2 * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
13 #include <openssl/bio.h>
14 #include <openssl/crypto.h>
15 #include <openssl/err.h>
16 #include <openssl/evp.h>
17 #include <openssl/rsa.h>
18 #include <openssl/x509.h>
19 #include <openssl/pem.h>
20 #include <openssl/kdf.h>
21 #include <openssl/provider.h>
23 #include "internal/nelem.h"
24 #include "internal/evp_int.h"
27 * kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you
28 * should never use this key anywhere but in an example.
30 static const unsigned char kExampleRSAKeyDER[] = {
31 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xf8,
32 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59,
33 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37,
34 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71,
35 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a,
36 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4,
37 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec,
38 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76,
39 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8,
40 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7,
41 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c,
42 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01,
43 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 0x6d, 0xc7,
44 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 0x32, 0x85,
45 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 0x5f, 0xee,
46 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 0x66, 0x85,
47 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 0xa4, 0x0a,
48 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 0xc2, 0x15,
49 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 0x5b, 0x83,
50 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 0x80, 0x1b,
51 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 0x99, 0x73,
52 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 0x1f, 0x99,
53 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 0xb1, 0x02,
54 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 0x40, 0x41,
55 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 0x3d, 0x59,
56 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 0xc6, 0xd9,
57 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 0x9f, 0xef,
58 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 0x46, 0x87,
59 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 0x2c, 0xdf,
60 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 0x55, 0xf5,
61 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 0xcd, 0xb5,
62 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 0xb3, 0x62,
63 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 0x9b, 0x64,
64 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 0xfa, 0xb8,
65 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 0xe8, 0xba,
66 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 0xe7, 0xfe,
67 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 0x75, 0xe7,
68 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 0x9d, 0xfe,
69 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 0xf1, 0xdb,
70 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 0x5a, 0x34,
71 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 0x84, 0x27,
72 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 0xe9, 0xc0,
73 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 0xb9, 0xba,
74 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 0x10, 0x06,
75 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 0x52, 0x2c,
76 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 0xc4, 0x1e,
77 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 0x49, 0xaf,
78 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 0xd1, 0x8a,
79 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 0x17, 0x17,
80 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 0x08, 0xf1,
81 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
85 * kExampleBadRSAKeyDER is an RSA private key in ASN.1, DER format. The private
86 * components are not correct.
88 static const unsigned char kExampleBadRSAKeyDER[] = {
89 0x30, 0x82, 0x04, 0x27, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00,
90 0xa6, 0x1a, 0x1e, 0x6e, 0x7b, 0xee, 0xc6, 0x89, 0x66, 0xe7, 0x93, 0xef,
91 0x54, 0x12, 0x68, 0xea, 0xbf, 0x86, 0x2f, 0xdd, 0xd2, 0x79, 0xb8, 0xa9,
92 0x6e, 0x03, 0xc2, 0xa3, 0xb9, 0xa3, 0xe1, 0x4b, 0x2a, 0xb3, 0xf8, 0xb4,
93 0xcd, 0xea, 0xbe, 0x24, 0xa6, 0x57, 0x5b, 0x83, 0x1f, 0x0f, 0xf2, 0xd3,
94 0xb7, 0xac, 0x7e, 0xd6, 0x8e, 0x6e, 0x1e, 0xbf, 0xb8, 0x73, 0x8c, 0x05,
