2 * Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 /* We need to use some deprecated APIs */
11 #define OPENSSL_SUPPRESS_DEPRECATED
16 #include <openssl/bio.h>
17 #include <openssl/conf.h>
18 #include <openssl/crypto.h>
19 #include <openssl/err.h>
20 #include <openssl/evp.h>
21 #include <openssl/rsa.h>
22 #include <openssl/x509.h>
23 #include <openssl/pem.h>
24 #include <openssl/kdf.h>
25 #include <openssl/provider.h>
26 #include <openssl/core_names.h>
27 #include <openssl/params.h>
28 #include <openssl/dsa.h>
29 #include <openssl/dh.h>
30 #include <openssl/aes.h>
32 #include "internal/nelem.h"
33 #include "internal/sizes.h"
34 #include "crypto/evp.h"
35 #include "../e_os.h" /* strcasecmp */
37 static OSSL_LIB_CTX *testctx = NULL;
40 * kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you
41 * should never use this key anywhere but in an example.
43 static const unsigned char kExampleRSAKeyDER[] = {
44 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xf8,
45 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59,
46 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37,
47 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71,
48 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a,
49 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4,
50 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec,
51 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76,
52 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8,
53 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7,
54 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c,
55 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01,
56 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 0x6d, 0xc7,
57 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 0x32, 0x85,
58 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 0x5f, 0xee,
59 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 0x66, 0x85,
60 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 0xa4, 0x0a,
61 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 0xc2, 0x15,
62 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 0x5b, 0x83,
63 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 0x80, 0x1b,
64 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 0x99, 0x73,
65 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 0x1f, 0x99,
66 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 0xb1, 0x02,
67 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 0x40, 0x41,
68 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 0x3d, 0x59,
69 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 0xc6, 0xd9,
70 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 0x9f, 0xef,
71 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 0x46, 0x87,
72 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 0x2c, 0xdf,
73 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 0x55, 0xf5,
74 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 0xcd, 0xb5,
75 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 0xb3, 0x62,
76 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 0x9b, 0x64,
77 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 0xfa, 0xb8,
78 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 0xe8, 0xba,
79 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 0xe7, 0xfe,
80 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 0x75, 0xe7,
81 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 0x9d, 0xfe,
82 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 0xf1, 0xdb,
83 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 0x5a, 0x34,
84 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 0x84, 0x27,
85 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 0xe9, 0xc0,
86 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 0xb9, 0xba,
87 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 0x10, 0x06,
88 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 0x52, 0x2c,
89 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 0xc4, 0x1e,
90 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 0x49, 0xaf,
91 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 0xd1, 0x8a,
92 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 0x17, 0x17,
93 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 0x08, 0xf1,
94 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
98 * kExampleDSAKeyDER is a DSA private key in ASN.1, DER format. Of course, you
99 * should never use this key anywhere but in an example.
101 #ifndef OPENSSL_NO_DSA
102 static const unsigned char kExampleDSAKeyDER[] = {
103 0x30, 0x82, 0x01, 0xba, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0x9a,
104 0x05, 0x6d, 0x33, 0xcd, 0x5d, 0x78, 0xa1, 0xbb, 0xcb, 0x7d, 0x5b, 0x8d,
105 0xb4, 0xcc, 0xbf, 0x03, 0x99, 0x64, 0xde, 0x38, 0x78, 0x06, 0x15, 0x2f,
106 0x86, 0x26, 0x77, 0xf3, 0xb1, 0x85, 0x00, 0xed, 0xfc, 0x28, 0x3a, 0x42,
107 0x4d, 0xab, 0xab, 0xdf, 0xbc, 0x9c, 0x16, 0xd0, 0x22, 0x50, 0xd1, 0x38,
108 0xdd, 0x3f, 0x64, 0x05, 0x9e, 0x68, 0x7a, 0x1e, 0xf1, 0x56, 0xbf, 0x1e,
109 0x2c, 0xc5, 0x97, 0x2a, 0xfe, 0x7a, 0x22, 0xdc, 0x6c, 0x68, 0xb8, 0x2e,
110 0x06, 0xdb, 0x41, 0xca, 0x98, 0xd8, 0x54, 0xc7, 0x64, 0x48, 0x24, 0x04,
111 0x20, 0xbc, 0x59, 0xe3, 0x6b, 0xea, 0x7e, 0xfc, 0x7e, 0xc5, 0x4e, 0xd4,
112 0xd8, 0x3a, 0xed, 0xcd, 0x5d, 0x99, 0xb8, 0x5c, 0xa2, 0x8b, 0xbb, 0x0b,
113 0xac, 0xe6, 0x8e, 0x25, 0x56, 0x22, 0x3a, 0x2d, 0x3a, 0x56, 0x41, 0x14,
114 0x1f, 0x1c, 0x8f, 0x53, 0x46, 0x13, 0x85, 0x02, 0x15, 0x00, 0x98, 0x7e,
115 0x92, 0x81, 0x88, 0xc7, 0x3f, 0x70, 0x49, 0x54, 0xf6, 0x76, 0xb4, 0xa3,
116 0x9e, 0x1d, 0x45, 0x98, 0x32, 0x7f, 0x02, 0x81, 0x80, 0x69, 0x4d, 0xef,
117 0x55, 0xff, 0x4d, 0x59, 0x2c, 0x01, 0xfa, 0x6a, 0x38, 0xe0, 0x70, 0x9f,
118 0x9e, 0x66, 0x8e, 0x3e, 0x8c, 0x52, 0x22, 0x9d, 0x15, 0x7e, 0x3c, 0xef,
119 0x4c, 0x7a, 0x61, 0x26, 0xe0, 0x2b, 0x81, 0x3f, 0xeb, 0xaf, 0x35, 0x38,
120 0x8d, 0xfe, 0xed, 0x46, 0xff, 0x5f, 0x03, 0x9b, 0x81, 0x92, 0xe7, 0x6f,
121 0x76, 0x4f, 0x1d, 0xd9, 0xbb, 0x89, 0xc9, 0x3e, 0xd9, 0x0b, 0xf9, 0xf4,
122 0x78, 0x11, 0x59, 0xc0, 0x1d, 0xcd, 0x0e, 0xa1, 0x6f, 0x15, 0xf1, 0x4d,
123 0xc1, 0xc9, 0x22, 0xed, 0x8d, 0xad, 0x67, 0xc5, 0x4b, 0x95, 0x93, 0x86,
124 0xa6, 0xaf, 0x8a, 0xee, 0x06, 0x89, 0x2f, 0x37, 0x7e, 0x64, 0xaa, 0xf6,
125 0xe7, 0xb1, 0x5a, 0x0a, 0x93, 0x95, 0x5d, 0x3e, 0x53, 0x9a, 0xde, 0x8a,
126 0xc2, 0x95, 0x45, 0x81, 0xbe, 0x5c, 0x2f, 0xc2, 0xb2, 0x92, 0x58, 0x19,
127 0x72, 0x80, 0xe9, 0x79, 0xa1, 0x02, 0x81, 0x80, 0x07, 0xd7, 0x62, 0xff,
128 0xdf, 0x1a, 0x3f, 0xed, 0x32, 0xd4, 0xd4, 0x88, 0x7b, 0x2c, 0x63, 0x7f,
129 0x97, 0xdc, 0x44, 0xd4, 0x84, 0xa2, 0xdd, 0x17, 0x16, 0x85, 0x13, 0xe0,
130 0xac, 0x51, 0x8d, 0x29, 0x1b, 0x75, 0x9a, 0xe4, 0xe3, 0x8a, 0x92, 0x69,
131 0x09, 0x03, 0xc5, 0x68, 0xae, 0x5e, 0x94, 0xfe, 0xc9, 0x92, 0x6c, 0x07,
132 0xb4, 0x1e, 0x64, 0x62, 0x87, 0xc6, 0xa4, 0xfd, 0x0d, 0x5f, 0xe5, 0xf9,
133 0x1b, 0x4f, 0x85, 0x5f, 0xae, 0xf3, 0x11, 0xe5, 0x18, 0xd4, 0x4d, 0x79,
134 0x9f, 0xc4, 0x79, 0x26, 0x04, 0x27, 0xf0, 0x0b, 0xee, 0x2b, 0x86, 0x9f,
135 0x86, 0x61, 0xe6, 0x51, 0xce, 0x04, 0x9b, 0x5d, 0x6b, 0x34, 0x43, 0x8c,
136 0x85, 0x3c, 0xf1, 0x51, 0x9b, 0x08, 0x23, 0x1b, 0xf5, 0x7e, 0x33, 0x12,
137 0xea, 0xab, 0x1f, 0xb7, 0x2d, 0xe2, 0x5f, 0xe6, 0x97, 0x99, 0xb5, 0x45,
138 0x16, 0x5b, 0xc3, 0x41, 0x02, 0x14, 0x61, 0xbf, 0x51, 0x60, 0xcf, 0xc8,
139 0xf1, 0x8c, 0x82, 0x97, 0xf2, 0xf4, 0x19, 0xba, 0x2b, 0xf3, 0x16, 0xbe,
145 * kExampleBadRSAKeyDER is an RSA private key in ASN.1, DER format. The private
146 * components are not correct.
