2 * Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 /* We need to use some deprecated APIs */
11 #define OPENSSL_SUPPRESS_DEPRECATED
16 #include <openssl/bio.h>
17 #include <openssl/conf.h>
18 #include <openssl/crypto.h>
19 #include <openssl/err.h>
20 #include <openssl/evp.h>
21 #include <openssl/x509.h>
22 #include <openssl/pem.h>
23 #include <openssl/kdf.h>
24 #include <openssl/provider.h>
25 #include <openssl/core_names.h>
26 #include <openssl/params.h>
27 #include <openssl/param_build.h>
28 #include <openssl/dsa.h>
29 #include <openssl/dh.h>
30 #include <openssl/aes.h>
31 #include <openssl/decoder.h>
33 #include "internal/nelem.h"
34 #include "internal/sizes.h"
35 #include "crypto/evp.h"
36 #include "../e_os.h" /* strcasecmp */
38 static OSSL_LIB_CTX *testctx = NULL;
41 * kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you
42 * should never use this key anywhere but in an example.
44 static const unsigned char kExampleRSAKeyDER[] = {
45 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xf8,
46 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59,
47 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37,
48 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71,
49 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a,
50 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4,
51 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec,
52 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76,
53 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8,
54 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7,
55 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c,
56 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01,
57 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 0x6d, 0xc7,
58 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 0x32, 0x85,
59 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 0x5f, 0xee,
60 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 0x66, 0x85,
61 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 0xa4, 0x0a,
62 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 0xc2, 0x15,
63 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 0x5b, 0x83,
64 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 0x80, 0x1b,
65 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 0x99, 0x73,
66 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 0x1f, 0x99,
67 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 0xb1, 0x02,
68 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 0x40, 0x41,
69 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 0x3d, 0x59,
70 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 0xc6, 0xd9,
71 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 0x9f, 0xef,
72 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 0x46, 0x87,
73 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 0x2c, 0xdf,
74 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 0x55, 0xf5,
75 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 0xcd, 0xb5,
76 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 0xb3, 0x62,
77 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 0x9b, 0x64,
78 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 0xfa, 0xb8,
79 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 0xe8, 0xba,
80 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 0xe7, 0xfe,
81 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 0x75, 0xe7,
82 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 0x9d, 0xfe,
83 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 0xf1, 0xdb,
84 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 0x5a, 0x34,
85 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 0x84, 0x27,
86 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 0xe9, 0xc0,
87 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 0xb9, 0xba,
88 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 0x10, 0x06,
89 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 0x52, 0x2c,
90 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 0xc4, 0x1e,
91 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 0x49, 0xaf,
92 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 0xd1, 0x8a,
93 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 0x17, 0x17,
94 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 0x08, 0xf1,
95 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
99 * kExampleDSAKeyDER is a DSA private key in ASN.1, DER format. Of course, you
100 * should never use this key anywhere but in an example.
102 #ifndef OPENSSL_NO_DSA
103 static const unsigned char kExampleDSAKeyDER[] = {
104 0x30, 0x82, 0x01, 0xba, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0x9a,
105 0x05, 0x6d, 0x33, 0xcd, 0x5d, 0x78, 0xa1, 0xbb, 0xcb, 0x7d, 0x5b, 0x8d,
106 0xb4, 0xcc, 0xbf, 0x03, 0x99, 0x64, 0xde, 0x38, 0x78, 0x06, 0x15, 0x2f,
107 0x86, 0x26, 0x77, 0xf3, 0xb1, 0x85, 0x00, 0xed, 0xfc, 0x28, 0x3a, 0x42,
108 0x4d, 0xab, 0xab, 0xdf, 0xbc, 0x9c, 0x16, 0xd0, 0x22, 0x50, 0xd1, 0x38,
109 0xdd, 0x3f, 0x64, 0x05, 0x9e, 0x68, 0x7a, 0x1e, 0xf1, 0x56, 0xbf, 0x1e,
110 0x2c, 0xc5, 0x97, 0x2a, 0xfe, 0x7a, 0x22, 0xdc, 0x6c, 0x68, 0xb8, 0x2e,
111 0x06, 0xdb, 0x41, 0xca, 0x98, 0xd8, 0x54, 0xc7, 0x64, 0x48, 0x24, 0x04,
112 0x20, 0xbc, 0x59, 0xe3, 0x6b, 0xea, 0x7e, 0xfc, 0x7e, 0xc5, 0x4e, 0xd4,
113 0xd8, 0x3a, 0xed, 0xcd, 0x5d, 0x99, 0xb8, 0x5c, 0xa2, 0x8b, 0xbb, 0x0b,
114 0xac, 0xe6, 0x8e, 0x25, 0x56, 0x22, 0x3a, 0x2d, 0x3a, 0x56, 0x41, 0x14,
115 0x1f, 0x1c, 0x8f, 0x53, 0x46, 0x13, 0x85, 0x02, 0x15, 0x00, 0x98, 0x7e,
116 0x92, 0x81, 0x88, 0xc7, 0x3f, 0x70, 0x49, 0x54, 0xf6, 0x76, 0xb4, 0xa3,
117 0x9e, 0x1d, 0x45, 0x98, 0x32, 0x7f, 0x02, 0x81, 0x80, 0x69, 0x4d, 0xef,
118 0x55, 0xff, 0x4d, 0x59, 0x2c, 0x01, 0xfa, 0x6a, 0x38, 0xe0, 0x70, 0x9f,
119 0x9e, 0x66, 0x8e, 0x3e, 0x8c, 0x52, 0x22, 0x9d, 0x15, 0x7e, 0x3c, 0xef,
120 0x4c, 0x7a, 0x61, 0x26, 0xe0, 0x2b, 0x81, 0x3f, 0xeb, 0xaf, 0x35, 0x38,
121 0x8d, 0xfe, 0xed, 0x46, 0xff, 0x5f, 0x03, 0x9b, 0x81, 0x92, 0xe7, 0x6f,
122 0x76, 0x4f, 0x1d, 0xd9, 0xbb, 0x89, 0xc9, 0x3e, 0xd9, 0x0b, 0xf9, 0xf4,
123 0x78, 0x11, 0x59, 0xc0, 0x1d, 0xcd, 0x0e, 0xa1, 0x6f, 0x15, 0xf1, 0x4d,
124 0xc1, 0xc9, 0x22, 0xed, 0x8d, 0xad, 0x67, 0xc5, 0x4b, 0x95, 0x93, 0x86,
125 0xa6, 0xaf, 0x8a, 0xee, 0x06, 0x89, 0x2f, 0x37, 0x7e, 0x64, 0xaa, 0xf6,
126 0xe7, 0xb1, 0x5a, 0x0a, 0x93, 0x95, 0x5d, 0x3e, 0x53, 0x9a, 0xde, 0x8a,
127 0xc2, 0x95, 0x45, 0x81, 0xbe, 0x5c, 0x2f, 0xc2, 0xb2, 0x92, 0x58, 0x19,
128 0x72, 0x80, 0xe9, 0x79, 0xa1, 0x02, 0x81, 0x80, 0x07, 0xd7, 0x62, 0xff,
129 0xdf, 0x1a, 0x3f, 0xed, 0x32, 0xd4, 0xd4, 0x88, 0x7b, 0x2c, 0x63, 0x7f,
130 0x97, 0xdc, 0x44, 0xd4, 0x84, 0xa2, 0xdd, 0x17, 0x16, 0x85, 0x13, 0xe0,
131 0xac, 0x51, 0x8d, 0x29, 0x1b, 0x75, 0x9a, 0xe4, 0xe3, 0x8a, 0x92, 0x69,
132 0x09, 0x03, 0xc5, 0x68, 0xae, 0x5e, 0x94, 0xfe, 0xc9, 0x92, 0x6c, 0x07,
133 0xb4, 0x1e, 0x64, 0x62, 0x87, 0xc6, 0xa4, 0xfd, 0x0d, 0x5f, 0xe5, 0xf9,
134 0x1b, 0x4f, 0x85, 0x5f, 0xae, 0xf3, 0x11, 0xe5, 0x18, 0xd4, 0x4d, 0x79,
135 0x9f, 0xc4, 0x79, 0x26, 0x04, 0x27, 0xf0, 0x0b, 0xee, 0x2b, 0x86, 0x9f,
136 0x86, 0x61, 0xe6, 0x51, 0xce, 0x04, 0x9b, 0x5d, 0x6b, 0x34, 0x43, 0x8c,
137 0x85, 0x3c, 0xf1, 0x51, 0x9b, 0x08, 0x23, 0x1b, 0xf5, 0x7e, 0x33, 0x12,
138 0xea, 0xab, 0x1f, 0xb7, 0x2d, 0xe2, 0x5f, 0xe6, 0x97, 0x99, 0xb5, 0x45,
139 0x16, 0x5b, 0xc3, 0x41, 0x02, 0x14, 0x61, 0xbf, 0x51, 0x60, 0xcf, 0xc8,
140 0xf1, 0x8c, 0x82, 0x97, 0xf2, 0xf4, 0x19, 0xba, 0x2b, 0xf3, 0x16, 0xbe,
146 * kExampleBadRSAKeyDER is an RSA private key in ASN.1, DER format. The private
147 * components are not correct.
