, 0xf3, 0x14, 0x77,
202 0xe0, 0x5f, 0x81, 0x08, 0x11, 0x8f, 0xa6, 0x23, 0xc4, 0xba, 0xc0, 0x8a,
203 0xe4, 0xc6, 0xe3, 0x5c, 0xbe, 0xc5, 0xec, 0x2c, 0xb9, 0xd8, 0x8c, 0x4d,
204 0x1a, 0x9d, 0xe7, 0x7c, 0x85, 0x4c, 0x0d, 0x71, 0x4e, 0x72, 0x33, 0x1b,
205 0xfe, 0xa9, 0x17, 0x72, 0x76, 0x56, 0x9d, 0x74, 0x7e, 0x52, 0x67, 0x9a,
206 0x87, 0x9a, 0xdb, 0x30, 0xde, 0xe4, 0x49, 0x28, 0x3b, 0xd2, 0x67, 0xaf,
207 0x02, 0x81, 0x81, 0x00, 0x89, 0x74, 0x9a, 0x8e, 0xa7, 0xb9, 0xa5, 0x28,
208 0xc0, 0x68, 0xe5, 0x6e, 0x63, 0x1c, 0x99, 0x20, 0x8f, 0x86, 0x8e, 0x12,
209 0x9e, 0x69, 0x30, 0xfa, 0x34, 0xd9, 0x92, 0x8d, 0xdb, 0x7c, 0x37, 0xfd,
210 0x28, 0xab, 0x61, 0x98, 0x52, 0x7f, 0x14, 0x1a, 0x39, 0xae, 0xfb, 0x6a,
211 0x03, 0xa3, 0xe6, 0xbd, 0xb6, 0x5b, 0x6b, 0xe5, 0x5e, 0x9d, 0xc6, 0xa5,
212 0x07, 0x27, 0x54, 0x17, 0xd0, 0x3d, 0x84, 0x9b, 0x3a, 0xa0, 0xd9, 0x1e,
213 0x99, 0x6c, 0x63, 0x17, 0xab, 0xf1, 0x1f, 0x49, 0xba, 0x95, 0xe3, 0x3b,
214 0x86, 0x8f, 0x42, 0xa4, 0x89, 0xf5, 0x94, 0x8f, 0x8b, 0x46, 0xbe, 0x84,
215 0xba, 0x4a, 0xbc, 0x0d, 0x5f, 0x46, 0xeb, 0xe8, 0xec, 0x43, 0x8c, 0x1e,
216 0xad, 0x19, 0x69, 0x2f, 0x08, 0x86, 0x7a, 0x3f, 0x7d, 0x0f, 0x07, 0x97,
217 0xf3, 0x9a, 0x7b, 0xb5, 0xb2, 0xc1, 0x8c, 0x95, 0x68, 0x04, 0xa0, 0x81,
218 0x02, 0x81, 0x80, 0x4e, 0xbf, 0x7e, 0x1b, 0xcb, 0x13, 0x61, 0x75, 0x3b,
219 0xdb, 0x59, 0x5f, 0xb1, 0xd4, 0xb8, 0xeb, 0x9e, 0x73, 0xb5, 0xe7, 0xf6,
220 0x89, 0x3d, 0x1c, 0xda, 0xf0, 0x36, 0xff, 0x35, 0xbd, 0x1e, 0x0b, 0x74,
221 0xe3, 0x9e, 0xf0, 0xf2, 0xf7, 0xd7, 0x82, 0xb7, 0x7b, 0x6a, 0x1b, 0x0e,
222 0x30, 0x4a, 0x98, 0x0e, 0xb4, 0xf9, 0x81, 0x07, 0xe4, 0x75, 0x39, 0xe9,
223 0x53, 0xca, 0xbb, 0x5c, 0xaa, 0x93, 0x07, 0x0e, 0xa8, 0x2f, 0xba, 0x98,
224 0x49, 0x30, 0xa7, 0xcc, 0x1a, 0x3c, 0x68, 0x0c, 0xe1, 0xa4, 0xb1, 0x05,
225 0xe6, 0xe0, 0x25, 0x78, 0x58, 0x14, 0x37, 0xf5, 0x1f, 0xe3, 0x22, 0xef,
226 0xa8, 0x0e, 0x22, 0xa0, 0x94, 0x3a, 0xf6, 0xc9, 0x13, 0xe6, 0x06, 0xbf,
227 0x7f, 0x99, 0xc6, 0xcc, 0xd8, 0xc6, 0xbe, 0xd9, 0x2e, 0x24, 0xc7, 0x69,
228 0x8c, 0x95, 0xba, 0xf6, 0x04, 0xb3, 0x0a, 0xf4, 0xcb, 0xf0, 0xce,
231 static const unsigned char kMsg[] = { 1, 2, 3, 4 };
233 static const unsigned char kSignature[] = {
234 0xa5, 0xf0, 0x8a, 0x47, 0x5d, 0x3c, 0xb3, 0xcc, 0xa9, 0x79, 0xaf, 0x4d,
235 0x8c, 0xae, 0x4c, 0x14, 0xef, 0xc2, 0x0b, 0x34, 0x36, 0xde, 0xf4, 0x3e,
236 0x3d, 0xbb, 0x4a, 0x60, 0x5c, 0xc8, 0x91, 0x28, 0xda, 0xfb, 0x7e, 0x04,
237 0x96, 0x7e, 0x63, 0x13, 0x90, 0xce, 0xb9, 0xb4, 0x62, 0x7a, 0xfd, 0x09,
238 0x3d, 0xc7, 0x67, 0x78, 0x54, 0x04, 0xeb, 0x52, 0x62, 0x6e, 0x24, 0x67,
239 0xb4, 0x40, 0xfc, 0x57, 0x62, 0xc6, 0xf1, 0x67, 0xc1, 0x97, 0x8f, 0x6a,
240 0xa8, 0xae, 0x44, 0x46, 0x5e, 0xab, 0x67, 0x17, 0x53, 0x19, 0x3a, 0xda,
241 0x5a, 0xc8, 0x16, 0x3e, 0x86, 0xd5, 0xc5, 0x71, 0x2f, 0xfc, 0x23, 0x48,
242 0xd9, 0x0b, 0x13, 0xdd, 0x7b, 0x5a, 0x25, 0x79, 0xef, 0xa5, 0x7b, 0x04,
243 0xed, 0x44, 0xf6, 0x18, 0x55, 0xe4, 0x0a, 0xe9, 0x57, 0x79, 0x5d, 0xd7,
244 0x55, 0xa7, 0xab, 0x45, 0x02, 0x97, 0x60, 0x42,
248 * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS #8
251 static const unsigned char kExampleRSAKeyPKCS8[] = {
252 0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
253 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
254 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
255 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5,
256 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e,
257 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34,
258 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde,
259 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8,
260 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b,
261 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83,
262 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48,
263 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a,
264 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2,
265 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01,
266 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a,
267 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5,
268 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6,
269 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8,
270 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6,
271 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f,
272 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c,
273 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78,
274 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71,
275 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60,
276 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d,
277 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3,
278 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d,
279 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18,
280 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d,
281 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32,
