2 * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
13 #include <openssl/bio.h>
14 #include <openssl/conf.h>
15 #include <openssl/crypto.h>
16 #include <openssl/err.h>
17 #include <openssl/evp.h>
18 #include <openssl/rsa.h>
19 #include <openssl/x509.h>
20 #include <openssl/pem.h>
21 #include <openssl/kdf.h>
22 #include <openssl/provider.h>
23 #include <openssl/core_names.h>
24 #include <openssl/params.h>
25 #include <openssl/dsa.h>
26 #include <openssl/dh.h>
28 #include "internal/nelem.h"
29 #include "internal/sizes.h"
30 #include "crypto/evp.h"
33 * kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you
34 * should never use this key anywhere but in an example.
36 static const unsigned char kExampleRSAKeyDER[] = {
37 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xf8,
38 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59,
39 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37,
40 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71,
41 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a,
42 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4,
43 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec,
44 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76,
45 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8,
46 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7,
47 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c,
48 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01,
49 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 0x6d, 0xc7,
50 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 0x32, 0x85,
51 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 0x5f, 0xee,
52 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 0x66, 0x85,
53 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 0xa4, 0x0a,
54 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 0xc2, 0x15,
55 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 0x5b, 0x83,
56 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 0x80, 0x1b,
57 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 0x99, 0x73,
58 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 0x1f, 0x99,
59 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 0xb1, 0x02,
60 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 0x40, 0x41,
61 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 0x3d, 0x59,
62 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 0xc6, 0xd9,
63 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 0x9f, 0xef,
64 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 0x46, 0x87,
65 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 0x2c, 0xdf,
66 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 0x55, 0xf5,
67 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 0xcd, 0xb5,
68 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 0xb3, 0x62,
69 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 0x9b, 0x64,
70 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 0xfa, 0xb8,
71 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 0xe8, 0xba,
72 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 0xe7, 0xfe,
73 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 0x75, 0xe7,
74 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 0x9d, 0xfe,
75 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 0xf1, 0xdb,
76 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 0x5a, 0x34,
77 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 0x84, 0x27,
78 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 0xe9, 0xc0,
79 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 0xb9, 0xba,
80 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 0x10, 0x06,
81 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 0x52, 0x2c,
82 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 0xc4, 0x1e,
83 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 0x49, 0xaf,
84 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 0xd1, 0x8a,
85 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 0x17, 0x17,
86 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 0x08, 0xf1,
87 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
91 * kExampleDSAKeyDER is a DSA private key in ASN.1, DER format. Of course, you
92 * should never use this key anywhere but in an example.
94 #ifndef OPENSSL_NO_DSA
95 static const unsigned char kExampleDSAKeyDER[] = {
96 0x30, 0x82, 0x01, 0xba, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0x9a,
97 0x05, 0x6d, 0x33, 0xcd, 0x5d, 0x78, 0xa1, 0xbb, 0xcb, 0x7d, 0x5b, 0x8d,
98 0xb4, 0xcc, 0xbf, 0x03, 0x99, 0x64, 0xde, 0x38, 0x78, 0x06, 0x15, 0x2f,
99 0x86, 0x26, 0x77, 0xf3, 0xb1, 0x85, 0x00, 0xed, 0xfc, 0x28, 0x3a, 0x42,
100 0x4d, 0xab, 0xab, 0xdf, 0xbc, 0x9c, 0x16, 0xd0, 0x22, 0x50, 0xd1, 0x38,
101 0xdd, 0x3f, 0x64, 0x05, 0x9e, 0x68, 0x7a, 0x1e, 0xf1, 0x56, 0xbf, 0x1e,
102 0x2c, 0xc5, 0x97, 0x2a, 0xfe, 0x7a, 0x22, 0xdc, 0x6c, 0x68, 0xb8, 0x2e,
103 0x06, 0xdb, 0x41, 0xca, 0x98, 0xd8, 0x54, 0xc7, 0x64, 0x48, 0x24, 0x04,
104 0x20, 0xbc, 0x59, 0xe3, 0x6b, 0xea, 0x7e, 0xfc, 0x7e, 0xc5, 0x4e, 0xd4,
105 0xd8, 0x3a, 0xed, 0xcd, 0x5d, 0x99, 0xb8, 0x5c, 0xa2, 0x8b, 0xbb, 0x0b,
106 0xac, 0xe6, 0x8e, 0x25, 0x56, 0x22, 0x3a, 0x2d, 0x3a, 0x56, 0x41, 0x14,
107 0x1f, 0x1c, 0x8f, 0x53, 0x46, 0x13, 0x85, 0x02, 0x15, 0x00, 0x98, 0x7e,
108 0x92, 0x81, 0x88, 0xc7, 0x3f, 0x70, 0x49, 0x54, 0xf6, 0x76, 0xb4, 0xa3,
109 0x9e, 0x1d, 0x45, 0x98, 0x32, 0x7f, 0x02, 0x81, 0x80, 0x69, 0x4d, 0xef,
110 0x55, 0xff, 0x4d, 0x59, 0x2c, 0x01, 0xfa, 0x6a, 0x38, 0xe0, 0x70, 0x9f,
111 0x9e, 0x66, 0x8e, 0x3e, 0x8c, 0x52, 0x22, 0x9d, 0x15, 0x7e, 0x3c, 0xef,
112 0x4c, 0x7a, 0x61, 0x26, 0xe0, 0x2b, 0x81, 0x3f, 0xeb, 0xaf, 0x35, 0x38,
113 0x8d, 0xfe, 0xed, 0x46, 0xff, 0x5f, 0x03, 0x9b, 0x81, 0x92, 0xe7, 0x6f,
114 0x76, 0x4f, 0x1d, 0xd9, 0xbb, 0x89, 0xc9, 0x3e, 0xd9, 0x0b, 0xf9, 0xf4,
115 0x78, 0x11, 0x59, 0xc0, 0x1d, 0xcd, 0x0e, 0xa1, 0x6f, 0x15, 0xf1, 0x4d,
116 0xc1, 0xc9, 0x22, 0xed, 0x8d, 0xad, 0x67, 0xc5, 0x4b, 0x95, 0x93, 0x86,
117 0xa6, 0xaf, 0x8a, 0xee, 0x06, 0x89, 0x2f, 0x37, 0x7e, 0x64, 0xaa, 0xf6,
118 0xe7, 0xb1, 0x5a, 0x0a, 0x93, 0x95, 0x5d, 0x3e, 0x53, 0x9a, 0xde, 0x8a,
119 0xc2, 0x95, 0x45, 0x81, 0xbe, 0x5c, 0x2f, 0xc2, 0xb2, 0x92, 0x58, 0x19,
120 0x72, 0x80, 0xe9, 0x79, 0xa1, 0x02, 0x81, 0x80, 0x07, 0xd7, 0x62, 0xff,
121 0xdf, 0x1a, 0x3f, 0xed, 0x32, 0xd4, 0xd4, 0x88, 0x7b, 0x2c, 0x63, 0x7f,
122 0x97, 0xdc, 0x44, 0xd4, 0x84, 0xa2, 0xdd, 0x17, 0x16, 0x85, 0x13, 0xe0,
123 0xac, 0x51, 0x8d, 0x29, 0x1b, 0x75, 0x9a, 0xe4, 0xe3, 0x8a, 0x92, 0x69,
124 0x09, 0x03, 0xc5, 0x68, 0xae, 0x5e, 0x94, 0xfe, 0xc9, 0x92, 0x6c, 0x07,
125 0xb4, 0x1e, 0x64, 0x62, 0x87, 0xc6, 0xa4, 0xfd, 0x0d, 0x5f, 0xe5, 0xf9,
126 0x1b, 0x4f, 0x85, 0x5f, 0xae, 0xf3, 0x11, 0xe5, 0x18, 0xd4, 0x4d, 0x79,
127 0x9f, 0xc4, 0x79, 0x26, 0x04, 0x27, 0xf0, 0x0b, 0xee, 0x2b, 0x86, 0x9f,
128 0x86, 0x61, 0xe6, 0x51, 0xce, 0x04, 0x9b, 0x5d, 0x6b, 0x34, 0x43, 0x8c,
129 0x85, 0x3c, 0xf1, 0x51, 0x9b, 0x08, 0x23, 0x1b, 0xf5, 0x7e, 0x33, 0x12,
130 0xea, 0xab, 0x1f, 0xb7, 0x2d, 0xe2, 0x5f, 0xe6, 0x97, 0x99, 0xb5, 0x45,
131 0x16, 0x5b, 0xc3, 0x41, 0x02, 0x14, 0x61, 0xbf, 0x51, 0x60, 0xcf, 0xc8,
132 0xf1, 0x8c, 0x82, 0x97, 0xf2, 0xf4, 0x19, 0xba, 0x2b, 0xf3, 0x16, 0xbe,
138 * kExampleBadRSAKeyDER is an RSA private key in ASN.1, DER format. The private
139 * components are not correct.
