2 * Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 /* We need to use some deprecated APIs */
11 #define OPENSSL_SUPPRESS_DEPRECATED
16 #include <openssl/bio.h>
17 #include <openssl/conf.h>
18 #include <openssl/crypto.h>
19 #include <openssl/err.h>
20 #include <openssl/evp.h>
21 #include <openssl/rsa.h>
22 #include <openssl/x509.h>
23 #include <openssl/pem.h>
24 #include <openssl/kdf.h>
25 #include <openssl/provider.h>
26 #include <openssl/core_names.h>
27 #include <openssl/params.h>
28 #include <openssl/dsa.h>
29 #include <openssl/dh.h>
30 #include <openssl/aes.h>
32 #include "internal/nelem.h"
33 #include "internal/sizes.h"
34 #include "crypto/evp.h"
35 #include "../e_os.h" /* strcasecmp */
37 static OPENSSL_CTX *testctx = NULL;
40 * kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you
41 * should never use this key anywhere but in an example.
43 static const unsigned char kExampleRSAKeyDER[] = {
44 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xf8,
45 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59,
46 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37,
47 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71,
48 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a,
49 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4,
50 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec,
51 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76,
52 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8,
53 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7,
54 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c,
55 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01,
56 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 0x6d, 0xc7,
57 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 0x32, 0x85,
58 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 0x5f, 0xee,
59 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 0x66, 0x85,
60 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 0xa4, 0x0a,
61 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 0xc2, 0x15,
62 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 0x5b, 0x83,
63 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 0x80, 0x1b,
64 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 0x99, 0x73,
65 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 0x1f, 0x99,
66 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 0xb1, 0x02,
67 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 0x40, 0x41,
68 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 0x3d, 0x59,
69 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 0xc6, 0xd9,
70 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 0x9f, 0xef,
71 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 0x46, 0x87,
72 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 0x2c, 0xdf,
73 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 0x55, 0xf5,
74 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 0xcd, 0xb5,
75 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 0xb3, 0x62,
76 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 0x9b, 0x64,
77 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 0xfa, 0xb8,
78 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 0xe8, 0xba,
79 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 0xe7, 0xfe,
80 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 0x75, 0xe7,
81 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 0x9d, 0xfe,
82 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 0xf1, 0xdb,
83 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 0x5a, 0x34,
84 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 0x84, 0x27,
85 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 0xe9, 0xc0,
86 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 0xb9, 0xba,
87 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 0x10, 0x06,
88 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 0x52, 0x2c,
89 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 0xc4, 0x1e,
90 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 0x49, 0xaf,
91 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 0xd1, 0x8a,
92 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 0x17, 0x17,
93 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 0x08, 0xf1,
94 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
98 * kExampleDSAKeyDER is a DSA private key in ASN.1, DER format. Of course, you
99 * should never use this key anywhere but in an example.
101 #ifndef OPENSSL_NO_DSA
102 static const unsigned char kExampleDSAKeyDER[] = {
103 0x30, 0x82, 0x01, 0xba, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0x9a,
104 0x05, 0x6d, 0x33, 0xcd, 0x5d, 0x78, 0xa1, 0xbb, 0xcb, 0x7d, 0x5b, 0x8d,
105 0xb4, 0xcc, 0xbf, 0x03, 0x99, 0x64, 0xde, 0x38, 0x78, 0x06, 0x15, 0x2f,
106 0x86, 0x26, 0x77, 0xf3, 0xb1, 0x85, 0x00, 0xed, 0xfc, 0x28, 0x3a, 0x42,
107 0x4d, 0xab, 0xab, 0xdf, 0xbc, 0x9c, 0x16, 0xd0, 0x22, 0x50, 0xd1, 0x38,
108 0xdd, 0x3f, 0x64, 0x05, 0x9e, 0x68, 0x7a, 0x1e, 0xf1, 0x56, 0xbf, 0x1e,
109 0x2c, 0xc5, 0x97, 0x2a, 0xfe, 0x7a, 0x22, 0xdc, 0x6c, 0x68, 0xb8, 0x2e,
110 0x06, 0xdb, 0x41, 0xca, 0x98, 0xd8, 0x54, 0xc7, 0x64, 0x48, 0x24, 0x04,
111 0x20, 0xbc, 0x59, 0xe3, 0x6b, 0xea, 0x7e, 0xfc, 0x7e, 0xc5, 0x4e, 0xd4,
112 0xd8, 0x3a, 0xed, 0xcd, 0x5d, 0x99, 0xb8, 0x5c, 0xa2, 0x8b, 0xbb, 0x0b,
113 0xac, 0xe6, 0x8e, 0x25, 0x56, 0x22, 0x3a, 0x2d, 0x3a, 0x56, 0x41, 0x14,
114 0x1f, 0x1c, 0x8f, 0x53, 0x46, 0x13, 0x85, 0x02, 0x15, 0x00, 0x98, 0x7e,
115 0x92, 0x81, 0x88, 0xc7, 0x3f, 0x70, 0x49, 0x54, 0xf6, 0x76, 0xb4, 0xa3,
116 0x9e, 0x1d, 0x45, 0x98, 0x32, 0x7f, 0x02, 0x81, 0x80, 0x69, 0x4d, 0xef,
117 0x55, 0xff, 0x4d, 0x59, 0x2c, 0x01, 0xfa, 0x6a, 0x38, 0xe0, 0x70, 0x9f,
118 0x9e, 0x66, 0x8e, 0x3e, 0x8c, 0x52, 0x22, 0x9d, 0x15, 0x7e, 0x3c, 0xef,
119 0x4c, 0x7a, 0x61, 0x26, 0xe0, 0x2b, 0x81, 0x3f, 0xeb, 0xaf, 0x35, 0x38,
120 0x8d, 0xfe, 0xed, 0x46, 0xff, 0x5f, 0x03, 0x9b, 0x81, 0x92, 0xe7, 0x6f,
121 0x76, 0x4f, 0x1d, 0xd9, 0xbb, 0x89, 0xc9, 0x3e, 0xd9, 0x0b, 0xf9, 0xf4,
122 0x78, 0x11, 0x59, 0xc0, 0x1d, 0xcd, 0x0e, 0xa1, 0x6f, 0x15, 0xf1, 0x4d,
123 0xc1, 0xc9, 0x22, 0xed, 0x8d, 0xad, 0x67, 0xc5, 0x4b, 0x95, 0x93, 0x86,
124 0xa6, 0xaf, 0x8a, 0xee, 0x06, 0x89, 0x2f, 0x37, 0x7e, 0x64, 0xaa, 0xf6,
125 0xe7, 0xb1, 0x5a, 0x0a, 0x93, 0x95, 0x5d, 0x3e, 0x53, 0x9a, 0xde, 0x8a,
126 0xc2, 0x95, 0x45, 0x81, 0xbe, 0x5c, 0x2f, 0xc2, 0xb2, 0x92, 0x58, 0x19,
127 0x72, 0x80, 0xe9, 0x79, 0xa1, 0x02, 0x81, 0x80, 0x07, 0xd7, 0x62, 0xff,
128 0xdf, 0x1a, 0x3f, 0xed, 0x32, 0xd4, 0xd4, 0x88, 0x7b, 0x2c, 0x63, 0x7f,
129 0x97, 0xdc, 0x44, 0xd4, 0x84, 0xa2, 0xdd, 0x17, 0x16, 0x85, 0x13, 0xe0,
130 0xac, 0x51, 0x8d, 0x29, 0x1b, 0x75, 0x9a, 0xe4, 0xe3, 0x8a, 0x92, 0x69,
131 0x09, 0x03, 0xc5, 0x68, 0xae, 0x5e, 0x94, 0xfe, 0xc9, 0x92, 0x6c, 0x07,
132 0xb4, 0x1e, 0x64, 0x62, 0x87, 0xc6, 0xa4, 0xfd, 0x0d, 0x5f, 0xe5, 0xf9,
133 0x1b, 0x4f, 0x85, 0x5f, 0xae, 0xf3, 0x11, 0xe5, 0x18, 0xd4, 0x4d, 0x79,
134 0x9f, 0xc4, 0x79, 0x26, 0x04, 0x27, 0xf0, 0x0b, 0xee, 0x2b, 0x86, 0x9f,
135 0x86, 0x61, 0xe6, 0x51, 0xce, 0x04, 0x9b, 0x5d, 0x6b, 0x34, 0x43, 0x8c,
136 0x85, 0x3c, 0xf1, 0x51, 0x9b, 0x08, 0x23, 0x1b, 0xf5, 0x7e, 0x33, 0x12,
137 0xea, 0xab, 0x1f, 0xb7, 0x2d, 0xe2, 0x5f, 0xe6, 0x97, 0x99, 0xb5, 0x45,
138 0x16, 0x5b, 0xc3, 0x41, 0x02, 0x14, 0x61, 0xbf, 0x51, 0x60, 0xcf, 0xc8,
139 0xf1, 0x8c, 0x82, 0x97, 0xf2, 0xf4, 0x19, 0xba, 0x2b, 0xf3, 0x16, 0xbe,
145 * kExampleBadRSAKeyDER is an RSA private key in ASN.1, DER format. The private
146 * components are not correct.
