2 * Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the OpenSSL license (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
13 #include <openssl/bio.h>
14 #include <openssl/crypto.h>
15 #include <openssl/err.h>
16 #include <openssl/evp.h>
17 #include <openssl/rsa.h>
18 #include <openssl/x509.h>
19 #include <openssl/pem.h>
20 #include <openssl/kdf.h>
22 #include "internal/nelem.h"
23 #include "internal/evp_int.h"
26 * kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you
27 * should never use this key anywhere but in an example.
29 static const unsigned char kExampleRSAKeyDER[] = {
30 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xf8,
31 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59,
32 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37,
33 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71,
34 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a,
35 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4,
36 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec,
37 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76,
38 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8,
39 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7,
40 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c,
41 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01,
42 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 0x6d, 0xc7,
43 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 0x32, 0x85,
44 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 0x5f, 0xee,
45 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 0x66, 0x85,
46 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 0xa4, 0x0a,
47 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 0xc2, 0x15,
48 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 0x5b, 0x83,
49 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 0x80, 0x1b,
50 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 0x99, 0x73,
51 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 0x1f, 0x99,
52 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 0xb1, 0x02,
53 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 0x40, 0x41,
54 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 0x3d, 0x59,
55 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 0xc6, 0xd9,
56 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 0x9f, 0xef,
57 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 0x46, 0x87,
58 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 0x2c, 0xdf,
59 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 0x55, 0xf5,
60 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 0xcd, 0xb5,
61 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 0xb3, 0x62,
62 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 0x9b, 0x64,
63 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 0xfa, 0xb8,
64 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 0xe8, 0xba,
65 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 0xe7, 0xfe,
66 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 0x75, 0xe7,
67 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 0x9d, 0xfe,
68 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 0xf1, 0xdb,
69 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 0x5a, 0x34,
70 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 0x84, 0x27,
71 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 0xe9, 0xc0,
72 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 0xb9, 0xba,
73 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 0x10, 0x06,
74 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 0x52, 0x2c,
75 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 0xc4, 0x1e,
76 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 0x49, 0xaf,
77 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 0xd1, 0x8a,
78 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 0x17, 0x17,
79 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 0x08, 0xf1,
80 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
84 * kExampleBadRSAKeyDER is an RSA private key in ASN.1, DER format. The private
85 * components are not correct.
87 static const unsigned char kExampleBadRSAKeyDER[] = {
88 0x30, 0x82, 0x04, 0x27, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00,
89 0xa6, 0x1a, 0x1e, 0x6e, 0x7b, 0xee, 0xc6, 0x89, 0x66, 0xe7, 0x93, 0xef,
90 0x54, 0x12, 0x68, 0xea, 0xbf, 0x86, 0x2f, 0xdd, 0xd2, 0x79, 0xb8, 0xa9,
91 0x6e, 0x03, 0xc2, 0xa3, 0xb9, 0xa3, 0xe1, 0x4b, 0x2a, 0xb3, 0xf8, 0xb4,
92 0xcd, 0xea, 0xbe, 0x24, 0xa6, 0x57, 0x5b, 0x83, 0x1f, 0x0f, 0xf2, 0xd3,
93 0xb7, 0xac, 0x7e, 0xd6, 0x8e, 0x6e, 0x1e, 0xbf, 0xb8, 0x73, 0x8c, 0x05,
94 0x56, 0xe6, 0x35, 0x1f, 0xe9, 0x04, 0x0b, 0x09, 0x86, 0x7d, 0xf1, 0x26,
95 0x08, 0x99, 0xad, 0x7b, 0xc8, 0x4d, 0x94, 0xb0, 0x0b, 0x8b, 0x38, 0xa0,
96 0x5c, 0x62, 0xa0, 0xab, 0xd3, 0x8f, 0xd4, 0x09, 0x60, 0x72, 0x1e, 0x33,
