2 * Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 /* We need to use some deprecated APIs */
11 #define OPENSSL_SUPPRESS_DEPRECATED
16 #include <openssl/bio.h>
17 #include <openssl/conf.h>
18 #include <openssl/crypto.h>
19 #include <openssl/err.h>
20 #include <openssl/evp.h>
21 #include <openssl/rsa.h>
22 #include <openssl/x509.h>
23 #include <openssl/pem.h>
24 #include <openssl/kdf.h>
25 #include <openssl/provider.h>
26 #include <openssl/core_names.h>
27 #include <openssl/params.h>
28 #include <openssl/dsa.h>
29 #include <openssl/dh.h>
30 #include <openssl/aes.h>
32 #include "internal/nelem.h"
33 #include "internal/sizes.h"
34 #include "crypto/evp.h"
35 #include "../e_os.h" /* strcasecmp */
37 static OPENSSL_CTX *testctx = NULL;
40 * kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you
41 * should never use this key anywhere but in an example.
43 static const unsigned char kExampleRSAKeyDER[] = {
44 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xf8,
45 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59,
46 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37,
47 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71,
48 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a,
49 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4,
50 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec,
51 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76,
52 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8,
53 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7,
54 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c,
55 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01,
56 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 0x6d, 0xc7,
57 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 0x32, 0x85,
58 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 0x5f, 0xee,
59 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 0x66, 0x85,
60 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 0xa4, 0x0a,
61 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 0xc2, 0x15,
62 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 0x5b, 0x83,
63 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 0x80, 0x1b,
64 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 0x99, 0x73,
65 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 0x1f, 0x99,
66 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 0xb1, 0x02,
67 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 0x40, 0x41,
68 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 0x3d, 0x59,
69 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 0xc6, 0xd9,
70 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 0x9f, 0xef,
71 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 0x46, 0x87,
72 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 0x2c, 0xdf,
73 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 0x55, 0xf5,
74 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 0xcd, 0xb5,
75 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 0xb3, 0x62,
76 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 0x9b, 0x64,
77 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 0xfa, 0xb8,
78 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 0xe8, 0xba,
79 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 0xe7, 0xfe,
80 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 0x75, 0xe7,
81 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 0x9d, 0xfe,
82 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 0xf1, 0xdb,
83 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 0x5a, 0x34,
84 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 0x84, 0x27,
85 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 0xe9, 0xc0,
86 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 0xb9, 0xba,
87 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 0x10, 0x06,
88 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 0x52, 0x2c,
89 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 0xc4, 0x1e,
90 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 0x49, 0xaf,
91 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 0xd1, 0x8a,
92 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 0x17, 0x17,
93 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 0x08, 0xf1,
94 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
98 * kExampleDSAKeyDER is a DSA private key in ASN.1, DER format. Of course, you
99 * should never use this key anywhere but in an example.
101 #ifndef OPENSSL_NO_DSA
102 static const unsigned char kExampleDSAKeyDER[] = {
103 0x30, 0x82, 0x01, 0xba, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0x9a,
104 0x05, 0x6d, 0x33, 0xcd, 0x5d, 0x78, 0xa1, 0xbb, 0xcb, 0x7d, 0x5b, 0x8d,
105 0xb4, 0xcc, 0xbf, 0x03, 0x99, 0x64, 0xde, 0x38, 0x78, 0x06, 0x15, 0x2f,
106 0x86, 0x26, 0x77, 0xf3, 0xb1, 0x85, 0x00, 0xed, 0xfc, 0x28, 0x3a, 0x42,
107 0x4d, 0xab, 0xab, 0xdf, 0xbc, 0x9c, 0x16, 0xd0, 0x22, 0x50, 0xd1, 0x38,
108 0xdd, 0x3f, 0x64, 0x05, 0x9e, 0x68, 0x7a, 0x1e, 0xf1, 0x56, 0xbf, 0x1e,
109 0x2c, 0xc5, 0x97, 0x2a, 0xfe, 0x7a, 0x22, 0xdc, 0x6c, 0x68, 0xb8, 0x2e,
110 0x06, 0xdb, 0x41, 0xca, 0x98, 0xd8, 0x54, 0xc7, 0x64, 0x48, 0x24, 0x04,
111 0x20, 0xbc, 0x59, 0xe3, 0x6b, 0xea, 0x7e, 0xfc, 0x7e, 0xc5, 0x4e, 0xd4,
112 0xd8, 0x3a, 0xed, 0xcd, 0x5d, 0x99, 0xb8, 0x5c, 0xa2, 0x8b, 0xbb, 0x0b,
113 0xac, 0xe6, 0x8e, 0x25, 0x56, 0x22, 0x3a, 0x2d, 0x3a, 0x56, 0x41, 0x14,
114 0x1f, 0x1c, 0x8f, 0x53, 0x46, 0x13, 0x85, 0x02, 0x15, 0x00, 0x98, 0x7e,
115 0x92, 0x81, 0x88, 0xc7, 0x3f, 0x70, 0x49, 0x54, 0xf6, 0x76, 0xb4, 0xa3,
116 0x9e, 0x1d, 0x45, 0x98, 0x32, 0x7f, 0x02, 0x81, 0x80, 0x69, 0x4d, 0xef,
117 0x55, 0xff, 0x4d, 0x59, 0x2c, 0x01, 0xfa, 0x6a, 0x38, 0xe0, 0x70, 0x9f,
118 0x9e, 0x66, 0x8e, 0x3e, 0x8c, 0x52, 0x22, 0x9d, 0x15, 0x7e, 0x3c, 0xef,
119 0x4c, 0x7a, 0x61, 0x26, 0xe0, 0x2b, 0x81, 0x3f, 0xeb, 0xaf, 0x35, 0x38,
120 0x8d, 0xfe, 0xed, 0x46, 0xff, 0x5f, 0x03, 0x9b, 0x81, 0x92, 0xe7, 0x6f,
121 0x76, 0x4f, 0x1d, 0xd9, 0xbb, 0x89, 0xc9, 0x3e, 0xd9, 0x0b, 0xf9, 0xf4,
122 0x78, 0x11, 0x59, 0xc0, 0x1d, 0xcd, 0x0e, 0xa1, 0x6f, 0x15, 0xf1, 0x4d,
123 0xc1, 0xc9, 0x22, 0xed, 0x8d, 0xad, 0x67, 0xc5, 0x4b, 0x95, 0x93, 0x86,
124 0xa6, 0xaf, 0x8a, 0xee, 0x06, 0x89, 0x2f, 0x37, 0x7e, 0x64, 0xaa, 0xf6,
125 0xe7, 0xb1, 0x5a, 0x0a, 0x93, 0x95, 0x5d, 0x3e, 0x53, 0x9a, 0xde, 0x8a,
126 0xc2, 0x95, 0x45, 0x81, 0xbe, 0x5c, 0x2f, 0xc2, 0xb2, 0x92, 0x58, 0x19,
127 0x72, 0x80, 0xe9, 0x79, 0xa1, 0x02, 0x81, 0x80, 0x07, 0xd7, 0x62, 0xff,
128 0xdf, 0x1a, 0x3f, 0xed, 0x32, 0xd4, 0xd4, 0x88, 0x7b, 0x2c, 0x63, 0x7f,
129 0x97, 0xdc, 0x44, 0xd4, 0x84, 0xa2, 0xdd, 0x17, 0x16, 0x85, 0x13, 0xe0,
130 0xac, 0x51, 0x8d, 0x29, 0x1b, 0x75, 0x9a, 0xe4, 0xe3, 0x8a, 0x92, 0x69,
131 0x09, 0x03, 0xc5, 0x68, 0xae, 0x5e, 0x94, 0xfe, 0xc9, 0x92, 0x6c, 0x07,
132 0xb4, 0x1e, 0x64, 0x62, 0x87, 0xc6, 0xa4, 0xfd, 0x0d, 0x5f, 0xe5, 0xf9,
133 0x1b, 0x4f, 0x85, 0x5f, 0xae, 0xf3, 0x11, 0xe5, 0x18, 0xd4, 0x4d, 0x79,
134 0x9f, 0xc4, 0x79, 0x26, 0x04, 0x27, 0xf0, 0x0b, 0xee, 0x2b, 0x86, 0x9f,
135 0x86, 0x61, 0xe6, 0x51, 0xce, 0x04, 0x9b, 0x5d, 0x6b, 0x34, 0x43, 0x8c,
136 0x85, 0x3c, 0xf1, 0x51, 0x9b, 0x08, 0x23, 0x1b, 0xf5, 0x7e, 0x33, 0x12,
137 0xea, 0xab, 0x1f, 0xb7, 0x2d, 0xe2, 0x5f, 0xe6, 0x97, 0x99, 0xb5, 0x45,
138 0x16, 0x5b, 0xc3, 0x41, 0x02, 0x14, 0x61, 0xbf, 0x51, 0x60, 0xcf, 0xc8,
139 0xf1, 0x8c, 0x82, 0x97, 0xf2, 0xf4, 0x19, 0xba, 0x2b, 0xf3, 0x16, 0xbe,
145 * kExampleBadRSAKeyDER is an RSA private key in ASN.1, DER format. The private
146 * components are not correct.