141 static const unsigned char kExampleBadRSAKeyDER[] = {
142 0x30, 0x82, 0x04, 0x27, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00,
143 0xa6, 0x1a, 0x1e, 0x6e, 0x7b, 0xee, 0xc6, 0x89, 0x66, 0xe7, 0x93, 0xef,
144 0x54, 0x12, 0x68, 0xea, 0xbf, 0x86, 0x2f, 0xdd, 0xd2, 0x79, 0xb8, 0xa9,
145 0x6e, 0x03, 0xc2, 0xa3, 0xb9, 0xa3, 0xe1, 0x4b, 0x2a, 0xb3, 0xf8, 0xb4,
146 0xcd, 0xea, 0xbe, 0x24, 0xa6, 0x57, 0x5b, 0x83, 0x1f, 0x0f, 0xf2, 0xd3,
147 0xb7, 0xac, 0x7e, 0xd6, 0x8e, 0x6e, 0x1e, 0xbf, 0xb8, 0x73, 0x8c, 0x05,
148 0x56, 0xe6, 0x35, 0x1f, 0xe9, 0x04, 0x0b, 0x09, 0x86, 0x7d, 0xf1, 0x26,
149 0x08, 0x99, 0xad, 0x7b, 0xc8, 0x4d, 0x94, 0xb0, 0x0b, 0x8b, 0x38, 0xa0,
150 0x5c, 0x62, 0xa0, 0xab, 0xd3, 0x8f, 0xd4, 0x09, 0x60, 0x72, 0x1e, 0x33,
151 0x50, 0x80, 0x6e, 0x22, 0xa6, 0x77, 0x57, 0x6b, 0x9a, 0x33, 0x21, 0x66,
152 0x87, 0x6e, 0x21, 0x7b, 0xc7, 0x24, 0x0e, 0xd8, 0x13, 0xdf, 0x83, 0xde,
153 0xcd, 0x40, 0x58, 0x1d, 0x84, 0x86, 0xeb, 0xb8, 0x12, 0x4e, 0xd2, 0xfa,
154 0x80, 0x1f, 0xe4, 0xe7, 0x96, 0x29, 0xb8, 0xcc, 0xce, 0x66, 0x6d, 0x53,
155 0xca, 0xb9, 0x5a, 0xd7, 0xf6, 0x84, 0x6c, 0x2d, 0x9a, 0x1a, 0x14, 0x1c,
156 0x4e, 0x93, 0x39, 0xba, 0x74, 0xed, 0xed, 0x87, 0x87, 0x5e, 0x48, 0x75,
157 0x36, 0xf0, 0xbc, 0x34, 0xfb, 0x29, 0xf9, 0x9f, 0x96, 0x5b, 0x0b, 0xa7,
158 0x54, 0x30, 0x51, 0x29, 0x18, 0x5b, 0x7d, 0xac, 0x0f, 0xd6, 0x5f, 0x7c,
159 0xf8, 0x98, 0x8c, 0xd8, 0x86, 0x62, 0xb3, 0xdc, 0xff, 0x0f, 0xff, 0x7a,
160 0xaf, 0x5c, 0x4c, 0x61, 0x49, 0x2e, 0xc8, 0x95, 0x86, 0xc4, 0x0e, 0x87,
161 0xfc, 0x1d, 0xcf, 0x8b, 0x7c, 0x61, 0xf6, 0xd8, 0xd0, 0x69, 0xf6, 0xcd,
162 0x8a, 0x8c, 0xf6, 0x62, 0xa2, 0x56, 0xa9, 0xe3, 0xd1, 0xcf, 0x4d, 0xa0,
163 0xf6, 0x2d, 0x20, 0x0a, 0x04, 0xb7, 0xa2, 0xf7, 0xb5, 0x99, 0x47, 0x18,
164 0x56, 0x85, 0x87, 0xc7, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01,
165 0x01, 0x00, 0x99, 0x41, 0x38, 0x1a, 0xd0, 0x96, 0x7a, 0xf0, 0x83, 0xd5,
166 0xdf, 0x94, 0xce, 0x89, 0x3d, 0xec, 0x7a, 0x52, 0x21, 0x10, 0x16, 0x06,
167 0xe0, 0xee, 0xd2, 0xe6, 0xfd, 0x4b, 0x7b, 0x19, 0x4d, 0xe1, 0xc0, 0xc0,
168 0xd5, 0x14, 0x5d, 0x79, 0xdd, 0x7e, 0x8b, 0x4b, 0xc6, 0xcf, 0xb0, 0x75,
169 0x52, 0xa3, 0x2d, 0xb1, 0x26, 0x46, 0x68, 0x9c, 0x0a, 0x1a, 0xf2, 0xe1,
170 0x09, 0xac, 0x53, 0x85, 0x8c, 0x36, 0xa9, 0x14, 0x65, 0xea, 0xa0, 0x00,
171 0xcb, 0xe3, 0x3f, 0xc4, 0x2b, 0x61, 0x2e, 0x6b, 0x06, 0x69, 0x77, 0xfd,
172 0x38, 0x7e, 0x1d, 0x3f, 0x92, 0xe7, 0x77, 0x08, 0x19, 0xa7, 0x9d, 0x29,
173 0x2d, 0xdc, 0x42, 0xc6, 0x7c, 0xd7, 0xd3, 0xa8, 0x01, 0x2c, 0xf2, 0xd5,
174 0x82, 0x57, 0xcb, 0x55, 0x3d, 0xe7, 0xaa, 0xd2, 0x06, 0x30, 0x30, 0x05,
175 0xe6, 0xf2, 0x47, 0x86, 0xba, 0xc6, 0x61, 0x64, 0xeb, 0x4f, 0x2a, 0x5e,
176 0x07, 0x29, 0xe0, 0x96, 0xb2, 0x43, 0xff, 0x5f, 0x1a, 0x54, 0x16, 0xcf,
177 0xb5, 0x56, 0x5c, 0xa0, 0x9b, 0x0c, 0xfd, 0xb3, 0xd2, 0xe3, 0x79, 0x1d,
178 0x21, 0xe2, 0xd6, 0x13, 0xc4, 0x74, 0xa6, 0xf5, 0x8e, 0x8e, 0x81, 0xbb,
179 0xb4, 0xad, 0x8a, 0xf0, 0x93, 0x0a, 0xd8, 0x0a, 0x42, 0x36, 0xbc, 0xe5,
180 0x26, 0x2a, 0x0d, 0x5d, 0x57, 0x13, 0xc5, 0x4e, 0x2f, 0x12, 0x0e, 0xef,
181 0xa7, 0x81, 0x1e, 0xc3, 0xa5, 0xdb, 0xc9, 0x24, 0xeb, 0x1a, 0xa1, 0xf9,
182 0xf6, 0xa1, 0x78, 0x98, 0x93, 0x77, 0x42, 0x45, 0x03, 0xe2, 0xc9, 0xa2,
183 0xfe, 0x2d, 0x77, 0xc8, 0xc6, 0xac, 0x9b, 0x98, 0x89, 0x6d, 0x9a, 0xe7,
184 0x61, 0x63, 0xb7, 0xf2, 0xec, 0xd6, 0xb1, 0xa1, 0x6e, 0x0a, 0x1a, 0xff,
185 0xfd, 0x43, 0x28, 0xc3, 0x0c, 0xdc, 0xf2, 0x47, 0x4f, 0x27, 0xaa, 0x99,
186 0x04, 0x8e, 0xac, 0xe8, 0x7c, 0x01, 0x02, 0x04, 0x12, 0x34, 0x56, 0x78,
187 0x02, 0x81, 0x81, 0x00, 0xca, 0x69, 0xe5, 0xbb, 0x3a, 0x90, 0x82, 0xcb,
188 0x82, 0x50, 0x2f, 0x29, 0xe2, 0x76, 0x6a, 0x57, 0x55, 0x45, 0x4e, 0x35,
189 0x18, 0x61, 0xe0, 0x12, 0x70, 0xc0, 0xab, 0xc7, 0x80, 0xa2, 0xd4, 0x46,
190 0x34, 0x03, 0xa0, 0x19, 0x26, 0x23, 0x9e, 0xef, 0x1a, 0xcb, 0x75, 0xd6,
191 0xba, 0x81, 0xf4, 0x7e, 0x52, 0xe5, 0x2a, 0xe8, 0xf1, 0x49, 0x6c, 0x0f,
192 0x1a, 0xa0, 0xf9, 0xc6, 0xe7, 0xec, 0x60, 0xe4, 0xcb, 0x2a, 0xb5, 0x56,
193 0xe9, 0x9c, 0xcd, 0x19, 0x75, 0x92, 0xb1, 0x66, 0xce, 0xc3, 0xd9, 0x3d,
194 0x11, 0xcb, 0xc4, 0x09, 0xce, 0x1e, 0x30, 0xba, 0x2f, 0x60, 0x60, 0x55,
195 0x8d, 0x02, 0xdc, 0x5d, 0xaf, 0xf7, 0x52, 0x31, 0x17, 0x07, 0x53, 0x20,
196 0x33, 0xad, 0x8c, 0xd5, 0x2f, 0x5a, 0xd0, 0x57, 0xd7, 0xd1, 0x80, 0xd6,
197 0x3a, 0x9b, 0x04, 0x4f, 0x35, 0xbf, 0xe7, 0xd5, 0xbc, 0x8f, 0xd4, 0x81,
198 0x02, 0x81, 0x81, 0x00, 0xc0, 0x9f, 0xf8, 0xcd, 0xf7, 0x3f, 0x26, 0x8a,
199 0x3d, 0x4d, 0x2b, 0x0c, 0x01, 0xd0, 0xa2, 0xb4, 0x18, 0xfe, 0xf7, 0x5e,
200 0x2f, 0x06, 0x13, 0xcd, 0x63, 0xaa, 0x12, 0xa9, 0x24, 0x86, 0xe3, 0xf3,
201 0x7b, 0xda, 0x1a, 0x3c, 0xb1, 0x38, 0x80, 0x80, 0xef, 0x64, 0x64, 0xa1,
202 0x9b, 0xfe, 0x76, 0x63, 0x8e, 0x83, 0xd2, 0xd9, 0xb9, 0x86, 0xb0, 0xe6,
203 0xa6, 0x0c, 0x7e, 0xa8, 0x84, 0x90, 0x98, 0x0c, 0x1e, 0xf3, 0x14, 0x77,
204 0xe0, 0x5f, 0x81, 0x08, 0x11, 0x8f, 0xa6, 0x23, 0xc4, 0xba, 0xc0, 0x8a,
205 0xe4, 0xc6, 0xe3, 0x5c, 0xbe, 0xc5, 0xec, 0x2c, 0xb9, 0xd8, 0x8c, 0x4d,
206 0x1a, 0x9d, 0xe7, 0x7c, 0x85, 0x4c, 0x0d, 0x71, 0x4e, 0x72, 0x33, 0x1b,
207 0xfe, 0xa9, 0x17, 0x72, 0x76, 0x56, 0x9d, 0x74, 0x7e, 0x52, 0x67, 0x9a,
208 0x87, 0x9a, 0xdb, 0x30, 0xde, 0xe4, 0x49, 0x28, 0x3b, 0xd2, 0x67, 0xaf,
209 0x02, 0x81, 0x81, 0x00, 0x89, 0x74, 0x9a, 0x8e, 0xa7, 0xb9, 0xa5, 0x28,
210 0xc0, 0x68, 0xe5, 0x6e, 0x63, 0x1c, 0x99, 0x20, 0x8f, 0x86, 0x8e, 0x12,
211 0x9e, 0x69, 0x30, 0xfa, 0x34, 0xd9, 0x92, 0x8d, 0xdb, 0x7c, 0x37, 0xfd,
212 0x28, 0xab, 0x61, 0x98, 0x52, 0x7f, 0x14, 0x1a, 0x39, 0xae, 0xfb, 0x6a,
213 0x03, 0xa3, 0xe6, 0xbd, 0xb6, 0x5b, 0x6b, 0xe5, 0x5e, 0x9d, 0xc6, 0xa5,
214 0x07, 0x27, 0x54, 0x17, 0xd0, 0x3d, 0x84, 0x9b, 0x3a, 0xa0, 0xd9, 0x1e,
