2 * Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 /* We need to use some deprecated APIs */
11 #define OPENSSL_SUPPRESS_DEPRECATED
16 #include <openssl/bio.h>
17 #include <openssl/conf.h>
18 #include <openssl/crypto.h>
19 #include <openssl/err.h>
20 #include <openssl/evp.h>
21 #include <openssl/rsa.h>
22 #include <openssl/x509.h>
23 #include <openssl/pem.h>
24 #include <openssl/kdf.h>
25 #include <openssl/provider.h>
26 #include <openssl/core_names.h>
27 #include <openssl/params.h>
28 #include <openssl/dsa.h>
29 #include <openssl/dh.h>
30 #include <openssl/aes.h>
32 #include "internal/nelem.h"
33 #include "internal/sizes.h"
34 #include "crypto/evp.h"
35 #include "../e_os.h" /* strcasecmp */
37 #ifndef OPENSSL_NO_SM2
39 * TODO(3.0) remove when provider SM2 keymgmt is implemented and
40 * EVP_PKEY_set_alias_type() works with provider-native keys.
45 static OPENSSL_CTX *testctx = NULL;
48 * kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you
49 * should never use this key anywhere but in an example.
51 static const unsigned char kExampleRSAKeyDER[] = {
52 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xf8,
53 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59,
54 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37,
55 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71,
56 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a,
57 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4,
58 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec,
59 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76,
60 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8,
61 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7,
62 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c,
63 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01,
64 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 0x6d, 0xc7,
65 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 0x32, 0x85,
66 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 0x5f, 0xee,
67 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 0x66, 0x85,
68 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 0xa4, 0x0a,
69 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 0xc2, 0x15,
70 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 0x5b, 0x83,
71 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 0x80, 0x1b,
72 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 0x99, 0x73,
73 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 0x1f, 0x99,
74 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 0xb1, 0x02,
75 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 0x40, 0x41,
76 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 0x3d, 0x59,
77 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 0xc6, 0xd9,
78 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 0x9f, 0xef,
79 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 0x46, 0x87,
80 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 0x2c, 0xdf,
81 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 0x55, 0xf5,
82 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 0xcd, 0xb5,
83 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 0xb3, 0x62,
84 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 0x9b, 0x64,
85 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 0xfa, 0xb8,
86 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 0xe8, 0xba,
87 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 0xe7, 0xfe,
88 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 0x75, 0xe7,
89 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 0x9d, 0xfe,
90 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 0xf1, 0xdb,
91 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 0x5a, 0x34,
92 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 0x84, 0x27,
93 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 0xe9, 0xc0,
94 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 0xb9, 0xba,
95 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 0x10, 0x06,
96 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 0x52, 0x2c,
97 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 0xc4, 0x1e,
98 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 0x49, 0xaf,
99 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 0xd1, 0x8a,
100 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 0x17, 0x17,
101 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 0x08, 0xf1,
102 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
106 * kExampleDSAKeyDER is a DSA private key in ASN.1, DER format. Of course, you
107 * should never use this key anywhere but in an example.
109 #ifndef OPENSSL_NO_DSA
110 static const unsigned char kExampleDSAKeyDER[] = {
111 0x30, 0x82, 0x01, 0xba, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0x9a,
112 0x05, 0x6d, 0x33, 0xcd, 0x5d, 0x78, 0xa1, 0xbb, 0xcb, 0x7d, 0x5b, 0x8d,
113 0xb4, 0xcc, 0xbf, 0x03, 0x99, 0x64, 0xde, 0x38, 0x78, 0x06, 0x15, 0x2f,
114 0x86, 0x26, 0x77, 0xf3, 0xb1, 0x85, 0x00, 0xed, 0xfc, 0x28, 0x3a, 0x42,
115 0x4d, 0xab, 0xab, 0xdf, 0xbc, 0x9c, 0x16, 0xd0, 0x22, 0x50, 0xd1, 0x38,
116 0xdd, 0x3f, 0x64, 0x05, 0x9e, 0x68, 0x7a, 0x1e, 0xf1, 0x56, 0xbf, 0x1e,
117 0x2c, 0xc5, 0x97, 0x2a, 0xfe, 0x7a, 0x22, 0xdc, 0x6c, 0x68, 0xb8, 0x2e,
118 0x06, 0xdb, 0x41, 0xca, 0x98, 0xd8, 0x54, 0xc7, 0x64, 0x48, 0x24, 0x04,
119 0x20, 0xbc, 0x59, 0xe3, 0x6b, 0xea, 0x7e, 0xfc, 0x7e, 0xc5, 0x4e, 0xd4,
120 0xd8, 0x3a, 0xed, 0xcd, 0x5d, 0x99, 0xb8, 0x5c, 0xa2, 0x8b, 0xbb, 0x0b,
121 0xac, 0xe6, 0x8e, 0x25, 0x56, 0x22, 0x3a, 0x2d, 0x3a, 0x56, 0x41, 0x14,
122 0x1f, 0x1c, 0x8f, 0x53, 0x46, 0x13, 0x85, 0x02, 0x15, 0x00, 0x98, 0x7e,
123 0x92, 0x81, 0x88, 0xc7, 0x3f, 0x70, 0x49, 0x54, 0xf6, 0x76, 0xb4, 0xa3,
124 0x9e, 0x1d, 0x45, 0x98, 0x32, 0x7f, 0x02, 0x81, 0x80, 0x69, 0x4d, 0xef,
125 0x55, 0xff, 0x4d, 0x59, 0x2c, 0x01, 0xfa, 0x6a, 0x38, 0xe0, 0x70, 0x9f,
126 0x9e, 0x66, 0x8e, 0x3e, 0x8c, 0x52, 0x22, 0x9d, 0x15, 0x7e, 0x3c, 0xef,
127 0x4c, 0x7a, 0x61, 0x26, 0xe0, 0x2b, 0x81, 0x3f, 0xeb, 0xaf, 0x35, 0x38,
128 0x8d, 0xfe, 0xed, 0x46, 0xff, 0x5f, 0x03, 0x9b, 0x81, 0x92, 0xe7, 0x6f,
129 0x76, 0x4f, 0x1d, 0xd9, 0xbb, 0x89, 0xc9, 0x3e, 0xd9, 0x0b, 0xf9, 0xf4,
130 0x78, 0x11, 0x59, 0xc0, 0x1d, 0xcd, 0x0e, 0xa1, 0x6f, 0x15, 0xf1, 0x4d,
131 0xc1, 0xc9, 0x22, 0xed, 0x8d, 0xad, 0x67, 0xc5, 0x4b, 0x95, 0x93, 0x86,
132 0xa6, 0xaf, 0x8a, 0xee, 0x06, 0x89, 0x2f, 0x37, 0x7e, 0x64, 0xaa, 0xf6,
133 0xe7, 0xb1, 0x5a, 0x0a, 0x93, 0x95, 0x5d, 0x3e, 0x53, 0x9a, 0xde, 0x8a,
134 0xc2, 0x95, 0x45, 0x81, 0xbe, 0x5c, 0x2f, 0xc2, 0xb2, 0x92, 0x58, 0x19,
135 0x72, 0x80, 0xe9, 0x79, 0xa1, 0x02, 0x81, 0x80, 0x07, 0xd7, 0x62, 0xff,
136 0xdf, 0x1a, 0x3f, 0xed, 0x32, 0xd4, 0xd4, 0x88, 0x7b, 0x2c, 0x63, 0x7f,
137 0x97, 0xdc, 0x44, 0xd4, 0x84, 0xa2, 0xdd, 0x17, 0x16, 0x85, 0x13, 0xe0,
138 0xac, 0x51, 0x8d, 0x29, 0x1b, 0x75, 0x9a, 0xe4, 0xe3, 0x8a, 0x92, 0x69,
139 0x09, 0x03, 0xc5, 0x68, 0xae, 0x5e, 0x94, 0xfe, 0xc9, 0x92, 0x6c, 0x07,
140 0xb4, 0x1e, 0x64, 0x62, 0x87, 0xc6, 0xa4, 0xfd, 0x0d, 0x5f, 0xe5, 0xf9,
141 0x1b, 0x4f, 0x85, 0x5f, 0xae, 0xf3, 0x11, 0xe5, 0x18, 0xd4, 0x4d, 0x79,
142 0x9f, 0xc4, 0x79, 0x26, 0x04, 0x27, 0xf0, 0x0b, 0xee, 0x2b, 0x86, 0x9f,
143 0x86, 0x61, 0xe6, 0x51, 0xce, 0x04, 0x9b, 0x5d, 0x6b, 0x34, 0x43, 0x8c,
144 0x85, 0x3c, 0xf1, 0x51, 0x9b, 0x08, 0x23, 0x1b, 0xf5, 0x7e, 0x33, 0x12,
145 0xea, 0xab, 0x1f, 0xb7, 0x2d, 0xe2, 0x5f, 0xe6, 0x97, 0x99, 0xb5, 0x45,
146 0x16, 0x5b, 0xc3, 0x41, 0x02, 0x14, 0x61, 0xbf, 0x51, 0x60, 0xcf, 0xc8,
147 0xf1, 0x8c, 0x82, 0x97, 0xf2, 0xf4, 0x19, 0xba, 0x2b, 0xf3, 0x16, 0xbe,
153 * kExampleBadRSAKeyDER is an RSA private key in ASN.1, DER format. The private
154 * components are not correct.