149 static const unsigned char kExampleBadRSAKeyDER[] = {
150 0x30, 0x82, 0x04, 0x27, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00,
151 0xa6, 0x1a, 0x1e, 0x6e, 0x7b, 0xee, 0xc6, 0x89, 0x66, 0xe7, 0x93, 0xef,
152 0x54, 0x12, 0x68, 0xea, 0xbf, 0x86, 0x2f, 0xdd, 0xd2, 0x79, 0xb8, 0xa9,
153 0x6e, 0x03, 0xc2, 0xa3, 0xb9, 0xa3, 0xe1, 0x4b, 0x2a, 0xb3, 0xf8, 0xb4,
154 0xcd, 0xea, 0xbe, 0x24, 0xa6, 0x57, 0x5b, 0x83, 0x1f, 0x0f, 0xf2, 0xd3,
155 0xb7, 0xac, 0x7e, 0xd6, 0x8e, 0x6e, 0x1e, 0xbf, 0xb8, 0x73, 0x8c, 0x05,
156 0x56, 0xe6, 0x35, 0x1f, 0xe9, 0x04, 0x0b, 0x09, 0x86, 0x7d, 0xf1, 0x26,
157 0x08, 0x99, 0xad, 0x7b, 0xc8, 0x4d, 0x94, 0xb0, 0x0b, 0x8b, 0x38, 0xa0,
158 0x5c, 0x62, 0xa0, 0xab, 0xd3, 0x8f, 0xd4, 0x09, 0x60, 0x72, 0x1e, 0x33,
159 0x50, 0x80, 0x6e, 0x22, 0xa6, 0x77, 0x57, 0x6b, 0x9a, 0x33, 0x21, 0x66,
160 0x87, 0x6e, 0x21, 0x7b, 0xc7, 0x24, 0x0e, 0xd8, 0x13, 0xdf, 0x83, 0xde,
161 0xcd, 0x40, 0x58, 0x1d, 0x84, 0x86, 0xeb, 0xb8, 0x12, 0x4e, 0xd2, 0xfa,
162 0x80, 0x1f, 0xe4, 0xe7, 0x96, 0x29, 0xb8, 0xcc, 0xce, 0x66, 0x6d, 0x53,
163 0xca, 0xb9, 0x5a, 0xd7, 0xf6, 0x84, 0x6c, 0x2d, 0x9a, 0x1a, 0x14, 0x1c,
164 0x4e, 0x93, 0x39, 0xba, 0x74, 0xed, 0xed, 0x87, 0x87, 0x5e, 0x48, 0x75,
165 0x36, 0xf0, 0xbc, 0x34, 0xfb, 0x29, 0xf9, 0x9f, 0x96, 0x5b, 0x0b, 0xa7,
166 0x54, 0x30, 0x51, 0x29, 0x18, 0x5b, 0x7d, 0xac, 0x0f, 0xd6, 0x5f, 0x7c,
167 0xf8, 0x98, 0x8c, 0xd8, 0x86, 0x62, 0xb3, 0xdc, 0xff, 0x0f, 0xff, 0x7a,
168 0xaf, 0x5c, 0x4c, 0x61, 0x49, 0x2e, 0xc8, 0x95, 0x86, 0xc4, 0x0e, 0x87,
169 0xfc, 0x1d, 0xcf, 0x8b, 0x7c, 0x61, 0xf6, 0xd8, 0xd0, 0x69, 0xf6, 0xcd,
170 0x8a, 0x8c, 0xf6, 0x62, 0xa2, 0x56, 0xa9, 0xe3, 0xd1, 0xcf, 0x4d, 0xa0,
171 0xf6, 0x2d, 0x20, 0x0a, 0x04, 0xb7, 0xa2, 0xf7, 0xb5, 0x99, 0x47, 0x18,
172 0x56, 0x85, 0x87, 0xc7, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01,
173 0x01, 0x00, 0x99, 0x41, 0x38, 0x1a, 0xd0, 0x96, 0x7a, 0xf0, 0x83, 0xd5,
174 0xdf, 0x94, 0xce, 0x89, 0x3d, 0xec, 0x7a, 0x52, 0x21, 0x10, 0x16, 0x06,
175 0xe0, 0xee, 0xd2, 0xe6, 0xfd, 0x4b, 0x7b, 0x19, 0x4d, 0xe1, 0xc0, 0xc0,
176 0xd5, 0x14, 0x5d, 0x79, 0xdd, 0x7e, 0x8b, 0x4b, 0xc6, 0xcf, 0xb0, 0x75,
177 0x52, 0xa3, 0x2d, 0xb1, 0x26, 0x46, 0x68, 0x9c, 0x0a, 0x1a, 0xf2, 0xe1,
178 0x09, 0xac, 0x53, 0x85, 0x8c, 0x36, 0xa9, 0x14, 0x65, 0xea, 0xa0, 0x00,
179 0xcb, 0xe3, 0x3f, 0xc4, 0x2b, 0x61, 0x2e, 0x6b, 0x06, 0x69, 0x77, 0xfd,
180 0x38, 0x7e, 0x1d, 0x3f, 0x92, 0xe7, 0x77, 0x08, 0x19, 0xa7, 0x9d, 0x29,
181 0x2d, 0xdc, 0x42, 0xc6, 0x7c, 0xd7, 0xd3, 0xa8, 0x01, 0x2c, 0xf2, 0xd5,
182 0x82, 0x57, 0xcb, 0x55, 0x3d, 0xe7, 0xaa, 0xd2, 0x06, 0x30, 0x30, 0x05,
183 0xe6, 0xf2, 0x47, 0x86, 0xba, 0xc6, 0x61, 0x64, 0xeb, 0x4f, 0x2a, 0x5e,
184 0x07, 0x29, 0xe0, 0x96, 0xb2, 0x43, 0xff, 0x5f, 0x1a, 0x54, 0x16, 0xcf,
185 0xb5, 0x56, 0x5c, 0xa0, 0x9b, 0x0c, 0xfd, 0xb3, 0xd2, 0xe3, 0x79, 0x1d,
186 0x21, 0xe2, 0xd6, 0x13, 0xc4, 0x74, 0xa6, 0xf5, 0x8e, 0x8e, 0x81, 0xbb,
187 0xb4, 0xad, 0x8a, 0xf0, 0x93, 0x0a, 0xd8, 0x0a, 0x42, 0x36, 0xbc, 0xe5,
188 0x26, 0x2a, 0x0d, 0x5d, 0x57, 0x13, 0xc5, 0x4e, 0x2f, 0x12, 0x0e, 0xef,
189 0xa7, 0x81, 0x1e, 0xc3, 0xa5, 0xdb, 0xc9, 0x24, 0xeb, 0x1a, 0xa1, 0xf9,
190 0xf6, 0xa1, 0x78, 0x98, 0x93, 0x77, 0x42, 0x45, 0x03, 0xe2, 0xc9, 0xa2,
191 0xfe, 0x2d, 0x77, 0xc8, 0xc6, 0xac, 0x9b, 0x98, 0x89, 0x6d, 0x9a, 0xe7,
192 0x61, 0x63, 0xb7, 0xf2, 0xec, 0xd6, 0xb1, 0xa1, 0x6e, 0x0a, 0x1a, 0xff,
193 0xfd, 0x43, 0x28, 0xc3, 0x0c, 0xdc, 0xf2, 0x47, 0x4f, 0x27, 0xaa, 0x99,
194 0x04, 0x8e, 0xac, 0xe8, 0x7c, 0x01, 0x02, 0x04, 0x12, 0x34, 0x56, 0x78,
195 0x02, 0x81, 0x81, 0x00, 0xca, 0x69, 0xe5, 0xbb, 0x3a, 0x90, 0x82, 0xcb,
196 0x82, 0x50, 0x2f, 0x29, 0xe2, 0x76, 0x6a, 0x57, 0x55, 0x45, 0x4e, 0x35,
197 0x18, 0x61, 0xe0, 0x12, 0x70, 0xc0, 0xab, 0xc7, 0x80, 0xa2, 0xd4, 0x46,
198 0x34, 0x03, 0xa0, 0x19, 0x26, 0x23, 0x9e, 0xef, 0x1a, 0xcb, 0x75, 0xd6,
199 0xba, 0x81, 0xf4, 0x7e, 0x52, 0xe5, 0x2a, 0xe8, 0xf1, 0x49, 0x6c, 0x0f,
200 0x1a, 0xa0, 0xf9, 0xc6, 0xe7, 0xec, 0x60, 0xe4, 0xcb, 0x2a, 0xb5, 0x56,
201 0xe9, 0x9c, 0xcd, 0x19, 0x75, 0x92, 0xb1, 0x66, 0xce, 0xc3, 0xd9, 0x3d,
202 0x11, 0xcb, 0xc4, 0x09, 0xce, 0x1e, 0x30, 0xba, 0x2f, 0x60, 0x60, 0x55,
203 0x8d, 0x02, 0xdc, 0x5d, 0xaf, 0xf7, 0x52, 0x31, 0x17, 0x07, 0x53, 0x20,
204 0x33, 0xad, 0x8c, 0xd5, 0x2f, 0x5a, 0xd0, 0x57, 0xd7, 0xd1, 0x80, 0xd6,
205 0x3a, 0x9b, 0x04, 0x4f, 0x35, 0xbf, 0xe7, 0xd5, 0xbc, 0x8f, 0xd4, 0x81,
206 0x02, 0x81, 0x81, 0x00, 0xc0, 0x9f, 0xf8, 0xcd, 0xf7, 0x3f, 0x26, 0x8a,
207 0x3d, 0x4d, 0x2b, 0x0c, 0x01, 0xd0, 0xa2, 0xb4, 0x18, 0xfe, 0xf7, 0x5e,
208 0x2f, 0x06, 0x13, 0xcd, 0x63, 0xaa, 0x12, 0xa9, 0x24, 0x86, 0xe3, 0xf3,
209 0x7b, 0xda, 0x1a, 0x3c, 0xb1, 0x38, 0x80, 0x80, 0xef, 0x64, 0x64, 0xa1,
210 0x9b, 0xfe, 0x76, 0x63, 0x8e, 0x83, 0xd2, 0xd9, 0xb9, 0x86, 0xb0, 0xe6,
211 0xa6, 0x0c, 0x7e, 0xa8, 0x84, 0x90, 0x98, 0x0c, 0x1e, 0xf3, 0x14, 0x77,
212 0xe0, 0x5f, 0x81, 0x08, 0x11, 0x8f, 0xa6, 0x23, 0xc4, 0xba, 0xc0, 0x8a,
213 0xe4, 0xc6, 0xe3, 0x5c, 0xbe, 0xc5, 0xec, 0x2c, 0xb9, 0xd8, 0x8c, 0x4d,
214 0x1a, 0x9d, 0xe7, 0x7c, 0x85, 0x4c, 0x0d, 0x71, 0x4e, 0x72, 0x33, 0x1b,
215 0xfe, 0xa9, 0x17, 0x72, 0x76, 0x56, 0x9d, 0x74, 0x7e, 0x52, 0x67, 0x9a,
216 0x87, 0x9a, 0xdb, 0x30, 0xde, 0xe4, 0x49, 0x28, 0x3b, 0xd2, 0x67, 0xaf,
217 0x02, 0x81, 0x81, 0x00, 0x89, 0x74, 0x9a, 0x8e, 0xa7, 0xb9, 0xa5, 0x28,
218 0xc0, 0x68, 0xe5, 0x6e, 0x63, 0x1c, 0x99, 0x20, 0x8f, 0x86, 0x8e, 0x12,
219 0x9e, 0x69, 0x30, 0xfa, 0x34, 0xd9, 0x92, 0x8d, 0xdb, 0x7c, 0x37, 0xfd,
220 0x28, 0xab, 0x61, 0x98, 0x52, 0x7f, 0x14, 0x1a, 0x39, 0xae, 0xfb, 0x6a,
221 0x03, 0xa3, 0xe6, 0xbd, 0xb6, 0x5b, 0x6b, 0xe5, 0x5e, 0x9d, 0xc6, 0xa5,
222 0x07, 0x27, 0x54, 0x17, 0xd0, 0x3d, 0x84, 0x9b, 0x3a, 0xa0, 0xd9, 0x1e,
223 0x99, 0x6c, 0x63, 0x17, 0xab, 0xf1, 0x1f, 0x49, 0xba, 0x95, 0xe3, 0x3b,
224 0x86, 0x8f, 0x42, 0xa4, 0x89, 0xf5, 0x94, 0x8f, 0x8b, 0x46, 0xbe, 0x84,
225 0xba, 0x4a, 0xbc, 0x0d, 0x5f, 0x46, 0xeb, 0xe8, 0xec, 0x43, 0x8c, 0x1e,
226 0xad, 0x19, 0x69, 0x2f, 0x08, 0x86, 0x7a, 0x3f, 0x7d, 0x0f, 0x07, 0x97,
227 0xf3, 0x9a, 0x7b, 0xb5, 0xb2, 0xc1, 0x8c, 0x95, 0x68, 0x04, 0xa0, 0x81,
228 0x02, 0x81, 0x80, 0x4e, 0xbf, 0x7e, 0x1b, 0xcb, 0x13, 0x61, 0x75, 0x3b,
229 0xdb, 0x59, 0x5f, 0xb1, 0xd4, 0xb8, 0xeb, 0x9e, 0x73, 0xb5, 0xe7, 0xf6,
230 0x89, 0x3d, 0x1c, 0xda, 0xf0, 0x36, 0xff, 0x35, 0xbd, 0x1e, 0x0b, 0x74,
231 0xe3, 0x9e, 0xf0, 0xf2, 0xf7, 0xd7, 0x82, 0xb7, 0x7b, 0x6a, 0x1b, 0x0e,
232 0x30, 0x4a, 0x98, 0x0e, 0xb4, 0xf9, 0x81, 0x07, 0xe4, 0x75, 0x39, 0xe9,
233 0x53, 0xca, 0xbb, 0x5c, 0xaa, 0x93, 0x07, 0x0e, 0xa8, 0x2f, 0xba, 0x98,
234 0x49, 0x30, 0xa7, 0xcc, 0x1a, 0x3c, 0x68, 0x0c, 0xe1, 0xa4, 0xb1, 0x05,
235 0xe6, 0xe0, 0x25, 0x78, 0x58, 0x14, 0x37, 0xf5, 0x1f, 0xe3, 0x22, 0xef,
236 0xa8, 0x0e, 0x22, 0xa0, 0x94, 0x3a, 0xf6, 0xc9, 0x13, 0xe6, 0x06, 0xbf,
237 0x7f, 0x99, 0xc6, 0xcc, 0xd8, 0xc6, 0xbe, 0xd9, 0x2e, 0x24, 0xc7, 0x69,
238 0x8c, 0x95, 0xba, 0xf6, 0x04, 0xb3, 0x0a, 0xf4, 0xcb, 0xf0, 0xce,
241 static const unsigned char kMsg[] = { 1, 2, 3, 4 };
243 static const unsigned char kSignature[] = {
244 0xa5, 0xf0, 0x8a, 0x47, 0x5d, 0x3c, 0xb3, 0xcc, 0xa9, 0x79, 0xaf, 0x4d,
245 0x8c, 0xae, 0x4c, 0x14, 0xef, 0xc2, 0x0b, 0x34, 0x36, 0xde, 0xf4, 0x3e,
246 0x3d, 0xbb, 0x4a, 0x60, 0x5c, 0xc8, 0x91, 0x28, 0xda, 0xfb, 0x7e, 0x04,
247 0x96, 0x7e, 0x63, 0x13, 0x90, 0xce, 0xb9, 0xb4, 0x62, 0x7a, 0xfd, 0x09,
248 0x3d, 0xc7, 0x67, 0x78, 0x54, 0x04, 0xeb, 0x52, 0x62, 0x6e, 0x24, 0x67,
249 0xb4, 0x40, 0xfc, 0x57, 0x62, 0xc6, 0xf1, 0x67, 0xc1, 0x97, 0x8f, 0x6a,
250 0xa8, 0xae, 0x44, 0x46, 0x5e, 0xab, 0x67, 0x17, 0x53, 0x19, 0x3a, 0xda,
251 0x5a, 0xc8, 0x16, 0x3e, 0x86, 0xd5, 0xc5, 0x71, 0x2f, 0xfc, 0x23, 0x48,
252 0xd9, 0x0b, 0x13, 0xdd, 0x7b, 0x5a, 0x25, 0x79, 0xef, 0xa5, 0x7b, 0x04,
253 0xed, 0x44, 0xf6, 0x18, 0x55, 0xe4, 0x0a, 0xe9, 0x57, 0x79, 0x5d, 0xd7,
254 0x55, 0xa7, 0xab, 0x45, 0x02, 0x97, 0x60, 0x42,
258 * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS #8
261 static const unsigned char kExampleRSAKeyPKCS8[] = {
262 0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
263 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
264 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
265 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5,
266 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e,
267 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34,
268 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde,
269 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8,
270 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b,
271 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83,
272 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48,
