2 * Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 /* We need to use some deprecated APIs */
11 #define OPENSSL_SUPPRESS_DEPRECATED
16 #include <openssl/bio.h>
17 #include <openssl/conf.h>
18 #include <openssl/crypto.h>
19 #include <openssl/err.h>
20 #include <openssl/evp.h>
21 #include <openssl/rsa.h>
22 #include <openssl/x509.h>
23 #include <openssl/pem.h>
24 #include <openssl/kdf.h>
25 #include <openssl/provider.h>
26 #include <openssl/core_names.h>
27 #include <openssl/params.h>
28 #include <openssl/dsa.h>
29 #include <openssl/dh.h>
30 #include <openssl/aes.h>
32 #include "internal/nelem.h"
33 #include "internal/sizes.h"
34 #include "crypto/evp.h"
36 #ifndef OPENSSL_NO_SM2
38 * TODO(3.0) remove when provider SM2 keymgmt is implemented and
39 * EVP_PKEY_set_alias_type() works with provider-native keys.
44 static OPENSSL_CTX *testctx = NULL;
47 * kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you
48 * should never use this key anywhere but in an example.
50 static const unsigned char kExampleRSAKeyDER[] = {
51 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xf8,
52 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59,
53 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37,
54 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71,
55 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a,
56 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4,
57 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec,
58 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76,
59 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8,
60 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7,
61 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c,
62 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01,
63 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 0x6d, 0xc7,
64 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 0x32, 0x85,
65 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 0x5f, 0xee,
66 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 0x66, 0x85,
67 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 0xa4, 0x0a,
68 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 0xc2, 0x15,
69 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 0x5b, 0x83,
70 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 0x80, 0x1b,
71 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 0x99, 0x73,
72 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 0x1f, 0x99,
73 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 0xb1, 0x02,
74 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 0x40, 0x41,
75 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 0x3d, 0x59,
76 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 0xc6, 0xd9,
77 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 0x9f, 0xef,
78 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 0x46, 0x87,
79 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 0x2c, 0xdf,
80 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 0x55, 0xf5,
81 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 0xcd, 0xb5,
82 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 0xb3, 0x62,
83 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 0x9b, 0x64,
84 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 0xfa, 0xb8,
85 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 0xe8, 0xba,
86 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 0xe7, 0xfe,
87 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 0x75, 0xe7,
88 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 0x9d, 0xfe,
89 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 0xf1, 0xdb,
90 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 0x5a, 0x34,
91 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 0x84, 0x27,
92 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 0xe9, 0xc0,
93 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 0xb9, 0xba,
94 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 0x10, 0x06,
95 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 0x52, 0x2c,
96 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 0xc4, 0x1e,
97 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 0x49, 0xaf,
98 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 0xd1, 0x8a,
99 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 0x17, 0x17,
100 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 0x08, 0xf1,
101 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
105 * kExampleDSAKeyDER is a DSA private key in ASN.1, DER format. Of course, you
106 * should never use this key anywhere but in an example.
108 #ifndef OPENSSL_NO_DSA
109 static const unsigned char kExampleDSAKeyDER[] = {
110 0x30, 0x82, 0x01, 0xba, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0x9a,
111 0x05, 0x6d, 0x33, 0xcd, 0x5d, 0x78, 0xa1, 0xbb, 0xcb, 0x7d, 0x5b, 0x8d,
112 0xb4, 0xcc, 0xbf, 0x03, 0x99, 0x64, 0xde, 0x38, 0x78, 0x06, 0x15, 0x2f,
113 0x86, 0x26, 0x77, 0xf3, 0xb1, 0x85, 0x00, 0xed, 0xfc, 0x28, 0x3a, 0x42,
114 0x4d, 0xab, 0xab, 0xdf, 0xbc, 0x9c, 0x16, 0xd0, 0x22, 0x50, 0xd1, 0x38,
115 0xdd, 0x3f, 0x64, 0x05, 0x9e, 0x68, 0x7a, 0x1e, 0xf1, 0x56, 0xbf, 0x1e,
116 0x2c, 0xc5, 0x97, 0x2a, 0xfe, 0x7a, 0x22, 0xdc, 0x6c, 0x68, 0xb8, 0x2e,
117 0x06, 0xdb, 0x41, 0xca, 0x98, 0xd8, 0x54, 0xc7, 0x64, 0x48, 0x24, 0x04,
118 0x20, 0xbc, 0x59, 0xe3, 0x6b, 0xea, 0x7e, 0xfc, 0x7e, 0xc5, 0x4e, 0xd4,
119 0xd8, 0x3a, 0xed, 0xcd, 0x5d, 0x99, 0xb8, 0x5c, 0xa2, 0x8b, 0xbb, 0x0b,
120 0xac, 0xe6, 0x8e, 0x25, 0x56, 0x22, 0x3a, 0x2d, 0x3a, 0x56, 0x41, 0x14,
121 0x1f, 0x1c, 0x8f, 0x53, 0x46, 0x13, 0x85, 0x02, 0x15, 0x00, 0x98, 0x7e,
122 0x92, 0x81, 0x88, 0xc7, 0x3f, 0x70, 0x49, 0x54, 0xf6, 0x76, 0xb4, 0xa3,
123 0x9e, 0x1d, 0x45, 0x98, 0x32, 0x7f, 0x02, 0x81, 0x80, 0x69, 0x4d, 0xef,
124 0x55, 0xff, 0x4d, 0x59, 0x2c, 0x01, 0xfa, 0x6a, 0x38, 0xe0, 0x70, 0x9f,
125 0x9e, 0x66, 0x8e, 0x3e, 0x8c, 0x52, 0x22, 0x9d, 0x15, 0x7e, 0x3c, 0xef,
126 0x4c, 0x7a, 0x61, 0x26, 0xe0, 0x2b, 0x81, 0x3f, 0xeb, 0xaf, 0x35, 0x38,
127 0x8d, 0xfe, 0xed, 0x46, 0xff, 0x5f, 0x03, 0x9b, 0x81, 0x92, 0xe7, 0x6f,
128 0x76, 0x4f, 0x1d, 0xd9, 0xbb, 0x89, 0xc9, 0x3e, 0xd9, 0x0b, 0xf9, 0xf4,
129 0x78, 0x11, 0x59, 0xc0, 0x1d, 0xcd, 0x0e, 0xa1, 0x6f, 0x15, 0xf1, 0x4d,
130 0xc1, 0xc9, 0x22, 0xed, 0x8d, 0xad, 0x67, 0xc5, 0x4b, 0x95, 0x93, 0x86,
131 0xa6, 0xaf, 0x8a, 0xee, 0x06, 0x89, 0x2f, 0x37, 0x7e, 0x64, 0xaa, 0xf6,
132 0xe7, 0xb1, 0x5a, 0x0a, 0x93, 0x95, 0x5d, 0x3e, 0x53, 0x9a, 0xde, 0x8a,
133 0xc2, 0x95, 0x45, 0x81, 0xbe, 0x5c, 0x2f, 0xc2, 0xb2, 0x92, 0x58, 0x19,
134 0x72, 0x80, 0xe9, 0x79, 0xa1, 0x02, 0x81, 0x80, 0x07, 0xd7, 0x62, 0xff,
135 0xdf, 0x1a, 0x3f, 0xed, 0x32, 0xd4, 0xd4, 0x88, 0x7b, 0x2c, 0x63, 0x7f,
136 0x97, 0xdc, 0x44, 0xd4, 0x84, 0xa2, 0xdd, 0x17, 0x16, 0x85, 0x13, 0xe0,
137 0xac, 0x51, 0x8d, 0x29, 0x1b, 0x75, 0x9a, 0xe4, 0xe3, 0x8a, 0x92, 0x69,
138 0x09, 0x03, 0xc5, 0x68, 0xae, 0x5e, 0x94, 0xfe, 0xc9, 0x92, 0x6c, 0x07,
139 0xb4, 0x1e, 0x64, 0x62, 0x87, 0xc6, 0xa4, 0xfd, 0x0d, 0x5f, 0xe5, 0xf9,
140 0x1b, 0x4f, 0x85, 0x5f, 0xae, 0xf3, 0x11, 0xe5, 0x18, 0xd4, 0x4d, 0x79,
141 0x9f, 0xc4, 0x79, 0x26, 0x04, 0x27, 0xf0, 0x0b, 0xee, 0x2b, 0x86, 0x9f,
142 0x86, 0x61, 0xe6, 0x51, 0xce, 0x04, 0x9b, 0x5d, 0x6b, 0x34, 0x43, 0x8c,
143 0x85, 0x3c, 0xf1, 0x51, 0x9b, 0x08, 0x23, 0x1b, 0xf5, 0x7e, 0x33, 0x12,
144 0xea, 0xab, 0x1f, 0xb7, 0x2d, 0xe2, 0x5f, 0xe6, 0x97, 0x99, 0xb5, 0x45,
145 0x16, 0x5b, 0xc3, 0x41, 0x02, 0x14, 0x61, 0xbf, 0x51, 0x60, 0xcf, 0xc8,
146 0xf1, 0x8c, 0x82, 0x97, 0xf2, 0xf4, 0x19, 0xba, 0x2b, 0xf3, 0x16, 0xbe,
152 * kExampleBadRSAKeyDER is an RSA private key in ASN.1, DER format. The private
153 * components are not correct.
