2 * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
13 #include <openssl/bio.h>
14 #include <openssl/conf.h>
15 #include <openssl/crypto.h>
16 #include <openssl/err.h>
17 #include <openssl/evp.h>
18 #include <openssl/rsa.h>
19 #include <openssl/x509.h>
20 #include <openssl/pem.h>
21 #include <openssl/kdf.h>
22 #include <openssl/provider.h>
23 #include <openssl/core_names.h>
24 #include <openssl/dsa.h>
25 #include <openssl/dh.h>
27 #include "internal/nelem.h"
28 #include "crypto/evp.h"
31 * kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you
32 * should never use this key anywhere but in an example.
34 static const unsigned char kExampleRSAKeyDER[] = {
35 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xf8,
36 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59,
37 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37,
38 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71,
39 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a,
40 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4,
41 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec,
42 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76,
43 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8,
44 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7,
45 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c,
46 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01,
47 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 0x6d, 0xc7,
48 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 0x32, 0x85,
49 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 0x5f, 0xee,
50 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 0x66, 0x85,
51 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 0xa4, 0x0a,
52 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 0xc2, 0x15,
53 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 0x5b, 0x83,
54 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 0x80, 0x1b,
55 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 0x99, 0x73,
56 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 0x1f, 0x99,
57 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 0xb1, 0x02,
58 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 0x40, 0x41,
59 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 0x3d, 0x59,
60 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 0xc6, 0xd9,
61 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 0x9f, 0xef,
62 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 0x46, 0x87,
63 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 0x2c, 0xdf,
64 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 0x55, 0xf5,
65 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 0xcd, 0xb5,
66 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 0xb3, 0x62,
67 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 0x9b, 0x64,
68 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 0xfa, 0xb8,
69 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 0xe8, 0xba,
70 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 0xe7, 0xfe,
71 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 0x75, 0xe7,
72 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 0x9d, 0xfe,
73 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 0xf1, 0xdb,
74 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 0x5a, 0x34,
75 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 0x84, 0x27,
76 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 0xe9, 0xc0,
77 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 0xb9, 0xba,
78 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 0x10, 0x06,
79 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 0x52, 0x2c,
80 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 0xc4, 0x1e,
81 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 0x49, 0xaf,
82 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 0xd1, 0x8a,
83 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 0x17, 0x17,
84 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 0x08, 0xf1,
85 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
89 * kExampleDSAKeyDER is a DSA private key in ASN.1, DER format. Of course, you
90 * should never use this key anywhere but in an example.
92 #ifndef OPENSSL_NO_DSA
93 static const unsigned char kExampleDSAKeyDER[] = {
94 0x30, 0x82, 0x01, 0xba, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0x9a,
95 0x05, 0x6d, 0x33, 0xcd, 0x5d, 0x78, 0xa1, 0xbb, 0xcb, 0x7d, 0x5b, 0x8d,
96 0xb4, 0xcc, 0xbf, 0x03, 0x99, 0x64, 0xde, 0x38, 0x78, 0x06, 0x15, 0x2f,
97 0x86, 0x26, 0x77, 0xf3, 0xb1, 0x85, 0x00, 0xed, 0xfc, 0x28, 0x3a, 0x42,
98 0x4d, 0xab, 0xab, 0xdf, 0xbc, 0x9c, 0x16, 0xd0, 0x22, 0x50, 0xd1, 0x38,
99 0xdd, 0x3f, 0x64, 0x05, 0x9e, 0x68, 0x7a, 0x1e, 0xf1, 0x56, 0xbf, 0x1e,
100 0x2c, 0xc5, 0x97, 0x2a, 0xfe, 0x7a, 0x22, 0xdc, 0x6c, 0x68, 0xb8, 0x2e,
101 0x06, 0xdb, 0x41, 0xca, 0x98, 0xd8, 0x54, 0xc7, 0x64, 0x48, 0x24, 0x04,
102 0x20, 0xbc, 0x59, 0xe3, 0x6b, 0xea, 0x7e, 0xfc, 0x7e, 0xc5, 0x4e, 0xd4,
103 0xd8, 0x3a, 0xed, 0xcd, 0x5d, 0x99, 0xb8, 0x5c, 0xa2, 0x8b, 0xbb, 0x0b,
104 0xac, 0xe6, 0x8e, 0x25, 0x56, 0x22, 0x3a, 0x2d, 0x3a, 0x56, 0x41, 0x14,
105 0x1f, 0x1c, 0x8f, 0x53, 0x46, 0x13, 0x85, 0x02, 0x15, 0x00, 0x98, 0x7e,
106 0x92, 0x81, 0x88, 0xc7, 0x3f, 0x70, 0x49, 0x54, 0xf6, 0x76, 0xb4, 0xa3,
107 0x9e, 0x1d, 0x45, 0x98, 0x32, 0x7f, 0x02, 0x81, 0x80, 0x69, 0x4d, 0xef,
108 0x55, 0xff, 0x4d, 0x59, 0x2c, 0x01, 0xfa, 0x6a, 0x38, 0xe0, 0x70, 0x9f,
109 0x9e, 0x66, 0x8e, 0x3e, 0x8c, 0x52, 0x22, 0x9d, 0x15, 0x7e, 0x3c, 0xef,
110 0x4c, 0x7a, 0x61, 0x26, 0xe0, 0x2b, 0x81, 0x3f, 0xeb, 0xaf, 0x35, 0x38,
111 0x8d, 0xfe, 0xed, 0x46, 0xff, 0x5f, 0x03, 0x9b, 0x81, 0x92, 0xe7, 0x6f,
112 0x76, 0x4f, 0x1d, 0xd9, 0xbb, 0x89, 0xc9, 0x3e, 0xd9, 0x0b, 0xf9, 0xf4,
113 0x78, 0x11, 0x59, 0xc0, 0x1d, 0xcd, 0x0e, 0xa1, 0x6f, 0x15, 0xf1, 0x4d,
114 0xc1, 0xc9, 0x22, 0xed, 0x8d, 0xad, 0x67, 0xc5, 0x4b, 0x95, 0x93, 0x86,
115 0xa6, 0xaf, 0x8a, 0xee, 0x06, 0x89, 0x2f, 0x37, 0x7e, 0x64, 0xaa, 0xf6,
116 0xe7, 0xb1, 0x5a, 0x0a, 0x93, 0x95, 0x5d, 0x3e, 0x53, 0x9a, 0xde, 0x8a,
117 0xc2, 0x95, 0x45, 0x81, 0xbe, 0x5c, 0x2f, 0xc2, 0xb2, 0x92, 0x58, 0x19,
118 0x72, 0x80, 0xe9, 0x79, 0xa1, 0x02, 0x81, 0x80, 0x07, 0xd7, 0x62, 0xff,
119 0xdf, 0x1a, 0x3f, 0xed, 0x32, 0xd4, 0xd4, 0x88, 0x7b, 0x2c, 0x63, 0x7f,
120 0x97, 0xdc, 0x44, 0xd4, 0x84, 0xa2, 0xdd, 0x17, 0x16, 0x85, 0x13, 0xe0,
121 0xac, 0x51, 0x8d, 0x29, 0x1b, 0x75, 0x9a, 0xe4, 0xe3, 0x8a, 0x92, 0x69,
122 0x09, 0x03, 0xc5, 0x68, 0xae, 0x5e, 0x94, 0xfe, 0xc9, 0x92, 0x6c, 0x07,
123 0xb4, 0x1e, 0x64, 0x62, 0x87, 0xc6, 0xa4, 0xfd, 0x0d, 0x5f, 0xe5, 0xf9,
124 0x1b, 0x4f, 0x85, 0x5f, 0xae, 0xf3, 0x11, 0xe5, 0x18, 0xd4, 0x4d, 0x79,
125 0x9f, 0xc4, 0x79, 0x26, 0x04, 0x27, 0xf0, 0x0b, 0xee, 0x2b, 0x86, 0x9f,
126 0x86, 0x61, 0xe6, 0x51, 0xce, 0x04, 0x9b, 0x5d, 0x6b, 0x34, 0x43, 0x8c,
127 0x85, 0x3c, 0xf1, 0x51, 0x9b, 0x08, 0x23, 0x1b, 0xf5, 0x7e, 0x33, 0x12,
128 0xea, 0xab, 0x1f, 0xb7, 0x2d, 0xe2, 0x5f, 0xe6, 0x97, 0x99, 0xb5, 0x45,
129 0x16, 0x5b, 0xc3, 0x41, 0x02, 0x14, 0x61, 0xbf, 0x51, 0x60, 0xcf, 0xc8,
130 0xf1, 0x8c, 0x82, 0x97, 0xf2, 0xf4, 0x19, 0xba, 0x2b, 0xf3, 0x16, 0xbe,
136 * kExampleBadRSAKeyDER is an RSA private key in ASN.1, DER format. The private
137 * components are not correct.