273 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a,
274 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2,
275 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01,
276 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a,
277 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5,
278 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6,
279 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8,
280 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6,
281 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f,
282 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c,
283 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78,
284 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71,
285 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60,
286 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d,
287 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3,
288 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d,
289 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18,
290 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d,
291 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32,
292 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc,
293 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63,
294 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05,
295 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16,
296 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3,
297 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85,
298 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97,
299 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7,
300 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99,
301 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4,
302 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d,
303 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40,
304 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26,
305 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1,
306 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c,
307 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30,
308 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea,
309 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b,
310 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e,
311 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9,
312 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae,
313 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d,
314 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
317 #ifndef OPENSSL_NO_EC
319 * kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey
322 static const unsigned char kExampleECKeyDER[] = {
323 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x07, 0x0f, 0x08, 0x72, 0x7a,
324 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 0x4d, 0x89, 0x68, 0x77, 0x08,
325 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 0xe8, 0xd1, 0xc9, 0xce, 0x0a,
326 0x8b, 0xb4, 0x6a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
327 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69,
328 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c,
329 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9,
330 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18,
331 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16,
332 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22,
337 * kExampleBadECKeyDER is a sample EC private key encoded as an ECPrivateKey
338 * structure. The private key is equal to the order and will fail to import
340 static const unsigned char kExampleBadECKeyDER[] = {
341 0x30, 0x66, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48,
342 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03,
343 0x01, 0x07, 0x04, 0x4C, 0x30, 0x4A, 0x02, 0x01, 0x01, 0x04, 0x20, 0xFF,
344 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
345 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3,
346 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51, 0xA1, 0x23, 0x03, 0x21, 0x00,
347 0x00, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
348 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84,
349 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51
353 static const unsigned char kExampleECPubKeyDER[] = {
354 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
355 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
356 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
357 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
358 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
359 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
360 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
361 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
365 * kExampleBadECPubKeyDER is a sample EC public key with a wrong OID
366 * 1.2.840.10045.2.2 instead of 1.2.840.10045.2.1 - EC Public Key
368 static const unsigned char kExampleBadECPubKeyDER[] = {
369 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
370 0x02, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
371 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
372 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
373 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
374 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
375 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
376 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
379 static const unsigned char pExampleECParamDER[] = {
380 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07
384 typedef struct APK_DATA_st {
385 const unsigned char *kder;
392 int type; /* 0 for private, 1 for public, 2 for params */
395 static APK_DATA keydata[] = {
396 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA},
397 {kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), "RSA", EVP_PKEY_RSA},
398 #ifndef OPENSSL_NO_EC
399 {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC}
403 static APK_DATA keycheckdata[] = {
404 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA, 1, 1, 1, 0},
405 {kExampleBadRSAKeyDER, sizeof(kExampleBadRSAKeyDER), "RSA", EVP_PKEY_RSA,
407 #ifndef OPENSSL_NO_EC
408 {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC, 1, 1, 1, 0},
409 /* group is also associated in our pub key */
410 {kExampleECPubKeyDER, sizeof(kExampleECPubKeyDER), "EC", EVP_PKEY_EC, 0, 1, 1, 1},
411 {pExampleECParamDER, sizeof(pExampleECParamDER), "EC", EVP_PKEY_EC, 0, 0, 1, 2}
415 static EVP_PKEY *load_example_key(const char *keytype,
416 const unsigned char *data, size_t data_len)
418 const unsigned char **pdata = &data;
419 EVP_PKEY *pkey = NULL;
420 OSSL_DECODER_CTX *dctx =
421 OSSL_DECODER_CTX_new_by_EVP_PKEY(&pkey, "DER", NULL, keytype, 0,
424 /* |pkey| will be NULL on error */
425 (void)OSSL_DECODER_from_data(dctx, pdata, &data_len);
426 OSSL_DECODER_CTX_free(dctx);
430 static EVP_PKEY *load_example_rsa_key(void)
432 return load_example_key("RSA", kExampleRSAKeyDER,
433 sizeof(kExampleRSAKeyDER));
436 #ifndef OPENSSL_NO_DSA
437 static EVP_PKEY *load_example_dsa_key(void)
439 return load_example_key("DSA", kExampleDSAKeyDER,
440 sizeof(kExampleDSAKeyDER));
444 static EVP_PKEY *load_example_hmac_key(void)
446 EVP_PKEY *pkey = NULL;
447 unsigned char key[] = {
448 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
449 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
450 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
453 pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, NULL, key, sizeof(key));
460 static int test_EVP_set_default_properties(void)
466 if (!TEST_ptr(ctx = OSSL_LIB_CTX_new())
467 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
472 if (!TEST_true(EVP_set_default_properties(ctx, "provider=fizzbang"))
473 || !TEST_ptr_null(md = EVP_MD_fetch(ctx, "sha256", NULL))
474 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", "-provider")))
479 if (!TEST_true(EVP_set_default_properties(ctx, NULL))
480 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
485 OSSL_LIB_CTX_free(ctx);
489 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA)
491 * Test combinations of private, public, missing and private + public key
492 * params to ensure they are all accepted
494 static int test_EVP_PKEY_ffc_priv_pub(char *keytype)
496 OSSL_PARAM_BLD *bld = NULL;
497 OSSL_PARAM *params = NULL;
498 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
499 EVP_PKEY_CTX *pctx = NULL;
500 EVP_PKEY *pkey = NULL;
504 * Setup the parameters for our pkey object. For our purposes they don't
505 * have to actually be *valid* parameters. We just need to set something.