156 static const unsigned char kExampleBadRSAKeyDER[] = {
157 0x30, 0x82, 0x04, 0x27, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00,
158 0xa6, 0x1a, 0x1e, 0x6e, 0x7b, 0xee, 0xc6, 0x89, 0x66, 0xe7, 0x93, 0xef,
159 0x54, 0x12, 0x68, 0xea, 0xbf, 0x86, 0x2f, 0xdd, 0xd2, 0x79, 0xb8, 0xa9,
160 0x6e, 0x03, 0xc2, 0xa3, 0xb9, 0xa3, 0xe1, 0x4b, 0x2a, 0xb3, 0xf8, 0xb4,
161 0xcd, 0xea, 0xbe, 0x24, 0xa6, 0x57, 0x5b, 0x83, 0x1f, 0x0f, 0xf2, 0xd3,
162 0xb7, 0xac, 0x7e, 0xd6, 0x8e, 0x6e, 0x1e, 0xbf, 0xb8, 0x73, 0x8c, 0x05,
163 0x56, 0xe6, 0x35, 0x1f, 0xe9, 0x04, 0x0b, 0x09, 0x86, 0x7d, 0xf1, 0x26,
164 0x08, 0x99, 0xad, 0x7b, 0xc8, 0x4d, 0x94, 0xb0, 0x0b, 0x8b, 0x38, 0xa0,
165 0x5c, 0x62, 0xa0, 0xab, 0xd3, 0x8f, 0xd4, 0x09, 0x60, 0x72, 0x1e, 0x33,
166 0x50, 0x80, 0x6e, 0x22, 0xa6, 0x77, 0x57, 0x6b, 0x9a, 0x33, 0x21, 0x66,
167 0x87, 0x6e, 0x21, 0x7b, 0xc7, 0x24, 0x0e, 0xd8, 0x13, 0xdf, 0x83, 0xde,
168 0xcd, 0x40, 0x58, 0x1d, 0x84, 0x86, 0xeb, 0xb8, 0x12, 0x4e, 0xd2, 0xfa,
169 0x80, 0x1f, 0xe4, 0xe7, 0x96, 0x29, 0xb8, 0xcc, 0xce, 0x66, 0x6d, 0x53,
170 0xca, 0xb9, 0x5a, 0xd7, 0xf6, 0x84, 0x6c, 0x2d, 0x9a, 0x1a, 0x14, 0x1c,
171 0x4e, 0x93, 0x39, 0xba, 0x74, 0xed, 0xed, 0x87, 0x87, 0x5e, 0x48, 0x75,
172 0x36, 0xf0, 0xbc, 0x34, 0xfb, 0x29, 0xf9, 0x9f, 0x96, 0x5b, 0x0b, 0xa7,
173 0x54, 0x30, 0x51, 0x29, 0x18, 0x5b, 0x7d, 0xac, 0x0f, 0xd6, 0x5f, 0x7c,
174 0xf8, 0x98, 0x8c, 0xd8, 0x86, 0x62, 0xb3, 0xdc, 0xff, 0x0f, 0xff, 0x7a,
175 0xaf, 0x5c, 0x4c, 0x61, 0x49, 0x2e, 0xc8, 0x95, 0x86, 0xc4, 0x0e, 0x87,
176 0xfc, 0x1d, 0xcf, 0x8b, 0x7c, 0x61, 0xf6, 0xd8, 0xd0, 0x69, 0xf6, 0xcd,
177 0x8a, 0x8c, 0xf6, 0x62, 0xa2, 0x56, 0xa9, 0xe3, 0xd1, 0xcf, 0x4d, 0xa0,
178 0xf6, 0x2d, 0x20, 0x0a, 0x04, 0xb7, 0xa2, 0xf7, 0xb5, 0x99, 0x47, 0x18,
179 0x56, 0x85, 0x87, 0xc7, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01,
180 0x01, 0x00, 0x99, 0x41, 0x38, 0x1a, 0xd0, 0x96, 0x7a, 0xf0, 0x83, 0xd5,
181 0xdf, 0x94, 0xce, 0x89, 0x3d, 0xec, 0x7a, 0x52, 0x21, 0x10, 0x16, 0x06,
182 0xe0, 0xee, 0xd2, 0xe6, 0xfd, 0x4b, 0x7b, 0x19, 0x4d, 0xe1, 0xc0, 0xc0,
183 0xd5, 0x14, 0x5d, 0x79, 0xdd, 0x7e, 0x8b, 0x4b, 0xc6, 0xcf, 0xb0, 0x75,
184 0x52, 0xa3, 0x2d, 0xb1, 0x26, 0x46, 0x68, 0x9c, 0x0a, 0x1a, 0xf2, 0xe1,
185 0x09, 0xac, 0x53, 0x85, 0x8c, 0x36, 0xa9, 0x14, 0x65, 0xea, 0xa0, 0x00,
186 0xcb, 0xe3, 0x3f, 0xc4, 0x2b, 0x61, 0x2e, 0x6b, 0x06, 0x69, 0x77, 0xfd,
187 0x38, 0x7e, 0x1d, 0x3f, 0x92, 0xe7, 0x77, 0x08, 0x19, 0xa7, 0x9d, 0x29,
188 0x2d, 0xdc, 0x42, 0xc6, 0x7c, 0xd7, 0xd3, 0xa8, 0x01, 0x2c, 0xf2, 0xd5,
189 0x82, 0x57, 0xcb, 0x55, 0x3d, 0xe7, 0xaa, 0xd2, 0x06, 0x30, 0x30, 0x05,
190 0xe6, 0xf2, 0x47, 0x86, 0xba, 0xc6, 0x61, 0x64, 0xeb, 0x4f, 0x2a, 0x5e,
191 0x07, 0x29, 0xe0, 0x96, 0xb2, 0x43, 0xff, 0x5f, 0x1a, 0x54, 0x16, 0xcf,
192 0xb5, 0x56, 0x5c, 0xa0, 0x9b, 0x0c, 0xfd, 0xb3, 0xd2, 0xe3, 0x79, 0x1d,
193 0x21, 0xe2, 0xd6, 0x13, 0xc4, 0x74, 0xa6, 0xf5, 0x8e, 0x8e, 0x81, 0xbb,
194 0xb4, 0xad, 0x8a, 0xf0, 0x93, 0x0a, 0xd8, 0x0a, 0x42, 0x36, 0xbc, 0xe5,
195 0x26, 0x2a, 0x0d, 0x5d, 0x57, 0x13, 0xc5, 0x4e, 0x2f, 0x12, 0x0e, 0xef,
196 0xa7, 0x81, 0x1e, 0xc3, 0xa5, 0xdb, 0xc9, 0x24, 0xeb, 0x1a, 0xa1, 0xf9,
197 0xf6, 0xa1, 0x78, 0x98, 0x93, 0x77, 0x42, 0x45, 0x03, 0xe2, 0xc9, 0xa2,
198 0xfe, 0x2d, 0x77, 0xc8, 0xc6, 0xac, 0x9b, 0x98, 0x89, 0x6d, 0x9a, 0xe7,
199 0x61, 0x63, 0xb7, 0xf2, 0xec, 0xd6, 0xb1, 0xa1, 0x6e, 0x0a, 0x1a, 0xff,
200 0xfd, 0x43, 0x28, 0xc3, 0x0c, 0xdc, 0xf2, 0x47, 0x4f, 0x27, 0xaa, 0x99,
201 0x04, 0x8e, 0xac, 0xe8, 0x7c, 0x01, 0x02, 0x04, 0x12, 0x34, 0x56, 0x78,
202 0x02, 0x81, 0x81, 0x00, 0xca, 0x69, 0xe5, 0xbb, 0x3a, 0x90, 0x82, 0xcb,
203 0x82, 0x50, 0x2f, 0x29, 0xe2, 0x76, 0x6a, 0x57, 0x55, 0x45, 0x4e, 0x35,
204 0x18, 0x61, 0xe0, 0x12, 0x70, 0xc0, 0xab, 0xc7, 0x80, 0xa2, 0xd4, 0x46,
205 0x34, 0x03, 0xa0, 0x19, 0x26, 0x23, 0x9e, 0xef, 0x1a, 0xcb, 0x75, 0xd6,
206 0xba, 0x81, 0xf4, 0x7e, 0x52, 0xe5, 0x2a, 0xe8, 0xf1, 0x49, 0x6c, 0x0f,
207 0x1a, 0xa0, 0xf9, 0xc6, 0xe7, 0xec, 0x60, 0xe4, 0xcb, 0x2a, 0xb5, 0x56,
208 0xe9, 0x9c, 0xcd, 0x19, 0x75, 0x92, 0xb1, 0x66, 0xce, 0xc3, 0xd9, 0x3d,
209 0x11, 0xcb, 0xc4, 0x09, 0xce, 0x1e, 0x30, 0xba, 0x2f, 0x60, 0x60, 0x55,
210 0x8d, 0x02, 0xdc, 0x5d, 0xaf, 0xf7, 0x52, 0x31, 0x17, 0x07, 0x53, 0x20,
211 0x33, 0xad, 0x8c, 0xd5, 0x2f, 0x5a, 0xd0, 0x57, 0xd7, 0xd1, 0x80, 0xd6,
212 0x3a, 0x9b, 0x04, 0x4f, 0x35, 0xbf, 0xe7, 0xd5, 0xbc, 0x8f, 0xd4, 0x81,
213 0x02, 0x81, 0x81, 0x00, 0xc0, 0x9f, 0xf8, 0xcd, 0xf7, 0x3f, 0x26, 0x8a,
214 0x3d, 0x4d, 0x2b, 0x0c, 0x01, 0xd0, 0xa2, 0xb4, 0x18, 0xfe, 0xf7, 0x5e,
215 0x2f, 0x06, 0x13, 0xcd, 0x63, 0xaa, 0x12, 0xa9, 0x24, 0x86, 0xe3, 0xf3,
216 0x7b, 0xda, 0x1a, 0x3c, 0xb1, 0x38, 0x80, 0x80, 0xef, 0x64, 0x64, 0xa1,
217 0x9b, 0xfe, 0x76, 0x63, 0x8e, 0x83, 0xd2, 0xd9, 0xb9, 0x86, 0xb0, 0xe6,
218 0xa6, 0x0c, 0x7e, 0xa8, 0x84, 0x90, 0x98, 0x0c, 0x1e, 0xf3, 0x14, 0x77,
219 0xe0, 0x5f, 0x81, 0x08, 0x11, 0x8f, 0xa6, 0x23, 0xc4, 0xba, 0xc0, 0x8a,
220 0xe4, 0xc6, 0xe3, 0x5c, 0xbe, 0xc5, 0xec, 0x2c, 0xb9, 0xd8, 0x8c, 0x4d,
221 0x1a, 0x9d, 0xe7, 0x7c, 0x85, 0x4c, 0x0d, 0x71, 0x4e, 0x72, 0x33, 0x1b,
222 0xfe, 0xa9, 0x17, 0x72, 0x76, 0x56, 0x9d, 0x74, 0x7e, 0x52, 0x67, 0x9a,
223 0x87, 0x9a, 0xdb, 0x30, 0xde, 0xe4, 0x49, 0x28, 0x3b, 0xd2, 0x67, 0xaf,
224 0x02, 0x81, 0x81, 0x00, 0x89, 0x74, 0x9a, 0x8e, 0xa7, 0xb9, 0xa5, 0x28,
225 0xc0, 0x68, 0xe5, 0x6e, 0x63, 0x1c, 0x99, 0x20, 0x8f, 0x86, 0x8e, 0x12,
226 0x9e, 0x69, 0x30, 0xfa, 0x34, 0xd9, 0x92, 0x8d, 0xdb, 0x7c, 0x37, 0xfd,
227 0x28, 0xab, 0x61, 0x98, 0x52, 0x7f, 0x14, 0x1a, 0x39, 0xae, 0xfb, 0x6a,
228 0x03, 0xa3, 0xe6, 0xbd, 0xb6, 0x5b, 0x6b, 0xe5, 0x5e, 0x9d, 0xc6, 0xa5,
229 0x07, 0x27, 0x54, 0x17, 0xd0, 0x3d, 0x84, 0x9b, 0x3a, 0xa0, 0xd9, 0x1e,
230 0x99, 0x6c, 0x63, 0x17, 0xab, 0xf1, 0x1f, 0x49, 0xba, 0x95, 0xe3, 0x3b,
231 0x86, 0x8f, 0x42, 0xa4, 0x89, 0xf5, 0x94, 0x8f, 0x8b, 0x46, 0xbe, 0x84,
232 0xba, 0x4a, 0xbc, 0x0d, 0x5f, 0x46, 0xeb, 0xe8, 0xec, 0x43, 0x8c, 0x1e,
233 0xad, 0x19, 0x69, 0x2f, 0x08, 0x86, 0x7a, 0x3f, 0x7d, 0x0f, 0x07, 0x97,
234 0xf3, 0x9a, 0x7b, 0xb5, 0xb2, 0xc1, 0x8c, 0x95, 0x68, 0x04, 0xa0, 0x81,
235 0x02, 0x81, 0x80, 0x4e, 0xbf, 0x7e, 0x1b, 0xcb, 0x13, 0x61, 0x75, 0x3b,
236 0xdb, 0x59, 0x5f, 0xb1, 0xd4, 0xb8, 0xeb, 0x9e, 0x73, 0xb5, 0xe7, 0xf6,
237 0x89, 0x3d, 0x1c, 0xda, 0xf0, 0x36, 0xff, 0x35, 0xbd, 0x1e, 0x0b, 0x74,
238 0xe3, 0x9e, 0xf0, 0xf2, 0xf7, 0xd7, 0x82, 0xb7, 0x7b, 0x6a, 0x1b, 0x0e,
239 0x30, 0x4a, 0x98, 0x0e, 0xb4, 0xf9, 0x81, 0x07, 0xe4, 0x75, 0x39, 0xe9,
240 0x53, 0xca, 0xbb, 0x5c, 0xaa, 0x93, 0x07, 0x0e, 0xa8, 0x2f, 0xba, 0x98,
241 0x49, 0x30, 0xa7, 0xcc, 0x1a, 0x3c, 0x68, 0x0c, 0xe1, 0xa4, 0xb1, 0x05,
242 0xe6, 0xe0, 0x25, 0x78, 0x58, 0x14, 0x37, 0xf5, 0x1f, 0xe3, 0x22, 0xef,
243 0xa8, 0x0e, 0x22, 0xa0, 0x94, 0x3a, 0xf6, 0xc9, 0x13, 0xe6, 0x06, 0xbf,
244 0x7f, 0x99, 0xc6, 0xcc, 0xd8, 0xc6, 0xbe, 0xd9, 0x2e, 0x24, 0xc7, 0x69,
245 0x8c, 0x95, 0xba, 0xf6, 0x04, 0xb3, 0x0a, 0xf4, 0xcb, 0xf0, 0xce,
248 static const unsigned char kMsg[] = { 1, 2, 3, 4 };
250 static const unsigned char kSignature[] = {
251 0xa5, 0xf0, 0x8a, 0x47, 0x5d, 0x3c, 0xb3, 0xcc, 0xa9, 0x79, 0xaf, 0x4d,
252 0x8c, 0xae, 0x4c, 0x14, 0xef, 0xc2, 0x0b, 0x34, 0x36, 0xde, 0xf4, 0x3e,
253 0x3d, 0xbb, 0x4a, 0x60, 0x5c, 0xc8, 0x91, 0x28, 0xda, 0xfb, 0x7e, 0x04,
254 0x96, 0x7e, 0x63, 0x13, 0x90, 0xce, 0xb9, 0xb4, 0x62, 0x7a, 0xfd, 0x09,
255 0x3d, 0xc7, 0x67, 0x78, 0x54, 0x04, 0xeb, 0x52, 0x62, 0x6e, 0x24, 0x67,
256 0xb4, 0x40, 0xfc, 0x57, 0x62, 0xc6, 0xf1, 0x67, 0xc1, 0x97, 0x8f, 0x6a,
257 0xa8, 0xae, 0x44, 0x46, 0x5e, 0xab, 0x67, 0x17, 0x53, 0x19, 0x3a, 0xda,
258 0x5a, 0xc8, 0x16, 0x3e, 0x86, 0xd5, 0xc5, 0x71, 0x2f, 0xfc, 0x23, 0x48,
259 0xd9, 0x0b, 0x13, 0xdd, 0x7b, 0x5a, 0x25, 0x79, 0xef, 0xa5, 0x7b, 0x04,
260 0xed, 0x44, 0xf6, 0x18, 0x55, 0xe4, 0x0a, 0xe9, 0x57, 0x79, 0x5d, 0xd7,
261 0x55, 0xa7, 0xab, 0x45, 0x02, 0x97, 0x60, 0x42,
265 * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS #8
268 static const unsigned char kExampleRSAKeyPKCS8[] = {
269 0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
270 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
271 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
272 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5,