139 static const unsigned char kExampleBadRSAKeyDER[] = {
140 0x30, 0x82, 0x04, 0x27, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00,
141 0xa6, 0x1a, 0x1e, 0x6e, 0x7b, 0xee, 0xc6, 0x89, 0x66, 0xe7, 0x93, 0xef,
142 0x54, 0x12, 0x68, 0xea, 0xbf, 0x86, 0x2f, 0xdd, 0xd2, 0x79, 0xb8, 0xa9,
143 0x6e, 0x03, 0xc2, 0xa3, 0xb9, 0xa3, 0xe1, 0x4b, 0x2a, 0xb3, 0xf8, 0xb4,
144 0xcd, 0xea, 0xbe, 0x24, 0xa6, 0x57, 0x5b, 0x83, 0x1f, 0x0f, 0xf2, 0xd3,
145 0xb7, 0xac, 0x7e, 0xd6, 0x8e, 0x6e, 0x1e, 0xbf, 0xb8, 0x73, 0x8c, 0x05,
146 0x56, 0xe6, 0x35, 0x1f, 0xe9, 0x04, 0x0b, 0x09, 0x86, 0x7d, 0xf1, 0x26,
147 0x08, 0x99, 0xad, 0x7b, 0xc8, 0x4d, 0x94, 0xb0, 0x0b, 0x8b, 0x38, 0xa0,
148 0x5c, 0x62, 0xa0, 0xab, 0xd3, 0x8f, 0xd4, 0x09, 0x60, 0x72, 0x1e, 0x33,
149 0x50, 0x80, 0x6e, 0x22, 0xa6, 0x77, 0x57, 0x6b, 0x9a, 0x33, 0x21, 0x66,
150 0x87, 0x6e, 0x21, 0x7b, 0xc7, 0x24, 0x0e, 0xd8, 0x13, 0xdf, 0x83, 0xde,
151 0xcd, 0x40, 0x58, 0x1d, 0x84, 0x86, 0xeb, 0xb8, 0x12, 0x4e, 0xd2, 0xfa,
152 0x80, 0x1f, 0xe4, 0xe7, 0x96, 0x29, 0xb8, 0xcc, 0xce, 0x66, 0x6d, 0x53,
153 0xca, 0xb9, 0x5a, 0xd7, 0xf6, 0x84, 0x6c, 0x2d, 0x9a, 0x1a, 0x14, 0x1c,
154 0x4e, 0x93, 0x39, 0xba, 0x74, 0xed, 0xed, 0x87, 0x87, 0x5e, 0x48, 0x75,
155 0x36, 0xf0, 0xbc, 0x34, 0xfb, 0x29, 0xf9, 0x9f, 0x96, 0x5b, 0x0b, 0xa7,
156 0x54, 0x30, 0x51, 0x29, 0x18, 0x5b, 0x7d, 0xac, 0x0f, 0xd6, 0x5f, 0x7c,
157 0xf8, 0x98, 0x8c, 0xd8, 0x86, 0x62, 0xb3, 0xdc, 0xff, 0x0f, 0xff, 0x7a,
158 0xaf, 0x5c, 0x4c, 0x61, 0x49, 0x2e, 0xc8, 0x95, 0x86, 0xc4, 0x0e, 0x87,
159 0xfc, 0x1d, 0xcf, 0x8b, 0x7c, 0x61, 0xf6, 0xd8, 0xd0, 0x69, 0xf6, 0xcd,
160 0x8a, 0x8c, 0xf6, 0x62, 0xa2, 0x56, 0xa9, 0xe3, 0xd1, 0xcf, 0x4d, 0xa0,
161 0xf6, 0x2d, 0x20, 0x0a, 0x04, 0xb7, 0xa2, 0xf7, 0xb5, 0x99, 0x47, 0x18,
162 0x56, 0x85, 0x87, 0xc7, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01,
163 0x01, 0x00, 0x99, 0x41, 0x38, 0x1a, 0xd0, 0x96, 0x7a, 0xf0, 0x83, 0xd5,
164 0xdf, 0x94, 0xce, 0x89, 0x3d, 0xec, 0x7a, 0x52, 0x21, 0x10, 0x16, 0x06,
165 0xe0, 0xee, 0xd2, 0xe6, 0xfd, 0x4b, 0x7b, 0x19, 0x4d, 0xe1, 0xc0, 0xc0,
166 0xd5, 0x14, 0x5d, 0x79, 0xdd, 0x7e, 0x8b, 0x4b, 0xc6, 0xcf, 0xb0, 0x75,
167 0x52, 0xa3, 0x2d, 0xb1, 0x26, 0x46, 0x68, 0x9c, 0x0a, 0x1a, 0xf2, 0xe1,
168 0x09, 0xac, 0x53, 0x85, 0x8c, 0x36, 0xa9, 0x14, 0x65, 0xea, 0xa0, 0x00,
169 0xcb, 0xe3, 0x3f, 0xc4, 0x2b, 0x61, 0x2e, 0x6b, 0x06, 0x69, 0x77, 0xfd,
170 0x38, 0x7e, 0x1d, 0x3f, 0x92, 0xe7, 0x77, 0x08, 0x19, 0xa7, 0x9d, 0x29,
171 0x2d, 0xdc, 0x42, 0xc6, 0x7c, 0xd7, 0xd3, 0xa8, 0x01, 0x2c, 0xf2, 0xd5,
172 0x82, 0x57, 0xcb, 0x55, 0x3d, 0xe7, 0xaa, 0xd2, 0x06, 0x30, 0x30, 0x05,
173 0xe6, 0xf2, 0x47, 0x86, 0xba, 0xc6, 0x61, 0x64, 0xeb, 0x4f, 0x2a, 0x5e,
174 0x07, 0x29, 0xe0, 0x96, 0xb2, 0x43, 0xff, 0x5f, 0x1a, 0x54, 0x16, 0xcf,
175 0xb5, 0x56, 0x5c, 0xa0, 0x9b, 0x0c, 0xfd, 0xb3, 0xd2, 0xe3, 0x79, 0x1d,
176 0x21, 0xe2, 0xd6, 0x13, 0xc4, 0x74, 0xa6, 0xf5, 0x8e, 0x8e, 0x81, 0xbb,
177 0xb4, 0xad, 0x8a, 0xf0, 0x93, 0x0a, 0xd8, 0x0a, 0x42, 0x36, 0xbc, 0xe5,
178 0x26, 0x2a, 0x0d, 0x5d, 0x57, 0x13, 0xc5, 0x4e, 0x2f, 0x12, 0x0e, 0xef,
179 0xa7, 0x81, 0x1e, 0xc3, 0xa5, 0xdb, 0xc9, 0x24, 0xeb, 0x1a, 0xa1, 0xf9,
180 0xf6, 0xa1, 0x78, 0x98, 0x93, 0x77, 0x42, 0x45, 0x03, 0xe2, 0xc9, 0xa2,
181 0xfe, 0x2d, 0x77, 0xc8, 0xc6, 0xac, 0x9b, 0x98, 0x89, 0x6d, 0x9a, 0xe7,
182 0x61, 0x63, 0xb7, 0xf2, 0xec, 0xd6, 0xb1, 0xa1, 0x6e, 0x0a, 0x1a, 0xff,
183 0xfd, 0x43, 0x28, 0xc3, 0x0c, 0xdc, 0xf2, 0x47, 0x4f, 0x27, 0xaa, 0x99,
184 0x04, 0x8e, 0xac, 0xe8, 0x7c, 0x01, 0x02, 0x04, 0x12, 0x34, 0x56, 0x78,
185 0x02, 0x81, 0x81, 0x00, 0xca, 0x69, 0xe5, 0xbb, 0x3a, 0x90, 0x82, 0xcb,
186 0x82, 0x50, 0x2f, 0x29, 0xe2, 0x76, 0x6a, 0x57, 0x55, 0x45, 0x4e, 0x35,
187 0x18, 0x61, 0xe0, 0x12, 0x70, 0xc0, 0xab, 0xc7, 0x80, 0xa2, 0xd4, 0x46,
188 0x34, 0x03, 0xa0, 0x19, 0x26, 0x23, 0x9e, 0xef, 0x1a, 0xcb, 0x75, 0xd6,
189 0xba, 0x81, 0xf4, 0x7e, 0x52, 0xe5, 0x2a, 0xe8, 0xf1, 0x49, 0x6c, 0x0f,
190 0x1a, 0xa0, 0xf9, 0xc6, 0xe7, 0xec, 0x60, 0xe4, 0xcb, 0x2a, 0xb5, 0x56,
191 0xe9, 0x9c, 0xcd, 0x19, 0x75, 0x92, 0xb1, 0x66, 0xce, 0xc3, 0xd9, 0x3d,
192 0x11, 0xcb, 0xc4, 0x09, 0xce, 0x1e, 0x30, 0xba, 0x2f, 0x60, 0x60, 0x55,
193 0x8d, 0x02, 0xdc, 0x5d, 0xaf, 0xf7, 0x52, 0x31, 0x17, 0x07, 0x53, 0x20,
194 0x33, 0xad, 0x8c, 0xd5, 0x2f, 0x5a, 0xd0, 0x57, 0xd7, 0xd1, 0x80, 0xd6,
195 0x3a, 0x9b, 0x04, 0x4f, 0x35, 0xbf, 0xe7, 0xd5, 0xbc, 0x8f, 0xd4, 0x81,
196 0x02, 0x81, 0x81, 0x00, 0xc0, 0x9f, 0xf8, 0xcd, 0xf7, 0x3f, 0x26, 0x8a,
197 0x3d, 0x4d, 0x2b, 0x0c, 0x01, 0xd0, 0xa2, 0xb4, 0x18, 0xfe, 0xf7, 0x5e,
198 0x2f, 0x06, 0x13, 0xcd, 0x63, 0xaa, 0x12, 0xa9, 0x24, 0x86, 0xe3, 0xf3,
199 0x7b, 0xda, 0x1a, 0x3c, 0xb1, 0x38, 0x80, 0x80, 0xef, 0x64, 0x64, 0xa1,
200 0x9b, 0xfe, 0x76, 0x63, 0x8e, 0x83, 0xd2, 0xd9, 0xb9, 0x86, 0xb0, 0xe6,
201 0xa6, 0x0c, 0x7e, 0xa8, 0x84, 0x90, 0x98, 0x0c, 0x1e, 0xf3, 0x14, 0x77,
202 0xe0, 0x5f, 0x81, 0x08, 0x11, 0x8f, 0xa6, 0x23, 0xc4, 0xba, 0xc0, 0x8a,
203 0xe4, 0xc6, 0xe3, 0x5c, 0xbe, 0xc5, 0xec, 0x2c, 0xb9, 0xd8, 0x8c, 0x4d,
204 0x1a, 0x9d, 0xe7, 0x7c, 0x85, 0x4c, 0x0d, 0x71, 0x4e, 0x72, 0x33, 0x1b,
205 0xfe, 0xa9, 0x17, 0x72, 0x76, 0x56, 0x9d, 0x74, 0x7e, 0x52, 0x67, 0x9a,
206 0x87, 0x9a, 0xdb, 0x30, 0xde, 0xe4, 0x49, 0x28, 0x3b, 0xd2, 0x67, 0xaf,
207 0x02, 0x81, 0x81, 0x00, 0x89, 0x74, 0x9a, 0x8e, 0xa7, 0xb9, 0xa5, 0x28,
208 0xc0, 0x68, 0xe5, 0x6e, 0x63, 0x1c, 0x99, 0x20, 0x8f, 0x86, 0x8e, 0x12,
209 0x9e, 0x69, 0x30, 0xfa, 0x34, 0xd9, 0x92, 0x8d, 0xdb, 0x7c, 0x37, 0xfd,
210 0x28, 0xab, 0x61, 0x98, 0x52, 0x7f, 0x14, 0x1a, 0x39, 0xae, 0xfb, 0x6a,
211 0x03, 0xa3, 0xe6, 0xbd, 0xb6, 0x5b, 0x6b, 0xe5, 0x5e, 0x9d, 0xc6, 0xa5,
212 0x07, 0x27, 0x54, 0x17, 0xd0, 0x3d, 0x84, 0x9b, 0x3a, 0xa0, 0xd9, 0x1e,