148 static const unsigned char kExampleBadRSAKeyDER[] = {
149 0x30, 0x82, 0x04, 0x27, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00,
150 0xa6, 0x1a, 0x1e, 0x6e, 0x7b, 0xee, 0xc6, 0x89, 0x66, 0xe7, 0x93, 0xef,
151 0x54, 0x12, 0x68, 0xea, 0xbf, 0x86, 0x2f, 0xdd, 0xd2, 0x79, 0xb8, 0xa9,
152 0x6e, 0x03, 0xc2, 0xa3, 0xb9, 0xa3, 0xe1, 0x4b, 0x2a, 0xb3, 0xf8, 0xb4,
153 0xcd, 0xea, 0xbe, 0x24, 0xa6, 0x57, 0x5b, 0x83, 0x1f, 0x0f, 0xf2, 0xd3,
154 0xb7, 0xac, 0x7e, 0xd6, 0x8e, 0x6e, 0x1e, 0xbf, 0xb8, 0x73, 0x8c, 0x05,
155 0x56, 0xe6, 0x35, 0x1f, 0xe9, 0x04, 0x0b, 0x09, 0x86, 0x7d, 0xf1, 0x26,
156 0x08, 0x99, 0xad, 0x7b, 0xc8, 0x4d, 0x94, 0xb0, 0x0b, 0x8b, 0x38, 0xa0,
157 0x5c, 0x62, 0xa0, 0xab, 0xd3, 0x8f, 0xd4, 0x09, 0x60, 0x72, 0x1e, 0x33,
158 0x50, 0x80, 0x6e, 0x22, 0xa6, 0x77, 0x57, 0x6b, 0x9a, 0x33, 0x21, 0x66,
159 0x87, 0x6e, 0x21, 0x7b, 0xc7, 0x24, 0x0e, 0xd8, 0x13, 0xdf, 0x83, 0xde,
160 0xcd, 0x40, 0x58, 0x1d, 0x84, 0x86, 0xeb, 0xb8, 0x12, 0x4e, 0xd2, 0xfa,
161 0x80, 0x1f, 0xe4, 0xe7, 0x96, 0x29, 0xb8, 0xcc, 0xce, 0x66, 0x6d, 0x53,
162 0xca, 0xb9, 0x5a, 0xd7, 0xf6, 0x84, 0x6c, 0x2d, 0x9a, 0x1a, 0x14, 0x1c,
163 0x4e, 0x93, 0x39, 0xba, 0x74, 0xed, 0xed, 0x87, 0x87, 0x5e, 0x48, 0x75,
164 0x36, 0xf0, 0xbc, 0x34, 0xfb, 0x29, 0xf9, 0x9f, 0x96, 0x5b, 0x0b, 0xa7,
165 0x54, 0x30, 0x51, 0x29, 0x18, 0x5b, 0x7d, 0xac, 0x0f, 0xd6, 0x5f, 0x7c,
166 0xf8, 0x98, 0x8c, 0xd8, 0x86, 0x62, 0xb3, 0xdc, 0xff, 0x0f, 0xff, 0x7a,
167 0xaf, 0x5c, 0x4c, 0x61, 0x49, 0x2e, 0xc8, 0x95, 0x86, 0xc4, 0x0e, 0x87,
168 0xfc, 0x1d, 0xcf, 0x8b, 0x7c, 0x61, 0xf6, 0xd8, 0xd0, 0x69, 0xf6, 0xcd,
169 0x8a, 0x8c, 0xf6, 0x62, 0xa2, 0x56, 0xa9, 0xe3, 0xd1, 0xcf, 0x4d, 0xa0,
170 0xf6, 0x2d, 0x20, 0x0a, 0x04, 0xb7, 0xa2, 0xf7, 0xb5, 0x99, 0x47, 0x18,
171 0x56, 0x85, 0x87, 0xc7, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01,
172 0x01, 0x00, 0x99, 0x41, 0x38, 0x1a, 0xd0, 0x96, 0x7a, 0xf0, 0x83, 0xd5,
173 0xdf, 0x94, 0xce, 0x89, 0x3d, 0xec, 0x7a, 0x52, 0x21, 0x10, 0x16, 0x06,
174 0xe0, 0xee, 0xd2, 0xe6, 0xfd, 0x4b, 0x7b, 0x19, 0x4d, 0xe1, 0xc0, 0xc0,
175 0xd5, 0x14, 0x5d, 0x79, 0xdd, 0x7e, 0x8b, 0x4b, 0xc6, 0xcf, 0xb0, 0x75,
176 0x52, 0xa3, 0x2d, 0xb1, 0x26, 0x46, 0x68, 0x9c, 0x0a, 0x1a, 0xf2, 0xe1,
177 0x09, 0xac, 0x53, 0x85, 0x8c, 0x36, 0xa9, 0x14, 0x65, 0xea, 0xa0, 0x00,
178 0xcb, 0xe3, 0x3f, 0xc4, 0x2b, 0x61, 0x2e, 0x6b, 0x06, 0x69, 0x77, 0xfd,
179 0x38, 0x7e, 0x1d, 0x3f, 0x92, 0xe7, 0x77, 0x08, 0x19, 0xa7, 0x9d, 0x29,
180 0x2d, 0xdc, 0x42, 0xc6, 0x7c, 0xd7, 0xd3, 0xa8, 0x01, 0x2c, 0xf2, 0xd5,
181 0x82, 0x57, 0xcb, 0x55, 0x3d, 0xe7, 0xaa, 0xd2, 0x06, 0x30, 0x30, 0x05,
182 0xe6, 0xf2, 0x47, 0x86, 0xba, 0xc6, 0x61, 0x64, 0xeb, 0x4f, 0x2a, 0x5e,
183 0x07, 0x29, 0xe0, 0x96, 0xb2, 0x43, 0xff, 0x5f, 0x1a, 0x54, 0x16, 0xcf,
184 0xb5, 0x56, 0x5c, 0xa0, 0x9b, 0x0c, 0xfd, 0xb3, 0xd2, 0xe3, 0x79, 0x1d,
185 0x21, 0xe2, 0xd6, 0x13, 0xc4, 0x74, 0xa6, 0xf5, 0x8e, 0x8e, 0x81, 0xbb,
186 0xb4, 0xad, 0x8a, 0xf0, 0x93, 0x0a, 0xd8, 0x0a, 0x42, 0x36, 0xbc, 0xe5,
187 0x26, 0x2a, 0x0d, 0x5d, 0x57, 0x13, 0xc5, 0x4e, 0x2f, 0x12, 0x0e, 0xef,
188 0xa7, 0x81, 0x1e, 0xc3, 0xa5, 0xdb, 0xc9, 0x24, 0xeb, 0x1a, 0xa1, 0xf9,
189 0xf6, 0xa1, 0x78, 0x98, 0x93, 0x77, 0x42, 0x45, 0x03, 0xe2, 0xc9, 0xa2,
190 0xfe, 0x2d, 0x77, 0xc8, 0xc6, 0xac, 0x9b, 0x98, 0x89, 0x6d, 0x9a, 0xe7,
191 0x61, 0x63, 0xb7, 0xf2, 0xec, 0xd6, 0xb1, 0xa1, 0x6e, 0x0a, 0x1a, 0xff,
192 0xfd, 0x43, 0x28, 0xc3, 0x0c, 0xdc, 0xf2, 0x47, 0x4f, 0x27, 0xaa, 0x99,
193 0x04, 0x8e, 0xac, 0xe8, 0x7c, 0x01, 0x02, 0x04, 0x12, 0x34, 0x56, 0x78,
194 0x02, 0x81, 0x81, 0x00, 0xca, 0x69, 0xe5, 0xbb, 0x3a, 0x90, 0x82, 0xcb,
195 0x82, 0x50, 0x2f, 0x29, 0xe2, 0x76, 0x6a, 0x57, 0x55, 0x45, 0x4e, 0x35,
196 0x18, 0x61, 0xe0, 0x12, 0x70, 0xc0, 0xab, 0xc7, 0x80, 0xa2, 0xd4, 0x46,
197 0x34, 0x03, 0xa0, 0x19, 0x26, 0x23, 0x9e, 0xef, 0x1a, 0xcb, 0x75, 0xd6,
198 0xba, 0x81, 0xf4, 0x7e, 0x52, 0xe5, 0x2a, 0xe8, 0xf1, 0x49, 0x6c, 0x0f,
199 0x1a, 0xa0, 0xf9, 0xc6, 0xe7, 0xec, 0x60, 0xe4, 0xcb, 0x2a, 0xb5, 0x56,
200 0xe9, 0x9c, 0xcd, 0x19, 0x75, 0x92, 0xb1, 0x66, 0xce, 0xc3, 0xd9, 0x3d,
201 0x11, 0xcb, 0xc4, 0x09, 0xce, 0x1e, 0x30, 0xba, 0x2f, 0x60, 0x60, 0x55,
202 0x8d, 0x02, 0xdc, 0x5d, 0xaf, 0xf7, 0x52, 0x31, 0x17, 0x07, 0x53, 0x20,
203 0x33, 0xad, 0x8c, 0xd5, 0x2f, 0x5a, 0xd0, 0x57, 0xd7, 0xd1, 0x80, 0xd6,
204 0x3a, 0x9b, 0x04, 0x4f, 0x35, 0xbf, 0xe7, 0xd5, 0xbc, 0x8f, 0xd4, 0x81,
205 0x02, 0x81, 0x81, 0x00, 0xc0, 0x9f, 0xf8, 0xcd, 0xf7, 0x3f, 0x26, 0x8a,
206 0x3d, 0x4d, 0x2b, 0x0c, 0x01, 0xd0, 0xa2, 0xb4, 0x18, 0xfe, 0xf7, 0x5e,
207 0x2f, 0x06, 0x13, 0xcd, 0x63, 0xaa, 0x12, 0xa9, 0x24, 0x86, 0xe3, 0xf3,
208 0x7b, 0xda, 0x1a, 0x3c, 0xb1, 0x38, 0x80, 0x80, 0xef, 0x64, 0x64, 0xa1,
209 0x9b, 0xfe, 0x76, 0x63, 0x8e, 0x83, 0xd2, 0xd9, 0xb9, 0x86, 0xb0, 0xe6,
210 0xa6, 0x0c, 0x7e, 0xa8, 0x84, 0x90, 0x98, 0x0c, 0x1e, 0xf3, 0x14, 0x77,
211 0xe0, 0x5f, 0x81, 0x08, 0x11, 0x8f, 0xa6, 0x23, 0xc4, 0xba, 0xc0, 0x8a,
212 0xe4, 0xc6, 0xe3, 0x5c, 0xbe, 0xc5, 0xec, 0x2c, 0xb9, 0xd8, 0x8c, 0x4d,
213 0x1a, 0x9d, 0xe7, 0x7c, 0x85, 0x4c, 0x0d, 0x71, 0x4e, 0x72, 0x33, 0x1b,
214 0xfe, 0xa9, 0x17, 0x72, 0x76, 0x56, 0x9d, 0x74, 0x7e, 0x52, 0x67, 0x9a,
215 0x87, 0x9a, 0xdb, 0x30, 0xde, 0xe4, 0x49, 0x28, 0x3b, 0xd2, 0x67, 0xaf,
216 0x02, 0x81, 0x81, 0x00, 0x89, 0x74, 0x9a, 0x8e, 0xa7, 0xb9, 0xa5, 0x28,
217 0xc0, 0x68, 0xe5, 0x6e, 0x63, 0x1c, 0x99, 0x20, 0x8f, 0x86, 0x8e, 0x12,
218 0x9e, 0x69, 0x30, 0xfa, 0x34, 0xd9, 0x92, 0x8d, 0xdb, 0x7c, 0x37, 0xfd,
219 0x28, 0xab, 0x61, 0x98, 0x52, 0x7f, 0x14, 0x1a, 0x39, 0xae, 0xfb, 0x6a,
220 0x03, 0xa3, 0xe6, 0xbd, 0xb6, 0x5b, 0x6b, 0xe5, 0x5e, 0x9d, 0xc6, 0xa5,
221 0x07, 0x27, 0x54, 0x17, 0xd0, 0x3d, 0x84, 0x9b, 0x3a, 0xa0, 0xd9, 0x1e,
222 0x99, 0x6c, 0x63, 0x17, 0xab, 0xf1, 0x1f, 0x49, 0xba, 0x95, 0xe3, 0x3b,
223 0x86, 0x8f, 0x42, 0xa4, 0x89, 0xf5, 0x94, 0x8f, 0x8b, 0x46, 0xbe, 0x84,
224 0xba, 0x4a, 0xbc, 0x0d, 0x5f, 0x46, 0xeb, 0xe8, 0xec, 0x43, 0x8c, 0x1e,
225 0xad, 0x19, 0x69, 0x2f, 0x08, 0x86, 0x7a, 0x3f, 0x7d, 0x0f, 0x07, 0x97,
226 0xf3, 0x9a, 0x7b, 0xb5, 0xb2, 0xc1, 0x8c, 0x95, 0x68, 0x04, 0xa0, 0x81,
227 0x02, 0x81, 0x80, 0x4e, 0xbf, 0x7e, 0x1b, 0xcb, 0x13, 0x61, 0x75, 0x3b,
228 0xdb, 0x59, 0x5f, 0xb1, 0xd4, 0xb8, 0xeb, 0x9e, 0x73, 0xb5, 0xe7, 0xf6,
229 0x89, 0x3d, 0x1c, 0xda, 0xf0, 0x36, 0xff, 0x35, 0xbd, 0x1e, 0x0b, 0x74,
230 0xe3, 0x9e, 0xf0, 0xf2, 0xf7, 0xd7, 0x82, 0xb7, 0x7b, 0x6a, 0x1b, 0x0e,
231 0x30, 0x4a, 0x98, 0x0e, 0xb4, 0xf9, 0x81, 0x07, 0xe4, 0x75, 0x39, 0xe9,
232 0x53, 0xca, 0xbb, 0x5c, 0xaa, 0x93, 0x07, 0x0e, 0xa8, 0x2f, 0xba, 0x98,
233 0x49, 0x30, 0xa7, 0xcc, 0x1a, 0x3c, 0x68, 0x0c, 0xe1, 0xa4, 0xb1, 0x05,
234 0xe6, 0xe0, 0x25, 0x78, 0x58, 0x14, 0x37, 0xf5, 0x1f, 0xe3, 0x22, 0xef,
235 0xa8, 0x0e, 0x22, 0xa0, 0x94, 0x3a, 0xf6, 0xc9, 0x13, 0xe6, 0x06, 0xbf,
236 0x7f, 0x99, 0xc6, 0xcc, 0xd8, 0xc6, 0xbe, 0xd9, 0x2e, 0x24, 0xc7, 0x69,
237 0x8c, 0x95, 0xba, 0xf6, 0x04, 0xb3, 0x0a, 0xf4, 0xcb, 0xf0, 0xce,
240 static const unsigned char kMsg[] = { 1, 2, 3, 4 };
242 static const unsigned char kSignature[] = {
243 0xa5, 0xf0, 0x8a, 0x47, 0x5d, 0x3c, 0xb3, 0xcc, 0xa9, 0x79, 0xaf, 0x4d,
244 0x8c, 0xae, 0x4c, 0x14, 0xef, 0xc2, 0x0b, 0x34, 0x36, 0xde, 0xf4, 0x3e,
245 0x3d, 0xbb, 0x4a, 0x60, 0x5c, 0xc8, 0x91, 0x28, 0xda, 0xfb, 0x7e, 0x04,
246 0x96, 0x7e, 0x63, 0x13, 0x90, 0xce, 0xb9, 0xb4, 0x62, 0x7a, 0xfd, 0x09,
247 0x3d, 0xc7, 0x67, 0x78, 0x54, 0x04, 0xeb, 0x52, 0x62, 0x6e, 0x24, 0x67,
248 0xb4, 0x40, 0xfc, 0x57, 0x62, 0xc6, 0xf1, 0x67, 0xc1, 0x97, 0x8f, 0x6a,
249 0xa8, 0xae, 0x44, 0x46, 0x5e, 0xab, 0x67, 0x17, 0x53, 0x19, 0x3a, 0xda,
250 0x5a, 0xc8, 0x16, 0x3e, 0x86, 0xd5, 0xc5, 0x71, 0x2f, 0xfc, 0x23, 0x48,
251 0xd9, 0x0b, 0x13, 0xdd, 0x7b, 0x5a, 0x25, 0x79, 0xef, 0xa5, 0x7b, 0x04,
252 0xed, 0x44, 0xf6, 0x18, 0x55, 0xe4, 0x0a, 0xe9, 0x57, 0x79, 0x5d, 0xd7,
253 0x55, 0xa7, 0xab, 0x45, 0x02, 0x97, 0x60, 0x42,
257 * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS #8
260 static const unsigned char kExampleRSAKeyPKCS8[] = {
261 0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
262 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
263 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
264 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5,