282 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc,
283 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63,
284 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05,
285 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16,
286 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3,
287 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85,
288 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97,
289 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7,
290 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99,
291 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4,
292 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d,
293 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40,
294 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26,
295 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1,
296 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c,
297 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30,
298 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea,
299 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b,
300 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e,
301 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9,
302 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae,
303 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d,
304 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
307 #ifndef OPENSSL_NO_EC
309 * kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey
312 static const unsigned char kExampleECKeyDER[] = {
313 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x07, 0x0f, 0x08, 0x72, 0x7a,
314 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 0x4d, 0x89, 0x68, 0x77, 0x08,
315 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 0xe8, 0xd1, 0xc9, 0xce, 0x0a,
316 0x8b, 0xb4, 0x6a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
317 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69,
318 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c,
319 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9,
320 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18,
321 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16,
322 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22,
327 * kExampleBadECKeyDER is a sample EC private key encoded as an ECPrivateKey
328 * structure. The private key is equal to the order and will fail to import
330 static const unsigned char kExampleBadECKeyDER[] = {
331 0x30, 0x66, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48,
332 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03,
333 0x01, 0x07, 0x04, 0x4C, 0x30, 0x4A, 0x02, 0x01, 0x01, 0x04, 0x20, 0xFF,
334 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
335 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3,
336 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51, 0xA1, 0x23, 0x03, 0x21, 0x00,
337 0x00, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
338 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84,
339 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51
343 static const unsigned char kExampleECPubKeyDER[] = {
344 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
345 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
346 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
347 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
348 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
349 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
350 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
351 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
355 * kExampleBadECPubKeyDER is a sample EC public key with a wrong OID
356 * 1.2.840.10045.2.2 instead of 1.2.840.10045.2.1 - EC Public Key
358 static const unsigned char kExampleBadECPubKeyDER[] = {
359 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
360 0x02, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
361 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
362 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
363 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
364 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
365 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
366 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
369 static const unsigned char pExampleECParamDER[] = {
370 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07
374 typedef struct APK_DATA_st {
375 const unsigned char *kder;
381 int type; /* 0 for private, 1 for public, 2 for params */
384 static APK_DATA keydata[] = {
385 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), EVP_PKEY_RSA},
386 {kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), EVP_PKEY_RSA},
387 #ifndef OPENSSL_NO_EC
388 {kExampleECKeyDER, sizeof(kExampleECKeyDER), EVP_PKEY_EC}
392 static APK_DATA keycheckdata[] = {
393 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), EVP_PKEY_RSA, 1, -2, -2, 0},