148 static const unsigned char kExampleBadRSAKeyDER[] = {
149 0x30, 0x82, 0x04, 0x27, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00,
150 0xa6, 0x1a, 0x1e, 0x6e, 0x7b, 0xee, 0xc6, 0x89, 0x66, 0xe7, 0x93, 0xef,
151 0x54, 0x12, 0x68, 0xea, 0xbf, 0x86, 0x2f, 0xdd, 0xd2, 0x79, 0xb8, 0xa9,
152 0x6e, 0x03, 0xc2, 0xa3, 0xb9, 0xa3, 0xe1, 0x4b, 0x2a, 0xb3, 0xf8, 0xb4,
153 0xcd, 0xea, 0xbe, 0x24, 0xa6, 0x57, 0x5b, 0x83, 0x1f, 0x0f, 0xf2, 0xd3,
154 0xb7, 0xac, 0x7e, 0xd6, 0x8e, 0x6e, 0x1e, 0xbf, 0xb8, 0x73, 0x8c, 0x05,
155 0x56, 0xe6, 0x35, 0x1f, 0xe9, 0x04, 0x0b, 0x09, 0x86, 0x7d, 0xf1, 0x26,
156 0x08, 0x99, 0xad, 0x7b, 0xc8, 0x4d, 0x94, 0xb0, 0x0b, 0x8b, 0x38, 0xa0,
157 0x5c, 0x62, 0xa0, 0xab, 0xd3, 0x8f, 0xd4, 0x09, 0x60, 0x72, 0x1e, 0x33,
158 0x50, 0x80, 0x6e, 0x22, 0xa6, 0x77, 0x57, 0x6b, 0x9a, 0x33, 0x21, 0x66,
159 0x87, 0x6e, 0x21, 0x7b, 0xc7, 0x24, 0x0e, 0xd8, 0x13, 0xdf, 0x83, 0xde,
160 0xcd, 0x40, 0x58, 0x1d, 0x84, 0x86, 0xeb, 0xb8, 0x12, 0x4e, 0xd2, 0xfa,
161 0x80, 0x1f, 0xe4, 0xe7, 0x96, 0x29, 0xb8, 0xcc, 0xce, 0x66, 0x6d, 0x53,
162 0xca, 0xb9, 0x5a, 0xd7, 0xf6, 0x84, 0x6c, 0x2d, 0x9a, 0x1a, 0x14, 0x1c,
163 0x4e, 0x93, 0x39, 0xba, 0x74, 0xed, 0xed, 0x87, 0x87, 0x5e, 0x48, 0x75,
164 0x36, 0xf0, 0xbc, 0x34, 0xfb, 0x29, 0xf9, 0x9f, 0x96, 0x5b, 0x0b, 0xa7,
165 0x54, 0x30, 0x51, 0x29, 0x18, 0x5b, 0x7d, 0xac, 0x0f, 0xd6, 0x5f, 0x7c,
166 0xf8, 0x98, 0x8c, 0xd8, 0x86, 0x62, 0xb3, 0xdc, 0xff, 0x0f, 0xff, 0x7a,
167 0xaf, 0x5c, 0x4c, 0x61, 0x49, 0x2e, 0xc8, 0x95, 0x86, 0xc4, 0x0e, 0x87,
168 0xfc, 0x1d, 0xcf, 0x8b, 0x7c, 0x61, 0xf6, 0xd8, 0xd0, 0x69, 0xf6, 0xcd,
169 0x8a, 0x8c, 0xf6, 0x62, 0xa2, 0x56, 0xa9, 0xe3, 0xd1, 0xcf, 0x4d, 0xa0,
170 0xf6, 0x2d, 0x20, 0x0a, 0x04, 0xb7, 0xa2, 0xf7, 0xb5, 0x99, 0x47, 0x18,
171 0x56, 0x85, 0x87, 0xc7, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01,
172 0x01, 0x00, 0x99, 0x41, 0x38, 0x1a, 0xd0, 0x96, 0x7a, 0xf0, 0x83, 0xd5,
173 0xdf, 0x94, 0xce, 0x89, 0x3d, 0xec, 0x7a, 0x52, 0x21, 0x10, 0x16, 0x06,
174 0xe0, 0xee, 0xd2, 0xe6, 0xfd, 0x4b, 0x7b, 0x19, 0x4d, 0xe1, 0xc0, 0xc0,
175 0xd5, 0x14, 0x5d, 0x79, 0xdd, 0x7e, 0x8b, 0x4b, 0xc6, 0xcf, 0xb0, 0x75,
176 0x52, 0xa3, 0x2d, 0xb1, 0x26, 0x46, 0x68, 0x9c, 0x0a, 0x1a, 0xf2, 0xe1,
177 0x09, 0xac, 0x53, 0x85, 0x8c, 0x36, 0xa9, 0x14, 0x65, 0xea, 0xa0, 0x00,
178 0xcb, 0xe3, 0x3f, 0xc4, 0x2b, 0x61, 0x2e, 0x6b, 0x06, 0x69, 0x77, 0xfd,
179 0x38, 0x7e, 0x1d, 0x3f, 0x92, 0xe7, 0x77, 0x08, 0x19, 0xa7, 0x9d, 0x29,
180 0x2d, 0xdc, 0x42, 0xc6, 0x7c, 0xd7, 0xd3, 0xa8, 0x01, 0x2c, 0xf2, 0xd5,
181 0x82, 0x57, 0xcb, 0x55, 0x3d, 0xe7, 0xaa, 0xd2, 0x06, 0x30, 0x30, 0x05,
182 0xe6, 0xf2, 0x47, 0x86, 0xba, 0xc6, 0x61, 0x64, 0xeb, 0x4f, 0x2a, 0x5e,
183 0x07, 0x29, 0xe0, 0x96, 0xb2, 0x43, 0xff, 0x5f, 0x1a, 0x54, 0x16, 0xcf,
184 0xb5, 0x56, 0x5c, 0xa0, 0x9b, 0x0c, 0xfd, 0xb3, 0xd2, 0xe3, 0x79, 0x1d,
185 0x21, 0xe2, 0xd6, 0x13, 0xc4, 0x74, 0xa6, 0xf5, 0x8e, 0x8e, 0x81, 0xbb,
186 0xb4, 0xad, 0x8a, 0xf0, 0x93, 0x0a, 0xd8, 0x0a, 0x42, 0x36, 0xbc, 0xe5,
187 0x26, 0x2a, 0x0d, 0x5d, 0x57, 0x13, 0xc5, 0x4e, 0x2f, 0x12, 0x0e, 0xef,
188 0xa7, 0x81, 0x1e, 0xc3, 0xa5, 0xdb, 0xc9, 0x24, 0xeb, 0x1a, 0xa1, 0xf9,
189 0xf6, 0xa1, 0x78, 0x98, 0x93, 0x77, 0x42, 0x45, 0x03, 0xe2, 0xc9, 0xa2,
190 0xfe, 0x2d, 0x77, 0xc8, 0xc6, 0xac, 0x9b, 0x98, 0x89, 0x6d, 0x9a, 0xe7,
191 0x61, 0x63, 0xb7, 0xf2, 0xec, 0xd6, 0xb1, 0xa1, 0x6e, 0x0a, 0x1a, 0xff,
192 0xfd, 0x43, 0x28, 0xc3, 0x0c, 0xdc, 0xf2, 0x47, 0x4f, 0x27, 0xaa, 0x99,
193 0x04, 0x8e, 0xac, 0xe8, 0x7c, 0x01, 0x02, 0x04, 0x12, 0x34, 0x56, 0x78,
194 0x02, 0x81, 0x81, 0x00, 0xca, 0x69, 0xe5, 0xbb, 0x3a, 0x90, 0x82, 0xcb,
195 0x82, 0x50, 0x2f, 0x29, 0xe2, 0x76, 0x6a, 0x57, 0x55, 0x45, 0x4e, 0x35,
196 0x18, 0x61, 0xe0, 0x12, 0x70, 0xc0, 0xab, 0xc7, 0x80, 0xa2, 0xd4, 0x46,
197 0x34, 0x03, 0xa0, 0x19, 0x26, 0x23, 0x9e, 0xef, 0x1a, 0xcb, 0x75, 0xd6,
198 0xba, 0x81, 0xf4, 0x7e, 0x52, 0xe5, 0x2a, 0xe8, 0xf1, 0x49, 0x6c, 0x0f,
199 0x1a, 0xa0, 0xf9, 0xc6, 0xe7, 0xec, 0x60, 0xe4, 0xcb, 0x2a, 0xb5, 0x56,
200 0xe9, 0x9c, 0xcd, 0x19, 0x75, 0x92, 0xb1, 0x66, 0xce, 0xc3, 0xd9, 0x3d,
201 0x11, 0xcb, 0xc4, 0x09, 0xce, 0x1e, 0x30, 0xba, 0x2f, 0x60, 0x60, 0x55,
202 0x8d, 0x02, 0xdc, 0x5d, 0xaf, 0xf7, 0x52, 0x31, 0x17, 0x07, 0x53, 0x20,
203 0x33, 0xad, 0x8c, 0xd5, 0x2f, 0x5a, 0xd0, 0x57, 0xd7, 0xd1, 0x80, 0xd6,
204 0x3a, 0x9b, 0x04, 0x4f, 0x35, 0xbf, 0xe7, 0xd5, 0xbc, 0x8f, 0xd4, 0x81,
205 0x02, 0x81, 0x81, 0x00, 0xc0, 0x9f, 0xf8, 0xcd, 0xf7, 0x3f, 0x26, 0x8a,
206 0x3d, 0x4d, 0x2b, 0x0c, 0x01, 0xd0, 0xa2, 0xb4, 0x18, 0xfe, 0xf7, 0x5e,
207 0x2f, 0x06, 0x13, 0xcd, 0x63, 0xaa, 0x12, 0xa9, 0x24, 0x86, 0xe3, 0xf3,
208 0x7b, 0xda, 0x1a, 0x3c, 0xb1, 0x38, 0x80, 0x80, 0xef, 0x64, 0x64, 0xa1,
209 0x9b, 0xfe, 0x76, 0x63, 0x8e, 0x83, 0xd2, 0xd9, 0xb9, 0x86, 0xb0, 0xe6,
210 0xa6, 0x0c, 0x7e, 0xa8, 0x84, 0x90, 0x98, 0x0c, 0x1e, 0xf3, 0x14, 0x77,
211 0xe0, 0x5f, 0x81, 0x08, 0x11, 0x8f, 0xa6, 0x23, 0xc4, 0xba, 0xc0, 0x8a,
212 0xe4, 0xc6, 0xe3, 0x5c, 0xbe, 0xc5, 0xec, 0x2c, 0xb9, 0xd8, 0x8c, 0x4d,
213 0x1a, 0x9d, 0xe7, 0x7c, 0x85, 0x4c, 0x0d, 0x71, 0x4e, 0x72, 0x33, 0x1b,
214 0xfe, 0xa9, 0x17, 0x72, 0x76, 0x56, 0x9d, 0x74, 0x7e, 0x52, 0x67, 0x9a,
215 0x87, 0x9a, 0xdb, 0x30, 0xde, 0xe4, 0x49, 0x28, 0x3b, 0xd2, 0x67, 0xaf,
216 0x02, 0x81, 0x81, 0x00, 0x89, 0x74, 0x9a, 0x8e, 0xa7, 0xb9, 0xa5, 0x28,
217 0xc0, 0x68, 0xe5, 0x6e, 0x63, 0x1c, 0x99, 0x20, 0x8f, 0x86, 0x8e, 0x12,
218 0x9e, 0x69, 0x30, 0xfa, 0x34, 0xd9, 0x92, 0x8d, 0xdb, 0x7c, 0x37, 0xfd,
219 0x28, 0xab, 0x61, 0x98, 0x52, 0x7f, 0x14, 0x1a, 0x39, 0xae, 0xfb, 0x6a,
220 0x03, 0xa3, 0xe6, 0xbd, 0xb6, 0x5b, 0x6b, 0xe5, 0x5e, 0x9d, 0xc6, 0xa5,
221 0x07, 0x27, 0x54, 0x17, 0xd0, 0x3d, 0x84, 0x9b, 0x3a, 0xa0, 0xd9, 0x1e,
222 0x99, 0x6c, 0x63, 0x17, 0xab, 0xf1, 0x1f, 0x49, 0xba, 0x95, 0xe3, 0x3b,
223 0x86, 0x8f, 0x42, 0xa4, 0x89, 0xf5, 0x94, 0x8f, 0x8b, 0x46, 0xbe, 0x84,
224 0xba, 0x4a, 0xbc, 0x0d, 0x5f, 0x46, 0xeb, 0xe8, 0xec, 0x43, 0x8c, 0x1e,
225 0xad, 0x19, 0x69, 0x2f, 0x08, 0x86, 0x7a, 0x3f, 0x7d, 0x0f, 0x07, 0x97,
226 0xf3, 0x9a, 0x7b, 0xb5, 0xb2, 0xc1, 0x8c, 0x95, 0x68, 0x04, 0xa0, 0x81,
227 0x02, 0x81, 0x80, 0x4e, 0xbf, 0x7e, 0x1b, 0xcb, 0x13, 0x61, 0x75, 0x3b,
228 0xdb, 0x59, 0x5f, 0xb1, 0xd4, 0xb8, 0xeb, 0x9e, 0x73, 0xb5, 0xe7, 0xf6,
229 0x89, 0x3d, 0x1c, 0xda, 0xf0, 0x36, 0xff, 0x35, 0xbd, 0x1e, 0x0b, 0x74,
230 0xe3, 0x9e, 0xf0, 0xf2, 0xf7, 0xd7, 0x82, 0xb7, 0x7b, 0x6a, 0x1b, 0x0e,
231 0x30, 0x4a, 0x98, 0x0e, 0xb4, 0xf9, 0x81, 0x07, 0xe4, 0x75, 0x39, 0xe9,
232 0x53, 0xca, 0xbb, 0x5c, 0xaa, 0x93, 0x07, 0x0e, 0xa8, 0x2f, 0xba, 0x98,
233 0x49, 0x30, 0xa7, 0xcc, 0x1a, 0x3c, 0x68, 0x0c, 0xe1, 0xa4, 0xb1, 0x05,
234 0xe6, 0xe0, 0x25, 0x78, 0x58, 0x14, 0x37, 0xf5, 0x1f, 0xe3, 0x22, 0xef,
235 0xa8, 0x0e, 0x22, 0xa0, 0x94, 0x3a, 0xf6, 0xc9, 0x13, 0xe6, 0x06, 0xbf,
236 0x7f, 0x99, 0xc6, 0xcc, 0xd8, 0xc6, 0xbe, 0xd9, 0x2e, 0x24, 0xc7, 0x69,
237 0x8c, 0x95, 0xba, 0xf6, 0x04, 0xb3, 0x0a, 0xf4, 0xcb, 0xf0, 0xce,
240 static const unsigned char kMsg[] = { 1, 2, 3, 4 };
242 static const unsigned char kSignature[] = {
243 0xa5, 0xf0, 0x8a, 0x47, 0x5d, 0x3c, 0xb3, 0xcc, 0xa9, 0x79, 0xaf, 0x4d,
244 0x8c, 0xae, 0x4c, 0x14, 0xef, 0xc2, 0x0b, 0x34, 0x36, 0xde, 0xf4, 0x3e,
245 0x3d, 0xbb, 0x4a, 0x60, 0x5c, 0xc8, 0x91, 0x28, 0xda, 0xfb, 0x7e, 0x04,
246 0x96, 0x7e, 0x63, 0x13, 0x90, 0xce, 0xb9, 0xb4, 0x62, 0x7a, 0xfd, 0x09,
247 0x3d, 0xc7, 0x67, 0x78, 0x54, 0x04, 0xeb, 0x52, 0x62, 0x6e, 0x24, 0x67,
248 0xb4, 0x40, 0xfc, 0x57, 0x62, 0xc6, 0xf1, 0x67, 0xc1, 0x97, 0x8f, 0x6a,
249 0xa8, 0xae, 0x44, 0x46, 0x5e, 0xab, 0x67, 0x17, 0x53, 0x19, 0x3a, 0xda,
250 0x5a, 0xc8, 0x16, 0x3e, 0x86, 0xd5, 0xc5, 0x71, 0x2f, 0xfc, 0x23, 0x48,
251 0xd9, 0x0b, 0x13, 0xdd, 0x7b, 0x5a, 0x25, 0x79, 0xef, 0xa5, 0x7b, 0x04,
252 0xed, 0x44, 0xf6, 0x18, 0x55, 0xe4, 0x0a, 0xe9, 0x57, 0x79, 0x5d, 0xd7,
253 0x55, 0xa7, 0xab, 0x45, 0x02, 0x97, 0x60, 0x42,
257 * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS #8
260 static const unsigned char kExampleRSAKeyPKCS8[] = {
261 0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
262 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
263 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
264 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5,