507 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, keytype, NULL))
508 || !TEST_ptr(p = BN_new())
509 || !TEST_ptr(q = BN_new())
510 || !TEST_ptr(g = BN_new())
511 || !TEST_ptr(pub = BN_new())
512 || !TEST_ptr(priv = BN_new()))
515 /* Test !priv and !pub */
516 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
517 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
518 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
519 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g)))
521 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
524 if (!TEST_int_gt(EVP_PKEY_key_fromdata_init(pctx), 0)
525 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, params), 0))
533 OSSL_PARAM_BLD_free_params(params);
534 OSSL_PARAM_BLD_free(bld);
536 /* Test priv and !pub */
537 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
538 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
539 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
540 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
541 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
544 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
547 if (!TEST_int_gt(EVP_PKEY_key_fromdata_init(pctx), 0)
548 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, params), 0))
556 OSSL_PARAM_BLD_free_params(params);
557 OSSL_PARAM_BLD_free(bld);
559 /* Test !priv and pub */
560 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
561 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
562 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
563 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
564 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
567 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
570 if (!TEST_int_gt(EVP_PKEY_key_fromdata_init(pctx), 0)
571 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, params), 0))
579 OSSL_PARAM_BLD_free_params(params);
580 OSSL_PARAM_BLD_free(bld);
582 /* Test priv and pub */
583 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
584 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
585 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
586 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
587 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
589 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
592 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
595 if (!TEST_int_gt(EVP_PKEY_key_fromdata_init(pctx), 0)
596 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, params), 0))
605 EVP_PKEY_CTX_free(pctx);
606 OSSL_PARAM_BLD_free_params(params);
607 OSSL_PARAM_BLD_free(bld);
616 #endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA */
618 static int test_EVP_Enveloped(void)
621 EVP_CIPHER_CTX *ctx = NULL;
622 EVP_PKEY *keypair = NULL;
623 unsigned char *kek = NULL;
624 unsigned char iv[EVP_MAX_IV_LENGTH];
625 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8 };
626 int len, kek_len, ciphertext_len, plaintext_len;
627 unsigned char ciphertext[32], plaintext[16];
628 const EVP_CIPHER *type = EVP_aes_256_cbc();
630 if (!TEST_ptr(keypair = load_example_rsa_key())
631 || !TEST_ptr(kek = OPENSSL_zalloc(EVP_PKEY_size(keypair)))
632 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
633 || !TEST_true(EVP_SealInit(ctx, type, &kek, &kek_len, iv,
635 || !TEST_true(EVP_SealUpdate(ctx, ciphertext, &ciphertext_len,
637 || !TEST_true(EVP_SealFinal(ctx, ciphertext + ciphertext_len,
641 ciphertext_len += len;
643 if (!TEST_true(EVP_OpenInit(ctx, type, kek, kek_len, iv, keypair))
644 || !TEST_true(EVP_OpenUpdate(ctx, plaintext, &plaintext_len,
645 ciphertext, ciphertext_len))
646 || !TEST_true(EVP_OpenFinal(ctx, plaintext + plaintext_len, &len)))
649 plaintext_len += len;
650 if (!TEST_mem_eq(msg, sizeof(msg), plaintext, plaintext_len))
656 EVP_PKEY_free(keypair);
657 EVP_CIPHER_CTX_free(ctx);
662 * Test 0: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, RSA)
663 * Test 1: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, DSA)
664 * Test 2: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, HMAC)
665 * Test 3: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, RSA)
666 * Test 4: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, DSA)
667 * Test 5: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch diegst, HMAC)
668 * Test 6: Use an MD BIO to do the Update calls instead (RSA)
669 * Test 7: Use an MD BIO to do the Update calls instead (DSA)
670 * Test 8: Use an MD BIO to do the Update calls instead (HMAC)
672 static int test_EVP_DigestSignInit(int tst)
675 EVP_PKEY *pkey = NULL;
676 unsigned char *sig = NULL;
678 EVP_MD_CTX *md_ctx = NULL, *md_ctx_verify = NULL;
679 EVP_MD_CTX *a_md_ctx = NULL, *a_md_ctx_verify = NULL;
680 BIO *mdbio = NULL, *membio = NULL;
683 EVP_MD *mdexp = NULL;
686 membio = BIO_new(BIO_s_mem());
687 mdbio = BIO_new(BIO_f_md());
688 if (!TEST_ptr(membio) || !TEST_ptr(mdbio))
690 BIO_push(mdbio, membio);
691 if (!TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx), 0))
694 if (!TEST_ptr(a_md_ctx = md_ctx = EVP_MD_CTX_new())
695 || !TEST_ptr(a_md_ctx_verify = md_ctx_verify = EVP_MD_CTX_new()))
699 if (tst == 0 || tst == 3 || tst == 6) {
700 if (!TEST_ptr(pkey = load_example_rsa_key()))
702 } else if (tst == 1 || tst == 4 || tst == 7) {
703 #ifndef OPENSSL_NO_DSA
704 if (!TEST_ptr(pkey = load_example_dsa_key()))
711 if (!TEST_ptr(pkey = load_example_hmac_key()))
715 if (tst >= 3 && tst <= 5)
716 md = mdexp = EVP_MD_fetch(NULL, "SHA256", NULL);
720 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, md, NULL, pkey)))
724 if (!BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written))
727 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
731 /* Determine the size of the signature. */
732 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len))
733 || !TEST_ptr(sig = OPENSSL_malloc(sig_len))
734 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
738 if (!TEST_int_gt(BIO_reset(mdbio), 0)
739 || !TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx_verify), 0))
744 * Ensure that the signature round-trips (Verification isn't supported for
745 * HMAC via EVP_DigestVerify*)
747 if (tst != 2 && tst != 5 && tst != 8) {
748 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, md,
753 if (!TEST_true(BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written)))
756 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg,
760 if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)))
769 EVP_MD_CTX_free(a_md_ctx);
770 EVP_MD_CTX_free(a_md_ctx_verify);
778 static int test_EVP_DigestVerifyInit(void)
781 EVP_PKEY *pkey = NULL;
782 EVP_MD_CTX *md_ctx = NULL;
784 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new())
785 || !TEST_ptr(pkey = load_example_rsa_key()))
788 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, EVP_sha256(), NULL, pkey))
789 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)))
790 || !TEST_true(EVP_DigestVerifyFinal(md_ctx, kSignature,
791 sizeof(kSignature))))
796 EVP_MD_CTX_free(md_ctx);
802 * Test corner cases of EVP_DigestInit/Update/Final API call behavior.
804 static int test_EVP_Digest(void)
807 EVP_MD_CTX *md_ctx = NULL;
808 unsigned char md[EVP_MAX_MD_SIZE];
810 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
813 if (!TEST_true(EVP_DigestInit_ex(md_ctx, EVP_sha256(), NULL))
814 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
815 || !TEST_true(EVP_DigestFinal(md_ctx, md, NULL))
816 /* EVP_DigestFinal resets the EVP_MD_CTX. */
817 || !TEST_ptr_eq(EVP_MD_CTX_md(md_ctx), NULL))
820 if (!TEST_true(EVP_DigestInit_ex(md_ctx, EVP_sha256(), NULL))
821 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
822 || !TEST_true(EVP_DigestFinal_ex(md_ctx, md, NULL))
823 /* EVP_DigestFinal_ex does not reset the EVP_MD_CTX. */
824 || !TEST_ptr(EVP_MD_CTX_md(md_ctx))
826 * EVP_DigestInit_ex with NULL type should work on
827 * pre-initialized context.
829 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
832 if (!TEST_true(EVP_DigestInit_ex(md_ctx, EVP_shake256(), NULL))
833 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
834 || !TEST_true(EVP_DigestFinalXOF(md_ctx, md, sizeof(md)))
835 /* EVP_DigestFinalXOF does not reset the EVP_MD_CTX. */
836 || !TEST_ptr(EVP_MD_CTX_md(md_ctx))
837 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
842 EVP_MD_CTX_free(md_ctx);
846 static int test_d2i_AutoPrivateKey(int i)
849 const unsigned char *p;
850 EVP_PKEY *pkey = NULL;
851 const APK_DATA *ak = &keydata[i];
852 const unsigned char *input = ak->kder;
853 size_t input_len = ak->size;
854 int expected_id = ak->evptype;
857 if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len))
858 || !TEST_ptr_eq(p, input + input_len)
859 || !TEST_int_eq(EVP_PKEY_id(pkey), expected_id))
869 #ifndef OPENSSL_NO_EC
871 static const unsigned char ec_public_sect163k1_validxy[] = {
872 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
873 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
874 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
875 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x02, 0xd1, 0x7b,
876 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
877 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
880 static const unsigned char ec_public_sect163k1_badx[] = {
881 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
882 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
883 0x0a, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
884 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0xb0, 0x02, 0xd1, 0x7b,
885 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
886 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
889 static const unsigned char ec_public_sect163k1_bady[] = {
890 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
891 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
892 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
893 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x0a, 0xd1, 0x7b,
894 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
895 0x6a, 0xd8, 0x17, 0x65, 0x41, 0xe6
898 static struct ec_der_pub_keys_st {
899 const unsigned char *der;
902 } ec_der_pub_keys[] = {
903 { ec_public_sect163k1_validxy, sizeof(ec_public_sect163k1_validxy), 1 },
904 { ec_public_sect163k1_badx, sizeof(ec_public_sect163k1_badx), 0 },
905 { ec_public_sect163k1_bady, sizeof(ec_public_sect163k1_bady), 0 },
909 * Tests the range of the decoded EC char2 public point.
910 * See ec_GF2m_simple_oct2point().