273 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e,
274 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34,
275 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde,
276 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8,
277 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b,
278 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83,
279 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48,
280 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a,
281 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2,
282 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01,
283 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a,
284 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5,
285 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6,
286 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8,
287 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6,
288 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f,
289 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c,
290 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78,
291 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71,
292 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60,
293 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d,
294 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3,
295 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d,
296 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18,
297 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d,
298 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32,
299 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc,
300 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63,
301 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05,
302 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16,
303 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3,
304 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85,
305 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97,
306 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7,
307 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99,
308 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4,
309 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d,
310 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40,
311 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26,
312 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1,
313 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c,
314 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30,
315 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea,
316 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b,
317 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e,
318 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9,
319 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae,
320 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d,
321 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
324 #ifndef OPENSSL_NO_EC
326 * kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey
329 static const unsigned char kExampleECKeyDER[] = {
330 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x07, 0x0f, 0x08, 0x72, 0x7a,
331 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 0x4d, 0x89, 0x68, 0x77, 0x08,
332 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 0xe8, 0xd1, 0xc9, 0xce, 0x0a,
333 0x8b, 0xb4, 0x6a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
334 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69,
335 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c,
336 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9,
337 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18,
338 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16,
339 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22,
344 * kExampleBadECKeyDER is a sample EC private key encoded as an ECPrivateKey
345 * structure. The private key is equal to the order and will fail to import
347 static const unsigned char kExampleBadECKeyDER[] = {
348 0x30, 0x66, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48,
349 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03,
350 0x01, 0x07, 0x04, 0x4C, 0x30, 0x4A, 0x02, 0x01, 0x01, 0x04, 0x20, 0xFF,
351 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
352 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3,
353 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51, 0xA1, 0x23, 0x03, 0x21, 0x00,
354 0x00, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
355 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84,
356 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51
360 static const unsigned char kExampleECPubKeyDER[] = {
361 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
362 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
363 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
364 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
365 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
366 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
367 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
368 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
372 * kExampleBadECPubKeyDER is a sample EC public key with a wrong OID
373 * 1.2.840.10045.2.2 instead of 1.2.840.10045.2.1 - EC Public Key
375 static const unsigned char kExampleBadECPubKeyDER[] = {
376 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
377 0x02, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
378 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
379 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
380 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
381 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
382 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
383 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
386 static const unsigned char pExampleECParamDER[] = {
387 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07
391 typedef struct APK_DATA_st {
392 const unsigned char *kder;
398 int type; /* 0 for private, 1 for public, 2 for params */
401 static APK_DATA keydata[] = {
402 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), EVP_PKEY_RSA},
403 {kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), EVP_PKEY_RSA},
404 #ifndef OPENSSL_NO_EC
405 {kExampleECKeyDER, sizeof(kExampleECKeyDER), EVP_PKEY_EC}
409 static APK_DATA keycheckdata[] = {
410 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), EVP_PKEY_RSA, 1, -2, -2, 0},
411 {kExampleBadRSAKeyDER, sizeof(kExampleBadRSAKeyDER), EVP_PKEY_RSA,
413 #ifndef OPENSSL_NO_EC
414 {kExampleECKeyDER, sizeof(kExampleECKeyDER), EVP_PKEY_EC, 1, 1, 1, 0},
415 /* group is also associated in our pub key */
416 {kExampleECPubKeyDER, sizeof(kExampleECPubKeyDER), EVP_PKEY_EC, 0, 1, 1, 1},
417 {pExampleECParamDER, sizeof(pExampleECParamDER), EVP_PKEY_EC, 0, 0, 1, 2}
421 static EVP_PKEY *load_example_rsa_key(void)
423 EVP_PKEY *ret = NULL;
424 const unsigned char *derp = kExampleRSAKeyDER;
425 EVP_PKEY *pkey = NULL;
428 if (!TEST_true(d2i_RSAPrivateKey(&rsa, &derp, sizeof(kExampleRSAKeyDER))))
431 if (!TEST_ptr(pkey = EVP_PKEY_new())
432 || !TEST_true(EVP_PKEY_set1_RSA(pkey, rsa)))
445 #ifndef OPENSSL_NO_DSA
446 static EVP_PKEY *load_example_dsa_key(void)
448 EVP_PKEY *ret = NULL;
449 const unsigned char *derp = kExampleDSAKeyDER;
450 EVP_PKEY *pkey = NULL;
453 if (!TEST_true(d2i_DSAPrivateKey(&dsa, &derp, sizeof(kExampleDSAKeyDER))))
456 if (!TEST_ptr(pkey = EVP_PKEY_new())
457 || !TEST_true(EVP_PKEY_set1_DSA(pkey, dsa)))
471 static EVP_PKEY *load_example_hmac_key(void)
473 EVP_PKEY *pkey = NULL;
474 unsigned char key[] = {
475 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
476 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
477 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
480 pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, NULL, key, sizeof(key));
487 static int test_EVP_set_default_properties(void)
493 if (!TEST_ptr(ctx = OPENSSL_CTX_new())
494 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
499 if (!TEST_true(EVP_set_default_properties(ctx, "provider=fizzbang"))
500 || !TEST_ptr_null(md = EVP_MD_fetch(ctx, "sha256", NULL))