95 0x56, 0xe6, 0x35, 0x1f, 0xe9, 0x04, 0x0b, 0x09, 0x86, 0x7d, 0xf1, 0x26,
96 0x08, 0x99, 0xad, 0x7b, 0xc8, 0x4d, 0x94, 0xb0, 0x0b, 0x8b, 0x38, 0xa0,
97 0x5c, 0x62, 0xa0, 0xab, 0xd3, 0x8f, 0xd4, 0x09, 0x60, 0x72, 0x1e, 0x33,
98 0x50, 0x80, 0x6e, 0x22, 0xa6, 0x77, 0x57, 0x6b, 0x9a, 0x33, 0x21, 0x66,
99 0x87, 0x6e, 0x21, 0x7b, 0xc7, 0x24, 0x0e, 0xd8, 0x13, 0xdf, 0x83, 0xde,
100 0xcd, 0x40, 0x58, 0x1d, 0x84, 0x86, 0xeb, 0xb8, 0x12, 0x4e, 0xd2, 0xfa,
101 0x80, 0x1f, 0xe4, 0xe7, 0x96, 0x29, 0xb8, 0xcc, 0xce, 0x66, 0x6d, 0x53,
102 0xca, 0xb9, 0x5a, 0xd7, 0xf6, 0x84, 0x6c, 0x2d, 0x9a, 0x1a, 0x14, 0x1c,
103 0x4e, 0x93, 0x39, 0xba, 0x74, 0xed, 0xed, 0x87, 0x87, 0x5e, 0x48, 0x75,
104 0x36, 0xf0, 0xbc, 0x34, 0xfb, 0x29, 0xf9, 0x9f, 0x96, 0x5b, 0x0b, 0xa7,
105 0x54, 0x30, 0x51, 0x29, 0x18, 0x5b, 0x7d, 0xac, 0x0f, 0xd6, 0x5f, 0x7c,
106 0xf8, 0x98, 0x8c, 0xd8, 0x86, 0x62, 0xb3, 0xdc, 0xff, 0x0f, 0xff, 0x7a,
107 0xaf, 0x5c, 0x4c, 0x61, 0x49, 0x2e, 0xc8, 0x95, 0x86, 0xc4, 0x0e, 0x87,
108 0xfc, 0x1d, 0xcf, 0x8b, 0x7c, 0x61, 0xf6, 0xd8, 0xd0, 0x69, 0xf6, 0xcd,
109 0x8a, 0x8c, 0xf6, 0x62, 0xa2, 0x56, 0xa9, 0xe3, 0xd1, 0xcf, 0x4d, 0xa0,
110 0xf6, 0x2d, 0x20, 0x0a, 0x04, 0xb7, 0xa2, 0xf7, 0xb5, 0x99, 0x47, 0x18,
111 0x56, 0x85, 0x87, 0xc7, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01,
112 0x01, 0x00, 0x99, 0x41, 0x38, 0x1a, 0xd0, 0x96, 0x7a, 0xf0, 0x83, 0xd5,
113 0xdf, 0x94, 0xce, 0x89, 0x3d, 0xec, 0x7a, 0x52, 0x21, 0x10, 0x16, 0x06,
114 0xe0, 0xee, 0xd2, 0xe6, 0xfd, 0x4b, 0x7b, 0x19, 0x4d, 0xe1, 0xc0, 0xc0,
115 0xd5, 0x14, 0x5d, 0x79, 0xdd, 0x7e, 0x8b, 0x4b, 0xc6, 0xcf, 0xb0, 0x75,
116 0x52, 0xa3, 0x2d, 0xb1, 0x26, 0x46, 0x68, 0x9c, 0x0a, 0x1a, 0xf2, 0xe1,
117 0x09, 0xac, 0x53, 0x85, 0x8c, 0x36, 0xa9, 0x14, 0x65, 0xea, 0xa0, 0x00,
118 0xcb, 0xe3, 0x3f, 0xc4, 0x2b, 0x61, 0x2e, 0x6b, 0x06, 0x69, 0x77, 0xfd,
119 0x38, 0x7e, 0x1d, 0x3f, 0x92, 0xe7, 0x77, 0x08, 0x19, 0xa7, 0x9d, 0x29,
120 0x2d, 0xdc, 0x42, 0xc6, 0x7c, 0xd7, 0xd3, 0xa8, 0x01, 0x2c, 0xf2, 0xd5,
121 0x82, 0x57, 0xcb, 0x55, 0x3d, 0xe7, 0xaa, 0xd2, 0x06, 0x30, 0x30, 0x05,
122 0xe6, 0xf2, 0x47, 0x86, 0xba, 0xc6, 0x61, 0x64, 0xeb, 0x4f, 0x2a, 0x5e,
123 0x07, 0x29, 0xe0, 0x96, 0xb2, 0x43, 0xff, 0x5f, 0x1a, 0x54, 0x16, 0xcf,
124 0xb5, 0x56, 0x5c, 0xa0, 0x9b, 0x0c, 0xfd, 0xb3, 0xd2, 0xe3, 0x79, 0x1d,
125 0x21, 0xe2, 0xd6, 0x13, 0xc4, 0x74, 0xa6, 0xf5, 0x8e, 0x8e, 0x81, 0xbb,
126 0xb4, 0xad, 0x8a, 0xf0, 0x93, 0x0a, 0xd8, 0x0a, 0x42, 0x36, 0xbc, 0xe5,
127 0x26, 0x2a, 0x0d, 0x5d, 0x57, 0x13, 0xc5, 0x4e, 0x2f, 0x12, 0x0e, 0xef,
128 0xa7, 0x81, 0x1e, 0xc3, 0xa5, 0xdb, 0xc9, 0x24, 0xeb, 0x1a, 0xa1, 0xf9,
129 0xf6, 0xa1, 0x78, 0x98, 0x93, 0x77, 0x42, 0x45, 0x03, 0xe2, 0xc9, 0xa2,
130 0xfe, 0x2d, 0x77, 0xc8, 0xc6, 0xac, 0x9b, 0x98, 0x89, 0x6d, 0x9a, 0xe7,
131 0x61, 0x63, 0xb7, 0xf2, 0xec, 0xd6, 0xb1, 0xa1, 0x6e, 0x0a, 0x1a, 0xff,
132 0xfd, 0x43, 0x28, 0xc3, 0x0c, 0xdc, 0xf2, 0x47, 0x4f, 0x27, 0xaa, 0x99,
133 0x04, 0x8e, 0xac, 0xe8, 0x7c, 0x01, 0x02, 0x04, 0x12, 0x34, 0x56, 0x78,
134 0x02, 0x81, 0x81, 0x00, 0xca, 0x69, 0xe5, 0xbb, 0x3a, 0x90, 0x82, 0xcb,
135 0x82, 0x50, 0x2f, 0x29, 0xe2, 0x76, 0x6a, 0x57, 0x55, 0x45, 0x4e, 0x35,
136 0x18, 0x61, 0xe0, 0x12, 0x70, 0xc0, 0xab, 0xc7, 0x80, 0xa2, 0xd4, 0x46,
137 0x34, 0x03, 0xa0, 0x19, 0x26, 0x23, 0x9e, 0xef, 0x1a, 0xcb, 0x75, 0xd6,
138 0xba, 0x81, 0xf4, 0x7e, 0x52, 0xe5, 0x2a, 0xe8, 0xf1, 0x49, 0x6c, 0x0f,
139 0x1a, 0xa0, 0xf9, 0xc6, 0xe7, 0xec, 0x60, 0xe4, 0xcb, 0x2a, 0xb5, 0x56,
140 0xe9, 0x9c, 0xcd, 0x19, 0x75, 0x92, 0xb1, 0x66, 0xce, 0xc3, 0xd9, 0x3d,
141 0x11, 0xcb, 0xc4, 0x09, 0xce, 0x1e, 0x30, 0xba, 0x2f, 0x60, 0x60, 0x55,
142 0x8d, 0x02, 0xdc, 0x5d, 0xaf, 0xf7, 0x52, 0x31, 0x17, 0x07, 0x53, 0x20,
143 0x33, 0xad, 0x8c, 0xd5, 0x2f, 0x5a, 0xd0, 0x57, 0xd7, 0xd1, 0x80, 0xd6,
144 0x3a, 0x9b, 0x04, 0x4f, 0x35, 0xbf, 0xe7, 0xd5, 0xbc, 0x8f, 0xd4, 0x81,
145 0x02, 0x81, 0x81, 0x00, 0xc0, 0x9f, 0xf8, 0xcd, 0xf7, 0x3f, 0x26, 0x8a,
146 0x3d, 0x4d, 0x2b, 0x0c, 0x01, 0xd0, 0xa2, 0xb4, 0x18, 0xfe, 0xf7, 0x5e,
147 0x2f, 0x06, 0x13, 0xcd, 0x63, 0xaa, 0x12, 0xa9, 0x24, 0x86, 0xe3, 0xf3,
148 0x7b, 0xda, 0x1a, 0x3c, 0xb1, 0x38, 0x80, 0x80, 0xef, 0x64, 0x64, 0xa1,
149 0x9b, 0xfe, 0x76, 0x63, 0x8e, 0x83, 0xd2, 0xd9, 0xb9, 0x86, 0xb0, 0xe6,
150 0xa6, 0x0c, 0x7e, 0xa8, 0x84, 0x90, 0x98, 0x0c, 0x1e, 0xf3, 0x14, 0x77,
151 0xe0, 0x5f, 0x81, 0x08, 0x11, 0x8f, 0xa6, 0x23, 0xc4, 0xba, 0xc0, 0x8a,
152 0xe4, 0xc6, 0xe3, 0x5c, 0xbe, 0xc5, 0xec, 0x2c, 0xb9, 0xd8, 0x8c, 0x4d,
153 0x1a, 0x9d, 0xe7, 0x7c, 0x85, 0x4c, 0x0d, 0x71, 0x4e, 0x72, 0x33, 0x1b,