912 static int test_invalide_ec_char2_pub_range_decode(int id)
917 pkey = load_example_key("EC", ec_der_pub_keys[id].der,
918 ec_der_pub_keys[id].len);
920 ret = (ec_der_pub_keys[id].valid && TEST_ptr(pkey))
921 || TEST_ptr_null(pkey);
926 /* Tests loading a bad key in PKCS8 format */
927 static int test_EVP_PKCS82PKEY(void)
930 const unsigned char *derp = kExampleBadECKeyDER;
931 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
932 EVP_PKEY *pkey = NULL;
934 if (!TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &derp,
935 sizeof(kExampleBadECKeyDER))))
938 if (!TEST_ptr_eq(derp,
939 kExampleBadECKeyDER + sizeof(kExampleBadECKeyDER)))
942 if (!TEST_ptr_null(pkey = EVP_PKCS82PKEY(p8inf)))
948 PKCS8_PRIV_KEY_INFO_free(p8inf);
955 /* This uses kExampleRSAKeyDER and kExampleRSAKeyPKCS8 to verify encoding */
956 static int test_privatekey_to_pkcs8(void)
958 EVP_PKEY *pkey = NULL;
964 if (!TEST_ptr(membio = BIO_new(BIO_s_mem()))
965 || !TEST_ptr(pkey = load_example_rsa_key())
966 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL,
967 NULL, 0, NULL, NULL),
969 || !TEST_int_gt(membuf_len = BIO_get_mem_data(membio, &membuf), 0)
971 || !TEST_mem_eq(membuf, (size_t)membuf_len,
972 kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8))
974 * We try to write PEM as well, just to see that it doesn't err, but
975 * assume that the result is correct.
977 || !TEST_int_gt(PEM_write_bio_PKCS8PrivateKey(membio, pkey, NULL,
978 NULL, 0, NULL, NULL),
985 BIO_free_all(membio);
989 #ifndef OPENSSL_NO_EC
990 static const struct {
992 const char *encoding_name;
994 { OPENSSL_EC_EXPLICIT_CURVE, OSSL_PKEY_EC_ENCODING_EXPLICIT },
995 { OPENSSL_EC_NAMED_CURVE, OSSL_PKEY_EC_ENCODING_GROUP }
998 static int ec_export_get_encoding_cb(const OSSL_PARAM params[], void *arg)
1000 const OSSL_PARAM *p;
1001 const char *enc_name = NULL;
1007 if (!TEST_ptr(p = OSSL_PARAM_locate_const(params,
1008 OSSL_PKEY_PARAM_EC_ENCODING))
1009 || !TEST_true(OSSL_PARAM_get_utf8_string_ptr(p, &enc_name)))
1012 for (i = 0; i < OSSL_NELEM(ec_encodings); i++) {
1013 if (strcasecmp(enc_name, ec_encodings[i].encoding_name) == 0) {
1014 *enc = ec_encodings[i].encoding;
1019 return (*enc != -1);
1022 static int test_EC_keygen_with_enc(int idx)
1024 EVP_PKEY *params = NULL, *key = NULL;
1025 EVP_PKEY_CTX *pctx = NULL, *kctx = NULL;
1029 enc = ec_encodings[idx].encoding;
1031 /* Create key parameters */
1032 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "EC", NULL))
1033 || !TEST_true(EVP_PKEY_paramgen_init(pctx))
1034 || !TEST_true(EVP_PKEY_CTX_set_group_name(pctx, "P-256"))
1035 || !TEST_true(EVP_PKEY_CTX_set_ec_param_enc(pctx, enc))
1036 || !TEST_true(EVP_PKEY_paramgen(pctx, ¶ms))
1037 || !TEST_ptr(params))
1041 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx, params, NULL))
1042 || !TEST_true(EVP_PKEY_keygen_init(kctx))
1043 || !TEST_true(EVP_PKEY_keygen(kctx, &key))
1047 /* Check that the encoding got all the way into the key */
1048 if (!TEST_true(evp_keymgmt_util_export(key, OSSL_KEYMGMT_SELECT_ALL,
1049 ec_export_get_encoding_cb, &enc))
1050 || !TEST_int_eq(enc, ec_encodings[idx].encoding))
1056 EVP_PKEY_free(params);
1057 EVP_PKEY_CTX_free(kctx);
1058 EVP_PKEY_CTX_free(pctx);
1063 #if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
1065 static int test_EVP_SM2_verify(void)
1067 const char *pubkey =
1068 "-----BEGIN PUBLIC KEY-----\n"
1069 "MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEp1KLWq1ZE2jmoAnnBJE1LBGxVr18\n"
1070 "YvvqECWCpXfAQ9qUJ+UmthnUPf0iM3SaXKHe6PlLIDyNlWMWb9RUh/yU3g==\n"
1071 "-----END PUBLIC KEY-----\n";
1073 const char *msg = "message digest";
1074 const char *id = "ALICE123@YAHOO.COM";
1076 const uint8_t signature[] = {
1077 0x30, 0x44, 0x02, 0x20, 0x5b, 0xdb, 0xab, 0x81, 0x4f, 0xbb,
1078 0x8b, 0x69, 0xb1, 0x05, 0x9c, 0x99, 0x3b, 0xb2, 0x45, 0x06,
1079 0x4a, 0x30, 0x15, 0x59, 0x84, 0xcd, 0xee, 0x30, 0x60, 0x36,
1080 0x57, 0x87, 0xef, 0x5c, 0xd0, 0xbe, 0x02, 0x20, 0x43, 0x8d,
1081 0x1f, 0xc7, 0x77, 0x72, 0x39, 0xbb, 0x72, 0xe1, 0xfd, 0x07,
1082 0x58, 0xd5, 0x82, 0xc8, 0x2d, 0xba, 0x3b, 0x2c, 0x46, 0x24,
1083 0xe3, 0x50, 0xff, 0x04, 0xc7, 0xa0, 0x71, 0x9f, 0xa4, 0x70
1088 EVP_PKEY *pkey = NULL;
1089 EVP_MD_CTX *mctx = NULL;
1090 EVP_PKEY_CTX *pctx = NULL;
1092 bio = BIO_new_mem_buf(pubkey, strlen(pubkey));
1093 if (!TEST_true(bio != NULL))
1096 pkey = PEM_read_bio_PUBKEY(bio, NULL, NULL, NULL);
1097 if (!TEST_true(pkey != NULL))
1100 if (!TEST_true(EVP_PKEY_is_a(pkey, "SM2")))
1103 if (!TEST_ptr(mctx = EVP_MD_CTX_new()))
1106 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new(pkey, NULL)))
1109 EVP_MD_CTX_set_pkey_ctx(mctx, pctx);
1111 if (!TEST_true(EVP_DigestVerifyInit(mctx, NULL, EVP_sm3(), NULL, pkey)))
1114 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(pctx, id, strlen(id)), 0))
1117 if (!TEST_true(EVP_DigestVerifyUpdate(mctx, msg, strlen(msg))))
1120 if (!TEST_true(EVP_DigestVerifyFinal(mctx, signature, sizeof(signature))))
1126 EVP_PKEY_free(pkey);
1127 EVP_PKEY_CTX_free(pctx);
1128 EVP_MD_CTX_free(mctx);
1132 static int test_EVP_SM2(void)
1135 EVP_PKEY *pkey = NULL;
1136 EVP_PKEY *pkeyparams = NULL;
1137 EVP_PKEY_CTX *pctx = NULL;
1138 EVP_PKEY_CTX *kctx = NULL;
1139 EVP_PKEY_CTX *sctx = NULL;
1141 unsigned char *sig = NULL;
1142 EVP_MD_CTX *md_ctx = NULL;
1143 EVP_MD_CTX *md_ctx_verify = NULL;
1144 EVP_PKEY_CTX *cctx = NULL;
1146 uint8_t ciphertext[128];
1147 size_t ctext_len = sizeof(ciphertext);
1149 uint8_t plaintext[8];
1150 size_t ptext_len = sizeof(plaintext);
1152 uint8_t sm2_id[] = {1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r'};
1154 OSSL_PARAM sparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
1155 OSSL_PARAM gparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
1159 pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_SM2, NULL);
1160 if (!TEST_ptr(pctx))
1163 if (!TEST_true(EVP_PKEY_paramgen_init(pctx) == 1))
1166 /* TODO is this even needed? */
1167 if (!TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, NID_sm2)))
1170 if (!TEST_true(EVP_PKEY_paramgen(pctx, &pkeyparams)))
1173 kctx = EVP_PKEY_CTX_new(pkeyparams, NULL);
1174 if (!TEST_ptr(kctx))
1177 if (!TEST_true(EVP_PKEY_keygen_init(kctx)))
1180 if (!TEST_true(EVP_PKEY_keygen(kctx, &pkey)))
1183 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1186 if (!TEST_ptr(md_ctx_verify = EVP_MD_CTX_new()))
1189 if (!TEST_ptr(sctx = EVP_PKEY_CTX_new(pkey, NULL)))
1192 EVP_MD_CTX_set_pkey_ctx(md_ctx, sctx);
1193 EVP_MD_CTX_set_pkey_ctx(md_ctx_verify, sctx);
1195 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, EVP_sm3(), NULL, pkey)))
1198 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
1201 if(!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
1204 /* Determine the size of the signature. */
1205 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len)))
1208 if (!TEST_ptr(sig = OPENSSL_malloc(sig_len)))
1211 if (!TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
1214 /* Ensure that the signature round-trips. */
1216 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, EVP_sm3(), NULL, pkey)))
1219 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
1222 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg))))
1225 if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)))
1228 /* now check encryption/decryption */
1230 gparams[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
1231 mdname, sizeof(mdname));
1232 for (i = 0; i < 2; i++) {
1233 EVP_PKEY_CTX_free(cctx);
1235 sparams[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
1236 i == 0 ? "SM3" : "SHA2-256",
1239 if (!TEST_ptr(cctx = EVP_PKEY_CTX_new(pkey, NULL)))
1242 if (!TEST_true(EVP_PKEY_encrypt_init(cctx)))
1245 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
1248 if (!TEST_true(EVP_PKEY_encrypt(cctx, ciphertext, &ctext_len, kMsg,
1252 if (!TEST_true(EVP_PKEY_decrypt_init(cctx)))
1255 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
1258 if (!TEST_true(EVP_PKEY_decrypt(cctx, plaintext, &ptext_len, ciphertext,
1262 if (!TEST_true(EVP_PKEY_CTX_get_params(cctx, gparams)))
1265 /* Test we're still using the digest we think we are */
1266 if (i == 0 && !TEST_int_eq(strcmp(mdname, "SM3"), 0))
1268 if (i == 1 && !TEST_int_eq(strcmp(mdname, "SHA2-256"), 0))
1271 if (!TEST_true(ptext_len == sizeof(kMsg)))
1274 if (!TEST_true(memcmp(plaintext, kMsg, sizeof(kMsg)) == 0))
1280 EVP_PKEY_CTX_free(pctx);
1281 EVP_PKEY_CTX_free(kctx);
1282 EVP_PKEY_CTX_free(sctx);
1283 EVP_PKEY_CTX_free(cctx);
1284 EVP_PKEY_free(pkey);
1285 EVP_PKEY_free(pkeyparams);
1286 EVP_MD_CTX_free(md_ctx);
1287 EVP_MD_CTX_free(md_ctx_verify);
1294 static struct keys_st {
1300 EVP_PKEY_HMAC, "0123456789", NULL
1302 EVP_PKEY_POLY1305, "01234567890123456789012345678901", NULL