501 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", "-provider")))
506 if (!TEST_true(EVP_set_default_properties(ctx, NULL))
507 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
512 OPENSSL_CTX_free(ctx);
516 static int test_EVP_Enveloped(void)
519 EVP_CIPHER_CTX *ctx = NULL;
520 EVP_PKEY *keypair = NULL;
521 unsigned char *kek = NULL;
522 unsigned char iv[EVP_MAX_IV_LENGTH];
523 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8 };
524 int len, kek_len, ciphertext_len, plaintext_len;
525 unsigned char ciphertext[32], plaintext[16];
526 const EVP_CIPHER *type = EVP_aes_256_cbc();
528 if (!TEST_ptr(keypair = load_example_rsa_key())
529 || !TEST_ptr(kek = OPENSSL_zalloc(EVP_PKEY_size(keypair)))
530 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
531 || !TEST_true(EVP_SealInit(ctx, type, &kek, &kek_len, iv,
533 || !TEST_true(EVP_SealUpdate(ctx, ciphertext, &ciphertext_len,
535 || !TEST_true(EVP_SealFinal(ctx, ciphertext + ciphertext_len,
539 ciphertext_len += len;
541 if (!TEST_true(EVP_OpenInit(ctx, type, kek, kek_len, iv, keypair))
542 || !TEST_true(EVP_OpenUpdate(ctx, plaintext, &plaintext_len,
543 ciphertext, ciphertext_len))
544 || !TEST_true(EVP_OpenFinal(ctx, plaintext + plaintext_len, &len)))
547 plaintext_len += len;
548 if (!TEST_mem_eq(msg, sizeof(msg), plaintext, plaintext_len))
554 EVP_PKEY_free(keypair);
555 EVP_CIPHER_CTX_free(ctx);
560 * Test 0: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, RSA)
561 * Test 1: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, DSA)
562 * Test 2: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, HMAC)
563 * Test 3: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, RSA)
564 * Test 4: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, DSA)
565 * Test 5: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch diegst, HMAC)
566 * Test 6: Use an MD BIO to do the Update calls instead (RSA)
567 * Test 7: Use an MD BIO to do the Update calls instead (DSA)
568 * Test 8: Use an MD BIO to do the Update calls instead (HMAC)
570 static int test_EVP_DigestSignInit(int tst)
573 EVP_PKEY *pkey = NULL;
574 unsigned char *sig = NULL;
576 EVP_MD_CTX *md_ctx = NULL, *md_ctx_verify = NULL;
577 EVP_MD_CTX *a_md_ctx = NULL, *a_md_ctx_verify = NULL;
578 BIO *mdbio = NULL, *membio = NULL;
581 EVP_MD *mdexp = NULL;
584 membio = BIO_new(BIO_s_mem());
585 mdbio = BIO_new(BIO_f_md());
586 if (!TEST_ptr(membio) || !TEST_ptr(mdbio))
588 BIO_push(mdbio, membio);
589 if (!TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx), 0))
592 if (!TEST_ptr(a_md_ctx = md_ctx = EVP_MD_CTX_new())
593 || !TEST_ptr(a_md_ctx_verify = md_ctx_verify = EVP_MD_CTX_new()))
597 if (tst == 0 || tst == 3 || tst == 6) {
598 if (!TEST_ptr(pkey = load_example_rsa_key()))
600 } else if (tst == 1 || tst == 4 || tst == 7) {
601 #ifndef OPENSSL_NO_DSA
602 if (!TEST_ptr(pkey = load_example_dsa_key()))
609 if (!TEST_ptr(pkey = load_example_hmac_key()))
613 if (tst >= 3 && tst <= 5)
614 md = mdexp = EVP_MD_fetch(NULL, "SHA256", NULL);
618 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, md, NULL, pkey)))
622 if (!BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written))
625 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
629 /* Determine the size of the signature. */
630 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len))
631 || !TEST_ptr(sig = OPENSSL_malloc(sig_len))
632 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
636 if (!TEST_int_gt(BIO_reset(mdbio), 0)
637 || !TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx_verify), 0))
642 * Ensure that the signature round-trips (Verification isn't supported for
643 * HMAC via EVP_DigestVerify*)
645 if (tst != 2 && tst != 5 && tst != 8) {
646 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, md,
651 if (!TEST_true(BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written)))
654 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg,
658 if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)))
667 EVP_MD_CTX_free(a_md_ctx);
668 EVP_MD_CTX_free(a_md_ctx_verify);
676 static int test_EVP_DigestVerifyInit(void)
679 EVP_PKEY *pkey = NULL;
680 EVP_MD_CTX *md_ctx = NULL;
682 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new())
683 || !TEST_ptr(pkey = load_example_rsa_key()))
686 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, EVP_sha256(), NULL, pkey))
687 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)))
688 || !TEST_true(EVP_DigestVerifyFinal(md_ctx, kSignature,
689 sizeof(kSignature))))
694 EVP_MD_CTX_free(md_ctx);
699 static int test_d2i_AutoPrivateKey(int i)
702 const unsigned char *p;
703 EVP_PKEY *pkey = NULL;
704 const APK_DATA *ak = &keydata[i];
705 const unsigned char *input = ak->kder;
706 size_t input_len = ak->size;
707 int expected_id = ak->evptype;
710 if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len))
711 || !TEST_ptr_eq(p, input + input_len)
712 || !TEST_int_eq(EVP_PKEY_id(pkey), expected_id))
722 #ifndef OPENSSL_NO_EC
724 static const unsigned char ec_public_sect163k1_validxy[] = {
725 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
726 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
727 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
728 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x02, 0xd1, 0x7b,
729 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
730 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
733 static const unsigned char ec_public_sect163k1_badx[] = {
734 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
735 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
736 0x0a, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
737 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0xb0, 0x02, 0xd1, 0x7b,
738 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
739 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
742 static const unsigned char ec_public_sect163k1_bady[] = {
743 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
744 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
745 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
746 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x0a, 0xd1, 0x7b,
747 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
748 0x6a, 0xd8, 0x17, 0x65, 0x41, 0xe6
751 static struct ec_der_pub_keys_st {
752 const unsigned char *der;
755 } ec_der_pub_keys[] = {
756 { ec_public_sect163k1_validxy, sizeof(ec_public_sect163k1_validxy), 1 },
757 { ec_public_sect163k1_badx, sizeof(ec_public_sect163k1_badx), 0 },
758 { ec_public_sect163k1_bady, sizeof(ec_public_sect163k1_bady), 0 },
762 * Tests the range of the decoded EC char2 public point.
763 * See ec_GF2m_simple_oct2point().
765 static int test_invalide_ec_char2_pub_range_decode(int id)
769 EC_KEY *eckey = NULL;
771 if (!TEST_ptr(bio = BIO_new_mem_buf(ec_der_pub_keys[id].der,
772 ec_der_pub_keys[id].len)))
774 eckey = d2i_EC_PUBKEY_bio(bio, NULL);
775 ret = (ec_der_pub_keys[id].valid && TEST_ptr(eckey))
776 || TEST_ptr_null(eckey);
783 /* Tests loading a bad key in PKCS8 format */
784 static int test_EVP_PKCS82PKEY(void)
787 const unsigned char *derp = kExampleBadECKeyDER;
788 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
789 EVP_PKEY *pkey = NULL;
791 if (!TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &derp,
792 sizeof(kExampleBadECKeyDER))))
795 if (!TEST_ptr_eq(derp,
796 kExampleBadECKeyDER + sizeof(kExampleBadECKeyDER)))
799 if (!TEST_ptr_null(pkey = EVP_PKCS82PKEY(p8inf)))
805 PKCS8_PRIV_KEY_INFO_free(p8inf);
812 /* This uses kExampleRSAKeyDER and kExampleRSAKeyPKCS8 to verify encoding */
813 static int test_privatekey_to_pkcs8(void)
815 EVP_PKEY *pkey = NULL;
821 if (!TEST_ptr(membio = BIO_new(BIO_s_mem()))
822 || !TEST_ptr(pkey = load_example_rsa_key())
823 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL,
824 NULL, 0, NULL, NULL),
826 || !TEST_int_gt(membuf_len = BIO_get_mem_data(membio, &membuf), 0)
828 || !TEST_mem_eq(membuf, (size_t)membuf_len,
829 kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8))
831 * We try to write PEM as well, just to see that it doesn't err, but
832 * assume that the result is correct.