394 {kExampleBadRSAKeyDER, sizeof(kExampleBadRSAKeyDER), EVP_PKEY_RSA,
396 #ifndef OPENSSL_NO_EC
397 {kExampleECKeyDER, sizeof(kExampleECKeyDER), EVP_PKEY_EC, 1, 1, 1, 0},
398 /* group is also associated in our pub key */
399 {kExampleECPubKeyDER, sizeof(kExampleECPubKeyDER), EVP_PKEY_EC, 0, 1, 1, 1},
400 {pExampleECParamDER, sizeof(pExampleECParamDER), EVP_PKEY_EC, 0, 0, 1, 2}
404 static EVP_PKEY *load_example_rsa_key(void)
406 EVP_PKEY *ret = NULL;
407 const unsigned char *derp = kExampleRSAKeyDER;
408 EVP_PKEY *pkey = NULL;
411 if (!TEST_true(d2i_RSAPrivateKey(&rsa, &derp, sizeof(kExampleRSAKeyDER))))
414 if (!TEST_ptr(pkey = EVP_PKEY_new())
415 || !TEST_true(EVP_PKEY_set1_RSA(pkey, rsa)))
428 #ifndef OPENSSL_NO_DSA
429 static EVP_PKEY *load_example_dsa_key(void)
431 EVP_PKEY *ret = NULL;
432 const unsigned char *derp = kExampleDSAKeyDER;
433 EVP_PKEY *pkey = NULL;
436 if (!TEST_true(d2i_DSAPrivateKey(&dsa, &derp, sizeof(kExampleDSAKeyDER))))
439 if (!TEST_ptr(pkey = EVP_PKEY_new())
440 || !TEST_true(EVP_PKEY_set1_DSA(pkey, dsa)))
454 static EVP_PKEY *load_example_hmac_key(void)
456 EVP_PKEY *pkey = NULL;
457 unsigned char key[] = {
458 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
459 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
460 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
463 pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, NULL, key, sizeof(key));
470 static int test_EVP_Enveloped(void)
473 EVP_CIPHER_CTX *ctx = NULL;
474 EVP_PKEY *keypair = NULL;
475 unsigned char *kek = NULL;
476 unsigned char iv[EVP_MAX_IV_LENGTH];
477 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8 };
478 int len, kek_len, ciphertext_len, plaintext_len;
479 unsigned char ciphertext[32], plaintext[16];
480 const EVP_CIPHER *type = EVP_aes_256_cbc();
482 if (!TEST_ptr(keypair = load_example_rsa_key())
483 || !TEST_ptr(kek = OPENSSL_zalloc(EVP_PKEY_size(keypair)))
484 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
485 || !TEST_true(EVP_SealInit(ctx, type, &kek, &kek_len, iv,
487 || !TEST_true(EVP_SealUpdate(ctx, ciphertext, &ciphertext_len,
489 || !TEST_true(EVP_SealFinal(ctx, ciphertext + ciphertext_len,
493 ciphertext_len += len;
495 if (!TEST_true(EVP_OpenInit(ctx, type, kek, kek_len, iv, keypair))
496 || !TEST_true(EVP_OpenUpdate(ctx, plaintext, &plaintext_len,
497 ciphertext, ciphertext_len))
498 || !TEST_true(EVP_OpenFinal(ctx, plaintext + plaintext_len, &len)))
501 plaintext_len += len;
502 if (!TEST_mem_eq(msg, sizeof(msg), plaintext, plaintext_len))
508 EVP_PKEY_free(keypair);
509 EVP_CIPHER_CTX_free(ctx);
514 * Test 0: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, RSA)
515 * Test 1: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, DSA)
516 * Test 2: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, HMAC)
517 * Test 3: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, RSA)
518 * Test 4: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, DSA)
519 * Test 5: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch diegst, HMAC)
520 * Test 6: Use an MD BIO to do the Update calls instead (RSA)
521 * Test 7: Use an MD BIO to do the Update calls instead (DSA)
522 * Test 8: Use an MD BIO to do the Update calls instead (HMAC)
524 static int test_EVP_DigestSignInit(int tst)
527 EVP_PKEY *pkey = NULL;
528 unsigned char *sig = NULL;
530 EVP_MD_CTX *md_ctx = NULL, *md_ctx_verify = NULL;
531 EVP_MD_CTX *a_md_ctx = NULL, *a_md_ctx_verify = NULL;
532 BIO *mdbio = NULL, *membio = NULL;
535 EVP_MD *mdexp = NULL;
538 membio = BIO_new(BIO_s_mem());
539 mdbio = BIO_new(BIO_f_md());
540 if (!TEST_ptr(membio) || !TEST_ptr(mdbio))
542 BIO_push(mdbio, membio);
543 if (!TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx), 0))
546 if (!TEST_ptr(a_md_ctx = md_ctx = EVP_MD_CTX_new())
547 || !TEST_ptr(a_md_ctx_verify = md_ctx_verify = EVP_MD_CTX_new()))
551 if (tst == 0 || tst == 3 || tst == 6) {
552 if (!TEST_ptr(pkey = load_example_rsa_key()))
554 } else if (tst == 1 || tst == 4 || tst == 7) {
555 #ifndef OPENSSL_NO_DSA
556 if (!TEST_ptr(pkey = load_example_dsa_key()))
563 if (!TEST_ptr(pkey = load_example_hmac_key()))
567 if (tst >= 3 && tst <= 5)
568 md = mdexp = EVP_MD_fetch(NULL, "SHA256", NULL);
572 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, md, NULL, pkey)))
576 if (!BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written))
579 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
583 /* Determine the size of the signature. */
584 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len))
585 || !TEST_size_t_le(sig_len, (size_t)EVP_PKEY_size(pkey)))
588 if (!TEST_ptr(sig = OPENSSL_malloc(sig_len))
589 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
593 if (!TEST_int_gt(BIO_reset(mdbio), 0)
594 || !TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx_verify), 0))
599 * Ensure that the signature round-trips (Verification isn't supported for
600 * HMAC via EVP_DigestVerify*)