213 0x99, 0x6c, 0x63, 0x17, 0xab, 0xf1, 0x1f, 0x49, 0xba, 0x95, 0xe3, 0x3b,
214 0x86, 0x8f, 0x42, 0xa4, 0x89, 0xf5, 0x94, 0x8f, 0x8b, 0x46, 0xbe, 0x84,
215 0xba, 0x4a, 0xbc, 0x0d, 0x5f, 0x46, 0xeb, 0xe8, 0xec, 0x43, 0x8c, 0x1e,
216 0xad, 0x19, 0x69, 0x2f, 0x08, 0x86, 0x7a, 0x3f, 0x7d, 0x0f, 0x07, 0x97,
217 0xf3, 0x9a, 0x7b, 0xb5, 0xb2, 0xc1, 0x8c, 0x95, 0x68, 0x04, 0xa0, 0x81,
218 0x02, 0x81, 0x80, 0x4e, 0xbf, 0x7e, 0x1b, 0xcb, 0x13, 0x61, 0x75, 0x3b,
219 0xdb, 0x59, 0x5f, 0xb1, 0xd4, 0xb8, 0xeb, 0x9e, 0x73, 0xb5, 0xe7, 0xf6,
220 0x89, 0x3d, 0x1c, 0xda, 0xf0, 0x36, 0xff, 0x35, 0xbd, 0x1e, 0x0b, 0x74,
221 0xe3, 0x9e, 0xf0, 0xf2, 0xf7, 0xd7, 0x82, 0xb7, 0x7b, 0x6a, 0x1b, 0x0e,
222 0x30, 0x4a, 0x98, 0x0e, 0xb4, 0xf9, 0x81, 0x07, 0xe4, 0x75, 0x39, 0xe9,
223 0x53, 0xca, 0xbb, 0x5c, 0xaa, 0x93, 0x07, 0x0e, 0xa8, 0x2f, 0xba, 0x98,
224 0x49, 0x30, 0xa7, 0xcc, 0x1a, 0x3c, 0x68, 0x0c, 0xe1, 0xa4, 0xb1, 0x05,
225 0xe6, 0xe0, 0x25, 0x78, 0x58, 0x14, 0x37, 0xf5, 0x1f, 0xe3, 0x22, 0xef,
226 0xa8, 0x0e, 0x22, 0xa0, 0x94, 0x3a, 0xf6, 0xc9, 0x13, 0xe6, 0x06, 0xbf,
227 0x7f, 0x99, 0xc6, 0xcc, 0xd8, 0xc6, 0xbe, 0xd9, 0x2e, 0x24, 0xc7, 0x69,
228 0x8c, 0x95, 0xba, 0xf6, 0x04, 0xb3, 0x0a, 0xf4, 0xcb, 0xf0, 0xce,
231 static const unsigned char kMsg[] = { 1, 2, 3, 4 };
233 static const unsigned char kSignature[] = {
234 0xa5, 0xf0, 0x8a, 0x47, 0x5d, 0x3c, 0xb3, 0xcc, 0xa9, 0x79, 0xaf, 0x4d,
235 0x8c, 0xae, 0x4c, 0x14, 0xef, 0xc2, 0x0b, 0x34, 0x36, 0xde, 0xf4, 0x3e,
236 0x3d, 0xbb, 0x4a, 0x60, 0x5c, 0xc8, 0x91, 0x28, 0xda, 0xfb, 0x7e, 0x04,
237 0x96, 0x7e, 0x63, 0x13, 0x90, 0xce, 0xb9, 0xb4, 0x62, 0x7a, 0xfd, 0x09,
238 0x3d, 0xc7, 0x67, 0x78, 0x54, 0x04, 0xeb, 0x52, 0x62, 0x6e, 0x24, 0x67,
239 0xb4, 0x40, 0xfc, 0x57, 0x62, 0xc6, 0xf1, 0x67, 0xc1, 0x97, 0x8f, 0x6a,
240 0xa8, 0xae, 0x44, 0x46, 0x5e, 0xab, 0x67, 0x17, 0x53, 0x19, 0x3a, 0xda,
241 0x5a, 0xc8, 0x16, 0x3e, 0x86, 0xd5, 0xc5, 0x71, 0x2f, 0xfc, 0x23, 0x48,
242 0xd9, 0x0b, 0x13, 0xdd, 0x7b, 0x5a, 0x25, 0x79, 0xef, 0xa5, 0x7b, 0x04,
243 0xed, 0x44, 0xf6, 0x18, 0x55, 0xe4, 0x0a, 0xe9, 0x57, 0x79, 0x5d, 0xd7,
244 0x55, 0xa7, 0xab, 0x45, 0x02, 0x97, 0x60, 0x42,
248 * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS #8
251 static const unsigned char kExampleRSAKeyPKCS8[] = {
252 0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
253 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
254 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
255 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5,
256 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e,
257 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34,
258 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde,
259 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8,
260 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b,
261 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83,
262 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48,
263 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a,
264 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2,
265 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01,
266 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a,
267 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5,
268 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6,
269 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8,
270 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6,
271 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f,
272 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c,
273 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78,
274 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71,
275 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60,
276 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d,
277 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3,
278 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d,
279 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18,
280 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d,
281 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32,
282 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc,
283 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63,
284 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05,
285 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16,
286 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3,
287 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85,
288 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97,
289 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7,
290 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99,
291 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4,
292 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d,
293 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40,
294 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26,
295 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1,
296 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c,
297 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30,
298 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea,
299 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b,
300 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e,
301 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9,
302 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae,
303 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d,
304 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
307 #ifndef OPENSSL_NO_EC
309 * kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey
312 static const unsigned char kExampleECKeyDER[] = {