155 static const unsigned char kExampleBadRSAKeyDER[] = {
156 0x30, 0x82, 0x04, 0x27, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00,
157 0xa6, 0x1a, 0x1e, 0x6e, 0x7b, 0xee, 0xc6, 0x89, 0x66, 0xe7, 0x93, 0xef,
158 0x54, 0x12, 0x68, 0xea, 0xbf, 0x86, 0x2f, 0xdd, 0xd2, 0x79, 0xb8, 0xa9,
159 0x6e, 0x03, 0xc2, 0xa3, 0xb9, 0xa3, 0xe1, 0x4b, 0x2a, 0xb3, 0xf8, 0xb4,
160 0xcd, 0xea, 0xbe, 0x24, 0xa6, 0x57, 0x5b, 0x83, 0x1f, 0x0f, 0xf2, 0xd3,
161 0xb7, 0xac, 0x7e, 0xd6, 0x8e, 0x6e, 0x1e, 0xbf, 0xb8, 0x73, 0x8c, 0x05,
162 0x56, 0xe6, 0x35, 0x1f, 0xe9, 0x04, 0x0b, 0x09, 0x86, 0x7d, 0xf1, 0x26,
163 0x08, 0x99, 0xad, 0x7b, 0xc8, 0x4d, 0x94, 0xb0, 0x0b, 0x8b, 0x38, 0xa0,
164 0x5c, 0x62, 0xa0, 0xab, 0xd3, 0x8f, 0xd4, 0x09, 0x60, 0x72, 0x1e, 0x33,
165 0x50, 0x80, 0x6e, 0x22, 0xa6, 0x77, 0x57, 0x6b, 0x9a, 0x33, 0x21, 0x66,
166 0x87, 0x6e, 0x21, 0x7b, 0xc7, 0x24, 0x0e, 0xd8, 0x13, 0xdf, 0x83, 0xde,
167 0xcd, 0x40, 0x58, 0x1d, 0x84, 0x86, 0xeb, 0xb8, 0x12, 0x4e, 0xd2, 0xfa,
168 0x80, 0x1f, 0xe4, 0xe7, 0x96, 0x29, 0xb8, 0xcc, 0xce, 0x66, 0x6d, 0x53,
169 0xca, 0xb9, 0x5a, 0xd7, 0xf6, 0x84, 0x6c, 0x2d, 0x9a, 0x1a, 0x14, 0x1c,
170 0x4e, 0x93, 0x39, 0xba, 0x74, 0xed, 0xed, 0x87, 0x87, 0x5e, 0x48, 0x75,
171 0x36, 0xf0, 0xbc, 0x34, 0xfb, 0x29, 0xf9, 0x9f, 0x96, 0x5b, 0x0b, 0xa7,
172 0x54, 0x30, 0x51, 0x29, 0x18, 0x5b, 0x7d, 0xac, 0x0f, 0xd6, 0x5f, 0x7c,
173 0xf8, 0x98, 0x8c, 0xd8, 0x86, 0x62, 0xb3, 0xdc, 0xff, 0x0f, 0xff, 0x7a,
174 0xaf, 0x5c, 0x4c, 0x61, 0x49, 0x2e, 0xc8, 0x95, 0x86, 0xc4, 0x0e, 0x87,
175 0xfc, 0x1d, 0xcf, 0x8b, 0x7c, 0x61, 0xf6, 0xd8, 0xd0, 0x69, 0xf6, 0xcd,
176 0x8a, 0x8c, 0xf6, 0x62, 0xa2, 0x56, 0xa9, 0xe3, 0xd1, 0xcf, 0x4d, 0xa0,
177 0xf6, 0x2d, 0x20, 0x0a, 0x04, 0xb7, 0xa2, 0xf7, 0xb5, 0x99, 0x47, 0x18,
178 0x56, 0x85, 0x87, 0xc7, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01,
179 0x01, 0x00, 0x99, 0x41, 0x38, 0x1a, 0xd0, 0x96, 0x7a, 0xf0, 0x83, 0xd5,
180 0xdf, 0x94, 0xce, 0x89, 0x3d, 0xec, 0x7a, 0x52, 0x21, 0x10, 0x16, 0x06,
181 0xe0, 0xee, 0xd2, 0xe6, 0xfd, 0x4b, 0x7b, 0x19, 0x4d, 0xe1, 0xc0, 0xc0,
182 0xd5, 0x14, 0x5d, 0x79, 0xdd, 0x7e, 0x8b, 0x4b, 0xc6, 0xcf, 0xb0, 0x75,
183 0x52, 0xa3, 0x2d, 0xb1, 0x26, 0x46, 0x68, 0x9c, 0x0a, 0x1a, 0xf2, 0xe1,
184 0x09, 0xac, 0x53, 0x85, 0x8c, 0x36, 0xa9, 0x14, 0x65, 0xea, 0xa0, 0x00,
185 0xcb, 0xe3, 0x3f, 0xc4, 0x2b, 0x61, 0x2e, 0x6b, 0x06, 0x69, 0x77, 0xfd,
186 0x38, 0x7e, 0x1d, 0x3f, 0x92, 0xe7, 0x77, 0x08, 0x19, 0xa7, 0x9d, 0x29,
187 0x2d, 0xdc, 0x42, 0xc6, 0x7c, 0xd7, 0xd3, 0xa8, 0x01, 0x2c, 0xf2, 0xd5,
188 0x82, 0x57, 0xcb, 0x55, 0x3d, 0xe7, 0xaa, 0xd2, 0x06, 0x30, 0x30, 0x05,
189 0xe6, 0xf2, 0x47, 0x86, 0xba, 0xc6, 0x61, 0x64, 0xeb, 0x4f, 0x2a, 0x5e,
190 0x07, 0x29, 0xe0, 0x96, 0xb2, 0x43, 0xff, 0x5f, 0x1a, 0x54, 0x16, 0xcf,
191 0xb5, 0x56, 0x5c, 0xa0, 0x9b, 0x0c, 0xfd, 0xb3, 0xd2, 0xe3, 0x79, 0x1d,
192 0x21, 0xe2, 0xd6, 0x13, 0xc4, 0x74, 0xa6, 0xf5, 0x8e, 0x8e, 0x81, 0xbb,
193 0xb4, 0xad, 0x8a, 0xf0, 0x93, 0x0a, 0xd8, 0x0a, 0x42, 0x36, 0xbc, 0xe5,
194 0x26, 0x2a, 0x0d, 0x5d, 0x57, 0x13, 0xc5, 0x4e, 0x2f, 0x12, 0x0e, 0xef,
195 0xa7, 0x81, 0x1e, 0xc3, 0xa5, 0xdb, 0xc9, 0x24, 0xeb, 0x1a, 0xa1, 0xf9,
196 0xf6, 0xa1, 0x78, 0x98, 0x93, 0x77, 0x42, 0x45, 0x03, 0xe2, 0xc9, 0xa2,
197 0xfe, 0x2d, 0x77, 0xc8, 0xc6, 0xac, 0x9b, 0x98, 0x89, 0x6d, 0x9a, 0xe7,
198 0x61, 0x63, 0xb7, 0xf2, 0xec, 0xd6, 0xb1, 0xa1, 0x6e, 0x0a, 0x1a, 0xff,
199 0xfd, 0x43, 0x28, 0xc3, 0x0c, 0xdc, 0xf2, 0x47, 0x4f, 0x27, 0xaa, 0x99,
200 0x04, 0x8e, 0xac, 0xe8, 0x7c, 0x01, 0x02, 0x04, 0x12, 0x34, 0x56, 0x78,
201 0x02, 0x81, 0x81, 0x00, 0xca, 0x69, 0xe5, 0xbb, 0x3a, 0x90, 0x82, 0xcb,
202 0x82, 0x50, 0x2f, 0x29, 0xe2, 0x76, 0x6a, 0x57, 0x55, 0x45, 0x4e, 0x35,
203 0x18, 0x61, 0xe0, 0x12, 0x70, 0xc0, 0xab, 0xc7, 0x80, 0xa2, 0xd4, 0x46,
204 0x34, 0x03, 0xa0, 0x19, 0x26, 0x23, 0x9e, 0xef, 0x1a, 0xcb, 0x75, 0xd6,
205 0xba, 0x81, 0xf4, 0x7e, 0x52, 0xe5, 0x2a, 0xe8, 0xf1, 0x49, 0x6c, 0x0f,
206 0x1a, 0xa0, 0xf9, 0xc6, 0xe7, 0xec, 0x60, 0xe4, 0xcb, 0x2a, 0xb5, 0x56,
207 0xe9, 0x9c, 0xcd, 0x19, 0x75, 0x92, 0xb1, 0x66, 0xce, 0xc3, 0xd9, 0x3d,
208 0x11, 0xcb, 0xc4, 0x09, 0xce, 0x1e, 0x30, 0xba, 0x2f, 0x60, 0x60, 0x55,
209 0x8d, 0x02, 0xdc, 0x5d, 0xaf, 0xf7, 0x52, 0x31, 0x17, 0x07, 0x53, 0x20,
210 0x33, 0xad, 0x8c, 0xd5, 0x2f, 0x5a, 0xd0, 0x57, 0xd7, 0xd1, 0x80, 0xd6,
211 0x3a, 0x9b, 0x04, 0x4f, 0x35, 0xbf, 0xe7, 0xd5, 0xbc, 0x8f, 0xd4, 0x81,
212 0x02, 0x81, 0x81, 0x00, 0xc0, 0x9f, 0xf8, 0xcd, 0xf7, 0x3f, 0x26, 0x8a,
213 0x3d, 0x4d, 0x2b, 0x0c, 0x01, 0xd0, 0xa2, 0xb4, 0x18, 0xfe, 0xf7, 0x5e,
214 0x2f, 0x06, 0x13, 0xcd, 0x63, 0xaa, 0x12, 0xa9, 0x24, 0x86, 0xe3, 0xf3,
215 0x7b, 0xda, 0x1a, 0x3c, 0xb1, 0x38, 0x80, 0x80, 0xef, 0x64, 0x64, 0xa1,
216 0x9b, 0xfe, 0x76, 0x63, 0x8e, 0x83, 0xd2, 0xd9, 0xb9, 0x86, 0xb0, 0xe6,
217 0xa6, 0x0c, 0x7e, 0xa8, 0x84, 0x90, 0x98, 0x0c, 0x1e, 0xf3, 0x14, 0x77,
218 0xe0, 0x5f, 0x81, 0x08, 0x11, 0x8f, 0xa6, 0x23, 0xc4, 0xba, 0xc0, 0x8a,
219 0xe4, 0xc6, 0xe3, 0x5c, 0xbe, 0xc5, 0xec, 0x2c, 0xb9, 0xd8, 0x8c, 0x4d,
220 0x1a, 0x9d, 0xe7, 0x7c, 0x85, 0x4c, 0x0d, 0x71, 0x4e, 0x72, 0x33, 0x1b,
221 0xfe, 0xa9, 0x17, 0x72, 0x76, 0x56, 0x9d, 0x74, 0x7e, 0x52, 0x67, 0x9a,
222 0x87, 0x9a, 0xdb, 0x30, 0xde, 0xe4, 0x49, 0x28, 0x3b, 0xd2, 0x67, 0xaf,
223 0x02, 0x81, 0x81, 0x00, 0x89, 0x74, 0x9a, 0x8e, 0xa7, 0xb9, 0xa5, 0x28,
224 0xc0, 0x68, 0xe5, 0x6e, 0x63, 0x1c, 0x99, 0x20, 0x8f, 0x86, 0x8e, 0x12,
225 0x9e, 0x69, 0x30, 0xfa, 0x34, 0xd9, 0x92, 0x8d, 0xdb, 0x7c, 0x37, 0xfd,
226 0x28, 0xab, 0x61, 0x98, 0x52, 0x7f, 0x14, 0x1a, 0x39, 0xae, 0xfb, 0x6a,
227 0x03, 0xa3, 0xe6, 0xbd, 0xb6, 0x5b, 0x6b, 0xe5, 0x5e, 0x9d, 0xc6, 0xa5,
228 0x07, 0x27, 0x54, 0x17, 0xd0, 0x3d, 0x84, 0x9b, 0x3a, 0xa0, 0xd9, 0x1e,
229 0x99, 0x6c, 0x63, 0x17, 0xab, 0xf1, 0x1f, 0x49, 0xba, 0x95, 0xe3, 0x3b,
230 0x86, 0x8f, 0x42, 0xa4, 0x89, 0xf5, 0x94, 0x8f, 0x8b, 0x46, 0xbe, 0x84,
231 0xba, 0x4a, 0xbc, 0x0d, 0x5f, 0x46, 0xeb, 0xe8, 0xec, 0x43, 0x8c, 0x1e,
232 0xad, 0x19, 0x69, 0x2f, 0x08, 0x86, 0x7a, 0x3f, 0x7d, 0x0f, 0x07, 0x97,
233 0xf3, 0x9a, 0x7b, 0xb5, 0xb2, 0xc1, 0x8c, 0x95, 0x68, 0x04, 0xa0, 0x81,
234 0x02, 0x81, 0x80, 0x4e, 0xbf, 0x7e, 0x1b, 0xcb, 0x13, 0x61, 0x75, 0x3b,
235 0xdb, 0x59, 0x5f, 0xb1, 0xd4, 0xb8, 0xeb, 0x9e, 0x73, 0xb5, 0xe7, 0xf6,
236 0x89, 0x3d, 0x1c, 0xda, 0xf0, 0x36, 0xff, 0x35, 0xbd, 0x1e, 0x0b, 0x74,
237 0xe3, 0x9e, 0xf0, 0xf2, 0xf7, 0xd7, 0x82, 0xb7, 0x7b, 0x6a, 0x1b, 0x0e,
238 0x30, 0x4a, 0x98, 0x0e, 0xb4, 0xf9, 0x81, 0x07, 0xe4, 0x75, 0x39, 0xe9,
239 0x53, 0xca, 0xbb, 0x5c, 0xaa, 0x93, 0x07, 0x0e, 0xa8, 0x2f, 0xba, 0x98,
240 0x49, 0x30, 0xa7, 0xcc, 0x1a, 0x3c, 0x68, 0x0c, 0xe1, 0xa4, 0xb1, 0x05,
241 0xe6, 0xe0, 0x25, 0x78, 0x58, 0x14, 0x37, 0xf5, 0x1f, 0xe3, 0x22, 0xef,
242 0xa8, 0x0e, 0x22, 0xa0, 0x94, 0x3a, 0xf6, 0xc9, 0x13, 0xe6, 0x06, 0xbf,
243 0x7f, 0x99, 0xc6, 0xcc, 0xd8, 0xc6, 0xbe, 0xd9, 0x2e, 0x24, 0xc7, 0x69,
244 0x8c, 0x95, 0xba, 0xf6, 0x04, 0xb3, 0x0a, 0xf4, 0xcb, 0xf0, 0xce,
247 static const unsigned char kMsg[] = { 1, 2, 3, 4 };
249 static const unsigned char kSignature[] = {
250 0xa5, 0xf0, 0x8a, 0x47, 0x5d, 0x3c, 0xb3, 0xcc, 0xa9, 0x79, 0xaf, 0x4d,
251 0x8c, 0xae, 0x4c, 0x14, 0xef, 0xc2, 0x0b, 0x34, 0x36, 0xde, 0xf4, 0x3e,
252 0x3d, 0xbb, 0x4a, 0x60, 0x5c, 0xc8, 0x91, 0x28, 0xda, 0xfb, 0x7e, 0x04,
253 0x96, 0x7e, 0x63, 0x13, 0x90, 0xce, 0xb9, 0xb4, 0x62, 0x7a, 0xfd, 0x09,
254 0x3d, 0xc7, 0x67, 0x78, 0x54, 0x04, 0xeb, 0x52, 0x62, 0x6e, 0x24, 0x67,
255 0xb4, 0x40, 0xfc, 0x57, 0x62, 0xc6, 0xf1, 0x67, 0xc1, 0x97, 0x8f, 0x6a,
256 0xa8, 0xae, 0x44, 0x46, 0x5e, 0xab, 0x67, 0x17, 0x53, 0x19, 0x3a, 0xda,
257 0x5a, 0xc8, 0x16, 0x3e, 0x86, 0xd5, 0xc5, 0x71, 0x2f, 0xfc, 0x23, 0x48,
258 0xd9, 0x0b, 0x13, 0xdd, 0x7b, 0x5a, 0x25, 0x79, 0xef, 0xa5, 0x7b, 0x04,