97 0x50, 0x80, 0x6e, 0x22, 0xa6, 0x77, 0x57, 0x6b, 0x9a, 0x33, 0x21, 0x66,
98 0x87, 0x6e, 0x21, 0x7b, 0xc7, 0x24, 0x0e, 0xd8, 0x13, 0xdf, 0x83, 0xde,
99 0xcd, 0x40, 0x58, 0x1d, 0x84, 0x86, 0xeb, 0xb8, 0x12, 0x4e, 0xd2, 0xfa,
100 0x80, 0x1f, 0xe4, 0xe7, 0x96, 0x29, 0xb8, 0xcc, 0xce, 0x66, 0x6d, 0x53,
101 0xca, 0xb9, 0x5a, 0xd7, 0xf6, 0x84, 0x6c, 0x2d, 0x9a, 0x1a, 0x14, 0x1c,
102 0x4e, 0x93, 0x39, 0xba, 0x74, 0xed, 0xed, 0x87, 0x87, 0x5e, 0x48, 0x75,
103 0x36, 0xf0, 0xbc, 0x34, 0xfb, 0x29, 0xf9, 0x9f, 0x96, 0x5b, 0x0b, 0xa7,
104 0x54, 0x30, 0x51, 0x29, 0x18, 0x5b, 0x7d, 0xac, 0x0f, 0xd6, 0x5f, 0x7c,
105 0xf8, 0x98, 0x8c, 0xd8, 0x86, 0x62, 0xb3, 0xdc, 0xff, 0x0f, 0xff, 0x7a,
106 0xaf, 0x5c, 0x4c, 0x61, 0x49, 0x2e, 0xc8, 0x95, 0x86, 0xc4, 0x0e, 0x87,
107 0xfc, 0x1d, 0xcf, 0x8b, 0x7c, 0x61, 0xf6, 0xd8, 0xd0, 0x69, 0xf6, 0xcd,
108 0x8a, 0x8c, 0xf6, 0x62, 0xa2, 0x56, 0xa9, 0xe3, 0xd1, 0xcf, 0x4d, 0xa0,
109 0xf6, 0x2d, 0x20, 0x0a, 0x04, 0xb7, 0xa2, 0xf7, 0xb5, 0x99, 0x47, 0x18,
110 0x56, 0x85, 0x87, 0xc7, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01,
111 0x01, 0x00, 0x99, 0x41, 0x38, 0x1a, 0xd0, 0x96, 0x7a, 0xf0, 0x83, 0xd5,
112 0xdf, 0x94, 0xce, 0x89, 0x3d, 0xec, 0x7a, 0x52, 0x21, 0x10, 0x16, 0x06,
113 0xe0, 0xee, 0xd2, 0xe6, 0xfd, 0x4b, 0x7b, 0x19, 0x4d, 0xe1, 0xc0, 0xc0,
114 0xd5, 0x14, 0x5d, 0x79, 0xdd, 0x7e, 0x8b, 0x4b, 0xc6, 0xcf, 0xb0, 0x75,
115 0x52, 0xa3, 0x2d, 0xb1, 0x26, 0x46, 0x68, 0x9c, 0x0a, 0x1a, 0xf2, 0xe1,
116 0x09, 0xac, 0x53, 0x85, 0x8c, 0x36, 0xa9, 0x14, 0x65, 0xea, 0xa0, 0x00,
117 0xcb, 0xe3, 0x3f, 0xc4, 0x2b, 0x61, 0x2e, 0x6b, 0x06, 0x69, 0x77, 0xfd,
118 0x38, 0x7e, 0x1d, 0x3f, 0x92, 0xe7, 0x77, 0x08, 0x19, 0xa7, 0x9d, 0x29,
119 0x2d, 0xdc, 0x42, 0xc6, 0x7c, 0xd7, 0xd3, 0xa8, 0x01, 0x2c, 0xf2, 0xd5,
120 0x82, 0x57, 0xcb, 0x55, 0x3d, 0xe7, 0xaa, 0xd2, 0x06, 0x30, 0x30, 0x05,
121 0xe6, 0xf2, 0x47, 0x86, 0xba, 0xc6, 0x61, 0x64, 0xeb, 0x4f, 0x2a, 0x5e,
122 0x07, 0x29, 0xe0, 0x96, 0xb2, 0x43, 0xff, 0x5f, 0x1a, 0x54, 0x16, 0xcf,
123 0xb5, 0x56, 0x5c, 0xa0, 0x9b, 0x0c, 0xfd, 0xb3, 0xd2, 0xe3, 0x79, 0x1d,
124 0x21, 0xe2, 0xd6, 0x13, 0xc4, 0x74, 0xa6, 0xf5, 0x8e, 0x8e, 0x81, 0xbb,
125 0xb4, 0xad, 0x8a, 0xf0, 0x93, 0x0a, 0xd8, 0x0a, 0x42, 0x36, 0xbc, 0xe5,
126 0x26, 0x2a, 0x0d, 0x5d, 0x57, 0x13, 0xc5, 0x4e, 0x2f, 0x12, 0x0e, 0xef,
127 0xa7, 0x81, 0x1e, 0xc3, 0xa5, 0xdb, 0xc9, 0x24, 0xeb, 0x1a, 0xa1, 0xf9,
128 0xf6, 0xa1, 0x78, 0x98, 0x93, 0x77, 0x42, 0x45, 0x03, 0xe2, 0xc9, 0xa2,
129 0xfe, 0x2d, 0x77, 0xc8, 0xc6, 0xac, 0x9b, 0x98, 0x89, 0x6d, 0x9a, 0xe7,
130 0x61, 0x63, 0xb7, 0xf2, 0xec, 0xd6, 0xb1, 0xa1, 0x6e, 0x0a, 0x1a, 0xff,
131 0xfd, 0x43, 0x28, 0xc3, 0x0c, 0xdc, 0xf2, 0x47, 0x4f, 0x27, 0xaa, 0x99,
132 0x04, 0x8e, 0xac, 0xe8, 0x7c, 0x01, 0x02, 0x04, 0x12, 0x34, 0x56, 0x78,
133 0x02, 0x81, 0x81, 0x00, 0xca, 0x69, 0xe5, 0xbb, 0x3a, 0x90, 0x82, 0xcb,
134 0x82, 0x50, 0x2f, 0x29, 0xe2, 0x76, 0x6a, 0x57, 0x55, 0x45, 0x4e, 0x35,
135 0x18, 0x61, 0xe0, 0x12, 0x70, 0xc0, 0xab, 0xc7, 0x80, 0xa2, 0xd4, 0x46,
136 0x34, 0x03, 0xa0, 0x19, 0x26, 0x23, 0x9e, 0xef, 0x1a, 0xcb, 0x75, 0xd6,
137 0xba, 0x81, 0xf4, 0x7e, 0x52, 0xe5, 0x2a, 0xe8, 0xf1, 0x49, 0x6c, 0x0f,
138 0x1a, 0xa0, 0xf9, 0xc6, 0xe7, 0xec, 0x60, 0xe4, 0xcb, 0x2a, 0xb5, 0x56,
139 0xe9, 0x9c, 0xcd, 0x19, 0x75, 0x92, 0xb1, 0x66, 0xce, 0xc3, 0xd9, 0x3d,
140 0x11, 0xcb, 0xc4, 0x09, 0xce, 0x1e, 0x30, 0xba, 0x2f, 0x60, 0x60, 0x55,
141 0x8d, 0x02, 0xdc, 0x5d, 0xaf, 0xf7, 0x52, 0x31, 0x17, 0x07, 0x53, 0x20,
142 0x33, 0xad, 0x8c, 0xd5, 0x2f, 0x5a, 0xd0, 0x57, 0xd7, 0xd1, 0x80, 0xd6,
143 0x3a, 0x9b, 0x04, 0x4f, 0x35, 0xbf, 0xe7, 0xd5, 0xbc, 0x8f, 0xd4, 0x81,
144 0x02, 0x81, 0x81, 0x00, 0xc0, 0x9f, 0xf8, 0xcd, 0xf7, 0x3f, 0x26, 0x8a,
145 0x3d, 0x4d, 0x2b, 0x0c, 0x01, 0xd0, 0xa2, 0xb4, 0x18, 0xfe, 0xf7, 0x5e,
146 0x2f, 0x06, 0x13, 0xcd, 0x63, 0xaa, 0x12, 0xa9, 0x24, 0x86, 0xe3, 0xf3,
147 0x7b, 0xda, 0x1a, 0x3c, 0xb1, 0x38, 0x80, 0x80, 0xef, 0x64, 0x64, 0xa1,
148 0x9b, 0xfe, 0x76, 0x63, 0x8e, 0x83, 0xd2, 0xd9, 0xb9, 0x86, 0xb0, 0xe6,
149 0xa6, 0x0c, 0x7e, 0xa8, 0x84, 0x90, 0x98, 0x0c, 0x1e, 0xf3, 0x14, 0x77,
150 0xe0, 0x5f, 0x81, 0x08, 0x11, 0x8f, 0xa6, 0x23, 0xc4, 0xba, 0xc0, 0x8a,
151 0xe4, 0xc6, 0xe3, 0x5c, 0xbe, 0xc5, 0xec, 0x2c, 0xb9, 0xd8, 0x8c, 0x4d,
152 0x1a, 0x9d, 0xe7, 0x7c, 0x85, 0x4c, 0x0d, 0x71, 0x4e, 0x72, 0x33, 0x1b,
153 0xfe, 0xa9, 0x17, 0x72, 0x76, 0x56, 0x9d, 0x74, 0x7e, 0x52, 0x67, 0x9a,
154 0x87, 0x9a, 0xdb, 0x30, 0xde, 0xe4, 0x49, 0x28, 0x3b, 0xd2, 0x67, 0xaf,
155 0x02, 0x81, 0x81, 0x00, 0x89, 0x74, 0x9a, 0x8e, 0xa7, 0xb9, 0xa5, 0x28,
156 0xc0, 0x68, 0xe5, 0x6e, 0x63, 0x1c, 0x99, 0x20, 0x8f, 0x86, 0x8e, 0x12,
157 0x9e, 0x69, 0x30, 0xfa, 0x34, 0xd9, 0x92, 0x8d, 0xdb, 0x7c, 0x37, 0xfd,
158 0x28, 0xab, 0x61, 0x98, 0x52, 0x7f, 0x14, 0x1a, 0x39, 0xae, 0xfb, 0x6a,
159 0x03, 0xa3, 0xe6, 0xbd, 0xb6, 0x5b, 0x6b, 0xe5, 0x5e, 0x9d, 0xc6, 0xa5,