313 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x07, 0x0f, 0x08, 0x72, 0x7a,
314 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 0x4d, 0x89, 0x68, 0x77, 0x08,
315 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 0xe8, 0xd1, 0xc9, 0xce, 0x0a,
316 0x8b, 0xb4, 0x6a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
317 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69,
318 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c,
319 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9,
320 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18,
321 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16,
322 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22,
327 * kExampleBadECKeyDER is a sample EC private key encoded as an ECPrivateKey
328 * structure. The private key is equal to the order and will fail to import
330 static const unsigned char kExampleBadECKeyDER[] = {
331 0x30, 0x66, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48,
332 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03,
333 0x01, 0x07, 0x04, 0x4C, 0x30, 0x4A, 0x02, 0x01, 0x01, 0x04, 0x20, 0xFF,
334 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
335 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3,
336 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51, 0xA1, 0x23, 0x03, 0x21, 0x00,
337 0x00, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
338 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84,
339 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51
343 static const unsigned char kExampleECPubKeyDER[] = {
344 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
345 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
346 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
347 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
348 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
349 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
350 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
351 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
355 * kExampleBadECPubKeyDER is a sample EC public key with a wrong OID
356 * 1.2.840.10045.2.2 instead of 1.2.840.10045.2.1 - EC Public Key
358 static const unsigned char kExampleBadECPubKeyDER[] = {
359 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
360 0x02, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
361 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
362 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
363 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
364 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
365 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
366 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
369 static const unsigned char pExampleECParamDER[] = {
370 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07
374 typedef struct APK_DATA_st {
375 const unsigned char *kder;
381 int type; /* 0 for private, 1 for public, 2 for params */
384 static APK_DATA keydata[] = {
385 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), EVP_PKEY_RSA},
386 {kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), EVP_PKEY_RSA},
387 #ifndef OPENSSL_NO_EC
388 {kExampleECKeyDER, sizeof(kExampleECKeyDER), EVP_PKEY_EC}
392 static APK_DATA keycheckdata[] = {
393 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), EVP_PKEY_RSA, 1, -2, -2, 0},
394 {kExampleBadRSAKeyDER, sizeof(kExampleBadRSAKeyDER), EVP_PKEY_RSA,
396 #ifndef OPENSSL_NO_EC
397 {kExampleECKeyDER, sizeof(kExampleECKeyDER), EVP_PKEY_EC, 1, 1, 1, 0},
398 /* group is also associated in our pub key */
399 {kExampleECPubKeyDER, sizeof(kExampleECPubKeyDER), EVP_PKEY_EC, 0, 1, 1, 1},
400 {pExampleECParamDER, sizeof(pExampleECParamDER), EVP_PKEY_EC, 0, 0, 1, 2}
404 static EVP_PKEY *load_example_rsa_key(void)
406 EVP_PKEY *ret = NULL;
407 const unsigned char *derp = kExampleRSAKeyDER;
408 EVP_PKEY *pkey = NULL;
411 if (!TEST_true(d2i_RSAPrivateKey(&rsa, &derp, sizeof(kExampleRSAKeyDER))))
414 if (!TEST_ptr(pkey = EVP_PKEY_new())
415 || !TEST_true(EVP_PKEY_set1_RSA(pkey, rsa)))
428 #ifndef OPENSSL_NO_DSA
429 static EVP_PKEY *load_example_dsa_key(void)
431 EVP_PKEY *ret = NULL;
432 const unsigned char *derp = kExampleDSAKeyDER;
433 EVP_PKEY *pkey = NULL;
436 if (!TEST_true(d2i_DSAPrivateKey(&dsa, &derp, sizeof(kExampleDSAKeyDER))))
439 if (!TEST_ptr(pkey = EVP_PKEY_new())
440 || !TEST_true(EVP_PKEY_set1_DSA(pkey, dsa)))
454 static EVP_PKEY *load_example_hmac_key(void)
456 EVP_PKEY *pkey = NULL;
457 unsigned char key[] = {
458 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
459 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
460 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
463 pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, NULL, key, sizeof(key));
470 static int test_EVP_Enveloped(void)
473 EVP_CIPHER_CTX *ctx = NULL;
474 EVP_PKEY *keypair = NULL;
475 unsigned char *kek = NULL;
476 unsigned char iv[EVP_MAX_IV_LENGTH];
477 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8 };
478 int len, kek_len, ciphertext_len, plaintext_len;
479 unsigned char ciphertext[32], plaintext[16];
480 const EVP_CIPHER *type = EVP_aes_256_cbc();
482 if (!TEST_ptr(keypair = load_example_rsa_key())
483 || !TEST_ptr(kek = OPENSSL_zalloc(EVP_PKEY_size(keypair)))
484 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
485 || !TEST_true(EVP_SealInit(ctx, type, &kek, &kek_len, iv,
487 || !TEST_true(EVP_SealUpdate(ctx, ciphertext, &ciphertext_len,
489 || !TEST_true(EVP_SealFinal(ctx, ciphertext + ciphertext_len,
493 ciphertext_len += len;
495 if (!TEST_true(EVP_OpenInit(ctx, type, kek, kek_len, iv, keypair))