265 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e,
266 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34,
267 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde,
268 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8,
269 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b,
270 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83,
271 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48,
272 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a,
273 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2,
274 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01,
275 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a,
276 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5,
277 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6,
278 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8,
279 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6,
280 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f,
281 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c,
282 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78,
283 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71,
284 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60,
285 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d,
286 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3,
287 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d,
288 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18,
289 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d,
290 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32,
291 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc,
292 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63,
293 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05,
294 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16,
295 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3,
296 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85,
297 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97,
298 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7,
299 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99,
300 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4,
301 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d,
302 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40,
303 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26,
304 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1,
305 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c,
306 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30,
307 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea,
308 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b,
309 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e,
310 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9,
311 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae,
312 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d,
313 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
316 #ifndef OPENSSL_NO_EC
318 * kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey
321 static const unsigned char kExampleECKeyDER[] = {
322 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x07, 0x0f, 0x08, 0x72, 0x7a,
323 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 0x4d, 0x89, 0x68, 0x77, 0x08,
324 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 0xe8, 0xd1, 0xc9, 0xce, 0x0a,
325 0x8b, 0xb4, 0x6a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
326 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69,
327 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c,
328 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9,
329 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18,
330 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16,
331 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22,
336 * kExampleBadECKeyDER is a sample EC private key encoded as an ECPrivateKey
337 * structure. The private key is equal to the order and will fail to import
339 static const unsigned char kExampleBadECKeyDER[] = {
340 0x30, 0x66, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48,
341 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03,
342 0x01, 0x07, 0x04, 0x4C, 0x30, 0x4A, 0x02, 0x01, 0x01, 0x04, 0x20, 0xFF,
343 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
344 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3,
345 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51, 0xA1, 0x23, 0x03, 0x21, 0x00,
346 0x00, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
347 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84,
348 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51
352 static const unsigned char kExampleECPubKeyDER[] = {
353 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
354 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
355 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
356 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
357 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
358 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
359 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
360 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
364 * kExampleBadECPubKeyDER is a sample EC public key with a wrong OID
365 * 1.2.840.10045.2.2 instead of 1.2.840.10045.2.1 - EC Public Key
367 static const unsigned char kExampleBadECPubKeyDER[] = {
368 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
369 0x02, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
370 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
371 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
372 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
373 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
374 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
375 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
378 static const unsigned char pExampleECParamDER[] = {
379 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07
383 typedef struct APK_DATA_st {
384 const unsigned char *kder;
390 int type; /* 0 for private, 1 for public, 2 for params */
393 static APK_DATA keydata[] = {
394 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), EVP_PKEY_RSA},
395 {kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), EVP_PKEY_RSA},
396 #ifndef OPENSSL_NO_EC
397 {kExampleECKeyDER, sizeof(kExampleECKeyDER), EVP_PKEY_EC}
401 static APK_DATA keycheckdata[] = {
402 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), EVP_PKEY_RSA, 1, -2, -2, 0},
403 {kExampleBadRSAKeyDER, sizeof(kExampleBadRSAKeyDER), EVP_PKEY_RSA,
405 #ifndef OPENSSL_NO_EC
406 {kExampleECKeyDER, sizeof(kExampleECKeyDER), EVP_PKEY_EC, 1, 1, 1, 0},
407 /* group is also associated in our pub key */
408 {kExampleECPubKeyDER, sizeof(kExampleECPubKeyDER), EVP_PKEY_EC, 0, 1, 1, 1},
409 {pExampleECParamDER, sizeof(pExampleECParamDER), EVP_PKEY_EC, 0, 0, 1, 2}
413 static EVP_PKEY *load_example_rsa_key(void)
415 EVP_PKEY *ret = NULL;
416 const unsigned char *derp = kExampleRSAKeyDER;
417 EVP_PKEY *pkey = NULL;
420 if (!TEST_true(d2i_RSAPrivateKey(&rsa, &derp, sizeof(kExampleRSAKeyDER))))
423 if (!TEST_ptr(pkey = EVP_PKEY_new())
424 || !TEST_true(EVP_PKEY_set1_RSA(pkey, rsa)))
437 #ifndef OPENSSL_NO_DSA
438 static EVP_PKEY *load_example_dsa_key(void)
440 EVP_PKEY *ret = NULL;
441 const unsigned char *derp = kExampleDSAKeyDER;
442 EVP_PKEY *pkey = NULL;
445 if (!TEST_true(d2i_DSAPrivateKey(&dsa, &derp, sizeof(kExampleDSAKeyDER))))
448 if (!TEST_ptr(pkey = EVP_PKEY_new())
449 || !TEST_true(EVP_PKEY_set1_DSA(pkey, dsa)))
463 static EVP_PKEY *load_example_hmac_key(void)
465 EVP_PKEY *pkey = NULL;
466 unsigned char key[] = {
467 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
468 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
469 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
472 pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, NULL, key, sizeof(key));
479 static int test_EVP_set_default_properties(void)
485 if (!TEST_ptr(ctx = OPENSSL_CTX_new())
486 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
491 if (!TEST_true(EVP_set_default_properties(ctx, "provider=fizzbang"))
492 || !TEST_ptr_null(md = EVP_MD_fetch(ctx, "sha256", NULL))