834 || !TEST_int_gt(PEM_write_bio_PKCS8PrivateKey(membio, pkey, NULL,
835 NULL, 0, NULL, NULL),
842 BIO_free_all(membio);
846 #ifndef OPENSSL_NO_EC
847 static const struct {
849 const char *encoding_name;
851 { OPENSSL_EC_EXPLICIT_CURVE, OSSL_PKEY_EC_ENCODING_EXPLICIT },
852 { OPENSSL_EC_NAMED_CURVE, OSSL_PKEY_EC_ENCODING_GROUP }
855 static int ec_export_get_encoding_cb(const OSSL_PARAM params[], void *arg)
858 const char *enc_name = NULL;
864 if (!TEST_ptr(p = OSSL_PARAM_locate_const(params,
865 OSSL_PKEY_PARAM_EC_ENCODING))
866 || !TEST_true(OSSL_PARAM_get_utf8_string_ptr(p, &enc_name)))
869 for (i = 0; i < OSSL_NELEM(ec_encodings); i++) {
870 if (strcasecmp(enc_name, ec_encodings[i].encoding_name) == 0) {
871 *enc = ec_encodings[i].encoding;
879 static int test_EC_keygen_with_enc(int idx)
881 EVP_PKEY *params = NULL, *key = NULL;
882 EVP_PKEY_CTX *pctx = NULL, *kctx = NULL;
886 enc = ec_encodings[idx].encoding;
888 /* Create key parameters */
889 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "EC", NULL))
890 || !TEST_true(EVP_PKEY_paramgen_init(pctx))
891 || !TEST_true(EVP_PKEY_CTX_set_group_name(pctx, "P-256"))
892 || !TEST_true(EVP_PKEY_CTX_set_ec_param_enc(pctx, enc))
893 || !TEST_true(EVP_PKEY_paramgen(pctx, ¶ms))
894 || !TEST_ptr(params))
898 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx, params, NULL))
899 || !TEST_true(EVP_PKEY_keygen_init(kctx))
900 || !TEST_true(EVP_PKEY_keygen(kctx, &key))
904 /* Check that the encoding got all the way into the key */
905 if (!TEST_true(evp_keymgmt_util_export(key, OSSL_KEYMGMT_SELECT_ALL,
906 ec_export_get_encoding_cb, &enc))
907 || !TEST_int_eq(enc, ec_encodings[idx].encoding))
913 EVP_PKEY_free(params);
914 EVP_PKEY_CTX_free(kctx);
915 EVP_PKEY_CTX_free(pctx);
920 #if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
922 static int test_EVP_SM2_verify(void)
924 /* From https://tools.ietf.org/html/draft-shen-sm2-ecdsa-02#appendix-A */
926 "-----BEGIN PUBLIC KEY-----\n"
927 "MIIBMzCB7AYHKoZIzj0CATCB4AIBATAsBgcqhkjOPQEBAiEAhULWnkwETxjouSQ1\n"
928 "v2/33kVyg5FcRVF9ci7biwjx38MwRAQgeHlotPoyw/0kF4Quc7v+/y88hItoMdfg\n"
929 "7GUiizk35JgEIGPkxtOyOwyEnPhCQUhL/kj2HVmlsWugbm4S0donxSSaBEEEQh3r\n"
930 "1hti6rZ0ZDTrw8wxXjIiCzut1QvcTE5sFH/t1D0GgFEry7QsB9RzSdIVO3DE5df9\n"
931 "/L+jbqGoWEG55G4JogIhAIVC1p5MBE8Y6LkkNb9v990pdyBjBIVijVrnTufDLnm3\n"
932 "AgEBA0IABArkx3mKoPEZRxvuEYJb5GICu3nipYRElel8BP9N8lSKfAJA+I8c1OFj\n"
933 "Uqc8F7fxbwc1PlOhdtaEqf4Ma7eY6Fc=\n"
934 "-----END PUBLIC KEY-----\n";
936 const char *msg = "message digest";
937 const char *id = "ALICE123@YAHOO.COM";
939 const uint8_t signature[] = {
940 0x30, 0x44, 0x02, 0x20,
942 0x40, 0xF1, 0xEC, 0x59, 0xF7, 0x93, 0xD9, 0xF4, 0x9E, 0x09, 0xDC,
943 0xEF, 0x49, 0x13, 0x0D, 0x41, 0x94, 0xF7, 0x9F, 0xB1, 0xEE, 0xD2,
944 0xCA, 0xA5, 0x5B, 0xAC, 0xDB, 0x49, 0xC4, 0xE7, 0x55, 0xD1,
948 0x6F, 0xC6, 0xDA, 0xC3, 0x2C, 0x5D, 0x5C, 0xF1, 0x0C, 0x77, 0xDF,
949 0xB2, 0x0F, 0x7C, 0x2E, 0xB6, 0x67, 0xA4, 0x57, 0x87, 0x2F, 0xB0,
950 0x9E, 0xC5, 0x63, 0x27, 0xA6, 0x7E, 0xC7, 0xDE, 0xEB, 0xE7
955 EVP_PKEY *pkey = NULL;
956 EVP_MD_CTX *mctx = NULL;
957 EVP_PKEY_CTX *pctx = NULL;
959 bio = BIO_new_mem_buf(pubkey, strlen(pubkey));
960 if (!TEST_true(bio != NULL))
963 pkey = PEM_read_bio_PUBKEY(bio, NULL, NULL, NULL);
964 if (!TEST_true(pkey != NULL))
968 if (!TEST_ptr(EVP_PKEY_get0(pkey)))
972 if (!TEST_true(EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2)))
975 if (!TEST_ptr(mctx = EVP_MD_CTX_new()))
978 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new(pkey, NULL)))
981 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(pctx, (const uint8_t *)id,
985 EVP_MD_CTX_set_pkey_ctx(mctx, pctx);
987 if (!TEST_true(EVP_DigestVerifyInit(mctx, NULL, EVP_sm3(), NULL, pkey)))
990 if (!TEST_true(EVP_DigestVerifyUpdate(mctx, msg, strlen(msg))))
993 if (!TEST_true(EVP_DigestVerifyFinal(mctx, signature, sizeof(signature))))
1000 EVP_PKEY_CTX_free(pctx);
1001 EVP_MD_CTX_free(mctx);
1005 static int test_EVP_SM2(void)
1008 EVP_PKEY *pkey = NULL;
1009 EVP_PKEY *params = NULL;
1010 EVP_PKEY_CTX *pctx = NULL;
1011 EVP_PKEY_CTX *kctx = NULL;
1012 EVP_PKEY_CTX *sctx = NULL;
1014 unsigned char *sig = NULL;
1015 EVP_MD_CTX *md_ctx = NULL;
1016 EVP_MD_CTX *md_ctx_verify = NULL;
1017 EVP_PKEY_CTX *cctx = NULL;
1019 uint8_t ciphertext[128];
1020 size_t ctext_len = sizeof(ciphertext);
1022 uint8_t plaintext[8];
1023 size_t ptext_len = sizeof(plaintext);
1025 uint8_t sm2_id[] = {1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r'};
1027 pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
1028 if (!TEST_ptr(pctx))
1031 if (!TEST_true(EVP_PKEY_paramgen_init(pctx) == 1))
1034 if (!TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, NID_sm2)))
1037 if (!TEST_true(EVP_PKEY_paramgen(pctx, ¶ms)))
1040 kctx = EVP_PKEY_CTX_new(params, NULL);
1041 if (!TEST_ptr(kctx))
1044 if (!TEST_true(EVP_PKEY_keygen_init(kctx)))
1047 if (!TEST_true(EVP_PKEY_keygen(kctx, &pkey)))
1050 if (!TEST_true(EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2)))
1053 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1056 if (!TEST_ptr(md_ctx_verify = EVP_MD_CTX_new()))
1059 if (!TEST_ptr(sctx = EVP_PKEY_CTX_new(pkey, NULL)))
1062 EVP_MD_CTX_set_pkey_ctx(md_ctx, sctx);
1063 EVP_MD_CTX_set_pkey_ctx(md_ctx_verify, sctx);
1065 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
1068 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, EVP_sm3(), NULL, pkey)))
1071 if(!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
1074 /* Determine the size of the signature. */
1075 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len)))
1078 if (!TEST_ptr(sig = OPENSSL_malloc(sig_len)))
1081 if (!TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
1084 /* Ensure that the signature round-trips. */
1086 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, EVP_sm3(), NULL, pkey)))
1089 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg))))
1092 if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)))
1095 /* now check encryption/decryption */
1097 if (!TEST_ptr(cctx = EVP_PKEY_CTX_new(pkey, NULL)))
1100 if (!TEST_true(EVP_PKEY_encrypt_init(cctx)))
1103 if (!TEST_true(EVP_PKEY_encrypt(cctx, ciphertext, &ctext_len, kMsg, sizeof(kMsg))))
1106 if (!TEST_true(EVP_PKEY_decrypt_init(cctx)))
1109 if (!TEST_true(EVP_PKEY_decrypt(cctx, plaintext, &ptext_len, ciphertext, ctext_len)))
1112 if (!TEST_true(ptext_len == sizeof(kMsg)))
1115 if (!TEST_true(memcmp(plaintext, kMsg, sizeof(kMsg)) == 0))
1120 EVP_PKEY_CTX_free(pctx);
1121 EVP_PKEY_CTX_free(kctx);
1122 EVP_PKEY_CTX_free(sctx);
1123 EVP_PKEY_CTX_free(cctx);
1124 EVP_PKEY_free(pkey);
1125 EVP_PKEY_free(params);
1126 EVP_MD_CTX_free(md_ctx);
1127 EVP_MD_CTX_free(md_ctx_verify);
1134 static struct keys_st {
1140 EVP_PKEY_HMAC, "0123456789", NULL
1142 EVP_PKEY_POLY1305, "01234567890123456789012345678901", NULL
1144 EVP_PKEY_SIPHASH, "0123456789012345", NULL
1146 #ifndef OPENSSL_NO_EC
1148 EVP_PKEY_X25519, "01234567890123456789012345678901",
1149 "abcdefghijklmnopqrstuvwxyzabcdef"
1151 EVP_PKEY_ED25519, "01234567890123456789012345678901",
1152 "abcdefghijklmnopqrstuvwxyzabcdef"
1155 "01234567890123456789012345678901234567890123456789012345",
1156 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd"
1159 "012345678901234567890123456789012345678901234567890123456",
1160 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcde"
1165 static int test_set_get_raw_keys_int(int tst, int pub, int uselibctx)
1168 unsigned char buf[80];
1170 size_t inlen, len = 0;
1173 /* Check if this algorithm supports public keys */
1174 if (keys[tst].pub == NULL)
1177 memset(buf, 0, sizeof(buf));
1180 inlen = strlen(keys[tst].pub);
1181 in = (unsigned char *)keys[tst].pub;
1183 pkey = EVP_PKEY_new_raw_public_key_with_libctx(
1185 OBJ_nid2sn(keys[tst].type),
1190 pkey = EVP_PKEY_new_raw_public_key(keys[tst].type,
1196 inlen = strlen(keys[tst].priv);
1197 in = (unsigned char *)keys[tst].priv;
1199 pkey = EVP_PKEY_new_raw_private_key_with_libctx(