496 || !TEST_true(EVP_OpenUpdate(ctx, plaintext, &plaintext_len,
497 ciphertext, ciphertext_len))
498 || !TEST_true(EVP_OpenFinal(ctx, plaintext + plaintext_len, &len)))
501 plaintext_len += len;
502 if (!TEST_mem_eq(msg, sizeof(msg), plaintext, plaintext_len))
508 EVP_PKEY_free(keypair);
509 EVP_CIPHER_CTX_free(ctx);
514 * Test 0: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, RSA)
515 * Test 1: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, DSA)
516 * Test 2: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, HMAC)
517 * Test 3: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, RSA)
518 * Test 4: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, DSA)
519 * Test 5: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch diegst, HMAC)
520 * Test 6: Use an MD BIO to do the Update calls instead (RSA)
521 * Test 7: Use an MD BIO to do the Update calls instead (DSA)
522 * Test 8: Use an MD BIO to do the Update calls instead (HMAC)
524 static int test_EVP_DigestSignInit(int tst)
527 EVP_PKEY *pkey = NULL;
528 unsigned char *sig = NULL;
530 EVP_MD_CTX *md_ctx = NULL, *md_ctx_verify = NULL;
531 EVP_MD_CTX *a_md_ctx = NULL, *a_md_ctx_verify = NULL;
532 BIO *mdbio = NULL, *membio = NULL;
535 EVP_MD *mdexp = NULL;
538 membio = BIO_new(BIO_s_mem());
539 mdbio = BIO_new(BIO_f_md());
540 if (!TEST_ptr(membio) || !TEST_ptr(mdbio))
542 BIO_push(mdbio, membio);
543 if (!TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx), 0))
546 if (!TEST_ptr(a_md_ctx = md_ctx = EVP_MD_CTX_new())
547 || !TEST_ptr(a_md_ctx_verify = md_ctx_verify = EVP_MD_CTX_new()))
551 if (tst == 0 || tst == 3 || tst == 6) {
552 if (!TEST_ptr(pkey = load_example_rsa_key()))
554 } else if (tst == 1 || tst == 4 || tst == 7) {
555 #ifndef OPENSSL_NO_DSA
556 if (!TEST_ptr(pkey = load_example_dsa_key()))
563 if (!TEST_ptr(pkey = load_example_hmac_key()))
567 if (tst >= 3 && tst <= 5)
568 md = mdexp = EVP_MD_fetch(NULL, "SHA256", NULL);
572 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, md, NULL, pkey)))
576 if (!BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written))
579 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
583 /* Determine the size of the signature. */
584 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len))
585 || !TEST_ptr(sig = OPENSSL_malloc(sig_len))
586 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
590 if (!TEST_int_gt(BIO_reset(mdbio), 0)
591 || !TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx_verify), 0))
596 * Ensure that the signature round-trips (Verification isn't supported for
597 * HMAC via EVP_DigestVerify*)
599 if (tst != 2 && tst != 5 && tst != 8) {
600 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, md,
605 if (!TEST_true(BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written)))
608 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg,
612 if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)))
621 EVP_MD_CTX_free(a_md_ctx);
622 EVP_MD_CTX_free(a_md_ctx_verify);
630 static int test_EVP_DigestVerifyInit(void)
633 EVP_PKEY *pkey = NULL;
634 EVP_MD_CTX *md_ctx = NULL;
636 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new())
637 || !TEST_ptr(pkey = load_example_rsa_key()))
640 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, EVP_sha256(), NULL, pkey))
641 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)))
642 || !TEST_true(EVP_DigestVerifyFinal(md_ctx, kSignature,
643 sizeof(kSignature))))
648 EVP_MD_CTX_free(md_ctx);
653 static int test_d2i_AutoPrivateKey(int i)
656 const unsigned char *p;
657 EVP_PKEY *pkey = NULL;
658 const APK_DATA *ak = &keydata[i];
659 const unsigned char *input = ak->kder;
660 size_t input_len = ak->size;
661 int expected_id = ak->evptype;
664 if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len))
665 || !TEST_ptr_eq(p, input + input_len)
666 || !TEST_int_eq(EVP_PKEY_id(pkey), expected_id))
676 #ifndef OPENSSL_NO_EC
678 static const unsigned char ec_public_sect163k1_validxy[] = {
679 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
680 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
681 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
682 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x02, 0xd1, 0x7b,
683 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
684 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
687 static const unsigned char ec_public_sect163k1_badx[] = {
688 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
689 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
690 0x0a, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
691 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0xb0, 0x02, 0xd1, 0x7b,
692 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
693 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
696 static const unsigned char ec_public_sect163k1_bady[] = {
697 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
698 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
699 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
700 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x0a, 0xd1, 0x7b,
701 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
702 0x6a, 0xd8, 0x17, 0x65, 0x41, 0xe6
705 static struct ec_der_pub_keys_st {
706 const unsigned char *der;
709 } ec_der_pub_keys[] = {
710 { ec_public_sect163k1_validxy, sizeof(ec_public_sect163k1_validxy), 1 },
711 { ec_public_sect163k1_badx, sizeof(ec_public_sect163k1_badx), 0 },
712 { ec_public_sect163k1_bady, sizeof(ec_public_sect163k1_bady), 0 },
716 * Tests the range of the decoded EC char2 public point.
717 * See ec_GF2m_simple_oct2point().
