2 * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
13 #include <openssl/bio.h>
14 #include <openssl/conf.h>
15 #include <openssl/crypto.h>
16 #include <openssl/err.h>
17 #include <openssl/evp.h>
18 #include <openssl/rsa.h>
19 #include <openssl/x509.h>
20 #include <openssl/pem.h>
21 #include <openssl/kdf.h>
22 #include <openssl/provider.h>
23 #include <openssl/core_names.h>
24 #include <openssl/dsa.h>
25 #include <openssl/dh.h>
27 #include "internal/nelem.h"
28 #include "internal/sizes.h"
29 #include "crypto/evp.h"
32 * kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you
33 * should never use this key anywhere but in an example.
35 static const unsigned char kExampleRSAKeyDER[] = {
36 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xf8,
37 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59,
38 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37,
39 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71,
40 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a,
41 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4,
42 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec,
43 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76,
44 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8,
45 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7,
46 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c,
47 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01,
48 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 0x6d, 0xc7,
49 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 0x32, 0x85,
50 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 0x5f, 0xee,
51 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 0x66, 0x85,
52 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 0xa4, 0x0a,
53 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 0xc2, 0x15,
54 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 0x5b, 0x83,
55 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 0x80, 0x1b,
56 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 0x99, 0x73,
57 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 0x1f, 0x99,
58 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 0xb1, 0x02,
59 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 0x40, 0x41,
60 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 0x3d, 0x59,
61 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 0xc6, 0xd9,
62 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 0x9f, 0xef,
63 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 0x46, 0x87,
64 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 0x2c, 0xdf,
65 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 0x55, 0xf5,
66 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 0xcd, 0xb5,
67 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 0xb3, 0x62,
68 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 0x9b, 0x64,
69 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 0xfa, 0xb8,
70 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 0xe8, 0xba,
71 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 0xe7, 0xfe,
72 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 0x75, 0xe7,
73 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 0x9d, 0xfe,
74 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 0xf1, 0xdb,
75 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 0x5a, 0x34,
76 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 0x84, 0x27,
77 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 0xe9, 0xc0,
78 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 0xb9, 0xba,
79 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 0x10, 0x06,
80 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 0x52, 0x2c,
81 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 0xc4, 0x1e,
82 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 0x49, 0xaf,
83 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 0xd1, 0x8a,
84 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 0x17, 0x17,
85 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 0x08, 0xf1,
86 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
90 * kExampleDSAKeyDER is a DSA private key in ASN.1, DER format. Of course, you
91 * should never use this key anywhere but in an example.
93 #ifndef OPENSSL_NO_DSA
94 static const unsigned char kExampleDSAKeyDER[] = {
95 0x30, 0x82, 0x01, 0xba, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0x9a,
96 0x05, 0x6d, 0x33, 0xcd, 0x5d, 0x78, 0xa1, 0xbb, 0xcb, 0x7d, 0x5b, 0x8d,
97 0xb4, 0xcc, 0xbf, 0x03, 0x99, 0x64, 0xde, 0x38, 0x78, 0x06, 0x15, 0x2f,
98 0x86, 0x26, 0x77, 0xf3, 0xb1, 0x85, 0x00, 0xed, 0xfc, 0x28, 0x3a, 0x42,
99 0x4d, 0xab, 0xab, 0xdf, 0xbc, 0x9c, 0x16, 0xd0, 0x22, 0x50, 0xd1, 0x38,
100 0xdd, 0x3f, 0x64, 0x05, 0x9e, 0x68, 0x7a, 0x1e, 0xf1, 0x56, 0xbf, 0x1e,
101 0x2c, 0xc5, 0x97, 0x2a, 0xfe, 0x7a, 0x22, 0xdc, 0x6c, 0x68, 0xb8, 0x2e,
102 0x06, 0xdb, 0x41, 0xca, 0x98, 0xd8, 0x54, 0xc7, 0x64, 0x48, 0x24, 0x04,
103 0x20, 0xbc, 0x59, 0xe3, 0x6b, 0xea, 0x7e, 0xfc, 0x7e, 0xc5, 0x4e, 0xd4,
104 0xd8, 0x3a, 0xed, 0xcd, 0x5d, 0x99, 0xb8, 0x5c, 0xa2, 0x8b, 0xbb, 0x0b,
105 0xac, 0xe6, 0x8e, 0x25, 0x56, 0x22, 0x3a, 0x2d, 0x3a, 0x56, 0x41, 0x14,
106 0x1f, 0x1c, 0x8f, 0x53, 0x46, 0x13, 0x85, 0x02, 0x15, 0x00, 0x98, 0x7e,
107 0x92, 0x81, 0x88, 0xc7, 0x3f, 0x70, 0x49, 0x54, 0xf6, 0x76, 0xb4, 0xa3,
108 0x9e, 0x1d, 0x45, 0x98, 0x32, 0x7f, 0x02, 0x81, 0x80, 0x69, 0x4d, 0xef,
109 0x55, 0xff, 0x4d, 0x59, 0x2c, 0x01, 0xfa, 0x6a, 0x38, 0xe0, 0x70, 0x9f,
110 0x9e, 0x66, 0x8e, 0x3e, 0x8c, 0x52, 0x22, 0x9d, 0x15, 0x7e, 0x3c, 0xef,
111 0x4c, 0x7a, 0x61, 0x26, 0xe0, 0x2b, 0x81, 0x3f, 0xeb, 0xaf, 0x35, 0x38,
112 0x8d, 0xfe, 0xed, 0x46, 0xff, 0x5f, 0x03, 0x9b, 0x81, 0x92, 0xe7, 0x6f,
113 0x76, 0x4f, 0x1d, 0xd9, 0xbb, 0x89, 0xc9, 0x3e, 0xd9, 0x0b, 0xf9, 0xf4,
114 0x78, 0x11, 0x59, 0xc0, 0x1d, 0xcd, 0x0e, 0xa1, 0x6f, 0x15, 0xf1, 0x4d,
115 0xc1, 0xc9, 0x22, 0xed, 0x8d, 0xad, 0x67, 0xc5, 0x4b, 0x95, 0x93, 0x86,
116 0xa6, 0xaf, 0x8a, 0xee, 0x06, 0x89, 0x2f, 0x37, 0x7e, 0x64, 0xaa, 0xf6,
117 0xe7, 0xb1, 0x5a, 0x0a, 0x93, 0x95, 0x5d, 0x3e, 0x53, 0x9a, 0xde, 0x8a,
118 0xc2, 0x95, 0x45, 0x81, 0xbe, 0x5c, 0x2f, 0xc2, 0xb2, 0x92, 0x58, 0x19,
119 0x72, 0x80, 0xe9, 0x79, 0xa1, 0x02, 0x81, 0x80, 0x07, 0xd7, 0x62, 0xff,
120 0xdf, 0x1a, 0x3f, 0xed, 0x32, 0xd4, 0xd4, 0x88, 0x7b, 0x2c, 0x63, 0x7f,
121 0x97, 0xdc, 0x44, 0xd4, 0x84, 0xa2, 0xdd, 0x17, 0x16, 0x85, 0x13, 0xe0,
122 0xac, 0x51, 0x8d, 0x29, 0x1b, 0x75, 0x9a, 0xe4, 0xe3, 0x8a, 0x92, 0x69,
123 0x09, 0x03, 0xc5, 0x68, 0xae, 0x5e, 0x94, 0xfe, 0xc9, 0x92, 0x6c, 0x07,
124 0xb4, 0x1e, 0x64, 0x62, 0x87, 0xc6, 0xa4, 0xfd, 0x0d, 0x5f, 0xe5, 0xf9,
125 0x1b, 0x4f, 0x85, 0x5f, 0xae, 0xf3, 0x11, 0xe5, 0x18, 0xd4, 0x4d, 0x79,
126 0x9f, 0xc4, 0x79, 0x26, 0x04, 0x27, 0xf0, 0x0b, 0xee, 0x2b, 0x86, 0x9f,
127 0x86, 0x61, 0xe6, 0x51, 0xce, 0x04, 0x9b, 0x5d, 0x6b, 0x34, 0x43, 0x8c,
128 0x85, 0x3c, 0xf1, 0x51, 0x9b, 0x08, 0x23, 0x1b, 0xf5, 0x7e, 0x33, 0x12,
129 0xea, 0xab, 0x1f, 0xb7, 0x2d, 0xe2, 0x5f, 0xe6, 0x97, 0x99, 0xb5, 0x45,
130 0x16, 0x5b, 0xc3, 0x41, 0x02, 0x14, 0x61, 0xbf, 0x51, 0x60, 0xcf, 0xc8,
131 0xf1, 0x8c, 0x82, 0x97, 0xf2, 0xf4, 0x19, 0xba, 0x2b, 0xf3, 0x16, 0xbe,
137 * kExampleBadRSAKeyDER is an RSA private key in ASN.1, DER format. The private
138 * components are not correct.