148 static const unsigned char kExampleBadRSAKeyDER[] = {
149 0x30, 0x82, 0x04, 0x27, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00,
150 0xa6, 0x1a, 0x1e, 0x6e, 0x7b, 0xee, 0xc6, 0x89, 0x66, 0xe7, 0x93, 0xef,
151 0x54, 0x12, 0x68, 0xea, 0xbf, 0x86, 0x2f, 0xdd, 0xd2, 0x79, 0xb8, 0xa9,
152 0x6e, 0x03, 0xc2, 0xa3, 0xb9, 0xa3, 0xe1, 0x4b, 0x2a, 0xb3, 0xf8, 0xb4,
153 0xcd, 0xea, 0xbe, 0x24, 0xa6, 0x57, 0x5b, 0x83, 0x1f, 0x0f, 0xf2, 0xd3,
154 0xb7, 0xac, 0x7e, 0xd6, 0x8e, 0x6e, 0x1e, 0xbf, 0xb8, 0x73, 0x8c, 0x05,
155 0x56, 0xe6, 0x35, 0x1f, 0xe9, 0x04, 0x0b, 0x09, 0x86, 0x7d, 0xf1, 0x26,
156 0x08, 0x99, 0xad, 0x7b, 0xc8, 0x4d, 0x94, 0xb0, 0x0b, 0x8b, 0x38, 0xa0,
157 0x5c, 0x62, 0xa0, 0xab, 0xd3, 0x8f, 0xd4, 0x09, 0x60, 0x72, 0x1e, 0x33,
158 0x50, 0x80, 0x6e, 0x22, 0xa6, 0x77, 0x57, 0x6b, 0x9a, 0x33, 0x21, 0x66,
159 0x87, 0x6e, 0x21, 0x7b, 0xc7, 0x24, 0x0e, 0xd8, 0x13, 0xdf, 0x83, 0xde,
160 0xcd, 0x40, 0x58, 0x1d, 0x84, 0x86, 0xeb, 0xb8, 0x12, 0x4e, 0xd2, 0xfa,
161 0x80, 0x1f, 0xe4, 0xe7, 0x96, 0x29, 0xb8, 0xcc, 0xce, 0x66, 0x6d, 0x53,
162 0xca, 0xb9, 0x5a, 0xd7, 0xf6, 0x84, 0x6c, 0x2d, 0x9a, 0x1a, 0x14, 0x1c,
163 0x4e, 0x93, 0x39, 0xba, 0x74, 0xed, 0xed, 0x87, 0x87, 0x5e, 0x48, 0x75,
164 0x36, 0xf0, 0xbc, 0x34, 0xfb, 0x29, 0xf9, 0x9f, 0x96, 0x5b, 0x0b, 0xa7,
165 0x54, 0x30, 0x51, 0x29, 0x18, 0x5b, 0x7d, 0xac, 0x0f, 0xd6, 0x5f, 0x7c,
166 0xf8, 0x98, 0x8c, 0xd8, 0x86, 0x62, 0xb3, 0xdc, 0xff, 0x0f, 0xff, 0x7a,
167 0xaf, 0x5c, 0x4c, 0x61, 0x49, 0x2e, 0xc8, 0x95, 0x86, 0xc4, 0x0e, 0x87,
168 0xfc, 0x1d, 0xcf, 0x8b, 0x7c, 0x61, 0xf6, 0xd8, 0xd0, 0x69, 0xf6, 0xcd,
169 0x8a, 0x8c, 0xf6, 0x62, 0xa2, 0x56, 0xa9, 0xe3, 0xd1, 0xcf, 0x4d, 0xa0,
170 0xf6, 0x2d, 0x20, 0x0a, 0x04, 0xb7, 0xa2, 0xf7, 0xb5, 0x99, 0x47, 0x18,
171 0x56, 0x85, 0x87, 0xc7, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01,
172 0x01, 0x00, 0x99, 0x41, 0x38, 0x1a, 0xd0, 0x96, 0x7a, 0xf0, 0x83, 0xd5,
173 0xdf, 0x94, 0xce, 0x89, 0x3d, 0xec, 0x7a, 0x52, 0x21, 0x10, 0x16, 0x06,
174 0xe0, 0xee, 0xd2, 0xe6, 0xfd, 0x4b, 0x7b, 0x19, 0x4d, 0xe1, 0xc0, 0xc0,
175 0xd5, 0x14, 0x5d, 0x79, 0xdd, 0x7e, 0x8b, 0x4b, 0xc6, 0xcf, 0xb0, 0x75,
176 0x52, 0xa3, 0x2d, 0xb1, 0x26, 0x46, 0x68, 0x9c, 0x0a, 0x1a, 0xf2, 0xe1,
177 0x09, 0xac, 0x53, 0x85, 0x8c, 0x36, 0xa9, 0x14, 0x65, 0xea, 0xa0, 0x00,
178 0xcb, 0xe3, 0x3f, 0xc4, 0x2b, 0x61, 0x2e, 0x6b, 0x06, 0x69, 0x77, 0xfd,
179 0x38, 0x7e, 0x1d, 0x3f, 0x92, 0xe7, 0x77, 0x08, 0x19, 0xa7, 0x9d, 0x29,
180 0x2d, 0xdc, 0x42, 0xc6, 0x7c, 0xd7, 0xd3, 0xa8, 0x01, 0x2c, 0xf2, 0xd5,
181 0x82, 0x57, 0xcb, 0x55, 0x3d, 0xe7, 0xaa, 0xd2, 0x06, 0x30, 0x30, 0x05,
182 0xe6, 0xf2, 0x47, 0x86, 0xba, 0xc6, 0x61, 0x64, 0xeb, 0x4f, 0x2a, 0x5e,
183 0x07, 0x29, 0xe0, 0x96, 0xb2, 0x43, 0xff, 0x5f, 0x1a, 0x54, 0x16, 0xcf,
184 0xb5, 0x56, 0x5c, 0xa0, 0x9b, 0x0c, 0xfd, 0xb3, 0xd2, 0xe3, 0x79, 0x1d,
185 0x21, 0xe2, 0xd6, 0x13, 0xc4, 0x74, 0xa6, 0xf5, 0x8e, 0x8e, 0x81, 0xbb,
186 0xb4, 0xad, 0x8a, 0xf0, 0x93, 0x0a, 0xd8, 0x0a, 0x42, 0x36, 0xbc, 0xe5,
187 0x26, 0x2a, 0x0d, 0x5d, 0x57, 0x13, 0xc5, 0x4e, 0x2f, 0x12, 0x0e, 0xef,
188 0xa7, 0x81, 0x1e, 0xc3, 0xa5, 0xdb, 0xc9, 0x24, 0xeb, 0x1a, 0xa1, 0xf9,
189 0xf6, 0xa1, 0x78, 0x98, 0x93, 0x77, 0x42, 0x45, 0x03, 0xe2, 0xc9, 0xa2,
190 0xfe, 0x2d, 0x77, 0xc8, 0xc6, 0xac, 0x9b, 0x98, 0x89, 0x6d, 0x9a, 0xe7,
191 0x61, 0x63, 0xb7, 0xf2, 0xec, 0xd6, 0xb1, 0xa1, 0x6e, 0x0a, 0x1a, 0xff,
192 0xfd, 0x43, 0x28, 0xc3, 0x0c, 0xdc, 0xf2, 0x47, 0x4f, 0x27, 0xaa, 0x99,
193 0x04, 0x8e, 0xac, 0xe8, 0x7c, 0x01, 0x02, 0x04, 0x12, 0x34, 0x56, 0x78,
194 0x02, 0x81, 0x81, 0x00, 0xca, 0x69, 0xe5, 0xbb, 0x3a, 0x90, 0x82, 0xcb,
195 0x82, 0x50, 0x2f, 0x29, 0xe2, 0x76, 0x6a, 0x57, 0x55, 0x45, 0x4e, 0x35,
196 0x18, 0x61, 0xe0, 0x12, 0x70, 0xc0, 0xab, 0xc7, 0x80, 0xa2, 0xd4, 0x46,
197 0x34, 0x03, 0xa0, 0x19, 0x26, 0x23, 0x9e, 0xef, 0x1a, 0xcb, 0x75, 0xd6,
198 0xba, 0x81, 0xf4, 0x7e, 0x52, 0xe5, 0x2a, 0xe8, 0xf1, 0x49, 0x6c, 0x0f,
199 0x1a, 0xa0, 0xf9, 0xc6, 0xe7, 0xec, 0x60, 0xe4, 0xcb, 0x2a, 0xb5, 0x56,
200 0xe9, 0x9c, 0xcd, 0x19, 0x75, 0x92, 0xb1, 0x66, 0xce, 0xc3, 0xd9, 0x3d,
201 0x11, 0xcb, 0xc4, 0x09, 0xce, 0x1e, 0x30, 0xba, 0x2f, 0x60, 0x60, 0x55,
202 0x8d, 0x02, 0xdc, 0x5d, 0xaf, 0xf7, 0x52, 0x31, 0x17, 0x07, 0x53, 0x20,
203 0x33, 0xad, 0x8c, 0xd5, 0x2f, 0x5a, 0xd0, 0x57, 0xd7, 0xd1, 0x80, 0xd6,
204 0x3a, 0x9b, 0x04, 0x4f, 0x35, 0xbf, 0xe7, 0xd5, 0xbc, 0x8f, 0xd4, 0x81,
205 0x02, 0x81, 0x81, 0x00, 0xc0, 0x9f, 0xf8, 0xcd, 0xf7, 0x3f, 0x26, 0x8a,
206 0x3d, 0x4d, 0x2b, 0x0c, 0x01, 0xd0, 0xa2, 0xb4, 0x18, 0xfe, 0xf7, 0x5e,
207 0x2f, 0x06, 0x13, 0xcd, 0x63, 0xaa, 0x12, 0xa9, 0x24, 0x86, 0xe3, 0xf3,
208 0x7b, 0xda, 0x1a, 0x3c, 0xb1, 0x38, 0x80, 0x80, 0xef, 0x64, 0x64, 0xa1,
209 0x9b, 0xfe, 0x76, 0x63, 0x8e, 0x83, 0xd2, 0xd9, 0xb9, 0x86, 0xb0, 0xe6,
210 0xa6, 0x0c, 0x7e, 0xa8, 0x84, 0x90, 0x98, 0x0c, 0x1e, 0xf3, 0x14, 0x77,
211 0xe0, 0x5f, 0x81, 0x08, 0x11, 0x8f, 0xa6, 0x23, 0xc4, 0xba, 0xc0, 0x8a,
212 0xe4, 0xc6, 0xe3, 0x5c, 0xbe, 0xc5, 0xec, 0x2c, 0xb9, 0xd8, 0x8c, 0x4d,
213 0x1a, 0x9d, 0xe7, 0x7c, 0x85, 0x4c, 0x0d, 0x71, 0x4e, 0x72, 0x33, 0x1b,
214 0xfe, 0xa9, 0x17, 0x72, 0x76, 0x56, 0x9d, 0x74, 0x7e, 0x52, 0x67, 0x9a,
215 0x87, 0x9a, 0xdb, 0x30, 0xde, 0xe4, 0x49, 0x28, 0x3b, 0xd2, 0x67, 0xaf,
216 0x02, 0x81, 0x81, 0x00, 0x89, 0x74, 0x9a, 0x8e, 0xa7, 0xb9, 0xa5, 0x28,
217 0xc0, 0x68, 0xe5, 0x6e, 0x63, 0x1c, 0x99, 0x20, 0x8f, 0x86, 0x8e, 0x12,
218 0x9e, 0x69, 0x30, 0xfa, 0x34, 0xd9, 0x92, 0x8d, 0xdb, 0x7c, 0x37, 0xfd,
219 0x28, 0xab, 0x61, 0x98, 0x52, 0x7f, 0x14, 0x1a, 0x39, 0xae, 0xfb, 0x6a,
220 0x03, 0xa3, 0xe6, 0xbd, 0xb6, 0x5b, 0x6b, 0xe5, 0x5e, 0x9d, 0xc6, 0xa5,
221 0x07, 0x27, 0x54, 0x17, 0xd0, 0x3d, 0x84, 0x9b, 0x3a, 0xa0, 0xd9, 0x1e,
222 0x99, 0x6c, 0x63, 0x17, 0xab, 0xf1, 0x1f, 0x49, 0xba, 0x95, 0xe3, 0x3b,
223 0x86, 0x8f, 0x42, 0xa4, 0x89, 0xf5, 0x94, 0x8f, 0x8b, 0x46, 0xbe, 0x84,
224 0xba, 0x4a, 0xbc, 0x0d, 0x5f, 0x46, 0xeb, 0xe8, 0xec, 0x43, 0x8c, 0x1e,
225 0xad, 0x19, 0x69, 0x2f, 0x08, 0x86, 0x7a, 0x3f, 0x7d, 0x0f, 0x07, 0x97,
226 0xf3, 0x9a, 0x7b, 0xb5, 0xb2, 0xc1, 0x8c, 0x95, 0x68, 0x04, 0xa0, 0x81,
227 0x02, 0x81, 0x80, 0x4e, 0xbf, 0x7e, 0x1b, 0xcb, 0x13, 0x61, 0x75, 0x3b,
228 0xdb, 0x59, 0x5f, 0xb1, 0xd4, 0xb8, 0xeb, 0x9e, 0x73, 0xb5, 0xe7, 0xf6,
229 0x89, 0x3d, 0x1c, 0xda, 0xf0, 0x36, 0xff, 0x35, 0xbd, 0x1e, 0x0b, 0x74,
230 0xe3, 0x9e, 0xf0, 0xf2, 0xf7, 0xd7, 0x82, 0xb7, 0x7b, 0x6a, 0x1b, 0x0e,
231 0x30, 0x4a, 0x98, 0x0e, 0xb4, 0xf9, 0x81, 0x07, 0xe4, 0x75, 0x39, 0xe9,
232 0x53, 0xca, 0xbb, 0x5c, 0xaa, 0x93, 0x07, 0x0e, 0xa8, 0x2f, 0xba, 0x98,
233 0x49, 0x30, 0xa7, 0xcc, 0x1a, 0x3c, 0x68, 0x0c, 0xe1, 0xa4, 0xb1, 0x05,
234 0xe6, 0xe0, 0x25, 0x78, 0x58, 0x14, 0x37, 0xf5, 0x1f, 0xe3, 0x22, 0xef,
235 0xa8, 0x0e, 0x22, 0xa0, 0x94, 0x3a, 0xf6, 0xc9, 0x13, 0xe6, 0x06, 0xbf,
236 0x7f, 0x99, 0xc6, 0xcc, 0xd8, 0xc6, 0xbe, 0xd9, 0x2e, 0x24, 0xc7, 0x69,
237 0x8c, 0x95, 0xba, 0xf6, 0x04, 0xb3, 0x0a, 0xf4, 0xcb, 0xf0, 0xce,
240 static const unsigned char kMsg[] = { 1, 2, 3, 4 };
242 static const unsigned char kSignature[] = {
243 0xa5, 0xf0, 0x8a, 0x47, 0x5d, 0x3c, 0xb3, 0xcc, 0xa9, 0x79, 0xaf, 0x4d,
244 0x8c, 0xae, 0x4c, 0x14, 0xef, 0xc2, 0x0b, 0x34, 0x36, 0xde, 0xf4, 0x3e,
245 0x3d, 0xbb, 0x4a, 0x60, 0x5c, 0xc8, 0x91, 0x28, 0xda, 0xfb, 0x7e, 0x04,
246 0x96, 0x7e, 0x63, 0x13, 0x90, 0xce, 0xb9, 0xb4, 0x62, 0x7a, 0xfd, 0x09,
247 0x3d, 0xc7, 0x67, 0x78, 0x54, 0x04, 0xeb, 0x52, 0x62, 0x6e, 0x24, 0x67,
248 0xb4, 0x40, 0xfc, 0x57, 0x62, 0xc6, 0xf1, 0x67, 0xc1, 0x97, 0x8f, 0x6a,
249 0xa8, 0xae, 0x44, 0x46, 0x5e, 0xab, 0x67, 0x17, 0x53, 0x19, 0x3a, 0xda,
250 0x5a, 0xc8, 0x16, 0x3e, 0x86, 0xd5, 0xc5, 0x71, 0x2f, 0xfc, 0x23, 0x48,
251 0xd9, 0x0b, 0x13, 0xdd, 0x7b, 0x5a, 0x25, 0x79, 0xef, 0xa5, 0x7b, 0x04,
252 0xed, 0x44, 0xf6, 0x18, 0x55, 0xe4, 0x0a, 0xe9, 0x57, 0x79, 0x5d, 0xd7,
253 0x55, 0xa7, 0xab, 0x45, 0x02, 0x97, 0x60, 0x42,
257 * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS #8
260 static const unsigned char kExampleRSAKeyPKCS8[] = {
261 0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
262 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
263 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
264 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5,