719 static int test_invalide_ec_char2_pub_range_decode(int id)
723 EC_KEY *eckey = NULL;
725 if (!TEST_ptr(bio = BIO_new_mem_buf(ec_der_pub_keys[id].der,
726 ec_der_pub_keys[id].len)))
728 eckey = d2i_EC_PUBKEY_bio(bio, NULL);
729 ret = (ec_der_pub_keys[id].valid && TEST_ptr(eckey))
730 || TEST_ptr_null(eckey);
737 /* Tests loading a bad key in PKCS8 format */
738 static int test_EVP_PKCS82PKEY(void)
741 const unsigned char *derp = kExampleBadECKeyDER;
742 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
743 EVP_PKEY *pkey = NULL;
745 if (!TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &derp,
746 sizeof(kExampleBadECKeyDER))))
749 if (!TEST_ptr_eq(derp,
750 kExampleBadECKeyDER + sizeof(kExampleBadECKeyDER)))
753 if (!TEST_ptr_null(pkey = EVP_PKCS82PKEY(p8inf)))
759 PKCS8_PRIV_KEY_INFO_free(p8inf);
766 #if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODE)
768 static int test_EVP_SM2_verify(void)
770 /* From https://tools.ietf.org/html/draft-shen-sm2-ecdsa-02#appendix-A */
772 "-----BEGIN PUBLIC KEY-----\n"
773 "MIIBMzCB7AYHKoZIzj0CATCB4AIBATAsBgcqhkjOPQEBAiEAhULWnkwETxjouSQ1\n"
774 "v2/33kVyg5FcRVF9ci7biwjx38MwRAQgeHlotPoyw/0kF4Quc7v+/y88hItoMdfg\n"
775 "7GUiizk35JgEIGPkxtOyOwyEnPhCQUhL/kj2HVmlsWugbm4S0donxSSaBEEEQh3r\n"
776 "1hti6rZ0ZDTrw8wxXjIiCzut1QvcTE5sFH/t1D0GgFEry7QsB9RzSdIVO3DE5df9\n"
777 "/L+jbqGoWEG55G4JogIhAIVC1p5MBE8Y6LkkNb9v990pdyBjBIVijVrnTufDLnm3\n"
778 "AgEBA0IABArkx3mKoPEZRxvuEYJb5GICu3nipYRElel8BP9N8lSKfAJA+I8c1OFj\n"
779 "Uqc8F7fxbwc1PlOhdtaEqf4Ma7eY6Fc=\n"
780 "-----END PUBLIC KEY-----\n";
782 const char *msg = "message digest";
783 const char *id = "ALICE123@YAHOO.COM";
785 const uint8_t signature[] = {
786 0x30, 0x44, 0x02, 0x20,
788 0x40, 0xF1, 0xEC, 0x59, 0xF7, 0x93, 0xD9, 0xF4, 0x9E, 0x09, 0xDC,
789 0xEF, 0x49, 0x13, 0x0D, 0x41, 0x94, 0xF7, 0x9F, 0xB1, 0xEE, 0xD2,
790 0xCA, 0xA5, 0x5B, 0xAC, 0xDB, 0x49, 0xC4, 0xE7, 0x55, 0xD1,
794 0x6F, 0xC6, 0xDA, 0xC3, 0x2C, 0x5D, 0x5C, 0xF1, 0x0C, 0x77, 0xDF,
795 0xB2, 0x0F, 0x7C, 0x2E, 0xB6, 0x67, 0xA4, 0x57, 0x87, 0x2F, 0xB0,
796 0x9E, 0xC5, 0x63, 0x27, 0xA6, 0x7E, 0xC7, 0xDE, 0xEB, 0xE7
801 EVP_PKEY *pkey = NULL;
802 EVP_MD_CTX *mctx = NULL;
803 EVP_PKEY_CTX *pctx = NULL;
805 bio = BIO_new_mem_buf(pubkey, strlen(pubkey));
806 if (!TEST_true(bio != NULL))
809 pkey = PEM_read_bio_PUBKEY(bio, NULL, NULL, NULL);
810 if (!TEST_true(pkey != NULL))
813 if (!TEST_true(EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2)))
816 if (!TEST_ptr(mctx = EVP_MD_CTX_new()))
819 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new(pkey, NULL)))
822 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(pctx, (const uint8_t *)id,
826 EVP_MD_CTX_set_pkey_ctx(mctx, pctx);
828 if (!TEST_true(EVP_DigestVerifyInit(mctx, NULL, EVP_sm3(), NULL, pkey)))
831 if (!TEST_true(EVP_DigestVerifyUpdate(mctx, msg, strlen(msg))))
834 if (!TEST_true(EVP_DigestVerifyFinal(mctx, signature, sizeof(signature))))
841 EVP_PKEY_CTX_free(pctx);
842 EVP_MD_CTX_free(mctx);
846 static int test_EVP_SM2(void)
849 EVP_PKEY *pkey = NULL;
850 EVP_PKEY *params = NULL;
851 EVP_PKEY_CTX *pctx = NULL;
852 EVP_PKEY_CTX *kctx = NULL;
853 EVP_PKEY_CTX *sctx = NULL;
855 unsigned char *sig = NULL;
856 EVP_MD_CTX *md_ctx = NULL;
857 EVP_MD_CTX *md_ctx_verify = NULL;
858 EVP_PKEY_CTX *cctx = NULL;
860 uint8_t ciphertext[128];
861 size_t ctext_len = sizeof(ciphertext);
863 uint8_t plaintext[8];
864 size_t ptext_len = sizeof(plaintext);
866 uint8_t sm2_id[] = {1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r'};
868 pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
872 if (!TEST_true(EVP_PKEY_paramgen_init(pctx) == 1))
875 if (!TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, NID_sm2)))
878 if (!TEST_true(EVP_PKEY_paramgen(pctx, ¶ms)))
881 kctx = EVP_PKEY_CTX_new(params, NULL);
885 if (!TEST_true(EVP_PKEY_keygen_init(kctx)))
888 if (!TEST_true(EVP_PKEY_keygen(kctx, &pkey)))
891 if (!TEST_true(EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2)))
894 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
897 if (!TEST_ptr(md_ctx_verify = EVP_MD_CTX_new()))
900 if (!TEST_ptr(sctx = EVP_PKEY_CTX_new(pkey, NULL)))
903 EVP_MD_CTX_set_pkey_ctx(md_ctx, sctx);
904 EVP_MD_CTX_set_pkey_ctx(md_ctx_verify, sctx);
906 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
909 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, EVP_sm3(), NULL, pkey)))
912 if(!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
915 /* Determine the size of the signature. */
916 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len)))
919 if (!TEST_ptr(sig = OPENSSL_malloc(sig_len)))
922 if (!TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
925 /* Ensure that the signature round-trips. */
927 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, EVP_sm3(), NULL, pkey)))
930 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg))))
933 if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)))
936 /* now check encryption/decryption */
938 if (!TEST_ptr(cctx = EVP_PKEY_CTX_new(pkey, NULL)))
941 if (!TEST_true(EVP_PKEY_encrypt_init(cctx)))
944 if (!TEST_true(EVP_PKEY_encrypt(cctx, ciphertext, &ctext_len, kMsg, sizeof(kMsg))))
947 if (!TEST_true(EVP_PKEY_decrypt_init(cctx)))
950 if (!TEST_true(EVP_PKEY_decrypt(cctx, plaintext, &ptext_len, ciphertext, ctext_len)))
953 if (!TEST_true(ptext_len == sizeof(kMsg)))
956 if (!TEST_true(memcmp(plaintext, kMsg, sizeof(kMsg)) == 0))
961 EVP_PKEY_CTX_free(pctx);
962 EVP_PKEY_CTX_free(kctx);
963 EVP_PKEY_CTX_free(sctx);
964 EVP_PKEY_CTX_free(cctx);
966 EVP_PKEY_free(params);
967 EVP_MD_CTX_free(md_ctx);
968 EVP_MD_CTX_free(md_ctx_verify);
975 static struct keys_st {
981 EVP_PKEY_HMAC, "0123456789", NULL
983 EVP_PKEY_POLY1305, "01234567890123456789012345678901", NULL
985 EVP_PKEY_SIPHASH, "0123456789012345", NULL
987 #ifndef OPENSSL_NO_EC
989 EVP_PKEY_X25519, "01234567890123456789012345678901",
990 "abcdefghijklmnopqrstuvwxyzabcdef"
992 EVP_PKEY_ED25519, "01234567890123456789012345678901",
993 "abcdefghijklmnopqrstuvwxyzabcdef"
996 "01234567890123456789012345678901234567890123456789012345",