140 static const unsigned char kExampleBadRSAKeyDER[] = {
141 0x30, 0x82, 0x04, 0x27, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00,
142 0xa6, 0x1a, 0x1e, 0x6e, 0x7b, 0xee, 0xc6, 0x89, 0x66, 0xe7, 0x93, 0xef,
143 0x54, 0x12, 0x68, 0xea, 0xbf, 0x86, 0x2f, 0xdd, 0xd2, 0x79, 0xb8, 0xa9,
144 0x6e, 0x03, 0xc2, 0xa3, 0xb9, 0xa3, 0xe1, 0x4b, 0x2a, 0xb3, 0xf8, 0xb4,
145 0xcd, 0xea, 0xbe, 0x24, 0xa6, 0x57, 0x5b, 0x83, 0x1f, 0x0f, 0xf2, 0xd3,
146 0xb7, 0xac, 0x7e, 0xd6, 0x8e, 0x6e, 0x1e, 0xbf, 0xb8, 0x73, 0x8c, 0x05,
147 0x56, 0xe6, 0x35, 0x1f, 0xe9, 0x04, 0x0b, 0x09, 0x86, 0x7d, 0xf1, 0x26,
148 0x08, 0x99, 0xad, 0x7b, 0xc8, 0x4d, 0x94, 0xb0, 0x0b, 0x8b, 0x38, 0xa0,
149 0x5c, 0x62, 0xa0, 0xab, 0xd3, 0x8f, 0xd4, 0x09, 0x60, 0x72, 0x1e, 0x33,
150 0x50, 0x80, 0x6e, 0x22, 0xa6, 0x77, 0x57, 0x6b, 0x9a, 0x33, 0x21, 0x66,
151 0x87, 0x6e, 0x21, 0x7b, 0xc7, 0x24, 0x0e, 0xd8, 0x13, 0xdf, 0x83, 0xde,
152 0xcd, 0x40, 0x58, 0x1d, 0x84, 0x86, 0xeb, 0xb8, 0x12, 0x4e, 0xd2, 0xfa,
153 0x80, 0x1f, 0xe4, 0xe7, 0x96, 0x29, 0xb8, 0xcc, 0xce, 0x66, 0x6d, 0x53,
154 0xca, 0xb9, 0x5a, 0xd7, 0xf6, 0x84, 0x6c, 0x2d, 0x9a, 0x1a, 0x14, 0x1c,
155 0x4e, 0x93, 0x39, 0xba, 0x74, 0xed, 0xed, 0x87, 0x87, 0x5e, 0x48, 0x75,
156 0x36, 0xf0, 0xbc, 0x34, 0xfb, 0x29, 0xf9, 0x9f, 0x96, 0x5b, 0x0b, 0xa7,
157 0x54, 0x30, 0x51, 0x29, 0x18, 0x5b, 0x7d, 0xac, 0x0f, 0xd6, 0x5f, 0x7c,
158 0xf8, 0x98, 0x8c, 0xd8, 0x86, 0x62, 0xb3, 0xdc, 0xff, 0x0f, 0xff, 0x7a,
159 0xaf, 0x5c, 0x4c, 0x61, 0x49, 0x2e, 0xc8, 0x95, 0x86, 0xc4, 0x0e, 0x87,
160 0xfc, 0x1d, 0xcf, 0x8b, 0x7c, 0x61, 0xf6, 0xd8, 0xd0, 0x69, 0xf6, 0xcd,
161 0x8a, 0x8c, 0xf6, 0x62, 0xa2, 0x56, 0xa9, 0xe3, 0xd1, 0xcf, 0x4d, 0xa0,
162 0xf6, 0x2d, 0x20, 0x0a, 0x04, 0xb7, 0xa2, 0xf7, 0xb5, 0x99, 0x47, 0x18,
163 0x56, 0x85, 0x87, 0xc7, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01,
164 0x01, 0x00, 0x99, 0x41, 0x38, 0x1a, 0xd0, 0x96, 0x7a, 0xf0, 0x83, 0xd5,
165 0xdf, 0x94, 0xce, 0x89, 0x3d, 0xec, 0x7a, 0x52, 0x21, 0x10, 0x16, 0x06,
166 0xe0, 0xee, 0xd2, 0xe6, 0xfd, 0x4b, 0x7b, 0x19, 0x4d, 0xe1, 0xc0, 0xc0,
167 0xd5, 0x14, 0x5d, 0x79, 0xdd, 0x7e, 0x8b, 0x4b, 0xc6, 0xcf, 0xb0, 0x75,
168 0x52, 0xa3, 0x2d, 0xb1, 0x26, 0x46, 0x68, 0x9c, 0x0a, 0x1a, 0xf2, 0xe1,
169 0x09, 0xac, 0x53, 0x85, 0x8c, 0x36, 0xa9, 0x14, 0x65, 0xea, 0xa0, 0x00,
170 0xcb, 0xe3, 0x3f, 0xc4, 0x2b, 0x61, 0x2e, 0x6b, 0x06, 0x69, 0x77, 0xfd,
171 0x38, 0x7e, 0x1d, 0x3f, 0x92, 0xe7, 0x77, 0x08, 0x19, 0xa7, 0x9d, 0x29,
172 0x2d, 0xdc, 0x42, 0xc6, 0x7c, 0xd7, 0xd3, 0xa8, 0x01, 0x2c, 0xf2, 0xd5,
173 0x82, 0x57, 0xcb, 0x55, 0x3d, 0xe7, 0xaa, 0xd2, 0x06, 0x30, 0x30, 0x05,
174 0xe6, 0xf2, 0x47, 0x86, 0xba, 0xc6, 0x61, 0x64, 0xeb, 0x4f, 0x2a, 0x5e,
175 0x07, 0x29, 0xe0, 0x96, 0xb2, 0x43, 0xff, 0x5f, 0x1a, 0x54, 0x16, 0xcf,
176 0xb5, 0x56, 0x5c, 0xa0, 0x9b, 0x0c, 0xfd, 0xb3, 0xd2, 0xe3, 0x79, 0x1d,
177 0x21, 0xe2, 0xd6, 0x13, 0xc4, 0x74, 0xa6, 0xf5, 0x8e, 0x8e, 0x81, 0xbb,
178 0xb4, 0xad, 0x8a, 0xf0, 0x93, 0x0a, 0xd8, 0x0a, 0x42, 0x36, 0xbc, 0xe5,
179 0x26, 0x2a, 0x0d, 0x5d, 0x57, 0x13, 0xc5, 0x4e, 0x2f, 0x12, 0x0e, 0xef,
180 0xa7, 0x81, 0x1e, 0xc3, 0xa5, 0xdb, 0xc9, 0x24, 0xeb, 0x1a, 0xa1, 0xf9,
181 0xf6, 0xa1, 0x78, 0x98, 0x93, 0x77, 0x42, 0x45, 0x03, 0xe2, 0xc9, 0xa2,
182 0xfe, 0x2d, 0x77, 0xc8, 0xc6, 0xac, 0x9b, 0x98, 0x89, 0x6d, 0x9a, 0xe7,
183 0x61, 0x63, 0xb7, 0xf2, 0xec, 0xd6, 0xb1, 0xa1, 0x6e, 0x0a, 0x1a, 0xff,
184 0xfd, 0x43, 0x28, 0xc3, 0x0c, 0xdc, 0xf2, 0x47, 0x4f, 0x27, 0xaa, 0x99,
185 0x04, 0x8e, 0xac, 0xe8, 0x7c, 0x01, 0x02, 0x04, 0x12, 0x34, 0x56, 0x78,
186 0x02, 0x81, 0x81, 0x00, 0xca, 0x69, 0xe5, 0xbb, 0x3a, 0x90, 0x82, 0xcb,
187 0x82, 0x50, 0x2f, 0x29, 0xe2, 0x76, 0x6a, 0x57, 0x55, 0x45, 0x4e, 0x35,
188 0x18, 0x61, 0xe0, 0x12, 0x70, 0xc0, 0xab, 0xc7, 0x80, 0xa2, 0xd4, 0x46,
189 0x34, 0x03, 0xa0, 0x19, 0x26, 0x23, 0x9e, 0xef, 0x1a, 0xcb, 0x75, 0xd6,
190 0xba, 0x81, 0xf4, 0x7e, 0x52, 0xe5, 0x2a, 0xe8, 0xf1, 0x49, 0x6c, 0x0f,
191 0x1a, 0xa0, 0xf9, 0xc6, 0xe7, 0xec, 0x60, 0xe4, 0xcb, 0x2a, 0xb5, 0x56,
192 0xe9, 0x9c, 0xcd, 0x19, 0x75, 0x92, 0xb1, 0x66, 0xce, 0xc3, 0xd9, 0x3d,
193 0x11, 0xcb, 0xc4, 0x09, 0xce, 0x1e, 0x30, 0xba, 0x2f, 0x60, 0x60, 0x55,
194 0x8d, 0x02, 0xdc, 0x5d, 0xaf, 0xf7, 0x52, 0x31, 0x17, 0x07, 0x53, 0x20,
195 0x33, 0xad, 0x8c, 0xd5, 0x2f, 0x5a, 0xd0, 0x57, 0xd7, 0xd1, 0x80, 0xd6,
196 0x3a, 0x9b, 0x04, 0x4f, 0x35, 0xbf, 0xe7, 0xd5, 0xbc, 0x8f, 0xd4, 0x81,
197 0x02, 0x81, 0x81, 0x00, 0xc0, 0x9f, 0xf8, 0xcd, 0xf7, 0x3f, 0x26, 0x8a,
198 0x3d, 0x4d, 0x2b, 0x0c, 0x01, 0xd0, 0xa2, 0xb4, 0x18, 0xfe, 0xf7, 0x5e,
199 0x2f, 0x06, 0x13, 0xcd, 0x63, 0xaa, 0x12, 0xa9, 0x24, 0x86, 0xe3, 0xf3,
200 0x7b, 0xda, 0x1a, 0x3c, 0xb1, 0x38, 0x80, 0x80, 0xef, 0x64, 0x64, 0xa1,
201 0x9b, 0xfe, 0x76, 0x63, 0x8e, 0x83, 0xd2, 0xd9, 0xb9, 0x86, 0xb0, 0xe6,
202 0xa6, 0x0c, 0x7e, 0xa8, 0x84, 0x90, 0x98, 0x0c, 0x1e, 0xf3, 0x14, 0x77,
203 0xe0, 0x5f, 0x81, 0x08, 0x11, 0x8f, 0xa6, 0x23, 0xc4, 0xba, 0xc0, 0x8a,
204 0xe4, 0xc6, 0xe3, 0x5c, 0xbe, 0xc5, 0xec, 0x2c, 0xb9, 0xd8, 0x8c, 0x4d,
205 0x1a, 0x9d, 0xe7, 0x7c, 0x85, 0x4c, 0x0d, 0x71, 0x4e, 0x72, 0x33, 0x1b,
206 0xfe, 0xa9, 0x17, 0x72, 0x76, 0x56, 0x9d, 0x74, 0x7e, 0x52, 0x67, 0x9a,
207 0x87, 0x9a, 0xdb, 0x30, 0xde, 0xe4, 0x49, 0x28, 0x3b, 0xd2, 0x67, 0xaf,
208 0x02, 0x81, 0x81, 0x00, 0x89, 0x74, 0x9a, 0x8e, 0xa7, 0xb9, 0xa5, 0x28,
209 0xc0, 0x68, 0xe5, 0x6e, 0x63, 0x1c, 0x99, 0x20, 0x8f, 0x86, 0x8e, 0x12,
210 0x9e, 0x69, 0x30, 0xfa, 0x34, 0xd9, 0x92, 0x8d, 0xdb, 0x7c, 0x37, 0xfd,
211 0x28, 0xab, 0x61, 0x98, 0x52, 0x7f, 0x14, 0x1a, 0x39, 0xae, 0xfb, 0x6a,
212 0x03, 0xa3, 0xe6, 0xbd, 0xb6, 0x5b, 0x6b, 0xe5, 0x5e, 0x9d, 0xc6, 0xa5,
213 0x07, 0x27, 0x54, 0x17, 0xd0, 0x3d, 0x84, 0x9b, 0x3a, 0xa0, 0xd9, 0x1e,