265 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e,
266 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34,
267 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde,
268 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8,
269 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b,
270 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83,
271 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48,
272 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a,
273 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2,
274 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01,
275 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a,
276 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5,
277 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6,
278 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8,
279 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6,
280 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f,
281 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c,
282 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78,
283 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71,
284 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60,
285 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d,
286 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3,
287 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d,
288 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18,
289 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d,
290 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32,
291 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc,
292 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63,
293 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05,
294 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16,
295 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3,
296 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85,
297 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97,
298 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7,
299 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99,
300 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4,
301 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d,
302 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40,
303 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26,
304 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1,
305 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c,
306 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30,
307 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea,
308 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b,
309 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e,
310 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9,
311 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae,
312 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d,
313 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
316 #ifndef OPENSSL_NO_EC
318 * kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey
321 static const unsigned char kExampleECKeyDER[] = {
322 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x07, 0x0f, 0x08, 0x72, 0x7a,
323 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 0x4d, 0x89, 0x68, 0x77, 0x08,
324 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 0xe8, 0xd1, 0xc9, 0xce, 0x0a,
325 0x8b, 0xb4, 0x6a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
326 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69,
327 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c,
328 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9,
329 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18,
330 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16,
331 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22,
336 * kExampleBadECKeyDER is a sample EC private key encoded as an ECPrivateKey
337 * structure. The private key is equal to the order and will fail to import
339 static const unsigned char kExampleBadECKeyDER[] = {
340 0x30, 0x66, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48,
341 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03,
342 0x01, 0x07, 0x04, 0x4C, 0x30, 0x4A, 0x02, 0x01, 0x01, 0x04, 0x20, 0xFF,
343 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
344 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3,
345 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51, 0xA1, 0x23, 0x03, 0x21, 0x00,
346 0x00, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
347 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84,
348 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51
352 static const unsigned char kExampleECPubKeyDER[] = {
353 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
354 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
355 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
356 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
357 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
358 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
359 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
360 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
364 * kExampleBadECPubKeyDER is a sample EC public key with a wrong OID
365 * 1.2.840.10045.2.2 instead of 1.2.840.10045.2.1 - EC Public Key
367 static const unsigned char kExampleBadECPubKeyDER[] = {
368 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
369 0x02, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
370 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
371 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
372 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
373 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
374 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
375 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
378 static const unsigned char pExampleECParamDER[] = {
379 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07
383 typedef struct APK_DATA_st {
384 const unsigned char *kder;
390 int type; /* 0 for private, 1 for public, 2 for params */
393 static APK_DATA keydata[] = {
394 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), EVP_PKEY_RSA},
395 {kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), EVP_PKEY_RSA},
396 #ifndef OPENSSL_NO_EC
397 {kExampleECKeyDER, sizeof(kExampleECKeyDER), EVP_PKEY_EC}
401 static APK_DATA keycheckdata[] = {
402 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), EVP_PKEY_RSA, 1, -2, -2, 0},
403 {kExampleBadRSAKeyDER, sizeof(kExampleBadRSAKeyDER), EVP_PKEY_RSA,
405 #ifndef OPENSSL_NO_EC
406 {kExampleECKeyDER, sizeof(kExampleECKeyDER), EVP_PKEY_EC, 1, 1, 1, 0},
407 /* group is also associated in our pub key */
408 {kExampleECPubKeyDER, sizeof(kExampleECPubKeyDER), EVP_PKEY_EC, 0, 1, 1, 1},
409 {pExampleECParamDER, sizeof(pExampleECParamDER), EVP_PKEY_EC, 0, 0, 1, 2}
413 static EVP_PKEY *load_example_rsa_key(void)
415 EVP_PKEY *ret = NULL;
416 const unsigned char *derp = kExampleRSAKeyDER;
417 EVP_PKEY *pkey = NULL;
420 if (!TEST_true(d2i_RSAPrivateKey(&rsa, &derp, sizeof(kExampleRSAKeyDER))))
423 if (!TEST_ptr(pkey = EVP_PKEY_new())
424 || !TEST_true(EVP_PKEY_set1_RSA(pkey, rsa)))
437 #ifndef OPENSSL_NO_DSA
438 static EVP_PKEY *load_example_dsa_key(void)
440 EVP_PKEY *ret = NULL;
441 const unsigned char *derp = kExampleDSAKeyDER;
442 EVP_PKEY *pkey = NULL;
445 if (!TEST_true(d2i_DSAPrivateKey(&dsa, &derp, sizeof(kExampleDSAKeyDER))))
448 if (!TEST_ptr(pkey = EVP_PKEY_new())
449 || !TEST_true(EVP_PKEY_set1_DSA(pkey, dsa)))
463 static EVP_PKEY *load_example_hmac_key(void)
465 EVP_PKEY *pkey = NULL;
466 unsigned char key[] = {
467 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
468 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
469 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
472 pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, NULL, key, sizeof(key));
479 static int test_EVP_set_default_properties(void)
485 if (!TEST_ptr(ctx = OSSL_LIB_CTX_new())
486 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
491 if (!TEST_true(EVP_set_default_properties(ctx, "provider=fizzbang"))
492 || !TEST_ptr_null(md = EVP_MD_fetch(ctx, "sha256", NULL))