265 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e,
266 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34,
267 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde,
268 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8,
269 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b,
270 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83,
271 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48,
272 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a,
273 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2,
274 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01,
275 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a,
276 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5,
277 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6,
278 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8,
279 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6,
280 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f,
281 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c,
282 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78,
283 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71,
284 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60,
285 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d,
286 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3,
287 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d,
288 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18,
289 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d,
290 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32,
291 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc,
292 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63,
293 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05,
294 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16,
295 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3,
296 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85,
297 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97,
298 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7,
299 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99,
300 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4,
301 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d,
302 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40,
303 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26,
304 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1,
305 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c,
306 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30,
307 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea,
308 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b,
309 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e,
310 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9,
311 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae,
312 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d,
313 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
316 #ifndef OPENSSL_NO_EC
318 * kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey
321 static const unsigned char kExampleECKeyDER[] = {
322 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x07, 0x0f, 0x08, 0x72, 0x7a,
323 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 0x4d, 0x89, 0x68, 0x77, 0x08,
324 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 0xe8, 0xd1, 0xc9, 0xce, 0x0a,
325 0x8b, 0xb4, 0x6a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
326 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69,
327 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c,
328 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9,
329 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18,
330 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16,
331 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22,
336 * kExampleBadECKeyDER is a sample EC private key encoded as an ECPrivateKey
337 * structure. The private key is equal to the order and will fail to import
339 static const unsigned char kExampleBadECKeyDER[] = {
340 0x30, 0x66, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48,
341 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03,
342 0x01, 0x07, 0x04, 0x4C, 0x30, 0x4A, 0x02, 0x01, 0x01, 0x04, 0x20, 0xFF,
343 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
344 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3,
345 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51, 0xA1, 0x23, 0x03, 0x21, 0x00,
346 0x00, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
347 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84,
348 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51
352 static const unsigned char kExampleECPubKeyDER[] = {
353 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
354 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
355 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
356 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
357 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
358 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
359 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
360 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
364 * kExampleBadECPubKeyDER is a sample EC public key with a wrong OID
365 * 1.2.840.10045.2.2 instead of 1.2.840.10045.2.1 - EC Public Key
367 static const unsigned char kExampleBadECPubKeyDER[] = {
368 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
369 0x02, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
370 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
371 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
372 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
373 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
374 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
375 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
378 static const unsigned char pExampleECParamDER[] = {
379 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07
383 typedef struct APK_DATA_st {
384 const unsigned char *kder;
390 int type; /* 0 for private, 1 for public, 2 for params */
393 static APK_DATA keydata[] = {
394 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), EVP_PKEY_RSA},
395 {kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), EVP_PKEY_RSA},
396 #ifndef OPENSSL_NO_EC
397 {kExampleECKeyDER, sizeof(kExampleECKeyDER), EVP_PKEY_EC}
401 static APK_DATA keycheckdata[] = {
402 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), EVP_PKEY_RSA, 1, -2, -2, 0},
403 {kExampleBadRSAKeyDER, sizeof(kExampleBadRSAKeyDER), EVP_PKEY_RSA,
405 #ifndef OPENSSL_NO_EC
406 {kExampleECKeyDER, sizeof(kExampleECKeyDER), EVP_PKEY_EC, 1, 1, 1, 0},
407 /* group is also associated in our pub key */
408 {kExampleECPubKeyDER, sizeof(kExampleECPubKeyDER), EVP_PKEY_EC, 0, 1, 1, 1},
409 {pExampleECParamDER, sizeof(pExampleECParamDER), EVP_PKEY_EC, 0, 0, 1, 2}
413 static EVP_PKEY *load_example_rsa_key(void)
415 EVP_PKEY *ret = NULL;
416 const unsigned char *derp = kExampleRSAKeyDER;
417 EVP_PKEY *pkey = NULL;
420 if (!TEST_true(d2i_RSAPrivateKey(&rsa, &derp, sizeof(kExampleRSAKeyDER))))
423 if (!TEST_ptr(pkey = EVP_PKEY_new())
424 || !TEST_true(EVP_PKEY_set1_RSA(pkey, rsa)))
437 #ifndef OPENSSL_NO_DSA
438 static EVP_PKEY *load_example_dsa_key(void)
440 EVP_PKEY *ret = NULL;
441 const unsigned char *derp = kExampleDSAKeyDER;
442 EVP_PKEY *pkey = NULL;
445 if (!TEST_true(d2i_DSAPrivateKey(&dsa, &derp, sizeof(kExampleDSAKeyDER))))
448 if (!TEST_ptr(pkey = EVP_PKEY_new())
449 || !TEST_true(EVP_PKEY_set1_DSA(pkey, dsa)))
463 static EVP_PKEY *load_example_hmac_key(void)
465 EVP_PKEY *pkey = NULL;
466 unsigned char key[] = {
467 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
468 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
469 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
472 pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, NULL, key, sizeof(key));
479 static int test_EVP_set_default_properties(void)
485 if (!TEST_ptr(ctx = OPENSSL_CTX_new())
486 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
491 if (!TEST_true(EVP_set_default_properties(ctx, "provider=fizzbang"))
492 || !TEST_ptr_null(md = EVP_MD_fetch(ctx, "sha256", NULL))