214 0x99, 0x6c, 0x63, 0x17, 0xab, 0xf1, 0x1f, 0x49, 0xba, 0x95, 0xe3, 0x3b,
215 0x86, 0x8f, 0x42, 0xa4, 0x89, 0xf5, 0x94, 0x8f, 0x8b, 0x46, 0xbe, 0x84,
216 0xba, 0x4a, 0xbc, 0x0d, 0x5f, 0x46, 0xeb, 0xe8, 0xec, 0x43, 0x8c, 0x1e,
217 0xad, 0x19, 0x69, 0x2f, 0x08, 0x86, 0x7a, 0x3f, 0x7d, 0x0f, 0x07, 0x97,
218 0xf3, 0x9a, 0x7b, 0xb5, 0xb2, 0xc1, 0x8c, 0x95, 0x68, 0x04, 0xa0, 0x81,
219 0x02, 0x81, 0x80, 0x4e, 0xbf, 0x7e, 0x1b, 0xcb, 0x13, 0x61, 0x75, 0x3b,
220 0xdb, 0x59, 0x5f, 0xb1, 0xd4, 0xb8, 0xeb, 0x9e, 0x73, 0xb5, 0xe7, 0xf6,
221 0x89, 0x3d, 0x1c, 0xda, 0xf0, 0x36, 0xff, 0x35, 0xbd, 0x1e, 0x0b, 0x74,
222 0xe3, 0x9e, 0xf0, 0xf2, 0xf7, 0xd7, 0x82, 0xb7, 0x7b, 0x6a, 0x1b, 0x0e,
223 0x30, 0x4a, 0x98, 0x0e, 0xb4, 0xf9, 0x81, 0x07, 0xe4, 0x75, 0x39, 0xe9,
224 0x53, 0xca, 0xbb, 0x5c, 0xaa, 0x93, 0x07, 0x0e, 0xa8, 0x2f, 0xba, 0x98,
225 0x49, 0x30, 0xa7, 0xcc, 0x1a, 0x3c, 0x68, 0x0c, 0xe1, 0xa4, 0xb1, 0x05,
226 0xe6, 0xe0, 0x25, 0x78, 0x58, 0x14, 0x37, 0xf5, 0x1f, 0xe3, 0x22, 0xef,
227 0xa8, 0x0e, 0x22, 0xa0, 0x94, 0x3a, 0xf6, 0xc9, 0x13, 0xe6, 0x06, 0xbf,
228 0x7f, 0x99, 0xc6, 0xcc, 0xd8, 0xc6, 0xbe, 0xd9, 0x2e, 0x24, 0xc7, 0x69,
229 0x8c, 0x95, 0xba, 0xf6, 0x04, 0xb3, 0x0a, 0xf4, 0xcb, 0xf0, 0xce,
232 static const unsigned char kMsg[] = { 1, 2, 3, 4 };
234 static const unsigned char kSignature[] = {
235 0xa5, 0xf0, 0x8a, 0x47, 0x5d, 0x3c, 0xb3, 0xcc, 0xa9, 0x79, 0xaf, 0x4d,
236 0x8c, 0xae, 0x4c, 0x14, 0xef, 0xc2, 0x0b, 0x34, 0x36, 0xde, 0xf4, 0x3e,
237 0x3d, 0xbb, 0x4a, 0x60, 0x5c, 0xc8, 0x91, 0x28, 0xda, 0xfb, 0x7e, 0x04,
238 0x96, 0x7e, 0x63, 0x13, 0x90, 0xce, 0xb9, 0xb4, 0x62, 0x7a, 0xfd, 0x09,
239 0x3d, 0xc7, 0x67, 0x78, 0x54, 0x04, 0xeb, 0x52, 0x62, 0x6e, 0x24, 0x67,
240 0xb4, 0x40, 0xfc, 0x57, 0x62, 0xc6, 0xf1, 0x67, 0xc1, 0x97, 0x8f, 0x6a,
241 0xa8, 0xae, 0x44, 0x46, 0x5e, 0xab, 0x67, 0x17, 0x53, 0x19, 0x3a, 0xda,
242 0x5a, 0xc8, 0x16, 0x3e, 0x86, 0xd5, 0xc5, 0x71, 0x2f, 0xfc, 0x23, 0x48,
243 0xd9, 0x0b, 0x13, 0xdd, 0x7b, 0x5a, 0x25, 0x79, 0xef, 0xa5, 0x7b, 0x04,
244 0xed, 0x44, 0xf6, 0x18, 0x55, 0xe4, 0x0a, 0xe9, 0x57, 0x79, 0x5d, 0xd7,
245 0x55, 0xa7, 0xab, 0x45, 0x02, 0x97, 0x60, 0x42,
249 * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS #8
252 static const unsigned char kExampleRSAKeyPKCS8[] = {
253 0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
254 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
255 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
256 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5,
257 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e,
258 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34,
259 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde,
260 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8,
261 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b,
262 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83,
263 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48,
264 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a,
265 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2,
266 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01,
267 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a,
268 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5,
269 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6,
270 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8,
271 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6,
272 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f,
273 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c,
274 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78,
275 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71,
276 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60,
277 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d,
278 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3,
279 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d,
280 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18,
281 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d,
282 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32,
283 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc,
284 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63,
285 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05,
286 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16,
287 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3,
288 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85,
289 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97,
290 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7,
291 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99,
292 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4,
293 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d,
294 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40,
295 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26,
296 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1,
297 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c,
298 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30,
299 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea,
300 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b,
301 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e,
302 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9,
303 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae,
304 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d,
305 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
308 #ifndef OPENSSL_NO_EC
310 * kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey
313 static const unsigned char kExampleECKeyDER[] = {