493 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", "-provider")))
498 if (!TEST_true(EVP_set_default_properties(ctx, NULL))
499 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
504 OSSL_LIB_CTX_free(ctx);
508 static int test_EVP_Enveloped(void)
511 EVP_CIPHER_CTX *ctx = NULL;
512 EVP_PKEY *keypair = NULL;
513 unsigned char *kek = NULL;
514 unsigned char iv[EVP_MAX_IV_LENGTH];
515 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8 };
516 int len, kek_len, ciphertext_len, plaintext_len;
517 unsigned char ciphertext[32], plaintext[16];
518 const EVP_CIPHER *type = EVP_aes_256_cbc();
520 if (!TEST_ptr(keypair = load_example_rsa_key())
521 || !TEST_ptr(kek = OPENSSL_zalloc(EVP_PKEY_size(keypair)))
522 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
523 || !TEST_true(EVP_SealInit(ctx, type, &kek, &kek_len, iv,
525 || !TEST_true(EVP_SealUpdate(ctx, ciphertext, &ciphertext_len,
527 || !TEST_true(EVP_SealFinal(ctx, ciphertext + ciphertext_len,
531 ciphertext_len += len;
533 if (!TEST_true(EVP_OpenInit(ctx, type, kek, kek_len, iv, keypair))
534 || !TEST_true(EVP_OpenUpdate(ctx, plaintext, &plaintext_len,
535 ciphertext, ciphertext_len))
536 || !TEST_true(EVP_OpenFinal(ctx, plaintext + plaintext_len, &len)))
539 plaintext_len += len;
540 if (!TEST_mem_eq(msg, sizeof(msg), plaintext, plaintext_len))
546 EVP_PKEY_free(keypair);
547 EVP_CIPHER_CTX_free(ctx);
552 * Test 0: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, RSA)
553 * Test 1: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, DSA)
554 * Test 2: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, HMAC)
555 * Test 3: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, RSA)
556 * Test 4: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, DSA)
557 * Test 5: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch diegst, HMAC)
558 * Test 6: Use an MD BIO to do the Update calls instead (RSA)
559 * Test 7: Use an MD BIO to do the Update calls instead (DSA)
560 * Test 8: Use an MD BIO to do the Update calls instead (HMAC)
562 static int test_EVP_DigestSignInit(int tst)
565 EVP_PKEY *pkey = NULL;
566 unsigned char *sig = NULL;
568 EVP_MD_CTX *md_ctx = NULL, *md_ctx_verify = NULL;
569 EVP_MD_CTX *a_md_ctx = NULL, *a_md_ctx_verify = NULL;
570 BIO *mdbio = NULL, *membio = NULL;
573 EVP_MD *mdexp = NULL;
576 membio = BIO_new(BIO_s_mem());
577 mdbio = BIO_new(BIO_f_md());
578 if (!TEST_ptr(membio) || !TEST_ptr(mdbio))
580 BIO_push(mdbio, membio);
581 if (!TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx), 0))
584 if (!TEST_ptr(a_md_ctx = md_ctx = EVP_MD_CTX_new())
585 || !TEST_ptr(a_md_ctx_verify = md_ctx_verify = EVP_MD_CTX_new()))
589 if (tst == 0 || tst == 3 || tst == 6) {
590 if (!TEST_ptr(pkey = load_example_rsa_key()))
592 } else if (tst == 1 || tst == 4 || tst == 7) {
593 #ifndef OPENSSL_NO_DSA
594 if (!TEST_ptr(pkey = load_example_dsa_key()))
601 if (!TEST_ptr(pkey = load_example_hmac_key()))
605 if (tst >= 3 && tst <= 5)
606 md = mdexp = EVP_MD_fetch(NULL, "SHA256", NULL);
610 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, md, NULL, pkey)))
614 if (!BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written))
617 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
621 /* Determine the size of the signature. */
622 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len))
623 || !TEST_ptr(sig = OPENSSL_malloc(sig_len))
624 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
628 if (!TEST_int_gt(BIO_reset(mdbio), 0)
629 || !TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx_verify), 0))
634 * Ensure that the signature round-trips (Verification isn't supported for
635 * HMAC via EVP_DigestVerify*)
637 if (tst != 2 && tst != 5 && tst != 8) {
638 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, md,
643 if (!TEST_true(BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written)))
646 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg,
650 if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)))
659 EVP_MD_CTX_free(a_md_ctx);
660 EVP_MD_CTX_free(a_md_ctx_verify);
668 static int test_EVP_DigestVerifyInit(void)
671 EVP_PKEY *pkey = NULL;
672 EVP_MD_CTX *md_ctx = NULL;
674 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new())
675 || !TEST_ptr(pkey = load_example_rsa_key()))
678 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, EVP_sha256(), NULL, pkey))
679 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)))
680 || !TEST_true(EVP_DigestVerifyFinal(md_ctx, kSignature,
681 sizeof(kSignature))))
686 EVP_MD_CTX_free(md_ctx);
691 static int test_d2i_AutoPrivateKey(int i)
694 const unsigned char *p;
695 EVP_PKEY *pkey = NULL;
696 const APK_DATA *ak = &keydata[i];
697 const unsigned char *input = ak->kder;
698 size_t input_len = ak->size;
699 int expected_id = ak->evptype;
702 if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len))
703 || !TEST_ptr_eq(p, input + input_len)
704 || !TEST_int_eq(EVP_PKEY_id(pkey), expected_id))
714 #ifndef OPENSSL_NO_EC
716 static const unsigned char ec_public_sect163k1_validxy[] = {
717 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
718 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
719 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
720 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x02, 0xd1, 0x7b,
721 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
722 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
725 static const unsigned char ec_public_sect163k1_badx[] = {
726 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
727 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
728 0x0a, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
729 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0xb0, 0x02, 0xd1, 0x7b,
730 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
731 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
734 static const unsigned char ec_public_sect163k1_bady[] = {
735 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
736 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
737 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
738 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x0a, 0xd1, 0x7b,
739 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
740 0x6a, 0xd8, 0x17, 0x65, 0x41, 0xe6
743 static struct ec_der_pub_keys_st {
744 const unsigned char *der;
747 } ec_der_pub_keys[] = {
748 { ec_public_sect163k1_validxy, sizeof(ec_public_sect163k1_validxy), 1 },
749 { ec_public_sect163k1_badx, sizeof(ec_public_sect163k1_badx), 0 },
750 { ec_public_sect163k1_bady, sizeof(ec_public_sect163k1_bady), 0 },
754 * Tests the range of the decoded EC char2 public point.
755 * See ec_GF2m_simple_oct2point().
757 static int test_invalide_ec_char2_pub_range_decode(int id)
761 EC_KEY *eckey = NULL;
763 if (!TEST_ptr(bio = BIO_new_mem_buf(ec_der_pub_keys[id].der,
764 ec_der_pub_keys[id].len)))
766 eckey = d2i_EC_PUBKEY_bio(bio, NULL);
767 ret = (ec_der_pub_keys[id].valid && TEST_ptr(eckey))
768 || TEST_ptr_null(eckey);
775 /* Tests loading a bad key in PKCS8 format */
776 static int test_EVP_PKCS82PKEY(void)
779 const unsigned char *derp = kExampleBadECKeyDER;
780 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
781 EVP_PKEY *pkey = NULL;
783 if (!TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &derp,
784 sizeof(kExampleBadECKeyDER))))
787 if (!TEST_ptr_eq(derp,
788 kExampleBadECKeyDER + sizeof(kExampleBadECKeyDER)))
791 if (!TEST_ptr_null(pkey = EVP_PKCS82PKEY(p8inf)))
797 PKCS8_PRIV_KEY_INFO_free(p8inf);
804 /* This uses kExampleRSAKeyDER and kExampleRSAKeyPKCS8 to verify encoding */
805 static int test_privatekey_to_pkcs8(void)
807 EVP_PKEY *pkey = NULL;
813 if (!TEST_ptr(membio = BIO_new(BIO_s_mem()))
814 || !TEST_ptr(pkey = load_example_rsa_key())
815 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL,
816 NULL, 0, NULL, NULL),
818 || !TEST_int_gt(membuf_len = BIO_get_mem_data(membio, &membuf), 0)
820 || !TEST_mem_eq(membuf, (size_t)membuf_len,
821 kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8))
823 * We try to write PEM as well, just to see that it doesn't err, but
824 * assume that the result is correct.