493 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", "-provider")))
498 if (!TEST_true(EVP_set_default_properties(ctx, NULL))
499 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
504 OPENSSL_CTX_free(ctx);
508 static int test_EVP_Enveloped(void)
511 EVP_CIPHER_CTX *ctx = NULL;
512 EVP_PKEY *keypair = NULL;
513 unsigned char *kek = NULL;
514 unsigned char iv[EVP_MAX_IV_LENGTH];
515 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8 };
516 int len, kek_len, ciphertext_len, plaintext_len;
517 unsigned char ciphertext[32], plaintext[16];
518 const EVP_CIPHER *type = EVP_aes_256_cbc();
520 if (!TEST_ptr(keypair = load_example_rsa_key())
521 || !TEST_ptr(kek = OPENSSL_zalloc(EVP_PKEY_size(keypair)))
522 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
523 || !TEST_true(EVP_SealInit(ctx, type, &kek, &kek_len, iv,
525 || !TEST_true(EVP_SealUpdate(ctx, ciphertext, &ciphertext_len,
527 || !TEST_true(EVP_SealFinal(ctx, ciphertext + ciphertext_len,
531 ciphertext_len += len;
533 if (!TEST_true(EVP_OpenInit(ctx, type, kek, kek_len, iv, keypair))
534 || !TEST_true(EVP_OpenUpdate(ctx, plaintext, &plaintext_len,
535 ciphertext, ciphertext_len))
536 || !TEST_true(EVP_OpenFinal(ctx, plaintext + plaintext_len, &len)))
539 plaintext_len += len;
540 if (!TEST_mem_eq(msg, sizeof(msg), plaintext, plaintext_len))
546 EVP_PKEY_free(keypair);
547 EVP_CIPHER_CTX_free(ctx);
552 * Test 0: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, RSA)
553 * Test 1: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, DSA)
554 * Test 2: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, HMAC)
555 * Test 3: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, RSA)
556 * Test 4: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, DSA)
557 * Test 5: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch diegst, HMAC)
558 * Test 6: Use an MD BIO to do the Update calls instead (RSA)
559 * Test 7: Use an MD BIO to do the Update calls instead (DSA)
560 * Test 8: Use an MD BIO to do the Update calls instead (HMAC)
562 static int test_EVP_DigestSignInit(int tst)
565 EVP_PKEY *pkey = NULL;
566 unsigned char *sig = NULL;
568 EVP_MD_CTX *md_ctx = NULL, *md_ctx_verify = NULL;
569 EVP_MD_CTX *a_md_ctx = NULL, *a_md_ctx_verify = NULL;
570 BIO *mdbio = NULL, *membio = NULL;
573 EVP_MD *mdexp = NULL;
576 membio = BIO_new(BIO_s_mem());
577 mdbio = BIO_new(BIO_f_md());
578 if (!TEST_ptr(membio) || !TEST_ptr(mdbio))
580 BIO_push(mdbio, membio);
581 if (!TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx), 0))
584 if (!TEST_ptr(a_md_ctx = md_ctx = EVP_MD_CTX_new())
585 || !TEST_ptr(a_md_ctx_verify = md_ctx_verify = EVP_MD_CTX_new()))
589 if (tst == 0 || tst == 3 || tst == 6) {
590 if (!TEST_ptr(pkey = load_example_rsa_key()))
592 } else if (tst == 1 || tst == 4 || tst == 7) {
593 #ifndef OPENSSL_NO_DSA
594 if (!TEST_ptr(pkey = load_example_dsa_key()))
601 if (!TEST_ptr(pkey = load_example_hmac_key()))
605 if (tst >= 3 && tst <= 5)
606 md = mdexp = EVP_MD_fetch(NULL, "SHA256", NULL);
610 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, md, NULL, pkey)))
614 if (!BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written))
617 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
621 /* Determine the size of the signature. */
622 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len))
623 || !TEST_ptr(sig = OPENSSL_malloc(sig_len))
624 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
628 if (!TEST_int_gt(BIO_reset(mdbio), 0)
629 || !TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx_verify), 0))
634 * Ensure that the signature round-trips (Verification isn't supported for
635 * HMAC via EVP_DigestVerify*)
637 if (tst != 2 && tst != 5 && tst != 8) {
638 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, md,
643 if (!TEST_true(BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written)))
646 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg,
650 if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)))
659 EVP_MD_CTX_free(a_md_ctx);
660 EVP_MD_CTX_free(a_md_ctx_verify);
668 static int test_EVP_DigestVerifyInit(void)
671 EVP_PKEY *pkey = NULL;
672 EVP_MD_CTX *md_ctx = NULL;
674 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new())
675 || !TEST_ptr(pkey = load_example_rsa_key()))
678 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, EVP_sha256(), NULL, pkey))
679 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)))
680 || !TEST_true(EVP_DigestVerifyFinal(md_ctx, kSignature,
681 sizeof(kSignature))))
686 EVP_MD_CTX_free(md_ctx);
691 static int test_d2i_AutoPrivateKey(int i)
694 const unsigned char *p;
695 EVP_PKEY *pkey = NULL;
696 const APK_DATA *ak = &keydata[i];
697 const unsigned char *input = ak->kder;
698 size_t input_len = ak->size;
699 int expected_id = ak->evptype;
702 if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len))
703 || !TEST_ptr_eq(p, input + input_len)
704 || !TEST_int_eq(EVP_PKEY_id(pkey), expected_id))
714 #ifndef OPENSSL_NO_EC
716 static const unsigned char ec_public_sect163k1_validxy[] = {
717 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
718 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
719 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
720 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x02, 0xd1, 0x7b,
721 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
722 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
725 static const unsigned char ec_public_sect163k1_badx[] = {
726 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
727 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
728 0x0a, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
729 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0xb0, 0x02, 0xd1, 0x7b,
730 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
731 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
734 static const unsigned char ec_public_sect163k1_bady[] = {
735 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
736 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
737 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
738 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x0a, 0xd1, 0x7b,
739 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
740 0x6a, 0xd8, 0x17, 0x65, 0x41, 0xe6
743 static struct ec_der_pub_keys_st {
744 const unsigned char *der;
747 } ec_der_pub_keys[] = {
748 { ec_public_sect163k1_validxy, sizeof(ec_public_sect163k1_validxy), 1 },
749 { ec_public_sect163k1_badx, sizeof(ec_public_sect163k1_badx), 0 },
750 { ec_public_sect163k1_bady, sizeof(ec_public_sect163k1_bady), 0 },
754 * Tests the range of the decoded EC char2 public point.
755 * See ec_GF2m_simple_oct2point().
757 static int test_invalide_ec_char2_pub_range_decode(int id)
761 EC_KEY *eckey = NULL;
763 if (!TEST_ptr(bio = BIO_new_mem_buf(ec_der_pub_keys[id].der,
764 ec_der_pub_keys[id].len)))
766 eckey = d2i_EC_PUBKEY_bio(bio, NULL);
767 ret = (ec_der_pub_keys[id].valid && TEST_ptr(eckey))
768 || TEST_ptr_null(eckey);
775 /* Tests loading a bad key in PKCS8 format */
776 static int test_EVP_PKCS82PKEY(void)
779 const unsigned char *derp = kExampleBadECKeyDER;
780 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
781 EVP_PKEY *pkey = NULL;
783 if (!TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &derp,
784 sizeof(kExampleBadECKeyDER))))
787 if (!TEST_ptr_eq(derp,
788 kExampleBadECKeyDER + sizeof(kExampleBadECKeyDER)))
791 if (!TEST_ptr_null(pkey = EVP_PKCS82PKEY(p8inf)))
797 PKCS8_PRIV_KEY_INFO_free(p8inf);
804 /* This uses kExampleRSAKeyDER and kExampleRSAKeyPKCS8 to verify encoding */
805 static int test_privatekey_to_pkcs8(void)
807 EVP_PKEY *pkey = NULL;
813 if (!TEST_ptr(membio = BIO_new(BIO_s_mem()))
814 || !TEST_ptr(pkey = load_example_rsa_key())
815 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL,
816 NULL, 0, NULL, NULL),
818 || !TEST_int_gt(membuf_len = BIO_get_mem_data(membio, &membuf), 0)
820 || !TEST_mem_eq(membuf, (size_t)membuf_len,
821 kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8))
823 * We try to write PEM as well, just to see that it doesn't err, but
824 * assume that the result is correct.