154 0xfe, 0xa9, 0x17, 0x72, 0x76, 0x56, 0x9d, 0x74, 0x7e, 0x52, 0x67, 0x9a,
155 0x87, 0x9a, 0xdb, 0x30, 0xde, 0xe4, 0x49, 0x28, 0x3b, 0xd2, 0x67, 0xaf,
156 0x02, 0x81, 0x81, 0x00, 0x89, 0x74, 0x9a, 0x8e, 0xa7, 0xb9, 0xa5, 0x28,
157 0xc0, 0x68, 0xe5, 0x6e, 0x63, 0x1c, 0x99, 0x20, 0x8f, 0x86, 0x8e, 0x12,
158 0x9e, 0x69, 0x30, 0xfa, 0x34, 0xd9, 0x92, 0x8d, 0xdb, 0x7c, 0x37, 0xfd,
159 0x28, 0xab, 0x61, 0x98, 0x52, 0x7f, 0x14, 0x1a, 0x39, 0xae, 0xfb, 0x6a,
160 0x03, 0xa3, 0xe6, 0xbd, 0xb6, 0x5b, 0x6b, 0xe5, 0x5e, 0x9d, 0xc6, 0xa5,
161 0x07, 0x27, 0x54, 0x17, 0xd0, 0x3d, 0x84, 0x9b, 0x3a, 0xa0, 0xd9, 0x1e,
162 0x99, 0x6c, 0x63, 0x17, 0xab, 0xf1, 0x1f, 0x49, 0xba, 0x95, 0xe3, 0x3b,
163 0x86, 0x8f, 0x42, 0xa4, 0x89, 0xf5, 0x94, 0x8f, 0x8b, 0x46, 0xbe, 0x84,
164 0xba, 0x4a, 0xbc, 0x0d, 0x5f, 0x46, 0xeb, 0xe8, 0xec, 0x43, 0x8c, 0x1e,
165 0xad, 0x19, 0x69, 0x2f, 0x08, 0x86, 0x7a, 0x3f, 0x7d, 0x0f, 0x07, 0x97,
166 0xf3, 0x9a, 0x7b, 0xb5, 0xb2, 0xc1, 0x8c, 0x95, 0x68, 0x04, 0xa0, 0x81,
167 0x02, 0x81, 0x80, 0x4e, 0xbf, 0x7e, 0x1b, 0xcb, 0x13, 0x61, 0x75, 0x3b,
168 0xdb, 0x59, 0x5f, 0xb1, 0xd4, 0xb8, 0xeb, 0x9e, 0x73, 0xb5, 0xe7, 0xf6,
169 0x89, 0x3d, 0x1c, 0xda, 0xf0, 0x36, 0xff, 0x35, 0xbd, 0x1e, 0x0b, 0x74,
170 0xe3, 0x9e, 0xf0, 0xf2, 0xf7, 0xd7, 0x82, 0xb7, 0x7b, 0x6a, 0x1b, 0x0e,
171 0x30, 0x4a, 0x98, 0x0e, 0xb4, 0xf9, 0x81, 0x07, 0xe4, 0x75, 0x39, 0xe9,
172 0x53, 0xca, 0xbb, 0x5c, 0xaa, 0x93, 0x07, 0x0e, 0xa8, 0x2f, 0xba, 0x98,
173 0x49, 0x30, 0xa7, 0xcc, 0x1a, 0x3c, 0x68, 0x0c, 0xe1, 0xa4, 0xb1, 0x05,
174 0xe6, 0xe0, 0x25, 0x78, 0x58, 0x14, 0x37, 0xf5, 0x1f, 0xe3, 0x22, 0xef,
175 0xa8, 0x0e, 0x22, 0xa0, 0x94, 0x3a, 0xf6, 0xc9, 0x13, 0xe6, 0x06, 0xbf,
176 0x7f, 0x99, 0xc6, 0xcc, 0xd8, 0xc6, 0xbe, 0xd9, 0x2e, 0x24, 0xc7, 0x69,
177 0x8c, 0x95, 0xba, 0xf6, 0x04, 0xb3, 0x0a, 0xf4, 0xcb, 0xf0, 0xce,
180 static const unsigned char kMsg[] = { 1, 2, 3, 4 };
182 static const unsigned char kSignature[] = {
183 0xa5, 0xf0, 0x8a, 0x47, 0x5d, 0x3c, 0xb3, 0xcc, 0xa9, 0x79, 0xaf, 0x4d,
184 0x8c, 0xae, 0x4c, 0x14, 0xef, 0xc2, 0x0b, 0x34, 0x36, 0xde, 0xf4, 0x3e,
185 0x3d, 0xbb, 0x4a, 0x60, 0x5c, 0xc8, 0x91, 0x28, 0xda, 0xfb, 0x7e, 0x04,
186 0x96, 0x7e, 0x63, 0x13, 0x90, 0xce, 0xb9, 0xb4, 0x62, 0x7a, 0xfd, 0x09,
187 0x3d, 0xc7, 0x67, 0x78, 0x54, 0x04, 0xeb, 0x52, 0x62, 0x6e, 0x24, 0x67,
188 0xb4, 0x40, 0xfc, 0x57, 0x62, 0xc6, 0xf1, 0x67, 0xc1, 0x97, 0x8f, 0x6a,
189 0xa8, 0xae, 0x44, 0x46, 0x5e, 0xab, 0x67, 0x17, 0x53, 0x19, 0x3a, 0xda,
190 0x5a, 0xc8, 0x16, 0x3e, 0x86, 0xd5, 0xc5, 0x71, 0x2f, 0xfc, 0x23, 0x48,
191 0xd9, 0x0b, 0x13, 0xdd, 0x7b, 0x5a, 0x25, 0x79, 0xef, 0xa5, 0x7b, 0x04,
192 0xed, 0x44, 0xf6, 0x18, 0x55, 0xe4, 0x0a, 0xe9, 0x57, 0x79, 0x5d, 0xd7,
193 0x55, 0xa7, 0xab, 0x45, 0x02, 0x97, 0x60, 0x42,
197 * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS #8
200 static const unsigned char kExampleRSAKeyPKCS8[] = {
201 0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
202 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
203 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
204 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5,
205 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e,
206 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34,
207 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde,
208 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8,
209 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b,
210 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83,
211 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48,
212 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a,
213 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2,
214 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01,
215 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a,
216 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5,
217 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6,
218 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8,
219 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6,
220 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f,
221 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c,
222 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78,
223 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71,
224 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60,
225 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d,
226 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3,
227 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d,
228 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18,
229 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d,