826 || !TEST_int_gt(PEM_write_bio_PKCS8PrivateKey(membio, pkey, NULL,
827 NULL, 0, NULL, NULL),
834 BIO_free_all(membio);
838 #ifndef OPENSSL_NO_EC
839 static const struct {
841 const char *encoding_name;
843 { OPENSSL_EC_EXPLICIT_CURVE, OSSL_PKEY_EC_ENCODING_EXPLICIT },
844 { OPENSSL_EC_NAMED_CURVE, OSSL_PKEY_EC_ENCODING_GROUP }
847 static int ec_export_get_encoding_cb(const OSSL_PARAM params[], void *arg)
850 const char *enc_name = NULL;
856 if (!TEST_ptr(p = OSSL_PARAM_locate_const(params,
857 OSSL_PKEY_PARAM_EC_ENCODING))
858 || !TEST_true(OSSL_PARAM_get_utf8_string_ptr(p, &enc_name)))
861 for (i = 0; i < OSSL_NELEM(ec_encodings); i++) {
862 if (strcasecmp(enc_name, ec_encodings[i].encoding_name) == 0) {
863 *enc = ec_encodings[i].encoding;
871 static int test_EC_keygen_with_enc(int idx)
873 EVP_PKEY *params = NULL, *key = NULL;
874 EVP_PKEY_CTX *pctx = NULL, *kctx = NULL;
878 enc = ec_encodings[idx].encoding;
880 /* Create key parameters */
881 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "EC", NULL))
882 || !TEST_true(EVP_PKEY_paramgen_init(pctx))
883 || !TEST_true(EVP_PKEY_CTX_set_group_name(pctx, "P-256"))
884 || !TEST_true(EVP_PKEY_CTX_set_ec_param_enc(pctx, enc))
885 || !TEST_true(EVP_PKEY_paramgen(pctx, ¶ms))
886 || !TEST_ptr(params))
890 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx, params, NULL))
891 || !TEST_true(EVP_PKEY_keygen_init(kctx))
892 || !TEST_true(EVP_PKEY_keygen(kctx, &key))
896 /* Check that the encoding got all the way into the key */
897 if (!TEST_true(evp_keymgmt_util_export(key, OSSL_KEYMGMT_SELECT_ALL,
898 ec_export_get_encoding_cb, &enc))
899 || !TEST_int_eq(enc, ec_encodings[idx].encoding))
905 EVP_PKEY_free(params);
906 EVP_PKEY_CTX_free(kctx);
907 EVP_PKEY_CTX_free(pctx);
912 #if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
914 static int test_EVP_SM2_verify(void)
917 "-----BEGIN PUBLIC KEY-----\n"
918 "MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEp1KLWq1ZE2jmoAnnBJE1LBGxVr18\n"
919 "YvvqECWCpXfAQ9qUJ+UmthnUPf0iM3SaXKHe6PlLIDyNlWMWb9RUh/yU3g==\n"
920 "-----END PUBLIC KEY-----\n";
922 const char *msg = "message digest";
923 const char *id = "ALICE123@YAHOO.COM";
925 const uint8_t signature[] = {
926 0x30, 0x44, 0x02, 0x20, 0x5b, 0xdb, 0xab, 0x81, 0x4f, 0xbb,
927 0x8b, 0x69, 0xb1, 0x05, 0x9c, 0x99, 0x3b, 0xb2, 0x45, 0x06,
928 0x4a, 0x30, 0x15, 0x59, 0x84, 0xcd, 0xee, 0x30, 0x60, 0x36,
929 0x57, 0x87, 0xef, 0x5c, 0xd0, 0xbe, 0x02, 0x20, 0x43, 0x8d,
930 0x1f, 0xc7, 0x77, 0x72, 0x39, 0xbb, 0x72, 0xe1, 0xfd, 0x07,
931 0x58, 0xd5, 0x82, 0xc8, 0x2d, 0xba, 0x3b, 0x2c, 0x46, 0x24,
932 0xe3, 0x50, 0xff, 0x04, 0xc7, 0xa0, 0x71, 0x9f, 0xa4, 0x70
937 EVP_PKEY *pkey = NULL;
938 EVP_MD_CTX *mctx = NULL;
939 EVP_PKEY_CTX *pctx = NULL;
941 bio = BIO_new_mem_buf(pubkey, strlen(pubkey));
942 if (!TEST_true(bio != NULL))
945 pkey = PEM_read_bio_PUBKEY(bio, NULL, NULL, NULL);
946 if (!TEST_true(pkey != NULL))
949 if (!TEST_true(EVP_PKEY_is_a(pkey, "SM2")))
952 if (!TEST_ptr(mctx = EVP_MD_CTX_new()))
955 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new(pkey, NULL)))
958 EVP_MD_CTX_set_pkey_ctx(mctx, pctx);
960 if (!TEST_true(EVP_DigestVerifyInit(mctx, NULL, EVP_sm3(), NULL, pkey)))
963 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(pctx, id, strlen(id)), 0))
966 if (!TEST_true(EVP_DigestVerifyUpdate(mctx, msg, strlen(msg))))
969 if (!TEST_true(EVP_DigestVerifyFinal(mctx, signature, sizeof(signature))))
976 EVP_PKEY_CTX_free(pctx);
977 EVP_MD_CTX_free(mctx);
981 static int test_EVP_SM2(void)
984 EVP_PKEY *pkey = NULL;
985 EVP_PKEY *pkeyparams = NULL;
986 EVP_PKEY_CTX *pctx = NULL;
987 EVP_PKEY_CTX *kctx = NULL;
988 EVP_PKEY_CTX *sctx = NULL;
990 unsigned char *sig = NULL;
991 EVP_MD_CTX *md_ctx = NULL;
992 EVP_MD_CTX *md_ctx_verify = NULL;
993 EVP_PKEY_CTX *cctx = NULL;
995 uint8_t ciphertext[128];
996 size_t ctext_len = sizeof(ciphertext);
998 uint8_t plaintext[8];
999 size_t ptext_len = sizeof(plaintext);
1001 uint8_t sm2_id[] = {1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r'};
1003 OSSL_PARAM sparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
1004 OSSL_PARAM gparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
1008 pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_SM2, NULL);
1009 if (!TEST_ptr(pctx))
1012 if (!TEST_true(EVP_PKEY_paramgen_init(pctx) == 1))
1015 /* TODO is this even needed? */
1016 if (!TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, NID_sm2)))
1019 if (!TEST_true(EVP_PKEY_paramgen(pctx, &pkeyparams)))
1022 kctx = EVP_PKEY_CTX_new(pkeyparams, NULL);
1023 if (!TEST_ptr(kctx))
1026 if (!TEST_true(EVP_PKEY_keygen_init(kctx)))
1029 if (!TEST_true(EVP_PKEY_keygen(kctx, &pkey)))
1032 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1035 if (!TEST_ptr(md_ctx_verify = EVP_MD_CTX_new()))
1038 if (!TEST_ptr(sctx = EVP_PKEY_CTX_new(pkey, NULL)))
1041 EVP_MD_CTX_set_pkey_ctx(md_ctx, sctx);
1042 EVP_MD_CTX_set_pkey_ctx(md_ctx_verify, sctx);
1044 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, EVP_sm3(), NULL, pkey)))
1047 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
1050 if(!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
1053 /* Determine the size of the signature. */
1054 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len)))
1057 if (!TEST_ptr(sig = OPENSSL_malloc(sig_len)))
1060 if (!TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
1063 /* Ensure that the signature round-trips. */
1065 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, EVP_sm3(), NULL, pkey)))
1068 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
1071 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg))))
1074 if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)))
1077 /* now check encryption/decryption */
1079 gparams[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
1080 mdname, sizeof(mdname));
1081 for (i = 0; i < 2; i++) {
1082 EVP_PKEY_CTX_free(cctx);
1084 sparams[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
1085 i == 0 ? "SM3" : "SHA2-256",
1088 if (!TEST_ptr(cctx = EVP_PKEY_CTX_new(pkey, NULL)))
1091 if (!TEST_true(EVP_PKEY_encrypt_init(cctx)))
1094 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
1097 if (!TEST_true(EVP_PKEY_encrypt(cctx, ciphertext, &ctext_len, kMsg,
1101 if (!TEST_true(EVP_PKEY_decrypt_init(cctx)))
1104 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
1107 if (!TEST_true(EVP_PKEY_decrypt(cctx, plaintext, &ptext_len, ciphertext,
1111 if (!TEST_true(EVP_PKEY_CTX_get_params(cctx, gparams)))
1114 /* Test we're still using the digest we think we are */
1115 if (i == 0 && !TEST_int_eq(strcmp(mdname, "SM3"), 0))
1117 if (i == 1 && !TEST_int_eq(strcmp(mdname, "SHA2-256"), 0))
1120 if (!TEST_true(ptext_len == sizeof(kMsg)))
1123 if (!TEST_true(memcmp(plaintext, kMsg, sizeof(kMsg)) == 0))
1129 EVP_PKEY_CTX_free(pctx);
1130 EVP_PKEY_CTX_free(kctx);
1131 EVP_PKEY_CTX_free(sctx);
1132 EVP_PKEY_CTX_free(cctx);
1133 EVP_PKEY_free(pkey);
1134 EVP_PKEY_free(pkeyparams);
1135 EVP_MD_CTX_free(md_ctx);
1136 EVP_MD_CTX_free(md_ctx_verify);
1143 static struct keys_st {
1149 EVP_PKEY_HMAC, "0123456789", NULL
1151 EVP_PKEY_POLY1305, "01234567890123456789012345678901", NULL
1153 EVP_PKEY_SIPHASH, "0123456789012345", NULL
1155 #ifndef OPENSSL_NO_EC
1157 EVP_PKEY_X25519, "01234567890123456789012345678901",
1158 "abcdefghijklmnopqrstuvwxyzabcdef"
1160 EVP_PKEY_ED25519, "01234567890123456789012345678901",
1161 "abcdefghijklmnopqrstuvwxyzabcdef"
1164 "01234567890123456789012345678901234567890123456789012345",
1165 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd"
1168 "012345678901234567890123456789012345678901234567890123456",
1169 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcde"
1174 static int test_set_get_raw_keys_int(int tst, int pub, int uselibctx)
1177 unsigned char buf[80];
1179 size_t inlen, len = 0;
1182 /* Check if this algorithm supports public keys */
1183 if (keys[tst].pub == NULL)
1186 memset(buf, 0, sizeof(buf));
1189 inlen = strlen(keys[tst].pub);
1190 in = (unsigned char *)keys[tst].pub;
1192 pkey = EVP_PKEY_new_raw_public_key_ex(
1194 OBJ_nid2sn(keys[tst].type),
1199 pkey = EVP_PKEY_new_raw_public_key(keys[tst].type,