826 || !TEST_int_gt(PEM_write_bio_PKCS8PrivateKey(membio, pkey, NULL,
827 NULL, 0, NULL, NULL),
834 BIO_free_all(membio);
838 #ifndef OPENSSL_NO_EC
839 static const struct {
841 const char *encoding_name;
843 { OPENSSL_EC_EXPLICIT_CURVE, OSSL_PKEY_EC_ENCODING_EXPLICIT },
844 { OPENSSL_EC_NAMED_CURVE, OSSL_PKEY_EC_ENCODING_GROUP }
847 static int ec_export_get_encoding_cb(const OSSL_PARAM params[], void *arg)
850 const char *enc_name = NULL;
856 if (!TEST_ptr(p = OSSL_PARAM_locate_const(params,
857 OSSL_PKEY_PARAM_EC_ENCODING))
858 || !TEST_true(OSSL_PARAM_get_utf8_string_ptr(p, &enc_name)))
861 for (i = 0; i < OSSL_NELEM(ec_encodings); i++) {
862 if (strcasecmp(enc_name, ec_encodings[i].encoding_name) == 0) {
863 *enc = ec_encodings[i].encoding;
871 static int test_EC_keygen_with_enc(int idx)
873 EVP_PKEY *params = NULL, *key = NULL;
874 EVP_PKEY_CTX *pctx = NULL, *kctx = NULL;
878 enc = ec_encodings[idx].encoding;
880 /* Create key parameters */
881 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "EC", NULL))
882 || !TEST_true(EVP_PKEY_paramgen_init(pctx))
883 || !TEST_true(EVP_PKEY_CTX_set_group_name(pctx, "P-256"))
884 || !TEST_true(EVP_PKEY_CTX_set_ec_param_enc(pctx, enc))
885 || !TEST_true(EVP_PKEY_paramgen(pctx, ¶ms))
886 || !TEST_ptr(params))
890 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx, params, NULL))
891 || !TEST_true(EVP_PKEY_keygen_init(kctx))
892 || !TEST_true(EVP_PKEY_keygen(kctx, &key))
896 /* Check that the encoding got all the way into the key */
897 if (!TEST_true(evp_keymgmt_util_export(key, OSSL_KEYMGMT_SELECT_ALL,
898 ec_export_get_encoding_cb, &enc))
899 || !TEST_int_eq(enc, ec_encodings[idx].encoding))
905 EVP_PKEY_free(params);
906 EVP_PKEY_CTX_free(kctx);
907 EVP_PKEY_CTX_free(pctx);
912 #if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
914 static int test_EVP_SM2_verify(void)
917 "-----BEGIN PUBLIC KEY-----\n"
918 "MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEp1KLWq1ZE2jmoAnnBJE1LBGxVr18\n"
919 "YvvqECWCpXfAQ9qUJ+UmthnUPf0iM3SaXKHe6PlLIDyNlWMWb9RUh/yU3g==\n"
920 "-----END PUBLIC KEY-----\n";
922 const char *msg = "message digest";
923 const char *id = "ALICE123@YAHOO.COM";
925 const uint8_t signature[] = {
926 0x30, 0x44, 0x02, 0x20, 0x5b, 0xdb, 0xab, 0x81, 0x4f, 0xbb,
927 0x8b, 0x69, 0xb1, 0x05, 0x9c, 0x99, 0x3b, 0xb2, 0x45, 0x06,
928 0x4a, 0x30, 0x15, 0x59, 0x84, 0xcd, 0xee, 0x30, 0x60, 0x36,
929 0x57, 0x87, 0xef, 0x5c, 0xd0, 0xbe, 0x02, 0x20, 0x43, 0x8d,
930 0x1f, 0xc7, 0x77, 0x72, 0x39, 0xbb, 0x72, 0xe1, 0xfd, 0x07,
931 0x58, 0xd5, 0x82, 0xc8, 0x2d, 0xba, 0x3b, 0x2c, 0x46, 0x24,
932 0xe3, 0x50, 0xff, 0x04, 0xc7, 0xa0, 0x71, 0x9f, 0xa4, 0x70
937 EVP_PKEY *pkey = NULL;
938 EVP_MD_CTX *mctx = NULL;
939 EVP_PKEY_CTX *pctx = NULL;
941 bio = BIO_new_mem_buf(pubkey, strlen(pubkey));
942 if (!TEST_true(bio != NULL))
945 pkey = PEM_read_bio_PUBKEY(bio, NULL, NULL, NULL);
946 if (!TEST_true(pkey != NULL))
949 if (!TEST_true(EVP_PKEY_is_a(pkey, "SM2")))
952 if (!TEST_ptr(mctx = EVP_MD_CTX_new()))
955 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new(pkey, NULL)))
958 EVP_MD_CTX_set_pkey_ctx(mctx, pctx);
960 if (!TEST_true(EVP_DigestVerifyInit(mctx, NULL, EVP_sm3(), NULL, pkey)))
963 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(pctx, id, strlen(id)), 0))
966 if (!TEST_true(EVP_DigestVerifyUpdate(mctx, msg, strlen(msg))))
969 if (!TEST_true(EVP_DigestVerifyFinal(mctx, signature, sizeof(signature))))
976 EVP_PKEY_CTX_free(pctx);
977 EVP_MD_CTX_free(mctx);
981 static int test_EVP_SM2(void)
984 EVP_PKEY *pkey = NULL;
985 EVP_PKEY *params = NULL;
986 EVP_PKEY_CTX *pctx = NULL;
987 EVP_PKEY_CTX *kctx = NULL;
988 EVP_PKEY_CTX *sctx = NULL;
990 unsigned char *sig = NULL;
991 EVP_MD_CTX *md_ctx = NULL;
992 EVP_MD_CTX *md_ctx_verify = NULL;
993 EVP_PKEY_CTX *cctx = NULL;
995 uint8_t ciphertext[128];
996 size_t ctext_len = sizeof(ciphertext);
998 uint8_t plaintext[8];
999 size_t ptext_len = sizeof(plaintext);
1001 uint8_t sm2_id[] = {1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r'};
1003 pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_SM2, NULL);
1004 if (!TEST_ptr(pctx))
1007 if (!TEST_true(EVP_PKEY_paramgen_init(pctx) == 1))
1010 /* TODO is this even needed? */
1011 if (!TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, NID_sm2)))
1014 if (!TEST_true(EVP_PKEY_paramgen(pctx, ¶ms)))
1017 kctx = EVP_PKEY_CTX_new(params, NULL);
1018 if (!TEST_ptr(kctx))
1021 if (!TEST_true(EVP_PKEY_keygen_init(kctx)))
1024 if (!TEST_true(EVP_PKEY_keygen(kctx, &pkey)))
1027 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1030 if (!TEST_ptr(md_ctx_verify = EVP_MD_CTX_new()))
1033 if (!TEST_ptr(sctx = EVP_PKEY_CTX_new(pkey, NULL)))
1036 EVP_MD_CTX_set_pkey_ctx(md_ctx, sctx);
1037 EVP_MD_CTX_set_pkey_ctx(md_ctx_verify, sctx);
1039 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, EVP_sm3(), NULL, pkey)))
1042 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
1045 if(!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
1048 /* Determine the size of the signature. */
1049 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len)))
1052 if (!TEST_ptr(sig = OPENSSL_malloc(sig_len)))
1055 if (!TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
1058 /* Ensure that the signature round-trips. */
1060 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, EVP_sm3(), NULL, pkey)))
1063 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
1066 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg))))
1069 if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)))
1072 /* now check encryption/decryption */
1074 * SM2 public key encrytion is not moved into default provider yet,
1075 * so we make sure the key gets downgraded for the moment being.