602 if (tst != 2 && tst != 5 && tst != 8) {
603 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, md,
608 if (!TEST_true(BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written)))
611 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg,
615 if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)))
624 EVP_MD_CTX_free(a_md_ctx);
625 EVP_MD_CTX_free(a_md_ctx_verify);
633 static int test_EVP_DigestVerifyInit(void)
636 EVP_PKEY *pkey = NULL;
637 EVP_MD_CTX *md_ctx = NULL;
639 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new())
640 || !TEST_ptr(pkey = load_example_rsa_key()))
643 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, EVP_sha256(), NULL, pkey))
644 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)))
645 || !TEST_true(EVP_DigestVerifyFinal(md_ctx, kSignature,
646 sizeof(kSignature))))
651 EVP_MD_CTX_free(md_ctx);
656 static int test_d2i_AutoPrivateKey(int i)
659 const unsigned char *p;
660 EVP_PKEY *pkey = NULL;
661 const APK_DATA *ak = &keydata[i];
662 const unsigned char *input = ak->kder;
663 size_t input_len = ak->size;
664 int expected_id = ak->evptype;
667 if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len))
668 || !TEST_ptr_eq(p, input + input_len)
669 || !TEST_int_eq(EVP_PKEY_id(pkey), expected_id))
679 #ifndef OPENSSL_NO_EC
681 static const unsigned char ec_public_sect163k1_validxy[] = {
682 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
683 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
684 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
685 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x02, 0xd1, 0x7b,
686 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
687 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
690 static const unsigned char ec_public_sect163k1_badx[] = {
691 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
692 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
693 0x0a, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
694 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0xb0, 0x02, 0xd1, 0x7b,
695 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
696 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
699 static const unsigned char ec_public_sect163k1_bady[] = {
700 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
701 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
702 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
703 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x0a, 0xd1, 0x7b,
704 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
705 0x6a, 0xd8, 0x17, 0x65, 0x41, 0xe6
708 static struct ec_der_pub_keys_st {
709 const unsigned char *der;
712 } ec_der_pub_keys[] = {
713 { ec_public_sect163k1_validxy, sizeof(ec_public_sect163k1_validxy), 1 },
714 { ec_public_sect163k1_badx, sizeof(ec_public_sect163k1_badx), 0 },
715 { ec_public_sect163k1_bady, sizeof(ec_public_sect163k1_bady), 0 },
719 * Tests the range of the decoded EC char2 public point.
720 * See ec_GF2m_simple_oct2point().
722 static int test_invalide_ec_char2_pub_range_decode(int id)
726 EC_KEY *eckey = NULL;
728 if (!TEST_ptr(bio = BIO_new_mem_buf(ec_der_pub_keys[id].der,
729 ec_der_pub_keys[id].len)))
731 eckey = d2i_EC_PUBKEY_bio(bio, NULL);
732 ret = (ec_der_pub_keys[id].valid && TEST_ptr(eckey))
733 || TEST_ptr_null(eckey);
740 /* Tests loading a bad key in PKCS8 format */
741 static int test_EVP_PKCS82PKEY(void)
744 const unsigned char *derp = kExampleBadECKeyDER;
745 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
746 EVP_PKEY *pkey = NULL;
748 if (!TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &derp,
749 sizeof(kExampleBadECKeyDER))))
752 if (!TEST_ptr_eq(derp,
753 kExampleBadECKeyDER + sizeof(kExampleBadECKeyDER)))
756 if (!TEST_ptr_null(pkey = EVP_PKCS82PKEY(p8inf)))
762 PKCS8_PRIV_KEY_INFO_free(p8inf);
769 #if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODE)
771 static int test_EVP_SM2_verify(void)
773 /* From https://tools.ietf.org/html/draft-shen-sm2-ecdsa-02#appendix-A */
775 "-----BEGIN PUBLIC KEY-----\n"
776 "MIIBMzCB7AYHKoZIzj0CATCB4AIBATAsBgcqhkjOPQEBAiEAhULWnkwETxjouSQ1\n"
777 "v2/33kVyg5FcRVF9ci7biwjx38MwRAQgeHlotPoyw/0kF4Quc7v+/y88hItoMdfg\n"
778 "7GUiizk35JgEIGPkxtOyOwyEnPhCQUhL/kj2HVmlsWugbm4S0donxSSaBEEEQh3r\n"
779 "1hti6rZ0ZDTrw8wxXjIiCzut1QvcTE5sFH/t1D0GgFEry7QsB9RzSdIVO3DE5df9\n"
780 "/L+jbqGoWEG55G4JogIhAIVC1p5MBE8Y6LkkNb9v990pdyBjBIVijVrnTufDLnm3\n"
781 "AgEBA0IABArkx3mKoPEZRxvuEYJb5GICu3nipYRElel8BP9N8lSKfAJA+I8c1OFj\n"
782 "Uqc8F7fxbwc1PlOhdtaEqf4Ma7eY6Fc=\n"
783 "-----END PUBLIC KEY-----\n";
785 const char *msg = "message digest";
786 const char *id = "ALICE123@YAHOO.COM";
788 const uint8_t signature[] = {
789 0x30, 0x44, 0x02, 0x20,
791 0x40, 0xF1, 0xEC, 0x59, 0xF7, 0x93, 0xD9, 0xF4, 0x9E, 0x09, 0xDC,
792 0xEF, 0x49, 0x13, 0x0D, 0x41, 0x94, 0xF7, 0x9F, 0xB1, 0xEE, 0xD2,
793 0xCA, 0xA5, 0x5B, 0xAC, 0xDB, 0x49, 0xC4, 0xE7, 0x55, 0xD1,