215 0x99, 0x6c, 0x63, 0x17, 0xab, 0xf1, 0x1f, 0x49, 0xba, 0x95, 0xe3, 0x3b,
216 0x86, 0x8f, 0x42, 0xa4, 0x89, 0xf5, 0x94, 0x8f, 0x8b, 0x46, 0xbe, 0x84,
217 0xba, 0x4a, 0xbc, 0x0d, 0x5f, 0x46, 0xeb, 0xe8, 0xec, 0x43, 0x8c, 0x1e,
218 0xad, 0x19, 0x69, 0x2f, 0x08, 0x86, 0x7a, 0x3f, 0x7d, 0x0f, 0x07, 0x97,
219 0xf3, 0x9a, 0x7b, 0xb5, 0xb2, 0xc1, 0x8c, 0x95, 0x68, 0x04, 0xa0, 0x81,
220 0x02, 0x81, 0x80, 0x4e, 0xbf, 0x7e, 0x1b, 0xcb, 0x13, 0x61, 0x75, 0x3b,
221 0xdb, 0x59, 0x5f, 0xb1, 0xd4, 0xb8, 0xeb, 0x9e, 0x73, 0xb5, 0xe7, 0xf6,
222 0x89, 0x3d, 0x1c, 0xda, 0xf0, 0x36, 0xff, 0x35, 0xbd, 0x1e, 0x0b, 0x74,
223 0xe3, 0x9e, 0xf0, 0xf2, 0xf7, 0xd7, 0x82, 0xb7, 0x7b, 0x6a, 0x1b, 0x0e,
224 0x30, 0x4a, 0x98, 0x0e, 0xb4, 0xf9, 0x81, 0x07, 0xe4, 0x75, 0x39, 0xe9,
225 0x53, 0xca, 0xbb, 0x5c, 0xaa, 0x93, 0x07, 0x0e, 0xa8, 0x2f, 0xba, 0x98,
226 0x49, 0x30, 0xa7, 0xcc, 0x1a, 0x3c, 0x68, 0x0c, 0xe1, 0xa4, 0xb1, 0x05,
227 0xe6, 0xe0, 0x25, 0x78, 0x58, 0x14, 0x37, 0xf5, 0x1f, 0xe3, 0x22, 0xef,
228 0xa8, 0x0e, 0x22, 0xa0, 0x94, 0x3a, 0xf6, 0xc9, 0x13, 0xe6, 0x06, 0xbf,
229 0x7f, 0x99, 0xc6, 0xcc, 0xd8, 0xc6, 0xbe, 0xd9, 0x2e, 0x24, 0xc7, 0x69,
230 0x8c, 0x95, 0xba, 0xf6, 0x04, 0xb3, 0x0a, 0xf4, 0xcb, 0xf0, 0xce,
233 static const unsigned char kMsg[] = { 1, 2, 3, 4 };
235 static const unsigned char kSignature[] = {
236 0xa5, 0xf0, 0x8a, 0x47, 0x5d, 0x3c, 0xb3, 0xcc, 0xa9, 0x79, 0xaf, 0x4d,
237 0x8c, 0xae, 0x4c, 0x14, 0xef, 0xc2, 0x0b, 0x34, 0x36, 0xde, 0xf4, 0x3e,
238 0x3d, 0xbb, 0x4a, 0x60, 0x5c, 0xc8, 0x91, 0x28, 0xda, 0xfb, 0x7e, 0x04,
239 0x96, 0x7e, 0x63, 0x13, 0x90, 0xce, 0xb9, 0xb4, 0x62, 0x7a, 0xfd, 0x09,
240 0x3d, 0xc7, 0x67, 0x78, 0x54, 0x04, 0xeb, 0x52, 0x62, 0x6e, 0x24, 0x67,
241 0xb4, 0x40, 0xfc, 0x57, 0x62, 0xc6, 0xf1, 0x67, 0xc1, 0x97, 0x8f, 0x6a,
242 0xa8, 0xae, 0x44, 0x46, 0x5e, 0xab, 0x67, 0x17, 0x53, 0x19, 0x3a, 0xda,
243 0x5a, 0xc8, 0x16, 0x3e, 0x86, 0xd5, 0xc5, 0x71, 0x2f, 0xfc, 0x23, 0x48,
244 0xd9, 0x0b, 0x13, 0xdd, 0x7b, 0x5a, 0x25, 0x79, 0xef, 0xa5, 0x7b, 0x04,
245 0xed, 0x44, 0xf6, 0x18, 0x55, 0xe4, 0x0a, 0xe9, 0x57, 0x79, 0x5d, 0xd7,
246 0x55, 0xa7, 0xab, 0x45, 0x02, 0x97, 0x60, 0x42,
250 * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS #8
253 static const unsigned char kExampleRSAKeyPKCS8[] = {
254 0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
255 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
256 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
257 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5,
258 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e,
259 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34,
260 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde,
261 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8,
262 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b,
263 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83,
264 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48,
265 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a,
266 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2,
267 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01,
268 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a,
269 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5,
270 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6,
271 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8,
272 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6,
273 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f,
274 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c,
275 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78,
276 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71,
277 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60,
278 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d,
279 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3,
280 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d,
281 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18,
282 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d,
283 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32,
284 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc,
285 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63,
286 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05,
287 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16,
288 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3,
289 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85,
290 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97,
291 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7,
292 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99,
293 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4,
294 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d,
295 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40,
296 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26,
297 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1,
298 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c,
299 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30,
300 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea,
301 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b,
302 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e,
303 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9,
304 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae,
305 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d,
306 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
309 #ifndef OPENSSL_NO_EC
311 * kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey
314 static const unsigned char kExampleECKeyDER[] = {