230 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32,
231 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc,
232 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63,
233 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05,
234 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16,
235 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3,
236 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85,
237 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97,
238 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7,
239 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99,
240 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4,
241 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d,
242 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40,
243 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26,
244 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1,
245 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c,
246 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30,
247 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea,
248 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b,
249 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e,
250 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9,
251 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae,
252 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d,
253 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
256 #ifndef OPENSSL_NO_EC
258 * kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey
261 static const unsigned char kExampleECKeyDER[] = {
262 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x07, 0x0f, 0x08, 0x72, 0x7a,
263 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 0x4d, 0x89, 0x68, 0x77, 0x08,
264 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 0xe8, 0xd1, 0xc9, 0xce, 0x0a,
265 0x8b, 0xb4, 0x6a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
266 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69,
267 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c,
268 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9,
269 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18,
270 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16,
271 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22,
276 * kExampleBadECKeyDER is a sample EC private key encoded as an ECPrivateKey
277 * structure. The private key is equal to the order and will fail to import
279 static const unsigned char kExampleBadECKeyDER[] = {
280 0x30, 0x66, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48,
281 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03,
282 0x01, 0x07, 0x04, 0x4C, 0x30, 0x4A, 0x02, 0x01, 0x01, 0x04, 0x20, 0xFF,
283 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
284 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3,
285 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51, 0xA1, 0x23, 0x03, 0x21, 0x00,
286 0x00, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
287 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84,
288 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51
292 static const unsigned char kExampleECPubKeyDER[] = {
293 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
294 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
295 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
296 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
297 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
298 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
299 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
300 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
304 * kExampleBadECKeyDER is a sample EC public key with a wrong OID
305 * 1.2.840.10045.2.2 instead of 1.2.840.10045.2.1 - EC Public Key
307 static const unsigned char kExampleBadECPubKeyDER[] = {
308 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
309 0x02, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
310 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
311 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
312 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
313 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
314 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
315 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
318 static const unsigned char pExampleECParamDER[] = {
319 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07
323 typedef struct APK_DATA_st {
324 const unsigned char *kder;
330 int type; /* 0 for private, 1 for public, 2 for params */