797 0x6F, 0xC6, 0xDA, 0xC3, 0x2C, 0x5D, 0x5C, 0xF1, 0x0C, 0x77, 0xDF,
798 0xB2, 0x0F, 0x7C, 0x2E, 0xB6, 0x67, 0xA4, 0x57, 0x87, 0x2F, 0xB0,
799 0x9E, 0xC5, 0x63, 0x27, 0xA6, 0x7E, 0xC7, 0xDE, 0xEB, 0xE7
804 EVP_PKEY *pkey = NULL;
805 EVP_MD_CTX *mctx = NULL;
806 EVP_PKEY_CTX *pctx = NULL;
808 bio = BIO_new_mem_buf(pubkey, strlen(pubkey));
809 if (!TEST_true(bio != NULL))
812 pkey = PEM_read_bio_PUBKEY(bio, NULL, NULL, NULL);
813 if (!TEST_true(pkey != NULL))
816 if (!TEST_true(EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2)))
819 if (!TEST_ptr(mctx = EVP_MD_CTX_new()))
822 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new(pkey, NULL)))
825 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(pctx, (const uint8_t *)id,
829 EVP_MD_CTX_set_pkey_ctx(mctx, pctx);
831 if (!TEST_true(EVP_DigestVerifyInit(mctx, NULL, EVP_sm3(), NULL, pkey)))
834 if (!TEST_true(EVP_DigestVerifyUpdate(mctx, msg, strlen(msg))))
837 if (!TEST_true(EVP_DigestVerifyFinal(mctx, signature, sizeof(signature))))
844 EVP_PKEY_CTX_free(pctx);
845 EVP_MD_CTX_free(mctx);
849 static int test_EVP_SM2(void)
852 EVP_PKEY *pkey = NULL;
853 EVP_PKEY *params = NULL;
854 EVP_PKEY_CTX *pctx = NULL;
855 EVP_PKEY_CTX *kctx = NULL;
856 EVP_PKEY_CTX *sctx = NULL;
858 unsigned char *sig = NULL;
859 EVP_MD_CTX *md_ctx = NULL;
860 EVP_MD_CTX *md_ctx_verify = NULL;
861 EVP_PKEY_CTX *cctx = NULL;
863 uint8_t ciphertext[128];
864 size_t ctext_len = sizeof(ciphertext);
866 uint8_t plaintext[8];
867 size_t ptext_len = sizeof(plaintext);
869 uint8_t sm2_id[] = {1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r'};
871 pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
875 if (!TEST_true(EVP_PKEY_paramgen_init(pctx) == 1))
878 if (!TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, NID_sm2)))
881 if (!TEST_true(EVP_PKEY_paramgen(pctx, ¶ms)))
884 kctx = EVP_PKEY_CTX_new(params, NULL);
888 if (!TEST_true(EVP_PKEY_keygen_init(kctx)))
891 if (!TEST_true(EVP_PKEY_keygen(kctx, &pkey)))
894 if (!TEST_true(EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2)))
897 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
900 if (!TEST_ptr(md_ctx_verify = EVP_MD_CTX_new()))
903 if (!TEST_ptr(sctx = EVP_PKEY_CTX_new(pkey, NULL)))
906 EVP_MD_CTX_set_pkey_ctx(md_ctx, sctx);
907 EVP_MD_CTX_set_pkey_ctx(md_ctx_verify, sctx);
909 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
912 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, EVP_sm3(), NULL, pkey)))
915 if(!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
918 /* Determine the size of the signature. */
919 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len)))
922 if (!TEST_size_t_eq(sig_len, (size_t)EVP_PKEY_size(pkey)))
925 if (!TEST_ptr(sig = OPENSSL_malloc(sig_len)))
928 if (!TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
931 /* Ensure that the signature round-trips. */
933 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, EVP_sm3(), NULL, pkey)))
936 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg))))
939 if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)))
942 /* now check encryption/decryption */
944 if (!TEST_ptr(cctx = EVP_PKEY_CTX_new(pkey, NULL)))
947 if (!TEST_true(EVP_PKEY_encrypt_init(cctx)))
950 if (!TEST_true(EVP_PKEY_encrypt(cctx, ciphertext, &ctext_len, kMsg, sizeof(kMsg))))
953 if (!TEST_true(EVP_PKEY_decrypt_init(cctx)))
956 if (!TEST_true(EVP_PKEY_decrypt(cctx, plaintext, &ptext_len, ciphertext, ctext_len)))
959 if (!TEST_true(ptext_len == sizeof(kMsg)))
962 if (!TEST_true(memcmp(plaintext, kMsg, sizeof(kMsg)) == 0))
967 EVP_PKEY_CTX_free(pctx);
968 EVP_PKEY_CTX_free(kctx);
969 EVP_PKEY_CTX_free(sctx);
970 EVP_PKEY_CTX_free(cctx);
972 EVP_PKEY_free(params);
973 EVP_MD_CTX_free(md_ctx);
974 EVP_MD_CTX_free(md_ctx_verify);
981 static struct keys_st {
987 EVP_PKEY_HMAC, "0123456789", NULL
989 EVP_PKEY_POLY1305, "01234567890123456789012345678901", NULL
991 EVP_PKEY_SIPHASH, "0123456789012345", NULL
993 #ifndef OPENSSL_NO_EC
995 EVP_PKEY_X25519, "01234567890123456789012345678901",
996 "abcdefghijklmnopqrstuvwxyzabcdef"
998 EVP_PKEY_ED25519, "01234567890123456789012345678901",
999 "abcdefghijklmnopqrstuvwxyzabcdef"
1002 "01234567890123456789012345678901234567890123456789012345",
1003 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd"
1006 "012345678901234567890123456789012345678901234567890123456",
1007 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcde"
1012 static int test_set_get_raw_keys_int(int tst, int pub)
1015 unsigned char buf[80];
1017 size_t inlen, len = 0;
1020 /* Check if this algorithm supports public keys */
1021 if (keys[tst].pub == NULL)
1024 memset(buf, 0, sizeof(buf));
1027 inlen = strlen(keys[tst].pub);
1028 in = (unsigned char *)keys[tst].pub;
1029 pkey = EVP_PKEY_new_raw_public_key(keys[tst].type,
1034 inlen = strlen(keys[tst].priv);
1035 in = (unsigned char *)keys[tst].priv;
1036 pkey = EVP_PKEY_new_raw_private_key(keys[tst].type,