315 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x07, 0x0f, 0x08, 0x72, 0x7a,
316 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 0x4d, 0x89, 0x68, 0x77, 0x08,
317 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 0xe8, 0xd1, 0xc9, 0xce, 0x0a,
318 0x8b, 0xb4, 0x6a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
319 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69,
320 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c,
321 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9,
322 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18,
323 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16,
324 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22,
329 * kExampleBadECKeyDER is a sample EC private key encoded as an ECPrivateKey
330 * structure. The private key is equal to the order and will fail to import
332 static const unsigned char kExampleBadECKeyDER[] = {
333 0x30, 0x66, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48,
334 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03,
335 0x01, 0x07, 0x04, 0x4C, 0x30, 0x4A, 0x02, 0x01, 0x01, 0x04, 0x20, 0xFF,
336 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
337 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3,
338 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51, 0xA1, 0x23, 0x03, 0x21, 0x00,
339 0x00, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
340 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84,
341 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51
345 static const unsigned char kExampleECPubKeyDER[] = {
346 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
347 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
348 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
349 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
350 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
351 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
352 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
353 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
357 * kExampleBadECPubKeyDER is a sample EC public key with a wrong OID
358 * 1.2.840.10045.2.2 instead of 1.2.840.10045.2.1 - EC Public Key
360 static const unsigned char kExampleBadECPubKeyDER[] = {
361 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
362 0x02, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
363 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
364 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
365 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
366 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
367 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
368 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
371 static const unsigned char pExampleECParamDER[] = {
372 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07
376 typedef struct APK_DATA_st {
377 const unsigned char *kder;
383 int type; /* 0 for private, 1 for public, 2 for params */
386 static APK_DATA keydata[] = {
387 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), EVP_PKEY_RSA},
388 {kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), EVP_PKEY_RSA},
389 #ifndef OPENSSL_NO_EC
390 {kExampleECKeyDER, sizeof(kExampleECKeyDER), EVP_PKEY_EC}
394 static APK_DATA keycheckdata[] = {
395 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), EVP_PKEY_RSA, 1, -2, -2, 0},
396 {kExampleBadRSAKeyDER, sizeof(kExampleBadRSAKeyDER), EVP_PKEY_RSA,
398 #ifndef OPENSSL_NO_EC
399 {kExampleECKeyDER, sizeof(kExampleECKeyDER), EVP_PKEY_EC, 1, 1, 1, 0},
400 /* group is also associated in our pub key */
401 {kExampleECPubKeyDER, sizeof(kExampleECPubKeyDER), EVP_PKEY_EC, 0, 1, 1, 1},
402 {pExampleECParamDER, sizeof(pExampleECParamDER), EVP_PKEY_EC, 0, 0, 1, 2}
406 static EVP_PKEY *load_example_rsa_key(void)
408 EVP_PKEY *ret = NULL;
409 const unsigned char *derp = kExampleRSAKeyDER;
410 EVP_PKEY *pkey = NULL;
413 if (!TEST_true(d2i_RSAPrivateKey(&rsa, &derp, sizeof(kExampleRSAKeyDER))))
416 if (!TEST_ptr(pkey = EVP_PKEY_new())
417 || !TEST_true(EVP_PKEY_set1_RSA(pkey, rsa)))
430 #ifndef OPENSSL_NO_DSA
431 static EVP_PKEY *load_example_dsa_key(void)
433 EVP_PKEY *ret = NULL;
434 const unsigned char *derp = kExampleDSAKeyDER;
435 EVP_PKEY *pkey = NULL;
438 if (!TEST_true(d2i_DSAPrivateKey(&dsa, &derp, sizeof(kExampleDSAKeyDER))))
441 if (!TEST_ptr(pkey = EVP_PKEY_new())
442 || !TEST_true(EVP_PKEY_set1_DSA(pkey, dsa)))
456 static EVP_PKEY *load_example_hmac_key(void)
458 EVP_PKEY *pkey = NULL;
459 unsigned char key[] = {
460 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
461 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
462 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
465 pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, NULL, key, sizeof(key));
472 static int test_EVP_Enveloped(void)
475 EVP_CIPHER_CTX *ctx = NULL;
476 EVP_PKEY *keypair = NULL;
477 unsigned char *kek = NULL;
478 unsigned char iv[EVP_MAX_IV_LENGTH];
479 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8 };
480 int len, kek_len, ciphertext_len, plaintext_len;
481 unsigned char ciphertext[32], plaintext[16];
482 const EVP_CIPHER *type = EVP_aes_256_cbc();
484 if (!TEST_ptr(keypair = load_example_rsa_key())
485 || !TEST_ptr(kek = OPENSSL_zalloc(EVP_PKEY_size(keypair)))
486 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
487 || !TEST_true(EVP_SealInit(ctx, type, &kek, &kek_len, iv,
489 || !TEST_true(EVP_SealUpdate(ctx, ciphertext, &ciphertext_len,
491 || !TEST_true(EVP_SealFinal(ctx, ciphertext + ciphertext_len,
495 ciphertext_len += len;
497 if (!TEST_true(EVP_OpenInit(ctx, type, kek, kek_len, iv, keypair))