1205 inlen = strlen(keys[tst].priv);
1206 in = (unsigned char *)keys[tst].priv;
1208 pkey = EVP_PKEY_new_raw_private_key_ex(
1209 testctx, OBJ_nid2sn(keys[tst].type),
1214 pkey = EVP_PKEY_new_raw_private_key(keys[tst].type,
1222 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, NULL, &len)))
1223 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, NULL, &len)))
1224 || !TEST_true(len == inlen)
1225 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, buf, &len)))
1226 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, buf, &len)))
1227 || !TEST_mem_eq(in, inlen, buf, len))
1232 EVP_PKEY_free(pkey);
1236 static int test_set_get_raw_keys(int tst)
1238 return test_set_get_raw_keys_int(tst, 0, 0)
1239 && test_set_get_raw_keys_int(tst, 0, 1)
1240 && test_set_get_raw_keys_int(tst, 1, 0)
1241 && test_set_get_raw_keys_int(tst, 1, 1);
1244 #ifndef OPENSSL_NO_DEPRECATED_3_0
1245 static int pkey_custom_check(EVP_PKEY *pkey)
1250 static int pkey_custom_pub_check(EVP_PKEY *pkey)
1255 static int pkey_custom_param_check(EVP_PKEY *pkey)
1260 static EVP_PKEY_METHOD *custom_pmeth;
1263 static int test_EVP_PKEY_check(int i)
1266 const unsigned char *p;
1267 EVP_PKEY *pkey = NULL;
1268 #ifndef OPENSSL_NO_EC
1269 EC_KEY *eckey = NULL;
1271 EVP_PKEY_CTX *ctx = NULL;
1272 #ifndef OPENSSL_NO_DEPRECATED_3_0
1273 EVP_PKEY_CTX *ctx2 = NULL;
1275 const APK_DATA *ak = &keycheckdata[i];
1276 const unsigned char *input = ak->kder;
1277 size_t input_len = ak->size;
1278 int expected_id = ak->evptype;
1279 int expected_check = ak->check;
1280 int expected_pub_check = ak->pub_check;
1281 int expected_param_check = ak->param_check;
1282 int type = ak->type;
1289 if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len))
1290 || !TEST_ptr_eq(p, input + input_len)
1291 || !TEST_int_eq(EVP_PKEY_id(pkey), expected_id))
1294 #ifndef OPENSSL_NO_EC
1296 if (!TEST_ptr(pubkey = BIO_new_mem_buf(input, input_len))
1297 || !TEST_ptr(eckey = d2i_EC_PUBKEY_bio(pubkey, NULL))
1298 || !TEST_ptr(pkey = EVP_PKEY_new())
1299 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
1303 if (!TEST_ptr(eckey = d2i_ECParameters(NULL, &p, input_len))
1304 || !TEST_ptr_eq(p, input + input_len)
1305 || !TEST_ptr(pkey = EVP_PKEY_new())
1306 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
1314 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new(pkey, NULL)))
1317 if (!TEST_int_eq(EVP_PKEY_check(ctx), expected_check))
1320 if (!TEST_int_eq(EVP_PKEY_public_check(ctx), expected_pub_check))
1323 if (!TEST_int_eq(EVP_PKEY_param_check(ctx), expected_param_check))
1326 #ifndef OPENSSL_NO_DEPRECATED_3_0
1327 ctx2 = EVP_PKEY_CTX_new_id(0xdefaced, NULL);
1328 /* assign the pkey directly, as an internal test */
1329 EVP_PKEY_up_ref(pkey);
1332 if (!TEST_int_eq(EVP_PKEY_check(ctx2), 0xbeef))
1335 if (!TEST_int_eq(EVP_PKEY_public_check(ctx2), 0xbeef))
1338 if (!TEST_int_eq(EVP_PKEY_param_check(ctx2), 0xbeef))
1345 EVP_PKEY_CTX_free(ctx);
1346 #ifndef OPENSSL_NO_DEPRECATED_3_0
1347 EVP_PKEY_CTX_free(ctx2);
1349 EVP_PKEY_free(pkey);
1354 #ifndef OPENSSL_NO_CMAC
1355 static int get_cmac_val(EVP_PKEY *pkey, unsigned char *mac)
1357 EVP_MD_CTX *mdctx = EVP_MD_CTX_new();
1358 const char msg[] = "Hello World";
1362 if (!TEST_ptr(mdctx)
1363 || !TEST_true(EVP_DigestSignInit(mdctx, NULL, NULL, NULL, pkey))
1364 || !TEST_true(EVP_DigestSignUpdate(mdctx, msg, sizeof(msg)))
1365 || !TEST_true(EVP_DigestSignFinal(mdctx, mac, &maclen))
1366 || !TEST_size_t_eq(maclen, AES_BLOCK_SIZE))
1369 EVP_MD_CTX_free(mdctx);
1373 static int test_CMAC_keygen(void)
1375 static unsigned char key[] = {
1376 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
1377 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
1378 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
1381 * This is a legacy method for CMACs, but should still work.
1382 * This verifies that it works without an ENGINE.
1384 EVP_PKEY_CTX *kctx = EVP_PKEY_CTX_new_id(EVP_PKEY_CMAC, NULL);
1386 EVP_PKEY *pkey = NULL;
1387 unsigned char mac[AES_BLOCK_SIZE], mac2[AES_BLOCK_SIZE];
1389 /* Test a CMAC key created using the "generated" method */
1390 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0)
1391 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
1392 EVP_PKEY_CTRL_CIPHER,
1393 0, (void *)EVP_aes_256_ecb()), 0)
1394 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
1395 EVP_PKEY_CTRL_SET_MAC_KEY,
1396 sizeof(key), (void *)key), 0)
1397 || !TEST_int_gt(EVP_PKEY_keygen(kctx, &pkey), 0)
1399 || !TEST_true(get_cmac_val(pkey, mac)))
1402 EVP_PKEY_free(pkey);
1405 * Test a CMAC key using the direct method, and compare with the mac
1408 pkey = EVP_PKEY_new_CMAC_key(NULL, key, sizeof(key), EVP_aes_256_ecb());
1410 || !TEST_true(get_cmac_val(pkey, mac2))
1411 || !TEST_mem_eq(mac, sizeof(mac), mac2, sizeof(mac2)))
1417 EVP_PKEY_free(pkey);
1418 EVP_PKEY_CTX_free(kctx);
1423 static int test_HKDF(void)
1426 unsigned char out[20];
1429 unsigned char salt[] = "0123456789";
1430 unsigned char key[] = "012345678901234567890123456789";
1431 unsigned char info[] = "infostring";
1432 const unsigned char expected[] = {
1433 0xe5, 0x07, 0x70, 0x7f, 0xc6, 0x78, 0xd6, 0x54, 0x32, 0x5f, 0x7e, 0xc5,
1434 0x7b, 0x59, 0x3e, 0xd8, 0x03, 0x6b, 0xed, 0xca
1436 size_t expectedlen = sizeof(expected);
1438 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL)))
1441 /* We do this twice to test reuse of the EVP_PKEY_CTX */
1442 for (i = 0; i < 2; i++) {
1443 outlen = sizeof(out);
1444 memset(out, 0, outlen);
1446 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
1447 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
1448 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
1449 sizeof(salt) - 1), 0)
1450 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
1451 sizeof(key) - 1), 0)
1452 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
1453 sizeof(info) - 1), 0)
1454 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
1455 || !TEST_mem_eq(out, outlen, expected, expectedlen))
1462 EVP_PKEY_CTX_free(pctx);
1467 static int test_emptyikm_HKDF(void)
1470 unsigned char out[20];
1473 unsigned char salt[] = "9876543210";
1474 unsigned char key[] = "";
1475 unsigned char info[] = "stringinfo";
1476 const unsigned char expected[] = {
1477 0x68, 0x81, 0xa5, 0x3e, 0x5b, 0x9c, 0x7b, 0x6f, 0x2e, 0xec, 0xc8, 0x47,
1478 0x7c, 0xfa, 0x47, 0x35, 0x66, 0x82, 0x15, 0x30
1480 size_t expectedlen = sizeof(expected);
1482 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL)))
1485 outlen = sizeof(out);
1486 memset(out, 0, outlen);
1488 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
1489 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
1490 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
1491 sizeof(salt) - 1), 0)
1492 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
1493 sizeof(key) - 1), 0)
1494 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
1495 sizeof(info) - 1), 0)
1496 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
1497 || !TEST_mem_eq(out, outlen, expected, expectedlen))
1503 EVP_PKEY_CTX_free(pctx);
1508 #ifndef OPENSSL_NO_EC
1509 static int test_X509_PUBKEY_inplace(void)
1512 X509_PUBKEY *xp = NULL;
1513 const unsigned char *p = kExampleECPubKeyDER;
1514 size_t input_len = sizeof(kExampleECPubKeyDER);
1516 if (!TEST_ptr(xp = d2i_X509_PUBKEY(NULL, &p, input_len)))
1519 if (!TEST_ptr(X509_PUBKEY_get0(xp)))
1522 p = kExampleBadECPubKeyDER;
1523 input_len = sizeof(kExampleBadECPubKeyDER);
1525 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len)))
1528 if (!TEST_true(X509_PUBKEY_get0(xp) == NULL))
1534 X509_PUBKEY_free(xp);
1537 #endif /* OPENSSL_NO_EC */
1539 /* Test getting and setting parameters on an EVP_PKEY_CTX */
1540 static int test_EVP_PKEY_CTX_get_set_params(EVP_PKEY *pkey)
1542 EVP_MD_CTX *mdctx = NULL;
1543 EVP_PKEY_CTX *ctx = NULL;
1544 const OSSL_PARAM *params;
1545 OSSL_PARAM ourparams[2], *param = ourparams, *param_md;
1548 char mdname[OSSL_MAX_NAME_SIZE];
1551 /* Initialise a sign operation */
1552 ctx = EVP_PKEY_CTX_new(pkey, NULL);
1554 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0))
1558 * We should be able to query the parameters now.