333 static APK_DATA keydata[] = {
334 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), EVP_PKEY_RSA},
335 {kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), EVP_PKEY_RSA},
336 #ifndef OPENSSL_NO_EC
337 {kExampleECKeyDER, sizeof(kExampleECKeyDER), EVP_PKEY_EC}
341 static APK_DATA keycheckdata[] = {
342 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), EVP_PKEY_RSA, 1, -2, -2, 0},
343 {kExampleBadRSAKeyDER, sizeof(kExampleBadRSAKeyDER), EVP_PKEY_RSA,
345 #ifndef OPENSSL_NO_EC
346 {kExampleECKeyDER, sizeof(kExampleECKeyDER), EVP_PKEY_EC, 1, 1, 1, 0},
347 /* group is also associated in our pub key */
348 {kExampleECPubKeyDER, sizeof(kExampleECPubKeyDER), EVP_PKEY_EC, 0, 1, 1, 1},
349 {pExampleECParamDER, sizeof(pExampleECParamDER), EVP_PKEY_EC, 0, 0, 1, 2}
353 static EVP_PKEY *load_example_rsa_key(void)
355 EVP_PKEY *ret = NULL;
356 const unsigned char *derp = kExampleRSAKeyDER;
357 EVP_PKEY *pkey = NULL;
360 if (!TEST_true(d2i_RSAPrivateKey(&rsa, &derp, sizeof(kExampleRSAKeyDER))))
363 if (!TEST_ptr(pkey = EVP_PKEY_new())
364 || !TEST_true(EVP_PKEY_set1_RSA(pkey, rsa)))
377 static int test_EVP_Enveloped(void)
380 EVP_CIPHER_CTX *ctx = NULL;
381 EVP_PKEY *keypair = NULL;
382 unsigned char *kek = NULL;
383 unsigned char iv[EVP_MAX_IV_LENGTH];
384 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8 };
385 int len, kek_len, ciphertext_len, plaintext_len;
386 unsigned char ciphertext[32], plaintext[16];
387 const EVP_CIPHER *type = EVP_aes_256_cbc();
389 if (!TEST_ptr(keypair = load_example_rsa_key())
390 || !TEST_ptr(kek = OPENSSL_zalloc(EVP_PKEY_size(keypair)))
391 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
392 || !TEST_true(EVP_SealInit(ctx, type, &kek, &kek_len, iv,
394 || !TEST_true(EVP_SealUpdate(ctx, ciphertext, &ciphertext_len,
396 || !TEST_true(EVP_SealFinal(ctx, ciphertext + ciphertext_len,
400 ciphertext_len += len;
402 if (!TEST_true(EVP_OpenInit(ctx, type, kek, kek_len, iv, keypair))
403 || !TEST_true(EVP_OpenUpdate(ctx, plaintext, &plaintext_len,
404 ciphertext, ciphertext_len))
405 || !TEST_true(EVP_OpenFinal(ctx, plaintext + plaintext_len, &len)))
408 plaintext_len += len;
409 if (!TEST_mem_eq(msg, sizeof(msg), plaintext, plaintext_len))
415 EVP_PKEY_free(keypair);
416 EVP_CIPHER_CTX_free(ctx);
421 static int test_EVP_DigestSignInit(void)
424 EVP_PKEY *pkey = NULL;
425 unsigned char *sig = NULL;
427 EVP_MD_CTX *md_ctx, *md_ctx_verify = NULL;
429 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new())
430 || !TEST_ptr(md_ctx_verify = EVP_MD_CTX_new())
431 || !TEST_ptr(pkey = load_example_rsa_key()))
434 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, EVP_sha256(), NULL, pkey))
435 || !TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
438 /* Determine the size of the signature. */
439 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len))
440 || !TEST_size_t_eq(sig_len, (size_t)EVP_PKEY_size(pkey)))
443 if (!TEST_ptr(sig = OPENSSL_malloc(sig_len))
444 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
447 /* Ensure that the signature round-trips. */
448 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, EVP_sha256(),
450 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify,
452 || !TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)))
458 EVP_MD_CTX_free(md_ctx);
459 EVP_MD_CTX_free(md_ctx_verify);
466 static int test_EVP_DigestVerifyInit(void)
469 EVP_PKEY *pkey = NULL;
470 EVP_MD_CTX *md_ctx = NULL;
472 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new())
473 || !TEST_ptr(pkey = load_example_rsa_key()))
476 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, EVP_sha256(), NULL, pkey))
477 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)))
478 || !TEST_true(EVP_DigestVerifyFinal(md_ctx, kSignature,
479 sizeof(kSignature))))
484 EVP_MD_CTX_free(md_ctx);
489 static int test_d2i_AutoPrivateKey(int i)
492 const unsigned char *p;
493 EVP_PKEY *pkey = NULL;
494 const APK_DATA *ak = &keydata[i];
495 const unsigned char *input = ak->kder;
496 size_t input_len = ak->size;
497 int expected_id = ak->evptype;
500 if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len))
501 || !TEST_ptr_eq(p, input + input_len)
502 || !TEST_int_eq(EVP_PKEY_id(pkey), expected_id))
512 #ifndef OPENSSL_NO_EC
513 /* Tests loading a bad key in PKCS8 format */
514 static int test_EVP_PKCS82PKEY(void)
517 const unsigned char *derp = kExampleBadECKeyDER;
518 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
519 EVP_PKEY *pkey = NULL;
521 if (!TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &derp,