1200 testctx, OBJ_nid2sn(keys[tst].type),
1205 pkey = EVP_PKEY_new_raw_private_key(keys[tst].type,
1213 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, NULL, &len)))
1214 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, NULL, &len)))
1215 || !TEST_true(len == inlen)
1216 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, buf, &len)))
1217 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, buf, &len)))
1218 || !TEST_mem_eq(in, inlen, buf, len))
1223 EVP_PKEY_free(pkey);
1227 static int test_set_get_raw_keys(int tst)
1229 return test_set_get_raw_keys_int(tst, 0, 0)
1230 && test_set_get_raw_keys_int(tst, 0, 1)
1231 && test_set_get_raw_keys_int(tst, 1, 0)
1232 && test_set_get_raw_keys_int(tst, 1, 1);
1235 #ifndef OPENSSL_NO_DEPRECATED_3_0
1236 static int pkey_custom_check(EVP_PKEY *pkey)
1241 static int pkey_custom_pub_check(EVP_PKEY *pkey)
1246 static int pkey_custom_param_check(EVP_PKEY *pkey)
1251 static EVP_PKEY_METHOD *custom_pmeth;
1254 static int test_EVP_PKEY_check(int i)
1257 const unsigned char *p;
1258 EVP_PKEY *pkey = NULL;
1259 #ifndef OPENSSL_NO_EC
1260 EC_KEY *eckey = NULL;
1262 EVP_PKEY_CTX *ctx = NULL;
1263 #ifndef OPENSSL_NO_DEPRECATED_3_0
1264 EVP_PKEY_CTX *ctx2 = NULL;
1266 const APK_DATA *ak = &keycheckdata[i];
1267 const unsigned char *input = ak->kder;
1268 size_t input_len = ak->size;
1269 int expected_id = ak->evptype;
1270 int expected_check = ak->check;
1271 int expected_pub_check = ak->pub_check;
1272 int expected_param_check = ak->param_check;
1273 int type = ak->type;
1280 if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len))
1281 || !TEST_ptr_eq(p, input + input_len)
1282 || !TEST_int_eq(EVP_PKEY_id(pkey), expected_id))
1285 #ifndef OPENSSL_NO_EC
1287 if (!TEST_ptr(pubkey = BIO_new_mem_buf(input, input_len))
1288 || !TEST_ptr(eckey = d2i_EC_PUBKEY_bio(pubkey, NULL))
1289 || !TEST_ptr(pkey = EVP_PKEY_new())
1290 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
1294 if (!TEST_ptr(eckey = d2i_ECParameters(NULL, &p, input_len))
1295 || !TEST_ptr_eq(p, input + input_len)
1296 || !TEST_ptr(pkey = EVP_PKEY_new())
1297 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
1305 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new(pkey, NULL)))
1308 if (!TEST_int_eq(EVP_PKEY_check(ctx), expected_check))
1311 if (!TEST_int_eq(EVP_PKEY_public_check(ctx), expected_pub_check))
1314 if (!TEST_int_eq(EVP_PKEY_param_check(ctx), expected_param_check))
1317 #ifndef OPENSSL_NO_DEPRECATED_3_0
1318 ctx2 = EVP_PKEY_CTX_new_id(0xdefaced, NULL);
1319 /* assign the pkey directly, as an internal test */
1320 EVP_PKEY_up_ref(pkey);
1323 if (!TEST_int_eq(EVP_PKEY_check(ctx2), 0xbeef))
1326 if (!TEST_int_eq(EVP_PKEY_public_check(ctx2), 0xbeef))
1329 if (!TEST_int_eq(EVP_PKEY_param_check(ctx2), 0xbeef))
1336 EVP_PKEY_CTX_free(ctx);
1337 #ifndef OPENSSL_NO_DEPRECATED_3_0
1338 EVP_PKEY_CTX_free(ctx2);
1340 EVP_PKEY_free(pkey);
1345 #ifndef OPENSSL_NO_CMAC
1346 static int get_cmac_val(EVP_PKEY *pkey, unsigned char *mac)
1348 EVP_MD_CTX *mdctx = EVP_MD_CTX_new();
1349 const char msg[] = "Hello World";
1353 if (!TEST_ptr(mdctx)
1354 || !TEST_true(EVP_DigestSignInit(mdctx, NULL, NULL, NULL, pkey))
1355 || !TEST_true(EVP_DigestSignUpdate(mdctx, msg, sizeof(msg)))
1356 || !TEST_true(EVP_DigestSignFinal(mdctx, mac, &maclen))
1357 || !TEST_size_t_eq(maclen, AES_BLOCK_SIZE))
1360 EVP_MD_CTX_free(mdctx);
1364 static int test_CMAC_keygen(void)
1366 static unsigned char key[] = {
1367 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
1368 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
1369 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
1372 * This is a legacy method for CMACs, but should still work.
1373 * This verifies that it works without an ENGINE.
1375 EVP_PKEY_CTX *kctx = EVP_PKEY_CTX_new_id(EVP_PKEY_CMAC, NULL);
1377 EVP_PKEY *pkey = NULL;
1378 unsigned char mac[AES_BLOCK_SIZE], mac2[AES_BLOCK_SIZE];
1380 /* Test a CMAC key created using the "generated" method */
1381 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0)
1382 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
1383 EVP_PKEY_CTRL_CIPHER,
1384 0, (void *)EVP_aes_256_ecb()), 0)
1385 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
1386 EVP_PKEY_CTRL_SET_MAC_KEY,
1387 sizeof(key), (void *)key), 0)
1388 || !TEST_int_gt(EVP_PKEY_keygen(kctx, &pkey), 0)
1390 || !TEST_true(get_cmac_val(pkey, mac)))
1393 EVP_PKEY_free(pkey);
1396 * Test a CMAC key using the direct method, and compare with the mac
1399 pkey = EVP_PKEY_new_CMAC_key(NULL, key, sizeof(key), EVP_aes_256_ecb());
1401 || !TEST_true(get_cmac_val(pkey, mac2))
1402 || !TEST_mem_eq(mac, sizeof(mac), mac2, sizeof(mac2)))
1408 EVP_PKEY_free(pkey);
1409 EVP_PKEY_CTX_free(kctx);
1414 static int test_HKDF(void)
1417 unsigned char out[20];
1420 unsigned char salt[] = "0123456789";
1421 unsigned char key[] = "012345678901234567890123456789";
1422 unsigned char info[] = "infostring";
1423 const unsigned char expected[] = {
1424 0xe5, 0x07, 0x70, 0x7f, 0xc6, 0x78, 0xd6, 0x54, 0x32, 0x5f, 0x7e, 0xc5,
1425 0x7b, 0x59, 0x3e, 0xd8, 0x03, 0x6b, 0xed, 0xca
1427 size_t expectedlen = sizeof(expected);
1429 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL)))
1432 /* We do this twice to test reuse of the EVP_PKEY_CTX */
1433 for (i = 0; i < 2; i++) {
1434 outlen = sizeof(out);
1435 memset(out, 0, outlen);
1437 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
1438 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
1439 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
1440 sizeof(salt) - 1), 0)
1441 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
1442 sizeof(key) - 1), 0)
1443 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
1444 sizeof(info) - 1), 0)
1445 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
1446 || !TEST_mem_eq(out, outlen, expected, expectedlen))
1453 EVP_PKEY_CTX_free(pctx);
1458 static int test_emptyikm_HKDF(void)
1461 unsigned char out[20];
1464 unsigned char salt[] = "9876543210";
1465 unsigned char key[] = "";
1466 unsigned char info[] = "stringinfo";
1467 const unsigned char expected[] = {
1468 0x68, 0x81, 0xa5, 0x3e, 0x5b, 0x9c, 0x7b, 0x6f, 0x2e, 0xec, 0xc8, 0x47,
1469 0x7c, 0xfa, 0x47, 0x35, 0x66, 0x82, 0x15, 0x30
1471 size_t expectedlen = sizeof(expected);
1473 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL)))
1476 outlen = sizeof(out);
1477 memset(out, 0, outlen);
1479 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
1480 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
1481 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
1482 sizeof(salt) - 1), 0)
1483 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
1484 sizeof(key) - 1), 0)
1485 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
1486 sizeof(info) - 1), 0)
1487 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
1488 || !TEST_mem_eq(out, outlen, expected, expectedlen))
1494 EVP_PKEY_CTX_free(pctx);
1499 #ifndef OPENSSL_NO_EC
1500 static int test_X509_PUBKEY_inplace(void)
1503 X509_PUBKEY *xp = NULL;
1504 const unsigned char *p = kExampleECPubKeyDER;
1505 size_t input_len = sizeof(kExampleECPubKeyDER);
1507 if (!TEST_ptr(xp = d2i_X509_PUBKEY(NULL, &p, input_len)))
1510 if (!TEST_ptr(X509_PUBKEY_get0(xp)))
1513 p = kExampleBadECPubKeyDER;
1514 input_len = sizeof(kExampleBadECPubKeyDER);
1516 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len)))
1519 if (!TEST_true(X509_PUBKEY_get0(xp) == NULL))
1525 X509_PUBKEY_free(xp);
1528 #endif /* OPENSSL_NO_EC */
1530 /* Test getting and setting parameters on an EVP_PKEY_CTX */
1531 static int test_EVP_PKEY_CTX_get_set_params(EVP_PKEY *pkey)
1533 EVP_MD_CTX *mdctx = NULL;
1534 EVP_PKEY_CTX *ctx = NULL;
1535 const OSSL_PARAM *params;
1536 OSSL_PARAM ourparams[2], *param = ourparams, *param_md;
1539 char mdname[OSSL_MAX_NAME_SIZE];
1542 /* Initialise a sign operation */
1543 ctx = EVP_PKEY_CTX_new(pkey, NULL);
1545 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0))
1549 * We should be able to query the parameters now.