1304 EVP_PKEY_SIPHASH, "0123456789012345", NULL
1306 #ifndef OPENSSL_NO_EC
1308 EVP_PKEY_X25519, "01234567890123456789012345678901",
1309 "abcdefghijklmnopqrstuvwxyzabcdef"
1311 EVP_PKEY_ED25519, "01234567890123456789012345678901",
1312 "abcdefghijklmnopqrstuvwxyzabcdef"
1315 "01234567890123456789012345678901234567890123456789012345",
1316 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd"
1319 "012345678901234567890123456789012345678901234567890123456",
1320 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcde"
1325 static int test_set_get_raw_keys_int(int tst, int pub, int uselibctx)
1328 unsigned char buf[80];
1330 size_t inlen, len = 0;
1333 /* Check if this algorithm supports public keys */
1334 if (keys[tst].pub == NULL)
1337 memset(buf, 0, sizeof(buf));
1340 inlen = strlen(keys[tst].pub);
1341 in = (unsigned char *)keys[tst].pub;
1343 pkey = EVP_PKEY_new_raw_public_key_ex(
1345 OBJ_nid2sn(keys[tst].type),
1350 pkey = EVP_PKEY_new_raw_public_key(keys[tst].type,
1356 inlen = strlen(keys[tst].priv);
1357 in = (unsigned char *)keys[tst].priv;
1359 pkey = EVP_PKEY_new_raw_private_key_ex(
1360 testctx, OBJ_nid2sn(keys[tst].type),
1365 pkey = EVP_PKEY_new_raw_private_key(keys[tst].type,
1373 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, NULL, &len)))
1374 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, NULL, &len)))
1375 || !TEST_true(len == inlen)
1376 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, buf, &len)))
1377 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, buf, &len)))
1378 || !TEST_mem_eq(in, inlen, buf, len))
1383 EVP_PKEY_free(pkey);
1387 static int test_set_get_raw_keys(int tst)
1389 return test_set_get_raw_keys_int(tst, 0, 0)
1390 && test_set_get_raw_keys_int(tst, 0, 1)
1391 && test_set_get_raw_keys_int(tst, 1, 0)
1392 && test_set_get_raw_keys_int(tst, 1, 1);
1395 #ifndef OPENSSL_NO_DEPRECATED_3_0
1396 static int pkey_custom_check(EVP_PKEY *pkey)
1401 static int pkey_custom_pub_check(EVP_PKEY *pkey)
1406 static int pkey_custom_param_check(EVP_PKEY *pkey)
1411 static EVP_PKEY_METHOD *custom_pmeth;
1414 static int test_EVP_PKEY_check(int i)
1417 EVP_PKEY *pkey = NULL;
1418 EVP_PKEY_CTX *ctx = NULL;
1419 #ifndef OPENSSL_NO_DEPRECATED_3_0
1420 EVP_PKEY_CTX *ctx2 = NULL;
1422 const APK_DATA *ak = &keycheckdata[i];
1423 const unsigned char *input = ak->kder;
1424 size_t input_len = ak->size;
1425 int expected_id = ak->evptype;
1426 int expected_check = ak->check;
1427 int expected_pub_check = ak->pub_check;
1428 int expected_param_check = ak->param_check;
1429 int type = ak->type;
1431 if (!TEST_ptr(pkey = load_example_key(ak->keytype, input, input_len)))
1434 && !TEST_int_eq(EVP_PKEY_id(pkey), expected_id))
1437 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new(pkey, NULL)))
1440 if (!TEST_int_eq(EVP_PKEY_check(ctx), expected_check))
1443 if (!TEST_int_eq(EVP_PKEY_public_check(ctx), expected_pub_check))
1446 if (!TEST_int_eq(EVP_PKEY_param_check(ctx), expected_param_check))
1449 #ifndef OPENSSL_NO_DEPRECATED_3_0
1450 ctx2 = EVP_PKEY_CTX_new_id(0xdefaced, NULL);
1451 /* assign the pkey directly, as an internal test */
1452 EVP_PKEY_up_ref(pkey);
1455 if (!TEST_int_eq(EVP_PKEY_check(ctx2), 0xbeef))
1458 if (!TEST_int_eq(EVP_PKEY_public_check(ctx2), 0xbeef))
1461 if (!TEST_int_eq(EVP_PKEY_param_check(ctx2), 0xbeef))
1468 EVP_PKEY_CTX_free(ctx);
1469 #ifndef OPENSSL_NO_DEPRECATED_3_0
1470 EVP_PKEY_CTX_free(ctx2);
1472 EVP_PKEY_free(pkey);
1476 #ifndef OPENSSL_NO_CMAC
1477 static int get_cmac_val(EVP_PKEY *pkey, unsigned char *mac)
1479 EVP_MD_CTX *mdctx = EVP_MD_CTX_new();
1480 const char msg[] = "Hello World";
1484 if (!TEST_ptr(mdctx)
1485 || !TEST_true(EVP_DigestSignInit(mdctx, NULL, NULL, NULL, pkey))
1486 || !TEST_true(EVP_DigestSignUpdate(mdctx, msg, sizeof(msg)))
1487 || !TEST_true(EVP_DigestSignFinal(mdctx, mac, &maclen))
1488 || !TEST_size_t_eq(maclen, AES_BLOCK_SIZE))
1491 EVP_MD_CTX_free(mdctx);
1495 static int test_CMAC_keygen(void)
1497 static unsigned char key[] = {
1498 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
1499 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
1500 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
1503 * This is a legacy method for CMACs, but should still work.
1504 * This verifies that it works without an ENGINE.
1506 EVP_PKEY_CTX *kctx = EVP_PKEY_CTX_new_id(EVP_PKEY_CMAC, NULL);
1508 EVP_PKEY *pkey = NULL;
1509 unsigned char mac[AES_BLOCK_SIZE];
1510 # if !defined(OPENSSL_NO_DEPRECATED_3_0)
1511 unsigned char mac2[AES_BLOCK_SIZE];
1514 /* Test a CMAC key created using the "generated" method */
1515 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0)
1516 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
1517 EVP_PKEY_CTRL_CIPHER,
1518 0, (void *)EVP_aes_256_ecb()), 0)
1519 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
1520 EVP_PKEY_CTRL_SET_MAC_KEY,
1521 sizeof(key), (void *)key), 0)
1522 || !TEST_int_gt(EVP_PKEY_keygen(kctx, &pkey), 0)
1524 || !TEST_true(get_cmac_val(pkey, mac)))
1527 # if !defined(OPENSSL_NO_DEPRECATED_3_0)
1528 EVP_PKEY_free(pkey);
1531 * Test a CMAC key using the direct method, and compare with the mac
1534 pkey = EVP_PKEY_new_CMAC_key(NULL, key, sizeof(key), EVP_aes_256_ecb());
1536 || !TEST_true(get_cmac_val(pkey, mac2))
1537 || !TEST_mem_eq(mac, sizeof(mac), mac2, sizeof(mac2)))
1544 EVP_PKEY_free(pkey);
1545 EVP_PKEY_CTX_free(kctx);
1550 static int test_HKDF(void)
1553 unsigned char out[20];
1556 unsigned char salt[] = "0123456789";
1557 unsigned char key[] = "012345678901234567890123456789";
1558 unsigned char info[] = "infostring";
1559 const unsigned char expected[] = {
1560 0xe5, 0x07, 0x70, 0x7f, 0xc6, 0x78, 0xd6, 0x54, 0x32, 0x5f, 0x7e, 0xc5,
1561 0x7b, 0x59, 0x3e, 0xd8, 0x03, 0x6b, 0xed, 0xca
1563 size_t expectedlen = sizeof(expected);
1565 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL)))
1568 /* We do this twice to test reuse of the EVP_PKEY_CTX */
1569 for (i = 0; i < 2; i++) {
1570 outlen = sizeof(out);
1571 memset(out, 0, outlen);
1573 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
1574 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
1575 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
1576 sizeof(salt) - 1), 0)
1577 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
1578 sizeof(key) - 1), 0)
1579 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
1580 sizeof(info) - 1), 0)
1581 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
1582 || !TEST_mem_eq(out, outlen, expected, expectedlen))
1589 EVP_PKEY_CTX_free(pctx);
1594 static int test_emptyikm_HKDF(void)
1597 unsigned char out[20];
1600 unsigned char salt[] = "9876543210";
1601 unsigned char key[] = "";
1602 unsigned char info[] = "stringinfo";
1603 const unsigned char expected[] = {
1604 0x68, 0x81, 0xa5, 0x3e, 0x5b, 0x9c, 0x7b, 0x6f, 0x2e, 0xec, 0xc8, 0x47,
1605 0x7c, 0xfa, 0x47, 0x35, 0x66, 0x82, 0x15, 0x30
1607 size_t expectedlen = sizeof(expected);
1609 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL)))
1612 outlen = sizeof(out);
1613 memset(out, 0, outlen);
1615 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
1616 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
1617 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
1618 sizeof(salt) - 1), 0)
1619 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
1620 sizeof(key) - 1), 0)
1621 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
1622 sizeof(info) - 1), 0)
1623 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
1624 || !TEST_mem_eq(out, outlen, expected, expectedlen))
1630 EVP_PKEY_CTX_free(pctx);
1635 #ifndef OPENSSL_NO_EC
1636 static int test_X509_PUBKEY_inplace(void)
1639 X509_PUBKEY *xp = NULL;
1640 const unsigned char *p = kExampleECPubKeyDER;
1641 size_t input_len = sizeof(kExampleECPubKeyDER);
1643 if (!TEST_ptr(xp = d2i_X509_PUBKEY(NULL, &p, input_len)))
1646 if (!TEST_ptr(X509_PUBKEY_get0(xp)))
1649 p = kExampleBadECPubKeyDER;
1650 input_len = sizeof(kExampleBadECPubKeyDER);
1652 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len)))
1655 if (!TEST_true(X509_PUBKEY_get0(xp) == NULL))
1661 X509_PUBKEY_free(xp);
1664 #endif /* OPENSSL_NO_EC */
1666 /* Test getting and setting parameters on an EVP_PKEY_CTX */
1667 static int test_EVP_PKEY_CTX_get_set_params(EVP_PKEY *pkey)
1669 EVP_MD_CTX *mdctx = NULL;
1670 EVP_PKEY_CTX *ctx = NULL;
1671 const OSSL_PARAM *params;
1672 OSSL_PARAM ourparams[2], *param = ourparams, *param_md;
1675 char mdname[OSSL_MAX_NAME_SIZE];
1678 /* Initialise a sign operation */
1679 ctx = EVP_PKEY_CTX_new(pkey, NULL);
1681 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0))
1685 * We should be able to query the parameters now.