259 0xed, 0x44, 0xf6, 0x18, 0x55, 0xe4, 0x0a, 0xe9, 0x57, 0x79, 0x5d, 0xd7,
260 0x55, 0xa7, 0xab, 0x45, 0x02, 0x97, 0x60, 0x42,
264 * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS #8
267 static const unsigned char kExampleRSAKeyPKCS8[] = {
268 0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
269 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
270 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
271 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5,
272 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e,
273 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34,
274 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde,
275 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8,
276 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b,
277 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83,
278 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48,
279 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a,
280 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2,
281 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01,
282 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a,
283 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5,
284 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6,
285 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8,
286 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6,
287 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f,
288 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c,
289 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78,
290 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71,
291 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60,
292 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d,
293 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3,
294 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d,
295 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18,
296 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d,
297 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32,
298 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc,
299 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63,
300 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05,
301 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16,
302 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3,
303 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85,
304 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97,
305 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7,
306 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99,
307 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4,
308 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d,
309 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40,
310 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26,
311 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1,
312 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c,
313 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30,
314 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea,
315 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b,
316 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e,
317 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9,
318 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae,
319 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d,
320 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
323 #ifndef OPENSSL_NO_EC
325 * kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey
328 static const unsigned char kExampleECKeyDER[] = {
329 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x07, 0x0f, 0x08, 0x72, 0x7a,
330 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 0x4d, 0x89, 0x68, 0x77, 0x08,
331 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 0xe8, 0xd1, 0xc9, 0xce, 0x0a,
332 0x8b, 0xb4, 0x6a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
333 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69,
334 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c,
335 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9,
336 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18,
337 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16,
338 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22,
343 * kExampleBadECKeyDER is a sample EC private key encoded as an ECPrivateKey
344 * structure. The private key is equal to the order and will fail to import
346 static const unsigned char kExampleBadECKeyDER[] = {
347 0x30, 0x66, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48,
348 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03,
349 0x01, 0x07, 0x04, 0x4C, 0x30, 0x4A, 0x02, 0x01, 0x01, 0x04, 0x20, 0xFF,
350 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
351 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3,
352 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51, 0xA1, 0x23, 0x03, 0x21, 0x00,
353 0x00, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
354 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84,
355 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51
359 static const unsigned char kExampleECPubKeyDER[] = {
360 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
361 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
362 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
363 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
364 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
365 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
366 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
367 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
371 * kExampleBadECPubKeyDER is a sample EC public key with a wrong OID
372 * 1.2.840.10045.2.2 instead of 1.2.840.10045.2.1 - EC Public Key
374 static const unsigned char kExampleBadECPubKeyDER[] = {
375 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
376 0x02, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
377 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
378 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
379 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
380 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
381 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
382 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
385 static const unsigned char pExampleECParamDER[] = {
386 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07
390 typedef struct APK_DATA_st {
391 const unsigned char *kder;
397 int type; /* 0 for private, 1 for public, 2 for params */
400 static APK_DATA keydata[] = {
401 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), EVP_PKEY_RSA},
402 {kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), EVP_PKEY_RSA},
403 #ifndef OPENSSL_NO_EC
404 {kExampleECKeyDER, sizeof(kExampleECKeyDER), EVP_PKEY_EC}
408 static APK_DATA keycheckdata[] = {
409 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), EVP_PKEY_RSA, 1, -2, -2, 0},
410 {kExampleBadRSAKeyDER, sizeof(kExampleBadRSAKeyDER), EVP_PKEY_RSA,
412 #ifndef OPENSSL_NO_EC
413 {kExampleECKeyDER, sizeof(kExampleECKeyDER), EVP_PKEY_EC, 1, 1, 1, 0},
414 /* group is also associated in our pub key */
415 {kExampleECPubKeyDER, sizeof(kExampleECPubKeyDER), EVP_PKEY_EC, 0, 1, 1, 1},
416 {pExampleECParamDER, sizeof(pExampleECParamDER), EVP_PKEY_EC, 0, 0, 1, 2}
420 static EVP_PKEY *load_example_rsa_key(void)
422 EVP_PKEY *ret = NULL;
423 const unsigned char *derp = kExampleRSAKeyDER;
424 EVP_PKEY *pkey = NULL;
427 if (!TEST_true(d2i_RSAPrivateKey(&rsa, &derp, sizeof(kExampleRSAKeyDER))))
430 if (!TEST_ptr(pkey = EVP_PKEY_new())
431 || !TEST_true(EVP_PKEY_set1_RSA(pkey, rsa)))
444 #ifndef OPENSSL_NO_DSA