160 0x07, 0x27, 0x54, 0x17, 0xd0, 0x3d, 0x84, 0x9b, 0x3a, 0xa0, 0xd9, 0x1e,
161 0x99, 0x6c, 0x63, 0x17, 0xab, 0xf1, 0x1f, 0x49, 0xba, 0x95, 0xe3, 0x3b,
162 0x86, 0x8f, 0x42, 0xa4, 0x89, 0xf5, 0x94, 0x8f, 0x8b, 0x46, 0xbe, 0x84,
163 0xba, 0x4a, 0xbc, 0x0d, 0x5f, 0x46, 0xeb, 0xe8, 0xec, 0x43, 0x8c, 0x1e,
164 0xad, 0x19, 0x69, 0x2f, 0x08, 0x86, 0x7a, 0x3f, 0x7d, 0x0f, 0x07, 0x97,
165 0xf3, 0x9a, 0x7b, 0xb5, 0xb2, 0xc1, 0x8c, 0x95, 0x68, 0x04, 0xa0, 0x81,
166 0x02, 0x81, 0x80, 0x4e, 0xbf, 0x7e, 0x1b, 0xcb, 0x13, 0x61, 0x75, 0x3b,
167 0xdb, 0x59, 0x5f, 0xb1, 0xd4, 0xb8, 0xeb, 0x9e, 0x73, 0xb5, 0xe7, 0xf6,
168 0x89, 0x3d, 0x1c, 0xda, 0xf0, 0x36, 0xff, 0x35, 0xbd, 0x1e, 0x0b, 0x74,
169 0xe3, 0x9e, 0xf0, 0xf2, 0xf7, 0xd7, 0x82, 0xb7, 0x7b, 0x6a, 0x1b, 0x0e,
170 0x30, 0x4a, 0x98, 0x0e, 0xb4, 0xf9, 0x81, 0x07, 0xe4, 0x75, 0x39, 0xe9,
171 0x53, 0xca, 0xbb, 0x5c, 0xaa, 0x93, 0x07, 0x0e, 0xa8, 0x2f, 0xba, 0x98,
172 0x49, 0x30, 0xa7, 0xcc, 0x1a, 0x3c, 0x68, 0x0c, 0xe1, 0xa4, 0xb1, 0x05,
173 0xe6, 0xe0, 0x25, 0x78, 0x58, 0x14, 0x37, 0xf5, 0x1f, 0xe3, 0x22, 0xef,
174 0xa8, 0x0e, 0x22, 0xa0, 0x94, 0x3a, 0xf6, 0xc9, 0x13, 0xe6, 0x06, 0xbf,
175 0x7f, 0x99, 0xc6, 0xcc, 0xd8, 0xc6, 0xbe, 0xd9, 0x2e, 0x24, 0xc7, 0x69,
176 0x8c, 0x95, 0xba, 0xf6, 0x04, 0xb3, 0x0a, 0xf4, 0xcb, 0xf0, 0xce,
179 static const unsigned char kMsg[] = { 1, 2, 3, 4 };
181 static const unsigned char kSignature[] = {
182 0xa5, 0xf0, 0x8a, 0x47, 0x5d, 0x3c, 0xb3, 0xcc, 0xa9, 0x79, 0xaf, 0x4d,
183 0x8c, 0xae, 0x4c, 0x14, 0xef, 0xc2, 0x0b, 0x34, 0x36, 0xde, 0xf4, 0x3e,
184 0x3d, 0xbb, 0x4a, 0x60, 0x5c, 0xc8, 0x91, 0x28, 0xda, 0xfb, 0x7e, 0x04,
185 0x96, 0x7e, 0x63, 0x13, 0x90, 0xce, 0xb9, 0xb4, 0x62, 0x7a, 0xfd, 0x09,
186 0x3d, 0xc7, 0x67, 0x78, 0x54, 0x04, 0xeb, 0x52, 0x62, 0x6e, 0x24, 0x67,
187 0xb4, 0x40, 0xfc, 0x57, 0x62, 0xc6, 0xf1, 0x67, 0xc1, 0x97, 0x8f, 0x6a,
188 0xa8, 0xae, 0x44, 0x46, 0x5e, 0xab, 0x67, 0x17, 0x53, 0x19, 0x3a, 0xda,
189 0x5a, 0xc8, 0x16, 0x3e, 0x86, 0xd5, 0xc5, 0x71, 0x2f, 0xfc, 0x23, 0x48,
190 0xd9, 0x0b, 0x13, 0xdd, 0x7b, 0x5a, 0x25, 0x79, 0xef, 0xa5, 0x7b, 0x04,
191 0xed, 0x44, 0xf6, 0x18, 0x55, 0xe4, 0x0a, 0xe9, 0x57, 0x79, 0x5d, 0xd7,
192 0x55, 0xa7, 0xab, 0x45, 0x02, 0x97, 0x60, 0x42,
196 * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS #8
199 static const unsigned char kExampleRSAKeyPKCS8[] = {
200 0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
201 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
202 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
203 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5,
204 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e,
205 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34,
206 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde,
207 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8,
208 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b,
209 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83,
210 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48,
211 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a,
212 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2,
213 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01,
214 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a,
215 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5,
216 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6,
217 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8,
218 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6,
219 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f,
220 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c,
221 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78,
222 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71,
223 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60,
224 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d,
225 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3,
226 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d,
227 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18,
228 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d,
229 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32,
230 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc,
231 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63,
232 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05,
233 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16,
234 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3,
235 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85,
236 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97,
237 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7,
238 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99,
239 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4,
240 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d,
241 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40,