1687 params = EVP_PKEY_CTX_settable_params(ctx);
1688 if (!TEST_ptr(params)
1689 || !TEST_ptr(OSSL_PARAM_locate_const(params,
1690 OSSL_SIGNATURE_PARAM_DIGEST)))
1693 params = EVP_PKEY_CTX_gettable_params(ctx);
1694 if (!TEST_ptr(params)
1695 || !TEST_ptr(OSSL_PARAM_locate_const(params,
1696 OSSL_SIGNATURE_PARAM_ALGORITHM_ID))
1697 || !TEST_ptr(OSSL_PARAM_locate_const(params,
1698 OSSL_SIGNATURE_PARAM_DIGEST)))
1702 * Test getting and setting params via EVP_PKEY_CTX_set_params() and
1703 * EVP_PKEY_CTX_get_params()
1705 strcpy(mdname, "SHA512");
1707 *param++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
1709 *param++ = OSSL_PARAM_construct_end();
1711 if (!TEST_true(EVP_PKEY_CTX_set_params(ctx, ourparams)))
1715 *param_md = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
1716 mdname, sizeof(mdname));
1717 if (!TEST_true(EVP_PKEY_CTX_get_params(ctx, ourparams))
1718 || !TEST_str_eq(mdname, "SHA512"))
1722 * Test the TEST_PKEY_CTX_set_signature_md() and
1723 * TEST_PKEY_CTX_get_signature_md() functions
1725 if (!TEST_int_gt(EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()), 0)
1726 || !TEST_int_gt(EVP_PKEY_CTX_get_signature_md(ctx, &md), 0)
1727 || !TEST_ptr_eq(md, EVP_sha256()))
1731 * Test getting MD parameters via an associated EVP_PKEY_CTX
1733 mdctx = EVP_MD_CTX_new();
1734 if (!TEST_ptr(mdctx)
1735 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, "SHA1", NULL, NULL,
1740 * We now have an EVP_MD_CTX with an EVP_PKEY_CTX inside it. We should be
1741 * able to obtain the digest's settable parameters from the provider.
1743 params = EVP_MD_CTX_settable_params(mdctx);
1744 if (!TEST_ptr(params)
1745 || !TEST_int_eq(strcmp(params[0].key, OSSL_DIGEST_PARAM_SSL3_MS), 0)
1746 /* The final key should be NULL */
1747 || !TEST_ptr_null(params[1].key))
1751 memset(ssl3ms, 0, sizeof(ssl3ms));
1752 *param++ = OSSL_PARAM_construct_octet_string(OSSL_DIGEST_PARAM_SSL3_MS,
1753 ssl3ms, sizeof(ssl3ms));
1754 *param++ = OSSL_PARAM_construct_end();
1756 if (!TEST_true(EVP_MD_CTX_set_params(mdctx, ourparams)))
1762 EVP_MD_CTX_free(mdctx);
1763 EVP_PKEY_CTX_free(ctx);
1768 #ifndef OPENSSL_NO_DSA
1769 static int test_DSA_get_set_params(void)
1771 OSSL_PARAM_BLD *bld = NULL;
1772 OSSL_PARAM *params = NULL;
1773 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
1774 EVP_PKEY_CTX *pctx = NULL;
1775 EVP_PKEY *pkey = NULL;
1779 * Setup the parameters for our DSA object. For our purposes they don't
1780 * have to actually be *valid* parameters. We just need to set something.
1782 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "DSA", NULL))
1783 || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
1784 || !TEST_ptr(p = BN_new())
1785 || !TEST_ptr(q = BN_new())
1786 || !TEST_ptr(g = BN_new())
1787 || !TEST_ptr(pub = BN_new())
1788 || !TEST_ptr(priv = BN_new()))
1790 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
1791 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
1792 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
1793 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
1795 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
1798 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
1801 if (!TEST_int_gt(EVP_PKEY_key_fromdata_init(pctx), 0)
1802 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, params), 0))
1805 if (!TEST_ptr(pkey))
1808 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
1811 EVP_PKEY_free(pkey);
1812 EVP_PKEY_CTX_free(pctx);
1813 OSSL_PARAM_BLD_free_params(params);
1814 OSSL_PARAM_BLD_free(bld);
1825 * Test combinations of private, public, missing and private + public key
1826 * params to ensure they are all accepted
1828 static int test_DSA_priv_pub(void)
1830 return test_EVP_PKEY_ffc_priv_pub("DSA");
1833 #endif /* !OPENSSL_NO_DSA */
1835 static int test_RSA_get_set_params(void)
1837 OSSL_PARAM_BLD *bld = NULL;
1838 OSSL_PARAM *params = NULL;
1839 BIGNUM *n = NULL, *e = NULL, *d = NULL;
1840 EVP_PKEY_CTX *pctx = NULL;
1841 EVP_PKEY *pkey = NULL;
1845 * Setup the parameters for our RSA object. For our purposes they don't
1846 * have to actually be *valid* parameters. We just need to set something.
1848 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA", NULL))
1849 || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
1850 || !TEST_ptr(n = BN_new())
1851 || !TEST_ptr(e = BN_new())
1852 || !TEST_ptr(d = BN_new()))
1854 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_N, n))
1855 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_E, e))
1856 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_D, d)))
1858 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
1861 if (!TEST_int_gt(EVP_PKEY_key_fromdata_init(pctx), 0)
1862 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, params), 0))
1865 if (!TEST_ptr(pkey))
1868 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
1871 EVP_PKEY_free(pkey);
1872 EVP_PKEY_CTX_free(pctx);
1873 OSSL_PARAM_BLD_free_params(params);
1874 OSSL_PARAM_BLD_free(bld);
1882 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
1883 static int test_decrypt_null_chunks(void)
1885 EVP_CIPHER_CTX* ctx = NULL;
1886 const unsigned char key[32] = {
1887 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
1888 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
1889 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1
1891 unsigned char iv[12] = {
1892 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b
1894 unsigned char msg[] = "It was the best of times, it was the worst of times";
1895 unsigned char ciphertext[80];
1896 unsigned char plaintext[80];
1897 /* We initialise tmp to a non zero value on purpose */
1898 int ctlen, ptlen, tmp = 99;
1900 const int enc_offset = 10, dec_offset = 20;
1902 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
1903 || !TEST_true(EVP_EncryptInit_ex(ctx, EVP_chacha20_poly1305(), NULL,
1905 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &ctlen, msg,
1907 /* Deliberate add a zero length update */
1908 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp, NULL,
1910 || !TEST_int_eq(tmp, 0)
1911 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp,
1913 sizeof(msg) - enc_offset))
1914 || !TEST_int_eq(ctlen += tmp, sizeof(msg))
1915 || !TEST_true(EVP_EncryptFinal(ctx, ciphertext + ctlen, &tmp))
1916 || !TEST_int_eq(tmp, 0))
1919 /* Deliberately initialise tmp to a non zero value */
1921 if (!TEST_true(EVP_DecryptInit_ex(ctx, EVP_chacha20_poly1305(), NULL, key,
1923 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext, &ptlen, ciphertext,
1926 * Deliberately add a zero length update. We also deliberately do
1927 * this at a different offset than for encryption.
1929 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp, NULL,
1931 || !TEST_int_eq(tmp, 0)
1932 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp,
1933 ciphertext + dec_offset,
1934 ctlen - dec_offset))
1935 || !TEST_int_eq(ptlen += tmp, sizeof(msg))
1936 || !TEST_true(EVP_DecryptFinal(ctx, plaintext + ptlen, &tmp))
1937 || !TEST_int_eq(tmp, 0)
1938 || !TEST_mem_eq(msg, sizeof(msg), plaintext, ptlen))
1943 EVP_CIPHER_CTX_free(ctx);
1946 #endif /* !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) */
1948 #ifndef OPENSSL_NO_DH
1950 * Test combinations of private, public, missing and private + public key
1951 * params to ensure they are all accepted
1953 static int test_DH_priv_pub(void)
1955 return test_EVP_PKEY_ffc_priv_pub("DH");
1958 # ifndef OPENSSL_NO_DEPRECATED_3_0
1959 static int test_EVP_PKEY_set1_DH(void)
1961 DH *x942dh = NULL, *noqdh = NULL;
1962 EVP_PKEY *pkey1 = NULL, *pkey2 = NULL;
1964 BIGNUM *p, *g = NULL;
1966 if (!TEST_ptr(p = BN_new())
1967 || !TEST_ptr(g = BN_new())
1968 || !BN_set_word(p, 9999)
1969 || !BN_set_word(g, 2)
1970 || !TEST_ptr(noqdh = DH_new())
1971 || !DH_set0_pqg(noqdh, p, NULL, g))
1975 x942dh = DH_get_2048_256();
1976 pkey1 = EVP_PKEY_new();
1977 pkey2 = EVP_PKEY_new();
1978 if (!TEST_ptr(x942dh)
1981 || !TEST_ptr(pkey2))
1984 if(!TEST_true(EVP_PKEY_set1_DH(pkey1, x942dh))
1985 || !TEST_int_eq(EVP_PKEY_id(pkey1), EVP_PKEY_DHX))
1988 if(!TEST_true(EVP_PKEY_set1_DH(pkey2, noqdh))
1989 || !TEST_int_eq(EVP_PKEY_id(pkey2), EVP_PKEY_DH))
1996 EVP_PKEY_free(pkey1);
1997 EVP_PKEY_free(pkey2);
2003 # endif /* !OPENSSL_NO_DEPRECATED_3_0 */
2004 #endif /* !OPENSSL_NO_DH */
2007 * We test what happens with an empty template. For the sake of this test,
2008 * the template must be ignored, and we know that's the case for RSA keys
2009 * (this might arguably be a misfeature, but that's what we currently do,
2010 * even in provider code, since that's how the legacy RSA implementation
2013 static int test_keygen_with_empty_template(int n)
2015 EVP_PKEY_CTX *ctx = NULL;
2016 EVP_PKEY *pkey = NULL;
2017 EVP_PKEY *tkey = NULL;
2022 /* We do test with no template at all as well */
2023 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL)))
2027 /* Here we create an empty RSA key that serves as our template */
2028 if (!TEST_ptr(tkey = EVP_PKEY_new())
2029 || !TEST_true(EVP_PKEY_set_type(tkey, EVP_PKEY_RSA))
2030 || !TEST_ptr(ctx = EVP_PKEY_CTX_new(tkey, NULL)))
2035 if (!TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
2036 || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0))
2041 EVP_PKEY_CTX_free(ctx);
2042 EVP_PKEY_free(pkey);
2043 EVP_PKEY_free(tkey);
2048 * Test that we fail if we attempt to use an algorithm that is not available
2049 * in the current library context (unless we are using an algorithm that
2050 * should be made available via legacy codepaths).