445 static EVP_PKEY *load_example_dsa_key(void)
447 EVP_PKEY *ret = NULL;
448 const unsigned char *derp = kExampleDSAKeyDER;
449 EVP_PKEY *pkey = NULL;
452 if (!TEST_true(d2i_DSAPrivateKey(&dsa, &derp, sizeof(kExampleDSAKeyDER))))
455 if (!TEST_ptr(pkey = EVP_PKEY_new())
456 || !TEST_true(EVP_PKEY_set1_DSA(pkey, dsa)))
470 static EVP_PKEY *load_example_hmac_key(void)
472 EVP_PKEY *pkey = NULL;
473 unsigned char key[] = {
474 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
475 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
476 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
479 pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, NULL, key, sizeof(key));
486 static int test_EVP_set_default_properties(void)
492 if (!TEST_ptr(ctx = OPENSSL_CTX_new())
493 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
498 if (!TEST_true(EVP_set_default_properties(ctx, "provider=fizzbang"))
499 || !TEST_ptr_null(md = EVP_MD_fetch(ctx, "sha256", NULL))
500 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", "-provider")))
505 if (!TEST_true(EVP_set_default_properties(ctx, NULL))
506 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
511 OPENSSL_CTX_free(ctx);
515 static int test_EVP_Enveloped(void)
518 EVP_CIPHER_CTX *ctx = NULL;
519 EVP_PKEY *keypair = NULL;
520 unsigned char *kek = NULL;
521 unsigned char iv[EVP_MAX_IV_LENGTH];
522 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8 };
523 int len, kek_len, ciphertext_len, plaintext_len;
524 unsigned char ciphertext[32], plaintext[16];
525 const EVP_CIPHER *type = EVP_aes_256_cbc();
527 if (!TEST_ptr(keypair = load_example_rsa_key())
528 || !TEST_ptr(kek = OPENSSL_zalloc(EVP_PKEY_size(keypair)))
529 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
530 || !TEST_true(EVP_SealInit(ctx, type, &kek, &kek_len, iv,
532 || !TEST_true(EVP_SealUpdate(ctx, ciphertext, &ciphertext_len,
534 || !TEST_true(EVP_SealFinal(ctx, ciphertext + ciphertext_len,
538 ciphertext_len += len;
540 if (!TEST_true(EVP_OpenInit(ctx, type, kek, kek_len, iv, keypair))
541 || !TEST_true(EVP_OpenUpdate(ctx, plaintext, &plaintext_len,
542 ciphertext, ciphertext_len))
543 || !TEST_true(EVP_OpenFinal(ctx, plaintext + plaintext_len, &len)))
546 plaintext_len += len;
547 if (!TEST_mem_eq(msg, sizeof(msg), plaintext, plaintext_len))
553 EVP_PKEY_free(keypair);
554 EVP_CIPHER_CTX_free(ctx);
559 * Test 0: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, RSA)
560 * Test 1: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, DSA)
561 * Test 2: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, HMAC)
562 * Test 3: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, RSA)
563 * Test 4: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, DSA)
564 * Test 5: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch diegst, HMAC)
565 * Test 6: Use an MD BIO to do the Update calls instead (RSA)
566 * Test 7: Use an MD BIO to do the Update calls instead (DSA)
567 * Test 8: Use an MD BIO to do the Update calls instead (HMAC)
569 static int test_EVP_DigestSignInit(int tst)
572 EVP_PKEY *pkey = NULL;
573 unsigned char *sig = NULL;
575 EVP_MD_CTX *md_ctx = NULL, *md_ctx_verify = NULL;
576 EVP_MD_CTX *a_md_ctx = NULL, *a_md_ctx_verify = NULL;
577 BIO *mdbio = NULL, *membio = NULL;
580 EVP_MD *mdexp = NULL;
583 membio = BIO_new(BIO_s_mem());
584 mdbio = BIO_new(BIO_f_md());
585 if (!TEST_ptr(membio) || !TEST_ptr(mdbio))
587 BIO_push(mdbio, membio);
588 if (!TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx), 0))
591 if (!TEST_ptr(a_md_ctx = md_ctx = EVP_MD_CTX_new())
592 || !TEST_ptr(a_md_ctx_verify = md_ctx_verify = EVP_MD_CTX_new()))
596 if (tst == 0 || tst == 3 || tst == 6) {
597 if (!TEST_ptr(pkey = load_example_rsa_key()))
599 } else if (tst == 1 || tst == 4 || tst == 7) {
600 #ifndef OPENSSL_NO_DSA
601 if (!TEST_ptr(pkey = load_example_dsa_key()))
608 if (!TEST_ptr(pkey = load_example_hmac_key()))
612 if (tst >= 3 && tst <= 5)
613 md = mdexp = EVP_MD_fetch(NULL, "SHA256", NULL);
617 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, md, NULL, pkey)))
621 if (!BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written))
624 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
628 /* Determine the size of the signature. */
629 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len))
630 || !TEST_ptr(sig = OPENSSL_malloc(sig_len))
631 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
635 if (!TEST_int_gt(BIO_reset(mdbio), 0)
636 || !TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx_verify), 0))
641 * Ensure that the signature round-trips (Verification isn't supported for
642 * HMAC via EVP_DigestVerify*)
644 if (tst != 2 && tst != 5 && tst != 8) {
645 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, md,
650 if (!TEST_true(BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written)))
653 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg,
657 if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)))
666 EVP_MD_CTX_free(a_md_ctx);
667 EVP_MD_CTX_free(a_md_ctx_verify);
675 static int test_EVP_DigestVerifyInit(void)
678 EVP_PKEY *pkey = NULL;
679 EVP_MD_CTX *md_ctx = NULL;
681 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new())
682 || !TEST_ptr(pkey = load_example_rsa_key()))
685 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, EVP_sha256(), NULL, pkey))
686 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)))
687 || !TEST_true(EVP_DigestVerifyFinal(md_ctx, kSignature,
688 sizeof(kSignature))))
693 EVP_MD_CTX_free(md_ctx);
698 static int test_d2i_AutoPrivateKey(int i)
701 const unsigned char *p;
702 EVP_PKEY *pkey = NULL;
703 const APK_DATA *ak = &keydata[i];
704 const unsigned char *input = ak->kder;
705 size_t input_len = ak->size;
706 int expected_id = ak->evptype;
709 if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len))
710 || !TEST_ptr_eq(p, input + input_len)
711 || !TEST_int_eq(EVP_PKEY_id(pkey), expected_id))
721 #ifndef OPENSSL_NO_EC
723 static const unsigned char ec_public_sect163k1_validxy[] = {
724 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
725 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
726 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
727 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x02, 0xd1, 0x7b,
728 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
729 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
732 static const unsigned char ec_public_sect163k1_badx[] = {
733 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
734 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
735 0x0a, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
736 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0xb0, 0x02, 0xd1, 0x7b,
737 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
738 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
741 static const unsigned char ec_public_sect163k1_bady[] = {
742 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
743 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
744 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
745 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x0a, 0xd1, 0x7b,
746 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
747 0x6a, 0xd8, 0x17, 0x65, 0x41, 0xe6
750 static struct ec_der_pub_keys_st {
751 const unsigned char *der;
754 } ec_der_pub_keys[] = {
755 { ec_public_sect163k1_validxy, sizeof(ec_public_sect163k1_validxy), 1 },
756 { ec_public_sect163k1_badx, sizeof(ec_public_sect163k1_badx), 0 },
757 { ec_public_sect163k1_bady, sizeof(ec_public_sect163k1_bady), 0 },
761 * Tests the range of the decoded EC char2 public point.
762 * See ec_GF2m_simple_oct2point().