242 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26,
243 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1,
244 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c,
245 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30,
246 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea,
247 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b,
248 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e,
249 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9,
250 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae,
251 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d,
252 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
255 #ifndef OPENSSL_NO_EC
257 * kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey
260 static const unsigned char kExampleECKeyDER[] = {
261 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x07, 0x0f, 0x08, 0x72, 0x7a,
262 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 0x4d, 0x89, 0x68, 0x77, 0x08,
263 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 0xe8, 0xd1, 0xc9, 0xce, 0x0a,
264 0x8b, 0xb4, 0x6a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
265 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69,
266 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c,
267 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9,
268 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18,
269 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16,
270 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22,
275 * kExampleBadECKeyDER is a sample EC private key encoded as an ECPrivateKey
276 * structure. The private key is equal to the order and will fail to import
278 static const unsigned char kExampleBadECKeyDER[] = {
279 0x30, 0x66, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48,
280 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03,
281 0x01, 0x07, 0x04, 0x4C, 0x30, 0x4A, 0x02, 0x01, 0x01, 0x04, 0x20, 0xFF,
282 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
283 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3,
284 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51, 0xA1, 0x23, 0x03, 0x21, 0x00,
285 0x00, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
286 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84,
287 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51
291 static const unsigned char kExampleECPubKeyDER[] = {
292 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
293 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
294 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
295 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
296 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
297 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
298 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
299 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
303 * kExampleBadECPubKeyDER is a sample EC public key with a wrong OID
304 * 1.2.840.10045.2.2 instead of 1.2.840.10045.2.1 - EC Public Key
306 static const unsigned char kExampleBadECPubKeyDER[] = {
307 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
308 0x02, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
309 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
310 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
311 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
312 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
313 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
314 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
317 static const unsigned char pExampleECParamDER[] = {
318 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07
322 typedef struct APK_DATA_st {
323 const unsigned char *kder;
329 int type; /* 0 for private, 1 for public, 2 for params */
332 static APK_DATA keydata[] = {
333 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), EVP_PKEY_RSA},
334 {kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), EVP_PKEY_RSA},
335 #ifndef OPENSSL_NO_EC
336 {kExampleECKeyDER, sizeof(kExampleECKeyDER), EVP_PKEY_EC}
340 static APK_DATA keycheckdata[] = {
341 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), EVP_PKEY_RSA, 1, -2, -2, 0},
342 {kExampleBadRSAKeyDER, sizeof(kExampleBadRSAKeyDER), EVP_PKEY_RSA,
344 #ifndef OPENSSL_NO_EC
345 {kExampleECKeyDER, sizeof(kExampleECKeyDER), EVP_PKEY_EC, 1, 1, 1, 0},
346 /* group is also associated in our pub key */
347 {kExampleECPubKeyDER, sizeof(kExampleECPubKeyDER), EVP_PKEY_EC, 0, 1, 1, 1},
348 {pExampleECParamDER, sizeof(pExampleECParamDER), EVP_PKEY_EC, 0, 0, 1, 2}
352 static EVP_PKEY *load_example_rsa_key(void)
354 EVP_PKEY *ret = NULL;
355 const unsigned char *derp = kExampleRSAKeyDER;
356 EVP_PKEY *pkey = NULL;
359 if (!TEST_true(d2i_RSAPrivateKey(&rsa, &derp, sizeof(kExampleRSAKeyDER))))
362 if (!TEST_ptr(pkey = EVP_PKEY_new())