1551 params = EVP_PKEY_CTX_settable_params(ctx);
1552 if (!TEST_ptr(params)
1553 || !TEST_ptr(OSSL_PARAM_locate_const(params,
1554 OSSL_SIGNATURE_PARAM_DIGEST)))
1557 params = EVP_PKEY_CTX_gettable_params(ctx);
1558 if (!TEST_ptr(params)
1559 || !TEST_ptr(OSSL_PARAM_locate_const(params,
1560 OSSL_SIGNATURE_PARAM_ALGORITHM_ID))
1561 || !TEST_ptr(OSSL_PARAM_locate_const(params,
1562 OSSL_SIGNATURE_PARAM_DIGEST)))
1566 * Test getting and setting params via EVP_PKEY_CTX_set_params() and
1567 * EVP_PKEY_CTX_get_params()
1569 strcpy(mdname, "SHA512");
1571 *param++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
1573 *param++ = OSSL_PARAM_construct_end();
1575 if (!TEST_true(EVP_PKEY_CTX_set_params(ctx, ourparams)))
1579 *param_md = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
1580 mdname, sizeof(mdname));
1581 if (!TEST_true(EVP_PKEY_CTX_get_params(ctx, ourparams))
1582 || !TEST_str_eq(mdname, "SHA512"))
1586 * Test the TEST_PKEY_CTX_set_signature_md() and
1587 * TEST_PKEY_CTX_get_signature_md() functions
1589 if (!TEST_int_gt(EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()), 0)
1590 || !TEST_int_gt(EVP_PKEY_CTX_get_signature_md(ctx, &md), 0)
1591 || !TEST_ptr_eq(md, EVP_sha256()))
1595 * Test getting MD parameters via an associated EVP_PKEY_CTX
1597 mdctx = EVP_MD_CTX_new();
1598 if (!TEST_ptr(mdctx)
1599 || !TEST_true(EVP_DigestSignInit_with_libctx(mdctx, NULL,
1605 * We now have an EVP_MD_CTX with an EVP_PKEY_CTX inside it. We should be
1606 * able to obtain the digest's settable parameters from the provider.
1608 params = EVP_MD_CTX_settable_params(mdctx);
1609 if (!TEST_ptr(params)
1610 || !TEST_int_eq(strcmp(params[0].key, OSSL_DIGEST_PARAM_SSL3_MS), 0)
1611 /* The final key should be NULL */
1612 || !TEST_ptr_null(params[1].key))
1616 memset(ssl3ms, 0, sizeof(ssl3ms));
1617 *param++ = OSSL_PARAM_construct_octet_string(OSSL_DIGEST_PARAM_SSL3_MS,
1618 ssl3ms, sizeof(ssl3ms));
1619 *param++ = OSSL_PARAM_construct_end();
1621 if (!TEST_true(EVP_MD_CTX_set_params(mdctx, ourparams)))
1627 EVP_MD_CTX_free(mdctx);
1628 EVP_PKEY_CTX_free(ctx);
1633 #ifndef OPENSSL_NO_DSA
1634 static int test_DSA_get_set_params(void)
1637 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
1638 EVP_PKEY *pkey = NULL;
1642 * Setup the parameters for our DSA object. For our purposes they don't
1643 * have to actually be *valid* parameters. We just need to set something.
1656 || !DSA_set0_pqg(dsa, p, q, g)
1657 || !DSA_set0_key(dsa, pub, priv))
1659 p = q = g = pub = priv = NULL;
1661 pkey = EVP_PKEY_new();
1663 || !TEST_true(EVP_PKEY_assign_DSA(pkey, dsa)))
1668 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
1671 EVP_PKEY_free(pkey);
1683 static int test_RSA_get_set_params(void)
1686 BIGNUM *n = NULL, *e = NULL, *d = NULL;
1687 EVP_PKEY *pkey = NULL;
1691 * Setup the parameters for our RSA object. For our purposes they don't
1692 * have to actually be *valid* parameters. We just need to set something.
1702 || !RSA_set0_key(rsa, n, e, d))
1706 pkey = EVP_PKEY_new();
1708 || !TEST_true(EVP_PKEY_assign_RSA(pkey, rsa)))
1713 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
1716 EVP_PKEY_free(pkey);
1725 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
1726 static int test_decrypt_null_chunks(void)
1728 EVP_CIPHER_CTX* ctx = NULL;
1729 const unsigned char key[32] = {
1730 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
1731 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
1732 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1
1734 unsigned char iv[12] = {
1735 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b
1737 unsigned char msg[] = "It was the best of times, it was the worst of times";
1738 unsigned char ciphertext[80];
1739 unsigned char plaintext[80];
1740 /* We initialise tmp to a non zero value on purpose */
1741 int ctlen, ptlen, tmp = 99;
1743 const int enc_offset = 10, dec_offset = 20;
1745 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
1746 || !TEST_true(EVP_EncryptInit_ex(ctx, EVP_chacha20_poly1305(), NULL,
1748 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &ctlen, msg,
1750 /* Deliberate add a zero length update */
1751 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp, NULL,
1753 || !TEST_int_eq(tmp, 0)
1754 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp,
1756 sizeof(msg) - enc_offset))
1757 || !TEST_int_eq(ctlen += tmp, sizeof(msg))
1758 || !TEST_true(EVP_EncryptFinal(ctx, ciphertext + ctlen, &tmp))
1759 || !TEST_int_eq(tmp, 0))
1762 /* Deliberately initialise tmp to a non zero value */
1764 if (!TEST_true(EVP_DecryptInit_ex(ctx, EVP_chacha20_poly1305(), NULL, key,
1766 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext, &ptlen, ciphertext,
1769 * Deliberately add a zero length update. We also deliberately do
1770 * this at a different offset than for encryption.
1772 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp, NULL,
1774 || !TEST_int_eq(tmp, 0)
1775 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp,
1776 ciphertext + dec_offset,
1777 ctlen - dec_offset))
1778 || !TEST_int_eq(ptlen += tmp, sizeof(msg))
1779 || !TEST_true(EVP_DecryptFinal(ctx, plaintext + ptlen, &tmp))
1780 || !TEST_int_eq(tmp, 0)
1781 || !TEST_mem_eq(msg, sizeof(msg), plaintext, ptlen))
1786 EVP_CIPHER_CTX_free(ctx);
1789 #endif /* !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) */
1791 #ifndef OPENSSL_NO_DH
1792 static int test_EVP_PKEY_set1_DH(void)
1794 DH *x942dh = NULL, *noqdh = NULL;
1795 EVP_PKEY *pkey1 = NULL, *pkey2 = NULL;
1797 BIGNUM *p, *g = NULL;
1799 if (!TEST_ptr(p = BN_new())
1800 || !TEST_ptr(g = BN_new())
1801 || !BN_set_word(p, 9999)
1802 || !BN_set_word(g, 2)
1803 || !TEST_ptr(noqdh = DH_new())
1804 || !DH_set0_pqg(noqdh, p, NULL, g))
1808 x942dh = DH_get_2048_256();
1809 pkey1 = EVP_PKEY_new();
1810 pkey2 = EVP_PKEY_new();
1811 if (!TEST_ptr(x942dh)
1814 || !TEST_ptr(pkey2))
1817 if(!TEST_true(EVP_PKEY_set1_DH(pkey1, x942dh))
1818 || !TEST_int_eq(EVP_PKEY_id(pkey1), EVP_PKEY_DHX))
1821 if(!TEST_true(EVP_PKEY_set1_DH(pkey2, noqdh))
1822 || !TEST_int_eq(EVP_PKEY_id(pkey2), EVP_PKEY_DH))
1829 EVP_PKEY_free(pkey1);
1830 EVP_PKEY_free(pkey2);
1839 * We test what happens with an empty template. For the sake of this test,
1840 * the template must be ignored, and we know that's the case for RSA keys
1841 * (this might arguably be a misfeature, but that's what we currently do,
1842 * even in provider code, since that's how the legacy RSA implementation
1845 static int test_keygen_with_empty_template(int n)
1847 EVP_PKEY_CTX *ctx = NULL;
1848 EVP_PKEY *pkey = NULL;
1849 EVP_PKEY *tkey = NULL;
1854 /* We do test with no template at all as well */
1855 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL)))
1859 /* Here we create an empty RSA key that serves as our template */
1860 if (!TEST_ptr(tkey = EVP_PKEY_new())
1861 || !TEST_true(EVP_PKEY_set_type(tkey, EVP_PKEY_RSA))
1862 || !TEST_ptr(ctx = EVP_PKEY_CTX_new(tkey, NULL)))
1867 if (!TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
1868 || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0))
1873 EVP_PKEY_CTX_free(ctx);
1874 EVP_PKEY_free(pkey);
1875 EVP_PKEY_free(tkey);
1880 * Test that we fail if we attempt to use an algorithm that is not available
1881 * in the current library context (unless we are using an algorithm that
1882 * should be made available via legacy codepaths).