1043 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, NULL, &len)))
1044 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, NULL, &len)))
1045 || !TEST_true(len == inlen)
1046 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, buf, &len)))
1047 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, buf, &len)))
1048 || !TEST_mem_eq(in, inlen, buf, len))
1053 EVP_PKEY_free(pkey);
1057 static int test_set_get_raw_keys(int tst)
1059 return test_set_get_raw_keys_int(tst, 0)
1060 && test_set_get_raw_keys_int(tst, 1);
1063 static int pkey_custom_check(EVP_PKEY *pkey)
1068 static int pkey_custom_pub_check(EVP_PKEY *pkey)
1073 static int pkey_custom_param_check(EVP_PKEY *pkey)
1078 static EVP_PKEY_METHOD *custom_pmeth;
1080 static int test_EVP_PKEY_check(int i)
1083 const unsigned char *p;
1084 EVP_PKEY *pkey = NULL;
1085 #ifndef OPENSSL_NO_EC
1086 EC_KEY *eckey = NULL;
1088 EVP_PKEY_CTX *ctx = NULL;
1089 EVP_PKEY_CTX *ctx2 = NULL;
1090 const APK_DATA *ak = &keycheckdata[i];
1091 const unsigned char *input = ak->kder;
1092 size_t input_len = ak->size;
1093 int expected_id = ak->evptype;
1094 int expected_check = ak->check;
1095 int expected_pub_check = ak->pub_check;
1096 int expected_param_check = ak->param_check;
1097 int type = ak->type;
1104 if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len))
1105 || !TEST_ptr_eq(p, input + input_len)
1106 || !TEST_int_eq(EVP_PKEY_id(pkey), expected_id))
1109 #ifndef OPENSSL_NO_EC
1111 if (!TEST_ptr(pubkey = BIO_new_mem_buf(input, input_len))
1112 || !TEST_ptr(eckey = d2i_EC_PUBKEY_bio(pubkey, NULL))
1113 || !TEST_ptr(pkey = EVP_PKEY_new())
1114 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
1118 if (!TEST_ptr(eckey = d2i_ECParameters(NULL, &p, input_len))
1119 || !TEST_ptr_eq(p, input + input_len)
1120 || !TEST_ptr(pkey = EVP_PKEY_new())
1121 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
1129 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new(pkey, NULL)))
1132 if (!TEST_int_eq(EVP_PKEY_check(ctx), expected_check))
1135 if (!TEST_int_eq(EVP_PKEY_public_check(ctx), expected_pub_check))
1138 if (!TEST_int_eq(EVP_PKEY_param_check(ctx), expected_param_check))
1141 ctx2 = EVP_PKEY_CTX_new_id(0xdefaced, NULL);
1142 /* assign the pkey directly, as an internal test */
1143 EVP_PKEY_up_ref(pkey);
1146 if (!TEST_int_eq(EVP_PKEY_check(ctx2), 0xbeef))
1149 if (!TEST_int_eq(EVP_PKEY_public_check(ctx2), 0xbeef))
1152 if (!TEST_int_eq(EVP_PKEY_param_check(ctx2), 0xbeef))
1158 EVP_PKEY_CTX_free(ctx);
1159 EVP_PKEY_CTX_free(ctx2);
1160 EVP_PKEY_free(pkey);
1165 static int test_HKDF(void)
1168 unsigned char out[20];
1171 unsigned char salt[] = "0123456789";
1172 unsigned char key[] = "012345678901234567890123456789";
1173 unsigned char info[] = "infostring";
1174 const unsigned char expected[] = {
1175 0xe5, 0x07, 0x70, 0x7f, 0xc6, 0x78, 0xd6, 0x54, 0x32, 0x5f, 0x7e, 0xc5,
1176 0x7b, 0x59, 0x3e, 0xd8, 0x03, 0x6b, 0xed, 0xca
1178 size_t expectedlen = sizeof(expected);
1180 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL)))
1183 /* We do this twice to test reuse of the EVP_PKEY_CTX */
1184 for (i = 0; i < 2; i++) {
1185 outlen = sizeof(out);
1186 memset(out, 0, outlen);
1188 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
1189 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
1190 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
1191 sizeof(salt) - 1), 0)
1192 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
1193 sizeof(key) - 1), 0)
1194 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
1195 sizeof(info) - 1), 0)
1196 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
1197 || !TEST_mem_eq(out, outlen, expected, expectedlen))
1204 EVP_PKEY_CTX_free(pctx);
1209 #ifndef OPENSSL_NO_EC
1210 static int test_X509_PUBKEY_inplace(void)
1213 X509_PUBKEY *xp = NULL;
1214 const unsigned char *p = kExampleECPubKeyDER;
1215 size_t input_len = sizeof(kExampleECPubKeyDER);
1217 if (!TEST_ptr(xp = d2i_X509_PUBKEY(NULL, &p, input_len)))
1220 if (!TEST_ptr(X509_PUBKEY_get0(xp)))
1223 p = kExampleBadECPubKeyDER;
1224 input_len = sizeof(kExampleBadECPubKeyDER);
1226 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len)))
1229 if (!TEST_true(X509_PUBKEY_get0(xp) == NULL))
1235 X509_PUBKEY_free(xp);
1238 #endif /* OPENSSL_NO_EC */
1240 #ifndef OPENSSL_NO_DSA
1241 /* Test getting and setting parameters on an EVP_PKEY_CTX */
1242 static int test_EVP_PKEY_CTX_get_set_params(void)
1244 EVP_MD_CTX *mdctx = NULL;
1245 EVP_PKEY_CTX *ctx = NULL;
1246 EVP_SIGNATURE *dsaimpl = NULL;
1247 const OSSL_PARAM *params;
1248 OSSL_PARAM ourparams[2], *param = ourparams;
1250 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
1251 EVP_PKEY *pkey = NULL;
1254 size_t mdsize = SHA512_DIGEST_LENGTH;
1258 * Setup the parameters for our DSA object. For our purposes they don't
1259 * have to actually be *valid* parameters. We just need to set something.