363 || !TEST_true(EVP_PKEY_set1_RSA(pkey, rsa)))
376 static int test_EVP_Enveloped(void)
379 EVP_CIPHER_CTX *ctx = NULL;
380 EVP_PKEY *keypair = NULL;
381 unsigned char *kek = NULL;
382 unsigned char iv[EVP_MAX_IV_LENGTH];
383 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8 };
384 int len, kek_len, ciphertext_len, plaintext_len;
385 unsigned char ciphertext[32], plaintext[16];
386 const EVP_CIPHER *type = EVP_aes_256_cbc();
388 if (!TEST_ptr(keypair = load_example_rsa_key())
389 || !TEST_ptr(kek = OPENSSL_zalloc(EVP_PKEY_size(keypair)))
390 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
391 || !TEST_true(EVP_SealInit(ctx, type, &kek, &kek_len, iv,
393 || !TEST_true(EVP_SealUpdate(ctx, ciphertext, &ciphertext_len,
395 || !TEST_true(EVP_SealFinal(ctx, ciphertext + ciphertext_len,
399 ciphertext_len += len;
401 if (!TEST_true(EVP_OpenInit(ctx, type, kek, kek_len, iv, keypair))
402 || !TEST_true(EVP_OpenUpdate(ctx, plaintext, &plaintext_len,
403 ciphertext, ciphertext_len))
404 || !TEST_true(EVP_OpenFinal(ctx, plaintext + plaintext_len, &len)))
407 plaintext_len += len;
408 if (!TEST_mem_eq(msg, sizeof(msg), plaintext, plaintext_len))
414 EVP_PKEY_free(keypair);
415 EVP_CIPHER_CTX_free(ctx);
420 static int test_EVP_DigestSignInit(void)
423 EVP_PKEY *pkey = NULL;
424 unsigned char *sig = NULL;
426 EVP_MD_CTX *md_ctx, *md_ctx_verify = NULL;
428 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new())
429 || !TEST_ptr(md_ctx_verify = EVP_MD_CTX_new())
430 || !TEST_ptr(pkey = load_example_rsa_key()))
433 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, EVP_sha256(), NULL, pkey))
434 || !TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
437 /* Determine the size of the signature. */
438 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len))
439 || !TEST_size_t_eq(sig_len, (size_t)EVP_PKEY_size(pkey)))
442 if (!TEST_ptr(sig = OPENSSL_malloc(sig_len))
443 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
446 /* Ensure that the signature round-trips. */
447 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, EVP_sha256(),
449 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify,
451 || !TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)))
457 EVP_MD_CTX_free(md_ctx);
458 EVP_MD_CTX_free(md_ctx_verify);
465 static int test_EVP_DigestVerifyInit(void)
468 EVP_PKEY *pkey = NULL;
469 EVP_MD_CTX *md_ctx = NULL;
471 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new())
472 || !TEST_ptr(pkey = load_example_rsa_key()))
475 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, EVP_sha256(), NULL, pkey))
476 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)))
477 || !TEST_true(EVP_DigestVerifyFinal(md_ctx, kSignature,
478 sizeof(kSignature))))
483 EVP_MD_CTX_free(md_ctx);
488 static int test_d2i_AutoPrivateKey(int i)
491 const unsigned char *p;
492 EVP_PKEY *pkey = NULL;
493 const APK_DATA *ak = &keydata[i];
494 const unsigned char *input = ak->kder;
495 size_t input_len = ak->size;
496 int expected_id = ak->evptype;
499 if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len))
500 || !TEST_ptr_eq(p, input + input_len)
501 || !TEST_int_eq(EVP_PKEY_id(pkey), expected_id))
511 #ifndef OPENSSL_NO_EC
513 static const unsigned char ec_public_sect163k1_validxy[] = {
514 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
515 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
516 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
517 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x02, 0xd1, 0x7b,
518 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
519 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
522 static const unsigned char ec_public_sect163k1_badx[] = {
523 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
524 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
525 0x0a, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
526 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0xb0, 0x02, 0xd1, 0x7b,
527 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
528 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
531 static const unsigned char ec_public_sect163k1_bady[] = {
532 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
533 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
534 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
535 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x0a, 0xd1, 0x7b,
536 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
537 0x6a, 0xd8, 0x17, 0x65, 0x41, 0xe6
540 static struct ec_der_pub_keys_st {
541 const unsigned char *der;
544 } ec_der_pub_keys[] = {
545 { ec_public_sect163k1_validxy, sizeof(ec_public_sect163k1_validxy), 1 },
546 { ec_public_sect163k1_badx, sizeof(ec_public_sect163k1_badx), 0 },
547 { ec_public_sect163k1_bady, sizeof(ec_public_sect163k1_bady), 0 },
551 * Tests the range of the decoded EC char2 public point.