1076 * TODO Remove this call when provided SM2 encryption is implemented
1078 if (!TEST_ptr(EVP_PKEY_get0(pkey)))
1081 if (!TEST_ptr(cctx = EVP_PKEY_CTX_new(pkey, NULL)))
1084 if (!TEST_true(EVP_PKEY_encrypt_init(cctx)))
1087 if (!TEST_true(EVP_PKEY_encrypt(cctx, ciphertext, &ctext_len, kMsg, sizeof(kMsg))))
1090 if (!TEST_true(EVP_PKEY_decrypt_init(cctx)))
1093 if (!TEST_true(EVP_PKEY_decrypt(cctx, plaintext, &ptext_len, ciphertext, ctext_len)))
1096 if (!TEST_true(ptext_len == sizeof(kMsg)))
1099 if (!TEST_true(memcmp(plaintext, kMsg, sizeof(kMsg)) == 0))
1104 EVP_PKEY_CTX_free(pctx);
1105 EVP_PKEY_CTX_free(kctx);
1106 EVP_PKEY_CTX_free(sctx);
1107 EVP_PKEY_CTX_free(cctx);
1108 EVP_PKEY_free(pkey);
1109 EVP_PKEY_free(params);
1110 EVP_MD_CTX_free(md_ctx);
1111 EVP_MD_CTX_free(md_ctx_verify);
1118 static struct keys_st {
1124 EVP_PKEY_HMAC, "0123456789", NULL
1126 EVP_PKEY_POLY1305, "01234567890123456789012345678901", NULL
1128 EVP_PKEY_SIPHASH, "0123456789012345", NULL
1130 #ifndef OPENSSL_NO_EC
1132 EVP_PKEY_X25519, "01234567890123456789012345678901",
1133 "abcdefghijklmnopqrstuvwxyzabcdef"
1135 EVP_PKEY_ED25519, "01234567890123456789012345678901",
1136 "abcdefghijklmnopqrstuvwxyzabcdef"
1139 "01234567890123456789012345678901234567890123456789012345",
1140 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd"
1143 "012345678901234567890123456789012345678901234567890123456",
1144 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcde"
1149 static int test_set_get_raw_keys_int(int tst, int pub, int uselibctx)
1152 unsigned char buf[80];
1154 size_t inlen, len = 0;
1157 /* Check if this algorithm supports public keys */
1158 if (keys[tst].pub == NULL)
1161 memset(buf, 0, sizeof(buf));
1164 inlen = strlen(keys[tst].pub);
1165 in = (unsigned char *)keys[tst].pub;
1167 pkey = EVP_PKEY_new_raw_public_key_with_libctx(
1169 OBJ_nid2sn(keys[tst].type),
1174 pkey = EVP_PKEY_new_raw_public_key(keys[tst].type,
1180 inlen = strlen(keys[tst].priv);
1181 in = (unsigned char *)keys[tst].priv;
1183 pkey = EVP_PKEY_new_raw_private_key_with_libctx(
1184 testctx, OBJ_nid2sn(keys[tst].type),
1189 pkey = EVP_PKEY_new_raw_private_key(keys[tst].type,
1197 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, NULL, &len)))
1198 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, NULL, &len)))
1199 || !TEST_true(len == inlen)
1200 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, buf, &len)))
1201 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, buf, &len)))
1202 || !TEST_mem_eq(in, inlen, buf, len))
1207 EVP_PKEY_free(pkey);
1211 static int test_set_get_raw_keys(int tst)
1213 return test_set_get_raw_keys_int(tst, 0, 0)
1214 && test_set_get_raw_keys_int(tst, 0, 1)
1215 && test_set_get_raw_keys_int(tst, 1, 0)
1216 && test_set_get_raw_keys_int(tst, 1, 1);
1219 #ifndef OPENSSL_NO_DEPRECATED_3_0
1220 static int pkey_custom_check(EVP_PKEY *pkey)
1225 static int pkey_custom_pub_check(EVP_PKEY *pkey)
1230 static int pkey_custom_param_check(EVP_PKEY *pkey)
1235 static EVP_PKEY_METHOD *custom_pmeth;
1238 static int test_EVP_PKEY_check(int i)
1241 const unsigned char *p;
1242 EVP_PKEY *pkey = NULL;
1243 #ifndef OPENSSL_NO_EC
1244 EC_KEY *eckey = NULL;
1246 EVP_PKEY_CTX *ctx = NULL;
1247 #ifndef OPENSSL_NO_DEPRECATED_3_0
1248 EVP_PKEY_CTX *ctx2 = NULL;
1250 const APK_DATA *ak = &keycheckdata[i];
1251 const unsigned char *input = ak->kder;
1252 size_t input_len = ak->size;
1253 int expected_id = ak->evptype;
1254 int expected_check = ak->check;
1255 int expected_pub_check = ak->pub_check;
1256 int expected_param_check = ak->param_check;
1257 int type = ak->type;
1264 if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len))
1265 || !TEST_ptr_eq(p, input + input_len)
1266 || !TEST_int_eq(EVP_PKEY_id(pkey), expected_id))
1269 #ifndef OPENSSL_NO_EC
1271 if (!TEST_ptr(pubkey = BIO_new_mem_buf(input, input_len))
1272 || !TEST_ptr(eckey = d2i_EC_PUBKEY_bio(pubkey, NULL))
1273 || !TEST_ptr(pkey = EVP_PKEY_new())
1274 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
1278 if (!TEST_ptr(eckey = d2i_ECParameters(NULL, &p, input_len))
1279 || !TEST_ptr_eq(p, input + input_len)
1280 || !TEST_ptr(pkey = EVP_PKEY_new())
1281 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
1289 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new(pkey, NULL)))
1292 if (!TEST_int_eq(EVP_PKEY_check(ctx), expected_check))
1295 if (!TEST_int_eq(EVP_PKEY_public_check(ctx), expected_pub_check))
1298 if (!TEST_int_eq(EVP_PKEY_param_check(ctx), expected_param_check))
1301 #ifndef OPENSSL_NO_DEPRECATED_3_0
1302 ctx2 = EVP_PKEY_CTX_new_id(0xdefaced, NULL);
1303 /* assign the pkey directly, as an internal test */
1304 EVP_PKEY_up_ref(pkey);
1307 if (!TEST_int_eq(EVP_PKEY_check(ctx2), 0xbeef))
1310 if (!TEST_int_eq(EVP_PKEY_public_check(ctx2), 0xbeef))
1313 if (!TEST_int_eq(EVP_PKEY_param_check(ctx2), 0xbeef))
1320 EVP_PKEY_CTX_free(ctx);
1321 #ifndef OPENSSL_NO_DEPRECATED_3_0
1322 EVP_PKEY_CTX_free(ctx2);
1324 EVP_PKEY_free(pkey);
1329 #ifndef OPENSSL_NO_CMAC
1330 static int get_cmac_val(EVP_PKEY *pkey, unsigned char *mac)
1332 EVP_MD_CTX *mdctx = EVP_MD_CTX_new();
1333 const char msg[] = "Hello World";
1337 if (!TEST_ptr(mdctx)
1338 || !TEST_true(EVP_DigestSignInit(mdctx, NULL, NULL, NULL, pkey))
1339 || !TEST_true(EVP_DigestSignUpdate(mdctx, msg, sizeof(msg)))
1340 || !TEST_true(EVP_DigestSignFinal(mdctx, mac, &maclen))
1341 || !TEST_size_t_eq(maclen, AES_BLOCK_SIZE))
1344 EVP_MD_CTX_free(mdctx);
1348 static int test_CMAC_keygen(void)
1350 static unsigned char key[] = {
1351 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
1352 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
1353 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
1356 * This is a legacy method for CMACs, but should still work.
1357 * This verifies that it works without an ENGINE.
1359 EVP_PKEY_CTX *kctx = EVP_PKEY_CTX_new_id(EVP_PKEY_CMAC, NULL);
1361 EVP_PKEY *pkey = NULL;
1362 unsigned char mac[AES_BLOCK_SIZE], mac2[AES_BLOCK_SIZE];
1364 /* Test a CMAC key created using the "generated" method */
1365 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0)
1366 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
1367 EVP_PKEY_CTRL_CIPHER,
1368 0, (void *)EVP_aes_256_ecb()), 0)
1369 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
1370 EVP_PKEY_CTRL_SET_MAC_KEY,
1371 sizeof(key), (void *)key), 0)
1372 || !TEST_int_gt(EVP_PKEY_keygen(kctx, &pkey), 0)
1374 || !TEST_true(get_cmac_val(pkey, mac)))
1377 EVP_PKEY_free(pkey);
1380 * Test a CMAC key using the direct method, and compare with the mac
1383 pkey = EVP_PKEY_new_CMAC_key(NULL, key, sizeof(key), EVP_aes_256_ecb());
1385 || !TEST_true(get_cmac_val(pkey, mac2))
1386 || !TEST_mem_eq(mac, sizeof(mac), mac2, sizeof(mac2)))
1392 EVP_PKEY_free(pkey);
1393 EVP_PKEY_CTX_free(kctx);
1398 static int test_HKDF(void)
1401 unsigned char out[20];
1404 unsigned char salt[] = "0123456789";
1405 unsigned char key[] = "012345678901234567890123456789";
1406 unsigned char info[] = "infostring";
1407 const unsigned char expected[] = {
1408 0xe5, 0x07, 0x70, 0x7f, 0xc6, 0x78, 0xd6, 0x54, 0x32, 0x5f, 0x7e, 0xc5,
1409 0x7b, 0x59, 0x3e, 0xd8, 0x03, 0x6b, 0xed, 0xca
1411 size_t expectedlen = sizeof(expected);
1413 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL)))
1416 /* We do this twice to test reuse of the EVP_PKEY_CTX */
1417 for (i = 0; i < 2; i++) {
1418 outlen = sizeof(out);
1419 memset(out, 0, outlen);
1421 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
1422 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
1423 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
1424 sizeof(salt) - 1), 0)
1425 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
1426 sizeof(key) - 1), 0)
1427 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
1428 sizeof(info) - 1), 0)
1429 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
1430 || !TEST_mem_eq(out, outlen, expected, expectedlen))
1437 EVP_PKEY_CTX_free(pctx);
1442 static int test_emptyikm_HKDF(void)
1445 unsigned char out[20];
1448 unsigned char salt[] = "9876543210";
1449 unsigned char key[] = "";
1450 unsigned char info[] = "stringinfo";
1451 const unsigned char expected[] = {
1452 0x68, 0x81, 0xa5, 0x3e, 0x5b, 0x9c, 0x7b, 0x6f, 0x2e, 0xec, 0xc8, 0x47,
1453 0x7c, 0xfa, 0x47, 0x35, 0x66, 0x82, 0x15, 0x30
1455 size_t expectedlen = sizeof(expected);
1457 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL)))
1460 outlen = sizeof(out);
1461 memset(out, 0, outlen);
1463 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
1464 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
1465 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
1466 sizeof(salt) - 1), 0)
1467 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
1468 sizeof(key) - 1), 0)
1469 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
1470 sizeof(info) - 1), 0)
1471 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
1472 || !TEST_mem_eq(out, outlen, expected, expectedlen))
1478 EVP_PKEY_CTX_free(pctx);
1483 #ifndef OPENSSL_NO_EC
1484 static int test_X509_PUBKEY_inplace(void)
1487 X509_PUBKEY *xp = NULL;
1488 const unsigned char *p = kExampleECPubKeyDER;
1489 size_t input_len = sizeof(kExampleECPubKeyDER);
1491 if (!TEST_ptr(xp = d2i_X509_PUBKEY(NULL, &p, input_len)))
1494 if (!TEST_ptr(X509_PUBKEY_get0(xp)))
1497 p = kExampleBadECPubKeyDER;
1498 input_len = sizeof(kExampleBadECPubKeyDER);
1500 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len)))
1503 if (!TEST_true(X509_PUBKEY_get0(xp) == NULL))
1509 X509_PUBKEY_free(xp);
1512 #endif /* OPENSSL_NO_EC */
1514 /* Test getting and setting parameters on an EVP_PKEY_CTX */
1515 static int test_EVP_PKEY_CTX_get_set_params(EVP_PKEY *pkey)
1517 EVP_MD_CTX *mdctx = NULL;
1518 EVP_PKEY_CTX *ctx = NULL;
1519 const OSSL_PARAM *params;
1520 OSSL_PARAM ourparams[2], *param = ourparams, *param_md;
1523 char mdname[OSSL_MAX_NAME_SIZE];
1526 /* Initialise a sign operation */
1527 ctx = EVP_PKEY_CTX_new(pkey, NULL);
1529 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0))
1533 * We should be able to query the parameters now.