493 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", "-provider")))
498 if (!TEST_true(EVP_set_default_properties(ctx, NULL))
499 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
504 OPENSSL_CTX_free(ctx);
508 static int test_EVP_Enveloped(void)
511 EVP_CIPHER_CTX *ctx = NULL;
512 EVP_PKEY *keypair = NULL;
513 unsigned char *kek = NULL;
514 unsigned char iv[EVP_MAX_IV_LENGTH];
515 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8 };
516 int len, kek_len, ciphertext_len, plaintext_len;
517 unsigned char ciphertext[32], plaintext[16];
518 const EVP_CIPHER *type = EVP_aes_256_cbc();
520 if (!TEST_ptr(keypair = load_example_rsa_key())
521 || !TEST_ptr(kek = OPENSSL_zalloc(EVP_PKEY_size(keypair)))
522 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
523 || !TEST_true(EVP_SealInit(ctx, type, &kek, &kek_len, iv,
525 || !TEST_true(EVP_SealUpdate(ctx, ciphertext, &ciphertext_len,
527 || !TEST_true(EVP_SealFinal(ctx, ciphertext + ciphertext_len,
531 ciphertext_len += len;
533 if (!TEST_true(EVP_OpenInit(ctx, type, kek, kek_len, iv, keypair))
534 || !TEST_true(EVP_OpenUpdate(ctx, plaintext, &plaintext_len,
535 ciphertext, ciphertext_len))
536 || !TEST_true(EVP_OpenFinal(ctx, plaintext + plaintext_len, &len)))
539 plaintext_len += len;
540 if (!TEST_mem_eq(msg, sizeof(msg), plaintext, plaintext_len))
546 EVP_PKEY_free(keypair);
547 EVP_CIPHER_CTX_free(ctx);
552 * Test 0: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, RSA)
553 * Test 1: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, DSA)
554 * Test 2: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, HMAC)
555 * Test 3: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, RSA)
556 * Test 4: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, DSA)
557 * Test 5: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch diegst, HMAC)
558 * Test 6: Use an MD BIO to do the Update calls instead (RSA)
559 * Test 7: Use an MD BIO to do the Update calls instead (DSA)
560 * Test 8: Use an MD BIO to do the Update calls instead (HMAC)
562 static int test_EVP_DigestSignInit(int tst)
565 EVP_PKEY *pkey = NULL;
566 unsigned char *sig = NULL;
568 EVP_MD_CTX *md_ctx = NULL, *md_ctx_verify = NULL;
569 EVP_MD_CTX *a_md_ctx = NULL, *a_md_ctx_verify = NULL;
570 BIO *mdbio = NULL, *membio = NULL;
573 EVP_MD *mdexp = NULL;
576 membio = BIO_new(BIO_s_mem());
577 mdbio = BIO_new(BIO_f_md());
578 if (!TEST_ptr(membio) || !TEST_ptr(mdbio))
580 BIO_push(mdbio, membio);
581 if (!TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx), 0))
584 if (!TEST_ptr(a_md_ctx = md_ctx = EVP_MD_CTX_new())
585 || !TEST_ptr(a_md_ctx_verify = md_ctx_verify = EVP_MD_CTX_new()))
589 if (tst == 0 || tst == 3 || tst == 6) {
590 if (!TEST_ptr(pkey = load_example_rsa_key()))
592 } else if (tst == 1 || tst == 4 || tst == 7) {
593 #ifndef OPENSSL_NO_DSA
594 if (!TEST_ptr(pkey = load_example_dsa_key()))
601 if (!TEST_ptr(pkey = load_example_hmac_key()))
605 if (tst >= 3 && tst <= 5)
606 md = mdexp = EVP_MD_fetch(NULL, "SHA256", NULL);
610 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, md, NULL, pkey)))
614 if (!BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written))
617 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
621 /* Determine the size of the signature. */
622 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len))
623 || !TEST_ptr(sig = OPENSSL_malloc(sig_len))
624 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
628 if (!TEST_int_gt(BIO_reset(mdbio), 0)
629 || !TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx_verify), 0))
634 * Ensure that the signature round-trips (Verification isn't supported for
635 * HMAC via EVP_DigestVerify*)
637 if (tst != 2 && tst != 5 && tst != 8) {
638 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, md,
643 if (!TEST_true(BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written)))
646 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg,
650 if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)))
659 EVP_MD_CTX_free(a_md_ctx);
660 EVP_MD_CTX_free(a_md_ctx_verify);
668 static int test_EVP_DigestVerifyInit(void)
671 EVP_PKEY *pkey = NULL;
672 EVP_MD_CTX *md_ctx = NULL;
674 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new())
675 || !TEST_ptr(pkey = load_example_rsa_key()))
678 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, EVP_sha256(), NULL, pkey))
679 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)))
680 || !TEST_true(EVP_DigestVerifyFinal(md_ctx, kSignature,
681 sizeof(kSignature))))
686 EVP_MD_CTX_free(md_ctx);
691 static int test_d2i_AutoPrivateKey(int i)
694 const unsigned char *p;
695 EVP_PKEY *pkey = NULL;
696 const APK_DATA *ak = &keydata[i];
697 const unsigned char *input = ak->kder;
698 size_t input_len = ak->size;
699 int expected_id = ak->evptype;
702 if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len))
703 || !TEST_ptr_eq(p, input + input_len)
704 || !TEST_int_eq(EVP_PKEY_id(pkey), expected_id))
714 #ifndef OPENSSL_NO_EC
716 static const unsigned char ec_public_sect163k1_validxy[] = {
717 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
718 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
719 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
720 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x02, 0xd1, 0x7b,
721 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
722 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
725 static const unsigned char ec_public_sect163k1_badx[] = {
726 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
727 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
728 0x0a, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
729 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0xb0, 0x02, 0xd1, 0x7b,
730 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
731 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
734 static const unsigned char ec_public_sect163k1_bady[] = {
735 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
736 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
737 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
738 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x0a, 0xd1, 0x7b,
739 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
740 0x6a, 0xd8, 0x17, 0x65, 0x41, 0xe6
743 static struct ec_der_pub_keys_st {
744 const unsigned char *der;
747 } ec_der_pub_keys[] = {
748 { ec_public_sect163k1_validxy, sizeof(ec_public_sect163k1_validxy), 1 },
749 { ec_public_sect163k1_badx, sizeof(ec_public_sect163k1_badx), 0 },
750 { ec_public_sect163k1_bady, sizeof(ec_public_sect163k1_bady), 0 },
754 * Tests the range of the decoded EC char2 public point.
755 * See ec_GF2m_simple_oct2point().
757 static int test_invalide_ec_char2_pub_range_decode(int id)
761 EC_KEY *eckey = NULL;
763 if (!TEST_ptr(bio = BIO_new_mem_buf(ec_der_pub_keys[id].der,
764 ec_der_pub_keys[id].len)))
766 eckey = d2i_EC_PUBKEY_bio(bio, NULL);
767 ret = (ec_der_pub_keys[id].valid && TEST_ptr(eckey))
768 || TEST_ptr_null(eckey);
775 /* Tests loading a bad key in PKCS8 format */
776 static int test_EVP_PKCS82PKEY(void)
779 const unsigned char *derp = kExampleBadECKeyDER;
780 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
781 EVP_PKEY *pkey = NULL;
783 if (!TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &derp,
784 sizeof(kExampleBadECKeyDER))))
787 if (!TEST_ptr_eq(derp,
788 kExampleBadECKeyDER + sizeof(kExampleBadECKeyDER)))
791 if (!TEST_ptr_null(pkey = EVP_PKCS82PKEY(p8inf)))
797 PKCS8_PRIV_KEY_INFO_free(p8inf);
804 /* This uses kExampleRSAKeyDER and kExampleRSAKeyPKCS8 to verify encoding */
805 static int test_privatekey_to_pkcs8(void)
807 EVP_PKEY *pkey = NULL;
813 if (!TEST_ptr(membio = BIO_new(BIO_s_mem()))
814 || !TEST_ptr(pkey = load_example_rsa_key())
815 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL,
816 NULL, 0, NULL, NULL),
818 || !TEST_int_gt(membuf_len = BIO_get_mem_data(membio, &membuf), 0)
820 || !TEST_mem_eq(membuf, (size_t)membuf_len,
821 kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8))
823 * We try to write PEM as well, just to see that it doesn't err, but
824 * assume that the result is correct.