2055 static int test_pkey_ctx_fail_without_provider(int tst)
2057 OSSL_LIB_CTX *tmpctx = OSSL_LIB_CTX_new();
2058 OSSL_PROVIDER *nullprov = NULL;
2059 EVP_PKEY_CTX *pctx = NULL;
2060 const char *keytype = NULL;
2061 int expect_null = 0;
2064 if (!TEST_ptr(tmpctx))
2067 nullprov = OSSL_PROVIDER_load(tmpctx, "null");
2068 if (!TEST_ptr(nullprov))
2072 * We check for certain algos in the null provider.
2073 * If an algo is expected to have a provider keymgmt, contructing an
2074 * EVP_PKEY_CTX is expected to fail (return NULL).
2075 * Otherwise, if it's expected to have legacy support, contructing an
2076 * EVP_PKEY_CTX is expected to succeed (return non-NULL).
2086 #ifdef OPENSSL_NO_EC
2087 TEST_info("EC disable, skipping SM2 check...");
2090 #ifdef OPENSSL_NO_SM2
2091 TEST_info("SM2 disable, skipping SM2 check...");
2096 TEST_error("No test for case %d", tst);
2100 pctx = EVP_PKEY_CTX_new_from_name(tmpctx, keytype, "");
2101 if (expect_null ? !TEST_ptr_null(pctx) : !TEST_ptr(pctx))
2104 #if defined(OPENSSL_NO_EC) || defined(OPENSSL_NO_SM2)
2110 EVP_PKEY_CTX_free(pctx);
2111 OSSL_PROVIDER_unload(nullprov);
2112 OSSL_LIB_CTX_free(tmpctx);
2116 static int test_rand_agglomeration(void)
2120 OSSL_PARAM params[3], *p = params;
2122 unsigned int step = 7;
2123 static unsigned char seed[] = "It does not matter how slowly you go "
2124 "as long as you do not stop.";
2125 unsigned char out[sizeof(seed)];
2127 if (!TEST_int_ne(sizeof(seed) % step, 0)
2128 || !TEST_ptr(rand = EVP_RAND_fetch(NULL, "TEST-RAND", NULL)))
2130 ctx = EVP_RAND_CTX_new(rand, NULL);
2131 EVP_RAND_free(rand);
2135 memset(out, 0, sizeof(out));
2136 *p++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY,
2137 seed, sizeof(seed));
2138 *p++ = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_MAX_REQUEST, &step);
2139 *p = OSSL_PARAM_construct_end();
2140 res = TEST_true(EVP_RAND_set_ctx_params(ctx, params))
2141 && TEST_true(EVP_RAND_generate(ctx, out, sizeof(out), 0, 1, NULL, 0))
2142 && TEST_mem_eq(seed, sizeof(seed), out, sizeof(out));
2143 EVP_RAND_CTX_free(ctx);
2148 * Test that we correctly return the original or "running" IV after
2149 * an encryption operation.
2150 * Run multiple times for some different relevant algorithms/modes.
2152 static int test_evp_iv(int idx)
2155 EVP_CIPHER_CTX *ctx = NULL;
2156 unsigned char key[16] = {0x4c, 0x43, 0xdb, 0xdd, 0x42, 0x73, 0x47, 0xd1,
2157 0xe5, 0x62, 0x7d, 0xcd, 0x4d, 0x76, 0x4d, 0x57};
2158 unsigned char init_iv[EVP_MAX_IV_LENGTH] =
2159 {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82,
2160 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34};
2161 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8,
2162 9, 10, 11, 12, 13, 14, 15, 16 };
2163 unsigned char ciphertext[32], oiv[16], iv[16];
2164 unsigned char *ref_iv;
2165 unsigned char cbc_state[16] = {0x10, 0x2f, 0x05, 0xcc, 0xc2, 0x55, 0x72, 0xb9,
2166 0x88, 0xe6, 0x4a, 0x17, 0x10, 0x74, 0x22, 0x5e};
2168 unsigned char ofb_state[16] = {0x76, 0xe6, 0x66, 0x61, 0xd0, 0x8a, 0xe4, 0x64,
2169 0xdd, 0x66, 0xbf, 0x00, 0xf0, 0xe3, 0x6f, 0xfd};
2170 unsigned char gcm_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
2171 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
2172 unsigned char ccm_state[7] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98};
2173 #ifndef OPENSSL_NO_OCB
2174 unsigned char ocb_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
2175 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
2177 int len = sizeof(ciphertext);
2178 size_t ivlen, ref_len;
2179 const EVP_CIPHER *type = NULL;
2183 type = EVP_aes_128_cbc();
2186 type = (type != NULL) ? type :
2187 EVP_CIPHER_fetch(testctx, "aes-128-cbc", NULL);
2189 ref_len = sizeof(cbc_state);
2192 type = EVP_aes_128_ofb();
2195 type = (type != NULL) ? type :
2196 EVP_CIPHER_fetch(testctx, "aes-128-ofb", NULL);
2198 ref_len = sizeof(ofb_state);
2201 type = EVP_aes_128_gcm();
2204 type = (type != NULL) ? type :
2205 EVP_CIPHER_fetch(testctx, "aes-128-gcm", NULL);
2207 ref_len = sizeof(gcm_state);
2210 type = EVP_aes_128_ccm();
2213 type = (type != NULL) ? type :
2214 EVP_CIPHER_fetch(testctx, "aes-128-ccm", NULL);
2216 ref_len = sizeof(ccm_state);
2218 #ifdef OPENSSL_NO_OCB
2224 type = EVP_aes_128_ocb();
2227 type = (type != NULL) ? type :
2228 EVP_CIPHER_fetch(testctx, "aes-128-ocb", NULL);
2230 ref_len = sizeof(ocb_state);
2238 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new()))
2239 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv))
2240 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg,
2242 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv)))
2243 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))
2244 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len)))
2246 ivlen = EVP_CIPHER_CTX_iv_length(ctx);
2247 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen)
2248 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen))
2253 EVP_CIPHER_CTX_free(ctx);
2255 EVP_CIPHER_free((EVP_CIPHER *)type);
2259 int setup_tests(void)
2261 testctx = OSSL_LIB_CTX_new();
2263 if (!TEST_ptr(testctx))
2266 ADD_TEST(test_EVP_set_default_properties);
2267 ADD_ALL_TESTS(test_EVP_DigestSignInit, 9);
2268 ADD_TEST(test_EVP_DigestVerifyInit);
2269 ADD_TEST(test_EVP_Digest);
2270 ADD_TEST(test_EVP_Enveloped);
2271 ADD_ALL_TESTS(test_d2i_AutoPrivateKey, OSSL_NELEM(keydata));
2272 ADD_TEST(test_privatekey_to_pkcs8);
2273 #ifndef OPENSSL_NO_EC
2274 ADD_TEST(test_EVP_PKCS82PKEY);
2276 #ifndef OPENSSL_NO_EC
2277 ADD_ALL_TESTS(test_EC_keygen_with_enc, OSSL_NELEM(ec_encodings));
2279 #if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
2280 ADD_TEST(test_EVP_SM2);
2281 ADD_TEST(test_EVP_SM2_verify);
2283 ADD_ALL_TESTS(test_set_get_raw_keys, OSSL_NELEM(keys));
2284 #ifndef OPENSSL_NO_DEPRECATED_3_0
2285 custom_pmeth = EVP_PKEY_meth_new(0xdefaced, 0);
2286 if (!TEST_ptr(custom_pmeth))
2288 EVP_PKEY_meth_set_check(custom_pmeth, pkey_custom_check);
2289 EVP_PKEY_meth_set_public_check(custom_pmeth, pkey_custom_pub_check);
2290 EVP_PKEY_meth_set_param_check(custom_pmeth, pkey_custom_param_check);
2291 if (!TEST_int_eq(EVP_PKEY_meth_add0(custom_pmeth), 1))
2294 ADD_ALL_TESTS(test_EVP_PKEY_check, OSSL_NELEM(keycheckdata));
2295 #ifndef OPENSSL_NO_CMAC
2296 ADD_TEST(test_CMAC_keygen);
2298 ADD_TEST(test_HKDF);
2299 ADD_TEST(test_emptyikm_HKDF);
2300 #ifndef OPENSSL_NO_EC
2301 ADD_TEST(test_X509_PUBKEY_inplace);
2302 ADD_ALL_TESTS(test_invalide_ec_char2_pub_range_decode,
2303 OSSL_NELEM(ec_der_pub_keys));
2305 #ifndef OPENSSL_NO_DSA
2306 ADD_TEST(test_DSA_get_set_params);
2307 ADD_TEST(test_DSA_priv_pub);
2309 ADD_TEST(test_RSA_get_set_params);
2310 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
2311 ADD_TEST(test_decrypt_null_chunks);
2313 #ifndef OPENSSL_NO_DH
2314 ADD_TEST(test_DH_priv_pub);
2315 # ifndef OPENSSL_NO_DEPRECATED_3_0
2316 ADD_TEST(test_EVP_PKEY_set1_DH);
2319 ADD_ALL_TESTS(test_keygen_with_empty_template, 2);
2320 ADD_ALL_TESTS(test_pkey_ctx_fail_without_provider, 2);
2322 ADD_TEST(test_rand_agglomeration);
2323 ADD_ALL_TESTS(test_evp_iv, 10);
2328 void cleanup_tests(void)
2330 OSSL_LIB_CTX_free(testctx);