764 static int test_invalide_ec_char2_pub_range_decode(int id)
768 EC_KEY *eckey = NULL;
770 if (!TEST_ptr(bio = BIO_new_mem_buf(ec_der_pub_keys[id].der,
771 ec_der_pub_keys[id].len)))
773 eckey = d2i_EC_PUBKEY_bio(bio, NULL);
774 ret = (ec_der_pub_keys[id].valid && TEST_ptr(eckey))
775 || TEST_ptr_null(eckey);
782 /* Tests loading a bad key in PKCS8 format */
783 static int test_EVP_PKCS82PKEY(void)
786 const unsigned char *derp = kExampleBadECKeyDER;
787 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
788 EVP_PKEY *pkey = NULL;
790 if (!TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &derp,
791 sizeof(kExampleBadECKeyDER))))
794 if (!TEST_ptr_eq(derp,
795 kExampleBadECKeyDER + sizeof(kExampleBadECKeyDER)))
798 if (!TEST_ptr_null(pkey = EVP_PKCS82PKEY(p8inf)))
804 PKCS8_PRIV_KEY_INFO_free(p8inf);
811 /* This uses kExampleRSAKeyDER and kExampleRSAKeyPKCS8 to verify encoding */
812 static int test_privatekey_to_pkcs8(void)
814 EVP_PKEY *pkey = NULL;
820 if (!TEST_ptr(membio = BIO_new(BIO_s_mem()))
821 || !TEST_ptr(pkey = load_example_rsa_key())
822 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL,
823 NULL, 0, NULL, NULL),
825 || !TEST_int_gt(membuf_len = BIO_get_mem_data(membio, &membuf), 0)
827 || !TEST_mem_eq(membuf, (size_t)membuf_len,
828 kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8))
830 * We try to write PEM as well, just to see that it doesn't err, but
831 * assume that the result is correct.
833 || !TEST_int_gt(PEM_write_bio_PKCS8PrivateKey(membio, pkey, NULL,
834 NULL, 0, NULL, NULL),
841 BIO_free_all(membio);
845 #if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
847 static int test_EVP_SM2_verify(void)
849 /* From https://tools.ietf.org/html/draft-shen-sm2-ecdsa-02#appendix-A */
851 "-----BEGIN PUBLIC KEY-----\n"
852 "MIIBMzCB7AYHKoZIzj0CATCB4AIBATAsBgcqhkjOPQEBAiEAhULWnkwETxjouSQ1\n"
853 "v2/33kVyg5FcRVF9ci7biwjx38MwRAQgeHlotPoyw/0kF4Quc7v+/y88hItoMdfg\n"
854 "7GUiizk35JgEIGPkxtOyOwyEnPhCQUhL/kj2HVmlsWugbm4S0donxSSaBEEEQh3r\n"
855 "1hti6rZ0ZDTrw8wxXjIiCzut1QvcTE5sFH/t1D0GgFEry7QsB9RzSdIVO3DE5df9\n"
856 "/L+jbqGoWEG55G4JogIhAIVC1p5MBE8Y6LkkNb9v990pdyBjBIVijVrnTufDLnm3\n"
857 "AgEBA0IABArkx3mKoPEZRxvuEYJb5GICu3nipYRElel8BP9N8lSKfAJA+I8c1OFj\n"
858 "Uqc8F7fxbwc1PlOhdtaEqf4Ma7eY6Fc=\n"
859 "-----END PUBLIC KEY-----\n";
861 const char *msg = "message digest";
862 const char *id = "ALICE123@YAHOO.COM";
864 const uint8_t signature[] = {
865 0x30, 0x44, 0x02, 0x20,
867 0x40, 0xF1, 0xEC, 0x59, 0xF7, 0x93, 0xD9, 0xF4, 0x9E, 0x09, 0xDC,
868 0xEF, 0x49, 0x13, 0x0D, 0x41, 0x94, 0xF7, 0x9F, 0xB1, 0xEE, 0xD2,
869 0xCA, 0xA5, 0x5B, 0xAC, 0xDB, 0x49, 0xC4, 0xE7, 0x55, 0xD1,
873 0x6F, 0xC6, 0xDA, 0xC3, 0x2C, 0x5D, 0x5C, 0xF1, 0x0C, 0x77, 0xDF,
874 0xB2, 0x0F, 0x7C, 0x2E, 0xB6, 0x67, 0xA4, 0x57, 0x87, 0x2F, 0xB0,
875 0x9E, 0xC5, 0x63, 0x27, 0xA6, 0x7E, 0xC7, 0xDE, 0xEB, 0xE7
880 EVP_PKEY *pkey = NULL;
881 EVP_MD_CTX *mctx = NULL;
882 EVP_PKEY_CTX *pctx = NULL;
884 bio = BIO_new_mem_buf(pubkey, strlen(pubkey));
885 if (!TEST_true(bio != NULL))
888 pkey = PEM_read_bio_PUBKEY(bio, NULL, NULL, NULL);
889 if (!TEST_true(pkey != NULL))
893 if (!TEST_ptr(EVP_PKEY_get0(pkey)))
897 if (!TEST_true(EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2)))
900 if (!TEST_ptr(mctx = EVP_MD_CTX_new()))
903 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new(pkey, NULL)))
906 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(pctx, (const uint8_t *)id,
910 EVP_MD_CTX_set_pkey_ctx(mctx, pctx);
912 if (!TEST_true(EVP_DigestVerifyInit(mctx, NULL, EVP_sm3(), NULL, pkey)))
915 if (!TEST_true(EVP_DigestVerifyUpdate(mctx, msg, strlen(msg))))
918 if (!TEST_true(EVP_DigestVerifyFinal(mctx, signature, sizeof(signature))))
925 EVP_PKEY_CTX_free(pctx);
926 EVP_MD_CTX_free(mctx);
930 static int test_EVP_SM2(void)
933 EVP_PKEY *pkey = NULL;
934 EVP_PKEY *params = NULL;
935 EVP_PKEY_CTX *pctx = NULL;
936 EVP_PKEY_CTX *kctx = NULL;
937 EVP_PKEY_CTX *sctx = NULL;
939 unsigned char *sig = NULL;
940 EVP_MD_CTX *md_ctx = NULL;
941 EVP_MD_CTX *md_ctx_verify = NULL;
942 EVP_PKEY_CTX *cctx = NULL;
944 uint8_t ciphertext[128];
945 size_t ctext_len = sizeof(ciphertext);
947 uint8_t plaintext[8];
948 size_t ptext_len = sizeof(plaintext);
950 uint8_t sm2_id[] = {1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r'};
952 pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
956 if (!TEST_true(EVP_PKEY_paramgen_init(pctx) == 1))
959 if (!TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, NID_sm2)))
962 if (!TEST_true(EVP_PKEY_paramgen(pctx, ¶ms)))
965 kctx = EVP_PKEY_CTX_new(params, NULL);
969 if (!TEST_true(EVP_PKEY_keygen_init(kctx)))
972 if (!TEST_true(EVP_PKEY_keygen(kctx, &pkey)))
975 if (!TEST_true(EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2)))
978 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
981 if (!TEST_ptr(md_ctx_verify = EVP_MD_CTX_new()))
984 if (!TEST_ptr(sctx = EVP_PKEY_CTX_new(pkey, NULL)))
987 EVP_MD_CTX_set_pkey_ctx(md_ctx, sctx);
988 EVP_MD_CTX_set_pkey_ctx(md_ctx_verify, sctx);
990 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
993 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, EVP_sm3(), NULL, pkey)))
996 if(!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
999 /* Determine the size of the signature. */
1000 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len)))
1003 if (!TEST_ptr(sig = OPENSSL_malloc(sig_len)))
1006 if (!TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
1009 /* Ensure that the signature round-trips. */
1011 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, EVP_sm3(), NULL, pkey)))
1014 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg))))
1017 if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)))
1020 /* now check encryption/decryption */
1022 if (!TEST_ptr(cctx = EVP_PKEY_CTX_new(pkey, NULL)))
1025 if (!TEST_true(EVP_PKEY_encrypt_init(cctx)))
1028 if (!TEST_true(EVP_PKEY_encrypt(cctx, ciphertext, &ctext_len, kMsg, sizeof(kMsg))))
1031 if (!TEST_true(EVP_PKEY_decrypt_init(cctx)))
1034 if (!TEST_true(EVP_PKEY_decrypt(cctx, plaintext, &ptext_len, ciphertext, ctext_len)))
1037 if (!TEST_true(ptext_len == sizeof(kMsg)))
1040 if (!TEST_true(memcmp(plaintext, kMsg, sizeof(kMsg)) == 0))
1045 EVP_PKEY_CTX_free(pctx);
1046 EVP_PKEY_CTX_free(kctx);
1047 EVP_PKEY_CTX_free(sctx);
1048 EVP_PKEY_CTX_free(cctx);
1049 EVP_PKEY_free(pkey);
1050 EVP_PKEY_free(params);
1051 EVP_MD_CTX_free(md_ctx);
1052 EVP_MD_CTX_free(md_ctx_verify);
1059 static struct keys_st {
1065 EVP_PKEY_HMAC, "0123456789", NULL
1067 EVP_PKEY_POLY1305, "01234567890123456789012345678901", NULL
1069 EVP_PKEY_SIPHASH, "0123456789012345", NULL
1071 #ifndef OPENSSL_NO_EC
1073 EVP_PKEY_X25519, "01234567890123456789012345678901",
1074 "abcdefghijklmnopqrstuvwxyzabcdef"
1076 EVP_PKEY_ED25519, "01234567890123456789012345678901",
1077 "abcdefghijklmnopqrstuvwxyzabcdef"
1080 "01234567890123456789012345678901234567890123456789012345",
1081 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd"
1084 "012345678901234567890123456789012345678901234567890123456",
1085 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcde"
1090 static int test_set_get_raw_keys_int(int tst, int pub, int uselibctx)
1093 unsigned char buf[80];
1095 size_t inlen, len = 0;
1098 /* Check if this algorithm supports public keys */
1099 if (keys[tst].pub == NULL)
1102 memset(buf, 0, sizeof(buf));
1105 inlen = strlen(keys[tst].pub);
1106 in = (unsigned char *)keys[tst].pub;
1108 pkey = EVP_PKEY_new_raw_public_key_with_libctx(
1110 OBJ_nid2sn(keys[tst].type),
1115 pkey = EVP_PKEY_new_raw_public_key(keys[tst].type,
1121 inlen = strlen(keys[tst].priv);
1122 in = (unsigned char *)keys[tst].priv;
1124 pkey = EVP_PKEY_new_raw_private_key_with_libctx(
1125 testctx, OBJ_nid2sn(keys[tst].type),
1130 pkey = EVP_PKEY_new_raw_private_key(keys[tst].type,
1138 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, NULL, &len)))