1272 || !DSA_set0_pqg(dsa, p, q, g)
1273 || !DSA_set0_key(dsa, pub, priv))
1275 p = q = g = pub = priv = NULL;
1277 pkey = EVP_PKEY_new();
1279 || !TEST_true(EVP_PKEY_assign_DSA(pkey, dsa)))
1284 /* Initialise a sign operation */
1285 ctx = EVP_PKEY_CTX_new(pkey, NULL);
1287 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0))
1291 * We should be able to query the parameters now. The default DSA
1292 * implementation supports exactly one parameter - so we expect to see that
1293 * returned and no more.
1295 params = EVP_PKEY_CTX_settable_params(ctx);
1296 if (!TEST_ptr(params)
1297 || !TEST_int_eq(strcmp(params[0].key,
1298 OSSL_SIGNATURE_PARAM_DIGEST_SIZE), 0)
1299 || !TEST_int_eq(strcmp(params[1].key, OSSL_SIGNATURE_PARAM_DIGEST),
1301 /* The final key should be NULL */
1302 || !TEST_ptr_null(params[2].key))
1305 /* Gettable params are the same as the settable ones */
1306 params = EVP_PKEY_CTX_gettable_params(ctx);
1307 if (!TEST_ptr(params)
1308 || !TEST_int_eq(strcmp(params[0].key,
1309 OSSL_SIGNATURE_PARAM_DIGEST_SIZE), 0)
1310 || !TEST_int_eq(strcmp(params[1].key, OSSL_SIGNATURE_PARAM_DIGEST),
1312 /* The final key should be NULL */
1313 || !TEST_ptr_null(params[2].key))
1317 * Test getting and setting params via EVP_PKEY_CTX_set_params() and
1318 * EVP_PKEY_CTX_get_params()
1320 *param++ = OSSL_PARAM_construct_size_t(OSSL_SIGNATURE_PARAM_DIGEST_SIZE,
1322 *param++ = OSSL_PARAM_construct_end();
1324 if (!TEST_true(EVP_PKEY_CTX_set_params(ctx, ourparams)))
1328 if (!TEST_true(EVP_PKEY_CTX_get_params(ctx, ourparams))
1329 || !TEST_size_t_eq(mdsize, SHA512_DIGEST_LENGTH))
1333 * Test the TEST_PKEY_CTX_set_signature_md() and
1334 * TEST_PKEY_CTX_get_signature_md() functions
1336 if (!TEST_int_gt(EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()), 0)
1337 || !TEST_int_gt(EVP_PKEY_CTX_get_signature_md(ctx, &md), 0)
1338 || !TEST_ptr_eq(md, EVP_sha256()))
1342 * Test getting MD parameters via an associated EVP_PKEY_CTX
1344 mdctx = EVP_MD_CTX_new();
1345 if (!TEST_ptr(mdctx)
1346 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, "SHA1", NULL, pkey)))
1350 * We now have an EVP_MD_CTX with an EVP_PKEY_CTX inside it. We should be
1351 * able to obtain the digest's settable parameters from the provider.