552 * See ec_GF2m_simple_oct2point().
554 static int test_invalide_ec_char2_pub_range_decode(int id)
558 EC_KEY *eckey = NULL;
560 if (!TEST_ptr(bio = BIO_new_mem_buf(ec_der_pub_keys[id].der,
561 ec_der_pub_keys[id].len)))
563 eckey = d2i_EC_PUBKEY_bio(bio, NULL);
564 ret = (ec_der_pub_keys[id].valid && TEST_ptr(eckey))
565 || TEST_ptr_null(eckey);
572 /* Tests loading a bad key in PKCS8 format */
573 static int test_EVP_PKCS82PKEY(void)
576 const unsigned char *derp = kExampleBadECKeyDER;
577 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
578 EVP_PKEY *pkey = NULL;
580 if (!TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &derp,
581 sizeof(kExampleBadECKeyDER))))
584 if (!TEST_ptr_eq(derp,
585 kExampleBadECKeyDER + sizeof(kExampleBadECKeyDER)))
588 if (!TEST_ptr_null(pkey = EVP_PKCS82PKEY(p8inf)))
594 PKCS8_PRIV_KEY_INFO_free(p8inf);
601 #ifndef OPENSSL_NO_SM2
603 static int test_EVP_SM2_verify(void)
605 /* From https://tools.ietf.org/html/draft-shen-sm2-ecdsa-02#appendix-A */
607 "-----BEGIN PUBLIC KEY-----\n"
608 "MIIBMzCB7AYHKoZIzj0CATCB4AIBATAsBgcqhkjOPQEBAiEAhULWnkwETxjouSQ1\n"
609 "v2/33kVyg5FcRVF9ci7biwjx38MwRAQgeHlotPoyw/0kF4Quc7v+/y88hItoMdfg\n"
610 "7GUiizk35JgEIGPkxtOyOwyEnPhCQUhL/kj2HVmlsWugbm4S0donxSSaBEEEQh3r\n"
611 "1hti6rZ0ZDTrw8wxXjIiCzut1QvcTE5sFH/t1D0GgFEry7QsB9RzSdIVO3DE5df9\n"
612 "/L+jbqGoWEG55G4JogIhAIVC1p5MBE8Y6LkkNb9v990pdyBjBIVijVrnTufDLnm3\n"
613 "AgEBA0IABArkx3mKoPEZRxvuEYJb5GICu3nipYRElel8BP9N8lSKfAJA+I8c1OFj\n"
614 "Uqc8F7fxbwc1PlOhdtaEqf4Ma7eY6Fc=\n"
615 "-----END PUBLIC KEY-----\n";
617 const char *msg = "message digest";
618 const char *id = "ALICE123@YAHOO.COM";
620 const uint8_t signature[] = {
621 0x30, 0x44, 0x02, 0x20,
623 0x40, 0xF1, 0xEC, 0x59, 0xF7, 0x93, 0xD9, 0xF4, 0x9E, 0x09, 0xDC,
624 0xEF, 0x49, 0x13, 0x0D, 0x41, 0x94, 0xF7, 0x9F, 0xB1, 0xEE, 0xD2,
625 0xCA, 0xA5, 0x5B, 0xAC, 0xDB, 0x49, 0xC4, 0xE7, 0x55, 0xD1,
629 0x6F, 0xC6, 0xDA, 0xC3, 0x2C, 0x5D, 0x5C, 0xF1, 0x0C, 0x77, 0xDF,
630 0xB2, 0x0F, 0x7C, 0x2E, 0xB6, 0x67, 0xA4, 0x57, 0x87, 0x2F, 0xB0,
631 0x9E, 0xC5, 0x63, 0x27, 0xA6, 0x7E, 0xC7, 0xDE, 0xEB, 0xE7
636 EVP_PKEY *pkey = NULL;
637 EVP_MD_CTX *mctx = NULL;
638 EVP_PKEY_CTX *pctx = NULL;
640 bio = BIO_new_mem_buf(pubkey, strlen(pubkey));
641 if (!TEST_true(bio != NULL))
644 pkey = PEM_read_bio_PUBKEY(bio, NULL, NULL, NULL);
645 if (!TEST_true(pkey != NULL))
648 if (!TEST_true(EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2)))
651 if (!TEST_ptr(mctx = EVP_MD_CTX_new()))
654 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new(pkey, NULL)))
657 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(pctx, (const uint8_t *)id,
661 EVP_MD_CTX_set_pkey_ctx(mctx, pctx);
663 if (!TEST_true(EVP_DigestVerifyInit(mctx, NULL, EVP_sm3(), NULL, pkey)))
666 if (!TEST_true(EVP_DigestVerifyUpdate(mctx, msg, strlen(msg))))
669 if (!TEST_true(EVP_DigestVerifyFinal(mctx, signature, sizeof(signature))))
676 EVP_PKEY_CTX_free(pctx);
677 EVP_MD_CTX_free(mctx);
681 static int test_EVP_SM2(void)
684 EVP_PKEY *pkey = NULL;
685 EVP_PKEY *params = NULL;
686 EVP_PKEY_CTX *pctx = NULL;
687 EVP_PKEY_CTX *kctx = NULL;
688 EVP_PKEY_CTX *sctx = NULL;
690 unsigned char *sig = NULL;
691 EVP_MD_CTX *md_ctx = NULL;
692 EVP_MD_CTX *md_ctx_verify = NULL;
693 EVP_PKEY_CTX *cctx = NULL;
695 uint8_t ciphertext[128];
696 size_t ctext_len = sizeof(ciphertext);
698 uint8_t plaintext[8];
699 size_t ptext_len = sizeof(plaintext);
701 uint8_t sm2_id[] = {1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r'};
703 pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
707 if (!TEST_true(EVP_PKEY_paramgen_init(pctx) == 1))
710 if (!TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, NID_sm2)))
713 if (!TEST_true(EVP_PKEY_paramgen(pctx, ¶ms)))
716 kctx = EVP_PKEY_CTX_new(params, NULL);
720 if (!TEST_true(EVP_PKEY_keygen_init(kctx)))
723 if (!TEST_true(EVP_PKEY_keygen(kctx, &pkey)))
726 if (!TEST_true(EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2)))