997 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd"
1000 "012345678901234567890123456789012345678901234567890123456",
1001 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcde"
1006 static int test_set_get_raw_keys_int(int tst, int pub)
1009 unsigned char buf[80];
1011 size_t inlen, len = 0;
1014 /* Check if this algorithm supports public keys */
1015 if (keys[tst].pub == NULL)
1018 memset(buf, 0, sizeof(buf));
1021 inlen = strlen(keys[tst].pub);
1022 in = (unsigned char *)keys[tst].pub;
1023 pkey = EVP_PKEY_new_raw_public_key(keys[tst].type,
1028 inlen = strlen(keys[tst].priv);
1029 in = (unsigned char *)keys[tst].priv;
1030 pkey = EVP_PKEY_new_raw_private_key(keys[tst].type,
1037 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, NULL, &len)))
1038 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, NULL, &len)))
1039 || !TEST_true(len == inlen)
1040 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, buf, &len)))
1041 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, buf, &len)))
1042 || !TEST_mem_eq(in, inlen, buf, len))
1047 EVP_PKEY_free(pkey);
1051 static int test_set_get_raw_keys(int tst)
1053 return test_set_get_raw_keys_int(tst, 0)
1054 && test_set_get_raw_keys_int(tst, 1);
1057 static int pkey_custom_check(EVP_PKEY *pkey)
1062 static int pkey_custom_pub_check(EVP_PKEY *pkey)
1067 static int pkey_custom_param_check(EVP_PKEY *pkey)
1072 static EVP_PKEY_METHOD *custom_pmeth;
1074 static int test_EVP_PKEY_check(int i)
1077 const unsigned char *p;
1078 EVP_PKEY *pkey = NULL;
1079 #ifndef OPENSSL_NO_EC
1080 EC_KEY *eckey = NULL;
1082 EVP_PKEY_CTX *ctx = NULL;
1083 EVP_PKEY_CTX *ctx2 = NULL;
1084 const APK_DATA *ak = &keycheckdata[i];
1085 const unsigned char *input = ak->kder;
1086 size_t input_len = ak->size;
1087 int expected_id = ak->evptype;
1088 int expected_check = ak->check;
1089 int expected_pub_check = ak->pub_check;
1090 int expected_param_check = ak->param_check;
1091 int type = ak->type;
1098 if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len))
1099 || !TEST_ptr_eq(p, input + input_len)
1100 || !TEST_int_eq(EVP_PKEY_id(pkey), expected_id))
1103 #ifndef OPENSSL_NO_EC
1105 if (!TEST_ptr(pubkey = BIO_new_mem_buf(input, input_len))
1106 || !TEST_ptr(eckey = d2i_EC_PUBKEY_bio(pubkey, NULL))
1107 || !TEST_ptr(pkey = EVP_PKEY_new())
1108 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
1112 if (!TEST_ptr(eckey = d2i_ECParameters(NULL, &p, input_len))
1113 || !TEST_ptr_eq(p, input + input_len)
1114 || !TEST_ptr(pkey = EVP_PKEY_new())
1115 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
1123 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new(pkey, NULL)))
1126 if (!TEST_int_eq(EVP_PKEY_check(ctx), expected_check))
1129 if (!TEST_int_eq(EVP_PKEY_public_check(ctx), expected_pub_check))
1132 if (!TEST_int_eq(EVP_PKEY_param_check(ctx), expected_param_check))
1135 ctx2 = EVP_PKEY_CTX_new_id(0xdefaced, NULL);
1136 /* assign the pkey directly, as an internal test */
1137 EVP_PKEY_up_ref(pkey);
1140 if (!TEST_int_eq(EVP_PKEY_check(ctx2), 0xbeef))
1143 if (!TEST_int_eq(EVP_PKEY_public_check(ctx2), 0xbeef))
1146 if (!TEST_int_eq(EVP_PKEY_param_check(ctx2), 0xbeef))
1152 EVP_PKEY_CTX_free(ctx);
1153 EVP_PKEY_CTX_free(ctx2);
1154 EVP_PKEY_free(pkey);
1159 static int test_HKDF(void)
1162 unsigned char out[20];
1165 unsigned char salt[] = "0123456789";
1166 unsigned char key[] = "012345678901234567890123456789";
1167 unsigned char info[] = "infostring";
1168 const unsigned char expected[] = {
1169 0xe5, 0x07, 0x70, 0x7f, 0xc6, 0x78, 0xd6, 0x54, 0x32, 0x5f, 0x7e, 0xc5,
1170 0x7b, 0x59, 0x3e, 0xd8, 0x03, 0x6b, 0xed, 0xca
1172 size_t expectedlen = sizeof(expected);
1174 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL)))
1177 /* We do this twice to test reuse of the EVP_PKEY_CTX */
1178 for (i = 0; i < 2; i++) {
1179 outlen = sizeof(out);
1180 memset(out, 0, outlen);
1182 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
1183 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
1184 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
1185 sizeof(salt) - 1), 0)
1186 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
1187 sizeof(key) - 1), 0)
1188 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
1189 sizeof(info) - 1), 0)
1190 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
1191 || !TEST_mem_eq(out, outlen, expected, expectedlen))
1198 EVP_PKEY_CTX_free(pctx);
1203 #ifndef OPENSSL_NO_EC
1204 static int test_X509_PUBKEY_inplace(void)
1207 X509_PUBKEY *xp = NULL;
1208 const unsigned char *p = kExampleECPubKeyDER;
1209 size_t input_len = sizeof(kExampleECPubKeyDER);
1211 if (!TEST_ptr(xp = d2i_X509_PUBKEY(NULL, &p, input_len)))
1214 if (!TEST_ptr(X509_PUBKEY_get0(xp)))
1217 p = kExampleBadECPubKeyDER;
1218 input_len = sizeof(kExampleBadECPubKeyDER);
1220 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len)))
1223 if (!TEST_true(X509_PUBKEY_get0(xp) == NULL))
1229 X509_PUBKEY_free(xp);
1232 #endif /* OPENSSL_NO_EC */
1234 #ifndef OPENSSL_NO_DSA
1235 /* Test getting and setting parameters on an EVP_PKEY_CTX */
1236 static int test_EVP_PKEY_CTX_get_set_params(void)
1238 EVP_MD_CTX *mdctx = NULL;
1239 EVP_PKEY_CTX *ctx = NULL;
1240 EVP_SIGNATURE *dsaimpl = NULL;
1241 const OSSL_PARAM *params;
1242 OSSL_PARAM ourparams[2], *param = ourparams;
1244 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
1245 EVP_PKEY *pkey = NULL;
1248 size_t mdsize = SHA512_DIGEST_LENGTH;
1252 * Setup the parameters for our DSA object. For our purposes they don't
1253 * have to actually be *valid* parameters. We just need to set something.
1266 || !DSA_set0_pqg(dsa, p, q, g)
1267 || !DSA_set0_key(dsa, pub, priv))
1269 p = q = g = pub = priv = NULL;
1271 pkey = EVP_PKEY_new();
1273 || !TEST_true(EVP_PKEY_assign_DSA(pkey, dsa)))
1278 /* Initialise a sign operation */
1279 ctx = EVP_PKEY_CTX_new(pkey, NULL);
1281 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0))
1285 * We should be able to query the parameters now. The default DSA
1286 * implementation supports exactly one parameter - so we expect to see that
1287 * returned and no more.