314 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x07, 0x0f, 0x08, 0x72, 0x7a,
315 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 0x4d, 0x89, 0x68, 0x77, 0x08,
316 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 0xe8, 0xd1, 0xc9, 0xce, 0x0a,
317 0x8b, 0xb4, 0x6a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
318 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69,
319 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c,
320 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9,
321 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18,
322 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16,
323 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22,
328 * kExampleBadECKeyDER is a sample EC private key encoded as an ECPrivateKey
329 * structure. The private key is equal to the order and will fail to import
331 static const unsigned char kExampleBadECKeyDER[] = {
332 0x30, 0x66, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48,
333 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03,
334 0x01, 0x07, 0x04, 0x4C, 0x30, 0x4A, 0x02, 0x01, 0x01, 0x04, 0x20, 0xFF,
335 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
336 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3,
337 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51, 0xA1, 0x23, 0x03, 0x21, 0x00,
338 0x00, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
339 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84,
340 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51
344 static const unsigned char kExampleECPubKeyDER[] = {
345 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
346 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
347 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
348 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
349 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
350 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
351 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
352 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
356 * kExampleBadECPubKeyDER is a sample EC public key with a wrong OID
357 * 1.2.840.10045.2.2 instead of 1.2.840.10045.2.1 - EC Public Key
359 static const unsigned char kExampleBadECPubKeyDER[] = {
360 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
361 0x02, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
362 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
363 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
364 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
365 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
366 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
367 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
370 static const unsigned char pExampleECParamDER[] = {
371 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07
375 typedef struct APK_DATA_st {
376 const unsigned char *kder;
382 int type; /* 0 for private, 1 for public, 2 for params */
385 static APK_DATA keydata[] = {
386 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), EVP_PKEY_RSA},
387 {kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), EVP_PKEY_RSA},
388 #ifndef OPENSSL_NO_EC
389 {kExampleECKeyDER, sizeof(kExampleECKeyDER), EVP_PKEY_EC}
393 static APK_DATA keycheckdata[] = {
394 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), EVP_PKEY_RSA, 1, -2, -2, 0},
395 {kExampleBadRSAKeyDER, sizeof(kExampleBadRSAKeyDER), EVP_PKEY_RSA,
397 #ifndef OPENSSL_NO_EC
398 {kExampleECKeyDER, sizeof(kExampleECKeyDER), EVP_PKEY_EC, 1, 1, 1, 0},
399 /* group is also associated in our pub key */
400 {kExampleECPubKeyDER, sizeof(kExampleECPubKeyDER), EVP_PKEY_EC, 0, 1, 1, 1},
401 {pExampleECParamDER, sizeof(pExampleECParamDER), EVP_PKEY_EC, 0, 0, 1, 2}
405 static EVP_PKEY *load_example_rsa_key(void)
407 EVP_PKEY *ret = NULL;
408 const unsigned char *derp = kExampleRSAKeyDER;
409 EVP_PKEY *pkey = NULL;
412 if (!TEST_true(d2i_RSAPrivateKey(&rsa, &derp, sizeof(kExampleRSAKeyDER))))
415 if (!TEST_ptr(pkey = EVP_PKEY_new())
416 || !TEST_true(EVP_PKEY_set1_RSA(pkey, rsa)))
429 #ifndef OPENSSL_NO_DSA
430 static EVP_PKEY *load_example_dsa_key(void)
432 EVP_PKEY *ret = NULL;
433 const unsigned char *derp = kExampleDSAKeyDER;
434 EVP_PKEY *pkey = NULL;
437 if (!TEST_true(d2i_DSAPrivateKey(&dsa, &derp, sizeof(kExampleDSAKeyDER))))
440 if (!TEST_ptr(pkey = EVP_PKEY_new())
441 || !TEST_true(EVP_PKEY_set1_DSA(pkey, dsa)))
455 static EVP_PKEY *load_example_hmac_key(void)
457 EVP_PKEY *pkey = NULL;
458 unsigned char key[] = {
459 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
460 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
461 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
464 pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, NULL, key, sizeof(key));
471 static int test_EVP_Enveloped(void)
474 EVP_CIPHER_CTX *ctx = NULL;
475 EVP_PKEY *keypair = NULL;
476 unsigned char *kek = NULL;
477 unsigned char iv[EVP_MAX_IV_LENGTH];
478 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8 };
479 int len, kek_len, ciphertext_len, plaintext_len;
480 unsigned char ciphertext[32], plaintext[16];
481 const EVP_CIPHER *type = EVP_aes_256_cbc();
483 if (!TEST_ptr(keypair = load_example_rsa_key())
484 || !TEST_ptr(kek = OPENSSL_zalloc(EVP_PKEY_size(keypair)))
485 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
486 || !TEST_true(EVP_SealInit(ctx, type, &kek, &kek_len, iv,
488 || !TEST_true(EVP_SealUpdate(ctx, ciphertext, &ciphertext_len,
490 || !TEST_true(EVP_SealFinal(ctx, ciphertext + ciphertext_len,
494 ciphertext_len += len;
496 if (!TEST_true(EVP_OpenInit(ctx, type, kek, kek_len, iv, keypair))