729 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
732 if (!TEST_ptr(md_ctx_verify = EVP_MD_CTX_new()))
735 if (!TEST_ptr(sctx = EVP_PKEY_CTX_new(pkey, NULL)))
738 EVP_MD_CTX_set_pkey_ctx(md_ctx, sctx);
739 EVP_MD_CTX_set_pkey_ctx(md_ctx_verify, sctx);
741 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
744 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, EVP_sm3(), NULL, pkey)))
747 if(!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
750 /* Determine the size of the signature. */
751 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len)))
754 if (!TEST_size_t_eq(sig_len, (size_t)EVP_PKEY_size(pkey)))
757 if (!TEST_ptr(sig = OPENSSL_malloc(sig_len)))
760 if (!TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
763 /* Ensure that the signature round-trips. */
765 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, EVP_sm3(), NULL, pkey)))
768 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg))))
771 if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)))
774 /* now check encryption/decryption */
776 if (!TEST_ptr(cctx = EVP_PKEY_CTX_new(pkey, NULL)))
779 if (!TEST_true(EVP_PKEY_encrypt_init(cctx)))
782 if (!TEST_true(EVP_PKEY_encrypt(cctx, ciphertext, &ctext_len, kMsg, sizeof(kMsg))))
785 if (!TEST_true(EVP_PKEY_decrypt_init(cctx)))
788 if (!TEST_true(EVP_PKEY_decrypt(cctx, plaintext, &ptext_len, ciphertext, ctext_len)))
791 if (!TEST_true(ptext_len == sizeof(kMsg)))
794 if (!TEST_true(memcmp(plaintext, kMsg, sizeof(kMsg)) == 0))
799 EVP_PKEY_CTX_free(pctx);
800 EVP_PKEY_CTX_free(kctx);
801 EVP_PKEY_CTX_free(sctx);
802 EVP_PKEY_CTX_free(cctx);
804 EVP_PKEY_free(params);
805 EVP_MD_CTX_free(md_ctx);
806 EVP_MD_CTX_free(md_ctx_verify);
813 static struct keys_st {
819 EVP_PKEY_HMAC, "0123456789", NULL
821 EVP_PKEY_POLY1305, "01234567890123456789012345678901", NULL
823 EVP_PKEY_SIPHASH, "0123456789012345", NULL
825 #ifndef OPENSSL_NO_EC
827 EVP_PKEY_X25519, "01234567890123456789012345678901",
828 "abcdefghijklmnopqrstuvwxyzabcdef"
830 EVP_PKEY_ED25519, "01234567890123456789012345678901",
831 "abcdefghijklmnopqrstuvwxyzabcdef"
834 "01234567890123456789012345678901234567890123456789012345",
835 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd"
838 "012345678901234567890123456789012345678901234567890123456",
839 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcde"
844 static int test_set_get_raw_keys_int(int tst, int pub)
847 unsigned char buf[80];
849 size_t inlen, len = 0;
852 /* Check if this algorithm supports public keys */
853 if (keys[tst].pub == NULL)
856 memset(buf, 0, sizeof(buf));
859 inlen = strlen(keys[tst].pub);
860 in = (unsigned char *)keys[tst].pub;
861 pkey = EVP_PKEY_new_raw_public_key(keys[tst].type,
866 inlen = strlen(keys[tst].priv);
867 in = (unsigned char *)keys[tst].priv;
868 pkey = EVP_PKEY_new_raw_private_key(keys[tst].type,
875 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, NULL, &len)))
876 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, NULL, &len)))
877 || !TEST_true(len == inlen)
878 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, buf, &len)))
879 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, buf, &len)))
880 || !TEST_mem_eq(in, inlen, buf, len))
889 static int test_set_get_raw_keys(int tst)
891 return test_set_get_raw_keys_int(tst, 0)
892 && test_set_get_raw_keys_int(tst, 1);
895 static int pkey_custom_check(EVP_PKEY *pkey)
900 static int pkey_custom_pub_check(EVP_PKEY *pkey)
905 static int pkey_custom_param_check(EVP_PKEY *pkey)
910 static EVP_PKEY_METHOD *custom_pmeth;
912 static int test_EVP_PKEY_check(int i)
915 const unsigned char *p;
916 EVP_PKEY *pkey = NULL;
917 #ifndef OPENSSL_NO_EC
918 EC_KEY *eckey = NULL;
920 EVP_PKEY_CTX *ctx = NULL;
921 EVP_PKEY_CTX *ctx2 = NULL;
922 const APK_DATA *ak = &keycheckdata[i];
923 const unsigned char *input = ak->kder;
924 size_t input_len = ak->size;
925 int expected_id = ak->evptype;
926 int expected_check = ak->check;
927 int expected_pub_check = ak->pub_check;
928 int expected_param_check = ak->param_check;