522 sizeof(kExampleBadECKeyDER))))
525 if (!TEST_ptr_eq(derp,
526 kExampleBadECKeyDER + sizeof(kExampleBadECKeyDER)))
529 if (!TEST_ptr_null(pkey = EVP_PKCS82PKEY(p8inf)))
535 PKCS8_PRIV_KEY_INFO_free(p8inf);
542 #ifndef OPENSSL_NO_SM2
544 static int test_EVP_SM2_verify(void)
546 /* From https://tools.ietf.org/html/draft-shen-sm2-ecdsa-02#appendix-A */
548 "-----BEGIN PUBLIC KEY-----\n"
549 "MIIBMzCB7AYHKoZIzj0CATCB4AIBATAsBgcqhkjOPQEBAiEAhULWnkwETxjouSQ1\n"
550 "v2/33kVyg5FcRVF9ci7biwjx38MwRAQgeHlotPoyw/0kF4Quc7v+/y88hItoMdfg\n"
551 "7GUiizk35JgEIGPkxtOyOwyEnPhCQUhL/kj2HVmlsWugbm4S0donxSSaBEEEQh3r\n"
552 "1hti6rZ0ZDTrw8wxXjIiCzut1QvcTE5sFH/t1D0GgFEry7QsB9RzSdIVO3DE5df9\n"
553 "/L+jbqGoWEG55G4JogIhAIVC1p5MBE8Y6LkkNb9v990pdyBjBIVijVrnTufDLnm3\n"
554 "AgEBA0IABArkx3mKoPEZRxvuEYJb5GICu3nipYRElel8BP9N8lSKfAJA+I8c1OFj\n"
555 "Uqc8F7fxbwc1PlOhdtaEqf4Ma7eY6Fc=\n"
556 "-----END PUBLIC KEY-----\n";
558 const char *msg = "message digest";
559 const char *id = "ALICE123@YAHOO.COM";
561 const uint8_t signature[] = {
562 0x30, 0x44, 0x02, 0x20,
564 0x40, 0xF1, 0xEC, 0x59, 0xF7, 0x93, 0xD9, 0xF4, 0x9E, 0x09, 0xDC,
565 0xEF, 0x49, 0x13, 0x0D, 0x41, 0x94, 0xF7, 0x9F, 0xB1, 0xEE, 0xD2,
566 0xCA, 0xA5, 0x5B, 0xAC, 0xDB, 0x49, 0xC4, 0xE7, 0x55, 0xD1,
570 0x6F, 0xC6, 0xDA, 0xC3, 0x2C, 0x5D, 0x5C, 0xF1, 0x0C, 0x77, 0xDF,
571 0xB2, 0x0F, 0x7C, 0x2E, 0xB6, 0x67, 0xA4, 0x57, 0x87, 0x2F, 0xB0,
572 0x9E, 0xC5, 0x63, 0x27, 0xA6, 0x7E, 0xC7, 0xDE, 0xEB, 0xE7
577 EVP_PKEY *pkey = NULL;
578 EVP_MD_CTX *mctx = NULL;
579 EVP_PKEY_CTX *pctx = NULL;
581 bio = BIO_new_mem_buf(pubkey, strlen(pubkey));
582 if (!TEST_true(bio != NULL))
585 pkey = PEM_read_bio_PUBKEY(bio, NULL, NULL, NULL);
586 if (!TEST_true(pkey != NULL))
589 if (!TEST_true(EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2)))
592 if (!TEST_ptr(mctx = EVP_MD_CTX_new()))
595 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new(pkey, NULL)))
598 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(pctx, (const uint8_t *)id,
602 EVP_MD_CTX_set_pkey_ctx(mctx, pctx);
604 if (!TEST_true(EVP_DigestVerifyInit(mctx, NULL, EVP_sm3(), NULL, pkey)))
607 if (!TEST_true(EVP_DigestVerifyUpdate(mctx, msg, strlen(msg))))
610 if (!TEST_true(EVP_DigestVerifyFinal(mctx, signature, sizeof(signature))))
617 EVP_PKEY_CTX_free(pctx);
618 EVP_MD_CTX_free(mctx);
622 static int test_EVP_SM2(void)
625 EVP_PKEY *pkey = NULL;
626 EVP_PKEY *params = NULL;
627 EVP_PKEY_CTX *pctx = NULL;
628 EVP_PKEY_CTX *kctx = NULL;
629 EVP_PKEY_CTX *sctx = NULL;
631 unsigned char *sig = NULL;
632 EVP_MD_CTX *md_ctx = NULL;
633 EVP_MD_CTX *md_ctx_verify = NULL;
634 EVP_PKEY_CTX *cctx = NULL;
636 uint8_t ciphertext[128];
637 size_t ctext_len = sizeof(ciphertext);
639 uint8_t plaintext[8];
640 size_t ptext_len = sizeof(plaintext);
642 uint8_t sm2_id[] = {1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r'};
644 pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
648 if (!TEST_true(EVP_PKEY_paramgen_init(pctx) == 1))
651 if (!TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, NID_sm2)))
654 if (!TEST_true(EVP_PKEY_paramgen(pctx, ¶ms)))
657 kctx = EVP_PKEY_CTX_new(params, NULL);
661 if (!TEST_true(EVP_PKEY_keygen_init(kctx)))
664 if (!TEST_true(EVP_PKEY_keygen(kctx, &pkey)))
667 if (!TEST_true(EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2)))
670 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
673 if (!TEST_ptr(md_ctx_verify = EVP_MD_CTX_new()))
676 if (!TEST_ptr(sctx = EVP_PKEY_CTX_new(pkey, NULL)))
679 EVP_MD_CTX_set_pkey_ctx(md_ctx, sctx);
680 EVP_MD_CTX_set_pkey_ctx(md_ctx_verify, sctx);
682 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
685 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, EVP_sm3(), NULL, pkey)))
688 if(!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
691 /* Determine the size of the signature. */
692 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len)))
695 if (!TEST_size_t_eq(sig_len, (size_t)EVP_PKEY_size(pkey)))
698 if (!TEST_ptr(sig = OPENSSL_malloc(sig_len)))
701 if (!TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
704 /* Ensure that the signature round-trips. */
706 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, EVP_sm3(), NULL, pkey)))
709 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg))))
712 if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)))
715 /* now check encryption/decryption */
717 if (!TEST_ptr(cctx = EVP_PKEY_CTX_new(pkey, NULL)))
720 if (!TEST_true(EVP_PKEY_encrypt_init(cctx)))
723 if (!TEST_true(EVP_PKEY_encrypt(cctx, ciphertext, &ctext_len, kMsg, sizeof(kMsg))))