497 || !TEST_true(EVP_OpenUpdate(ctx, plaintext, &plaintext_len,
498 ciphertext, ciphertext_len))
499 || !TEST_true(EVP_OpenFinal(ctx, plaintext + plaintext_len, &len)))
502 plaintext_len += len;
503 if (!TEST_mem_eq(msg, sizeof(msg), plaintext, plaintext_len))
509 EVP_PKEY_free(keypair);
510 EVP_CIPHER_CTX_free(ctx);
515 * Test 0: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, RSA)
516 * Test 1: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, DSA)
517 * Test 2: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, HMAC)
518 * Test 3: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, RSA)
519 * Test 4: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, DSA)
520 * Test 5: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch diegst, HMAC)
521 * Test 6: Use an MD BIO to do the Update calls instead (RSA)
522 * Test 7: Use an MD BIO to do the Update calls instead (DSA)
523 * Test 8: Use an MD BIO to do the Update calls instead (HMAC)
525 static int test_EVP_DigestSignInit(int tst)
528 EVP_PKEY *pkey = NULL;
529 unsigned char *sig = NULL;
531 EVP_MD_CTX *md_ctx = NULL, *md_ctx_verify = NULL;
532 EVP_MD_CTX *a_md_ctx = NULL, *a_md_ctx_verify = NULL;
533 BIO *mdbio = NULL, *membio = NULL;
536 EVP_MD *mdexp = NULL;
539 membio = BIO_new(BIO_s_mem());
540 mdbio = BIO_new(BIO_f_md());
541 if (!TEST_ptr(membio) || !TEST_ptr(mdbio))
543 BIO_push(mdbio, membio);
544 if (!TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx), 0))
547 if (!TEST_ptr(a_md_ctx = md_ctx = EVP_MD_CTX_new())
548 || !TEST_ptr(a_md_ctx_verify = md_ctx_verify = EVP_MD_CTX_new()))
552 if (tst == 0 || tst == 3 || tst == 6) {
553 if (!TEST_ptr(pkey = load_example_rsa_key()))
555 } else if (tst == 1 || tst == 4 || tst == 7) {
556 #ifndef OPENSSL_NO_DSA
557 if (!TEST_ptr(pkey = load_example_dsa_key()))
564 if (!TEST_ptr(pkey = load_example_hmac_key()))
568 if (tst >= 3 && tst <= 5)
569 md = mdexp = EVP_MD_fetch(NULL, "SHA256", NULL);
573 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, md, NULL, pkey)))
577 if (!BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written))
580 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
584 /* Determine the size of the signature. */
585 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len))
586 || !TEST_ptr(sig = OPENSSL_malloc(sig_len))
587 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
591 if (!TEST_int_gt(BIO_reset(mdbio), 0)
592 || !TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx_verify), 0))
597 * Ensure that the signature round-trips (Verification isn't supported for
598 * HMAC via EVP_DigestVerify*)
600 if (tst != 2 && tst != 5 && tst != 8) {
601 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, md,
606 if (!TEST_true(BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written)))
609 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg,
613 if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)))
622 EVP_MD_CTX_free(a_md_ctx);
623 EVP_MD_CTX_free(a_md_ctx_verify);
631 static int test_EVP_DigestVerifyInit(void)
634 EVP_PKEY *pkey = NULL;
635 EVP_MD_CTX *md_ctx = NULL;
637 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new())
638 || !TEST_ptr(pkey = load_example_rsa_key()))
641 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, EVP_sha256(), NULL, pkey))
642 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)))
643 || !TEST_true(EVP_DigestVerifyFinal(md_ctx, kSignature,
644 sizeof(kSignature))))
649 EVP_MD_CTX_free(md_ctx);
654 static int test_d2i_AutoPrivateKey(int i)
657 const unsigned char *p;
658 EVP_PKEY *pkey = NULL;
659 const APK_DATA *ak = &keydata[i];
660 const unsigned char *input = ak->kder;
661 size_t input_len = ak->size;
662 int expected_id = ak->evptype;
665 if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len))
666 || !TEST_ptr_eq(p, input + input_len)
667 || !TEST_int_eq(EVP_PKEY_id(pkey), expected_id))
677 #ifndef OPENSSL_NO_EC
679 static const unsigned char ec_public_sect163k1_validxy[] = {
680 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
681 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
682 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
683 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x02, 0xd1, 0x7b,
684 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
685 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
688 static const unsigned char ec_public_sect163k1_badx[] = {
689 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
690 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
691 0x0a, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
692 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0xb0, 0x02, 0xd1, 0x7b,
693 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
694 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
697 static const unsigned char ec_public_sect163k1_bady[] = {
698 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
699 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
700 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
701 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x0a, 0xd1, 0x7b,
702 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
703 0x6a, 0xd8, 0x17, 0x65, 0x41, 0xe6
706 static struct ec_der_pub_keys_st {
707 const unsigned char *der;
710 } ec_der_pub_keys[] = {
711 { ec_public_sect163k1_validxy, sizeof(ec_public_sect163k1_validxy), 1 },
712 { ec_public_sect163k1_badx, sizeof(ec_public_sect163k1_badx), 0 },
713 { ec_public_sect163k1_bady, sizeof(ec_public_sect163k1_bady), 0 },
717 * Tests the range of the decoded EC char2 public point.
718 * See ec_GF2m_simple_oct2point().