1139 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, NULL, &len)))
1140 || !TEST_true(len == inlen)
1141 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, buf, &len)))
1142 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, buf, &len)))
1143 || !TEST_mem_eq(in, inlen, buf, len))
1148 EVP_PKEY_free(pkey);
1152 static int test_set_get_raw_keys(int tst)
1154 return test_set_get_raw_keys_int(tst, 0, 0)
1155 && test_set_get_raw_keys_int(tst, 0, 1)
1156 && test_set_get_raw_keys_int(tst, 1, 0)
1157 && test_set_get_raw_keys_int(tst, 1, 1);
1160 #ifndef OPENSSL_NO_DEPRECATED_3_0
1161 static int pkey_custom_check(EVP_PKEY *pkey)
1166 static int pkey_custom_pub_check(EVP_PKEY *pkey)
1171 static int pkey_custom_param_check(EVP_PKEY *pkey)
1176 static EVP_PKEY_METHOD *custom_pmeth;
1179 static int test_EVP_PKEY_check(int i)
1182 const unsigned char *p;
1183 EVP_PKEY *pkey = NULL;
1184 #ifndef OPENSSL_NO_EC
1185 EC_KEY *eckey = NULL;
1187 EVP_PKEY_CTX *ctx = NULL;
1188 #ifndef OPENSSL_NO_DEPRECATED_3_0
1189 EVP_PKEY_CTX *ctx2 = NULL;
1191 const APK_DATA *ak = &keycheckdata[i];
1192 const unsigned char *input = ak->kder;
1193 size_t input_len = ak->size;
1194 int expected_id = ak->evptype;
1195 int expected_check = ak->check;
1196 int expected_pub_check = ak->pub_check;
1197 int expected_param_check = ak->param_check;
1198 int type = ak->type;
1205 if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len))
1206 || !TEST_ptr_eq(p, input + input_len)
1207 || !TEST_int_eq(EVP_PKEY_id(pkey), expected_id))
1210 #ifndef OPENSSL_NO_EC
1212 if (!TEST_ptr(pubkey = BIO_new_mem_buf(input, input_len))
1213 || !TEST_ptr(eckey = d2i_EC_PUBKEY_bio(pubkey, NULL))
1214 || !TEST_ptr(pkey = EVP_PKEY_new())
1215 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
1219 if (!TEST_ptr(eckey = d2i_ECParameters(NULL, &p, input_len))
1220 || !TEST_ptr_eq(p, input + input_len)
1221 || !TEST_ptr(pkey = EVP_PKEY_new())
1222 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
1230 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new(pkey, NULL)))
1233 if (!TEST_int_eq(EVP_PKEY_check(ctx), expected_check))
1236 if (!TEST_int_eq(EVP_PKEY_public_check(ctx), expected_pub_check))
1239 if (!TEST_int_eq(EVP_PKEY_param_check(ctx), expected_param_check))
1242 #ifndef OPENSSL_NO_DEPRECATED_3_0
1243 ctx2 = EVP_PKEY_CTX_new_id(0xdefaced, NULL);
1244 /* assign the pkey directly, as an internal test */
1245 EVP_PKEY_up_ref(pkey);
1248 if (!TEST_int_eq(EVP_PKEY_check(ctx2), 0xbeef))
1251 if (!TEST_int_eq(EVP_PKEY_public_check(ctx2), 0xbeef))
1254 if (!TEST_int_eq(EVP_PKEY_param_check(ctx2), 0xbeef))
1261 EVP_PKEY_CTX_free(ctx);
1262 #ifndef OPENSSL_NO_DEPRECATED_3_0
1263 EVP_PKEY_CTX_free(ctx2);
1265 EVP_PKEY_free(pkey);
1270 #ifndef OPENSSL_NO_CMAC
1271 static int get_cmac_val(EVP_PKEY *pkey, unsigned char *mac)
1273 EVP_MD_CTX *mdctx = EVP_MD_CTX_new();
1274 const char msg[] = "Hello World";
1278 if (!TEST_ptr(mdctx)
1279 || !TEST_true(EVP_DigestSignInit(mdctx, NULL, NULL, NULL, pkey))
1280 || !TEST_true(EVP_DigestSignUpdate(mdctx, msg, sizeof(msg)))
1281 || !TEST_true(EVP_DigestSignFinal(mdctx, mac, &maclen))
1282 || !TEST_size_t_eq(maclen, AES_BLOCK_SIZE))
1285 EVP_MD_CTX_free(mdctx);
1289 static int test_CMAC_keygen(void)
1291 static unsigned char key[] = {
1292 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
1293 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
1294 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
1297 * This is a legacy method for CMACs, but should still work.
1298 * This verifies that it works without an ENGINE.
1300 EVP_PKEY_CTX *kctx = EVP_PKEY_CTX_new_id(EVP_PKEY_CMAC, NULL);
1302 EVP_PKEY *pkey = NULL;
1303 unsigned char mac[AES_BLOCK_SIZE], mac2[AES_BLOCK_SIZE];
1305 /* Test a CMAC key created using the "generated" method */
1306 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0)
1307 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
1308 EVP_PKEY_CTRL_CIPHER,
1309 0, (void *)EVP_aes_256_ecb()), 0)
1310 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
1311 EVP_PKEY_CTRL_SET_MAC_KEY,
1312 sizeof(key), (void *)key), 0)
1313 || !TEST_int_gt(EVP_PKEY_keygen(kctx, &pkey), 0)
1315 || !TEST_true(get_cmac_val(pkey, mac)))
1318 EVP_PKEY_free(pkey);
1321 * Test a CMAC key using the direct method, and compare with the mac
1324 pkey = EVP_PKEY_new_CMAC_key(NULL, key, sizeof(key), EVP_aes_256_ecb());
1326 || !TEST_true(get_cmac_val(pkey, mac2))
1327 || !TEST_mem_eq(mac, sizeof(mac), mac2, sizeof(mac2)))
1333 EVP_PKEY_free(pkey);
1334 EVP_PKEY_CTX_free(kctx);
1339 static int test_HKDF(void)
1342 unsigned char out[20];
1345 unsigned char salt[] = "0123456789";
1346 unsigned char key[] = "012345678901234567890123456789";
1347 unsigned char info[] = "infostring";
1348 const unsigned char expected[] = {
1349 0xe5, 0x07, 0x70, 0x7f, 0xc6, 0x78, 0xd6, 0x54, 0x32, 0x5f, 0x7e, 0xc5,
1350 0x7b, 0x59, 0x3e, 0xd8, 0x03, 0x6b, 0xed, 0xca
1352 size_t expectedlen = sizeof(expected);
1354 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL)))
1357 /* We do this twice to test reuse of the EVP_PKEY_CTX */
1358 for (i = 0; i < 2; i++) {
1359 outlen = sizeof(out);
1360 memset(out, 0, outlen);
1362 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
1363 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
1364 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
1365 sizeof(salt) - 1), 0)
1366 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
1367 sizeof(key) - 1), 0)
1368 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
1369 sizeof(info) - 1), 0)
1370 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
1371 || !TEST_mem_eq(out, outlen, expected, expectedlen))
1378 EVP_PKEY_CTX_free(pctx);
1383 static int test_emptyikm_HKDF(void)
1386 unsigned char out[20];
1389 unsigned char salt[] = "9876543210";
1390 unsigned char key[] = "";
1391 unsigned char info[] = "stringinfo";
1392 const unsigned char expected[] = {
1393 0x68, 0x81, 0xa5, 0x3e, 0x5b, 0x9c, 0x7b, 0x6f, 0x2e, 0xec, 0xc8, 0x47,
1394 0x7c, 0xfa, 0x47, 0x35, 0x66, 0x82, 0x15, 0x30
1396 size_t expectedlen = sizeof(expected);
1398 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL)))
1401 outlen = sizeof(out);
1402 memset(out, 0, outlen);
1404 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
1405 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
1406 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
1407 sizeof(salt) - 1), 0)
1408 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
1409 sizeof(key) - 1), 0)
1410 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
1411 sizeof(info) - 1), 0)
1412 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
1413 || !TEST_mem_eq(out, outlen, expected, expectedlen))
1419 EVP_PKEY_CTX_free(pctx);
1424 #ifndef OPENSSL_NO_EC
1425 static int test_X509_PUBKEY_inplace(void)
1428 X509_PUBKEY *xp = NULL;
1429 const unsigned char *p = kExampleECPubKeyDER;
1430 size_t input_len = sizeof(kExampleECPubKeyDER);
1432 if (!TEST_ptr(xp = d2i_X509_PUBKEY(NULL, &p, input_len)))
1435 if (!TEST_ptr(X509_PUBKEY_get0(xp)))
1438 p = kExampleBadECPubKeyDER;
1439 input_len = sizeof(kExampleBadECPubKeyDER);
1441 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len)))
1444 if (!TEST_true(X509_PUBKEY_get0(xp) == NULL))
1450 X509_PUBKEY_free(xp);
1453 #endif /* OPENSSL_NO_EC */
1455 /* Test getting and setting parameters on an EVP_PKEY_CTX */
1456 static int test_EVP_PKEY_CTX_get_set_params(EVP_PKEY *pkey)
1458 EVP_MD_CTX *mdctx = NULL;
1459 EVP_PKEY_CTX *ctx = NULL;
1460 const OSSL_PARAM *params;
1461 OSSL_PARAM ourparams[2], *param = ourparams, *param_md;
1464 char mdname[OSSL_MAX_NAME_SIZE];
1467 /* Initialise a sign operation */
1468 ctx = EVP_PKEY_CTX_new(pkey, NULL);
1470 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0))
1474 * We should be able to query the parameters now.