726 if (!TEST_true(EVP_PKEY_decrypt_init(cctx)))
729 if (!TEST_true(EVP_PKEY_decrypt(cctx, plaintext, &ptext_len, ciphertext, ctext_len)))
732 if (!TEST_true(ptext_len == sizeof(kMsg)))
735 if (!TEST_true(memcmp(plaintext, kMsg, sizeof(kMsg)) == 0))
740 EVP_PKEY_CTX_free(pctx);
741 EVP_PKEY_CTX_free(kctx);
742 EVP_PKEY_CTX_free(sctx);
743 EVP_PKEY_CTX_free(cctx);
745 EVP_PKEY_free(params);
746 EVP_MD_CTX_free(md_ctx);
747 EVP_MD_CTX_free(md_ctx_verify);
754 static struct keys_st {
760 EVP_PKEY_HMAC, "0123456789", NULL
762 EVP_PKEY_POLY1305, "01234567890123456789012345678901", NULL
764 EVP_PKEY_SIPHASH, "0123456789012345", NULL
766 #ifndef OPENSSL_NO_EC
768 EVP_PKEY_X25519, "01234567890123456789012345678901",
769 "abcdefghijklmnopqrstuvwxyzabcdef"
771 EVP_PKEY_ED25519, "01234567890123456789012345678901",
772 "abcdefghijklmnopqrstuvwxyzabcdef"
775 "01234567890123456789012345678901234567890123456789012345",
776 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd"
779 "012345678901234567890123456789012345678901234567890123456",
780 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcde"
785 static int test_set_get_raw_keys_int(int tst, int pub)
788 unsigned char buf[80];
790 size_t inlen, len = 0;
793 /* Check if this algorithm supports public keys */
794 if (keys[tst].pub == NULL)
797 memset(buf, 0, sizeof(buf));
800 inlen = strlen(keys[tst].pub);
801 in = (unsigned char *)keys[tst].pub;
802 pkey = EVP_PKEY_new_raw_public_key(keys[tst].type,
807 inlen = strlen(keys[tst].priv);
808 in = (unsigned char *)keys[tst].priv;
809 pkey = EVP_PKEY_new_raw_private_key(keys[tst].type,
816 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, NULL, &len)))
817 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, NULL, &len)))
818 || !TEST_true(len == inlen)
819 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, buf, &len)))
820 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, buf, &len)))
821 || !TEST_mem_eq(in, inlen, buf, len))
830 static int test_set_get_raw_keys(int tst)
832 return test_set_get_raw_keys_int(tst, 0)
833 && test_set_get_raw_keys_int(tst, 1);
836 static int pkey_custom_check(EVP_PKEY *pkey)
841 static int pkey_custom_pub_check(EVP_PKEY *pkey)
846 static int pkey_custom_param_check(EVP_PKEY *pkey)
851 static EVP_PKEY_METHOD *custom_pmeth;
853 static int test_EVP_PKEY_check(int i)
856 const unsigned char *p;
857 EVP_PKEY *pkey = NULL;
858 #ifndef OPENSSL_NO_EC
859 EC_KEY *eckey = NULL;
861 EVP_PKEY_CTX *ctx = NULL;
862 EVP_PKEY_CTX *ctx2 = NULL;
863 const APK_DATA *ak = &keycheckdata[i];
864 const unsigned char *input = ak->kder;
865 size_t input_len = ak->size;
866 int expected_id = ak->evptype;
867 int expected_check = ak->check;
868 int expected_pub_check = ak->pub_check;
869 int expected_param_check = ak->param_check;
877 if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len))
878 || !TEST_ptr_eq(p, input + input_len)
879 || !TEST_int_eq(EVP_PKEY_id(pkey), expected_id))
882 #ifndef OPENSSL_NO_EC
884 if (!TEST_ptr(pubkey = BIO_new_mem_buf(input, input_len))
885 || !TEST_ptr(eckey = d2i_EC_PUBKEY_bio(pubkey, NULL))
886 || !TEST_ptr(pkey = EVP_PKEY_new())
887 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
891 if (!TEST_ptr(eckey = d2i_ECParameters(NULL, &p, input_len))
892 || !TEST_ptr_eq(p, input + input_len)
893 || !TEST_ptr(pkey = EVP_PKEY_new())
894 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
902 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new(pkey, NULL)))
905 if (!TEST_int_eq(EVP_PKEY_check(ctx), expected_check))
908 if (!TEST_int_eq(EVP_PKEY_public_check(ctx), expected_pub_check))
911 if (!TEST_int_eq(EVP_PKEY_param_check(ctx), expected_param_check))
914 ctx2 = EVP_PKEY_CTX_new_id(0xdefaced, NULL);
915 /* assign the pkey directly, as an internal test */
916 EVP_PKEY_up_ref(pkey);
919 if (!TEST_int_eq(EVP_PKEY_check(ctx2), 0xbeef))
922 if (!TEST_int_eq(EVP_PKEY_public_check(ctx2), 0xbeef))
925 if (!TEST_int_eq(EVP_PKEY_param_check(ctx2), 0xbeef))
931 EVP_PKEY_CTX_free(ctx);
932 EVP_PKEY_CTX_free(ctx2);
938 static int test_HKDF(void)
941 unsigned char out[20];
944 unsigned char salt[] = "0123456789";
945 unsigned char key[] = "012345678901234567890123456789";
946 unsigned char info[] = "infostring";
947 const unsigned char expected[] = {
948 0xe5, 0x07, 0x70, 0x7f, 0xc6, 0x78, 0xd6, 0x54, 0x32, 0x5f, 0x7e, 0xc5,
949 0x7b, 0x59, 0x3e, 0xd8, 0x03, 0x6b, 0xed, 0xca
951 size_t expectedlen = sizeof(expected);
953 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL)))