1289 params = EVP_PKEY_CTX_settable_params(ctx);
1290 if (!TEST_ptr(params)
1291 || !TEST_ptr(OSSL_PARAM_locate_const(params,
1292 OSSL_SIGNATURE_PARAM_DIGEST_SIZE))
1293 || !TEST_ptr(OSSL_PARAM_locate_const(params,
1294 OSSL_SIGNATURE_PARAM_DIGEST)))
1297 params = EVP_PKEY_CTX_gettable_params(ctx);
1298 if (!TEST_ptr(params)
1299 || !TEST_ptr(OSSL_PARAM_locate_const(params,
1300 OSSL_SIGNATURE_PARAM_ALGORITHM_ID))
1301 || !TEST_ptr(OSSL_PARAM_locate_const(params,
1302 OSSL_SIGNATURE_PARAM_DIGEST_SIZE))
1303 || !TEST_ptr(OSSL_PARAM_locate_const(params,
1304 OSSL_SIGNATURE_PARAM_DIGEST)))
1308 * Test getting and setting params via EVP_PKEY_CTX_set_params() and
1309 * EVP_PKEY_CTX_get_params()
1311 *param++ = OSSL_PARAM_construct_size_t(OSSL_SIGNATURE_PARAM_DIGEST_SIZE,
1313 *param++ = OSSL_PARAM_construct_end();
1315 if (!TEST_true(EVP_PKEY_CTX_set_params(ctx, ourparams)))
1319 if (!TEST_true(EVP_PKEY_CTX_get_params(ctx, ourparams))
1320 || !TEST_size_t_eq(mdsize, SHA512_DIGEST_LENGTH))
1324 * Test the TEST_PKEY_CTX_set_signature_md() and
1325 * TEST_PKEY_CTX_get_signature_md() functions
1327 if (!TEST_int_gt(EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()), 0)
1328 || !TEST_int_gt(EVP_PKEY_CTX_get_signature_md(ctx, &md), 0)
1329 || !TEST_ptr_eq(md, EVP_sha256()))
1333 * Test getting MD parameters via an associated EVP_PKEY_CTX
1335 mdctx = EVP_MD_CTX_new();
1336 if (!TEST_ptr(mdctx)
1337 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, "SHA1", NULL, pkey)))
1341 * We now have an EVP_MD_CTX with an EVP_PKEY_CTX inside it. We should be
1342 * able to obtain the digest's settable parameters from the provider.
1344 params = EVP_MD_CTX_settable_params(mdctx);
1345 if (!TEST_ptr(params)
1346 || !TEST_int_eq(strcmp(params[0].key, OSSL_DIGEST_PARAM_SSL3_MS), 0)
1347 /* The final key should be NULL */
1348 || !TEST_ptr_null(params[1].key))
1352 memset(ssl3ms, 0, sizeof(ssl3ms));
1353 *param++ = OSSL_PARAM_construct_octet_string(OSSL_DIGEST_PARAM_SSL3_MS,
1354 ssl3ms, sizeof(ssl3ms));
1355 *param++ = OSSL_PARAM_construct_end();
1357 if (!TEST_true(EVP_MD_CTX_set_params(mdctx, ourparams)))
1363 EVP_MD_CTX_free(mdctx);
1364 EVP_PKEY_CTX_free(ctx);
1365 EVP_SIGNATURE_free(dsaimpl);
1366 EVP_PKEY_free(pkey);
1378 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
1379 static int test_decrypt_null_chunks(void)
1381 EVP_CIPHER_CTX* ctx = NULL;
1382 const unsigned char key[32] = {
1383 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
1384 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
1385 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1
1387 unsigned char iv[12] = {
1388 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b
1390 unsigned char msg[] = "It was the best of times, it was the worst of times";
1391 unsigned char ciphertext[80];
1392 unsigned char plaintext[80];
1393 /* We initialise tmp to a non zero value on purpose */
1394 int ctlen, ptlen, tmp = 99;
1396 const int enc_offset = 10, dec_offset = 20;
1398 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
1399 || !TEST_true(EVP_EncryptInit_ex(ctx, EVP_chacha20_poly1305(), NULL,
1401 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &ctlen, msg,
1403 /* Deliberate add a zero length update */
1404 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp, NULL,
1406 || !TEST_int_eq(tmp, 0)
1407 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp,
1409 sizeof(msg) - enc_offset))
1410 || !TEST_int_eq(ctlen += tmp, sizeof(msg))
1411 || !TEST_true(EVP_EncryptFinal(ctx, ciphertext + ctlen, &tmp))
1412 || !TEST_int_eq(tmp, 0))
1415 /* Deliberately initialise tmp to a non zero value */
1417 if (!TEST_true(EVP_DecryptInit_ex(ctx, EVP_chacha20_poly1305(), NULL, key,
1419 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext, &ptlen, ciphertext,
1422 * Deliberately add a zero length update. We also deliberately do
1423 * this at a different offset than for encryption.
1425 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp, NULL,
1427 || !TEST_int_eq(tmp, 0)
1428 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp,
1429 ciphertext + dec_offset,
1430 ctlen - dec_offset))
1431 || !TEST_int_eq(ptlen += tmp, sizeof(msg))
1432 || !TEST_true(EVP_DecryptFinal(ctx, plaintext + ptlen, &tmp))
1433 || !TEST_int_eq(tmp, 0)
1434 || !TEST_mem_eq(msg, sizeof(msg), plaintext, ptlen))
1439 EVP_CIPHER_CTX_free(ctx);
1442 #endif /* !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) */
1444 #ifndef OPENSSL_NO_DH
1445 static int test_EVP_PKEY_set1_DH(void)
1447 DH *x942dh = NULL, *noqdh = NULL;
1448 EVP_PKEY *pkey1 = NULL, *pkey2 = NULL;
1450 BIGNUM *p, *g = NULL;
1452 if (!TEST_ptr(p = BN_new())
1453 || !TEST_ptr(g = BN_new())
1454 || !BN_set_word(p, 9999)
1455 || !BN_set_word(g, 2)
1456 || !TEST_ptr(noqdh = DH_new())
1457 || !DH_set0_pqg(noqdh, p, NULL, g))
1461 x942dh = DH_get_2048_256();
1462 pkey1 = EVP_PKEY_new();
1463 pkey2 = EVP_PKEY_new();
1464 if (!TEST_ptr(x942dh)
1467 || !TEST_ptr(pkey2))
1470 if(!TEST_true(EVP_PKEY_set1_DH(pkey1, x942dh))
1471 || !TEST_int_eq(EVP_PKEY_id(pkey1), EVP_PKEY_DHX))
1474 if(!TEST_true(EVP_PKEY_set1_DH(pkey2, noqdh))
1475 || !TEST_int_eq(EVP_PKEY_id(pkey2), EVP_PKEY_DH))
1482 EVP_PKEY_free(pkey1);
1483 EVP_PKEY_free(pkey2);
1491 int setup_tests(void)
1493 ADD_ALL_TESTS(test_EVP_DigestSignInit, 9);
1494 ADD_TEST(test_EVP_DigestVerifyInit);
1495 ADD_TEST(test_EVP_Enveloped);
1496 ADD_ALL_TESTS(test_d2i_AutoPrivateKey, OSSL_NELEM(keydata));
1497 #ifndef OPENSSL_NO_EC
1498 ADD_TEST(test_EVP_PKCS82PKEY);
1500 #if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODE)
1501 ADD_TEST(test_EVP_SM2);
1502 ADD_TEST(test_EVP_SM2_verify);
1504 ADD_ALL_TESTS(test_set_get_raw_keys, OSSL_NELEM(keys));
1505 custom_pmeth = EVP_PKEY_meth_new(0xdefaced, 0);
1506 if (!TEST_ptr(custom_pmeth))
1508 EVP_PKEY_meth_set_check(custom_pmeth, pkey_custom_check);
1509 EVP_PKEY_meth_set_public_check(custom_pmeth, pkey_custom_pub_check);
1510 EVP_PKEY_meth_set_param_check(custom_pmeth, pkey_custom_param_check);
1511 if (!TEST_int_eq(EVP_PKEY_meth_add0(custom_pmeth), 1))
1513 ADD_ALL_TESTS(test_EVP_PKEY_check, OSSL_NELEM(keycheckdata));
1514 ADD_TEST(test_HKDF);
1515 #ifndef OPENSSL_NO_EC
1516 ADD_TEST(test_X509_PUBKEY_inplace);
1517 ADD_ALL_TESTS(test_invalide_ec_char2_pub_range_decode,
1518 OSSL_NELEM(ec_der_pub_keys));
1520 #ifndef OPENSSL_NO_DSA
1521 ADD_TEST(test_EVP_PKEY_CTX_get_set_params);
1523 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
1524 ADD_TEST(test_decrypt_null_chunks);
1526 #ifndef OPENSSL_NO_DH
1527 ADD_TEST(test_EVP_PKEY_set1_DH);