826 || !TEST_int_gt(PEM_write_bio_PKCS8PrivateKey(membio, pkey, NULL,
827 NULL, 0, NULL, NULL),
834 BIO_free_all(membio);
838 #ifndef OPENSSL_NO_EC
839 static const struct {
841 const char *encoding_name;
843 { OPENSSL_EC_EXPLICIT_CURVE, OSSL_PKEY_EC_ENCODING_EXPLICIT },
844 { OPENSSL_EC_NAMED_CURVE, OSSL_PKEY_EC_ENCODING_GROUP }
847 static int ec_export_get_encoding_cb(const OSSL_PARAM params[], void *arg)
850 const char *enc_name = NULL;
856 if (!TEST_ptr(p = OSSL_PARAM_locate_const(params,
857 OSSL_PKEY_PARAM_EC_ENCODING))
858 || !TEST_true(OSSL_PARAM_get_utf8_string_ptr(p, &enc_name)))
861 for (i = 0; i < OSSL_NELEM(ec_encodings); i++) {
862 if (strcasecmp(enc_name, ec_encodings[i].encoding_name) == 0) {
863 *enc = ec_encodings[i].encoding;
871 static int test_EC_keygen_with_enc(int idx)
873 EVP_PKEY *params = NULL, *key = NULL;
874 EVP_PKEY_CTX *pctx = NULL, *kctx = NULL;
878 enc = ec_encodings[idx].encoding;
880 /* Create key parameters */
881 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "EC", NULL))
882 || !TEST_true(EVP_PKEY_paramgen_init(pctx))
883 || !TEST_true(EVP_PKEY_CTX_set_group_name(pctx, "P-256"))
884 || !TEST_true(EVP_PKEY_CTX_set_ec_param_enc(pctx, enc))
885 || !TEST_true(EVP_PKEY_paramgen(pctx, ¶ms))
886 || !TEST_ptr(params))
890 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx, params, NULL))
891 || !TEST_true(EVP_PKEY_keygen_init(kctx))
892 || !TEST_true(EVP_PKEY_keygen(kctx, &key))
896 /* Check that the encoding got all the way into the key */
897 if (!TEST_true(evp_keymgmt_util_export(key, OSSL_KEYMGMT_SELECT_ALL,
898 ec_export_get_encoding_cb, &enc))
899 || !TEST_int_eq(enc, ec_encodings[idx].encoding))
905 EVP_PKEY_free(params);
906 EVP_PKEY_CTX_free(kctx);
907 EVP_PKEY_CTX_free(pctx);
912 #if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
914 static int test_EVP_SM2_verify(void)
917 "-----BEGIN PUBLIC KEY-----\n"
918 "MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEp1KLWq1ZE2jmoAnnBJE1LBGxVr18\n"
919 "YvvqECWCpXfAQ9qUJ+UmthnUPf0iM3SaXKHe6PlLIDyNlWMWb9RUh/yU3g==\n"
920 "-----END PUBLIC KEY-----\n";
922 const char *msg = "message digest";
923 const char *id = "ALICE123@YAHOO.COM";
925 const uint8_t signature[] = {
926 0x30, 0x44, 0x02, 0x20, 0x5b, 0xdb, 0xab, 0x81, 0x4f, 0xbb,
927 0x8b, 0x69, 0xb1, 0x05, 0x9c, 0x99, 0x3b, 0xb2, 0x45, 0x06,
928 0x4a, 0x30, 0x15, 0x59, 0x84, 0xcd, 0xee, 0x30, 0x60, 0x36,
929 0x57, 0x87, 0xef, 0x5c, 0xd0, 0xbe, 0x02, 0x20, 0x43, 0x8d,
930 0x1f, 0xc7, 0x77, 0x72, 0x39, 0xbb, 0x72, 0xe1, 0xfd, 0x07,
931 0x58, 0xd5, 0x82, 0xc8, 0x2d, 0xba, 0x3b, 0x2c, 0x46, 0x24,
932 0xe3, 0x50, 0xff, 0x04, 0xc7, 0xa0, 0x71, 0x9f, 0xa4, 0x70
937 EVP_PKEY *pkey = NULL;
938 EVP_MD_CTX *mctx = NULL;
939 EVP_PKEY_CTX *pctx = NULL;
941 bio = BIO_new_mem_buf(pubkey, strlen(pubkey));
942 if (!TEST_true(bio != NULL))
945 pkey = PEM_read_bio_PUBKEY(bio, NULL, NULL, NULL);
946 if (!TEST_true(pkey != NULL))
949 if (!TEST_true(EVP_PKEY_is_a(pkey, "SM2")))
952 if (!TEST_ptr(mctx = EVP_MD_CTX_new()))
955 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new(pkey, NULL)))
958 EVP_MD_CTX_set_pkey_ctx(mctx, pctx);
960 if (!TEST_true(EVP_DigestVerifyInit(mctx, NULL, EVP_sm3(), NULL, pkey)))
963 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(pctx, id, strlen(id)), 0))
966 if (!TEST_true(EVP_DigestVerifyUpdate(mctx, msg, strlen(msg))))
969 if (!TEST_true(EVP_DigestVerifyFinal(mctx, signature, sizeof(signature))))
976 EVP_PKEY_CTX_free(pctx);
977 EVP_MD_CTX_free(mctx);
981 static int test_EVP_SM2(void)
984 EVP_PKEY *pkey = NULL;
985 EVP_PKEY *params = NULL;
986 EVP_PKEY_CTX *pctx = NULL;
987 EVP_PKEY_CTX *kctx = NULL;
988 EVP_PKEY_CTX *sctx = NULL;
990 unsigned char *sig = NULL;
991 EVP_MD_CTX *md_ctx = NULL;
992 EVP_MD_CTX *md_ctx_verify = NULL;
993 EVP_PKEY_CTX *cctx = NULL;
995 uint8_t ciphertext[128];
996 size_t ctext_len = sizeof(ciphertext);
998 uint8_t plaintext[8];
999 size_t ptext_len = sizeof(plaintext);
1001 uint8_t sm2_id[] = {1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r'};
1003 pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_SM2, NULL);
1004 if (!TEST_ptr(pctx))
1007 if (!TEST_true(EVP_PKEY_paramgen_init(pctx) == 1))
1010 /* TODO is this even needed? */
1011 if (!TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, NID_sm2)))
1014 if (!TEST_true(EVP_PKEY_paramgen(pctx, ¶ms)))
1017 kctx = EVP_PKEY_CTX_new(params, NULL);
1018 if (!TEST_ptr(kctx))
1021 if (!TEST_true(EVP_PKEY_keygen_init(kctx)))
1024 if (!TEST_true(EVP_PKEY_keygen(kctx, &pkey)))
1027 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1030 if (!TEST_ptr(md_ctx_verify = EVP_MD_CTX_new()))
1033 if (!TEST_ptr(sctx = EVP_PKEY_CTX_new(pkey, NULL)))
1036 EVP_MD_CTX_set_pkey_ctx(md_ctx, sctx);
1037 EVP_MD_CTX_set_pkey_ctx(md_ctx_verify, sctx);
1039 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, EVP_sm3(), NULL, pkey)))
1042 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
1045 if(!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
1048 /* Determine the size of the signature. */
1049 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len)))
1052 if (!TEST_ptr(sig = OPENSSL_malloc(sig_len)))
1055 if (!TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
1058 /* Ensure that the signature round-trips. */
1060 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, EVP_sm3(), NULL, pkey)))
1063 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
1066 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg))))
1069 if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)))
1072 /* now check encryption/decryption */
1074 if (!TEST_ptr(cctx = EVP_PKEY_CTX_new(pkey, NULL)))
1077 if (!TEST_true(EVP_PKEY_encrypt_init(cctx)))
1080 if (!TEST_true(EVP_PKEY_encrypt(cctx, ciphertext, &ctext_len, kMsg, sizeof(kMsg))))
1083 if (!TEST_true(EVP_PKEY_decrypt_init(cctx)))
1086 if (!TEST_true(EVP_PKEY_decrypt(cctx, plaintext, &ptext_len, ciphertext, ctext_len)))
1089 if (!TEST_true(ptext_len == sizeof(kMsg)))
1092 if (!TEST_true(memcmp(plaintext, kMsg, sizeof(kMsg)) == 0))
1097 EVP_PKEY_CTX_free(pctx);
1098 EVP_PKEY_CTX_free(kctx);
1099 EVP_PKEY_CTX_free(sctx);
1100 EVP_PKEY_CTX_free(cctx);
1101 EVP_PKEY_free(pkey);
1102 EVP_PKEY_free(params);
1103 EVP_MD_CTX_free(md_ctx);
1104 EVP_MD_CTX_free(md_ctx_verify);
1111 static struct keys_st {
1117 EVP_PKEY_HMAC, "0123456789", NULL
1119 EVP_PKEY_POLY1305, "01234567890123456789012345678901", NULL
1121 EVP_PKEY_SIPHASH, "0123456789012345", NULL
1123 #ifndef OPENSSL_NO_EC
1125 EVP_PKEY_X25519, "01234567890123456789012345678901",
1126 "abcdefghijklmnopqrstuvwxyzabcdef"
1128 EVP_PKEY_ED25519, "01234567890123456789012345678901",
1129 "abcdefghijklmnopqrstuvwxyzabcdef"
1132 "01234567890123456789012345678901234567890123456789012345",
1133 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd"
1136 "012345678901234567890123456789012345678901234567890123456",
1137 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcde"
1142 static int test_set_get_raw_keys_int(int tst, int pub, int uselibctx)
1145 unsigned char buf[80];
1147 size_t inlen, len = 0;
1150 /* Check if this algorithm supports public keys */
1151 if (keys[tst].pub == NULL)
1154 memset(buf, 0, sizeof(buf));
1157 inlen = strlen(keys[tst].pub);
1158 in = (unsigned char *)keys[tst].pub;
1160 pkey = EVP_PKEY_new_raw_public_key_with_libctx(
1162 OBJ_nid2sn(keys[tst].type),
1167 pkey = EVP_PKEY_new_raw_public_key(keys[tst].type,
1173 inlen = strlen(keys[tst].priv);
1174 in = (unsigned char *)keys[tst].priv;
1176 pkey = EVP_PKEY_new_raw_private_key_with_libctx(
1177 testctx, OBJ_nid2sn(keys[tst].type),
1182 pkey = EVP_PKEY_new_raw_private_key(keys[tst].type,
1190 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, NULL, &len)))
1191 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, NULL, &len)))