1560 params = EVP_PKEY_CTX_settable_params(ctx);
1561 if (!TEST_ptr(params)
1562 || !TEST_ptr(OSSL_PARAM_locate_const(params,
1563 OSSL_SIGNATURE_PARAM_DIGEST)))
1566 params = EVP_PKEY_CTX_gettable_params(ctx);
1567 if (!TEST_ptr(params)
1568 || !TEST_ptr(OSSL_PARAM_locate_const(params,
1569 OSSL_SIGNATURE_PARAM_ALGORITHM_ID))
1570 || !TEST_ptr(OSSL_PARAM_locate_const(params,
1571 OSSL_SIGNATURE_PARAM_DIGEST)))
1575 * Test getting and setting params via EVP_PKEY_CTX_set_params() and
1576 * EVP_PKEY_CTX_get_params()
1578 strcpy(mdname, "SHA512");
1580 *param++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
1582 *param++ = OSSL_PARAM_construct_end();
1584 if (!TEST_true(EVP_PKEY_CTX_set_params(ctx, ourparams)))
1588 *param_md = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
1589 mdname, sizeof(mdname));
1590 if (!TEST_true(EVP_PKEY_CTX_get_params(ctx, ourparams))
1591 || !TEST_str_eq(mdname, "SHA512"))
1595 * Test the TEST_PKEY_CTX_set_signature_md() and
1596 * TEST_PKEY_CTX_get_signature_md() functions
1598 if (!TEST_int_gt(EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()), 0)
1599 || !TEST_int_gt(EVP_PKEY_CTX_get_signature_md(ctx, &md), 0)
1600 || !TEST_ptr_eq(md, EVP_sha256()))
1604 * Test getting MD parameters via an associated EVP_PKEY_CTX
1606 mdctx = EVP_MD_CTX_new();
1607 if (!TEST_ptr(mdctx)
1608 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, "SHA1", NULL, NULL,
1613 * We now have an EVP_MD_CTX with an EVP_PKEY_CTX inside it. We should be
1614 * able to obtain the digest's settable parameters from the provider.
1616 params = EVP_MD_CTX_settable_params(mdctx);
1617 if (!TEST_ptr(params)
1618 || !TEST_int_eq(strcmp(params[0].key, OSSL_DIGEST_PARAM_SSL3_MS), 0)
1619 /* The final key should be NULL */
1620 || !TEST_ptr_null(params[1].key))
1624 memset(ssl3ms, 0, sizeof(ssl3ms));
1625 *param++ = OSSL_PARAM_construct_octet_string(OSSL_DIGEST_PARAM_SSL3_MS,
1626 ssl3ms, sizeof(ssl3ms));
1627 *param++ = OSSL_PARAM_construct_end();
1629 if (!TEST_true(EVP_MD_CTX_set_params(mdctx, ourparams)))
1635 EVP_MD_CTX_free(mdctx);
1636 EVP_PKEY_CTX_free(ctx);
1641 #ifndef OPENSSL_NO_DSA
1642 static int test_DSA_get_set_params(void)
1645 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
1646 EVP_PKEY *pkey = NULL;
1650 * Setup the parameters for our DSA object. For our purposes they don't
1651 * have to actually be *valid* parameters. We just need to set something.
1664 || !DSA_set0_pqg(dsa, p, q, g)
1665 || !DSA_set0_key(dsa, pub, priv))
1667 p = q = g = pub = priv = NULL;
1669 pkey = EVP_PKEY_new();
1671 || !TEST_true(EVP_PKEY_assign_DSA(pkey, dsa)))
1676 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
1679 EVP_PKEY_free(pkey);
1691 static int test_RSA_get_set_params(void)
1694 BIGNUM *n = NULL, *e = NULL, *d = NULL;
1695 EVP_PKEY *pkey = NULL;
1699 * Setup the parameters for our RSA object. For our purposes they don't
1700 * have to actually be *valid* parameters. We just need to set something.
1710 || !RSA_set0_key(rsa, n, e, d))
1714 pkey = EVP_PKEY_new();
1716 || !TEST_true(EVP_PKEY_assign_RSA(pkey, rsa)))
1721 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
1724 EVP_PKEY_free(pkey);
1733 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
1734 static int test_decrypt_null_chunks(void)
1736 EVP_CIPHER_CTX* ctx = NULL;
1737 const unsigned char key[32] = {
1738 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
1739 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
1740 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1
1742 unsigned char iv[12] = {
1743 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b
1745 unsigned char msg[] = "It was the best of times, it was the worst of times";
1746 unsigned char ciphertext[80];
1747 unsigned char plaintext[80];
1748 /* We initialise tmp to a non zero value on purpose */
1749 int ctlen, ptlen, tmp = 99;
1751 const int enc_offset = 10, dec_offset = 20;
1753 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
1754 || !TEST_true(EVP_EncryptInit_ex(ctx, EVP_chacha20_poly1305(), NULL,
1756 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &ctlen, msg,
1758 /* Deliberate add a zero length update */
1759 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp, NULL,
1761 || !TEST_int_eq(tmp, 0)
1762 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp,
1764 sizeof(msg) - enc_offset))
1765 || !TEST_int_eq(ctlen += tmp, sizeof(msg))
1766 || !TEST_true(EVP_EncryptFinal(ctx, ciphertext + ctlen, &tmp))
1767 || !TEST_int_eq(tmp, 0))
1770 /* Deliberately initialise tmp to a non zero value */
1772 if (!TEST_true(EVP_DecryptInit_ex(ctx, EVP_chacha20_poly1305(), NULL, key,
1774 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext, &ptlen, ciphertext,
1777 * Deliberately add a zero length update. We also deliberately do
1778 * this at a different offset than for encryption.
1780 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp, NULL,
1782 || !TEST_int_eq(tmp, 0)
1783 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp,
1784 ciphertext + dec_offset,
1785 ctlen - dec_offset))
1786 || !TEST_int_eq(ptlen += tmp, sizeof(msg))
1787 || !TEST_true(EVP_DecryptFinal(ctx, plaintext + ptlen, &tmp))
1788 || !TEST_int_eq(tmp, 0)
1789 || !TEST_mem_eq(msg, sizeof(msg), plaintext, ptlen))
1794 EVP_CIPHER_CTX_free(ctx);
1797 #endif /* !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) */
1799 #ifndef OPENSSL_NO_DH
1800 static int test_EVP_PKEY_set1_DH(void)
1802 DH *x942dh = NULL, *noqdh = NULL;
1803 EVP_PKEY *pkey1 = NULL, *pkey2 = NULL;
1805 BIGNUM *p, *g = NULL;
1807 if (!TEST_ptr(p = BN_new())
1808 || !TEST_ptr(g = BN_new())
1809 || !BN_set_word(p, 9999)
1810 || !BN_set_word(g, 2)
1811 || !TEST_ptr(noqdh = DH_new())
1812 || !DH_set0_pqg(noqdh, p, NULL, g))
1816 x942dh = DH_get_2048_256();
1817 pkey1 = EVP_PKEY_new();
1818 pkey2 = EVP_PKEY_new();
1819 if (!TEST_ptr(x942dh)
1822 || !TEST_ptr(pkey2))
1825 if(!TEST_true(EVP_PKEY_set1_DH(pkey1, x942dh))
1826 || !TEST_int_eq(EVP_PKEY_id(pkey1), EVP_PKEY_DHX))
1829 if(!TEST_true(EVP_PKEY_set1_DH(pkey2, noqdh))
1830 || !TEST_int_eq(EVP_PKEY_id(pkey2), EVP_PKEY_DH))
1837 EVP_PKEY_free(pkey1);
1838 EVP_PKEY_free(pkey2);
1847 * We test what happens with an empty template. For the sake of this test,
1848 * the template must be ignored, and we know that's the case for RSA keys
1849 * (this might arguably be a misfeature, but that's what we currently do,
1850 * even in provider code, since that's how the legacy RSA implementation
1853 static int test_keygen_with_empty_template(int n)
1855 EVP_PKEY_CTX *ctx = NULL;
1856 EVP_PKEY *pkey = NULL;
1857 EVP_PKEY *tkey = NULL;
1862 /* We do test with no template at all as well */
1863 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL)))
1867 /* Here we create an empty RSA key that serves as our template */
1868 if (!TEST_ptr(tkey = EVP_PKEY_new())
1869 || !TEST_true(EVP_PKEY_set_type(tkey, EVP_PKEY_RSA))
1870 || !TEST_ptr(ctx = EVP_PKEY_CTX_new(tkey, NULL)))
1875 if (!TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
1876 || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0))
1881 EVP_PKEY_CTX_free(ctx);
1882 EVP_PKEY_free(pkey);
1883 EVP_PKEY_free(tkey);
1888 * Test that we fail if we attempt to use an algorithm that is not available
1889 * in the current library context (unless we are using an algorithm that
1890 * should be made available via legacy codepaths).