1535 params = EVP_PKEY_CTX_settable_params(ctx);
1536 if (!TEST_ptr(params)
1537 || !TEST_ptr(OSSL_PARAM_locate_const(params,
1538 OSSL_SIGNATURE_PARAM_DIGEST)))
1541 params = EVP_PKEY_CTX_gettable_params(ctx);
1542 if (!TEST_ptr(params)
1543 || !TEST_ptr(OSSL_PARAM_locate_const(params,
1544 OSSL_SIGNATURE_PARAM_ALGORITHM_ID))
1545 || !TEST_ptr(OSSL_PARAM_locate_const(params,
1546 OSSL_SIGNATURE_PARAM_DIGEST)))
1550 * Test getting and setting params via EVP_PKEY_CTX_set_params() and
1551 * EVP_PKEY_CTX_get_params()
1553 strcpy(mdname, "SHA512");
1555 *param++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
1557 *param++ = OSSL_PARAM_construct_end();
1559 if (!TEST_true(EVP_PKEY_CTX_set_params(ctx, ourparams)))
1563 *param_md = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
1564 mdname, sizeof(mdname));
1565 if (!TEST_true(EVP_PKEY_CTX_get_params(ctx, ourparams))
1566 || !TEST_str_eq(mdname, "SHA512"))
1570 * Test the TEST_PKEY_CTX_set_signature_md() and
1571 * TEST_PKEY_CTX_get_signature_md() functions
1573 if (!TEST_int_gt(EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()), 0)
1574 || !TEST_int_gt(EVP_PKEY_CTX_get_signature_md(ctx, &md), 0)
1575 || !TEST_ptr_eq(md, EVP_sha256()))
1579 * Test getting MD parameters via an associated EVP_PKEY_CTX
1581 mdctx = EVP_MD_CTX_new();
1582 if (!TEST_ptr(mdctx)
1583 || !TEST_true(EVP_DigestSignInit_with_libctx(mdctx, NULL,
1589 * We now have an EVP_MD_CTX with an EVP_PKEY_CTX inside it. We should be
1590 * able to obtain the digest's settable parameters from the provider.
1592 params = EVP_MD_CTX_settable_params(mdctx);
1593 if (!TEST_ptr(params)
1594 || !TEST_int_eq(strcmp(params[0].key, OSSL_DIGEST_PARAM_SSL3_MS), 0)
1595 /* The final key should be NULL */
1596 || !TEST_ptr_null(params[1].key))
1600 memset(ssl3ms, 0, sizeof(ssl3ms));
1601 *param++ = OSSL_PARAM_construct_octet_string(OSSL_DIGEST_PARAM_SSL3_MS,
1602 ssl3ms, sizeof(ssl3ms));
1603 *param++ = OSSL_PARAM_construct_end();
1605 if (!TEST_true(EVP_MD_CTX_set_params(mdctx, ourparams)))
1611 EVP_MD_CTX_free(mdctx);
1612 EVP_PKEY_CTX_free(ctx);
1617 #ifndef OPENSSL_NO_DSA
1618 static int test_DSA_get_set_params(void)
1621 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
1622 EVP_PKEY *pkey = NULL;
1626 * Setup the parameters for our DSA object. For our purposes they don't
1627 * have to actually be *valid* parameters. We just need to set something.
1640 || !DSA_set0_pqg(dsa, p, q, g)
1641 || !DSA_set0_key(dsa, pub, priv))
1643 p = q = g = pub = priv = NULL;
1645 pkey = EVP_PKEY_new();
1647 || !TEST_true(EVP_PKEY_assign_DSA(pkey, dsa)))
1652 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
1655 EVP_PKEY_free(pkey);
1667 static int test_RSA_get_set_params(void)
1670 BIGNUM *n = NULL, *e = NULL, *d = NULL;
1671 EVP_PKEY *pkey = NULL;
1675 * Setup the parameters for our RSA object. For our purposes they don't
1676 * have to actually be *valid* parameters. We just need to set something.
1686 || !RSA_set0_key(rsa, n, e, d))
1690 pkey = EVP_PKEY_new();
1692 || !TEST_true(EVP_PKEY_assign_RSA(pkey, rsa)))
1697 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
1700 EVP_PKEY_free(pkey);
1709 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
1710 static int test_decrypt_null_chunks(void)
1712 EVP_CIPHER_CTX* ctx = NULL;
1713 const unsigned char key[32] = {
1714 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
1715 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
1716 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1
1718 unsigned char iv[12] = {
1719 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b
1721 unsigned char msg[] = "It was the best of times, it was the worst of times";
1722 unsigned char ciphertext[80];
1723 unsigned char plaintext[80];
1724 /* We initialise tmp to a non zero value on purpose */
1725 int ctlen, ptlen, tmp = 99;
1727 const int enc_offset = 10, dec_offset = 20;
1729 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
1730 || !TEST_true(EVP_EncryptInit_ex(ctx, EVP_chacha20_poly1305(), NULL,
1732 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &ctlen, msg,
1734 /* Deliberate add a zero length update */
1735 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp, NULL,
1737 || !TEST_int_eq(tmp, 0)
1738 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp,
1740 sizeof(msg) - enc_offset))
1741 || !TEST_int_eq(ctlen += tmp, sizeof(msg))
1742 || !TEST_true(EVP_EncryptFinal(ctx, ciphertext + ctlen, &tmp))
1743 || !TEST_int_eq(tmp, 0))
1746 /* Deliberately initialise tmp to a non zero value */
1748 if (!TEST_true(EVP_DecryptInit_ex(ctx, EVP_chacha20_poly1305(), NULL, key,
1750 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext, &ptlen, ciphertext,
1753 * Deliberately add a zero length update. We also deliberately do
1754 * this at a different offset than for encryption.
1756 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp, NULL,
1758 || !TEST_int_eq(tmp, 0)
1759 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp,
1760 ciphertext + dec_offset,
1761 ctlen - dec_offset))
1762 || !TEST_int_eq(ptlen += tmp, sizeof(msg))
1763 || !TEST_true(EVP_DecryptFinal(ctx, plaintext + ptlen, &tmp))
1764 || !TEST_int_eq(tmp, 0)
1765 || !TEST_mem_eq(msg, sizeof(msg), plaintext, ptlen))
1770 EVP_CIPHER_CTX_free(ctx);
1773 #endif /* !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) */
1775 #ifndef OPENSSL_NO_DH
1776 static int test_EVP_PKEY_set1_DH(void)
1778 DH *x942dh = NULL, *noqdh = NULL;
1779 EVP_PKEY *pkey1 = NULL, *pkey2 = NULL;
1781 BIGNUM *p, *g = NULL;
1783 if (!TEST_ptr(p = BN_new())
1784 || !TEST_ptr(g = BN_new())
1785 || !BN_set_word(p, 9999)
1786 || !BN_set_word(g, 2)
1787 || !TEST_ptr(noqdh = DH_new())
1788 || !DH_set0_pqg(noqdh, p, NULL, g))
1792 x942dh = DH_get_2048_256();
1793 pkey1 = EVP_PKEY_new();
1794 pkey2 = EVP_PKEY_new();
1795 if (!TEST_ptr(x942dh)
1798 || !TEST_ptr(pkey2))
1801 if(!TEST_true(EVP_PKEY_set1_DH(pkey1, x942dh))
1802 || !TEST_int_eq(EVP_PKEY_id(pkey1), EVP_PKEY_DHX))
1805 if(!TEST_true(EVP_PKEY_set1_DH(pkey2, noqdh))
1806 || !TEST_int_eq(EVP_PKEY_id(pkey2), EVP_PKEY_DH))
1813 EVP_PKEY_free(pkey1);
1814 EVP_PKEY_free(pkey2);
1823 * We test what happens with an empty template. For the sake of this test,
1824 * the template must be ignored, and we know that's the case for RSA keys
1825 * (this might arguably be a misfeature, but that's what we currently do,
1826 * even in provider code, since that's how the legacy RSA implementation
1829 static int test_keygen_with_empty_template(int n)
1831 EVP_PKEY_CTX *ctx = NULL;
1832 EVP_PKEY *pkey = NULL;
1833 EVP_PKEY *tkey = NULL;
1838 /* We do test with no template at all as well */
1839 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL)))
1843 /* Here we create an empty RSA key that serves as our template */
1844 if (!TEST_ptr(tkey = EVP_PKEY_new())
1845 || !TEST_true(EVP_PKEY_set_type(tkey, EVP_PKEY_RSA))
1846 || !TEST_ptr(ctx = EVP_PKEY_CTX_new(tkey, NULL)))
1851 if (!TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
1852 || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0))
1857 EVP_PKEY_CTX_free(ctx);
1858 EVP_PKEY_free(pkey);
1859 EVP_PKEY_free(tkey);
1864 * Test that we fail if we attempt to use an algorithm that is not available
1865 * in the current library context (unless we are using an algorithm that
1866 * should be made available via legacy codepaths).