1192 || !TEST_true(len == inlen)
1193 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, buf, &len)))
1194 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, buf, &len)))
1195 || !TEST_mem_eq(in, inlen, buf, len))
1200 EVP_PKEY_free(pkey);
1204 static int test_set_get_raw_keys(int tst)
1206 return test_set_get_raw_keys_int(tst, 0, 0)
1207 && test_set_get_raw_keys_int(tst, 0, 1)
1208 && test_set_get_raw_keys_int(tst, 1, 0)
1209 && test_set_get_raw_keys_int(tst, 1, 1);
1212 #ifndef OPENSSL_NO_DEPRECATED_3_0
1213 static int pkey_custom_check(EVP_PKEY *pkey)
1218 static int pkey_custom_pub_check(EVP_PKEY *pkey)
1223 static int pkey_custom_param_check(EVP_PKEY *pkey)
1228 static EVP_PKEY_METHOD *custom_pmeth;
1231 static int test_EVP_PKEY_check(int i)
1234 const unsigned char *p;
1235 EVP_PKEY *pkey = NULL;
1236 #ifndef OPENSSL_NO_EC
1237 EC_KEY *eckey = NULL;
1239 EVP_PKEY_CTX *ctx = NULL;
1240 #ifndef OPENSSL_NO_DEPRECATED_3_0
1241 EVP_PKEY_CTX *ctx2 = NULL;
1243 const APK_DATA *ak = &keycheckdata[i];
1244 const unsigned char *input = ak->kder;
1245 size_t input_len = ak->size;
1246 int expected_id = ak->evptype;
1247 int expected_check = ak->check;
1248 int expected_pub_check = ak->pub_check;
1249 int expected_param_check = ak->param_check;
1250 int type = ak->type;
1257 if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len))
1258 || !TEST_ptr_eq(p, input + input_len)
1259 || !TEST_int_eq(EVP_PKEY_id(pkey), expected_id))
1262 #ifndef OPENSSL_NO_EC
1264 if (!TEST_ptr(pubkey = BIO_new_mem_buf(input, input_len))
1265 || !TEST_ptr(eckey = d2i_EC_PUBKEY_bio(pubkey, NULL))
1266 || !TEST_ptr(pkey = EVP_PKEY_new())
1267 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
1271 if (!TEST_ptr(eckey = d2i_ECParameters(NULL, &p, input_len))
1272 || !TEST_ptr_eq(p, input + input_len)
1273 || !TEST_ptr(pkey = EVP_PKEY_new())
1274 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
1282 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new(pkey, NULL)))
1285 if (!TEST_int_eq(EVP_PKEY_check(ctx), expected_check))
1288 if (!TEST_int_eq(EVP_PKEY_public_check(ctx), expected_pub_check))
1291 if (!TEST_int_eq(EVP_PKEY_param_check(ctx), expected_param_check))
1294 #ifndef OPENSSL_NO_DEPRECATED_3_0
1295 ctx2 = EVP_PKEY_CTX_new_id(0xdefaced, NULL);
1296 /* assign the pkey directly, as an internal test */
1297 EVP_PKEY_up_ref(pkey);
1300 if (!TEST_int_eq(EVP_PKEY_check(ctx2), 0xbeef))
1303 if (!TEST_int_eq(EVP_PKEY_public_check(ctx2), 0xbeef))
1306 if (!TEST_int_eq(EVP_PKEY_param_check(ctx2), 0xbeef))
1313 EVP_PKEY_CTX_free(ctx);
1314 #ifndef OPENSSL_NO_DEPRECATED_3_0
1315 EVP_PKEY_CTX_free(ctx2);
1317 EVP_PKEY_free(pkey);
1322 #ifndef OPENSSL_NO_CMAC
1323 static int get_cmac_val(EVP_PKEY *pkey, unsigned char *mac)
1325 EVP_MD_CTX *mdctx = EVP_MD_CTX_new();
1326 const char msg[] = "Hello World";
1330 if (!TEST_ptr(mdctx)
1331 || !TEST_true(EVP_DigestSignInit(mdctx, NULL, NULL, NULL, pkey))
1332 || !TEST_true(EVP_DigestSignUpdate(mdctx, msg, sizeof(msg)))
1333 || !TEST_true(EVP_DigestSignFinal(mdctx, mac, &maclen))
1334 || !TEST_size_t_eq(maclen, AES_BLOCK_SIZE))
1337 EVP_MD_CTX_free(mdctx);
1341 static int test_CMAC_keygen(void)
1343 static unsigned char key[] = {
1344 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
1345 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
1346 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
1349 * This is a legacy method for CMACs, but should still work.
1350 * This verifies that it works without an ENGINE.
1352 EVP_PKEY_CTX *kctx = EVP_PKEY_CTX_new_id(EVP_PKEY_CMAC, NULL);
1354 EVP_PKEY *pkey = NULL;
1355 unsigned char mac[AES_BLOCK_SIZE], mac2[AES_BLOCK_SIZE];
1357 /* Test a CMAC key created using the "generated" method */
1358 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0)
1359 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
1360 EVP_PKEY_CTRL_CIPHER,
1361 0, (void *)EVP_aes_256_ecb()), 0)
1362 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
1363 EVP_PKEY_CTRL_SET_MAC_KEY,
1364 sizeof(key), (void *)key), 0)
1365 || !TEST_int_gt(EVP_PKEY_keygen(kctx, &pkey), 0)
1367 || !TEST_true(get_cmac_val(pkey, mac)))
1370 EVP_PKEY_free(pkey);
1373 * Test a CMAC key using the direct method, and compare with the mac
1376 pkey = EVP_PKEY_new_CMAC_key(NULL, key, sizeof(key), EVP_aes_256_ecb());
1378 || !TEST_true(get_cmac_val(pkey, mac2))
1379 || !TEST_mem_eq(mac, sizeof(mac), mac2, sizeof(mac2)))
1385 EVP_PKEY_free(pkey);
1386 EVP_PKEY_CTX_free(kctx);
1391 static int test_HKDF(void)
1394 unsigned char out[20];
1397 unsigned char salt[] = "0123456789";
1398 unsigned char key[] = "012345678901234567890123456789";
1399 unsigned char info[] = "infostring";
1400 const unsigned char expected[] = {
1401 0xe5, 0x07, 0x70, 0x7f, 0xc6, 0x78, 0xd6, 0x54, 0x32, 0x5f, 0x7e, 0xc5,
1402 0x7b, 0x59, 0x3e, 0xd8, 0x03, 0x6b, 0xed, 0xca
1404 size_t expectedlen = sizeof(expected);
1406 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL)))
1409 /* We do this twice to test reuse of the EVP_PKEY_CTX */
1410 for (i = 0; i < 2; i++) {
1411 outlen = sizeof(out);
1412 memset(out, 0, outlen);
1414 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
1415 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
1416 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
1417 sizeof(salt) - 1), 0)
1418 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
1419 sizeof(key) - 1), 0)
1420 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
1421 sizeof(info) - 1), 0)
1422 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
1423 || !TEST_mem_eq(out, outlen, expected, expectedlen))
1430 EVP_PKEY_CTX_free(pctx);
1435 static int test_emptyikm_HKDF(void)
1438 unsigned char out[20];
1441 unsigned char salt[] = "9876543210";
1442 unsigned char key[] = "";
1443 unsigned char info[] = "stringinfo";
1444 const unsigned char expected[] = {
1445 0x68, 0x81, 0xa5, 0x3e, 0x5b, 0x9c, 0x7b, 0x6f, 0x2e, 0xec, 0xc8, 0x47,
1446 0x7c, 0xfa, 0x47, 0x35, 0x66, 0x82, 0x15, 0x30
1448 size_t expectedlen = sizeof(expected);
1450 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL)))
1453 outlen = sizeof(out);
1454 memset(out, 0, outlen);
1456 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
1457 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
1458 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
1459 sizeof(salt) - 1), 0)
1460 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
1461 sizeof(key) - 1), 0)
1462 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
1463 sizeof(info) - 1), 0)
1464 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
1465 || !TEST_mem_eq(out, outlen, expected, expectedlen))
1471 EVP_PKEY_CTX_free(pctx);
1476 #ifndef OPENSSL_NO_EC
1477 static int test_X509_PUBKEY_inplace(void)
1480 X509_PUBKEY *xp = NULL;
1481 const unsigned char *p = kExampleECPubKeyDER;
1482 size_t input_len = sizeof(kExampleECPubKeyDER);
1484 if (!TEST_ptr(xp = d2i_X509_PUBKEY(NULL, &p, input_len)))
1487 if (!TEST_ptr(X509_PUBKEY_get0(xp)))
1490 p = kExampleBadECPubKeyDER;
1491 input_len = sizeof(kExampleBadECPubKeyDER);
1493 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len)))
1496 if (!TEST_true(X509_PUBKEY_get0(xp) == NULL))
1502 X509_PUBKEY_free(xp);
1505 #endif /* OPENSSL_NO_EC */
1507 /* Test getting and setting parameters on an EVP_PKEY_CTX */
1508 static int test_EVP_PKEY_CTX_get_set_params(EVP_PKEY *pkey)
1510 EVP_MD_CTX *mdctx = NULL;
1511 EVP_PKEY_CTX *ctx = NULL;
1512 const OSSL_PARAM *params;
1513 OSSL_PARAM ourparams[2], *param = ourparams, *param_md;
1516 char mdname[OSSL_MAX_NAME_SIZE];
1519 /* Initialise a sign operation */
1520 ctx = EVP_PKEY_CTX_new(pkey, NULL);
1522 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0))
1526 * We should be able to query the parameters now.