498 || !TEST_true(EVP_OpenUpdate(ctx, plaintext, &plaintext_len,
499 ciphertext, ciphertext_len))
500 || !TEST_true(EVP_OpenFinal(ctx, plaintext + plaintext_len, &len)))
503 plaintext_len += len;
504 if (!TEST_mem_eq(msg, sizeof(msg), plaintext, plaintext_len))
510 EVP_PKEY_free(keypair);
511 EVP_CIPHER_CTX_free(ctx);
516 * Test 0: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, RSA)
517 * Test 1: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, DSA)
518 * Test 2: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, HMAC)
519 * Test 3: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, RSA)
520 * Test 4: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, DSA)
521 * Test 5: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch diegst, HMAC)
522 * Test 6: Use an MD BIO to do the Update calls instead (RSA)
523 * Test 7: Use an MD BIO to do the Update calls instead (DSA)
524 * Test 8: Use an MD BIO to do the Update calls instead (HMAC)
526 static int test_EVP_DigestSignInit(int tst)
529 EVP_PKEY *pkey = NULL;
530 unsigned char *sig = NULL;
532 EVP_MD_CTX *md_ctx = NULL, *md_ctx_verify = NULL;
533 EVP_MD_CTX *a_md_ctx = NULL, *a_md_ctx_verify = NULL;
534 BIO *mdbio = NULL, *membio = NULL;
537 EVP_MD *mdexp = NULL;
540 membio = BIO_new(BIO_s_mem());
541 mdbio = BIO_new(BIO_f_md());
542 if (!TEST_ptr(membio) || !TEST_ptr(mdbio))
544 BIO_push(mdbio, membio);
545 if (!TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx), 0))
548 if (!TEST_ptr(a_md_ctx = md_ctx = EVP_MD_CTX_new())
549 || !TEST_ptr(a_md_ctx_verify = md_ctx_verify = EVP_MD_CTX_new()))
553 if (tst == 0 || tst == 3 || tst == 6) {
554 if (!TEST_ptr(pkey = load_example_rsa_key()))
556 } else if (tst == 1 || tst == 4 || tst == 7) {
557 #ifndef OPENSSL_NO_DSA
558 if (!TEST_ptr(pkey = load_example_dsa_key()))
565 if (!TEST_ptr(pkey = load_example_hmac_key()))
569 if (tst >= 3 && tst <= 5)
570 md = mdexp = EVP_MD_fetch(NULL, "SHA256", NULL);
574 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, md, NULL, pkey)))
578 if (!BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written))
581 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
585 /* Determine the size of the signature. */
586 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len))
587 || !TEST_ptr(sig = OPENSSL_malloc(sig_len))
588 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
592 if (!TEST_int_gt(BIO_reset(mdbio), 0)
593 || !TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx_verify), 0))
598 * Ensure that the signature round-trips (Verification isn't supported for
599 * HMAC via EVP_DigestVerify*)
601 if (tst != 2 && tst != 5 && tst != 8) {
602 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, md,
607 if (!TEST_true(BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written)))
610 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg,
614 if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)))
623 EVP_MD_CTX_free(a_md_ctx);
624 EVP_MD_CTX_free(a_md_ctx_verify);
632 static int test_EVP_DigestVerifyInit(void)
635 EVP_PKEY *pkey = NULL;
636 EVP_MD_CTX *md_ctx = NULL;
638 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new())
639 || !TEST_ptr(pkey = load_example_rsa_key()))
642 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, EVP_sha256(), NULL, pkey))
643 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)))
644 || !TEST_true(EVP_DigestVerifyFinal(md_ctx, kSignature,
645 sizeof(kSignature))))
650 EVP_MD_CTX_free(md_ctx);
655 static int test_d2i_AutoPrivateKey(int i)
658 const unsigned char *p;
659 EVP_PKEY *pkey = NULL;
660 const APK_DATA *ak = &keydata[i];
661 const unsigned char *input = ak->kder;
662 size_t input_len = ak->size;
663 int expected_id = ak->evptype;
666 if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len))
667 || !TEST_ptr_eq(p, input + input_len)
668 || !TEST_int_eq(EVP_PKEY_id(pkey), expected_id))
678 #ifndef OPENSSL_NO_EC
680 static const unsigned char ec_public_sect163k1_validxy[] = {
681 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
682 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
683 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
684 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x02, 0xd1, 0x7b,
685 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
686 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
689 static const unsigned char ec_public_sect163k1_badx[] = {
690 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
691 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
692 0x0a, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
693 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0xb0, 0x02, 0xd1, 0x7b,
694 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
695 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
698 static const unsigned char ec_public_sect163k1_bady[] = {
699 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
700 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
701 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
702 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x0a, 0xd1, 0x7b,
703 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
704 0x6a, 0xd8, 0x17, 0x65, 0x41, 0xe6
707 static struct ec_der_pub_keys_st {
708 const unsigned char *der;
711 } ec_der_pub_keys[] = {
712 { ec_public_sect163k1_validxy, sizeof(ec_public_sect163k1_validxy), 1 },
713 { ec_public_sect163k1_badx, sizeof(ec_public_sect163k1_badx), 0 },
714 { ec_public_sect163k1_bady, sizeof(ec_public_sect163k1_bady), 0 },
718 * Tests the range of the decoded EC char2 public point.
719 * See ec_GF2m_simple_oct2point().