1476 params = EVP_PKEY_CTX_settable_params(ctx);
1477 if (!TEST_ptr(params)
1478 || !TEST_ptr(OSSL_PARAM_locate_const(params,
1479 OSSL_SIGNATURE_PARAM_DIGEST)))
1482 params = EVP_PKEY_CTX_gettable_params(ctx);
1483 if (!TEST_ptr(params)
1484 || !TEST_ptr(OSSL_PARAM_locate_const(params,
1485 OSSL_SIGNATURE_PARAM_ALGORITHM_ID))
1486 || !TEST_ptr(OSSL_PARAM_locate_const(params,
1487 OSSL_SIGNATURE_PARAM_DIGEST)))
1491 * Test getting and setting params via EVP_PKEY_CTX_set_params() and
1492 * EVP_PKEY_CTX_get_params()
1494 strcpy(mdname, "SHA512");
1496 *param++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
1498 *param++ = OSSL_PARAM_construct_end();
1500 if (!TEST_true(EVP_PKEY_CTX_set_params(ctx, ourparams)))
1504 *param_md = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
1505 mdname, sizeof(mdname));
1506 if (!TEST_true(EVP_PKEY_CTX_get_params(ctx, ourparams))
1507 || !TEST_str_eq(mdname, "SHA512"))
1511 * Test the TEST_PKEY_CTX_set_signature_md() and
1512 * TEST_PKEY_CTX_get_signature_md() functions
1514 if (!TEST_int_gt(EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()), 0)
1515 || !TEST_int_gt(EVP_PKEY_CTX_get_signature_md(ctx, &md), 0)
1516 || !TEST_ptr_eq(md, EVP_sha256()))
1520 * Test getting MD parameters via an associated EVP_PKEY_CTX
1522 mdctx = EVP_MD_CTX_new();
1523 if (!TEST_ptr(mdctx)
1524 || !TEST_true(EVP_DigestSignInit_with_libctx(mdctx, NULL,
1530 * We now have an EVP_MD_CTX with an EVP_PKEY_CTX inside it. We should be
1531 * able to obtain the digest's settable parameters from the provider.
1533 params = EVP_MD_CTX_settable_params(mdctx);
1534 if (!TEST_ptr(params)
1535 || !TEST_int_eq(strcmp(params[0].key, OSSL_DIGEST_PARAM_SSL3_MS), 0)
1536 /* The final key should be NULL */
1537 || !TEST_ptr_null(params[1].key))
1541 memset(ssl3ms, 0, sizeof(ssl3ms));
1542 *param++ = OSSL_PARAM_construct_octet_string(OSSL_DIGEST_PARAM_SSL3_MS,
1543 ssl3ms, sizeof(ssl3ms));
1544 *param++ = OSSL_PARAM_construct_end();
1546 if (!TEST_true(EVP_MD_CTX_set_params(mdctx, ourparams)))
1552 EVP_MD_CTX_free(mdctx);
1553 EVP_PKEY_CTX_free(ctx);
1558 #ifndef OPENSSL_NO_DSA
1559 static int test_DSA_get_set_params(void)
1562 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
1563 EVP_PKEY *pkey = NULL;
1567 * Setup the parameters for our DSA object. For our purposes they don't
1568 * have to actually be *valid* parameters. We just need to set something.
1581 || !DSA_set0_pqg(dsa, p, q, g)
1582 || !DSA_set0_key(dsa, pub, priv))
1584 p = q = g = pub = priv = NULL;
1586 pkey = EVP_PKEY_new();
1588 || !TEST_true(EVP_PKEY_assign_DSA(pkey, dsa)))
1593 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
1596 EVP_PKEY_free(pkey);
1608 static int test_RSA_get_set_params(void)
1611 BIGNUM *n = NULL, *e = NULL, *d = NULL;
1612 EVP_PKEY *pkey = NULL;
1616 * Setup the parameters for our RSA object. For our purposes they don't
1617 * have to actually be *valid* parameters. We just need to set something.
1627 || !RSA_set0_key(rsa, n, e, d))
1631 pkey = EVP_PKEY_new();
1633 || !TEST_true(EVP_PKEY_assign_RSA(pkey, rsa)))
1638 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
1641 EVP_PKEY_free(pkey);
1650 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
1651 static int test_decrypt_null_chunks(void)
1653 EVP_CIPHER_CTX* ctx = NULL;
1654 const unsigned char key[32] = {
1655 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
1656 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
1657 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1
1659 unsigned char iv[12] = {
1660 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b
1662 unsigned char msg[] = "It was the best of times, it was the worst of times";
1663 unsigned char ciphertext[80];
1664 unsigned char plaintext[80];
1665 /* We initialise tmp to a non zero value on purpose */
1666 int ctlen, ptlen, tmp = 99;
1668 const int enc_offset = 10, dec_offset = 20;
1670 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
1671 || !TEST_true(EVP_EncryptInit_ex(ctx, EVP_chacha20_poly1305(), NULL,
1673 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &ctlen, msg,
1675 /* Deliberate add a zero length update */
1676 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp, NULL,
1678 || !TEST_int_eq(tmp, 0)
1679 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp,
1681 sizeof(msg) - enc_offset))
1682 || !TEST_int_eq(ctlen += tmp, sizeof(msg))
1683 || !TEST_true(EVP_EncryptFinal(ctx, ciphertext + ctlen, &tmp))
1684 || !TEST_int_eq(tmp, 0))
1687 /* Deliberately initialise tmp to a non zero value */
1689 if (!TEST_true(EVP_DecryptInit_ex(ctx, EVP_chacha20_poly1305(), NULL, key,
1691 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext, &ptlen, ciphertext,
1694 * Deliberately add a zero length update. We also deliberately do
1695 * this at a different offset than for encryption.
1697 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp, NULL,
1699 || !TEST_int_eq(tmp, 0)
1700 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp,
1701 ciphertext + dec_offset,
1702 ctlen - dec_offset))
1703 || !TEST_int_eq(ptlen += tmp, sizeof(msg))
1704 || !TEST_true(EVP_DecryptFinal(ctx, plaintext + ptlen, &tmp))
1705 || !TEST_int_eq(tmp, 0)
1706 || !TEST_mem_eq(msg, sizeof(msg), plaintext, ptlen))
1711 EVP_CIPHER_CTX_free(ctx);
1714 #endif /* !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) */
1716 #ifndef OPENSSL_NO_DH
1717 static int test_EVP_PKEY_set1_DH(void)
1719 DH *x942dh = NULL, *noqdh = NULL;
1720 EVP_PKEY *pkey1 = NULL, *pkey2 = NULL;
1722 BIGNUM *p, *g = NULL;
1724 if (!TEST_ptr(p = BN_new())
1725 || !TEST_ptr(g = BN_new())
1726 || !BN_set_word(p, 9999)
1727 || !BN_set_word(g, 2)
1728 || !TEST_ptr(noqdh = DH_new())
1729 || !DH_set0_pqg(noqdh, p, NULL, g))
1733 x942dh = DH_get_2048_256();
1734 pkey1 = EVP_PKEY_new();
1735 pkey2 = EVP_PKEY_new();
1736 if (!TEST_ptr(x942dh)
1739 || !TEST_ptr(pkey2))
1742 if(!TEST_true(EVP_PKEY_set1_DH(pkey1, x942dh))
1743 || !TEST_int_eq(EVP_PKEY_id(pkey1), EVP_PKEY_DHX))
1746 if(!TEST_true(EVP_PKEY_set1_DH(pkey2, noqdh))
1747 || !TEST_int_eq(EVP_PKEY_id(pkey2), EVP_PKEY_DH))
1754 EVP_PKEY_free(pkey1);
1755 EVP_PKEY_free(pkey2);
1764 * We test what happens with an empty template. For the sake of this test,
1765 * the template must be ignored, and we know that's the case for RSA keys
1766 * (this might arguably be a misfeature, but that's what we currently do,
1767 * even in provider code, since that's how the legacy RSA implementation
1770 static int test_keygen_with_empty_template(int n)
1772 EVP_PKEY_CTX *ctx = NULL;
1773 EVP_PKEY *pkey = NULL;
1774 EVP_PKEY *tkey = NULL;
1779 /* We do test with no template at all as well */
1780 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL)))
1784 /* Here we create an empty RSA key that serves as our template */
1785 if (!TEST_ptr(tkey = EVP_PKEY_new())
1786 || !TEST_true(EVP_PKEY_set_type(tkey, EVP_PKEY_RSA))
1787 || !TEST_ptr(ctx = EVP_PKEY_CTX_new(tkey, NULL)))
1792 if (!TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
1793 || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0))
1798 EVP_PKEY_CTX_free(ctx);
1799 EVP_PKEY_free(pkey);
1800 EVP_PKEY_free(tkey);
1805 * Test that we fail if we attempt to use an algorithm that is not available
1806 * in the current library context (unless we are using an algorithm that should
1807 * be made available via legacy codepaths).