1528 params = EVP_PKEY_CTX_settable_params(ctx);
1529 if (!TEST_ptr(params)
1530 || !TEST_ptr(OSSL_PARAM_locate_const(params,
1531 OSSL_SIGNATURE_PARAM_DIGEST)))
1534 params = EVP_PKEY_CTX_gettable_params(ctx);
1535 if (!TEST_ptr(params)
1536 || !TEST_ptr(OSSL_PARAM_locate_const(params,
1537 OSSL_SIGNATURE_PARAM_ALGORITHM_ID))
1538 || !TEST_ptr(OSSL_PARAM_locate_const(params,
1539 OSSL_SIGNATURE_PARAM_DIGEST)))
1543 * Test getting and setting params via EVP_PKEY_CTX_set_params() and
1544 * EVP_PKEY_CTX_get_params()
1546 strcpy(mdname, "SHA512");
1548 *param++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
1550 *param++ = OSSL_PARAM_construct_end();
1552 if (!TEST_true(EVP_PKEY_CTX_set_params(ctx, ourparams)))
1556 *param_md = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
1557 mdname, sizeof(mdname));
1558 if (!TEST_true(EVP_PKEY_CTX_get_params(ctx, ourparams))
1559 || !TEST_str_eq(mdname, "SHA512"))
1563 * Test the TEST_PKEY_CTX_set_signature_md() and
1564 * TEST_PKEY_CTX_get_signature_md() functions
1566 if (!TEST_int_gt(EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()), 0)
1567 || !TEST_int_gt(EVP_PKEY_CTX_get_signature_md(ctx, &md), 0)
1568 || !TEST_ptr_eq(md, EVP_sha256()))
1572 * Test getting MD parameters via an associated EVP_PKEY_CTX
1574 mdctx = EVP_MD_CTX_new();
1575 if (!TEST_ptr(mdctx)
1576 || !TEST_true(EVP_DigestSignInit_with_libctx(mdctx, NULL,
1582 * We now have an EVP_MD_CTX with an EVP_PKEY_CTX inside it. We should be
1583 * able to obtain the digest's settable parameters from the provider.
1585 params = EVP_MD_CTX_settable_params(mdctx);
1586 if (!TEST_ptr(params)
1587 || !TEST_int_eq(strcmp(params[0].key, OSSL_DIGEST_PARAM_SSL3_MS), 0)
1588 /* The final key should be NULL */
1589 || !TEST_ptr_null(params[1].key))
1593 memset(ssl3ms, 0, sizeof(ssl3ms));
1594 *param++ = OSSL_PARAM_construct_octet_string(OSSL_DIGEST_PARAM_SSL3_MS,
1595 ssl3ms, sizeof(ssl3ms));
1596 *param++ = OSSL_PARAM_construct_end();
1598 if (!TEST_true(EVP_MD_CTX_set_params(mdctx, ourparams)))
1604 EVP_MD_CTX_free(mdctx);
1605 EVP_PKEY_CTX_free(ctx);
1610 #ifndef OPENSSL_NO_DSA
1611 static int test_DSA_get_set_params(void)
1614 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
1615 EVP_PKEY *pkey = NULL;
1619 * Setup the parameters for our DSA object. For our purposes they don't
1620 * have to actually be *valid* parameters. We just need to set something.
1633 || !DSA_set0_pqg(dsa, p, q, g)
1634 || !DSA_set0_key(dsa, pub, priv))
1636 p = q = g = pub = priv = NULL;
1638 pkey = EVP_PKEY_new();
1640 || !TEST_true(EVP_PKEY_assign_DSA(pkey, dsa)))
1645 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
1648 EVP_PKEY_free(pkey);
1660 static int test_RSA_get_set_params(void)
1663 BIGNUM *n = NULL, *e = NULL, *d = NULL;
1664 EVP_PKEY *pkey = NULL;
1668 * Setup the parameters for our RSA object. For our purposes they don't
1669 * have to actually be *valid* parameters. We just need to set something.
1679 || !RSA_set0_key(rsa, n, e, d))
1683 pkey = EVP_PKEY_new();
1685 || !TEST_true(EVP_PKEY_assign_RSA(pkey, rsa)))
1690 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
1693 EVP_PKEY_free(pkey);
1702 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
1703 static int test_decrypt_null_chunks(void)
1705 EVP_CIPHER_CTX* ctx = NULL;
1706 const unsigned char key[32] = {
1707 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
1708 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
1709 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1
1711 unsigned char iv[12] = {
1712 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b
1714 unsigned char msg[] = "It was the best of times, it was the worst of times";
1715 unsigned char ciphertext[80];
1716 unsigned char plaintext[80];
1717 /* We initialise tmp to a non zero value on purpose */
1718 int ctlen, ptlen, tmp = 99;
1720 const int enc_offset = 10, dec_offset = 20;
1722 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
1723 || !TEST_true(EVP_EncryptInit_ex(ctx, EVP_chacha20_poly1305(), NULL,
1725 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &ctlen, msg,
1727 /* Deliberate add a zero length update */
1728 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp, NULL,
1730 || !TEST_int_eq(tmp, 0)
1731 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp,
1733 sizeof(msg) - enc_offset))
1734 || !TEST_int_eq(ctlen += tmp, sizeof(msg))
1735 || !TEST_true(EVP_EncryptFinal(ctx, ciphertext + ctlen, &tmp))
1736 || !TEST_int_eq(tmp, 0))
1739 /* Deliberately initialise tmp to a non zero value */
1741 if (!TEST_true(EVP_DecryptInit_ex(ctx, EVP_chacha20_poly1305(), NULL, key,
1743 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext, &ptlen, ciphertext,
1746 * Deliberately add a zero length update. We also deliberately do
1747 * this at a different offset than for encryption.
1749 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp, NULL,
1751 || !TEST_int_eq(tmp, 0)
1752 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp,
1753 ciphertext + dec_offset,
1754 ctlen - dec_offset))
1755 || !TEST_int_eq(ptlen += tmp, sizeof(msg))
1756 || !TEST_true(EVP_DecryptFinal(ctx, plaintext + ptlen, &tmp))
1757 || !TEST_int_eq(tmp, 0)
1758 || !TEST_mem_eq(msg, sizeof(msg), plaintext, ptlen))
1763 EVP_CIPHER_CTX_free(ctx);
1766 #endif /* !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) */
1768 #ifndef OPENSSL_NO_DH
1769 static int test_EVP_PKEY_set1_DH(void)
1771 DH *x942dh = NULL, *noqdh = NULL;
1772 EVP_PKEY *pkey1 = NULL, *pkey2 = NULL;
1774 BIGNUM *p, *g = NULL;
1776 if (!TEST_ptr(p = BN_new())
1777 || !TEST_ptr(g = BN_new())
1778 || !BN_set_word(p, 9999)
1779 || !BN_set_word(g, 2)
1780 || !TEST_ptr(noqdh = DH_new())
1781 || !DH_set0_pqg(noqdh, p, NULL, g))
1785 x942dh = DH_get_2048_256();
1786 pkey1 = EVP_PKEY_new();
1787 pkey2 = EVP_PKEY_new();
1788 if (!TEST_ptr(x942dh)
1791 || !TEST_ptr(pkey2))
1794 if(!TEST_true(EVP_PKEY_set1_DH(pkey1, x942dh))
1795 || !TEST_int_eq(EVP_PKEY_id(pkey1), EVP_PKEY_DHX))
1798 if(!TEST_true(EVP_PKEY_set1_DH(pkey2, noqdh))
1799 || !TEST_int_eq(EVP_PKEY_id(pkey2), EVP_PKEY_DH))
1806 EVP_PKEY_free(pkey1);
1807 EVP_PKEY_free(pkey2);
1816 * We test what happens with an empty template. For the sake of this test,
1817 * the template must be ignored, and we know that's the case for RSA keys
1818 * (this might arguably be a misfeature, but that's what we currently do,
1819 * even in provider code, since that's how the legacy RSA implementation
1822 static int test_keygen_with_empty_template(int n)
1824 EVP_PKEY_CTX *ctx = NULL;
1825 EVP_PKEY *pkey = NULL;
1826 EVP_PKEY *tkey = NULL;
1831 /* We do test with no template at all as well */
1832 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL)))
1836 /* Here we create an empty RSA key that serves as our template */
1837 if (!TEST_ptr(tkey = EVP_PKEY_new())
1838 || !TEST_true(EVP_PKEY_set_type(tkey, EVP_PKEY_RSA))
1839 || !TEST_ptr(ctx = EVP_PKEY_CTX_new(tkey, NULL)))
1844 if (!TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
1845 || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0))
1850 EVP_PKEY_CTX_free(ctx);
1851 EVP_PKEY_free(pkey);
1852 EVP_PKEY_free(tkey);
1857 * Test that we fail if we attempt to use an algorithm that is not available
1858 * in the current library context (unless we are using an algorithm that
1859 * should be made available via legacy codepaths).