1353 params = EVP_MD_CTX_settable_params(mdctx);
1354 if (!TEST_ptr(params)
1355 || !TEST_int_eq(strcmp(params[0].key, OSSL_DIGEST_PARAM_SSL3_MS), 0)
1356 /* The final key should be NULL */
1357 || !TEST_ptr_null(params[1].key))
1361 memset(ssl3ms, 0, sizeof(ssl3ms));
1362 *param++ = OSSL_PARAM_construct_octet_string(OSSL_DIGEST_PARAM_SSL3_MS,
1363 ssl3ms, sizeof(ssl3ms));
1364 *param++ = OSSL_PARAM_construct_end();
1366 if (!TEST_true(EVP_MD_CTX_set_params(mdctx, ourparams)))
1372 EVP_MD_CTX_free(mdctx);
1373 EVP_PKEY_CTX_free(ctx);
1374 EVP_SIGNATURE_free(dsaimpl);
1375 EVP_PKEY_free(pkey);
1387 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
1388 static int test_decrypt_null_chunks(void)
1390 EVP_CIPHER_CTX* ctx = NULL;
1391 const unsigned char key[32] = {
1392 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
1393 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
1394 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1
1396 unsigned char iv[12] = {
1397 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b
1399 unsigned char msg[] = "It was the best of times, it was the worst of times";
1400 unsigned char ciphertext[80];
1401 unsigned char plaintext[80];
1402 /* We initialise tmp to a non zero value on purpose */
1403 int ctlen, ptlen, tmp = 99;
1405 const int enc_offset = 10, dec_offset = 20;
1407 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
1408 || !TEST_true(EVP_EncryptInit_ex(ctx, EVP_chacha20_poly1305(), NULL,
1410 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &ctlen, msg,
1412 /* Deliberate add a zero length update */
1413 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp, NULL,
1415 || !TEST_int_eq(tmp, 0)
1416 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp,
1418 sizeof(msg) - enc_offset))
1419 || !TEST_int_eq(ctlen += tmp, sizeof(msg))
1420 || !TEST_true(EVP_EncryptFinal(ctx, ciphertext + ctlen, &tmp))
1421 || !TEST_int_eq(tmp, 0))
1424 /* Deliberately initialise tmp to a non zero value */
1426 if (!TEST_true(EVP_DecryptInit_ex(ctx, EVP_chacha20_poly1305(), NULL, key,
1428 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext, &ptlen, ciphertext,
1431 * Deliberately add a zero length update. We also deliberately do
1432 * this at a different offset than for encryption.
1434 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp, NULL,
1436 || !TEST_int_eq(tmp, 0)
1437 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp,
1438 ciphertext + dec_offset,
1439 ctlen - dec_offset))
1440 || !TEST_int_eq(ptlen += tmp, sizeof(msg))
1441 || !TEST_true(EVP_DecryptFinal(ctx, plaintext + ptlen, &tmp))
1442 || !TEST_int_eq(tmp, 0)
1443 || !TEST_mem_eq(msg, sizeof(msg), plaintext, ptlen))
1448 EVP_CIPHER_CTX_free(ctx);
1451 #endif /* !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) */
1453 #ifndef OPENSSL_NO_DH
1454 static int test_EVP_PKEY_set1_DH(void)
1456 DH *x942dh, *pkcs3dh;
1457 EVP_PKEY *pkey1, *pkey2;
1460 x942dh = DH_get_2048_256();
1461 pkcs3dh = DH_new_by_nid(NID_ffdhe2048);
1462 pkey1 = EVP_PKEY_new();
1463 pkey2 = EVP_PKEY_new();
1464 if (!TEST_ptr(x942dh)
1465 || !TEST_ptr(pkcs3dh)
1467 || !TEST_ptr(pkey2))
1470 if(!TEST_true(EVP_PKEY_set1_DH(pkey1, x942dh))
1471 || !TEST_int_eq(EVP_PKEY_id(pkey1), EVP_PKEY_DHX))
1475 if(!TEST_true(EVP_PKEY_set1_DH(pkey2, pkcs3dh))
1476 || !TEST_int_eq(EVP_PKEY_id(pkey2), EVP_PKEY_DH))
1481 EVP_PKEY_free(pkey1);
1482 EVP_PKEY_free(pkey2);
1490 int setup_tests(void)
1492 ADD_ALL_TESTS(test_EVP_DigestSignInit, 9);
1493 ADD_TEST(test_EVP_DigestVerifyInit);
1494 ADD_TEST(test_EVP_Enveloped);
1495 ADD_ALL_TESTS(test_d2i_AutoPrivateKey, OSSL_NELEM(keydata));
1496 #ifndef OPENSSL_NO_EC
1497 ADD_TEST(test_EVP_PKCS82PKEY);
1499 #if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODE)
1500 ADD_TEST(test_EVP_SM2);
1501 ADD_TEST(test_EVP_SM2_verify);
1503 ADD_ALL_TESTS(test_set_get_raw_keys, OSSL_NELEM(keys));
1504 custom_pmeth = EVP_PKEY_meth_new(0xdefaced, 0);
1505 if (!TEST_ptr(custom_pmeth))
1507 EVP_PKEY_meth_set_check(custom_pmeth, pkey_custom_check);
1508 EVP_PKEY_meth_set_public_check(custom_pmeth, pkey_custom_pub_check);
1509 EVP_PKEY_meth_set_param_check(custom_pmeth, pkey_custom_param_check);
1510 if (!TEST_int_eq(EVP_PKEY_meth_add0(custom_pmeth), 1))
1512 ADD_ALL_TESTS(test_EVP_PKEY_check, OSSL_NELEM(keycheckdata));
1513 ADD_TEST(test_HKDF);
1514 #ifndef OPENSSL_NO_EC
1515 ADD_TEST(test_X509_PUBKEY_inplace);
1516 ADD_ALL_TESTS(test_invalide_ec_char2_pub_range_decode,
1517 OSSL_NELEM(ec_der_pub_keys));
1519 #ifndef OPENSSL_NO_DSA
1520 ADD_TEST(test_EVP_PKEY_CTX_get_set_params);
1522 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
1523 ADD_TEST(test_decrypt_null_chunks);
1525 #ifndef OPENSSL_NO_DH
1526 ADD_TEST(test_EVP_PKEY_set1_DH);