1809 static int test_pkey_ctx_fail_without_provider(int tst)
1811 OPENSSL_CTX *tmpctx = OPENSSL_CTX_new();
1812 OSSL_PROVIDER *nullprov = NULL;
1813 EVP_PKEY_CTX *pctx = NULL;
1816 if (!TEST_ptr(tmpctx))
1819 nullprov = OSSL_PROVIDER_load(tmpctx, "null");
1820 if (!TEST_ptr(nullprov))
1823 pctx = EVP_PKEY_CTX_new_from_name(tmpctx, tst == 0 ? "RSA" : "SM2", "");
1825 /* RSA is not available via any provider so we expect this to fail */
1826 if (tst == 0 && !TEST_ptr_null(pctx))
1830 * SM2 is always available because it is implemented via legacy codepaths
1831 * and not in a provider at all. We expect this to pass.
1832 * TODO(3.0): This can be removed once there are no more algorithms
1833 * available via legacy codepaths
1835 if (tst == 1 && !TEST_ptr(pctx))
1841 EVP_PKEY_CTX_free(pctx);
1842 OSSL_PROVIDER_unload(nullprov);
1843 OPENSSL_CTX_free(tmpctx);
1847 static int test_rand_agglomeration(void)
1851 OSSL_PARAM params[3], *p = params;
1853 unsigned int step = 7;
1854 static unsigned char seed[] = "It does not matter how slowly you go "
1855 "as long as you do not stop.";
1856 unsigned char out[sizeof(seed)];
1858 if (!TEST_int_ne(sizeof(seed) % step, 0)
1859 || !TEST_ptr(rand = EVP_RAND_fetch(NULL, "TEST-RAND", NULL)))
1861 ctx = EVP_RAND_CTX_new(rand, NULL);
1862 EVP_RAND_free(rand);
1866 memset(out, 0, sizeof(out));
1867 *p++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY,
1868 seed, sizeof(seed));
1869 *p++ = OSSL_PARAM_construct_uint(OSSL_DRBG_PARAM_MAX_REQUEST, &step);
1870 *p = OSSL_PARAM_construct_end();
1871 res = TEST_true(EVP_RAND_set_ctx_params(ctx, params))
1872 && TEST_true(EVP_RAND_generate(ctx, out, sizeof(out), 0, 1, NULL, 0))
1873 && TEST_mem_eq(seed, sizeof(seed), out, sizeof(out));
1874 EVP_RAND_CTX_free(ctx);
1879 * Test that we correctly return the original or "running" IV after
1880 * an encryption operation.
1881 * Run multiple times for some different relevant algorithms/modes.
1883 static int test_evp_iv(int idx)
1886 EVP_CIPHER_CTX *ctx = NULL;
1887 unsigned char key[16] = {0x4c, 0x43, 0xdb, 0xdd, 0x42, 0x73, 0x47, 0xd1,
1888 0xe5, 0x62, 0x7d, 0xcd, 0x4d, 0x76, 0x4d, 0x57};
1889 unsigned char init_iv[EVP_MAX_IV_LENGTH] =
1890 {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82,
1891 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34};
1892 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8,
1893 9, 10, 11, 12, 13, 14, 15, 16 };
1894 unsigned char ciphertext[32], oiv[16], iv[16];
1895 unsigned char *ref_iv;
1896 unsigned char cbc_state[16] = {0x10, 0x2f, 0x05, 0xcc, 0xc2, 0x55, 0x72, 0xb9,
1897 0x88, 0xe6, 0x4a, 0x17, 0x10, 0x74, 0x22, 0x5e};
1899 unsigned char ofb_state[16] = {0x76, 0xe6, 0x66, 0x61, 0xd0, 0x8a, 0xe4, 0x64,
1900 0xdd, 0x66, 0xbf, 0x00, 0xf0, 0xe3, 0x6f, 0xfd};
1901 unsigned char gcm_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
1902 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
1903 unsigned char ccm_state[7] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98};
1904 #ifndef OPENSSL_NO_OCB
1905 unsigned char ocb_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
1906 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
1908 int len = sizeof(ciphertext);
1909 size_t ivlen, ref_len;
1910 const EVP_CIPHER *type = NULL;
1914 type = EVP_aes_128_cbc();
1917 type = (type != NULL) ? type :
1918 EVP_CIPHER_fetch(testctx, "aes-128-cbc", NULL);
1920 ref_len = sizeof(cbc_state);
1923 type = EVP_aes_128_ofb();
1926 type = (type != NULL) ? type :
1927 EVP_CIPHER_fetch(testctx, "aes-128-ofb", NULL);
1929 ref_len = sizeof(ofb_state);
1932 type = EVP_aes_128_gcm();
1935 type = (type != NULL) ? type :
1936 EVP_CIPHER_fetch(testctx, "aes-128-gcm", NULL);
1938 ref_len = sizeof(gcm_state);
1941 type = EVP_aes_128_ccm();
1944 type = (type != NULL) ? type :
1945 EVP_CIPHER_fetch(testctx, "aes-128-ccm", NULL);
1947 ref_len = sizeof(ccm_state);
1949 #ifdef OPENSSL_NO_OCB
1955 type = EVP_aes_128_ocb();
1958 type = (type != NULL) ? type :
1959 EVP_CIPHER_fetch(testctx, "aes-128-ocb", NULL);
1961 ref_len = sizeof(ocb_state);
1969 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new()))
1970 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv))
1971 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg,
1973 || !TEST_true(EVP_CIPHER_CTX_get_iv(ctx, oiv, sizeof(oiv)))
1974 || !TEST_true(EVP_CIPHER_CTX_get_iv_state(ctx, iv, sizeof(iv)))
1975 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len)))
1977 ivlen = EVP_CIPHER_CTX_iv_length(ctx);
1978 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen)
1979 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen))
1984 EVP_CIPHER_CTX_free(ctx);
1986 EVP_CIPHER_free((EVP_CIPHER *)type);
1990 int setup_tests(void)
1992 testctx = OPENSSL_CTX_new();
1994 if (!TEST_ptr(testctx))
1997 ADD_TEST(test_EVP_set_default_properties);
1998 ADD_ALL_TESTS(test_EVP_DigestSignInit, 9);
1999 ADD_TEST(test_EVP_DigestVerifyInit);
2000 ADD_TEST(test_EVP_Enveloped);
2001 ADD_ALL_TESTS(test_d2i_AutoPrivateKey, OSSL_NELEM(keydata));
2002 ADD_TEST(test_privatekey_to_pkcs8);
2003 #ifndef OPENSSL_NO_EC
2004 ADD_TEST(test_EVP_PKCS82PKEY);
2006 #if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
2007 ADD_TEST(test_EVP_SM2);
2008 ADD_TEST(test_EVP_SM2_verify);
2010 ADD_ALL_TESTS(test_set_get_raw_keys, OSSL_NELEM(keys));
2011 #ifndef OPENSSL_NO_DEPRECATED_3_0
2012 custom_pmeth = EVP_PKEY_meth_new(0xdefaced, 0);
2013 if (!TEST_ptr(custom_pmeth))
2015 EVP_PKEY_meth_set_check(custom_pmeth, pkey_custom_check);
2016 EVP_PKEY_meth_set_public_check(custom_pmeth, pkey_custom_pub_check);
2017 EVP_PKEY_meth_set_param_check(custom_pmeth, pkey_custom_param_check);
2018 if (!TEST_int_eq(EVP_PKEY_meth_add0(custom_pmeth), 1))
2021 ADD_ALL_TESTS(test_EVP_PKEY_check, OSSL_NELEM(keycheckdata));
2022 #ifndef OPENSSL_NO_CMAC
2023 ADD_TEST(test_CMAC_keygen);
2025 ADD_TEST(test_HKDF);
2026 ADD_TEST(test_emptyikm_HKDF);
2027 #ifndef OPENSSL_NO_EC
2028 ADD_TEST(test_X509_PUBKEY_inplace);
2029 ADD_ALL_TESTS(test_invalide_ec_char2_pub_range_decode,
2030 OSSL_NELEM(ec_der_pub_keys));
2032 #ifndef OPENSSL_NO_DSA
2033 ADD_TEST(test_DSA_get_set_params);
2035 ADD_TEST(test_RSA_get_set_params);
2036 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
2037 ADD_TEST(test_decrypt_null_chunks);
2039 #ifndef OPENSSL_NO_DH
2040 ADD_TEST(test_EVP_PKEY_set1_DH);
2042 ADD_ALL_TESTS(test_keygen_with_empty_template, 2);
2043 ADD_ALL_TESTS(test_pkey_ctx_fail_without_provider, 2);
2045 ADD_TEST(test_rand_agglomeration);
2046 ADD_ALL_TESTS(test_evp_iv, 10);
2051 void cleanup_tests(void)
2053 OPENSSL_CTX_free(testctx);