956 /* We do this twice to test reuse of the EVP_PKEY_CTX */
957 for (i = 0; i < 2; i++) {
958 outlen = sizeof(out);
959 memset(out, 0, outlen);
961 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
962 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
963 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
964 sizeof(salt) - 1), 0)
965 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
967 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
968 sizeof(info) - 1), 0)
969 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
970 || !TEST_mem_eq(out, outlen, expected, expectedlen))
977 EVP_PKEY_CTX_free(pctx);
982 #ifndef OPENSSL_NO_EC
983 static int test_X509_PUBKEY_inplace(void)
986 X509_PUBKEY *xp = NULL;
987 const unsigned char *p = kExampleECPubKeyDER;
988 size_t input_len = sizeof(kExampleECPubKeyDER);
990 if (!TEST_ptr(xp = d2i_X509_PUBKEY(NULL, &p, input_len)))
993 if (!TEST_ptr(X509_PUBKEY_get0(xp)))
996 p = kExampleBadECPubKeyDER;
997 input_len = sizeof(kExampleBadECPubKeyDER);
999 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len)))
1002 if (!TEST_true(X509_PUBKEY_get0(xp) == NULL))
1008 X509_PUBKEY_free(xp);
1014 static int calculate_digest(const EVP_MD *md, const char *msg, size_t len,
1015 const unsigned char *exptd)
1017 unsigned char out[SHA256_DIGEST_LENGTH];
1021 if (!TEST_ptr(ctx = EVP_MD_CTX_new())
1022 || !TEST_true(EVP_DigestInit_ex(ctx, md, NULL))
1023 || !TEST_true(EVP_DigestUpdate(ctx, msg, len))
1024 || !TEST_true(EVP_DigestFinal_ex(ctx, out, NULL))
1025 || !TEST_mem_eq(out, SHA256_DIGEST_LENGTH, exptd,
1026 SHA256_DIGEST_LENGTH))
1031 EVP_MD_CTX_free(ctx);
1035 * Test EVP_MD_fetch()
1037 * Test 0: Test with the default OPENSSL_CTX
1038 * Test 1: Test with an explicit OPENSSL_CTX
1039 * Test 2: Explicit OPENSSL_CTX with explicit load of default provider
1041 static int test_EVP_MD_fetch(int tst)
1043 OPENSSL_CTX *ctx = NULL;
1045 OSSL_PROVIDER *prov = NULL;
1047 const char testmsg[] = "Hello world";
1048 const unsigned char exptd[] = {
1049 0x27, 0x51, 0x8b, 0xa9, 0x68, 0x30, 0x11, 0xf6, 0xb3, 0x96, 0x07, 0x2c,
1050 0x05, 0xf6, 0x65, 0x6d, 0x04, 0xf5, 0xfb, 0xc3, 0x78, 0x7c, 0xf9, 0x24,
1051 0x90, 0xec, 0x60, 0x6e, 0x50, 0x92, 0xe3, 0x26
1055 ctx = OPENSSL_CTX_new();
1060 prov = OSSL_PROVIDER_load(ctx, "default");
1061 if (!TEST_ptr(prov))
1066 /* Implicit fetching of the MD should produce the expected result */
1067 if (!TEST_true(calculate_digest(EVP_sha256(), testmsg, sizeof(testmsg),
1071 * Test that without loading any providers or specifying any properties we
1072 * can get a sha256 md from the default provider.
1074 if (!TEST_ptr(md = EVP_MD_fetch(ctx, "SHA256", NULL))
1076 || !TEST_int_eq(EVP_MD_nid(md), NID_sha256)
1077 || !TEST_true(calculate_digest(md, testmsg, sizeof(testmsg), exptd)))
1080 /* Also test EVP_MD_upref() while we're doing this */
1081 if (!TEST_true(EVP_MD_upref(md)))
1083 /* Ref count should now be 2. Release both */
1084 EVP_MD_meth_free(md);
1085 EVP_MD_meth_free(md);
1089 * We've only loaded the default provider so explicitly asking for a
1090 * non-default implementation should fail.
1092 if (!TEST_ptr_null(md = EVP_MD_fetch(ctx, "SHA256", "default=no")))
1095 /* Explicitly asking for the default implementation should succeeed */
1096 if (!TEST_ptr(md = EVP_MD_fetch(ctx, "SHA256", "default=yes"))
1097 || !TEST_int_eq(EVP_MD_nid(md), NID_sha256)
1098 || !TEST_true(calculate_digest(md, testmsg, sizeof(testmsg), exptd)))
1101 EVP_MD_meth_free(md);
1107 EVP_MD_meth_free(md);
1108 OSSL_PROVIDER_unload(prov);
1109 OPENSSL_CTX_free(ctx);
1113 int setup_tests(void)
1115 ADD_TEST(test_EVP_DigestSignInit);
1116 ADD_TEST(test_EVP_DigestVerifyInit);
1117 ADD_TEST(test_EVP_Enveloped);
1118 ADD_ALL_TESTS(test_d2i_AutoPrivateKey, OSSL_NELEM(keydata));
1119 #ifndef OPENSSL_NO_EC
1120 ADD_TEST(test_EVP_PKCS82PKEY);
1122 #ifndef OPENSSL_NO_SM2
1123 ADD_TEST(test_EVP_SM2);
1124 ADD_TEST(test_EVP_SM2_verify);
1126 ADD_ALL_TESTS(test_set_get_raw_keys, OSSL_NELEM(keys));
1127 custom_pmeth = EVP_PKEY_meth_new(0xdefaced, 0);
1128 if (!TEST_ptr(custom_pmeth))
1130 EVP_PKEY_meth_set_check(custom_pmeth, pkey_custom_check);
1131 EVP_PKEY_meth_set_public_check(custom_pmeth, pkey_custom_pub_check);
1132 EVP_PKEY_meth_set_param_check(custom_pmeth, pkey_custom_param_check);
1133 if (!TEST_int_eq(EVP_PKEY_meth_add0(custom_pmeth), 1))
1135 ADD_ALL_TESTS(test_EVP_PKEY_check, OSSL_NELEM(keycheckdata));
1136 ADD_TEST(test_HKDF);
1137 #ifndef OPENSSL_NO_EC
1138 ADD_TEST(test_X509_PUBKEY_inplace);
1140 ADD_ALL_TESTS(test_EVP_MD_fetch, 3);