721 static int test_invalide_ec_char2_pub_range_decode(int id)
725 EC_KEY *eckey = NULL;
727 if (!TEST_ptr(bio = BIO_new_mem_buf(ec_der_pub_keys[id].der,
728 ec_der_pub_keys[id].len)))
730 eckey = d2i_EC_PUBKEY_bio(bio, NULL);
731 ret = (ec_der_pub_keys[id].valid && TEST_ptr(eckey))
732 || TEST_ptr_null(eckey);
739 /* Tests loading a bad key in PKCS8 format */
740 static int test_EVP_PKCS82PKEY(void)
743 const unsigned char *derp = kExampleBadECKeyDER;
744 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
745 EVP_PKEY *pkey = NULL;
747 if (!TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &derp,
748 sizeof(kExampleBadECKeyDER))))
751 if (!TEST_ptr_eq(derp,
752 kExampleBadECKeyDER + sizeof(kExampleBadECKeyDER)))
755 if (!TEST_ptr_null(pkey = EVP_PKCS82PKEY(p8inf)))
761 PKCS8_PRIV_KEY_INFO_free(p8inf);
768 #if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODE)
770 static int test_EVP_SM2_verify(void)
772 /* From https://tools.ietf.org/html/draft-shen-sm2-ecdsa-02#appendix-A */
774 "-----BEGIN PUBLIC KEY-----\n"
775 "MIIBMzCB7AYHKoZIzj0CATCB4AIBATAsBgcqhkjOPQEBAiEAhULWnkwETxjouSQ1\n"
776 "v2/33kVyg5FcRVF9ci7biwjx38MwRAQgeHlotPoyw/0kF4Quc7v+/y88hItoMdfg\n"
777 "7GUiizk35JgEIGPkxtOyOwyEnPhCQUhL/kj2HVmlsWugbm4S0donxSSaBEEEQh3r\n"
778 "1hti6rZ0ZDTrw8wxXjIiCzut1QvcTE5sFH/t1D0GgFEry7QsB9RzSdIVO3DE5df9\n"
779 "/L+jbqGoWEG55G4JogIhAIVC1p5MBE8Y6LkkNb9v990pdyBjBIVijVrnTufDLnm3\n"
780 "AgEBA0IABArkx3mKoPEZRxvuEYJb5GICu3nipYRElel8BP9N8lSKfAJA+I8c1OFj\n"
781 "Uqc8F7fxbwc1PlOhdtaEqf4Ma7eY6Fc=\n"
782 "-----END PUBLIC KEY-----\n";
784 const char *msg = "message digest";
785 const char *id = "ALICE123@YAHOO.COM";
787 const uint8_t signature[] = {
788 0x30, 0x44, 0x02, 0x20,
790 0x40, 0xF1, 0xEC, 0x59, 0xF7, 0x93, 0xD9, 0xF4, 0x9E, 0x09, 0xDC,
791 0xEF, 0x49, 0x13, 0x0D, 0x41, 0x94, 0xF7, 0x9F, 0xB1, 0xEE, 0xD2,
792 0xCA, 0xA5, 0x5B, 0xAC, 0xDB, 0x49, 0xC4, 0xE7, 0x55, 0xD1,
796 0x6F, 0xC6, 0xDA, 0xC3, 0x2C, 0x5D, 0x5C, 0xF1, 0x0C, 0x77, 0xDF,
797 0xB2, 0x0F, 0x7C, 0x2E, 0xB6, 0x67, 0xA4, 0x57, 0x87, 0x2F, 0xB0,
798 0x9E, 0xC5, 0x63, 0x27, 0xA6, 0x7E, 0xC7, 0xDE, 0xEB, 0xE7
803 EVP_PKEY *pkey = NULL;
804 EVP_MD_CTX *mctx = NULL;
805 EVP_PKEY_CTX *pctx = NULL;
807 bio = BIO_new_mem_buf(pubkey, strlen(pubkey));
808 if (!TEST_true(bio != NULL))
811 pkey = PEM_read_bio_PUBKEY(bio, NULL, NULL, NULL);
812 if (!TEST_true(pkey != NULL))
815 if (!TEST_true(EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2)))
818 if (!TEST_ptr(mctx = EVP_MD_CTX_new()))
821 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new(pkey, NULL)))
824 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(pctx, (const uint8_t *)id,
828 EVP_MD_CTX_set_pkey_ctx(mctx, pctx);
830 if (!TEST_true(EVP_DigestVerifyInit(mctx, NULL, EVP_sm3(), NULL, pkey)))
833 if (!TEST_true(EVP_DigestVerifyUpdate(mctx, msg, strlen(msg))))
836 if (!TEST_true(EVP_DigestVerifyFinal(mctx, signature, sizeof(signature))))
843 EVP_PKEY_CTX_free(pctx);
844 EVP_MD_CTX_free(mctx);
848 static int test_EVP_SM2(void)
851 EVP_PKEY *pkey = NULL;
852 EVP_PKEY *params = NULL;
853 EVP_PKEY_CTX *pctx = NULL;
854 EVP_PKEY_CTX *kctx = NULL;
855 EVP_PKEY_CTX *sctx = NULL;
857 unsigned char *sig = NULL;
858 EVP_MD_CTX *md_ctx = NULL;
859 EVP_MD_CTX *md_ctx_verify = NULL;
860 EVP_PKEY_CTX *cctx = NULL;
862 uint8_t ciphertext[128];
863 size_t ctext_len = sizeof(ciphertext);
865 uint8_t plaintext[8];
866 size_t ptext_len = sizeof(plaintext);
868 uint8_t sm2_id[] = {1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r'};
870 pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
874 if (!TEST_true(EVP_PKEY_paramgen_init(pctx) == 1))
877 if (!TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, NID_sm2)))
880 if (!TEST_true(EVP_PKEY_paramgen(pctx, ¶ms)))
883 kctx = EVP_PKEY_CTX_new(params, NULL);
887 if (!TEST_true(EVP_PKEY_keygen_init(kctx)))
890 if (!TEST_true(EVP_PKEY_keygen(kctx, &pkey)))
893 if (!TEST_true(EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2)))
896 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
899 if (!TEST_ptr(md_ctx_verify = EVP_MD_CTX_new()))
902 if (!TEST_ptr(sctx = EVP_PKEY_CTX_new(pkey, NULL)))
905 EVP_MD_CTX_set_pkey_ctx(md_ctx, sctx);
906 EVP_MD_CTX_set_pkey_ctx(md_ctx_verify, sctx);
908 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
911 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, EVP_sm3(), NULL, pkey)))
914 if(!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
917 /* Determine the size of the signature. */
918 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len)))
921 if (!TEST_ptr(sig = OPENSSL_malloc(sig_len)))
924 if (!TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
927 /* Ensure that the signature round-trips. */
929 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, EVP_sm3(), NULL, pkey)))
932 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg))))
935 if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)))
938 /* now check encryption/decryption */
940 if (!TEST_ptr(cctx = EVP_PKEY_CTX_new(pkey, NULL)))
943 if (!TEST_true(EVP_PKEY_encrypt_init(cctx)))
946 if (!TEST_true(EVP_PKEY_encrypt(cctx, ciphertext, &ctext_len, kMsg, sizeof(kMsg))))
949 if (!TEST_true(EVP_PKEY_decrypt_init(cctx)))
952 if (!TEST_true(EVP_PKEY_decrypt(cctx, plaintext, &ptext_len, ciphertext, ctext_len)))
955 if (!TEST_true(ptext_len == sizeof(kMsg)))
958 if (!TEST_true(memcmp(plaintext, kMsg, sizeof(kMsg)) == 0))
963 EVP_PKEY_CTX_free(pctx);
964 EVP_PKEY_CTX_free(kctx);
965 EVP_PKEY_CTX_free(sctx);
966 EVP_PKEY_CTX_free(cctx);
968 EVP_PKEY_free(params);
969 EVP_MD_CTX_free(md_ctx);
970 EVP_MD_CTX_free(md_ctx_verify);
977 static struct keys_st {
983 EVP_PKEY_HMAC, "0123456789", NULL
985 EVP_PKEY_POLY1305, "01234567890123456789012345678901", NULL
987 EVP_PKEY_SIPHASH, "0123456789012345", NULL
989 #ifndef OPENSSL_NO_EC
991 EVP_PKEY_X25519, "01234567890123456789012345678901",
992 "abcdefghijklmnopqrstuvwxyzabcdef"
994 EVP_PKEY_ED25519, "01234567890123456789012345678901",
995 "abcdefghijklmnopqrstuvwxyzabcdef"
998 "01234567890123456789012345678901234567890123456789012345",
999 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd"
1002 "012345678901234567890123456789012345678901234567890123456",
1003 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcde"
1008 static int test_set_get_raw_keys_int(int tst, int pub)
1011 unsigned char buf[80];
1013 size_t inlen, len = 0;
1016 /* Check if this algorithm supports public keys */
1017 if (keys[tst].pub == NULL)
1020 memset(buf, 0, sizeof(buf));
1023 inlen = strlen(keys[tst].pub);
1024 in = (unsigned char *)keys[tst].pub;