1871 static int test_pkey_ctx_fail_without_provider(int tst)
1873 OPENSSL_CTX *tmpctx = OPENSSL_CTX_new();
1874 OSSL_PROVIDER *nullprov = NULL;
1875 EVP_PKEY_CTX *pctx = NULL;
1876 const char *keytype = NULL;
1877 int expect_null = 0;
1880 if (!TEST_ptr(tmpctx))
1883 nullprov = OSSL_PROVIDER_load(tmpctx, "null");
1884 if (!TEST_ptr(nullprov))
1888 * We check for certain algos in the null provider.
1889 * If an algo is expected to have a provider keymgmt, contructing an
1890 * EVP_PKEY_CTX is expected to fail (return NULL).
1891 * Otherwise, if it's expected to have legacy support, contructing an
1892 * EVP_PKEY_CTX is expected to succeed (return non-NULL).
1902 #ifdef OPENSSL_NO_EC
1903 TEST_info("EC disable, skipping SM2 check...");
1906 #ifdef OPENSSL_NO_SM2
1907 TEST_info("SM2 disable, skipping SM2 check...");
1912 TEST_error("No test for case %d", tst);
1916 pctx = EVP_PKEY_CTX_new_from_name(tmpctx, keytype, "");
1917 if (expect_null ? !TEST_ptr_null(pctx) : !TEST_ptr(pctx))
1920 #if defined(OPENSSL_NO_EC) || defined(OPENSSL_NO_SM2)
1926 EVP_PKEY_CTX_free(pctx);
1927 OSSL_PROVIDER_unload(nullprov);
1928 OPENSSL_CTX_free(tmpctx);
1932 static int test_rand_agglomeration(void)
1936 OSSL_PARAM params[3], *p = params;
1938 unsigned int step = 7;
1939 static unsigned char seed[] = "It does not matter how slowly you go "
1940 "as long as you do not stop.";
1941 unsigned char out[sizeof(seed)];
1943 if (!TEST_int_ne(sizeof(seed) % step, 0)
1944 || !TEST_ptr(rand = EVP_RAND_fetch(NULL, "TEST-RAND", NULL)))
1946 ctx = EVP_RAND_CTX_new(rand, NULL);
1947 EVP_RAND_free(rand);
1951 memset(out, 0, sizeof(out));
1952 *p++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY,
1953 seed, sizeof(seed));
1954 *p++ = OSSL_PARAM_construct_uint(OSSL_DRBG_PARAM_MAX_REQUEST, &step);
1955 *p = OSSL_PARAM_construct_end();
1956 res = TEST_true(EVP_RAND_set_ctx_params(ctx, params))
1957 && TEST_true(EVP_RAND_generate(ctx, out, sizeof(out), 0, 1, NULL, 0))
1958 && TEST_mem_eq(seed, sizeof(seed), out, sizeof(out));
1959 EVP_RAND_CTX_free(ctx);
1964 * Test that we correctly return the original or "running" IV after
1965 * an encryption operation.
1966 * Run multiple times for some different relevant algorithms/modes.
1968 static int test_evp_iv(int idx)
1971 EVP_CIPHER_CTX *ctx = NULL;
1972 unsigned char key[16] = {0x4c, 0x43, 0xdb, 0xdd, 0x42, 0x73, 0x47, 0xd1,
1973 0xe5, 0x62, 0x7d, 0xcd, 0x4d, 0x76, 0x4d, 0x57};
1974 unsigned char init_iv[EVP_MAX_IV_LENGTH] =
1975 {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82,
1976 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34};
1977 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8,
1978 9, 10, 11, 12, 13, 14, 15, 16 };
1979 unsigned char ciphertext[32], oiv[16], iv[16];
1980 unsigned char *ref_iv;
1981 unsigned char cbc_state[16] = {0x10, 0x2f, 0x05, 0xcc, 0xc2, 0x55, 0x72, 0xb9,
1982 0x88, 0xe6, 0x4a, 0x17, 0x10, 0x74, 0x22, 0x5e};
1984 unsigned char ofb_state[16] = {0x76, 0xe6, 0x66, 0x61, 0xd0, 0x8a, 0xe4, 0x64,
1985 0xdd, 0x66, 0xbf, 0x00, 0xf0, 0xe3, 0x6f, 0xfd};
1986 unsigned char gcm_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
1987 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
1988 unsigned char ccm_state[7] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98};
1989 #ifndef OPENSSL_NO_OCB
1990 unsigned char ocb_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
1991 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
1993 int len = sizeof(ciphertext);
1994 size_t ivlen, ref_len;
1995 const EVP_CIPHER *type = NULL;
1999 type = EVP_aes_128_cbc();
2002 type = (type != NULL) ? type :
2003 EVP_CIPHER_fetch(testctx, "aes-128-cbc", NULL);
2005 ref_len = sizeof(cbc_state);
2008 type = EVP_aes_128_ofb();
2011 type = (type != NULL) ? type :
2012 EVP_CIPHER_fetch(testctx, "aes-128-ofb", NULL);
2014 ref_len = sizeof(ofb_state);
2017 type = EVP_aes_128_gcm();
2020 type = (type != NULL) ? type :
2021 EVP_CIPHER_fetch(testctx, "aes-128-gcm", NULL);
2023 ref_len = sizeof(gcm_state);
2026 type = EVP_aes_128_ccm();
2029 type = (type != NULL) ? type :
2030 EVP_CIPHER_fetch(testctx, "aes-128-ccm", NULL);
2032 ref_len = sizeof(ccm_state);
2034 #ifdef OPENSSL_NO_OCB
2040 type = EVP_aes_128_ocb();
2043 type = (type != NULL) ? type :
2044 EVP_CIPHER_fetch(testctx, "aes-128-ocb", NULL);
2046 ref_len = sizeof(ocb_state);
2054 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new()))
2055 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv))
2056 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg,
2058 || !TEST_true(EVP_CIPHER_CTX_get_iv(ctx, oiv, sizeof(oiv)))
2059 || !TEST_true(EVP_CIPHER_CTX_get_iv_state(ctx, iv, sizeof(iv)))
2060 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len)))
2062 ivlen = EVP_CIPHER_CTX_iv_length(ctx);
2063 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen)
2064 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen))
2069 EVP_CIPHER_CTX_free(ctx);
2071 EVP_CIPHER_free((EVP_CIPHER *)type);
2075 int setup_tests(void)
2077 testctx = OPENSSL_CTX_new();
2079 if (!TEST_ptr(testctx))
2082 ADD_TEST(test_EVP_set_default_properties);
2083 ADD_ALL_TESTS(test_EVP_DigestSignInit, 9);
2084 ADD_TEST(test_EVP_DigestVerifyInit);
2085 ADD_TEST(test_EVP_Enveloped);
2086 ADD_ALL_TESTS(test_d2i_AutoPrivateKey, OSSL_NELEM(keydata));
2087 ADD_TEST(test_privatekey_to_pkcs8);
2088 #ifndef OPENSSL_NO_EC
2089 ADD_TEST(test_EVP_PKCS82PKEY);
2091 #ifndef OPENSSL_NO_EC
2092 ADD_ALL_TESTS(test_EC_keygen_with_enc, OSSL_NELEM(ec_encodings));
2094 #if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
2095 ADD_TEST(test_EVP_SM2);
2096 ADD_TEST(test_EVP_SM2_verify);
2098 ADD_ALL_TESTS(test_set_get_raw_keys, OSSL_NELEM(keys));
2099 #ifndef OPENSSL_NO_DEPRECATED_3_0
2100 custom_pmeth = EVP_PKEY_meth_new(0xdefaced, 0);
2101 if (!TEST_ptr(custom_pmeth))
2103 EVP_PKEY_meth_set_check(custom_pmeth, pkey_custom_check);
2104 EVP_PKEY_meth_set_public_check(custom_pmeth, pkey_custom_pub_check);
2105 EVP_PKEY_meth_set_param_check(custom_pmeth, pkey_custom_param_check);
2106 if (!TEST_int_eq(EVP_PKEY_meth_add0(custom_pmeth), 1))
2109 ADD_ALL_TESTS(test_EVP_PKEY_check, OSSL_NELEM(keycheckdata));
2110 #ifndef OPENSSL_NO_CMAC
2111 ADD_TEST(test_CMAC_keygen);
2113 ADD_TEST(test_HKDF);
2114 ADD_TEST(test_emptyikm_HKDF);
2115 #ifndef OPENSSL_NO_EC
2116 ADD_TEST(test_X509_PUBKEY_inplace);
2117 ADD_ALL_TESTS(test_invalide_ec_char2_pub_range_decode,
2118 OSSL_NELEM(ec_der_pub_keys));
2120 #ifndef OPENSSL_NO_DSA
2121 ADD_TEST(test_DSA_get_set_params);
2123 ADD_TEST(test_RSA_get_set_params);
2124 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
2125 ADD_TEST(test_decrypt_null_chunks);
2127 #ifndef OPENSSL_NO_DH
2128 ADD_TEST(test_EVP_PKEY_set1_DH);
2130 ADD_ALL_TESTS(test_keygen_with_empty_template, 2);
2131 ADD_ALL_TESTS(test_pkey_ctx_fail_without_provider, 2);
2133 ADD_TEST(test_rand_agglomeration);
2134 ADD_ALL_TESTS(test_evp_iv, 10);
2139 void cleanup_tests(void)
2141 OPENSSL_CTX_free(testctx);