720 static int test_invalide_ec_char2_pub_range_decode(int id)
724 EC_KEY *eckey = NULL;
726 if (!TEST_ptr(bio = BIO_new_mem_buf(ec_der_pub_keys[id].der,
727 ec_der_pub_keys[id].len)))
729 eckey = d2i_EC_PUBKEY_bio(bio, NULL);
730 ret = (ec_der_pub_keys[id].valid && TEST_ptr(eckey))
731 || TEST_ptr_null(eckey);
738 /* Tests loading a bad key in PKCS8 format */
739 static int test_EVP_PKCS82PKEY(void)
742 const unsigned char *derp = kExampleBadECKeyDER;
743 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
744 EVP_PKEY *pkey = NULL;
746 if (!TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &derp,
747 sizeof(kExampleBadECKeyDER))))
750 if (!TEST_ptr_eq(derp,
751 kExampleBadECKeyDER + sizeof(kExampleBadECKeyDER)))
754 if (!TEST_ptr_null(pkey = EVP_PKCS82PKEY(p8inf)))
760 PKCS8_PRIV_KEY_INFO_free(p8inf);
767 #if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODE)
769 static int test_EVP_SM2_verify(void)
771 /* From https://tools.ietf.org/html/draft-shen-sm2-ecdsa-02#appendix-A */
773 "-----BEGIN PUBLIC KEY-----\n"
774 "MIIBMzCB7AYHKoZIzj0CATCB4AIBATAsBgcqhkjOPQEBAiEAhULWnkwETxjouSQ1\n"
775 "v2/33kVyg5FcRVF9ci7biwjx38MwRAQgeHlotPoyw/0kF4Quc7v+/y88hItoMdfg\n"
776 "7GUiizk35JgEIGPkxtOyOwyEnPhCQUhL/kj2HVmlsWugbm4S0donxSSaBEEEQh3r\n"
777 "1hti6rZ0ZDTrw8wxXjIiCzut1QvcTE5sFH/t1D0GgFEry7QsB9RzSdIVO3DE5df9\n"
778 "/L+jbqGoWEG55G4JogIhAIVC1p5MBE8Y6LkkNb9v990pdyBjBIVijVrnTufDLnm3\n"
779 "AgEBA0IABArkx3mKoPEZRxvuEYJb5GICu3nipYRElel8BP9N8lSKfAJA+I8c1OFj\n"
780 "Uqc8F7fxbwc1PlOhdtaEqf4Ma7eY6Fc=\n"
781 "-----END PUBLIC KEY-----\n";
783 const char *msg = "message digest";
784 const char *id = "ALICE123@YAHOO.COM";
786 const uint8_t signature[] = {
787 0x30, 0x44, 0x02, 0x20,
789 0x40, 0xF1, 0xEC, 0x59, 0xF7, 0x93, 0xD9, 0xF4, 0x9E, 0x09, 0xDC,
790 0xEF, 0x49, 0x13, 0x0D, 0x41, 0x94, 0xF7, 0x9F, 0xB1, 0xEE, 0xD2,
791 0xCA, 0xA5, 0x5B, 0xAC, 0xDB, 0x49, 0xC4, 0xE7, 0x55, 0xD1,
795 0x6F, 0xC6, 0xDA, 0xC3, 0x2C, 0x5D, 0x5C, 0xF1, 0x0C, 0x77, 0xDF,
796 0xB2, 0x0F, 0x7C, 0x2E, 0xB6, 0x67, 0xA4, 0x57, 0x87, 0x2F, 0xB0,
797 0x9E, 0xC5, 0x63, 0x27, 0xA6, 0x7E, 0xC7, 0xDE, 0xEB, 0xE7
802 EVP_PKEY *pkey = NULL;
803 EVP_MD_CTX *mctx = NULL;
804 EVP_PKEY_CTX *pctx = NULL;
806 bio = BIO_new_mem_buf(pubkey, strlen(pubkey));
807 if (!TEST_true(bio != NULL))
810 pkey = PEM_read_bio_PUBKEY(bio, NULL, NULL, NULL);
811 if (!TEST_true(pkey != NULL))
814 if (!TEST_true(EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2)))
817 if (!TEST_ptr(mctx = EVP_MD_CTX_new()))
820 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new(pkey, NULL)))
823 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(pctx, (const uint8_t *)id,
827 EVP_MD_CTX_set_pkey_ctx(mctx, pctx);
829 if (!TEST_true(EVP_DigestVerifyInit(mctx, NULL, EVP_sm3(), NULL, pkey)))
832 if (!TEST_true(EVP_DigestVerifyUpdate(mctx, msg, strlen(msg))))
835 if (!TEST_true(EVP_DigestVerifyFinal(mctx, signature, sizeof(signature))))
842 EVP_PKEY_CTX_free(pctx);
843 EVP_MD_CTX_free(mctx);
847 static int test_EVP_SM2(void)
850 EVP_PKEY *pkey = NULL;
851 EVP_PKEY *params = NULL;
852 EVP_PKEY_CTX *pctx = NULL;
853 EVP_PKEY_CTX *kctx = NULL;
854 EVP_PKEY_CTX *sctx = NULL;
856 unsigned char *sig = NULL;
857 EVP_MD_CTX *md_ctx = NULL;
858 EVP_MD_CTX *md_ctx_verify = NULL;
859 EVP_PKEY_CTX *cctx = NULL;
861 uint8_t ciphertext[128];
862 size_t ctext_len = sizeof(ciphertext);
864 uint8_t plaintext[8];
865 size_t ptext_len = sizeof(plaintext);
867 uint8_t sm2_id[] = {1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r'};
869 pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
873 if (!TEST_true(EVP_PKEY_paramgen_init(pctx) == 1))
876 if (!TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, NID_sm2)))
879 if (!TEST_true(EVP_PKEY_paramgen(pctx, ¶ms)))
882 kctx = EVP_PKEY_CTX_new(params, NULL);
886 if (!TEST_true(EVP_PKEY_keygen_init(kctx)))
889 if (!TEST_true(EVP_PKEY_keygen(kctx, &pkey)))
892 if (!TEST_true(EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2)))
895 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
898 if (!TEST_ptr(md_ctx_verify = EVP_MD_CTX_new()))
901 if (!TEST_ptr(sctx = EVP_PKEY_CTX_new(pkey, NULL)))
904 EVP_MD_CTX_set_pkey_ctx(md_ctx, sctx);
905 EVP_MD_CTX_set_pkey_ctx(md_ctx_verify, sctx);
907 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
910 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, EVP_sm3(), NULL, pkey)))
913 if(!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
916 /* Determine the size of the signature. */
917 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len)))
920 if (!TEST_ptr(sig = OPENSSL_malloc(sig_len)))
923 if (!TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
926 /* Ensure that the signature round-trips. */
928 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, EVP_sm3(), NULL, pkey)))
931 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg))))
934 if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)))
937 /* now check encryption/decryption */
939 if (!TEST_ptr(cctx = EVP_PKEY_CTX_new(pkey, NULL)))
942 if (!TEST_true(EVP_PKEY_encrypt_init(cctx)))
945 if (!TEST_true(EVP_PKEY_encrypt(cctx, ciphertext, &ctext_len, kMsg, sizeof(kMsg))))
948 if (!TEST_true(EVP_PKEY_decrypt_init(cctx)))
951 if (!TEST_true(EVP_PKEY_decrypt(cctx, plaintext, &ptext_len, ciphertext, ctext_len)))
954 if (!TEST_true(ptext_len == sizeof(kMsg)))
957 if (!TEST_true(memcmp(plaintext, kMsg, sizeof(kMsg)) == 0))
962 EVP_PKEY_CTX_free(pctx);
963 EVP_PKEY_CTX_free(kctx);
964 EVP_PKEY_CTX_free(sctx);
965 EVP_PKEY_CTX_free(cctx);
967 EVP_PKEY_free(params);
968 EVP_MD_CTX_free(md_ctx);
969 EVP_MD_CTX_free(md_ctx_verify);
976 static struct keys_st {
982 EVP_PKEY_HMAC, "0123456789", NULL
984 EVP_PKEY_POLY1305, "01234567890123456789012345678901", NULL
986 EVP_PKEY_SIPHASH, "0123456789012345", NULL
988 #ifndef OPENSSL_NO_EC
990 EVP_PKEY_X25519, "01234567890123456789012345678901",
991 "abcdefghijklmnopqrstuvwxyzabcdef"
993 EVP_PKEY_ED25519, "01234567890123456789012345678901",
994 "abcdefghijklmnopqrstuvwxyzabcdef"
997 "01234567890123456789012345678901234567890123456789012345",