1025 pkey = EVP_PKEY_new_raw_public_key(keys[tst].type,
1030 inlen = strlen(keys[tst].priv);
1031 in = (unsigned char *)keys[tst].priv;
1032 pkey = EVP_PKEY_new_raw_private_key(keys[tst].type,
1039 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, NULL, &len)))
1040 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, NULL, &len)))
1041 || !TEST_true(len == inlen)
1042 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, buf, &len)))
1043 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, buf, &len)))
1044 || !TEST_mem_eq(in, inlen, buf, len))
1049 EVP_PKEY_free(pkey);
1053 static int test_set_get_raw_keys(int tst)
1055 return test_set_get_raw_keys_int(tst, 0)
1056 && test_set_get_raw_keys_int(tst, 1);
1059 static int pkey_custom_check(EVP_PKEY *pkey)
1064 static int pkey_custom_pub_check(EVP_PKEY *pkey)
1069 static int pkey_custom_param_check(EVP_PKEY *pkey)
1074 static EVP_PKEY_METHOD *custom_pmeth;
1076 static int test_EVP_PKEY_check(int i)
1079 const unsigned char *p;
1080 EVP_PKEY *pkey = NULL;
1081 #ifndef OPENSSL_NO_EC
1082 EC_KEY *eckey = NULL;
1084 EVP_PKEY_CTX *ctx = NULL;
1085 EVP_PKEY_CTX *ctx2 = NULL;
1086 const APK_DATA *ak = &keycheckdata[i];
1087 const unsigned char *input = ak->kder;
1088 size_t input_len = ak->size;
1089 int expected_id = ak->evptype;
1090 int expected_check = ak->check;
1091 int expected_pub_check = ak->pub_check;
1092 int expected_param_check = ak->param_check;
1093 int type = ak->type;
1100 if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len))
1101 || !TEST_ptr_eq(p, input + input_len)
1102 || !TEST_int_eq(EVP_PKEY_id(pkey), expected_id))
1105 #ifndef OPENSSL_NO_EC
1107 if (!TEST_ptr(pubkey = BIO_new_mem_buf(input, input_len))
1108 || !TEST_ptr(eckey = d2i_EC_PUBKEY_bio(pubkey, NULL))
1109 || !TEST_ptr(pkey = EVP_PKEY_new())
1110 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
1114 if (!TEST_ptr(eckey = d2i_ECParameters(NULL, &p, input_len))
1115 || !TEST_ptr_eq(p, input + input_len)
1116 || !TEST_ptr(pkey = EVP_PKEY_new())
1117 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
1125 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new(pkey, NULL)))
1128 if (!TEST_int_eq(EVP_PKEY_check(ctx), expected_check))
1131 if (!TEST_int_eq(EVP_PKEY_public_check(ctx), expected_pub_check))
1134 if (!TEST_int_eq(EVP_PKEY_param_check(ctx), expected_param_check))
1137 ctx2 = EVP_PKEY_CTX_new_id(0xdefaced, NULL);
1138 /* assign the pkey directly, as an internal test */
1139 EVP_PKEY_up_ref(pkey);
1142 if (!TEST_int_eq(EVP_PKEY_check(ctx2), 0xbeef))
1145 if (!TEST_int_eq(EVP_PKEY_public_check(ctx2), 0xbeef))
1148 if (!TEST_int_eq(EVP_PKEY_param_check(ctx2), 0xbeef))
1154 EVP_PKEY_CTX_free(ctx);
1155 EVP_PKEY_CTX_free(ctx2);
1156 EVP_PKEY_free(pkey);
1161 static int test_HKDF(void)
1164 unsigned char out[20];
1167 unsigned char salt[] = "0123456789";
1168 unsigned char key[] = "012345678901234567890123456789";
1169 unsigned char info[] = "infostring";
1170 const unsigned char expected[] = {
1171 0xe5, 0x07, 0x70, 0x7f, 0xc6, 0x78, 0xd6, 0x54, 0x32, 0x5f, 0x7e, 0xc5,
1172 0x7b, 0x59, 0x3e, 0xd8, 0x03, 0x6b, 0xed, 0xca
1174 size_t expectedlen = sizeof(expected);
1176 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL)))
1179 /* We do this twice to test reuse of the EVP_PKEY_CTX */
1180 for (i = 0; i < 2; i++) {
1181 outlen = sizeof(out);
1182 memset(out, 0, outlen);
1184 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
1185 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
1186 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
1187 sizeof(salt) - 1), 0)
1188 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
1189 sizeof(key) - 1), 0)
1190 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
1191 sizeof(info) - 1), 0)
1192 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
1193 || !TEST_mem_eq(out, outlen, expected, expectedlen))
1200 EVP_PKEY_CTX_free(pctx);
1205 #ifndef OPENSSL_NO_EC
1206 static int test_X509_PUBKEY_inplace(void)
1209 X509_PUBKEY *xp = NULL;
1210 const unsigned char *p = kExampleECPubKeyDER;
1211 size_t input_len = sizeof(kExampleECPubKeyDER);
1213 if (!TEST_ptr(xp = d2i_X509_PUBKEY(NULL, &p, input_len)))
1216 if (!TEST_ptr(X509_PUBKEY_get0(xp)))
1219 p = kExampleBadECPubKeyDER;
1220 input_len = sizeof(kExampleBadECPubKeyDER);
1222 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len)))
1225 if (!TEST_true(X509_PUBKEY_get0(xp) == NULL))
1231 X509_PUBKEY_free(xp);
1234 #endif /* OPENSSL_NO_EC */
1236 /* Test getting and setting parameters on an EVP_PKEY_CTX */
1237 static int test_EVP_PKEY_CTX_get_set_params(EVP_PKEY *pkey)
1239 EVP_MD_CTX *mdctx = NULL;
1240 EVP_PKEY_CTX *ctx = NULL;
1241 const OSSL_PARAM *params;
1242 OSSL_PARAM ourparams[2], *param = ourparams, *param_md;
1245 char mdname[OSSL_MAX_NAME_SIZE];
1248 /* Initialise a sign operation */
1249 ctx = EVP_PKEY_CTX_new(pkey, NULL);
1251 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0))
1255 * We should be able to query the parameters now.
1257 params = EVP_PKEY_CTX_settable_params(ctx);
1258 if (!TEST_ptr(params)
1259 || !TEST_ptr(OSSL_PARAM_locate_const(params,
1260 OSSL_SIGNATURE_PARAM_DIGEST)))
1263 params = EVP_PKEY_CTX_gettable_params(ctx);
1264 if (!TEST_ptr(params)
1265 || !TEST_ptr(OSSL_PARAM_locate_const(params,
1266 OSSL_SIGNATURE_PARAM_ALGORITHM_ID))
1267 || !TEST_ptr(OSSL_PARAM_locate_const(params,
1268 OSSL_SIGNATURE_PARAM_DIGEST)))
1272 * Test getting and setting params via EVP_PKEY_CTX_set_params() and
1273 * EVP_PKEY_CTX_get_params()
1275 strcpy(mdname, "SHA512");
1277 *param++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
1279 *param++ = OSSL_PARAM_construct_end();
1281 if (!TEST_true(EVP_PKEY_CTX_set_params(ctx, ourparams)))
1285 *param_md = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
1286 mdname, sizeof(mdname));
1287 if (!TEST_true(EVP_PKEY_CTX_get_params(ctx, ourparams))
1288 || !TEST_str_eq(mdname, "SHA512"))
1292 * Test the TEST_PKEY_CTX_set_signature_md() and
1293 * TEST_PKEY_CTX_get_signature_md() functions
1295 if (!TEST_int_gt(EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()), 0)
1296 || !TEST_int_gt(EVP_PKEY_CTX_get_signature_md(ctx, &md), 0)
1297 || !TEST_ptr_eq(md, EVP_sha256()))
1301 * Test getting MD parameters via an associated EVP_PKEY_CTX
1303 mdctx = EVP_MD_CTX_new();
1304 if (!TEST_ptr(mdctx)
1305 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, "SHA1", NULL, pkey,
1310 * We now have an EVP_MD_CTX with an EVP_PKEY_CTX inside it. We should be
1311 * able to obtain the digest's settable parameters from the provider.