1895 static int test_pkey_ctx_fail_without_provider(int tst)
1897 OSSL_LIB_CTX *tmpctx = OSSL_LIB_CTX_new();
1898 OSSL_PROVIDER *nullprov = NULL;
1899 EVP_PKEY_CTX *pctx = NULL;
1900 const char *keytype = NULL;
1901 int expect_null = 0;
1904 if (!TEST_ptr(tmpctx))
1907 nullprov = OSSL_PROVIDER_load(tmpctx, "null");
1908 if (!TEST_ptr(nullprov))
1912 * We check for certain algos in the null provider.
1913 * If an algo is expected to have a provider keymgmt, contructing an
1914 * EVP_PKEY_CTX is expected to fail (return NULL).
1915 * Otherwise, if it's expected to have legacy support, contructing an
1916 * EVP_PKEY_CTX is expected to succeed (return non-NULL).
1926 #ifdef OPENSSL_NO_EC
1927 TEST_info("EC disable, skipping SM2 check...");
1930 #ifdef OPENSSL_NO_SM2
1931 TEST_info("SM2 disable, skipping SM2 check...");
1936 TEST_error("No test for case %d", tst);
1940 pctx = EVP_PKEY_CTX_new_from_name(tmpctx, keytype, "");
1941 if (expect_null ? !TEST_ptr_null(pctx) : !TEST_ptr(pctx))
1944 #if defined(OPENSSL_NO_EC) || defined(OPENSSL_NO_SM2)
1950 EVP_PKEY_CTX_free(pctx);
1951 OSSL_PROVIDER_unload(nullprov);
1952 OSSL_LIB_CTX_free(tmpctx);
1956 static int test_rand_agglomeration(void)
1960 OSSL_PARAM params[3], *p = params;
1962 unsigned int step = 7;
1963 static unsigned char seed[] = "It does not matter how slowly you go "
1964 "as long as you do not stop.";
1965 unsigned char out[sizeof(seed)];
1967 if (!TEST_int_ne(sizeof(seed) % step, 0)
1968 || !TEST_ptr(rand = EVP_RAND_fetch(NULL, "TEST-RAND", NULL)))
1970 ctx = EVP_RAND_CTX_new(rand, NULL);
1971 EVP_RAND_free(rand);
1975 memset(out, 0, sizeof(out));
1976 *p++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY,
1977 seed, sizeof(seed));
1978 *p++ = OSSL_PARAM_construct_uint(OSSL_DRBG_PARAM_MAX_REQUEST, &step);
1979 *p = OSSL_PARAM_construct_end();
1980 res = TEST_true(EVP_RAND_set_ctx_params(ctx, params))
1981 && TEST_true(EVP_RAND_generate(ctx, out, sizeof(out), 0, 1, NULL, 0))
1982 && TEST_mem_eq(seed, sizeof(seed), out, sizeof(out));
1983 EVP_RAND_CTX_free(ctx);
1988 * Test that we correctly return the original or "running" IV after
1989 * an encryption operation.
1990 * Run multiple times for some different relevant algorithms/modes.
1992 static int test_evp_iv(int idx)
1995 EVP_CIPHER_CTX *ctx = NULL;
1996 unsigned char key[16] = {0x4c, 0x43, 0xdb, 0xdd, 0x42, 0x73, 0x47, 0xd1,
1997 0xe5, 0x62, 0x7d, 0xcd, 0x4d, 0x76, 0x4d, 0x57};
1998 unsigned char init_iv[EVP_MAX_IV_LENGTH] =
1999 {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82,
2000 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34};
2001 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8,
2002 9, 10, 11, 12, 13, 14, 15, 16 };
2003 unsigned char ciphertext[32], oiv[16], iv[16];
2004 unsigned char *ref_iv;
2005 unsigned char cbc_state[16] = {0x10, 0x2f, 0x05, 0xcc, 0xc2, 0x55, 0x72, 0xb9,
2006 0x88, 0xe6, 0x4a, 0x17, 0x10, 0x74, 0x22, 0x5e};
2008 unsigned char ofb_state[16] = {0x76, 0xe6, 0x66, 0x61, 0xd0, 0x8a, 0xe4, 0x64,
2009 0xdd, 0x66, 0xbf, 0x00, 0xf0, 0xe3, 0x6f, 0xfd};
2010 unsigned char gcm_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
2011 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
2012 unsigned char ccm_state[7] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98};
2013 #ifndef OPENSSL_NO_OCB
2014 unsigned char ocb_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
2015 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
2017 int len = sizeof(ciphertext);
2018 size_t ivlen, ref_len;
2019 const EVP_CIPHER *type = NULL;
2023 type = EVP_aes_128_cbc();
2026 type = (type != NULL) ? type :
2027 EVP_CIPHER_fetch(testctx, "aes-128-cbc", NULL);
2029 ref_len = sizeof(cbc_state);
2032 type = EVP_aes_128_ofb();
2035 type = (type != NULL) ? type :
2036 EVP_CIPHER_fetch(testctx, "aes-128-ofb", NULL);
2038 ref_len = sizeof(ofb_state);
2041 type = EVP_aes_128_gcm();
2044 type = (type != NULL) ? type :
2045 EVP_CIPHER_fetch(testctx, "aes-128-gcm", NULL);
2047 ref_len = sizeof(gcm_state);
2050 type = EVP_aes_128_ccm();
2053 type = (type != NULL) ? type :
2054 EVP_CIPHER_fetch(testctx, "aes-128-ccm", NULL);
2056 ref_len = sizeof(ccm_state);
2058 #ifdef OPENSSL_NO_OCB
2064 type = EVP_aes_128_ocb();
2067 type = (type != NULL) ? type :
2068 EVP_CIPHER_fetch(testctx, "aes-128-ocb", NULL);
2070 ref_len = sizeof(ocb_state);
2078 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new()))
2079 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv))
2080 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg,
2082 || !TEST_true(EVP_CIPHER_CTX_get_iv(ctx, oiv, sizeof(oiv)))
2083 || !TEST_true(EVP_CIPHER_CTX_get_iv_state(ctx, iv, sizeof(iv)))
2084 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len)))
2086 ivlen = EVP_CIPHER_CTX_iv_length(ctx);
2087 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen)
2088 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen))
2093 EVP_CIPHER_CTX_free(ctx);
2095 EVP_CIPHER_free((EVP_CIPHER *)type);
2099 int setup_tests(void)
2101 testctx = OSSL_LIB_CTX_new();
2103 if (!TEST_ptr(testctx))
2106 ADD_TEST(test_EVP_set_default_properties);
2107 ADD_ALL_TESTS(test_EVP_DigestSignInit, 9);
2108 ADD_TEST(test_EVP_DigestVerifyInit);
2109 ADD_TEST(test_EVP_Enveloped);
2110 ADD_ALL_TESTS(test_d2i_AutoPrivateKey, OSSL_NELEM(keydata));
2111 ADD_TEST(test_privatekey_to_pkcs8);
2112 #ifndef OPENSSL_NO_EC
2113 ADD_TEST(test_EVP_PKCS82PKEY);
2115 #ifndef OPENSSL_NO_EC
2116 ADD_ALL_TESTS(test_EC_keygen_with_enc, OSSL_NELEM(ec_encodings));
2118 #if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
2119 ADD_TEST(test_EVP_SM2);
2120 ADD_TEST(test_EVP_SM2_verify);
2122 ADD_ALL_TESTS(test_set_get_raw_keys, OSSL_NELEM(keys));
2123 #ifndef OPENSSL_NO_DEPRECATED_3_0
2124 custom_pmeth = EVP_PKEY_meth_new(0xdefaced, 0);
2125 if (!TEST_ptr(custom_pmeth))
2127 EVP_PKEY_meth_set_check(custom_pmeth, pkey_custom_check);
2128 EVP_PKEY_meth_set_public_check(custom_pmeth, pkey_custom_pub_check);
2129 EVP_PKEY_meth_set_param_check(custom_pmeth, pkey_custom_param_check);
2130 if (!TEST_int_eq(EVP_PKEY_meth_add0(custom_pmeth), 1))
2133 ADD_ALL_TESTS(test_EVP_PKEY_check, OSSL_NELEM(keycheckdata));
2134 #ifndef OPENSSL_NO_CMAC
2135 ADD_TEST(test_CMAC_keygen);
2137 ADD_TEST(test_HKDF);
2138 ADD_TEST(test_emptyikm_HKDF);
2139 #ifndef OPENSSL_NO_EC
2140 ADD_TEST(test_X509_PUBKEY_inplace);
2141 ADD_ALL_TESTS(test_invalide_ec_char2_pub_range_decode,
2142 OSSL_NELEM(ec_der_pub_keys));
2144 #ifndef OPENSSL_NO_DSA
2145 ADD_TEST(test_DSA_get_set_params);
2147 ADD_TEST(test_RSA_get_set_params);
2148 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
2149 ADD_TEST(test_decrypt_null_chunks);
2151 #ifndef OPENSSL_NO_DH
2152 ADD_TEST(test_EVP_PKEY_set1_DH);
2154 ADD_ALL_TESTS(test_keygen_with_empty_template, 2);
2155 ADD_ALL_TESTS(test_pkey_ctx_fail_without_provider, 2);
2157 ADD_TEST(test_rand_agglomeration);
2158 ADD_ALL_TESTS(test_evp_iv, 10);
2163 void cleanup_tests(void)
2165 OSSL_LIB_CTX_free(testctx);
projects / openssl.git / blob