998 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd"
1001 "012345678901234567890123456789012345678901234567890123456",
1002 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcde"
1007 static int test_set_get_raw_keys_int(int tst, int pub)
1010 unsigned char buf[80];
1012 size_t inlen, len = 0;
1015 /* Check if this algorithm supports public keys */
1016 if (keys[tst].pub == NULL)
1019 memset(buf, 0, sizeof(buf));
1022 inlen = strlen(keys[tst].pub);
1023 in = (unsigned char *)keys[tst].pub;
1024 pkey = EVP_PKEY_new_raw_public_key(keys[tst].type,
1029 inlen = strlen(keys[tst].priv);
1030 in = (unsigned char *)keys[tst].priv;
1031 pkey = EVP_PKEY_new_raw_private_key(keys[tst].type,
1038 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, NULL, &len)))
1039 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, NULL, &len)))
1040 || !TEST_true(len == inlen)
1041 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, buf, &len)))
1042 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, buf, &len)))
1043 || !TEST_mem_eq(in, inlen, buf, len))
1048 EVP_PKEY_free(pkey);
1052 static int test_set_get_raw_keys(int tst)
1054 return test_set_get_raw_keys_int(tst, 0)
1055 && test_set_get_raw_keys_int(tst, 1);
1058 static int pkey_custom_check(EVP_PKEY *pkey)
1063 static int pkey_custom_pub_check(EVP_PKEY *pkey)
1068 static int pkey_custom_param_check(EVP_PKEY *pkey)
1073 static EVP_PKEY_METHOD *custom_pmeth;
1075 static int test_EVP_PKEY_check(int i)
1078 const unsigned char *p;
1079 EVP_PKEY *pkey = NULL;
1080 #ifndef OPENSSL_NO_EC
1081 EC_KEY *eckey = NULL;
1083 EVP_PKEY_CTX *ctx = NULL;
1084 EVP_PKEY_CTX *ctx2 = NULL;
1085 const APK_DATA *ak = &keycheckdata[i];
1086 const unsigned char *input = ak->kder;
1087 size_t input_len = ak->size;
1088 int expected_id = ak->evptype;
1089 int expected_check = ak->check;
1090 int expected_pub_check = ak->pub_check;
1091 int expected_param_check = ak->param_check;
1092 int type = ak->type;
1099 if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len))
1100 || !TEST_ptr_eq(p, input + input_len)
1101 || !TEST_int_eq(EVP_PKEY_id(pkey), expected_id))
1104 #ifndef OPENSSL_NO_EC
1106 if (!TEST_ptr(pubkey = BIO_new_mem_buf(input, input_len))
1107 || !TEST_ptr(eckey = d2i_EC_PUBKEY_bio(pubkey, NULL))
1108 || !TEST_ptr(pkey = EVP_PKEY_new())
1109 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
1113 if (!TEST_ptr(eckey = d2i_ECParameters(NULL, &p, input_len))
1114 || !TEST_ptr_eq(p, input + input_len)
1115 || !TEST_ptr(pkey = EVP_PKEY_new())
1116 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
1124 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new(pkey, NULL)))
1127 if (!TEST_int_eq(EVP_PKEY_check(ctx), expected_check))
1130 if (!TEST_int_eq(EVP_PKEY_public_check(ctx), expected_pub_check))
1133 if (!TEST_int_eq(EVP_PKEY_param_check(ctx), expected_param_check))
1136 ctx2 = EVP_PKEY_CTX_new_id(0xdefaced, NULL);
1137 /* assign the pkey directly, as an internal test */
1138 EVP_PKEY_up_ref(pkey);
1141 if (!TEST_int_eq(EVP_PKEY_check(ctx2), 0xbeef))
1144 if (!TEST_int_eq(EVP_PKEY_public_check(ctx2), 0xbeef))
1147 if (!TEST_int_eq(EVP_PKEY_param_check(ctx2), 0xbeef))
1153 EVP_PKEY_CTX_free(ctx);
1154 EVP_PKEY_CTX_free(ctx2);
1155 EVP_PKEY_free(pkey);
1160 static int test_HKDF(void)
1163 unsigned char out[20];
1166 unsigned char salt[] = "0123456789";
1167 unsigned char key[] = "012345678901234567890123456789";
1168 unsigned char info[] = "infostring";
1169 const unsigned char expected[] = {
1170 0xe5, 0x07, 0x70, 0x7f, 0xc6, 0x78, 0xd6, 0x54, 0x32, 0x5f, 0x7e, 0xc5,
1171 0x7b, 0x59, 0x3e, 0xd8, 0x03, 0x6b, 0xed, 0xca
1173 size_t expectedlen = sizeof(expected);
1175 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL)))
1178 /* We do this twice to test reuse of the EVP_PKEY_CTX */
1179 for (i = 0; i < 2; i++) {
1180 outlen = sizeof(out);
1181 memset(out, 0, outlen);
1183 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
1184 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
1185 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
1186 sizeof(salt) - 1), 0)
1187 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
1188 sizeof(key) - 1), 0)
1189 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
1190 sizeof(info) - 1), 0)
1191 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
1192 || !TEST_mem_eq(out, outlen, expected, expectedlen))
1199 EVP_PKEY_CTX_free(pctx);
1204 #ifndef OPENSSL_NO_EC
1205 static int test_X509_PUBKEY_inplace(void)
1208 X509_PUBKEY *xp = NULL;
1209 const unsigned char *p = kExampleECPubKeyDER;
1210 size_t input_len = sizeof(kExampleECPubKeyDER);
1212 if (!TEST_ptr(xp = d2i_X509_PUBKEY(NULL, &p, input_len)))
1215 if (!TEST_ptr(X509_PUBKEY_get0(xp)))
1218 p = kExampleBadECPubKeyDER;
1219 input_len = sizeof(kExampleBadECPubKeyDER);
1221 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len)))
1224 if (!TEST_true(X509_PUBKEY_get0(xp) == NULL))
1230 X509_PUBKEY_free(xp);
1233 #endif /* OPENSSL_NO_EC */
1235 #ifndef OPENSSL_NO_DSA
1236 /* Test getting and setting parameters on an EVP_PKEY_CTX */
1237 static int test_EVP_PKEY_CTX_get_set_params(void)
1239 EVP_MD_CTX *mdctx = NULL;
1240 EVP_PKEY_CTX *ctx = NULL;
1241 EVP_SIGNATURE *dsaimpl = NULL;
1242 const OSSL_PARAM *params;
1243 OSSL_PARAM ourparams[2], *param = ourparams, *param_md;
1245 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
1246 EVP_PKEY *pkey = NULL;
1249 char mdname[OSSL_MAX_NAME_SIZE];
1253 * Setup the parameters for our DSA object. For our purposes they don't
1254 * have to actually be *valid* parameters. We just need to set something.
1266 || !DSA_set0_pqg(dsa, p, q, g))
1271 || !DSA_set0_key(dsa, pub, priv))
1275 pkey = EVP_PKEY_new();
1277 || !TEST_true(EVP_PKEY_assign_DSA(pkey, dsa)))
1282 /* Initialise a sign operation */
1283 ctx = EVP_PKEY_CTX_new(pkey, NULL);
1285 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0))
1289 * We should be able to query the parameters now. The default DSA
1290 * implementation supports exactly one parameter - so we expect to see that
1291 * returned and no more.