1313 params = EVP_MD_CTX_settable_params(mdctx);
1314 if (!TEST_ptr(params)
1315 || !TEST_int_eq(strcmp(params[0].key, OSSL_DIGEST_PARAM_SSL3_MS), 0)
1316 /* The final key should be NULL */
1317 || !TEST_ptr_null(params[1].key))
1321 memset(ssl3ms, 0, sizeof(ssl3ms));
1322 *param++ = OSSL_PARAM_construct_octet_string(OSSL_DIGEST_PARAM_SSL3_MS,
1323 ssl3ms, sizeof(ssl3ms));
1324 *param++ = OSSL_PARAM_construct_end();
1326 if (!TEST_true(EVP_MD_CTX_set_params(mdctx, ourparams)))
1332 EVP_MD_CTX_free(mdctx);
1333 EVP_PKEY_CTX_free(ctx);
1338 #ifndef OPENSSL_NO_DSA
1339 static int test_DSA_get_set_params(void)
1342 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
1343 EVP_PKEY *pkey = NULL;
1347 * Setup the parameters for our DSA object. For our purposes they don't
1348 * have to actually be *valid* parameters. We just need to set something.
1361 || !DSA_set0_pqg(dsa, p, q, g)
1362 || !DSA_set0_key(dsa, pub, priv))
1364 p = q = g = pub = priv = NULL;
1366 pkey = EVP_PKEY_new();
1368 || !TEST_true(EVP_PKEY_assign_DSA(pkey, dsa)))
1373 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
1376 EVP_PKEY_free(pkey);
1388 static int test_RSA_get_set_params(void)
1391 BIGNUM *n = NULL, *e = NULL, *d = NULL;
1392 EVP_PKEY *pkey = NULL;
1396 * Setup the parameters for our RSA object. For our purposes they don't
1397 * have to actually be *valid* parameters. We just need to set something.
1407 || !RSA_set0_key(rsa, n, e, d))
1411 pkey = EVP_PKEY_new();
1413 || !TEST_true(EVP_PKEY_assign_RSA(pkey, rsa)))
1418 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
1421 EVP_PKEY_free(pkey);
1430 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
1431 static int test_decrypt_null_chunks(void)
1433 EVP_CIPHER_CTX* ctx = NULL;
1434 const unsigned char key[32] = {
1435 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
1436 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
1437 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1
1439 unsigned char iv[12] = {
1440 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b
1442 unsigned char msg[] = "It was the best of times, it was the worst of times";
1443 unsigned char ciphertext[80];
1444 unsigned char plaintext[80];
1445 /* We initialise tmp to a non zero value on purpose */
1446 int ctlen, ptlen, tmp = 99;
1448 const int enc_offset = 10, dec_offset = 20;
1450 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
1451 || !TEST_true(EVP_EncryptInit_ex(ctx, EVP_chacha20_poly1305(), NULL,
1453 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &ctlen, msg,
1455 /* Deliberate add a zero length update */
1456 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp, NULL,
1458 || !TEST_int_eq(tmp, 0)
1459 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp,
1461 sizeof(msg) - enc_offset))
1462 || !TEST_int_eq(ctlen += tmp, sizeof(msg))
1463 || !TEST_true(EVP_EncryptFinal(ctx, ciphertext + ctlen, &tmp))
1464 || !TEST_int_eq(tmp, 0))
1467 /* Deliberately initialise tmp to a non zero value */
1469 if (!TEST_true(EVP_DecryptInit_ex(ctx, EVP_chacha20_poly1305(), NULL, key,
1471 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext, &ptlen, ciphertext,
1474 * Deliberately add a zero length update. We also deliberately do
1475 * this at a different offset than for encryption.
1477 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp, NULL,
1479 || !TEST_int_eq(tmp, 0)
1480 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp,
1481 ciphertext + dec_offset,
1482 ctlen - dec_offset))
1483 || !TEST_int_eq(ptlen += tmp, sizeof(msg))
1484 || !TEST_true(EVP_DecryptFinal(ctx, plaintext + ptlen, &tmp))
1485 || !TEST_int_eq(tmp, 0)
1486 || !TEST_mem_eq(msg, sizeof(msg), plaintext, ptlen))
1491 EVP_CIPHER_CTX_free(ctx);
1494 #endif /* !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) */
1496 #ifndef OPENSSL_NO_DH
1497 static int test_EVP_PKEY_set1_DH(void)
1499 DH *x942dh = NULL, *noqdh = NULL;
1500 EVP_PKEY *pkey1 = NULL, *pkey2 = NULL;
1502 BIGNUM *p, *g = NULL;
1504 if (!TEST_ptr(p = BN_new())
1505 || !TEST_ptr(g = BN_new())
1506 || !BN_set_word(p, 9999)
1507 || !BN_set_word(g, 2)
1508 || !TEST_ptr(noqdh = DH_new())
1509 || !DH_set0_pqg(noqdh, p, NULL, g))
1513 x942dh = DH_get_2048_256();
1514 pkey1 = EVP_PKEY_new();
1515 pkey2 = EVP_PKEY_new();
1516 if (!TEST_ptr(x942dh)
1519 || !TEST_ptr(pkey2))
1522 if(!TEST_true(EVP_PKEY_set1_DH(pkey1, x942dh))
1523 || !TEST_int_eq(EVP_PKEY_id(pkey1), EVP_PKEY_DHX))
1526 if(!TEST_true(EVP_PKEY_set1_DH(pkey2, noqdh))
1527 || !TEST_int_eq(EVP_PKEY_id(pkey2), EVP_PKEY_DH))
1534 EVP_PKEY_free(pkey1);
1535 EVP_PKEY_free(pkey2);
1543 int setup_tests(void)
1545 ADD_ALL_TESTS(test_EVP_DigestSignInit, 9);
1546 ADD_TEST(test_EVP_DigestVerifyInit);
1547 ADD_TEST(test_EVP_Enveloped);
1548 ADD_ALL_TESTS(test_d2i_AutoPrivateKey, OSSL_NELEM(keydata));
1549 #ifndef OPENSSL_NO_EC
1550 ADD_TEST(test_EVP_PKCS82PKEY);
1552 #if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODE)
1553 ADD_TEST(test_EVP_SM2);
1554 ADD_TEST(test_EVP_SM2_verify);
1556 ADD_ALL_TESTS(test_set_get_raw_keys, OSSL_NELEM(keys));
1557 custom_pmeth = EVP_PKEY_meth_new(0xdefaced, 0);
1558 if (!TEST_ptr(custom_pmeth))
1560 EVP_PKEY_meth_set_check(custom_pmeth, pkey_custom_check);
1561 EVP_PKEY_meth_set_public_check(custom_pmeth, pkey_custom_pub_check);
1562 EVP_PKEY_meth_set_param_check(custom_pmeth, pkey_custom_param_check);
1563 if (!TEST_int_eq(EVP_PKEY_meth_add0(custom_pmeth), 1))
1565 ADD_ALL_TESTS(test_EVP_PKEY_check, OSSL_NELEM(keycheckdata));
1566 ADD_TEST(test_HKDF);
1567 #ifndef OPENSSL_NO_EC
1568 ADD_TEST(test_X509_PUBKEY_inplace);
1569 ADD_ALL_TESTS(test_invalide_ec_char2_pub_range_decode,
1570 OSSL_NELEM(ec_der_pub_keys));
1572 #ifndef OPENSSL_NO_DSA
1573 ADD_TEST(test_DSA_get_set_params);
1575 ADD_TEST(test_RSA_get_set_params);
1576 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
1577 ADD_TEST(test_decrypt_null_chunks);
1579 #ifndef OPENSSL_NO_DH
1580 ADD_TEST(test_EVP_PKEY_set1_DH);