1864 static int test_pkey_ctx_fail_without_provider(int tst)
1866 OPENSSL_CTX *tmpctx = OPENSSL_CTX_new();
1867 OSSL_PROVIDER *nullprov = NULL;
1868 EVP_PKEY_CTX *pctx = NULL;
1869 const char *keytype = NULL;
1870 int expect_null = 0;
1873 if (!TEST_ptr(tmpctx))
1876 nullprov = OSSL_PROVIDER_load(tmpctx, "null");
1877 if (!TEST_ptr(nullprov))
1881 * We check for certain algos in the null provider.
1882 * If an algo is expected to have a provider keymgmt, contructing an
1883 * EVP_PKEY_CTX is expected to fail (return NULL).
1884 * Otherwise, if it's expected to have legacy support, contructing an
1885 * EVP_PKEY_CTX is expected to succeed (return non-NULL).
1895 #ifdef OPENSSL_NO_EC
1896 TEST_info("EC disable, skipping SM2 check...");
1899 #ifdef OPENSSL_NO_SM2
1900 TEST_info("SM2 disable, skipping SM2 check...");
1905 TEST_error("No test for case %d", tst);
1909 pctx = EVP_PKEY_CTX_new_from_name(tmpctx, keytype, "");
1910 if (expect_null ? !TEST_ptr_null(pctx) : !TEST_ptr(pctx))
1913 #if defined(OPENSSL_NO_EC) || defined(OPENSSL_NO_SM2)
1919 EVP_PKEY_CTX_free(pctx);
1920 OSSL_PROVIDER_unload(nullprov);
1921 OPENSSL_CTX_free(tmpctx);
1925 static int test_rand_agglomeration(void)
1929 OSSL_PARAM params[3], *p = params;
1931 unsigned int step = 7;
1932 static unsigned char seed[] = "It does not matter how slowly you go "
1933 "as long as you do not stop.";
1934 unsigned char out[sizeof(seed)];
1936 if (!TEST_int_ne(sizeof(seed) % step, 0)
1937 || !TEST_ptr(rand = EVP_RAND_fetch(NULL, "TEST-RAND", NULL)))
1939 ctx = EVP_RAND_CTX_new(rand, NULL);
1940 EVP_RAND_free(rand);
1944 memset(out, 0, sizeof(out));
1945 *p++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY,
1946 seed, sizeof(seed));
1947 *p++ = OSSL_PARAM_construct_uint(OSSL_DRBG_PARAM_MAX_REQUEST, &step);
1948 *p = OSSL_PARAM_construct_end();
1949 res = TEST_true(EVP_RAND_set_ctx_params(ctx, params))
1950 && TEST_true(EVP_RAND_generate(ctx, out, sizeof(out), 0, 1, NULL, 0))
1951 && TEST_mem_eq(seed, sizeof(seed), out, sizeof(out));
1952 EVP_RAND_CTX_free(ctx);
1957 * Test that we correctly return the original or "running" IV after
1958 * an encryption operation.
1959 * Run multiple times for some different relevant algorithms/modes.
1961 static int test_evp_iv(int idx)
1964 EVP_CIPHER_CTX *ctx = NULL;
1965 unsigned char key[16] = {0x4c, 0x43, 0xdb, 0xdd, 0x42, 0x73, 0x47, 0xd1,
1966 0xe5, 0x62, 0x7d, 0xcd, 0x4d, 0x76, 0x4d, 0x57};
1967 unsigned char init_iv[EVP_MAX_IV_LENGTH] =
1968 {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82,
1969 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34};
1970 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8,
1971 9, 10, 11, 12, 13, 14, 15, 16 };
1972 unsigned char ciphertext[32], oiv[16], iv[16];
1973 unsigned char *ref_iv;
1974 unsigned char cbc_state[16] = {0x10, 0x2f, 0x05, 0xcc, 0xc2, 0x55, 0x72, 0xb9,
1975 0x88, 0xe6, 0x4a, 0x17, 0x10, 0x74, 0x22, 0x5e};
1977 unsigned char ofb_state[16] = {0x76, 0xe6, 0x66, 0x61, 0xd0, 0x8a, 0xe4, 0x64,
1978 0xdd, 0x66, 0xbf, 0x00, 0xf0, 0xe3, 0x6f, 0xfd};
1979 unsigned char gcm_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
1980 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
1981 unsigned char ccm_state[7] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98};
1982 #ifndef OPENSSL_NO_OCB
1983 unsigned char ocb_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
1984 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
1986 int len = sizeof(ciphertext);
1987 size_t ivlen, ref_len;
1988 const EVP_CIPHER *type = NULL;
1992 type = EVP_aes_128_cbc();
1995 type = (type != NULL) ? type :
1996 EVP_CIPHER_fetch(testctx, "aes-128-cbc", NULL);
1998 ref_len = sizeof(cbc_state);
2001 type = EVP_aes_128_ofb();
2004 type = (type != NULL) ? type :
2005 EVP_CIPHER_fetch(testctx, "aes-128-ofb", NULL);
2007 ref_len = sizeof(ofb_state);
2010 type = EVP_aes_128_gcm();
2013 type = (type != NULL) ? type :
2014 EVP_CIPHER_fetch(testctx, "aes-128-gcm", NULL);
2016 ref_len = sizeof(gcm_state);
2019 type = EVP_aes_128_ccm();
2022 type = (type != NULL) ? type :
2023 EVP_CIPHER_fetch(testctx, "aes-128-ccm", NULL);
2025 ref_len = sizeof(ccm_state);
2027 #ifdef OPENSSL_NO_OCB
2033 type = EVP_aes_128_ocb();
2036 type = (type != NULL) ? type :
2037 EVP_CIPHER_fetch(testctx, "aes-128-ocb", NULL);
2039 ref_len = sizeof(ocb_state);
2047 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new()))
2048 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv))
2049 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg,
2051 || !TEST_true(EVP_CIPHER_CTX_get_iv(ctx, oiv, sizeof(oiv)))
2052 || !TEST_true(EVP_CIPHER_CTX_get_iv_state(ctx, iv, sizeof(iv)))
2053 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len)))
2055 ivlen = EVP_CIPHER_CTX_iv_length(ctx);
2056 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen)
2057 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen))
2062 EVP_CIPHER_CTX_free(ctx);
2064 EVP_CIPHER_free((EVP_CIPHER *)type);
2068 int setup_tests(void)
2070 testctx = OPENSSL_CTX_new();
2072 if (!TEST_ptr(testctx))
2075 ADD_TEST(test_EVP_set_default_properties);
2076 ADD_ALL_TESTS(test_EVP_DigestSignInit, 9);
2077 ADD_TEST(test_EVP_DigestVerifyInit);
2078 ADD_TEST(test_EVP_Enveloped);
2079 ADD_ALL_TESTS(test_d2i_AutoPrivateKey, OSSL_NELEM(keydata));
2080 ADD_TEST(test_privatekey_to_pkcs8);
2081 #ifndef OPENSSL_NO_EC
2082 ADD_TEST(test_EVP_PKCS82PKEY);
2084 #ifndef OPENSSL_NO_EC
2085 ADD_ALL_TESTS(test_EC_keygen_with_enc, OSSL_NELEM(ec_encodings));
2087 #if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
2088 ADD_TEST(test_EVP_SM2);
2089 ADD_TEST(test_EVP_SM2_verify);
2091 ADD_ALL_TESTS(test_set_get_raw_keys, OSSL_NELEM(keys));
2092 #ifndef OPENSSL_NO_DEPRECATED_3_0
2093 custom_pmeth = EVP_PKEY_meth_new(0xdefaced, 0);
2094 if (!TEST_ptr(custom_pmeth))
2096 EVP_PKEY_meth_set_check(custom_pmeth, pkey_custom_check);
2097 EVP_PKEY_meth_set_public_check(custom_pmeth, pkey_custom_pub_check);
2098 EVP_PKEY_meth_set_param_check(custom_pmeth, pkey_custom_param_check);
2099 if (!TEST_int_eq(EVP_PKEY_meth_add0(custom_pmeth), 1))
2102 ADD_ALL_TESTS(test_EVP_PKEY_check, OSSL_NELEM(keycheckdata));
2103 #ifndef OPENSSL_NO_CMAC
2104 ADD_TEST(test_CMAC_keygen);
2106 ADD_TEST(test_HKDF);
2107 ADD_TEST(test_emptyikm_HKDF);
2108 #ifndef OPENSSL_NO_EC
2109 ADD_TEST(test_X509_PUBKEY_inplace);
2110 ADD_ALL_TESTS(test_invalide_ec_char2_pub_range_decode,
2111 OSSL_NELEM(ec_der_pub_keys));
2113 #ifndef OPENSSL_NO_DSA
2114 ADD_TEST(test_DSA_get_set_params);
2116 ADD_TEST(test_RSA_get_set_params);
2117 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
2118 ADD_TEST(test_decrypt_null_chunks);
2120 #ifndef OPENSSL_NO_DH
2121 ADD_TEST(test_EVP_PKEY_set1_DH);
2123 ADD_ALL_TESTS(test_keygen_with_empty_template, 2);
2124 ADD_ALL_TESTS(test_pkey_ctx_fail_without_provider, 2);
2126 ADD_TEST(test_rand_agglomeration);
2127 ADD_ALL_TESTS(test_evp_iv, 10);
2132 void cleanup_tests(void)
2134 OPENSSL_CTX_free(testctx);