1887 static int test_pkey_ctx_fail_without_provider(int tst)
1889 OPENSSL_CTX *tmpctx = OPENSSL_CTX_new();
1890 OSSL_PROVIDER *nullprov = NULL;
1891 EVP_PKEY_CTX *pctx = NULL;
1892 const char *keytype = NULL;
1893 int expect_null = 0;
1896 if (!TEST_ptr(tmpctx))
1899 nullprov = OSSL_PROVIDER_load(tmpctx, "null");
1900 if (!TEST_ptr(nullprov))
1904 * We check for certain algos in the null provider.
1905 * If an algo is expected to have a provider keymgmt, contructing an
1906 * EVP_PKEY_CTX is expected to fail (return NULL).
1907 * Otherwise, if it's expected to have legacy support, contructing an
1908 * EVP_PKEY_CTX is expected to succeed (return non-NULL).
1917 expect_null = 0; /* TODO: change to 1 when we have a SM2 keymgmt */
1918 #ifdef OPENSSL_NO_EC
1919 TEST_info("EC disable, skipping SM2 check...");
1922 #ifdef OPENSSL_NO_SM2
1923 TEST_info("SM2 disable, skipping SM2 check...");
1928 TEST_error("No test for case %d", tst);
1932 pctx = EVP_PKEY_CTX_new_from_name(tmpctx, keytype, "");
1933 if (expect_null ? !TEST_ptr_null(pctx) : !TEST_ptr(pctx))
1936 #if defined(OPENSSL_NO_EC) || defined(OPENSSL_NO_SM2)
1942 EVP_PKEY_CTX_free(pctx);
1943 OSSL_PROVIDER_unload(nullprov);
1944 OPENSSL_CTX_free(tmpctx);
1948 static int test_rand_agglomeration(void)
1952 OSSL_PARAM params[3], *p = params;
1954 unsigned int step = 7;
1955 static unsigned char seed[] = "It does not matter how slowly you go "
1956 "as long as you do not stop.";
1957 unsigned char out[sizeof(seed)];
1959 if (!TEST_int_ne(sizeof(seed) % step, 0)
1960 || !TEST_ptr(rand = EVP_RAND_fetch(NULL, "TEST-RAND", NULL)))
1962 ctx = EVP_RAND_CTX_new(rand, NULL);
1963 EVP_RAND_free(rand);
1967 memset(out, 0, sizeof(out));
1968 *p++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY,
1969 seed, sizeof(seed));
1970 *p++ = OSSL_PARAM_construct_uint(OSSL_DRBG_PARAM_MAX_REQUEST, &step);
1971 *p = OSSL_PARAM_construct_end();
1972 res = TEST_true(EVP_RAND_set_ctx_params(ctx, params))
1973 && TEST_true(EVP_RAND_generate(ctx, out, sizeof(out), 0, 1, NULL, 0))
1974 && TEST_mem_eq(seed, sizeof(seed), out, sizeof(out));
1975 EVP_RAND_CTX_free(ctx);
1980 * Test that we correctly return the original or "running" IV after
1981 * an encryption operation.
1982 * Run multiple times for some different relevant algorithms/modes.
1984 static int test_evp_iv(int idx)
1987 EVP_CIPHER_CTX *ctx = NULL;
1988 unsigned char key[16] = {0x4c, 0x43, 0xdb, 0xdd, 0x42, 0x73, 0x47, 0xd1,
1989 0xe5, 0x62, 0x7d, 0xcd, 0x4d, 0x76, 0x4d, 0x57};
1990 unsigned char init_iv[EVP_MAX_IV_LENGTH] =
1991 {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82,
1992 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34};
1993 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8,
1994 9, 10, 11, 12, 13, 14, 15, 16 };
1995 unsigned char ciphertext[32], oiv[16], iv[16];
1996 unsigned char *ref_iv;
1997 unsigned char cbc_state[16] = {0x10, 0x2f, 0x05, 0xcc, 0xc2, 0x55, 0x72, 0xb9,
1998 0x88, 0xe6, 0x4a, 0x17, 0x10, 0x74, 0x22, 0x5e};
2000 unsigned char ofb_state[16] = {0x76, 0xe6, 0x66, 0x61, 0xd0, 0x8a, 0xe4, 0x64,
2001 0xdd, 0x66, 0xbf, 0x00, 0xf0, 0xe3, 0x6f, 0xfd};
2002 unsigned char gcm_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
2003 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
2004 unsigned char ccm_state[7] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98};
2005 #ifndef OPENSSL_NO_OCB
2006 unsigned char ocb_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
2007 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
2009 int len = sizeof(ciphertext);
2010 size_t ivlen, ref_len;
2011 const EVP_CIPHER *type = NULL;
2015 type = EVP_aes_128_cbc();
2018 type = (type != NULL) ? type :
2019 EVP_CIPHER_fetch(testctx, "aes-128-cbc", NULL);
2021 ref_len = sizeof(cbc_state);
2024 type = EVP_aes_128_ofb();
2027 type = (type != NULL) ? type :
2028 EVP_CIPHER_fetch(testctx, "aes-128-ofb", NULL);
2030 ref_len = sizeof(ofb_state);
2033 type = EVP_aes_128_gcm();
2036 type = (type != NULL) ? type :
2037 EVP_CIPHER_fetch(testctx, "aes-128-gcm", NULL);
2039 ref_len = sizeof(gcm_state);
2042 type = EVP_aes_128_ccm();
2045 type = (type != NULL) ? type :
2046 EVP_CIPHER_fetch(testctx, "aes-128-ccm", NULL);
2048 ref_len = sizeof(ccm_state);
2050 #ifdef OPENSSL_NO_OCB
2056 type = EVP_aes_128_ocb();
2059 type = (type != NULL) ? type :
2060 EVP_CIPHER_fetch(testctx, "aes-128-ocb", NULL);
2062 ref_len = sizeof(ocb_state);
2070 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new()))
2071 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv))
2072 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg,
2074 || !TEST_true(EVP_CIPHER_CTX_get_iv(ctx, oiv, sizeof(oiv)))
2075 || !TEST_true(EVP_CIPHER_CTX_get_iv_state(ctx, iv, sizeof(iv)))
2076 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len)))
2078 ivlen = EVP_CIPHER_CTX_iv_length(ctx);
2079 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen)
2080 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen))
2085 EVP_CIPHER_CTX_free(ctx);
2087 EVP_CIPHER_free((EVP_CIPHER *)type);
2091 int setup_tests(void)
2093 testctx = OPENSSL_CTX_new();
2095 if (!TEST_ptr(testctx))
2098 ADD_TEST(test_EVP_set_default_properties);
2099 ADD_ALL_TESTS(test_EVP_DigestSignInit, 9);
2100 ADD_TEST(test_EVP_DigestVerifyInit);
2101 ADD_TEST(test_EVP_Enveloped);
2102 ADD_ALL_TESTS(test_d2i_AutoPrivateKey, OSSL_NELEM(keydata));
2103 ADD_TEST(test_privatekey_to_pkcs8);
2104 #ifndef OPENSSL_NO_EC
2105 ADD_TEST(test_EVP_PKCS82PKEY);
2107 #ifndef OPENSSL_NO_EC
2108 ADD_ALL_TESTS(test_EC_keygen_with_enc, OSSL_NELEM(ec_encodings));
2110 #if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
2111 ADD_TEST(test_EVP_SM2);
2112 ADD_TEST(test_EVP_SM2_verify);
2114 ADD_ALL_TESTS(test_set_get_raw_keys, OSSL_NELEM(keys));
2115 #ifndef OPENSSL_NO_DEPRECATED_3_0
2116 custom_pmeth = EVP_PKEY_meth_new(0xdefaced, 0);
2117 if (!TEST_ptr(custom_pmeth))
2119 EVP_PKEY_meth_set_check(custom_pmeth, pkey_custom_check);
2120 EVP_PKEY_meth_set_public_check(custom_pmeth, pkey_custom_pub_check);
2121 EVP_PKEY_meth_set_param_check(custom_pmeth, pkey_custom_param_check);
2122 if (!TEST_int_eq(EVP_PKEY_meth_add0(custom_pmeth), 1))
2125 ADD_ALL_TESTS(test_EVP_PKEY_check, OSSL_NELEM(keycheckdata));
2126 #ifndef OPENSSL_NO_CMAC
2127 ADD_TEST(test_CMAC_keygen);
2129 ADD_TEST(test_HKDF);
2130 ADD_TEST(test_emptyikm_HKDF);
2131 #ifndef OPENSSL_NO_EC
2132 ADD_TEST(test_X509_PUBKEY_inplace);
2133 ADD_ALL_TESTS(test_invalide_ec_char2_pub_range_decode,
2134 OSSL_NELEM(ec_der_pub_keys));
2136 #ifndef OPENSSL_NO_DSA
2137 ADD_TEST(test_DSA_get_set_params);
2139 ADD_TEST(test_RSA_get_set_params);
2140 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
2141 ADD_TEST(test_decrypt_null_chunks);
2143 #ifndef OPENSSL_NO_DH
2144 ADD_TEST(test_EVP_PKEY_set1_DH);
2146 ADD_ALL_TESTS(test_keygen_with_empty_template, 2);
2147 ADD_ALL_TESTS(test_pkey_ctx_fail_without_provider, 2);
2149 ADD_TEST(test_rand_agglomeration);
2150 ADD_ALL_TESTS(test_evp_iv, 10);
2155 void cleanup_tests(void)
2157 OPENSSL_CTX_free(testctx);