1293 params = EVP_PKEY_CTX_settable_params(ctx);
1294 if (!TEST_ptr(params)
1295 || !TEST_ptr(OSSL_PARAM_locate_const(params,
1296 OSSL_SIGNATURE_PARAM_DIGEST)))
1299 params = EVP_PKEY_CTX_gettable_params(ctx);
1300 if (!TEST_ptr(params)
1301 || !TEST_ptr(OSSL_PARAM_locate_const(params,
1302 OSSL_SIGNATURE_PARAM_ALGORITHM_ID))
1303 || !TEST_ptr(OSSL_PARAM_locate_const(params,
1304 OSSL_SIGNATURE_PARAM_DIGEST)))
1308 * Test getting and setting params via EVP_PKEY_CTX_set_params() and
1309 * EVP_PKEY_CTX_get_params()
1311 strcpy(mdname, "SHA512");
1313 *param++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
1315 *param++ = OSSL_PARAM_construct_end();
1317 if (!TEST_true(EVP_PKEY_CTX_set_params(ctx, ourparams)))
1321 *param_md = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
1322 mdname, sizeof(mdname));
1323 if (!TEST_true(EVP_PKEY_CTX_get_params(ctx, ourparams))
1324 || !TEST_str_eq(mdname, "SHA512"))
1328 * Test the TEST_PKEY_CTX_set_signature_md() and
1329 * TEST_PKEY_CTX_get_signature_md() functions
1331 if (!TEST_int_gt(EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()), 0)
1332 || !TEST_int_gt(EVP_PKEY_CTX_get_signature_md(ctx, &md), 0)
1333 || !TEST_ptr_eq(md, EVP_sha256()))
1337 * Test getting MD parameters via an associated EVP_PKEY_CTX
1339 mdctx = EVP_MD_CTX_new();
1340 if (!TEST_ptr(mdctx)
1341 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, "SHA1", NULL, pkey)))
1345 * We now have an EVP_MD_CTX with an EVP_PKEY_CTX inside it. We should be
1346 * able to obtain the digest's settable parameters from the provider.
1348 params = EVP_MD_CTX_settable_params(mdctx);
1349 if (!TEST_ptr(params)
1350 || !TEST_int_eq(strcmp(params[0].key, OSSL_DIGEST_PARAM_SSL3_MS), 0)
1351 /* The final key should be NULL */
1352 || !TEST_ptr_null(params[1].key))
1356 memset(ssl3ms, 0, sizeof(ssl3ms));
1357 *param++ = OSSL_PARAM_construct_octet_string(OSSL_DIGEST_PARAM_SSL3_MS,
1358 ssl3ms, sizeof(ssl3ms));
1359 *param++ = OSSL_PARAM_construct_end();
1361 if (!TEST_true(EVP_MD_CTX_set_params(mdctx, ourparams)))
1367 EVP_MD_CTX_free(mdctx);
1368 EVP_PKEY_CTX_free(ctx);
1369 EVP_SIGNATURE_free(dsaimpl);
1370 EVP_PKEY_free(pkey);
1382 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
1383 static int test_decrypt_null_chunks(void)
1385 EVP_CIPHER_CTX* ctx = NULL;
1386 const unsigned char key[32] = {
1387 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
1388 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
1389 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1
1391 unsigned char iv[12] = {
1392 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b
1394 unsigned char msg[] = "It was the best of times, it was the worst of times";
1395 unsigned char ciphertext[80];
1396 unsigned char plaintext[80];
1397 /* We initialise tmp to a non zero value on purpose */
1398 int ctlen, ptlen, tmp = 99;
1400 const int enc_offset = 10, dec_offset = 20;
1402 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
1403 || !TEST_true(EVP_EncryptInit_ex(ctx, EVP_chacha20_poly1305(), NULL,
1405 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &ctlen, msg,
1407 /* Deliberate add a zero length update */
1408 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp, NULL,
1410 || !TEST_int_eq(tmp, 0)
1411 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp,
1413 sizeof(msg) - enc_offset))
1414 || !TEST_int_eq(ctlen += tmp, sizeof(msg))
1415 || !TEST_true(EVP_EncryptFinal(ctx, ciphertext + ctlen, &tmp))
1416 || !TEST_int_eq(tmp, 0))
1419 /* Deliberately initialise tmp to a non zero value */
1421 if (!TEST_true(EVP_DecryptInit_ex(ctx, EVP_chacha20_poly1305(), NULL, key,
1423 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext, &ptlen, ciphertext,
1426 * Deliberately add a zero length update. We also deliberately do
1427 * this at a different offset than for encryption.
1429 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp, NULL,
1431 || !TEST_int_eq(tmp, 0)
1432 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp,
1433 ciphertext + dec_offset,
1434 ctlen - dec_offset))
1435 || !TEST_int_eq(ptlen += tmp, sizeof(msg))
1436 || !TEST_true(EVP_DecryptFinal(ctx, plaintext + ptlen, &tmp))
1437 || !TEST_int_eq(tmp, 0)
1438 || !TEST_mem_eq(msg, sizeof(msg), plaintext, ptlen))
1443 EVP_CIPHER_CTX_free(ctx);
1446 #endif /* !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) */
1448 #ifndef OPENSSL_NO_DH
1449 static int test_EVP_PKEY_set1_DH(void)
1451 DH *x942dh = NULL, *noqdh = NULL;
1452 EVP_PKEY *pkey1 = NULL, *pkey2 = NULL;
1454 BIGNUM *p, *g = NULL;
1456 if (!TEST_ptr(p = BN_new())
1457 || !TEST_ptr(g = BN_new())
1458 || !BN_set_word(p, 9999)
1459 || !BN_set_word(g, 2)
1460 || !TEST_ptr(noqdh = DH_new())
1461 || !DH_set0_pqg(noqdh, p, NULL, g))
1465 x942dh = DH_get_2048_256();
1466 pkey1 = EVP_PKEY_new();
1467 pkey2 = EVP_PKEY_new();
1468 if (!TEST_ptr(x942dh)
1471 || !TEST_ptr(pkey2))
1474 if(!TEST_true(EVP_PKEY_set1_DH(pkey1, x942dh))
1475 || !TEST_int_eq(EVP_PKEY_id(pkey1), EVP_PKEY_DHX))
1478 if(!TEST_true(EVP_PKEY_set1_DH(pkey2, noqdh))
1479 || !TEST_int_eq(EVP_PKEY_id(pkey2), EVP_PKEY_DH))
1486 EVP_PKEY_free(pkey1);
1487 EVP_PKEY_free(pkey2);
1495 int setup_tests(void)
1497 ADD_ALL_TESTS(test_EVP_DigestSignInit, 9);
1498 ADD_TEST(test_EVP_DigestVerifyInit);
1499 ADD_TEST(test_EVP_Enveloped);
1500 ADD_ALL_TESTS(test_d2i_AutoPrivateKey, OSSL_NELEM(keydata));
1501 #ifndef OPENSSL_NO_EC
1502 ADD_TEST(test_EVP_PKCS82PKEY);
1504 #if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODE)
1505 ADD_TEST(test_EVP_SM2);
1506 ADD_TEST(test_EVP_SM2_verify);
1508 ADD_ALL_TESTS(test_set_get_raw_keys, OSSL_NELEM(keys));
1509 custom_pmeth = EVP_PKEY_meth_new(0xdefaced, 0);
1510 if (!TEST_ptr(custom_pmeth))
1512 EVP_PKEY_meth_set_check(custom_pmeth, pkey_custom_check);
1513 EVP_PKEY_meth_set_public_check(custom_pmeth, pkey_custom_pub_check);
1514 EVP_PKEY_meth_set_param_check(custom_pmeth, pkey_custom_param_check);
1515 if (!TEST_int_eq(EVP_PKEY_meth_add0(custom_pmeth), 1))
1517 ADD_ALL_TESTS(test_EVP_PKEY_check, OSSL_NELEM(keycheckdata));
1518 ADD_TEST(test_HKDF);
1519 #ifndef OPENSSL_NO_EC
1520 ADD_TEST(test_X509_PUBKEY_inplace);
1521 ADD_ALL_TESTS(test_invalide_ec_char2_pub_range_decode,
1522 OSSL_NELEM(ec_der_pub_keys));
1524 #ifndef OPENSSL_NO_DSA
1525 ADD_TEST(test_EVP_PKEY_CTX_get_set_params);
1527 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
1528 ADD_TEST(test_decrypt_null_chunks);
1530 #ifndef OPENSSL_NO_DH
1531 ADD_TEST(test_EVP_PKEY_set1_DH);