936 if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len))
937 || !TEST_ptr_eq(p, input + input_len)
938 || !TEST_int_eq(EVP_PKEY_id(pkey), expected_id))
941 #ifndef OPENSSL_NO_EC
943 if (!TEST_ptr(pubkey = BIO_new_mem_buf(input, input_len))
944 || !TEST_ptr(eckey = d2i_EC_PUBKEY_bio(pubkey, NULL))
945 || !TEST_ptr(pkey = EVP_PKEY_new())
946 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
950 if (!TEST_ptr(eckey = d2i_ECParameters(NULL, &p, input_len))
951 || !TEST_ptr_eq(p, input + input_len)
952 || !TEST_ptr(pkey = EVP_PKEY_new())
953 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
961 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new(pkey, NULL)))
964 if (!TEST_int_eq(EVP_PKEY_check(ctx), expected_check))
967 if (!TEST_int_eq(EVP_PKEY_public_check(ctx), expected_pub_check))
970 if (!TEST_int_eq(EVP_PKEY_param_check(ctx), expected_param_check))
973 ctx2 = EVP_PKEY_CTX_new_id(0xdefaced, NULL);
974 /* assign the pkey directly, as an internal test */
975 EVP_PKEY_up_ref(pkey);
978 if (!TEST_int_eq(EVP_PKEY_check(ctx2), 0xbeef))
981 if (!TEST_int_eq(EVP_PKEY_public_check(ctx2), 0xbeef))
984 if (!TEST_int_eq(EVP_PKEY_param_check(ctx2), 0xbeef))
990 EVP_PKEY_CTX_free(ctx);
991 EVP_PKEY_CTX_free(ctx2);
997 static int test_HKDF(void)
1000 unsigned char out[20];
1003 unsigned char salt[] = "0123456789";
1004 unsigned char key[] = "012345678901234567890123456789";
1005 unsigned char info[] = "infostring";
1006 const unsigned char expected[] = {
1007 0xe5, 0x07, 0x70, 0x7f, 0xc6, 0x78, 0xd6, 0x54, 0x32, 0x5f, 0x7e, 0xc5,
1008 0x7b, 0x59, 0x3e, 0xd8, 0x03, 0x6b, 0xed, 0xca
1010 size_t expectedlen = sizeof(expected);
1012 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL)))
1015 /* We do this twice to test reuse of the EVP_PKEY_CTX */
1016 for (i = 0; i < 2; i++) {
1017 outlen = sizeof(out);
1018 memset(out, 0, outlen);
1020 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
1021 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
1022 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
1023 sizeof(salt) - 1), 0)
1024 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
1025 sizeof(key) - 1), 0)
1026 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
1027 sizeof(info) - 1), 0)
1028 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
1029 || !TEST_mem_eq(out, outlen, expected, expectedlen))
1036 EVP_PKEY_CTX_free(pctx);
1041 #ifndef OPENSSL_NO_EC
1042 static int test_X509_PUBKEY_inplace(void)
1045 X509_PUBKEY *xp = NULL;
1046 const unsigned char *p = kExampleECPubKeyDER;
1047 size_t input_len = sizeof(kExampleECPubKeyDER);
1049 if (!TEST_ptr(xp = d2i_X509_PUBKEY(NULL, &p, input_len)))
1052 if (!TEST_ptr(X509_PUBKEY_get0(xp)))
1055 p = kExampleBadECPubKeyDER;
1056 input_len = sizeof(kExampleBadECPubKeyDER);
1058 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len)))
1061 if (!TEST_true(X509_PUBKEY_get0(xp) == NULL))
1067 X509_PUBKEY_free(xp);
1072 int setup_tests(void)
1074 ADD_TEST(test_EVP_DigestSignInit);
1075 ADD_TEST(test_EVP_DigestVerifyInit);
1076 ADD_TEST(test_EVP_Enveloped);
1077 ADD_ALL_TESTS(test_d2i_AutoPrivateKey, OSSL_NELEM(keydata));
1078 #ifndef OPENSSL_NO_EC
1079 ADD_TEST(test_EVP_PKCS82PKEY);
1081 #ifndef OPENSSL_NO_SM2
1082 ADD_TEST(test_EVP_SM2);
1083 ADD_TEST(test_EVP_SM2_verify);
1085 ADD_ALL_TESTS(test_set_get_raw_keys, OSSL_NELEM(keys));
1086 custom_pmeth = EVP_PKEY_meth_new(0xdefaced, 0);
1087 if (!TEST_ptr(custom_pmeth))
1089 EVP_PKEY_meth_set_check(custom_pmeth, pkey_custom_check);
1090 EVP_PKEY_meth_set_public_check(custom_pmeth, pkey_custom_pub_check);
1091 EVP_PKEY_meth_set_param_check(custom_pmeth, pkey_custom_param_check);
1092 if (!TEST_int_eq(EVP_PKEY_meth_add0(custom_pmeth), 1))
1094 ADD_ALL_TESTS(test_EVP_PKEY_check, OSSL_NELEM(keycheckdata));
1095 ADD_TEST(test_HKDF);
1096 #ifndef OPENSSL_NO_EC
1097 ADD_TEST(test_X509_PUBKEY_inplace);
1098 ADD_ALL_TESTS(test_invalide_ec_char2_pub_range_decode,
1099 OSSL_NELEM(ec_der_pub_keys));